Merge staging-next into staging

maintainers/maintainer-list.nix

@@ -9289,6 +9289,12 @@
     github = "josephst";
     githubId = 1269177;
   };
+  josephsurin = {
+    name = "Joseph Surin";
+    email = "nix@jsur.in";
+    github = "josephsurin";
+    githubId = 14977484;
+  };
   joshniemela = {
     name = "Joshua Niemelä";
     email = "josh@jniemela.dk";

nixos/modules/services/home-automation/home-assistant.nix

@@ -52,7 +52,7 @@ let
     hasAttrByPath (splitString "." component) cfg.config
     || useComponentPlatform component
     || useExplicitComponent component
-    || builtins.elem component cfg.extraComponents;
+    || builtins.elem component (cfg.extraComponents ++ cfg.defaultIntegrations);
 
   # Final list of components passed into the package to include required dependencies
   extraComponents = filter useComponent availableComponents;
@@ -103,6 +103,45 @@ in {
       description = lib.mdDoc "The config directory, where your {file}`configuration.yaml` is located.";
     };
 
+    defaultIntegrations = mkOption {
+      type = types.listOf (types.enum availableComponents);
+      # https://github.com/home-assistant/core/blob/dev/homeassistant/bootstrap.py#L109
+      default = [
+        "application_credentials"
+        "frontend"
+        "hardware"
+        "logger"
+        "network"
+        "system_health"
+
+        # key features
+        "automation"
+        "person"
+        "scene"
+        "script"
+        "tag"
+        "zone"
+
+        # built-in helpers
+        "counter"
+        "input_boolean"
+        "input_button"
+        "input_datetime"
+        "input_number"
+        "input_select"
+        "input_text"
+        "schedule"
+        "timer"
+
+        # non-supervisor
+        "backup"
+      ];
+      readOnly = true;
+      description = ''
+        List of integrations set are always set up, unless in recovery mode.
+      '';
+    };
+
     extraComponents = mkOption {
       type = types.listOf (types.enum availableComponents);
       default = [

nixos/modules/services/networking/nftables.nix

@@ -185,6 +185,19 @@ in
           can be loaded using "nft -f".  The ruleset is updated atomically.
         '';
     };
+
+    networking.nftables.flattenRulesetFile = mkOption {
+      type = types.bool;
+      default = false;
+      description = lib.mdDoc ''
+        Use `builtins.readFile` rather than `include` to handle {option}`networking.nftables.rulesetFile`. It is useful when you want to apply {option}`networking.nftables.preCheckRuleset` to {option}`networking.nftables.rulesetFile`.
+
+        ::: {.note}
+        It is expected that {option}`networking.nftables.rulesetFile` can be accessed from the build sandbox.
+        :::
+      '';
+    };
+
     networking.nftables.tables = mkOption {
       type = types.attrsOf (types.submodule tableSubmodule);
 
@@ -295,9 +308,13 @@ in
               }
             '') enabledTables)}
             ${cfg.ruleset}
-            ${lib.optionalString (cfg.rulesetFile != null) ''
-              include "${cfg.rulesetFile}"
-            ''}
+            ${if cfg.rulesetFile != null then
+              if cfg.flattenRulesetFile then
+                builtins.readFile cfg.rulesetFile
+                else ''
+                  include "${cfg.rulesetFile}"
+                ''
+              else ""}
           '';
           checkPhase = lib.optionalString cfg.checkRuleset ''
             cp $out ruleset.conf

nixos/modules/virtualisation/qemu-vm.nix

@@ -738,7 +738,7 @@ in
             See the [QEMU Wiki on Networking](https://wiki.qemu.org/Documentation/Networking) for details.
 
             If you override this option, be advised to keep
-            ''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} (as seen in the example)
+            `''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}` (as seen in the example)
             to keep the default runtime behaviour.
           '';
         };
@@ -813,14 +813,19 @@ in
           defaultText = "!cfg.useBootLoader";
           description =
             lib.mdDoc ''
-              If enabled, the virtual machine will boot directly into the kernel instead of through a bootloader. Other relevant parameters such as the initrd are also passed to QEMU.
+              If enabled, the virtual machine will boot directly into the kernel instead of through a bootloader.
+              Read more about this feature in the [QEMU documentation on Direct Linux Boot](https://qemu-project.gitlab.io/qemu/system/linuxboot.html)
 
+              This is enabled by default.
               If you want to test netboot, consider disabling this option.
+              Enable a bootloader with {option}`virtualisation.useBootLoader` if you need.
 
-              This will not boot / reboot correctly into a system that has switched to a different configuration on disk.
+              Relevant parameters such as those set in `boot.initrd` and `boot.kernelParams` are also passed to QEMU.
+              Additional parameters can be supplied on invocation through the environment variable `$QEMU_KERNEL_PARAMS`.
+              They are added to the `-append` option, see [QEMU User Documentation](https://www.qemu.org/docs/master/system/qemu-manpage) for details
+              For example, to let QEMU use the parent terminal as the serial console, set `QEMU_KERNEL_PARAMS="console=ttyS0"`.
 
-              This is enabled by default if you don't enable bootloaders, but you can still enable a bootloader if you need.
-              Read more about this feature: <https://qemu-project.gitlab.io/qemu/system/linuxboot.html>.
+              This will not (re-)boot correctly into a system that has switched to a different configuration on disk.
             '';
         };
       initrd =
@@ -850,6 +855,8 @@ in
 
             If disabled, the kernel and initrd are directly booted,
             forgoing any bootloader.
+
+            Check the documentation on {option}`virtualisation.directBoot.enable` for details.
           '';
       };
 

pkgs/applications/virtualization/virtualbox/default.nix

@@ -26,14 +26,14 @@ let
   buildType = "release";
   # Use maintainers/scripts/update.nix to update the version and all related hashes or
   # change the hashes in extpack.nix and guest-additions/default.nix as well manually.
-  version = "7.0.12";
+  version = "7.0.14";
 in stdenv.mkDerivation {
   pname = "virtualbox";
   inherit version;
 
   src = fetchurl {
     url = "https://download.virtualbox.org/virtualbox/${version}/VirtualBox-${version}.tar.bz2";
-    sha256 = "d76634c6ccf62503726a5aeae6c78a3462474c51a0ebe4942591ccc2d939890a";
+    sha256 = "45860d834804a24a163c1bb264a6b1cb802a5bc7ce7e01128072f8d6a4617ca9";
   };
 
   outputs = [ "out" "modsrc" ];

pkgs/applications/virtualization/virtualbox/extpack.nix

@@ -12,7 +12,7 @@ fetchurl rec {
     # Manually sha256sum the extensionPack file, must be hex!
     # Thus do not use `nix-prefetch-url` but instead plain old `sha256sum`.
     # Checksums can also be found at https://www.virtualbox.org/download/hashes/${version}/SHA256SUMS
-    let value = "dbf7ce39e5c021d420fc6b2045b084a68fc5172937192bd70c3207efa786278d";
+    let value = "42cb36fbf439a9ed28c95d2bbc718a0eac902225eb579c884c549af2e94be633";
     in assert (builtins.stringLength value) == 64; value;
 
   meta = {

pkgs/applications/virtualization/virtualbox/guest-additions/default.nix

@@ -23,7 +23,7 @@ in stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "http://download.virtualbox.org/virtualbox/${version}/VBoxGuestAdditions_${version}.iso";
-    sha256 = "b37f6aabe5a32e8b96ccca01f37fb49f4fd06674f1b29bc8fe0f423ead37b917";
+    sha256 = "0efbcb9bf4722cb19292ae00eba29587432e918d3b1f70905deb70f7cf78e8ce";
   };
 
   KERN_DIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build";

pkgs/build-support/kernel/make-initrd-ng/Cargo.lock

@@ -57,9 +57,9 @@ checksum = "b4596b6d070b27117e987119b4dac604f3c58cfb0b191112e24771b2faeac1a6"
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.76"
+version = "1.0.78"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "95fc56cda0b5c3325f5fbbd7ff9fda9e02bb00bb3dac51252d2f1bfa1cb8cc8c"
+checksum = "e2422ad645d89c99f8f3e6b88a9fdeca7fabeac836b1002371c4367c8f984aae"
 dependencies = [
  "unicode-ident",
 ]

pkgs/by-name/fl/flatter/package.nix

@@ -0,0 +1,51 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, unstableGitUpdater
+, cmake
+, blas
+, gmp
+, mpfr
+, fplll
+, eigen
+, llvmPackages
+}:
+
+stdenv.mkDerivation {
+  pname = "flatter";
+  version = "0-unstable-2023-08-10";
+
+  src = fetchFromGitHub {
+    owner = "keeganryan";
+    repo = "flatter";
+    rev = "500e31df6b7308e8101b2a4a9cc816bf8f483417";
+    hash = "sha256-STYx7cXvkcF+KqrG32pN16HWfEScc0zxkmOmfv43zIw=";
+  };
+
+  strictDeps = true;
+
+  nativeBuildInputs = [
+    cmake
+  ];
+
+  buildInputs = [
+    blas
+    gmp
+    mpfr
+    fplll
+    eigen
+  ] ++ lib.optionals stdenv.isDarwin [
+    llvmPackages.openmp
+  ];
+
+  passthru.updateScript = unstableGitUpdater { };
+
+  meta = with lib; {
+    description = "(F)ast (lat)tice (r)eduction of integer lattice bases";
+    homepage = "https://github.com/keeganryan/flatter";
+    license = licenses.lgpl3Only;
+    mainProgram = "flatter";
+    platforms = platforms.all;
+    maintainers = with maintainers; [ josephsurin ];
+  };
+}

pkgs/by-name/ht/htcondor/package.nix

@@ -20,14 +20,14 @@
 
 stdenv.mkDerivation rec {
   pname = "htcondor";
-  version = "23.3.0";
+  version = "23.4.0";
 
   src = fetchFromGitHub {
     owner = "htcondor";
     repo = "htcondor";
 
-    rev = "v23.3.0";
-    hash = "sha256-Ew9leVpvEndiRkOnhx2fLClrNW1bC5djcJEBsve6eIk=";
+    rev = "v23.4.0";
+    hash = "sha256-+WfNVxP7qsEpn8zPretLnOEAnPq0GylyxCbcQI8o0L0=";
   };
 
   nativeBuildInputs = [ cmake ];

pkgs/by-name/qs/qsreplace/package.nix

@@ -1,14 +1,12 @@
 { lib
 , fetchFromGitHub
-, buildGoPackage
+, buildGoModule
 }:
 
-buildGoPackage rec {
+buildGoModule rec {
   pname = "qsreplace";
   version = "0.0.3";
 
-  goPackagePath = "github.com/tomnomnom/qsreplace";
-
   src = fetchFromGitHub {
     owner = "tomnomnom";
     repo = "qsreplace";
@@ -16,6 +14,10 @@ buildGoPackage rec {
     hash = "sha256-j9bqO2gp4RUxZHGBCIxI5nA3nD1dG4nCpJ1i4TM/fbo=";
   };
 
+  vendorHash = null;
+
+  ldflags = [ "-s" "-w" ];
+
   meta = with lib; {
     homepage = "https://github.com/tomnomnom/qsreplace";
     description = "Accept URLs on stdin, replace all query string values with a user-supplied value";

pkgs/development/libraries/libvirt/default.nix

@@ -159,6 +159,7 @@ stdenv.mkDerivation rec {
     # See https://gitlab.com/libvirt/libvirt/-/merge_requests/235
     sed -i "s/not supported_cc_flags.contains('-fsemantic-interposition')/false/" meson.build
     sed -i '/qemufirmwaretest/d' tests/meson.build
+    sed -i '/qemuhotplugtest/d' tests/meson.build
     sed -i '/qemuvhostusertest/d' tests/meson.build
     sed -i '/qemuxml2xmltest/d' tests/meson.build
   '';

pkgs/development/libraries/science/biology/mirtk/default.nix

@@ -47,6 +47,8 @@ stdenv.mkDerivation rec {
     install -Dm644 -t "$out/share/bash-completion/completions/mirtk" share/completion/bash/mirtk
   '';
 
+  env.NIX_CFLAGS_COMPILE = "-Wno-changes-meaning";
+
   nativeBuildInputs = [ cmake ];
   buildInputs = [
     boost

pkgs/development/python-modules/pycyphal/default.nix

@@ -1,6 +1,6 @@
 { lib
 , buildPythonPackage
-, fetchPypi
+, fetchFromGitHub
 , pythonOlder
 , can
 , cobs
@@ -8,31 +8,80 @@
 , nunavut
 , numpy
 , pyserial
+, pytestCheckHook
+, pytest-asyncio
+, setuptools
 }:
 
 buildPythonPackage rec {
   pname = "pycyphal";
-  version = "1.15.4";
-  format = "pyproject";
+  version = "1.18.0";
+  format = "setuptools";
 
   disabled = pythonOlder "3.8";
 
-  src = fetchPypi {
-    inherit pname version;
-    hash = "sha256-0Mp8d/rNOOPLg0gUPWdOgp/d5n148dxcLceW1VtjrkQ=";
+  src = fetchFromGitHub {
+    owner = "OpenCyphal";
+    repo = pname;
+    rev = "refs/tags/${version}";
+    hash = "sha256-XkH0wss8ueh/Wwz0lhvQShOp3a4X9lNdosT/sMe7p4Q=";
+    fetchSubmodules = true;
   };
 
   propagatedBuildInputs = [
-    can
-    cobs
-    libpcap
     numpy
     nunavut
-    pyserial
   ];
 
-  # Can't seem to run the tests on nix
-  doCheck = false;
+  passthru.optional-dependencies = {
+    transport-can-pythoncan = [
+      can
+    ] ++ can.optional-dependencies.serial;
+    transport-serial = [
+      cobs
+      pyserial
+    ];
+    transport-udp = [
+      libpcap
+    ];
+  };
+
+  nativeCheckInputs = [
+    pytestCheckHook
+    pytest-asyncio
+  ] ++ builtins.foldl' (x: y: x ++ y) [ ]
+    (builtins.attrValues passthru.optional-dependencies)
+  ;
+
+  preCheck = ''
+    export HOME=$TMPDIR
+    export PYTHONASYNCIODEBUG=1
+    python -c ${lib.escapeShellArg ''
+      import pycyphal
+      pycyphal.dsdl.compile_all(
+        [
+          "demo/public_regulated_data_types/uavcan",
+          "demo/custom_data_types/sirius_cyber_corp",
+        ],
+        output_directory=".dsdl_compiled",
+      )
+    ''}
+    export PYTHONPATH="$(pwd)/.dsdl_compiled:$PYTHONPATH"
+  '';
+
+  # These require extra permissions and/or actual hardware connected
+  disabledTestPaths = [
+    "pycyphal/application/__init__.py"
+    "pycyphal/application/_transport_factory.py"
+    "pycyphal/transport/udp/_ip/_link_layer.py"
+    "pycyphal/transport/udp/_ip/_v4.py"
+    "tests/application"
+    "tests/demo"
+    "tests/dsdl"
+    "tests/presentation"
+    "tests/transport"
+  ];
+
   pythonImportsCheck = [
     "pycyphal"
   ];
@@ -43,6 +92,7 @@ buildPythonPackage rec {
       Cyphal is an open technology for real-time intravehicular distributed computing and communication based on modern networking standards (Ethernet, CAN FD, etc.).
     '';
     homepage = "https://opencyphal.org/";
+    changelog = "https://github.com/OpenCyphal/pycyphal/blob/${version}/CHANGELOG.rst";
     license = licenses.mit;
     maintainers = teams.ororatech.members;
   };

pkgs/development/python-modules/summarytools/default.nix

@@ -2,6 +2,7 @@
 , buildPythonPackage
 , fetchPypi
 , pythonOlder
+, setuptools
 , ipython
 , matplotlib
 , numpy
@@ -12,7 +13,7 @@
 buildPythonPackage rec {
   pname = "summarytools";
   version = "0.2.3";
-  format = "pyproject";
+  pyproject = true;
 
   disabled = pythonOlder "3.7";
 
@@ -22,6 +23,8 @@ buildPythonPackage rec {
     hash = "sha256-wsDf9IXCMQe0cVfQQuRVwMhxkhhUxbPu06yWZPLvgw4=";
   };
 
+  nativeBuildInputs = [ setuptools ];
+
   propagatedBuildInputs = [
     ipython
     matplotlib

pkgs/servers/home-assistant/default.nix

@@ -485,7 +485,7 @@ in python.pkgs.buildPythonApplication rec {
   # leave this in, so users don't have to constantly update their downstream patch handling
   patches = [
     # Follow symlinks in /var/lib/hass/www
-    ./patches/static-symlinks.patch
+    ./patches/static-follow-symlinks.patch
 
     # Patch path to ffmpeg binary
     (substituteAll {

pkgs/servers/home-assistant/patches/static-follow-symlinks.patch

@@ -0,0 +1,12 @@
+diff --git a/homeassistant/components/http/static.py b/homeassistant/components/http/static.py
+index e6e773d4c0..b53e0b4a11 100644
+--- a/homeassistant/components/http/static.py
++++ b/homeassistant/components/http/static.py
+@@ -31,7 +31,6 @@ def _get_file_path(rel_url: str, directory: Path) -> Path | None:
+         # where the static dir is totally different
+         raise HTTPForbidden
+     filepath: Path = directory.joinpath(filename).resolve()
+-    filepath.relative_to(directory)
+     # on opening a dir, load its contents if allowed
+     if filepath.is_dir():
+         return None

pkgs/servers/home-assistant/patches/static-symlinks.patch

@@ -1,37 +0,0 @@
-diff --git a/homeassistant/components/frontend/__init__.py b/homeassistant/components/frontend/__init__.py
-index 2ec991750f..9a937006ce 100644
---- a/homeassistant/components/frontend/__init__.py
-+++ b/homeassistant/components/frontend/__init__.py
-@@ -383,7 +383,7 @@ async def async_setup(hass: HomeAssistant, config: ConfigType) -> bool:
- 
-     local = hass.config.path("www")
-     if os.path.isdir(local):
--        hass.http.register_static_path("/local", local, not is_dev)
-+        hass.http.register_static_path("/local", local, not is_dev, follow_symlinks=True)
- 
-     # Can be removed in 2023
-     hass.http.register_redirect("/config/server_control", "/developer-tools/yaml")
-diff --git a/homeassistant/components/http/__init__.py b/homeassistant/components/http/__init__.py
-index 122b7b79ce..3cf2b7e0db 100644
---- a/homeassistant/components/http/__init__.py
-+++ b/homeassistant/components/http/__init__.py
-@@ -411,16 +411,16 @@ class HomeAssistantHTTP:
-         )
- 
-     def register_static_path(
--        self, url_path: str, path: str, cache_headers: bool = True
-+        self, url_path: str, path: str, cache_headers: bool = True, follow_symlinks: bool = False
-     ) -> None:
-         """Register a folder or file to serve as a static path."""
-         if os.path.isdir(path):
-             if cache_headers:
-                 resource: CachingStaticResource | web.StaticResource = (
--                    CachingStaticResource(url_path, path)
-+                    CachingStaticResource(url_path, path, follow_symlinks=follow_symlinks)
-                 )
-             else:
--                resource = web.StaticResource(url_path, path)
-+                resource = web.StaticResource(url_path, path, follow_symlinks=follow_symlinks)
-             self.app.router.register_resource(resource)
-             self.app["allow_configured_cors"](resource)
-             return

pkgs/servers/nosql/mongodb/mongodb.nix

@@ -1,7 +1,7 @@
 { lib
 , stdenv
 , fetchurl
-, scons_3_1_2
+, buildPackages
 , boost
 , gperftools
 , pcre-cpp
@@ -32,38 +32,19 @@ with lib;
 }:
 
 let
-  variants =
-    if versionAtLeast version "6.0"
-    then rec {
-      python = scons.python.withPackages (ps: with ps; [
-        pyyaml
-        cheetah3
-        psutil
-        setuptools
-        packaging
-        pymongo
-      ]);
+  scons = buildPackages.scons;
+  python = scons.python.withPackages (ps: with ps; [
+    pyyaml
+    cheetah3
+    psutil
+    setuptools
+  ] ++ lib.optionals (versionAtLeast version "6.0") [
+    packaging
+    pymongo
+  ]);
 
-      scons = scons_3_1_2;
-
-      mozjsVersion = "60";
-      mozjsReplace = "defined(HAVE___SINCOS)";
-
-    }
-    else rec {
-      python = scons.python.withPackages (ps: with ps; [
-        pyyaml
-        cheetah3
-        psutil
-        setuptools
-      ]);
-
-      scons = scons_3_1_2;
-
-      mozjsVersion = "60";
-      mozjsReplace = "defined(HAVE___SINCOS)";
-
-    };
+  mozjsVersion = "60";
+  mozjsReplace = "defined(HAVE___SINCOS)";
 
   system-libraries = [
     "boost"
@@ -87,8 +68,10 @@ in stdenv.mkDerivation rec {
     inherit sha256;
   };
 
-  nativeBuildInputs = [ variants.scons ]
-                      ++ lib.optionals (versionAtLeast version "4.4") [ xz ];
+  nativeBuildInputs = [
+    scons
+    python
+  ] ++ lib.optional stdenv.isLinux net-snmp;
 
   buildInputs = [
     boost
@@ -99,13 +82,12 @@ in stdenv.mkDerivation rec {
     openssl
     openldap
     pcre-cpp
-    variants.python
     sasl
     snappy
     zlib
   ] ++ lib.optionals stdenv.isDarwin [ Security CoreFoundation cctools ]
-  ++ lib.optionals stdenv.isLinux [ net-snmp ];
-
+  ++ lib.optional stdenv.isLinux net-snmp
+  ++ lib.optionals (versionAtLeast version "4.4") [ xz ];
 
   # MongoDB keeps track of its build parameters, which tricks nix into
   # keeping dependencies to build inputs in the final output.
@@ -127,7 +109,7 @@ in stdenv.mkDerivation rec {
     # remove -march overriding, we know better.
     sed -i 's/env.Append.*-march=.*$/pass/' SConstruct
   '' + lib.optionalString (stdenv.isDarwin && versionOlder version "6.0") ''
-    substituteInPlace src/third_party/mozjs-${variants.mozjsVersion}/extract/js/src/jsmath.cpp --replace '${variants.mozjsReplace}' 0
+    substituteInPlace src/third_party/mozjs-${mozjsVersion}/extract/js/src/jsmath.cpp --replace '${mozjsReplace}' 0
   '' + lib.optionalString (stdenv.isDarwin && versionOlder version "3.6") ''
     substituteInPlace src/third_party/s2/s1angle.cc --replace drem remainder
     substituteInPlace src/third_party/s2/s1interval.cc --replace drem remainder
@@ -162,6 +144,7 @@ in stdenv.mkDerivation rec {
   preBuild = ''
     sconsFlags+=" CC=$CC"
     sconsFlags+=" CXX=$CXX"
+    sconsFlags+=" AR=$AR"
   '' + optionalString stdenv.isAarch64 ''
     sconsFlags+=" CCFLAGS='-march=armv8-a+crc'"
   '';

pkgs/top-level/python-packages.nix

@@ -10313,17 +10313,7 @@ self: super: with self; {
 
   pycxx = callPackage ../development/python-modules/pycxx { };
 
-  pycyphal = callPackage ../development/python-modules/pycyphal {
-    # Does not yet support nunavut 2+, use latest 1.X version instead
-    # https://github.com/OpenCyphal/pycyphal/issues/277
-    nunavut = self.nunavut.overridePythonAttrs (prev: rec {
-      version = "1.9.0";
-      src = prev.src.override {
-        inherit version;
-        hash = "sha256-KhgijXJ908uxM7VZdXo1WU/RGU0cfqctBCbpF2wOcy8=";
-      };
-    });
-  };
+  pycyphal = callPackage ../development/python-modules/pycyphal { };
 
   pydaikin = callPackage ../development/python-modules/pydaikin { };