diff --git a/ci/OWNERS b/ci/OWNERS index b98c0ba016e9..78bcaa8bf2f5 100644 --- a/ci/OWNERS +++ b/ci/OWNERS @@ -232,11 +232,11 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt /nixos/tests/postgresql.nix @NixOS/postgres # Hardened profile & related modules -/nixos/modules/profiles/hardened.nix @joachifm -/nixos/modules/security/lock-kernel-modules.nix @joachifm -/nixos/modules/security/misc.nix @joachifm -/nixos/tests/hardened.nix @joachifm -/pkgs/os-specific/linux/kernel/hardened/config.nix @joachifm +/nixos/modules/profiles/hardened.nix @joachifm +/nixos/modules/security/lock-kernel-modules.nix @joachifm +/nixos/modules/security/misc.nix @joachifm +/nixos/tests/hardened.nix @joachifm +/pkgs/os-specific/linux/kernel/hardened/ @fabianhjr @joachifm # Home Automation /nixos/modules/services/home-automation/home-assistant.nix @mweinelt diff --git a/nixos/modules/services/matrix/conduit.nix b/nixos/modules/services/matrix/conduit.nix index c484f67327d8..98ed19abd366 100644 --- a/nixos/modules/services/matrix/conduit.nix +++ b/nixos/modules/services/matrix/conduit.nix @@ -111,6 +111,8 @@ in description = "Conduit Matrix Server"; documentation = [ "https://gitlab.com/famedly/conduit/" ]; wantedBy = [ "multi-user.target" ]; + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; environment = lib.mkMerge ([ { CONDUIT_CONFIG = configFile; } cfg.extraEnvironment diff --git a/nixos/tests/kernel-generic.nix b/nixos/tests/kernel-generic.nix index e5d3b36642e7..0171a1e79e1f 100644 --- a/nixos/tests/kernel-generic.nix +++ b/nixos/tests/kernel-generic.nix @@ -30,6 +30,7 @@ let linux_5_15_hardened linux_6_1_hardened linux_6_6_hardened + linux_6_11_hardened linux_rt_5_4 linux_rt_5_10 linux_rt_5_15 diff --git a/pkgs/applications/audio/cantata/default.nix b/pkgs/applications/audio/cantata/default.nix deleted file mode 100644 index a9ce19cfdb81..000000000000 --- a/pkgs/applications/audio/cantata/default.nix +++ /dev/null @@ -1,122 +0,0 @@ -{ mkDerivation -, lib -, fetchFromGitHub -, cmake -, pkg-config -, qtbase -, qtsvg -, qttools -, perl - - # Cantata doesn't build with cdparanoia enabled so we disable that - # default for now until I (or someone else) figure it out. -, withCdda ? false -, cdparanoia -, withCddb ? false -, libcddb -, withLame ? false -, lame -, withMusicbrainz ? false -, libmusicbrainz5 - -, withTaglib ? true -, taglib -, taglib_extras -, withHttpStream ? true -, qtmultimedia -, withReplaygain ? true -, ffmpeg -, speex -, mpg123 -, withMtp ? true -, libmtp -, withOnlineServices ? true -, withDevices ? true -, udisks2 -, withDynamic ? true -, withHttpServer ? true -, withLibVlc ? false -, libvlc -, withStreams ? true -}: - -# Inter-dependencies. -assert withCddb -> withCdda && withTaglib; -assert withCdda -> withCddb && withMusicbrainz; -assert withLame -> withCdda && withTaglib; -assert withMtp -> withTaglib; -assert withMusicbrainz -> withCdda && withTaglib; -assert withOnlineServices -> withTaglib; -assert withReplaygain -> withTaglib; -assert withLibVlc -> withHttpStream; - -let - fstat = x: fn: - "-DENABLE_${fn}=${if x then "ON" else "OFF"}"; - - withUdisks = (withTaglib && withDevices); - - options = [ - { names = [ "CDDB" ]; enable = withCddb; pkgs = [ libcddb ]; } - { names = [ "CDPARANOIA" ]; enable = withCdda; pkgs = [ cdparanoia ]; } - { names = [ "DEVICES_SUPPORT" ]; enable = withDevices; pkgs = [ ]; } - { names = [ "DYNAMIC" ]; enable = withDynamic; pkgs = [ ]; } - { names = [ "FFMPEG" "MPG123" "SPEEXDSP" ]; enable = withReplaygain; pkgs = [ ffmpeg speex mpg123 ]; } - { names = [ "HTTPS_SUPPORT" ]; enable = true; pkgs = [ ]; } - { names = [ "HTTP_SERVER" ]; enable = withHttpServer; pkgs = [ ]; } - { names = [ "HTTP_STREAM_PLAYBACK" ]; enable = withHttpStream; pkgs = [ qtmultimedia ]; } - { names = [ "LAME" ]; enable = withLame; pkgs = [ lame ]; } - { names = [ "LIBVLC" ]; enable = withLibVlc; pkgs = [ libvlc ]; } - { names = [ "MTP" ]; enable = withMtp; pkgs = [ libmtp ]; } - { names = [ "MUSICBRAINZ" ]; enable = withMusicbrainz; pkgs = [ libmusicbrainz5 ]; } - { names = [ "ONLINE_SERVICES" ]; enable = withOnlineServices; pkgs = [ ]; } - { names = [ "STREAMS" ]; enable = withStreams; pkgs = [ ]; } - { names = [ "TAGLIB" "TAGLIB_EXTRAS" ]; enable = withTaglib; pkgs = [ taglib taglib_extras ]; } - { names = [ "UDISKS2" ]; enable = withUdisks; pkgs = [ udisks2 ]; } - ]; - -in -mkDerivation rec { - pname = "cantata"; - version = "2.5.0"; - - src = fetchFromGitHub { - owner = "CDrummond"; - repo = "cantata"; - rev = "v${version}"; - sha256 = "sha256-UaZEKZvCA50WsdQSSJQQ11KTK6rM4ouCHDX7pn3NlQw="; - }; - - patches = [ - # Cantata wants to check if perl is in the PATH at runtime, but we - # patchShebangs the playlists scripts, making that unnecessary (perl will - # always be available because it's a dependency) - ./dont-check-for-perl-in-PATH.diff - ]; - - postPatch = '' - patchShebangs playlists - ''; - - buildInputs = [ - qtbase - qtsvg - (perl.withPackages (ppkgs: with ppkgs; [ URI ])) - ] - ++ lib.flatten (builtins.catAttrs "pkgs" (builtins.filter (e: e.enable) options)); - - nativeBuildInputs = [ cmake pkg-config qttools ]; - - cmakeFlags = lib.flatten (map (e: map (f: fstat e.enable f) e.names) options); - - meta = with lib; { - description = "Graphical client for MPD"; - mainProgram = "cantata"; - homepage = "https://github.com/cdrummond/cantata"; - license = licenses.gpl3Only; - maintainers = with maintainers; [ peterhoeg ]; - # Technically, Cantata should run on Darwin/Windows so if someone wants to - # bother figuring that one out, be my guest. - platforms = platforms.linux; - }; -} diff --git a/pkgs/applications/office/activitywatch/default.nix b/pkgs/applications/office/activitywatch/default.nix index df7b95573783..f07a1e9b561d 100644 --- a/pkgs/applications/office/activitywatch/default.nix +++ b/pkgs/applications/office/activitywatch/default.nix @@ -1,5 +1,6 @@ { lib, + stdenv, fetchFromGitHub, fetchpatch, rustPlatform, @@ -83,6 +84,7 @@ rec { homepage = "https://github.com/ActivityWatch/aw-watcher-window"; maintainers = with maintainers; [ huantian ]; license = licenses.mpl20; + badPlatforms = lib.platforms.darwin; # requires pyobjc-framework }; }; @@ -140,6 +142,7 @@ rec { homepage = "https://github.com/ActivityWatch/aw-qt"; maintainers = with maintainers; [ huantian ]; license = licenses.mpl20; + badPlatforms = lib.platforms.darwin; # requires pyobjc-framework }; }; diff --git a/pkgs/applications/office/mmex/default.nix b/pkgs/applications/office/mmex/default.nix index b88f70225873..53cc19e5f1d3 100644 --- a/pkgs/applications/office/mmex/default.nix +++ b/pkgs/applications/office/mmex/default.nix @@ -1,7 +1,9 @@ { lib , stdenv , fetchFromGitHub +, appstream , cmake +, fetchpatch , gettext , git , makeWrapper @@ -17,16 +19,24 @@ stdenv.mkDerivation rec { pname = "money-manager-ex"; - version = "1.6.3"; + version = "1.8.0"; src = fetchFromGitHub { owner = "moneymanagerex"; repo = "moneymanagerex"; rev = "v${version}"; fetchSubmodules = true; - hash = "sha256-TQgJ2Q4Z7+OtwuwkfPBgm2BmMKML9nmyFLSkmKJ1RE4="; + hash = "sha256-jV1jW0aFx95JpwzywEVajstnMKVcEtBdvyL7y6OLl+k="; }; + patches = [ + (fetchpatch { # https://github.com/moneymanagerex/moneymanagerex/pull/6716 + name = "workaround-appstream-1.0.3.patch"; + url = "https://github.com/moneymanagerex/moneymanagerex/commit/bb98eab92d95b7315d27f4e59ae59b50587106d8.patch"; + hash = "sha256-98OyFO2nnGBRTIirxZ3jX1NPvsw5kVT8nsCSSmyfabo="; + }) + ]; + postPatch = lib.optionalString (stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isx86_64) '' substituteInPlace src/platfdep_mac.mm \ --replace "appearance.name == NSAppearanceNameDarkAqua" "NO" @@ -36,12 +46,14 @@ stdenv.mkDerivation rec { ''; nativeBuildInputs = [ + appstream # for appstreamcli cmake gettext git makeWrapper pkg-config wrapGAppsHook3 + wxGTK32 ] ++ lib.optionals stdenv.hostPlatform.isLinux [ lsb-release ]; @@ -55,6 +67,8 @@ stdenv.mkDerivation rec { darwin.libobjc ]; + strictDeps = true; + env.NIX_CFLAGS_COMPILE = toString (lib.optionals stdenv.cc.isClang [ "-Wno-deprecated-copy" "-Wno-old-style-cast" diff --git a/pkgs/build-support/setup-hooks/mpi-check-hook/mpi-check-hook.sh b/pkgs/build-support/setup-hooks/mpi-check-hook/mpi-check-hook.sh index d576df6489d6..6adad2b44076 100644 --- a/pkgs/build-support/setup-hooks/mpi-check-hook/mpi-check-hook.sh +++ b/pkgs/build-support/setup-hooks/mpi-check-hook/mpi-check-hook.sh @@ -62,6 +62,8 @@ setupMpiCheck() { MPICH) # Fix to make mpich run in a sandbox export HYDRA_IFACE=lo + # Disable sysfs cpu topology directory discovery. + export HWLOC_XMLFILE="@topology@" ;; MVAPICH) # Disable CPU pinning diff --git a/pkgs/by-name/_3/_389-ds-base/package.nix b/pkgs/by-name/_3/_389-ds-base/package.nix new file mode 100644 index 000000000000..062714febed1 --- /dev/null +++ b/pkgs/by-name/_3/_389-ds-base/package.nix @@ -0,0 +1,156 @@ +{ + lib, + stdenv, + fetchFromGitHub, + autoconf, + automake, + cargo, + libtool, + pkg-config, + cracklib, + lmdb, + json_c, + linux-pam, + libevent, + libxcrypt, + nspr, + nss, + openldap, + withOpenldap ? true, + db, + withBdb ? true, + cyrus_sasl, + icu, + net-snmp, + withNetSnmp ? true, + krb5, + pcre2, + python3, + rustPlatform, + rustc, + openssl, + withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd, + systemd, + zlib, + rsync, + withCockpit ? true, + withAsan ? false, + nix-update-script, +}: + +stdenv.mkDerivation (finalAttrs: { + pname = "389-ds-base"; + version = "3.1.1"; + + src = fetchFromGitHub { + owner = "389ds"; + repo = "389-ds-base"; + rev = "389-ds-base-${finalAttrs.version}"; + hash = "sha256-ouWJB5DbAtcLKyFngmxBRObXC6RFA+GXfvOEFk88Zu0="; + }; + + cargoDeps = rustPlatform.fetchCargoTarball { + inherit (finalAttrs) src; + sourceRoot = "${finalAttrs.src.name}/src"; + name = "389-ds-base-${finalAttrs.version}"; + hash = "sha256-nBYuVijF50K3JlEo2py0ephDwlnAhbxeNA4vvC9rEV0="; + }; + + nativeBuildInputs = [ + autoconf + automake + libtool + pkg-config + python3 + cargo + rustc + ] ++ lib.optional withCockpit rsync; + + buildInputs = + [ + cracklib + lmdb + json_c + linux-pam + libevent + libxcrypt + nspr + nss + cyrus_sasl + icu + krb5 + pcre2 + openssl + zlib + ] + ++ lib.optional withSystemd systemd + ++ lib.optional withOpenldap openldap + ++ lib.optional withBdb db + ++ lib.optional withNetSnmp net-snmp; + + postPatch = '' + patchShebangs ./buildnum.py ./ldap/servers/slapd/mkDBErrStrs.py + ''; + + preConfigure = '' + ./autogen.sh --prefix="$out" + ''; + + preBuild = '' + mkdir -p ./vendor + tar -xzf ${finalAttrs.cargoDeps} -C ./vendor --strip-components=1 + ''; + + configureFlags = + [ + "--enable-rust-offline" + "--enable-autobind" + ] + ++ lib.optionals withSystemd [ + "--with-systemd" + "--with-systemdsystemunitdir=${placeholder "out"}/etc/systemd/system" + ] + ++ lib.optionals withOpenldap [ + "--with-openldap" + ] + ++ lib.optionals withBdb [ + "--with-db-inc=${lib.getDev db}/include" + "--with-db-lib=${lib.getLib db}/lib" + ] + ++ lib.optionals withNetSnmp [ + "--with-netsnmp-inc=${lib.getDev net-snmp}/include" + "--with-netsnmp-lib=${lib.getLib net-snmp}/lib" + ] + ++ lib.optionals (!withCockpit) [ + "--disable-cockpit" + ] + ++ lib.optionals withAsan [ + "--enable-asan" + "--enable-debug" + ]; + + enableParallelBuilding = true; + # Disable parallel builds as those lack some dependencies: + # ld: cannot find -lslapd: No such file or directory + # https://hydra.nixos.org/log/h38bj77gav0r6jbi4bgzy1lfjq22k2wy-389-ds-base-2.3.1.drv + enableParallelInstalling = false; + + doCheck = true; + + installFlags = [ + "sysconfdir=${placeholder "out"}/etc" + "localstatedir=${placeholder "TMPDIR"}" + ]; + + passthru.version = finalAttrs.version; + + passthru.updateScript = nix-update-script { }; + + meta = { + homepage = "https://www.port389.org/"; + description = "Enterprise-class Open Source LDAP server for Linux"; + license = lib.licenses.gpl3Plus; + platforms = lib.platforms.linux; + maintainers = [ lib.maintainers.ners ]; + }; +}) diff --git a/pkgs/by-name/ai/aider-chat/package.nix b/pkgs/by-name/ai/aider-chat/package.nix index 400cce650f94..0218dcd0830d 100644 --- a/pkgs/by-name/ai/aider-chat/package.nix +++ b/pkgs/by-name/ai/aider-chat/package.nix @@ -12,7 +12,7 @@ let self = python3; packageOverrides = _: super: { tree-sitter = super.tree-sitter_0_21; }; }; - version = "0.61.0"; + version = "0.62.0"; in python3.pkgs.buildPythonApplication { pname = "aider-chat"; @@ -23,7 +23,7 @@ python3.pkgs.buildPythonApplication { owner = "Aider-AI"; repo = "aider"; rev = "refs/tags/v${version}"; - hash = "sha256-C1VMdLRb+FVN8zwWRa7RCkRxZgdUPNUfBdAjMi9efjQ="; + hash = "sha256-o5vyOaJSUcdwuHBbzgpo5RDpZLnIur5dM+b7Y7PVBXA="; }; pythonRelaxDeps = true; diff --git a/pkgs/applications/audio/cantata/dont-check-for-perl-in-PATH.diff b/pkgs/by-name/ca/cantata/dont-check-for-perl-in-PATH.diff similarity index 100% rename from pkgs/applications/audio/cantata/dont-check-for-perl-in-PATH.diff rename to pkgs/by-name/ca/cantata/dont-check-for-perl-in-PATH.diff diff --git a/pkgs/by-name/ca/cantata/package.nix b/pkgs/by-name/ca/cantata/package.nix new file mode 100644 index 000000000000..7bb809dae7ee --- /dev/null +++ b/pkgs/by-name/ca/cantata/package.nix @@ -0,0 +1,202 @@ +{ + stdenv, + lib, + fetchFromGitHub, + cmake, + pkg-config, + qt5, + perl, + + # Cantata doesn't build with cdparanoia enabled so we disable that + # default for now until I (or someone else) figure it out. + withCdda ? false, + cdparanoia, + withCddb ? false, + libcddb, + withLame ? false, + lame, + withMusicbrainz ? false, + libmusicbrainz5, + + withTaglib ? true, + taglib, + taglib_extras, + withHttpStream ? true, + withReplaygain ? true, + ffmpeg, + speex, + mpg123, + withMtp ? true, + libmtp, + withOnlineServices ? true, + withDevices ? true, + udisks2, + withDynamic ? true, + withHttpServer ? true, + withLibVlc ? false, + libvlc, + withStreams ? true, +}: + +# Inter-dependencies. +assert withCddb -> withCdda && withTaglib; +assert withCdda -> withCddb && withMusicbrainz; +assert withLame -> withCdda && withTaglib; +assert withMtp -> withTaglib; +assert withMusicbrainz -> withCdda && withTaglib; +assert withOnlineServices -> withTaglib; +assert withReplaygain -> withTaglib; +assert withLibVlc -> withHttpStream; + +let + fstat = x: fn: "-DENABLE_${fn}=${if x then "ON" else "OFF"}"; + + withUdisks = (withTaglib && withDevices && stdenv.hostPlatform.isLinux); + + options = [ + { + names = [ "CDDB" ]; + enable = withCddb; + pkgs = [ libcddb ]; + } + { + names = [ "CDPARANOIA" ]; + enable = withCdda; + pkgs = [ cdparanoia ]; + } + { + names = [ "DEVICES_SUPPORT" ]; + enable = withDevices; + pkgs = [ ]; + } + { + names = [ "DYNAMIC" ]; + enable = withDynamic; + pkgs = [ ]; + } + { + names = [ + "FFMPEG" + "MPG123" + "SPEEXDSP" + ]; + enable = withReplaygain; + pkgs = [ + ffmpeg + speex + mpg123 + ]; + } + { + names = [ "HTTPS_SUPPORT" ]; + enable = true; + pkgs = [ ]; + } + { + names = [ "HTTP_SERVER" ]; + enable = withHttpServer; + pkgs = [ ]; + } + { + names = [ "HTTP_STREAM_PLAYBACK" ]; + enable = withHttpStream; + pkgs = [ qt5.qtmultimedia ]; + } + { + names = [ "LAME" ]; + enable = withLame; + pkgs = [ lame ]; + } + { + names = [ "LIBVLC" ]; + enable = withLibVlc; + pkgs = [ libvlc ]; + } + { + names = [ "MTP" ]; + enable = withMtp; + pkgs = [ libmtp ]; + } + { + names = [ "MUSICBRAINZ" ]; + enable = withMusicbrainz; + pkgs = [ libmusicbrainz5 ]; + } + { + names = [ "ONLINE_SERVICES" ]; + enable = withOnlineServices; + pkgs = [ ]; + } + { + names = [ "STREAMS" ]; + enable = withStreams; + pkgs = [ ]; + } + { + names = [ + "TAGLIB" + "TAGLIB_EXTRAS" + ]; + enable = withTaglib; + pkgs = [ + taglib + taglib_extras + ]; + } + { + names = [ "UDISKS2" ]; + enable = withUdisks; + pkgs = [ udisks2 ]; + } + ]; + +in +stdenv.mkDerivation (finalAttrs: { + pname = "cantata"; + version = "2.5.0"; + + src = fetchFromGitHub { + owner = "CDrummond"; + repo = "cantata"; + rev = "v${finalAttrs.version}"; + hash = "sha256-UaZEKZvCA50WsdQSSJQQ11KTK6rM4ouCHDX7pn3NlQw="; + }; + + patches = [ + # Cantata wants to check if perl is in the PATH at runtime, but we + # patchShebangs the playlists scripts, making that unnecessary (perl will + # always be available because it's a dependency) + ./dont-check-for-perl-in-PATH.diff + ]; + + postPatch = '' + patchShebangs playlists + ''; + + buildInputs = [ + qt5.qtbase + qt5.qtsvg + (perl.withPackages (ppkgs: with ppkgs; [ URI ])) + ] ++ lib.flatten (builtins.catAttrs "pkgs" (builtins.filter (e: e.enable) options)); + + nativeBuildInputs = [ + cmake + pkg-config + qt5.qttools + qt5.wrapQtAppsHook + ]; + + cmakeFlags = lib.flatten (map (e: map (f: fstat e.enable f) e.names) options); + + meta = { + description = "Graphical client for MPD"; + mainProgram = "cantata"; + homepage = "https://github.com/cdrummond/cantata"; + license = lib.licenses.gpl3Only; + maintainers = with lib.maintainers; [ peterhoeg ]; + # Technically, Cantata should run on Darwin/Windows so if someone wants to + # bother figuring that one out, be my guest. + platforms = lib.platforms.unix; + badPlatforms = lib.platforms.darwin; + }; +}) diff --git a/pkgs/by-name/ju/jujutsu/package.nix b/pkgs/by-name/ju/jujutsu/package.nix index a978063acaa0..6e9a9f534e26 100644 --- a/pkgs/by-name/ju/jujutsu/package.nix +++ b/pkgs/by-name/ju/jujutsu/package.nix @@ -21,7 +21,7 @@ }: let - version = "0.22.0"; + version = "0.23.0"; in rustPlatform.buildRustPackage { @@ -32,10 +32,10 @@ rustPlatform.buildRustPackage { owner = "martinvonz"; repo = "jj"; rev = "v${version}"; - hash = "sha256-GbKmX1Ev/8di3A1XT5ZIRjzn2zP6DMye2NpA26PGVIs="; + hash = "sha256-NCeD+WA3uVl4l/KKFDtdG8+vpm10Y3rEAf8kY6SP0yo="; }; - cargoHash = "sha256-+3oO2M2293Nba6P8bejgZD5OxgCpkIRdcPICDswJyEU="; + cargoHash = "sha256-lnfh9zMMZfHhYY7kgmxuqZwoEQxiInjmHjzLabbUijU="; nativeBuildInputs = [ installShellFiles diff --git a/pkgs/by-name/ma/materia-theme-transparent/default.nix b/pkgs/by-name/ma/materia-theme-transparent/default.nix deleted file mode 100644 index 9eccec1c343b..000000000000 --- a/pkgs/by-name/ma/materia-theme-transparent/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - lib, - fetchFromGitHub, - materia-theme, -}: -materia-theme.overrideAttrs (oldAttrs: rec { - pname = "materia-theme-transparent"; - version = "0-unstable-2021-03-22"; - - src = fetchFromGitHub { - owner = "ckissane"; - repo = "materia-theme-transparent"; - rev = "c5d95bbddd59a717bfc4976737af429a89ba74e0"; - hash = "sha256-dHcwPTZFWO42wu1LbtGCMm2w/YHbjSUJnRKcaFllUbs="; - }; - - meta = { - description = "Transparent Material Design theme for GNOME/GTK based desktop environments"; - homepage = "https://github.com/ckissane/materia-theme-transparent"; - license = lib.licenses.gpl2Only; - platforms = lib.platforms.linux; - maintainers = [ lib.maintainers.corbinwunderlich ]; - }; -}) diff --git a/pkgs/by-name/se/sequoia-sq/package.nix b/pkgs/by-name/se/sequoia-sq/package.nix index 450113dda742..5d60be2f96c0 100644 --- a/pkgs/by-name/se/sequoia-sq/package.nix +++ b/pkgs/by-name/se/sequoia-sq/package.nix @@ -14,16 +14,16 @@ rustPlatform.buildRustPackage rec { pname = "sequoia-sq"; - version = "0.38.0"; + version = "0.39.0"; src = fetchFromGitLab { owner = "sequoia-pgp"; repo = "sequoia-sq"; rev = "v${version}"; - hash = "sha256-Zzk7cQs5zD+houNjK8s3tP9kZ2/eAUV/OE3/GrNAXk8="; + hash = "sha256-nLrwf/4vbASOAyOWlc4X9ZQKFq/Kdh83XadpRuquEA4="; }; - cargoHash = "sha256-Ou+YKfEOmMTZVg9unqoOibMQYsdNAYTq4ZoOANLRk2Y="; + cargoHash = "sha256-MnxvuO1KG7X2plFkQ/DNBHnH2cPi1X3SVbvcN8N7ZXk="; nativeBuildInputs = [ pkg-config @@ -68,7 +68,7 @@ rustPlatform.buildRustPackage rec { homepage = "https://sequoia-pgp.org/"; changelog = "https://gitlab.com/sequoia-pgp/sequoia-sq/-/blob/v${version}/NEWS"; license = lib.licenses.gpl2Plus; - maintainers = with lib.maintainers; [ minijackson doronbehar ]; + maintainers = with lib.maintainers; [ minijackson doronbehar dvn0 ]; mainProgram = "sq"; }; } diff --git a/pkgs/by-name/ze/zed-editor/Cargo.lock b/pkgs/by-name/ze/zed-editor/Cargo.lock index 798e6990f838..2732c56fab82 100644 --- a/pkgs/by-name/ze/zed-editor/Cargo.lock +++ b/pkgs/by-name/ze/zed-editor/Cargo.lock @@ -854,7 +854,7 @@ dependencies = [ "chrono", "futures-util", "http-types", - "hyper 0.14.31", + "hyper 0.14.30", "hyper-rustls 0.24.2", "serde", "serde_json", @@ -1350,7 +1350,7 @@ dependencies = [ "http-body 0.4.6", "http-body 1.0.1", "httparse", - "hyper 0.14.31", + "hyper 0.14.30", "hyper-rustls 0.24.2", "once_cell", "pin-project-lite", @@ -1441,7 +1441,7 @@ dependencies = [ "headers", "http 0.2.12", "http-body 0.4.6", - "hyper 0.14.31", + "hyper 0.14.30", "itoa", "matchit", "memchr", @@ -2366,7 +2366,7 @@ dependencies = [ "clickhouse-derive", "clickhouse-rs-cityhash-sys", "futures 0.3.30", - "hyper 0.14.31", + "hyper 0.14.30", "hyper-tls", "lz4", "sealed", @@ -2569,7 +2569,7 @@ dependencies = [ "gpui", "hex", "http_client", - "hyper 0.14.31", + "hyper 0.14.30", "indoc", "jsonwebtoken", "language", @@ -3718,6 +3718,7 @@ dependencies = [ "tree-sitter-rust", "tree-sitter-typescript", "ui", + "unicode-segmentation", "unindent", "url", "util", @@ -4909,12 +4910,13 @@ dependencies = [ "git", "gpui", "http_client", + "indoc", "pretty_assertions", "regex", "serde", "serde_json", - "unindent", "url", + "util", ] [[package]] @@ -5568,9 +5570,9 @@ checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" [[package]] name = "hyper" -version = "0.14.31" +version = "0.14.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c08302e8fa335b151b788c775ff56e7a03ae64ff85c548ee820fecb70356e85" +checksum = "a152ddd61dfaec7273fe8419ab357f33aee0d914c5f4efbf0d96fa749eea5ec9" dependencies = [ "bytes 1.7.2", "futures-channel", @@ -5618,7 +5620,7 @@ checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590" dependencies = [ "futures-util", "http 0.2.12", - "hyper 0.14.31", + "hyper 0.14.30", "log", "rustls 0.21.12", "rustls-native-certs 0.6.3", @@ -5651,7 +5653,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905" dependencies = [ "bytes 1.7.2", - "hyper 0.14.31", + "hyper 0.14.30", "native-tls", "tokio", "tokio-native-tls", @@ -6153,6 +6155,20 @@ dependencies = [ "simple_asn1", ] +[[package]] +name = "jupyter-serde" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0a444fb3f87ee6885eb316028cc998c7d84811663ef95d78c419419423d5a054" +dependencies = [ + "anyhow", + "chrono", + "serde", + "serde_json", + "thiserror", + "uuid", +] + [[package]] name = "khronos-egl" version = "6.0.0" @@ -7136,6 +7152,21 @@ dependencies = [ "tempfile", ] +[[package]] +name = "nbformat" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "146074ad45cab20f5d98ccded164826158471f21d04f96e40b9872529e10979d" +dependencies = [ + "anyhow", + "chrono", + "jupyter-serde", + "serde", + "serde_json", + "thiserror", + "uuid", +] + [[package]] name = "ndk" version = "0.8.0" @@ -9506,6 +9537,7 @@ dependencies = [ "log", "parking_lot", "prost", + "release_channel", "rpc", "serde", "serde_json", @@ -9583,6 +9615,7 @@ dependencies = [ "command_palette_hooks", "editor", "env_logger 0.11.5", + "feature_flags", "futures 0.3.30", "gpui", "http_client", @@ -9592,7 +9625,9 @@ dependencies = [ "languages", "log", "markdown_preview", + "menu", "multi_buffer", + "nbformat", "project", "runtimelib", "schemars", @@ -9627,7 +9662,7 @@ dependencies = [ "h2 0.3.26", "http 0.2.12", "http-body 0.4.6", - "hyper 0.14.31", + "hyper 0.14.30", "hyper-tls", "ipnet", "js-sys", @@ -9866,6 +9901,7 @@ dependencies = [ "gpui", "log", "rand 0.8.5", + "rayon", "smallvec", "sum_tree", "unicode-segmentation", @@ -9931,9 +9967,9 @@ dependencies = [ [[package]] name = "runtimelib" -version = "0.15.1" +version = "0.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43075bcdb843dc90af086586895247681fb79ed9dc24c62e5455995a807d3d85" +checksum = "263588fe9593333c4bfde258c9021fc64e766ea434e070c6b67c7100536d6499" dependencies = [ "anyhow", "async-dispatcher", @@ -9945,6 +9981,7 @@ dependencies = [ "dirs 5.0.1", "futures 0.3.30", "glob", + "jupyter-serde", "rand 0.8.5", "ring 0.17.8", "serde", @@ -13417,7 +13454,7 @@ dependencies = [ "futures-util", "headers", "http 0.2.12", - "hyper 0.14.31", + "hyper 0.14.30", "log", "mime", "mime_guess", @@ -14705,7 +14742,6 @@ dependencies = [ "parking_lot", "postage", "project", - "release_channel", "remote", "schemars", "serde", @@ -14735,6 +14771,7 @@ dependencies = [ "fuzzy", "git", "git2", + "git_hosting_providers", "gpui", "http_client", "ignore", @@ -14997,7 +15034,7 @@ dependencies = [ [[package]] name = "zed" -version = "0.159.10" +version = "0.160.7" dependencies = [ "activity_indicator", "anyhow", @@ -15137,13 +15174,6 @@ dependencies = [ "zed_extension_api 0.1.0", ] -[[package]] -name = "zed_dart" -version = "0.1.2" -dependencies = [ - "zed_extension_api 0.1.0", -] - [[package]] name = "zed_deno" version = "0.0.2" diff --git a/pkgs/by-name/ze/zed-editor/package.nix b/pkgs/by-name/ze/zed-editor/package.nix index 7bdbaa787d16..caf8cb18648e 100644 --- a/pkgs/by-name/ze/zed-editor/package.nix +++ b/pkgs/by-name/ze/zed-editor/package.nix @@ -88,13 +88,13 @@ let in rustPlatform.buildRustPackage rec { pname = "zed-editor"; - version = "0.159.10"; + version = "0.160.7"; src = fetchFromGitHub { owner = "zed-industries"; repo = "zed"; rev = "refs/tags/v${version}"; - hash = "sha256-D3hKOJYkPquqBGTrAPS6dIcGafLYERmmwXj2PZh3Xfs="; + hash = "sha256-mbBETOZVXTcfS+yGWPqEh+NEjo6UMTvk3XMghd8+s/s="; }; patches = diff --git a/pkgs/development/compilers/dtc/default.nix b/pkgs/development/compilers/dtc/default.nix index e7a17cba66c8..f407fba956a1 100644 --- a/pkgs/development/compilers/dtc/default.nix +++ b/pkgs/development/compilers/dtc/default.nix @@ -16,11 +16,11 @@ stdenv.mkDerivation (finalAttrs: { pname = "dtc"; - version = "1.7.1"; + version = "1.7.2"; src = fetchzip { url = "https://git.kernel.org/pub/scm/utils/dtc/dtc.git/snapshot/dtc-v${finalAttrs.version}.tar.gz"; - hash = "sha256-Zl2bOGDJIe/bhMFNsy969JYCYqtXTOzgb+bbOlKqOco="; + hash = "sha256-KZCzrvdWd6zfQHppjyp4XzqNCfH2UnuRneu+BNIRVAY="; }; patches = [ diff --git a/pkgs/development/compilers/go/1.22.nix b/pkgs/development/compilers/go/1.22.nix index 926654146037..4bb68cb2d3e8 100644 --- a/pkgs/development/compilers/go/1.22.nix +++ b/pkgs/development/compilers/go/1.22.nix @@ -46,11 +46,11 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "go"; - version = "1.22.8"; + version = "1.22.9"; src = fetchurl { url = "https://go.dev/dl/go${finalAttrs.version}.src.tar.gz"; - hash = "sha256-3xLCPr8Z3qD0v0aiLL7aSj7Kb0dPMYOQzndJdCeEQLg="; + hash = "sha256-6Bo2L1Gu4hJXIrAY5GcU5qBVoZVCg0FMD5N+c3AT2yI="; }; strictDeps = true; diff --git a/pkgs/development/libraries/capstone/default.nix b/pkgs/development/libraries/capstone/default.nix index 1aed26cec87d..9342000c864b 100644 --- a/pkgs/development/libraries/capstone/default.nix +++ b/pkgs/development/libraries/capstone/default.nix @@ -7,16 +7,18 @@ stdenv.mkDerivation rec { pname = "capstone"; - version = "5.0.1"; + version = "5.0.3"; src = fetchFromGitHub { owner = "capstone-engine"; repo = "capstone"; rev = version; - sha256 = "sha256-kKmL5sae9ruWGu1gas1mel9qM52qQOD+zLj8cRE3isg="; + hash = "sha256-LZ10czBn5oaKMHQ8xguC6VZa7wvEgPRu6oWt/22QaDs="; }; - cmakeFlags = [ "-DBUILD_SHARED_LIBS=ON" ]; + cmakeFlags = [ + (lib.cmakeBool "BUILD_SHARED_LIBS" true) + ] ++ lib.optionals stdenv.isDarwin [ (lib.cmakeBool "CAPSTONE_BUILD_MACOS_THIN" true) ]; nativeBuildInputs = [ cmake diff --git a/pkgs/development/libraries/java/hydra-ant-logger/default.nix b/pkgs/development/libraries/java/hydra-ant-logger/default.nix index 8f7282df0bb2..2e643dc3a971 100644 --- a/pkgs/development/libraries/java/hydra-ant-logger/default.nix +++ b/pkgs/development/libraries/java/hydra-ant-logger/default.nix @@ -1,9 +1,10 @@ -{ lib -, stdenv -, fetchFromGitHub -, ant -, jdk -, stripJavaArchivesHook +{ + lib, + stdenv, + fetchFromGitHub, + ant, + jdk, + stripJavaArchivesHook, }: stdenv.mkDerivation { @@ -31,9 +32,9 @@ stdenv.mkDerivation { ''; installPhase = '' - runHook preBuild + runHook preInstall install -Dm644 *.jar -t $out/share/java - runHook postBuild + runHook postInstall ''; meta = { diff --git a/pkgs/development/lua-modules/generated-packages.nix b/pkgs/development/lua-modules/generated-packages.nix index 74766554169d..b1f18061bd43 100644 --- a/pkgs/development/lua-modules/generated-packages.nix +++ b/pkgs/development/lua-modules/generated-packages.nix @@ -3406,14 +3406,14 @@ buildLuarocksPackage { toml-edit = callPackage({ buildLuarocksPackage, fetchurl, fetchzip, luaOlder, luarocks-build-rust-mlua }: buildLuarocksPackage { pname = "toml-edit"; - version = "0.5.0-1"; + version = "0.6.0-1"; knownRockspec = (fetchurl { - url = "mirror://luarocks/toml-edit-0.5.0-1.rockspec"; - sha256 = "1d80s6jcdw7ny52vda7lx4xccmavnl7sji1bcchmbc7krbf6s7v0"; + url = "mirror://luarocks/toml-edit-0.6.0-1.rockspec"; + sha256 = "10mmxaw2nxg80zx7idfy3sjj4d4ma2g2bja14bnk1qx584dy7m4k"; }).outPath; src = fetchzip { - url = "https://github.com/nvim-neorocks/toml-edit.lua/archive/v0.5.0.zip"; - sha256 = "0cfsp9h7kjm52mrjf42jrp3np7akql8ynlnvq32m2ayshjdsdx6q"; + url = "https://github.com/nvim-neorocks/toml-edit.lua/archive/v0.6.0.zip"; + sha256 = "1f574g0c5h40jr0l1gzniz3qzxn1pcnfyzrizqp311i1qnkz05ir"; }; disabled = luaOlder "5.1"; diff --git a/pkgs/development/lua-modules/overrides.nix b/pkgs/development/lua-modules/overrides.nix index 4f99dec11a40..8ad01a57b105 100644 --- a/pkgs/development/lua-modules/overrides.nix +++ b/pkgs/development/lua-modules/overrides.nix @@ -831,7 +831,7 @@ in cargoDeps = rustPlatform.fetchCargoTarball { src = oa.src; - hash = "sha256-2WN5RoM1G2SE6H3g5pmEQvOoSCoaw3xMG8cDdfU2DAo="; + hash = "sha256-+LiqX4ZUyr6qj0Q91TB1eu6SWgAx/kps9tOkDW18tMo="; }; NIX_LDFLAGS = lib.optionalString stdenv.hostPlatform.isDarwin diff --git a/pkgs/development/python-modules/capstone/default.nix b/pkgs/development/python-modules/capstone/default.nix index e735871268e5..e869c9567d63 100644 --- a/pkgs/development/python-modules/capstone/default.nix +++ b/pkgs/development/python-modules/capstone/default.nix @@ -4,7 +4,6 @@ capstone, stdenv, setuptools, - fetchpatch, }: buildPythonPackage rec { @@ -13,15 +12,6 @@ buildPythonPackage rec { src = capstone.src; sourceRoot = "${src.name}/bindings/python"; - patches = [ - # Drop distutils in python binding (PR 2271) - (fetchpatch { - name = "drop-distutils-in-python-binding.patch"; - url = "https://github.com/capstone-engine/capstone/commit/d63211e3acb64fceb8b1c4a0d804b4b027f4ef71.patch"; - hash = "sha256-zUGeFmm3xH5dzfPJE8nnHwqwFBrsZ7w8LBJAy20/3RI="; - stripLen = 2; - }) - ]; # libcapstone.a is not built with BUILD_SHARED_LIBS. For some reason setup.py # checks if it exists but it is not really needed. Most likely a bug in setup.py. @@ -42,8 +32,10 @@ buildPythonPackage rec { checkPhase = '' mv capstone capstone.hidden - patchShebangs test_* - make check + pushd tests + patchShebangs test_* + make -f ../Makefile check + popd ''; meta = with lib; { diff --git a/pkgs/development/python-modules/django-oauth-toolkit/default.nix b/pkgs/development/python-modules/django-oauth-toolkit/default.nix index ae4a56d8790b..41265d7e99c7 100644 --- a/pkgs/development/python-modules/django-oauth-toolkit/default.nix +++ b/pkgs/development/python-modules/django-oauth-toolkit/default.nix @@ -2,6 +2,7 @@ lib, buildPythonPackage, fetchFromGitHub, + setuptools, # propagates django, @@ -18,29 +19,29 @@ buildPythonPackage rec { pname = "django-oauth-toolkit"; - version = "2.4.0"; - format = "setuptools"; + version = "3.0.1"; + pyproject = true; src = fetchFromGitHub { owner = "jazzband"; - repo = pname; + repo = "django-oauth-toolkit"; rev = "refs/tags/${version}"; - hash = "sha256-nfLjjVp+6OsjFdJHUZ2gzZic/E/sCklj+YeFyb/EZdw="; + hash = "sha256-Ya0KlX+vtLXN2Fgk0Gv7KemJCUTwkaH+4GQA1ByUlBY="; }; postPatch = '' - sed -i '/cov/d' tox.ini + sed -i '/cov/d' pyproject.toml ''; - propagatedBuildInputs = [ + build-system = [ setuptools ]; + + dependencies = [ django jwcrypto oauthlib requests ]; - pythonRelaxDeps = [ "django" ]; - DJANGO_SETTINGS_MODULE = "tests.settings"; # xdist is disabled right now because it can cause race conditions on high core machines @@ -58,10 +59,11 @@ buildPythonPackage rec { "test_response_when_auth_server_response_return_404" ]; - meta = with lib; { + meta = { description = "OAuth2 goodies for the Djangonauts"; homepage = "https://github.com/jazzband/django-oauth-toolkit"; - license = licenses.bsd2; - maintainers = with maintainers; [ mmai ]; + changelog = "https://github.com/jazzband/django-oauth-toolkit/django-filer/blob/${version}/CHANGELOG.md"; + license = lib.licenses.bsd2; + maintainers = with lib.maintainers; [ mmai ]; }; } diff --git a/pkgs/development/python-modules/facedancer/default.nix b/pkgs/development/python-modules/facedancer/default.nix index 516eb08e4f46..8c92b3dbed46 100644 --- a/pkgs/development/python-modules/facedancer/default.nix +++ b/pkgs/development/python-modules/facedancer/default.nix @@ -1,37 +1,57 @@ { lib, buildPythonPackage, - fetchPypi, - isPy3k, + fetchFromGitHub, + pythonOlder, pyusb, pyserial, + prompt-toolkit, + libusb1, + setuptools, }: buildPythonPackage rec { pname = "facedancer"; - version = "2019.3.2"; - format = "setuptools"; + version = "3.0.4"; + pyproject = true; + disabled = pythonOlder "3.8"; - src = fetchPypi { - inherit pname version; - sha256 = "1zhwnlfksblgp54njd9gjsrr5ibg12cx1x9xxcqkcdfhn3m2kmm0"; + src = fetchFromGitHub { + owner = "greatscottgadgets"; + repo = "facedancer"; + rev = "refs/tags/${version}"; + hash = "sha256-Cl6cohelJkpr2Nokfwwm7GQIg7ZipPL3v44JVWsHUNI="; }; - disabled = !isPy3k; - - propagatedBuildInputs = [ - pyusb - pyserial - ]; - - preBuild = '' - echo "$version" > VERSION + postPatch = '' + substituteInPlace pyproject.toml \ + --replace-fail '"setuptools-git-versioning<2"' "" \ + --replace-fail 'dynamic = ["version"]' 'version = "${version}"' ''; - meta = with lib; { - description = "library for emulating usb devices"; - homepage = "https://greatscottgadgets.com/greatfet/"; - license = licenses.bsd3; - maintainers = with maintainers; [ mog ]; + build-system = [ + setuptools + ]; + + dependencies = [ + pyusb + pyserial + prompt-toolkit + libusb1 + ]; + + pythonImportsCheck = [ + "facedancer" + ]; + + meta = { + changelog = "https://github.com/greatscottgadgets/facedancer/releases/tag/${version}"; + description = "Implement your own USB device in Python, supported by a hardware peripheral such as Cynthion or GreatFET"; + homepage = "https://github.com/greatscottgadgets/facedancer"; + license = lib.licenses.bsd3; + maintainers = with lib.maintainers; [ + mog + carlossless + ]; }; } diff --git a/pkgs/development/python-modules/py-opensonic/default.nix b/pkgs/development/python-modules/py-opensonic/default.nix index 114c1814007d..3a7bb3244536 100644 --- a/pkgs/development/python-modules/py-opensonic/default.nix +++ b/pkgs/development/python-modules/py-opensonic/default.nix @@ -7,14 +7,14 @@ buildPythonPackage rec { pname = "py-opensonic"; - version = "5.2.0"; + version = "5.2.1"; pyproject = true; src = fetchFromGitHub { owner = "khers"; repo = "py-opensonic"; rev = "refs/tags/v${version}"; - hash = "sha256-8QhYzGZ9b2pyzhl5vyAWhjxtvF/vaEa6Qcw+RBGzkTQ="; + hash = "sha256-lVErs5f2LoCrMNr+f8Bm2Q6xQRNuisloqyRHchYTukk="; }; build-system = [ setuptools ]; diff --git a/pkgs/development/tools/analysis/checkov/default.nix b/pkgs/development/tools/analysis/checkov/default.nix index 95eadf1f94cb..272c27e3dec8 100644 --- a/pkgs/development/tools/analysis/checkov/default.nix +++ b/pkgs/development/tools/analysis/checkov/default.nix @@ -6,14 +6,14 @@ python3.pkgs.buildPythonApplication rec { pname = "checkov"; - version = "3.2.277"; + version = "3.2.281"; pyproject = true; src = fetchFromGitHub { owner = "bridgecrewio"; repo = "checkov"; rev = "refs/tags/${version}"; - hash = "sha256-Fd3PFoa7DFVnFmk1tJIlslqIrjch5xJtgYHaJC+2GHo="; + hash = "sha256-jKVO9qQ1PW/YjQhd/Pvy3L4z6vruwIMxVJDcMPXUhyc="; }; patches = [ ./flake8-compat-5.x.patch ]; diff --git a/pkgs/development/tools/build-managers/bloop/default.nix b/pkgs/development/tools/build-managers/bloop/default.nix index b6db8634c06e..91686a4af35f 100644 --- a/pkgs/development/tools/build-managers/bloop/default.nix +++ b/pkgs/development/tools/build-managers/bloop/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { pname = "bloop"; - version = "2.0.3"; + version = "2.0.4"; platform = if stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isx86_64 then "x86_64-pc-linux" @@ -36,9 +36,9 @@ stdenv.mkDerivation rec { bloop-binary = fetchurl rec { url = "https://github.com/scalacenter/bloop/releases/download/v${version}/bloop-${platform}"; sha256 = - if stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isx86_64 then "sha256-aEsEXGaKi+wziNAuuX3s/LWB6/fIjon9NF3w9c/lTUE=" - else if stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isx86_64 then "sha256-dEVWDwFVsg1eqrAAfuuR5FUFyAt44ev7UP7zxByzW14=" - else if stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64 then "sha256-0rYdivIas6ECwGPm3bACMzHhS+yxQNLtEPxPQAXkSg0=" + if stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isx86_64 then "sha256-h1G//MPoqME4WJsYYGiAgIBCeKtsvjLXPEHydJwRKNI=" + else if stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isx86_64 then "sha256-Tj7rdxbA4kxLSbsuTUkJPRw3P/yQHhypMwih6N/2m6c=" + else if stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64 then "sha256-CHYP6EdnpeJR10vgXifsFK2cX8wYk3CqF8z22644ngQ=" else throw "unsupported platform"; }; diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index f409fe00dffc..52cb45ad5319 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -2,22 +2,22 @@ "5.10": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-v5.10.226-hardened1.patch", - "sha256": "1vxcr0f3ikkg10wcvq76djxzmhlc6h5fv34xf8vm48wfi7ryajbk", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/v5.10.226-hardened1/linux-hardened-v5.10.226-hardened1.patch" + "name": "linux-hardened-v5.10.228-hardened1.patch", + "sha256": "1fzpiv9gn2krbx2v61j1dzzsdm0qlgps4rjdkzmi8a8fv9g1iq0p", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/v5.10.228-hardened1/linux-hardened-v5.10.228-hardened1.patch" }, - "sha256": "19hwwl5sbya65mch7fwmji2cli9b8796zjqbmkybjrarg1j9m8gn", - "version": "5.10.226" + "sha256": "0wkvn49sdy9ykyz6cqdqd9yplqfhc6b255w6wc17ky182mzqvk3n", + "version": "5.10.228" }, "5.15": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-v5.15.167-hardened1.patch", - "sha256": "1mwww490bf5i1njzyprnamfn8n471r94klgn7wghwi2f5vsn6j9g", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/v5.15.167-hardened1/linux-hardened-v5.15.167-hardened1.patch" + "name": "linux-hardened-v5.15.170-hardened1.patch", + "sha256": "16b3dzfgx737hsr16n9j3v4lr1qrl5vgsjmmcri0szbcd5sm0620", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/v5.15.170-hardened1/linux-hardened-v5.15.170-hardened1.patch" }, - "sha256": "0c6s6l5sz9ibws7bymb393ww0z9i3amsk1yx0bahipz3xhc1yxdi", - "version": "5.15.167" + "sha256": "1ag7fvixhdcyxv6rqfsvq2wh02g64r4rx8izvfb33nfnld2nangx", + "version": "5.15.170" }, "5.4": { "patch": { @@ -32,21 +32,31 @@ "6.1": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-v6.1.112-hardened1.patch", - "sha256": "1kna12dhs1csg2cd9ixm261pgnc44v7q67njd0z1mnjrk9q1y7n6", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.1.112-hardened1/linux-hardened-v6.1.112-hardened1.patch" + "name": "linux-hardened-v6.1.115-hardened1.patch", + "sha256": "1vly83nqpridysywj8aby6pmzjgz7jlk6ni957s9v05gfkvf906l", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.1.115-hardened1/linux-hardened-v6.1.115-hardened1.patch" }, - "sha256": "094z3wfcxqx2rbi072i5frshpy6rdvk39aahwm9nc07vc8sxxn4b", - "version": "6.1.112" + "sha256": "0vxs6zj4p0ihcp11h3svqy3wa1yph0f1vzc8dlvqh60zgs1bmn0g", + "version": "6.1.115" + }, + "6.11": { + "patch": { + "extra": "-hardened1", + "name": "linux-hardened-v6.11.6-hardened1.patch", + "sha256": "0g5drxsknvhcd80s1mwmbbc9d3v3qpj4c7rha95ygzwxidvagr9f", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.11.6-hardened1/linux-hardened-v6.11.6-hardened1.patch" + }, + "sha256": "1kiky6viwrgm47slpv234lfq1wrwj29p5rx168gix3q0jw0zcm69", + "version": "6.11.6" }, "6.6": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-v6.6.53-hardened1.patch", - "sha256": "09i25qrn18psyrzr8srav4zcbyqmn2z8ycfk9fix2pdfxsaxl8h9", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.6.53-hardened1/linux-hardened-v6.6.53-hardened1.patch" + "name": "linux-hardened-v6.6.59-hardened1.patch", + "sha256": "1vdyryd0m9rr0z2pznq6jyxbdhy4w4x85c37gfl4sbbcs9549gnw", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.6.59-hardened1/linux-hardened-v6.6.59-hardened1.patch" }, - "sha256": "0yfpyiz57wz9rkwif6n3k2n87waw46ad0h7h0pwhnar53cfihp98", - "version": "6.6.53" + "sha256": "0vd76ccd4li4wsg04gc4nai9f4y1nknz967qby0i53y0v046hq93", + "version": "6.6.59" } } diff --git a/pkgs/servers/ldap/389/default.nix b/pkgs/servers/ldap/389/default.nix deleted file mode 100644 index e8cfaa1f1ca6..000000000000 --- a/pkgs/servers/ldap/389/default.nix +++ /dev/null @@ -1,145 +0,0 @@ -{ lib -, stdenv -, fetchFromGitHub -, autoconf -, automake -, cargo -, libtool -, pkg-config -, cracklib -, lmdb -, json_c -, linux-pam -, libevent -, libxcrypt -, nspr -, nss -, openldap -, withOpenldap ? true -, db -, withBdb ? true -, cyrus_sasl -, icu -, net-snmp -, withNetSnmp ? true -, krb5 -, pcre2 -, python3 -, rustPlatform -, rustc -, openssl -, withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd, systemd -, zlib -, rsync -, withCockpit ? true -, withAsan ? false -}: - -stdenv.mkDerivation rec { - pname = "389-ds-base"; - version = "2.4.6"; - - src = fetchFromGitHub { - owner = "389ds"; - repo = pname; - rev = "${pname}-${version}"; - hash = "sha256-+FTCzEyQY71TCkj8HMnSkrnQtxjHxOmtYhfZEAYOLis="; - }; - - cargoDeps = rustPlatform.fetchCargoTarball { - inherit src; - sourceRoot = "${src.name}/src"; - name = "${pname}-${version}"; - hash = "sha256-2Ng268tfbMRU3Uyo5ljSS/HxPnw1abvGjcczo25HyVk="; - }; - - nativeBuildInputs = [ - autoconf - automake - libtool - pkg-config - python3 - cargo - rustc - ] - ++ lib.optional withCockpit rsync; - - buildInputs = [ - cracklib - lmdb - json_c - linux-pam - libevent - libxcrypt - nspr - nss - cyrus_sasl - icu - krb5 - pcre2 - openssl - zlib - ] - ++ lib.optional withSystemd systemd - ++ lib.optional withOpenldap openldap - ++ lib.optional withBdb db - ++ lib.optional withNetSnmp net-snmp; - - postPatch = '' - patchShebangs ./buildnum.py ./ldap/servers/slapd/mkDBErrStrs.py - ''; - - preConfigure = '' - ./autogen.sh --prefix="$out" - ''; - - preBuild = '' - mkdir -p ./vendor - tar -xzf ${cargoDeps} -C ./vendor --strip-components=1 - ''; - - configureFlags = [ - "--enable-rust-offline" - "--enable-autobind" - ] - ++ lib.optionals withSystemd [ - "--with-systemd" - "--with-systemdsystemunitdir=${placeholder "out"}/etc/systemd/system" - ] ++ lib.optionals withOpenldap [ - "--with-openldap" - ] ++ lib.optionals withBdb [ - "--with-db-inc=${lib.getDev db}/include" - "--with-db-lib=${lib.getLib db}/lib" - ] ++ lib.optionals withNetSnmp [ - "--with-netsnmp-inc=${lib.getDev net-snmp}/include" - "--with-netsnmp-lib=${lib.getLib net-snmp}/lib" - ] ++ lib.optionals (!withCockpit) [ - "--disable-cockpit" - ] ++ lib.optionals withAsan [ - "--enable-asan" - "--enable-debug" - ]; - - enableParallelBuilding = true; - # Disable parallel builds as those lack some dependencies: - # ld: cannot find -lslapd: No such file or directory - # https://hydra.nixos.org/log/h38bj77gav0r6jbi4bgzy1lfjq22k2wy-389-ds-base-2.3.1.drv - enableParallelInstalling = false; - - doCheck = true; - - installFlags = [ - "sysconfdir=${placeholder "out"}/etc" - "localstatedir=${placeholder "TMPDIR"}" - ]; - - passthru.version = version; - - meta = with lib; { - homepage = "https://www.port389.org/"; - description = "Enterprise-class Open Source LDAP server for Linux"; - license = licenses.gpl3Plus; - platforms = platforms.linux; - maintainers = [ maintainers.ners ]; - }; -} diff --git a/pkgs/tools/networking/cloudflare-warp/default.nix b/pkgs/tools/networking/cloudflare-warp/default.nix index fb03bee688a6..edb6b4af1e5c 100644 --- a/pkgs/tools/networking/cloudflare-warp/default.nix +++ b/pkgs/tools/networking/cloudflare-warp/default.nix @@ -54,7 +54,7 @@ stdenv.mkDerivation rec { categories = [ "Utility" "Security" "ConsoleOnly" ]; noDisplay = true; mimeTypes = [ "x-scheme-handler/com.cloudflare.warp" ]; - exec = "warp-cli teams-enroll-token %u"; + exec = "warp-cli --accept-tos registration token %u"; startupNotify = false; terminal = true; }) diff --git a/pkgs/tools/security/ghidra/build.nix b/pkgs/tools/security/ghidra/build.nix index b9a756dd597c..edda86957f1d 100644 --- a/pkgs/tools/security/ghidra/build.nix +++ b/pkgs/tools/security/ghidra/build.nix @@ -20,7 +20,7 @@ let pkg_path = "$out/lib/ghidra"; pname = "ghidra"; - version = "11.2"; + version = "11.2.1"; releaseName = "NIX"; distroPrefix = "ghidra_${version}_${releaseName}"; @@ -28,7 +28,7 @@ let owner = "NationalSecurityAgency"; repo = "Ghidra"; rev = "Ghidra_${version}_build"; - hash = "sha256-iO6g3t8JNdc/wAC+JG+6Y7aZCq7T9zYQC3KKZcr+wzc="; + hash = "sha256-UVX56yNZSAbUejiQ0AIn00r7R+fUW1DEjZmCr1iYwV4="; # populate values that require us to use git. By doing this in postFetch we # can delete .git afterwards and maintain better reproducibility of the src. leaveDotGit = true; diff --git a/pkgs/tools/security/ghidra/deps.json b/pkgs/tools/security/ghidra/deps.json index e4b3795d929e..86aa37d75499 100644 --- a/pkgs/tools/security/ghidra/deps.json +++ b/pkgs/tools/security/ghidra/deps.json @@ -38,37 +38,37 @@ } }, "https://github.com": { - "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2/FunctionID/vs2012_x64": { + "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2.1/FunctionID/vs2012_x64": { "fidb": "sha256-1OmKs/eQuDF5MhhDC7oNiySl+/TaZbDB/6jLDPvrDNw=" }, - "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2/FunctionID/vs2012_x86": { + "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2.1/FunctionID/vs2012_x86": { "fidb": "sha256-pJDtfi7SHlh0Wf6urOcDa37eTOhOcuEN/YxXQ0ppGLY=" }, - "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2/FunctionID/vs2015_x64": { + "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2.1/FunctionID/vs2015_x64": { "fidb": "sha256-4E6eQPnstgHIX02E7Zv2a0U2O+HR6CwWLkyZArjLUI8=" }, - "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2/FunctionID/vs2015_x86": { + "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2.1/FunctionID/vs2015_x86": { "fidb": "sha256-tm7mlmU+LtNlkZ3qrviFEDEgx5LiLnmvcNEgnX4dhkQ=" }, - "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2/FunctionID/vs2017_x64": { + "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2.1/FunctionID/vs2017_x64": { "fidb": "sha256-1fpfaXKYF0+lPSR9NZnmoSiEYFrRgce5VOI4DsHwvYk=" }, - "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2/FunctionID/vs2017_x86": { + "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2.1/FunctionID/vs2017_x86": { "fidb": "sha256-04nLjXb/SlnKNfiRuFIccq1fDfluJTlzotIahhSkzIE=" }, - "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2/FunctionID/vs2019_x64": { + "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2.1/FunctionID/vs2019_x64": { "fidb": "sha256-FQAHeW/DakBpZgrWJEmq2q890Rs4ZKXvIeeYMcnOkRg=" }, - "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2/FunctionID/vs2019_x86": { + "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2.1/FunctionID/vs2019_x86": { "fidb": "sha256-62MKNvqlhqNx63NNwLvY0TzK72l/PbWHJZY1jz3SQyo=" }, - "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2/FunctionID/vsOlder_x64": { + "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2.1/FunctionID/vsOlder_x64": { "fidb": "sha256-jDtR9GYM0n4aDWEKnz8tX7yDOmasnuQ5PuLySB6FWGY=" }, - "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2/FunctionID/vsOlder_x86": { + "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2.1/FunctionID/vsOlder_x86": { "fidb": "sha256-mGBca2uSFKlF2ETkHIWGDVRkmkW8p4c+9pkcDpNyB4c=" }, - "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2/lib/java-sarif-2.1-modified": { + "NationalSecurityAgency/ghidra-data/raw/Ghidra_11.2.1/lib/java-sarif-2.1-modified": { "jar": "sha256-f3NlZklHVtJxql5LGvbIncUNB0qxxjdKR9+CImQiawE=" }, "pxb1988/dex2jar/releases/download/v2.1/dex2jar-2.1": { diff --git a/pkgs/tools/security/trueseeing/default.nix b/pkgs/tools/security/trueseeing/default.nix index c80abb6c3164..2a5001a41a51 100644 --- a/pkgs/tools/security/trueseeing/default.nix +++ b/pkgs/tools/security/trueseeing/default.nix @@ -1,18 +1,19 @@ -{ lib -, fetchFromGitHub -, python3 +{ + lib, + fetchFromGitHub, + python3, }: python3.pkgs.buildPythonApplication rec { pname = "trueseeing"; - version = "2.2.2"; + version = "2.2.4"; pyproject = true; src = fetchFromGitHub { owner = "alterakey"; repo = "trueseeing"; rev = "refs/tags/v${version}"; - hash = "sha256-5IHJXlpHZJFKj7rdmRsWA5FXZFJf3usGsLgXx1cYEmU="; + hash = "sha256-2KELqHa6lw9wdJBaC90vTZSjD7tfkr3K6yDNhqBQrR0="; }; build-system = with python3.pkgs; [ @@ -24,12 +25,13 @@ python3.pkgs.buildPythonApplication rec { dependencies = with python3.pkgs; [ aiohttp asn1crypto - attrs importlib-metadata jinja2 lief lxml progressbar2 + prompt-toolkit + pyaxmlparser pypubsub pyyaml termcolor @@ -43,12 +45,12 @@ python3.pkgs.buildPythonApplication rec { "trueseeing" ]; - meta = with lib; { + meta = { description = "Non-decompiling Android vulnerability scanner"; homepage = "https://github.com/alterakey/trueseeing"; changelog = "https://github.com/alterakey/trueseeing/releases/tag/v${version}"; - license = with licenses; [ gpl3Plus ]; - maintainers = with maintainers; [ fab ]; + license = lib.licenses.gpl3Plus; + maintainers = [ lib.maintainers.fab ]; mainProgram = "trueseeing"; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 45a812c40c27..db487373d37f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6117,8 +6117,6 @@ with pkgs; davix-copy = davix.override { enableThirdPartyCopy = true; }; - cantata = libsForQt5.callPackage ../applications/audio/cantata { }; - cantoolz = callPackage ../tools/networking/cantoolz { }; can-utils = callPackage ../os-specific/linux/can-utils { }; @@ -23815,8 +23813,6 @@ with pkgs; ### SERVERS - _389-ds-base = callPackage ../servers/ldap/389 { }; - _5etools = callPackage ../servers/web-apps/5etools { }; adguardhome = callPackage ../servers/adguardhome { }; @@ -25646,6 +25642,8 @@ with pkgs; linux_6_1_hardened = linuxKernel.kernels.linux_6_1_hardened; linuxPackages_6_6_hardened = linuxKernel.packages.linux_6_6_hardened; linux_6_6_hardened = linuxKernel.kernels.linux_6_6_hardened; + linuxPackages_6_11_hardened = linuxKernel.packages.linux_6_11_hardened; + linux_6_11_hardened = linuxKernel.kernels.linux_6_11_hardened; # GNU Linux-libre kernels linuxPackages-libre = linuxKernel.packages.linux_libre; @@ -38377,4 +38375,8 @@ with pkgs; dillo = callPackage ../by-name/di/dillo/package.nix { fltk = fltk13; }; + + cantata = callPackage ../by-name/ca/cantata/package.nix { + ffmpeg = ffmpeg_6; + }; } diff --git a/pkgs/top-level/linux-kernels.nix b/pkgs/top-level/linux-kernels.nix index 663aa9191cc3..327ac3eb160d 100644 --- a/pkgs/top-level/linux-kernels.nix +++ b/pkgs/top-level/linux-kernels.nix @@ -263,6 +263,7 @@ in { linux_5_15_hardened = hardenedKernelFor kernels.linux_5_15 { }; linux_6_1_hardened = hardenedKernelFor kernels.linux_6_1 { }; linux_6_6_hardened = hardenedKernelFor kernels.linux_6_6 { }; + linux_6_11_hardened = hardenedKernelFor kernels.linux_6_11 { }; } // lib.optionalAttrs config.allowAliases { linux_4_14 = throw "linux 4.14 was removed because it will reach its end of life within 23.11"; @@ -658,6 +659,7 @@ in { linux_5_15_hardened = recurseIntoAttrs (packagesFor kernels.linux_5_15_hardened); linux_6_1_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_1_hardened); linux_6_6_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_6_hardened); + linux_6_11_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_11_hardened); linux_zen = recurseIntoAttrs (packagesFor kernels.linux_zen); linux_lqx = recurseIntoAttrs (packagesFor kernels.linux_lqx);