This is an updated version of the former upstream,
https://github.com/AndroidHardeningArchive/linux-hardened, and provides
a minimal set of additional hardening patches on top of upstream.
The patch already incorporates many of our hardened profile defaults,
and releases are timely (Linux 5.5.15 and 5.6.2 were released on
2020-04-02; linux-hardened patches for them came out on 2020-04-03 and
2020-04-04 respectively).
The v7 series is very different.
This commit introduces the 3 packages: fahclient, fahcontrol and
fahviewer. It also rebuilds the NixOS module to map better with the new
client.
* source-han-sans: 1.004R -> 2.001
* source-han-serif: switch to Super OTC
* source-han-mono: init at 1.002
The Source Han fonts now use shared package infrastructure, and the
Super OTC distributions, which unify the various scripts into a single
bundle file, improving automatic font selection and reducing overall
disk space usage. This also means that the Traditional
Chinese—Hong Kong language variant is now included.
The old package names including language are aliased to the Super OTC
bundle packages.
According to https://endoflife.software/programming-languages/server-side-scripting/ruby
ruby 2.4 will go end-of-life in march, where the new release of nixpkgs
will be cut. We won't be able to support it for security updates.
Remove all references to ruby_2_4 and add ruby_2_7 instead where
missing.
Mark packages that depend on ruby 2.4 as broken:
* chefdk
* sonic-pi
Package is marked as broken for >2 years and used a fairly old
snapshot from the gcc7-branch, so I fairly doubt that this is
somewhere used (and is also pretty misleading as you don't expect a
random snapshot from gcc7 at `pkgs.gcc-snapshot`).
There are no new releases of sqldeveloper v17/v18 and I don't think that
we should keep obviously unmaintained software that interacts with
database systems.
I removed `sqldeveloper_18` and `pkgs.sqldeveloper` now points to
version 19.4. Unfortunately I had to drop darwin support as JavaFX is
required for 19.4 which is part of the `oraclejdk` which isn't packaged
for darwin yet.
For further information please refer to the release notes:
https://www.oracle.com/technetwork/developer-tools/sql-developer/downloads/sqldev-relnotes-194-5908846.html
See u-boot@8fa7f65dd02c176ee6021eaf40114560b8954ba2
> configs: Remove am335x_boneblack_defconfig
>
> The am335x_evm_defconfig supports all am335x_boneblack variants. Remove
> the redundant am335x_boneblack_defconfig.
On numerous occasions I have seen users mistake this
module as libinput because it being called "multitouch"
and them being unaware that the actually module they want
is libinput. They then run into several decrepit bugs due
to the completely out-of-date nature of the underlying package.
The underlying package hasn't been changed to an up-to-date
fork in a period of 8 years. I don't consider this to be production quality.
However, I'm not opposed for the module being readded to NixOS
with new packaging, and a better name.
These are all based on firefox versions with known vulnerabilities
exploited in the wild.
We seriously shouldn't ship this in nixpkgs, especially not for
sensitive applications as the Tor Browser.
`tor-browser-bundle` is just a wrapper around
`firefoxPackages.tor-browser`, so let's remove it too.
`tor-browser-bundle-bin` is the much safer bet, which is individually
downloaded from `dist.torproject.org` and just `patchelf`-ed locally to
work on NixOS.
Co-Authored-By: Alyssa Ross <hi@alyssa.is>
Co-Authored-By: Andreas Rammhold <andreas@rammhold.de>
Co-Authored-By: Graham Christensen <graham@grahamc.com>
make unstable use kicad-libraries
still using a link in $out..., not sure that's a bad thing
this allows setting that path in makeWrapperArgs
can't use $out there
kicad-with-packages3d -> kicad and kicad-small
default to OCCT, OCE is outdated
enforce OCCT on aarch64, where OCE is broken
withOCE flag allows using OCE on non-aarch64
People have only been using this for the spell-entry widget, i.e even
hexchat just has the code vendored and are maintaining it themselves.
There is a continuation that could be packaged if anyone needs it
* https://github.com/TingPing/libsexy3
but currently no package within nixpkgs has a use for this.
This package actually uses the old abandoned code base.
However the code base has been revieved by new maintainers
* https://github.com/projecthamster/
if there is a request for it could be re-added to nixpkgs.
Samba 3 has been discontinued since Q1/2015. So I think it's time
to just wipe it from the pkgs. FuseSMB is pretty much abandoned,
upstream does not exist and it's also not as useful as it used to
be anyways.
osquery was marked as broken since April.
If somebody steps up to fix it, we can always revive it from the
histroy, but there's not much value in shipping completely broken things
in current master.
cc @ma27
Required to build with Phonon 4.11 (https://github.com/NixOS/nixpkgs/pull/71745).
Requires qttools for Qt5LinguistTools.
Qt4 support removed since Phonon no longer supports it either.
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
Required to build with Phonon 4.11 (https://github.com/NixOS/nixpkgs/pull/71745). Not having this blocks the channels.
Requires qttools for Qt5LinguistTools.
Qt4 support removed since Phonon no longer supports it either.
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
All code that was at xfce4-14 has been moved to xfce/*.
Old expressions that aren't rewritten might be abandoned or broken.
Additonally I've ported the xfce4-14 thunar expression to support
thunarPlugins. We can now support this interface in the Xfce module
again, although I'm not sure if we have any plugins packaged that support
latest thunar.
The SLIM project is abandoned and their last release was in 2013.
Because of this it poses a security risk to systems, no one is working
on it or picked up maintenance. It also lacks compatibility with systemd
and logind sessions. For users, there liikely isn't anything like slim
that's as lightweight in terms of dependencies.
There are no longer separate programs called SDLMAME or SDLMESS. Instead, the SDL capability is included in MAME and MESS, and the makefile will auto-detect if you are on a non-Windows system and run accordingly.
Testdisk/Photorec has been packaged twice. This deduplicates
the packages by consolidating the packages into one and throwing
an error upon use of the outdated package.
this also adds qphotorec, which was previously not built and ensures
it's wrapped correctly.
Please note that I took the liberty to merge the maintainers lists.
No dependencies within nixpkgs, and the package has not built
successfully since 2018-04-29 according to Hydra[1].
[1] https://hydra.nixos.org/build/100604053
(Progresses Qt4 cleaup #33248, gstreamer cleanup #39975)
This is legacy version of a newer and legacy unmaintained version.
It is Qt4 and gstreamer 0.10.
This is a GNOME-related project, so Qt support dropped.
qt-gstreamers legacy has no dependencies.
This plugin is fairly outdated and depends on python2 libraries that
don't receive any updates either (xmpppy for instance[1]).
[1] https://pypi.org/project/xmpppy/
pyo3-pack has been renamed to maturin version 0.7.0. Other larger
changes are:
- Mixed rust/python layout
- Added PEP 517 support
- Support settings all applicable fields from the python core
metadata specification in Cargo.toml
This is a follow up of https://github.com/NixOS/nixpkgs/pull/66422
- rename icedtea_web to adoptopenjdk-icedtea-web to reflect the new governance
- add icedtea_web and icedtea8_web to aliases.nix for backwards compatibility
- update the attribute name where icedtea_web is used
* Use -rc version instead of a git checkout. Rename derivation
accordingly;
* Change PLUGIN_PATH similar to Arch;
* Fix install phase so that random files aren't installed and plugins
use separate directory;
* Use linkSoVersions to remove duplicate libraries.
https://github.com/LuminanceHDR points to the homepage
of this package which has continued development.
Wikipedia also cites that LuminanceHDR was formerly qtpfsgui.
* compton-git: 5.1-rc2 -> 6.2
vsync is now a boolean option, see:
https://github.com/yshui/compton/pull/130
menu-opacity is deprecated and there's a warning that says:
Please use the wintype option `opacity` of `popup_menu` and
`dropdown_menu` instead.
* nixos/compton: Keep vSync option backwards compatible
The new upstream option tries to make the best choice for the user.
Therefore the behaviour should stay the same with this backwards
compatibility patch.
* compton-git: Remove DRM option
It's deprecated and shouldn't be used.
https://github.com/yshui/compton/pull/130/files#r285505456
* compton-git: Remove new_backends option
Was removed in "Let old/new backends co-exist"
b0c5db9f5aa500dc3568cc6fe68493df98794d4d
* compton: 0.1_beta2.5 -> 6.2
Drop the legacy, unmaintained version and use the fork for real.
The slic3r-prusa3d package was renamed by upstream to PrusaSlicer with
the 2.0.0 release to reduce confusion with the slic3r package.
We compile against wxGTK 3.0, as with 3.1 the application crashes (see
PlexPy was renamed to Tautulli.
This renames the module as well as the application accordingly.
Aliases are kept for backwards compatibility.
# Conflicts:
# nixos/modules/services/misc/tautulli.nix
It is confusing that font-awesome_4 is the font,
one get when installing font-awesome-ttf.
I don't really see a use case to keep the old version around.
The tarball job fails when warnings are detected (and blocks channel).
And that's good, because `nix-env -qa` also gets these warnings.
I'm afraid we still don't have a good way to deprecate attributes,
exactly because the inability to distinguish these "listing actions"
from explicit usage (direct or transitive).
* Add an alias with a deprecation warning for `nxproxy` to avoid an
immediate breaking change.
* Use the default shell used in the build environment (`stdenv.shell`)
for patching. This shell is in the environment and thus used to patch
scripts using `patchShebangs`. The shell is referenced as `stdenv.shell`
in Makefiles to patch the remaining occurrences of `/bin/bash` in the
build environment.
postgis: cleanup
Another part of https://github.com/NixOS/nixpkgs/pull/38698, though I did cleanup even more.
Moving docs to separate output should save another 30MB.
I did pin poppler to 0.61 just to be sure GDAL doesn't break again next
time poppler changes internal APIs.
* postgresql: reorganize package and it's extensions
Extracts some useful parts of https://github.com/NixOS/nixpkgs/pull/38698,
in particular, it's vision that postgresql plugins should be namespaced.
SAPIC is bundled with Tamarin and doesn't have separate releases
anymore; add an appropriate 'throw' clause to the alias so people know
where to find it.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
That means the following attributes are gone:
- liberation_ttf_v1_binary
- liberation_ttf_v2_binary
Because of this Libreoffice uses liberation source fonts
I've renamed these attributes because the binary form is gone:
- liberation_ttf_v1_from_source -> liberation_ttf_v1
- liberation_ttf_v2_from_source -> liberation_ttf_v2
They're aliases for these.
Also remove incorrect emacs25Macport alias.
Undefined symbols for architecture x86_64:
"_CFNotificationCenterAddObserver", referenced from:
_mac_term_init in macterm.o
_macfont_copy_available_families_cache in macfont.o
"_CFNotificationCenterGetDistributedCenter", referenced from:
_mac_term_init in macterm.o
"_CFNotificationCenterGetLocalCenter", referenced from:
_macfont_copy_available_families_cache in macfont.o
"_CFURLCopyResourcePropertyForKey", referenced from:
_Fmac_file_alias_p in mac.o
"_CFURLCreateBookmarkDataFromFile", referenced from:
_Fmac_file_alias_p in mac.o
"_CFURLCreateByResolvingBookmarkData", referenced from:
_Fmac_file_alias_p in mac.o
"_CFURLResourceIsReachable", referenced from:
_mac_update_title_bar in macfns.o
_mac_input_source_properties in macfns.o
"_NSDefaultRunLoopMode", referenced from:
-[NSApplication(Emacs) runTemporarilyWithBlock:] in macappkit.o
___57-[EmacsController handleQueuedNSEventsWithHoldingQuitIn:]_block_invoke in macappkit.o
_mac_run_loop_run_once in macappkit.o
___mac_run_loop_run_once_block_invoke in macappkit.o
___37-[EmacsController(Menu) trackMenuBar]_block_invoke in macappkit.o
___create_and_show_dialog_block_invoke.2445 in macappkit.o
___mac_select_block_invoke in macappkit.o
...
"_NSURLAttributeModificationDateKey", referenced from:
_mac_document_create_with_url in macappkit.o
"_OBJC_CLASS_$_NSArray", referenced from:
objc-class-ref in macappkit.o
"_OBJC_CLASS_$_NSData", referenced from:
l_OBJC_$_CATEGORY_NSData_$_Emacs in macappkit.o
objc-class-ref in macappkit.o
"_OBJC_CLASS_$_NSDate", referenced from:
objc-class-ref in macappkit.o
"_OBJC_CLASS_$_NSDictionary", referenced from:
objc-class-ref in macappkit.o
"_OBJC_CLASS_$_NSMethodSignature", referenced from:
l_OBJC_$_CATEGORY_NSMethodSignature_$_Emacs in macappkit.o
objc-class-ref in macappkit.o
"_OBJC_CLASS_$_NSMutableArray", referenced from:
l_OBJC_$_CATEGORY_NSMutableArray_$_Emacs in macappkit.o
objc-class-ref in macappkit.o
"_OBJC_CLASS_$_NSMutableData", referenced from:
objc-class-ref in macappkit.o
"_OBJC_CLASS_$_NSMutableDictionary", referenced from:
objc-class-ref in macappkit.o
"_OBJC_CLASS_$_NSMutableSet", referenced from:
objc-class-ref in macappkit.o
"_OBJC_CLASS_$_NSNull", referenced from:
objc-class-ref in macappkit.o
"_OBJC_CLASS_$_NSRunLoop", referenced from:
objc-class-ref in macappkit.o
"_OBJC_CLASS_$_NSSet", referenced from:
objc-class-ref in macappkit.o
"_OBJC_CLASS_$_NSTimer", referenced from:
objc-class-ref in macappkit.o
"_OBJC_CLASS_$_NSURL", referenced from:
objc-class-ref in macappkit.o
"_OBJC_CLASS_$_NSUserDefaults", referenced from:
objc-class-ref in macappkit.o
"_OBJC_EHTYPE_$_NSException", referenced from:
GCC_except_table81 in macappkit.o
GCC_except_table810 in macappkit.o
"_kCFURLIsAliasFileKey", referenced from:
_Fmac_file_alias_p in mac.o
"_kCFURLIsSymbolicLinkKey", referenced from:
_Fmac_file_alias_p in mac.o
ld: symbol(s) not found for architecture x86_64
These are the old tools that later became part of ACPICA.
It is obsolete and we already have newer acpica-tools.
Alias to acpica-tools for out of tree backward-compat
TrueCrypt has been retired for a while now and the source archive we
pointed to is gone. Moreover the VeraCrypt fork is available, maintained
and fixes issues previous audits found in TrueCrypt.
Nixpkgs' channel currently can't move forward so long as there is a
trace in evaluating the top-level arguments. Which means that it isn't
possible to add a warning message to warn users of future package
removal.
So the only way forward appears to be just removing the alias
altogether.
(cherry picked from commit b4133ebc17)
This requires removing also the Coq 8.3 and Matita 0.5.8 packages.
Coq 8.3 was released 8 years ago (2010) and there is no trace left
of users of this version (contrary to Coq 8.4, released 2012).
It is well over time to remove it.
Matita 0.5.8 was released in 2010 and because this version was still
used for teaching according to the official website, a legacy release
(0.5.9) was released in 5 years later to compile with more recent
OCaml libraries.
Updating to 0.5.9 (or a more recent version like 0.99.3) should allow
getting rid of the dependency on older OCaml but it is hard to test
given that the package is already broken before this update.
Before, providers were only built indirectly. Since proviers don't
depend on terraform to build they can be moved into their own collection
of packages. This also has the advantage that they can be reached
directly using an attribute path (Eg: terraform-providers.nixos).
Co-authored-by: Wael Nasreddine <wael.nasreddine@gmail.com>
morituri has been dead for a while now and uses gst-python which is
no longer supported wth Python 2. whipper is a maintained fork,
packaged, for example, in Arch.
This aims to make the `weechat` package even more configurable. It
allows to specify scripts and commands using the `configure` function
inside a `weechat.override` expression.
The package can be configured like this:
```
with import <nixpkgs> { };
weechat.override {
plugins = { availablePlugins, ... }: {
plugins = builtins.attrValues availablePlugins;
init = ''
/set foo bar
/server add freenode chat.freenode.org
'';
scripts = [ "/path/to/script.py" ];
};
}
```
All commands are passed to `weechat --run-command "/set foo bar;/server ..."`.
The `plugins' attribute is not necessarily required anymore, if it's
sufficient to add `init' commands, the `plugins' will be
`builtins.attrValues availablePlugins' by default.
Additionally the result contains `weechat` and `weechat-headless`
(introduced in WeeChat 2.1) now.
This reverts commit 0b124c1e91. We
should really stop adding things that are not packages to
all-packages.nix. For example, having nixos-rebuild.nix in
all-packages.nix causes 'nix-env -qa' to evaluate a NixOS
configuration, which obviously is not good for performance. (We should
probably also remove the 'nixos' attribute from all-packages.nix, but
at least that's a function so nix-env will ignore it.)
* mpich2 -> mpich
* remove slurm dependency
* use most recent gfortran
* turn enableParallelBulding on
* ensure mpi[cc,cxx,fort] uses default compilers it was built with
This makes the command ‘nix-env -qa -f. --arg config '{skipAliases =
true;}'’ work in Nixpkgs.
Misc...
- qtikz: use libsForQt5.callPackage
This ensures we get the right poppler.
- rewrites:
docbook5_xsl -> docbook_xsl_ns
docbook_xml_xslt -> docbook_xsl
diffpdf: fixup