pyrox.dev
+3
-1
.github/labeler.yml
+3
-1
.github/labeler.yml
···
···
+1
-1
doc/languages-frameworks/python.section.md
+1
-1
doc/languages-frameworks/python.section.md
+1
-1
nixos/doc/manual/release-notes/rl-2305.section.md
+1
-1
nixos/doc/manual/release-notes/rl-2305.section.md
···-- The default module options for [services.snapserver.openFirewall](#opt-services.snapserver.openFirewall), [services.tmate-ssh-server.openFirewall](#opt-services.tmate-ssh-server.openFirewall) and [services.unifi-video.openFirewall](#opt-services.unifi-video.openFirewall) have been changed from `true` to `false`. You will need to explicitly set this option to `true`, or configure your firewall.- The option `i18n.inputMethod.fcitx5.enableRimeData` has been removed. Default RIME data is now included in `fcitx5-rime` by default, and can be customized using
···+- The default module options for [services.snapserver.openFirewall](#opt-services.snapserver.openFirewall), [services.tmate-ssh-server.openFirewall](#opt-services.tmate-ssh-server.openFirewall) and `services.unifi-video.openFirewall` have been changed from `true` to `false`. You will need to explicitly set this option to `true`, or configure your firewall.- The option `i18n.inputMethod.fcitx5.enableRimeData` has been removed. Default RIME data is now included in `fcitx5-rime` by default, and can be customized using
+8
-3
nixos/doc/manual/release-notes/rl-2411.section.md
+8
-3
nixos/doc/manual/release-notes/rl-2411.section.md
···- The [Xen Project Hypervisor](https://xenproject.org) is once again available as a virtualisation option under [`virtualisation.xen`](#opt-virtualisation.xen.enable).-- This release includes Xen [4.17.5](https://wiki.xenproject.org/wiki/Xen_Project_4.17_Release_Notes), [4.18.3](https://wiki.xenproject.org/wiki/Xen_Project_4.18_Release_Notes) and [4.19.0](https://wiki.xenproject.org/wiki/Xen_Project_4.19_Release_Notes), as well as support for booting the hypervisor on EFI systems.Booting into the Xen Project Hypervisor through a legacy BIOS bootloader or with the legacy script-based Stage 1 initrd have been **deprecated**. Only EFI booting and the new systemd-based Stage 1 initrd are supported.-- There are two flavours of Xen available by default: `xen`, which includes all built-in components, and `xen-slim`, which replaces the built-in components with their Nixpkgs equivalents.-- The `qemu-xen-traditional` component has been deprecated by the upstream Xen Project, and is no longer available in any of the Xen Project Hypervisor packages.- The OCaml-based Xen Store can now be configured using [`virtualisation.xen.store.settings`](#opt-virtualisation.xen.store.settings).- The `virtualisation.xen.bridge` options have been deprecated in this release cycle. Users who need network bridges are encouraged to set up their own networking configurations.···- `transmission` package has been aliased with a `trace` warning to `transmission_3`. Since [Transmission 4 has been released last year](https://github.com/transmission/transmission/releases/tag/4.0.0), and Transmission 3 will eventually go away, it was decided perform this warning alias to make people aware of the new version. The `services.transmission.package` defaults to `transmission_3` as well because the upgrade can cause data loss in certain specific usage patterns (examples: [#5153](https://github.com/transmission/transmission/issues/5153), [#6796](https://github.com/transmission/transmission/issues/6796)). Please make sure to back up to your data directory per your usage:- `transmission-daemon` using NixOS module: `${config.services.transmission.home}/.config/transmission-daemon` (defaults to `/var/lib/transmission/.config/transmission-daemon`)- `androidenv.androidPkgs_9_0` has been removed, and replaced with `androidenv.androidPkgs` for a more complete Android SDK including support for Android 9 and later.
···- The [Xen Project Hypervisor](https://xenproject.org) is once again available as a virtualisation option under [`virtualisation.xen`](#opt-virtualisation.xen.enable).+- This release includes Xen [4.19.0](https://wiki.xenproject.org/wiki/Xen_Project_4.19_Release_Notes) and support for booting the hypervisor on EFI systems.Booting into the Xen Project Hypervisor through a legacy BIOS bootloader or with the legacy script-based Stage 1 initrd have been **deprecated**. Only EFI booting and the new systemd-based Stage 1 initrd are supported.+- The `qemu-xen-traditional` component has been deprecated by the upstream Xen Project, and is no longer included in the Xen build.- The OCaml-based Xen Store can now be configured using [`virtualisation.xen.store.settings`](#opt-virtualisation.xen.store.settings).- The `virtualisation.xen.bridge` options have been deprecated in this release cycle. Users who need network bridges are encouraged to set up their own networking configurations.···- `transmission` package has been aliased with a `trace` warning to `transmission_3`. Since [Transmission 4 has been released last year](https://github.com/transmission/transmission/releases/tag/4.0.0), and Transmission 3 will eventually go away, it was decided perform this warning alias to make people aware of the new version. The `services.transmission.package` defaults to `transmission_3` as well because the upgrade can cause data loss in certain specific usage patterns (examples: [#5153](https://github.com/transmission/transmission/issues/5153), [#6796](https://github.com/transmission/transmission/issues/6796)). Please make sure to back up to your data directory per your usage:- `transmission-daemon` using NixOS module: `${config.services.transmission.home}/.config/transmission-daemon` (defaults to `/var/lib/transmission/.config/transmission-daemon`)+For more information, see the compatibility changes for MongoDB [6.0](https://www.mongodb.com/docs/manual/release-notes/6.0-compatibility/) and [7.0](https://www.mongodb.com/docs/manual/release-notes/7.0-compatibility/).+`unifi7` was removed as it is vulnerable to CVE-2024-42025 and required a version of MongoDB that has reached end of life.- `androidenv.androidPkgs_9_0` has been removed, and replaced with `androidenv.androidPkgs` for a more complete Android SDK including support for Android 9 and later.
-1
nixos/modules/module-list.nix
-1
nixos/modules/module-list.nix
+1
nixos/modules/rename.nix
+1
nixos/modules/rename.nix
···(mkRemovedOptionModule [ "services" "tvheadend" ] "The tvheadend package and the corresponding module have been removed as nobody was willing to maintain them and they were stuck on an unmaintained version that required FFmpeg 4; please see https://github.com/NixOS/nixpkgs/pull/332259 if you are interested in maintaining a newer version.")(mkRemovedOptionModule [ "services" "venus" ] "The corresponding package was removed from nixpkgs.")(mkRemovedOptionModule [ "services" "wakeonlan"] "This module was removed in favor of enabling it with networking.interfaces.<name>.wakeOnLan")(mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.")
···(mkRemovedOptionModule [ "services" "tvheadend" ] "The tvheadend package and the corresponding module have been removed as nobody was willing to maintain them and they were stuck on an unmaintained version that required FFmpeg 4; please see https://github.com/NixOS/nixpkgs/pull/332259 if you are interested in maintaining a newer version.")+(mkRemovedOptionModule [ "services" "unifi-video" ] "The unifi-video package and the corresponding module have been removed as the software has been unsupported since 2021 and requires a MongoDB version that has reached end of life.")(mkRemovedOptionModule [ "services" "venus" ] "The corresponding package was removed from nixpkgs.")(mkRemovedOptionModule [ "services" "wakeonlan"] "This module was removed in favor of enabling it with networking.interfaces.<name>.wakeOnLan")(mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.")
+33
-15
nixos/modules/services/networking/unifi.nix
+33
-15
nixos/modules/services/networking/unifi.nix
······-default = if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.5") then pkgs.jdk17_headless else if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.3") then pkgs.jdk11 else pkgs.jre8;-defaultText = lib.literalExpression ''if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.5") then pkgs.jdk17_headless else if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.3" then pkgs.jdk11 else pkgs.jre8'';···
·········+<https://www.mongodb.com/docs/manual/release-notes/7.0-upgrade-standalone/#upgrade-recommendations-and-checklists>
-252
nixos/modules/services/video/unifi-video.nix
-252
nixos/modules/services/video/unifi-video.nix
···-# for documentation of all options, see https://www.mongodb.com/docs/manual/reference/configuration-options/-"The current services.unifi-video.openFirewall = true default is deprecated and will change to false in 22.11. Set it explicitly to silence this warning.";-"C '${stateDir}/webapps' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/webapps"-"C '${stateDir}/email' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/email"-"C '${stateDir}/data/system.properties' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/etc/system.properties"-"f '${stateDir}/bin/evostreamms' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/evostreamms"-"f '${stateDir}/bin/libavcodec.so.54' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/libavcodec.so.54"-"f '${stateDir}/bin/libavformat.so.54' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/libavformat.so.54"-"f '${stateDir}/bin/libavutil.so.52' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/libavutil.so.52"-"f '${stateDir}/bin/ubnt.avtool' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/ubnt.avtool"-"f '${stateDir}/bin/ubnt.updater' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/ubnt.updater"-"C '${stateDir}/bin/mongoperf' 0700 unifi-video unifi-video - ${cfg.mongodbPackage}/bin/mongoperf"-"C '${stateDir}/conf/evostream' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/evostream"-"L+ '${stateDir}/conf/catalina.policy' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/catalina.policy"-"L+ '${stateDir}/conf/catalina.properties' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/catalina.properties"-"L+ '${stateDir}/conf/context.xml' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/context.xml"-"L+ '${stateDir}/conf/logging.properties' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/logging.properties"-"L+ '${stateDir}/conf/server.xml' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/server.xml"-"L+ '${stateDir}/conf/tomcat-users.xml' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/tomcat-users.xml"-"L+ '${stateDir}/conf/web.xml' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/web.xml"-(mkRenamedOptionModule [ "services" "unifi-video" "openPorts" ] [ "services" "unifi-video" "openFirewall" ])
···
+147
-146
nixos/modules/virtualisation/xen-dom0.nix
+147
-146
nixos/modules/virtualisation/xen-dom0.nix
············-enable = lib.options.mkEnableOption "the Xen Project Hypervisor, a virtualisation technology defined as a *type-1 hypervisor*, which allows multiple virtual machines, known as *domains*, to run concurrently on the physical machine. NixOS runs as the privileged *Domain 0*. This option requires a reboot into a Xen kernel to take effect";-debug = lib.options.mkEnableOption "Xen debug features for Domain 0. This option enables some hidden debugging tests and features, and should not be used in production";·········-defaultText = lib.options.literalExpression "\${config.virtualisation.xen.package.boot}/\${config.virtualisation.xen.package.efi}";-example = lib.options.literalExpression "\${config.virtualisation.xen.package}/boot/efi/efi/nixos/xen-\${config.virtualisation.xen.package.version}.efi";···············-defaultText = lib.options.literalExpression "\${config.virtualisation.xen.package}/bin/oxenstored";-example = lib.options.literalExpression "\${config.virtualisation.xen.package}/bin/xenstored";description = "Helper internal option that determines the type of the Xen Store Daemon based on cfg.store.path.";···description = "Randomly fail a transaction with EAGAIN. This option is used for debugging purposes only.";············-defaultText = lib.options.literalExpression "if (config.virtualisation.xen.trace == true) then \"debug\" else null";While it is possible to alter this value, some drivers may be hardcoded to follow the default paths.························-access-log-special-ops = ${lib.trivial.boolToString cfg.store.settings.xenstored.accessLog.specialOps}···
············+enable = mkEnableOption "the Xen Project Hypervisor, a virtualisation technology defined as a *type-1 hypervisor*, which allows multiple virtual machines, known as *domains*, to run concurrently on the physical machine. NixOS runs as the privileged *Domain 0*. This option requires a reboot into a Xen kernel to take effect";+debug = mkEnableOption "Xen debug features for Domain 0. This option enables some hidden debugging tests and features, and should not be used in production";·········+defaultText = literalExpression "\${config.virtualisation.xen.package.boot}/\${config.virtualisation.xen.package.efi}";+example = literalExpression "\${config.virtualisation.xen.package}/boot/efi/efi/nixos/xen-\${config.virtualisation.xen.package.version}.efi";···············description = "Helper internal option that determines the type of the Xen Store Daemon based on cfg.store.path.";···description = "Randomly fail a transaction with EAGAIN. This option is used for debugging purposes only.";···+type = addCheck (float // { description = "nonnegative floating point number, meaning >=0"; }) (·········+defaultText = literalExpression "if (config.virtualisation.xen.trace == true) then \"debug\" else null";While it is possible to alter this value, some drivers may be hardcoded to follow the default paths.···························
+2
-2
nixos/tests/mongodb.nix
+2
-2
nixos/tests/mongodb.nix
-1
nixos/tests/unifi.nix
-1
nixos/tests/unifi.nix
+4
-1
pkgs/applications/editors/vscode/generic.nix
+4
-1
pkgs/applications/editors/vscode/generic.nix
···
+4
pkgs/applications/virtualization/qemu/default.nix
+4
pkgs/applications/virtualization/qemu/default.nix
······
······+assert lib.assertMsg (xenSupport -> hostCpuTargets == [ "i386-softmmu" ]) "Xen should not use any other QEMU architecture other than i386.";
-56
pkgs/applications/virtualization/xen/4.17/default.nix
-56
pkgs/applications/virtualization/xen/4.17/default.nix
···
···
-56
pkgs/applications/virtualization/xen/4.18/default.nix
-56
pkgs/applications/virtualization/xen/4.18/default.nix
···
···
-58
pkgs/applications/virtualization/xen/4.19/default.nix
-58
pkgs/applications/virtualization/xen/4.19/default.nix
···
···
-209
pkgs/applications/virtualization/xen/README.md
-209
pkgs/applications/virtualization/xen/README.md
···-srcset="https://downloads.xenproject.org/Branding/Logos/Green+Black/xen_project_logo_dualcolor_2000x832.png">-src="https://downloads.xenproject.org/Branding/Logos/Green+Black/xen_project_logo_dualcolor_2000x832.png"-# Xen Project Hypervisor <a href="https://xenproject.org/"><img src="https://downloads.xenproject.org/Branding/Mascots/Xen-Fu-Panda-2000px.png" width="48px" align="top" alt="Xen Fu Panda"></a>-This directory includes the build recipes for the [Xen Project Hypervisor](https://xenproject.org/).-of that key is [`23E3 222C 145F 4475 FA80 60A7 83FE 14C9 57E8 2BD9`](https://keys.openpgp.org/search?q=pgp%40xen.org),-xenToEvaluate=xen; echo -e "\033[1m$(nix eval .#"$xenToEvaluate".meta.description --raw 2> /dev/null)\033[0m\n\n$(nix eval .#"$xenToEvaluate".meta.longDescription --raw 2> /dev/null)"-the `withEFI` flag with an [override](https://nixos.org/manual/nixpkgs/stable/#chap-overrides)-maintainers. Help out by [making and triaging issues](https://github.com/NixOS/nixpkgs/issues/new/choose),-[^2]: From the [Xen Documentation](https://xenbits.xenproject.org/docs/unstable/misc/efi.html):
···
-27
pkgs/applications/virtualization/xen/generic/0000-xen-ipxe-src-generic.patch
-27
pkgs/applications/virtualization/xen/generic/0000-xen-ipxe-src-generic.patch
···
···
-728
pkgs/applications/virtualization/xen/generic/default.nix
-728
pkgs/applications/virtualization/xen/generic/default.nix
···-efiVendor ? "nixos", # Allow downstreams with custom branding to quickly override the EFI Vendor string.-patches = lib.lists.optionals (lib.attrsets.hasAttrByPath [ "patches" ] pkg.qemu) pkg.qemu.patches;-patches = lib.lists.optionals (lib.attrsets.hasAttrByPath [ "patches" ] pkg.ovmf) pkg.ovmf.patches;-patches = lib.lists.optionals (lib.attrsets.hasAttrByPath [ "patches" ] pkg.ipxe) pkg.ipxe.patches;-throw "xen/generic/default.nix: normalisedPatchList attempted to normalise something that is not a Path or an Attribute Set."-# Simple counter for the number of attrsets (patches) in the patches list after normalisation.-# builtins.elemAt's index begins at 0, so we subtract 1 from the number of patches in order to-# * [Xen Security Advisory #1](https://xenbits.xenproject.org/xsa/advisory-1.html): **Title for XSA.**-tools/hotplug/Linux/systemd/{xen-init-dom0,xen-qemu-dom0-disk-backend,xenconsoled,xendomains,xenstored}.service.in \-# # Call deployPrefetchedSourcesPatches, which patches all pre-fetched sources with their specified patchlists.-patchShebangs --build tools/firmware/ovmf-dir-remote/OvmfPkg/build.sh tools/firmware/ovmf-dir-remote/BaseTools/BinWrappers/PosixLike/{AmlToC,BrotliCompress,build,GenFfs,GenFv,GenFw,GenSec,LzmaCompress,TianoCompress,Trim,VfrCompile}-#TODO: Remove any and all usage of `sed` and replace these complicated magic runes with readable code.-if withEFI then "boot/xen-${version}.efi" else throw "This Xen was compiled without an EFI binary.";-# The "and related components" addition is automatically hidden if said components aren't being built.-# that many optional components, we just use lib.strings.optionalString, because it's simpler.-+ lib.strings.optionalString withEFI "\n* `xen.efi`: The Xen Project's [EFI binary](https://xenbits.xenproject.org/docs/${branch}-testing/misc/efi.html), available on the `boot` output of this package."-+ lib.strings.optionalString withFlask "\n* `xsm-flask`: The [FLASK Xen Security Module](https://wiki.xenproject.org/wiki/Xen_Security_Modules_:_XSM-FLASK). The `xenpolicy-${version}` file is available on the `boot` output of this package."-+ lib.strings.optionalString withInternalQEMU "\n* `qemu-xen`: The Xen Project's mirror of [QEMU](https://www.qemu.org/)."-+ lib.strings.optionalString withInternalSeaBIOS "\n* `seabios-xen`: The Xen Project's mirror of [SeaBIOS](https://www.seabios.org/SeaBIOS)."-+ lib.strings.optionalString withInternalOVMF "\n* `ovmf-xen`: The Xen Project's mirror of [OVMF](https://github.com/tianocore/tianocore.github.io/wiki/OVMF)."-+ lib.strings.optionalString withInternalIPXE "\n* `ipxe-xen`: The Xen Project's pinned version of [iPXE](https://ipxe.org/)."-"\n\nThis Xen Project Hypervisor (${version}) has been patched against the following known security vulnerabilities:\n"-# This automatically removes maintainers from EOL versions of Xen, so we aren't bothered about versions we don't explictly support.-maintainers = lib.lists.optionals (lib.strings.versionAtLeast version minSupportedVersion) lib.teams.xen.members;-knownVulnerabilities = lib.lists.optional (lib.strings.versionOlder version minSupportedVersion) "The Xen Project Hypervisor version ${version} is no longer supported by the Xen Project Security Team. See https://xenbits.xenproject.org/docs/unstable/support-matrix.html";
···
+5
-5
pkgs/applications/virtualization/xen/generic/patches.nix
pkgs/build-support/xen/patches.nix
+5
-5
pkgs/applications/virtualization/xen/generic/patches.nix
pkgs/build-support/xen/patches.nix
······-"XSA-" + id + lib.strings.optionalString (cve != null) ("-" + builtins.concatStringsSep "+" cve);···
·········
-71
pkgs/applications/virtualization/xen/packages.nix
-71
pkgs/applications/virtualization/xen/packages.nix
···-# Broken with python 3.12+ when using internal QEMU due to https://github.com/NixOS/nixpkgs/issues/253751-# TODO: generalise this to automatically generate both Xen variants for each ./<version>/default.nix.
···
-202
pkgs/applications/virtualization/xen/update.sh
-202
pkgs/applications/virtualization/xen/update.sh
···-curl --silent --output /tmp/xenUpdateScript/xen.asc https://keys.openpgp.org/vks/v1/by-fingerprint/23E3222C145F4475FA8060A783FE14C957E82BD9-fingerprint="$(gpg --homedir /tmp/xenUpdateScript/.gnupg --with-colons --fingerprint "pgp@xen.org" 2>/dev/null | awk -F: '/^pub:.*/ { getline; print $10}')"-echo -e "Please ascertain through multiple external sources that the \e[1;32mXen Project PGP Key Fingerprint\e[0m is indeed \e[1;33m$fingerprint\e[0m. If that is not the case, \e[1;31mexit immediately\e[0m."-read -r -p $'Press \e[1;34menter\e[0m to continue with a pre-filled expected fingerprint, or input an arbitrary PGP fingerprint to match with the key\'s fingerprint: ' userInputFingerprint-versionList="$(git tag --list "RELEASE-*" | sed s/RELEASE-//g | sed s/4.1.6.1//g | sort --numeric-sort)"-minSupportedBranch="$(grep " minSupportedVersion = " "$xenPath"/generic/default.nix | sed s/' minSupportedVersion = "'//g | sed s/'";'//g)"-supportedBranches=($(for version in "${branchList[@]}"; do if [ "$(printf '%s\n' "$minSupportedBranch" "$version" | sort -V | head -n1)" = "$minSupportedBranch" ]; then echo "$version"; fi; done))-supportedVersions=($(for version in "${supportedBranches[@]}"; do echo "$versionList" | tr ' ' '\n' | grep "$version" | tail --lines=1; done))-echo -e "\e[1mNOTE\e[0m: As we're also pre-fetching the submodules, QEMU and OVMF may take a very long time to fetch."-echo -e "\nFound \e[1;34mlatest\e[0m release: \e[1;32mXen $version\e[0m in branch \e[1;36m$branch\e[0m."-echo -e "\nFound \e[1;33msecurity-supported\e[0m release: \e[1;32mXen $version\e[0m in branch \e[1;36m$branch\e[0m."-# Verify PGP key automatically. If the fingerprint matches what the user specified, or the default fingerprint, then we consider it trusted.-(git verify-tag RELEASE-"$version" 2>/dev/null && echo -e "\n\e[1;32mSuccessfully authenticated Xen $version.\e[0m") || (echo -e "\e[1;31merror:\e[0m Unable to verify tag \e[1;32mRELEASE-$version\e[0m.\n- It is possible that \e[1;33mthis script has broken\e[0m, the Xen Project has \e[1;33mcycled their PGP keys\e[0m, or a \e[1;31msupply chain attack is in progress\e[0m.\n\n\e[1;31mPlease update manually.\e[0m" && exit 1)-echo -e "\e[1;31merror:\e[0m Unable to verify \e[1;34mpgp@xen.org\e[0m's fingerprint.\n- It is possible that \e[1;33mthis script has broken\e[0m, the Xen Project has \e[1;33mcycled their PGP keys\e[0m, or an \e[1;31mimpersonation attack is in progress\e[0m.\n\n\e[1;31mPlease update manually.\e[0m" && exit 1-qemuVersion="$(grep "QEMU_UPSTREAM_REVISION ?=" /tmp/xenUpdateScript/xen/Config.mk | sed s/"QEMU_UPSTREAM_REVISION ?= "//g)"-seaBIOSVersion="$(grep "SEABIOS_UPSTREAM_REVISION ?= rel-" /tmp/xenUpdateScript/xen/Config.mk | sed s/"SEABIOS_UPSTREAM_REVISION ?= "//g)"-ovmfVersion="$(grep "OVMF_UPSTREAM_REVISION ?=" /tmp/xenUpdateScript/xen/Config.mk | sed s/"OVMF_UPSTREAM_REVISION ?= "//g)"-miniOSVersion="$(grep "MINIOS_UPSTREAM_REVISION ?=" /tmp/xenUpdateScript/xen/Config.mk | sed s/"MINIOS_UPSTREAM_REVISION ?= "//g)"-ipxeVersion="$(grep "IPXE_GIT_TAG :=" /tmp/xenUpdateScript/xen/tools/firmware/etherboot/Makefile | sed s/"IPXE_GIT_TAG := "//g)"-fetchXen=$(nix-prefetch-git --url https://xenbits.xenproject.org/git-http/xen.git --rev RELEASE-"$version" --quiet)-finalVersion="$(echo "$fetchXen" | tr ', ' '\n ' | grep -ie rev | sed s/' "rev": "'//g | sed s/'"'//g)"-hash="$(echo "$fetchXen" | tr ', ' '\n ' | grep -ie hash | sed s/' "hash": "'//g | sed s/'"'//g)"-fetchQEMU=$(nix-prefetch-git --url https://xenbits.xenproject.org/git-http/qemu-xen.git --rev "$qemuVersion" --quiet --fetch-submodules)-finalQEMUVersion="$(echo "$fetchQEMU" | tr ', ' '\n ' | grep -ie rev | sed s/' "rev": "'//g | sed s/'"'//g)"-qemuHash="$(echo "$fetchQEMU" | tr ', ' '\n ' | grep -ie hash | sed s/' "hash": "'//g | sed s/'"'//g)"-fetchSeaBIOS=$(nix-prefetch-git --url https://xenbits.xenproject.org/git-http/seabios.git --rev "$seaBIOSVersion" --quiet)-finalSeaBIOSVersion="$(echo "$fetchSeaBIOS" | tr ', ' '\n ' | grep -ie rev | sed s/' "rev": "'//g | sed s/'"'//g)"-seaBIOSHash="$(echo "$fetchSeaBIOS" | tr ', ' '\n ' | grep -ie hash | sed s/' "hash": "'//g | sed s/'"'//g)"-ovmfHash="$(nix-prefetch-git --url https://xenbits.xenproject.org/git-http/ovmf.git --rev "$ovmfVersion" --quiet --fetch-submodules | grep -ie hash | sed s/' "hash": "'//g | sed s/'",'//g)"-ipxeHash="$(nix-prefetch-git --url https://github.com/ipxe/ipxe.git --rev "$ipxeVersion" --quiet | grep -ie hash | sed s/' "hash": "'//g | sed s/'",'//g)"-echo -e "\nFound the following revisions:\n \e[1;32mXen\e[0m: \e[1;33m$finalVersion\e[0m (\e[1;33m$hash\e[0m)\n \e[1;36mQEMU\e[0m: \e[1;33m$finalQEMUVersion\e[0m (\e[1;33m$qemuHash\e[0m)\n \e[1;36mSeaBIOS\e[0m: \e[1;33m$finalSeaBIOSVersion\e[0m (\e[1;33m$seaBIOSHash\e[0m)\n \e[1;36mOVMF\e[0m: \e[1;33m$ovmfVersion\e[0m (\e[1;33m$ovmfHash\e[0m)\n \e[1;36miPXE\e[0m: \e[1;33m$ipxeVersion\e[0m (\e[1;33m$ipxeHash\e[0m)"-read -r -p $'\nEnter the corresponding \e[1;33mOCaml\e[0m version for \e[1;32mXen '"$version"$'\e[0m, or press \e[1;34menter\e[0m for the default value of \e[1;32m4_14\e[0m: ' ocamlVersion-echo -e "\nPlease add any required patches to version \e[1;32m$branch\e[0m in \e[1;34m$branch/\e[0m, and press \e[1;34menter\e[0m when done."-read -r -p $'Remember to follow the naming specification as defined in \e[1;34m./README.md\e[0m.'-discoveredXenPatches="$(find "$branch"/ -type f -name "[0-9][0-9][0-9][0-9]-xen-*-$branch.patch" -printf "./%f ")"-discoveredQEMUPatches="$(find "$branch"/ -type f -name "[0-9][0-9][0-9][0-9]-qemu-*-$branch.patch" -printf "./%f ")"-discoveredSeaBIOSPatches="$(find "$branch"/ -type f -name "[0-9][0-9][0-9][0-9]-seabios-*-$branch.patch" -printf "./%f ")"-discoveredOVMFPatches="$(find "$branch"/ -type f -name "[0-9][0-9][0-9][0-9]-ovmf-*-$branch.patch" -printf "./%f ")"-discoveredIPXEPatches="$(find "$branch"/ -type f -name "[0-9][0-9][0-9][0-9]-ipxe-*-$branch.patch" -printf "./%f ")"-echo -e "Found the following patches:\n \e[1;32mXen\e[0m: \e[1;33m$discoveredXenPatchesEcho\e[0m\n \e[1;36mQEMU\e[0m: \e[1;33m$discoveredQEMUPatchesEcho\e[0m\n \e[1;36mSeaBIOS\e[0m: \e[1;33m$discoveredSeaBIOSPatchesEcho\e[0m\n \e[1;36mOVMF\e[0m: \e[1;33m$discoveredOVMFPatchesEcho\e[0m\n \e[1;36miPXE\e[0m: \e[1;33m$discoveredIPXEPatchesEcho\e[0m"-read -r -a defaultPatchList -p $'\nWould you like to override the \e[1;34mupstreamPatches\e[0m list for \e[1;32mXen '"$version"$'\e[0m? If no, press \e[1;34menter\e[0m to use the default patch list: [ \e[1;34m'"${defaultPatchListInit[*]}"$' \e[0m]: '
···
+481
pkgs/build-support/xen/default.nix
+481
pkgs/build-support/xen/default.nix
···
···+# Simple counter for the number of attrsets (patches) in the patches list after normalisation.+# builtins.elemAt's index begins at 0, so we subtract 1 from the number of patches in order to+# * [Xen Security Advisory #1](https://xenbits.xenproject.org/xsa/advisory-1.html): **Title for XSA.**+(if withSeaBIOS then "--with-system-seabios=${seabios}/share/seabios" else "--disable-seabios")+tools/hotplug/Linux/systemd/{xen-init-dom0,xen-qemu-dom0-disk-backend,xenconsoled,xendomains,xenstored}.service.in \+#TODO: Remove any and all usage of `sed` and replace these complicated magic runes with readable code.+if withEFI then "boot/xen-${version}.efi" else throw "This Xen was compiled without an EFI binary.";+# that many optional components, we just use lib.strings.optionalString, because it's simpler.++ optionalString withEFI "\n* `xen.efi`: The Xen Project's [EFI binary](https://xenbits.xenproject.org/docs/${branch}-testing/misc/efi.html), available on the `boot` output of this package."++ optionalString withFlask "\n* `xsm-flask`: The [FLASK Xen Security Module](https://wiki.xenproject.org/wiki/Xen_Security_Modules_:_XSM-FLASK). The `xenpolicy-${version}` file is available on the `boot` output of this package."++ optionalString withSeaBIOS "\n* `seabios`: Support for the SeaBIOS boot firmware on HVM domains."++ optionalString withOVMF "\n* `ovmf`: Support for the OVMF UEFI boot firmware on HVM domains."+"\n\nThis Xen Project Hypervisor (${version}) has been patched against the following known security vulnerabilities:\n"+knownVulnerabilities = optional (versionOlder version minSupportedVersion) "The Xen Project Hypervisor version ${version} is no longer supported by the Xen Project Security Team. See https://xenbits.xenproject.org/docs/unstable/support-matrix.html";
+3
-3
pkgs/by-name/li/libvmi/package.nix
+3
-3
pkgs/by-name/li/libvmi/package.nix
·········
·········
+12
-3
pkgs/by-name/nw/nwg-hello/package.nix
+12
-3
pkgs/by-name/nw/nwg-hello/package.nix
·········install -D -m 644 -t "$out/etc/nwg-hello/" nwg-hello-default.json nwg-hello-default.css hyprland.conf sway-config README
·········install -D -m 644 -t "$out/etc/nwg-hello/" nwg-hello-default.json nwg-hello-default.css hyprland.conf sway-config README
+1
pkgs/by-name/qe/qemu_xen/package.nix
+1
pkgs/by-name/qe/qemu_xen/package.nix
···
···
+4
pkgs/by-name/sl/slskd/package.nix
+4
pkgs/by-name/sl/slskd/package.nix
···
+3
-3
pkgs/by-name/xe/xen-guest-agent/package.nix
+3
-3
pkgs/by-name/xe/xen-guest-agent/package.nix
·········
·········
+133
pkgs/by-name/xe/xen/README.md
+133
pkgs/by-name/xe/xen/README.md
···
···+srcset="https://downloads.xenproject.org/Branding/Logos/Green+Black/xen_project_logo_dualcolor_2000x832.png">+src="https://downloads.xenproject.org/Branding/Logos/Green+Black/xen_project_logo_dualcolor_2000x832.png"+# Xen Project Hypervisor <a href="https://xenproject.org/"><img src="https://downloads.xenproject.org/Branding/Mascots/Xen-Fu-Panda-2000px.png" width="48px" align="top" alt="Xen Fu Panda"></a>+echo -e "\033[1m$(nix eval .#xen.meta.description --raw 2> /dev/null)\033[0m\n\n$(nix eval .#xen.meta.longDescription --raw 2> /dev/null)"+patched `efiBinutils`. For more information, see the comment in `pkgs/build-support/xen/default.nix`.+maintainers. Help out by [making and triaging issues](https://github.com/NixOS/nixpkgs/issues/new/choose),+[^2]: From the [Xen Documentation](https://xenbits.xenproject.org/docs/unstable/misc/efi.html):
+11
pkgs/by-name/xe/xen/package.nix
+11
pkgs/by-name/xe/xen/package.nix
+2
-2
pkgs/by-name/ya/yamlscript/package.nix
+2
-2
pkgs/by-name/ya/yamlscript/package.nix
···url = "https://github.com/yaml/yamlscript/releases/download/${version}/yamlscript.cli-${version}-standalone.jar";
···url = "https://github.com/yaml/yamlscript/releases/download/${version}/yamlscript.cli-${version}-standalone.jar";
+8
-8
pkgs/development/coq-modules/coq-lsp/default.nix
+8
-8
pkgs/development/coq-modules/coq-lsp/default.nix
···
···
+2
-2
pkgs/development/libraries/webkitgtk/default.nix
+2
-2
pkgs/development/libraries/webkitgtk/default.nix
···name = "${finalAttrs.pname}-${finalAttrs.version}+abi=${if lib.versionAtLeast gtk3.version "4.0" then "6.0" else "4.${if lib.versions.major libsoup.version == "2" then "0" else "1"}"}";···
···name = "${finalAttrs.pname}-${finalAttrs.version}+abi=${if lib.versionAtLeast gtk3.version "4.0" then "6.0" else "4.${if lib.versions.major libsoup.version == "2" then "0" else "1"}"}";···
+2
-2
pkgs/development/python-modules/anthropic/default.nix
+2
-2
pkgs/development/python-modules/anthropic/default.nix
······
······
+10
-7
pkgs/development/python-modules/chess/default.nix
+10
-7
pkgs/development/python-modules/chess/default.nix
······description = "Chess library with move generation, move validation, and support for common formats";
······description = "Chess library with move generation, move validation, and support for common formats";
+2
-2
pkgs/development/python-modules/lcn-frontend/default.nix
+2
-2
pkgs/development/python-modules/lcn-frontend/default.nix
+6
-6
pkgs/development/tools/gnulib/default.nix
+6
-6
pkgs/development/tools/gnulib/default.nix
···
···
+3
-2
pkgs/development/tools/misc/terramate/default.nix
+3
-2
pkgs/development/tools/misc/terramate/default.nix
······description = "Adds code generation, stacks, orchestration, change detection, data sharing and more to Terraform";
······description = "Adds code generation, stacks, orchestration, change detection, data sharing and more to Terraform";
+5
pkgs/games/quakespasm/default.nix
+5
pkgs/games/quakespasm/default.nix
+2
-2
pkgs/games/quakespasm/vulkan.nix
+2
-2
pkgs/games/quakespasm/vulkan.nix
-36
pkgs/servers/nosql/mongodb/5.0.nix
-36
pkgs/servers/nosql/mongodb/5.0.nix
···-version = "5.0.3"; # at least darwin has to stay on 5.0.3 until the SDK used by nixpkgs is bumped to 10.13-patches = [ ./fix-build-with-boost-1.79-5_0.patch ]; # no darwin in name to prevent unnecessary rebuild
···
+1
-1
pkgs/servers/nosql/mongodb/6.0.nix
+1
-1
pkgs/servers/nosql/mongodb/6.0.nix
+4
pkgs/servers/nosql/mongodb/7.0.nix
+4
pkgs/servers/nosql/mongodb/7.0.nix
-23
pkgs/servers/nosql/mongodb/asio-no-experimental-string-view-4-4.patch
-23
pkgs/servers/nosql/mongodb/asio-no-experimental-string-view-4-4.patch
···
···
-90
pkgs/servers/nosql/mongodb/fix-build-with-boost-1.79-5_0-linux.patch
-90
pkgs/servers/nosql/mongodb/fix-build-with-boost-1.79-5_0-linux.patch
···-diff --git a/src/mongo/db/storage/storage_repair_observer.cpp b/src/mongo/db/storage/storage_repair_observer.cpp-diff --git a/src/mongo/db/storage/wiredtiger/wiredtiger_util.cpp b/src/mongo/db/storage/wiredtiger/wiredtiger_util.cpp-diff --git a/src/mongo/shell/shell_utils_extended.cpp b/src/mongo/shell/shell_utils_extended.cpp
···
-90
pkgs/servers/nosql/mongodb/fix-build-with-boost-1.79-5_0.patch
-90
pkgs/servers/nosql/mongodb/fix-build-with-boost-1.79-5_0.patch
···-diff --git a/src/mongo/db/storage/storage_repair_observer.cpp b/src/mongo/db/storage/storage_repair_observer.cpp-diff --git a/src/mongo/db/storage/wiredtiger/wiredtiger_util.cpp b/src/mongo/db/storage/wiredtiger/wiredtiger_util.cpp-diff --git a/src/mongo/shell/shell_utils_extended.cpp b/src/mongo/shell/shell_utils_extended.cpp
···
-44
pkgs/servers/nosql/mongodb/fix-gcc-Wno-exceptions-5.0.patch
-44
pkgs/servers/nosql/mongodb/fix-gcc-Wno-exceptions-5.0.patch
···
···
-33
pkgs/servers/nosql/mongodb/forget-build-dependencies-4-4.patch
-33
pkgs/servers/nosql/mongodb/forget-build-dependencies-4-4.patch
···
···
+1
-15
pkgs/servers/nosql/mongodb/mongodb.nix
+1
-15
pkgs/servers/nosql/mongodb/mongodb.nix
······substituteInPlace src/mongo/db/exec/plan_stats.h --replace '#include <string>' '#include <optional>-substituteInPlace src/third_party/mozjs-${mozjsVersion}/extract/js/src/jsmath.cpp --replace '${mozjsReplace}' 0······
······substituteInPlace src/mongo/db/exec/plan_stats.h --replace '#include <string>' '#include <optional>······
-65
pkgs/servers/unifi-video/default.nix
-65
pkgs/servers/unifi-video/default.nix
···-urls = [ "https://dl.ui.com/firmwares/ufv/v${version}/unifi-video.Debian9_amd64.v${version}.deb" "https://archive.org/download/unifi-video.Debian9_amd64.v${version}/unifi-video.Debian9_amd64.v${version}.deb" ];-wrapProgram $out/bin/unifi-video --set JAVA_HOME "${jre8}" --prefix PATH : ${lib.makeBinPath [ jre8 lsb-release libcap util-linux]}-description = "Unifi Video NVR (aka Airvision) is a software package for controlling Unifi cameras";
···
-7
pkgs/servers/unifi/default.nix
-7
pkgs/servers/unifi/default.nix
···
+55
-26
pkgs/tools/misc/hdfview/default.nix
+55
-26
pkgs/tools/misc/hdfview/default.nix
···-{ lib, stdenv, fetchurl, ant, jdk, hdf4, hdf5, makeDesktopItem, copyDesktopItems, strip-nondeterminism, stripJavaArchivesHook }:-url = "https://support.hdfgroup.org/ftp/HDF5/releases/HDF-JAVA/hdfview-${version}/src/hdfview-${version}.tar.gz";······
·········
+31
-8
pkgs/tools/misc/hdfview/disable-mac-signing.patch
+31
-8
pkgs/tools/misc/hdfview/disable-mac-signing.patch
······
······
+5
pkgs/tools/networking/whois/default.nix
+5
pkgs/tools/networking/whois/default.nix
+9
pkgs/top-level/aliases.nix
+9
pkgs/top-level/aliases.nix
···mongodb-4_0 = throw "mongodb-4_0 has been removed, it's end of life since April 2022"; # Added 2023-01-05mongodb-4_2 = throw "mongodb-4_2 has been removed, it's end of life since April 2023"; # Added 2023-06-06mongodb-4_4 = throw "mongodb-4_4 has been removed, it's end of life since April 2024"; # Added 2024-04-11moonlander = throw "'moonlander' has been removed due to it being broken and unmaintained"; # Added 2023-11-26mozart-binary = throw "'mozart-binary' has been renamed to/replaced by 'mozart2-binary'"; # Converted to throw 2023-09-10···uniffi-bindgen = throw "uniffi-bindgen has been removed since upstream no longer provides a standalone package for the CLI";unifi5 = throw "'unifi5' has been removed since its required MongoDB version is EOL."; # Added 2024-04-11unifi6 = throw "'unifi6' has been removed since its required MongoDB version is EOL."; # Added 2024-04-11unifiLTS = throw "'unifiLTS' has been removed since UniFi no longer has LTS and stable releases. Use `pkgs.unifi` instead."; # Added 2024-04-11unifiStable = throw "'unifiStable' has been removed since UniFi no longer has LTS and stable releases. Use `pkgs.unifi` instead."; # Converted to throw 2024-04-11···xcodebuild6 = throw "'xcodebuild6' has been renamed to/replaced by 'xcodebuild'"; # Added 2023-12-10
···mongodb-4_0 = throw "mongodb-4_0 has been removed, it's end of life since April 2022"; # Added 2023-01-05mongodb-4_2 = throw "mongodb-4_2 has been removed, it's end of life since April 2023"; # Added 2023-06-06mongodb-4_4 = throw "mongodb-4_4 has been removed, it's end of life since April 2024"; # Added 2024-04-11+mongodb-5_0 = throw "mongodb-5_0 has been removed, it's end of life since October 2024"; # Added 2024-10-01moonlander = throw "'moonlander' has been removed due to it being broken and unmaintained"; # Added 2023-11-26mozart-binary = throw "'mozart-binary' has been renamed to/replaced by 'mozart2-binary'"; # Converted to throw 2023-09-10···uniffi-bindgen = throw "uniffi-bindgen has been removed since upstream no longer provides a standalone package for the CLI";+unifi-video = throw "unifi-video has been removed as it has been unsupported upstream since 2021"; # Added 2024-10-01unifi5 = throw "'unifi5' has been removed since its required MongoDB version is EOL."; # Added 2024-04-11unifi6 = throw "'unifi6' has been removed since its required MongoDB version is EOL."; # Added 2024-04-11+unifi7 = throw "'unifi7' has been removed since it is vulnerable to CVE-2024-42025 and its required MongoDB version is EOL."; # Added 2024-10-01unifiLTS = throw "'unifiLTS' has been removed since UniFi no longer has LTS and stable releases. Use `pkgs.unifi` instead."; # Added 2024-04-11unifiStable = throw "'unifiStable' has been removed since UniFi no longer has LTS and stable releases. Use `pkgs.unifi` instead."; # Converted to throw 2024-04-11···xcodebuild6 = throw "'xcodebuild6' has been renamed to/replaced by 'xcodebuild'"; # Added 2023-12-10+xen-slim = throw "'xen-slim' has been renamed to 'xen'. The old Xen package with built-in components no longer exists"; # Added 2024-10-05+xen_4_16 = throw "While Xen 4.16 was still security-supported when it was removed from Nixpkgs, it would have reached its End of Life a couple of days after NixOS 24.11 released. To avoid shipping an insecure version of Xen, the Xen Project Hypervisor Maintenance Team decided to delete the derivation entirely"; # Added 2024-10-05+xen_4_17 = throw "Due to technical challenges involving building older versions of Xen with newer dependencies, the Xen Project Hypervisor Maintenance Team decided to switch to a latest-only support cycle. As Xen 4.17 would have been the 'n-2' version, it was removed"; # Added 2024-10-05+xen_4_18 = throw "Due to technical challenges involving building older versions of Xen with newer dependencies, the Xen Project Hypervisor Maintenance Team decided to switch to a latest-only support cycle. As Xen 4.18 would have been the 'n-1' version, it was removed"; # Added 2024-10-05+xenPackages = throw "The attributes in the xenPackages set have been promoted to the top-level. (xenPackages.xen_4_19 -> xen)";
+3
-22
pkgs/top-level/all-packages.nix
+3
-22
pkgs/top-level/all-packages.nix
·········glusterfsSupport = lib.meta.availableOn stdenv.hostPlatform glusterfs && lib.meta.availableOn stdenv.hostPlatform libuuid;-qemu_xen_4_19 = lowPrio (qemu.override { hostCpuTargets = [ "i386-softmmu" ]; xenSupport = true; xen = xenPackages.xen_4_19-slim; });-qemu_xen_4_18 = lowPrio (qemu.override { hostCpuTargets = [ "i386-softmmu" ]; xenSupport = true; xen = xenPackages.xen_4_18-slim; });-qemu_xen_4_17 = lowPrio (qemu.override { hostCpuTargets = [ "i386-softmmu" ]; xenSupport = true; xen = xenPackages.xen_4_17-slim; });···-xenPackages = recurseIntoAttrs (callPackage ../applications/virtualization/xen/packages.nix {});
·········glusterfsSupport = lib.meta.availableOn stdenv.hostPlatform glusterfs && lib.meta.availableOn stdenv.hostPlatform libuuid;···
+1
-1
pkgs/top-level/python-packages.nix
+1
-1
pkgs/top-level/python-packages.nix