nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-01-28 15:54:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge master into haskell-updates

Browse Source
This commit is contained in:
github-actions[bot] 2024-10-08 00:15:40 +00:00 committed by GitHub
commit c05db0a996
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
254 changed files with 4306 additions and 9420 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/labeler.yml vendored
View File

@ -385,9 +385,11 @@
- changed-files:
- any-glob-to-any-file:
- nixos/modules/virtualisation/xen*
- pkgs/applications/virtualization/xen/**
- pkgs/by-name/xe/xen/*
- pkgs/by-name/qe/qemu_xen/*
- pkgs/by-name/xe/xen-guest-agent/*
- pkgs/by-name/xt/xtf/*
- pkgs/build-support/xen/*
- pkgs/development/ocaml-modules/xen*/*
- pkgs/development/ocaml-modules/vchan/*

2
.github/workflows/basic-eval.yml vendored
View File

@ -20,7 +20,7 @@ jobs:
# we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
with:
# This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.

2
.github/workflows/check-maintainers-sorted.yaml vendored
View File

@ -21,7 +21,7 @@ jobs:
sparse-checkout: |
lib
maintainers
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:
# explicitly enable sandbox
extra_nix_config: sandbox = true

2
.github/workflows/check-nix-format.yml vendored
View File

@ -38,7 +38,7 @@ jobs:
# This should not be a URL, because it would allow PRs to run arbitrary code in CI!
rev=$(jq -r .rev ci/pinned-nixpkgs.json)
echo "url=https://github.com/NixOS/nixpkgs/archive/$rev.tar.gz" >> "$GITHUB_ENV"
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:
# explicitly enable sandbox
extra_nix_config: sandbox = true

2
.github/workflows/check-nixf-tidy.yml vendored
View File

@ -32,7 +32,7 @@ jobs:
# This should not be a URL, because it would allow PRs to run arbitrary code in CI!
rev=$(jq -r .rev ci/pinned-nixpkgs.json)
echo "url=https://github.com/NixOS/nixpkgs/archive/$rev.tar.gz" >> "$GITHUB_ENV"
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:
# explicitly enable sandbox
extra_nix_config: sandbox = true

4
.github/workflows/check-shell.yml vendored
View File

@ -14,7 +14,7 @@ jobs:
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- name: Build shell
run: nix-build shell.nix
@ -26,6 +26,6 @@ jobs:
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- name: Build shell
run: nix-build shell.nix

2
.github/workflows/editorconfig.yml vendored
View File

@ -29,7 +29,7 @@ jobs:
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:
# nixpkgs commit is pinned so that it doesn't break
# editorconfig-checker 2.4.0

2
.github/workflows/manual-nixos.yml vendored
View File

@ -19,7 +19,7 @@ jobs:
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:
# explicitly enable sandbox
extra_nix_config: sandbox = true

2
.github/workflows/manual-nixpkgs.yml vendored
View File

@ -21,7 +21,7 @@ jobs:
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:
# explicitly enable sandbox
extra_nix_config: sandbox = true

2
.github/workflows/nix-parse.yml vendored
View File

@ -30,7 +30,7 @@ jobs:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }}
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:
nix_path: nixpkgs=channel:nixpkgs-unstable
- name: Parse all changed or added nix files

2
.github/workflows/nixpkgs-vet.yml vendored
View File

@ -85,7 +85,7 @@ jobs:
base=$(mktemp -d)
git worktree add "$base" "$(git rev-parse HEAD^1)"
echo "base=$base" >> "$GITHUB_ENV"
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
if: env.mergedSha
- name: Fetching the pinned tool
if: env.mergedSha

2
.github/workflows/update-terraform-providers.yml vendored
View File

@ -17,7 +17,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:
nix_path: nixpkgs=channel:nixpkgs-unstable
- name: setup

2
doc/languages-frameworks/python.section.md
View File

@ -411,7 +411,7 @@ let
};
};
pythonEnv = testPython.withPackages (ps: [ ps.my-editable ]);
pythonEnv = myPython.withPackages (ps: [ ps.my-editable ]);
in pkgs.mkShell {
packages = [ pythonEnv ];

13
maintainers/maintainer-list.nix
View File

@ -9477,6 +9477,13 @@
githubId = 7558482;
name = "Jack Gerrits";
};
jacobkoziej = {
name = "Jacob Koziej";
email = "jacobkoziej@gmail.com";
github = "jacobkoziej";
githubId = 45084216;
keys = [ { fingerprint = "1BF9 8D10 E0D0 0B41 5723 5836 4C13 3A84 E646 9228"; } ];
};
jaduff = {
email = "jdduffpublic@proton.me";
github = "jaduff";
@ -12690,6 +12697,12 @@
githubId = 3044438;
name = "Lucas Savva";
};
m1dugh = {
email = "romain103paris@gmail.com";
name = "Romain LE MIERE";
github = "m1dugh";
githubId = 42266017;
};
ma27 = {
email = "maximilian@mbosch.me";
matrix = "@ma27:nicht-so.sexy";

2
nixos/doc/manual/release-notes/rl-2305.section.md
View File

@ -252,7 +252,7 @@ In addition to numerous new and updated packages, this release has the following
}
```
- The default module options for [services.snapserver.openFirewall](#opt-services.snapserver.openFirewall), [services.tmate-ssh-server.openFirewall](#opt-services.tmate-ssh-server.openFirewall) and [services.unifi-video.openFirewall](#opt-services.unifi-video.openFirewall) have been changed from `true` to `false`. You will need to explicitly set this option to `true`, or configure your firewall.
- The default module options for [services.snapserver.openFirewall](#opt-services.snapserver.openFirewall), [services.tmate-ssh-server.openFirewall](#opt-services.tmate-ssh-server.openFirewall) and `services.unifi-video.openFirewall` have been changed from `true` to `false`. You will need to explicitly set this option to `true`, or configure your firewall.
- The option `i18n.inputMethod.fcitx5.enableRimeData` has been removed. Default RIME data is now included in `fcitx5-rime` by default, and can be customized using

16
nixos/doc/manual/release-notes/rl-2411.section.md
View File

@ -54,12 +54,11 @@
was added through the `boot.initrd.systemd.dmVerity` option.
- The [Xen Project Hypervisor](https://xenproject.org) is once again available as a virtualisation option under [`virtualisation.xen`](#opt-virtualisation.xen.enable).
- This release includes Xen [4.17.5](https://wiki.xenproject.org/wiki/Xen_Project_4.17_Release_Notes), [4.18.3](https://wiki.xenproject.org/wiki/Xen_Project_4.18_Release_Notes) and [4.19.0](https://wiki.xenproject.org/wiki/Xen_Project_4.19_Release_Notes), as well as support for booting the hypervisor on EFI systems.
- This release includes Xen [4.19.0](https://wiki.xenproject.org/wiki/Xen_Project_4.19_Release_Notes) and support for booting the hypervisor on EFI systems.
::: {.warning}
Booting into the Xen Project Hypervisor through a legacy BIOS bootloader or with the legacy script-based Stage 1 initrd have been **deprecated**. Only EFI booting and the new systemd-based Stage 1 initrd are supported.
:::
- There are two flavours of Xen available by default: `xen`, which includes all built-in components, and `xen-slim`, which replaces the built-in components with their Nixpkgs equivalents.
- The `qemu-xen-traditional` component has been deprecated by the upstream Xen Project, and is no longer available in any of the Xen Project Hypervisor packages.
- The `qemu-xen-traditional` component has been deprecated by the upstream Xen Project, and is no longer included in the Xen build.
- The OCaml-based Xen Store can now be configured using [`virtualisation.xen.store.settings`](#opt-virtualisation.xen.store.settings).
- The `virtualisation.xen.bridge` options have been deprecated in this release cycle. Users who need network bridges are encouraged to set up their own networking configurations.
@ -187,6 +186,12 @@
- `transmission-gtk`: `~/.config/transmission`
- `transmission-daemon` using NixOS module: `${config.services.transmission.home}/.config/transmission-daemon` (defaults to `/var/lib/transmission/.config/transmission-daemon`)
- The default `mongodb` version has been updated from 5.0 to 7.0.
For more information, see the compatibility changes for MongoDB [6.0](https://www.mongodb.com/docs/manual/release-notes/6.0-compatibility/) and [7.0](https://www.mongodb.com/docs/manual/release-notes/7.0-compatibility/).
- `unifi` has been updated to UniFi 8.
`unifi7` was removed as it is vulnerable to CVE-2024-42025 and required a version of MongoDB that has reached end of life.
- `androidenv.androidPkgs_9_0` has been removed, and replaced with `androidenv.androidPkgs` for a more complete Android SDK including support for Android 9 and later.
- `grafana` has been updated to version 11.1. This version doesn't support setting `http_addr` to a hostname anymore, an IP address is expected.
@ -484,8 +489,13 @@
- `ffmpeg_5` has been removed. Please use the unversioned `ffmpeg`,
pin a newer version, or if necessary pin `ffmpeg_4` for compatibility.
- The `rss-bridge` service drops the support to load a configuration file from `${config.services.rss-bridge.dataDir}/config.ini.php`.
Consider using the `services.rss-bridge.config` option instead.
- The `xdg.portal.gtkUsePortal` option has been removed, as it had been deprecated for over 2 years. Using the `GTK_USE_PORTAL` environment variable in this manner is not intended nor encouraged by the GTK developers, but can still be done manually via `environment.sessionVariables`.
- Support for the legacy CUPS browsing and LDAP have been removed from `services.printing`. If `cups` or `ldap` are in the `BrowseRemoteProtocols` setting in `services.printing.browsedConf`, it needs to be removed.
- The `services.trust-dns` module has been renamed to `services.hickory-dns`.
- The option `services.prometheus.exporters.pgbouncer.connectionStringFile` has been removed since

1
nixos/modules/module-list.nix
View File

@ -1375,7 +1375,6 @@
./services/video/mirakurun.nix
./services/video/photonvision.nix
./services/video/mediamtx.nix
./services/video/unifi-video.nix
./services/video/v4l2-relayd.nix
./services/wayland/cage.nix
./services/wayland/hypridle.nix

1
nixos/modules/rename.nix
View File

@ -108,6 +108,7 @@ in
used instead.
'')
(mkRemovedOptionModule [ "services" "tvheadend" ] "The tvheadend package and the corresponding module have been removed as nobody was willing to maintain them and they were stuck on an unmaintained version that required FFmpeg 4; please see https://github.com/NixOS/nixpkgs/pull/332259 if you are interested in maintaining a newer version.")
(mkRemovedOptionModule [ "services" "unifi-video" ] "The unifi-video package and the corresponding module have been removed as the software has been unsupported since 2021 and requires a MongoDB version that has reached end of life.")
(mkRemovedOptionModule [ "services" "venus" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "wakeonlan"] "This module was removed in favor of enabling it with networking.interfaces.<name>.wakeOnLan")
(mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.")

7
nixos/modules/services/desktop-managers/lomiri.nix
View File

@ -44,10 +44,9 @@ in {
telephony-service
teleports
]);
variables = {
# To override the keyboard layouts in Lomiri
NIXOS_XKB_LAYOUTS = config.services.xserver.xkb.layout;
};
# To override the default keyboard layout in Lomiri
etc.${pkgs.lomiri.lomiri.passthru.etcLayoutsFile}.text = lib.strings.replaceStrings [","] ["\n"] config.services.xserver.xkb.layout;
};
hardware = {

48
nixos/modules/services/networking/unifi.nix
View File

@ -2,8 +2,8 @@
let
cfg = config.services.unifi;
stateDir = "/var/lib/unifi";
cmd = lib.escapeShellArgs ([ "@${cfg.jrePackage}/bin/java" "java" ]
++ lib.optionals (lib.versionAtLeast (lib.getVersion cfg.jrePackage) "16") [
cmd = lib.escapeShellArgs ([
"@${cfg.jrePackage}/bin/java" "java"
"--add-opens=java.base/java.lang=ALL-UNNAMED"
"--add-opens=java.base/java.time=ALL-UNNAMED"
"--add-opens=java.base/sun.security.util=ALL-UNNAMED"
@ -27,24 +27,19 @@ in
'';
};
services.unifi.jrePackage = lib.mkOption {
type = lib.types.package;
default = if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.5") then pkgs.jdk17_headless else if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.3") then pkgs.jdk11 else pkgs.jre8;
defaultText = lib.literalExpression ''if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.5") then pkgs.jdk17_headless else if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.3" then pkgs.jdk11 else pkgs.jre8'';
description = ''
The JRE package to use. Check the release notes to ensure it is supported.
services.unifi.jrePackage = lib.mkPackageOption pkgs "jdk" {
default = "jdk17_headless";
extraDescription = ''
Check the UniFi controller release notes to ensure it is supported.
'';
};
services.unifi.unifiPackage = lib.mkPackageOption pkgs "unifi5" { };
services.unifi.unifiPackage = lib.mkPackageOption pkgs "unifi" {
default = "unifi8";
};
services.unifi.mongodbPackage = lib.mkPackageOption pkgs "mongodb" {
default = "mongodb-5_0";
extraDescription = ''
::: {.note}
unifi7 officially only supports mongodb up until 4.4 but works with 5.0.
:::
'';
default = "mongodb-7_0";
};
services.unifi.openFirewall = lib.mkOption {
@ -92,6 +87,29 @@ in
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = lib.versionAtLeast config.system.stateVersion "24.11"
|| (
options.services.unifi.unifiPackage.highestPrio < (lib.mkOptionDefault { }).priority
&& options.services.unifi.mongodbPackage.highestPrio < (lib.mkOptionDefault { }).priority
);
message = ''
Support for UniFi < 8 has been dropped; please explicitly set
`services.unifi.unifiPackage` and `services.unifi.mongodbPackage`.
Note that the previous default MongoDB version was 5.0 and MongoDB
only supports migrating one major version at a time; therefore, you
may wish to set `services.unifi.mongodbPackage = pkgs.mongodb-6_0;`
and activate your configuration before upgrading again to the default
`mongodb-7_0` supported by `unifi8`.
For more information, see the MongoDB upgrade notes:
<https://www.mongodb.com/docs/manual/release-notes/7.0-upgrade-standalone/#upgrade-recommendations-and-checklists>
'';
}
];
users.users.unifi = {
isSystemUser = true;
group = "unifi";

5
nixos/modules/services/printing/cupsd.nix
View File

@ -184,8 +184,8 @@ in
type = types.bool;
default = false;
description = ''
Whether to open the firewall for TCP/UDP ports specified in
listenAdrresses option.
Whether to open the firewall for TCP ports specified in
listenAddresses option.
'';
};
@ -493,7 +493,6 @@ in
listenPorts = parsePorts cfg.listenAddresses;
in mkIf cfg.openFirewall {
allowedTCPPorts = listenPorts;
allowedUDPPorts = listenPorts;
};
};

252
nixos/modules/services/video/unifi-video.nix
View File

@ -1,252 +0,0 @@
{ config, lib, options, pkgs, utils, ... }:
with lib;
let
cfg = config.services.unifi-video;
opt = options.services.unifi-video;
mainClass = "com.ubnt.airvision.Main";
cmd = ''
${pkgs.jsvc}/bin/jsvc \
-cwd ${stateDir} \
-debug \
-verbose:class \
-nodetach \
-user unifi-video \
-home ${cfg.jrePackage}/lib/openjdk \
-cp ${pkgs.commonsDaemon}/share/java/commons-daemon-1.2.4.jar:${stateDir}/lib/airvision.jar \
-pidfile ${cfg.pidFile} \
-procname unifi-video \
-Djava.security.egd=file:/dev/./urandom \
-Xmx${toString cfg.maximumJavaHeapSize}M \
-Xss512K \
-XX:+UseG1GC \
-XX:+UseStringDeduplication \
-XX:MaxMetaspaceSize=768M \
-Djava.library.path=${stateDir}/lib \
-Djava.awt.headless=true \
-Djavax.net.ssl.trustStore=${stateDir}/etc/ufv-truststore \
-Dfile.encoding=UTF-8 \
-Dav.tempdir=/var/cache/unifi-video
'';
mongoConf = pkgs.writeTextFile {
name = "mongo.conf";
executable = false;
text = ''
# for documentation of all options, see https://www.mongodb.com/docs/manual/reference/configuration-options/
storage:
dbPath: ${cfg.dataDir}/db
journal:
enabled: true
syncPeriodSecs: 60
systemLog:
destination: file
logAppend: true
path: ${stateDir}/logs/mongod.log
net:
port: 7441
bindIp: 127.0.0.1
http:
enabled: false
operationProfiling:
slowOpThresholdMs: 500
mode: off
'';
};
mongoWtConf = pkgs.writeTextFile {
name = "mongowt.conf";
executable = false;
text = ''
# for documentation of all options, see:
# https://www.mongodb.com/docs/manual/reference/configuration-options/
storage:
dbPath: ${cfg.dataDir}/db-wt
journal:
enabled: true
wiredTiger:
engineConfig:
cacheSizeGB: 1
systemLog:
destination: file
logAppend: true
path: logs/mongod.log
net:
port: 7441
bindIp: 127.0.0.1
operationProfiling:
slowOpThresholdMs: 500
mode: off
'';
};
stateDir = "/var/lib/unifi-video";
in
{
options.services.unifi-video = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether or not to enable the unifi-video service.
'';
};
jrePackage = mkPackageOption pkgs "jre8" { };
unifiVideoPackage = mkPackageOption pkgs "unifi-video" { };
mongodbPackage = mkPackageOption pkgs "mongodb" {
default = "mongodb-5_0";
};
logDir = mkOption {
type = types.str;
default = "${stateDir}/logs";
description = ''
Where to store the logs.
'';
};
dataDir = mkOption {
type = types.str;
default = "${stateDir}/data";
description = ''
Where to store the database and other data.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Whether or not to open the required ports on the firewall.
'';
};
maximumJavaHeapSize = mkOption {
type = types.nullOr types.int;
default = 1024;
example = 4096;
description = ''
Set the maximum heap size for the JVM in MB.
'';
};
pidFile = mkOption {
type = types.path;
default = "${cfg.dataDir}/unifi-video.pid";
defaultText = literalExpression ''"''${config.${opt.dataDir}}/unifi-video.pid"'';
description = "Location of unifi-video pid file.";
};
};
config = mkIf cfg.enable {
warnings = optional
(options.services.unifi-video.openFirewall.highestPrio >= (mkOptionDefault null).priority)
"The current services.unifi-video.openFirewall = true default is deprecated and will change to false in 22.11. Set it explicitly to silence this warning.";
users.users.unifi-video = {
description = "UniFi Video controller daemon user";
home = stateDir;
group = "unifi-video";
isSystemUser = true;
};
users.groups.unifi-video = {};
networking.firewall = mkIf cfg.openFirewall {
# https://help.ui.com/hc/en-us/articles/217875218-UniFi-Video-Ports-Used
allowedTCPPorts = [
7080 # HTTP portal
7443 # HTTPS portal
7445 # Video over HTTP (mobile app)
7446 # Video over HTTPS (mobile app)
7447 # RTSP via the controller
7442 # Camera management from cameras to NVR over WAN
];
allowedUDPPorts = [
6666 # Inbound camera streams sent over WAN
];
};
systemd.tmpfiles.rules = [
"d '${stateDir}' 0700 unifi-video unifi-video - -"
"d '/var/cache/unifi-video' 0700 unifi-video unifi-video - -"
"d '${stateDir}/logs' 0700 unifi-video unifi-video - -"
"C '${stateDir}/etc' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/etc"
"C '${stateDir}/webapps' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/webapps"
"C '${stateDir}/email' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/email"
"C '${stateDir}/fw' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/fw"
"C '${stateDir}/lib' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/lib"
"d '${stateDir}/data' 0700 unifi-video unifi-video - -"
"d '${stateDir}/data/db' 0700 unifi-video unifi-video - -"
"C '${stateDir}/data/system.properties' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/etc/system.properties"
"d '${stateDir}/bin' 0700 unifi-video unifi-video - -"
"f '${stateDir}/bin/evostreamms' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/evostreamms"
"f '${stateDir}/bin/libavcodec.so.54' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/libavcodec.so.54"
"f '${stateDir}/bin/libavformat.so.54' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/libavformat.so.54"
"f '${stateDir}/bin/libavutil.so.52' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/libavutil.so.52"
"f '${stateDir}/bin/ubnt.avtool' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/ubnt.avtool"
"f '${stateDir}/bin/ubnt.updater' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/ubnt.updater"
"C '${stateDir}/bin/mongo' 0700 unifi-video unifi-video - ${cfg.mongodbPackage}/bin/mongo"
"C '${stateDir}/bin/mongod' 0700 unifi-video unifi-video - ${cfg.mongodbPackage}/bin/mongod"
"C '${stateDir}/bin/mongoperf' 0700 unifi-video unifi-video - ${cfg.mongodbPackage}/bin/mongoperf"
"C '${stateDir}/bin/mongos' 0700 unifi-video unifi-video - ${cfg.mongodbPackage}/bin/mongos"
"d '${stateDir}/conf' 0700 unifi-video unifi-video - -"
"C '${stateDir}/conf/evostream' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/evostream"
"Z '${stateDir}/conf/evostream' 0700 unifi-video unifi-video - -"
"L+ '${stateDir}/conf/mongodv3.0+.conf' 0700 unifi-video unifi-video - ${mongoConf}"
"L+ '${stateDir}/conf/mongodv3.6+.conf' 0700 unifi-video unifi-video - ${mongoConf}"
"L+ '${stateDir}/conf/mongod-wt.conf' 0700 unifi-video unifi-video - ${mongoWtConf}"
"L+ '${stateDir}/conf/catalina.policy' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/catalina.policy"
"L+ '${stateDir}/conf/catalina.properties' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/catalina.properties"
"L+ '${stateDir}/conf/context.xml' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/context.xml"
"L+ '${stateDir}/conf/logging.properties' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/logging.properties"
"L+ '${stateDir}/conf/server.xml' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/server.xml"
"L+ '${stateDir}/conf/tomcat-users.xml' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/tomcat-users.xml"
"L+ '${stateDir}/conf/web.xml' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/web.xml"
];
systemd.services.unifi-video = {
description = "UniFi Video NVR daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ] ;
unitConfig.RequiresMountsFor = stateDir;
# Make sure package upgrades trigger a service restart
restartTriggers = [ cfg.unifiVideoPackage cfg.mongodbPackage ];
path = with pkgs; [ gawk coreutils busybox which jre8 lsb-release libcap util-linux ];
serviceConfig = {
Type = "simple";
ExecStart = "${(removeSuffix "\n" cmd)} ${mainClass} start";
ExecStop = "${(removeSuffix "\n" cmd)} stop ${mainClass} stop";
Restart = "on-failure";
UMask = "0077";
User = "unifi-video";
WorkingDirectory = "${stateDir}";
};
};
};
imports = [
(mkRenamedOptionModule [ "services" "unifi-video" "openPorts" ] [ "services" "unifi-video" "openFirewall" ])
];
meta.maintainers = with lib.maintainers; [ rsynnest ];
}

43
nixos/modules/services/web-apps/rss-bridge.nix
View File

@ -5,7 +5,6 @@ let
poolName = "rss-bridge";
configAttr = lib.recursiveUpdate { FileCache.path = "${cfg.dataDir}/cache/"; } cfg.config;
cfgHalf = lib.mapAttrsRecursive (path: value: let
envName = lib.toUpper ("RSSBRIDGE_" + lib.concatStringsSep "_" path);
envValue = if lib.isList value then
@ -14,7 +13,7 @@ let
lib.boolToString value
else
toString value;
in "fastcgi_param \"${envName}\" \"${envValue}\";") configAttr;
in if (value != null) then "fastcgi_param \"${envName}\" \"${envValue}\";" else null) cfg.config;
cfgEnv = lib.concatStringsSep "\n" (lib.collect lib.isString cfgHalf);
in
{
@ -70,9 +69,26 @@ in
};
config = mkOption {
type = with types; attrsOf (attrsOf (oneOf [ bool int str (listOf str) ]));
default = {};
defaultText = options.literalExpression "FileCache.path = \"\${config.services.rss-bridge.dataDir}/cache/\"";
type = types.submodule {
freeformType = (pkgs.formats.ini {}).type;
options = {
system = {
enabled_bridges = mkOption {
type = with types; nullOr (either str (listOf str));
description = "Only enabled bridges are available for feed production";
default = null;
};
};
FileCache = {
path = mkOption {
type = types.str;
description = "Directory where to store cache files (if cache.type = \"file\").";
default = "${cfg.dataDir}/cache/";
defaultText = options.literalExpression "\${config.services.rss-bridge.dataDir}/cache/";
};
};
};
};
example = options.literalExpression ''
{
system.enabled_bridges = [ "*" ];
@ -112,15 +128,13 @@ in
};
};
};
systemd.tmpfiles.settings.rss-bridge = let
perm = {
mode = "0750";
user = cfg.user;
group = cfg.group;
};
in {
"${configAttr.FileCache.path}".d = perm;
"${cfg.dataDir}/config.ini.php".z = perm;
systemd.tmpfiles.settings.rss-bridge = {
"${cfg.config.FileCache.path}".d = {
mode = "0750";
user = cfg.user;
group = cfg.group;
};
};
services.nginx = mkIf (cfg.virtualHost != null) {
@ -139,7 +153,6 @@ in
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.${cfg.pool}.socket};
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param RSSBRIDGE_DATA ${cfg.dataDir};
${cfgEnv}
'';
};

5
nixos/modules/system/activation/activation-script.nix
View File

@ -234,11 +234,12 @@ in
system.activationScripts.var = ""; # obsolete
systemd.tmpfiles.rules = [
"D /var/empty 0555 root root -"
"h /var/empty - - - - +i"
] ++ lib.optionals config.nix.enable [
# Prevent the current configuration from being garbage-collected.
"d /nix/var/nix/gcroots -"
"L+ /nix/var/nix/gcroots/current-system - - - - /run/current-system"
"D /var/empty 0555 root root -"
"h /var/empty - - - - +i"
];
system.activationScripts.usrbinenv = if config.environment.usrbinenv != null

10
nixos/modules/system/boot/systemd/tmpfiles.nix
View File

@ -281,15 +281,19 @@ in
) cfg.settings);
systemd.tmpfiles.rules = [
"d /nix/var 0755 root root - -"
"L+ /nix/var/nix/gcroots/booted-system 0755 root root - /run/booted-system"
"d /run/lock 0755 root root - -"
"d /var/db 0755 root root - -"
"L /var/lock - - - - ../run/lock"
# Boot-time cleanup
] ++ lib.optionals config.nix.enable [
"d /nix/var 0755 root root - -"
"L+ /nix/var/nix/gcroots/booted-system 0755 root root - /run/booted-system"
]
# Boot-time cleanup
++ [
"R! /etc/group.lock - - - - -"
"R! /etc/passwd.lock - - - - -"
"R! /etc/shadow.lock - - - - -"
] ++ lib.optionals config.nix.enable [
"R! /nix/var/nix/gcroots/tmp - - - - -"
"R! /nix/var/nix/temproots - - - - -"
];

12
nixos/modules/virtualisation/ec2-data.nix
View File

@ -33,7 +33,8 @@ with lib;
if ! [ -e /root/.ssh/authorized_keys ]; then
echo "obtaining SSH key..."
mkdir -m 0700 -p /root/.ssh
mkdir -p /root/.ssh
chown 0700 /root/.ssh
if [ -s /etc/ec2-metadata/public-keys-0-openssh-key ]; then
(umask 177; cat /etc/ec2-metadata/public-keys-0-openssh-key >> /root/.ssh/authorized_keys)
echo "new key added to authorized_keys"
@ -45,19 +46,20 @@ with lib;
# generate one normally.
userData=/etc/ec2-metadata/user-data
mkdir -m 0755 -p /etc/ssh
mkdir -p /etc/ssh
chown 0755 /etc/ssh
if [ -s "$userData" ]; then
key="$(sed 's/|/\n/g; s/SSH_HOST_DSA_KEY://; t; d' $userData)"
key_pub="$(sed 's/SSH_HOST_DSA_KEY_PUB://; t; d' $userData)"
if [ -n "$key" -a -n "$key_pub" -a ! -e /etc/ssh/ssh_host_dsa_key ]; then
if [ -n "$key" ] && [ -n "$key_pub" ] && [ ! -e /etc/ssh/ssh_host_dsa_key ]; then
(umask 077; echo "$key" > /etc/ssh/ssh_host_dsa_key)
echo "$key_pub" > /etc/ssh/ssh_host_dsa_key.pub
fi
key="$(sed 's/|/\n/g; s/SSH_HOST_ED25519_KEY://; t; d' $userData)"
key_pub="$(sed 's/SSH_HOST_ED25519_KEY_PUB://; t; d' $userData)"
if [ -n "$key" -a -n "$key_pub" -a ! -e /etc/ssh/ssh_host_ed25519_key ]; then
if [ -n "$key" ] && [ -n "$key_pub" ] && [ ! -e /etc/ssh/ssh_host_ed25519_key ]; then
(umask 077; echo "$key" > /etc/ssh/ssh_host_ed25519_key)
echo "$key_pub" > /etc/ssh/ssh_host_ed25519_key.pub
fi
@ -79,7 +81,7 @@ with lib;
# ec2-get-console-output.
echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----" > /dev/console
for i in /etc/ssh/ssh_host_*_key.pub; do
${config.programs.ssh.package}/bin/ssh-keygen -l -f $i || true > /dev/console
${config.programs.ssh.package}/bin/ssh-keygen -l -f "$i" || true > /dev/console
done
echo "-----END SSH HOST KEY FINGERPRINTS-----" > /dev/console
'';

5
nixos/modules/virtualisation/ec2-metadata-fetcher.sh
View File

@ -1,5 +1,6 @@
metaDir=/etc/ec2-metadata
mkdir -m 0755 -p "$metaDir"
mkdir -p "$metaDir"
chown 0755 "$metaDir"
rm -f "$metaDir/*"
get_imds_token() {
@ -40,7 +41,7 @@ while [ $try -le 3 ]; do
sleep 1
done
if [ "x$IMDS_TOKEN" == "x" ]; then
if [ "$IMDS_TOKEN" == "" ]; then
echo "failed to fetch an IMDS2v token."
fi

293
nixos/modules/virtualisation/xen-dom0.nix
View File

@ -8,6 +8,35 @@
}:
let
inherit (builtins) readFile;
inherit (lib.modules) mkRemovedOptionModule mkRenamedOptionModule mkIf;
inherit (lib.options)
mkOption
mkEnableOption
literalExpression
mkPackageOption
;
inherit (lib.types)
listOf
str
ints
lines
enum
path
submodule
addCheck
float
bool
int
nullOr
;
inherit (lib.lists) optional optionals;
inherit (lib.strings) hasSuffix optionalString;
inherit (lib.meta) getExe;
inherit (lib.attrsets) optionalAttrs;
inherit (lib.trivial) boolToString;
inherit (lib.teams.xen) members;
cfg = config.virtualisation.xen;
xenBootBuilder = pkgs.writeShellApplication {
@ -22,7 +51,7 @@ let
gnused
jq
])
++ lib.lists.optionals (cfg.efi.bootBuilderVerbosity == "info") (
++ optionals (cfg.efi.bootBuilderVerbosity == "info") (
with pkgs;
[
bat
@ -36,12 +65,12 @@ let
# We disable SC2016 because we don't want to expand the regexes in the sed commands.
excludeShellChecks = [ "SC2016" ];
text = builtins.readFile ./xen-boot-builder.sh;
text = readFile ./xen-boot-builder.sh;
};
in
{
imports = with lib.modules; [
imports = [
(mkRemovedOptionModule
[
"virtualisation"
@ -123,59 +152,33 @@ in
options.virtualisation.xen = {
enable = lib.options.mkEnableOption "the Xen Project Hypervisor, a virtualisation technology defined as a *type-1 hypervisor*, which allows multiple virtual machines, known as *domains*, to run concurrently on the physical machine. NixOS runs as the privileged *Domain 0*. This option requires a reboot into a Xen kernel to take effect";
enable = mkEnableOption "the Xen Project Hypervisor, a virtualisation technology defined as a *type-1 hypervisor*, which allows multiple virtual machines, known as *domains*, to run concurrently on the physical machine. NixOS runs as the privileged *Domain 0*. This option requires a reboot into a Xen kernel to take effect";
debug = lib.options.mkEnableOption "Xen debug features for Domain 0. This option enables some hidden debugging tests and features, and should not be used in production";
debug = mkEnableOption "Xen debug features for Domain 0. This option enables some hidden debugging tests and features, and should not be used in production";
trace = lib.options.mkOption {
type = lib.types.bool;
trace = mkOption {
type = bool;
default = cfg.debug;
defaultText = lib.options.literalExpression "false";
defaultText = literalExpression "false";
example = true;
description = "Whether to enable Xen debug tracing and logging for Domain 0.";
};
package = lib.options.mkOption {
type = lib.types.package;
default = pkgs.xen;
defaultText = lib.options.literalExpression "pkgs.xen";
example = lib.options.literalExpression "pkgs.xen-slim";
description = ''
The package used for Xen Project Hypervisor.
'';
relatedPackages = [
"xen"
"xen-slim"
];
};
package = mkPackageOption pkgs "Xen Hypervisor" { default = [ "xen" ]; };
qemu = {
package = lib.options.mkOption {
type = lib.types.package;
default = pkgs.xen;
defaultText = lib.options.literalExpression "pkgs.xen";
example = lib.options.literalExpression "pkgs.qemu_xen";
description = ''
The package with QEMU binaries that runs in Domain 0
and virtualises the unprivileged domains.
'';
relatedPackages = [
"xen"
{
name = "qemu_xen";
comment = "For use with `pkgs.xen-slim`.";
}
];
package = mkPackageOption pkgs "QEMU (with Xen Hypervisor support)" {
default = [ "qemu_xen" ];
};
pidFile = lib.options.mkOption {
type = lib.types.path;
pidFile = mkOption {
type = path;
default = "/run/xen/qemu-dom0.pid";
example = "/var/run/xen/qemu-dom0.pid";
description = "Path to the QEMU PID file.";
};
};
bootParams = lib.options.mkOption {
bootParams = mkOption {
default = [ ];
example = ''
[
@ -184,7 +187,7 @@ in
"vga=ask"
]
'';
type = lib.types.listOf lib.types.str;
type = listOf str;
description = ''
Xen Command Line parameters passed to Domain 0 at boot time.
Note: these are different from `boot.kernelParams`. See
@ -193,8 +196,8 @@ in
};
efi = {
bootBuilderVerbosity = lib.options.mkOption {
type = lib.types.enum [
bootBuilderVerbosity = mkOption {
type = enum [
"default"
"info"
"debug"
@ -218,11 +221,11 @@ in
'';
};
path = lib.options.mkOption {
type = lib.types.path;
path = mkOption {
type = path;
default = "${cfg.package.boot}/${cfg.package.efi}";
defaultText = lib.options.literalExpression "\${config.virtualisation.xen.package.boot}/\${config.virtualisation.xen.package.efi}";
example = lib.options.literalExpression "\${config.virtualisation.xen.package}/boot/efi/efi/nixos/xen-\${config.virtualisation.xen.package.version}.efi";
defaultText = literalExpression "\${config.virtualisation.xen.package.boot}/\${config.virtualisation.xen.package.efi}";
example = literalExpression "\${config.virtualisation.xen.package}/boot/efi/efi/nixos/xen-\${config.virtualisation.xen.package.version}.efi";
description = ''
Path to xen.efi. `pkgs.xen` is patched to install the xen.efi file
on `$boot/boot/xen.efi`, but an unpatched Xen build may install it
@ -234,10 +237,10 @@ in
};
dom0Resources = {
maxVCPUs = lib.options.mkOption {
maxVCPUs = mkOption {
default = 0;
example = 4;
type = lib.types.ints.unsigned;
type = ints.unsigned;
description = ''
Amount of virtual CPU cores allocated to Domain 0 on boot.
If set to 0, all cores are assigned to Domain 0, and
@ -245,10 +248,10 @@ in
'';
};
memory = lib.options.mkOption {
memory = mkOption {
default = 0;
example = 512;
type = lib.types.ints.unsigned;
type = ints.unsigned;
description = ''
Amount of memory (in MiB) allocated to Domain 0 on boot.
If set to 0, all memory is assigned to Domain 0, and
@ -256,11 +259,11 @@ in
'';
};
maxMemory = lib.options.mkOption {
maxMemory = mkOption {
default = cfg.dom0Resources.memory;
defaultText = lib.options.literalExpression "config.virtualisation.xen.dom0Resources.memory";
defaultText = literalExpression "config.virtualisation.xen.dom0Resources.memory";
example = 1024;
type = lib.types.ints.unsigned;
type = ints.unsigned;
description = ''
Maximum amount of memory (in MiB) that Domain 0 can
dynamically allocate to itself. Does nothing if set
@ -271,8 +274,8 @@ in
};
domains = {
extraConfig = lib.options.mkOption {
type = lib.types.lines;
extraConfig = mkOption {
type = lines;
default = "";
example = ''
XENDOMAINS_SAVE=/persist/xen/save
@ -288,28 +291,28 @@ in
};
store = {
path = lib.options.mkOption {
type = lib.types.path;
path = mkOption {
type = path;
default = "${cfg.package}/bin/oxenstored";
defaultText = lib.options.literalExpression "\${config.virtualisation.xen.package}/bin/oxenstored";
example = lib.options.literalExpression "\${config.virtualisation.xen.package}/bin/xenstored";
defaultText = literalExpression "\${config.virtualisation.xen.package}/bin/oxenstored";
example = literalExpression "\${config.virtualisation.xen.package}/bin/xenstored";
description = ''
Path to the Xen Store Daemon. This option is useful to
switch between the legacy C-based Xen Store Daemon, and
the newer OCaml-based Xen Store Daemon, `oxenstored`.
'';
};
type = lib.options.mkOption {
type = lib.types.enum [
type = mkOption {
type = enum [
"c"
"ocaml"
];
default = if (lib.strings.hasSuffix "oxenstored" cfg.store.path) then "ocaml" else "c";
default = if (hasSuffix "oxenstored" cfg.store.path) then "ocaml" else "c";
internal = true;
readOnly = true;
description = "Helper internal option that determines the type of the Xen Store Daemon based on cfg.store.path.";
};
settings = lib.options.mkOption {
settings = mkOption {
default = { };
example = {
enableMerge = false;
@ -324,34 +327,34 @@ in
The OCaml-based Xen Store Daemon configuration. This
option does nothing with the C-based `xenstored`.
'';
type = lib.types.submodule {
type = submodule {
options = {
pidFile = lib.options.mkOption {
pidFile = mkOption {
default = "/run/xen/xenstored.pid";
example = "/var/run/xen/xenstored.pid";
type = lib.types.path;
type = path;
description = "Path to the Xen Store Daemon PID file.";
};
testEAGAIN = lib.options.mkOption {
testEAGAIN = mkOption {
default = cfg.debug;
defaultText = lib.options.literalExpression "config.virtualisation.xen.debug";
defaultText = literalExpression "config.virtualisation.xen.debug";
example = true;
type = lib.types.bool;
type = bool;
visible = false;
description = "Randomly fail a transaction with EAGAIN. This option is used for debugging purposes only.";
};
enableMerge = lib.options.mkOption {
enableMerge = mkOption {
default = true;
example = false;
type = lib.types.bool;
type = bool;
description = "Whether to enable transaction merge support.";
};
conflict = {
burstLimit = lib.options.mkOption {
burstLimit = mkOption {
default = 5.0;
example = 15.0;
type = lib.types.addCheck (
lib.types.float
type = addCheck (
float
// {
name = "nonnegativeFloat";
description = "nonnegative floating point number, meaning >=0";
@ -369,12 +372,12 @@ in
domain's requests are ignored.
'';
};
maxHistorySeconds = lib.options.mkOption {
maxHistorySeconds = mkOption {
default = 5.0e-2;
example = 1.0;
type = lib.types.addCheck (
lib.types.float // { description = "nonnegative floating point number, meaning >=0"; }
) (n: n >= 0);
type = addCheck (float // { description = "nonnegative floating point number, meaning >=0"; }) (
n: n >= 0
);
description = ''
Limits applied to domains whose writes cause other domains' transaction
commits to fail. Must include decimal point.
@ -384,10 +387,10 @@ in
is the minimum pause-time during which a domain will be ignored.
'';
};
rateLimitIsAggregate = lib.options.mkOption {
rateLimitIsAggregate = mkOption {
default = true;
example = false;
type = lib.types.bool;
type = bool;
description = ''
If the conflict.rateLimitIsAggregate option is `true`, then after each
tick one point of conflict-credit is given to just one domain: the
@ -408,16 +411,16 @@ in
};
};
perms = {
enable = lib.options.mkOption {
enable = mkOption {
default = true;
example = false;
type = lib.types.bool;
type = bool;
description = "Whether to enable the node permission system.";
};
enableWatch = lib.options.mkOption {
enableWatch = mkOption {
default = true;
example = false;
type = lib.types.bool;
type = bool;
description = ''
Whether to enable the watch permission system.
@ -432,144 +435,142 @@ in
};
};
quota = {
enable = lib.options.mkOption {
enable = mkOption {
default = true;
example = false;
type = lib.types.bool;
type = bool;
description = "Whether to enable the quota system.";
};
maxEntity = lib.options.mkOption {
maxEntity = mkOption {
default = 1000;
example = 1024;
type = lib.types.ints.positive;
type = ints.positive;
description = "Entity limit for transactions.";
};
maxSize = lib.options.mkOption {
maxSize = mkOption {
default = 2048;
example = 4096;
type = lib.types.ints.positive;
type = ints.positive;
description = "Size limit for transactions.";
};
maxWatch = lib.options.mkOption {
maxWatch = mkOption {
default = 100;
example = 256;
type = lib.types.ints.positive;
type = ints.positive;
description = "Maximum number of watches by the Xenstore Watchdog.";
};
transaction = lib.options.mkOption {
transaction = mkOption {
default = 10;
example = 50;
type = lib.types.ints.positive;
type = ints.positive;
description = "Maximum number of transactions.";
};
maxRequests = lib.options.mkOption {
maxRequests = mkOption {
default = 1024;
example = 1024;
type = lib.types.ints.positive;
type = ints.positive;
description = "Maximum number of requests per transaction.";
};
maxPath = lib.options.mkOption {
maxPath = mkOption {
default = 1024;
example = 1024;
type = lib.types.ints.positive;
type = ints.positive;
description = "Path limit for the quota system.";
};
maxOutstanding = lib.options.mkOption {
maxOutstanding = mkOption {
default = 1024;
example = 1024;
type = lib.types.ints.positive;
type = ints.positive;
description = "Maximum outstanding requests, i.e. in-flight requests / domain.";
};
maxWatchEvents = lib.options.mkOption {
maxWatchEvents = mkOption {
default = 1024;
example = 2048;
type = lib.types.ints.positive;
type = ints.positive;
description = "Maximum number of outstanding watch events per watch.";
};
};
persistent = lib.options.mkOption {
persistent = mkOption {
default = false;
example = true;
type = lib.types.bool;
type = bool;
description = "Whether to activate the filed base backend.";
};
xenstored = {
log = {
file = lib.options.mkOption {
file = mkOption {
default = "/var/log/xen/xenstored.log";
example = "/dev/null";
type = lib.types.path;
type = path;
description = "Path to the Xen Store log file.";
};
level = lib.options.mkOption {
level = mkOption {
default = if cfg.trace then "debug" else null;
defaultText = lib.options.literalExpression "if (config.virtualisation.xen.trace == true) then \"debug\" else null";
defaultText = literalExpression "if (config.virtualisation.xen.trace == true) then \"debug\" else null";
example = "error";
type = lib.types.nullOr (
lib.types.enum [
"debug"
"info"
"warn"
"error"
]
);
type = nullOr (enum [
"debug"
"info"
"warn"
"error"
]);
description = "Logging level for the Xen Store.";
};
# The hidden options below have no upstream documentation whatsoever.
# The nb* options appear to alter the log rotation behaviour, and
# the specialOps option appears to affect the Xenbus logging logic.
nbFiles = lib.options.mkOption {
nbFiles = mkOption {
default = 10;
example = 16;
type = lib.types.int;
type = int;
visible = false;
description = "Set `xenstored-log-nb-files`.";
};
};
accessLog = {
file = lib.options.mkOption {
file = mkOption {
default = "/var/log/xen/xenstored-access.log";
example = "/var/log/security/xenstored-access.log";
type = lib.types.path;
type = path;
description = "Path to the Xen Store access log file.";
};
nbLines = lib.options.mkOption {
nbLines = mkOption {
default = 13215;
example = 16384;
type = lib.types.int;
type = int;
visible = false;
description = "Set `access-log-nb-lines`.";
};
nbChars = lib.options.mkOption {
nbChars = mkOption {
default = 180;
example = 256;
type = lib.types.int;
type = int;
visible = false;
description = "Set `acesss-log-nb-chars`.";
};
specialOps = lib.options.mkOption {
specialOps = mkOption {
default = false;
example = true;
type = lib.types.bool;
type = bool;
visible = false;
description = "Set `access-log-special-ops`.";
};
};
xenfs = {
kva = lib.options.mkOption {
kva = mkOption {
default = "/proc/xen/xsd_kva";
example = cfg.store.settings.xenstored.xenfs.kva;
type = lib.types.path;
type = path;
visible = false;
description = ''
Path to the Xen Store Daemon KVA location inside the XenFS pseudo-filesystem.
While it is possible to alter this value, some drivers may be hardcoded to follow the default paths.
'';
};
port = lib.options.mkOption {
port = mkOption {
default = "/proc/xen/xsd_port";
example = cfg.store.settings.xenstored.xenfs.port;
type = lib.types.path;
type = path;
visible = false;
description = ''
Path to the Xen Store Daemon userspace port inside the XenFS pseudo-filesystem.
@ -578,11 +579,11 @@ in
};
};
};
ringScanInterval = lib.options.mkOption {
ringScanInterval = mkOption {
default = 20;
example = 30;
type = lib.types.addCheck (
lib.types.int
type = addCheck (
int
// {
name = "nonzeroInt";
description = "nonzero signed integer, meaning !=0";
@ -602,7 +603,7 @@ in
## Implementation ##
config = lib.modules.mkIf cfg.enable {
config = mkIf cfg.enable {
assertions = [
{
assertion = pkgs.stdenv.hostPlatform.isx86_64;
@ -639,18 +640,18 @@ in
];
virtualisation.xen.bootParams =
lib.lists.optionals cfg.trace [
optionals cfg.trace [
"loglvl=all"
"guest_loglvl=all"
]
++
lib.lists.optional (cfg.dom0Resources.memory != 0)
optional (cfg.dom0Resources.memory != 0)
"dom0_mem=${toString cfg.dom0Resources.memory}M${
lib.strings.optionalString (
optionalString (
cfg.dom0Resources.memory != cfg.dom0Resources.maxMemory
) ",max:${toString cfg.dom0Resources.maxMemory}M"
}"
++ lib.lists.optional (
++ optional (
cfg.dom0Resources.maxVCPUs != 0
) "dom0_max_vcpus=${toString cfg.dom0Resources.maxVCPUs}";
@ -701,7 +702,7 @@ in
# See the `xenBootBuilder` script in the main `let...in` statement of this file.
loader.systemd-boot.extraInstallCommands = ''
${lib.meta.getExe xenBootBuilder} ${cfg.efi.bootBuilderVerbosity}
${getExe xenBootBuilder} ${cfg.efi.bootBuilderVerbosity}
'';
};
@ -744,7 +745,7 @@ in
XENSTORED="${cfg.store.path}"
QEMU_XEN="${cfg.qemu.package}/${cfg.qemu.package.qemu-system-i386}"
${lib.strings.optionalString cfg.trace ''
${optionalString cfg.trace ''
XENSTORED_TRACE=yes
XENCONSOLED_TRACE=all
''}
@ -756,10 +757,10 @@ in
'';
}
# The OCaml-based Xen Store Daemon requires /etc/xen/oxenstored.conf to start.
// lib.attrsets.optionalAttrs (cfg.store.type == "ocaml") {
// optionalAttrs (cfg.store.type == "ocaml") {
"xen/oxenstored.conf".text = ''
pid-file = ${cfg.store.settings.pidFile}
test-eagain = ${lib.trivial.boolToString cfg.store.settings.testEAGAIN}
test-eagain = ${boolToString cfg.store.settings.testEAGAIN}
merge-activate = ${toString cfg.store.settings.enableMerge}
conflict-burst-limit = ${toString cfg.store.settings.conflict.burstLimit}
conflict-max-history-seconds = ${toString cfg.store.settings.conflict.maxHistorySeconds}
@ -775,7 +776,7 @@ in
quota-path-max = ${toString cfg.store.settings.quota.maxPath}
quota-maxoutstanding = ${toString cfg.store.settings.quota.maxOutstanding}
quota-maxwatchevents = ${toString cfg.store.settings.quota.maxWatchEvents}
persistent = ${lib.trivial.boolToString cfg.store.settings.persistent}
persistent = ${boolToString cfg.store.settings.persistent}
xenstored-log-file = ${cfg.store.settings.xenstored.log.file}
xenstored-log-level = ${
if isNull cfg.store.settings.xenstored.log.level then
@ -787,7 +788,7 @@ in
access-log-file = ${cfg.store.settings.xenstored.accessLog.file}
access-log-nb-lines = ${toString cfg.store.settings.xenstored.accessLog.nbLines}
acesss-log-nb-chars = ${toString cfg.store.settings.xenstored.accessLog.nbChars}
access-log-special-ops = ${lib.trivial.boolToString cfg.store.settings.xenstored.accessLog.specialOps}
access-log-special-ops = ${boolToString cfg.store.settings.xenstored.accessLog.specialOps}
ring-scan-interval = ${toString cfg.store.settings.ringScanInterval}
xenstored-kva = ${cfg.store.settings.xenstored.xenfs.kva}
xenstored-port = ${cfg.store.settings.xenstored.xenfs.port}
@ -870,5 +871,5 @@ in
};
};
};
meta.maintainers = lib.teams.xen.members;
meta.maintainers = members;
}

3
nixos/tests/common/resolver.nix
View File

@ -31,10 +31,11 @@
services.bind.forwarders = lib.mkForce [];
services.bind.zones = lib.singleton {
name = ".";
master = true;
file = let
addDot = zone: zone + lib.optionalString (!lib.hasSuffix "." zone) ".";
mkNsdZoneNames = zones: map addDot (lib.attrNames zones);
mkBindZoneNames = zones: map (zone: addDot zone.name) zones;
mkBindZoneNames = zones: map addDot (lib.attrNames zones);
getZones = cfg: mkNsdZoneNames cfg.services.nsd.zones
++ mkBindZoneNames cfg.services.bind.zones;

88
nixos/tests/lomiri.nix
View File

@ -700,4 +700,92 @@ in
}
);
keymap =
let
pwInput = "qwerty";
pwOutput = "qwertz";
in
makeTest (
{ pkgs, lib, ... }:
{
name = "lomiri-keymap";
meta = {
maintainers = lib.teams.lomiri.members;
};
nodes.machine =
{ config, ... }:
{
imports = [ ./common/user-account.nix ];
virtualisation.memorySize = 2047;
users.users.${user} = {
inherit description;
password = lib.mkForce pwOutput;
};
services.desktopManager.lomiri.enable = lib.mkForce true;
services.displayManager.defaultSession = lib.mkForce "lomiri";
# Help with OCR
fonts.packages = [ pkgs.inconsolata ];
# Non-QWERTY keymap to test keymap patch
services.xserver.xkb.layout = "de";
};
enableOCR = true;
testScript =
{ nodes, ... }:
''
def wait_for_text(text):
"""
Wait for on-screen text, and try to optimise retry count for slow hardware.
"""
machine.sleep(10)
machine.wait_for_text(text)
start_all()
machine.wait_for_unit("multi-user.target")
# Lomiri in greeter mode should use the correct keymap
with subtest("lomiri greeter keymap works"):
machine.wait_for_unit("display-manager.service")
machine.wait_until_succeeds("pgrep -u lightdm -f 'lomiri --mode=greeter'")
# Start page shows current time
wait_for_text(r"(AM|PM)")
machine.screenshot("lomiri_greeter_launched")
# Advance to login part
machine.send_key("ret")
wait_for_text("${description}")
machine.screenshot("lomiri_greeter_login")
# Login
machine.send_chars("${pwInput}\n")
machine.wait_until_succeeds("pgrep -u ${user} -f 'lomiri --mode=full-shell'")
# Output rendering from Lomiri has started when it starts printing performance diagnostics
machine.wait_for_console_text("Last frame took")
# Look for datetime's clock, one of the last elements to load
wait_for_text(r"(AM|PM)")
machine.screenshot("lomiri_launched")
# Lomiri in desktop mode should use the correct keymap
with subtest("lomiri session keymap works"):
machine.send_key("ctrl-alt-t")
wait_for_text(r"(${user}|machine)")
machine.screenshot("terminal_opens")
machine.send_chars("touch ${pwInput}\n")
machine.wait_for_file("/home/alice/${pwOutput}", 10)
machine.send_key("alt-f4")
'';
}
);
}

4
nixos/tests/mongodb.nix
View File

@ -34,7 +34,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
node = {...}: {
environment.systemPackages = with pkgs; [
# remember to update mongodb.passthru.tests if you change this
mongodb-5_0
mongodb-7_0
];
};
};
@ -42,7 +42,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
testScript = ''
node.start()
''
+ runMongoDBTest pkgs.mongodb-5_0
+ runMongoDBTest pkgs.mongodb-7_0
+ ''
node.shutdown()
'';

1
nixos/tests/unifi.nix
View File

@ -31,6 +31,5 @@ let
'';
};
in with pkgs; {
unifi7 = makeAppTest unifi7;
unifi8 = makeAppTest unifi8;
}

8
pkgs/applications/audio/reaper/default.nix
View File

@ -28,13 +28,13 @@ let
in
stdenv.mkDerivation rec {
pname = "reaper";
version = "7.22";
version = "7.24";
src = fetchurl {
url = url_for_platform version stdenv.hostPlatform.qemuArch;
hash = if stdenv.hostPlatform.isDarwin then "sha256-dIRZCUIfqnGTxBaLzczwzD6hA/PyAxPqfa+FfCRKdu0=" else {
x86_64-linux = "sha256-aa2KcL8yZYG+Dki7J6U473E2BQgdACAIzRLtD9zuHV0=";
aarch64-linux = "sha256-NECEEUKtTQajl0MZK8/NsbhcuyihHOo0Q5Y5UpAAgrM=";
hash = if stdenv.hostPlatform.isDarwin then "sha256-g+Bh7M9r/NfkWGH6NSTw2s3Whoh7eP80rmAosdfj0Bg=" else {
x86_64-linux = "sha256-3suK57NKevCLTGclJmbX/Mm01pRzH/rb8CSByfKHUvM=";
aarch64-linux = "sha256-bCJSSc5d9doc86aqvpas42gHuP3eyWKJQSumKR+oZoY=";
}.${stdenv.hostPlatform.system};
};

17
pkgs/applications/audio/schismtracker/default.nix
View File

@ -3,7 +3,8 @@
, fetchFromGitHub
, autoreconfHook
, alsa-lib
, python3
, perl
, pkg-config
, SDL2
, libXext
, Cocoa
@ -11,19 +12,27 @@
stdenv.mkDerivation rec {
pname = "schismtracker";
version = "20240328";
version = "20240809";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = version;
sha256 = "sha256-hoP/14lbqsuQ37oJDErPoQWWk04UshImmApCFrf5wno=";
sha256 = "sha256-J4al7XU+vvehDnp2fRrVesWyUN4i63g5btUkjarpXbk=";
};
# If we let it try to get the version from git, it will fail and fall back
# on running `date`, which will output the epoch, which is considered invalid
# in this assert: https://github.com/schismtracker/schismtracker/blob/a106b57e0f809b95d9e8bcf5a3975d27e0681b5a/schism/version.c#L112
postPatch = ''
substituteInPlace configure.ac \
--replace-fail 'git log' 'echo ${version} #'
'';
configureFlags = [ "--enable-dependency-tracking" ]
++ lib.optional stdenv.hostPlatform.isDarwin "--disable-sdltest";
nativeBuildInputs = [ autoreconfHook python3 ];
nativeBuildInputs = [ autoreconfHook perl pkg-config ];
buildInputs = [ SDL2 ]
++ lib.optionals stdenv.hostPlatform.isLinux [ alsa-lib libXext ]

2
pkgs/applications/blockchains/bisq-desktop/default.nix
View File

@ -122,5 +122,7 @@ stdenv.mkDerivation rec {
license = licenses.mit;
maintainers = with maintainers; [ juaningan emmanuelrosa ];
platforms = [ "x86_64-linux" ];
# Requires OpenJFX 11 or 16, which are both EOL.
broken = true;
};
}

12
pkgs/applications/editors/vim/plugins/generated.nix
View File

@ -18528,6 +18528,18 @@ final: prev:
meta.homepage = "https://github.com/samodostal/image.nvim/";
};
resession-nvim = buildVimPlugin {
pname = "resession.nvim";
version = "2024-08-16";
src = fetchFromGitHub {
owner = "stevearc";
repo = "resession.nvim";
rev = "c4d92a57b3936a2d6e1c087dbd6b670da2b1b082";
sha256 = "sha256-S5mN/1yzUjV76YTYB41aaTL1xuGEfTN2LpEsc28RhDM=";
};
meta.homepage = "https://github.com/stevearc/resession.nvim";
};
tinykeymap = buildVimPlugin {
pname = "tinykeymap";
version = "2024-02-17";

1
pkgs/applications/editors/vim/plugins/vim-plugin-names
View File

@ -878,6 +878,7 @@ https://github.com/vladdoster/remember.nvim/,,
https://github.com/filipdutescu/renamer.nvim/,,
https://github.com/MeanderingProgrammer/render-markdown.nvim/,,
https://github.com/gabrielpoca/replacer.nvim/,HEAD,
https://github.com/stevearc/resession.nvim/,HEAD,
https://github.com/NTBBloodbath/rest.nvim/,,
https://github.com/vim-scripts/restore_view.vim/,HEAD,restore-view-vim
https://github.com/gu-fan/riv.vim/,,

30
pkgs/applications/editors/vscode/extensions/chrischinchilla.vscode-pandoc/default.nix Normal file
View File

@ -0,0 +1,30 @@
{
lib,
vscode-utils,
jq,
moreutils,
pandoc,
}:
vscode-utils.buildVscodeMarketplaceExtension {
mktplcRef = {
name = "vscode-pandoc";
publisher = "chrischinchilla";
version = "0.4.8";
hash = "sha256-+U6AtT2wf1mE92IR+mv4aKD9/78ULus2GuwwgxdCvBA=";
};
nativeBuildInputs = [
jq
moreutils
];
postInstall = ''
jq '.contributes.configuration.properties."pandoc.executable".default = "${lib.getExe pandoc}"' $out/$installPrefix/package.json | sponge $out/$installPrefix/package.json
'';
meta = {
description = "Converts Markdown files to pdf, docx, or html files using pandoc";
homepage = "https://github.com/ChrisChinchilla/vscode-pandoc#readme";
downloadPage = "https://marketplace.visualstudio.com/items?itemName=yzane.markdown-pdf";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ pandapip1 ];
};
}

8
pkgs/applications/editors/vscode/extensions/default.nix
View File

@ -905,6 +905,8 @@ let
};
};
chrischinchilla.vscode-pandoc = callPackage ./chrischinchilla.vscode-pandoc { };
christian-kohler.npm-intellisense = buildVscodeMarketplaceExtension {
mktplcRef = {
name = "npm-intellisense";
@ -1642,8 +1644,8 @@ let
mktplcRef = {
name = "elixir-ls";
publisher = "JakeBecker";
version = "0.23.1";
hash = "sha256-rwpaixQbuxVkH4wlKPG4Qk69IylwjfCtyfUcqCuN/e8=";
version = "0.24.0";
hash = "sha256-zNiKtOeZEO9zVpyF4AE/3FjiEy4jtCSCjB9T8e8PjRE=";
};
meta = {
changelog = "https://marketplace.visualstudio.com/items/JakeBecker.elixir-ls/changelog";
@ -5393,6 +5395,8 @@ let
};
};
yzane.markdown-pdf = callPackage ./yzane.markdown-pdf { };
yzhang.dictionary-completion = buildVscodeMarketplaceExtension {
mktplcRef = {
publisher = "yzhang";

31
pkgs/applications/editors/vscode/extensions/yzane.markdown-pdf/default.nix Normal file
View File

@ -0,0 +1,31 @@
{
lib,
vscode-utils,
jq,
moreutils,
ungoogled-chromium,
}:
vscode-utils.buildVscodeMarketplaceExtension {
mktplcRef = {
name = "markdown-pdf";
publisher = "yzane";
version = "1.5.0";
hash = "sha256-aiifZgHXC4GUEbkKAbLc0p/jUZxp1jF/J1Y/KIyvLIE=";
};
nativeBuildInputs = [
jq
moreutils
];
postInstall = ''
jq '.contributes.configuration.properties."markdown-pdf.executablePath".default = "${lib.getExe ungoogled-chromium}"' $out/$installPrefix/package.json | sponge $out/$installPrefix/package.json
'';
meta = {
description = "Converts Markdown files to pdf, html, png or jpeg files";
homepage = "https://github.com/yzane/vscode-markdown-pdf#readme";
changelog = "https://github.com/yzane/vscode-markdown-pdf/blob/master/CHANGELOG.md";
downloadPage = "https://marketplace.visualstudio.com/items?itemName=yzane.markdown-pdf";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ pandapip1 ];
};
}

5
pkgs/applications/editors/vscode/generic.nix
View File

@ -236,7 +236,10 @@ in
let
vscodeRipgrep =
if stdenv.hostPlatform.isDarwin then
"Contents/Resources/app/node_modules.asar.unpacked/@vscode/ripgrep/bin/rg"
if lib.versionAtLeast version "1.94.0" then
"Contents/Resources/app/node_modules/@vscode/ripgrep/bin/rg"
else
"Contents/Resources/app/node_modules.asar.unpacked/@vscode/ripgrep/bin/rg"
else
"resources/app/node_modules/@vscode/ripgrep/bin/rg";
in

4
pkgs/applications/graphics/gscreenshot/default.nix
View File

@ -18,13 +18,13 @@
python3Packages.buildPythonApplication rec {
pname = "gscreenshot";
version = "3.6.2";
version = "3.6.3";
src = fetchFromGitHub {
owner = "thenaterhood";
repo = "${pname}";
rev = "refs/tags/v${version}";
sha256 = "sha256-dYmdM9QtemVKggEmMMcprVIM1fe02jQOyBPniy7p9ns=";
sha256 = "sha256-fpxKhgLpXbuUhALzF6n4v3FLcLaqbqLLxwQJE/wJrAY=";
};
# needed for wrapGAppsHook3 to function

4
pkgs/applications/misc/collision/default.nix
View File

@ -20,13 +20,13 @@
crystal.buildCrystalPackage rec {
pname = "Collision";
version = "3.8.1";
version = "3.9.0";
src = fetchFromGitHub {
owner = "GeopJr";
repo = "Collision";
rev = "v${version}";
hash = "sha256-55qCHc+snMAUFAT31Z8EPtJ/HLrnv1BveCEzjkn7N5g=";
hash = "sha256-c/74LzDM63w5zW8z2T8o4Efvuzj791/zTSKEDN32uak=";
};
postPatch = ''

8
pkgs/applications/misc/collision/shards.nix
View File

@ -11,13 +11,13 @@
};
gi-crystal = {
url = "https://github.com/hugopl/gi-crystal.git";
rev = "v0.22.3";
sha256 = "1xyj5bf3l2i1yzqxb8yyj0fc3kwi9nnd57n5dhs5xm9jxzcvw1kk";
rev = "v0.24.0";
sha256 = "0x356xn35008l573qhyl1sdddc9cc5i3bsa4c7865kgq9521ifyh";
};
gtk4 = {
url = "https://github.com/hugopl/gtk4.cr.git";
rev = "v0.16.1";
sha256 = "1cqkbh072y70l8g0p040vf50k920p32ry1larnwn9mqabd74jwaj";
rev = "v0.17.0";
sha256 = "0lv3nvsanxi4g2322zvkf1jxx5zgzaapk228vcw2cl0ja1drm06d";
};
harfbuzz = {
url = "https://github.com/hugopl/harfbuzz.cr.git";

4
pkgs/applications/misc/webfontkitgenerator/default.nix
View File

@ -20,13 +20,13 @@
}:
stdenv.mkDerivation (finalAttrs: {
pname = "webfont-kit-generator";
version = "1.1.1";
version = "1.2.0";
src = fetchFromGitHub {
owner = "rafaelmardojai";
repo = "webfont-kit-generator";
rev = finalAttrs.version;
hash = "sha256-RrmzHgRnpgQUNECgYA/AJfoxKpX1HQ5I1Pqjb3MK+P4=";
hash = "sha256-ZfyF1Didce88/HaLeMNTw0nGzj3EZnC7V9OzsN21L40=";
};
nativeBuildInputs = [

11
pkgs/applications/misc/yubioath-flutter/default.nix
View File

@ -1,5 +1,5 @@
{ lib
, flutter322
, flutter324
, python3
, fetchFromGitHub
, pcre2
@ -11,15 +11,15 @@
, removeReferencesTo
}:
flutter322.buildFlutterApplication rec {
flutter324.buildFlutterApplication rec {
pname = "yubioath-flutter";
version = "7.0.1";
version = "7.1.0";
src = fetchFromGitHub {
owner = "Yubico";
repo = "yubioath-flutter";
rev = version;
hash = "sha256-7FgZZCaafjNUaniPWVtba57zFABIJnLOw4GpyMsegKQ=";
hash = "sha256-sAs/tglLt1igovtfs07+7G5/xeMcQgfR9G4b7VzyDVY=";
};
passthru.helper = python3.pkgs.callPackage ./helper.nix { inherit src version meta; };
@ -34,9 +34,6 @@ flutter322.buildFlutterApplication rec {
substituteInPlace linux/CMakeLists.txt \
--replace-fail "../build/linux/helper" "${passthru.helper}/libexec/helper"
substituteInPlace linux/my_application.cc \
--replace-fail "gtk_widget_realize(GTK_WIDGET(window));" "gtk_widget_show(GTK_WIDGET(window));"
'';
preInstall = ''

204
pkgs/applications/misc/yubioath-flutter/pubspec.lock.json
View File

@ -4,21 +4,27 @@
"dependency": "transitive",
"description": {
"name": "_fe_analyzer_shared",
"sha256": "0b2f2bd91ba804e53a61d757b986f89f1f9eaed5b11e4b2f5a2468d86d6c9fc7",
"sha256": "f256b0c0ba6c7577c15e2e4e114755640a875e885099367bf6e012b19314c834",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "67.0.0"
"version": "72.0.0"
},
"_macros": {
"dependency": "transitive",
"description": "dart",
"source": "sdk",
"version": "0.3.2"
},
"analyzer": {
"dependency": "direct dev",
"description": {
"name": "analyzer",
"sha256": "37577842a27e4338429a1cbc32679d508836510b056f1eedf0c8d20e39c1383d",
"sha256": "b652861553cd3990d8ed361f7979dc6d7053a9ac8843fa73820ab68ce5410139",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "6.4.1"
"version": "6.7.0"
},
"analyzer_plugin": {
"dependency": "direct dev",
@ -124,21 +130,21 @@
"dependency": "direct dev",
"description": {
"name": "build_runner",
"sha256": "644dc98a0f179b872f612d3eb627924b578897c629788e858157fa5e704ca0c7",
"sha256": "dd09dd4e2b078992f42aac7f1a622f01882a8492fef08486b27ddde929c19f04",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.4.11"
"version": "2.4.12"
},
"build_runner_core": {
"dependency": "transitive",
"description": {
"name": "build_runner_core",
"sha256": "e3c79f69a64bdfcd8a776a3c28db4eb6e3fb5356d013ae5eb2e52007706d5dbe",
"sha256": "f8126682b87a7282a339b871298cc12009cb67109cfa1614d6436fb0289193e0",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "7.3.1"
"version": "7.3.2"
},
"built_collection": {
"dependency": "transitive",
@ -244,51 +250,51 @@
"dependency": "transitive",
"description": {
"name": "cross_file",
"sha256": "55d7b444feb71301ef6b8838dbc1ae02e63dd48c8773f3810ff53bb1e2945b32",
"sha256": "7caf6a750a0c04effbb52a676dce9a4a592e10ad35c34d6d2d0e4811160d5670",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.3.4+1"
"version": "0.3.4+2"
},
"crypto": {
"dependency": "direct main",
"description": {
"name": "crypto",
"sha256": "ff625774173754681d66daaf4a448684fb04b78f902da9cb3d308c19cc5e8bab",
"sha256": "ec30d999af904f33454ba22ed9a86162b35e52b44ac4807d1d93c288041d7d27",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "3.0.3"
"version": "3.0.5"
},
"custom_lint": {
"dependency": "direct dev",
"description": {
"name": "custom_lint",
"sha256": "7c0aec12df22f9082146c354692056677f1e70bc43471644d1fdb36c6fdda799",
"sha256": "6e1ec47427ca968f22bce734d00028ae7084361999b41673291138945c5baca0",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.6.4"
"version": "0.6.7"
},
"custom_lint_builder": {
"dependency": "direct dev",
"description": {
"name": "custom_lint_builder",
"sha256": "d7dc41e709dde223806660268678be7993559e523eb3164e2a1425fd6f7615a9",
"sha256": "ba2f90fff4eff71d202d097eb14b14f87087eaaef742e956208c0eb9d3a40a21",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.6.4"
"version": "0.6.7"
},
"custom_lint_core": {
"dependency": "transitive",
"description": {
"name": "custom_lint_core",
"sha256": "a85e8f78f4c52f6c63cdaf8c872eb573db0231dcdf3c3a5906d493c1f8bc20e6",
"sha256": "4ddbbdaa774265de44c97054dcec058a83d9081d071785ece601e348c18c267d",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.6.3"
"version": "0.6.5"
},
"dart_style": {
"dependency": "transitive",
@ -324,11 +330,11 @@
"dependency": "transitive",
"description": {
"name": "ffi",
"sha256": "493f37e7df1804778ff3a53bd691d8692ddf69702cf4c1c1096a2e41b4779e21",
"sha256": "16ed7b077ef01ad6170a3d0c57caa4a112a38d7a2ed5602e0aca9ca6f3d98da6",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.1.2"
"version": "2.1.3"
},
"file": {
"dependency": "transitive",
@ -344,11 +350,11 @@
"dependency": "direct main",
"description": {
"name": "file_picker",
"sha256": "824f5b9f389bfc4dddac3dea76cd70c51092d9dff0b2ece7ef4f53db8547d258",
"sha256": "167bb619cdddaa10ef2907609feb8a79c16dfa479d3afaf960f8e223f754bf12",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "8.0.6"
"version": "8.1.2"
},
"fixnum": {
"dependency": "transitive",
@ -392,11 +398,11 @@
"dependency": "transitive",
"description": {
"name": "flutter_plugin_android_lifecycle",
"sha256": "c6b0b4c05c458e1c01ad9bcc14041dd7b1f6783d487be4386f793f47a8a4d03e",
"sha256": "9ee02950848f61c4129af3d6ec84a1cfc0e47931abc746b03e7a3bc3e8ff6eda",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.0.20"
"version": "2.0.22"
},
"flutter_riverpod": {
"dependency": "direct main",
@ -424,21 +430,21 @@
"dependency": "direct dev",
"description": {
"name": "freezed",
"sha256": "a434911f643466d78462625df76fd9eb13e57348ff43fe1f77bbe909522c67a1",
"sha256": "44c19278dd9d89292cf46e97dc0c1e52ce03275f40a97c5a348e802a924bf40e",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.5.2"
"version": "2.5.7"
},
"freezed_annotation": {
"dependency": "direct main",
"description": {
"name": "freezed_annotation",
"sha256": "f54946fdb1fa7b01f780841937b1a80783a20b393485f3f6cdf336fd6f4705f2",
"sha256": "c2e2d632dd9b8a2b7751117abcfc2b4888ecfe181bd9fca7170d9ef02e595fe2",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.4.2"
"version": "2.4.4"
},
"frontend_server_client": {
"dependency": "transitive",
@ -470,11 +476,11 @@
"dependency": "transitive",
"description": {
"name": "graphs",
"sha256": "aedc5a15e78fc65a6e23bcd927f24c64dd995062bcd1ca6eda65a3cff92a4d19",
"sha256": "741bbf84165310a68ff28fe9e727332eef1407342fca52759cb21ad8177bb8d0",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.3.1"
"version": "2.3.2"
},
"hotreloader": {
"dependency": "transitive",
@ -490,11 +496,11 @@
"dependency": "transitive",
"description": {
"name": "http",
"sha256": "761a297c042deedc1ffbb156d6e2af13886bb305c2a343a4d972504cd67dd938",
"sha256": "b9c29a161230ee03d3ccf545097fccd9b87a5264228c5d348202e0f0c28f9010",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "1.2.1"
"version": "1.2.2"
},
"http_multi_server": {
"dependency": "transitive",
@ -576,21 +582,21 @@
"dependency": "transitive",
"description": {
"name": "leak_tracker",
"sha256": "7f0df31977cb2c0b88585095d168e689669a2cc9b97c309665e3386f3e9d341a",
"sha256": "3f87a60e8c63aecc975dda1ceedbc8f24de75f09e4856ea27daf8958f2f0ce05",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "10.0.4"
"version": "10.0.5"
},
"leak_tracker_flutter_testing": {
"dependency": "transitive",
"description": {
"name": "leak_tracker_flutter_testing",
"sha256": "06e98f569d004c1315b991ded39924b21af84cf14cc94791b8aea337d25b57f8",
"sha256": "932549fb305594d82d7183ecd9fa93463e9914e1b67cacc34bc40906594a1806",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "3.0.3"
"version": "3.0.5"
},
"leak_tracker_testing": {
"dependency": "transitive",
@ -641,6 +647,16 @@
"source": "hosted",
"version": "1.2.0"
},
"macros": {
"dependency": "transitive",
"description": {
"name": "macros",
"sha256": "0acaed5d6b7eab89f63350bccd82119e6c602df0f391260d0e32b5e23db79536",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.1.2-main.4"
},
"matcher": {
"dependency": "transitive",
"description": {
@ -655,21 +671,21 @@
"dependency": "transitive",
"description": {
"name": "material_color_utilities",
"sha256": "0e0a020085b65b6083975e499759762399b4475f766c21668c4ecca34ea74e5a",
"sha256": "f7142bb1154231d7ea5f96bc7bde4bda2a0945d2806bb11670e30b850d56bdec",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.8.0"
"version": "0.11.1"
},
"material_symbols_icons": {
"dependency": "direct main",
"description": {
"name": "material_symbols_icons",
"sha256": "a2c78726048c755f0f90fd2b7c8799cd94338e2e9b7ab6498ae56503262c14bc",
"sha256": "66416c4e30bd363508e12669634fc4f3250b83b69e862de67f4f9c480cf42414",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "4.2762.0"
"version": "4.2785.1"
},
"menu_base": {
"dependency": "transitive",
@ -685,21 +701,21 @@
"dependency": "transitive",
"description": {
"name": "meta",
"sha256": "7687075e408b093f36e6bbf6c91878cc0d4cd10f409506f7bc996f68220b9136",
"sha256": "bdb68674043280c3428e9ec998512fb681678676b3c54e773629ffe74419f8c7",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "1.12.0"
"version": "1.15.0"
},
"mime": {
"dependency": "transitive",
"description": {
"name": "mime",
"sha256": "2e123074287cc9fd6c09de8336dae606d1ddb88d9ac47358826db698c176a1f2",
"sha256": "801fd0b26f14a4a58ccb09d5892c3fbdeff209594300a542492cf13fba9d247a",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "1.0.5"
"version": "1.0.6"
},
"package_config": {
"dependency": "transitive",
@ -735,21 +751,21 @@
"dependency": "direct main",
"description": {
"name": "path_provider",
"sha256": "c9e7d3a4cd1410877472158bee69963a4579f78b68c65a2b7d40d1a7a88bb161",
"sha256": "fec0d61223fba3154d87759e3cc27fe2c8dc498f6386c6d6fc80d1afdd1bf378",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.1.3"
"version": "2.1.4"
},
"path_provider_android": {
"dependency": "transitive",
"description": {
"name": "path_provider_android",
"sha256": "bca87b0165ffd7cdb9cad8edd22d18d2201e886d9a9f19b4fb3452ea7df3a72a",
"sha256": "6f01f8e37ec30b07bc424b4deabac37cacb1bc7e2e515ad74486039918a37eb7",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.2.6"
"version": "2.2.10"
},
"path_provider_foundation": {
"dependency": "transitive",
@ -785,11 +801,11 @@
"dependency": "transitive",
"description": {
"name": "path_provider_windows",
"sha256": "8bc9f22eee8690981c22aa7fc602f5c85b497a6fb2ceb35ee5a5e5ed85ad8170",
"sha256": "bd6f00dbd873bfb70d0761682da2b3a2c2fccc2b9e84c495821639601d81afe7",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.2.1"
"version": "2.3.0"
},
"petitparser": {
"dependency": "transitive",
@ -805,11 +821,11 @@
"dependency": "transitive",
"description": {
"name": "platform",
"sha256": "12220bb4b65720483f8fa9450b4332347737cf8213dd2840d8b2c823e47243ec",
"sha256": "9b71283fc13df574056616011fb138fd3b793ea47cc509c189a6c3fa5f8a1a65",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "3.1.4"
"version": "3.1.5"
},
"plugin_platform_interface": {
"dependency": "transitive",
@ -884,11 +900,11 @@
"dependency": "transitive",
"description": {
"name": "rxdart",
"sha256": "0c7c0cedd93788d996e33041ffecda924cc54389199cde4e6a34b440f50044cb",
"sha256": "5c3004a4a8dbb94bd4bf5412a4def4acdaa12e12f269737a5751369e12d1a962",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.27.7"
"version": "0.28.0"
},
"screen_retriever": {
"dependency": "direct main",
@ -904,71 +920,71 @@
"dependency": "direct main",
"description": {
"name": "shared_preferences",
"sha256": "d3bbe5553a986e83980916ded2f0b435ef2e1893dfaa29d5a7a790d0eca12180",
"sha256": "746e5369a43170c25816cc472ee016d3a66bc13fcf430c0bc41ad7b4b2922051",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.2.3"
"version": "2.3.2"
},
"shared_preferences_android": {
"dependency": "transitive",
"description": {
"name": "shared_preferences_android",
"sha256": "93d0ec9dd902d85f326068e6a899487d1f65ffcd5798721a95330b26c8131577",
"sha256": "480ba4345773f56acda9abf5f50bd966f581dac5d514e5fc4a18c62976bbba7e",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.2.3"
"version": "2.3.2"
},
"shared_preferences_foundation": {
"dependency": "transitive",
"description": {
"name": "shared_preferences_foundation",
"sha256": "0a8a893bf4fd1152f93fec03a415d11c27c74454d96e2318a7ac38dd18683ab7",
"sha256": "c4b35f6cb8f63c147312c054ce7c2254c8066745125264f0c88739c417fc9d9f",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.4.0"
"version": "2.5.2"
},
"shared_preferences_linux": {
"dependency": "transitive",
"description": {
"name": "shared_preferences_linux",
"sha256": "9f2cbcf46d4270ea8be39fa156d86379077c8a5228d9dfdb1164ae0bb93f1faa",
"sha256": "580abfd40f415611503cae30adf626e6656dfb2f0cee8f465ece7b6defb40f2f",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.3.2"
"version": "2.4.1"
},
"shared_preferences_platform_interface": {
"dependency": "transitive",
"description": {
"name": "shared_preferences_platform_interface",
"sha256": "22e2ecac9419b4246d7c22bfbbda589e3acf5c0351137d87dd2939d984d37c3b",
"sha256": "57cbf196c486bc2cf1f02b85784932c6094376284b3ad5779d1b1c6c6a816b80",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.3.2"
"version": "2.4.1"
},
"shared_preferences_web": {
"dependency": "transitive",
"description": {
"name": "shared_preferences_web",
"sha256": "9aee1089b36bd2aafe06582b7d7817fd317ef05fc30e6ba14bff247d0933042a",
"sha256": "d2ca4132d3946fec2184261726b355836a82c33d7d5b67af32692aff18a4684e",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.3.0"
"version": "2.4.2"
},
"shared_preferences_windows": {
"dependency": "transitive",
"description": {
"name": "shared_preferences_windows",
"sha256": "841ad54f3c8381c480d0c9b508b89a34036f512482c407e6df7a9c4aa2ef8f59",
"sha256": "94ef0f72b2d71bc3e700e025db3710911bd51a71cefb65cc609dd0d9a982e3c1",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.3.2"
"version": "2.4.1"
},
"shelf": {
"dependency": "transitive",
@ -1120,11 +1136,11 @@
"dependency": "transitive",
"description": {
"name": "test_api",
"sha256": "9955ae474176f7ac8ee4e989dadfb411a58c30415bcfb648fa04b2b8a03afa7f",
"sha256": "5b8a98dafc4d5c4c9c72d8b31ab2b23fc13422348d2997120294d3bac86b4ddb",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.7.0"
"version": "0.7.2"
},
"test_res": {
"dependency": "direct dev",
@ -1179,31 +1195,31 @@
"dependency": "transitive",
"description": {
"name": "url_launcher_android",
"sha256": "ceb2625f0c24ade6ef6778d1de0b2e44f2db71fded235eb52295247feba8c5cf",
"sha256": "e35a698ac302dd68e41f73250bd9517fe3ab5fa4f18fe4647a0872db61bacbab",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "6.3.3"
"version": "6.3.10"
},
"url_launcher_ios": {
"dependency": "transitive",
"description": {
"name": "url_launcher_ios",
"sha256": "7068716403343f6ba4969b4173cbf3b84fc768042124bc2c011e5d782b24fe89",
"sha256": "e43b677296fadce447e987a2f519dcf5f6d1e527dc35d01ffab4fff5b8a7063e",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "6.3.0"
"version": "6.3.1"
},
"url_launcher_linux": {
"dependency": "transitive",
"description": {
"name": "url_launcher_linux",
"sha256": "ab360eb661f8879369acac07b6bb3ff09d9471155357da8443fd5d3cf7363811",
"sha256": "e2b9622b4007f97f504cd64c0128309dfb978ae66adbe944125ed9e1750f06af",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "3.1.1"
"version": "3.2.0"
},
"url_launcher_macos": {
"dependency": "transitive",
@ -1229,31 +1245,31 @@
"dependency": "transitive",
"description": {
"name": "url_launcher_web",
"sha256": "8d9e750d8c9338601e709cd0885f95825086bd8b642547f26bda435aade95d8a",
"sha256": "772638d3b34c779ede05ba3d38af34657a05ac55b06279ea6edd409e323dca8e",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.3.1"
"version": "2.3.3"
},
"url_launcher_windows": {
"dependency": "transitive",
"description": {
"name": "url_launcher_windows",
"sha256": "ecf9725510600aa2bb6d7ddabe16357691b6d2805f66216a97d1b881e21beff7",
"sha256": "49c10f879746271804767cb45551ec5592cdab00ee105c06dddde1a98f73b185",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "3.1.1"
"version": "3.1.2"
},
"uuid": {
"dependency": "transitive",
"description": {
"name": "uuid",
"sha256": "814e9e88f21a176ae1359149021870e87f7cddaf633ab678a5d2b0bff7fd1ba8",
"sha256": "f33d6bb662f0e4f79dcd7ada2e6170f3b3a2530c28fc41f49a411ddedd576a77",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "4.4.0"
"version": "4.5.0"
},
"vector_graphics": {
"dependency": "direct main",
@ -1299,11 +1315,11 @@
"dependency": "transitive",
"description": {
"name": "vm_service",
"sha256": "3923c89304b715fb1eb6423f017651664a03bf5f4b29983627c4da791f74a4ec",
"sha256": "5c5f338a667b4c644744b661f309fb8080bb94b18a7e91ef1dbd343bed00ed6d",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "14.2.1"
"version": "14.2.5"
},
"watcher": {
"dependency": "transitive",
@ -1319,31 +1335,31 @@
"dependency": "transitive",
"description": {
"name": "web",
"sha256": "97da13628db363c635202ad97068d47c5b8aa555808e7a9411963c533b449b27",
"sha256": "d43c1d6b787bf0afad444700ae7f4db8827f701bc61c255ac8d328c6f4d52062",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.5.1"
"version": "1.0.0"
},
"web_socket": {
"dependency": "transitive",
"description": {
"name": "web_socket",
"sha256": "24301d8c293ce6fe327ffe6f59d8fd8834735f0ec36e4fd383ec7ff8a64aa078",
"sha256": "3c12d96c0c9a4eec095246debcea7b86c0324f22df69893d538fcc6f1b8cce83",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.1.5"
"version": "0.1.6"
},
"web_socket_channel": {
"dependency": "transitive",
"description": {
"name": "web_socket_channel",
"sha256": "a2d56211ee4d35d9b344d9d4ce60f362e4f5d1aafb988302906bd732bc731276",
"sha256": "9f187088ed104edd8662ca07af4b124465893caf063ba29758f97af57e61da8f",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "3.0.0"
"version": "3.0.1"
},
"webdriver": {
"dependency": "transitive",
@ -1359,11 +1375,11 @@
"dependency": "transitive",
"description": {
"name": "win32",
"sha256": "a79dbe579cb51ecd6d30b17e0cae4e0ea15e2c0e66f69ad4198f22a6789e94f4",
"sha256": "68d1e89a91ed61ad9c370f9f8b6effed9ae5e0ede22a270bdfa6daf79fc2290a",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "5.5.1"
"version": "5.5.4"
},
"window_manager": {
"dependency": "direct main",
@ -1408,7 +1424,7 @@
}
},
"sdks": {
"dart": ">=3.4.3 <4.0.0",
"flutter": ">=3.22.0"
"dart": ">=3.5.0 <4.0.0",
"flutter": ">=3.24.0"
}
}

4
pkgs/applications/networking/browsers/elinks/default.nix
View File

@ -13,13 +13,13 @@ assert enablePython -> python != null;
stdenv.mkDerivation rec {
pname = "elinks";
version = "0.17.0";
version = "0.17.1.1";
src = fetchFromGitHub {
owner = "rkd77";
repo = "elinks";
rev = "v${version}";
hash = "sha256-JeUiMHAqSZxxBe8DplzmzHzsY6KqoBqba0y8GDwaR0Y=";
hash = "sha256-d5bc6SZ8UQuvVJZjWziy4pi/iIiDAnpU9YTlrlfkdoo=";
};
buildInputs = [

4
pkgs/applications/networking/browsers/floorp/default.nix
View File

@ -9,7 +9,7 @@
(
(buildMozillaMach rec {
pname = "floorp";
packageVersion = "11.18.1";
packageVersion = "11.19.0";
applicationName = "Floorp";
binaryName = "floorp";
branding = "browser/branding/official";
@ -24,7 +24,7 @@
repo = "Floorp";
fetchSubmodules = true;
rev = "v${packageVersion}";
hash = "sha256-w7b3s8/ekDzGbjbdqK/9W9S5e79fbE9ftJkSsz2sQtA=";
hash = "sha256-Sk7oMegNr01tLC1BXpUuImg03C6lEEhaVTSjISV9xAE=";
};
extraConfigureFlags = [

2
pkgs/applications/networking/browsers/ladybird/default.nix
View File

@ -182,7 +182,7 @@ stdenv.mkDerivation (finalAttrs: {
meta = with lib; {
description = "Browser using the SerenityOS LibWeb engine with a Qt or Cocoa GUI";
homepage = "https://ladybird.dev";
homepage = "https://ladybird.org";
license = licenses.bsd2;
maintainers = with maintainers; [ fgaz ];
platforms = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];

27
pkgs/applications/networking/cluster/kconf/default.nix
View File

@ -1,27 +0,0 @@
{ lib, buildGoModule, fetchFromGitHub }:
buildGoModule rec {
pname = "kconf";
version = "2.0.0";
src = fetchFromGitHub {
owner = "particledecay";
repo = "kconf";
rev = "v${version}";
sha256 = "sha256-bLyLXkXOZRFaplv5sY0TgFffvbA3RUwz6b+7h3MN7kA=";
};
vendorHash = "sha256-REguLiYlcC2Q6ao2oMl92/cznW+E8MO2UGhQKRXZ1vQ=";
ldflags = [
"-s" "-w" "-X github.com/particledecay/kconf/build.Version=${version}"
];
meta = with lib; {
description = "Opinionated command line tool for managing multiple kubeconfigs";
mainProgram = "kconf";
homepage = "https://github.com/particledecay/kconf";
license = licenses.mit;
maintainers = with maintainers; [ thmzlt ];
};
}

8
pkgs/applications/networking/instant-messengers/fluffychat/default.nix
View File

@ -4,7 +4,7 @@
, imagemagick
, mesa
, libdrm
, flutter319
, flutter324
, pulseaudio
, makeDesktopItem
, zenity
@ -17,15 +17,15 @@ let
libwebrtcRpath = lib.makeLibraryPath [ mesa libdrm ];
pubspecLock = lib.importJSON ./pubspec.lock.json;
in
flutter319.buildFlutterApplication (rec {
flutter324.buildFlutterApplication (rec {
pname = "fluffychat-${targetFlutterPlatform}";
version = "1.20.0";
version = "1.22.1";
src = fetchFromGitHub {
owner = "krille-chan";
repo = "fluffychat";
rev = "refs/tags/v${version}";
hash = "sha256-eHwzvWKWJ9Q2OgCvgZTt+Bcph2w2pTqyOtwXFbZ4LEg=";
hash = "sha256-biFoRcMss3JVrMoilc8BzJ+R6f+e4RYpZ5dbxDpnfTk=";
};
inherit pubspecLock;

434
pkgs/applications/networking/instant-messengers/fluffychat/pubspec.lock.json
View File

File diff suppressed because it is too large Load Diff

4
pkgs/applications/science/biology/dssp/default.nix
View File

@ -10,13 +10,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "dssp";
version = "4.4.7";
version = "4.4.8";
src = fetchFromGitHub {
owner = "PDB-REDO";
repo = "dssp";
rev = "refs/tags/v${finalAttrs.version}";
hash = "sha256-qePoZYkzzWuK6j1NM+q6fPuWVRDEe4OkPmXc9Nbqobo=";
hash = "sha256-ThQInyVuf8ejkidne/T3GdPBbf3HeThDBwWQEWB+JMI=";
};
nativeBuildInputs = [

4
pkgs/applications/science/math/qalculate-gtk/default.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "qalculate-gtk";
version = "5.2.0";
version = "5.3.0";
src = fetchFromGitHub {
owner = "qalculate";
repo = "qalculate-gtk";
rev = "v${finalAttrs.version}";
hash = "sha256-vH4GZaeQ6Ji9aWh8R5B6PE2fBBW7KTyCsFkpgHu6yg8=";
hash = "sha256-0+c6zInEorUH3Fd4qRJD1pXeAGsK6EY53qQAu3ctGKg=";
};
hardeningDisable = [ "format" ];

4
pkgs/applications/science/math/qalculate-qt/default.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "qalculate-qt";
version = "5.2.0.1";
version = "5.3.0";
src = fetchFromGitHub {
owner = "qalculate";
repo = "qalculate-qt";
rev = "v${finalAttrs.version}";
hash = "sha256-kzOxOCZmu4mYYgegRBU8SMAkTiE4p1AugVAeZa8yDDE=";
hash = "sha256-uzcqkx9UiQvv/KFwsOGzIWbdIco8woKIGjjFz2avwe8=";
};
nativeBuildInputs = [ qmake intltool pkg-config qttools wrapQtAppsHook ];

6
pkgs/applications/version-management/legit-web/default.nix
View File

@ -6,16 +6,16 @@
buildGoModule rec {
pname = "legit";
version = "0.2.3";
version = "0.2.4";
src = fetchFromGitHub {
repo = "legit";
owner = "icyphox";
rev = "v${version}";
hash = "sha256-C6PzZFYGjQs1BbYuEwcTpLQ3bNVb1rXTd0zXosF1kaE=";
hash = "sha256-2XeIAeneSKf8TSWOunvRJ7N+3IrmOUjS79ZubsGne9E=";
};
vendorHash = "sha256-G4Wij0UCiXyVtb+66yU3FY2WbpPfqo0SA7OOcywnKU0=";
vendorHash = "sha256-4XplNx+Pyv6dn+ophBFxQ3lv3xAf1jP2DpLYX1RenvQ=";
postInstall = ''
mkdir -p $out/lib/legit/templates

6
pkgs/applications/video/mpv/scripts/visualizer.nix
View File

@ -6,13 +6,13 @@
}:
buildLua {
pname = "visualizer";
version = "0-unstable-2024-03-10";
version = "0-unstable-2024-09-26";
src = fetchFromGitHub {
owner = "mfcc64";
repo = "mpv-scripts";
rev = "b4246984ba6dc6820adef5c8bbf793af85c9ab8e";
sha256 = "ZNUzw4OW7z+yGTxim7CCWJdWmihDFOQAQk3bC5Ijcbs=";
rev = "bff344ee2aeaa0153c7e593dc262d68bcc3031c6";
sha256 = "kNf5b153fIbKja1ZUOV3w4taH5CWjAJhGUMywXF6dMg=";
};
passthru.updateScript = unstableGitUpdater { };

4
pkgs/applications/virtualization/qemu/default.nix
View File

@ -38,6 +38,8 @@
, hostCpuOnly ? false
, hostCpuTargets ? (if toolsOnly
then [ ]
else if xenSupport
then [ "i386-softmmu" ]
else if hostCpuOnly
then (lib.optional stdenv.hostPlatform.isx86_64 "i386-softmmu"
++ ["${stdenv.hostPlatform.qemuArch}-softmmu"])
@ -50,6 +52,8 @@
, qemu-utils # for tests attribute
}:
assert lib.assertMsg (xenSupport -> hostCpuTargets == [ "i386-softmmu" ]) "Xen should not use any other QEMU architecture other than i386.";
let
hexagonSupport = hostCpuTargets == null || lib.elem "hexagon" hostCpuTargets;

56
pkgs/applications/virtualization/xen/4.17/default.nix
View File

@ -1,56 +0,0 @@
{
lib,
fetchpatch,
callPackage,
ocaml-ng,
...
}@genericDefinition:
let
upstreamPatches = import ../generic/patches.nix {
inherit lib;
inherit fetchpatch;
};
upstreamPatchList = lib.lists.flatten (
with upstreamPatches;
[
QUBES_REPRODUCIBLE_BUILDS
XSA_462
]
);
in
callPackage (import ../generic/default.nix {
pname = "xen";
branch = "4.17";
version = "4.17.5";
latest = false;
pkg = {
xen = {
rev = "430ce6cd936546ad883ecd1c85ddea32d790604b";
hash = "sha256-UoMdXRW0yWSaQPPV0rgoTZVO2ghdnqWruBHn7+ZjKzI=";
patches = [ ] ++ upstreamPatchList;
};
qemu = {
rev = "ffb451126550b22b43b62fb8731a0d78e3376c03";
hash = "sha256-G0hMPid9d3fd1jAY7CiZ33xUZf1hdy96T1VUKFGeHSk=";
patches = [ ];
};
seaBIOS = {
rev = "d239552ce7220e448ae81f41515138f7b9e3c4db";
hash = "sha256-UKMceJhIprN4/4Xe4EG2EvKlanxVcEi5Qcrrk3Ogiik=";
patches = [ ];
};
ovmf = {
rev = "7b4a99be8a39c12d3a7fc4b8db9f0eab4ac688d5";
hash = "sha256-Qq2RgktCkJZBsq6Ch+6tyRHhme4lfcN7d2oQfxwhQt8=";
patches = [ ];
};
ipxe = {
rev = "1d1cf74a5e58811822bee4b3da3cff7282fcdfca";
hash = "sha256-8pwoPrmkpL6jIM+Y/C0xSvyrBM/Uv0D1GuBwNm+0DHU=";
patches = [ ];
};
};
}) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_14; } // genericDefinition)

56
pkgs/applications/virtualization/xen/4.18/default.nix
View File

@ -1,56 +0,0 @@
{
lib,
fetchpatch,
callPackage,
ocaml-ng,
...
}@genericDefinition:
let
upstreamPatches = import ../generic/patches.nix {
inherit lib;
inherit fetchpatch;
};
upstreamPatchList = lib.lists.flatten (
with upstreamPatches;
[
QUBES_REPRODUCIBLE_BUILDS
XSA_462
]
);
in
callPackage (import ../generic/default.nix {
pname = "xen";
branch = "4.18";
version = "4.18.3";
latest = false;
pkg = {
xen = {
rev = "bd51e573a730efc569646379cd59ccba967cde97";
hash = "sha256-OFiFdpPCXR+sWjzFHCORtY4DkWyggvxkcsGdgEyO1ts=";
patches = [ ] ++ upstreamPatchList;
};
qemu = {
rev = "0df9387c8983e1b1e72d8c574356f572342c03e6";
hash = "sha256-BX+LXfNzwdUMALwwI1ZDW12dJ357oynjnrboLHREDGQ=";
patches = [ ];
};
seaBIOS = {
rev = "ea1b7a0733906b8425d948ae94fba63c32b1d425";
hash = "sha256-J2FuT+FXn9YoFLSfxDOxyKZvKrys59a6bP1eYvEXVNU=";
patches = [ ];
};
ovmf = {
rev = "ba91d0292e593df8528b66f99c1b0b14fadc8e16";
hash = "sha256-htOvV43Hw5K05g0SF3po69HncLyma3BtgpqYSdzRG4s=";
patches = [ ];
};
ipxe = {
rev = "1d1cf74a5e58811822bee4b3da3cff7282fcdfca";
hash = "sha256-8pwoPrmkpL6jIM+Y/C0xSvyrBM/Uv0D1GuBwNm+0DHU=";
patches = [ ];
};
};
}) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_14; } // genericDefinition)

58
pkgs/applications/virtualization/xen/4.19/default.nix
View File

@ -1,58 +0,0 @@
{
lib,
fetchpatch,
callPackage,
ocaml-ng,
...
}@genericDefinition:
let
upstreamPatches = import ../generic/patches.nix {
inherit lib;
inherit fetchpatch;
};
upstreamPatchList = lib.lists.flatten (
with upstreamPatches;
[
QUBES_REPRODUCIBLE_BUILDS
XSA_460
XSA_461
XSA_462
]
);
in
callPackage (import ../generic/default.nix {
pname = "xen";
branch = "4.19";
version = "4.19.0";
latest = true;
pkg = {
xen = {
rev = "026c9fa29716b0ff0f8b7c687908e71ba29cf239";
hash = "sha256-Q6x+2fZ4ITBz6sKICI0NHGx773Rc919cl+wzI89UY+Q=";
patches = [ ] ++ upstreamPatchList;
};
qemu = {
rev = "0df9387c8983e1b1e72d8c574356f572342c03e6";
hash = "sha256-BX+LXfNzwdUMALwwI1ZDW12dJ357oynjnrboLHREDGQ=";
patches = [ ];
};
seaBIOS = {
rev = "a6ed6b701f0a57db0569ab98b0661c12a6ec3ff8";
hash = "sha256-hWemj83cxdY8p+Jhkh5GcPvI0Sy5aKYZJCsKDjHTUUk=";
patches = [ ];
};
ovmf = {
rev = "ba91d0292e593df8528b66f99c1b0b14fadc8e16";
hash = "sha256-htOvV43Hw5K05g0SF3po69HncLyma3BtgpqYSdzRG4s=";
patches = [ ];
};
ipxe = {
rev = "1d1cf74a5e58811822bee4b3da3cff7282fcdfca";
hash = "sha256-8pwoPrmkpL6jIM+Y/C0xSvyrBM/Uv0D1GuBwNm+0DHU=";
patches = [ ];
};
};
}) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_14; } // genericDefinition)

209
pkgs/applications/virtualization/xen/README.md
View File

@ -1,209 +0,0 @@
<p align="center">
<a href="https://xenproject.org/">
<picture>
<source
media="(prefers-color-scheme: light)"
srcset="https://downloads.xenproject.org/Branding/Logos/Green+Black/xen_project_logo_dualcolor_2000x832.png">
<source
media="(prefers-color-scheme: dark)"
srcset="https://xenproject.org/wp-content/uploads/sites/79/2018/09/logo_xenproject.png">
<img
src="https://downloads.xenproject.org/Branding/Logos/Green+Black/xen_project_logo_dualcolor_2000x832.png"
width="512px"
alt="Xen Project Logo">
</picture>
</a>
</p>
# Xen Project Hypervisor <a href="https://xenproject.org/"><img src="https://downloads.xenproject.org/Branding/Mascots/Xen-Fu-Panda-2000px.png" width="48px" align="top" alt="Xen Fu Panda"></a>
This directory includes the build recipes for the [Xen Project Hypervisor](https://xenproject.org/).
Some other notable packages that compose the Xen Project Ecosystem include:
- `ocamlPackages.xenstore`: Mirage's `oxenstore` implementation.
- `ocamlPackages.vchan`: Mirage's `xen-vchan` implementation.
- `ocamlPackages.xenstore-tool`: XAPI's `oxenstore` utilities.
- `xen-guest-agent`: Guest drivers for UNIX domUs.
- `win-pvdrivers`: Guest drivers for Windows domUs.
- `xtf`: The Xen Test Framework.
## Updating
### Automatically
An automated update script is available in this directory. To produce up-to-date
files for all supported Xen branches, simply run `./update.sh`, and follow the
instructions given to you by the script. Notably, it will request that you verify
the Xen Project code signing PGP key. This README understands that the fingerprint
of that key is [`23E3 222C 145F 4475 FA80 60A7 83FE 14C9 57E8 2BD9`](https://keys.openpgp.org/search?q=pgp%40xen.org),
but you should verify this information by seeking the fingerprint from other trusted
sources, as this document may be compromised. Once the PGP key is verified, it will
use `git verify-tag` to ascertain the validity of the cloned Xen sources.
After the script is done, follow the steps in
[**For Both Update Methods**](#for-both-update-methods) below.
#### Downstream Patch Names
The script expects local patch names to follow a certain specification.
Please name any required patches using the template below:
```console
0000-project-description-branch.patch
```
Where:
1. The first four numbers define the patch order.
**0001** will be applied after **0000**, and so on.
1. `project` means the name of the source the patch should be applied to.
- If you are applying patches to the main Xen sources, use `xen`.
- For the pre-fetched QEMU, use `qemu`.
- For SeaBIOS, use `seabios`.
- For OVMF, use `ovmf`.
- For iPXE, use `ipxe`.
1. `description` is a string with uppercase and lowercase letters, numbers and
dashes. It describes the patch name and what it does to the upstream code.
1. `branch` is the branch for which this patch is supposed to patch.
It should match the name of the directory it is in.
For example, a patch fixing `xentop`'s output in the 4.15 branch should have
the following name: `0000-xen-xentop-output-4.15.patch`, and it should be added
to the `4.15/` directory.
### Manually
The script is not infallible, and it may break in the future. If that happens,
open a PR fixing the script, and update Xen manually:
1. Check the support matrix to see which branches are security-supported.
1. Create one directory per branch.
1. [Update](https://xenbits.xenproject.org/gitweb/) the `default.nix` files for
the branches that already exist and copy a new one to any branches that do
not yet exist in Nixpkgs.
- Do not forget to set the `branch`, `version`, and `latest` attributes for
each of the `default.nix` files.
- The revisions are preferably commit hashes, but tag names are acceptable
as well.
### For Both Update Methods
1. Update `packages.nix` and `../../../top-level/all-packages.nix` with the new
versions. Don't forget the `slim` packages!
1. Make sure all branches build. (Both the `standard` and `slim` versions)
1. Use the NixOS module to test if dom0 boots successfully on all new versions.
1. Make sure the `meta` attributes evaluate to something that makes sense. The
following one-line command is useful for testing this:
```console
xenToEvaluate=xen; echo -e "\033[1m$(nix eval .#"$xenToEvaluate".meta.description --raw 2> /dev/null)\033[0m\n\n$(nix eval .#"$xenToEvaluate".meta.longDescription --raw 2> /dev/null)"
```
Change the value of `xenToEvaluate` to evaluate all relevant Xen packages.
1. Run `xtf --all --host` as root when booted into the Xen update, and make
sure no tests fail.
1. Clean up your changes and commit them, making sure to follow the
[Nixpkgs Contribution Guidelines](../../../../CONTRIBUTING.md).
1. Open a PR and await a review from the current maintainers.
## Features
### Pre-fetched Sources
On a typical Xen build, the Xen Makefiles will fetch more required sources with
`git` and `wget`. Due to the Nix Sandbox, build-time fetching will fail, so we
pre-fetch the required sources before building.[^1] To accomplish this, we have
a `prefetchedSources` attribute that contains the required derivations, if they
are requested by the main Xen build.
### EFI
Building `xen.efi` requires an `ld` with PE support.[^2]
We use a `makeFlag` to override the `$LD` environment variable to point to our
patched `efiBinutils`. For more information, see the comment in `./generic/default.nix`.
> [!TIP]
> If you are certain you will not be running Xen in an x86 EFI environment, disable
the `withEFI` flag with an [override](https://nixos.org/manual/nixpkgs/stable/#chap-overrides)
to save you the need to compile `efiBinutils`.
### Default Overrides
By default, Xen also builds
[QEMU](https://www.qemu.org/),
[SeaBIOS](https://www.seabios.org/SeaBIOS),
[OVMF](https://github.com/tianocore/tianocore.github.io/wiki/OVMF) and
[iPXE](https://ipxe.org/).
- QEMU is used for stubdomains and handling devices.
- SeaBIOS is the default legacy BIOS ROM for HVM domains.
- OVMF is the default UEFI ROM for HVM domains.
- iPXE provides a PXE boot environment for HVMs.
However, those packages are already available on Nixpkgs, and Xen does not
necessarily need to build them into the main hypervisor build. For this reason,
we also have the `withInternal<Component>` flags, which enables and disables
building those built-in components. The two most popular Xen configurations will
be the default build, with all built-in components, and a `slim` build, with none
of those components. To simplify this process, the `./packages.nix` file includes
the `xen-slim` package overrides that have all `withInternal<Component>` flags
disabled. See the `meta.longDescription` attribute for the `xen-slim` packages
for more information.
## Security
We aim to support all **security-supported** versions of Xen at any given time.
See the [Xen Support Matrix](https://xenbits.xen.org/docs/unstable/support-matrix.html)
for a list of versions. As soon as a version is no longer **security-supported**,
it should be removed from Nixpkgs.
> [!CAUTION]
> Pull requests that introduce XSA patches
should have the `1.severity: security` label.
### Maintainers
Xen is a particularly complex piece of software, so we are always looking for new
maintainers. Help out by [making and triaging issues](https://github.com/NixOS/nixpkgs/issues/new/choose),
[sending build fixes and improvements through PRs](https://github.com/NixOS/nixpkgs/compare),
updating the branches, and [patching security flaws](https://xenbits.xenproject.org/xsa/).
We are also looking for testers, particularly those who can test Xen on AArch64
machines. Open issues for any build failures or runtime errors you find!
## Tests
So far, we only have had one simple automated test that checks for
the correct `pkg-config` output files.
Due to Xen's nature as a type-1 hypervisor, it is not a trivial matter to design
new tests, as even basic functionality requires a machine booted in a dom0
kernel. For this reason, most testing done with this package must be done
manually in a NixOS machine with `virtualisation.xen.enable` set to `true`.
Another unfortunate thing is that none of the Xen commands have a `--version`
flag. This means that `testers.testVersion` cannot ascertain the Xen version.
The only way to verify that you have indeed built the correct version is to
boot into the freshly built Xen kernel and run `xl info`.
<p align="center">
<a href="https://xenproject.org/">
<img
src="https://downloads.xenproject.org/Branding/Mascots/Xen%20Big%20Panda%204242x3129.png"
width="96px"
alt="Xen Fu Panda">
</a>
</p>
[^1]: We also produce fake `git`, `wget` and `hostname` binaries that do nothing,
to prevent the build from failing because Xen cannot fetch the sources that
were already fetched by Nix.
[^2]: From the [Xen Documentation](https://xenbits.xenproject.org/docs/unstable/misc/efi.html):
> For x86, building `xen.efi` requires `gcc` 4.5.x or above (4.6.x or newer
recommended, as 4.5.x was probably never really tested for this purpose)
and `binutils` 2.22 or newer. Additionally, the `binutils` build must be
configured to include support for the x86_64-pep emulation (i.e.
`--enable-targets=x86_64-pep` or an option of equivalent effect should be
passed to the configure script).

27
pkgs/applications/virtualization/xen/generic/0000-xen-ipxe-src-generic.patch
View File

@ -1,27 +0,0 @@
Hack to make etherboot use pre-fetched iPXE.
diff --git a/tools/firmware/etherboot/Makefile b/tools/firmware/etherboot/Makefile
index ed9e11305f..979a3acea8 100644
--- a/tools/firmware/etherboot/Makefile
+++ b/tools/firmware/etherboot/Makefile
@@ -16,6 +16,7 @@ IPXE_TARBALL_URL ?= $(XEN_EXTFILES_URL)/ipxe-git-$(IPXE_GIT_TAG).tar.gz
D=ipxe
T=ipxe.tar.gz
+G=ipxe.git
ROMS = $(addprefix $D/src/bin/, $(addsuffix .rom, $(ETHERBOOT_NICS)))
ROM = $D/src/bin/ipxe.bin
@@ -41,9 +42,9 @@ $T:
fi
mv _$T $T
-$D/src/arch/i386/Makefile: $T Config
- rm -rf $D
- gzip -dc $T | tar xf -
+$D/src/arch/i386/Makefile: $G Config
+ mkdir $D
+ cp -a $G/* $D
for i in $$(cat patches/series) ; do \
patch -d $D -p1 --quiet <patches/$$i || exit 1 ; \
done

728
pkgs/applications/virtualization/xen/generic/default.nix
View File

@ -1,728 +0,0 @@
versionDefinition:
{
lib,
stdenv,
autoPatchelfHook,
cmake,
ninja,
pkg-config,
testers,
which,
fetchgit,
fetchFromGitHub,
# Xen
acpica-tools,
bison,
bzip2,
dev86,
e2fsprogs,
flex,
libnl,
libuuid,
lzo,
ncurses,
ocamlPackages,
perl,
python3Packages,
systemdMinimal,
xz,
yajl,
zlib,
zstd,
# Xen Optional
withInternalQEMU ? true,
pixman,
glib,
withInternalSeaBIOS ? true,
withSeaBIOS ? !withInternalSeaBIOS,
seabios,
withInternalOVMF ? true,
withOVMF ? !withInternalOVMF,
OVMF,
nasm,
withInternalIPXE ? true,
withIPXE ? !withInternalIPXE,
ipxe,
withFlask ? false,
checkpolicy,
efiVendor ? "nixos", # Allow downstreams with custom branding to quickly override the EFI Vendor string.
withEFI ? true,
binutils-unwrapped,
# Documentation
pandoc,
# Scripts
bridge-utils,
coreutils,
diffutils,
gawk,
gnugrep,
gnused,
inetutils,
iproute2,
iptables,
multipath-tools,
nbd,
openvswitch,
util-linux,
...
}@packageDefinition:
let
#TODO: fix paths instead.
scriptEnvPath = lib.strings.makeSearchPathOutput "out" "bin" [
bridge-utils
coreutils
diffutils
gawk
gnugrep
gnused
inetutils
iproute2
iptables
multipath-tools
nbd
openvswitch
perl
util-linux.bin
which
];
# Inherit attributes from a versionDefinition.
inherit (versionDefinition)
pname
branch
version
latest
pkg
;
# Mark versions older than minSupportedVersion as EOL.
minSupportedVersion = "4.17";
## Pre-fetched Source Handling ##
# Main attribute set for sources needed to build tools and firmwares.
# Each source takes in:
# * A `src` attribute, which contains the actual fetcher,
# * A 'patches` attribute, which is a list of patches that need to be applied in the source.
# * A `path` attribute, which is the destination of the source inside the Xen tree.
prefetchedSources =
lib.attrsets.optionalAttrs withInternalQEMU {
qemu = {
src = fetchgit {
url = "https://xenbits.xenproject.org/git-http/qemu-xen.git";
fetchSubmodules = true;
inherit (pkg.qemu) rev hash;
};
patches = lib.lists.optionals (lib.attrsets.hasAttrByPath [ "patches" ] pkg.qemu) pkg.qemu.patches;
path = "tools/qemu-xen";
};
}
// lib.attrsets.optionalAttrs withInternalSeaBIOS {
seaBIOS = {
src = fetchgit {
url = "https://xenbits.xenproject.org/git-http/seabios.git";
inherit (pkg.seaBIOS) rev hash;
};
patches = lib.lists.optionals (lib.attrsets.hasAttrByPath [
"patches"
] pkg.seaBIOS) pkg.seaBIOS.patches;
path = "tools/firmware/seabios-dir-remote";
};
}
// lib.attrsets.optionalAttrs withInternalOVMF {
ovmf = {
src = fetchgit {
url = "https://xenbits.xenproject.org/git-http/ovmf.git";
fetchSubmodules = true;
inherit (pkg.ovmf) rev hash;
};
patches = lib.lists.optionals (lib.attrsets.hasAttrByPath [ "patches" ] pkg.ovmf) pkg.ovmf.patches;
path = "tools/firmware/ovmf-dir-remote";
};
}
// lib.attrsets.optionalAttrs withInternalIPXE {
ipxe = {
src = fetchFromGitHub {
owner = "ipxe";
repo = "ipxe";
inherit (pkg.ipxe) rev hash;
};
patches = lib.lists.optionals (lib.attrsets.hasAttrByPath [ "patches" ] pkg.ipxe) pkg.ipxe.patches;
path = "tools/firmware/etherboot/ipxe.git";
};
};
# Gets a list containing the names of the top-level attribute for each pre-fetched
# source, to be used in the map functions below.
prefetchedSourcesList = lib.attrsets.mapAttrsToList (name: value: name) prefetchedSources;
# Produces bash commands that will copy each pre-fetched source.
copyPrefetchedSources =
# Finish the deployment by concatnating the list of commands together.
lib.strings.concatLines (
# Iterate on each pre-fetched source.
builtins.map (
source:
# Only produce a copy command if patches exist.
lib.strings.optionalString (lib.attrsets.hasAttrByPath [ "${source}" ] prefetchedSources)
# The actual copy command. `src` is always an absolute path to a fetcher output
# inside the /nix/store, and `path` is always a path relative to the Xen root.
# We need to `mkdir -p` the target directory first, and `chmod +w` the contents last,
# as the copied files will still be edited by the postPatchPhase.
''
echo "Copying ${prefetchedSources.${source}.src} -> ${prefetchedSources.${source}.path}"
mkdir --parents ${prefetchedSources.${source}.path}
cp --recursive --no-target-directory ${prefetchedSources.${source}.src} ${
prefetchedSources.${source}.path
}
chmod --recursive +w ${prefetchedSources.${source}.path}
''
) prefetchedSourcesList
);
# Produces strings with `patch` commands to be ran on postPatch.
# These deploy the .patch files for each pre-fetched source.
deployPrefetchedSourcesPatches =
# Finish the deployment by concatnating the list of commands together.
lib.strings.concatLines (
# The double map functions create a list of lists. Flatten it so we can concatnate it.
lib.lists.flatten (
# Iterate on each pre-fetched source.
builtins.map (
source:
# Iterate on each available patch.
(builtins.map (
patch:
# Only produce a patch command if patches exist.
lib.strings.optionalString
(lib.attrsets.hasAttrByPath [
"${source}"
"patches"
] prefetchedSources)
# The actual patch command. It changes directories to the correct source each time.
''
echo "Applying patch ${patch} to ${source}."
patch --directory ${prefetchedSources.${source}.path} --strip 1 < ${patch}
''
) prefetchedSources.${source}.patches)
) prefetchedSourcesList
)
);
## XSA Patches Description Builder ##
# Sometimes patches are sourced through a path, like ./0000-xen.patch.
# This would break the patch attribute parser functions, so we normalise
# all patches sourced through paths by setting them to a { type = "path"; }
# attribute set.
# Patches from fetchpatch are already attribute sets.
normalisedPatchList = builtins.map (
patch:
if !builtins.isAttrs patch then
if builtins.isPath patch then
{ type = "path"; }
else
throw "xen/generic/default.nix: normalisedPatchList attempted to normalise something that is not a Path or an Attribute Set."
else
patch
) pkg.xen.patches;
# Simple counter for the number of attrsets (patches) in the patches list after normalisation.
numberOfPatches = lib.lists.count (patch: builtins.isAttrs patch) normalisedPatchList;
# builtins.elemAt's index begins at 0, so we subtract 1 from the number of patches in order to
# produce the range that will be used in the following builtin.map calls.
availablePatchesToTry = lib.lists.range 0 (numberOfPatches - 1);
# Takes in an attrByPath input, and outputs the attribute value for each patch in a list.
# If a patch does not have a given attribute, returns `null`. Use lib.lists.remove null
# to remove these junk values, if necessary.
retrievePatchAttributes =
attributeName:
builtins.map (
x: lib.attrsets.attrByPath attributeName null (builtins.elemAt normalisedPatchList x)
) availablePatchesToTry;
# Produces a list of newline-separated strings that lists the vulnerabilities this
# Xen is NOT affected by, due to the applied Xen Security Advisory patches. This is
# then used in meta.longDescription, to let users know their Xen is patched against
# known vulnerabilities, as the package version isn't always the best indicator.
#
# Produces something like this: (one string for each XSA)
# * [Xen Security Advisory #1](https://xenbits.xenproject.org/xsa/advisory-1.html): **Title for XSA.**
# >Description of issue in XSA
#Extra lines
#are not indented,
#but markdown should be
#fine with it.
# Fixes:
# * [CVE-1999-00001](https://www.cve.org/CVERecord?id=CVE-1999-00001)
# * [CVE-1999-00002](https://www.cve.org/CVERecord?id=CVE-1999-00002)
# * [CVE-1999-00003](https://www.cve.org/CVERecord?id=CVE-1999-00003)
writeAdvisoryDescription =
if (lib.lists.remove null (retrievePatchAttributes [ "xsa" ]) != [ ]) then
lib.lists.zipListsWith (a: b: a + b)
(lib.lists.zipListsWith (a: b: a + "**" + b + ".**\n >")
(lib.lists.zipListsWith (a: b: "* [Xen Security Advisory #" + a + "](" + b + "): ")
(lib.lists.remove null (retrievePatchAttributes [ "xsa" ]))
(
lib.lists.remove null (retrievePatchAttributes [
"meta"
"homepage"
])
)
)
(
lib.lists.remove null (retrievePatchAttributes [
"meta"
"description"
])
)
)
(
lib.lists.remove null (retrievePatchAttributes [
"meta"
"longDescription"
])
)
else
[ ];
## Binutils Override ##
# Originally, there were two versions of binutils being used: the standard one and
# this patched one. Unfortunately, that required patches to the Xen Makefiles, and
# quickly became too complex to maintain. The new solution is to simply build this
# efi-binutils derivation and use it for the whole build process, except if
# enableEFI is disabled; it'll then use `binutils`.
efiBinutils = binutils-unwrapped.overrideAttrs (oldAttrs: {
name = "efi-binutils";
configureFlags = oldAttrs.configureFlags ++ [ "--enable-targets=x86_64-pep" ];
doInstallCheck = false; # We get a spurious failure otherwise, due to a host/target mismatch.
meta.mainProgram = "ld"; # We only really care for `ld`.
});
in
stdenv.mkDerivation (finalAttrs: {
inherit pname version;
outputs = [
"out" # TODO: Split $out in $bin for binaries and $lib for libraries.
"man" # Manual pages for Xen userspace utilities.
"doc" # The full Xen documentation in HTML format.
"dev" # Development headers.
"boot" # xen.gz kernel, policy file if Flask is enabled, xen.efi if EFI is enabled.
# TODO: Python package to be in separate output/package.
];
# Main Xen source.
src = fetchgit {
url = "https://xenbits.xenproject.org/git-http/xen.git";
inherit (pkg.xen) rev hash;
};
patches =
# Generic Xen patches that apply to all Xen versions.
[ ./0000-xen-ipxe-src-generic.patch ]
# Gets the patches from the pkg.xen.patches attribute from the versioned files.
++ lib.lists.optionals (lib.attrsets.hasAttrByPath [ "patches" ] pkg.xen) pkg.xen.patches;
nativeBuildInputs =
[
autoPatchelfHook
bison
cmake
flex
pandoc
pkg-config
python3Packages.setuptools
]
++ lib.lists.optionals withInternalQEMU [
ninja
python3Packages.sphinx
];
buildInputs =
[
# Xen
acpica-tools
bzip2
dev86
e2fsprogs.dev
libnl
libuuid
lzo
ncurses
perl
python3Packages.python
xz
yajl
zlib
zstd
# oxenstored
ocamlPackages.findlib
ocamlPackages.ocaml
# Python Fixes
python3Packages.wrapPython
]
++ lib.lists.optionals withInternalQEMU [
glib
pixman
]
++ lib.lists.optional withInternalOVMF nasm
++ lib.lists.optional withFlask checkpolicy
++ lib.lists.optional (lib.strings.versionOlder version "4.19") systemdMinimal;
configureFlags =
[
"--enable-systemd"
"--disable-qemu-traditional"
]
++ lib.lists.optional (!withInternalQEMU) "--with-system-qemu"
++ lib.lists.optional withSeaBIOS "--with-system-seabios=${seabios}/share/seabios"
++ lib.lists.optional (!withInternalSeaBIOS && !withSeaBIOS) "--disable-seabios"
++ lib.lists.optional withOVMF "--with-system-ovmf=${OVMF.firmware}"
++ lib.lists.optional withInternalOVMF "--enable-ovmf"
++ lib.lists.optional withIPXE "--with-system-ipxe=${ipxe}"
++ lib.lists.optional withInternalIPXE "--enable-ipxe"
++ lib.lists.optional withFlask "--enable-xsmpolicy";
makeFlags =
[
"PREFIX=$(out)"
"CONFIG_DIR=/etc"
"XEN_SCRIPT_DIR=$(CONFIG_DIR)/xen/scripts"
"BASH_COMPLETION_DIR=$(PREFIX)/share/bash-completion/completions"
]
++ lib.lists.optionals withEFI [
"EFI_VENDOR=${efiVendor}"
"INSTALL_EFI_STRIP=1"
"LD=${lib.meta.getExe efiBinutils}" # See the comment in the efiBinutils definition above.
]
# These flags set the CONFIG_* options in /boot/xen.config
# and define if the default policy file is built. However,
# the Flask binaries always get compiled by default.
++ lib.lists.optionals withFlask [
"XSM_ENABLE=y"
"FLASK_ENABLE=y"
]
++ (pkg.xen.makeFlags or [ ]);
buildFlags = [
"xen" # Build the Xen Hypervisor.
"tools" # Build the userspace tools, such as `xl`.
"docs" # Build the Xen Documentation
];
enableParallelBuilding = true;
env.NIX_CFLAGS_COMPILE = builtins.toString (
[
"-Wno-error=maybe-uninitialized"
"-Wno-error=array-bounds"
]
++ lib.lists.optionals withInternalOVMF [
"-Wno-error=format-security"
"-Wno-error=use-after-free"
"-Wno-error=vla-parameter"
"-Wno-error=dangling-pointer"
"-Wno-error=stringop-overflow"
]
);
dontUseCmakeConfigure = true;
dontUseNinjaBuild = withInternalQEMU;
prePatch =
# Xen's stubdoms, tools and firmwares need various sources that
# are usually fetched at build time using wget and git. We can't
# have that, so we pre-fetch them in the versioned Nix expressions,
# and produce fake wget and git executables for debugging purposes.
#
# We also produce a fake hostname executable to prevent spurious
# command-not-found errors during compilation.
#
# The snippet below produces executables that simply print in stdout
# what they were supposed to fetch, and exit gracefully.
''
mkdir fake-bin
cat > fake-bin/wget << EOF
#!${stdenv.shell} -e
echo ===== FAKE WGET: Not fetching \$*
[ -e \$3 ]
EOF
cat > fake-bin/git << EOF
#!${stdenv.shell}
echo ===== FAKE GIT: Not cloning \$*
[ -e \$3 ]
EOF
cat > fake-bin/hostname << EOF
#!${stdenv.shell}
echo ${efiVendor}
[ -e \$3 ]
EOF
chmod +x fake-bin/*
export PATH=$PATH:$PWD/fake-bin
''
# Remove in-tree QEMU sources, as we either pre-fetch them through
# the versioned Nix expressions if withInternalQEMU is true, or we
# don't build QEMU at all if withInternalQEMU is false.
+ ''
rm --recursive --force tools/qemu-xen tools/qemu-xen-traditional
''
# Call copyPrefetchedSources, which copies all aviable sources to their correct positions.
+ ''
${copyPrefetchedSources}
'';
postPatch =
# The following patch forces Xen to install xen.efi on $out/boot
# instead of $out/boot/efi/efi/nixos, as the latter directory
# would otherwise need to be created manually. This also creates
# a more consistent output for downstreams who override the
# efiVendor attribute above.
''
substituteInPlace xen/Makefile \
--replace-fail "\$(D)\$(EFI_MOUNTPOINT)/efi/\$(EFI_VENDOR)/\$(T)-\$(XEN_FULLVERSION).efi" \
"\$(D)\$(BOOT_DIR)/\$(T)-\$(XEN_FULLVERSION).efi"
''
# The following patch fixes the call to /bin/mkdir on the
# launch_xenstore.sh helper script.
+ ''
substituteInPlace tools/hotplug/Linux/launch-xenstore.in \
--replace-fail "/bin/mkdir" "${coreutils}/bin/mkdir"
''
# The following expression fixes the paths called by Xen's systemd
# units, so we can use them in the NixOS module.
+ ''
substituteInPlace \
tools/hotplug/Linux/systemd/{xen-init-dom0,xen-qemu-dom0-disk-backend,xenconsoled,xendomains,xenstored}.service.in \
--replace-fail /bin/grep ${gnugrep}/bin/grep
substituteInPlace \
tools/hotplug/Linux/systemd/{xen-qemu-dom0-disk-backend,xenconsoled}.service.in \
--replace-fail "/bin/mkdir" "${coreutils}/bin/mkdir"
''
# # Call deployPrefetchedSourcesPatches, which patches all pre-fetched sources with their specified patchlists.
+ ''
${deployPrefetchedSourcesPatches}
''
# Patch shebangs for QEMU and OVMF build scripts.
+ lib.strings.optionalString withInternalQEMU ''
patchShebangs --build tools/qemu-xen/scripts/tracetool.py
''
+ lib.strings.optionalString withInternalOVMF ''
patchShebangs --build tools/firmware/ovmf-dir-remote/OvmfPkg/build.sh tools/firmware/ovmf-dir-remote/BaseTools/BinWrappers/PosixLike/{AmlToC,BrotliCompress,build,GenFfs,GenFv,GenFw,GenSec,LzmaCompress,TianoCompress,Trim,VfrCompile}
'';
installPhase =
let
cpFlags = builtins.toString [
"--preserve=mode,ownership,timestamps,link"
"--recursive"
"--verbose"
"--no-dereference"
];
in
# Run the preInstall tasks.
''
runHook preInstall
''
# Create $out directories and copy build output.
+ ''
mkdir --parents $out $out/share $boot
cp ${cpFlags} dist/install/nix/store/*/* $out/
cp ${cpFlags} dist/install/etc $out
cp ${cpFlags} dist/install/boot $boot
''
# Run the postInstall tasks.
+ ''
runHook postInstall
'';
postInstall =
# Wrap xencov_split, xenmon and xentrace_format.
''
wrapPythonPrograms
''
# We also need to wrap pygrub, which lies in $out/libexec/xen/bin.
+ ''
wrapPythonProgramsIn "$out/libexec/xen/bin" "$out $pythonPath"
''
# Fix shebangs in Xen's various scripts.
#TODO: Remove any and all usage of `sed` and replace these complicated magic runes with readable code.
+ ''
shopt -s extglob
for i in $out/etc/xen/scripts/!(*.sh); do
sed --in-place "2s@^@export PATH=$out/bin:${scriptEnvPath}\n@" $i
done
'';
postFixup =
# Fix binaries in $out/libexec/xen/bin.
''
addAutoPatchelfSearchPath $out/lib
autoPatchelf $out/libexec/xen/bin
''
# Flask is particularly hard to disable. Even after
# setting the make flags to `n`, it still gets compiled.
# If withFlask is disabled, delete the extra binaries.
+ lib.strings.optionalString (!withFlask) ''
rm -f $out/bin/flask-*
'';
passthru = {
efi =
if withEFI then "boot/xen-${version}.efi" else throw "This Xen was compiled without an EFI binary.";
flaskPolicy =
if withFlask then
"boot/xenpolicy-${version}"
else
throw "This Xen was compiled without FLASK support.";
qemu-system-i386 =
if withInternalQEMU then
"libexec/xen/bin/qemu-system-i386"
else
throw "This Xen was compiled without a built-in QEMU.";
# This test suite is very simple, as Xen's userspace
# utilities require the hypervisor to be booted.
tests = {
pkg-config = testers.hasPkgConfigModules {
package = finalAttrs.finalPackage;
moduleNames = [
"xencall"
"xencontrol"
"xendevicemodel"
"xenevtchn"
"xenforeignmemory"
"xengnttab"
"xenguest"
"xenhypfs"
"xenlight"
"xenstat"
"xenstore"
"xentoolcore"
"xentoollog"
"xenvchan"
"xlutil"
];
};
};
};
meta =
if
!(lib.attrsets.hasAttrByPath [
"meta"
] versionDefinition)
then
{
inherit branch;
# Short description for Xen.
description =
"Xen Project Hypervisor"
# The "and related components" addition is automatically hidden if said components aren't being built.
+ lib.strings.optionalString (prefetchedSources != { }) " and related components"
# To alter the description inside the paranthesis, edit ./packages.nix.
+ lib.strings.optionalString (lib.attrsets.hasAttrByPath [
"meta"
"description"
] packageDefinition) " (${packageDefinition.meta.description})";
# Long description for Xen.
longDescription =
# Starts with the longDescription from ./packages.nix.
(packageDefinition.meta.longDescription or "")
+ lib.strings.optionalString (!withInternalQEMU) (
"\nUse with `qemu_xen_${lib.strings.stringAsChars (x: if x == "." then "_" else x) branch}`"
+ lib.strings.optionalString latest " or `qemu_xen`"
+ ".\n"
)
# Then, if any of the optional with* components are being built, add the "Includes:" string.
+
lib.strings.optionalString
(
withInternalQEMU
|| withInternalSeaBIOS
|| withInternalOVMF
|| withInternalIPXE
|| withEFI
|| withFlask
)
(
"\nIncludes:"
# Originally, this was a call for the complicated withPrefetchedSources. Since there aren't
# that many optional components, we just use lib.strings.optionalString, because it's simpler.
# Optional components that aren't being built are automatically hidden.
+ lib.strings.optionalString withEFI "\n* `xen.efi`: The Xen Project's [EFI binary](https://xenbits.xenproject.org/docs/${branch}-testing/misc/efi.html), available on the `boot` output of this package."
+ lib.strings.optionalString withFlask "\n* `xsm-flask`: The [FLASK Xen Security Module](https://wiki.xenproject.org/wiki/Xen_Security_Modules_:_XSM-FLASK). The `xenpolicy-${version}` file is available on the `boot` output of this package."
+ lib.strings.optionalString withInternalQEMU "\n* `qemu-xen`: The Xen Project's mirror of [QEMU](https://www.qemu.org/)."
+ lib.strings.optionalString withInternalSeaBIOS "\n* `seabios-xen`: The Xen Project's mirror of [SeaBIOS](https://www.seabios.org/SeaBIOS)."
+ lib.strings.optionalString withInternalOVMF "\n* `ovmf-xen`: The Xen Project's mirror of [OVMF](https://github.com/tianocore/tianocore.github.io/wiki/OVMF)."
+ lib.strings.optionalString withInternalIPXE "\n* `ipxe-xen`: The Xen Project's pinned version of [iPXE](https://ipxe.org/)."
)
# Finally, we write a notice explaining which vulnerabilities this Xen is NOT vulnerable to.
# This will hopefully give users the peace of mind that their Xen is secure, without needing
# to search the source code for the XSA patches.
+ lib.strings.optionalString (writeAdvisoryDescription != [ ]) (
"\n\nThis Xen Project Hypervisor (${version}) has been patched against the following known security vulnerabilities:\n"
+ lib.strings.removeSuffix "\n" (lib.strings.concatLines writeAdvisoryDescription)
);
homepage = "https://xenproject.org/";
downloadPage = "https://downloads.xenproject.org/release/xen/${version}/";
changelog = "https://wiki.xenproject.org/wiki/Xen_Project_${branch}_Release_Notes";
license = with lib.licenses; [
# Documentation.
cc-by-40
# Most of Xen is licensed under the GPL v2.0.
gpl2Only
# Xen Libraries and the `xl` command-line utility.
lgpl21Only
# Development headers in $dev/include.
mit
];
# This automatically removes maintainers from EOL versions of Xen, so we aren't bothered about versions we don't explictly support.
maintainers = lib.lists.optionals (lib.strings.versionAtLeast version minSupportedVersion) lib.teams.xen.members;
knownVulnerabilities = lib.lists.optional (lib.strings.versionOlder version minSupportedVersion) "The Xen Project Hypervisor version ${version} is no longer supported by the Xen Project Security Team. See https://xenbits.xenproject.org/docs/unstable/support-matrix.html";
mainProgram = "xl";
# Evaluates to x86_64-linux.
platforms = lib.lists.intersectLists lib.platforms.linux lib.platforms.x86_64;
}
else
versionDefinition.meta;
})

71
pkgs/applications/virtualization/xen/packages.nix
View File

@ -1,71 +0,0 @@
{
python3Packages,
python311Packages,
callPackage,
}:
let
standard = {
# Broken with python 3.12+ when using internal QEMU due to https://github.com/NixOS/nixpkgs/issues/253751
python3Packages = python311Packages;
meta = {
description = "Standard";
longDescription = ''
Standard version of the Xen Project Hypervisor. Uses forks of QEMU, SeaBIOS,
OVMF and iPXE provided by the Xen Project. This provides the vanilla Xen
experience, but wastes space and build time. A typical NixOS setup that runs
lots of VMs will usually need to build two different versions of QEMU when using
this Xen derivation (one fork and upstream).
'';
};
};
slim = {
inherit python3Packages;
meta = {
description = "Without Internal Components";
longDescription = ''
Slimmed-down version of the Xen Project Hypervisor that reuses nixpkgs packages
as much as possible. Instead of using the Xen Project forks for various internal
components, this version uses `seabios`, `ovmf` and `ipxe` from Nixpkgs. These
components may ocasionally get out of sync with the hypervisor itself, but this
builds faster and uses less space than the default derivation.
'';
};
};
in
# TODO: generalise this to automatically generate both Xen variants for each ./<version>/default.nix.
rec {
xen_4_19 = callPackage ./4.19/default.nix {
inherit (standard) meta python3Packages;
};
xen_4_19-slim = xen_4_19.override {
withInternalQEMU = false;
withInternalSeaBIOS = false;
withInternalOVMF = false;
withInternalIPXE = false;
inherit (slim) meta python3Packages;
};
xen_4_18 = callPackage ./4.18/default.nix {
inherit (standard) meta python3Packages;
};
xen_4_18-slim = xen_4_18.override {
withInternalQEMU = false;
withInternalSeaBIOS = false;
withInternalOVMF = false;
withInternalIPXE = false;
inherit (slim) meta python3Packages;
};
xen_4_17 = callPackage ./4.17/default.nix {
inherit (standard) meta python3Packages;
};
xen_4_17-slim = xen_4_17.override {
withInternalQEMU = false;
withInternalSeaBIOS = false;
withInternalOVMF = false;
withInternalIPXE = false;
inherit (slim) meta;
# Broken with python 3.12+ due to distutils missing.
python3Packages = python311Packages;
};
}

202
pkgs/applications/virtualization/xen/update.sh
View File

@ -1,202 +0,0 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p gitMinimal curl gnupg nix-prefetch-git nixfmt-rfc-style
# shellcheck disable=SC2206,SC2207 shell=bash
set -o errexit
set -o pipefail
set -o nounset
#TODO: Use `jq` instead of `sed`.
#TODO: Accept the small security drawback and make this script runnable by r-ryantm.
# This script expects to be called in an interactive terminal somewhere inside Nixpkgs.
echo "Preparing..."
nixpkgs=$(git rev-parse --show-toplevel)
xenPath="$nixpkgs/pkgs/applications/virtualization/xen"
rm -rf /tmp/xenUpdateScript
mkdir /tmp/xenUpdateScript
# Import and verify PGP key.
curl --silent --output /tmp/xenUpdateScript/xen.asc https://keys.openpgp.org/vks/v1/by-fingerprint/23E3222C145F4475FA8060A783FE14C957E82BD9
gpg --homedir /tmp/xenUpdateScript/.gnupg --quiet --import /tmp/xenUpdateScript/xen.asc
fingerprint="$(gpg --homedir /tmp/xenUpdateScript/.gnupg --with-colons --fingerprint "pgp@xen.org" 2>/dev/null | awk -F: '/^pub:.*/ { getline; print $10}')"
echo -e "Please ascertain through multiple external sources that the \e[1;32mXen Project PGP Key Fingerprint\e[0m is indeed \e[1;33m$fingerprint\e[0m. If that is not the case, \e[1;31mexit immediately\e[0m."
read -r -p $'Press \e[1;34menter\e[0m to continue with a pre-filled expected fingerprint, or input an arbitrary PGP fingerprint to match with the key\'s fingerprint: ' userInputFingerprint
userInputFingerprint=${userInputFingerprint:-"23E3222C145F4475FA8060A783FE14C957E82BD9"}
# Clone xen.git.
echo -e "Cloning \e[1;34mxen.git\e[0m..."
git clone --quiet https://xenbits.xenproject.org/git-http/xen.git /tmp/xenUpdateScript/xen
cd /tmp/xenUpdateScript/xen
# Get list of versions and branches.
versionList="$(git tag --list "RELEASE-*" | sed s/RELEASE-//g | sed s/4.1.6.1//g | sort --numeric-sort)"
latestVersion=$(echo "$versionList" | tr ' ' '\n' | tail --lines=1)
branchList=($(echo "$versionList" | tr ' ' '\n' | sed s/\.[0-9]*$//g | awk '!seen[$0]++'))
# Figure out which versions we're actually going to install.
minSupportedBranch="$(grep " minSupportedVersion = " "$xenPath"/generic/default.nix | sed s/' minSupportedVersion = "'//g | sed s/'";'//g)"
supportedBranches=($(for version in "${branchList[@]}"; do if [ "$(printf '%s\n' "$minSupportedBranch" "$version" | sort -V | head -n1)" = "$minSupportedBranch" ]; then echo "$version"; fi; done))
supportedVersions=($(for version in "${supportedBranches[@]}"; do echo "$versionList" | tr ' ' '\n' | grep "$version" | tail --lines=1; done))
echo -e "\e[1mNOTE\e[0m: As we're also pre-fetching the submodules, QEMU and OVMF may take a very long time to fetch."
# Main loop that installs every supportedVersion.
for version in "${supportedVersions[@]}"; do
echo -e "\n------------------------------------------------"
branch=${version/%.[0-9]/}
if [[ "$version" == "$latestVersion" ]]; then
latest=true
echo -e "\nFound \e[1;34mlatest\e[0m release: \e[1;32mXen $version\e[0m in branch \e[1;36m$branch\e[0m."
else
latest=false
echo -e "\nFound \e[1;33msecurity-supported\e[0m release: \e[1;32mXen $version\e[0m in branch \e[1;36m$branch\e[0m."
fi
# Verify PGP key automatically. If the fingerprint matches what the user specified, or the default fingerprint, then we consider it trusted.
cd /tmp/xenUpdateScript/xen
if [[ "$fingerprint" = "$userInputFingerprint" ]]; then
echo "$fingerprint:6:" | gpg --homedir /tmp/xenUpdateScript/.gnupg --quiet --import-ownertrust
(git verify-tag RELEASE-"$version" 2>/dev/null && echo -e "\n\e[1;32mSuccessfully authenticated Xen $version.\e[0m") || (echo -e "\e[1;31merror:\e[0m Unable to verify tag \e[1;32mRELEASE-$version\e[0m.\n- It is possible that \e[1;33mthis script has broken\e[0m, the Xen Project has \e[1;33mcycled their PGP keys\e[0m, or a \e[1;31msupply chain attack is in progress\e[0m.\n\n\e[1;31mPlease update manually.\e[0m" && exit 1)
else
echo -e "\e[1;31merror:\e[0m Unable to verify \e[1;34mpgp@xen.org\e[0m's fingerprint.\n- It is possible that \e[1;33mthis script has broken\e[0m, the Xen Project has \e[1;33mcycled their PGP keys\e[0m, or an \e[1;31mimpersonation attack is in progress\e[0m.\n\n\e[1;31mPlease update manually.\e[0m" && exit 1
fi
git switch --quiet --detach RELEASE-"$version"
# Originally we told people to go check the Makefile themselves.
echo -e -n "\nDetermining source versions from Xen Makefiles..."
qemuVersion="$(grep "QEMU_UPSTREAM_REVISION ?=" /tmp/xenUpdateScript/xen/Config.mk | sed s/"QEMU_UPSTREAM_REVISION ?= "//g)"
seaBIOSVersion="$(grep "SEABIOS_UPSTREAM_REVISION ?= rel-" /tmp/xenUpdateScript/xen/Config.mk | sed s/"SEABIOS_UPSTREAM_REVISION ?= "//g)"
ovmfVersion="$(grep "OVMF_UPSTREAM_REVISION ?=" /tmp/xenUpdateScript/xen/Config.mk | sed s/"OVMF_UPSTREAM_REVISION ?= "//g)"
miniOSVersion="$(grep "MINIOS_UPSTREAM_REVISION ?=" /tmp/xenUpdateScript/xen/Config.mk | sed s/"MINIOS_UPSTREAM_REVISION ?= "//g)"
ipxeVersion="$(grep "IPXE_GIT_TAG :=" /tmp/xenUpdateScript/xen/tools/firmware/etherboot/Makefile | sed s/"IPXE_GIT_TAG := "//g)"
echo "done!"
# Use `nix-prefetch-git` to fetch `rev`s and `hash`es.
echo "Pre-fetching sources and determining hashes..."
echo -e -n " \e[1;32mXen\e[0m..."
fetchXen=$(nix-prefetch-git --url https://xenbits.xenproject.org/git-http/xen.git --rev RELEASE-"$version" --quiet)
finalVersion="$(echo "$fetchXen" | tr ', ' '\n ' | grep -ie rev | sed s/' "rev": "'//g | sed s/'"'//g)"
hash="$(echo "$fetchXen" | tr ', ' '\n ' | grep -ie hash | sed s/' "hash": "'//g | sed s/'"'//g)"
echo "done!"
echo -e -n " \e[1;36mQEMU\e[0m..."
fetchQEMU=$(nix-prefetch-git --url https://xenbits.xenproject.org/git-http/qemu-xen.git --rev "$qemuVersion" --quiet --fetch-submodules)
finalQEMUVersion="$(echo "$fetchQEMU" | tr ', ' '\n ' | grep -ie rev | sed s/' "rev": "'//g | sed s/'"'//g)"
qemuHash="$(echo "$fetchQEMU" | tr ', ' '\n ' | grep -ie hash | sed s/' "hash": "'//g | sed s/'"'//g)"
echo "done!"
echo -e -n " \e[1;36mSeaBIOS\e[0m..."
fetchSeaBIOS=$(nix-prefetch-git --url https://xenbits.xenproject.org/git-http/seabios.git --rev "$seaBIOSVersion" --quiet)
finalSeaBIOSVersion="$(echo "$fetchSeaBIOS" | tr ', ' '\n ' | grep -ie rev | sed s/' "rev": "'//g | sed s/'"'//g)"
seaBIOSHash="$(echo "$fetchSeaBIOS" | tr ', ' '\n ' | grep -ie hash | sed s/' "hash": "'//g | sed s/'"'//g)"
echo "done!"
echo -e -n " \e[1;36mOVMF\e[0m..."
ovmfHash="$(nix-prefetch-git --url https://xenbits.xenproject.org/git-http/ovmf.git --rev "$ovmfVersion" --quiet --fetch-submodules | grep -ie hash | sed s/' "hash": "'//g | sed s/'",'//g)"
echo "done!"
echo -e -n " \e[1;36miPXE\e[0m..."
ipxeHash="$(nix-prefetch-git --url https://github.com/ipxe/ipxe.git --rev "$ipxeVersion" --quiet | grep -ie hash | sed s/' "hash": "'//g | sed s/'",'//g)"
echo "done!"
cd "$xenPath"
echo -e "\nFound the following revisions:\n \e[1;32mXen\e[0m: \e[1;33m$finalVersion\e[0m (\e[1;33m$hash\e[0m)\n \e[1;36mQEMU\e[0m: \e[1;33m$finalQEMUVersion\e[0m (\e[1;33m$qemuHash\e[0m)\n \e[1;36mSeaBIOS\e[0m: \e[1;33m$finalSeaBIOSVersion\e[0m (\e[1;33m$seaBIOSHash\e[0m)\n \e[1;36mOVMF\e[0m: \e[1;33m$ovmfVersion\e[0m (\e[1;33m$ovmfHash\e[0m)\n \e[1;36miPXE\e[0m: \e[1;33m$ipxeVersion\e[0m (\e[1;33m$ipxeHash\e[0m)"
# Set OCaml Version
read -r -p $'\nEnter the corresponding \e[1;33mOCaml\e[0m version for \e[1;32mXen '"$version"$'\e[0m, or press \e[1;34menter\e[0m for the default value of \e[1;32m4_14\e[0m: ' ocamlVersion
ocamlVersion=${ocamlVersion:-"4_14"}
mkdir -p "$branch"/
rm -f "$branch"/default.nix
# Prepare any .patch files that are called by Nix through a path value.
echo -e "\nPlease add any required patches to version \e[1;32m$branch\e[0m in \e[1;34m$branch/\e[0m, and press \e[1;34menter\e[0m when done."
read -r -p $'Remember to follow the naming specification as defined in \e[1;34m./README.md\e[0m.'
echo -e "\nDiscovering patches..."
discoveredXenPatches="$(find "$branch"/ -type f -name "[0-9][0-9][0-9][0-9]-xen-*-$branch.patch" -printf "./%f ")"
discoveredQEMUPatches="$(find "$branch"/ -type f -name "[0-9][0-9][0-9][0-9]-qemu-*-$branch.patch" -printf "./%f ")"
discoveredSeaBIOSPatches="$(find "$branch"/ -type f -name "[0-9][0-9][0-9][0-9]-seabios-*-$branch.patch" -printf "./%f ")"
discoveredOVMFPatches="$(find "$branch"/ -type f -name "[0-9][0-9][0-9][0-9]-ovmf-*-$branch.patch" -printf "./%f ")"
discoveredIPXEPatches="$(find "$branch"/ -type f -name "[0-9][0-9][0-9][0-9]-ipxe-*-$branch.patch" -printf "./%f ")"
discoveredXenPatchesEcho=${discoveredXenPatches:-"\e[1;31mNone found!\e[0m"}
discoveredQEMUPatchesEcho=${discoveredQEMUPatches:-"\e[1;31mNone found!\e[0m"}
discoveredSeaBIOSPatchesEcho=${discoveredSeaBIOSPatches:-"\e[1;31mNone found!\e[0m"}
discoveredOVMFPatchesEcho=${discoveredOVMFPatches:-"\e[1;31mNone found!\e[0m"}
discoveredIPXEPatchesEcho=${discoveredIPXEPatches:-"\e[1;31mNone found!\e[0m"}
echo -e "Found the following patches:\n \e[1;32mXen\e[0m: \e[1;33m$discoveredXenPatchesEcho\e[0m\n \e[1;36mQEMU\e[0m: \e[1;33m$discoveredQEMUPatchesEcho\e[0m\n \e[1;36mSeaBIOS\e[0m: \e[1;33m$discoveredSeaBIOSPatchesEcho\e[0m\n \e[1;36mOVMF\e[0m: \e[1;33m$discoveredOVMFPatchesEcho\e[0m\n \e[1;36miPXE\e[0m: \e[1;33m$discoveredIPXEPatchesEcho\e[0m"
# Prepare patches that are called in ./patches.nix.
defaultPatchListInit=("QUBES_REPRODUCIBLE_BUILDS" "XSA_460" "XSA_461" )
read -r -a defaultPatchList -p $'\nWould you like to override the \e[1;34mupstreamPatches\e[0m list for \e[1;32mXen '"$version"$'\e[0m? If no, press \e[1;34menter\e[0m to use the default patch list: [ \e[1;34m'"${defaultPatchListInit[*]}"$' \e[0m]: '
defaultPatchList=(${defaultPatchList[@]:-${defaultPatchListInit[@]}})
upstreamPatches=${defaultPatchList[*]}
# Write and format default.nix file.
echo -e -n "\nWriting updated \e[1;34mversionDefinition\e[0m..."
cat >"$branch"/default.nix <<EOF
{
lib,
fetchpatch,
callPackage,
ocaml-ng,
...
}@genericDefinition:
let
upstreamPatches = import ../generic/patches.nix {
inherit lib;
inherit fetchpatch;
};
upstreamPatchList = lib.lists.flatten (with upstreamPatches; [
$upstreamPatches
]);
in
callPackage (import ../generic/default.nix {
pname = "xen";
branch = "$branch";
version = "$version";
latest = $latest;
pkg = {
xen = {
rev = "$finalVersion";
hash = "$hash";
patches = [ $discoveredXenPatches ] ++ upstreamPatchList;
};
qemu = {
rev = "$finalQEMUVersion";
hash = "$qemuHash";
patches = [ $discoveredQEMUPatches ];
};
seaBIOS = {
rev = "$finalSeaBIOSVersion";
hash = "$seaBIOSHash";
patches = [ $discoveredSeaBIOSPatches ];
};
ovmf = {
rev = "$ovmfVersion";
hash = "$ovmfHash";
patches = [ $discoveredOVMFPatches ];
};
ipxe = {
rev = "$ipxeVersion";
hash = "$ipxeHash";
patches = [ $discoveredIPXEPatches ];
};
};
}) ({ ocamlPackages = ocaml-ng.ocamlPackages_$ocamlVersion; } // genericDefinition)
EOF
echo done!
echo -n "Formatting..."
nixfmt "$branch"/default.nix
echo done!
echo -e "\n\e[1;32mSuccessfully produced $branch/default.nix.\e[0m"
done
echo -e -n "\nCleaning up..."
rm -rf /tmp/xenUpdateScript
echo done!

481
pkgs/build-support/xen/default.nix Normal file
View File

@ -0,0 +1,481 @@
{
lib,
stdenv,
autoPatchelfHook,
cmake,
pkg-config,
testers,
which,
fetchgit,
fetchpatch,
# Xen
acpica-tools,
bison,
bzip2,
dev86,
e2fsprogs,
flex,
libnl,
libuuid,
lzo,
ncurses,
ocamlPackages,
perl,
python3Packages,
systemdMinimal,
xz,
yajl,
zlib,
zstd,
# Optional Components
seabios,
OVMF,
ipxe,
checkpolicy,
binutils-unwrapped-all-targets,
# Documentation
pandoc,
# Scripts
bridge-utils,
coreutils,
diffutils,
gawk,
gnugrep,
gnused,
inetutils,
iproute2,
iptables,
multipath-tools,
nbd,
openvswitch,
util-linux,
}:
{
pname,
branch ? lib.versions.majorMinor version,
version,
vendor ? "nixos",
withEFI ? true,
withFlask ? false,
withSeaBIOS ? true,
withOVMF ? true,
withIPXE ? true,
useDefaultPatchList ? true,
rev,
hash,
patches ? [ ],
meta ? { },
}:
let
# Inherit helper functions from lib and builtins.
inherit (builtins) elemAt isAttrs;
inherit (lib.strings)
concatLines
enableFeature
makeSearchPathOutput
optionalString
removeSuffix
versionOlder
;
inherit (lib.platforms) linux aarch64;
inherit (lib) teams;
inherit (lib.licenses)
cc-by-40
gpl2Only
lgpl21Only
mit
;
inherit (lib.meta) getExe';
inherit (lib.lists)
count
flatten
optional
optionals
range
remove
zipListsWith
;
inherit (lib.attrsets) attrByPath;
# Mark versions older than minSupportedVersion as EOL.
minSupportedVersion = "4.16";
## Generic Patch Handling ##
upstreamPatches = import ./patches.nix {
inherit lib fetchpatch;
};
upstreamPatchList = flatten (
with upstreamPatches;
[
QUBES_REPRODUCIBLE_BUILDS
XSA_460
XSA_461
XSA_462
]
);
## XSA Patches Description Builder ##
# Simple counter for the number of attrsets (patches) in the patches list after normalisation.
numberOfPatches = count (patch: isAttrs patch) upstreamPatchList;
# builtins.elemAt's index begins at 0, so we subtract 1 from the number of patches in order to
# produce the range that will be used in the following builtin.map calls.
availablePatchesToTry = range 0 (numberOfPatches - 1);
# Takes in an attrByPath input, and outputs the attribute value for each patch in a list.
# If a patch does not have a given attribute, returns `null`. Use lib.lists.remove null
# to remove these junk values, if necessary.
retrievePatchAttributes =
attributeName:
map (x: attrByPath attributeName null (elemAt upstreamPatchList x)) availablePatchesToTry;
# Produces a list of newline-separated strings that lists the vulnerabilities this
# Xen is NOT affected by, due to the applied Xen Security Advisory patches. This is
# then used in meta.longDescription, to let users know their Xen is patched against
# known vulnerabilities, as the package version isn't always the best indicator.
#
# Produces something like this: (one string for each XSA)
# * [Xen Security Advisory #1](https://xenbits.xenproject.org/xsa/advisory-1.html): **Title for XSA.**
# >Description of issue in XSA
#Extra lines
#are not indented,
#but markdown should be
#fine with it.
# Fixes:
# * [CVE-1999-00001](https://www.cve.org/CVERecord?id=CVE-1999-00001)
# * [CVE-1999-00002](https://www.cve.org/CVERecord?id=CVE-1999-00002)
# * [CVE-1999-00003](https://www.cve.org/CVERecord?id=CVE-1999-00003)
writeAdvisoryDescription =
if (remove null (retrievePatchAttributes [ "xsa" ]) != [ ]) then
zipListsWith (a: b: a + b)
(zipListsWith (a: b: a + "**" + b + ".**\n >")
(zipListsWith (a: b: "* [Xen Security Advisory #" + a + "](" + b + "): ")
(remove null (retrievePatchAttributes [ "xsa" ]))
(
remove null (retrievePatchAttributes [
"meta"
"homepage"
])
)
)
(
remove null (retrievePatchAttributes [
"meta"
"description"
])
)
)
(
remove null (retrievePatchAttributes [
"meta"
"longDescription"
])
)
else
[ ];
#TODO: fix paths instead.
scriptEnvPath = makeSearchPathOutput "out" "bin" [
bridge-utils
coreutils
diffutils
gawk
gnugrep
gnused
inetutils
iproute2
iptables
multipath-tools
nbd
openvswitch
perl
util-linux.bin
which
];
in
stdenv.mkDerivation (finalAttrs: {
inherit pname version;
# TODO: Split $out in $bin for binaries and $lib for libraries.
# TODO: Python package to be in separate output/package.
outputs = [
"out"
"man"
"doc"
"dev"
"boot"
];
# Main Xen source.
src = fetchgit {
url = "https://xenbits.xenproject.org/git-http/xen.git";
inherit rev hash;
};
patches = optionals useDefaultPatchList upstreamPatchList ++ patches;
nativeBuildInputs = [
autoPatchelfHook
bison
cmake
flex
pandoc
pkg-config
python3Packages.setuptools
];
buildInputs = [
# Xen
acpica-tools
bzip2
dev86
e2fsprogs.dev
libnl
libuuid
lzo
ncurses
perl
python3Packages.python
xz
yajl
zlib
zstd
# oxenstored
ocamlPackages.findlib
ocamlPackages.ocaml
# Python Fixes
python3Packages.wrapPython
] ++ optional withFlask checkpolicy ++ optional (versionOlder version "4.19") systemdMinimal;
configureFlags = [
"--enable-systemd"
"--disable-qemu-traditional"
"--with-system-qemu"
(if withSeaBIOS then "--with-system-seabios=${seabios}/share/seabios" else "--disable-seabios")
(if withOVMF then "--with-system-ovmf=${OVMF.firmware}" else "--disable-ovmf")
(if withIPXE then "--with-system-ipxe=${ipxe}" else "--disable-ipxe")
(enableFeature withFlask "xsmpolicy")
];
makeFlags =
[
"SUBSYSTEMS=${toString finalAttrs.buildFlags}"
"PREFIX=$(out)"
"BASH_COMPLETION_DIR=$(PREFIX)/share/bash-completion/completions"
"XEN_WHOAMI=${pname}"
"XEN_DOMAIN=${vendor}"
"GIT=${coreutils}/bin/false"
"WGET=${coreutils}/bin/false"
]
++ optionals withEFI [
"EFI_VENDOR=${vendor}"
"INSTALL_EFI_STRIP=1"
"LD=${getExe' binutils-unwrapped-all-targets "ld"}"
]
# These flags set the CONFIG_* options in /boot/xen.config
# and define if the default policy file is built. However,
# the Flask binaries always get compiled by default.
++ optionals withFlask [
"XSM_ENABLE=y"
"FLASK_ENABLE=y"
];
buildFlags = [
"xen"
"tools"
"docs"
];
enableParallelBuilding = true;
env.NIX_CFLAGS_COMPILE = toString [
"-Wno-error=maybe-uninitialized"
"-Wno-error=array-bounds"
];
dontUseCmakeConfigure = true;
# Remove in-tree QEMU sources, we don't need them in any circumstance.
prePatch = "rm --recursive --force tools/qemu-xen tools/qemu-xen-traditional";
postPatch =
# The following patch forces Xen to install xen.efi on $out/boot
# instead of $out/boot/efi/efi/nixos, as the latter directory
# would otherwise need to be created manually. This also creates
# a more consistent output for downstreams who override the
# vendor attribute above.
''
substituteInPlace xen/Makefile \
--replace-fail "\$(D)\$(EFI_MOUNTPOINT)/efi/\$(EFI_VENDOR)/\$(T)-\$(XEN_FULLVERSION).efi" \
"\$(D)\$(BOOT_DIR)/\$(T)-\$(XEN_FULLVERSION).efi"
''
# The following patch fixes the call to /bin/mkdir on the
# launch_xenstore.sh helper script.
+ ''
substituteInPlace tools/hotplug/Linux/launch-xenstore.in \
--replace-fail "/bin/mkdir" "${coreutils}/bin/mkdir"
''
# The following expression fixes the paths called by Xen's systemd
# units, so we can use them in the NixOS module.
+ ''
substituteInPlace \
tools/hotplug/Linux/systemd/{xen-init-dom0,xen-qemu-dom0-disk-backend,xenconsoled,xendomains,xenstored}.service.in \
--replace-fail /bin/grep ${gnugrep}/bin/grep
substituteInPlace \
tools/hotplug/Linux/systemd/{xen-qemu-dom0-disk-backend,xenconsoled}.service.in \
--replace-fail "/bin/mkdir" "${coreutils}/bin/mkdir"
'';
installPhase = ''
runHook preInstall
mkdir --parents $out $out/share $boot
cp -prvd dist/install/nix/store/*/* $out/
cp -prvd dist/install/etc $out
cp -prvd dist/install/boot $boot
runHook postInstall
'';
postInstall =
# Wrap xencov_split, xenmon and xentrace_format.
''
wrapPythonPrograms
''
# We also need to wrap pygrub, which lies in $out/libexec/xen/bin.
+ ''
wrapPythonProgramsIn "$out/libexec/xen/bin" "$out $pythonPath"
''
# Fix shebangs in Xen's various scripts.
#TODO: Remove any and all usage of `sed` and replace these complicated magic runes with readable code.
+ ''
shopt -s extglob
for i in $out/etc/xen/scripts/!(*.sh); do
sed --in-place "2s@^@export PATH=$out/bin:${scriptEnvPath}\n@" $i
done
'';
postFixup =
''
addAutoPatchelfSearchPath $out/lib
autoPatchelf $out/libexec/xen/bin
''
# Flask is particularly hard to disable. Even after
# setting the make flags to `n`, it still gets compiled.
# If withFlask is disabled, delete the extra binaries.
+ optionalString (!withFlask) ''
rm -f $out/bin/flask-*
'';
passthru = {
efi =
if withEFI then "boot/xen-${version}.efi" else throw "This Xen was compiled without an EFI binary.";
flaskPolicy =
if withFlask then
"boot/xenpolicy-${version}"
else
throw "This Xen was compiled without FLASK support.";
# This test suite is very simple, as Xen's userspace
# utilities require the hypervisor to be booted.
tests = {
pkg-config = testers.hasPkgConfigModules {
package = finalAttrs.finalPackage;
moduleNames = [
"xencall"
"xencontrol"
"xendevicemodel"
"xenevtchn"
"xenforeignmemory"
"xengnttab"
"xenguest"
"xenhypfs"
"xenlight"
"xenstat"
"xenstore"
"xentoolcore"
"xentoollog"
"xenvchan"
"xlutil"
];
};
};
};
meta = {
inherit branch;
description = "Type-1 hypervisor intended for embedded and hyperscale use cases";
longDescription =
''
The Xen Project Hypervisor is a virtualisation technology defined as a *type-1
hypervisor*, which allows multiple virtual machines, known as domains, to run
concurrently with the host on the physical machine. On a typical *type-2
hypervisor*, the virtual machines run as applications on top of the
host. NixOS runs as the privileged **Domain 0**, and can paravirtualise or fully
virtualise **Unprivileged Domains**.
Use with the `qemu_xen` package.
''
# Then, if any of the optional with* components are being built, add the "Includes:" string.
+ optionalString (withEFI || withFlask) (
"\nIncludes:"
# Originally, this was a call for the complicated withPrefetchedSources. Since there aren't
# that many optional components, we just use lib.strings.optionalString, because it's simpler.
# Optional components that aren't being built are automatically hidden.
+ optionalString withEFI "\n* `xen.efi`: The Xen Project's [EFI binary](https://xenbits.xenproject.org/docs/${branch}-testing/misc/efi.html), available on the `boot` output of this package."
+ optionalString withFlask "\n* `xsm-flask`: The [FLASK Xen Security Module](https://wiki.xenproject.org/wiki/Xen_Security_Modules_:_XSM-FLASK). The `xenpolicy-${version}` file is available on the `boot` output of this package."
+ optionalString withSeaBIOS "\n* `seabios`: Support for the SeaBIOS boot firmware on HVM domains."
+ optionalString withOVMF "\n* `ovmf`: Support for the OVMF UEFI boot firmware on HVM domains."
+ optionalString withIPXE "\n* `ipxe`: Support for the iPXE boot firmware on HVM domains."
)
# Finally, we write a notice explaining which vulnerabilities this Xen is NOT vulnerable to.
# This will hopefully give users the peace of mind that their Xen is secure, without needing
# to search the source code for the XSA patches.
+ optionalString (writeAdvisoryDescription != [ ]) (
"\n\nThis Xen Project Hypervisor (${version}) has been patched against the following known security vulnerabilities:\n"
+ removeSuffix "\n" (concatLines writeAdvisoryDescription)
);
homepage = "https://xenproject.org/";
downloadPage = "https://downloads.xenproject.org/release/xen/${version}/";
changelog = "https://wiki.xenproject.org/wiki/Xen_Project_${branch}_Release_Notes";
license = [
# Documentation.
cc-by-40
# Most of Xen is licensed under the GPL v2.0.
gpl2Only
# Xen Libraries and the `xl` command-line utility.
lgpl21Only
# Development headers in $dev/include.
mit
];
maintainers = teams.xen.members;
knownVulnerabilities = optional (versionOlder version minSupportedVersion) "The Xen Project Hypervisor version ${version} is no longer supported by the Xen Project Security Team. See https://xenbits.xenproject.org/docs/unstable/support-matrix.html";
mainProgram = "xl";
#TODO: Migrate meta.platforms to the new lib.systems.inspect.patterns.* format.
platforms = linux;
badPlatforms = aarch64;
} // meta;
})

10
pkgs/applications/virtualization/xen/generic/patches.nix → pkgs/build-support/xen/patches.nix
View File

@ -6,6 +6,9 @@
{ lib, fetchpatch }:
let
inherit (builtins) concatStringsSep;
inherit (lib.strings) optionalString concatMapStrings;
xsaPatch =
{
id,
@ -16,8 +19,7 @@ let
cve ? null,
}:
(fetchpatch {
name =
"XSA-" + id + lib.strings.optionalString (cve != null) ("-" + builtins.concatStringsSep "+" cve);
name = "XSA-" + id + optionalString (cve != null) ("-" + concatStringsSep "+" cve);
url = "https://xenbits.xen.org/xsa/xsa${id}.patch";
inherit hash;
passthru = {
@ -37,9 +39,7 @@ let
" _No CVE was assigned to this XSA._"
else
" Fixes:${
lib.strings.concatMapStrings (
x: "\n * [" + x + "](https://www.cve.org/CVERecord?id=" + x + ")"
) cve
concatMapStrings (x: "\n * [" + x + "](https://www.cve.org/CVERecord?id=" + x + ")") cve
}"
);
homepage = "https://xenbits.xenproject.org/xsa/advisory-${id}.html";

0
pkgs/development/tools/amqpcat/default.nix → pkgs/by-name/am/amqpcat/package.nix
View File

0
pkgs/development/tools/amqpcat/shards.nix → pkgs/by-name/am/amqpcat/shards.nix
View File

0
pkgs/development/tools/bingo/default.nix → pkgs/by-name/bi/bingo/package.nix
View File

4
pkgs/by-name/bi/bitrise/package.nix
View File

@ -6,13 +6,13 @@
}:
buildGoModule rec {
pname = "bitrise";
version = "2.21.0";
version = "2.22.0";
src = fetchFromGitHub {
owner = "bitrise-io";
repo = "bitrise";
rev = version;
hash = "sha256-BVOvBNn4m9aes+g02moYt91KLTQEcsPPJTeAzA4I854=";
hash = "sha256-eXXH+KKLayX4ZTs76MOqLw2/IeMgiWuh27Ocb0CGhgE=";
};
# many tests rely on writable $HOME/.bitrise and require network access

10
pkgs/by-name/co/codeium/package.nix
View File

@ -13,10 +13,10 @@ let
}.${system} or throwSystem;
hash = {
x86_64-linux = "sha256-/m+t4abPgVWeGpfDkPm5DGCIXm1LoM5znHfES9lotAo=";
aarch64-linux = "sha256-0kR799yuxSFmyedJ14f5/EqOiFHs9cWjeJKvDIpIRl0=";
x86_64-darwin = "sha256-7Go5qZVAe2UHn547HZG4fmh84iF2r15+0IIlJK72Fqg=";
aarch64-darwin = "sha256-fe4GrgLRr66Qmme3p0X5BEwvKZhqG1aiE8xs5A1Dt6E=";
x86_64-linux = "sha256-CQQ2GFy8eEaZkbnuCvBgSRMlwrEfqvM+dF1jlr6b7hk=";
aarch64-linux = "sha256-LGGZZmVVO1ZhKXfU1F9SC2pGEZOqbf/hxmBMex4ll1o=";
x86_64-darwin = "sha256-+pReEaZyi3o/ftaglOUNHoal9PShfj0gSJ2B3cg2Pa0=";
aarch64-darwin = "sha256-0l6YlL9CSypRCzbxTOpC9fx2blgu5uelYCo85koJUdA=";
}.${system} or throwSystem;
bin = "$out/bin/codeium_language_server";
@ -24,7 +24,7 @@ let
in
stdenv.mkDerivation (finalAttrs: {
pname = "codeium";
version = "1.16.18";
version = "1.20.4";
src = fetchurl {
name = "${finalAttrs.pname}-${finalAttrs.version}.gz";
url = "https://github.com/Exafunction/codeium/releases/download/language-server-v${finalAttrs.version}/language_server_${plat}.gz";

6
pkgs/by-name/da/databricks-cli/package.nix
View File

@ -8,16 +8,16 @@
buildGoModule rec {
pname = "databricks-cli";
version = "0.228.1";
version = "0.229.0";
src = fetchFromGitHub {
owner = "databricks";
repo = "cli";
rev = "v${version}";
hash = "sha256-zQ39PwVjyxOTo6P+RA4F20/28loMbu3Bprd4C3jgu5A=";
hash = "sha256-ap2IypBPFV4yJVXRS8zSXC0kW/QKpOvFS9Cod0pSlG0=";
};
vendorHash = "sha256-SOeVIwMbx1eRzBvyfT3aaJOL7BCb745yezn1QYrf5vU=";
vendorHash = "sha256-yCwevuivIHZ0dns9QljiKvwws4cFknIydvfjs4Jib3s=";
excludedPackages = [ "bundle/internal" ];

56
pkgs/by-name/di/dillo-plus/package.nix Normal file
View File

@ -0,0 +1,56 @@
{
lib,
stdenv,
fetchFromGitHub,
fltk,
giflib,
libjpeg,
libpng,
libXdmcp,
openssl,
pkg-config,
wget,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "dillo-plus";
version = "3.3.0";
src = fetchFromGitHub {
owner = "crossbowerbt";
repo = "dillo-plus";
rev = "v${finalAttrs.version}";
hash = "sha256-NLerc1GXTdzuGVshXn7faK4vOu7wDVMiQNTljOF7OhA=";
};
nativeBuildInputs = [
pkg-config
];
buildInputs = [
fltk
giflib
libjpeg
libpng
libXdmcp
openssl
];
strictDeps = true;
makeFlags = [
"PREFIX=$(out)"
"DOWNLOADER_TOOL=${lib.getExe wget}"
"INSTALL=install"
];
meta = {
description = "Lightweight web browser based on Dillo but with many improvements, such as: support for http, https, gemini, gopher, epub, reader mode and more";
homepage = "https://github.com/crossbowerbt/dillo-plus";
changelog = "https://github.com/crossbowerbt/dillo-plus/blob/main/ChangeLog";
license = lib.licenses.gpl3Plus;
maintainers = with lib.maintainers; [ fgaz ];
mainProgram = "dillo";
platforms = lib.platforms.all;
};
})

66
pkgs/by-name/di/dillong/package.nix
View File

@ -1,66 +0,0 @@
{
lib,
autoreconfHook,
fetchFromGitHub,
fltk,
mbedtls_2,
pkg-config,
stdenv,
which,
}:
stdenv.mkDerivation {
pname = "dillong";
version = "0-unstable-2021-12-13";
src = fetchFromGitHub {
owner = "w00fpack";
repo = "dilloNG";
rev = "2804e6e9074b840de3084abb80473983f8e49f5b";
hash = "sha256-JSBd8Lgw3I20Es/jQHBtybnLd0iAcs16TqOrOxGPGiU=";
};
nativeBuildInputs = [
autoreconfHook
fltk
pkg-config
which
];
buildInputs = [
fltk
mbedtls_2
];
outputs = [ "out" "doc" "man" ];
configureFlags = [
(lib.enableFeature true "ssl")
];
strictDeps = true;
# Workaround build failure on -fno-common toolchains:
# ld: main.o:/build/dillo-3.0.5/dpid/dpid.h:64: multiple definition of `sock_set';
# dpid.o:/build/dillo-3.0.5/dpid/dpid.h:64: first defined here
env.NIX_CFLAGS_COMPILE = "-fcommon";
# The start_page and home settings refer to /usr.
# We can't change /usr to $out because dillorc is copied to the home directory
# on first launch, so the paths would quickly become outdated.
# So we just comment them out, and let dillong use the defaults.
postPatch = ''
substituteInPlace dillorc \
--replace "start_page=" "#start_page=" \
--replace "home=" "#home="
'';
meta = {
homepage = "https://github.com/w00fpack/dilloNG";
description = "Fork of Dillo, a lightweight web browser";
license = lib.licenses.gpl3Plus;
mainProgram = "dillo";
maintainers = with lib.maintainers; [ fgaz ];
platforms = lib.platforms.linux;
};
}

4
pkgs/by-name/do/doublecmd/package.nix
View File

@ -13,13 +13,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "doublecmd";
version = "1.1.18";
version = "1.1.19";
src = fetchFromGitHub {
owner = "doublecmd";
repo = "doublecmd";
rev = "v${finalAttrs.version}";
hash = "sha256-1lmDmtvkLMLxvF6ZTOShr5fsYN++Jm6+ngzgFyNjFn4=";
hash = "sha256-3OHlC6+oHB1xW2uYFeQn3paJDvo2PZytdzv98G/qqmg=";
};
nativeBuildInputs = [

0
pkgs/tools/audio/dsp/default.nix → pkgs/by-name/ds/dsp/package.nix
View File

4
pkgs/by-name/ec/ecapture/package.nix
View File

@ -20,13 +20,13 @@
buildGoModule rec {
pname = "ecapture";
version = "0.8.6";
version = "0.8.7";
src = fetchFromGitHub {
owner = "gojue";
repo = "ecapture";
rev = "refs/tags/v${version}";
hash = "sha256-xnUgsnz3zUkuLwqgdogEWQh0GMEmS/qmDqqmEQlHhfQ=";
hash = "sha256-tkWbX/RGx+SbJn+vqPTgyStBwdhldd5hGuRj8wTwY9M=";
fetchSubmodules = true;
};

6
pkgs/by-name/go/go-ethereum/package.nix
View File

@ -9,17 +9,17 @@ let
in buildGoModule rec {
pname = "go-ethereum";
version = "1.14.9";
version = "1.14.11";
src = fetchFromGitHub {
owner = "ethereum";
repo = pname;
rev = "v${version}";
hash = "sha256-W0wHQMvbQJC3PdCZLVpE3cTasii/CkF+gdVOV2MX2Mo=";
hash = "sha256-y4tUV5TGhvvaLTukT0jVhoBWxXQlDFVKHScQC8Ytl/A=";
};
proxyVendor = true;
vendorHash = "sha256-Fxl8fisdCH0nlUFOS5NLMnvfpqIhlTd6/BbR+qIzlKQ=";
vendorHash = "sha256-xPFTvzsHMWVyeAt7m++6v2l8m5ZvnLaIDGki/TWe5kU=";
doCheck = false;

0
pkgs/development/compilers/go-jsonnet/default.nix → pkgs/by-name/go/go-jsonnet/package.nix
View File

0
pkgs/development/tools/gojq/default.nix → pkgs/by-name/go/gojq/package.nix
View File

4
pkgs/by-name/gr/graphite-cli/package-lock.json generated
View File

@ -1,12 +1,12 @@
{
"name": "@withgraphite/graphite-cli",
"version": "1.4.5",
"version": "1.4.6",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "@withgraphite/graphite-cli",
"version": "1.4.5",
"version": "1.4.6",
"hasInstallScript": true,
"license": "None",
"dependencies": {

6
pkgs/by-name/gr/graphite-cli/package.nix
View File

@ -7,14 +7,14 @@
buildNpmPackage rec {
pname = "graphite-cli";
version = "1.4.5";
version = "1.4.6";
src = fetchurl {
url = "https://registry.npmjs.org/@withgraphite/graphite-cli/-/graphite-cli-${version}.tgz";
hash = "sha256-ftTJPI3h/v2W3t5CQHn0CdHTYcDeoOdGjfJcRZi58Bc=";
hash = "sha256-RXVGy46DL+fxXIErCssspLeSh/iySLTzUCqQY2YNEVc=";
};
npmDepsHash = "sha256-jXrH8HltxnIU/TIllYZyUueqCEI3Q9rhUY1tzHvXvSE=";
npmDepsHash = "sha256-I5WXcdDWBbfc+y7Tdh6UCi/WfHvHx75OAqtQsXujzSM=";
postPatch = ''
ln -s ${./package-lock.json} package-lock.json

6
pkgs/by-name/hy/hydra/package.nix
View File

@ -124,13 +124,13 @@ let
in
stdenv.mkDerivation (finalAttrs: {
pname = "hydra";
version = "0-unstable-2024-09-20";
version = "0-unstable-2024-09-24";
src = fetchFromGitHub {
owner = "NixOS";
repo = "hydra";
rev = "44248d3cf4162944ec2e6a45f8cc058758bf5a86";
hash = "sha256-WJ7M/1a8j5gRJJVzCJL6JrkGPckD5ZhKzTlmiKNdtm0=";
rev = "95003f2eb503f71979856470c7caea946f1ae7f0";
hash = "sha256-6FI0QIkMAL35J8mzAiAntCsFbMMZBuOBpKuDIctflaA=";
};
buildInputs = [

7
pkgs/by-name/ka/katawa-shoujo-re-engineered/package.nix
View File

@ -6,10 +6,11 @@
copyDesktopItems,
makeWrapper,
renpy,
nix-update-script,
}:
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "katawa-shoujo-re-engineered";
version = "1.4.7";
version = "1.4.8";
src = fetchFromGitea {
# GitHub mirror at fleetingheart/ksre
@ -17,7 +18,7 @@ stdenvNoCC.mkDerivation (finalAttrs: {
owner = "fhs";
repo = "katawa-shoujo-re-engineered";
rev = "v${finalAttrs.version}";
hash = "sha256-E+2G47vWA7o4bFWttoMDfPjAG32K8FDv+OluMjzPDQw=";
hash = "sha256-y128bnRZtW5DgiP43OAnkhhq3f5F88jUl1Bku6wef+w=";
};
desktopItems = [
@ -49,6 +50,8 @@ stdenvNoCC.mkDerivation (finalAttrs: {
runHook postInstall
'';
passthru.updateScript = nix-update-script { };
meta = {
description = "Fan-made modernization of the classic visual novel Katawa Shoujo";
homepage = "https://www.fhs.sh/projects";

47
pkgs/by-name/kc/kconf/package.nix Normal file
View File

@ -0,0 +1,47 @@
{
lib,
buildGoModule,
fetchFromGitHub,
installShellFiles,
stdenv,
}:
buildGoModule rec {
pname = "kconf";
version = "2.0.0";
src = fetchFromGitHub {
owner = "particledecay";
repo = "kconf";
rev = "v${version}";
sha256 = "sha256-bLyLXkXOZRFaplv5sY0TgFffvbA3RUwz6b+7h3MN7kA=";
};
vendorHash = "sha256-REguLiYlcC2Q6ao2oMl92/cznW+E8MO2UGhQKRXZ1vQ=";
ldflags = [
"-s"
"-w"
"-X github.com/particledecay/kconf/build.Version=${version}"
];
nativeBuildInputs = [ installShellFiles ];
postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
installShellCompletion --cmd kconf \
--bash <($out/bin/kconf completion bash) \
--fish <($out/bin/kconf completion fish) \
--zsh <($out/bin/kconf completion zsh)
'';
meta = with lib; {
description = "Opinionated command line tool for managing multiple kubeconfigs";
mainProgram = "kconf";
homepage = "https://github.com/particledecay/kconf";
license = licenses.mit;
maintainers = with maintainers; [
thmzlt
sailord
vinetos
];
};
}

19
pkgs/by-name/ke/keep-sorted/package.nix
View File

@ -1,25 +1,26 @@
{ lib
, buildGoModule
, fetchFromGitHub
, nix-update-script
{
lib,
buildGo123Module,
fetchFromGitHub,
nix-update-script,
}:
buildGoModule rec {
buildGo123Module rec {
pname = "keep-sorted";
version = "0.4.0";
version = "0.5.0";
src = fetchFromGitHub {
owner = "google";
repo = "keep-sorted";
rev = "v${version}";
hash = "sha256-yeps+StUA7h12Jlra24Po2zNzjIPNIQCOyWLazC8F8M=";
hash = "sha256-jqSb/lcdeQMa1XpzaopDBbkKymp+HubLeAx3d6x5pns=";
};
vendorHash = "sha256-tPTWWvr+/8wWUnQcI4Ycco2OEgA2mDQt15OGCk/ZjrQ=";
vendorHash = "sha256-HTE9vfjRmi5GpMue7lUfd0jmssPgSOljbfPbya4uGsc=";
CGO_ENABLED = "0";
ldfags = [ "-s" "-w" ];
ldflags = [ "-s" ];
checkFlags = [
# Test tries to find files using git

6
pkgs/by-name/ku/kubectl-gadget/package.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "kubectl-gadget";
version = "0.32.0";
version = "0.33.0";
src = fetchFromGitHub {
owner = "inspektor-gadget";
repo = "inspektor-gadget";
rev = "v${version}";
hash = "sha256-c6hy7B8zaU/LnTMAohc9KPzu1ocOVFJ9wL4GOIwxqkw=";
hash = "sha256-bPpjaJcMX9kv+9p6trHKXJ2kj78zhGYdHnXnfYW3WcY=";
};
vendorHash = "sha256-7HfYCHxQUapDo33IAzxCp2iaL4G7oOqK0KyjqbmbR/w=";
vendorHash = "sha256-kYMckPdnS3rkuzRPEflRholHW2zfXyDomTb93J5z0aI=";
CGO_ENABLED = 0;

16
pkgs/by-name/la/lazyjj/package.nix
View File

@ -6,35 +6,25 @@
rustPlatform,
testers,
lazyjj,
fetchpatch,
}:
rustPlatform.buildRustPackage rec {
pname = "lazyjj";
version = "0.3.1";
version = "0.4.0";
src = fetchFromGitHub {
owner = "Cretezy";
repo = "lazyjj";
rev = "v${version}";
hash = "sha256-VlGmOdF/XsrZ/9vQ14UuK96LIK8NIkPZk4G4mbS8brg=";
hash = "sha256-aglLPEps88D15iv3toNnhRC06gTuM6ITnvZDJg17u6M=";
};
cargoHash = "sha256-TAq9FufGsNVsmqCE41REltYRSSLihWJwTMoj0bTxdFc=";
cargoHash = "sha256-P5k7C18PP9/y5P5kKWpQcMnT4BeYpFT6IH+M1AgGaPw=";
postInstall = ''
wrapProgram $out/bin/lazyjj \
--prefix PATH : ${lib.makeBinPath [ jujutsu ]}
'';
patches = [
# https://github.com/Cretezy/lazyjj/pull/61
(fetchpatch {
name = "adapt_test_traces_to_jj_0.22.0.patch";
url = "https://github.com/Cretezy/lazyjj/commit/d5e949fb0e62bc93969c27011963582e12bbe3f6.patch";
hash = "sha256-u+IMLW4iZxMmpa+dwggMfQ4E7ygc0T4I6lvzBcPJT3s=";
})
];
nativeBuildInputs = [ makeWrapper ];
nativeCheckInputs = [ jujutsu ];

6
pkgs/by-name/li/libvmi/package.nix
View File

@ -19,7 +19,7 @@
libkvmi,
xenSupport ? true,
xen-slim,
xen,
}:
let
@ -58,7 +58,7 @@ stdenv.mkDerivation {
json_c
libvirt
]
++ lib.optionals xenSupport [ xen-slim ]
++ lib.optionals xenSupport [ xen ]
++ lib.optionals (!legacyKVM) [ libkvmi ]
++ lib.optionals withVMIFS [ fuse ];
@ -71,7 +71,7 @@ stdenv.mkDerivation {
postFixup = lib.optionalString xenSupport ''
libvmi="$lib/lib/libvmi.so.${libVersion}"
oldrpath=$(patchelf --print-rpath "$libvmi")
patchelf --set-rpath "$oldrpath:${lib.makeLibraryPath [ xen-slim ]}" "$libvmi"
patchelf --set-rpath "$oldrpath:${lib.makeLibraryPath [ xen ]}" "$libvmi"
'';
passthru = {

4
pkgs/by-name/li/limine/package.nix
View File

@ -18,7 +18,7 @@ let
llvmPackages = llvmPackages_18;
stdenv = llvmPackages.stdenv;
version = "8.0.13";
version = "8.0.14";
hasI686 =
(if targets == [ ] then stdenv.hostPlatform.isx86_32 else (builtins.elem "i686" targets))
@ -64,7 +64,7 @@ stdenv.mkDerivation {
# Packaging that in Nix is very cumbersome.
src = fetchurl {
url = "https://github.com/limine-bootloader/limine/releases/download/v${version}/limine-${version}.tar.gz";
hash = "sha256-pg0tAn4YlfEzpyxb9QAAR0PApYmtnafMbIXfhHw+w3k=";
hash = "sha256-tj8wFUFveGp10Ls4xWIqqdY6fUHWy3jxsVeJRTz7/9Q=";
};
hardeningDisable = [

14
pkgs/by-name/lo/localsend/package.nix
View File

@ -3,7 +3,7 @@
stdenv,
fetchurl,
fetchFromGitHub,
flutter313,
flutter324,
makeDesktopItem,
nixosTests,
pkg-config,
@ -16,14 +16,15 @@ let
pname = "localsend";
version = "1.15.4";
linux = flutter313.buildFlutterApplication rec {
inherit pname version;
linux = flutter324.buildFlutterApplication rec {
inherit pname;
version = "1.15.4-unstable-2024-09-25";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "v${version}";
hash = "sha256-kfqLYe15NIRH12+AastWkLBk4L0MKEV5XZ/klE+pK7g=";
rev = "61f3ffdb8dd8b1116ced2e7b585f2f6662ce7d5f";
hash = "sha256-s7cR5ty8bygOCzHbLwNTBNlhlQ+2y25/ijlNqWYrqVw=";
};
sourceRoot = "${src.name}/app";
@ -31,8 +32,7 @@ let
pubspecLock = lib.importJSON ./pubspec.lock.json;
gitHashes = {
"permission_handler_windows" = "sha256-a7bN7/A65xsvnQGXUvZCfKGtslbNWEwTWR8fAIjMwS0=";
"tray_manager" = "sha256-eF14JGf5jclsKdXfCE7Rcvp72iuWd9wuSZ8Bej17tjg=";
"permission_handler_windows" = "sha256-+TP3neqlQRZnW6BxHaXr2EbmdITIx1Yo7AEn5iwAhwM=";
};
nativeBuildInputs = [ pkg-config ];

672
pkgs/by-name/lo/localsend/pubspec.lock.json
View File

File diff suppressed because it is too large Load Diff

8
pkgs/by-name/ma/maa-assistant-arknights/pin.json
View File

@ -1,10 +1,10 @@
{
"stable": {
"version": "5.6.2",
"hash": "sha256-vnCHIKYMvMJPGjQdtGsVwZCEb1eId83yIemSnSuG0DU="
"version": "5.7.0",
"hash": "sha256-OLhoy18/y6Z5KjjbJiQ3r2ZeOBtn62paDu4aNYL3n0w="
},
"beta": {
"version": "5.7.0-beta.1",
"hash": "sha256-FFIL4HZtZaao90SefWeGWr016lqMoDVfRSaFt91q4Zk="
"version": "5.7.0",
"hash": "sha256-OLhoy18/y6Z5KjjbJiQ3r2ZeOBtn62paDu4aNYL3n0w="
}
}

6
pkgs/by-name/md/mdbook-alerts/package.nix
View File

@ -7,7 +7,7 @@
CoreServices ? darwin.apple_sdk.frameworks.CoreServices,
}:
let
version = "0.6.6";
version = "0.6.7";
in
rustPlatform.buildRustPackage {
pname = "mdbook-alerts";
@ -17,10 +17,10 @@ rustPlatform.buildRustPackage {
owner = "lambdalisue";
repo = "rs-mdbook-alerts";
rev = "v${version}";
hash = "sha256-npPQU53l/VtTH23YYT6SOa11eUPNcA96al06S5HNNFE=";
hash = "sha256-H3xpaluEUYWuP+JR4Zx8zs/EqeEZPiBa2wcaAtPdvGY=";
};
cargoHash = "sha256-1wumxZoNr1QIit+KjgioG5WlSLSsWfcisChUEISoGQE=";
cargoHash = "sha256-epnhKGvKN/iHcI77wEJlq7A5S2CkVRoPFTD+fGp1BH8=";
buildInputs = lib.optionals stdenv.hostPlatform.isDarwin [ CoreServices ];

15
pkgs/by-name/nw/nwg-hello/package.nix
View File

@ -9,13 +9,14 @@
python3Packages.buildPythonApplication rec {
pname = "nwg-hello";
version = "0.2.2";
version = "0.2.4";
pyproject = true;
src = fetchFromGitHub {
owner = "nwg-piotr";
repo = "nwg-hello";
rev = "refs/tags/v${version}";
hash = "sha256-czvKUuSAGEqtjIcIW9mm/LlUsvkGknHbwuXJw5YGT5A=";
hash = "sha256-WE6jtVZfsWJREZghU93v8EAq16MiERYnq3Y0g2caYPs=";
};
nativeBuildInputs = [
@ -28,7 +29,9 @@ python3Packages.buildPythonApplication rec {
gtk-layer-shell
];
propagatedBuildInputs = [
build-system = [ python3Packages.setuptools ];
dependencies = [
python3Packages.pygobject3
];
@ -52,6 +55,12 @@ python3Packages.buildPythonApplication rec {
install -D -m 644 -t "$out/share/nwg-hello/" img/*
'';
dontWrapGApps = true;
preFixup = ''
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
# Upstream has no tests
doCheck = false;
pythonImportsCheck = [ "nwg_hello" ];

4
pkgs/tools/security/oath-toolkit/default.nix → pkgs/by-name/oa/oath-toolkit/package.nix
View File

@ -8,11 +8,11 @@ let
in stdenv.mkDerivation rec {
pname = "oath-toolkit";
version = "2.6.11";
version = "2.6.12";
src = fetchurl {
url = "mirror://savannah/${pname}/${pname}-${version}.tar.gz";
sha256 = "sha256-/FEqSltG9MQ6sFhsMYn+zk1U9+ZJOX1voeI0KEMeLLQ=";
hash = "sha256-yv33ObHsSydkQcau2uZBFDS72HAHH2YVS5CcxuLZ6Lo=";
};
buildInputs = [ securityDependency ];

7
pkgs/by-name/op/open-webui/package.nix
View File

@ -7,19 +7,19 @@
}:
let
pname = "open-webui";
version = "0.3.30";
version = "0.3.32";
src = fetchFromGitHub {
owner = "open-webui";
repo = "open-webui";
rev = "refs/tags/v${version}";
hash = "sha256-zGgCISGpna9L8Eqze0WWagIx26DwhLpeOLCVslpcJ08=";
hash = "sha256-XpPaMGn+JA3Rq+Eb97IGWMLAR+0pI+ZJRxOTmxIMPZg=";
};
frontend = buildNpmPackage {
inherit pname version src;
npmDepsHash = "sha256-508AjFAzQvWPkn+kMv/YQUeG0jikZJJxNkFqfkKi9Ks=";
npmDepsHash = "sha256-tAPI/H5/lv+RuDZ68lL/cZHcOs8H6ZxXSwiFvkp0y4A=";
# Disabling `pyodide:fetch` as it downloads packages during `buildPhase`
# Until this is solved, running python packages from the browser will not work.
@ -87,6 +87,7 @@ python3.pkgs.buildPythonApplication rec {
flask
flask-cors
fpdf2
ftfy
google-generativeai
langchain
langchain-chroma

Some files were not shown because too many files have changed in this diff Show More