nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-02-14 08:04:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge master into staging-next

Browse Source
This commit is contained in:
github-actions[bot] 2024-08-16 18:01:20 +00:00 committed by GitHub
commit e3f70c2ecf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
156 changed files with 8078 additions and 1310 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/using/overrides.chapter.md
View File

@ -40,6 +40,13 @@ import pkgs.path { overlays = [ (self: super: {
In the first example, `pkgs.foo` is the result of a function call with some default arguments, usually a derivation. Using `pkgs.foo.override` will call the same function with the given new arguments.
Many packages, like the `foo` example above, provide package options with default values in their arguments, to facilitate overriding.
Because it's not usually feasible to test that packages build with all combinations of options, you might find that a package doesn't build if you override options to non-default values.
Package maintainers are not expected to fix arbitrary combinations of options.
If you find that something doesn't work, please submit a fix, ideally with a regression test.
If you want to ensure that things keep working, consider [becoming a maintainer](https://github.com/NixOS/nixpkgs/tree/master/maintainers) for the package.
## <pkg>.overrideAttrs {#sec-pkg-overrideAttrs}
The function `overrideAttrs` allows overriding the attribute set passed to a `stdenv.mkDerivation` call, producing a new derivation based on the original one. This function is available on all derivations produced by the `stdenv.mkDerivation` function, which is most packages in the nixpkgs expression `pkgs`.

2
nixos/doc/manual/release-notes/rl-2411.section.md
View File

@ -338,6 +338,8 @@
- `nixosTests` now provide a working IPv6 setup for VLAN 1 by default.
- Kanidm can now be provisioned using the new [`services.kanidm.provision`] option, but requires using a patched version available via `pkgs.kanidm.withSecretProvisioning`.
- To facilitate dependency injection, the `imgui` package now builds a static archive using vcpkg' CMake rules.
The derivation now installs "impl" headers selectively instead of by a wildcard.
Use `imgui.src` if you just want to access the unpacked sources.

26
nixos/modules/services/desktops/pipewire/pipewire.nix
View File

@ -410,8 +410,30 @@ in {
networking.firewall.allowedUDPPorts = mkIf cfg.raopOpenFirewall [ 6001 6002 ];
users = mkIf cfg.systemWide {
users.pipewire = {
# See https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/master/src/modules/module-rt/25-pw-rlimits.conf.in
security.pam.loginLimits = [
{
domain = "@pipewire";
item = "rtprio";
type = "-";
value = 95;
}
{
domain = "@pipewire";
item = "nice";
type = "-";
value = -19;
}
{
domain = "@pipewire";
item = "memlock";
type = "-";
value = 4194304;
}
];
users = {
users.pipewire = mkIf cfg.systemWide {
uid = config.ids.uids.pipewire;
group = "pipewire";
extraGroups = [

3
nixos/modules/services/networking/iperf3.nix
View File

@ -4,6 +4,7 @@ let
api = {
enable = mkEnableOption "iperf3 network throughput testing server";
package = mkPackageOption pkgs "iperf3" { };
port = mkOption {
type = types.ints.u16;
default = 5201;
@ -76,7 +77,7 @@ let
CapabilityBoundingSet = "";
NoNewPrivileges = true;
ExecStart = ''
${pkgs.iperf3}/bin/iperf \
${lib.getExe cfg.package} \
--server \
--port ${toString cfg.port} \
${optionalString (cfg.affinity != null) "--affinity ${toString cfg.affinity}"} \

414
nixos/modules/services/security/kanidm.nix
View File

@ -62,6 +62,94 @@ let
#UMask = "0066";
};
mkPresentOption = what:
lib.mkOption {
description = "Whether to ensure that this ${what} is present or absent.";
type = lib.types.bool;
default = true;
};
filterPresent = lib.filterAttrs (_: v: v.present);
provisionStateJson = pkgs.writeText "provision-state.json" (builtins.toJSON {
inherit (cfg.provision) groups persons systems;
});
# Only recover the admin account if a password should explicitly be provisioned
# for the account. Otherwise it is not needed for provisioning.
maybeRecoverAdmin = lib.optionalString (cfg.provision.adminPasswordFile != null) ''
KANIDM_ADMIN_PASSWORD=$(< ${cfg.provision.adminPasswordFile})
# We always reset the admin account password if a desired password was specified.
if ! KANIDM_RECOVER_ACCOUNT_PASSWORD=$KANIDM_ADMIN_PASSWORD ${cfg.package}/bin/kanidmd recover-account -c ${serverConfigFile} admin --from-environment >/dev/null; then
echo "Failed to recover admin account" >&2
exit 1
fi
'';
# Recover the idm_admin account. If a password should explicitly be provisioned
# for the account we set it, otherwise we generate a new one because it is required
# for provisioning.
recoverIdmAdmin = if cfg.provision.idmAdminPasswordFile != null
then ''
KANIDM_IDM_ADMIN_PASSWORD=$(< ${cfg.provision.idmAdminPasswordFile})
# We always reset the idm_admin account password if a desired password was specified.
if ! KANIDM_RECOVER_ACCOUNT_PASSWORD=$KANIDM_IDM_ADMIN_PASSWORD ${cfg.package}/bin/kanidmd recover-account -c ${serverConfigFile} idm_admin --from-environment >/dev/null; then
echo "Failed to recover idm_admin account" >&2
exit 1
fi
''
else ''
# Recover idm_admin account
if ! recover_out=$(${cfg.package}/bin/kanidmd recover-account -c ${serverConfigFile} idm_admin -o json); then
echo "$recover_out" >&2
echo "kanidm provision: Failed to recover admin account" >&2
exit 1
fi
if ! KANIDM_IDM_ADMIN_PASSWORD=$(grep '{"password' <<< "$recover_out" | ${lib.getExe pkgs.jq} -r .password); then
echo "$recover_out" >&2
echo "kanidm provision: Failed to parse password for idm_admin account" >&2
exit 1
fi
'';
postStartScript = pkgs.writeShellScript "post-start" ''
set -euo pipefail
# Wait for the kanidm server to come online
count=0
while ! ${lib.getExe pkgs.curl} -L --silent --max-time 1 --connect-timeout 1 --fail \
${lib.optionalString cfg.provision.acceptInvalidCerts "--insecure"} \
${cfg.provision.instanceUrl} >/dev/null
do
sleep 1
if [[ "$count" -eq 30 ]]; then
echo "Tried for at least 30 seconds, giving up..."
exit 1
fi
count=$((count++))
done
${recoverIdmAdmin}
${maybeRecoverAdmin}
KANIDM_PROVISION_IDM_ADMIN_TOKEN=$KANIDM_IDM_ADMIN_PASSWORD \
${lib.getExe pkgs.kanidm-provision} \
${lib.optionalString (!cfg.provision.autoRemove) "--no-auto-remove"} \
${lib.optionalString cfg.provision.acceptInvalidCerts "--accept-invalid-certs"} \
--url "${cfg.provision.instanceUrl}" \
--state ${provisionStateJson}
'';
serverPort =
# ipv6:
if lib.hasInfix "]:" cfg.serverSettings.bindaddress
then lib.last (lib.splitString "]:" cfg.serverSettings.bindaddress)
else
# ipv4:
if lib.hasInfix "." cfg.serverSettings.bindaddress
then lib.last (lib.splitString ":" cfg.serverSettings.bindaddress)
# default is 8443
else "8443";
in
{
options.services.kanidm = {
@ -207,10 +295,267 @@ in
for possible values.
'';
};
provision = {
enable = lib.mkEnableOption "provisioning of groups, users and oauth2 resource servers";
instanceUrl = lib.mkOption {
description = "The instance url to which the provisioning tool should connect.";
default = "https://localhost:${serverPort}";
defaultText = ''"https://localhost:<port from serverSettings.bindaddress>"'';
type = lib.types.str;
};
acceptInvalidCerts = lib.mkOption {
description = ''
Whether to allow invalid certificates when provisioning the target instance.
By default this is only allowed when the instanceUrl is localhost. This is
dangerous when used with an external URL.
'';
type = lib.types.bool;
default = lib.hasPrefix "https://localhost:" cfg.provision.instanceUrl;
defaultText = ''lib.hasPrefix "https://localhost:" cfg.provision.instanceUrl'';
};
adminPasswordFile = lib.mkOption {
description = "Path to a file containing the admin password for kanidm. Do NOT use a file from the nix store here!";
example = "/run/secrets/kanidm-admin-password";
default = null;
type = lib.types.nullOr lib.types.path;
};
idmAdminPasswordFile = lib.mkOption {
description = ''
Path to a file containing the idm admin password for kanidm. Do NOT use a file from the nix store here!
If this is not given but provisioning is enabled, the idm_admin password will be reset on each restart.
'';
example = "/run/secrets/kanidm-idm-admin-password";
default = null;
type = lib.types.nullOr lib.types.path;
};
autoRemove = lib.mkOption {
description = ''
Determines whether deleting an entity in this provisioning config should automatically
cause them to be removed from kanidm, too. This works because the provisioning tool tracks
all entities it has ever created. If this is set to false, you need to explicitly specify
`present = false` to delete an entity.
'';
type = lib.types.bool;
default = true;
};
groups = lib.mkOption {
description = "Provisioning of kanidm groups";
default = {};
type = lib.types.attrsOf (lib.types.submodule (groupSubmod: {
options = {
present = mkPresentOption "group";
members = lib.mkOption {
description = "List of kanidm entities (persons, groups, ...) which are part of this group.";
type = lib.types.listOf lib.types.str;
apply = lib.unique;
default = [];
};
};
config.members = lib.concatLists (lib.flip lib.mapAttrsToList cfg.provision.persons (person: personCfg:
lib.optional (personCfg.present && builtins.elem groupSubmod.config._module.args.name personCfg.groups) person
));
}));
};
persons = lib.mkOption {
description = "Provisioning of kanidm persons";
default = {};
type = lib.types.attrsOf (lib.types.submodule {
options = {
present = mkPresentOption "person";
displayName = lib.mkOption {
description = "Display name";
type = lib.types.str;
example = "My User";
};
legalName = lib.mkOption {
description = "Full legal name";
type = lib.types.nullOr lib.types.str;
example = "Jane Doe";
default = null;
};
mailAddresses = lib.mkOption {
description = "Mail addresses. First given address is considered the primary address.";
type = lib.types.listOf lib.types.str;
example = ["jane.doe@example.com"];
default = [];
};
groups = lib.mkOption {
description = "List of groups this person should belong to.";
type = lib.types.listOf lib.types.str;
apply = lib.unique;
default = [];
};
};
});
};
systems.oauth2 = lib.mkOption {
description = "Provisioning of oauth2 resource servers";
default = {};
type = lib.types.attrsOf (lib.types.submodule {
options = {
present = mkPresentOption "oauth2 resource server";
public = lib.mkOption {
description = "Whether this is a public client (enforces PKCE, doesn't use a basic secret)";
type = lib.types.bool;
default = false;
};
displayName = lib.mkOption {
description = "Display name";
type = lib.types.str;
example = "Some Service";
};
originUrl = lib.mkOption {
description = "The origin URL of the service. OAuth2 redirects will only be allowed to sites under this origin. Must end with a slash.";
type = lib.types.strMatching ".*://.*/$";
example = "https://someservice.example.com/";
};
originLanding = lib.mkOption {
description = "When redirecting from the Kanidm Apps Listing page, some linked applications may need to land on a specific page to trigger oauth2/oidc interactions.";
type = lib.types.str;
example = "https://someservice.example.com/home";
};
basicSecretFile = lib.mkOption {
description = ''
The basic secret to use for this service. If null, the random secret generated
by kanidm will not be touched. Do NOT use a path from the nix store here!
'';
type = lib.types.nullOr lib.types.path;
example = "/run/secrets/some-oauth2-basic-secret";
default = null;
};
enableLocalhostRedirects = lib.mkOption {
description = "Allow localhost redirects. Only for public clients.";
type = lib.types.bool;
default = false;
};
enableLegacyCrypto = lib.mkOption {
description = "Enable legacy crypto on this client. Allows JWT signing algorthms like RS256.";
type = lib.types.bool;
default = false;
};
allowInsecureClientDisablePkce = lib.mkOption {
description = ''
Disable PKCE on this oauth2 resource server to work around insecure clients
that may not support it. You should request the client to enable PKCE!
Only for non-public clients.
'';
type = lib.types.bool;
default = false;
};
preferShortUsername = lib.mkOption {
description = "Use 'name' instead of 'spn' in the preferred_username claim";
type = lib.types.bool;
default = false;
};
scopeMaps = lib.mkOption {
description = ''
Maps kanidm groups to returned oauth scopes.
See [Scope Relations](https://kanidm.github.io/kanidm/stable/integrations/oauth2.html#scope-relationships) for more information.
'';
type = lib.types.attrsOf (lib.types.listOf lib.types.str);
default = {};
};
supplementaryScopeMaps = lib.mkOption {
description = ''
Maps kanidm groups to additionally returned oauth scopes.
See [Scope Relations](https://kanidm.github.io/kanidm/stable/integrations/oauth2.html#scope-relationships) for more information.
'';
type = lib.types.attrsOf (lib.types.listOf lib.types.str);
default = {};
};
removeOrphanedClaimMaps = lib.mkOption {
description = "Whether claim maps not specified here but present in kanidm should be removed from kanidm.";
type = lib.types.bool;
default = true;
};
claimMaps = lib.mkOption {
description = ''
Adds additional claims (and values) based on which kanidm groups an authenticating party belongs to.
See [Claim Maps](https://kanidm.github.io/kanidm/master/integrations/oauth2.html#custom-claim-maps) for more information.
'';
default = {};
type = lib.types.attrsOf (lib.types.submodule {
options = {
joinType = lib.mkOption {
description = ''
Determines how multiple values are joined to create the claim value.
See [Claim Maps](https://kanidm.github.io/kanidm/master/integrations/oauth2.html#custom-claim-maps) for more information.
'';
type = lib.types.enum ["array" "csv" "ssv"];
default = "array";
};
valuesByGroup = lib.mkOption {
description = "Maps kanidm groups to values for the claim.";
default = {};
type = lib.types.attrsOf (lib.types.listOf lib.types.str);
};
};
});
};
};
});
};
};
};
config = lib.mkIf (cfg.enableClient || cfg.enableServer || cfg.enablePam) {
assertions =
assertions = let
entityList = type: attrs: lib.flip lib.mapAttrsToList (filterPresent attrs) (name: _: { inherit type name; });
entities =
entityList "group" cfg.provision.groups
++ entityList "person" cfg.provision.persons
++ entityList "oauth2" cfg.provision.systems.oauth2;
# Accumulate entities by name. Track corresponding entity types for later duplicate check.
entitiesByName = lib.foldl' (acc: { type, name }:
acc // {
${name} = (acc.${name} or []) ++ [type];
}
) {} entities;
assertGroupsKnown = opt: groups: let
knownGroups = lib.attrNames (filterPresent cfg.provision.groups);
unknownGroups = lib.subtractLists knownGroups groups;
in {
assertion = (cfg.enableServer && cfg.provision.enable) -> unknownGroups == [];
message = "${opt} refers to unknown groups: ${toString unknownGroups}";
};
assertEntitiesKnown = opt: entities: let
unknownEntities = lib.subtractLists (lib.attrNames entitiesByName) entities;
in {
assertion = (cfg.enableServer && cfg.provision.enable) -> unknownEntities == [];
message = "${opt} refers to unknown entities: ${toString unknownEntities}";
};
in
[
{
assertion = !cfg.enableServer || ((cfg.serverSettings.tls_chain or null) == null) || (!lib.isStorePath cfg.serverSettings.tls_chain);
@ -251,7 +596,69 @@ in
the instance it follows.
'';
}
];
{
assertion = cfg.provision.enable -> cfg.enableServer;
message = "<option>services.kanidm.provision</option> requires <option>services.kanidm.enableServer</option> to be true";
}
# If any secret is provisioned, the kanidm package must have some required patches applied to it
{
assertion = (cfg.provision.enable &&
(cfg.provision.adminPasswordFile != null
|| cfg.provision.idmAdminPasswordFile != null
|| lib.any (x: x.basicSecretFile != null) (lib.attrValues (filterPresent cfg.provision.systems.oauth2))
)) -> cfg.package.enableSecretProvisioning;
message = ''
Specifying an admin account password or oauth2 basicSecretFile requires kanidm to be built with the secret provisioning patches.
You may want to set `services.kanidm.package = pkgs.kanidm.withSecretProvisioning;`.
'';
}
# Entity names must be globally unique:
(let
# Filter all names that occurred in more than one entity type.
duplicateNames = lib.filterAttrs (_: v: builtins.length v > 1) entitiesByName;
in {
assertion = cfg.provision.enable -> duplicateNames == {};
message = ''
services.kanidm.provision requires all entity names (group, person, oauth2, ...) to be unique!
${lib.concatLines (lib.mapAttrsToList (name: xs: " - '${name}' used as: ${toString xs}") duplicateNames)}'';
})
]
++ lib.flip lib.mapAttrsToList (filterPresent cfg.provision.persons) (person: personCfg:
assertGroupsKnown "services.kanidm.provision.persons.${person}.groups" personCfg.groups
)
++ lib.flip lib.mapAttrsToList (filterPresent cfg.provision.groups) (group: groupCfg:
assertEntitiesKnown "services.kanidm.provision.groups.${group}.members" groupCfg.members
)
++ lib.concatLists (lib.flip lib.mapAttrsToList (filterPresent cfg.provision.systems.oauth2) (
oauth2: oauth2Cfg:
[
(assertGroupsKnown "services.kanidm.provision.systems.oauth2.${oauth2}.scopeMaps" (lib.attrNames oauth2Cfg.scopeMaps))
(assertGroupsKnown "services.kanidm.provision.systems.oauth2.${oauth2}.supplementaryScopeMaps" (lib.attrNames oauth2Cfg.supplementaryScopeMaps))
]
++ lib.concatLists (lib.flip lib.mapAttrsToList oauth2Cfg.claimMaps (claim: claimCfg: [
(assertGroupsKnown "services.kanidm.provision.systems.oauth2.${oauth2}.claimMaps.${claim}.valuesByGroup" (lib.attrNames claimCfg.valuesByGroup))
# At least one group must map to a value in each claim map
{
assertion = (cfg.provision.enable && cfg.enableServer) -> lib.any (xs: xs != []) (lib.attrValues claimCfg.valuesByGroup);
message = "services.kanidm.provision.systems.oauth2.${oauth2}.claimMaps.${claim} does not specify any values for any group";
}
# Public clients cannot define a basic secret
{
assertion = (cfg.provision.enable && cfg.enableServer && oauth2Cfg.public) -> oauth2Cfg.basicSecretFile == null;
message = "services.kanidm.provision.systems.oauth2.${oauth2} is a public client and thus cannot specify a basic secret";
}
# Public clients cannot disable PKCE
{
assertion = (cfg.provision.enable && cfg.enableServer && oauth2Cfg.public) -> !oauth2Cfg.allowInsecureClientDisablePkce;
message = "services.kanidm.provision.systems.oauth2.${oauth2} is a public client and thus cannot disable PKCE";
}
# Non-public clients cannot enable localhost redirects
{
assertion = (cfg.provision.enable && cfg.enableServer && !oauth2Cfg.public) -> !oauth2Cfg.enableLocalhostRedirects;
message = "services.kanidm.provision.systems.oauth2.${oauth2} is a non-public client and thus cannot enable localhost redirects";
}
]))
));
environment.systemPackages = lib.mkIf cfg.enableClient [ cfg.package ];
@ -277,6 +684,7 @@ in
StateDirectoryMode = "0700";
RuntimeDirectory = "kanidmd";
ExecStart = "${cfg.package}/bin/kanidmd server -c ${serverConfigFile}";
ExecStartPost = lib.mkIf cfg.provision.enable postStartScript;
User = "kanidm";
Group = "kanidm";
@ -419,6 +827,6 @@ in
];
};
meta.maintainers = with lib.maintainers; [ erictapen Flakebi ];
meta.maintainers = with lib.maintainers; [ erictapen Flakebi oddlama ];
meta.buildDocsInSandbox = false;
}

1
nixos/tests/all-tests.nix
View File

@ -484,6 +484,7 @@ in {
k3s = handleTest ./k3s {};
kafka = handleTest ./kafka.nix {};
kanidm = handleTest ./kanidm.nix {};
kanidm-provisioning = handleTest ./kanidm-provisioning.nix {};
karma = handleTest ./karma.nix {};
kavita = handleTest ./kavita.nix {};
kbd-setfont-decompress = handleTest ./kbd-setfont-decompress.nix {};

505
nixos/tests/kanidm-provisioning.nix Normal file
View File

@ -0,0 +1,505 @@
import ./make-test-python.nix (
{ pkgs, ... }:
let
certs = import ./common/acme/server/snakeoil-certs.nix;
serverDomain = certs.domain;
provisionAdminPassword = "very-strong-password-for-admin";
provisionIdmAdminPassword = "very-strong-password-for-idm-admin";
provisionIdmAdminPassword2 = "very-strong-alternative-password-for-idm-admin";
in
{
name = "kanidm-provisioning";
meta.maintainers = with pkgs.lib.maintainers; [ oddlama ];
nodes.provision =
{ pkgs, lib, ... }:
{
services.kanidm = {
package = pkgs.kanidm.withSecretProvisioning;
enableServer = true;
serverSettings = {
origin = "https://${serverDomain}";
domain = serverDomain;
bindaddress = "[::]:443";
ldapbindaddress = "[::1]:636";
tls_chain = certs."${serverDomain}".cert;
tls_key = certs."${serverDomain}".key;
};
# So we can check whether provisioning did what we wanted
enableClient = true;
clientSettings = {
uri = "https://${serverDomain}";
verify_ca = true;
verify_hostnames = true;
};
};
specialisation.credentialProvision.configuration =
{ ... }:
{
services.kanidm.provision = lib.mkForce {
enable = true;
adminPasswordFile = pkgs.writeText "admin-pw" provisionAdminPassword;
idmAdminPasswordFile = pkgs.writeText "idm-admin-pw" provisionIdmAdminPassword;
};
};
specialisation.changedCredential.configuration =
{ ... }:
{
services.kanidm.provision = lib.mkForce {
enable = true;
idmAdminPasswordFile = pkgs.writeText "idm-admin-pw" provisionIdmAdminPassword2;
};
};
specialisation.addEntities.configuration =
{ ... }:
{
services.kanidm.provision = lib.mkForce {
enable = true;
# Test whether credential recovery works without specific idmAdmin password
#idmAdminPasswordFile =
groups.supergroup1 = {
members = [ "testgroup1" ];
};
groups.testgroup1 = { };
persons.testuser1 = {
displayName = "Test User";
legalName = "Jane Doe";
mailAddresses = [ "jane.doe@example.com" ];
groups = [
"testgroup1"
"service1-access"
];
};
persons.testuser2 = {
displayName = "Powerful Test User";
legalName = "Ryouiki Tenkai";
groups = [ "service1-admin" ];
};
groups.service1-access = { };
groups.service1-admin = { };
systems.oauth2.service1 = {
displayName = "Service One";
originUrl = "https://one.example.com/";
originLanding = "https://one.example.com/landing";
basicSecretFile = pkgs.writeText "bs-service1" "very-strong-secret-for-service1";
scopeMaps.service1-access = [
"openid"
"email"
"profile"
];
supplementaryScopeMaps.service1-admin = [ "admin" ];
claimMaps.groups = {
valuesByGroup.service1-admin = [ "admin" ];
};
};
systems.oauth2.service2 = {
displayName = "Service Two";
originUrl = "https://two.example.com/";
originLanding = "https://landing2.example.com/";
# Test not setting secret
# basicSecretFile =
allowInsecureClientDisablePkce = true;
preferShortUsername = true;
};
};
};
specialisation.changeAttributes.configuration =
{ ... }:
{
services.kanidm.provision = lib.mkForce {
enable = true;
# Changing admin credentials at any time should not be a problem:
idmAdminPasswordFile = pkgs.writeText "idm-admin-pw" provisionIdmAdminPassword;
groups.supergroup1 = {
#members = ["testgroup1"];
};
groups.testgroup1 = { };
persons.testuser1 = {
displayName = "Test User (changed)";
legalName = "Jane Doe (changed)";
mailAddresses = [
"jane.doe@example.com"
"second.doe@example.com"
];
groups = [
#"testgroup1"
"service1-access"
];
};
persons.testuser2 = {
displayName = "Powerful Test User (changed)";
legalName = "Ryouiki Tenkai (changed)";
groups = [ "service1-admin" ];
};
groups.service1-access = { };
groups.service1-admin = { };
systems.oauth2.service1 = {
displayName = "Service One (changed)";
originUrl = "https://changed-one.example.com/";
originLanding = "https://changed-one.example.com/landing-changed";
basicSecretFile = pkgs.writeText "bs-service1" "changed-very-strong-secret-for-service1";
scopeMaps.service1-access = [
"openid"
"email"
#"profile"
];
supplementaryScopeMaps.service1-admin = [ "adminchanged" ];
claimMaps.groups = {
valuesByGroup.service1-admin = [ "adminchanged" ];
};
};
systems.oauth2.service2 = {
displayName = "Service Two (changed)";
originUrl = "https://changed-two.example.com/";
originLanding = "https://changed-landing2.example.com/";
# Test not setting secret
# basicSecretFile =
allowInsecureClientDisablePkce = false;
preferShortUsername = false;
};
};
};
specialisation.removeAttributes.configuration =
{ ... }:
{
services.kanidm.provision = lib.mkForce {
enable = true;
idmAdminPasswordFile = pkgs.writeText "idm-admin-pw" provisionIdmAdminPassword;
groups.supergroup1 = { };
persons.testuser1 = {
displayName = "Test User (changed)";
};
persons.testuser2 = {
displayName = "Powerful Test User (changed)";
groups = [ "service1-admin" ];
};
groups.service1-access = { };
groups.service1-admin = { };
systems.oauth2.service1 = {
displayName = "Service One (changed)";
originUrl = "https://changed-one.example.com/";
originLanding = "https://changed-one.example.com/landing-changed";
basicSecretFile = pkgs.writeText "bs-service1" "changed-very-strong-secret-for-service1";
# Removing maps requires setting them to the empty list
scopeMaps.service1-access = [ ];
supplementaryScopeMaps.service1-admin = [ ];
};
systems.oauth2.service2 = {
displayName = "Service Two (changed)";
originUrl = "https://changed-two.example.com/";
originLanding = "https://changed-landing2.example.com/";
};
};
};
specialisation.removeEntities.configuration =
{ ... }:
{
services.kanidm.provision = lib.mkForce {
enable = true;
idmAdminPasswordFile = pkgs.writeText "idm-admin-pw" provisionIdmAdminPassword;
};
};
security.pki.certificateFiles = [ certs.ca.cert ];
networking.hosts."::1" = [ serverDomain ];
networking.firewall.allowedTCPPorts = [ 443 ];
users.users.kanidm.shell = pkgs.bashInteractive;
environment.systemPackages = with pkgs; [
kanidm
openldap
ripgrep
jq
];
};
testScript =
{ nodes, ... }:
let
# We need access to the config file in the test script.
filteredConfig = pkgs.lib.converge (pkgs.lib.filterAttrsRecursive (
_: v: v != null
)) nodes.provision.services.kanidm.serverSettings;
serverConfigFile = (pkgs.formats.toml { }).generate "server.toml" filteredConfig;
specialisations = "${nodes.provision.system.build.toplevel}/specialisation";
in
''
import re
def assert_contains(haystack, needle):
if needle not in haystack:
print("The haystack that will cause the following exception is:")
print("---")
print(haystack)
print("---")
raise Exception(f"Expected string '{needle}' was not found")
def assert_matches(haystack, expr):
if not re.search(expr, haystack):
print("The haystack that will cause the following exception is:")
print("---")
print(haystack)
print("---")
raise Exception(f"Expected regex '{expr}' did not match")
def assert_lacks(haystack, needle):
if needle in haystack:
print("The haystack that will cause the following exception is:")
print("---")
print(haystack, end="")
print("---")
raise Exception(f"Unexpected string '{needle}' was found")
provision.start()
def provision_login(pw):
provision.wait_for_unit("kanidm.service")
provision.wait_until_succeeds("curl -Lsf https://${serverDomain} | grep Kanidm")
if pw is None:
pw = provision.succeed("su - kanidm -c 'kanidmd recover-account -c ${serverConfigFile} idm_admin 2>&1 | rg -o \'[A-Za-z0-9]{48}\' '").strip().removeprefix("'").removesuffix("'")
out = provision.succeed(f"KANIDM_PASSWORD={pw} kanidm login -D idm_admin")
assert_contains(out, "Login Success for idm_admin")
with subtest("Test Provisioning - setup"):
provision_login(None)
provision.succeed("kanidm logout -D idm_admin")
with subtest("Test Provisioning - credentialProvision"):
provision.succeed('${specialisations}/credentialProvision/bin/switch-to-configuration test')
provision_login("${provisionIdmAdminPassword}")
# Test provisioned admin pw
out = provision.succeed("KANIDM_PASSWORD=${provisionAdminPassword} kanidm login -D admin")
assert_contains(out, "Login Success for admin")
provision.succeed("kanidm logout -D admin")
provision.succeed("kanidm logout -D idm_admin")
with subtest("Test Provisioning - changedCredential"):
provision.succeed('${specialisations}/changedCredential/bin/switch-to-configuration test')
provision_login("${provisionIdmAdminPassword2}")
provision.succeed("kanidm logout -D idm_admin")
with subtest("Test Provisioning - addEntities"):
provision.succeed('${specialisations}/addEntities/bin/switch-to-configuration test')
# Unspecified idm admin password
provision_login(None)
out = provision.succeed("kanidm group get testgroup1")
assert_contains(out, "name: testgroup1")
out = provision.succeed("kanidm group get supergroup1")
assert_contains(out, "name: supergroup1")
assert_contains(out, "member: testgroup1")
out = provision.succeed("kanidm person get testuser1")
assert_contains(out, "name: testuser1")
assert_contains(out, "displayname: Test User")
assert_contains(out, "legalname: Jane Doe")
assert_contains(out, "mail: jane.doe@example.com")
assert_contains(out, "memberof: testgroup1")
assert_contains(out, "memberof: service1-access")
out = provision.succeed("kanidm person get testuser2")
assert_contains(out, "name: testuser2")
assert_contains(out, "displayname: Powerful Test User")
assert_contains(out, "legalname: Ryouiki Tenkai")
assert_contains(out, "memberof: service1-admin")
assert_lacks(out, "mail:")
out = provision.succeed("kanidm group get service1-access")
assert_contains(out, "name: service1-access")
out = provision.succeed("kanidm group get service1-admin")
assert_contains(out, "name: service1-admin")
out = provision.succeed("kanidm system oauth2 get service1")
assert_contains(out, "name: service1")
assert_contains(out, "displayname: Service One")
assert_contains(out, "oauth2_rs_origin: https://one.example.com/")
assert_contains(out, "oauth2_rs_origin_landing: https://one.example.com/landing")
assert_matches(out, 'oauth2_rs_scope_map: service1-access.*{"email", "openid", "profile"}')
assert_matches(out, 'oauth2_rs_sup_scope_map: service1-admin.*{"admin"}')
assert_matches(out, 'oauth2_rs_claim_map: groups:.*"admin"')
out = provision.succeed("kanidm system oauth2 show-basic-secret service1")
assert_contains(out, "very-strong-secret-for-service1")
out = provision.succeed("kanidm system oauth2 get service2")
assert_contains(out, "name: service2")
assert_contains(out, "displayname: Service Two")
assert_contains(out, "oauth2_rs_origin: https://two.example.com/")
assert_contains(out, "oauth2_rs_origin_landing: https://landing2.example.com/")
assert_contains(out, "oauth2_allow_insecure_client_disable_pkce: true")
assert_contains(out, "oauth2_prefer_short_username: true")
provision.succeed("kanidm logout -D idm_admin")
with subtest("Test Provisioning - changeAttributes"):
provision.succeed('${specialisations}/changeAttributes/bin/switch-to-configuration test')
provision_login("${provisionIdmAdminPassword}")
out = provision.succeed("kanidm group get testgroup1")
assert_contains(out, "name: testgroup1")
out = provision.succeed("kanidm group get supergroup1")
assert_contains(out, "name: supergroup1")
assert_lacks(out, "member: testgroup1")
out = provision.succeed("kanidm person get testuser1")
assert_contains(out, "name: testuser1")
assert_contains(out, "displayname: Test User (changed)")
assert_contains(out, "legalname: Jane Doe (changed)")
assert_contains(out, "mail: jane.doe@example.com")
assert_contains(out, "mail: second.doe@example.com")
assert_lacks(out, "memberof: testgroup1")
assert_contains(out, "memberof: service1-access")
out = provision.succeed("kanidm person get testuser2")
assert_contains(out, "name: testuser2")
assert_contains(out, "displayname: Powerful Test User (changed)")
assert_contains(out, "legalname: Ryouiki Tenkai (changed)")
assert_contains(out, "memberof: service1-admin")
assert_lacks(out, "mail:")
out = provision.succeed("kanidm group get service1-access")
assert_contains(out, "name: service1-access")
out = provision.succeed("kanidm group get service1-admin")
assert_contains(out, "name: service1-admin")
out = provision.succeed("kanidm system oauth2 get service1")
assert_contains(out, "name: service1")
assert_contains(out, "displayname: Service One (changed)")
assert_contains(out, "oauth2_rs_origin: https://changed-one.example.com/")
assert_contains(out, "oauth2_rs_origin_landing: https://changed-one.example.com/landing")
assert_matches(out, 'oauth2_rs_scope_map: service1-access.*{"email", "openid"}')
assert_matches(out, 'oauth2_rs_sup_scope_map: service1-admin.*{"adminchanged"}')
assert_matches(out, 'oauth2_rs_claim_map: groups:.*"adminchanged"')
out = provision.succeed("kanidm system oauth2 show-basic-secret service1")
assert_contains(out, "changed-very-strong-secret-for-service1")
out = provision.succeed("kanidm system oauth2 get service2")
assert_contains(out, "name: service2")
assert_contains(out, "displayname: Service Two (changed)")
assert_contains(out, "oauth2_rs_origin: https://changed-two.example.com/")
assert_contains(out, "oauth2_rs_origin_landing: https://changed-landing2.example.com/")
assert_lacks(out, "oauth2_allow_insecure_client_disable_pkce: true")
assert_lacks(out, "oauth2_prefer_short_username: true")
provision.succeed("kanidm logout -D idm_admin")
with subtest("Test Provisioning - removeAttributes"):
provision.succeed('${specialisations}/removeAttributes/bin/switch-to-configuration test')
provision_login("${provisionIdmAdminPassword}")
out = provision.succeed("kanidm group get testgroup1")
assert_lacks(out, "name: testgroup1")
out = provision.succeed("kanidm group get supergroup1")
assert_contains(out, "name: supergroup1")
assert_lacks(out, "member: testgroup1")
out = provision.succeed("kanidm person get testuser1")
assert_contains(out, "name: testuser1")
assert_contains(out, "displayname: Test User (changed)")
assert_lacks(out, "legalname: Jane Doe (changed)")
assert_lacks(out, "mail: jane.doe@example.com")
assert_lacks(out, "mail: second.doe@example.com")
assert_lacks(out, "memberof: testgroup1")
assert_lacks(out, "memberof: service1-access")
out = provision.succeed("kanidm person get testuser2")
assert_contains(out, "name: testuser2")
assert_contains(out, "displayname: Powerful Test User (changed)")
assert_lacks(out, "legalname: Ryouiki Tenkai (changed)")
assert_contains(out, "memberof: service1-admin")
assert_lacks(out, "mail:")
out = provision.succeed("kanidm group get service1-access")
assert_contains(out, "name: service1-access")
out = provision.succeed("kanidm group get service1-admin")
assert_contains(out, "name: service1-admin")
out = provision.succeed("kanidm system oauth2 get service1")
assert_contains(out, "name: service1")
assert_contains(out, "displayname: Service One (changed)")
assert_contains(out, "oauth2_rs_origin: https://changed-one.example.com/")
assert_contains(out, "oauth2_rs_origin_landing: https://changed-one.example.com/landing")
assert_lacks(out, "oauth2_rs_scope_map")
assert_lacks(out, "oauth2_rs_sup_scope_map")
assert_lacks(out, "oauth2_rs_claim_map")
out = provision.succeed("kanidm system oauth2 show-basic-secret service1")
assert_contains(out, "changed-very-strong-secret-for-service1")
out = provision.succeed("kanidm system oauth2 get service2")
assert_contains(out, "name: service2")
assert_contains(out, "displayname: Service Two (changed)")
assert_contains(out, "oauth2_rs_origin: https://changed-two.example.com/")
assert_contains(out, "oauth2_rs_origin_landing: https://changed-landing2.example.com/")
assert_lacks(out, "oauth2_allow_insecure_client_disable_pkce: true")
assert_lacks(out, "oauth2_prefer_short_username: true")
provision.succeed("kanidm logout -D idm_admin")
with subtest("Test Provisioning - removeEntities"):
provision.succeed('${specialisations}/removeEntities/bin/switch-to-configuration test')
provision_login("${provisionIdmAdminPassword}")
out = provision.succeed("kanidm group get testgroup1")
assert_lacks(out, "name: testgroup1")
out = provision.succeed("kanidm group get supergroup1")
assert_lacks(out, "name: supergroup1")
out = provision.succeed("kanidm person get testuser1")
assert_lacks(out, "name: testuser1")
out = provision.succeed("kanidm person get testuser2")
assert_lacks(out, "name: testuser2")
out = provision.succeed("kanidm group get service1-access")
assert_lacks(out, "name: service1-access")
out = provision.succeed("kanidm group get service1-admin")
assert_lacks(out, "name: service1-admin")
out = provision.succeed("kanidm system oauth2 get service1")
assert_lacks(out, "name: service1")
out = provision.succeed("kanidm system oauth2 get service2")
assert_lacks(out, "name: service2")
provision.succeed("kanidm logout -D idm_admin")
'';
}
)

13
nixos/tests/kanidm.nix
View File

@ -9,9 +9,9 @@ import ./make-test-python.nix ({ pkgs, ... }:
in
{
name = "kanidm";
meta.maintainers = with pkgs.lib.maintainers; [ erictapen Flakebi ];
meta.maintainers = with pkgs.lib.maintainers; [ erictapen Flakebi oddlama ];
nodes.server = { config, pkgs, lib, ... }: {
nodes.server = { pkgs, ... }: {
services.kanidm = {
enableServer = true;
serverSettings = {
@ -34,7 +34,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
environment.systemPackages = with pkgs; [ kanidm openldap ripgrep ];
};
nodes.client = { pkgs, nodes, ... }: {
nodes.client = { nodes, ... }: {
services.kanidm = {
enableClient = true;
clientSettings = {
@ -62,10 +62,10 @@ import ./make-test-python.nix ({ pkgs, ... }:
(pkgs.lib.filterAttrsRecursive (_: v: v != null))
nodes.server.services.kanidm.serverSettings;
serverConfigFile = (pkgs.formats.toml { }).generate "server.toml" filteredConfig;
in
''
start_all()
server.start()
client.start()
server.wait_for_unit("kanidm.service")
client.systemctl("start network-online.target")
client.wait_for_unit("network-online.target")
@ -122,5 +122,8 @@ import ./make-test-python.nix ({ pkgs, ... }:
client.wait_until_succeeds("systemctl is-active user@$(id -u testuser).service")
client.send_chars("touch done\n")
client.wait_for_file("/home/testuser@${serverDomain}/done")
server.shutdown()
client.shutdown()
'';
})

16
pkgs/applications/editors/vscode/vscode.nix
View File

@ -30,21 +30,21 @@ let
archive_fmt = if stdenv.isDarwin then "zip" else "tar.gz";
sha256 = {
x86_64-linux = "13572vj8izdkglrpk36z1nb3va3lbmsh885g1ix38x49hr3wjwaq";
x86_64-darwin = "1xz0rhkpwiji60vy7klm424fdzs8393jggaswsbyapkj3g9nrkpb";
aarch64-linux = "17rci7w2g595ziv1ylvzc5dhh0bc9l3a7mkl4lfljv6gaprdk766";
aarch64-darwin = "1rxvlc36yrzdji0qdackp14a0xlhyj0iylxscz50gvnvfv2pdysm";
armv7l-linux = "09iwsnr09cry9f6c4v7pkrdbcr8fnydjrmypjk5942dzz0b07lkr";
x86_64-linux = "0kfkn40a44ql6j4c8a1rsw5bqysj0i5k3qllq1rl2zglfx7v4vkk";
x86_64-darwin = "1iwl64wn5by6a4qdimxah76j90sv9as1908vgqxwhzj7plfcn6x5";
aarch64-linux = "02r8yl767cf972xyi0qky2yxli4jid3r474wg4lvhk7px4ajh4zj";
aarch64-darwin = "0d64dxm079v1v5c46c8brvmcdxawv70jyzp4hqnlxki1hpjxwbff";
armv7l-linux = "0ra50i827asq3y4d3qk9b3gnrrrq9vi5z14nw5wphgz139gqbxwj";
}.${system} or throwSystem;
in
callPackage ./generic.nix rec {
# Please backport all compatible updates to the stable release.
# This is important for the extension ecosystem.
version = "1.92.1";
version = "1.92.2";
pname = "vscode" + lib.optionalString isInsiders "-insiders";
# This is used for VS Code - Remote SSH test
rev = "eaa41d57266683296de7d118f574d0c2652e1fc4";
rev = "fee1edb8d6d72a0ddff41e5f71a671c23ed924b9";
executableName = "code" + lib.optionalString isInsiders "-insiders";
longName = "Visual Studio Code" + lib.optionalString isInsiders " - Insiders";
@ -68,7 +68,7 @@ in
src = fetchurl {
name = "vscode-server-${rev}.tar.gz";
url = "https://update.code.visualstudio.com/commit:${rev}/server-linux-x64/stable";
sha256 = "0g131nicp5j71phsfi187ggjx5952awvl0gy9983990sdxaah01x";
sha256 = "0n54l0s3p7nq3kc7jwdfsdq1k7p1v2ds17cwbfh3v9jifxqwws11";
};
};

7
pkgs/applications/emulators/xcpc/default.nix
View File

@ -3,7 +3,6 @@
, motifSupport ? false, lesstif
}:
with lib;
stdenv.mkDerivation rec {
version = "20070122";
pname = "xcpc";
@ -16,10 +15,10 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkg-config ];
buildInputs = [ glib libdsk libXaw libX11 libXext ]
++ optional libDSKSupport libdsk
++ optional motifSupport lesstif;
++ lib.optional libDSKSupport libdsk
++ lib.optional motifSupport lesstif;
meta = {
meta = with lib; {
description = "Portable Amstrad CPC 464/664/6128 emulator written in C";
homepage = "https://www.xcpc-emulator.net";
license = licenses.gpl2Plus;

8
pkgs/applications/file-managers/noice/default.nix
View File

@ -1,7 +1,5 @@
{ lib, stdenv, fetchgit, ncurses, conf ? null }:
with lib;
stdenv.mkDerivation rec {
pname = "noice";
version = "0.8";
@ -18,8 +16,8 @@ stdenv.mkDerivation rec {
substituteInPlace noice.c --replace 'printw(str);' 'printw("%s", str);'
'';
configFile = optionalString (conf!=null) (builtins.toFile "config.def.h" conf);
preBuild = optionalString (conf!=null) "cp ${configFile} config.def.h";
configFile = lib.optionalString (conf!=null) (builtins.toFile "config.def.h" conf);
preBuild = lib.optionalString (conf!=null) "cp ${configFile} config.def.h";
buildInputs = [ ncurses ];
@ -27,7 +25,7 @@ stdenv.mkDerivation rec {
installFlags = [ "DESTDIR=$(out)" "PREFIX=" ];
meta = {
meta = with lib; {
description = "Small ncurses-based file browser";
homepage = "https://git.2f30.org/noice/";
license = licenses.bsd2;

3
pkgs/applications/graphics/figma-linux/default.nix
View File

@ -8,7 +8,6 @@
, wrapGAppsHook3
, ...
}:
with lib;
stdenv.mkDerivation (finalAttrs: {
pname = "figma-linux";
version = "0.11.4";
@ -82,7 +81,7 @@ stdenv.mkDerivation (finalAttrs: {
--replace "Exec=/opt/figma-linux/figma-linux" "Exec=$out/bin/${finalAttrs.pname}"
'';
meta = {
meta = with lib; {
description = "Unofficial Electron-based Figma desktop app for Linux";
homepage = "https://github.com/Figma-Linux/figma-linux";
platforms = [ "x86_64-linux" ];

4
pkgs/applications/graphics/gscan2pdf/default.nix
View File

@ -6,8 +6,6 @@
# test dependencies
xvfb-run, liberation_ttf, file, tesseract }:
with lib;
perlPackages.buildPerlPackage rec {
pname = "gscan2pdf";
version = "2.13.3";
@ -132,7 +130,7 @@ perlPackages.buildPerlPackage rec {
make test
'';
meta = {
meta = with lib; {
description = "GUI to produce PDFs or DjVus from scanned documents";
homepage = "https://gscan2pdf.sourceforge.net/";
license = licenses.gpl3;

52
pkgs/applications/graphics/image_optim/default.nix
View File

@ -13,34 +13,32 @@
withSvgo ? true, svgo
}:
with lib;
let
optionalDepsPath = optional withPngcrush pngcrush
++ optional withPngout pngout
++ optional withAdvpng advancecomp
++ optional withOptipng optipng
++ optional withPngquant pngquant
++ optional withOxipng oxipng
++ optional withJhead jhead
++ optional withJpegoptim jpegoptim
++ optional withJpegrecompress jpeg-archive
++ optional withJpegtran libjpeg
++ optional withGifsicle gifsicle
++ optional withSvgo svgo;
optionalDepsPath = lib.optional withPngcrush pngcrush
++ lib.optional withPngout pngout
++ lib.optional withAdvpng advancecomp
++ lib.optional withOptipng optipng
++ lib.optional withPngquant pngquant
++ lib.optional withOxipng oxipng
++ lib.optional withJhead jhead
++ lib.optional withJpegoptim jpegoptim
++ lib.optional withJpegrecompress jpeg-archive
++ lib.optional withJpegtran libjpeg
++ lib.optional withGifsicle gifsicle
++ lib.optional withSvgo svgo;
disabledWorkersFlags = optional (!withPngcrush) "--no-pngcrush"
++ optional (!withPngout) "--no-pngout"
++ optional (!withAdvpng) "--no-advpng"
++ optional (!withOptipng) "--no-optipng"
++ optional (!withPngquant) "--no-pngquant"
++ optional (!withOxipng) "--no-oxipng"
++ optional (!withJhead) "--no-jhead"
++ optional (!withJpegoptim) "--no-jpegoptim"
++ optional (!withJpegrecompress) "--no-jpegrecompress"
++ optional (!withJpegtran) "--no-jpegtran"
++ optional (!withGifsicle) "--no-gifsicle"
++ optional (!withSvgo) "--no-svgo";
disabledWorkersFlags = lib.optional (!withPngcrush) "--no-pngcrush"
++ lib.optional (!withPngout) "--no-pngout"
++ lib.optional (!withAdvpng) "--no-advpng"
++ lib.optional (!withOptipng) "--no-optipng"
++ lib.optional (!withPngquant) "--no-pngquant"
++ lib.optional (!withOxipng) "--no-oxipng"
++ lib.optional (!withJhead) "--no-jhead"
++ lib.optional (!withJpegoptim) "--no-jpegoptim"
++ lib.optional (!withJpegrecompress) "--no-jpegrecompress"
++ lib.optional (!withJpegtran) "--no-jpegtran"
++ lib.optional (!withGifsicle) "--no-gifsicle"
++ lib.optional (!withSvgo) "--no-svgo";
in
bundlerApp {
@ -53,7 +51,7 @@ bundlerApp {
postBuild = ''
wrapProgram $out/bin/image_optim \
--prefix PATH : ${lib.escapeShellArg (makeBinPath optionalDepsPath)} \
--prefix PATH : ${lib.escapeShellArg (lib.makeBinPath optionalDepsPath)} \
--add-flags "${lib.concatStringsSep " " disabledWorkersFlags}"
'';

8
pkgs/applications/graphics/rx/default.nix
View File

@ -3,8 +3,6 @@
, xorg ? null
, libGL ? null }:
with lib;
rustPlatform.buildRustPackage rec {
pname = "rx";
version = "0.5.2";
@ -20,7 +18,7 @@ rustPlatform.buildRustPackage rec {
nativeBuildInputs = [ cmake pkg-config makeWrapper ];
buildInputs = optionals stdenv.isLinux
buildInputs = lib.optionals stdenv.isLinux
(with xorg; [
# glfw-sys dependencies:
libX11 libXrandr libXinerama libXcursor libXi libXext
@ -29,13 +27,13 @@ rustPlatform.buildRustPackage rec {
# FIXME: GLFW (X11) requires DISPLAY env variable for all tests
doCheck = false;
postInstall = optionalString stdenv.isLinux ''
postInstall = lib.optionalString stdenv.isLinux ''
mkdir -p $out/share/applications
cp $src/rx.desktop $out/share/applications
wrapProgram $out/bin/rx --prefix LD_LIBRARY_PATH : ${libGL}/lib
'';
meta = {
meta = with lib; {
description = "Modern and extensible pixel editor implemented in Rust";
mainProgram = "rx";
homepage = "https://rx.cloudhead.io/";

6
pkgs/applications/graphics/sane/config.nix
View File

@ -2,7 +2,7 @@
{ paths, disabledDefaultBackends ? [] }:
with lib;
let
installSanePath = path: ''
if [ -e "${path}/lib/sane" ]; then
@ -48,6 +48,6 @@ stdenv.mkDerivation {
mkdir -p $out/etc/sane.d $out/etc/sane.d/dll.d $out/lib/sane
''
+ (concatMapStrings installSanePath paths)
+ (concatMapStrings disableBackend disabledDefaultBackends);
+ (lib.concatMapStrings installSanePath paths)
+ (lib.concatMapStrings disableBackend disabledDefaultBackends);
}

8
pkgs/applications/graphics/sxiv/default.nix
View File

@ -1,7 +1,5 @@
{ lib, stdenv, fetchFromGitHub, libXft, imlib2, giflib, libexif, conf ? null }:
with lib;
stdenv.mkDerivation rec {
pname = "sxiv";
version = "26";
@ -13,8 +11,8 @@ stdenv.mkDerivation rec {
sha256 = "0xaawlfdy7b277m38mgg4423kd7p1ffn0dq4hciqs6ivbb3q9c4f";
};
configFile = optionalString (conf!=null) (builtins.toFile "config.def.h" conf);
preBuild = optionalString (conf!=null) "cp ${configFile} config.def.h";
configFile = lib.optionalString (conf!=null) (builtins.toFile "config.def.h" conf);
preBuild = lib.optionalString (conf!=null) "cp ${configFile} config.def.h";
buildInputs = [ libXft imlib2 giflib libexif ];
@ -24,7 +22,7 @@ stdenv.mkDerivation rec {
install -Dt $out/share/applications sxiv.desktop
'';
meta = {
meta = with lib; {
description = "Simple X Image Viewer";
homepage = "https://github.com/muennich/sxiv";
license = lib.licenses.gpl2Plus;

6
pkgs/applications/misc/nwg-dock-hyprland/default.nix
View File

@ -8,16 +8,16 @@
buildGoModule rec {
pname = "nwg-dock-hyprland";
version = "0.2.0";
version = "0.2.1";
src = fetchFromGitHub {
owner = "nwg-piotr";
repo = "nwg-dock-hyprland";
rev = "v${version}";
hash = "sha256-AB9YOHJCgjR70JNvWzDROWGVGFrjZycEKMV4XmDVcpY=";
hash = "sha256-rR0UkRKdIHcrLd4IpBUGxd6toPlohJfbvCBG/GkuQnY=";
};
vendorHash = "sha256-6AevEnesGZCXHUX8yq3mBA5ug+zb5qyriHdqGBKbbEs=";
vendorHash = "sha256-cZ5w7B8bi0faOVWoQ6eeW5ejCZJgnNB91DQalC75mPo=";
ldflags = [ "-s" "-w" ];

34
pkgs/applications/networking/cluster/hadoop/default.nix
View File

@ -23,9 +23,7 @@
, callPackage
}:
with lib;
assert elem stdenv.system [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
assert lib.elem stdenv.system [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
let
common = { pname, platformAttrs, jdk, tests }:
@ -34,7 +32,7 @@ let
version = platformAttrs.${stdenv.system}.version or (throw "Unsupported system: ${stdenv.system}");
src = fetchurl {
url = "mirror://apache/hadoop/common/hadoop-${finalAttrs.version}/hadoop-${finalAttrs.version}"
+ optionalString stdenv.isAarch64 "-aarch64" + ".tar.gz";
+ lib.optionalString stdenv.isAarch64 "-aarch64" + ".tar.gz";
inherit (platformAttrs.${stdenv.system} or (throw "Unsupported system: ${stdenv.system}")) hash;
};
doCheck = true;
@ -47,24 +45,24 @@ let
}) else "";
nativeBuildInputs = [ makeWrapper ]
++ optionals stdenv.isLinux [ autoPatchelfHook ];
buildInputs = optionals stdenv.isLinux [ stdenv.cc.cc.lib openssl protobuf zlib snappy libtirpc ];
++ lib.optionals stdenv.isLinux [ autoPatchelfHook ];
buildInputs = lib.optionals stdenv.isLinux [ stdenv.cc.cc.lib openssl protobuf zlib snappy libtirpc ];
installPhase = ''
mkdir $out
mv * $out/
'' + optionalString stdenv.isLinux ''
'' + lib.optionalString stdenv.isLinux ''
for n in $(find ${finalAttrs.containerExecutor}/bin -type f); do
ln -sf "$n" $out/bin
done
# these libraries are loaded at runtime by the JVM
ln -s ${getLib cyrus_sasl}/lib/libsasl2.so $out/lib/native/libsasl2.so.2
ln -s ${getLib openssl}/lib/libcrypto.so $out/lib/native/
ln -s ${getLib zlib}/lib/libz.so.1 $out/lib/native/
ln -s ${getLib zstd}/lib/libzstd.so.1 $out/lib/native/
ln -s ${getLib bzip2}/lib/libbz2.so.1 $out/lib/native/
ln -s ${getLib snappy}/lib/libsnappy.so.1 $out/lib/native/
ln -s ${lib.getLib cyrus_sasl}/lib/libsasl2.so $out/lib/native/libsasl2.so.2
ln -s ${lib.getLib openssl}/lib/libcrypto.so $out/lib/native/
ln -s ${lib.getLib zlib}/lib/libz.so.1 $out/lib/native/
ln -s ${lib.getLib zstd}/lib/libzstd.so.1 $out/lib/native/
ln -s ${lib.getLib bzip2}/lib/libbz2.so.1 $out/lib/native/
ln -s ${lib.getLib snappy}/lib/libsnappy.so.1 $out/lib/native/
# libjvm.so is in different paths for java 8 and 11
# libnativetask.so in hadooop 3 and libhdfs.so in hadoop 2 depend on it
@ -76,7 +74,7 @@ let
# hadoop 3.3+ depends on protobuf 3.18, 3.2 depends on 3.8
find $out/lib/native -name 'libhdfspp.so*' | \
xargs -r -n1 patchelf --replace-needed libprotobuf.so.${
if (versionAtLeast finalAttrs.version "3.3") then "18"
if (lib.versionAtLeast finalAttrs.version "3.3") then "18"
else "8"
} libprotobuf.so
@ -90,17 +88,17 @@ let
--set-default HADOOP_HOME $out/\
--run "test -d /etc/hadoop-conf && export HADOOP_CONF_DIR=\''${HADOOP_CONF_DIR-'/etc/hadoop-conf/'}"\
--set-default HADOOP_CONF_DIR $out/etc/hadoop/\
--prefix PATH : "${makeBinPath [ bash coreutils which]}"\
--prefix JAVA_LIBRARY_PATH : "${makeLibraryPath finalAttrs.buildInputs}"
--prefix PATH : "${lib.makeBinPath [ bash coreutils which]}"\
--prefix JAVA_LIBRARY_PATH : "${lib.makeLibraryPath finalAttrs.buildInputs}"
done
'' + (optionalString sparkSupport ''
'' + (lib.optionalString sparkSupport ''
# Add the spark shuffle service jar to YARN
cp ${spark.src}/yarn/spark-${spark.version}-yarn-shuffle.jar $out/share/hadoop/yarn/
'');
passthru = { inherit tests; };
meta = recursiveUpdate {
meta = with lib; recursiveUpdate {
homepage = "https://hadoop.apache.org/";
description = "Framework for distributed processing of large data sets across clusters of computers";
license = licenses.asl20;

6
pkgs/applications/networking/cluster/helm/plugins/helm-mapkubeapis.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "helm-mapkubeapis";
version = "0.4.1";
version = "0.5.0";
src = fetchFromGitHub {
owner = "helm";
repo = "helm-mapkubeapis";
rev = "v${version}";
hash = "sha256-6NeePXTdp5vlBLfIlWeXQZMZ0Uz/e1ZCgZmJvBJfaFw=";
hash = "sha256-6oo8KpNNF9j/eF0nUKBRDMwp3ZhfP1rEqGYZ4xGFVWc=";
};
vendorHash = "sha256-rVrQqeakPQl3rjzmqzHw74ffreLEVzP153wWJ8TEOIM=";
vendorHash = "sha256-G3Q8XCwKLgHeWLF46C5lWfvuynr/cJbkq7xdydfTHZ4=";
# NOTE: Remove the install and upgrade hooks.
postPatch = ''

4
pkgs/applications/networking/cluster/kubeshark/default.nix
View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "kubeshark";
version = "52.3.73";
version = "52.3.74";
src = fetchFromGitHub {
owner = "kubeshark";
repo = "kubeshark";
rev = "v${version}";
hash = "sha256-fhdHgkIsvB7cR5kCkvfzJuxrAVYvB4Y6NCGJpHolriA=";
hash = "sha256-MlYyTo30v9i1puSadbQRHCmUW7Kf9UV8X5Y7LQtRWaE=";
};
vendorHash = "sha256-b3Aq3970E19jOJPjw/e0ly1W9x9HiDN+bfuB4uP09BY=";

4
pkgs/applications/networking/instant-messengers/discord/default.nix
View File

@ -2,7 +2,7 @@
let
versions =
if stdenv.isLinux then {
stable = "0.0.63";
stable = "0.0.64";
ptb = "0.0.98";
canary = "0.0.465";
development = "0.0.24";
@ -17,7 +17,7 @@ let
x86_64-linux = {
stable = fetchurl {
url = "https://dl.discordapp.net/apps/linux/${version}/discord-${version}.tar.gz";
hash = "sha256-KtVX9EJPYmzDQd2beV/dDW8jjLDjacKZDrD72kLUwKo=";
hash = "sha256-tBopyhGRNDmtOWSwwiNnPJJm82sk3s76cUun7erHRbM=";
};
ptb = fetchurl {
url = "https://dl-ptb.discordapp.net/apps/linux/${version}/discord-ptb-${version}.tar.gz";

4
pkgs/applications/networking/irc/weechat/default.nix
View File

@ -36,14 +36,14 @@ let
in
assert lib.all (p: p.enabled -> ! (builtins.elem null p.buildInputs)) plugins;
stdenv.mkDerivation rec {
version = "4.3.5";
version = "4.3.6";
pname = "weechat";
hardeningEnable = [ "pie" ];
src = fetchurl {
url = "https://weechat.org/files/src/weechat-${version}.tar.xz";
hash = "sha256-5tvEyDLaXFuF5Jb+/BUjf7viqPe6L76B7gcdwMZrS+M=";
hash = "sha256-h4sGORUy3cQPS0lUYqIX68OZJeLq3+TfhOdqMxNkfJk=";
};
# Why is this needed? https://github.com/weechat/weechat/issues/2031

4
pkgs/applications/office/tryton/default.nix
View File

@ -17,8 +17,6 @@
, wrapGAppsHook3
}:
with lib;
python3Packages.buildPythonApplication rec {
pname = "tryton";
version = "7.2.4";
@ -61,7 +59,7 @@ python3Packages.buildPythonApplication rec {
doCheck = false;
meta = {
meta = with lib; {
description = "Client of the Tryton application platform";
mainProgram = "tryton";
longDescription = ''

10
pkgs/applications/science/chemistry/marvin/default.nix
View File

@ -1,14 +1,12 @@
{ lib, stdenv, fetchurl, dpkg, makeWrapper, coreutils, gawk, gnugrep, gnused, openjdk17 }:
with lib;
stdenv.mkDerivation rec {
pname = "marvin";
version = "23.17.0";
src = fetchurl {
name = "marvin-${version}.deb";
url = "http://dl.chemaxon.com/marvin/${version}/marvin_linux_${versions.majorMinor version}.deb";
url = "http://dl.chemaxon.com/marvin/${version}/marvin_linux_${lib.versions.majorMinor version}.deb";
hash = "sha256-zE/9EaOsNJwzE4Doasm9N8QG4t7wDOxqpV/Nhc4p7Ws=";
};
@ -22,7 +20,7 @@ stdenv.mkDerivation rec {
wrapBin() {
makeWrapper $1 $out/bin/$(basename $1) \
--set INSTALL4J_JAVA_HOME "${openjdk17}" \
--prefix PATH : ${makeBinPath [ coreutils gawk gnugrep gnused ]}
--prefix PATH : ${lib.makeBinPath [ coreutils gawk gnugrep gnused ]}
}
cp -r opt $out
mkdir -p $out/bin $out/share/pixmaps $out/share/applications
@ -33,12 +31,12 @@ stdenv.mkDerivation rec {
for name in cxcalc cxtrain evaluate molconvert mview msketch; do
wrapBin $out/opt/chemaxon/marvinsuite/bin/$name
done
${concatStrings (map (name: ''
${lib.concatStrings (map (name: ''
substitute ${./. + "/${name}.desktop"} $out/share/applications/${name}.desktop --subst-var out
'') [ "LicenseManager" "MarvinSketch" "MarvinView" ])}
'';
meta = {
meta = with lib; {
description = "Chemical modelling, analysis and structure drawing program";
homepage = "https://chemaxon.com/products/marvin";
maintainers = with maintainers; [ fusion809 ];

3
pkgs/applications/science/electronics/fped/default.nix
View File

@ -3,7 +3,6 @@
, pkg-config
}:
with lib;
stdenv.mkDerivation {
pname = "fped";
version = "unstable-2017-05-11";
@ -39,7 +38,7 @@ stdenv.mkDerivation {
gtk2
];
meta = {
meta = with lib; {
description = "Editor that allows the interactive creation of footprints electronic components";
mainProgram = "fped";
homepage = "http://projects.qi-hardware.com/index.php/p/fped/";

6
pkgs/applications/science/logic/monosat/default.nix
View File

@ -3,8 +3,6 @@
# annoying and break the python library, so let's not bother for now
includeJava ? !stdenv.hostPlatform.isDarwin, includeGplCode ? true }:
with lib;
let
boolToCmake = x: if x then "ON" else "OFF";
@ -52,14 +50,14 @@ let
"-DCMAKE_SKIP_BUILD_RPATH=ON"
];
postInstall = optionalString includeJava ''
postInstall = lib.optionalString includeJava ''
mkdir -p $out/share/java
cp monosat.jar $out/share/java
'';
passthru = { inherit python; };
meta = {
meta = with lib; {
description = "SMT solver for Monotonic Theories";
mainProgram = "monosat";
platforms = platforms.unix;

28
pkgs/applications/science/logic/z3/default.nix
View File

@ -16,8 +16,6 @@
assert javaBindings -> jdk != null;
assert ocamlBindings -> ocaml != null && findlib != null && zarith != null;
with lib;
let common = { version, sha256, patches ? [ ], tag ? "z3" }:
stdenv.mkDerivation rec {
pname = "z3";
@ -32,25 +30,25 @@ let common = { version, sha256, patches ? [ ], tag ? "z3" }:
strictDeps = true;
nativeBuildInputs = [ python ]
++ optional stdenv.hostPlatform.isDarwin fixDarwinDylibNames
++ optional javaBindings jdk
++ optionals ocamlBindings [ ocaml findlib ]
++ lib.optional stdenv.hostPlatform.isDarwin fixDarwinDylibNames
++ lib.optional javaBindings jdk
++ lib.optionals ocamlBindings [ ocaml findlib ]
;
propagatedBuildInputs = [ python.pkgs.setuptools ]
++ optionals ocamlBindings [ zarith ];
++ lib.optionals ocamlBindings [ zarith ];
enableParallelBuilding = true;
postPatch = optionalString ocamlBindings ''
postPatch = lib.optionalString ocamlBindings ''
export OCAMLFIND_DESTDIR=$ocaml/lib/ocaml/${ocaml.version}/site-lib
mkdir -p $OCAMLFIND_DESTDIR/stublibs
'';
configurePhase = concatStringsSep " "
configurePhase = lib.concatStringsSep " "
(
[ "${python.pythonOnBuildForHost.interpreter} scripts/mk_make.py --prefix=$out" ]
++ optional javaBindings "--java"
++ optional ocamlBindings "--ml"
++ optional pythonBindings "--python --pypkgdir=$out/${python.sitePackages}"
++ lib.optional javaBindings "--java"
++ lib.optional ocamlBindings "--ml"
++ lib.optional pythonBindings "--python --pypkgdir=$out/${python.sitePackages}"
) + "\n" + "cd build";
doCheck = true;
@ -63,19 +61,19 @@ let common = { version, sha256, patches ? [ ], tag ? "z3" }:
mkdir -p $dev $lib
mv $out/lib $lib/lib
mv $out/include $dev/include
'' + optionalString pythonBindings ''
'' + lib.optionalString pythonBindings ''
mkdir -p $python/lib
mv $lib/lib/python* $python/lib/
ln -sf $lib/lib/libz3${stdenv.hostPlatform.extensions.sharedLibrary} $python/${python.sitePackages}/z3/lib/libz3${stdenv.hostPlatform.extensions.sharedLibrary}
'' + optionalString javaBindings ''
'' + lib.optionalString javaBindings ''
mkdir -p $java/share/java
mv com.microsoft.z3.jar $java/share/java
moveToOutput "lib/libz3java.${stdenv.hostPlatform.extensions.sharedLibrary}" "$java"
'';
outputs = [ "out" "lib" "dev" "python" ]
++ optional javaBindings "java"
++ optional ocamlBindings "ocaml";
++ lib.optional javaBindings "java"
++ lib.optional ocamlBindings "ocaml";
meta = with lib; {
description = "High-performance theorem prover and SMT solver";

19
pkgs/applications/science/math/ripser/default.nix
View File

@ -5,14 +5,11 @@
, fileFormat ? "lowerTriangularCsv"
}:
with lib;
assert assertOneOf "fileFormat" fileFormat
assert lib.assertOneOf "fileFormat" fileFormat
["lowerTriangularCsv" "upperTriangularCsv" "dipha"];
assert useGoogleHashmap -> sparsehash != null;
let
inherit (lib) optional;
version = "1.2.1";
in
stdenv.mkDerivation {
@ -26,19 +23,19 @@ stdenv.mkDerivation {
sha256 = "sha256-BxmkPQ/nl5cF+xwQMTjXnLgkLgdmT/39y7Kzl2wDfpE=";
};
buildInputs = optional useGoogleHashmap sparsehash;
buildInputs = lib.optional useGoogleHashmap sparsehash;
buildFlags = [
"-std=c++11"
"-O3"
"-D NDEBUG"
]
++ optional useCoefficients "-D USE_COEFFICIENTS"
++ optional indicateProgress "-D INDICATE_PROGRESS"
++ optional useGoogleHashmap "-D USE_GOOGLE_HASHMAP"
++ optional (fileFormat == "lowerTriangularCsv") "-D FILE_FORMAT_LOWER_TRIANGULAR_CSV"
++ optional (fileFormat == "upperTriangularCsv") "-D FILE_FORMAT_UPPER_TRIANGULAR_CSV"
++ optional (fileFormat == "dipha") "-D FILE_FORMAT_DIPHA"
++ lib.optional useCoefficients "-D USE_COEFFICIENTS"
++ lib.optional indicateProgress "-D INDICATE_PROGRESS"
++ lib.optional useGoogleHashmap "-D USE_GOOGLE_HASHMAP"
++ lib.optional (fileFormat == "lowerTriangularCsv") "-D FILE_FORMAT_LOWER_TRIANGULAR_CSV"
++ lib.optional (fileFormat == "upperTriangularCsv") "-D FILE_FORMAT_UPPER_TRIANGULAR_CSV"
++ lib.optional (fileFormat == "dipha") "-D FILE_FORMAT_DIPHA"
;
buildPhase = "c++ ripser.cpp -o ripser $buildFlags";

8
pkgs/applications/science/math/wolfram-engine/l10ns.nix
View File

@ -45,7 +45,7 @@ let allVersions = with lib; flip map
]
({ version, lang, language, sha256, installer }: {
inherit version lang;
name = "wolfram-engine-${version}" + optionalString (lang != "en") "-${lang}";
name = "wolfram-engine-${version}" + lib.optionalString (lang != "en") "-${lang}";
src = requireFile {
name = installer;
message = ''
@ -58,14 +58,12 @@ let allVersions = with lib; flip map
};
});
minVersion =
with lib;
if majorVersion == null
then elemAt (builtins.splitVersion (elemAt allVersions 0).version) 0
then lib.elemAt (builtins.splitVersion (lib.elemAt allVersions 0).version) 0
else majorVersion;
maxVersion = toString (1 + builtins.fromJSON minVersion);
in
with lib;
findFirst (l: (l.lang == lang
lib.findFirst (l: (l.lang == lang
&& l.version >= minVersion
&& l.version < maxVersion))
(throw "Version ${minVersion} in language ${lang} not supported")

3
pkgs/applications/science/medicine/dcmtk/default.nix
View File

@ -1,7 +1,6 @@
{ lib, stdenv, fetchFromGitHub, zlib, libtiff, libxml2, openssl, libiconv
, libpng, cmake }:
with lib;
stdenv.mkDerivation rec {
pname = "dcmtk";
version = "3.6.8";
@ -17,7 +16,7 @@ stdenv.mkDerivation rec {
doCheck = true;
meta = {
meta = with lib; {
description =
"Collection of libraries and applications implementing large parts of the DICOM standard";
longDescription = ''

20
pkgs/applications/science/misc/simgrid/default.nix
View File

@ -12,8 +12,6 @@
, withoutBin ? false
}:
with lib;
let
optionOnOff = option: if option then "on" else "off";
in
@ -32,15 +30,15 @@ stdenv.mkDerivation rec {
propagatedBuildInputs = [ boost ];
nativeBuildInputs = [ cmake perl python3 ]
++ optionals fortranSupport [ gfortran ]
++ optionals buildJavaBindings [ openjdk ]
++ optionals buildPythonBindings [ python3Packages.pybind11 ]
++ optionals buildDocumentation [ fig2dev ghostscript doxygen ]
++ optionals bmfSupport [ eigen ]
++ optionals modelCheckingSupport [ libunwind libevent elfutils ];
++ lib.optionals fortranSupport [ gfortran ]
++ lib.optionals buildJavaBindings [ openjdk ]
++ lib.optionals buildPythonBindings [ python3Packages.pybind11 ]
++ lib.optionals buildDocumentation [ fig2dev ghostscript doxygen ]
++ lib.optionals bmfSupport [ eigen ]
++ lib.optionals modelCheckingSupport [ libunwind libevent elfutils ];
outputs = [ "out" ]
++ optionals buildPythonBindings [ "python" ];
++ lib.optionals buildPythonBindings [ "python" ];
# "Release" does not work. non-debug mode is Debug compiled with optimization
cmakeBuildType = "Debug";
@ -69,7 +67,7 @@ stdenv.mkDerivation rec {
# RPATH of binary /nix/store/.../bin/... contains a forbidden reference to /build/
"-DCMAKE_SKIP_BUILD_RPATH=ON"
];
makeFlags = optional debug "VERBOSE=1";
makeFlags = lib.optional debug "VERBOSE=1";
# needed to run tests and to ensure correct shabangs in output scripts
preBuild = ''
@ -106,7 +104,7 @@ stdenv.mkDerivation rec {
hardeningDisable = lib.optionals debug [ "fortify" ];
dontStrip = debug;
meta = {
meta = with lib; {
description = "Framework for the simulation of distributed applications";
longDescription = ''
SimGrid is a toolkit that provides core functionalities for the

18
pkgs/applications/terminal-emulators/rxvt-unicode/default.nix
View File

@ -33,8 +33,6 @@ let
};
in
with lib;
stdenv.mkDerivation {
name = "${pname}-unwrapped-${version}";
inherit pname version;
@ -49,8 +47,8 @@ stdenv.mkDerivation {
[ libX11 libXt libXft ncurses # required to build the terminfo file
fontconfig freetype libXrender
libptytty
] ++ optionals perlSupport [ perl libXext ]
++ optional gdkPixbufSupport gdk-pixbuf;
] ++ lib.optionals perlSupport [ perl libXext ]
++ lib.optional gdkPixbufSupport gdk-pixbuf;
outputs = [ "out" "terminfo" ];
@ -73,19 +71,19 @@ stdenv.mkDerivation {
./patches/9.06-font-width.patch
]) ++ [
./patches/256-color-resources.patch
] ++ optional (perlSupport && versionAtLeast perl.version "5.38") (fetchpatch {
] ++ lib.optional (perlSupport && lib.versionAtLeast perl.version "5.38") (fetchpatch {
name = "perl538-locale-c.patch";
url = "https://github.com/exg/rxvt-unicode/commit/16634bc8dd5fc4af62faf899687dfa8f27768d15.patch";
excludes = [ "Changes" ];
sha256 = "sha256-JVqzYi3tcWIN2j5JByZSztImKqbbbB3lnfAwUXrumHM=";
}) ++ optional stdenv.isDarwin ./patches/makefile-phony.patch;
}) ++ lib.optional stdenv.isDarwin ./patches/makefile-phony.patch;
configureFlags = [
"--with-terminfo=${placeholder "terminfo"}/share/terminfo"
"--enable-256-color"
(enableFeature perlSupport "perl")
(enableFeature unicode3Support "unicode3")
] ++ optional emojiSupport "--enable-wide-glyphs";
(lib.enableFeature perlSupport "perl")
(lib.enableFeature unicode3Support "unicode3")
] ++ lib.optional emojiSupport "--enable-wide-glyphs";
LDFLAGS = [ "-lfontconfig" "-lXrender" "-lpthread" ];
CFLAGS = [ "-I${freetype.dev}/include/freetype2" ];
@ -111,7 +109,7 @@ stdenv.mkDerivation {
passthru.tests.test = nixosTests.terminal-emulators.urxvt;
meta = {
meta = with lib; {
inherit description;
homepage = "http://software.schmorp.de/pkg/rxvt-unicode.html";
downloadPage = "http://dist.schmorp.de/rxvt-unicode/Attic/";

6
pkgs/applications/version-management/git-octopus/default.nix
View File

@ -1,7 +1,5 @@
{ lib, stdenv, fetchFromGitHub, git, perl, makeWrapper }:
with lib;
stdenv.mkDerivation rec {
pname = "git-octopus";
version = "1.4";
@ -13,7 +11,7 @@ stdenv.mkDerivation rec {
# perl provides shasum
postInstall = ''
for f in $out/bin/*; do
wrapProgram $f --prefix PATH : ${makeBinPath [ git perl ]}
wrapProgram $f --prefix PATH : ${lib.makeBinPath [ git perl ]}
done
'';
@ -24,7 +22,7 @@ stdenv.mkDerivation rec {
sha256 = "14p61xk7jankp6gc26xciag9fnvm7r9vcbhclcy23f4ghf4q4sj1";
};
meta = {
meta = with lib; {
homepage = "https://github.com/lesfurets/git-octopus";
description = "Continuous merge workflow";
license = licenses.lgpl3;

6
pkgs/applications/version-management/gitkraken/default.nix
View File

@ -55,8 +55,6 @@
cacert,
}:
with lib;
let
pname = "gitkraken";
version = "10.2.0";
@ -82,7 +80,7 @@ let
src = srcs.${stdenv.hostPlatform.system} or throwSystem;
meta = {
meta = with lib; {
homepage = "https://www.gitkraken.com/git-client";
description = "Simplifying Git for any OS";
sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ];
@ -108,7 +106,7 @@ let
dontBuild = true;
dontConfigure = true;
libPath = makeLibraryPath [
libPath = lib.makeLibraryPath [
stdenv.cc.cc.lib
curlWithGnuTls
udev

12
pkgs/applications/version-management/gogs/default.nix
View File

@ -4,8 +4,6 @@
, pamSupport ? true
}:
with lib;
buildGoModule rec {
pname = "gogs";
version = "0.13.0";
@ -27,19 +25,19 @@ buildGoModule rec {
nativeBuildInputs = [ makeWrapper openssh ];
buildInputs = optional pamSupport pam;
buildInputs = lib.optional pamSupport pam;
tags =
( optional sqliteSupport "sqlite"
++ optional pamSupport "pam");
( lib.optional sqliteSupport "sqlite"
++ lib.optional pamSupport "pam");
postInstall = ''
wrapProgram $out/bin/gogs \
--prefix PATH : ${makeBinPath [ bash git gzip openssh ]}
--prefix PATH : ${lib.makeBinPath [ bash git gzip openssh ]}
'';
meta = {
meta = with lib; {
description = "Painless self-hosted Git service";
homepage = "https://gogs.io";
license = licenses.mit;

8
pkgs/applications/video/dmlive/default.nix
View File

@ -14,16 +14,16 @@
rustPlatform.buildRustPackage rec {
pname = "dmlive";
version = "5.3.2";
version = "5.5.4";
src = fetchFromGitHub {
owner = "THMonster";
repo = pname;
rev = "3736d83ac0920de78ac82fe331bc6b16dc72b5cd"; # no tag
hash = "sha256-3agUeAv6Nespn6GNw4wmy8HNPQ0VIgZAMnKiV/myKbA=";
rev = "688ddda12ed70a7ad25ede63e948e1cba143a307"; # no tag
hash = "sha256-M7IZ2UzusWovyhigyUXasmSEz4J79gnFyivHVUqfUKg=";
};
cargoHash = "sha256-MxkWaEn/gMMOuje7lu7PlqsQjnF0LWpV9JzmFBG1ukU=";
cargoHash = "sha256-d3vI2iv2Db1XZQc3uaNfkUpDyNKPvHkb/0zEwRTOWZ0=";
OPENSSL_NO_VENDOR = true;

9
pkgs/applications/video/mpv/scripts/default.nix
View File

@ -140,13 +140,12 @@ let
};
in
with lib;
pipe scope [
(makeScope newScope)
lib.pipe scope [
(lib.makeScope newScope)
(
self:
assert builtins.intersectAttrs self aliases == { };
self // optionalAttrs config.allowAliases aliases
self // lib.optionalAttrs config.allowAliases aliases
)
recurseIntoAttrs
lib.recurseIntoAttrs
]

5
pkgs/applications/video/vcs/default.nix
View File

@ -3,7 +3,6 @@
, util-linux, getopt
, dejavu_fonts
}:
with lib;
let
version = "1.13.4";
gopt = if stdenv.isLinux then util-linux else getopt;
@ -29,10 +28,10 @@ stdenv.mkDerivation {
mv vcs $out/bin/vcs
substituteAllInPlace $out/bin/vcs
chmod +x $out/bin/vcs
wrapProgram $out/bin/vcs --argv0 vcs --set PATH "${makeBinPath runtimeDeps}"
wrapProgram $out/bin/vcs --argv0 vcs --set PATH "${lib.makeBinPath runtimeDeps}"
'';
meta = {
meta = with lib; {
description = "Generates contact sheets from video files";
homepage = "http://p.outlyer.net/vcs";
license = licenses.lgpl21Plus;

5
pkgs/applications/virtualization/docker/gc.nix
View File

@ -1,7 +1,4 @@
{ stdenv, lib, fetchFromGitHub, makeWrapper, docker, coreutils, procps, gnused, findutils, gnugrep }:
with lib;
stdenv.mkDerivation rec {
pname = "docker-gc";
version = "unstable-2015-10-5";
@ -23,7 +20,7 @@ stdenv.mkDerivation rec {
--prefix PATH : "${lib.makeBinPath [ docker coreutils procps gnused findutils gnugrep ]}"
'';
meta = {
meta = with lib; {
description = "Docker garbage collection of containers and images";
mainProgram = "docker-gc";
license = licenses.asl20;

4
pkgs/applications/virtualization/podman/default.nix
View File

@ -65,13 +65,13 @@ let
in
buildGoModule rec {
pname = "podman";
version = "5.2.0";
version = "5.2.1";
src = fetchFromGitHub {
owner = "containers";
repo = "podman";
rev = "v${version}";
hash = "sha256-Rb9rOetMVxf1GhEOzZmaUwRI4nkPdJnpkpjIyJcb6r8=";
hash = "sha256-xwZfCPnn81Rvk2ceLxL8Dwaw2T0oc1agjrcauHYSRvU=";
};
patches = [

13
pkgs/applications/virtualization/virt-viewer/default.nix
View File

@ -32,9 +32,6 @@
, vte
, wrapGAppsHook3
}:
with lib;
stdenv.mkDerivation rec {
pname = "virt-viewer";
version = "11.0";
@ -76,18 +73,18 @@ stdenv.mkDerivation rec {
libvirt-glib
libxml2
vte
] ++ optionals ovirtSupport [
] ++ lib.optionals ovirtSupport [
libgovirt
] ++ optionals spiceSupport ([
] ++ lib.optionals spiceSupport ([
gdbm
spice-gtk
spice-protocol
] ++ optionals stdenv.isLinux [
] ++ lib.optionals stdenv.isLinux [
libcap
]);
# Required for USB redirection PolicyKit rules file
propagatedUserEnvPkgs = optional spiceSupport spice-gtk;
propagatedUserEnvPkgs = lib.optional spiceSupport spice-gtk;
mesonFlags = [
(lib.mesonEnable "ovirt" ovirtSupport)
@ -99,7 +96,7 @@ stdenv.mkDerivation rec {
patchShebangs build-aux/post_install.py
'';
meta = {
meta = with lib; {
description = "Viewer for remote virtual machines";
maintainers = with maintainers; [ raskin atemu ];
platforms = with platforms; linux ++ darwin;

5
pkgs/applications/virtualization/virtualbox/extpack.nix
View File

@ -1,7 +1,4 @@
{ fetchurl, lib, virtualbox }:
with lib;
let
inherit (virtualbox) version;
in
@ -15,7 +12,7 @@ fetchurl rec {
let value = "d750fb17688d70e0cb2d7b06f1ad3a661303793f4d1ac39cfa9a54806b89da25";
in assert (builtins.stringLength value) == 64; value;
meta = {
meta = with lib; {
description = "Oracle Extension pack for VirtualBox";
license = licenses.virtualbox-puel;
homepage = "https://www.virtualbox.org/";

5
pkgs/applications/virtualization/virtualbox/guest-additions/default.nix
View File

@ -1,9 +1,6 @@
{ stdenv, kernel, callPackage, lib, dbus
, xorg, zlib, patchelf, makeWrapper
}:
with lib;
let
virtualBoxNixGuestAdditionsBuilder = callPackage ./builder.nix { };
@ -103,7 +100,7 @@ in stdenv.mkDerivation {
host/guest clipboard support.
'';
sourceProvenance = with lib.sourceTypes; [ fromSource ];
license = licenses.gpl2;
license = lib.licenses.gpl2;
maintainers = [ lib.maintainers.sander lib.maintainers.friedrichaltheide ];
platforms = [ "i686-linux" "x86_64-linux" ];
broken = stdenv.hostPlatform.is32bit && (kernel.kernelAtLeast "5.10");

3
pkgs/applications/window-managers/fluxbox/default.nix
View File

@ -4,7 +4,6 @@
, libXinerama
, imlib2 }:
with lib;
stdenv.mkDerivation rec {
pname = "fluxbox";
@ -35,7 +34,7 @@ stdenv.mkDerivation rec {
--subst-var-by PREFIX "$out"
'';
meta = {
meta = with lib; {
description = "Full-featured, light-resource X window manager";
longDescription = ''
Fluxbox is a X window manager based on Blackbox 0.61.1 window

26
pkgs/applications/window-managers/i3/blocks-gaps.nix
View File

@ -4,11 +4,9 @@
"load_average" "memory" "volume" "wifi" ]
}:
with lib;
let
perlscripts = [ "battery" "cpu_usage" "openvpn" "temperature" ];
contains_any = l1: l2: 0 < length( intersectLists l1 l2 );
contains_any = l1: l2: 0 < lib.length( lib.intersectLists l1 l2 );
in
stdenv.mkDerivation rec {
@ -25,24 +23,24 @@ stdenv.mkDerivation rec {
makeFlags = [ "all" ];
installFlags = [ "PREFIX=\${out}" "VERSION=${version}" ];
buildInputs = optional (contains_any scripts perlscripts) perl;
buildInputs = lib.optional (contains_any scripts perlscripts) perl;
nativeBuildInputs = [ makeWrapper ];
postFixup = optionalString (elem "bandwidth" scripts) ''
postFixup = lib.optionalString (lib.elem "bandwidth" scripts) ''
wrapProgram $out/libexec/i3blocks/bandwidth \
--prefix PATH : ${makeBinPath [ iproute2 ]}
'' + optionalString (elem "battery" scripts) ''
--prefix PATH : ${lib.makeBinPath [ iproute2 ]}
'' + lib.optionalString (lib.elem "battery" scripts) ''
wrapProgram $out/libexec/i3blocks/battery \
--prefix PATH : ${makeBinPath [ acpi ]}
'' + optionalString (elem "cpu_usage" scripts) ''
--prefix PATH : ${lib.makeBinPath [ acpi ]}
'' + lib.optionalString (lib.elem "cpu_usage" scripts) ''
wrapProgram $out/libexec/i3blocks/cpu_usage \
--prefix PATH : ${makeBinPath [ sysstat ]}
'' + optionalString (elem "iface" scripts) ''
--prefix PATH : ${lib.makeBinPath [ sysstat ]}
'' + lib.optionalString (lib.elem "iface" scripts) ''
wrapProgram $out/libexec/i3blocks/iface \
--prefix PATH : ${makeBinPath [ iproute2 ]}
'' + optionalString (elem "volume" scripts) ''
--prefix PATH : ${lib.makeBinPath [ iproute2 ]}
'' + lib.optionalString (lib.elem "volume" scripts) ''
wrapProgram $out/libexec/i3blocks/volume \
--prefix PATH : ${makeBinPath [ alsa-utils ]}
--prefix PATH : ${lib.makeBinPath [ alsa-utils ]}
'';
meta = with lib; {

4
pkgs/applications/window-managers/i3/blocks.nix
View File

@ -1,7 +1,5 @@
{ fetchFromGitHub, fetchpatch, lib, stdenv, autoreconfHook, pkg-config }:
with lib;
stdenv.mkDerivation {
pname = "i3blocks";
version = "1.5";
@ -24,7 +22,7 @@ stdenv.mkDerivation {
nativeBuildInputs = [ autoreconfHook pkg-config ];
meta = {
meta = with lib; {
description = "Flexible scheduler for your i3bar blocks";
mainProgram = "i3blocks";
homepage = "https://github.com/vivien/i3blocks";

6
pkgs/applications/window-managers/miriway/default.nix
View File

@ -11,13 +11,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "miriway";
version = "0-unstable-2024-07-17";
version = "0-unstable-2024-08-14";
src = fetchFromGitHub {
owner = "Miriway";
repo = "Miriway";
rev = "810dea99773f96a4ef4471bf00c65089956ff97a";
hash = "sha256-hkHipu1ERiM8UH18NuyxILyxxXvyVTOSLBP/7Z64ZTg=";
rev = "2d00e8a61cb029cec96596897a1dada8033c601a";
hash = "sha256-DB07IGFXLQj2LsU8iVZrSda0FS/efKUAolet8fK9Clo=";
};
strictDeps = true;

6
pkgs/by-name/c2/c2patool/package.nix
View File

@ -10,16 +10,16 @@
}:
rustPlatform.buildRustPackage rec {
pname = "c2patool";
version = "0.9.6";
version = "0.9.7";
src = fetchFromGitHub {
owner = "contentauth";
repo = pname;
rev = "v${version}";
sha256 = "sha256-IESolMRRDJwLsWndXvat9otqPTPduQN1uZokx/tUCH0=";
sha256 = "sha256-5zHjPjWwYiUz+ebDoZkuEdZ+mbPTC3AnX6dTrhvjtPI=";
};
cargoHash = "sha256-cgL/88CuiqaSWj7HJABiZnIkEzJUhgPl6e2OJQ5LAnM=";
cargoHash = "sha256-lPCaR3s4Tfy0n6xGxK+eLAObRhmzXc57CI0JnVrF8sg=";
# use the non-vendored openssl
OPENSSL_NO_VENDOR = 1;

6
pkgs/by-name/ce/centrifugo/package.nix
View File

@ -14,16 +14,16 @@ let
in
buildGoModule rec {
pname = "centrifugo";
version = "5.4.4";
version = "5.4.5";
src = fetchFromGitHub {
owner = "centrifugal";
repo = "centrifugo";
rev = "v${version}";
hash = "sha256-lZ2EWXg4aWDwsvziI4+9ECv6SlsdkElWJzf8JrByrSI=";
hash = "sha256-kbSHNtujHlT9l9VV9fVlVnTMOQSKdXSwMP/x0EGTNZo=";
};
vendorHash = "sha256-iS4ykyJfsKeQkEuTj5p243FZbULbGTYHEJ2JrATd7Vc=";
vendorHash = "sha256-gfz2jRGx8egAKCFaQOZfh7cthcXS9t8ugB0zF+tiYh0=";
ldflags = [
"-s"

4
pkgs/by-name/ch/challenger/package.nix
View File

@ -21,12 +21,12 @@
stdenv.mkDerivation (finalAttrs: {
pname = "challenger";
version = "0.11.0";
version = "0.12.0";
src = fetchgit {
url = "https://git.taler.net/challenger.git";
rev = "v${finalAttrs.version}";
hash = "sha256-utME8ywCf4hjgOZWp4j2+dNPPLbAqHd80A62waVvONE=";
hash = "sha256-Qntwtcjjtu3Mbr8Wi5pgFq8KENaycGR4Y3hJ5+LBgTI=";
};
# https://git.taler.net/challenger.git/tree/bootstrap

136
pkgs/by-name/gr/gruvbox-gtk-theme/package.nix
View File

@ -5,7 +5,12 @@
sassc,
gnome-themes-extra,
gtk-engine-murrine,
colorVariants ? [] # default: install all icons
unstableGitUpdater,
colorVariants ? [ ],
sizeVariants ? [ ],
themeVariants ? [ ],
tweakVariants ? [ ],
iconVariants ? [ ],
}:
let
@ -14,49 +19,104 @@ let
"dark"
"light"
];
sizeVariantList = [
"compact"
"standard"
];
themeVariantList = [
"default"
"green"
"grey"
"orange"
"pink"
"purple"
"red"
"teal"
"yellow"
"all"
];
tweakVariantList = [
"medium"
"soft"
"black"
"float"
"outline"
"macos"
];
iconVariantList = [
"Dark"
"Light"
];
in
lib.checkListOfEnum "${pname}: colorVariants" colorVariantList colorVariants
lib.checkListOfEnum "${pname}: colorVariants" colorVariantList colorVariants lib.checkListOfEnum
"${pname}: sizeVariants"
sizeVariantList
sizeVariants
lib.checkListOfEnum
"${pname}: themeVariants"
themeVariantList
themeVariants
lib.checkListOfEnum
"${pname}: tweakVariants"
tweakVariantList
tweakVariants
lib.checkListOfEnum
"${pname}: iconVariants"
iconVariantList
iconVariants
stdenvNoCC.mkDerivation {
inherit pname;
version = "0-unstable-2024-06-27";
stdenvNoCC.mkDerivation
{
inherit pname;
version = "0-unstable-2024-07-22";
src = fetchFromGitHub {
owner = "Fausto-Korpsvart";
repo = "Gruvbox-GTK-Theme";
rev = "f568ccd7bf7570d8a27feb62e318b07b88e24b94";
hash = "sha256-4vGwPggHdNjtQ03UFgN4OH5+ZEkdIlivCdYuZ0Dsd5Q=";
};
src = fetchFromGitHub {
owner = "Fausto-Korpsvart";
repo = "Gruvbox-GTK-Theme";
rev = "f14a99e1369a6348a4ecd4a5b2d9c067b83f7b2a";
hash = "sha256-WuZX2A5nLk8vMlK0ZlDlbeb79wCCWrGUf2CbqfnbUzk=";
};
propagatedUserEnvPkgs = [ gtk-engine-murrine ];
propagatedUserEnvPkgs = [ gtk-engine-murrine ];
nativeBuildInputs = [ sassc ];
buildInputs = [ gnome-themes-extra ];
nativeBuildInputs = [ sassc ];
buildInputs = [ gnome-themes-extra ];
dontBuild = true;
dontBuild = true;
postPatch = ''
patchShebangs themes/install.sh
'';
passthru.updateScript = unstableGitUpdater { };
installPhase = ''
runHook preInstall
mkdir -p $out/share/themes
cd themes
./install.sh -n Gruvbox -c ${lib.concatStringsSep " " (if colorVariants != [] then colorVariants else colorVariantList)} --tweaks macos -d "$out/share/themes"
runHook postInstall
'';
postPatch = ''
patchShebangs themes/install.sh
'';
meta = {
description = "GTK theme based on the Gruvbox colour palette";
homepage = "https://github.com/Fausto-Korpsvart/Gruvbox-GTK-Theme";
license = lib.licenses.gpl3Plus;
platforms = lib.platforms.unix;
maintainers = with lib.maintainers; [
luftmensch-luftmensch
math-42
d3vil0p3r
];
};
}
installPhase = ''
runHook preInstall
mkdir -p $out/share/themes
cd themes
./install.sh -n Gruvbox \
${lib.optionalString (colorVariants != [ ]) "-c " + toString colorVariants} \
${lib.optionalString (sizeVariants != [ ]) "-s " + toString sizeVariants} \
${lib.optionalString (themeVariants != [ ]) "-t " + toString themeVariants} \
${lib.optionalString (tweakVariants != [ ]) "--tweaks " + toString tweakVariants} \
-d "$out/share/themes"
cd ../icons
${lib.optionalString (iconVariants != [ ]) ''
mkdir -p $out/share/icons
cp -a ${toString (map (v: "Gruvbox-${v}") iconVariants)} $out/share/icons/
''}
runHook postInstall
'';
meta = {
description = "GTK theme based on the Gruvbox colour palette";
homepage = "https://github.com/Fausto-Korpsvart/Gruvbox-GTK-Theme";
license = lib.licenses.gpl3Plus;
platforms = lib.platforms.unix;
maintainers = with lib.maintainers; [
luftmensch-luftmensch
math-42
d3vil0p3r
];
};
}

6
pkgs/by-name/ha/harmonia/package.nix
View File

@ -13,16 +13,16 @@
rustPlatform.buildRustPackage rec {
pname = "harmonia";
version = "1.0.0";
version = "1.0.1";
src = fetchFromGitHub {
owner = "nix-community";
repo = "harmonia";
rev = "refs/tags/harmonia-v${version}";
hash = "sha256-S5UU6/JZzp4mJKplhpJjcACr+M1rQCFQFWuyk9Wwumg=";
hash = "sha256-K4pll1YUqCkiqUxyWMgPKzNEJ2AMf3C/5YVBOn0SFtw=";
};
cargoHash = "sha256-iCltPaWNq9vWgPfjNYikoU25X8wzlM4ruYI+WgHYv7U=";
cargoHash = "sha256-1ITnTlLVgSC0gsXtELHOPqM4jPZd0TeVgM5GYkqaNVA=";
doCheck = false;

29
pkgs/by-name/ka/kanidm-provision/package.nix Normal file
View File

@ -0,0 +1,29 @@
{
lib,
rustPlatform,
fetchFromGitHub,
}:
rustPlatform.buildRustPackage rec {
pname = "kanidm-provision";
version = "1.1.1";
src = fetchFromGitHub {
owner = "oddlama";
repo = "kanidm-provision";
rev = "v${version}";
hash = "sha256-tX24cszmWu7kB5Eoa3OrPqU1bayD62OpAV12U0ayoEo=";
};
cargoHash = "sha256-Ok8A47z5Z3QW4teql/4RyDlox/nrhkdA6IN/qJm13bM=";
meta = with lib; {
description = "A small utility to help with kanidm provisioning";
homepage = "https://github.com/oddlama/kanidm-provision";
license = with licenses; [
asl20
mit
];
maintainers = with maintainers; [ oddlama ];
mainProgram = "kanidm-provision";
};
}

17
pkgs/by-name/ka/kanidm/package.nix
View File

@ -13,6 +13,14 @@
, pam
, bashInteractive
, rust-jemalloc-sys
, kanidm
# If this is enabled, kanidm will be built with two patches allowing both
# oauth2 basic secrets and admin credentials to be provisioned.
# This is NOT officially supported (and will likely never be),
# see https://github.com/kanidm/kanidm/issues/1747.
# Please report any provisioning-related errors to
# https://github.com/oddlama/kanidm-provision/issues/ instead.
, enableSecretProvisioning ? false
}:
let
@ -33,6 +41,11 @@ rustPlatform.buildRustPackage rec {
KANIDM_BUILD_PROFILE = "release_nixos_${arch}";
patches = lib.optionals enableSecretProvisioning [
./patches/oauth2-basic-secret-modify.patch
./patches/recover-account.patch
];
postPatch =
let
format = (formats.toml { }).generate "${KANIDM_BUILD_PROFILE}.toml";
@ -94,10 +107,12 @@ rustPlatform.buildRustPackage rec {
passthru = {
tests = {
inherit (nixosTests) kanidm;
inherit (nixosTests) kanidm kanidm-provisioning;
};
updateScript = nix-update-script { };
inherit enableSecretProvisioning;
withSecretProvisioning = kanidm.override { enableSecretProvisioning = true; };
};
meta = with lib; {

303
pkgs/by-name/ka/kanidm/patches/oauth2-basic-secret-modify.patch Normal file
View File

@ -0,0 +1,303 @@
From 44dfbc2b9dccce86c7d7e7b54db4c989344b8c56 Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Mon, 12 Aug 2024 23:17:25 +0200
Subject: [PATCH 1/2] oauth2 basic secret modify
---
server/core/src/actors/v1_write.rs | 42 ++++++++++++++++++++++++++++++
server/core/src/https/v1.rs | 6 ++++-
server/core/src/https/v1_oauth2.rs | 29 +++++++++++++++++++++
server/lib/src/constants/acp.rs | 6 +++++
4 files changed, 82 insertions(+), 1 deletion(-)
diff --git a/server/core/src/actors/v1_write.rs b/server/core/src/actors/v1_write.rs
index e00a969fb..1cacc67b8 100644
--- a/server/core/src/actors/v1_write.rs
+++ b/server/core/src/actors/v1_write.rs
@@ -315,20 +315,62 @@ impl QueryServerWriteV1 {
};
trace!(?del, "Begin delete event");
idms_prox_write
.qs_write
.delete(&del)
.and_then(|_| idms_prox_write.commit().map(|_| ()))
}
+ #[instrument(
+ level = "info",
+ skip_all,
+ fields(uuid = ?eventid)
+ )]
+ pub async fn handle_oauth2_basic_secret_write(
+ &self,
+ client_auth_info: ClientAuthInfo,
+ filter: Filter<FilterInvalid>,
+ new_secret: String,
+ eventid: Uuid,
+ ) -> Result<(), OperationError> {
+ // Given a protoEntry, turn this into a modification set.
+ let ct = duration_from_epoch_now();
+ let mut idms_prox_write = self.idms.proxy_write(ct).await;
+ let ident = idms_prox_write
+ .validate_client_auth_info_to_ident(client_auth_info, ct)
+ .map_err(|e| {
+ admin_error!(err = ?e, "Invalid identity");
+ e
+ })?;
+
+ let modlist = ModifyList::new_purge_and_set(
+ Attribute::OAuth2RsBasicSecret,
+ Value::SecretValue(new_secret),
+ );
+
+ let mdf =
+ ModifyEvent::from_internal_parts(ident, &modlist, &filter, &idms_prox_write.qs_write)
+ .map_err(|e| {
+ admin_error!(err = ?e, "Failed to begin modify during handle_oauth2_basic_secret_write");
+ e
+ })?;
+
+ trace!(?mdf, "Begin modify event");
+
+ idms_prox_write
+ .qs_write
+ .modify(&mdf)
+ .and_then(|_| idms_prox_write.commit())
+ }
+
#[instrument(
level = "info",
skip_all,
fields(uuid = ?eventid)
)]
pub async fn handle_reviverecycled(
&self,
client_auth_info: ClientAuthInfo,
filter: Filter<FilterInvalid>,
eventid: Uuid,
diff --git a/server/core/src/https/v1.rs b/server/core/src/https/v1.rs
index 8aba83bb2..f1f815026 100644
--- a/server/core/src/https/v1.rs
+++ b/server/core/src/https/v1.rs
@@ -1,17 +1,17 @@
//! The V1 API things!
use axum::extract::{Path, State};
use axum::http::{HeaderMap, HeaderValue};
use axum::middleware::from_fn;
use axum::response::{IntoResponse, Response};
-use axum::routing::{delete, get, post, put};
+use axum::routing::{delete, get, post, put, patch};
use axum::{Extension, Json, Router};
use axum_extra::extract::cookie::{Cookie, CookieJar, SameSite};
use compact_jwt::{Jwk, Jws, JwsSigner};
use kanidm_proto::constants::uri::V1_AUTH_VALID;
use std::net::IpAddr;
use uuid::Uuid;
use kanidm_proto::internal::{
ApiToken, AppLink, CUIntentToken, CURequest, CUSessionToken, CUStatus, CreateRequest,
CredentialStatus, DeleteRequest, IdentifyUserRequest, IdentifyUserResponse, ModifyRequest,
@@ -3119,20 +3119,24 @@ pub(crate) fn route_setup(state: ServerState) -> Router<ServerState> {
)
.route(
"/v1/oauth2/:rs_name/_image",
post(super::v1_oauth2::oauth2_id_image_post)
.delete(super::v1_oauth2::oauth2_id_image_delete),
)
.route(
"/v1/oauth2/:rs_name/_basic_secret",
get(super::v1_oauth2::oauth2_id_get_basic_secret),
)
+ .route(
+ "/v1/oauth2/:rs_name/_basic_secret",
+ patch(super::v1_oauth2::oauth2_id_patch_basic_secret),
+ )
.route(
"/v1/oauth2/:rs_name/_scopemap/:group",
post(super::v1_oauth2::oauth2_id_scopemap_post)
.delete(super::v1_oauth2::oauth2_id_scopemap_delete),
)
.route(
"/v1/oauth2/:rs_name/_sup_scopemap/:group",
post(super::v1_oauth2::oauth2_id_sup_scopemap_post)
.delete(super::v1_oauth2::oauth2_id_sup_scopemap_delete),
)
diff --git a/server/core/src/https/v1_oauth2.rs b/server/core/src/https/v1_oauth2.rs
index 5e481afab..a771aed04 100644
--- a/server/core/src/https/v1_oauth2.rs
+++ b/server/core/src/https/v1_oauth2.rs
@@ -144,20 +144,49 @@ pub(crate) async fn oauth2_id_get_basic_secret(
) -> Result<Json<Option<String>>, WebError> {
let filter = oauth2_id(&rs_name);
state
.qe_r_ref
.handle_oauth2_basic_secret_read(client_auth_info, filter, kopid.eventid)
.await
.map(Json::from)
.map_err(WebError::from)
}
+#[utoipa::path(
+ patch,
+ path = "/v1/oauth2/{rs_name}/_basic_secret",
+ request_body=ProtoEntry,
+ responses(
+ DefaultApiResponse,
+ ),
+ security(("token_jwt" = [])),
+ tag = "v1/oauth2",
+ operation_id = "oauth2_id_patch_basic_secret"
+)]
+/// Overwrite the basic secret for a given OAuth2 Resource Server.
+#[instrument(level = "info", skip(state, new_secret))]
+pub(crate) async fn oauth2_id_patch_basic_secret(
+ State(state): State<ServerState>,
+ Extension(kopid): Extension<KOpId>,
+ VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
+ Path(rs_name): Path<String>,
+ Json(new_secret): Json<String>,
+) -> Result<Json<()>, WebError> {
+ let filter = oauth2_id(&rs_name);
+ state
+ .qe_w_ref
+ .handle_oauth2_basic_secret_write(client_auth_info, filter, new_secret, kopid.eventid)
+ .await
+ .map(Json::from)
+ .map_err(WebError::from)
+}
+
#[utoipa::path(
patch,
path = "/v1/oauth2/{rs_name}",
request_body=ProtoEntry,
responses(
DefaultApiResponse,
),
security(("token_jwt" = [])),
tag = "v1/oauth2",
operation_id = "oauth2_id_patch"
diff --git a/server/lib/src/constants/acp.rs b/server/lib/src/constants/acp.rs
index f3409649d..42e407b7d 100644
--- a/server/lib/src/constants/acp.rs
+++ b/server/lib/src/constants/acp.rs
@@ -645,34 +645,36 @@ lazy_static! {
Attribute::Image,
],
modify_present_attrs: vec![
Attribute::Description,
Attribute::DisplayName,
Attribute::OAuth2RsName,
Attribute::OAuth2RsOrigin,
Attribute::OAuth2RsOriginLanding,
Attribute::OAuth2RsSupScopeMap,
Attribute::OAuth2RsScopeMap,
+ Attribute::OAuth2RsBasicSecret,
Attribute::OAuth2AllowInsecureClientDisablePkce,
Attribute::OAuth2JwtLegacyCryptoEnable,
Attribute::OAuth2PreferShortUsername,
Attribute::Image,
],
create_attrs: vec![
Attribute::Class,
Attribute::Description,
Attribute::DisplayName,
Attribute::OAuth2RsName,
Attribute::OAuth2RsOrigin,
Attribute::OAuth2RsOriginLanding,
Attribute::OAuth2RsSupScopeMap,
Attribute::OAuth2RsScopeMap,
+ Attribute::OAuth2RsBasicSecret,
Attribute::OAuth2AllowInsecureClientDisablePkce,
Attribute::OAuth2JwtLegacyCryptoEnable,
Attribute::OAuth2PreferShortUsername,
Attribute::Image,
],
create_classes: vec![
EntryClass::Object,
EntryClass::OAuth2ResourceServer,
EntryClass::OAuth2ResourceServerBasic,
EntryClass::OAuth2ResourceServerPublic,
@@ -739,36 +741,38 @@ lazy_static! {
Attribute::Image,
],
modify_present_attrs: vec![
Attribute::Description,
Attribute::DisplayName,
Attribute::OAuth2RsName,
Attribute::OAuth2RsOrigin,
Attribute::OAuth2RsOriginLanding,
Attribute::OAuth2RsSupScopeMap,
Attribute::OAuth2RsScopeMap,
+ Attribute::OAuth2RsBasicSecret,
Attribute::OAuth2AllowInsecureClientDisablePkce,
Attribute::OAuth2JwtLegacyCryptoEnable,
Attribute::OAuth2PreferShortUsername,
Attribute::OAuth2AllowLocalhostRedirect,
Attribute::OAuth2RsClaimMap,
Attribute::Image,
],
create_attrs: vec![
Attribute::Class,
Attribute::Description,
Attribute::DisplayName,
Attribute::OAuth2RsName,
Attribute::OAuth2RsOrigin,
Attribute::OAuth2RsOriginLanding,
Attribute::OAuth2RsSupScopeMap,
Attribute::OAuth2RsScopeMap,
+ Attribute::OAuth2RsBasicSecret,
Attribute::OAuth2AllowInsecureClientDisablePkce,
Attribute::OAuth2JwtLegacyCryptoEnable,
Attribute::OAuth2PreferShortUsername,
Attribute::OAuth2AllowLocalhostRedirect,
Attribute::OAuth2RsClaimMap,
Attribute::Image,
],
create_classes: vec![
EntryClass::Object,
EntryClass::OAuth2ResourceServer,
@@ -840,36 +844,38 @@ lazy_static! {
Attribute::Image,
],
modify_present_attrs: vec![
Attribute::Description,
Attribute::DisplayName,
Attribute::Name,
Attribute::OAuth2RsOrigin,
Attribute::OAuth2RsOriginLanding,
Attribute::OAuth2RsSupScopeMap,
Attribute::OAuth2RsScopeMap,
+ Attribute::OAuth2RsBasicSecret,
Attribute::OAuth2AllowInsecureClientDisablePkce,
Attribute::OAuth2JwtLegacyCryptoEnable,
Attribute::OAuth2PreferShortUsername,
Attribute::OAuth2AllowLocalhostRedirect,
Attribute::OAuth2RsClaimMap,
Attribute::Image,
],
create_attrs: vec![
Attribute::Class,
Attribute::Description,
Attribute::Name,
Attribute::OAuth2RsName,
Attribute::OAuth2RsOrigin,
Attribute::OAuth2RsOriginLanding,
Attribute::OAuth2RsSupScopeMap,
Attribute::OAuth2RsScopeMap,
+ Attribute::OAuth2RsBasicSecret,
Attribute::OAuth2AllowInsecureClientDisablePkce,
Attribute::OAuth2JwtLegacyCryptoEnable,
Attribute::OAuth2PreferShortUsername,
Attribute::OAuth2AllowLocalhostRedirect,
Attribute::OAuth2RsClaimMap,
Attribute::Image,
],
create_classes: vec![
EntryClass::Object,
EntryClass::Account,
--
2.45.2

173
pkgs/by-name/ka/kanidm/patches/recover-account.patch Normal file
View File

@ -0,0 +1,173 @@
From cc8269489b56755714f07eee4671f8aa2659c014 Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Mon, 12 Aug 2024 23:17:42 +0200
Subject: [PATCH 2/2] recover account
---
server/core/src/actors/internal.rs | 3 ++-
server/core/src/admin.rs | 6 +++---
server/daemon/src/main.rs | 14 +++++++++++++-
server/daemon/src/opt.rs | 4 ++++
4 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/server/core/src/actors/internal.rs b/server/core/src/actors/internal.rs
index 40c18777f..40d553b40 100644
--- a/server/core/src/actors/internal.rs
+++ b/server/core/src/actors/internal.rs
@@ -153,25 +153,26 @@ impl QueryServerWriteV1 {
}
#[instrument(
level = "info",
skip(self, eventid),
fields(uuid = ?eventid)
)]
pub(crate) async fn handle_admin_recover_account(
&self,
name: String,
+ password: Option<String>,
eventid: Uuid,
) -> Result<String, OperationError> {
let ct = duration_from_epoch_now();
let mut idms_prox_write = self.idms.proxy_write(ct).await;
- let pw = idms_prox_write.recover_account(name.as_str(), None)?;
+ let pw = idms_prox_write.recover_account(name.as_str(), password.as_deref())?;
idms_prox_write.commit().map(|()| pw)
}
#[instrument(
level = "info",
skip_all,
fields(uuid = ?eventid)
)]
pub(crate) async fn handle_domain_raise(&self, eventid: Uuid) -> Result<u32, OperationError> {
diff --git a/server/core/src/admin.rs b/server/core/src/admin.rs
index 90ccb1927..85e31ddef 100644
--- a/server/core/src/admin.rs
+++ b/server/core/src/admin.rs
@@ -17,21 +17,21 @@ use tokio_util::codec::{Decoder, Encoder, Framed};
use tracing::{span, Instrument, Level};
use uuid::Uuid;
pub use kanidm_proto::internal::{
DomainInfo as ProtoDomainInfo, DomainUpgradeCheckReport as ProtoDomainUpgradeCheckReport,
DomainUpgradeCheckStatus as ProtoDomainUpgradeCheckStatus,
};
#[derive(Serialize, Deserialize, Debug)]
pub enum AdminTaskRequest {
- RecoverAccount { name: String },
+ RecoverAccount { name: String, password: Option<String> },
ShowReplicationCertificate,
RenewReplicationCertificate,
RefreshReplicationConsumer,
DomainShow,
DomainUpgradeCheck,
DomainRaise,
DomainRemigrate { level: Option<u32> },
}
#[derive(Serialize, Deserialize, Debug)]
@@ -302,22 +302,22 @@ async fn handle_client(
let mut reqs = Framed::new(sock, ServerCodec);
trace!("Waiting for requests ...");
while let Some(Ok(req)) = reqs.next().await {
// Setup the logging span
let eventid = Uuid::new_v4();
let nspan = span!(Level::INFO, "handle_admin_client_request", uuid = ?eventid);
let resp = async {
match req {
- AdminTaskRequest::RecoverAccount { name } => {
- match server_rw.handle_admin_recover_account(name, eventid).await {
+ AdminTaskRequest::RecoverAccount { name, password } => {
+ match server_rw.handle_admin_recover_account(name, password, eventid).await {
Ok(password) => AdminTaskResponse::RecoverAccount { password },
Err(e) => {
error!(err = ?e, "error during recover-account");
AdminTaskResponse::Error
}
}
}
AdminTaskRequest::ShowReplicationCertificate => match repl_ctrl_tx.as_mut() {
Some(ctrl_tx) => show_replication_certificate(ctrl_tx).await,
None => {
diff --git a/server/daemon/src/main.rs b/server/daemon/src/main.rs
index 577995615..a967928c9 100644
--- a/server/daemon/src/main.rs
+++ b/server/daemon/src/main.rs
@@ -894,27 +894,39 @@ async fn kanidm_main(
} else {
let output_mode: ConsoleOutputMode = commonopts.output_mode.to_owned().into();
submit_admin_req(
config.adminbindpath.as_str(),
AdminTaskRequest::RefreshReplicationConsumer,
output_mode,
)
.await;
}
}
- KanidmdOpt::RecoverAccount { name, commonopts } => {
+ KanidmdOpt::RecoverAccount { name, from_environment, commonopts } => {
info!("Running account recovery ...");
let output_mode: ConsoleOutputMode = commonopts.output_mode.to_owned().into();
+ let password = if *from_environment {
+ match std::env::var("KANIDM_RECOVER_ACCOUNT_PASSWORD") {
+ Ok(val) => Some(val),
+ _ => {
+ error!("Environment variable KANIDM_RECOVER_ACCOUNT_PASSWORD not set");
+ return ExitCode::FAILURE;
+ }
+ }
+ } else {
+ None
+ };
submit_admin_req(
config.adminbindpath.as_str(),
AdminTaskRequest::RecoverAccount {
name: name.to_owned(),
+ password,
},
output_mode,
)
.await;
}
KanidmdOpt::Database {
commands: DbCommands::Reindex(_copt),
} => {
info!("Running in reindex mode ...");
reindex_server_core(&config).await;
diff --git a/server/daemon/src/opt.rs b/server/daemon/src/opt.rs
index f1b45a5b3..9c013e32e 100644
--- a/server/daemon/src/opt.rs
+++ b/server/daemon/src/opt.rs
@@ -229,20 +229,24 @@ enum KanidmdOpt {
/// Create a self-signed ca and tls certificate in the locations listed from the
/// configuration. These certificates should *not* be used in production, they
/// are for testing and evaluation only!
CertGenerate(CommonOpt),
#[clap(name = "recover-account")]
/// Recover an account's password
RecoverAccount {
#[clap(value_parser)]
/// The account name to recover credentials for.
name: String,
+ /// Use the password given in the environment variable
+ /// `KANIDM_RECOVER_ACCOUNT_PASSWORD` instead of generating one.
+ #[clap(long = "from-environment")]
+ from_environment: bool,
#[clap(flatten)]
commonopts: CommonOpt,
},
/// Display this server's replication certificate
ShowReplicationCertificate {
#[clap(flatten)]
commonopts: CommonOpt,
},
/// Renew this server's replication certificate
RenewReplicationCertificate {
--
2.45.2

6
pkgs/by-name/kc/kcl/package.nix
View File

@ -11,16 +11,16 @@
}:
buildGoModule rec {
pname = "kcl";
version = "0.9.7";
version = "0.9.8";
src = fetchFromGitHub {
owner = "kcl-lang";
repo = "cli";
rev = "v${version}";
hash = "sha256-97iUmrdZzA2OD6K+WSkDv8JNcFaaHmD/D9J/BHOUvzw=";
hash = "sha256-s8pFnItmw3+l9GKqdqX0Rxsy47h6vO+yUtVNCuyn/m8=";
};
vendorHash = "sha256-+SWcbkcShPCzxGfZmlMPaTZLp0tGGViPM99xXrXzVQ0=";
vendorHash = "sha256-DGYYH5sKhpcWHYoUim4NyflzqsXFc4MCOqIw5jIfIiM=";
# By default, libs and bins are stripped. KCL will crash on darwin if they are.
dontStrip = stdenv.isDarwin;

6
pkgs/by-name/le/lexical/package.nix
View File

@ -10,19 +10,19 @@
beamPackages.mixRelease rec {
pname = "lexical";
version = "0.7.0";
version = "0.7.1";
src = fetchFromGitHub {
owner = "lexical-lsp";
repo = "lexical";
rev = "refs/tags/v${version}";
hash = "sha256-veIFr8oovEhukwkGzj02pdc6vN1FCXGz1kn4FAcMALQ=";
hash = "sha256-YKp1IOBIt6StYpVZyTj3BMZM/+6Bp+galbFpuBKYeOM=";
};
mixFodDeps = beamPackages.fetchMixDeps {
inherit pname version src;
hash = "sha256-pqghYSBeDHfeZclC7jQU0FbadioTZ6uT3+InEUSW3rY=";
hash = "sha256-myxmQM46TELDu9wpr82qxqH4s/YR9t0gdAfGOm0Dw1k=";
};
installPhase = ''

6
pkgs/by-name/mi/misconfig-mapper/package.nix
View File

@ -6,16 +6,16 @@
buildGoModule rec {
pname = "misconfig-mapper";
version = "1.8.1";
version = "1.8.2";
src = fetchFromGitHub {
owner = "intigriti";
repo = "misconfig-mapper";
rev = "refs/tags/v${version}";
hash = "sha256-jCW1HmL/IAktQ3DncR4CZ3msSWKkz6u9UmmkIjaXS3Y=";
hash = "sha256-VKjzHPLyBuV+SiHs4kA6ZWq0g5dEwJsnFCG2Dl8YVDk=";
};
vendorHash = "sha256-UGV//c2ArXB9g2voN+UWnRaEsrKluIk5CZz82YQhhik=";
vendorHash = "sha256-hx03o4LaqFNylStCkt/MFtgwvsOZFFcEC/c54g1kCNk=";
ldflags = [
"-s"

773
pkgs/by-name/mo/mongosh/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

8
pkgs/by-name/mo/mongosh/source.json
View File

@ -1,6 +1,6 @@
{
"version": "2.2.15",
"integrity": "sha512-9K9+S7toDI0QtGSM+KbQCm+m7ofNOrlJ75Pmmdg+l7Q7HW5prUzSiBF48lRumPqbp5f/mgDoQ7S6IhU5Zp3oCw==",
"filename": "mongosh-2.2.15.tgz",
"deps": "sha256-LPe54jox2q+KvQ8f36JrVUSwB7tcXFmt3csK65mLVNo="
"version": "2.3.0",
"integrity": "sha512-IDJpIF15g64t4ooSJzR/teqiqT4lQJ2ezdz9bI9LJiXVPU9nOQcXtvaJlGzNgTsK9C+0mNc0a6qSK9MI25A0tA==",
"filename": "mongosh-2.3.0.tgz",
"deps": "sha256-C7SNmFxbk6rgnoe93cAx6dAYhRAm5VqpwlNqEDdS0jY="
}

6
pkgs/by-name/my/mystmd/package.nix
View File

@ -2,16 +2,16 @@
buildNpmPackage rec {
pname = "mystmd";
version = "1.3.2";
version = "1.3.4";
src = fetchFromGitHub {
owner = "executablebooks";
repo = "mystmd";
rev = "mystmd@${version}";
hash = "sha256-41nRweJN5mqABUayoBQF8ZF1ol2YtBjCABfXuhaNPyE=";
hash = "sha256-aZUDIQs4n2s842tq23pU/ZUW+1fF4XXEmgnapdZH8wQ=";
};
npmDepsHash = "sha256-O34rSyFM+27LUIof3vs/oBoMf4eeg4fYGu6ftEZzong=";
npmDepsHash = "sha256-IXdmzuQaBEbwjXssYaDLvxyTl+i2U/JTalg8lSGvuR0=";
dontNpmInstall = true;

4
pkgs/by-name/n8/n8n/package.nix
View File

@ -6,7 +6,7 @@
nodejs,
pnpm,
python3,
nodePackages,
node-gyp,
cacert,
xcbuild,
libkrb5,
@ -34,7 +34,7 @@ stdenv.mkDerivation (finalAttrs: {
nativeBuildInputs = [
pnpm.configHook
python3 # required to build sqlite3 bindings
nodePackages.node-gyp # required to build sqlite3 bindings
node-gyp # required to build sqlite3 bindings
cacert # required for rustls-native-certs (dependency of turbo build tool)
makeWrapper
] ++ lib.optional stdenv.isDarwin [ xcbuild ];

5034
pkgs/by-name/no/node-gyp/package-lock.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

41
pkgs/by-name/no/node-gyp/package.nix Normal file
View File

@ -0,0 +1,41 @@
{
buildNpmPackage,
fetchFromGitHub,
lib,
nodejs,
}:
(buildNpmPackage.override { inherit nodejs; }) rec {
pname = "node-gyp";
version = "10.2.0";
src = fetchFromGitHub {
owner = "nodejs";
repo = "node-gyp";
rev = "refs/tags/v${version}";
hash = "sha256-AxyGE86nuU9VkbLLR/8GKM6bcTgayYodQ0mWiQhQtA0=";
};
npmDepsHash = "sha256-LCm1gF7GfjT13k3fe1A+DNNwP48OtFVbYgwCCLH3eHA=";
postPatch = ''
ln -s ${./package-lock.json} package-lock.json
'';
dontNpmBuild = true;
# Teach node-gyp to use nodejs headers locally rather that download them form https://nodejs.org.
# This is important when build nodejs packages in sandbox.
makeWrapperArgs = [ "--set npm_config_nodedir ${nodejs}" ];
passthru.updateScript = ./update.sh;
meta = {
changelog = "https://github.com/nodejs/node-gyp/blob/${src.rev}/CHANGELOG.md";
description = "Node.js native addon build tool";
homepage = "https://github.com/nodejs/node-gyp";
license = lib.licenses.mit;
mainProgram = "node-gyp";
maintainers = with lib.maintainers; [ dotlambda ];
};
}

26
pkgs/by-name/no/node-gyp/update.sh Executable file
View File

@ -0,0 +1,26 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p gnused jq nix-prefetch-github nodejs prefetch-npm-deps wget
set -euo pipefail
pushd "$(dirname "${BASH_SOURCE[0]}")"
version=$(npm view node-gyp version)
if [[ "$UPDATE_NIX_OLD_VERSION" == "$version" ]]; then
echo "Already up to date!"
exit 0
fi
sed -i 's#version = "[^"]*"#version = "'"$version"'"#' package.nix
src_hash=$(nix-prefetch-github nodejs node-gyp --rev "v$version" | jq --raw-output .hash)
sed -i 's#hash = "[^"]*"#hash = "'"$src_hash"'"#' package.nix
rm -f package-lock.json package.json
wget "https://github.com/nodejs/node-gyp/raw/v$version/package.json"
npm i --package-lock-only --ignore-scripts
npm_hash=$(prefetch-npm-deps package-lock.json)
sed -i 's#npmDepsHash = "[^"]*"#npmDepsHash = "'"$npm_hash"'"#' package.nix
rm package.json
popd

4
pkgs/by-name/pl/plasmusic-toolbar/package.nix
View File

@ -6,13 +6,13 @@
}:
stdenv.mkDerivation (finalAttrs: {
pname = "plasmusic-toolbar";
version = "1.4.0";
version = "1.5.0";
src = fetchFromGitHub {
owner = "ccatterina";
repo = "plasmusic-toolbar";
rev = "v${finalAttrs.version}";
hash = "sha256-Em/5HXKVXAwsWYoJp+50Y+5Oe+JfJ4pYQd0+D7PoyGg=";
hash = "sha256-22eSrvigJHmwVB396APkDtiJjavpijUMuZ4mqQGVwf4=";
};
installPhase = ''

6
pkgs/by-name/s0/s0ix-selftest-tool/package.nix
View File

@ -36,13 +36,13 @@ let
in
stdenv.mkDerivation {
pname = "s0ix-selftest-tool";
version = "0-unstable-2024-05-16";
version = "0-unstable-2024-08-13";
src = fetchFromGitHub {
owner = "intel";
repo = "S0ixSelftestTool";
rev = "846e14ab86faaca2fe600c434191d33b9fc75632";
hash = "sha256-PlsxGkr20pbUunRSa7PXdLLUlnBAgARRC/HpAkofMds=";
rev = "a9fcb3117ff733e7c307bb579c612065b64bf4b7";
hash = "sha256-DcXefQPI4VpkeFH/YM899WEZHIs5IfWOWoUuZV6Ew7M=";
};
# don't use the bundled turbostat binary

6
pkgs/by-name/sk/sketchybar-app-font/package.nix
View File

@ -9,13 +9,13 @@
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "sketchybar-app-font";
version = "2.0.23";
version = "2.0.24";
src = fetchFromGitHub {
owner = "kvndrsslr";
repo = "sketchybar-app-font";
rev = "v2.0.23";
hash = "sha256-pVMfM9m1POwHhhTQ8nj7fVWzfVaUSNNbh6uHhWJmwpQ=";
rev = "v2.0.24";
hash = "sha256-7ILGOz+5S1I6R28i3cdmVs7gYmucPiOfCTIZM7rimV4=";
};
pnpmDeps = pnpm.fetchDeps {

42
pkgs/by-name/sn/snpguest/package.nix Normal file
View File

@ -0,0 +1,42 @@
{
lib,
rustPlatform,
fetchFromGitHub,
pkg-config,
openssl,
nix-update-script,
}:
rustPlatform.buildRustPackage rec {
pname = "snpguest";
version = "0.6.0";
src = fetchFromGitHub {
owner = "virtee";
repo = "snpguest";
rev = "v${version}";
hash = "sha256-9TchRaZPQKAsncs+mlHvzeie9IIVZeea/LfBLXOLuNg=";
};
cargoHash = "sha256-1UX5GiwH38W+IgZO+0EA3M86iWMylM8fgr48DRD187A=";
nativeBuildInputs = [ pkg-config ];
buildInputs = [ openssl ];
env = {
OPENSSL_NO_VENDOR = true;
};
passthru.updateScript = nix-update-script { };
meta = {
description = "CLI tool for interacting with SEV-SNP guest environment";
homepage = "https://github.com/virtee/snpguest";
changelog = "https://github.com/virtee/snpguest/releases/tag/v${version}";
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [ katexochen ];
mainProgram = "snpguest";
platforms = [ "x86_64-linux" ];
};
}

58
pkgs/by-name/sn/snphost/package.nix Normal file
View File

@ -0,0 +1,58 @@
{
lib,
rustPlatform,
fetchFromGitHub,
curl,
pkg-config,
openssl,
zlib,
asciidoctor,
nix-update-script,
findutils,
installShellFiles,
}:
rustPlatform.buildRustPackage rec {
pname = "snphost";
version = "0.4.0";
src = fetchFromGitHub {
owner = "virtee";
repo = "snphost";
rev = "v${version}";
hash = "sha256-ChB745I+4CuN/qvWW5e5gPWBdTDJdrUMiHO3LkmTwtk=";
};
cargoHash = "sha256-yXjrTxCRI+1IMRmBYLw9+uHr9BVVhRXx6zU2q3sYf9s=";
nativeBuildInputs = [
asciidoctor
findutils
installShellFiles
pkg-config
];
buildInputs = [
curl
openssl
zlib
];
# man page is placed in cargo's $OUT_DIR, which is randomized.
# Contacted upstream about it, for now use find to locate it.
postInstall = ''
installManPage $(find target/x86_64-unknown-linux-gnu/release/build -name "snphost.1")
'';
passthru.updateScript = nix-update-script { };
meta = {
description = "Administrative utility for SEV-SNP";
homepage = "https://github.com/virtee/snphost/";
changelog = "https://github.com/virtee/snphost/releases/tag/v${version}";
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [ katexochen ];
mainProgram = "snphost";
platforms = [ "x86_64-linux" ];
};
}

4
pkgs/by-name/sr/srm-cuarzo/package.nix
View File

@ -14,9 +14,9 @@
}:
stdenv.mkDerivation (self: {
pname = "srm-cuarzo";
version = "0.7.0-1";
version = "0.7.1-1";
rev = "v${self.version}";
hash = "sha256-IiHcJyF7lxS/OXU/TGRrzOGNk1kKknyZ4WxMIJshZXs=";
hash = "sha256-cwZWEuht4XClVUQomMKUA3GScaxv7xBxj3tJhmDYG6Y=";
src = fetchFromGitHub {
inherit (self) rev hash;

55
pkgs/by-name/sy/sysdig-cli-scanner/package.nix Normal file
View File

@ -0,0 +1,55 @@
{
stdenv,
lib,
fetchurl,
makeWrapper,
}:
let
versionMetadata = import ./sysdig-cli-scanner.versions.nix;
fetchForSystem = versionMetadata.${stdenv.system} or (throw "unsupported system ${stdenv.system}");
in
stdenv.mkDerivation {
pname = "sysdig-cli-scanner";
version = versionMetadata.version;
src = fetchurl { inherit (fetchForSystem) url hash; };
nativeBuildInputs = [ makeWrapper ];
dontUnpack = true;
installPhase = ''
runHook preInstall
install -Dm755 -T $src $out/bin/sysdig-cli-scanner
wrapProgram $out/bin/sysdig-cli-scanner \
--add-flags --dbpath="\$HOME/.cache/sysdig-cli-scanner/"
runHook postInstall
'';
passthru.updateScript = ./update.sh;
meta = with lib; {
description = "Tool for scanning container images and directories using Sysdig";
longDescription = ''
The Sysdig Vulnerability CLI Scanner, sysdig-cli-scanner, is a versatile tool designed to
manually scan container images and directories, whether they are located locally or remotely.
Depending on your specific use case, you have the flexibility to execute sysdig-cli-scanner
in Vulnerability Management (VM) mode for image scanning or Infrastructure as Code (IaC) mode
for scanning directories.
'';
homepage = "https://docs.sysdig.com/en/docs/installation/sysdig-secure/install-vulnerability-cli-scanner/";
mainProgram = "sysdig-cli-scanner";
license = licenses.unfreeRedistributable;
maintainers = with maintainers; [ tembleking ];
platforms = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
};
}

23
pkgs/by-name/sy/sysdig-cli-scanner/sysdig-cli-scanner.versions.nix Normal file
View File

@ -0,0 +1,23 @@
{
version = "1.13.2";
x86_64-linux = {
url = "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/1.13.2/linux/amd64/sysdig-cli-scanner";
hash = "sha256-nFQ+xDiB7CA9mfQlRiTH/FvyZMKZ0YH8Gzn4ZuZ/Ucc=";
};
aarch64-linux = {
url = "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/1.13.2/linux/arm64/sysdig-cli-scanner";
hash = "sha256-IscMTVzEbWImFZa7uXNp2K6Gplnq2LZoVPoAo5oIZ1U=";
};
x86_64-darwin = {
url = "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/1.13.2/darwin/amd64/sysdig-cli-scanner";
hash = "sha256-Xgip9cquafpRuYcXnnCF5ptFi774EocBZ535b/LzXUQ=";
};
aarch64-darwin = {
url = "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/1.13.2/darwin/arm64/sysdig-cli-scanner";
hash = "sha256-l/u8UV9O5/mFrNHpyIaKvXbVCQ+Fh6binJLv7MCHrtM=";
};
}

56
pkgs/by-name/sy/sysdig-cli-scanner/update.sh Executable file
View File

@ -0,0 +1,56 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p bash curl jq
set -euo pipefail
LATEST_VERSION=$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)
SUPPORTED_OPERATING_SYSTEMS=("linux" "darwin")
SUPPORTED_ARCHITECTURES=("x86_64" "aarch64")
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
VERSIONS_FILE="${SCRIPT_DIR}/sysdig-cli-scanner.versions.nix"
main() {
echo "{" > "$VERSIONS_FILE"
echo " version = \"${LATEST_VERSION}\";" >> "$VERSIONS_FILE"
for os in "${SUPPORTED_OPERATING_SYSTEMS[@]}"; do
for arch in "${SUPPORTED_ARCHITECTURES[@]}"; do
formatted_arch=$(formatArchitectureForURL "$arch")
download_url="https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/${LATEST_VERSION}/${os}/${formatted_arch}/sysdig-cli-scanner"
file_hash=$(fetchFileHash "$download_url")
appendToVersionsFile "$VERSIONS_FILE" "$arch" "$os" "$download_url" "$file_hash"
done
done
echo "}" >> "$VERSIONS_FILE"
}
formatArchitectureForURL() {
local architecture="$1"
case "$architecture" in
x86_64) echo "amd64" ;;
aarch64) echo "arm64" ;;
*) echo "Unsupported architecture: $architecture" >&2; return 1 ;;
esac
}
fetchFileHash() {
local url="$1"
nix store prefetch-file --json "$url" | jq -r .hash
}
appendToVersionsFile() {
local file="$1"
local architecture="$2"
local operating_system="$3"
local url="$4"
local hash="$5"
cat >> "$file" << EOF
${architecture}-${operating_system} = {
url = "$url";
hash = "$hash";
};
EOF
}
main

4
pkgs/by-name/ta/taler-exchange/package.nix
View File

@ -21,7 +21,7 @@
}:
let
version = "0.11.2";
version = "0.12.0";
in
stdenv.mkDerivation {
pname = "taler-exchange";
@ -31,7 +31,7 @@ stdenv.mkDerivation {
url = "https://git.taler.net/exchange.git";
rev = "v${version}";
fetchSubmodules = true;
hash = "sha256-DflUfXAe310LRhZmaHgF1ZpCi+hHF30lpzAIpI1HZvM=";
hash = "sha256-yHRRMlqFA2OiFg0rBVzn7130wyVaxKn2dChFTPnVtbs=";
};
nativeBuildInputs = [

10
pkgs/by-name/ta/taler-merchant/package.nix
View File

@ -12,13 +12,13 @@
}:
let
version = "0.11.3";
version = "0.12.0";
taler-wallet-core = fetchgit {
url = "https://git.taler.net/wallet-core.git";
# https://taler.net/fr/news/2024-11.html
rev = "v0.11.2";
hash = "sha256-GtR87XqmunYubh9EiY3bJIqXiXrT+re3KqWypYK3NCo=";
# https://taler.net/en/news/2024-23.html
rev = "v0.12.7";
hash = "sha256-5fyPPrRCKvHTgipIpKqHX3iH5f+wTuyfsAKgKmvl1nI=";
};
in
stdenv.mkDerivation {
@ -29,7 +29,7 @@ stdenv.mkDerivation {
url = "https://git.taler.net/merchant.git";
rev = "v${version}";
fetchSubmodules = true;
hash = "sha256-Rak6p8cuCHPZxrXqrv3YUU3pFFw4GWf8bcd3Ur+o7Wg=";
hash = "sha256-BNIVlL+YPqqRZUhHOR/eH38dSHn/kNyCbMyz0ICxAMk=";
};
postUnpack = ''

4
pkgs/by-name/vs/vscode-js-debug/package.nix
View File

@ -8,7 +8,7 @@
, Security
, AppKit
, pkg-config
, nodePackages
, node-gyp
, runCommand
, vscode-js-debug
, nix-update-script
@ -29,7 +29,7 @@ buildNpmPackage rec {
nativeBuildInputs = [
pkg-config
nodePackages.node-gyp
node-gyp
] ++ lib.optionals stdenv.isDarwin [ xcbuild ];
buildInputs =

4
pkgs/desktops/deepin/core/dde-gsettings-schemas/default.nix
View File

@ -27,8 +27,6 @@ let
] ++ extraGSettingsOverridePackages;
in
with lib;
# TODO: Having https://github.com/NixOS/nixpkgs/issues/54150 would supersede this
runCommand "nixos-gsettings-desktop-schemas" { preferLocalBuild = true; }
''
@ -37,7 +35,7 @@ runCommand "nixos-gsettings-desktop-schemas" { preferLocalBuild = true; }
mkdir -p $schema_dir
${concatMapStringsSep "\n" (pkg: "cp -rf \"${glib.getSchemaPath pkg}\"/*.xml \"$schema_dir\"") gsettingsOverridePackages}
${lib.concatMapStringsSep "\n" (pkg: "cp -rf \"${glib.getSchemaPath pkg}\"/*.xml \"$schema_dir\"") gsettingsOverridePackages}
chmod -R a+w "$data_dir"

4
pkgs/desktops/xfce/applications/xfburn/default.nix
View File

@ -15,10 +15,10 @@
mkXfceDerivation {
category = "apps";
pname = "xfburn";
version = "0.7.1";
version = "0.7.2";
odd-unstable = false;
sha256 = "sha256-wKJ9O4V1b2SoqC4dDKKLg7u8IK9TcjVEa4ZxQv3UOOI=";
sha256 = "sha256-eJ+MxNdJiDTLW4GhrwgQIyFuOSTWsF34Oet9HJAtIqI=";
nativeBuildInputs = [
libxslt

6
pkgs/desktops/xfce/applications/xfce4-notifyd/default.nix
View File

@ -17,10 +17,10 @@
mkXfceDerivation {
category = "apps";
pname = "xfce4-notifyd";
version = "0.9.4";
version = "0.9.6";
odd-unstable = false;
sha256 = "sha256-oDvP2xE/KvIKl7D5hAwROxhqpli7G/UNd51YCdT7Dv4=";
sha256 = "sha256-TxVz9fUvuS5bl9eq9isalez3/Pro366TGFMBQ2DfIVI=";
buildInputs = [
dbus
@ -37,8 +37,6 @@ mkXfceDerivation {
xfconf
];
env.NIX_CFLAGS_COMPILE = "-I${glib.dev}/include/gio-unix-2.0";
configureFlags = [
"--enable-dbus-start-daemon"
"--enable-sound"

83
pkgs/development/compilers/flutter/engine/constants.nix
View File

@ -1,41 +1,48 @@
{ lib, targetPlatform }:
rec {
os =
if targetPlatform.isLinux then
"linux"
else if targetPlatform.isDarwin then
"macos"
else if targetPlatform.isWindows then
"windows"
else
throw "Unsupported OS \"${targetPlatform.parsed.kernel.name}\"";
{ lib, platform }:
let
self = {
os =
if platform.isLinux then
"linux"
else if platform.isDarwin then
"macos"
else if platform.isWindows then
"windows"
else
throw "Unsupported OS \"${platform.parsed.kernel.name}\"";
arch =
if targetPlatform.isx86_64 then
"amd64"
else if targetPlatform.isx86 && targetPlatform.is32bit then
"386"
else if targetPlatform.isAarch64 then
"arm64"
else if targetPlatform.isMips && targetPlatform.parsed.cpu.significantByte == "littleEndian" then
"mipsle"
else if targetPlatform.isMips64 then
"mips64${lib.optionalString (targetPlatform.parsed.cpu.significantByte == "littleEndian") "le"}"
else if targetPlatform.isPower64 then
"ppc64${lib.optionalString (targetPlatform.parsed.cpu.significantByte == "littleEndian") "le"}"
else if targetPlatform.isS390x then
"s390x"
else
throw "Unsupported CPU \"${targetPlatform.parsed.cpu.name}\"";
alt-os = if platform.isDarwin then "mac" else self.os;
alt-arch =
if targetPlatform.isx86_64 then
"x64"
else if targetPlatform.isAarch64 then
"arm64"
else
targetPlatform.parsed.cpu.name;
arch =
if platform.isx86_64 then
"amd64"
else if platform.isx86 && platform.is32bit then
"386"
else if platform.isAarch64 then
"arm64"
else if platform.isMips && platform.parsed.cpu.significantByte == "littleEndian" then
"mipsle"
else if platform.isMips64 then
"mips64${lib.optionalString (platform.parsed.cpu.significantByte == "littleEndian") "le"}"
else if platform.isPower64 then
"ppc64${lib.optionalString (platform.parsed.cpu.significantByte == "littleEndian") "le"}"
else if platform.isS390x then
"s390x"
else if platform.isRiscV64 then
"riscv64"
else
throw "Unsupported CPU \"${platform.parsed.cpu.name}\"";
platform = "${os}-${arch}";
alt-platform = "${os}-${alt-arch}";
}
alt-arch =
if platform.isx86_64 then
"x64"
else if platform.isAarch64 then
"arm64"
else
platform.parsed.cpu.name;
platform = "${self.os}-${self.arch}";
alt-platform = "${self.os}-${self.alt-arch}";
};
in
self

4
pkgs/development/compilers/flutter/engine/default.nix
View File

@ -9,7 +9,7 @@
url,
patches,
runtimeModes,
isOptimized ? true,
isOptimized ? null,
lib,
stdenv,
dart,
@ -33,8 +33,8 @@ let
url
patches
runtimeMode
isOptimized
;
isOptimized = args.isOptimized or runtimeMode != "debug";
}
);
in

81
pkgs/development/compilers/flutter/engine/package.nix
View File

@ -4,11 +4,11 @@
writeText,
symlinkJoin,
targetPlatform,
hostPlatform,
buildPlatform,
darwin,
clang,
llvm,
tools ? callPackage ./tools.nix { inherit hostPlatform; },
tools ? callPackage ./tools.nix { inherit buildPlatform; },
stdenv,
stdenvNoCC,
dart,
@ -33,7 +33,8 @@
gtk3,
pkg-config,
ninja,
python3,
python312,
python39,
git,
version,
flutterVersion,
@ -44,23 +45,27 @@
patches,
url,
runtimeMode ? "release",
isOptimized ? true,
isOptimized ? runtimeMode != "debug",
}:
with lib;
let
expandSingleDep =
dep: lib.optionals (lib.isDerivation dep) ([ dep ] ++ map (output: dep.${output}) dep.outputs);
expandDeps = deps: flatten (map expandSingleDep deps);
expandDeps = deps: lib.flatten (map expandSingleDep deps);
constants = callPackage ./constants.nix { inherit targetPlatform; };
constants = callPackage ./constants.nix { platform = targetPlatform; };
python3 = if lib.versionAtLeast flutterVersion "3.20" then python312 else python39;
src = callPackage ./source.nix {
inherit
tools
flutterVersion
version
hashes
url
targetPlatform
buildPlatform
;
};
@ -82,9 +87,11 @@ let
];
};
outName = "host_${runtimeMode}${lib.optionalString (!isOptimized) "_unopt --unoptimized"}";
outName = "host_${runtimeMode}${lib.optionalString (!isOptimized) "_unopt"}";
dartPath = "${if (lib.versionAtLeast flutterVersion "3.23") then "flutter/third_party" else "third_party"}/dart";
dartPath = "${
if (lib.versionAtLeast flutterVersion "3.23") then "flutter/third_party" else "third_party"
}/dart";
in
stdenv.mkDerivation (finalAttrs: {
pname = "flutter-engine-${runtimeMode}${lib.optionalString (!isOptimized) "-unopt"}";
@ -96,14 +103,18 @@ stdenv.mkDerivation (finalAttrs: {
dartSdkVersion
src
outName
swiftshader;
swiftshader
;
setOutputFlags = false;
doStrip = isOptimized;
toolchain = symlinkJoin {
name = "flutter-engine-toolchain-${version}";
paths =
expandDeps (
optionals (stdenv.isLinux) [
lib.optionals (stdenv.isLinux) [
gtk3
wayland
libepoxy
@ -128,7 +139,7 @@ stdenv.mkDerivation (finalAttrs: {
xorg.xorgproto
zlib
]
++ optionals (stdenv.isDarwin) [
++ lib.optionals (stdenv.isDarwin) [
clang
llvm
]
@ -146,9 +157,14 @@ stdenv.mkDerivation (finalAttrs: {
'';
};
NIX_CFLAGS_COMPILE = "-I${finalAttrs.toolchain}/include";
NIX_CFLAGS_COMPILE = [
"-I${finalAttrs.toolchain}/include"
] ++ lib.optional (!isOptimized) "-U_FORTIFY_SOURCE";
nativeCheckInputs = lib.optionals stdenv.isLinux [ xorg.xorgserver openbox ];
nativeCheckInputs = lib.optionals stdenv.isLinux [
xorg.xorgserver
openbox
];
nativeBuildInputs =
[
@ -160,7 +176,7 @@ stdenv.mkDerivation (finalAttrs: {
dart
]
++ lib.optionals (stdenv.isLinux) [ patchelf ]
++ optionals (stdenv.isDarwin) [
++ lib.optionals (stdenv.isDarwin) [
darwin.system_cmds
darwin.xcode
tools.xcode-select
@ -169,10 +185,7 @@ stdenv.mkDerivation (finalAttrs: {
buildInputs = [ gtk3 ];
patchtools = [
"${dartPath}/tools/sdks/dart-sdk/bin/dart"
"flutter/third_party/gn/gn"
];
patchtools = [ "flutter/third_party/gn/gn" ];
dontPatch = true;
@ -195,6 +208,10 @@ stdenv.mkDerivation (finalAttrs: {
mkdir -p src/flutter/buildtools/${constants.alt-platform}
ln -s ${llvm} src/flutter/buildtools/${constants.alt-platform}/clang
mkdir -p src/buildtools/${constants.alt-platform}
ln -s ${llvm} src/buildtools/${constants.alt-platform}/clang
mkdir -p src/${dartPath}/tools/sdks
ln -s ${dart} src/${dartPath}/tools/sdks/dart-sdk
${lib.optionalString (stdenv.isLinux) ''
@ -205,13 +222,12 @@ stdenv.mkDerivation (finalAttrs: {
for dir in ''${patchgit[@]}; do
pushd src/$dir
rev=$(cat .git/HEAD)
rm -rf .git
git init
git add .
git config user.name "nobody"
git config user.email "nobody@local.host"
git commit -a -m "$rev" --quiet
git commit -a -m "$dir" --quiet
popd
done
@ -237,10 +253,12 @@ stdenv.mkDerivation (finalAttrs: {
"--embedder-for-target"
"--no-goma"
]
++ optionals (targetPlatform.isx86_64 == false) [
++ lib.optionals (targetPlatform.isx86_64 == false) [
"--linux"
"--linux-cpu ${constants.alt-arch}"
];
]
++ lib.optional (!isOptimized) "--unoptimized"
++ lib.optional (runtimeMode == "debug") "--no-stripped";
# NOTE: Once https://github.com/flutter/flutter/issues/127606 is fixed, use "--no-prebuilt-dart-sdk"
configurePhase =
@ -268,22 +286,9 @@ stdenv.mkDerivation (finalAttrs: {
runHook preBuild
export TERM=dumb
for tool in flatc scenec gen_snapshot dart impellerc shader_archiver gen_snapshot_product; do
ninja -C $out/out/$outName -j$NIX_BUILD_CORES $tool
${lib.optionalString (stdenv.isLinux) ''
patchelf $out/out/$outName/$tool --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker)
''}
done
ninja -C $out/out/$outName -j$NIX_BUILD_CORES
${lib.optionalString (stdenv.isLinux) ''
patchelf $out/out/$outName/dart-sdk/bin/dartaotruntime \
--set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker)
find $out/out/$outName/exe.unstripped -executable -type f -exec patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) {} \;
''}
runHook postBuild
'';
@ -311,7 +316,7 @@ stdenv.mkDerivation (finalAttrs: {
dart = callPackage ./dart.nix { engine = finalAttrs.finalPackage; };
};
meta = {
meta = with lib; {
# Very broken on Darwin
broken = stdenv.isDarwin;
description = "The Flutter engine";
@ -324,5 +329,5 @@ stdenv.mkDerivation (finalAttrs: {
"x86_64-darwin"
"aarch64-darwin"
];
};
} // lib.optionalAttrs (lib.versionOlder flutterVersion "3.22") { hydraPlatforms = [ ]; };
})

44
pkgs/development/compilers/flutter/engine/source.nix
View File

@ -1,9 +1,11 @@
{
lib,
callPackage,
hostPlatform,
buildPlatform,
targetPlatform,
hostPlatform,
fetchgit,
tools ? callPackage ./tools.nix { inherit hostPlatform; },
tools ? null,
curl,
pkg-config,
git,
@ -11,15 +13,19 @@
runCommand,
writeText,
cacert,
flutterVersion,
version,
hashes,
url,
}:
}@pkgs:
let
constants = callPackage ./constants.nix { inherit targetPlatform; };
target-constants = callPackage ./constants.nix { platform = targetPlatform; };
build-constants = callPackage ./constants.nix { platform = buildPlatform; };
tools = pkgs.tools or (callPackage ./tools.nix { inherit hostPlatform buildPlatform; });
boolOption = value: if value then "True" else "False";
in
runCommand "flutter-engine-source-${version}-${targetPlatform.system}"
runCommand "flutter-engine-source-${version}-${buildPlatform.system}-${targetPlatform.system}"
{
pname = "flutter-engine-source";
inherit version;
@ -51,8 +57,20 @@ runCommand "flutter-engine-source-${version}-${targetPlatform.system}"
"setup_githooks": False,
"download_esbuild": False,
"download_dart_sdk": False,
"host_cpu": "${build-constants.alt-arch}",
"host_os": "${build-constants.alt-os}",
},
}]
target_os_only = True
target_os = [
"${target-constants.alt-os}"
]
target_cpu_only = True
target_cpu = [
"${target-constants.alt-arch}"
]
'';
NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
@ -64,7 +82,9 @@ runCommand "flutter-engine-source-${version}-${targetPlatform.system}"
outputHashAlgo = "sha256";
outputHashMode = "recursive";
outputHash = hashes.${targetPlatform.system} or (throw "Hash not set for ${targetPlatform.system}");
outputHash =
(hashes."${buildPlatform.system}" or { })."${targetPlatform.system}"
or (throw "Hash not set for ${targetPlatform.system} on ${buildPlatform.system}");
}
''
source ${../../../../build-support/fetchgit/deterministic-git}
@ -76,13 +96,13 @@ runCommand "flutter-engine-source-${version}-${targetPlatform.system}"
cd $out
export PATH=$PATH:$depot_tools
python3 $depot_tools/gclient.py sync --no-history --shallow --nohooks 2>&1 >/dev/null
find $out -name '.git' -exec dirname {} \; | xargs bash -c 'make_deterministic_repo $@' _
find $out -path '*/.git/*' ! -name 'HEAD' -prune -exec rm -rf {} \;
find $out -name '.git' -exec mkdir {}/logs \;
find $out -name '.git' -exec cp {}/HEAD {}/logs/HEAD \;
python3 $depot_tools/gclient.py sync --no-history --shallow --nohooks -j $NIX_BUILD_CORES
find $out -name '.git' -exec rm -rf {} \; || true
rm -rf $out/src/flutter/{buildtools,prebuilts,third_party/swiftshader}
rm -rf $out/src/buildtools/
rm -rf $out/src/flutter/{buildtools,prebuilts,third_party/swiftshader,third_party/gn/.versions}
rm -rf $out/src/flutter/{third_party/dart/tools/sdks/dart-sdk,third_party/ninja/ninja}
rm -rf $out/src/third_party/{dart/tools/sdks/dart-sdk,libcxx/test}
rm -rf $out/.cipd $out/.gclient $out/.gclient_entries $out/.gclient_previous_custom_vars $out/.gclient_previous_sync_commits
''

57
pkgs/development/compilers/flutter/engine/tools.nix
View File

@ -1,9 +1,11 @@
{
stdenv,
callPackage,
fetchgit,
fetchurl,
writeText,
runCommand,
buildPlatform,
hostPlatform,
darwin,
writeShellScriptBin,
@ -29,7 +31,9 @@
},
}:
let
constants = callPackage ./constants.nix { targetPlatform = hostPlatform; };
constants = callPackage ./constants.nix { platform = buildPlatform; };
host-constants = callPackage ./constants.nix { platform = hostPlatform; };
stdenv-constants = callPackage ./constants.nix { platform = stdenv.hostPlatform; };
in
{
depot_tools = fetchgit {
@ -39,18 +43,45 @@ in
};
cipd =
runCommand "cipd-${cipdCommit}"
{
unwrapped = fetchurl {
name = "cipd-${cipdCommit}-unwrapped";
url = "https://chrome-infra-packages.appspot.com/client?platform=${constants.platform}&version=git_revision:${cipdCommit}";
sha256 = cipdHashes.${constants.platform};
};
}
''
mkdir -p $out/bin
install -m755 $unwrapped $out/bin/cipd
'';
let
unwrapped =
runCommand "cipd-${cipdCommit}"
{
src = fetchurl {
name = "cipd-${cipdCommit}-unwrapped";
url = "https://chrome-infra-packages.appspot.com/client?platform=${stdenv-constants.platform}&version=git_revision:${cipdCommit}";
sha256 = cipdHashes.${stdenv-constants.platform};
};
}
''
mkdir -p $out/bin
install -m755 $src $out/bin/cipd
'';
in
writeShellScriptBin "cipd" ''
params=$@
if [[ "$1" == "ensure" ]]; then
shift 1
params="ensure"
while [ "$#" -ne 0 ]; do
if [[ "$1" == "-ensure-file" ]]; then
ensureFile="$2"
shift 2
params="$params -ensure-file $ensureFile"
sed -i 's/''${platform}/${host-constants.platform}/g' "$ensureFile"
sed -i 's/gn\/gn\/${stdenv-constants.platform}/gn\/gn\/${constants.platform}/g' "$ensureFile"
else
params="$params $1"
shift 1
fi
done
fi
exec ${unwrapped}/bin/cipd $params
'';
vpython =
pythonPkg:

2
pkgs/development/compilers/flutter/flutter.nix
View File

@ -158,7 +158,7 @@ let
# When other derivations wrap this one, any unmodified files
# found here should be included as-is, for tooling compatibility.
sdk = unwrapped;
} // lib.optionalAttrs (engine != null && engine.meta.available) {
} // lib.optionalAttrs (engine != null) {
inherit engine;
};

29
pkgs/development/compilers/flutter/update/get-engine-hashes.nix.in
View File

@ -1,6 +1,7 @@
{ callPackage, symlinkJoin, lib }:
let
nixpkgsRoot = "@nixpkgs_root@";
version = "@flutter_version@";
engineVersion = "@engine_version@";
systemPlatforms = [
@ -8,14 +9,26 @@ let
"aarch64-linux"
];
derivations = builtins.map
(systemPlatform: callPackage "${nixpkgsRoot}/pkgs/development/compilers/flutter/engine/source.nix" {
targetPlatform = lib.systems.elaborate systemPlatform;
version = engineVersion;
url = "https://github.com/flutter/engine.git@${engineVersion}";
hashes."${systemPlatform}" = lib.fakeSha256;
})
systemPlatforms;
derivations =
lib.foldl'
(
acc: buildPlatform:
acc
++ (map
(targetPlatform:
callPackage "${nixpkgsRoot}/pkgs/development/compilers/flutter/engine/source.nix" {
targetPlatform = lib.systems.elaborate targetPlatform;
hostPlatform = lib.systems.elaborate buildPlatform;
buildPlatform = lib.systems.elaborate buildPlatform;
flutterVersion = version;
version = engineVersion;
url = "https://github.com/flutter/engine.git@${engineVersion}";
hashes."${buildPlatform}"."${targetPlatform}" = lib.fakeSha256;
})
systemPlatforms)
) [ ]
systemPlatforms;
in
symlinkJoin {
name = "evaluate-derivations";

11
pkgs/development/compilers/flutter/update/update.py
View File

@ -86,21 +86,22 @@ def nix_build_to_fail(code):
return stderr
def get_engine_hashes(engine_version):
def get_engine_hashes(engine_version, flutter_version):
code = load_code("get-engine-hashes.nix",
nixpkgs_root=NIXPKGS_ROOT,
flutter_version=flutter_version,
engine_version=engine_version)
stderr = nix_build_to_fail(code)
pattern = re.compile(
r"/nix/store/.*-flutter-engine-source-(.+?)-(.+?).drv':\n\s+specified: .*\n\s+got:\s+(.+?)\n")
rf"/nix/store/.*-flutter-engine-source-{engine_version}-(.+?-.+?)-(.+?-.+?).drv':\n\s+specified: .*\n\s+got:\s+(.+?)\n")
matches = pattern.findall(stderr)
result_dict = {}
for match in matches:
_, system, got = match
result_dict[system] = got
flutter_platform, architecture, got = match
result_dict.setdefault(flutter_platform, {})[architecture] = got
def sort_dict_recursive(d):
return {
@ -405,7 +406,7 @@ def main():
engine_swiftshader_rev='0',
**common_data_args)
engine_hashes = get_engine_hashes(engine_hash)
engine_hashes = get_engine_hashes(engine_hash, flutter_version)
write_data(
pubspec_lock=pubspec_lock,

10
pkgs/development/compilers/flutter/versions/3_13/data.json
View File

@ -5,8 +5,14 @@
"engineSwiftShaderRev": "5f9ed9b16931c7155171d31f75004f73f0a3abc8",
"channel": "stable",
"engineHashes": {
"aarch64-linux": "sha256-+MIGPmKHkcn3TlFYu6jXv8KBRqdECgtGSqAKQE33iAM=",
"x86_64-linux": "sha256-+MIGPmKHkcn3TlFYu6jXv8KBRqdECgtGSqAKQE33iAM="
"aarch64-linux": {
"aarch64-linux": "sha256-bl71v+BSadKXOczo8TjkqatzKDmAZf7xyHAk8bVMN1Y=",
"x86_64-linux": "sha256-bl71v+BSadKXOczo8TjkqatzKDmAZf7xyHAk8bVMN1Y="
},
"x86_64-linux": {
"aarch64-linux": "sha256-kW5f7+w8Uo+ndq/lvhz/r7cAyCQY2848kTU1OqhqTnQ=",
"x86_64-linux": "sha256-kW5f7+w8Uo+ndq/lvhz/r7cAyCQY2848kTU1OqhqTnQ="
}
},
"dartVersion": "3.1.4",
"dartHash": {

27
pkgs/development/compilers/flutter/versions/3_13/engine/patches/flutter-45098.patch Normal file
View File

@ -0,0 +1,27 @@
From 41bb032ef3e8332115ed9ebdaeed5d47b9c56098 Mon Sep 17 00:00:00 2001
From: Robert Ancell <robert.ancell@canonical.com>
Date: Fri, 25 Aug 2023 16:46:52 +1200
Subject: [PATCH] Fix building on Pango 1.49.4
This version added the autoptr macros which we no longer need to define.
https://github.com/flutter/flutter/issues/132881
---
shell/platform/linux/fl_accessible_text_field.cc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/shell/platform/linux/fl_accessible_text_field.cc b/shell/platform/linux/fl_accessible_text_field.cc
index 9a6052d4777ec..9dcc7f64fb820 100644
--- a/shell/platform/linux/fl_accessible_text_field.cc
+++ b/shell/platform/linux/fl_accessible_text_field.cc
@@ -7,7 +7,11 @@
#include "flutter/shell/platform/linux/public/flutter_linux/fl_value.h"
G_DEFINE_AUTOPTR_CLEANUP_FUNC(PangoContext, g_object_unref)
+// PangoLayout g_autoptr macro weren't added until 1.49.4. Add them manually.
+// https://gitlab.gnome.org/GNOME/pango/-/commit/0b84e14
+#if !PANGO_VERSION_CHECK(1, 49, 4)
G_DEFINE_AUTOPTR_CLEANUP_FUNC(PangoLayout, g_object_unref)
+#endif
typedef bool (*FlTextBoundaryCallback)(const PangoLogAttr* attr);

10
pkgs/development/compilers/flutter/versions/3_16/data.json
View File

@ -5,8 +5,14 @@
"engineSwiftShaderRev": "5f9ed9b16931c7155171d31f75004f73f0a3abc8",
"channel": "stable",
"engineHashes": {
"aarch64-linux": "sha256-irrfyKvTHqaBgcKg3jJzEDs1B4Q91u/e6Ui01MDI+oU=",
"x86_64-linux": "sha256-irrfyKvTHqaBgcKg3jJzEDs1B4Q91u/e6Ui01MDI+oU="
"aarch64-linux": {
"aarch64-linux": "sha256-eRTh/I0SW6Kg1cZAzj+ZqsolG6anbqMNMdW6sxIlJaA=",
"x86_64-linux": "sha256-eRTh/I0SW6Kg1cZAzj+ZqsolG6anbqMNMdW6sxIlJaA="
},
"x86_64-linux": {
"aarch64-linux": "sha256-FXCgpj1H46amXmDQ998uAGHRUp/CAzZI/Yn4Btr9XsA=",
"x86_64-linux": "sha256-FXCgpj1H46amXmDQ998uAGHRUp/CAzZI/Yn4Btr9XsA="
}
},
"dartVersion": "3.2.4",
"dartHash": {

10
pkgs/development/compilers/flutter/versions/3_19/data.json
View File

@ -5,8 +5,14 @@
"engineSwiftShaderRev": "2fa7e9b99ae4e70ea5ae2cc9c8d3afb43391384f",
"channel": "stable",
"engineHashes": {
"aarch64-linux": "sha256-YTG46ZYCOu0OJGIILV6NGvIEhQU0yHNFSMR38Xvqa9E=",
"x86_64-linux": "sha256-YTG46ZYCOu0OJGIILV6NGvIEhQU0yHNFSMR38Xvqa9E="
"aarch64-linux": {
"aarch64-linux": "sha256-UBiHps5QoTAtSBuh3HBoAlztWZ/TpqvJI9JaIF2tLWs=",
"x86_64-linux": "sha256-UBiHps5QoTAtSBuh3HBoAlztWZ/TpqvJI9JaIF2tLWs="
},
"x86_64-linux": {
"aarch64-linux": "sha256-j7hvd/166zZXTVE46jULE+PzVLqHXhBnaZpYCS9TwpI=",
"x86_64-linux": "sha256-j7hvd/166zZXTVE46jULE+PzVLqHXhBnaZpYCS9TwpI="
}
},
"dartVersion": "3.3.2",
"dartHash": {

10
pkgs/development/compilers/flutter/versions/3_22/data.json
View File

@ -5,8 +5,14 @@
"engineSwiftShaderRev": "2fa7e9b99ae4e70ea5ae2cc9c8d3afb43391384f",
"channel": "stable",
"engineHashes": {
"aarch64-linux": "sha256-OPgevqdMwKhXml+PS5Z1DW0wg843NVN57CiLbXve8kE=",
"x86_64-linux": "sha256-OPgevqdMwKhXml+PS5Z1DW0wg843NVN57CiLbXve8kE="
"aarch64-linux": {
"aarch64-linux": "sha256-MiokUhxz23/HANUv8pD4jrJuj3/EAZNbJVpovM9upKI=",
"x86_64-linux": "sha256-MiokUhxz23/HANUv8pD4jrJuj3/EAZNbJVpovM9upKI="
},
"x86_64-linux": {
"aarch64-linux": "sha256-UWVjNgF94dYG7nSX+Gu6B9500RAHw1EOxE0+QJhS+Ao=",
"x86_64-linux": "sha256-UWVjNgF94dYG7nSX+Gu6B9500RAHw1EOxE0+QJhS+Ao="
}
},
"dartVersion": "3.4.3",
"dartHash": {

10
pkgs/development/compilers/flutter/versions/3_23/data.json
View File

@ -5,8 +5,14 @@
"engineSwiftShaderRev": "2fa7e9b99ae4e70ea5ae2cc9c8d3afb43391384f",
"channel": "beta",
"engineHashes": {
"aarch64-linux": "sha256-g169BDV6NtiyriMSgK3GOwhkVi9X23SqB9HOxxtGPK4=",
"x86_64-linux": "sha256-g169BDV6NtiyriMSgK3GOwhkVi9X23SqB9HOxxtGPK4="
"aarch64-linux": {
"aarch64-linux": "sha256-H+UEIEY3UwBBJePSuwsFWQIGuuYzPuX543Me3YplD14=",
"x86_64-linux": "sha256-H+UEIEY3UwBBJePSuwsFWQIGuuYzPuX543Me3YplD14="
},
"x86_64-linux": {
"aarch64-linux": "sha256-KJbjRfxC2S8JWeo1eTHObvumOjAVc/24jEvOu4znnAY=",
"x86_64-linux": "sha256-KJbjRfxC2S8JWeo1eTHObvumOjAVc/24jEvOu4znnAY="
}
},
"dartVersion": "3.5.0-180.3.beta",
"dartHash": {

9
pkgs/development/julia-modules/extra-python-packages.nix
View File

@ -3,9 +3,6 @@
}:
# This file contains an extra mapping from Julia packages to the Python packages they depend on.
with lib;
rec {
packageMapping = {
ExcelFiles = ["xlrd"];
@ -14,9 +11,9 @@ rec {
SymPy = ["sympy"];
};
getExtraPythonPackages = names: concatMap (name: let
allCandidates = if hasAttr name packageMapping then getAttr name packageMapping else [];
getExtraPythonPackages = names: lib.concatMap (name: let
allCandidates = if lib.hasAttr name packageMapping then lib.getAttr name packageMapping else [];
in
filter (x: hasAttr x python3.pkgs) allCandidates
lib.filter (x: lib.hasAttr x python3.pkgs) allCandidates
) names;
}

1
pkgs/development/node-packages/aliases.nix
View File

@ -126,6 +126,7 @@ mapAliases {
musescore-downloader = pkgs.dl-librescore; # added 2023-08-19
inherit (pkgs) near-cli; # added 2023-09-09
node-inspector = throw "node-inspector was removed because it was broken"; # added 2023-08-21
inherit (pkgs) node-gyp; # added 2024-08-13
inherit (pkgs) node-pre-gyp; # added 2024-08-05
inherit (pkgs) nodemon; # added 2024-06-28
inherit (pkgs) npm-check-updates; # added 2023-08-22

1
pkgs/development/node-packages/node-packages.json
View File

@ -150,7 +150,6 @@
, "multi-file-swagger"
, "neovim"
, "nijs"
, "node-gyp"
, "node-gyp-build"
, "node-red"
, "node2nix"

147
pkgs/development/node-packages/node-packages.nix generated
View File

@ -78254,153 +78254,6 @@ in
bypassCache = true;
reconstructLock = true;
};
node-gyp = nodeEnv.buildNodePackage {
name = "node-gyp";
packageName = "node-gyp";
version = "10.2.0";
src = fetchurl {
url = "https://registry.npmjs.org/node-gyp/-/node-gyp-10.2.0.tgz";
sha512 = "sp3FonBAaFe4aYTcFdZUn2NYkbP7xroPGYvQmP4Nl5PxamznItBnNCgjrVTKrEfQynInMsJvZrdmqUnysCJ8rw==";
};
dependencies = [
sources."@isaacs/cliui-8.0.2"
sources."@npmcli/agent-2.2.2"
sources."@npmcli/fs-3.1.1"
sources."abbrev-2.0.0"
sources."agent-base-7.1.1"
sources."aggregate-error-3.1.0"
sources."ansi-regex-5.0.1"
sources."ansi-styles-6.2.1"
sources."balanced-match-1.0.2"
sources."brace-expansion-2.0.1"
sources."cacache-18.0.4"
sources."chownr-2.0.0"
sources."clean-stack-2.2.0"
sources."color-convert-2.0.1"
sources."color-name-1.1.4"
(sources."cross-spawn-7.0.3" // {
dependencies = [
sources."which-2.0.2"
];
})
sources."debug-4.3.5"
sources."eastasianwidth-0.2.0"
sources."emoji-regex-9.2.2"
sources."env-paths-2.2.1"
sources."err-code-2.0.3"
sources."exponential-backoff-3.1.1"
sources."foreground-child-3.2.1"
sources."fs-minipass-3.0.3"
sources."glob-10.4.5"
sources."graceful-fs-4.2.11"
sources."http-cache-semantics-4.1.1"
sources."http-proxy-agent-7.0.2"
sources."https-proxy-agent-7.0.5"
sources."imurmurhash-0.1.4"
sources."indent-string-4.0.0"
sources."ip-address-9.0.5"
sources."is-fullwidth-code-point-3.0.0"
sources."is-lambda-1.0.1"
sources."isexe-2.0.0"
sources."jackspeak-3.4.3"
sources."jsbn-1.1.0"
sources."lru-cache-10.4.3"
sources."make-fetch-happen-13.0.1"
sources."minimatch-9.0.5"
sources."minipass-7.1.2"
sources."minipass-collect-2.0.1"
sources."minipass-fetch-3.0.5"
(sources."minipass-flush-1.0.5" // {
dependencies = [
sources."minipass-3.3.6"
];
})
(sources."minipass-pipeline-1.2.4" // {
dependencies = [
sources."minipass-3.3.6"
];
})
(sources."minipass-sized-1.0.3" // {
dependencies = [
sources."minipass-3.3.6"
];
})
(sources."minizlib-2.1.2" // {
dependencies = [
sources."minipass-3.3.6"
];
})
sources."mkdirp-1.0.4"
sources."ms-2.1.2"
sources."negotiator-0.6.3"
sources."nopt-7.2.1"
sources."p-map-4.0.0"
sources."package-json-from-dist-1.0.0"
sources."path-key-3.1.1"
sources."path-scurry-1.11.1"
sources."proc-log-4.2.0"
sources."promise-retry-2.0.1"
sources."retry-0.12.0"
sources."semver-7.6.3"
sources."shebang-command-2.0.0"
sources."shebang-regex-3.0.0"
sources."signal-exit-4.1.0"
sources."smart-buffer-4.2.0"
sources."socks-2.8.3"
sources."socks-proxy-agent-8.0.4"
sources."sprintf-js-1.1.3"
sources."ssri-10.0.6"
sources."string-width-5.1.2"
(sources."string-width-cjs-4.2.3" // {
dependencies = [
sources."emoji-regex-8.0.0"
sources."strip-ansi-6.0.1"
];
})
(sources."strip-ansi-7.1.0" // {
dependencies = [
sources."ansi-regex-6.0.1"
];
})
sources."strip-ansi-cjs-6.0.1"
(sources."tar-6.2.1" // {
dependencies = [
(sources."fs-minipass-2.1.0" // {
dependencies = [
sources."minipass-3.3.6"
];
})
sources."minipass-5.0.0"
];
})
sources."unique-filename-3.0.0"
sources."unique-slug-4.0.0"
(sources."which-4.0.0" // {
dependencies = [
sources."isexe-3.1.1"
];
})
sources."wrap-ansi-8.1.0"
(sources."wrap-ansi-cjs-7.0.0" // {
dependencies = [
sources."ansi-styles-4.3.0"
sources."emoji-regex-8.0.0"
sources."string-width-4.2.3"
sources."strip-ansi-6.0.1"
];
})
sources."yallist-4.0.0"
];
buildInputs = globalBuildInputs;
meta = {
description = "Node.js native addon build tool";
homepage = "https://github.com/nodejs/node-gyp#readme";
license = "MIT";
};
production = true;
bypassCache = true;
reconstructLock = true;
};
node-gyp-build = nodeEnv.buildNodePackage {
name = "node-gyp-build";
packageName = "node-gyp-build";

Some files were not shown because too many files have changed in this diff Show More