nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-23 15:33:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge master into staging-next

Browse Source
This commit is contained in:
Frederik Rietdijk 2020-02-10 12:55:47 +01:00
commit ec3edaf7b5
154 changed files with 3373 additions and 1173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
doc/languages-frameworks/dotnet.section.md Normal file
View File

@ -0,0 +1,75 @@
# Dotnet
## Local Development Workflow
For local development, it's recommended to use nix-shell to create a dotnet environment:
```
# shell.nix
with import <nixpkgs> {};
mkShell {
name = "dotnet-env";
buildInputs = [
dotnet-sdk_3
];
}
```
### Using many sdks in a workflow
It's very likely that more than one sdk will be needed on a given project. Dotnet provides several different frameworks (E.g dotnetcore, aspnetcore, etc.) as well as many versions for a given framework. Normally, dotnet is able to fetch a framework and install it relative to the executable. However, this would mean writing to the nix store in nixpkgs, which is read-only. To support the many-sdk use case, one can compose an environment using `dotnetCorePackages.combinePackages`:
```
with import <nixpkgs> {};
mkShell {
name = "dotnet-env";
buildInputs = [
(with dotnetCorePackages; combinePackages [
sdk_3_1
sdk_3_0
sdk_2_1
])
];
}
```
This will produce a dotnet installation that has the dotnet 3.1, 3.0, and 2.1 sdk. The first sdk listed will have it's cli utility present in the resulting environment. Example info output:
```
$ dotnet --info
.NET Core SDK (reflecting any global.json):
Version: 3.1.101
Commit: b377529961
...
.NET Core SDKs installed:
2.1.803 [/nix/store/iiv98i2jdi226dgh4jzkkj2ww7f8jgpd-dotnet-core-combined/sdk]
3.0.102 [/nix/store/iiv98i2jdi226dgh4jzkkj2ww7f8jgpd-dotnet-core-combined/sdk]
3.1.101 [/nix/store/iiv98i2jdi226dgh4jzkkj2ww7f8jgpd-dotnet-core-combined/sdk]
.NET Core runtimes installed:
Microsoft.AspNetCore.All 2.1.15 [/nix/store/iiv98i2jdi226dgh4jzkkj2ww7f8jgpd-dotnet-core-combined/shared/Microsoft.AspNetCore.All]
Microsoft.AspNetCore.App 2.1.15 [/nix/store/iiv98i2jdi226dgh4jzkkj2ww7f8jgpd-dotnet-core-combined/shared/Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 3.0.2 [/nix/store/iiv98i2jdi226dgh4jzkkj2ww7f8jgpd-dotnet-core-combined/shared/Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 3.1.1 [/nix/store/iiv98i2jdi226dgh4jzkkj2ww7f8jgpd-dotnet-core-combined/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 2.1.15 [/nix/store/iiv98i2jdi226dgh4jzkkj2ww7f8jgpd-dotnet-core-combined/shared/Microsoft.NETCore.App]
Microsoft.NETCore.App 3.0.2 [/nix/store/iiv98i2jdi226dgh4jzkkj2ww7f8jgpd-dotnet-core-combined/shared/Microsoft.NETCore.App]
Microsoft.NETCore.App 3.1.1 [/nix/store/iiv98i2jdi226dgh4jzkkj2ww7f8jgpd-dotnet-core-combined/shared/Microsoft.NETCore.App]
```
## dotnet-sdk vs dotnetCorePackages.sdk
The `dotnetCorePackages.sdk_X_Y` is preferred over the old dotnet-sdk as both major and minor version are very important for a dotnet environment. If a given minor version isn't present (or was changed), then this will likely break your ability to build a project.
## dotnetCorePackages.sdk vs dotnetCorePackages.netcore vs dotnetCorePackages.aspnetcore
The `dotnetCorePackages.sdk` contains both a runtime and the full sdk of a given version. The `netcore` and `aspnetcore` packages are meant to serve as minimal runtimes to deploy alongside already built applications.
## Packaging a Dotnet Application
Ideally, we would like to build against the sdk, then only have the dotnet runtime available in the runtime closure.
TODO: Create closure-friendly way to package dotnet applications

6
maintainers/maintainer-list.nix
View File

@ -4304,6 +4304,12 @@
email = "wheatdoge@gmail.com";
name = "Tim Liou";
};
m1cr0man = {
email = "lucas+nix@m1cr0man.com";
github = "m1cr0man";
githubId = 3044438;
name = "Lucas Savva";
};
m3tti = {
email = "mathaeus.peter.sander@gmail.com";
name = "Mathaeus Sander";

21
nixos/doc/manual/release-notes/rl-2003.xml
View File

@ -615,6 +615,12 @@ auth required pam_succeed_if.so uid >= 1000 quiet
<link xlink:href="https://www.oracle.com/technetwork/developer-tools/sql-developer/downloads/sqldev-relnotes-194-5908846.html">release notes</link>.
</para>
</listitem>
<listitem>
<para>
The <package>gcc-snapshot</package>-package has been removed. It's marked as broken for &gt;2 years and used to point
to a fairly old snapshot from the <package>gcc7</package>-branch.
</para>
</listitem>
</itemizedlist>
</section>
@ -654,6 +660,21 @@ auth required pam_succeed_if.so uid >= 1000 quiet
<literal>PRETTY_NAME</literal> in <literal>/etc/os-release</literal>
now uses the short rather than full version string.
</para>
</listitem>
<listitem>
<para>
The ACME module has switched from simp-le to <link xlink:href="https://github.com/go-acme/lego">lego</link>
which allows us to support DNS-01 challenges and wildcard certificates. The following options have been added:
<link linkend="opt-security.acme.acceptTerms">security.acme.acceptTerms</link>,
<link linkend="opt-security.acme.certs">security.acme.certs.&lt;name&gt;.dnsProvider</link>,
<link linkend="opt-security.acme.certs">security.acme.certs.&lt;name&gt;.credentialsFile</link>,
<link linkend="opt-security.acme.certs">security.acme.certs.&lt;name&gt;.dnsPropagationCheck</link>.
As well as this, the options <literal>security.acme.acceptTerms</literal> and either
<literal>security.acme.email</literal> or <literal>security.acme.certs.&lt;name&gt;.email</literal>
must be set in order to use the ACME module.
Certificates will be regenerated anew on the next renewal date. The credentials for simp-le are
preserved and thus it is possible to roll back to previous versions without breaking certificate
generation.
</listitem>
<listitem>
<para>

19
nixos/lib/make-ext4-fs.nix
View File

@ -64,7 +64,7 @@ pkgs.stdenv.mkDerivation {
echo "copying files to image..."
cptofs -t ext4 -i $img ./files/* /
export EXT2FS_NO_MTAB_OK=yes
# I have ended up with corrupted images sometimes, I suspect that happens when the build machine's disk gets full during the build.
if ! fsck.ext4 -n -f $img; then
echo "--- Fsck failed for EXT4 image of $bytes bytes (numInodes=$numInodes, numDataBlocks=$numDataBlocks) ---"
@ -72,21 +72,8 @@ pkgs.stdenv.mkDerivation {
return 1
fi
(
# Resizes **snugly** to its actual limits (or closer to)
free=$(dumpe2fs $img | grep '^Free blocks:')
blocksize=$(dumpe2fs $img | grep '^Block size:')
blocks=$(dumpe2fs $img | grep '^Block count:')
blocks=$((''${blocks##*:})) # format the number.
blocksize=$((''${blocksize##*:})) # format the number.
# System can't boot with 0 blocks free.
# Add 16MiB of free space
fudge=$(( 16 * 1024 * 1024 / blocksize ))
size=$(( blocks - ''${free##*:} + fudge ))
echo "Resizing from $blocks blocks to $size blocks. (~ $((size*blocksize/1024/1024))MiB)"
EXT2FS_NO_MTAB_OK=yes resize2fs $img -f $size
)
echo "Resizing to minimum allowed size"
resize2fs -M $img
# And a final fsck, because of the previous truncating.
fsck.ext4 -n -f $img

6
nixos/lib/testing.nix
View File

@ -19,7 +19,11 @@ in rec {
inherit pkgs;
testDriver = stdenv.mkDerivation {
testDriver = lib.warn ''
Perl VM tests are deprecated and will be removed for 20.09.
Please update your tests to use the python test driver.
See https://github.com/NixOS/nixpkgs/pull/71684 for details.
'' stdenv.mkDerivation {
name = "nixos-test-driver";
buildInputs = [ makeWrapper perl ];

4
nixos/modules/module-list.nix
View File

@ -229,6 +229,8 @@
./services/backup/restic.nix
./services/backup/restic-rest-server.nix
./services/backup/rsnapshot.nix
./services/backup/sanoid.nix
./services/backup/syncoid.nix
./services/backup/tarsnap.nix
./services/backup/tsm.nix
./services/backup/zfs-replication.nix
@ -401,6 +403,7 @@
./services/mail/rspamd.nix
./services/mail/rss2email.nix
./services/mail/roundcube.nix
./services/mail/sympa.nix
./services/mail/nullmailer.nix
./services/misc/airsonic.nix
./services/misc/apache-kafka.nix
@ -814,6 +817,7 @@
./services/web-apps/dokuwiki.nix
./services/web-apps/frab.nix
./services/web-apps/gotify-server.nix
./services/web-apps/grocy.nix
./services/web-apps/icingaweb2/icingaweb2.nix
./services/web-apps/icingaweb2/module-monitoring.nix
./services/web-apps/ihatemoney

66
nixos/modules/programs/zsh/zsh.nix
View File

@ -15,6 +15,24 @@ let
(filterAttrs (k: v: v != null) cfg.shellAliases)
);
zshStartupNotes = ''
# Note that generated /etc/zprofile and /etc/zshrc files do a lot of
# non-standard setup to make zsh usable with no configuration by default.
#
# Which means that unless you explicitly meticulously override everything
# generated, interactions between your ~/.zshrc and these files are likely
# to be rather surprising.
#
# Note however, that you can disable loading of the generated /etc/zprofile
# and /etc/zshrc (you can't disable loading of /etc/zshenv, but it is
# designed to not set anything surprising) by setting `no_global_rcs` option
# in ~/.zshenv:
#
# echo setopt no_global_rcs >> ~/.zshenv
#
# See "STARTUP/SHUTDOWN FILES" section of zsh(1) for more info.
'';
in
{
@ -69,6 +87,10 @@ in
promptInit = mkOption {
default = ''
# Note that to manually override this in ~/.zshrc you should run `prompt off`
# before setting your PS1 and etc. Otherwise this will likely to interact with
# your ~/.zshrc configuration in unexpected ways as the default prompt sets
# a lot of different prompt variables.
autoload -U promptinit && promptinit && prompt walters && setopt prompt_sp
'';
description = ''
@ -100,7 +122,8 @@ in
];
example = [ "EXTENDED_HISTORY" "RM_STAR_WAIT" ];
description = ''
Configure zsh options.
Configure zsh options. See
<citerefentry><refentrytitle>zshoptions</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
'';
};
@ -147,6 +170,14 @@ in
. ${config.system.build.setEnvironment}
fi
HELPDIR="${pkgs.zsh}/share/zsh/$ZSH_VERSION/help"
# Tell zsh how to find installed completions.
for p in ''${(z)NIX_PROFILES}; do
fpath+=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions)
done
# Setup custom shell init stuff.
${cfge.shellInit}
${cfg.shellInit}
@ -161,11 +192,14 @@ in
''
# /etc/zprofile: DO NOT EDIT -- this file has been generated automatically.
# This file is read for login shells.
#
${zshStartupNotes}
# Only execute this file once per shell.
if [ -n "$__ETC_ZPROFILE_SOURCED" ]; then return; fi
__ETC_ZPROFILE_SOURCED=1
# Setup custom login shell init stuff.
${cfge.loginShellInit}
${cfg.loginShellInit}
@ -180,38 +214,44 @@ in
''
# /etc/zshrc: DO NOT EDIT -- this file has been generated automatically.
# This file is read for interactive shells.
#
${zshStartupNotes}
# Only execute this file once per shell.
if [ -n "$__ETC_ZSHRC_SOURCED" -o -n "$NOSYSZSHRC" ]; then return; fi
__ETC_ZSHRC_SOURCED=1
. /etc/zinputrc
${optionalString (cfg.setOptions != []) ''
# Set zsh options.
setopt ${concatStringsSep " " cfg.setOptions}
''}
# Don't export these, otherwise other shells (bash) will try to use same histfile
# Setup command line history.
# Don't export these, otherwise other shells (bash) will try to use same HISTFILE.
SAVEHIST=${toString cfg.histSize}
HISTSIZE=${toString cfg.histSize}
HISTFILE=${cfg.histFile}
HELPDIR="${pkgs.zsh}/share/zsh/$ZSH_VERSION/help"
# Configure sane keyboard defaults.
. /etc/zinputrc
# Tell zsh how to find installed completions
for p in ''${(z)NIX_PROFILES}; do
fpath+=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions)
done
${optionalString cfg.enableGlobalCompInit "autoload -U compinit && compinit"}
${optionalString cfg.enableGlobalCompInit ''
# Enable autocompletion.
autoload -U compinit && compinit
''}
# Setup custom interactive shell init stuff.
${cfge.interactiveShellInit}
${cfg.interactiveShellInit}
${optionalString (cfg.setOptions != []) "setopt ${concatStringsSep " " cfg.setOptions}"}
# Setup aliases.
${zshAliases}
# Setup prompt.
${cfg.promptInit}
# Need to disable features to support TRAMP
# Disable some features to support TRAMP.
if [ "$TERM" = dumb ]; then
unsetopt zle prompt_cr prompt_subst
unset RPS1 RPROMPT

173
nixos/modules/security/acme.nix
View File

@ -1,7 +1,5 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.security.acme;
@ -9,7 +7,8 @@ let
certOpts = { name, ... }: {
options = {
webroot = mkOption {
type = types.str;
type = types.nullOr types.str;
default = null;
example = "/var/lib/acme/acme-challenges";
description = ''
Where the webroot of the HTTP vhost is located.
@ -38,7 +37,7 @@ let
email = mkOption {
type = types.nullOr types.str;
default = null;
default = cfg.email;
description = "Contact email address for the CA to be able to reach you.";
};
@ -76,20 +75,6 @@ let
'';
};
plugins = mkOption {
type = types.listOf (types.enum [
"cert.der" "cert.pem" "chain.pem" "external.sh"
"fullchain.pem" "full.pem" "key.der" "key.pem" "account_key.json" "account_reg.json"
]);
default = [ "fullchain.pem" "full.pem" "key.pem" "account_key.json" "account_reg.json" ];
description = ''
Plugins to enable. With default settings simp_le will
store public certificate bundle in <filename>fullchain.pem</filename>,
private key in <filename>key.pem</filename> and those two previous
files combined in <filename>full.pem</filename> in its state directory.
'';
};
directory = mkOption {
type = types.str;
readOnly = true;
@ -111,6 +96,46 @@ let
own server roots if needed.
'';
};
keyType = mkOption {
type = types.str;
default = "ec384";
description = ''
Key type to use for private keys.
For an up to date list of supported values check the --key-type option
at https://go-acme.github.io/lego/usage/cli/#usage.
'';
};
dnsProvider = mkOption {
type = types.nullOr types.str;
default = null;
example = "route53";
description = ''
DNS Challenge provider. For a list of supported providers, see the "code"
field of the DNS providers listed at https://go-acme.github.io/lego/dns/.
'';
};
credentialsFile = mkOption {
type = types.path;
description = ''
Path to an EnvironmentFile for the cert's service containing any required and
optional environment variables for your selected dnsProvider.
To find out what values you need to set, consult the documentation at
https://go-acme.github.io/lego/dns/ for the corresponding dnsProvider.
'';
example = "/var/src/secrets/example.org-route53-api-token";
};
dnsPropagationCheck = mkOption {
type = types.bool;
default = true;
description = ''
Toggles lego DNS propagation check, which is used alongside DNS-01
challenge to ensure the DNS entries required are available.
'';
};
};
};
@ -130,14 +155,21 @@ in
(mkRemovedOptionModule [ "security" "acme" "directory"] "ACME Directory is now hardcoded to /var/lib/acme and its permisisons are managed by systemd. See https://github.com/NixOS/nixpkgs/issues/53852 for more info.")
(mkRemovedOptionModule [ "security" "acme" "preDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
(mkRemovedOptionModule [ "security" "acme" "activationDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
(mkChangedOptionModule [ "security" "acme" "validMin"] [ "security" "acme" "validMinDays"] (config: config.security.acme.validMin / (24 * 3600)))
];
options = {
security.acme = {
validMin = mkOption {
validMinDays = mkOption {
type = types.int;
default = 30 * 24 * 3600;
description = "Minimum remaining validity before renewal in seconds.";
default = 30;
description = "Minimum remaining validity before renewal in days.";
};
email = mkOption {
type = types.nullOr types.str;
default = null;
description = "Contact email address for the CA to be able to reach you.";
};
renewInterval = mkOption {
@ -173,6 +205,15 @@ in
'';
};
acceptTerms = mkOption {
type = types.bool;
default = false;
description = ''
Accept the CA's terms of service. The default provier is Let's Encrypt,
you can find their ToS at https://letsencrypt.org/repository/
'';
};
certs = mkOption {
default = { };
type = with types; attrsOf (submodule certOpts);
@ -204,27 +245,55 @@ in
config = mkMerge [
(mkIf (cfg.certs != { }) {
assertions = let
certs = (mapAttrsToList (k: v: v) cfg.certs);
in [
{
assertion = all (certOpts: certOpts.dnsProvider == null || certOpts.webroot == null) certs;
message = ''
Options `security.acme.certs.<name>.dnsProvider` and
`security.acme.certs.<name>.webroot` are mutually exclusive.
'';
}
{
assertion = cfg.email != null || all (certOpts: certOpts.email != null) certs;
message = ''
You must define `security.acme.certs.<name>.email` or
`security.acme.email` to register with the CA.
'';
}
{
assertion = cfg.acceptTerms;
message = ''
You must accept the CA's terms of service before using
the ACME module by setting `security.acme.acceptTerms`
to `true`. For Let's Encrypt's ToS see https://letsencrypt.org/repository/
'';
}
];
systemd.services = let
services = concatLists servicesLists;
servicesLists = mapAttrsToList certToServices cfg.certs;
certToServices = cert: data:
let
# StateDirectory must be relative, and will be created under /var/lib by systemd
lpath = "acme/${cert}";
apath = "/var/lib/${lpath}";
spath = "/var/lib/acme/.lego";
rights = if data.allowKeysForGroup then "750" else "700";
cmdline = [ "-v" "-d" data.domain "--default_root" data.webroot "--valid_min" cfg.validMin ]
++ optionals (data.email != null) [ "--email" data.email ]
++ concatMap (p: [ "-f" p ]) data.plugins
++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains)
globalOpts = [ "-d" data.domain "--email" data.email "--path" "." "--key-type" data.keyType ]
++ optionals (cfg.acceptTerms) [ "--accept-tos" ]
++ optionals (data.dnsProvider != null && !data.dnsPropagationCheck) [ "--dns.disable-cp" ]
++ concatLists (mapAttrsToList (name: root: [ "-d" name ]) data.extraDomains)
++ (if data.dnsProvider != null then [ "--dns" data.dnsProvider ] else [ "--http" "--http.webroot" data.webroot ])
++ optionals (cfg.server != null || data.server != null) ["--server" (if data.server == null then cfg.server else data.server)];
runOpts = escapeShellArgs (globalOpts ++ [ "run" ]);
renewOpts = escapeShellArgs (globalOpts ++ [ "renew" "--days" (toString cfg.validMinDays) ]);
acmeService = {
description = "Renew ACME Certificate for ${cert}";
after = [ "network.target" "network-online.target" ];
wants = [ "network-online.target" ];
# simp_le uses requests, which uses certifi under the hood,
# which doesn't respect the system trust store.
# At least in the acme test, we provision a fake CA, impersonating the LE endpoint.
# REQUESTS_CA_BUNDLE is a way to teach python requests to use something else
environment.REQUESTS_CA_BUNDLE = "/etc/ssl/certs/ca-certificates.crt";
serviceConfig = {
Type = "oneshot";
# With RemainAfterExit the service is considered active even
@ -233,18 +302,37 @@ in
# the permissions of the StateDirectory get adjusted
# according to the specified group
RemainAfterExit = true;
SuccessExitStatus = [ "0" "1" ];
User = data.user;
Group = data.group;
PrivateTmp = true;
StateDirectory = lpath;
StateDirectory = "acme/.lego ${lpath}";
StateDirectoryMode = rights;
WorkingDirectory = "/var/lib/${lpath}";
ExecStart = "${pkgs.simp_le}/bin/simp_le ${escapeShellArgs cmdline}";
WorkingDirectory = spath;
# Only try loading the credentialsFile if the dns challenge is enabled
EnvironmentFile = if data.dnsProvider != null then data.credentialsFile else null;
ExecStart = pkgs.writeScript "acme-start" ''
#!${pkgs.runtimeShell} -e
${pkgs.lego}/bin/lego ${renewOpts} || ${pkgs.lego}/bin/lego ${runOpts}
'';
ExecStartPost =
let
keyName = builtins.replaceStrings ["*"] ["_"] data.domain;
script = pkgs.writeScript "acme-post-start" ''
#!${pkgs.runtimeShell} -e
cd ${apath}
# Test that existing cert is older than new cert
KEY=${spath}/certificates/${keyName}.key
if [ -e $KEY -a $KEY -nt key.pem ]; then
cp -p ${spath}/certificates/${keyName}.key key.pem
cp -p ${spath}/certificates/${keyName}.crt cert.pem
cp -p ${spath}/certificates/${keyName}.issuer.crt chain.pem
cat cert.pem chain.pem > fullchain.pem
cat key.pem cert.pem chain.pem > full.pem
chmod ${rights} *.pem
chown '${data.user}:${data.group}' *.pem
fi
${data.postRun}
'';
in
@ -276,17 +364,17 @@ in
-out $workdir/server.crt
# Copy key to destination
cp $workdir/server.key /var/lib/${lpath}/key.pem
cp $workdir/server.key ${apath}/key.pem
# Create fullchain.pem (same format as "simp_le ... -f fullchain.pem" creates)
cat $workdir/{server.crt,ca.crt} > "/var/lib/${lpath}/fullchain.pem"
cat $workdir/{server.crt,ca.crt} > "${apath}/fullchain.pem"
# Create full.pem for e.g. lighttpd
cat $workdir/{server.key,server.crt,ca.crt} > "/var/lib/${lpath}/full.pem"
cat $workdir/{server.key,server.crt,ca.crt} > "${apath}/full.pem"
# Give key acme permissions
chown '${data.user}:${data.group}' "/var/lib/${lpath}/"{key,fullchain,full}.pem
chmod ${rights} "/var/lib/${lpath}/"{key,fullchain,full}.pem
chown '${data.user}:${data.group}' "${apath}/"{key,fullchain,full}.pem
chmod ${rights} "${apath}/"{key,fullchain,full}.pem
'';
serviceConfig = {
Type = "oneshot";
@ -297,7 +385,7 @@ in
};
unitConfig = {
# Do not create self-signed key when key already exists
ConditionPathExists = "!/var/lib/${lpath}/key.pem";
ConditionPathExists = "!${apath}/key.pem";
};
};
in (
@ -309,8 +397,7 @@ in
servicesAttr;
systemd.tmpfiles.rules =
flip mapAttrsToList cfg.certs
(cert: data: "d ${data.webroot}/.well-known/acme-challenge - ${data.user} ${data.group}");
map (data: "d ${data.webroot}/.well-known/acme-challenge - ${data.user} ${data.group}") (filter (data: data.webroot != null) (attrValues cfg.certs));
systemd.timers = flip mapAttrs' cfg.certs (cert: data: nameValuePair
("acme-${cert}")
@ -334,7 +421,7 @@ in
];
meta = {
maintainers = with lib.maintainers; [ abbradar fpletz globin ];
maintainers = with lib.maintainers; [ abbradar fpletz globin m1cr0man ];
doc = ./acme.xml;
};
}

2
nixos/modules/security/acme.xml
View File

@ -7,7 +7,7 @@
<para>
NixOS supports automatic domain validation &amp; certificate retrieval and
renewal using the ACME protocol. This is currently only implemented by and
for Let's Encrypt. The alternative ACME client <literal>simp_le</literal> is
for Let's Encrypt. The alternative ACME client <literal>lego</literal> is
used under the hood.
</para>
<section xml:id="module-security-acme-prerequisites">

32
nixos/modules/security/sudo.nix
View File

@ -71,23 +71,25 @@ in
this is the case when configuration options are merged.
'';
default = [];
example = [
# Allow execution of any command by all users in group sudo,
# requiring a password.
{ groups = [ "sudo" ]; commands = [ "ALL" ]; }
example = literalExample ''
[
# Allow execution of any command by all users in group sudo,
# requiring a password.
{ groups = [ "sudo" ]; commands = [ "ALL" ]; }
# Allow execution of "/home/root/secret.sh" by user `backup`, `database`
# and the group with GID `1006` without a password.
{ users = [ "backup" "database" ]; groups = [ 1006 ];
commands = [ { command = "/home/root/secret.sh"; options = [ "SETENV" "NOPASSWD" ]; } ]; }
# Allow execution of "/home/root/secret.sh" by user `backup`, `database`
# and the group with GID `1006` without a password.
{ users = [ "backup" "database" ]; groups = [ 1006 ];
commands = [ { command = "/home/root/secret.sh"; options = [ "SETENV" "NOPASSWD" ]; } ]; }
# Allow all users of group `bar` to run two executables as user `foo`
# with arguments being pre-set.
{ groups = [ "bar" ]; runAs = "foo";
commands =
[ "/home/baz/cmd1.sh hello-sudo"
{ command = ''/home/baz/cmd2.sh ""''; options = [ "SETENV" ]; } ]; }
];
# Allow all users of group `bar` to run two executables as user `foo`
# with arguments being pre-set.
{ groups = [ "bar" ]; runAs = "foo";
commands =
[ "/home/baz/cmd1.sh hello-sudo"
{ command = '''/home/baz/cmd2.sh ""'''; options = [ "SETENV" ]; } ]; }
]
'';
type = with types; listOf (submodule {
options = {
users = mkOption {

4
nixos/modules/services/audio/mopidy.nix
View File

@ -13,11 +13,11 @@ let
mopidyEnv = buildEnv {
name = "mopidy-with-extensions-${mopidy.version}";
paths = closePropagation cfg.extensionPackages;
pathsToLink = [ "/${python.sitePackages}" ];
pathsToLink = [ "/${python3.sitePackages}" ];
buildInputs = [ makeWrapper ];
postBuild = ''
makeWrapper ${mopidy}/bin/mopidy $out/bin/mopidy \
--prefix PYTHONPATH : $out/${python.sitePackages}
--prefix PYTHONPATH : $out/${python3.sitePackages}
'';
};
in {

213
nixos/modules/services/backup/sanoid.nix Normal file
View File

@ -0,0 +1,213 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.sanoid;
datasetSettingsType = with types;
(attrsOf (nullOr (oneOf [ str int bool (listOf str) ]))) // {
description = "dataset/template options";
};
# Default values from https://github.com/jimsalterjrs/sanoid/blob/master/sanoid.defaults.conf
commonOptions = {
hourly = mkOption {
description = "Number of hourly snapshots.";
type = types.ints.unsigned;
default = 48;
};
daily = mkOption {
description = "Number of daily snapshots.";
type = types.ints.unsigned;
default = 90;
};
monthly = mkOption {
description = "Number of monthly snapshots.";
type = types.ints.unsigned;
default = 6;
};
yearly = mkOption {
description = "Number of yearly snapshots.";
type = types.ints.unsigned;
default = 0;
};
autoprune = mkOption {
description = "Whether to automatically prune old snapshots.";
type = types.bool;
default = true;
};
autosnap = mkOption {
description = "Whether to automatically take snapshots.";
type = types.bool;
default = true;
};
settings = mkOption {
description = ''
Free-form settings for this template/dataset. See
<link xlink:href="https://github.com/jimsalterjrs/sanoid/blob/master/sanoid.defaults.conf"/>
for allowed values.
'';
type = datasetSettingsType;
};
};
commonConfig = config: {
settings = {
hourly = mkDefault config.hourly;
daily = mkDefault config.daily;
monthly = mkDefault config.monthly;
yearly = mkDefault config.yearly;
autoprune = mkDefault config.autoprune;
autosnap = mkDefault config.autosnap;
};
};
datasetOptions = {
useTemplate = mkOption {
description = "Names of the templates to use for this dataset.";
type = (types.listOf (types.enum (attrNames cfg.templates))) // {
description = "list of template names";
};
default = [];
};
recursive = mkOption {
description = "Whether to recursively snapshot dataset children.";
type = types.bool;
default = false;
};
processChildrenOnly = mkOption {
description = "Whether to only snapshot child datasets if recursing.";
type = types.bool;
default = false;
};
};
datasetConfig = config: {
settings = {
use_template = mkDefault config.useTemplate;
recursive = mkDefault config.recursive;
process_children_only = mkDefault config.processChildrenOnly;
};
};
# Extract pool names from configured datasets
pools = unique (map (d: head (builtins.match "([^/]+).*" d)) (attrNames cfg.datasets));
configFile = let
mkValueString = v:
if builtins.isList v then concatStringsSep "," v
else generators.mkValueStringDefault {} v;
mkKeyValue = k: v: if v == null then ""
else generators.mkKeyValueDefault { inherit mkValueString; } "=" k v;
in generators.toINI { inherit mkKeyValue; } cfg.settings;
configDir = pkgs.writeTextDir "sanoid.conf" configFile;
in {
# Interface
options.services.sanoid = {
enable = mkEnableOption "Sanoid ZFS snapshotting service";
interval = mkOption {
type = types.str;
default = "hourly";
example = "daily";
description = ''
Run sanoid at this interval. The default is to run hourly.
The format is described in
<citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>.
'';
};
datasets = mkOption {
type = types.attrsOf (types.submodule ({ config, ... }: {
options = commonOptions // datasetOptions;
config = mkMerge [ (commonConfig config) (datasetConfig config) ];
}));
default = {};
description = "Datasets to snapshot.";
};
templates = mkOption {
type = types.attrsOf (types.submodule ({ config, ... }: {
options = commonOptions;
config = commonConfig config;
}));
default = {};
description = "Templates for datasets.";
};
settings = mkOption {
type = types.attrsOf datasetSettingsType;
description = ''
Free-form settings written directly to the config file. See
<link xlink:href="https://github.com/jimsalterjrs/sanoid/blob/master/sanoid.defaults.conf"/>
for allowed values.
'';
};
extraArgs = mkOption {
type = types.listOf types.str;
default = [];
example = [ "--verbose" "--readonly" "--debug" ];
description = ''
Extra arguments to pass to sanoid. See
<link xlink:href="https://github.com/jimsalterjrs/sanoid/#sanoid-command-line-options"/>
for allowed options.
'';
};
};
# Implementation
config = mkIf cfg.enable {
services.sanoid.settings = mkMerge [
(mapAttrs' (d: v: nameValuePair ("template_" + d) v.settings) cfg.templates)
(mapAttrs (d: v: v.settings) cfg.datasets)
];
systemd.services.sanoid = {
description = "Sanoid snapshot service";
serviceConfig = {
ExecStartPre = map (pool: lib.escapeShellArgs [
"+/run/booted-system/sw/bin/zfs" "allow"
"sanoid" "snapshot,mount,destroy" pool
]) pools;
ExecStart = lib.escapeShellArgs ([
"${pkgs.sanoid}/bin/sanoid"
"--cron"
"--configdir" configDir
] ++ cfg.extraArgs);
ExecStopPost = map (pool: lib.escapeShellArgs [
"+/run/booted-system/sw/bin/zfs" "unallow" "sanoid" pool
]) pools;
User = "sanoid";
Group = "sanoid";
DynamicUser = true;
RuntimeDirectory = "sanoid";
CacheDirectory = "sanoid";
};
# Prevents missing snapshots during DST changes
environment.TZ = "UTC";
after = [ "zfs.target" ];
startAt = cfg.interval;
};
};
meta.maintainers = with maintainers; [ lopsided98 ];
}

168
nixos/modules/services/backup/syncoid.nix Normal file
View File

@ -0,0 +1,168 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.syncoid;
in {
# Interface
options.services.syncoid = {
enable = mkEnableOption "Syncoid ZFS synchronization service";
interval = mkOption {
type = types.str;
default = "hourly";
example = "*-*-* *:15:00";
description = ''
Run syncoid at this interval. The default is to run hourly.
The format is described in
<citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>.
'';
};
user = mkOption {
type = types.str;
default = "root";
example = "backup";
description = ''
The user for the service. Sudo or ZFS privilege delegation must be
configured to use a user other than root.
'';
};
sshKey = mkOption {
type = types.nullOr types.path;
# Prevent key from being copied to store
apply = mapNullable toString;
default = null;
description = ''
SSH private key file to use to login to the remote system. Can be
overridden in individual commands.
'';
};
commonArgs = mkOption {
type = types.listOf types.str;
default = [];
example = [ "--no-sync-snap" ];
description = ''
Arguments to add to every syncoid command, unless disabled for that
command. See
<link xlink:href="https://github.com/jimsalterjrs/sanoid/#syncoid-command-line-options"/>
for available options.
'';
};
commands = mkOption {
type = types.attrsOf (types.submodule ({ name, ... }: {
options = {
source = mkOption {
type = types.str;
example = "pool/dataset";
description = ''
Source ZFS dataset. Can be either local or remote. Defaults to
the attribute name.
'';
};
target = mkOption {
type = types.str;
example = "user@server:pool/dataset";
description = ''
Target ZFS dataset. Can be either local
(<replaceable>pool/dataset</replaceable>) or remote
(<replaceable>user@server:pool/dataset</replaceable>).
'';
};
recursive = mkOption {
type = types.bool;
default = false;
description = ''
Whether to also transfer child datasets.
'';
};
sshKey = mkOption {
type = types.nullOr types.path;
# Prevent key from being copied to store
apply = mapNullable toString;
description = ''
SSH private key file to use to login to the remote system.
Defaults to <option>services.syncoid.sshKey</option> option.
'';
};
sendOptions = mkOption {
type = types.separatedString " ";
default = "";
example = "Lc e";
description = ''
Advanced options to pass to zfs send. Options are specified
without their leading dashes and separated by spaces.
'';
};
recvOptions = mkOption {
type = types.separatedString " ";
default = "";
example = "ux recordsize o compression=lz4";
description = ''
Advanced options to pass to zfs recv. Options are specified
without their leading dashes and separated by spaces.
'';
};
useCommonArgs = mkOption {
type = types.bool;
default = true;
description = ''
Whether to add the configured common arguments to this command.
'';
};
extraArgs = mkOption {
type = types.listOf types.str;
default = [];
example = [ "--sshport 2222" ];
description = "Extra syncoid arguments for this command.";
};
};
config = {
source = mkDefault name;
sshKey = mkDefault cfg.sshKey;
};
}));
default = {};
example."pool/test".target = "root@target:pool/test";
description = "Syncoid commands to run.";
};
};
# Implementation
config = mkIf cfg.enable {
systemd.services.syncoid = {
description = "Syncoid ZFS synchronization service";
script = concatMapStringsSep "\n" (c: lib.escapeShellArgs
([ "${pkgs.sanoid}/bin/syncoid" ]
++ (optionals c.useCommonArgs cfg.commonArgs)
++ (optional c.recursive "-r")
++ (optionals (c.sshKey != null) [ "--sshkey" c.sshKey ])
++ c.extraArgs
++ [ "--sendoptions" c.sendOptions
"--recvoptions" c.recvOptions
c.source c.target
])) (attrValues cfg.commands);
after = [ "zfs.target" ];
serviceConfig.User = cfg.user;
startAt = cfg.interval;
};
};
meta.maintainers = with maintainers; [ lopsided98 ];
}

596
nixos/modules/services/mail/sympa.nix Normal file
View File

@ -0,0 +1,596 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.sympa;
dataDir = "/var/lib/sympa";
user = "sympa";
group = "sympa";
pkg = pkgs.sympa;
fqdns = attrNames cfg.domains;
usingNginx = cfg.web.enable && cfg.web.server == "nginx";
mysqlLocal = cfg.database.createLocally && cfg.database.type == "MySQL";
pgsqlLocal = cfg.database.createLocally && cfg.database.type == "PostgreSQL";
sympaSubServices = [
"sympa-archive.service"
"sympa-bounce.service"
"sympa-bulk.service"
"sympa-task.service"
];
# common for all services including wwsympa
commonServiceConfig = {
StateDirectory = "sympa";
ProtectHome = true;
ProtectSystem = "full";
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
};
# wwsympa has its own service config
sympaServiceConfig = srv: {
Type = "simple";
Restart = "always";
ExecStart = "${pkg}/bin/${srv}.pl --foreground";
PIDFile = "/run/sympa/${srv}.pid";
User = user;
Group = group;
# avoid duplicating log messageges in journal
StandardError = "null";
} // commonServiceConfig;
configVal = value:
if isBool value then
if value then "on" else "off"
else toString value;
configGenerator = c: concatStrings (flip mapAttrsToList c (key: val: "${key}\t${configVal val}\n"));
mainConfig = pkgs.writeText "sympa.conf" (configGenerator cfg.settings);
robotConfig = fqdn: domain: pkgs.writeText "${fqdn}-robot.conf" (configGenerator domain.settings);
transport = pkgs.writeText "transport.sympa" (concatStringsSep "\n" (flip map fqdns (domain: ''
${domain} error:User unknown in recipient table
sympa@${domain} sympa:sympa@${domain}
listmaster@${domain} sympa:listmaster@${domain}
bounce@${domain} sympabounce:sympa@${domain}
abuse-feedback-report@${domain} sympabounce:sympa@${domain}
'')));
virtual = pkgs.writeText "virtual.sympa" (concatStringsSep "\n" (flip map fqdns (domain: ''
sympa-request@${domain} postmaster@localhost
sympa-owner@${domain} postmaster@localhost
'')));
listAliases = pkgs.writeText "list_aliases.tt2" ''
#--- [% list.name %]@[% list.domain %]: list transport map created at [% date %]
[% list.name %]@[% list.domain %] sympa:[% list.name %]@[% list.domain %]
[% list.name %]-request@[% list.domain %] sympa:[% list.name %]-request@[% list.domain %]
[% list.name %]-editor@[% list.domain %] sympa:[% list.name %]-editor@[% list.domain %]
#[% list.name %]-subscribe@[% list.domain %] sympa:[% list.name %]-subscribe@[%list.domain %]
[% list.name %]-unsubscribe@[% list.domain %] sympa:[% list.name %]-unsubscribe@[% list.domain %]
[% list.name %][% return_path_suffix %]@[% list.domain %] sympabounce:[% list.name %]@[% list.domain %]
'';
enabledFiles = filterAttrs (n: v: v.enable) cfg.settingsFile;
in
{
###### interface
options.services.sympa = with types; {
enable = mkEnableOption "Sympa mailing list manager";
lang = mkOption {
type = str;
default = "en_US";
example = "cs";
description = ''
Default Sympa language.
See <link xlink:href='https://github.com/sympa-community/sympa/tree/sympa-6.2/po/sympa' />
for available options.
'';
};
listMasters = mkOption {
type = listOf str;
example = [ "postmaster@sympa.example.org" ];
description = ''
The list of the email addresses of the listmasters
(users authorized to perform global server commands).
'';
};
mainDomain = mkOption {
type = nullOr str;
default = null;
example = "lists.example.org";
description = ''
Main domain to be used in <filename>sympa.conf</filename>.
If <literal>null</literal>, one of the <option>services.sympa.domains</option> is chosen for you.
'';
};
domains = mkOption {
type = attrsOf (submodule ({ name, config, ... }: {
options = {
webHost = mkOption {
type = nullOr str;
default = null;
example = "archive.example.org";
description = ''
Domain part of the web interface URL (no web interface for this domain if <literal>null</literal>).
DNS record of type A (or AAAA or CNAME) has to exist with this value.
'';
};
webLocation = mkOption {
type = str;
default = "/";
example = "/sympa";
description = "URL path part of the web interface.";
};
settings = mkOption {
type = attrsOf (oneOf [ str int bool ]);
default = {};
example = {
default_max_list_members = 3;
};
description = ''
The <filename>robot.conf</filename> configuration file as key value set.
See <link xlink:href='https://sympa-community.github.io/gpldoc/man/sympa.conf.5.html' />
for list of configuration parameters.
'';
};
};
config.settings = mkIf (cfg.web.enable && config.webHost != null) {
wwsympa_url = mkDefault "https://${config.webHost}${strings.removeSuffix "/" config.webLocation}";
};
}));
description = ''
Email domains handled by this instance. There have
to be MX records for keys of this attribute set.
'';
example = literalExample ''
{
"lists.example.org" = {
webHost = "lists.example.org";
webLocation = "/";
};
"sympa.example.com" = {
webHost = "example.com";
webLocation = "/sympa";
};
}
'';
};
database = {
type = mkOption {
type = enum [ "SQLite" "PostgreSQL" "MySQL" ];
default = "SQLite";
example = "MySQL";
description = "Database engine to use.";
};
host = mkOption {
type = nullOr str;
default = null;
description = ''
Database host address.
For MySQL, use <literal>localhost</literal> to connect using Unix domain socket.
For PostgreSQL, use path to directory (e.g. <filename>/run/postgresql</filename>)
to connect using Unix domain socket located in this directory.
Use <literal>null</literal> to fall back on Sympa default, or when using
<option>services.sympa.database.createLocally</option>.
'';
};
port = mkOption {
type = nullOr port;
default = null;
description = "Database port. Use <literal>null</literal> for default port.";
};
name = mkOption {
type = str;
default = if cfg.database.type == "SQLite" then "${dataDir}/sympa.sqlite" else "sympa";
defaultText = ''if database.type == "SQLite" then "${dataDir}/sympa.sqlite" else "sympa"'';
description = ''
Database name. When using SQLite this must be an absolute
path to the database file.
'';
};
user = mkOption {
type = nullOr str;
default = user;
description = "Database user. The system user name is used as a default.";
};
passwordFile = mkOption {
type = nullOr path;
default = null;
example = "/run/keys/sympa-dbpassword";
description = ''
A file containing the password for <option>services.sympa.database.user</option>.
'';
};
createLocally = mkOption {
type = bool;
default = true;
description = "Whether to create a local database automatically.";
};
};
web = {
enable = mkOption {
type = bool;
default = true;
description = "Whether to enable Sympa web interface.";
};
server = mkOption {
type = enum [ "nginx" "none" ];
default = "nginx";
description = ''
The webserver used for the Sympa web interface. Set it to `none` if you want to configure it yourself.
Further nginx configuration can be done by adapting
<option>services.nginx.virtualHosts.<replaceable>name</replaceable></option>.
'';
};
https = mkOption {
type = bool;
default = true;
description = ''
Whether to use HTTPS. When nginx integration is enabled, this option forces SSL and enables ACME.
Please note that Sympa web interface always uses https links even when this option is disabled.
'';
};
fcgiProcs = mkOption {
type = ints.positive;
default = 2;
description = "Number of FastCGI processes to fork.";
};
};
mta = {
type = mkOption {
type = enum [ "postfix" "none" ];
default = "postfix";
description = ''
Mail transfer agent (MTA) integration. Use <literal>none</literal> if you want to configure it yourself.
The <literal>postfix</literal> integration sets up local Postfix instance that will pass incoming
messages from configured domains to Sympa. You still need to configure at least outgoing message
handling using e.g. <option>services.postfix.relayHost</option>.
'';
};
};
settings = mkOption {
type = attrsOf (oneOf [ str int bool ]);
default = {};
example = literalExample ''
{
default_home = "lists";
viewlogs_page_size = 50;
}
'';
description = ''
The <filename>sympa.conf</filename> configuration file as key value set.
See <link xlink:href='https://sympa-community.github.io/gpldoc/man/sympa.conf.5.html' />
for list of configuration parameters.
'';
};
settingsFile = mkOption {
type = attrsOf (submodule ({ name, config, ... }: {
options = {
enable = mkOption {
type = bool;
default = true;
description = "Whether this file should be generated. This option allows specific files to be disabled.";
};
text = mkOption {
default = null;
type = nullOr lines;
description = "Text of the file.";
};
source = mkOption {
type = path;
description = "Path of the source file.";
};
};
config.source = mkIf (config.text != null) (mkDefault (pkgs.writeText "sympa-${baseNameOf name}" config.text));
}));
default = {};
example = literalExample ''
{
"list_data/lists.example.org/help" = {
text = "subject This list provides help to users";
};
}
'';
description = "Set of files to be linked in <filename>${dataDir}</filename>.";
};
};
###### implementation
config = mkIf cfg.enable {
services.sympa.settings = (mapAttrs (_: v: mkDefault v) {
domain = if cfg.mainDomain != null then cfg.mainDomain else head fqdns;
listmaster = concatStringsSep "," cfg.listMasters;
lang = cfg.lang;
home = "${dataDir}/list_data";
arc_path = "${dataDir}/arc";
bounce_path = "${dataDir}/bounce";
sendmail = "${pkgs.system-sendmail}/bin/sendmail";
db_type = cfg.database.type;
db_name = cfg.database.name;
}
// (optionalAttrs (cfg.database.host != null) {
db_host = cfg.database.host;
})
// (optionalAttrs mysqlLocal {
db_host = "localhost"; # use unix domain socket
})
// (optionalAttrs pgsqlLocal {
db_host = "/run/postgresql"; # use unix domain socket
})
// (optionalAttrs (cfg.database.port != null) {
db_port = cfg.database.port;
})
// (optionalAttrs (cfg.database.user != null) {
db_user = cfg.database.user;
})
// (optionalAttrs (cfg.mta.type == "postfix") {
sendmail_aliases = "${dataDir}/sympa_transport";
aliases_program = "${pkgs.postfix}/bin/postmap";
aliases_db_type = "hash";
})
// (optionalAttrs cfg.web.enable {
static_content_path = "${dataDir}/static_content";
css_path = "${dataDir}/static_content/css";
pictures_path = "${dataDir}/static_content/pictures";
mhonarc = "${pkgs.perlPackages.MHonArc}/bin/mhonarc";
}));
services.sympa.settingsFile = {
"virtual.sympa" = mkDefault { source = virtual; };
"transport.sympa" = mkDefault { source = transport; };
"etc/list_aliases.tt2" = mkDefault { source = listAliases; };
}
// (flip mapAttrs' cfg.domains (fqdn: domain:
nameValuePair "etc/${fqdn}/robot.conf" (mkDefault { source = robotConfig fqdn domain; })));
environment = {
systemPackages = [ pkg ];
};
users.users.${user} = {
description = "Sympa mailing list manager user";
group = group;
home = dataDir;
createHome = false;
isSystemUser = true;
};
users.groups.${group} = {};
assertions = [
{ assertion = cfg.database.createLocally -> cfg.database.user == user;
message = "services.sympa.database.user must be set to ${user} if services.sympa.database.createLocally is set to true";
}
{ assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
message = "a password cannot be specified if services.sympa.database.createLocally is set to true";
}
];
systemd.tmpfiles.rules = [
"d ${dataDir} 0711 ${user} ${group} - -"
"d ${dataDir}/etc 0700 ${user} ${group} - -"
"d ${dataDir}/spool 0700 ${user} ${group} - -"
"d ${dataDir}/list_data 0700 ${user} ${group} - -"
"d ${dataDir}/arc 0700 ${user} ${group} - -"
"d ${dataDir}/bounce 0700 ${user} ${group} - -"
"f ${dataDir}/sympa_transport 0600 ${user} ${group} - -"
# force-copy static_content so it's up to date with package
# set permissions for wwsympa which needs write access (...)
"R ${dataDir}/static_content - - - - -"
"C ${dataDir}/static_content 0711 ${user} ${group} - ${pkg}/static_content"
"e ${dataDir}/static_content/* 0711 ${user} ${group} - -"
"d /run/sympa 0755 ${user} ${group} - -"
]
++ (flip concatMap fqdns (fqdn: [
"d ${dataDir}/etc/${fqdn} 0700 ${user} ${group} - -"
"d ${dataDir}/list_data/${fqdn} 0700 ${user} ${group} - -"
]))
#++ (flip mapAttrsToList enabledFiles (k: v:
# "L+ ${dataDir}/${k} - - - - ${v.source}"
#))
++ (concatLists (flip mapAttrsToList enabledFiles (k: v: [
# sympa doesn't handle symlinks well (e.g. fails to create locks)
# force-copy instead
"R ${dataDir}/${k} - - - - -"
"C ${dataDir}/${k} 0700 ${user} ${group} - ${v.source}"
])));
systemd.services.sympa = {
description = "Sympa mailing list manager";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = sympaSubServices;
before = sympaSubServices;
serviceConfig = sympaServiceConfig "sympa_msg";
preStart = ''
umask 0077
cp -f ${mainConfig} ${dataDir}/etc/sympa.conf
${optionalString (cfg.database.passwordFile != null) ''
chmod u+w ${dataDir}/etc/sympa.conf
echo -n "db_passwd " >> ${dataDir}/etc/sympa.conf
cat ${cfg.database.passwordFile} >> ${dataDir}/etc/sympa.conf
''}
${optionalString (cfg.mta.type == "postfix") ''
${pkgs.postfix}/bin/postmap hash:${dataDir}/virtual.sympa
${pkgs.postfix}/bin/postmap hash:${dataDir}/transport.sympa
''}
${pkg}/bin/sympa_newaliases.pl
${pkg}/bin/sympa.pl --health_check
'';
};
systemd.services.sympa-archive = {
description = "Sympa mailing list manager (archiving)";
bindsTo = [ "sympa.service" ];
serviceConfig = sympaServiceConfig "archived";
};
systemd.services.sympa-bounce = {
description = "Sympa mailing list manager (bounce processing)";
bindsTo = [ "sympa.service" ];
serviceConfig = sympaServiceConfig "bounced";
};
systemd.services.sympa-bulk = {
description = "Sympa mailing list manager (message distribution)";
bindsTo = [ "sympa.service" ];
serviceConfig = sympaServiceConfig "bulk";
};
systemd.services.sympa-task = {
description = "Sympa mailing list manager (task management)";
bindsTo = [ "sympa.service" ];
serviceConfig = sympaServiceConfig "task_manager";
};
systemd.services.wwsympa = mkIf usingNginx {
wantedBy = [ "multi-user.target" ];
after = [ "sympa.service" ];
serviceConfig = {
Type = "forking";
PIDFile = "/run/sympa/wwsympa.pid";
Restart = "always";
ExecStart = ''${pkgs.spawn_fcgi}/bin/spawn-fcgi \
-u ${user} \
-g ${group} \
-U nginx \
-M 0600 \
-F ${toString cfg.web.fcgiProcs} \
-P /run/sympa/wwsympa.pid \
-s /run/sympa/wwsympa.socket \
-- ${pkg}/bin/wwsympa.fcgi
'';
} // commonServiceConfig;
};
services.nginx.enable = mkIf usingNginx true;
services.nginx.virtualHosts = mkIf usingNginx (let
vHosts = unique (remove null (mapAttrsToList (_k: v: v.webHost) cfg.domains));
hostLocations = host: map (v: v.webLocation) (filter (v: v.webHost == host) (attrValues cfg.domains));
httpsOpts = optionalAttrs cfg.web.https { forceSSL = mkDefault true; enableACME = mkDefault true; };
in
genAttrs vHosts (host: {
locations = genAttrs (hostLocations host) (loc: {
extraConfig = ''
include ${config.services.nginx.package}/conf/fastcgi_params;
fastcgi_pass unix:/run/sympa/wwsympa.socket;
fastcgi_split_path_info ^(${loc})(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME ${pkg}/bin/wwsympa.fcgi;
'';
}) // {
"/static-sympa/".alias = "${dataDir}/static_content/";
};
} // httpsOpts));
services.postfix = mkIf (cfg.mta.type == "postfix") {
enable = true;
recipientDelimiter = "+";
config = {
virtual_alias_maps = [ "hash:${dataDir}/virtual.sympa" ];
virtual_mailbox_maps = [
"hash:${dataDir}/transport.sympa"
"hash:${dataDir}/sympa_transport"
"hash:${dataDir}/virtual.sympa"
];
virtual_mailbox_domains = [ "hash:${dataDir}/transport.sympa" ];
transport_maps = [
"hash:${dataDir}/transport.sympa"
"hash:${dataDir}/sympa_transport"
];
};
masterConfig = {
"sympa" = {
type = "unix";
privileged = true;
chroot = false;
command = "pipe";
args = [
"flags=hqRu"
"user=${user}"
"argv=${pkg}/bin/queue"
"\${nexthop}"
];
};
"sympabounce" = {
type = "unix";
privileged = true;
chroot = false;
command = "pipe";
args = [
"flags=hqRu"
"user=${user}"
"argv=${pkg}/bin/bouncequeue"
"\${nexthop}"
];
};
};
};
services.mysql = optionalAttrs mysqlLocal {
enable = true;
package = mkDefault pkgs.mariadb;
ensureDatabases = [ cfg.database.name ];
ensureUsers = [
{ name = cfg.database.user;
ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; };
}
];
};
services.postgresql = optionalAttrs pgsqlLocal {
enable = true;
ensureDatabases = [ cfg.database.name ];
ensureUsers = [
{ name = cfg.database.user;
ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; };
}
];
};
};
meta.maintainers = with maintainers; [ mmilata sorki ];
}

17
nixos/modules/services/networking/minidlna.nix
View File

@ -95,6 +95,22 @@ in
'';
};
services.minidlna.announceInterval = mkOption {
type = types.int;
default = 895;
description =
''
The interval between announces (in seconds).
By default miniDLNA will announce its presence on the network
approximately every 15 minutes.
Many people prefer shorter announce intervals (e.g. 60 seconds)
on their home networks, especially when DLNA clients are
started on demand.
'';
};
services.minidlna.config = mkOption {
type = types.lines;
description =
@ -144,6 +160,7 @@ in
${concatMapStrings (dir: ''
media_dir=${dir}
'') cfg.mediaDirs}
notify_interval=${toString cfg.announceInterval}
${cfg.extraConfig}
'';

172
nixos/modules/services/web-apps/grocy.nix Normal file
View File

@ -0,0 +1,172 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.grocy;
in {
options.services.grocy = {
enable = mkEnableOption "grocy";
hostName = mkOption {
type = types.str;
description = ''
FQDN for the grocy instance.
'';
};
nginx.enableSSL = mkOption {
type = types.bool;
default = true;
description = ''
Whether or not to enable SSL (with ACME and let's encrypt)
for the grocy vhost.
'';
};
phpfpm.settings = mkOption {
type = with types; attrsOf (oneOf [ int str bool ]);
default = {
"pm" = "dynamic";
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"listen.owner" = "nginx";
"catch_workers_output" = true;
"pm.max_children" = "32";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "2";
"pm.max_spare_servers" = "4";
"pm.max_requests" = "500";
};
description = ''
Options for grocy's PHPFPM pool.
'';
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/grocy";
description = ''
Home directory of the <literal>grocy</literal> user which contains
the application's state.
'';
};
settings = {
currency = mkOption {
type = types.str;
default = "USD";
example = "EUR";
description = ''
ISO 4217 code for the currency to display.
'';
};
culture = mkOption {
type = types.enum [ "de" "en" "da" "en_GB" "es" "fr" "hu" "it" "nl" "no" "pl" "pt_BR" "ru" "sk_SK" "sv_SE" "tr" ];
default = "en";
description = ''
Display language of the frontend.
'';
};
calendar = {
showWeekNumber = mkOption {
default = true;
type = types.bool;
description = ''
Show the number of the weeks in the calendar views.
'';
};
firstDayOfWeek = mkOption {
default = null;
type = types.nullOr (types.enum (range 0 6));
description = ''
Which day of the week (0=Sunday, 1=Monday etc.) should be the
first day.
'';
};
};
};
};
config = mkIf cfg.enable {
environment.etc."grocy/config.php".text = ''
<?php
Setting('CULTURE', '${cfg.settings.culture}');
Setting('CURRENCY', '${cfg.settings.currency}');
Setting('CALENDAR_FIRST_DAY_OF_WEEK', '${toString cfg.settings.calendar.firstDayOfWeek}');
Setting('CALENDAR_SHOW_WEEK_OF_YEAR', ${boolToString cfg.settings.calendar.showWeekNumber});
'';
users.users.grocy = {
isSystemUser = true;
createHome = true;
home = cfg.dataDir;
group = "nginx";
};
systemd.tmpfiles.rules = map (
dirName: "d '${cfg.dataDir}/${dirName}' - grocy nginx - -"
) [ "viewcache" "plugins" "settingoverrides" "storage" ];
services.phpfpm.pools.grocy = {
user = "grocy";
group = "nginx";
# PHP 7.3 is the only version which is supported/tested by upstream:
# https://github.com/grocy/grocy/blob/v2.6.0/README.md#how-to-install
phpPackage = pkgs.php73;
inherit (cfg.phpfpm) settings;
phpEnv = {
GROCY_CONFIG_FILE = "/etc/grocy/config.php";
GROCY_DB_FILE = "${cfg.dataDir}/grocy.db";
GROCY_STORAGE_DIR = "${cfg.dataDir}/storage";
GROCY_PLUGIN_DIR = "${cfg.dataDir}/plugins";
GROCY_CACHE_DIR = "${cfg.dataDir}/viewcache";
};
};
services.nginx = {
enable = true;
virtualHosts."${cfg.hostName}" = mkMerge [
{ root = "${pkgs.grocy}/public";
locations."/".extraConfig = ''
rewrite ^ /index.php;
'';
locations."~ \\.php$".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.grocy.socket};
include ${config.services.nginx.package}/conf/fastcgi.conf;
include ${config.services.nginx.package}/conf/fastcgi_params;
'';
locations."~ \\.(js|css|ttf|woff2?|png|jpe?g|svg)$".extraConfig = ''
add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
access_log off;
'';
extraConfig = ''
try_files $uri /index.php;
'';
}
(mkIf cfg.nginx.enableSSL {
enableACME = true;
forceSSL = true;
})
];
};
};
meta = {
maintainers = with maintainers; [ ma27 ];
doc = ./grocy.xml;
};
}

77
nixos/modules/services/web-apps/grocy.xml Normal file
View File

@ -0,0 +1,77 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="module-services-grocy">
<title>Grocy</title>
<para>
<link xlink:href="https://grocy.info/">Grocy</link> is a web-based self-hosted groceries
&amp; household management solution for your home.
</para>
<section xml:id="module-services-grocy-basic-usage">
<title>Basic usage</title>
<para>
A very basic configuration may look like this:
<programlisting>{ pkgs, ... }:
{
services.grocy = {
<link linkend="opt-services.grocy.enable">enable</link> = true;
<link linkend="opt-services.grocy.hostName">hostName</link> = "grocy.tld";
};
}</programlisting>
This configures a simple vhost using <link linkend="opt-services.nginx.enable">nginx</link>
which listens to <literal>grocy.tld</literal> with fully configured ACME/LE (this can be
disabled by setting <link linkend="opt-services.grocy.nginx.enableSSL">services.grocy.nginx.enableSSL</link>
to <literal>false</literal>). After the initial setup the credentials <literal>admin:admin</literal>
can be used to login.
</para>
<para>
The application's state is persisted at <literal>/var/lib/grocy/grocy.db</literal> in a
<package>sqlite3</package> database. The migration is applied when requesting the <literal>/</literal>-route
of the application.
</para>
</section>
<section xml:id="module-services-grocy-settings">
<title>Settings</title>
<para>
The configuration for <literal>grocy</literal> is located at <literal>/etc/grocy/config.php</literal>.
By default, the following settings can be defined in the NixOS-configuration:
<programlisting>{ pkgs, ... }:
{
services.grocy.settings = {
# The default currency in the system for invoices etc.
# Please note that exchange rates aren't taken into account, this
# is just the setting for what's shown in the frontend.
<link linkend="opt-services.grocy.settings.currency">currency</link> = "EUR";
# The display language (and locale configuration) for grocy.
<link linkend="opt-services.grocy.settings.currency">culture</link> = "de";
calendar = {
# Whether or not to show the week-numbers
# in the calendar.
<link linkend="opt-services.grocy.settings.calendar.showWeekNumber">showWeekNumber</link> = true;
# Index of the first day to be shown in the calendar (0=Sunday, 1=Monday,
# 2=Tuesday and so on).
<link linkend="opt-services.grocy.settings.calendar.firstDayOfWeek">firstDayOfWeek</link> = 2;
};
};
}</programlisting>
</para>
<para>
If you want to alter the configuration file on your own, you can do this manually with
an expression like this:
<programlisting>{ lib, ... }:
{
environment.etc."grocy/config.php".text = lib.mkAfter ''
// Arbitrary PHP code in grocy's configuration file
'';
}</programlisting>
</para>
</section>
</chapter>

53
nixos/modules/system/boot/loader/grub/memtest.nix
View File

@ -1,4 +1,4 @@
# This module adds Memtest86+ to the GRUB boot menu.
# This module adds Memtest86+/Memtest86 to the GRUB boot menu.
{ config, lib, pkgs, ... }:
@ -6,6 +6,7 @@ with lib;
let
memtest86 = pkgs.memtest86plus;
efiSupport = config.boot.loader.grub.efiSupport;
cfg = config.boot.loader.grub.memtest86;
in
@ -18,8 +19,11 @@ in
default = false;
type = types.bool;
description = ''
Make Memtest86+, a memory testing program, available from the
GRUB boot menu.
Make Memtest86+ (or MemTest86 if EFI support is enabled),
a memory testing program, available from the
GRUB boot menu. MemTest86 is an unfree program, so
this requires <literal>allowUnfree</literal> to be set to
<literal>true</literal>.
'';
};
@ -75,19 +79,38 @@ in
};
};
config = mkIf cfg.enable {
config = mkMerge [
(mkIf (cfg.enable && efiSupport) {
assertions = [
{
assertion = cfg.params == [];
message = "Parameters are not available for MemTest86";
}
];
boot.loader.grub.extraEntries =
if config.boot.loader.grub.version == 2 then
''
menuentry "Memtest86+" {
linux16 @bootRoot@/memtest.bin ${toString cfg.params}
}
''
else
throw "Memtest86+ is not supported with GRUB 1.";
boot.loader.grub.extraFiles = {
"memtest86.efi" = "${pkgs.memtest86-efi}/BOOTX64.efi";
};
boot.loader.grub.extraFiles."memtest.bin" = "${memtest86}/memtest.bin";
boot.loader.grub.extraEntries = ''
menuentry "Memtest86" {
chainloader /memtest86.efi
}
'';
})
};
(mkIf (cfg.enable && !efiSupport) {
boot.loader.grub.extraEntries =
if config.boot.loader.grub.version == 2 then
''
menuentry "Memtest86+" {
linux16 @bootRoot@/memtest.bin ${toString cfg.params}
}
''
else
throw "Memtest86+ is not supported with GRUB 1.";
boot.loader.grub.extraFiles."memtest.bin" = "${memtest86}/memtest.bin";
})
];
}

2
nixos/modules/virtualisation/hyperv-guest.nix
View File

@ -32,7 +32,7 @@ in {
];
kernelParams = [
"video=hyperv_fb:${cfg.videoMode}"
"video=hyperv_fb:${cfg.videoMode} elevator=noop"
];
};

14
nixos/release-combined.nix
View File

@ -95,14 +95,12 @@ in rec {
(all nixos.tests.env)
(all nixos.tests.ipv6)
(all nixos.tests.i3wm)
# 2018-06-06: keymap tests temporarily removed from tested job
# since non-deterministic failure are blocking the channel (#41538)
#(all nixos.tests.keymap.azerty)
#(all nixos.tests.keymap.colemak)
#(all nixos.tests.keymap.dvorak)
#(all nixos.tests.keymap.dvp)
#(all nixos.tests.keymap.neo)
#(all nixos.tests.keymap.qwertz)
(except ["aarch64-linux"] nixos.tests.keymap.azerty)
(except ["aarch64-linux"] nixos.tests.keymap.colemak)
(except ["aarch64-linux"] nixos.tests.keymap.dvorak)
(except ["aarch64-linux"] nixos.tests.keymap.dvp)
(except ["aarch64-linux"] nixos.tests.keymap.neo)
(except ["aarch64-linux"] nixos.tests.keymap.qwertz)
(all nixos.tests.plasma5)
(all nixos.tests.lightdm)
(all nixos.tests.login)

118
nixos/tests/acme.nix
View File

@ -1,17 +1,50 @@
let
commonConfig = ./common/letsencrypt/common.nix;
dnsScript = {writeScript, dnsAddress, bash, curl}: writeScript "dns-hook.sh" ''
#!${bash}/bin/bash
set -euo pipefail
echo '[INFO]' "[$2]" 'dns-hook.sh' $*
if [ "$1" = "present" ]; then
${curl}/bin/curl --data '{"host": "'"$2"'", "value": "'"$3"'"}' http://${dnsAddress}:8055/set-txt
else
${curl}/bin/curl --data '{"host": "'"$2"'"}' http://${dnsAddress}:8055/clear-txt
fi
'';
in import ./make-test-python.nix {
name = "acme";
nodes = rec {
letsencrypt = ./common/letsencrypt;
letsencrypt = { nodes, lib, ... }: {
imports = [ ./common/letsencrypt ];
networking.nameservers = lib.mkForce [
nodes.dnsserver.config.networking.primaryIPAddress
];
};
acmeStandalone = { config, pkgs, ... }: {
dnsserver = { nodes, pkgs, ... }: {
networking.firewall.allowedTCPPorts = [ 8055 53 ];
networking.firewall.allowedUDPPorts = [ 53 ];
systemd.services.pebble-challtestsrv = {
enable = true;
description = "Pebble ACME challenge test server";
wantedBy = [ "network.target" ];
serviceConfig = {
ExecStart = "${pkgs.pebble}/bin/pebble-challtestsrv -dns01 ':53' -defaultIPv6 '' -defaultIPv4 '${nodes.webserver.config.networking.primaryIPAddress}'";
# Required to bind on privileged ports.
User = "root";
Group = "root";
};
};
};
acmeStandalone = { nodes, lib, config, pkgs, ... }: {
imports = [ commonConfig ];
networking.nameservers = lib.mkForce [
nodes.dnsserver.config.networking.primaryIPAddress
];
networking.firewall.allowedTCPPorts = [ 80 ];
networking.extraHosts = ''
${config.networking.primaryIPAddress} standalone.com
'';
security.acme = {
server = "https://acme-v02.api.letsencrypt.org/dir";
certs."standalone.com" = {
@ -29,14 +62,12 @@ in import ./make-test-python.nix {
};
};
webserver = { config, pkgs, ... }: {
webserver = { nodes, config, pkgs, lib, ... }: {
imports = [ commonConfig ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.extraHosts = ''
${config.networking.primaryIPAddress} a.example.com
${config.networking.primaryIPAddress} b.example.com
'';
networking.nameservers = lib.mkForce [
nodes.dnsserver.config.networking.primaryIPAddress
];
# A target remains active. Use this to probe the fact that
# a service fired eventhough it is not RemainAfterExit
@ -61,14 +92,11 @@ in import ./make-test-python.nix {
nesting.clone = [
({pkgs, ...}: {
networking.extraHosts = ''
${config.networking.primaryIPAddress} b.example.com
'';
systemd.targets."acme-finished-b.example.com" = {};
systemd.services."acme-b.example.com" = {
wants = [ "acme-finished-b.example.com.target" ];
before = [ "acme-finished-b.example.com.target" ];
after = [ "nginx.service" ];
};
services.nginx.virtualHosts."b.example.com" = {
enableACME = true;
@ -79,15 +107,48 @@ in import ./make-test-python.nix {
'';
};
})
({pkgs, config, nodes, lib, ...}: {
security.acme.certs."example.com" = {
domain = "*.example.com";
dnsProvider = "exec";
dnsPropagationCheck = false;
credentialsFile = with pkgs; writeText "wildcard.env" ''
EXEC_PATH=${dnsScript { inherit writeScript bash curl; dnsAddress = nodes.dnsserver.config.networking.primaryIPAddress; }}
'';
user = config.services.nginx.user;
group = config.services.nginx.group;
};
systemd.targets."acme-finished-example.com" = {};
systemd.services."acme-example.com" = {
wants = [ "acme-finished-example.com.target" ];
before = [ "acme-finished-example.com.target" "nginx.service" ];
wantedBy = [ "nginx.service" ];
};
services.nginx.virtualHosts."c.example.com" = {
forceSSL = true;
sslCertificate = config.security.acme.certs."example.com".directory + "/cert.pem";
sslTrustedCertificate = config.security.acme.certs."example.com".directory + "/full.pem";
sslCertificateKey = config.security.acme.certs."example.com".directory + "/key.pem";
locations."/".root = pkgs.runCommand "docroot" {} ''
mkdir -p "$out"
echo hello world > "$out/index.html"
'';
};
})
];
};
client = commonConfig;
client = {nodes, lib, ...}: {
imports = [ commonConfig ];
networking.nameservers = lib.mkForce [
nodes.dnsserver.config.networking.primaryIPAddress
];
};
};
testScript = {nodes, ...}:
let
newServerSystem = nodes.webserver2.config.system.build.toplevel;
newServerSystem = nodes.webserver.config.system.build.toplevel;
switchToNewServer = "${newServerSystem}/bin/switch-to-configuration test";
in
# Note, wait_for_unit does not work for oneshot services that do not have RemainAfterExit=true,
@ -97,6 +158,17 @@ in import ./make-test-python.nix {
# can use them to probe that a oneshot fired. It is a bit ugly, but it is the best we can do
''
client.start()
dnsserver.start()
letsencrypt.wait_for_unit("default.target")
dnsserver.wait_for_unit("pebble-challtestsrv.service")
client.succeed(
'curl --data \'{"host": "acme-v02.api.letsencrypt.org", "addresses": ["${nodes.letsencrypt.config.networking.primaryIPAddress}"]}\' http://${nodes.dnsserver.config.networking.primaryIPAddress}:8055/add-a'
)
client.succeed(
'curl --data \'{"host": "standalone.com", "addresses": ["${nodes.acmeStandalone.config.networking.primaryIPAddress}"]}\' http://${nodes.dnsserver.config.networking.primaryIPAddress}:8055/add-a'
)
letsencrypt.start()
acmeStandalone.start()
@ -129,5 +201,17 @@ in import ./make-test-python.nix {
client.succeed(
"curl --cacert /tmp/ca.crt https://b.example.com/ | grep -qF 'hello world'"
)
with subtest("Can request wildcard certificates using DNS-01 challenge"):
webserver.succeed(
"${switchToNewServer}"
)
webserver.succeed(
"/run/current-system/fine-tune/child-2/bin/switch-to-configuration test"
)
webserver.wait_for_unit("acme-finished-example.com.target")
client.succeed(
"curl --cacert /tmp/ca.crt https://c.example.com/ | grep -qF 'hello world'"
)
'';
}

3
nixos/tests/all-tests.nix
View File

@ -96,6 +96,7 @@ in
freeswitch = handleTest ./freeswitch.nix {};
fsck = handleTest ./fsck.nix {};
gotify-server = handleTest ./gotify-server.nix {};
grocy = handleTest ./grocy.nix {};
gitea = handleTest ./gitea.nix {};
gitlab = handleTest ./gitlab.nix {};
gitolite = handleTest ./gitolite.nix {};
@ -256,6 +257,7 @@ in
runInMachine = handleTest ./run-in-machine.nix {};
rxe = handleTest ./rxe.nix {};
samba = handleTest ./samba.nix {};
sanoid = handleTest ./sanoid.nix {};
sddm = handleTest ./sddm.nix {};
shiori = handleTest ./shiori.nix {};
signal-desktop = handleTest ./signal-desktop.nix {};
@ -269,6 +271,7 @@ in
strongswan-swanctl = handleTest ./strongswan-swanctl.nix {};
sudo = handleTest ./sudo.nix {};
switchTest = handleTest ./switch-test.nix {};
sympa = handleTest ./sympa.nix {};
syncthing-init = handleTest ./syncthing-init.nix {};
syncthing-relay = handleTest ./syncthing-relay.nix {};
systemd = handleTest ./systemd.nix {};

3
nixos/tests/common/letsencrypt/common.nix
View File

@ -5,5 +5,8 @@ in {
nodes.letsencrypt.config.networking.primaryIPAddress
];
security.acme.acceptTerms = true;
security.acme.email = "webmaster@example.com";
security.pki.certificateFiles = [ letsencrypt-ca ];
}

2
nixos/tests/corerad.nix
View File

@ -17,7 +17,7 @@ import ./make-test-python.nix (
configFile = pkgs.writeText "corerad.toml" ''
[[interfaces]]
name = "eth1"
send_advertisements = true
advertise = true
[[interfaces.prefix]]
prefix = "::/64"
'';

47
nixos/tests/grocy.nix Normal file
View File

@ -0,0 +1,47 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "grocy";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ma27 ];
};
machine = { pkgs, ... }: {
services.grocy = {
enable = true;
hostName = "localhost";
nginx.enableSSL = false;
};
environment.systemPackages = [ pkgs.jq ];
};
testScript = ''
machine.start()
machine.wait_for_open_port(80)
machine.wait_for_unit("multi-user.target")
machine.succeed("curl -sSf http://localhost")
machine.succeed(
"curl -c cookies -sSf -X POST http://localhost/login -d 'username=admin&password=admin'"
)
cookie = machine.succeed(
"grep -v '^#' cookies | awk '{ print $7 }' | sed -e '/^$/d' | perl -pe 'chomp'"
)
machine.succeed(
f"curl -sSf -X POST http://localhost/api/objects/tasks -b 'grocy_session={cookie}' "
+ '-d \'{"assigned_to_user_id":1,"name":"Test Task","due_date":"1970-01-01"}\'''
+ " --header 'Content-Type: application/json'"
)
task_name = machine.succeed(
f"curl -sSf http://localhost/api/tasks -b 'grocy_session={cookie}' --header 'Accept: application/json' | jq '.[].name' | xargs echo | perl -pe 'chomp'"
)
assert task_name == "Test Task"
machine.succeed("curl -sSfI http://localhost/api/tasks 2>&1 | grep '401 Unauthorized'")
machine.shutdown()
'';
})

90
nixos/tests/sanoid.nix Normal file
View File

@ -0,0 +1,90 @@
import ./make-test-python.nix ({ pkgs, ... }: let
inherit (import ./ssh-keys.nix pkgs)
snakeOilPrivateKey snakeOilPublicKey;
commonConfig = { pkgs, ... }: {
virtualisation.emptyDiskImages = [ 2048 ];
boot.supportedFilesystems = [ "zfs" ];
environment.systemPackages = [ pkgs.parted ];
};
in {
name = "sanoid";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ lopsided98 ];
};
nodes = {
source = { ... }: {
imports = [ commonConfig ];
networking.hostId = "daa82e91";
programs.ssh.extraConfig = ''
UserKnownHostsFile=/dev/null
StrictHostKeyChecking=no
'';
services.sanoid = {
enable = true;
templates.test = {
hourly = 12;
daily = 1;
monthly = 1;
yearly = 1;
autosnap = true;
};
datasets."pool/test".useTemplate = [ "test" ];
};
services.syncoid = {
enable = true;
sshKey = "/root/.ssh/id_ecdsa";
commonArgs = [ "--no-sync-snap" ];
commands."pool/test".target = "root@target:pool/test";
};
};
target = { ... }: {
imports = [ commonConfig ];
networking.hostId = "dcf39d36";
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ];
};
};
testScript = ''
source.succeed(
"mkdir /tmp/mnt",
"parted --script /dev/vdb -- mklabel msdos mkpart primary 1024M -1s",
"udevadm settle",
"zpool create pool /dev/vdb1",
"zfs create -o mountpoint=legacy pool/test",
"mount -t zfs pool/test /tmp/mnt",
"udevadm settle",
)
target.succeed(
"parted --script /dev/vdb -- mklabel msdos mkpart primary 1024M -1s",
"udevadm settle",
"zpool create pool /dev/vdb1",
"udevadm settle",
)
source.succeed("mkdir -m 700 /root/.ssh")
source.succeed(
"cat '${snakeOilPrivateKey}' > /root/.ssh/id_ecdsa"
)
source.succeed("chmod 600 /root/.ssh/id_ecdsa")
source.succeed("touch /tmp/mnt/test.txt")
source.systemctl("start --wait sanoid.service")
target.wait_for_open_port(22)
source.systemctl("start --wait syncoid.service")
target.succeed(
"mkdir /tmp/mnt",
"zfs set mountpoint=legacy pool/test",
"mount -t zfs pool/test /tmp/mnt",
)
target.succeed("cat /tmp/mnt/test.txt")
'';
})

36
nixos/tests/sympa.nix Normal file
View File

@ -0,0 +1,36 @@
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "sympa";
meta.maintainers = with lib.maintainers; [ mmilata ];
machine =
{ ... }:
{
virtualisation.memorySize = 1024;
services.sympa = {
enable = true;
domains = {
"lists.example.org" = {
webHost = "localhost";
};
};
listMasters = [ "joe@example.org" ];
web.enable = true;
web.https = false;
database = {
type = "PostgreSQL";
createLocally = true;
};
};
};
testScript = ''
start_all()
machine.wait_for_unit("sympa.service")
machine.wait_for_unit("wwsympa.service")
assert "Mailing lists service" in machine.succeed(
"curl --insecure -L http://localhost/"
)
'';
})

4
pkgs/applications/audio/kid3/default.nix
View File

@ -9,11 +9,11 @@
stdenv.mkDerivation rec {
pname = "kid3";
version = "3.8.1";
version = "3.8.2";
src = fetchurl {
url = "mirror://sourceforge/project/kid3/kid3/${version}/${pname}-${version}.tar.gz";
sha256 = "1d2lr500dx7gnxw2vrvpbhadpn313ly3zyp178864z26dnfkjv8x";
sha256 = "051y77swpi9isx275gwzl4fn3igd2dmixbszv9m3h0h9lqhcjrvr";
};
nativeBuildInputs = [ wrapQtAppsHook ];

10
pkgs/applications/audio/mopidy/default.nix
View File

@ -1,16 +1,16 @@
{ stdenv, fetchFromGitHub, pythonPackages, wrapGAppsHook
{ stdenv, fetchFromGitHub, python3Packages, wrapGAppsHook
, gst_all_1, glib-networking, gobject-introspection
}:
pythonPackages.buildPythonApplication rec {
python3Packages.buildPythonApplication rec {
pname = "mopidy";
version = "2.3.1";
version = "3.0.1";
src = fetchFromGitHub {
owner = "mopidy";
repo = "mopidy";
rev = "v${version}";
sha256 = "1qdflxr0an6l2m3j90h55bzyj7rjlkkwmxx945hwv8xi472rcgdj";
sha256 = "0fpjprjw143ixak68iwxjpscdjgyb7rsr1cxj7fsdrw6hc83nq4z";
};
nativeBuildInputs = [ wrapGAppsHook ];
@ -20,7 +20,7 @@ pythonPackages.buildPythonApplication rec {
glib-networking gobject-introspection
];
propagatedBuildInputs = with pythonPackages; [
propagatedBuildInputs = with python3Packages; [
gst-python pygobject3 pykka tornado_4 requests setuptools
] ++ stdenv.lib.optional (!stdenv.isDarwin) dbus-python;

13
pkgs/applications/audio/mopidy/iris.nix
View File

@ -1,18 +1,17 @@
{ stdenv, pythonPackages, mopidy, mopidy-local-images }:
{ stdenv, python3Packages, mopidy, mopidy-local-images }:
pythonPackages.buildPythonApplication rec {
python3Packages.buildPythonApplication rec {
pname = "Mopidy-Iris";
version = "3.43.0";
version = "3.44.0";
src = pythonPackages.fetchPypi {
src = python3Packages.fetchPypi {
inherit pname version;
sha256 = "1qg9xyjf27dp0810h4kdliyfb8r3kvi37lq8r93d01xwfphdzs05";
sha256 = "0gap0cyw6sfb4487i1x220rr9fbsz6xyw68l15ar0vfll0zv0760";
};
propagatedBuildInputs = [
mopidy
mopidy-local-images
] ++ (with pythonPackages; [
] ++ (with python3Packages; [
configobj
requests
tornado_4

10
pkgs/applications/audio/mopidy/spotify.nix
View File

@ -1,15 +1,15 @@
{ stdenv, fetchurl, pythonPackages, mopidy }:
{ stdenv, fetchurl, python3Packages, mopidy }:
pythonPackages.buildPythonApplication rec {
python3Packages.buildPythonApplication rec {
pname = "mopidy-spotify";
version = "3.1.0";
version = "4.0.1";
src = fetchurl {
url = "https://github.com/mopidy/mopidy-spotify/archive/v${version}.tar.gz";
sha256 = "1mh87w4j0ypvsrnax7kkjgfxfpnw3l290jvfzg56b8qlwf20khjl";
sha256 = "1ac8r8050i5r3ag1hlblbcyskqjqz7wgamndbzsmw52qi6hxk44f";
};
propagatedBuildInputs = [ mopidy pythonPackages.pyspotify ];
propagatedBuildInputs = [ mopidy python3Packages.pyspotify ];
doCheck = false;

4
pkgs/applications/editors/okteta/default.nix
View File

@ -4,11 +4,11 @@
stdenv.mkDerivation rec {
pname = "okteta";
version = "0.26.2";
version = "0.26.3";
src = fetchurl {
url = "mirror://kde/stable/okteta/${version}/src/${pname}-${version}.tar.xz";
sha256 = "0k38hd9wq6jvzy0225y61rzr7lgwbac1haalhsrfpmyjy6d833dv";
sha256 = "1454844s76skk18gpcf56y9pkmffs7p4z09ggmy37ifzf7yk1p19";
};
nativeBuildInputs = [ qtscript extra-cmake-modules kdoctools ];

3
pkgs/applications/misc/calibre/default.nix
View File

@ -93,12 +93,13 @@ mkDerivation rec {
netifaces
pillow
python
pyqt5_with_qtwebkit
pyqt5
sip
regex
msgpack
beautifulsoup4
html2text
pyqtwebengine
# the following are distributed with calibre, but we use upstream instead
odfpy
]

2
pkgs/applications/misc/gmtp/default.nix
View File

@ -26,7 +26,7 @@ stdenv.mkDerivation {
description = "A simple MP3 and Media player client for UNIX and UNIX like systems.";
homepage = https://gmtp.sourceforge.io;
platforms = stdenv.lib.platforms.linux;
maintainers = [ stdenv.lib.maintainers.pbogdan ];
maintainers = [ ];
license = stdenv.lib.licenses.bsd3;
};
}

4
pkgs/applications/misc/syncthingtray/default.nix
View File

@ -20,14 +20,14 @@
}:
mkDerivation rec {
version = "0.10.5";
version = "0.10.6";
pname = "syncthingtray";
src = fetchFromGitHub {
owner = "Martchus";
repo = "syncthingtray";
rev = "v${version}";
sha256 = "177ywk1dfdfwz7kvlxx3an1q4vv2c27d7qivy0463a3hvkacybxn";
sha256 = "1lh1qsdy5081jrs27ba0mfh90ya1fj9h6j5k0cdsfap9mcxyjd9g";
};
buildInputs = [ qtbase cpp-utilities qtutilities ]

39
pkgs/applications/networking/browsers/conkeror/default.nix
View File

@ -1,39 +0,0 @@
{ stdenv, fetchgit, unzip, firefox-esr-52, makeWrapper }:
stdenv.mkDerivation rec {
pkgname = "conkeror";
version = "1.0.4";
name = "${pkgname}-${version}";
src = fetchgit {
url = git://repo.or.cz/conkeror.git;
rev = "refs/tags/${version}";
sha256 = "10c57wqybp9kcjpkb01wxq0h3vafcdb1g5kb4k8sb2zajg59afv8";
};
buildInputs = [ unzip makeWrapper ];
installPhase = ''
mkdir -p $out/libexec/conkeror
cp -r * $out/libexec/conkeror
makeWrapper ${firefox-esr-52}/bin/firefox $out/bin/conkeror \
--add-flags "-app $out/libexec/conkeror/application.ini"
'';
meta = with stdenv.lib; {
description = "A keyboard-oriented, customizable, extensible web browser";
longDescription = ''
Conkeror is a keyboard-oriented, highly-customizable, highly-extensible
web browser based on Mozilla XULRunner, written mainly in JavaScript,
and inspired by exceptional software such as Emacs and vi. Conkeror
features a sophisticated keyboard system, allowing users to run commands
and interact with content in powerful and novel ways. It is
self-documenting, featuring a powerful interactive help system.
'';
homepage = http://conkeror.org/;
license = with licenses; [ mpl11 gpl2 lgpl21 ];
maintainers = with maintainers; [ astsmtl ];
platforms = platforms.linux;
};
}

158
pkgs/applications/networking/browsers/firefox/common.nix
View File

@ -1,8 +1,6 @@
{ pname, ffversion, meta, updateScript ? null
, src, unpackPhase ? null, patches ? []
, extraNativeBuildInputs ? [], extraConfigureFlags ? [], extraMakeFlags ? []
, isIceCatLike ? false, icversion ? null
, isTorBrowserLike ? false, tbversion ? null }:
, extraNativeBuildInputs ? [], extraConfigureFlags ? [], extraMakeFlags ? [] }:
{ lib, stdenv, pkgconfig, pango, perl, python2, python3, zip, libIDL
, libjpeg, zlib, dbus, dbus-glib, bzip2, xorg
@ -27,16 +25,14 @@
## privacy-related options
, privacySupport ? isTorBrowserLike || isIceCatLike
, privacySupport ? false
# WARNING: NEVER set any of the options below to `true` by default.
# Set to `!privacySupport` or `false`.
# webrtcSupport breaks the aarch64 build on version >= 60, fixed in 63.
# https://bugzilla.mozilla.org/show_bug.cgi?id=1434589
, webrtcSupport ? !privacySupport && (!stdenv.isAarch64 || !(
lib.versionAtLeast ffversion "60" && lib.versionOlder ffversion "63"
))
, webrtcSupport ? !privacySupport
, geolocationSupport ? !privacySupport
, googleAPISupport ? geolocationSupport
, crashreporterSupport ? false
@ -79,7 +75,7 @@ let
default-toolkit = if stdenv.isDarwin then "cairo-cocoa"
else "cairo-gtk${if gtk3Support then "3${lib.optionalString waylandSupport "-wayland"}" else "2"}";
binaryName = if isIceCatLike then "icecat" else "firefox";
binaryName = "firefox";
binaryNameCapitalized = lib.toUpper (lib.substring 0 1 binaryName) + lib.substring 1 (-1) binaryName;
browserName = if stdenv.isDarwin then binaryNameCapitalized else binaryName;
@ -87,21 +83,17 @@ let
execdir = if stdenv.isDarwin
then "/Applications/${binaryNameCapitalized}.app/Contents/MacOS"
else "/bin";
in
browserVersion = if isIceCatLike then icversion
else if isTorBrowserLike then tbversion
else ffversion;
stdenv.mkDerivation ({
name = "${pname}-unwrapped-${ffversion}";
version = ffversion;
browserPatches = [
inherit src unpackPhase meta;
patches = [
./env_var_for_system_dir.patch
]
++ lib.optional (lib.versionAtLeast ffversion "63" && lib.versionOlder ffversion "68.3.0")
(fetchpatch { # https://bugzilla.mozilla.org/show_bug.cgi?id=1500436#c29
name = "write_error-parallel_make.diff";
url = "https://hg.mozilla.org/mozilla-central/raw-diff/562655fe/python/mozbuild/mozbuild/action/node.py";
sha256 = "11d7rgzinb4mwl7yzhidjkajynmxgmffr4l9isgskfapyax9p88y";
})
++ lib.optionals (stdenv.isAarch64 && lib.versionAtLeast ffversion "66" && lib.versionOlder ffversion "67") [
] ++ lib.optionals (stdenv.isAarch64) [
(fetchpatch {
url = "https://raw.githubusercontent.com/archlinuxarm/PKGBUILDs/09c7fa0dc1d87922e3b464c0fa084df1227fca79/extra/firefox/arm.patch";
sha256 = "1vbpih23imhv5r3g21m3m541z08n9n9j1nvmqax76bmyhn7mxp32";
@ -117,15 +109,6 @@ let
})
++ patches;
in
stdenv.mkDerivation (rec {
name = "${pname}-unwrapped-${version}";
version = browserVersion;
inherit src unpackPhase meta;
patches = browserPatches;
# Ignore trivial whitespace changes in patches, this fixes compatibility of
# ./env_var_for_system_dir.patch with Firefox >=65 without having to track
@ -141,16 +124,14 @@ stdenv.mkDerivation (rec {
xorg.libXext sqlite unzip makeWrapper
libevent libstartup_notification libvpx /* cairo */
icu libpng jemalloc glib
nasm
# >= 66 requires nasm for the AV1 lib dav1d
# yasm can potentially be removed in future versions
# https://bugzilla.mozilla.org/show_bug.cgi?id=1501796
# https://groups.google.com/forum/#!msg/mozilla.dev.platform/o-8levmLU80/SM_zQvfzCQAJ
nspr nss
]
++ lib.optionals (!isTorBrowserLike) [ nspr nss ]
++ lib.optional (lib.versionOlder ffversion "53") libXdamage
++ lib.optional (lib.versionOlder ffversion "61") hunspell
# >= 66 requires nasm for the AV1 lib dav1d
# yasm can potentially be removed in future versions
# https://bugzilla.mozilla.org/show_bug.cgi?id=1501796
# https://groups.google.com/forum/#!msg/mozilla.dev.platform/o-8levmLU80/SM_zQvfzCQAJ
++ lib.optional (lib.versionAtLeast ffversion "66") nasm
++ lib.optional alsaSupport alsaLib
++ lib.optional pulseaudioSupport libpulseaudio # only headers are needed
++ lib.optional gtk3Support gtk3
@ -162,27 +143,33 @@ stdenv.mkDerivation (rec {
NIX_CFLAGS_COMPILE = toString ([
"-I${glib.dev}/include/gio-unix-2.0"
]
++ lib.optionals (!isTorBrowserLike) [
"-I${nss.dev}/include/nss"
]
++ lib.optional (pname == "firefox-esr" && lib.versionAtLeast ffversion "68"
&& lib.versionOlder ffversion "69")
++ lib.optional (pname == "firefox-esr" && lib.versionOlder ffversion "69")
"-Wno-error=format-security");
postPatch = lib.optionalString (lib.versionAtLeast ffversion "63.0" && !isTorBrowserLike) ''
postPatch = ''
substituteInPlace third_party/prio/prio/rand.c --replace 'nspr/prinit.h' 'prinit.h'
'' + lib.optionalString (lib.versionAtLeast ffversion "68") ''
rm -rf obj-x86_64-pc-linux-gnu
'';
nativeBuildInputs =
[ autoconf213 which gnused pkgconfig perl python2 cargo rustc ]
[
autoconf213
cargo
gnused
llvmPackages.llvm # llvm-objdump
nodejs
perl
pkgconfig
python2
python3
rust-cbindgen
rustc
which
]
++ lib.optional gtk3Support wrapGAppsHook
++ lib.optionals stdenv.isDarwin [ xcbuild rsync ]
++ lib.optional (lib.versionAtLeast ffversion "61.0") python3
++ lib.optionals (lib.versionAtLeast ffversion "63.0") [ rust-cbindgen nodejs ]
++ lib.optionals (lib.versionAtLeast ffversion "67.0") [ llvmPackages.llvm ] # llvm-objdump is required in version >=67.0
++ extraNativeBuildInputs;
preConfigure = ''
@ -190,14 +177,8 @@ stdenv.mkDerivation (rec {
rm -f configure
rm -f js/src/configure
rm -f .mozconfig*
'' + (if lib.versionAtLeast ffversion "58"
# this will run autoconf213
then ''
# this will run autoconf213
configureScript="$(realpath ./mach) configure"
'' else ''
make -f client.mk configure-files
configureScript="$(realpath ./configure)"
'') + lib.optionalString (lib.versionAtLeast ffversion "53") ''
export MOZCONFIG=$(pwd)/mozconfig
# Set C flags for Rust's bindgen program. Unlike ordinary C
@ -214,23 +195,16 @@ stdenv.mkDerivation (rec {
$NIX_CFLAGS_COMPILE"
echo "ac_add_options BINDGEN_CFLAGS='$BINDGEN_CFLAGS'" >> $MOZCONFIG
'' + lib.optionalString googleAPISupport ''
'' + (lib.optionalString googleAPISupport ''
# Google API key used by Chromium and Firefox.
# Note: These are for NixOS/nixpkgs use ONLY. For your own distribution,
# please get your own set of keys.
echo "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI" > $TMPDIR/ga
# 60.5+ & 66+ did split the google API key arguments: https://bugzilla.mozilla.org/show_bug.cgi?id=1531176
${if (lib.versionAtLeast ffversion "60.6" && lib.versionOlder ffversion "61") || (lib.versionAtLeast ffversion "66") then ''
configureFlagsArray+=("--with-google-location-service-api-keyfile=$TMPDIR/ga")
configureFlagsArray+=("--with-google-safebrowsing-api-keyfile=$TMPDIR/ga")
'' else ''
configureFlagsArray+=("--with-google-api-keyfile=$TMPDIR/ga")
''}
'' + lib.optionalString (lib.versionOlder ffversion "58") ''
cd obj-*
''
# AS=as in the environment causes build failure https://bugzilla.mozilla.org/show_bug.cgi?id=1497286
+ lib.optionalString (lib.versionAtLeast ffversion "64") ''
configureFlagsArray+=("--with-google-location-service-api-keyfile=$TMPDIR/ga")
configureFlagsArray+=("--with-google-safebrowsing-api-keyfile=$TMPDIR/ga")
'') + ''
# AS=as in the environment causes build failure https://bugzilla.mozilla.org/show_bug.cgi?id=1497286
unset AS
'';
@ -255,32 +229,15 @@ stdenv.mkDerivation (rec {
"--enable-jemalloc"
"--disable-gconf"
"--enable-default-toolkit=${default-toolkit}"
]
++ lib.optional (lib.versionOlder ffversion "64") "--disable-maintenance-service"
++ lib.optional (stdenv.isDarwin && lib.versionAtLeast ffversion "61") "--disable-xcode-checks"
++ lib.optional (lib.versionOlder ffversion "61") "--enable-system-hunspell"
++ lib.optionals (lib.versionAtLeast ffversion "56") [
"--with-libclang-path=${llvmPackages.libclang}/lib"
"--with-clang-path=${llvmPackages.clang}/bin/clang"
]
++ lib.optionals (lib.versionAtLeast ffversion "57" && lib.versionOlder ffversion "69") [
"--enable-webrender=build"
]
# TorBrowser patches these
++ lib.optionals (!isTorBrowserLike) [
"--with-system-nspr"
"--with-system-nss"
]
# and wants these
++ lib.optionals isTorBrowserLike ([
"--with-tor-browser-version=${tbversion}"
"--with-distribution-id=org.torproject"
"--enable-signmar"
"--enable-verify-mar"
"--enable-bundled-fonts"
])
++ lib.optional (stdenv.isDarwin) "--disable-xcode-checks"
++ lib.optionals (lib.versionOlder ffversion "69") [
"--enable-webrender=build"
]
++ flag alsaSupport "alsa"
++ flag pulseaudioSupport "pulseaudio"
@ -290,11 +247,6 @@ stdenv.mkDerivation (rec {
++ flag crashreporterSupport "crashreporter"
++ lib.optional drmSupport "--enable-eme=widevine"
++ lib.optionals (lib.versionOlder ffversion "60") ([]
++ flag geolocationSupport "mozril-geoloc"
++ flag safeBrowsingSupport "safe-browsing"
)
++ (if debugBuild then [ "--enable-debug" "--enable-profiling" ]
else [ "--disable-debug" "--enable-release"
"--enable-optimize"
@ -302,29 +254,16 @@ stdenv.mkDerivation (rec {
++ lib.optional enableOfficialBranding "--enable-official-branding"
++ extraConfigureFlags;
# Before 58 we have to run `make -f client.mk configure-files` at
# the top level, and then run `./configure` in the obj-* dir (see
# above), but in 58 we have to instead run `./mach configure` at the
# top level and then run `make` in obj-*. (We can also run the
# `make` at the top level in 58, but then we would have to `cd` to
# `make install` anyway. This is ugly, but simple.)
postConfigure = lib.optionalString (lib.versionAtLeast ffversion "58") ''
postConfigure = ''
cd obj-*
'';
preBuild = lib.optionalString isTorBrowserLike ''
buildFlagsArray=("MOZ_APP_DISPLAYNAME=Tor Browser")
'';
makeFlags = lib.optionals enableOfficialBranding [
"MOZILLA_OFFICIAL=1"
"BUILD_OFFICIAL=1"
]
++ extraMakeFlags;
RUSTFLAGS = if (lib.versionAtLeast ffversion "67"/*somewhere betwween ESRs*/)
then null else "--cap-lints warn";
enableParallelBuilding = true;
doCheck = false; # "--disable-tests" above
@ -355,10 +294,9 @@ stdenv.mkDerivation (rec {
'';
passthru = {
inherit version updateScript;
inherit updateScript;
version = ffversion;
isFirefox3Like = true;
inherit isIceCatLike;
inherit isTorBrowserLike;
gtk = gtk2;
inherit nspr;
inherit ffmpegSupport;
@ -366,12 +304,12 @@ stdenv.mkDerivation (rec {
inherit execdir;
inherit browserName;
} // lib.optionalAttrs gtk3Support { inherit gtk3; };
} //
# the build system verifies checksums of the bundled rust sources
# ./third_party/rust is be patched by our libtool fixup code in stdenv
# unfortunately we can't just set this to `false` when we do not want it.
# See https://github.com/NixOS/nixpkgs/issues/77289 for more details
lib.optionalAttrs (lib.versionAtLeast ffversion "72") {
# Ideally we would figure out how to tell the build system to not
# care about changed hashes as we are already doing that when we

149
pkgs/applications/networking/browsers/firefox/packages.nix
View File

@ -1,4 +1,4 @@
{ lib, callPackage, fetchurl, fetchFromGitHub, overrideCC, gccStdenv, gcc6 }:
{ config, lib, callPackage, fetchurl, fetchFromGitHub, overrideCC, gccStdenv, gcc6 }:
let
@ -40,64 +40,6 @@ rec {
};
};
# Do not remove. This is the last version of Firefox that supports
# the old plugins. While this package is unsafe to use for browsing
# the web, there are many old useful plugins targeting offline
# activities (e.g. ebook readers, syncronous translation, etc) that
# will probably never be ported to WebExtensions API.
firefox-esr-52 = (common rec {
pname = "firefox-esr";
ffversion = "52.9.0esr";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz";
sha512 = "bfca42668ca78a12a9fb56368f4aae5334b1f7a71966fbba4c32b9c5e6597aac79a6e340ac3966779d2d5563eb47c054ab33cc40bfb7306172138ccbd3adb2b9";
};
patches = [
# this one is actually an omnipresent bug
# https://bugzilla.mozilla.org/show_bug.cgi?id=1444519
./fix-pa-context-connect-retval.patch
];
meta = firefox.meta // {
description = "A web browser built from Firefox Extended Support Release source tree";
knownVulnerabilities = [ "Support ended in August 2018." ];
};
}).override {
stdenv = overrideCC gccStdenv gcc6; # gcc7 fails with "undefined reference to `__divmoddi4'"
gtk3Support = false;
};
firefox-esr-60 = common rec {
pname = "firefox-esr";
ffversion = "60.9.0esr";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz";
sha512 = "4baea5c9c4eff257834bbaee6d7786f69f7e6bacd24ca13c2705226f4a0d88315ab38c650b2c5e9c76b698f2debc7cea1e5a99cb4dc24e03c48a24df5143a3cf";
};
patches = [
./no-buildconfig-ffx65.patch
# this one is actually an omnipresent bug
# https://bugzilla.mozilla.org/show_bug.cgi?id=1444519
./fix-pa-context-connect-retval.patch
missing-documentation-patch
];
meta = firefox.meta // {
description = "A web browser built from Firefox Extended Support Release source tree";
knownVulnerabilities = [ "Support ended around October 2019." ];
};
updateScript = callPackage ./update.nix {
attrPath = "firefox-esr-60-unwrapped";
versionSuffix = "esr";
versionKey = "ffversion";
};
};
firefox-esr-68 = common rec {
pname = "firefox-esr";
ffversion = "68.4.2esr";
@ -119,86 +61,23 @@ rec {
versionKey = "ffversion";
};
};
} // lib.optionalAttrs (config.allowAliases or true) {
#### ALIASES
#### remove after 20.03 branchoff
} // (let
firefox-esr-52 = throw ''
firefoxPackages.firefox-esr-52 was removed as it's an unsupported ESR with
open security issues. If you need it because you need to run some plugins
not having been ported to WebExtensions API, import it from an older
nixpkgs checkout still containing it.
'';
firefox-esr-60 = throw "firefoxPackages.firefox-esr-60 was removed as it's an unsupported ESR with open security issues.";
iccommon = args: common (args // {
pname = "icecat";
isIceCatLike = true;
meta = (args.meta or {}) // {
description = "The GNU version of the Firefox web browser";
longDescription = ''
GNUzilla is the GNU version of the Mozilla suite, and GNU
IceCat is the GNU version of the Firefox web browser.
Notable differences from mainline Firefox:
- entirely free software, no non-free plugins, addons,
artwork,
- no telemetry, no "studies",
- sane privacy and security defaults (for instance, unlike
Firefox, IceCat does _zero_ network requests on startup by
default, which means that with IceCat you won't need to
unplug your Ethernet cable each time you want to create a
new browser profile without announcing that action to a
bunch of data-hungry corporations),
- all essential privacy and security settings can be
configured directly from the main screen,
- optional first party isolation (like TorBrowser),
- comes with HTTPS Everywhere (like TorBrowser), Tor Browser
Button (like TorBrowser Bundle), LibreJS, and SpyBlock
plugins out of the box.
This package can be installed together with Firefox and
TorBrowser, it will use distinct binary names and profile
directories.
'';
homepage = "https://www.gnu.org/software/gnuzilla/";
platforms = lib.platforms.unix;
license = with lib.licenses; [ mpl20 gpl3Plus ];
};
});
in {
icecat = iccommon rec {
ffversion = "60.3.0";
icversion = "${ffversion}-gnu1";
src = fetchurl {
url = "mirror://gnu/gnuzilla/${ffversion}/icecat-${icversion}.tar.bz2";
sha256 = "0icnl64nxcyf7dprpdpygxhabsvyhps8c3ixysj9bcdlj9q34ib1";
};
patches = [
./no-buildconfig.patch
missing-documentation-patch
];
meta.knownVulnerabilities = [ "Support ended around October 2019." ];
};
# Similarly to firefox-esr-52 above.
icecat-52 = iccommon rec {
ffversion = "52.6.0";
icversion = "${ffversion}-gnu1";
src = fetchurl {
url = "mirror://gnu/gnuzilla/${ffversion}/icecat-${icversion}.tar.bz2";
sha256 = "09fn54glqg1aa93hnz5zdcy07cps09dbni2b4200azh6nang630a";
};
patches = [
# this one is actually an omnipresent bug
# https://bugzilla.mozilla.org/show_bug.cgi?id=1444519
./fix-pa-context-connect-retval.patch
];
meta.knownVulnerabilities = [ "Support ended in August 2018." ];
};
icecat = throw "firefoxPackages.icecat was removed as even its latest upstream version is based on an unsupported ESR release with open security issues.";
icecat-52 = throw "firefoxPackages.icecat was removed as even its latest upstream version is based on an unsupported ESR release with open security issues.";
tor-browser-7-5 = throw "firefoxPackages.tor-browser-7-5 was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452.";
tor-browser-8-5 = throw "firefoxPackages.tor-browser-8-5 was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452.";
tor-browser = throw "firefoxPackages.tor-browser was removed because it was out of date and inadequately maintained. Please use tor-browser-bundle-bin instead. See #77452.";
})
}

4
pkgs/applications/networking/browsers/firefox/wrapper.nix
View File

@ -155,9 +155,9 @@ let
install -D -t $out/share/applications $desktopItem/share/applications/*
mkdir -p $out/lib/mozilla
mkdir -p $out/lib/mozilla/native-messaging-hosts
for ext in ${toString nativeMessagingHosts}; do
lndir -silent $ext/lib/mozilla $out/lib/mozilla
ln -sLt $out/lib/mozilla/native-messaging-hosts $ext/lib/mozilla/native-messaging-hosts/*
done
# For manpages, in case the program supplies them

4
pkgs/applications/networking/browsers/opera/default.nix
View File

@ -47,11 +47,11 @@ let
in stdenv.mkDerivation rec {
pname = "opera";
version = "66.0.3515.36";
version = "66.0.3515.72";
src = fetchurl {
url = "${mirror}/${version}/linux/${pname}-stable_${version}_amd64.deb";
sha256 = "1kmd8dxdid593a98a13n8k22hi1whvichda6qam2bqcz99rsczdd";
sha256 = "1mw4sfjf9ijbgghkbkg45b6kzbd0qa0mxb88ajrjnxf4g26brhra";
};
unpackCmd = "${dpkg}/bin/dpkg-deb -x $curSrc .";

4
pkgs/applications/networking/browsers/palemoon/default.nix
View File

@ -13,13 +13,13 @@ let
in stdenv.mkDerivation rec {
pname = "palemoon";
version = "28.8.1";
version = "28.8.2.1";
src = fetchFromGitHub {
owner = "MoonchildProductions";
repo = "UXP";
rev = "PM${version}_Release";
sha256 = "055bmfgasxf7azjqry06bbgwx6ryrdc1zrcq8b217b6zb1in037x";
sha256 = "1m7dfgy5vjw1ndjsh0aksvsp0ii2kj7gxn0sp3h0xgwi0yq7lwyb";
};
desktopItem = makeDesktopItem {

4
pkgs/applications/networking/p2p/tribler/default.nix
View File

@ -3,11 +3,11 @@
stdenv.mkDerivation rec {
pname = "tribler";
version = "7.4.0-exp1";
version = "7.4.1";
src = fetchurl {
url = "https://github.com/Tribler/tribler/releases/download/v${version}/Tribler-v${version}.tar.xz";
sha256 = "18ziisg0v2gdxnprbhqsryz92yk270waj0la7m2h326k5qql3qkf";
sha256 = "1s9hzr0n00d3hb1z2srq75j7mbml6csylb14hzy9psw27q2c0fqs";
};
nativeBuildInputs = [

114
pkgs/applications/office/scribus/unstable.nix
View File

@ -1,12 +1,41 @@
{ stdenv, fetchurl, fetchpatch, mkDerivation, pkgconfig, cmake, qtbase, cairo, pixman,
boost, cups, fontconfig, freetype, hunspell, libjpeg, libtiff, libxml2, lcms2,
podofo, poppler, poppler_data, python2, qtimageformats, qttools, harfbuzzFull }:
{ boost
, cairo
, cmake
, cups
, fetchpatch
, fetchurl
, fontconfig
, freetype
, harfbuzzFull
, hunspell
, lcms2
, libjpeg
, libtiff
, libxml2
, mkDerivation
, pixman
, pkgconfig
, podofo
, poppler
, poppler_data
, python2
, qtbase
, qtimageformats
, qttools
, stdenv
}:
let
pythonEnv = python2.withPackages(ps: [ps.tkinter ps.pillow]);
pythonEnv = python2.withPackages (
ps: [
ps.pillow
ps.tkinter
]
);
in
mkDerivation rec {
pname = "scribus";
version = "1.5.5";
src = fetchurl {
@ -16,31 +45,72 @@ mkDerivation rec {
patches = [
# fix build with Poppler 0.82
(fetchpatch {
url = "https://github.com/scribusproject/scribus/commit/6db15ec1af791377b28981601f8c296006de3c6f.patch";
sha256 = "1y6g3avmsmiyaj8xry1syaz8sfznsavh6l2rp13pj2bwsxfcf939";
})
(
fetchpatch {
url = "https://github.com/scribusproject/scribus/commit/6db15ec1af791377b28981601f8c296006de3c6f.patch";
sha256 = "1y6g3avmsmiyaj8xry1syaz8sfznsavh6l2rp13pj2bwsxfcf939";
}
)
# fix build with Poppler 0.83
(fetchpatch {
url = "https://github.com/scribusproject/scribus/commit/b51c2bab4d57d685f96d427d6816bdd4ecfb4674.patch";
sha256 = "031yy9ylzksczfnpcc4glfccz025sn47zg6fqqzjnqqrc16bgdlx";
})
(
fetchpatch {
url = "https://github.com/scribusproject/scribus/commit/b51c2bab4d57d685f96d427d6816bdd4ecfb4674.patch";
sha256 = "031yy9ylzksczfnpcc4glfccz025sn47zg6fqqzjnqqrc16bgdlx";
}
)
# fix build with Poppler 0.84
# TODO: Remove patches with scribus version > 1.5.5 as it should be fixed upstream in next version
(
fetchpatch {
url = "https://github.com/scribusproject/scribus/commit/3742559924136c2471ab15081c5b600dd5feaeb0.patch";
sha256 = "1d72h7jbajy9w83bnxmhn1ca947hpfxnfbmq30g5ljlj824c7y9y";
}
)
];
enableParallelBuilding = true;
nativeBuildInputs = [ pkgconfig cmake ];
buildInputs = [
qtbase cairo pixman boost cups fontconfig
freetype hunspell libjpeg libtiff libxml2 lcms2 podofo poppler
poppler_data pythonEnv qtimageformats qttools harfbuzzFull
nativeBuildInputs = [
cmake
pkgconfig
];
meta = {
maintainers = [ stdenv.lib.maintainers.erictapen ];
platforms = stdenv.lib.platforms.linux;
buildInputs = [
boost
cairo
cups
fontconfig
freetype
harfbuzzFull
hunspell
lcms2
libjpeg
libtiff
libxml2
pixman
podofo
poppler
poppler_data
pythonEnv
qtbase
qtimageformats
qttools
];
meta = with stdenv.lib; {
maintainers = with maintainers; [
erictapen
kiwi
];
platforms = platforms.linux;
description = "Desktop Publishing (DTP) and Layout program for Linux";
homepage = http://www.scribus.net;
license = stdenv.lib.licenses.gpl2;
homepage = "http://www.scribus.net";
# There are a lot of licenses... https://github.com/scribusproject/scribus/blob/20508d69ca4fc7030477db8dee79fd1e012b52d2/COPYING#L15-L19
license = with licenses; [
bsd3
gpl2
mit
publicDomain
];
};
}

4
pkgs/applications/science/electronics/pcb/default.nix
View File

@ -21,11 +21,11 @@
stdenv.mkDerivation rec {
pname = "pcb";
version = "4.2.1";
version = "4.2.2";
src = fetchurl {
url = "mirror://sourceforge/pcb/${pname}-${version}.tar.gz";
sha256 = "1i9zvcj0vgwp2g2hkmvafdq0k39klj90jsdanqx9xl7gl70345cq";
sha256 = "0pbfyfadbia1jf9ywkf02j8mfdh8c3mj390c2jdqnl70vcdszvhw";
};
nativeBuildInputs = [

4
pkgs/applications/science/logic/verifast/default.nix
View File

@ -20,11 +20,11 @@ let
in
stdenv.mkDerivation rec {
pname = "verifast";
version = "18.02";
version = "19.12";
src = fetchurl {
url = "https://github.com/verifast/verifast/releases/download/${version}/${pname}-${version}-linux.tar.gz";
sha256 = "19050be23b6d5e471690421fee59f84c58b29e38379fb86b8f3713a206a4423e";
sha256 = "169kshjq4cf4i9v92azv0xaflrnik5686w7fwcgdhd6qkbzflzl6";
};
dontStrip = true;

4
pkgs/applications/science/logic/workcraft/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "workcraft";
version = "3.1.9";
version = "3.2.5";
src = fetchurl {
url = "https://github.com/workcraft/workcraft/releases/download/v${version}/workcraft-v${version}-linux.tar.gz";
sha256 = "0d1mi8jffwr7irp215j9rfpa3nmwxrx6mv13bh7vn0qf6i0aw0xi";
sha256 = "11dk00b17yhk7cv8zms4nlffc0qwgsapimzr8csb89qmgabd7rj3";
};
buildInputs = [ makeWrapper ];

4
pkgs/applications/version-management/git-repo/default.nix
View File

@ -4,13 +4,13 @@
stdenv.mkDerivation rec {
pname = "git-repo";
version = "1.13.9.3";
version = "1.13.9.4";
src = fetchFromGitHub {
owner = "android";
repo = "tools_repo";
rev = "v${version}";
sha256 = "0xrgq6v1bh9zgrgg2r9z4zndzch08p0z5y3sppffyrb19mib055k";
sha256 = "0kkb3s472zvmz5xign25rgv7amdzhjb1wvchqxaf80g4913rw583";
};
patches = [ ./import-ssl-module.patch ];

46
pkgs/applications/version-management/gitkraken/default.nix
View File

@ -1,8 +1,8 @@
{ stdenv, libXcomposite, libgnome-keyring, makeWrapper, udev, curl, alsaLib
, libXfixes, atk, gtk3, libXrender, pango, gnome3, cairo, freetype, fontconfig
, libX11, libXi, libxcb, libXext, libXcursor, glib, libXScrnSaver, libxkbfile, libXtst
, nss, nspr, cups, fetchurl, expat, gdk-pixbuf, libXdamage, libXrandr, dbus
, dpkg, makeDesktopItem, openssl, wrapGAppsHook, at-spi2-atk, libuuid
, nss, nspr, cups, fetchzip, expat, gdk-pixbuf, libXdamage, libXrandr, dbus
, makeDesktopItem, openssl, wrapGAppsHook, at-spi2-atk, at-spi2-core, libuuid
, e2fsprogs, krb5
}:
@ -13,13 +13,16 @@ let
in
stdenv.mkDerivation rec {
pname = "gitkraken";
version = "6.4.1";
version = "6.5.1";
src = fetchurl {
url = "https://release.axocdn.com/linux/GitKraken-v${version}.deb";
sha256 = "1w8iwpbr6nwzhhf63fvr7pd66yjx3jgjy4gx5y02qxa3ip5psq5b";
src = fetchzip {
url = "https://release.axocdn.com/linux/GitKraken-v${version}.tar.gz";
sha256 = "0dwjwismv4rfw58801g2ay51h9qrffcxgbl910frd4i530w0y44p";
};
dontBuild = true;
dontConfigure = true;
libPath = makeLibraryPath [
stdenv.cc.cc.lib
curlWithGnuTls
@ -54,6 +57,7 @@ stdenv.mkDerivation rec {
libgnome-keyring
openssl
at-spi2-atk
at-spi2-core
libuuid
e2fsprogs
krb5
@ -69,27 +73,27 @@ stdenv.mkDerivation rec {
comment = "Graphical Git client from Axosoft";
};
nativeBuildInputs = [ dpkg makeWrapper wrapGAppsHook ];
nativeBuildInputs = [ makeWrapper wrapGAppsHook ];
buildInputs = [ gtk3 gnome3.adwaita-icon-theme ];
unpackCmd = ''
mkdir out
dpkg -x $curSrc out
'';
installPhase = ''
runHook preInstall
mkdir $out
pushd usr
pushd share
substituteInPlace applications/gitkraken.desktop \
--replace /usr/share/gitkraken $out/bin
popd
rm -rf bin/gitkraken share/lintian
cp -av share bin $out/
popd
mkdir -p $out/share/gitkraken/
cp -R $src/* $out/share/gitkraken/
mkdir -p $out/bin
ln -s $out/share/gitkraken/gitkraken $out/bin/gitkraken
mkdir -p $out/share/applications
cp ${desktopItem}/share/applications/* $out/share/applications/
substituteInPlace $out/share/applications/gitkraken.desktop \
--replace $out/usr/share/gitkraken $out/bin
mkdir -p $out/share/pixmaps
cp gitkraken.png $out/share/pixmaps/gitkraken.png
runHook postInstall
'';

8
pkgs/applications/video/handbrake/default.nix
View File

@ -49,11 +49,11 @@ assert stdenv.isDarwin -> AudioToolbox != null && Foundation != null
stdenv.mkDerivation rec {
pname = "handbrake";
version = "1.3.0";
version = "1.3.1";
src = fetchurl {
url = ''https://download2.handbrake.fr/${version}/HandBrake-${version}-source.tar.bz2'';
sha256 = "15hxncswmaj62hb40fxixsa6d519zb712z9xbdq979q4rasjxa59";
url = ''https://download.handbrake.fr/releases/${version}/HandBrake-${version}-source.tar.bz2'';
sha256 = "09rcrq0kjs1lc1as7w3glbpbfvzldwpx3xv0pfmkn4pl7acxw1f0";
};
nativeBuildInputs = [
@ -102,8 +102,6 @@ stdenv.mkDerivation rec {
# NOTE: 2018-12-27: Check NixOS HandBrake test if changing
NIX_LDFLAGS = toString [
"-lx265"
# NOTE: The -ldl flag was fixed upstream for a release after 1.3.0
"-ldl"
];
preBuild = ''

64
pkgs/applications/video/manim/default.nix Normal file
View File

@ -0,0 +1,64 @@
{ lib, buildPythonApplication, fetchFromGitHub, pythonOlder, file, fetchpatch
, cairo, ffmpeg, sox, xdg_utils, texlive
, colour, numpy, pillow, progressbar, scipy, tqdm, opencv , pycairo, pydub
, pbr, fetchPypi
}:
buildPythonApplication rec {
pname = "manim";
version = "0.1.10";
src = fetchPypi {
pname = "manimlib";
inherit version;
sha256 = "0vg9b3rwypq5zir74pi0pmj47yqlcg7hrvscwrpjzjbqq2yihn49";
};
patches = [ ./remove-dependency-constraints.patch ];
nativeBuildInputs = [ pbr ];
propagatedBuildInputs = [
colour
numpy
pillow
progressbar
scipy
tqdm
opencv
pycairo
pydub
cairo sox ffmpeg xdg_utils
];
# Test with texlive to see whether it works but don't propagate
# because it's huge and optional
# TODO: Use smaller TexLive distribution
# Doesn't need everything but it's hard to figure out what it needs
checkInputs = [ cairo sox ffmpeg xdg_utils texlive.combined.scheme-full ];
# Simple test and complex test with LaTeX
checkPhase = ''
for scene in SquareToCircle OpeningManimExample
do
python3 manim.py example_scenes.py $scene -l
tail -n 20 files/Tex/*.log # Print potential LaTeX erorrs
${file}/bin/file videos/example_scenes/480p15/$scene.mp4 \
| tee | grep -F "ISO Media, MP4 Base Media v1 [IS0 14496-12:2003]"
done
'';
disabled = pythonOlder "3.7";
meta = {
description = "Animation engine for explanatory math videos";
longDescription = ''
Manim is an animation engine for explanatory math videos. It's used to
create precise animations programmatically, as seen in the videos of
3Blue1Brown on YouTube.
'';
homepage = https://github.com/3b1b/manim;
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ johnazoidberg ];
};
}

26
pkgs/applications/video/manim/remove-dependency-constraints.patch Normal file
View File

@ -0,0 +1,26 @@
diff --git i/requirements.txt w/requirements.txt
index 556122ad..11fd49d5 100644
--- i/requirements.txt
+++ w/requirements.txt
@@ -1,11 +1,10 @@
-argparse==1.4.0
-colour==0.1.5
-numpy==1.15.0
-Pillow==5.2.0
-progressbar==2.5
-scipy==1.1.0
-tqdm==4.24.0
-opencv-python==3.4.2.17
-pycairo==1.17.1; sys_platform == 'linux'
-pycairo>=1.18.0; sys_platform == 'win32'
-pydub==0.23.0
+colour
+numpy
+Pillow
+progressbar
+scipy
+tqdm
+pycairo
+pycairo>=1.18.1; sys_platform == 'win32'
+pydub
+pyreadline==2.1; sys_platform == 'win32'

4
pkgs/data/misc/osinfo-db/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "osinfo-db";
version = "20191125";
version = "20200203";
src = fetchurl {
url = "https://releases.pagure.org/libosinfo/${pname}-${version}.tar.xz";
sha256 = "102mdykp5pjv7lw7saig640vb5a8ivy4ji8sa68q2wzfwg1yix78";
sha256 = "1zjq1dhlci00j17dij7s3l30hybzmaykpk5b6bd5xbllp745njn5";
};
nativeBuildInputs = [ osinfo-db-tools intltool libxml2 ];

4
pkgs/data/themes/ant-theme/default.nix
View File

@ -32,8 +32,6 @@ stdenv.mkDerivation rec {
homepage = https://github.com/EliverLara/Ant;
license = licenses.gpl3;
platforms = platforms.all;
maintainers = [
maintainers.pbogdan
];
maintainers = [ ];
};
}

164
pkgs/development/compilers/adoptopenjdk-bin/sources.json
View File

@ -4,30 +4,30 @@
"jdk": {
"hotspot": {
"aarch64": {
"build": "11",
"sha256": "10e33e1862638e11a9158947b3d7b461727d8e396e378b171be1eb4dfe12f1ed",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.4%2B11/OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.4_11.tar.gz",
"version": "11.0.4"
"build": "10",
"sha256": "04b77f6754aed68528f39750c5cfd6a439190206aff216aa081d62a0e1a794fa",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.6%2B10/OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.6_10.tar.gz",
"version": "11.0.6"
},
"armv6l": {
"build": "10",
"sha256": "c6b1fda3f8807028cbfcc34a4ded2e8a5a6b6239d2bcc1f06673ea6b1530df94",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.5%2B10/OpenJDK11U-jdk_arm_linux_hotspot_11.0.5_10.tar.gz",
"version": "11.0.5"
"sha256": "ab5b76203e54fe7a5221535f6f407efa43153de029a746f60af3cffb7cb5080b",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.6%2B10/OpenJDK11U-jdk_arm_linux_hotspot_11.0.6_10.tar.gz",
"version": "11.0.6"
},
"armv7l": {
"build": "10",
"sha256": "c6b1fda3f8807028cbfcc34a4ded2e8a5a6b6239d2bcc1f06673ea6b1530df94",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.5%2B10/OpenJDK11U-jdk_arm_linux_hotspot_11.0.5_10.tar.gz",
"version": "11.0.5"
"sha256": "ab5b76203e54fe7a5221535f6f407efa43153de029a746f60af3cffb7cb5080b",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.6%2B10/OpenJDK11U-jdk_arm_linux_hotspot_11.0.6_10.tar.gz",
"version": "11.0.6"
},
"packageType": "jdk",
"vmType": "hotspot",
"x86_64": {
"build": "10",
"sha256": "6dd0c9c8a740e6c19149e98034fba8e368fd9aa16ab417aa636854d40db1a161",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.5%2B10/OpenJDK11U-jdk_x64_linux_hotspot_11.0.5_10.tar.gz",
"version": "11.0.5"
"sha256": "330d19a2eaa07ed02757d7a785a77bab49f5ee710ea03b4ee2fa220ddd0feffc",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.6%2B10/OpenJDK11U-jdk_x64_linux_hotspot_11.0.6_10.tar.gz",
"version": "11.0.6"
}
},
"openj9": {
@ -35,27 +35,27 @@
"vmType": "openj9",
"x86_64": {
"build": "10",
"sha256": "6ead0515aecb24c6a8f5f3800a070b7d20a66c8f26cba5dad137824da590a532",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.5%2B10_openj9-0.17.0/OpenJDK11U-jdk_x64_linux_openj9_11.0.5_10_openj9-0.17.0.tar.gz",
"version": "11.0.5"
"sha256": "1530172ee98edd129954fcdca1bf725f7b30c8bfc3cdc381c88de96b7d19e690",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.6%2B10_openj9-0.18.1/OpenJDK11U-jdk_x64_linux_openj9_11.0.6_10_openj9-0.18.1.tar.gz",
"version": "11.0.6"
}
}
},
"jre": {
"hotspot": {
"aarch64": {
"build": "11",
"sha256": "5f7b5c110fc0f344a549cb11784a6d76838061a2b6f654f7841f60e0cd286c6a",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.4%2B11/OpenJDK11U-jre_aarch64_linux_hotspot_11.0.4_11.tar.gz",
"version": "11.0.4"
"build": "10",
"sha256": "7ed04ed9ed7271528e7f03490f1fd7dfbbc2d391414bd6fe4dd80ec3bad76d30",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.6%2B10/OpenJDK11U-jre_aarch64_linux_hotspot_11.0.6_10.tar.gz",
"version": "11.0.6"
},
"packageType": "jre",
"vmType": "hotspot",
"x86_64": {
"build": "10",
"sha256": "2f08c469c9a8adea1b6ee3444ba2a8242a7e99d87976a077faf037a9eb7f884b",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.5%2B10/OpenJDK11U-jre_x64_linux_hotspot_11.0.5_10.tar.gz",
"version": "11.0.5"
"sha256": "c5a4e69e2be0e3e5f5bb7c759960b20650967d0f571baad4a7f15b2c03bda352",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.6%2B10/OpenJDK11U-jre_x64_linux_hotspot_11.0.6_10.tar.gz",
"version": "11.0.6"
}
},
"openj9": {
@ -63,9 +63,9 @@
"vmType": "openj9",
"x86_64": {
"build": "10",
"sha256": "2b68ea68d41281238a9dbe494cec762bd97fe34cf4fb6ba44ee1ce66bcec9d38",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.5%2B10_openj9-0.17.0/OpenJDK11U-jre_x64_linux_openj9_11.0.5_10_openj9-0.17.0.tar.gz",
"version": "11.0.5"
"sha256": "056e4b5f7166f5daa44f36b06c735913bda52831d2e77fa2ac371505c66d10c1",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.6%2B10_openj9-0.18.1/OpenJDK11U-jre_x64_linux_openj9_11.0.6_10_openj9-0.18.1.tar.gz",
"version": "11.0.6"
}
}
}
@ -77,9 +77,9 @@
"vmType": "hotspot",
"x86_64": {
"build": "10",
"sha256": "0825d0d3177832320b697944cd8e7b2e7fe3893fafe8bfcf33ee3631aa5ca96b",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.5%2B10/OpenJDK11U-jdk_x64_mac_hotspot_11.0.5_10.tar.gz",
"version": "11.0.5"
"sha256": "b87102274d983bf6bb0aa6c2c623301d0ff5eb7f61043ffd04abb00f962c2dcd",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.6%2B10/OpenJDK11U-jdk_x64_mac_hotspot_11.0.6_10.tar.gz",
"version": "11.0.6"
}
},
"openj9": {
@ -87,9 +87,9 @@
"vmType": "openj9",
"x86_64": {
"build": "10",
"sha256": "97dc8234b73e233316b5dfdca75af9a0d54aa23b1309b1a68fd0a5d2fa928e05",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.5%2B10.1_openj9-0.17.0/OpenJDK11U-jdk_x64_mac_openj9_11.0.5_10_openj9-0.17.0.tar.gz",
"version": "11.0.5"
"sha256": "9a5c5b3bb51a82e666c46b2d1bbafa8c2bbc3aae50194858c8f96c5d43a96f64",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.6%2B10_openj9-0.18.1/OpenJDK11U-jdk_x64_mac_openj9_11.0.6_10_openj9-0.18.1.tar.gz",
"version": "11.0.6"
}
}
},
@ -99,9 +99,9 @@
"vmType": "hotspot",
"x86_64": {
"build": "10",
"sha256": "dfd212023321ebb41bce8cced15b4668001e86ecff6bffdd4f2591ccaae41566",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.5%2B10/OpenJDK11U-jre_x64_mac_hotspot_11.0.5_10.tar.gz",
"version": "11.0.5"
"sha256": "ab3c2038a32c62843500109d2efb8f5dacdfa1de3cbb713c8226f26dc603cc33",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.6%2B10/OpenJDK11U-jre_x64_mac_hotspot_11.0.6_10.tar.gz",
"version": "11.0.6"
}
},
"openj9": {
@ -109,9 +109,9 @@
"vmType": "openj9",
"x86_64": {
"build": "10",
"sha256": "ea6bd0be4562e766c035b997447c059d10d5d2e58ca464c57f9078858da1c967",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.5%2B10.1_openj9-0.17.0/OpenJDK11U-jre_x64_mac_openj9_11.0.5_10_openj9-0.17.0.tar.gz",
"version": "11.0.5"
"sha256": "130850133d9701393352c2ce13ab541b4f900ff1f5ddf8257cda624968aada9f",
"url": "https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.6%2B10_openj9-0.18.1/OpenJDK11U-jre_x64_mac_openj9_11.0.6_10_openj9-0.18.1.tar.gz",
"version": "11.0.6"
}
}
}
@ -127,23 +127,35 @@
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u232-b09/OpenJDK8U-jdk_aarch64_linux_hotspot_8u232b09.tar.gz",
"version": "8.0.232"
},
"armv6l": {
"build": "9",
"sha256": "fdd9f61f1b2df74242da54ee3b3231b0123782a917e9673351276da439c7cab1",
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u232-b09/OpenJDK8U-jdk_arm_linux_hotspot_8u232b09.tar.gz",
"version": "8.0.232"
},
"armv7l": {
"build": "9",
"sha256": "fdd9f61f1b2df74242da54ee3b3231b0123782a917e9673351276da439c7cab1",
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u232-b09/OpenJDK8U-jdk_arm_linux_hotspot_8u232b09.tar.gz",
"version": "8.0.232"
},
"packageType": "jdk",
"vmType": "hotspot",
"x86_64": {
"build": "9",
"sha256": "7b7884f2eb2ba2d47f4c0bf3bb1a2a95b73a3a7734bd47ebf9798483a7bcc423",
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u232-b09/OpenJDK8U-jdk_x64_linux_hotspot_8u232b09.tar.gz",
"version": "8.0.232"
"build": "8",
"sha256": "f39b523c724d0e0047d238eb2bb17a9565a60574cf651206c867ee5fc000ab43",
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u242-b08/OpenJDK8U-jdk_x64_linux_hotspot_8u242b08.tar.gz",
"version": "8.0.242"
}
},
"openj9": {
"packageType": "jdk",
"vmType": "openj9",
"x86_64": {
"build": "9",
"sha256": "abea758c7e102f3c4a3be8757ee0ce039a70e2d498c160400dfb83c6f7004dbf",
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u232-b09_openj9-0.17.0/OpenJDK8U-jdk_x64_linux_openj9_8u232b09_openj9-0.17.0.tar.gz",
"version": "8.0.232"
"build": "8",
"sha256": "ca785af638b24f9d4df896f5a9f557cc9f1e5fa5e2b1174d6b906e3fd5474c2e",
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u242-b08_openj9-0.18.1/OpenJDK8U-jdk_x64_linux_openj9_8u242b08_openj9-0.18.1.tar.gz",
"version": "8.0.242"
}
}
},
@ -155,23 +167,35 @@
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u232-b09/OpenJDK8U-jre_aarch64_linux_hotspot_8u232b09.tar.gz",
"version": "8.0.232"
},
"armv6l": {
"build": "9",
"sha256": "8ab786fc2fa0a282f5cf57f6040f1976c32c3c5e480e900ce5925de6543f6688",
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u232-b09/OpenJDK8U-jre_arm_linux_hotspot_8u232b09.tar.gz",
"version": "8.0.232"
},
"armv7l": {
"build": "9",
"sha256": "8ab786fc2fa0a282f5cf57f6040f1976c32c3c5e480e900ce5925de6543f6688",
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u232-b09/OpenJDK8U-jre_arm_linux_hotspot_8u232b09.tar.gz",
"version": "8.0.232"
},
"packageType": "jre",
"vmType": "hotspot",
"x86_64": {
"build": "9",
"sha256": "bd06b84a1fc10e0a555431bc49a84e86df45de0be93c8ee4d09d13513219843b",
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u232-b09/OpenJDK8U-jre_x64_linux_hotspot_8u232b09.tar.gz",
"version": "8.0.232"
"build": "8",
"sha256": "5edfaefdbb0469d8b24d61c8aef80c076611053b1738029c0232b9a632fe2708",
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u242-b08/OpenJDK8U-jre_x64_linux_hotspot_8u242b08.tar.gz",
"version": "8.0.242"
}
},
"openj9": {
"packageType": "jre",
"vmType": "openj9",
"x86_64": {
"build": "9",
"sha256": "30bdfdb38901d4807d96a72a33b83f7a4f40255e11a88853c1e8732acc4644a7",
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u232-b09_openj9-0.17.0/OpenJDK8U-jre_x64_linux_openj9_8u232b09_openj9-0.17.0.tar.gz",
"version": "8.0.232"
"build": "8",
"sha256": "985d3134b64c6196d4c9ddbc87af0c62b0e643cef71b29f3d25a8c7811811745",
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u242-b08_openj9-0.18.1/OpenJDK8U-jre_x64_linux_openj9_8u242b08_openj9-0.18.1.tar.gz",
"version": "8.0.242"
}
}
}
@ -182,20 +206,20 @@
"packageType": "jdk",
"vmType": "hotspot",
"x86_64": {
"build": "9",
"sha256": "c237b2c2c32c893e4ee60cdac8c4bcc34ca731a5445986c03b95cf79918e40c3",
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u232-b09/OpenJDK8U-jdk_x64_mac_hotspot_8u232b09.tar.gz",
"version": "8.0.232"
"build": "8",
"sha256": "06675b7d65bce0313ee1f2e888dd44267e8afeced75e0b39b5ad1f5fdff54e0b",
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u242-b08/OpenJDK8U-jdk_x64_mac_hotspot_8u242b08.tar.gz",
"version": "8.0.242"
}
},
"openj9": {
"packageType": "jdk",
"vmType": "openj9",
"x86_64": {
"build": "9",
"sha256": "168079dcc20f62ac4409800c78d23a63ba7c665e58cd7ac8bde21ebbbb2b6d48",
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u232-b09.1_openj9-0.17.0/OpenJDK8U-jdk_x64_mac_openj9_8u232b09_openj9-0.17.0.tar.gz",
"version": "8.0.232"
"build": "8",
"sha256": "665dc9c8239b7270b007ab9dd7522570e2686e327d89caf57a6aa6e5c6450078",
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u242-b08_openj9-0.18.1/OpenJDK8U-jdk_x64_mac_openj9_8u242b08_openj9-0.18.1.tar.gz",
"version": "8.0.242"
}
}
},
@ -204,20 +228,20 @@
"packageType": "jre",
"vmType": "hotspot",
"x86_64": {
"build": "9",
"sha256": "5ec5f11dbc81ab65641b765e1ef2f924736c0d1cc797cb95b078598d9d863afd",
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u232-b09/OpenJDK8U-jre_x64_mac_hotspot_8u232b09.tar.gz",
"version": "8.0.232"
"build": "8",
"sha256": "fae3777e3441dc7384c339a9054aa7efc40cd2c501625a535c2d4648367ccca3",
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u242-b08/OpenJDK8U-jre_x64_mac_hotspot_8u242b08.tar.gz",
"version": "8.0.242"
}
},
"openj9": {
"packageType": "jre",
"vmType": "openj9",
"x86_64": {
"build": "9",
"sha256": "60b70aa16c8ca38b96c305003f3d9871897555d0b4039b8e1f8db9ceeab16d53",
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u232-b09.1_openj9-0.17.0/OpenJDK8U-jre_x64_mac_openj9_8u232b09_openj9-0.17.0.tar.gz",
"version": "8.0.232"
"build": "8",
"sha256": "d4a924558ddda0aed671a67f71714b71c25871a7659fd4c505851cf5ee866de5",
"url": "https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u242-b08_openj9-0.18.1/OpenJDK8U-jre_x64_mac_openj9_8u242b08_openj9-0.18.1.tar.gz",
"version": "8.0.242"
}
}
}

94
pkgs/development/compilers/bluespec/default.nix Normal file
View File

@ -0,0 +1,94 @@
{ stdenv
, fetchFromGitHub
, fetchpatch
, autoconf
, automake
, fontconfig
, gmp
, gperf
, haskell
, libX11
, libpoly
, perl
, pkgconfig
, verilog
, xorg
, zlib
}:
let
# yices wants a libgmp.a and fails otherwise
gmpStatic = gmp.override { withStatic = true; };
# Compiling PreludeBSV fails with more recent GHC versions
# > imperative statement (not BVI context)
# https://github.com/B-Lang-org/bsc/issues/20#issuecomment-583724030
ghcWithPackages = haskell.packages.ghc844.ghc.withPackages (g: (with g; [old-time regex-compat syb]));
in stdenv.mkDerivation rec {
pname = "bluespec";
version = "unstable-2020.02.09";
src = fetchFromGitHub {
owner = "B-Lang-org";
repo = "bsc";
rev = "05c8afb08078e437c635b9c708124b428ac51b3d";
sha256 = "06yhpkz7wga1a0p9031cfjqbzw7205bj2jxgdghhfzmllaiphniy";
fetchSubmodules = true;
};
enableParallelBuilding = true;
buildInputs = [
zlib
gmpStatic gperf libpoly # yices
libX11 # tcltk
xorg.libXft
fontconfig
];
nativeBuildInputs = [
automake autoconf
perl
pkgconfig
ghcWithPackages
];
checkInputs = [
verilog
];
patches = [
# drop stp support https://github.com/B-Lang-org/bsc/pull/31
(fetchpatch {
url = "https://github.com/flokli/bsc/commit/0bd48ecc2561541dc1368918863c0b2f4915006f.patch";
sha256 = "0bam9anld33zfi9d4gs502g94w49zhl5iqmbs2d1p5i19aqpy38l";
})
];
preBuild = ''
patchShebangs \
src/Verilog/copy_module.pl \
src/comp/update-build-version.sh \
src/comp/update-build-system.sh \
src/comp/wrapper.sh
'';
makeFlags = [
"NOGIT=1" # https://github.com/B-Lang-org/bsc/issues/12
"LDCONFIG=ldconfig" # https://github.com/B-Lang-org/bsc/pull/43
];
installPhase = "mv inst $out";
doCheck = true;
meta = {
description = "Toolchain for the Bluespec Hardware Definition Language";
homepage = "https://github.com/B-Lang-org/bsc";
license = stdenv.lib.licenses.bsd3;
platforms = [ "x86_64-linux" ];
# darwin fails at https://github.com/B-Lang-org/bsc/pull/35#issuecomment-583731562
# aarch64 fails, as GHC fails with "ghc: could not execute: opt"
maintainers = with stdenv.lib.maintainers; [ flokli thoughtpolice ];
};
}

2
pkgs/development/compilers/gcc/4.9/default.nix
View File

@ -303,7 +303,7 @@ stdenv.mkDerivation ({
compiler used in the GNU system including the GNU/Linux variant.
'';
maintainers = with stdenv.lib.maintainers; [ peti ];
maintainers = with stdenv.lib.maintainers; [ peti veprbl ];
platforms =
stdenv.lib.platforms.linux ++

252
pkgs/development/compilers/gcc/snapshot/default.nix
View File

@ -1,252 +0,0 @@
{ stdenv, targetPackages, fetchurl, fetchpatch, noSysDirs
, langC ? true, langCC ? true, langFortran ? false
, langObjC ? stdenv.targetPlatform.isDarwin
, langObjCpp ? stdenv.targetPlatform.isDarwin
, langGo ? false
, profiledCompiler ? false
, staticCompiler ? false
, enableShared ? true
, enableLTO ? true
, texinfo ? null
, perl ? null # optional, for texi2pod (then pod2man)
, gmp, mpfr, libmpc, gettext, which
, libelf # optional, for link-time optimizations (LTO)
, isl ? null # optional, for the Graphite optimization framework.
, zlib ? null
, enableMultilib ? false
, enablePlugin ? stdenv.hostPlatform == stdenv.buildPlatform # Whether to support user-supplied plug-ins
, name ? "gcc"
, libcCross ? null
, threadsCross ? null # for MinGW
, crossStageStatic ? false
, # Strip kills static libs of other archs (hence no cross)
stripped ? stdenv.hostPlatform == stdenv.buildPlatform
&& stdenv.targetPlatform == stdenv.hostPlatform
, gnused ? null
, cloog # unused; just for compat with gcc4, as we override the parameter on some places
, flex ? null
, buildPackages
}:
# LTO needs libelf and zlib.
assert libelf != null -> zlib != null;
# Make sure we get GNU sed.
assert stdenv.hostPlatform.isDarwin -> gnused != null;
# The go frontend is written in c++
assert langGo -> langCC;
# threadsCross is just for MinGW
assert threadsCross != null -> stdenv.targetPlatform.isWindows;
with stdenv.lib;
with builtins;
let majorVersion = "7";
version = "${majorVersion}-20170409";
inherit (stdenv) buildPlatform hostPlatform targetPlatform;
patches =
[ ]
++ optional (targetPlatform != hostPlatform) ../libstdc++-target.patch
++ optional noSysDirs ../no-sys-dirs.patch
++ optional langFortran ../gfortran-driving.patch
++ optional (!crossStageStatic && targetPlatform.isMinGW) (fetchpatch {
url = "https://raw.githubusercontent.com/lhmouse/MINGW-packages/${import ../common/mfcgthreads-patches-repo.nix}/mingw-w64-gcc-git/9000-gcc-${majorVersion}-branch-Added-mcf-thread-model-support-from-mcfgthread.patch";
sha256 = "1nyjnshpq5gbcbbpfv27hy4ajvycmgkpiabkjlxnnrnq1d99k1ay";
});
/* Cross-gcc settings (build == host != target) */
crossMingw = targetPlatform != hostPlatform && targetPlatform.libc == "msvcrt";
stageNameAddon = if crossStageStatic then "stage-static" else "stage-final";
crossNameAddon = optionalString (targetPlatform != hostPlatform) "${targetPlatform.config}-${stageNameAddon}-";
in
stdenv.mkDerivation ({
pname = "${crossNameAddon}${name}${if stripped then "" else "-debug"}";
inherit version;
builder = ../builder.sh;
src = fetchurl {
url = "mirror://gcc/snapshots/${version}/gcc-${version}.tar.bz2";
sha256 = "19197rw1xrpkb8h10lfgn6zj7yj52x95hdmr0x5lg8i4v3i23b67";
};
inherit patches;
outputs = [ "out" "lib" "man" "info" ];
setOutputFlags = false;
NIX_NO_SELF_RPATH = true;
libc_dev = stdenv.cc.libc_dev;
hardeningDisable = [ "format" "pie" ];
postPatch =
if targetPlatform != hostPlatform || stdenv.cc.libc != null then
# On NixOS, use the right path to the dynamic linker instead of
# `/lib/ld*.so'.
let
libc = if libcCross != null then libcCross else stdenv.cc.libc;
in
'' echo "fixing the \`GLIBC_DYNAMIC_LINKER' and \`UCLIBC_DYNAMIC_LINKER' macros..."
for header in "gcc/config/"*-gnu.h "gcc/config/"*"/"*.h
do
grep -q LIBC_DYNAMIC_LINKER "$header" || continue
echo " fixing \`$header'..."
sed -i "$header" \
-e 's|define[[:blank:]]*\([UCG]\+\)LIBC_DYNAMIC_LINKER\([0-9]*\)[[:blank:]]"\([^\"]\+\)"$|define \1LIBC_DYNAMIC_LINKER\2 "${libc.out}\3"|g'
done
''
else null;
inherit noSysDirs staticCompiler crossStageStatic
libcCross crossMingw;
depsBuildBuild = [ buildPackages.stdenv.cc ];
nativeBuildInputs = [ texinfo which gettext ]
++ (optional (perl != null) perl);
# For building runtime libs
depsBuildTarget =
if hostPlatform == buildPlatform then [
targetPackages.stdenv.cc.bintools # newly-built gcc will be used
] else assert targetPlatform == hostPlatform; [ # build != host == target
stdenv.cc
];
buildInputs = [
gmp mpfr libmpc libelf flex
targetPackages.stdenv.cc.bintools # For linking code at run-time
] ++ (optional (isl != null) isl)
++ (optional (zlib != null) zlib)
# The builder relies on GNU sed (for instance, Darwin's `sed' fails with
# "-i may not be used with stdin"), and `stdenvNative' doesn't provide it.
++ (optional hostPlatform.isDarwin gnused)
;
depsTargetTarget = optional (!crossStageStatic && threadsCross != null) threadsCross;
NIX_LDFLAGS = stdenv.lib.optionalString hostPlatform.isSunOS "-lm -ldl";
preConfigure = import ../common/pre-configure.nix {
inherit (stdenv) lib;
inherit version hostPlatform langGo;
};
dontDisableStatic = true;
# TODO(@Ericson2314): Always pass "--target" and always prefix.
configurePlatforms = [ "build" "host" ] ++ stdenv.lib.optional (targetPlatform != hostPlatform) "target";
configureFlags = import ../common/configure-flags.nix {
inherit
stdenv
targetPackages
crossStageStatic libcCross
version
gmp mpfr libmpc libelf isl
enableLTO
enableMultilib
enablePlugin
enableShared
langC
langCC
langFortran
langGo
langObjC
langObjCpp
;
};
targetConfig = if targetPlatform != hostPlatform then targetPlatform.config else null;
buildFlags = optional
(targetPlatform == hostPlatform && hostPlatform == buildPlatform)
(if profiledCompiler then "profiledbootstrap" else "bootstrap");
dontStrip = !stripped;
NIX_STRIP_DEBUG = !stripped;
installTargets =
if stripped
then "install-strip"
else "install";
# https://gcc.gnu.org/install/specific.html#x86-64-x-solaris210
${if hostPlatform.system == "x86_64-solaris" then "CC" else null} = "gcc -m64";
# Setting $CPATH and $LIBRARY_PATH to make sure both `gcc' and `xgcc' find the
# library headers and binaries, regarless of the language being compiled.
#
# Likewise, the LTO code doesn't find zlib.
#
# Cross-compiling, we need gcc not to read ./specs in order to build the g++
# compiler (after the specs for the cross-gcc are created). Having
# LIBRARY_PATH= makes gcc read the specs from ., and the build breaks.
CPATH = optionals (targetPlatform == hostPlatform) (makeSearchPathOutput "dev" "include" ([]
++ optional (zlib != null) zlib
));
LIBRARY_PATH = optionals (targetPlatform == hostPlatform) (makeLibraryPath (optional (zlib != null) zlib));
inherit
(import ../common/extra-target-flags.nix {
inherit stdenv crossStageStatic libcCross threadsCross;
})
EXTRA_TARGET_FLAGS
EXTRA_TARGET_LDFLAGS
;
passthru = {
inherit langC langCC langObjC langObjCpp langFortran langGo version;
isGNU = true;
};
enableParallelBuilding = true;
inherit enableMultilib;
inherit (stdenv) is64bit;
meta = {
homepage = https://gcc.gnu.org/;
license = stdenv.lib.licenses.gpl3Plus; # runtime support libraries are typically LGPLv3+
description = "GNU Compiler Collection, version ${version}"
+ (if stripped then "" else " (with debugging info)");
longDescription = ''
The GNU Compiler Collection includes compiler front ends for C, C++,
Objective-C, Fortran, OpenMP for C/C++/Fortran, and Ada, as well as
libraries for these languages (libstdc++, libgomp,...).
GCC development is a part of the GNU Project, aiming to improve the
compiler used in the GNU system including the GNU/Linux variant.
'';
maintainers = with stdenv.lib.maintainers; [ ];
platforms =
stdenv.lib.platforms.linux ++
stdenv.lib.platforms.freebsd ++
stdenv.lib.platforms.illumos ++
stdenv.lib.platforms.darwin;
broken = true;
};
}
// optionalAttrs (targetPlatform != hostPlatform && targetPlatform.libc == "msvcrt" && crossStageStatic) {
makeFlags = [ "all-gcc" "all-target-libgcc" ];
installTargets = "install-gcc install-target-libgcc";
}
// optionalAttrs (enableMultilib) { dontMoveLib64 = true; }
)

6
pkgs/development/interpreters/octave/default.nix
View File

@ -18,11 +18,11 @@ let
in
stdenv.mkDerivation rec {
version = "5.1.0";
version = "5.2.0";
pname = "octave";
src = fetchurl {
url = "mirror://gnu/octave/${pname}-${version}.tar.gz";
sha256 = "15blrldzwyxma16rnd4n01gnsrriii0dwmyca6m7qz62r8j12sz3";
sha256 = "1qcmcpsq1lfka19fxzvxjwjhg113c39a9a0x8plkhvwdqyrn5sig";
};
buildInputs = [ gfortran readline ncurses perl flex texinfo qhull
@ -77,7 +77,7 @@ stdenv.mkDerivation rec {
};
meta = {
homepage = http://octave.org/;
homepage = "https://www.gnu.org/software/octave/";
license = stdenv.lib.licenses.gpl3Plus;
maintainers = with stdenv.lib.maintainers; [raskin];
description = "Scientific Pragramming Language";

75
pkgs/development/interpreters/octave/hg.nix
View File

@ -1,75 +0,0 @@
args@{ stdenv, openblas, ghostscript ? null, texinfo
, # These are arguments that shouldn't be passed to the
# octave package.
texlive, tex ? texlive.combined.scheme-small
, epstool, pstoedit, transfig
, lib, fetchhg, callPackage
, autoconf, automake, libtool
, bison, librsvg, icoutils, gperf
, # These are options that can be passed in addition to the ones
# octave usually takes.
# - rev is the HG revision. Use "tip" for the bleeding edge.
# - docs can be set to false to skip building documentation.
rev ? "23269", docs ? true
, # All remaining arguments will be passed to the octave package.
...
}:
with stdenv.lib;
let
octaveArgs = removeAttrs args
[ "texlive" "tex"
"epstool" "pstoedit" "transfig"
"lib" "fetchhg" "callPackage"
"autoconf" "automake" "libtool"
"bison" "librsvg" "icoutils" "gperf"
"rev" "docs"
];
octave = callPackage ./default.nix octaveArgs;
# List of hashes for known HG revisions.
sha256s = {
"23269" = "87f560e873ad1454fdbcdd8aca65f9f0b1e605bdc00aebbdc4f9d862ca72ff1d";
};
in lib.overrideDerivation octave (attrs: rec {
version = "4.3.0pre${rev}";
name = "octave-${version}";
src = fetchhg {
url = http://www.octave.org/hg/octave;
inherit rev;
sha256 =
if builtins.hasAttr rev sha256s
then builtins.getAttr rev sha256s
else null;
fetchSubrepos = true;
};
# Octave's test for including this flag seems to be broken in 4.3.
F77_INTEGER_8_FLAG = optional openblas.blas64 "-fdefault-integer-8";
# This enables texinfo to find the files it needs.
TEXINPUTS = ".:build-aux:${texinfo}/texmf-dist/tex/generic/epsf:";
disableDocs = !docs || ghostscript == null;
nativeBuildInputs = attrs.nativeBuildInputs
++ [ autoconf automake libtool bison librsvg icoutils gperf ]
++ optionals (!disableDocs) [ tex epstool pstoedit transfig ];
# Run bootstrap before any other patches, as other patches may refer
# to files that are generated by the bootstrap.
prePatch = ''
patchShebangs bootstrap
./bootstrap
'' + attrs.prePatch;
configureFlags = attrs.configureFlags ++
optional disableDocs "--disable-docs";
})

1
pkgs/development/libraries/aws-c-event-stream/default.nix
View File

@ -16,6 +16,7 @@ stdenv.mkDerivation rec {
buildInputs = [ aws-c-common aws-checksums ] ++ lib.optional stdenv.hostPlatform.isMusl libexecinfo;
cmakeFlags = [
"-DBUILD_SHARED_LIBS:BOOL=ON"
"-DCMAKE_MODULE_PATH=${aws-c-common}/lib/cmake"
];

2
pkgs/development/libraries/aws-checksums/default.nix
View File

@ -13,6 +13,8 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ cmake ];
cmakeFlags = [ "-DBUILD_SHARED_LIBS:BOOL=ON" ];
meta = with lib; {
description = "HW accelerated CRC32c and CRC32";
homepage = https://github.com/awslabs/aws-checksums;

4
pkgs/development/libraries/grpc/default.nix
View File

@ -1,13 +1,13 @@
{ stdenv, fetchFromGitHub, fetchpatch, cmake, zlib, c-ares, pkgconfig, openssl, protobuf, gflags }:
stdenv.mkDerivation rec {
version = "1.26.0"; # N.B: if you change this, change pythonPackages.grpcio and pythonPackages.grpcio-tools to a matching version too
version = "1.27.1"; # N.B: if you change this, change pythonPackages.grpcio and pythonPackages.grpcio-tools to a matching version too
pname = "grpc";
src = fetchFromGitHub {
owner = "grpc";
repo = "grpc";
rev = "v${version}";
sha256 = "1fxydarl00vbhd9q153qn4ax1yc6xrd8wij6bfy9j8chipw1bgir";
sha256 = "1yvmqxv6pwzbxw3si47x3anvl2pp3qy1acspmz4v60pd188c1fnc";
fetchSubmodules = true;
};
patches = [

2
pkgs/development/libraries/libcdio-paranoia/default.nix
View File

@ -30,6 +30,6 @@ stdenv.mkDerivation {
license = licenses.gpl3;
homepage = https://github.com/rocky/libcdio-paranoia;
platforms = platforms.linux ++ platforms.darwin;
maintainers = [ maintainers.pbogdan ];
maintainers = [ ];
};
}

4
pkgs/development/libraries/libdap/default.nix
View File

@ -1,7 +1,7 @@
{ stdenv, fetchurl, bison, libuuid, curl, libxml2, flex }:
stdenv.mkDerivation rec {
version = "3.20.4";
version = "3.20.5";
pname = "libdap";
nativeBuildInputs = [ bison flex ];
@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "https://www.opendap.org/pub/source/${pname}-${version}.tar.gz";
sha256 = "0x44igs389b49nb2psd656wpvmbx9bwmla2l5ahfa09vxb314s5i";
sha256 = "17j6ca2qsp69a91lm11mwbs4l8q13xqcdz60l94avl5krymrqg47";
};
meta = with stdenv.lib; {

5
pkgs/development/libraries/libexif/default.nix
View File

@ -25,6 +25,11 @@ stdenv.mkDerivation rec {
sha256 = "01aqvz63glwq6wg0wr7ykqqghb4abgq77ghvhizbzadg1k4h7drx";
excludes = [ "NEWS" ];
})
(fetchpatch {
name = "CVE-2019-9278.patch";
url = "https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566.patch";
sha256 = "10ikg33mips5zq9as7l9xqnyzbg1wwr4sw17517nzf4hafjpasrj";
})
];
buildInputs = [ gettext ];

4
pkgs/development/libraries/libgpiod/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "libgpiod";
version = "1.4.1";
version = "1.4.2";
src = fetchurl {
url = "https://git.kernel.org/pub/scm/libs/libgpiod/libgpiod.git/snapshot/libgpiod-${version}.tar.gz";
sha256 = "0x8ar31b0cp47dgmamxf6a54ixwrjgvs81zra8l9ws4szrzgrnbw";
sha256 = "0r0hdindy6pi1va3mhk2lg5dis0qbi535k790w76dxfx1hyavk70";
};
buildInputs = [ kmod ];

4
pkgs/development/libraries/libphonenumber/default.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "phonenumber";
version = "8.10.20";
version = "8.11.3";
src = fetchFromGitHub {
owner = "googlei18n";
repo = "libphonenumber";
rev = "v${version}";
sha256 = "12xszrd4mrjabhzsp0xvy2qx2rxl36y5a00xfsh0w7bc299rq13v";
sha256 = "06y3mh1d1mks6d0ynxp3980g712nkf8l5nyljpybsk326b246hg9";
};
nativeBuildInputs = [

4
pkgs/development/libraries/libsolv/default.nix
View File

@ -1,14 +1,14 @@
{ stdenv, fetchFromGitHub, cmake, ninja, zlib, expat, rpm, db }:
stdenv.mkDerivation rec {
version = "0.7.10";
version = "0.7.11";
pname = "libsolv";
src = fetchFromGitHub {
owner = "openSUSE";
repo = "libsolv";
rev = version;
sha256 = "1qih2j2vng32hk5c0v16gcr7nfq218hrync7xbn33aham8cxfrfa";
sha256 = "1jq08qgj05cr9zk5paj3qvma7y2ixvkqlvbszcgmfvx0yq4gl1af";
};
cmakeFlags = [

2
pkgs/development/libraries/poppler/default.nix
View File

@ -12,7 +12,7 @@ let
in
stdenv.mkDerivation rec {
name = "poppler-${suffix}-${version}";
version = "0.84.0"; # beware: updates often break cups-filters build, check texlive too!
version = "0.84.0"; # beware: updates often break cups-filters build, check texlive and scribusUnstable too!
src = fetchurl {
url = "${meta.homepage}/poppler-${version}.tar.xz";

4
pkgs/development/libraries/ti-rpc/default.nix
View File

@ -1,11 +1,11 @@
{ fetchurl, stdenv, autoreconfHook, libkrb5 }:
stdenv.mkDerivation rec {
name = "libtirpc-1.1.4";
name = "libtirpc-1.2.5";
src = fetchurl {
url = "mirror://sourceforge/libtirpc/${name}.tar.bz2";
sha256 = "07anqypf7c719x9y683qz65cxllmzlgmlab2hlahrqcj4bq2k99c";
sha256 = "1jl6a5kkw2vrp4gb6pmvf72rqimywvwfb9f7iz2xjg4wgq63bdpk";
};
outputs = [ "out" "dev" ];

4
pkgs/development/libraries/unixODBCDrivers/default.nix
View File

@ -137,12 +137,12 @@
version = "${versionMajor}.${versionMinor}.${versionAdditional}-1";
versionMajor = "17";
versionMinor = "4";
versionMinor = "5";
versionAdditional = "1.1";
src = fetchurl {
url = "https://packages.microsoft.com/debian/9/prod/pool/main/m/msodbcsql17/msodbcsql${versionMajor}_${version}_amd64.deb";
sha256 = "0jb16irr7qlgd2zshg0vyia7zqipd0pcvwfcr6z807pss1mnzj8w";
sha256 = "0ysrl01z5ca72qw8n8kwwcl432cgiyw4pibfwg5nifx0kd7i7z4z";
};
nativeBuildInputs = [ dpkg patchelf ];

14
pkgs/development/ocaml-modules/apron/default.nix
View File

@ -1,18 +1,20 @@
{ stdenv, fetchzip, perl, gmp, mpfr, ppl, ocaml, findlib, camlidl, mlgmpidl }:
{ stdenv, fetchFromGitHub, perl, gmp, mpfr, ppl, ocaml, findlib, camlidl, mlgmpidl }:
stdenv.mkDerivation rec {
name = "ocaml${ocaml.version}-apron-${version}";
version = "20160125";
src = fetchzip {
url = "http://apron.gforge.inria.fr/apron-${version}.tar.gz";
sha256 = "1a7b7b9wsd0gdvm41lgg6ayb85wxc2a3ggcrghy4qiphs4b9v4m4";
version = "0.9.12";
src = fetchFromGitHub {
owner = "antoinemine";
repo = "apron";
rev = "v${version}";
sha256 = "0bciv4wz52p57q0aggmvixvqrsd1slflfyrm1z6fy5c44f4fmjjn";
};
buildInputs = [ perl gmp mpfr ppl ocaml findlib camlidl ];
propagatedBuildInputs = [ mlgmpidl ];
prefixKey = "-prefix ";
createFindlibDestdir = true;
preBuild = "mkdir -p $out/lib/ocaml/${ocaml.version}/site-lib/stublibs";
meta = {
license = stdenv.lib.licenses.lgpl21;

4
pkgs/development/python-modules/augeas/default.nix
View File

@ -1,13 +1,13 @@
{ stdenv, lib, buildPythonPackage, fetchFromGitHub, augeas, cffi }:
buildPythonPackage rec {
pname = "augeas";
version = "1.0.3";
version = "1.1.0";
src = fetchFromGitHub {
owner = "hercules-team";
repo = "python-augeas";
rev = "v${version}";
sha256 = "1fb904ym8g8hkd82zlibzk6wrldnfd5v5d0rkynsy1zlhcylq4f6";
sha256 = "12q52ilcx059rn544x3712xq6myn99niz131l0fs3xx67456pajh";
};
# TODO: not very nice!

4
pkgs/development/python-modules/azure-mgmt-policyinsights/default.nix
View File

@ -10,12 +10,12 @@
buildPythonPackage rec {
pname = "azure-mgmt-policyinsights";
version = "0.3.1";
version = "0.4.0";
src = fetchPypi {
inherit pname version;
extension = "zip";
sha256 = "b27f5ac367b69e225ab02fa2d1ea20cbbfe948ff43b0af4698cd8cbde0063908";
sha256 = "1b69rz9wm0jvc54vx3b7h633x8gags51xwxrkp6myar40jggxw6g";
};
propagatedBuildInputs = [

4
pkgs/development/python-modules/cmd2/default.nix
View File

@ -6,11 +6,11 @@
}:
buildPythonPackage rec {
pname = "cmd2";
version = "0.9.23";
version = "0.9.25";
src = fetchPypi {
inherit pname version;
sha256 = "17ic6lxzz9yrwxh3l1skcqgr59c47w5fidj5qmrk1l26rkrjxlca";
sha256 = "0w5jh2lanqxsva9fr9p07mmbd5w4v6zmhf6lr0awksvhjx77lhdc";
};
LC_ALL="en_US.UTF-8";

4
pkgs/development/python-modules/django-storages/default.nix
View File

@ -4,11 +4,11 @@
buildPythonPackage rec {
pname = "django-storages";
version = "1.8";
version = "1.9.1";
src = fetchPypi {
inherit pname version;
sha256 = "000abaayhymh4rxmk19hwhlyibc62rs0qdfczkhf4wb3p9san8lk";
sha256 = "148y2hyx1l4pfbqpq8hgq95fw8bhfbblwd3m5xwnhw6frcirk7m5";
};
propagatedBuildInputs = [ django ];

4
pkgs/development/python-modules/feedgen/default.nix
View File

@ -2,11 +2,11 @@
buildPythonPackage rec {
pname = "feedgen";
version = "0.8.0";
version = "0.9.0";
src = fetchPypi {
inherit pname version;
sha256 = "0551ixbcz2gaala4gi3i8gici3haijj7dhvjsz1a61s050276m96";
sha256 = "0jl0b87l7v6c0f1nx6k81skjhdj5i11kmchdjls00mynpvdip0cf";
};
propagatedBuildInputs = [ dateutil lxml ];

22
pkgs/development/python-modules/flower/default.nix Normal file
View File

@ -0,0 +1,22 @@
{ lib, buildPythonPackage, fetchPypi, Babel, celery, importlib-metadata, pytz, tornado, mock }:
buildPythonPackage rec {
pname = "flower";
version = "0.9.3";
src = fetchPypi {
inherit pname version;
sha256 = "7f45acb297ab7cf3dd40140816143a2588f6938dbd70b8c46b59c7d8d1e93d55";
};
propagatedBuildInputs = [ Babel celery importlib-metadata pytz tornado ];
checkInputs = [ mock ];
meta = with lib; {
description = "Celery Flower";
homepage = "https://github.com/mher/flower";
license = licenses.bsdOriginal;
maintainers = [ maintainers.arnoldfarkas ];
};
}

4
pkgs/development/python-modules/geopy/2.nix
View File

@ -7,7 +7,7 @@
buildPythonPackage rec {
pname = "geopy";
version = "1.20.0";
version = "1.21.0";
disabled = !isPy27; # only Python 2.7
doCheck = false; # Needs network access
@ -16,7 +16,7 @@ buildPythonPackage rec {
src = fetchPypi {
inherit pname version;
sha256 = "9419bc90ee6231590c4ae7acf1cf126cefbd0736942da7a6a1436946e80830e2";
sha256 = "1p1sgy2p59j0297bp7c82b45bx4d3i1p4kvbgf89c9i0llyb80nw";
};
meta = with stdenv.lib; {

4
pkgs/development/python-modules/grpcio-tools/default.nix
View File

@ -2,11 +2,11 @@
buildPythonPackage rec {
pname = "grpcio-tools";
version = "1.26.0";
version = "1.27.1";
src = fetchPypi {
inherit pname version;
sha256 = "5580b86cf49936c9c74f0def44d3582a7a1bb720eba8a14805c3a61efa790c70";
sha256 = "e29aa3f7a47d37f8a15605e97bec580baa6bb7ead7114b8d2f20d7b28da30c5c";
};
enableParallelBuilding = true;

4
pkgs/development/python-modules/hstspreload/default.nix
View File

@ -6,14 +6,14 @@
buildPythonPackage rec {
pname = "hstspreload";
version = "2020.1.17";
version = "2020.2.5";
disabled = isPy27;
src = fetchFromGitHub {
owner = "sethmlarson";
repo = pname;
rev = version;
sha256 = "08qcisiscnx74pwavh3ai3lg92zfrikwzr06p700kwk1gp8xhf3v";
sha256 = "1jz4qma04vkiczlj0fd9ahjf6c3yxvycvhp48c3n3l4aw4gfsbiz";
};
# tests require network connection

6
pkgs/development/python-modules/ijson/default.nix
View File

@ -2,18 +2,18 @@
buildPythonPackage rec {
pname = "ijson";
version = "2.5.1";
version = "2.6.1";
src = fetchPypi {
inherit pname version;
sha256 = "19ec46a2f7991004e5202ecee56c569616b8a7f95686ad7fd0a9ec81cac00269";
sha256 = "1l034zq23315icym2n0zppa5lwpdll3mvavmyjbiryxb4c5wdsvm";
};
doCheck = false; # something about yajl
meta = with stdenv.lib; {
description = "Iterative JSON parser with a standard Python iterator interface";
homepage = "https://github.com/isagalaev/ijson";
homepage = "https://github.com/ICRAR/ijson";
license = licenses.bsd3;
maintainers = with maintainers; [ rvl ];
};

4
pkgs/development/python-modules/jieba/default.nix
View File

@ -2,14 +2,14 @@
buildPythonPackage rec {
pname = "jieba";
version = "0.40";
version = "0.42.1";
# no tests in PyPI tarball
src = fetchFromGitHub {
owner = "fxsjy";
repo = pname;
rev = "v${version}";
sha256 = "1nasyxva9m3k9fb9g627ppphp3697jdplbb2bavqx71sa7mqim2m";
sha256 = "028vmd6sj6wn9l1ilw7qfmlpyiysnlzdgdlhwxs6j4fvq0gyrwxk";
};
checkInputs = [ glibcLocales ];

4
pkgs/development/python-modules/kconfiglib/default.nix
View File

@ -2,11 +2,11 @@
buildPythonPackage rec {
pname = "kconfiglib";
version = "13.7.0";
version = "14.1.0";
src = fetchPypi {
inherit pname version;
sha256 = "0dkfprrsds64d2jbqnwdzb4why84jaj968s3ccmyqg5385nr9fwd";
sha256 = "0g690bk789hsry34y4ahvly5c8w8imca90ss4njfqf7m2qicrlmy";
};
# doesnt work out of the box but might be possible

34
pkgs/development/python-modules/localzone/default.nix Normal file
View File

@ -0,0 +1,34 @@
{ stdenv
, buildPythonPackage
, fetchFromGitHub
, dnspython
, sphinx
, pytest
}:
buildPythonPackage rec {
pname = "localzone";
version = "0.9.5";
src = fetchFromGitHub {
owner = "ags-slc";
repo = pname;
rev = "v${version}";
sha256 = "1zziqyhbg8vg901b4hjzzab0paag5cng48vk9xf1hchxk5naf58n";
};
propagatedBuildInputs = [ dnspython sphinx ];
checkInputs = [ pytest ];
checkPhase = ''
pytest
'';
meta = with stdenv.lib; {
description = "A simple DNS library for managing zone files";
homepage = https://localzone.iomaestro.com;
license = licenses.bsd3;
maintainers = with maintainers; [ flyfloh ];
};
}

4
pkgs/development/python-modules/m3u8/default.nix
View File

@ -2,13 +2,13 @@
buildPythonPackage rec {
pname = "m3u8";
version = "0.5.2";
version = "0.5.4";
src = fetchFromGitHub {
owner = "globocom";
repo = pname;
rev = version;
sha256 = "0p6wmwv1nfa5pyakq5d55w9v142z5ja3db3s3qr44kx895d9lhng";
sha256 = "1a2c7vqcysxkaffk40zg8d60l9hpjk0dw221fy9cg72i8jxq1gmm";
};
checkInputs = [ bottle pytest pytestcov ];

28
pkgs/development/python-modules/nbconflux/default.nix Normal file
View File

@ -0,0 +1,28 @@
{ lib, buildPythonPackage, fetchFromGitHub, nbconvert, pytest, requests, responses }:
buildPythonPackage rec {
pname = "nbconflux";
version = "0.7.0";
src = fetchFromGitHub {
owner = "Valassis-Digital-Media";
repo = "nbconflux";
rev = version;
sha256 = "1708qkb275d6f7b4b5zmqx3i0jh56nrx2n9rwwp5nbaah5p2wwlh";
};
propagatedBuildInputs = [ nbconvert requests ];
checkInputs = [ pytest responses ];
checkPhase = ''
pytest tests
'';
meta = with lib; {
description = "Converts Jupyter Notebooks to Atlassian Confluence (R) pages using nbconvert";
homepage = "https://github.com/Valassis-Digital-Media/nbconflux";
license = licenses.bsd3;
maintainers = [ maintainers.arnoldfarkas ];
};
}

4
pkgs/development/python-modules/nuitka/default.nix
View File

@ -12,13 +12,13 @@ let
# Therefore we create a separate env for it.
scons = pkgs.python27.withPackages(ps: [ pkgs.scons ]);
in buildPythonPackage rec {
version = "0.6.6";
version = "0.6.7";
pname = "Nuitka";
# Latest version is not yet on PyPi
src = fetchurl {
url = "https://github.com/kayhayen/Nuitka/archive/${version}.tar.gz";
sha256 = "1ia37072qdbgdvh9qxkrhi3mlqn3kcn0qm5xjz6f68sis6ni9kw2";
sha256 = "09mrm7iz2wdrd7y2csbcidg6bkskjignx2pnifh4i8zlh0vm61bg";
};
checkInputs = [ vmprof pyqt4 ];

8
pkgs/development/python-modules/nwdiag/default.nix
View File

@ -1,19 +1,19 @@
{ stdenv, fetchurl, buildPythonPackage, pep8, nose, unittest2, docutils
, blockdiag
, blockdiag, setuptools
}:
buildPythonPackage rec {
pname = "nwdiag";
version = "1.0.4";
version = "2.0.0";
src = fetchurl {
url = "mirror://pypi/n/nwdiag/${pname}-${version}.tar.gz";
sha256 = "002565875559789a2dfc5f578c07abdf44269c3f7cdf78d4809bdc4bdc2213fa";
sha256 = "1qkl1lq7cblr6fra2rjw3zlcccragp8384hpm4n7dkc5c3yzmmsw";
};
buildInputs = [ pep8 nose unittest2 docutils ];
propagatedBuildInputs = [ blockdiag ];
propagatedBuildInputs = [ blockdiag setuptools ];
# tests fail
doCheck = false;

4
pkgs/development/python-modules/persim/default.nix
View File

@ -11,11 +11,11 @@
buildPythonPackage rec {
pname = "persim";
version = "0.1.1";
version = "0.1.2";
src = fetchPypi {
inherit pname version;
sha256 = "932bb0489d4dc158e4f007ec609c61e4700003d882d8e7bdac218b70d14ce9cf";
sha256 = "0vz6s49ar7mhg4pj4jcbwb79s8acqj6jc70va5w79pjxb5pw8k2n";
};
propagatedBuildInputs = [

4
pkgs/development/python-modules/phonenumbers/default.nix
View File

@ -2,11 +2,11 @@
buildPythonPackage rec {
pname = "phonenumbers";
version = "8.11.2";
version = "8.11.3";
src = fetchPypi {
inherit pname version;
sha256 = "0j73mr3d3rf2r4nkaxbvl7323xima0l95pjagjzgk2piqwa3nbd2";
sha256 = "1rh0860ml00kw5c4b4r31wz5s8cmd5mpxx5slypdgljk4ralyg6p";
};
meta = {

4
pkgs/development/python-modules/pikepdf/default.nix
View File

@ -22,12 +22,12 @@
buildPythonPackage rec {
pname = "pikepdf";
version = "1.8.2";
version = "1.10.0";
disabled = ! isPy3k;
src = fetchPypi {
inherit pname version;
sha256 = "1n3fd7i1br1s4f90yismgfcq9ix5kcqfacr7yy0hhhrabkf2sm37";
sha256 = "1qa4sam1kvglwqwk573mjpsy8cy89yamr4val0g80hq1ribc56ah";
};
buildInputs = [

4
pkgs/development/python-modules/pyTelegramBotAPI/default.nix
View File

@ -2,11 +2,11 @@
buildPythonPackage rec {
pname = "pyTelegramBotAPI";
version = "3.6.6";
version = "3.6.7";
src = fetchPypi {
inherit pname version;
sha256 = "00vycd7jvfnzmvmmhkjx9vf40vkcrwv7adas5i81r2jhjy7sks54";
sha256 = "0spn3gjbppyl4b7kqnc8g30qss72dcb1d6ap2bizyam5wn591z8f";
};
propagatedBuildInputs = [ requests ];

4
pkgs/development/python-modules/pycollada/default.nix
View File

@ -2,11 +2,11 @@
buildPythonPackage rec {
pname = "pycollada";
version = "0.7";
version = "0.7.1";
src = fetchPypi {
inherit pname version;
sha256 = "0b2vz9fp9asw57m3p9zjlz9gddanrhpxbdfimg98ik654kp2vj7r";
sha256 = "1rp4wlvfywgk3v6l3hnhjx61x9yqawvvivpq4dig2jj71k3mpsyj";
};
propagatedBuildInputs = [ numpy dateutil ];

4
pkgs/development/python-modules/pydantic/default.nix
View File

@ -12,14 +12,14 @@
buildPythonPackage rec {
pname = "pydantic";
version = "1.3";
version = "1.4";
disabled = !isPy3k;
src = fetchFromGitHub {
owner = "samuelcolvin";
repo = pname;
rev = "v${version}";
sha256 = "0s85nzlsyj97j54zsgv569hkzv617z0vqsifsxkkyiimgbvnx7g8";
sha256 = "1zmnwyvvrj6nb2r1wh63yb6dzqaxw8m4njzqycjdq9911c5gwg6z";
};
propagatedBuildInputs = [

4
pkgs/development/python-modules/pykka/default.nix
View File

@ -5,12 +5,12 @@
buildPythonPackage rec {
pname = "pykka";
version = "1.2.0";
version = "2.0.1";
src = fetchgit {
url = "https://github.com/jodal/pykka.git";
rev = "refs/tags/v${version}";
sha256 = "0qlfw1054ap0cha1m6dbnq51kjxqxaf338g7jwnwy33b3gr8x0hg";
sha256 = "011rvv3vzj9rpwaq6vfpz9hfwm6gx1jmad4iri6z12g8nnlpydhs";
};
# There are no tests

4
pkgs/development/python-modules/pylint-django/default.nix
View File

@ -10,14 +10,14 @@
buildPythonPackage rec {
pname = "pylint-django";
version = "2.0.12";
version = "2.0.13";
disabled = !isPy3k;
src = fetchFromGitHub {
owner = "PyCQA";
repo = pname;
rev = "v${version}";
sha256 = "0ha06wpqqn5fp5dapgjhsdx3ahh3y62l7k2f3czlrdjmmivgdp9y";
sha256 = "16xfn8zs5khdfh5pdsv3wjjhywzc1qhx7mxi5kpbcvmd6an9qi7s";
};
propagatedBuildInputs = [

28
pkgs/development/python-modules/pynamecheap/default.nix Normal file
View File

@ -0,0 +1,28 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, requests
}:
buildPythonPackage rec {
pname = "PyNamecheap";
version = "0.0.3";
propagatedBuildInputs = [ requests ];
# Tests require access to api.sandbox.namecheap.com
doCheck = false;
src = fetchFromGitHub {
owner = "Bemmu";
repo = pname;
rev = "v${version}";
sha256 = "1g1cd2yc6rpdsc5ax7s93y5nfkf91gcvbgcaqyl9ida6srd9hr97";
};
meta = with lib; {
description = "Namecheap API client in Python.";
homepage = https://github.com/Bemmu/PyNamecheap;
license = licenses.mit;
};
}

7
pkgs/development/python-modules/pysaml2/default.nix
View File

@ -1,5 +1,6 @@
{ stdenv
, buildPythonPackage
, isPy3k
, fetchFromGitHub
, substituteAll
, xmlsec
@ -9,14 +10,16 @@
buildPythonPackage rec {
pname = "pysaml2";
version = "4.9.0";
version = "5.0.0";
disabled = !isPy3k;
# No tests in PyPI tarball
src = fetchFromGitHub {
owner = "IdentityPython";
repo = pname;
rev = "v${version}";
sha256 = "1ww1l34zn25vxifs8nr0bg7gkhbpy5g45mj0jj4d8hzimahb1brx";
sha256 = "0hwhxz45h8l1b0615hf855z7valfcmm0nb7k31bcj84v68zp5rjs";
};
patches = [

4
pkgs/development/python-modules/python-dotenv/default.nix
View File

@ -8,11 +8,11 @@
buildPythonPackage rec {
pname = "python-dotenv";
version = "0.10.4";
version = "0.10.5";
src = fetchPypi {
inherit pname version;
sha256 = "16s2x5ghrhz9ljm6h3y0pbwh97558vbs7l0yiicag4s0xyn0nzq0";
sha256 = "1p6xk0f1yj1s4n8wjs9m8xqilc5bcwvfzsy9nv5lrmkhr78bym7j";
};
propagatedBuildInputs = [ click ] ++ lib.optionals isPy27 [ typing ];

Some files were not shown because too many files have changed in this diff Show More