commit 758138647afe47dd85c76d3b799041200fe23af0 · pyrox.dev/nixpkgs

+6

maintainers/maintainer-list.nix

···

       9258
       9258
        
           github = "jankaifer";

     

       9259
       9259
        
           githubId = 12820484;

     

       9260
       9260
        
         };

     

       9261
       9261
       +
         janlikar = {

     

       9262
       9262
       +
           name = "Jan Likar";

     

       9263
       9263
       +
           email = "jan.likar@protonmail.com";

     

       9264
       9264
       +
           github = "janlikar";

     

       9265
       9265
       +
           githubId = 4228250;

     

       9266
       9266
       +
         };

     

       9261
       9267
        
         jansol = {

     

       9262
       9268
        
           email = "jan.solanti@paivola.fi";

     

       9263
       9269
        
           github = "jansol";

+1

maintainers/team-list.nix

···

       315
       315
        
             leona

     

       316
       316
        
             osnyx

     

       317
       317
        
             ma27

     

       318
       318
       +
             laalsaas

     

       318
       319
        
           ];

     

       319
       320
        
           scope = "Team for Flying Circus employees who collectively maintain packages.";

     

       320
       321
        
           shortName = "Flying Circus employees";

+43

nixos/doc/manual/configuration/user-mgmt.chapter.md

···

       100
       100
        
       

     

       101
       101
        
       ::: {.note}

     

       102
       102
        
       This is experimental.

     

       103
       103
       +
       

     

       104
       104
       +
       Please consider using [Userborn](#sec-userborn) over systemd-sysusers as it's

     

       105
       105
       +
       more feature complete.

     

       103
       106
        
       :::

     

       104
       107
        
       

     

       105
       108
        
       Instead of using a custom perl script to create users and groups, you can use

     
···

       112
       115
        
       ```

     

       113
       116
        
       

     

       114
       117
        
       The primary benefit of this is to remove a dependency on perl.

     

       118
       118
       +
       

     

       119
       119
       +
       ## Manage users and groups with `userborn` {#sec-userborn}

     

       120
       120
       +
       

     

       121
       121
       +
       ::: {.note}

     

       122
       122
       +
       This is experimental.

     

       123
       123
       +
       :::

     

       124
       124
       +
       

     

       125
       125
       +
       Like systemd-sysusers, Userborn adoesn't depend on Perl but offers some more

     

       126
       126
       +
       advantages over systemd-sysusers:

     

       127
       127
       +
       

     

       128
       128
       +
       1. It can create "normal" users (with a GID >= 1000).

     

       129
       129
       +
       2. It can update some information about users. Most notably it can update their

     

       130
       130
       +
          passwords.

     

       131
       131
       +
       3. It will warn when users use an insecure or unsupported password hashing

     

       132
       132
       +
          scheme.

     

       133
       133
       +
       

     

       134
       134
       +
       Userborn is the recommended way to manage users if you don't want to rely on

     

       135
       135
       +
       the Perl script. It aims to eventually replace the Perl script by default.

     

       136
       136
       +
       

     

       137
       137
       +
       You can enable Userborn via:

     

       138
       138
       +
       

     

       139
       139
       +
       ```nix

     

       140
       140
       +
       services.userborn.enable = true;

     

       141
       141
       +
       ```

     

       142
       142
       +
       

     

       143
       143
       +
       You can configure Userborn to store the password files

     

       144
       144
       +
       (`/etc/{group,passwd,shadow}`) outside of `/etc` and symlink them from this

     

       145
       145
       +
       location to `/etc`:

     

       146
       146
       +
       

     

       147
       147
       +
       ```nix

     

       148
       148
       +
       services.userborn.passwordFilesLocation = "/persistent/etc";

     

       149
       149
       +
       ```

     

       150
       150
       +
       

     

       151
       151
       +
       This is useful when you store `/etc` on a `tmpfs` or if `/etc` is immutable

     

       152
       152
       +
       (e.g. when using `system.etc.overlay.mutable = false;`). In the latter case the

     

       153
       153
       +
       original files are by default stored in `/var/lib/nixos`.

     

       154
       154
       +
       

     

       155
       155
       +
       Userborn implements immutable users by re-mounting the password files

     

       156
       156
       +
       read-only. This means that unlike when using the Perl script, trying to add a

     

       157
       157
       +
       new user (e.g. via `useradd`) will fail right away.

+7

nixos/doc/manual/release-notes/rl-2411.section.md

···

       41
       41
        
       

     

       42
       42
        
       - [Quickwit](https://quickwit.io), sub-second search & analytics engine on cloud storage. Available as [services.quickwit](options.html#opt-services.quickwit).

     

       43
       43
        
       

     

       44
       44
       +
       - [Userborn](https://github.com/nikstur/userborn), a service for declarative

     

       45
       45
       +
         user management. This can be used instead of the `update-users-groups.pl`

     

       46
       46
       +
         Perl script and instead of systemd-sysusers. To achieve a system without

     

       47
       47
       +
         Perl, this is the now recommended tool over systemd-sysusers because it can

     

       48
       48
       +
         alos create normal users and change passwords. Available as

     

       49
       49
       +
         [services.userborn](#opt-services.userborn.enable)

     

       50
       50
       +
       

     

       44
       51
        
       - [Flood](https://flood.js.org/), a beautiful WebUI for various torrent clients. Available as [services.flood](options.html#opt-services.flood).

     

       45
       52
        
       

     

       46
       53
        
       - [Firefly-iii Data Importer](https://github.com/firefly-iii/data-importer), a data importer for Firefly-III. Available as [services.firefly-iii-data-importer](options.html#opt-services.firefly-iii-data-importer)

+1

nixos/modules/module-list.nix

···

       1348
       1348
        
         ./services/system/systembus-notify.nix

     

       1349
       1349
        
         ./services/system/systemd-lock-handler.nix

     

       1350
       1350
        
         ./services/system/uptimed.nix

     

       1351
       1351
       +
         ./services/system/userborn.nix

     

       1351
       1352
        
         ./services/system/zram-generator.nix

     

       1352
       1353
        
         ./services/torrent/deluge.nix

     

       1353
       1354
        
         ./services/torrent/flexget.nix

+1 -1

nixos/modules/profiles/perlless.nix

···

       12
       12
        
         # Remove perl from activation

     

       13
       13
        
         boot.initrd.systemd.enable = lib.mkDefault true;

     

       14
       14
        
         system.etc.overlay.enable = lib.mkDefault true;

     

       15
       15
       -
         systemd.sysusers.enable = lib.mkDefault true;

     

       15
       15
       +
         services.userborn.enable = lib.mkDefault true;

     

       16
       16
        
       

     

       17
       17
        
         # Random perl remnants

     

       18
       18
        
         system.disableInstallerTools = lib.mkDefault true;

+183

nixos/modules/services/system/userborn.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         utils,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         pkgs,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       8
       8
       +
       

     

       9
       9
       +
       let

     

       10
       10
       +
       

     

       11
       11
       +
         cfg = config.services.userborn;

     

       12
       12
       +
         userCfg = config.users;

     

       13
       13
       +
       

     

       14
       14
       +
         userbornConfig = {

     

       15
       15
       +
           groups = lib.mapAttrsToList (username: opts: {

     

       16
       16
       +
             inherit (opts) name gid members;

     

       17
       17
       +
           }) config.users.groups;

     

       18
       18
       +
       

     

       19
       19
       +
           users = lib.mapAttrsToList (username: opts: {

     

       20
       20
       +
             inherit (opts)

     

       21
       21
       +
               name

     

       22
       22
       +
               uid

     

       23
       23
       +
               group

     

       24
       24
       +
               description

     

       25
       25
       +
               home

     

       26
       26
       +
               password

     

       27
       27
       +
               hashedPassword

     

       28
       28
       +
               hashedPasswordFile

     

       29
       29
       +
               initialPassword

     

       30
       30
       +
               initialHashedPassword

     

       31
       31
       +
               ;

     

       32
       32
       +
             isNormal = opts.isNormalUser;

     

       33
       33
       +
             shell = utils.toShellPath opts.shell;

     

       34
       34
       +
           }) config.users.users;

     

       35
       35
       +
         };

     

       36
       36
       +
       

     

       37
       37
       +
         userbornConfigJson = pkgs.writeText "userborn.json" (builtins.toJSON userbornConfig);

     

       38
       38
       +
       

     

       39
       39
       +
         immutableEtc = config.system.etc.overlay.enable && !config.system.etc.overlay.mutable;

     

       40
       40
       +
         # The filenames created by userborn.

     

       41
       41
       +
         passwordFiles = [

     

       42
       42
       +
           "group"

     

       43
       43
       +
           "passwd"

     

       44
       44
       +
           "shadow"

     

       45
       45
       +
         ];

     

       46
       46
       +
       

     

       47
       47
       +
       in

     

       48
       48
       +
       {

     

       49
       49
       +
       

     

       50
       50
       +
         options.services.userborn = {

     

       51
       51
       +
       

     

       52
       52
       +
           enable = lib.mkEnableOption "userborn";

     

       53
       53
       +
       

     

       54
       54
       +
           package = lib.mkPackageOption pkgs "userborn" { };

     

       55
       55
       +
       

     

       56
       56
       +
           passwordFilesLocation = lib.mkOption {

     

       57
       57
       +
             type = lib.types.str;

     

       58
       58
       +
             default = if immutableEtc then "/var/lib/nixos" else "/etc";

     

       59
       59
       +
             defaultText = lib.literalExpression ''if immutableEtc then "/var/lib/nixos" else "/etc"'';

     

       60
       60
       +
             description = ''

     

       61
       61
       +
               The location of the original password files.

     

       62
       62
       +
       

     

       63
       63
       +
               If this is not `/etc`, the files are symlinked from this location to `/etc`.

     

       64
       64
       +
       

     

       65
       65
       +
               The primary motivation for this is an immutable `/etc`, where we cannot

     

       66
       66
       +
               write the files directly to `/etc`.

     

       67
       67
       +
       

     

       68
       68
       +
               However this an also serve other use cases, e.g. when `/etc` is on a `tmpfs`.

     

       69
       69
       +
             '';

     

       70
       70
       +
           };

     

       71
       71
       +
       

     

       72
       72
       +
         };

     

       73
       73
       +
       

     

       74
       74
       +
         config = lib.mkIf cfg.enable {

     

       75
       75
       +
       

     

       76
       76
       +
           assertions = [

     

       77
       77
       +
             {

     

       78
       78
       +
               assertion = !(config.systemd.sysusers.enable && cfg.enable);

     

       79
       79
       +
               message = "You cannot use systemd-sysusers and Userborn at the same time";

     

       80
       80
       +
             }

     

       81
       81
       +
             {

     

       82
       82
       +
               assertion = config.system.activationScripts.users == "";

     

       83
       83
       +
               message = "system.activationScripts.users has to be empty to use userborn";

     

       84
       84
       +
             }

     

       85
       85
       +
             {

     

       86
       86
       +
               assertion = immutableEtc -> (cfg.passwordFilesLocation != "/etc");

     

       87
       87
       +
               message = "When `system.etc.overlay.mutable = false`, `services.userborn.passwordFilesLocation` cannot be set to `/etc`";

     

       88
       88
       +
             }

     

       89
       89
       +
           ];

     

       90
       90
       +
       

     

       91
       91
       +
           system.activationScripts.users = lib.mkForce "";

     

       92
       92
       +
           system.activationScripts.hashes = lib.mkForce "";

     

       93
       93
       +
       

     

       94
       94
       +
           systemd = {

     

       95
       95
       +
       

     

       96
       96
       +
             # Create home directories, do not create /var/empty even if that's a user's

     

       97
       97
       +
             # home.

     

       98
       98
       +
             tmpfiles.settings.home-directories = lib.mapAttrs' (

     

       99
       99
       +
               username: opts:

     

       100
       100
       +
               lib.nameValuePair opts.home {

     

       101
       101
       +
                 d = {

     

       102
       102
       +
                   mode = opts.homeMode;

     

       103
       103
       +
                   user = username;

     

       104
       104
       +
                   inherit (opts) group;

     

       105
       105
       +
                 };

     

       106
       106
       +
               }

     

       107
       107
       +
             ) (lib.filterAttrs (_username: opts: opts.home != "/var/empty") userCfg.users);

     

       108
       108
       +
       

     

       109
       109
       +
             services.userborn = {

     

       110
       110
       +
               wantedBy = [ "sysinit.target" ];

     

       111
       111
       +
               requiredBy = [ "sysinit-reactivation.target" ];

     

       112
       112
       +
               after = [

     

       113
       113
       +
                 "systemd-remount-fs.service"

     

       114
       114
       +
                 "systemd-tmpfiles-setup-dev-early.service"

     

       115
       115
       +
               ];

     

       116
       116
       +
               before = [

     

       117
       117
       +
                 "systemd-tmpfiles-setup-dev.service"

     

       118
       118
       +
                 "sysinit.target"

     

       119
       119
       +
                 "shutdown.target"

     

       120
       120
       +
                 "sysinit-reactivation.target"

     

       121
       121
       +
               ];

     

       122
       122
       +
               conflicts = [ "shutdown.target" ];

     

       123
       123
       +
               restartTriggers = [

     

       124
       124
       +
                 userbornConfigJson

     

       125
       125
       +
                 cfg.passwordFilesLocation

     

       126
       126
       +
               ];

     

       127
       127
       +
               # This way we don't have to re-declare all the dependencies to other

     

       128
       128
       +
               # services again.

     

       129
       129
       +
               aliases = [ "systemd-sysusers.service" ];

     

       130
       130
       +
       

     

       131
       131
       +
               unitConfig = {

     

       132
       132
       +
                 Description = "Manage Users and Groups";

     

       133
       133
       +
                 DefaultDependencies = false;

     

       134
       134
       +
               };

     

       135
       135
       +
       

     

       136
       136
       +
               serviceConfig = {

     

       137
       137
       +
                 Type = "oneshot";

     

       138
       138
       +
                 RemainAfterExit = true;

     

       139
       139
       +
                 TimeoutSec = "90s";

     

       140
       140
       +
       

     

       141
       141
       +
                 ExecStart = "${lib.getExe cfg.package} ${userbornConfigJson} ${cfg.passwordFilesLocation}";

     

       142
       142
       +
       

     

       143
       143
       +
                 ExecStartPre = lib.mkMerge [

     

       144
       144
       +
                   (lib.mkIf (!config.system.etc.overlay.mutable) [

     

       145
       145
       +
                     "${pkgs.coreutils}/bin/mkdir -p ${cfg.passwordFilesLocation}"

     

       146
       146
       +
                   ])

     

       147
       147
       +
       

     

       148
       148
       +
                   # Make the source files writable before executing userborn.

     

       149
       149
       +
                   (lib.mkIf (!userCfg.mutableUsers) (

     

       150
       150
       +
                     lib.map (file: "-${pkgs.util-linux}/bin/umount ${cfg.passwordFilesLocation}/${file}") passwordFiles

     

       151
       151
       +
                   ))

     

       152
       152
       +
                 ];

     

       153
       153
       +
       

     

       154
       154
       +
                 # Make the source files read-only after userborn has finished.

     

       155
       155
       +
                 ExecStartPost = lib.mkIf (!userCfg.mutableUsers) (

     

       156
       156
       +
                   lib.map (

     

       157
       157
       +
                     file:

     

       158
       158
       +
                     "${pkgs.util-linux}/bin/mount --bind -o ro ${cfg.passwordFilesLocation}/${file} ${cfg.passwordFilesLocation}/${file}"

     

       159
       159
       +
                   ) passwordFiles

     

       160
       160
       +
                 );

     

       161
       161
       +
               };

     

       162
       162
       +
             };

     

       163
       163
       +
           };

     

       164
       164
       +
       

     

       165
       165
       +
           # Statically create the symlinks to passwordFilesLocation when they're not

     

       166
       166
       +
           # inside /etc because we will not be able to do it at runtime in case of an

     

       167
       167
       +
           # immutable /etc!

     

       168
       168
       +
           environment.etc = lib.mkIf (cfg.passwordFilesLocation != "/etc") (

     

       169
       169
       +
             lib.listToAttrs (

     

       170
       170
       +
               lib.map (

     

       171
       171
       +
                 file:

     

       172
       172
       +
                 lib.nameValuePair file {

     

       173
       173
       +
                   source = "${cfg.passwordFilesLocation}/${file}";

     

       174
       174
       +
                   mode = "direct-symlink";

     

       175
       175
       +
                 }

     

       176
       176
       +
               ) passwordFiles

     

       177
       177
       +
             )

     

       178
       178
       +
           );

     

       179
       179
       +
         };

     

       180
       180
       +
       

     

       181
       181
       +
         meta.maintainers = with lib.maintainers; [ nikstur ];

     

       182
       182
       +
       

     

       183
       183
       +
       }

+2 -2

nixos/modules/system/etc/etc-activation.nix

···

       19
       19
        
                 message = "`system.etc.overlay.enable` requires `boot.initrd.systemd.enable`";

     

       20
       20
        
               }

     

       21
       21
        
               {

     

       22
       22
       -
                 assertion = (!config.system.etc.overlay.mutable) -> config.systemd.sysusers.enable;

     

       23
       23
       -
                 message = "`system.etc.overlay.mutable = false` requires `systemd.sysusers.enable`";

     

       22
       22
       +
                 assertion = (!config.system.etc.overlay.mutable) -> (config.systemd.sysusers.enable || config.services.userborn.enable);

     

       23
       23
       +
                 message = "`!system.etc.overlay.mutable` requires `systemd.sysusers.enable` or `services.userborn.enable`";

     

       24
       24
        
               }

     

       25
       25
        
               {

     

       26
       26
        
                 assertion = lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.6";

+3 -8

nixos/modules/virtualisation/azure-agent.nix

···

       11
       11
        
         '';

     

       12
       12
        
       

     

       13
       13
        
       in

     

       14
       14
       -
       

     

       15
       14
        
       {

     

       16
       15
        
       

     

       17
       16
        
         ###### interface

     
···

       35
       34
        
       

     

       36
       35
        
         config = lib.mkIf cfg.enable {

     

       37
       36
        
           assertions = [{

     

       38
       38
       -
             assertion = pkgs.stdenv.hostPlatform.isx86;

     

       39
       39
       -
             message = "Azure not currently supported on ${pkgs.stdenv.hostPlatform.system}";

     

       40
       40
       -
           }

     

       41
       41
       -
             {

     

       42
       42
       -
               assertion = config.networking.networkmanager.enable == false;

     

       43
       43
       -
               message = "Windows Azure Linux Agent is not compatible with NetworkManager";

     

       44
       44
       -
             }];

     

       37
       37
       +
             assertion = config.networking.networkmanager.enable == false;

     

       38
       38
       +
             message = "Windows Azure Linux Agent is not compatible with NetworkManager";

     

       39
       39
       +
           }];

     

       45
       40
        
       

     

       46
       41
        
           boot.initrd.kernelModules = [ "ata_piix" ];

     

       47
       42
        
           networking.firewall.allowedUDPPorts = [ 68 ];

+65 -47

nixos/modules/virtualisation/azure-common.nix

···

       1
       1
       -
       { lib, pkgs, ... }:

     

       1
       1
       +
       { config, lib, pkgs, ... }:

     

       2
       2
        
       

     

       3
       3
        
       with lib;

     

       4
       4
       +
       let

     

       5
       5
       +
         cfg = config.virtualisation.azure;

     

       6
       6
       +
         mlxDrivers = [ "mlx4_en" "mlx4_core" "mlx5_core" ];

     

       7
       7
       +
       in

     

       4
       8
        
       {

     

       5
       5
       -
         imports = [ ../profiles/headless.nix ];

     

       9
       9
       +
         options.virtualisation.azure = {

     

       10
       10
       +
           acceleratedNetworking = mkOption {

     

       11
       11
       +
             default = false;

     

       12
       12
       +
             description = "Whether the machine's network interface has enabled accelerated networking.";

     

       13
       13
       +
           };

     

       14
       14
       +
         };

     

       6
       15
        
       

     

       7
       7
       -
         require = [ ./azure-agent.nix ];

     

       8
       8
       -
         virtualisation.azure.agent.enable = true;

     

       16
       16
       +
         imports = [

     

       17
       17
       +
           ../profiles/headless.nix

     

       18
       18
       +
           ./azure-agent.nix

     

       19
       19
       +
         ];

     

       9
       20
        
       

     

       10
       10
       -
         boot.kernelParams = [ "console=ttyS0" "earlyprintk=ttyS0" "rootdelay=300" "panic=1" "boot.panic_on_fail" ];

     

       11
       11
       -
         boot.initrd.kernelModules = [ "hv_vmbus" "hv_netvsc" "hv_utils" "hv_storvsc" ];

     

       21
       21
       +
         config = {

     

       22
       22
       +
           virtualisation.azure.agent.enable = true;

     

       12
       23
        
       

     

       13
       13
       -
         # Generate a GRUB menu.

     

       14
       14
       -
         boot.loader.grub.device = "/dev/sda";

     

       15
       15
       -
         boot.loader.timeout = 0;

     

       24
       24
       +
           boot.kernelParams = [ "console=ttyS0" "earlyprintk=ttyS0" "rootdelay=300" "panic=1" "boot.panic_on_fail" ];

     

       25
       25
       +
           boot.initrd.kernelModules = [ "hv_vmbus" "hv_netvsc" "hv_utils" "hv_storvsc" ];

     

       26
       26
       +
           boot.initrd.availableKernelModules = lib.optionals cfg.acceleratedNetworking mlxDrivers;

     

       16
       27
        
       

     

       17
       17
       -
         boot.growPartition = true;

     

       28
       28
       +
           # Accelerated networking

     

       29
       29
       +
           systemd.network.networks."99-azure-unmanaged-devices.network" = lib.mkIf cfg.acceleratedNetworking {

     

       30
       30
       +
             matchConfig.Driver = mlxDrivers;

     

       31
       31
       +
             linkConfig.Unmanaged = "yes";

     

       32
       32
       +
           };

     

       33
       33
       +
           networking.networkmanager.unmanaged = lib.mkIf cfg.acceleratedNetworking

     

       34
       34
       +
             (builtins.map (drv: "driver:${drv}") mlxDrivers);

     

       18
       35
        
       

     

       19
       19
       -
         # Don't put old configurations in the GRUB menu.  The user has no

     

       20
       20
       -
         # way to select them anyway.

     

       21
       21
       -
         boot.loader.grub.configurationLimit = 0;

     

       36
       36
       +
           # Generate a GRUB menu.

     

       37
       37
       +
           boot.loader.grub.device = "/dev/sda";

     

       22
       38
        
       

     

       23
       23
       -
         fileSystems."/" = {

     

       24
       24
       -
           device = "/dev/disk/by-label/nixos";

     

       25
       25
       -
           fsType = "ext4";

     

       26
       26
       -
           autoResize = true;

     

       27
       27
       -
         };

     

       39
       39
       +
           boot.growPartition = true;

     

       28
       40
        
       

     

       29
       29
       -
         # Allow root logins only using the SSH key that the user specified

     

       30
       30
       -
         # at instance creation time, ping client connections to avoid timeouts

     

       31
       31
       -
         services.openssh.enable = true;

     

       32
       32
       -
         services.openssh.settings.PermitRootLogin = "prohibit-password";

     

       33
       33
       -
         services.openssh.settings.ClientAliveInterval = 180;

     

       41
       41
       +
           fileSystems."/" = {

     

       42
       42
       +
             device = "/dev/disk/by-label/nixos";

     

       43
       43
       +
             fsType = "ext4";

     

       44
       44
       +
             autoResize = true;

     

       45
       45
       +
           };

     

       34
       46
        
       

     

       35
       35
       -
         # Force getting the hostname from Azure

     

       36
       36
       -
         networking.hostName = mkDefault "";

     

       47
       47
       +
           # Allow root logins only using the SSH key that the user specified

     

       48
       48
       +
           # at instance creation time, ping client connections to avoid timeouts

     

       49
       49
       +
           services.openssh.enable = true;

     

       50
       50
       +
           services.openssh.settings.PermitRootLogin = "prohibit-password";

     

       51
       51
       +
           services.openssh.settings.ClientAliveInterval = 180;

     

       37
       52
        
       

     

       38
       38
       -
         # Always include cryptsetup so that NixOps can use it.

     

       39
       39
       -
         # sg_scan is needed to finalize disk removal on older kernels

     

       40
       40
       -
         environment.systemPackages = [ pkgs.cryptsetup pkgs.sg3_utils ];

     

       53
       53
       +
           # Force getting the hostname from Azure

     

       54
       54
       +
           networking.hostName = mkDefault "";

     

       41
       55
        
       

     

       42
       42
       -
         networking.usePredictableInterfaceNames = false;

     

       56
       56
       +
           # Always include cryptsetup so that NixOps can use it.

     

       57
       57
       +
           # sg_scan is needed to finalize disk removal on older kernels

     

       58
       58
       +
           environment.systemPackages = [ pkgs.cryptsetup pkgs.sg3_utils ];

     

       43
       59
        
       

     

       44
       44
       -
         services.udev.extraRules = ''

     

       45
       45
       -
           ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:0", ATTR{removable}=="0", SYMLINK+="disk/by-lun/0",

     

       46
       46
       -
           ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:1", ATTR{removable}=="0", SYMLINK+="disk/by-lun/1",

     

       47
       47
       -
           ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:2", ATTR{removable}=="0", SYMLINK+="disk/by-lun/2"

     

       48
       48
       -
           ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:3", ATTR{removable}=="0", SYMLINK+="disk/by-lun/3"

     

       60
       60
       +
           networking.usePredictableInterfaceNames = false;

     

       49
       61
        
       

     

       50
       50
       -
           ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:4", ATTR{removable}=="0", SYMLINK+="disk/by-lun/4"

     

       51
       51
       -
           ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:5", ATTR{removable}=="0", SYMLINK+="disk/by-lun/5"

     

       52
       52
       -
           ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:6", ATTR{removable}=="0", SYMLINK+="disk/by-lun/6"

     

       53
       53
       -
           ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:7", ATTR{removable}=="0", SYMLINK+="disk/by-lun/7"

     

       62
       62
       +
           services.udev.extraRules = ''

     

       63
       63
       +
             ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:0", ATTR{removable}=="0", SYMLINK+="disk/by-lun/0",

     

       64
       64
       +
             ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:1", ATTR{removable}=="0", SYMLINK+="disk/by-lun/1",

     

       65
       65
       +
             ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:2", ATTR{removable}=="0", SYMLINK+="disk/by-lun/2"

     

       66
       66
       +
             ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:3", ATTR{removable}=="0", SYMLINK+="disk/by-lun/3"

     

       54
       67
        
       

     

       55
       55
       -
           ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:8", ATTR{removable}=="0", SYMLINK+="disk/by-lun/8"

     

       56
       56
       -
           ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:9", ATTR{removable}=="0", SYMLINK+="disk/by-lun/9"

     

       57
       57
       -
           ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:10", ATTR{removable}=="0", SYMLINK+="disk/by-lun/10"

     

       58
       58
       -
           ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:11", ATTR{removable}=="0", SYMLINK+="disk/by-lun/11"

     

       68
       68
       +
             ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:4", ATTR{removable}=="0", SYMLINK+="disk/by-lun/4"

     

       69
       69
       +
             ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:5", ATTR{removable}=="0", SYMLINK+="disk/by-lun/5"

     

       70
       70
       +
             ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:6", ATTR{removable}=="0", SYMLINK+="disk/by-lun/6"

     

       71
       71
       +
             ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:7", ATTR{removable}=="0", SYMLINK+="disk/by-lun/7"

     

       59
       72
        
       

     

       60
       60
       -
           ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:12", ATTR{removable}=="0", SYMLINK+="disk/by-lun/12"

     

       61
       61
       -
           ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:13", ATTR{removable}=="0", SYMLINK+="disk/by-lun/13"

     

       62
       62
       -
           ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:14", ATTR{removable}=="0", SYMLINK+="disk/by-lun/14"

     

       63
       63
       -
           ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:15", ATTR{removable}=="0", SYMLINK+="disk/by-lun/15"

     

       73
       73
       +
             ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:8", ATTR{removable}=="0", SYMLINK+="disk/by-lun/8"

     

       74
       74
       +
             ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:9", ATTR{removable}=="0", SYMLINK+="disk/by-lun/9"

     

       75
       75
       +
             ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:10", ATTR{removable}=="0", SYMLINK+="disk/by-lun/10"

     

       76
       76
       +
             ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:11", ATTR{removable}=="0", SYMLINK+="disk/by-lun/11"

     

       64
       77
        
       

     

       65
       65
       -
         '';

     

       78
       78
       +
             ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:12", ATTR{removable}=="0", SYMLINK+="disk/by-lun/12"

     

       79
       79
       +
             ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:13", ATTR{removable}=="0", SYMLINK+="disk/by-lun/13"

     

       80
       80
       +
             ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:14", ATTR{removable}=="0", SYMLINK+="disk/by-lun/14"

     

       81
       81
       +
             ENV{DEVTYPE}=="disk", KERNEL!="sda" SUBSYSTEM=="block", SUBSYSTEMS=="scsi", KERNELS=="?:0:0:15", ATTR{removable}=="0", SYMLINK+="disk/by-lun/15"

     

       66
       82
        
       

     

       83
       83
       +
           '';

     

       84
       84
       +
         };

     

       67
       85
        
       }

+27 -4

nixos/modules/virtualisation/azure-image.nix

···

       7
       7
        
       {

     

       8
       8
        
         imports = [ ./azure-common.nix ];

     

       9
       9
        
       

     

       10
       10
       -
         options = {

     

       11
       11
       -
           virtualisation.azureImage.diskSize = mkOption {

     

       10
       10
       +
         options.virtualisation.azureImage = {

     

       11
       11
       +
           diskSize = mkOption {

     

       12
       12
        
             type = with types; either (enum [ "auto" ]) int;

     

       13
       13
        
             default = "auto";

     

       14
       14
        
             example = 2048;

     
···

       16
       16
        
               Size of disk image. Unit is MB.

     

       17
       17
        
             '';

     

       18
       18
        
           };

     

       19
       19
       -
           virtualisation.azureImage.contents = mkOption {

     

       19
       19
       +
       

     

       20
       20
       +
           bootSize = mkOption {

     

       21
       21
       +
             type = types.int;

     

       22
       22
       +
             default = 256;

     

       23
       23
       +
             description = ''

     

       24
       24
       +
               ESP partition size. Unit is MB.

     

       25
       25
       +
               Only effective when vmGeneration is `v2`.

     

       26
       26
       +
             '';

     

       27
       27
       +
           };

     

       28
       28
       +
       

     

       29
       29
       +
           contents = mkOption {

     

       20
       30
        
             type = with types; listOf attrs;

     

       21
       31
        
             default = [ ];

     

       22
       32
        
             description = ''

     

       23
       33
        
               Extra contents to add to the image.

     

       24
       34
        
             '';

     

       25
       35
        
           };

     

       36
       36
       +
       

     

       37
       37
       +
           vmGeneration = mkOption {

     

       38
       38
       +
             type = with types; enum [ "v1" "v2" ];

     

       39
       39
       +
             default = "v1";

     

       40
       40
       +
             description = ''

     

       41
       41
       +
               VM Generation to use.

     

       42
       42
       +
               For v2, secure boot needs to be turned off during creation.

     

       43
       43
       +
             '';

     

       44
       44
       +
           };

     

       26
       45
        
         };

     

       46
       46
       +
       

     

       27
       47
        
         config = {

     

       28
       48
        
           system.build.azureImage = import ../../lib/make-disk-image.nix {

     

       29
       49
        
             name = "azure-image";

     
···

       33
       53
        
             '';

     

       34
       54
        
             configFile = ./azure-config-user.nix;

     

       35
       55
        
             format = "raw";

     

       56
       56
       +
       

     

       57
       57
       +
             bootSize = "${toString cfg.bootSize}M";

     

       58
       58
       +
             partitionTableType = if cfg.vmGeneration == "v2" then "efi" else "legacy";

     

       59
       59
       +
       

     

       36
       60
        
             inherit (cfg) diskSize contents;

     

       37
       61
        
             inherit config lib pkgs;

     

       38
       62
        
           };

     

       39
       39
       -
       

     

       40
       63
        
         };

     

       41
       64
        
       }

+5

nixos/tests/all-tests.nix

···

       1060
       1060
        
         uptime-kuma = handleTest ./uptime-kuma.nix {};

     

       1061
       1061
        
         urn-timer = handleTest ./urn-timer.nix {};

     

       1062
       1062
        
         usbguard = handleTest ./usbguard.nix {};

     

       1063
       1063
       +
         userborn = runTest ./userborn.nix;

     

       1064
       1064
       +
         userborn-mutable-users = runTest ./userborn-mutable-users.nix;

     

       1065
       1065
       +
         userborn-immutable-users = runTest ./userborn-immutable-users.nix;

     

       1066
       1066
       +
         userborn-mutable-etc = runTest ./userborn-mutable-etc.nix;

     

       1067
       1067
       +
         userborn-immutable-etc = runTest ./userborn-immutable-etc.nix;

     

       1063
       1068
        
         user-activation-scripts = handleTest ./user-activation-scripts.nix {};

     

       1064
       1069
        
         user-expiry = runTest ./user-expiry.nix;

     

       1065
       1070
        
         user-home-mode = handleTest ./user-home-mode.nix {};

+70

nixos/tests/userborn-immutable-etc.nix

···

       1
       1
       +
       { lib, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       let

     

       4
       4
       +
         normaloHashedPassword = "$y$j9T$IEWqhKtWg.r.8fVkSEF56.$iKNxdMC6hOAQRp6eBtYvBk4c7BGpONXeZMqc8I/LM46";

     

       5
       5
       +
       

     

       6
       6
       +
         common = {

     

       7
       7
       +
           services.userborn.enable = true;

     

       8
       8
       +
           boot.initrd.systemd.enable = true;

     

       9
       9
       +
           system.etc.overlay = {

     

       10
       10
       +
             enable = true;

     

       11
       11
       +
             mutable = false;

     

       12
       12
       +
           };

     

       13
       13
       +
         };

     

       14
       14
       +
       in

     

       15
       15
       +
       

     

       16
       16
       +
       {

     

       17
       17
       +
       

     

       18
       18
       +
         name = "userborn-immutable-etc";

     

       19
       19
       +
       

     

       20
       20
       +
         meta.maintainers = with lib.maintainers; [ nikstur ];

     

       21
       21
       +
       

     

       22
       22
       +
         nodes.machine =

     

       23
       23
       +
           { config, ... }:

     

       24
       24
       +
           {

     

       25
       25
       +
             imports = [ common ];

     

       26
       26
       +
       

     

       27
       27
       +
             users = {

     

       28
       28
       +
               users = {

     

       29
       29
       +
                 normalo = {

     

       30
       30
       +
                   isNormalUser = true;

     

       31
       31
       +
                   hashedPassword = normaloHashedPassword;

     

       32
       32
       +
                 };

     

       33
       33
       +
               };

     

       34
       34
       +
             };

     

       35
       35
       +
       

     

       36
       36
       +
             specialisation.new-generation = {

     

       37
       37
       +
               inheritParentConfig = false;

     

       38
       38
       +
               configuration = {

     

       39
       39
       +
                 nixpkgs = {

     

       40
       40
       +
                   inherit (config.nixpkgs) hostPlatform;

     

       41
       41
       +
                 };

     

       42
       42
       +
                 imports = [ common ];

     

       43
       43
       +
       

     

       44
       44
       +
                 users.users = {

     

       45
       45
       +
                   new-normalo = {

     

       46
       46
       +
                     isNormalUser = true;

     

       47
       47
       +
                   };

     

       48
       48
       +
                 };

     

       49
       49
       +
               };

     

       50
       50
       +
             };

     

       51
       51
       +
           };

     

       52
       52
       +
       

     

       53
       53
       +
         testScript = ''

     

       54
       54
       +
           machine.wait_for_unit("userborn.service")

     

       55
       55
       +
       

     

       56
       56
       +
           with subtest("normalo user is created"):

     

       57
       57
       +
             assert "${normaloHashedPassword}" in machine.succeed("getent shadow normalo"), "normalo user password is not correct"

     

       58
       58
       +
       

     

       59
       59
       +
       

     

       60
       60
       +
           machine.succeed("/run/current-system/specialisation/new-generation/bin/switch-to-configuration switch")

     

       61
       61
       +
       

     

       62
       62
       +
       

     

       63
       63
       +
           with subtest("normalo user is disabled"):

     

       64
       64
       +
             print(machine.succeed("getent shadow normalo"))

     

       65
       65
       +
             assert "!*" in machine.succeed("getent shadow normalo"), "normalo user is not disabled"

     

       66
       66
       +
       

     

       67
       67
       +
           with subtest("new-normalo user is created after switching to new generation"):

     

       68
       68
       +
             print(machine.succeed("getent passwd new-normalo"))

     

       69
       69
       +
         '';

     

       70
       70
       +
       }

+75

nixos/tests/userborn-immutable-users.nix

···

       1
       1
       +
       { lib, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       let

     

       4
       4
       +
         normaloHashedPassword = "$y$j9T$IEWqhKtWg.r.8fVkSEF56.$iKNxdMC6hOAQRp6eBtYvBk4c7BGpONXeZMqc8I/LM46";

     

       5
       5
       +
       

     

       6
       6
       +
         common = {

     

       7
       7
       +
           services.userborn.enable = true;

     

       8
       8
       +
           users.mutableUsers = false;

     

       9
       9
       +
         };

     

       10
       10
       +
       in

     

       11
       11
       +
       

     

       12
       12
       +
       {

     

       13
       13
       +
       

     

       14
       14
       +
         name = "userborn-immutable-users";

     

       15
       15
       +
       

     

       16
       16
       +
         meta.maintainers = with lib.maintainers; [ nikstur ];

     

       17
       17
       +
       

     

       18
       18
       +
         nodes.machine =

     

       19
       19
       +
           { config, ... }:

     

       20
       20
       +
           {

     

       21
       21
       +
             imports = [ common ];

     

       22
       22
       +
       

     

       23
       23
       +
             users = {

     

       24
       24
       +
               users = {

     

       25
       25
       +
                 normalo = {

     

       26
       26
       +
                   isNormalUser = true;

     

       27
       27
       +
                   hashedPassword = normaloHashedPassword;

     

       28
       28
       +
                 };

     

       29
       29
       +
               };

     

       30
       30
       +
             };

     

       31
       31
       +
       

     

       32
       32
       +
             specialisation.new-generation = {

     

       33
       33
       +
               inheritParentConfig = false;

     

       34
       34
       +
               configuration = {

     

       35
       35
       +
                 nixpkgs = {

     

       36
       36
       +
                   inherit (config.nixpkgs) hostPlatform;

     

       37
       37
       +
                 };

     

       38
       38
       +
                 imports = [ common ];

     

       39
       39
       +
       

     

       40
       40
       +
                 users.users = {

     

       41
       41
       +
                   new-normalo = {

     

       42
       42
       +
                     isNormalUser = true;

     

       43
       43
       +
                   };

     

       44
       44
       +
                 };

     

       45
       45
       +
               };

     

       46
       46
       +
             };

     

       47
       47
       +
           };

     

       48
       48
       +
       

     

       49
       49
       +
         testScript = ''

     

       50
       50
       +
           machine.wait_for_unit("userborn.service")

     

       51
       51
       +
       

     

       52
       52
       +
           with subtest("normalo user is created"):

     

       53
       53
       +
             assert "${normaloHashedPassword}" in machine.succeed("getent shadow normalo"), "normalo user password is not correct"

     

       54
       54
       +
       

     

       55
       55
       +
           with subtest("Fail to add new user manually"):

     

       56
       56
       +
             machine.fail("useradd manual-normalo")

     

       57
       57
       +
       

     

       58
       58
       +
           with subtest("Fail to add delete user manually"):

     

       59
       59
       +
             machine.fail("userdel normalo")

     

       60
       60
       +
       

     

       61
       61
       +
       

     

       62
       62
       +
           machine.succeed("/run/current-system/specialisation/new-generation/bin/switch-to-configuration switch")

     

       63
       63
       +
       

     

       64
       64
       +
       

     

       65
       65
       +
           with subtest("normalo user is disabled"):

     

       66
       66
       +
             print(machine.succeed("getent shadow normalo"))

     

       67
       67
       +
             assert "!*" in machine.succeed("getent shadow normalo"), "normalo user is not disabled"

     

       68
       68
       +
       

     

       69
       69
       +
           with subtest("new-normalo user is created after switching to new generation"):

     

       70
       70
       +
             print(machine.succeed("getent passwd new-normalo"))

     

       71
       71
       +
       

     

       72
       72
       +
           with subtest("Still fail to add new user manually"):

     

       73
       73
       +
             machine.fail("useradd again-normalo")

     

       74
       74
       +
         '';

     

       75
       75
       +
       }

+70

nixos/tests/userborn-mutable-etc.nix

···

       1
       1
       +
       { lib, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       let

     

       4
       4
       +
         normaloHashedPassword = "$y$j9T$IEWqhKtWg.r.8fVkSEF56.$iKNxdMC6hOAQRp6eBtYvBk4c7BGpONXeZMqc8I/LM46";

     

       5
       5
       +
       

     

       6
       6
       +
         common = {

     

       7
       7
       +
           services.userborn.enable = true;

     

       8
       8
       +
           boot.initrd.systemd.enable = true;

     

       9
       9
       +
           system.etc.overlay = {

     

       10
       10
       +
             enable = true;

     

       11
       11
       +
             mutable = true;

     

       12
       12
       +
           };

     

       13
       13
       +
         };

     

       14
       14
       +
       in

     

       15
       15
       +
       

     

       16
       16
       +
       {

     

       17
       17
       +
       

     

       18
       18
       +
         name = "userborn-mutable-etc";

     

       19
       19
       +
       

     

       20
       20
       +
         meta.maintainers = with lib.maintainers; [ nikstur ];

     

       21
       21
       +
       

     

       22
       22
       +
         nodes.machine =

     

       23
       23
       +
           { config, ... }:

     

       24
       24
       +
           {

     

       25
       25
       +
             imports = [ common ];

     

       26
       26
       +
       

     

       27
       27
       +
             users = {

     

       28
       28
       +
               users = {

     

       29
       29
       +
                 normalo = {

     

       30
       30
       +
                   isNormalUser = true;

     

       31
       31
       +
                   hashedPassword = normaloHashedPassword;

     

       32
       32
       +
                 };

     

       33
       33
       +
               };

     

       34
       34
       +
             };

     

       35
       35
       +
       

     

       36
       36
       +
             specialisation.new-generation = {

     

       37
       37
       +
               inheritParentConfig = false;

     

       38
       38
       +
               configuration = {

     

       39
       39
       +
                 nixpkgs = {

     

       40
       40
       +
                   inherit (config.nixpkgs) hostPlatform;

     

       41
       41
       +
                 };

     

       42
       42
       +
                 imports = [ common ];

     

       43
       43
       +
       

     

       44
       44
       +
                 users.users = {

     

       45
       45
       +
                   new-normalo = {

     

       46
       46
       +
                     isNormalUser = true;

     

       47
       47
       +
                   };

     

       48
       48
       +
                 };

     

       49
       49
       +
               };

     

       50
       50
       +
             };

     

       51
       51
       +
           };

     

       52
       52
       +
       

     

       53
       53
       +
         testScript = ''

     

       54
       54
       +
           machine.wait_for_unit("userborn.service")

     

       55
       55
       +
       

     

       56
       56
       +
           with subtest("normalo user is created"):

     

       57
       57
       +
             assert "${normaloHashedPassword}" in machine.succeed("getent shadow normalo"), "normalo user password is not correct"

     

       58
       58
       +
       

     

       59
       59
       +
       

     

       60
       60
       +
           machine.succeed("/run/current-system/specialisation/new-generation/bin/switch-to-configuration switch")

     

       61
       61
       +
       

     

       62
       62
       +
       

     

       63
       63
       +
           with subtest("normalo user is disabled"):

     

       64
       64
       +
             print(machine.succeed("getent shadow normalo"))

     

       65
       65
       +
             assert "!*" in machine.succeed("getent shadow normalo"), "normalo user is not disabled"

     

       66
       66
       +
       

     

       67
       67
       +
           with subtest("new-normalo user is created after switching to new generation"):

     

       68
       68
       +
             print(machine.succeed("getent passwd new-normalo"))

     

       69
       69
       +
         '';

     

       70
       70
       +
       }

+76

nixos/tests/userborn-mutable-users.nix

···

       1
       1
       +
       { lib, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       let

     

       4
       4
       +
         normaloHashedPassword = "$y$j9T$IEWqhKtWg.r.8fVkSEF56.$iKNxdMC6hOAQRp6eBtYvBk4c7BGpONXeZMqc8I/LM46";

     

       5
       5
       +
       

     

       6
       6
       +
         common = {

     

       7
       7
       +
           services.userborn.enable = true;

     

       8
       8
       +
           users.mutableUsers = true;

     

       9
       9
       +
         };

     

       10
       10
       +
       in

     

       11
       11
       +
       

     

       12
       12
       +
       {

     

       13
       13
       +
       

     

       14
       14
       +
         name = "userborn-mutable-users";

     

       15
       15
       +
       

     

       16
       16
       +
         meta.maintainers = with lib.maintainers; [ nikstur ];

     

       17
       17
       +
       

     

       18
       18
       +
         nodes.machine =

     

       19
       19
       +
           { config, ... }:

     

       20
       20
       +
           {

     

       21
       21
       +
             imports = [ common ];

     

       22
       22
       +
       

     

       23
       23
       +
             users = {

     

       24
       24
       +
               mutableUsers = true;

     

       25
       25
       +
               users = {

     

       26
       26
       +
                 normalo = {

     

       27
       27
       +
                   isNormalUser = true;

     

       28
       28
       +
                   hashedPassword = normaloHashedPassword;

     

       29
       29
       +
                 };

     

       30
       30
       +
               };

     

       31
       31
       +
             };

     

       32
       32
       +
       

     

       33
       33
       +
             specialisation.new-generation = {

     

       34
       34
       +
               inheritParentConfig = false;

     

       35
       35
       +
               configuration = {

     

       36
       36
       +
                 nixpkgs = {

     

       37
       37
       +
                   inherit (config.nixpkgs) hostPlatform;

     

       38
       38
       +
                 };

     

       39
       39
       +
                 imports = [ common ];

     

       40
       40
       +
       

     

       41
       41
       +
                 users.users = {

     

       42
       42
       +
                   new-normalo = {

     

       43
       43
       +
                     isNormalUser = true;

     

       44
       44
       +
                   };

     

       45
       45
       +
                 };

     

       46
       46
       +
               };

     

       47
       47
       +
             };

     

       48
       48
       +
           };

     

       49
       49
       +
       

     

       50
       50
       +
         testScript = ''

     

       51
       51
       +
           machine.wait_for_unit("userborn.service")

     

       52
       52
       +
       

     

       53
       53
       +
           with subtest("normalo user is created"):

     

       54
       54
       +
             assert 1000 == int(machine.succeed("id --user normalo")), "normalo user doesn't have UID 1000"

     

       55
       55
       +
             assert "${normaloHashedPassword}" in machine.succeed("getent shadow normalo"), "normalo user password is not correct"

     

       56
       56
       +
       

     

       57
       57
       +
           with subtest("Add new user manually"):

     

       58
       58
       +
             machine.succeed("useradd manual-normalo")

     

       59
       59
       +
             assert 1001 == int(machine.succeed("id --user manual-normalo")), "manual-normalo user doesn't have UID 1001"

     

       60
       60
       +
       

     

       61
       61
       +
           with subtest("Delete manual--normalo user manually"):

     

       62
       62
       +
             machine.succeed("userdel manual-normalo")

     

       63
       63
       +
       

     

       64
       64
       +
       

     

       65
       65
       +
           machine.succeed("/run/current-system/specialisation/new-generation/bin/switch-to-configuration switch")

     

       66
       66
       +
       

     

       67
       67
       +
       

     

       68
       68
       +
           with subtest("normalo user is disabled"):

     

       69
       69
       +
             print(machine.succeed("getent shadow normalo"))

     

       70
       70
       +
             assert "!*" in machine.succeed("getent shadow normalo"), "normalo user is not disabled"

     

       71
       71
       +
       

     

       72
       72
       +
           with subtest("new-normalo user is created after switching to new generation"):

     

       73
       73
       +
             print(machine.succeed("getent passwd new-normalo"))

     

       74
       74
       +
             assert 1001 == int(machine.succeed("id --user new-normalo")), "new-normalo user doesn't have UID 1001"

     

       75
       75
       +
         '';

     

       76
       76
       +
       }

+127

nixos/tests/userborn.nix

···

       1
       1
       +
       { lib, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       let

     

       4
       4
       +
         # All passwords are "test"

     

       5
       5
       +
         rootHashedPasswordFile = "$y$j9T$6ueoTO5y7vvFsGvpQJEEa.$vubxgBiMnkTCtRtPD3hNiZHa7Nm1WsJeE9QomYqSRXB";

     

       6
       6
       +
         updatedRootHashedPassword = "$y$j9T$pBCO9N1FRF1rSl6V15n9n/$1JmRLEYPO7TRCx43cvLO19u59WA/oqTEhmSR4wrhzr.";

     

       7
       7
       +
       

     

       8
       8
       +
         normaloPassword = "test";

     

       9
       9
       +
         updatedNormaloHashedPassword = "$y$j9T$IEWqhKtWg.r.8fVkSEF56.$iKNxdMC6hOAQRp6eBtYvBk4c7BGpONXeZMqc8I/LM46";

     

       10
       10
       +
       

     

       11
       11
       +
         sysuserInitialHashedPassword = "$y$j9T$Kb6jGrk41hudTZpNjazf11$iw7fZXrewC6JxRaGPz7/gPXDZ.Z1VWsupvy81Hi1XiD";

     

       12
       12
       +
         updatedSysuserInitialHashedPassword = "$y$j9T$kUBVhgOdSjymSfwfRVja70$eqCwWzVsz0fI0Uc6JsdD2CYMCpfJcErqnIqva2JCi1D";

     

       13
       13
       +
       

     

       14
       14
       +
         newNormaloHashedPassword = "$y$j9T$UFBMWbGjjVola0YE9YCcV/$jRSi5S6lzkcifbuqjMcyXLTwgOGm9BTQk/G/jYaxroC";

     

       15
       15
       +
       in

     

       16
       16
       +
       

     

       17
       17
       +
       {

     

       18
       18
       +
       

     

       19
       19
       +
         name = "userborn";

     

       20
       20
       +
       

     

       21
       21
       +
         meta.maintainers = with lib.maintainers; [ nikstur ];

     

       22
       22
       +
       

     

       23
       23
       +
         nodes.machine = {

     

       24
       24
       +
           services.userborn.enable = true;

     

       25
       25
       +
       

     

       26
       26
       +
           # Read this password file at runtime from outside the Nix store.

     

       27
       27
       +
           environment.etc."rootpw.secret".text = rootHashedPasswordFile;

     

       28
       28
       +
       

     

       29
       29
       +
           users = {

     

       30
       30
       +
             users = {

     

       31
       31
       +
               root = {

     

       32
       32
       +
                 # Override the empty root password set by the test instrumentation.

     

       33
       33
       +
                 hashedPasswordFile = lib.mkForce "/etc/rootpw.secret";

     

       34
       34
       +
               };

     

       35
       35
       +
               normalo = {

     

       36
       36
       +
                 isNormalUser = true;

     

       37
       37
       +
                 password = normaloPassword;

     

       38
       38
       +
               };

     

       39
       39
       +
               sysuser = {

     

       40
       40
       +
                 isSystemUser = true;

     

       41
       41
       +
                 group = "sysusers";

     

       42
       42
       +
                 initialHashedPassword = sysuserInitialHashedPassword;

     

       43
       43
       +
               };

     

       44
       44
       +
             };

     

       45
       45
       +
             groups = {

     

       46
       46
       +
               sysusers = { };

     

       47
       47
       +
             };

     

       48
       48
       +
           };

     

       49
       49
       +
       

     

       50
       50
       +
           specialisation.new-generation.configuration = {

     

       51
       51
       +
             users = {

     

       52
       52
       +
               users = {

     

       53
       53
       +
                 root = {

     

       54
       54
       +
                   # Forcing this to null simulates removing the config value in a new

     

       55
       55
       +
                   # generation.

     

       56
       56
       +
                   hashedPasswordFile = lib.mkOverride 9 null;

     

       57
       57
       +
                   hashedPassword = updatedRootHashedPassword;

     

       58
       58
       +
                 };

     

       59
       59
       +
                 normalo = {

     

       60
       60
       +
                   hashedPassword = updatedNormaloHashedPassword;

     

       61
       61
       +
                 };

     

       62
       62
       +
                 sysuser = {

     

       63
       63
       +
                   initialHashedPassword = lib.mkForce updatedSysuserInitialHashedPassword;

     

       64
       64
       +
                 };

     

       65
       65
       +
                 new-normalo = {

     

       66
       66
       +
                   isNormalUser = true;

     

       67
       67
       +
                   hashedPassword = newNormaloHashedPassword;

     

       68
       68
       +
                 };

     

       69
       69
       +
               };

     

       70
       70
       +
               groups = {

     

       71
       71
       +
                 new-group = { };

     

       72
       72
       +
               };

     

       73
       73
       +
             };

     

       74
       74
       +
           };

     

       75
       75
       +
         };

     

       76
       76
       +
       

     

       77
       77
       +
         testScript = ''

     

       78
       78
       +
           machine.wait_for_unit("userborn.service")

     

       79
       79
       +
       

     

       80
       80
       +
           with subtest("Correct mode on the password files"):

     

       81
       81
       +
             assert machine.succeed("stat -c '%a' /etc/passwd") == "644\n"

     

       82
       82
       +
             assert machine.succeed("stat -c '%a' /etc/group") == "644\n"

     

       83
       83
       +
             assert machine.succeed("stat -c '%a' /etc/shadow") == "0\n"

     

       84
       84
       +
       

     

       85
       85
       +
           with subtest("root user has correct password"):

     

       86
       86
       +
             print(machine.succeed("getent passwd root"))

     

       87
       87
       +
             assert "${rootHashedPasswordFile}" in machine.succeed("getent shadow root"), "root user password is not correct"

     

       88
       88
       +
       

     

       89
       89
       +
           with subtest("normalo user is created"):

     

       90
       90
       +
             print(machine.succeed("getent passwd normalo"))

     

       91
       91
       +
             assert 1000 <= int(machine.succeed("id --user normalo")), "normalo user doesn't have a normal UID"

     

       92
       92
       +
             assert machine.succeed("stat -c '%U' /home/normalo") == "normalo\n"

     

       93
       93
       +
       

     

       94
       94
       +
           with subtest("system user is created with correct password"):

     

       95
       95
       +
             print(machine.succeed("getent passwd sysuser"))

     

       96
       96
       +
             assert 1000 > int(machine.succeed("id --user sysuser")), "sysuser user doesn't have a system UID"

     

       97
       97
       +
             assert "${sysuserInitialHashedPassword}" in machine.succeed("getent shadow sysuser"), "system user password is not correct"

     

       98
       98
       +
       

     

       99
       99
       +
           with subtest("sysusers group is created"):

     

       100
       100
       +
             print(machine.succeed("getent group sysusers"))

     

       101
       101
       +
       

     

       102
       102
       +
       

     

       103
       103
       +
           machine.succeed("/run/current-system/specialisation/new-generation/bin/switch-to-configuration switch")

     

       104
       104
       +
       

     

       105
       105
       +
       

     

       106
       106
       +
           with subtest("root user password is updated"):

     

       107
       107
       +
             print(machine.succeed("getent passwd root"))

     

       108
       108
       +
             assert "${updatedRootHashedPassword}" in machine.succeed("getent shadow root"), "root user password is not updated"

     

       109
       109
       +
       

     

       110
       110
       +
           with subtest("normalo user password is updated"):

     

       111
       111
       +
             print(machine.succeed("getent passwd normalo"))

     

       112
       112
       +
             assert "${updatedNormaloHashedPassword}" in machine.succeed("getent shadow normalo"), "normalo user password is not updated"

     

       113
       113
       +
       

     

       114
       114
       +
           with subtest("system user password is NOT updated"):

     

       115
       115
       +
             print(machine.succeed("getent passwd sysuser"))

     

       116
       116
       +
             assert "${sysuserInitialHashedPassword}" in machine.succeed("getent shadow sysuser"), "sysuser user password is not updated"

     

       117
       117
       +
       

     

       118
       118
       +
           with subtest("new-normalo user is created after switching to new generation"):

     

       119
       119
       +
             print(machine.succeed("getent passwd new-normalo"))

     

       120
       120
       +
             assert 1000 <= int(machine.succeed("id --user new-normalo")), "new-normalo user doesn't have a normal UID"

     

       121
       121
       +
             assert machine.succeed("stat -c '%U' /home/new-normalo") == "new-normalo\n"

     

       122
       122
       +
             assert "${newNormaloHashedPassword}" in machine.succeed("getent shadow new-normalo"), "new-normalo user password is not correct"

     

       123
       123
       +
       

     

       124
       124
       +
           with subtest("new-group group is created after switching to new generation"):

     

       125
       125
       +
             print(machine.succeed("getent group new-group"))

     

       126
       126
       +
         '';

     

       127
       127
       +
       }

+3 -3

pkgs/applications/blockchains/optimism/default.nix

···

       6
       6
        
       

     

       7
       7
        
       buildGoModule rec {

     

       8
       8
        
         pname = "optimism";

     

       9
       9
       -
         version = "1.9.0";

     

       9
       9
       +
         version = "1.9.1";

     

       10
       10
        
       

     

       11
       11
        
         src = fetchFromGitHub {

     

       12
       12
        
           owner = "ethereum-optimism";

     

       13
       13
        
           repo = "optimism";

     

       14
       14
        
           rev = "op-node/v${version}";

     

       15
       15
       -
           hash = "sha256-TIxA+Dyxdwm3Q8U6xh7x7hBPNXmH+vVDK2lAaRFKSN0=";

     

       15
       15
       +
           hash = "sha256-PlwpN8P1t0NNIU+Ys50dIXmfUQFIY9e1tLABiVK0JQo=";

     

       16
       16
        
           fetchSubmodules = true;

     

       17
       17
        
         };

     

       18
       18
        
       

     

       19
       19
        
         subPackages = [ "op-node/cmd" "op-proposer/cmd" "op-batcher/cmd" ];

     

       20
       20
        
       

     

       21
       21
       -
         vendorHash = "sha256-xoflPeUeFlbMBUSas+dmBOCFOOvrBHEvYWEk7QkNW14=";

     

       21
       21
       +
         vendorHash = "sha256-n1uJ/dkEjjsTdmL7TeHU4PKnBhiRrqCNtcGxK70Q0c4=";

     

       22
       22
        
       

     

       23
       23
        
         buildInputs = [

     

       24
       24
        
           libpcap

+1 -1

pkgs/applications/misc/mupdf/default.nix

···

       166
       166
        
           EOF

     

       167
       167
        
       

     

       168
       168
        
           moveToOutput "bin" "$bin"

     

       169
       169
       -
           cp ./build/shared-release/libmupdf.so* $out/lib

     

       169
       169
       +
           cp ./build/shared-release/libmupdf${stdenv.hostPlatform.extensions.sharedLibrary}* $out/lib

     

       170
       170
        
         '' + (lib.optionalString (stdenv.isDarwin) ''

     

       171
       171
        
           for exe in $bin/bin/*; do

     

       172
       172
        
             install_name_tool -change build/shared-release/libmupdf.dylib $out/lib/libmupdf.dylib "$exe"

+3 -3

pkgs/applications/networking/cluster/kubefirst/default.nix

···

       5
       5
        
       

     

       6
       6
        
       buildGoModule rec {

     

       7
       7
        
         pname = "kubefirst";

     

       8
       8
       -
         version = "2.4.17";

     

       8
       8
       +
         version = "2.5.0";

     

       9
       9
        
       

     

       10
       10
        
         src = fetchFromGitHub {

     

       11
       11
        
           owner = "kubefirst";

     

       12
       12
        
           repo = "kubefirst";

     

       13
       13
        
           rev = "refs/tags/v${version}";

     

       14
       14
       -
           hash = "sha256-wYPrQkoz1rivfnhku3Njj8e/rJc2GuT1HOPyNSada+o=";

     

       14
       14
       +
           hash = "sha256-1VadsiZZii6gI8vdTNfwmbBPuHcgPh4kWZ2jf/EkFKU=";

     

       15
       15
        
         };

     

       16
       16
        
       

     

       17
       17
       -
         vendorHash = "sha256-ymqBSNzgK79IYSZ+WR+0yi01008jIPaRJ7vnnxMDycY=";

     

       17
       17
       +
         vendorHash = "sha256-tOCVDp9oClfeBsyZ6gv6HoGPjZByoxxAceV/wxQeBSA=";

     

       18
       18
        
       

     

       19
       19
        
         ldflags = [

     

       20
       20
        
           "-s"

+1

pkgs/applications/networking/feedreaders/newsboat/default.nix

···

       66
       66
        
           maintainers = with lib.maintainers; [ dotlambda nicknovitski ];

     

       67
       67
        
           license     = lib.licenses.mit;

     

       68
       68
        
           platforms   = lib.platforms.unix;

     

       69
       69
       +
           mainProgram = "newsboat";

     

       69
       70
        
         };

     

       70
       71
        
       }

+11 -4

pkgs/applications/virtualization/lima/bin.nix

···

       57
       57
        
           chmod +x $out/bin/limactl

     

       58
       58
        
           wrapProgram $out/bin/limactl \

     

       59
       59
        
             --prefix PATH : ${lib.makeBinPath [ qemu ]}

     

       60
       60
       -
           installShellCompletion --cmd limactl \

     

       61
       61
       -
             --bash <($out/bin/limactl completion bash) \

     

       62
       62
       -
             --fish <($out/bin/limactl completion fish) \

     

       63
       63
       -
             --zsh <($out/bin/limactl completion zsh)

     

       60
       60
       +
       

     

       61
       61
       +
           # the shell completion only works with a patched $out/bin/limactl and so

     

       62
       62
       +
           # needs to run after the autoPatchelfHook is executed in postFixup.

     

       63
       63
       +
           doShellCompletion() {

     

       64
       64
       +
             installShellCompletion --cmd limactl \

     

       65
       65
       +
               --bash <($out/bin/limactl completion bash) \

     

       66
       66
       +
               --fish <($out/bin/limactl completion fish) \

     

       67
       67
       +
               --zsh <($out/bin/limactl completion zsh)

     

       68
       68
       +
           }

     

       69
       69
       +
           postFixupHooks+=(doShellCompletion)

     

       70
       70
       +
       

     

       64
       71
        
           runHook postInstall

     

       65
       72
        
         '';

     

       66
       73

+4 -1

pkgs/build-support/node/build-npm-package/hooks/default.nix

···

       7
       7
        
       , prefetch-npm-deps

     

       8
       8
        
       , diffutils

     

       9
       9
        
       , installShellFiles

     

       10
       10
       +
       , nodejsInstallManuals

     

       11
       11
       +
       , nodejsInstallExecutables

     

       10
       12
        
       }:

     

       11
       13
        
       

     

       12
       14
        
       {

     
···

       39
       41
        
             propagatedBuildInputs = [

     

       40
       42
        
               installShellFiles

     

       41
       43
        
               makeWrapper

     

       44
       44
       +
               nodejsInstallManuals

     

       45
       45
       +
               nodejsInstallExecutables

     

       42
       46
        
             ];

     

       43
       47
        
             substitutions = {

     

       44
       44
       -
               hostNode = "${nodejs}/bin/node";

     

       45
       48
        
               jq = "${jq}/bin/jq";

     

       46
       49
        
             };

     

       47
       50
        
           } ./npm-install-hook.sh;

+2 -24

pkgs/build-support/node/build-npm-package/hooks/npm-install-hook.sh

···

       14
       14
        
               cp "${npmWorkspace-.}/$file" "$dest"

     

       15
       15
        
           done < <(@jq@ --raw-output '.[0].files | map(.path | select(. | startswith("node_modules/") | not)) | join("\n")' <<< "$(npm_config_cache="$HOME/.npm" npm pack --json --dry-run --loglevel=warn --no-foreground-scripts ${npmWorkspace+--workspace=$npmWorkspace} $npmPackFlags "${npmPackFlagsArray[@]}" $npmFlags "${npmFlagsArray[@]}")")

     

       16
       16
        
       

     

       17
       17
       -
           # Based on code from Python's buildPythonPackage wrap.sh script, for

     

       18
       18
       -
           # supporting both the case when makeWrapperArgs is an array and a

     

       19
       19
       -
           # IFS-separated string.

     

       20
       20
       -
           #

     

       21
       21
       -
           # TODO: remove the string branch when __structuredAttrs are used.

     

       22
       22
       -
           if [[ "${makeWrapperArgs+defined}" == "defined" && "$(declare -p makeWrapperArgs)" =~ ^'declare -a makeWrapperArgs=' ]]; then

     

       23
       23
       -
               local -a user_args=("${makeWrapperArgs[@]}")

     

       24
       24
       -
           else

     

       25
       25
       -
               local -a user_args="(${makeWrapperArgs:-})"

     

       26
       26
       -
           fi

     

       27
       27
       -
           while IFS=" " read -ra bin; do

     

       28
       28
       -
               mkdir -p "$out/bin"

     

       29
       29
       -
               makeWrapper @hostNode@ "$out/bin/${bin[0]}" --add-flags "$packageOut/${bin[1]}" "${user_args[@]}"

     

       30
       30
       -
           done < <(@jq@ --raw-output '(.bin | type) as $typ | if $typ == "string" then

     

       31
       31
       -
               .name + " " + .bin

     

       32
       32
       -
               elif $typ == "object" then .bin | to_entries | map(.key + " " + .value) | join("\n")

     

       33
       33
       -
               elif $typ == "null" then empty

     

       34
       34
       -
               else "invalid type " + $typ | halt_error end' "${npmWorkspace-.}/package.json")

     

       17
       17
       +
           nodejsInstallExecutables "${npmWorkspace-.}/package.json"

     

       35
       18
        
       

     

       36
       36
       -
           while IFS= read -r man; do

     

       37
       37
       -
               installManPage "$packageOut/$man"

     

       38
       38
       -
           done < <(@jq@ --raw-output '(.man | type) as $typ | if $typ == "string" then .man

     

       39
       39
       -
               elif $typ == "list" then .man | join("\n")

     

       40
       40
       -
               elif $typ == "null" then empty

     

       41
       41
       -
               else "invalid type " + $typ | halt_error end' "${npmWorkspace-.}/package.json")

     

       19
       19
       +
           nodejsInstallManuals "${npmWorkspace-.}/package.json"

     

       42
       20
        
       

     

       43
       21
        
           local -r nodeModulesPath="$packageOut/node_modules"

     

       44
       22

-1

pkgs/by-name/do/docfd/package.nix

···

       42
       42
        
           cmdliner

     

       43
       43
        
           containers-data

     

       44
       44
        
           digestif

     

       45
       45
       -
           domainslib

     

       46
       45
        
           eio_main

     

       47
       46
        
           lwd

     

       48
       47
        
           nottui

+3

pkgs/by-name/ha/hatch/package.nix

···

       96
       96
        
             "test_uv_env"

     

       97
       97
        
             "test_pyenv"

     

       98
       98
        
             "test_pypirc"

     

       99
       99
       +
             # Relies on FHS

     

       100
       100
       +
             # Could not read ELF interpreter from any of the following paths: /bin/sh, /usr/bin/env, /bin/dash, /bin/ls

     

       101
       101
       +
             "test_new_selected_python"

     

       99
       102
        
           ]

     

       100
       103
        
           ++ lib.optionals stdenv.isDarwin [

     

       101
       104
        
             # https://github.com/NixOS/nixpkgs/issues/209358

+4 -4

pkgs/by-name/im/imhex/package.nix

···

       25
       25
        
       }:

     

       26
       26
        
       

     

       27
       27
        
       let

     

       28
       28
       -
         version = "1.35.3";

     

       29
       29
       -
         patterns_version = "1.35.3";

     

       28
       28
       +
         version = "1.35.4";

     

       29
       29
       +
         patterns_version = "1.35.4";

     

       30
       30
        
       

     

       31
       31
        
         patterns_src = fetchFromGitHub {

     

       32
       32
        
           name = "ImHex-Patterns-source-${patterns_version}";

     

       33
       33
        
           owner = "WerWolv";

     

       34
       34
        
           repo = "ImHex-Patterns";

     

       35
       35
        
           rev = "ImHex-v${patterns_version}";

     

       36
       36
       -
           hash = "sha256-h86qoFMSP9ehsXJXOccUK9Mfqe+DVObfSRT4TCtK0rY=";

     

       36
       36
       +
           hash = "sha256-7ch2KXkbkdRAvo3HyErWcth3kG4bzYvp9I5GZSsb/BQ=";

     

       37
       37
        
         };

     

       38
       38
        
       

     

       39
       39
        
       in

     
···

       47
       47
        
           owner = "WerWolv";

     

       48
       48
        
           repo = "ImHex";

     

       49
       49
        
           rev = "refs/tags/v${version}";

     

       50
       50
       -
           hash = "sha256-8vhOOHfg4D9B9yYgnGZBpcjAjuL4M4oHHax9ad5PJtA=";

     

       50
       50
       +
           hash = "sha256-6QpmFkSMQpGlEzo7BHZn20c+q8CTDUB4yO87wMU5JT4=";

     

       51
       51
        
         };

     

       52
       52
        
       

     

       53
       53
        
         nativeBuildInputs = [

+2

pkgs/by-name/mu/muffin/package.nix

···

       32
       32
        
       , udev

     

       33
       33
        
       , wayland

     

       34
       34
        
       , wayland-protocols

     

       35
       35
       +
       , wayland-scanner

     

       35
       36
        
       , wrapGAppsHook3

     

       36
       37
        
       , xorgserver

     

       37
       38
        
       , xwayland

     
···

       68
       69
        
           wrapGAppsHook3

     

       69
       70
        
           xorgserver # for cvt command

     

       70
       71
        
           gobject-introspection

     

       72
       72
       +
           wayland-scanner

     

       71
       73
        
         ];

     

       72
       74
        
       

     

       73
       75
        
         buildInputs = [

+2 -3

pkgs/by-name/ni/nix-update/package.nix

···

       3
       3
        
       , fetchFromGitHub

     

       4
       4
        
       , nix

     

       5
       5
        
       , nix-prefetch-git

     

       6
       6
       -
       , nixpkgs-fmt

     

       7
       6
        
       , nixpkgs-review

     

       8
       7
        
       }:

     

       9
       8
        
       

     
···

       24
       23
        
         ];

     

       25
       24
        
       

     

       26
       25
        
         makeWrapperArgs = [

     

       27
       27
       -
           "--prefix" "PATH" ":" (lib.makeBinPath [ nix nix-prefetch-git nixpkgs-fmt nixpkgs-review ])

     

       26
       26
       +
           "--prefix" "PATH" ":" (lib.makeBinPath [ nix nix-prefetch-git nixpkgs-review ])

     

       28
       27
        
         ];

     

       29
       28
        
       

     

       30
       29
        
         checkPhase = ''

     
···

       36
       35
        
           inherit (src.meta) homepage;

     

       37
       36
        
           changelog = "https://github.com/Mic92/nix-update/releases/tag/${version}";

     

       38
       37
        
           license = licenses.mit;

     

       39
       39
       -
           maintainers = with maintainers; [ figsoda mic92 zowoq ];

     

       38
       38
       +
           maintainers = with maintainers; [ figsoda mic92 ];

     

       40
       39
        
           mainProgram = "nix-update";

     

       41
       40
        
           platforms = platforms.all;

     

       42
       41
        
         };

+27

pkgs/by-name/no/nodejsInstallExecutables/hook.sh

···

       1
       1
       +
       # shellcheck shell=bash

     

       2
       2
       +
       

     

       3
       3
       +
       nodejsInstallExecutables() {

     

       4
       4
       +
           local -r packageJson="${1-./package.json}"

     

       5
       5
       +
       

     

       6
       6
       +
           local -r packageOut="$out/lib/node_modules/$(@jq@ --raw-output '.name' package.json)"

     

       7
       7
       +
       

     

       8
       8
       +
           # Based on code from Python's buildPythonPackage wrap.sh script, for

     

       9
       9
       +
           # supporting both the case when makeWrapperArgs is an array and a

     

       10
       10
       +
           # IFS-separated string.

     

       11
       11
       +
           #

     

       12
       12
       +
           # TODO: remove the string branch when __structuredAttrs are used.

     

       13
       13
       +
           if [[ "${makeWrapperArgs+defined}" == "defined" && "$(declare -p makeWrapperArgs)" =~ ^'declare -a makeWrapperArgs=' ]]; then

     

       14
       14
       +
               local -a user_args=("${makeWrapperArgs[@]}")

     

       15
       15
       +
           else

     

       16
       16
       +
               local -a user_args="(${makeWrapperArgs:-})"

     

       17
       17
       +
           fi

     

       18
       18
       +
       

     

       19
       19
       +
           while IFS=" " read -ra bin; do

     

       20
       20
       +
               mkdir -p "$out/bin"

     

       21
       21
       +
               makeWrapper @hostNode@ "$out/bin/${bin[0]}" --add-flags "$packageOut/${bin[1]}" "${user_args[@]}"

     

       22
       22
       +
           done < <(@jq@ --raw-output '(.bin | type) as $typ | if $typ == "string" then

     

       23
       23
       +
               .name + " " + .bin

     

       24
       24
       +
               elif $typ == "object" then .bin | to_entries | map(.key + " " + .value) | join("\n")

     

       25
       25
       +
               elif $typ == "null" then empty

     

       26
       26
       +
               else "invalid type " + $typ | halt_error end' "$packageJson")

     

       27
       27
       +
       }

+19

pkgs/by-name/no/nodejsInstallExecutables/package.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         makeSetupHook,

     

       3
       3
       +
         installShellFiles,

     

       4
       4
       +
         makeWrapper,

     

       5
       5
       +
         nodejs,

     

       6
       6
       +
         jq,

     

       7
       7
       +
       }:

     

       8
       8
       +
       

     

       9
       9
       +
       makeSetupHook {

     

       10
       10
       +
         name = "nodejs-install-executables";

     

       11
       11
       +
         propagatedBuildInputs = [

     

       12
       12
       +
           installShellFiles

     

       13
       13
       +
           makeWrapper

     

       14
       14
       +
         ];

     

       15
       15
       +
         substitutions = {

     

       16
       16
       +
           hostNode = "${nodejs}/bin/node";

     

       17
       17
       +
           jq = "${jq}/bin/jq";

     

       18
       18
       +
         };

     

       19
       19
       +
       } ./hook.sh

+14

pkgs/by-name/no/nodejsInstallManuals/hook.sh

···

       1
       1
       +
       # shellcheck shell=bash

     

       2
       2
       +
       

     

       3
       3
       +
       nodejsInstallManuals() {

     

       4
       4
       +
           local -r packageJson="${1-./package.json}"

     

       5
       5
       +
       

     

       6
       6
       +
           local -r packageOut="$out/lib/node_modules/$(@jq@ --raw-output '.name' package.json)"

     

       7
       7
       +
       

     

       8
       8
       +
           while IFS= read -r man; do

     

       9
       9
       +
               installManPage "$packageOut/$man"

     

       10
       10
       +
           done < <(@jq@ --raw-output '(.man | type) as $typ | if $typ == "string" then .man

     

       11
       11
       +
               elif $typ == "list" then .man | join("\n")

     

       12
       12
       +
               elif $typ == "null" then empty

     

       13
       13
       +
               else "invalid type " + $typ | halt_error end' "$packageJson")

     

       14
       14
       +
       }

+13

pkgs/by-name/no/nodejsInstallManuals/package.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         makeSetupHook,

     

       3
       3
       +
         installShellFiles,

     

       4
       4
       +
         jq,

     

       5
       5
       +
       }:

     

       6
       6
       +
       

     

       7
       7
       +
       makeSetupHook {

     

       8
       8
       +
         name = "nodejs-install-manuals";

     

       9
       9
       +
         propagatedBuildInputs = [ installShellFiles ];

     

       10
       10
       +
         substitutions = {

     

       11
       11
       +
           jq = "${jq}/bin/jq";

     

       12
       12
       +
         };

     

       13
       13
       +
       } ./hook.sh

+2 -2

pkgs/by-name/qb/qbittorrent-enhanced/package.nix

···

       12
       12
        
       

     

       13
       13
        
       stdenv.mkDerivation rec {

     

       14
       14
        
         pname = "qbittorrent-enhanced";

     

       15
       15
       -
         version = "4.6.5.10";

     

       15
       15
       +
         version = "4.6.6.10";

     

       16
       16
        
       

     

       17
       17
        
         src = fetchFromGitHub {

     

       18
       18
        
           owner = "c0re100";

     

       19
       19
        
           repo = "qBittorrent-Enhanced-Edition";

     

       20
       20
        
           rev = "release-${version}";

     

       21
       21
       -
           hash = "sha256-Yy0DUTz1lWkseh9x1xnHJCI89BKqi/D7zUn/S+qC+kM=";

     

       21
       21
       +
           hash = "sha256-mmM/1eU8FTWAciq2rh7fRa96fOkovMk4ScoehnqHdIQ=";

     

       22
       22
        
         };

     

       23
       23
        
       

     

       24
       24
        
         nativeBuildInputs = [

+9 -4

pkgs/by-name/st/stalwart-mail/package.nix

···

       25
       25
        
         # See upstream issue for rocksdb 9.X support

     

       26
       26
        
         # https://github.com/stalwartlabs/mail-server/issues/407

     

       27
       27
        
         rocksdb = rocksdb_8_11;

     

       28
       28
       -
         version = "0.9.2";

     

       28
       28
       +
         version = "0.9.3";

     

       29
       29
        
       in

     

       30
       30
        
       rustPlatform.buildRustPackage {

     

       31
       31
        
         pname = "stalwart-mail";

     
···

       35
       35
        
           owner = "stalwartlabs";

     

       36
       36
        
           repo = "mail-server";

     

       37
       37
        
           rev = "refs/tags/v${version}";

     

       38
       38
       -
           hash = "sha256-8O+0yOdaHnc2vDLCPK7PIuR6IBeOmH9RNDo0uaw7EeU=";

     

       38
       38
       +
           hash = "sha256-XjHm9jBpBQcf1qaZJLDSSrPK9Nqi3olG0pMXHdNUjbg=";

     

       39
       39
        
           fetchSubmodules = true;

     

       40
       40
        
         };

     

       41
       41
        
       

     

       42
       42
       -
         cargoHash = "sha256-ofF9eTXLVyFfrTnAj6rMYV3dMY613tjhKgoLs303CEA=";

     

       42
       42
       +
         cargoHash = "sha256-sFYvEKZVTS5v37CpIl/KjoOY0iWCHLgIJFUdht5SjJY=";

     

       43
       43
        
       

     

       44
       44
        
         patches = [

     

       45
       45
        
           # Remove "PermissionsStartOnly" from systemd service files,

     
···

       61
       61
        
           bzip2

     

       62
       62
        
           openssl

     

       63
       63
        
           sqlite

     

       64
       64
       +
           zstd

     

       65
       65
       +
         ] ++ lib.optionals stdenv.isLinux [

     

       64
       66
        
           foundationdb

     

       65
       65
       -
           zstd

     

       66
       67
        
         ] ++ lib.optionals stdenv.isDarwin [

     

       67
       68
        
           darwin.apple_sdk.frameworks.CoreFoundation

     

       68
       69
        
           darwin.apple_sdk.frameworks.Security

     

       69
       70
        
           darwin.apple_sdk.frameworks.SystemConfiguration

     

       70
       71
        
         ];

     

       72
       72
       +
       

     

       73
       73
       +
         # skip defaults on darwin because foundationdb is not available

     

       74
       74
       +
         buildNoDefaultFeatures = stdenv.isDarwin;

     

       75
       75
       +
         buildFeatures = lib.optional (stdenv.isDarwin) [ "sqlite" "postgres" "mysql" "rocks" "elastic" "s3" "redis" ];

     

       71
       76
        
       

     

       72
       77
        
         env = {

     

       73
       78
        
           OPENSSL_NO_VENDOR = true;

+2 -2

pkgs/by-name/su/surrealdb/package.nix

···

       25
       25
        
           hash = "sha256-KtR+qU2Xys4NkEARZBbO8mTPa7EI9JplWvXdtuLt2vE=";

     

       26
       26
        
         };

     

       27
       27
        
       

     

       28
       28
       -
         patches = [

     

       29
       29
       -
             ./time.patch  # TODO: remove when https://github.com/surrealdb/surrealdb/pull/4565 merged

     

       28
       28
       +
         cargoPatches = [

     

       29
       29
       +
           ./time.patch # TODO: remove when https://github.com/surrealdb/surrealdb/pull/4565 merged

     

       30
       30
        
         ];

     

       31
       31
        
       

     

       32
       32
        
         cargoHash = "sha256-5qIIPdE6HYov5EIR4do+pMeZ1Lo3at39aKOP9scfMy8=";

+43

pkgs/by-name/us/userborn/package.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         lib,

     

       3
       3
       +
         rustPlatform,

     

       4
       4
       +
         fetchFromGitHub,

     

       5
       5
       +
         makeBinaryWrapper,

     

       6
       6
       +
         mkpasswd,

     

       7
       7
       +
       }:

     

       8
       8
       +
       

     

       9
       9
       +
       rustPlatform.buildRustPackage rec {

     

       10
       10
       +
         pname = "userborn";

     

       11
       11
       +
         version = "0.1.0";

     

       12
       12
       +
       

     

       13
       13
       +
         src = fetchFromGitHub {

     

       14
       14
       +
           owner = "nikstur";

     

       15
       15
       +
           repo = "userborn";

     

       16
       16
       +
           rev = version;

     

       17
       17
       +
           hash = "sha256-aptFDrL9RPPTu4wp2ee3LVaEruRdCWtLGIKdOgsR+/s=";

     

       18
       18
       +
         };

     

       19
       19
       +
       

     

       20
       20
       +
         sourceRoot = "${src.name}/rust/userborn";

     

       21
       21
       +
       

     

       22
       22
       +
         cargoHash = "sha256-m39AC26E0Pxu1E/ap2kSwr5uznJNgExf5QUrZ+zTNX0=";

     

       23
       23
       +
       

     

       24
       24
       +
         nativeBuildInputs = [ makeBinaryWrapper ];

     

       25
       25
       +
       

     

       26
       26
       +
         buildInputs = [ mkpasswd ];

     

       27
       27
       +
       

     

       28
       28
       +
         nativeCheckInputs = [ mkpasswd ];

     

       29
       29
       +
       

     

       30
       30
       +
         postInstall = ''

     

       31
       31
       +
           wrapProgram $out/bin/userborn --prefix PATH : ${lib.makeBinPath [ mkpasswd ]}

     

       32
       32
       +
         '';

     

       33
       33
       +
       

     

       34
       34
       +
         stripAllList = [ "bin" ];

     

       35
       35
       +
       

     

       36
       36
       +
         meta = with lib; {

     

       37
       37
       +
           homepage = "https://github.com/nikstur/userborn";

     

       38
       38
       +
           description = "Declaratively bear (manage) Linux users and groups";

     

       39
       39
       +
           license = licenses.mit;

     

       40
       40
       +
           maintainers = with lib.maintainers; [ nikstur ];

     

       41
       41
       +
           mainProgram = "userborn";

     

       42
       42
       +
         };

     

       43
       43
       +
       }

+3 -41

pkgs/by-name/uv/uv/Cargo.lock

···

       44
       44
        
       ]

     

       45
       45
        
       

     

       46
       46
        
       [[package]]

     

       47
       47
       -
       name = "alloc-no-stdlib"

     

       48
       48
       -
       version = "2.0.4"

     

       49
       49
       -
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       50
       50
       -
       checksum = "cc7bb162ec39d46ab1ca8c77bf72e890535becd1751bb45f64c597edb4c8c6b3"

     

       51
       51
       -
       

     

       52
       52
       -
       [[package]]

     

       53
       53
       -
       name = "alloc-stdlib"

     

       54
       54
       -
       version = "0.2.2"

     

       55
       55
       -
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       56
       56
       -
       checksum = "94fb8275041c72129eb51b7d0322c29b8387a0386127718b096429201a5d6ece"

     

       57
       57
       -
       dependencies = [

     

       58
       58
       -
        "alloc-no-stdlib",

     

       59
       59
       -
       ]

     

       60
       60
       -
       

     

       61
       61
       -
       [[package]]

     

       62
       47
        
       name = "android-tzdata"

     

       63
       48
        
       version = "0.1.1"

     

       64
       49
        
       source = "registry+https://github.com/rust-lang/crates.io-index"

     
···

       211
       196
        
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       212
       197
        
       checksum = "fec134f64e2bc57411226dfc4e52dec859ddfc7e711fc5e07b612584f000e4aa"

     

       213
       198
        
       dependencies = [

     

       214
       214
       -
        "brotli",

     

       215
       199
        
        "bzip2",

     

       216
       200
        
        "flate2",

     

       217
       201
        
        "futures-core",

     
···

       460
       444
        
       version = "0.2.5"

     

       461
       445
        
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       462
       446
        
       checksum = "510a90332002c1af3317ef6b712f0dab697f30bbe809b86965eac2923c0bca8e"

     

       463
       463
       -
       

     

       464
       464
       -
       [[package]]

     

       465
       465
       -
       name = "brotli"

     

       466
       466
       -
       version = "6.0.0"

     

       467
       467
       -
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       468
       468
       -
       checksum = "74f7971dbd9326d58187408ab83117d8ac1bb9c17b085fdacd1cf2f598719b6b"

     

       469
       469
       -
       dependencies = [

     

       470
       470
       -
        "alloc-no-stdlib",

     

       471
       471
       -
        "alloc-stdlib",

     

       472
       472
       -
        "brotli-decompressor",

     

       473
       473
       -
       ]

     

       474
       474
       -
       

     

       475
       475
       -
       [[package]]

     

       476
       476
       -
       name = "brotli-decompressor"

     

       477
       477
       -
       version = "4.0.1"

     

       478
       478
       -
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       479
       479
       -
       checksum = "9a45bd2e4095a8b518033b128020dd4a55aab1c0a381ba4404a472630f4bc362"

     

       480
       480
       -
       dependencies = [

     

       481
       481
       -
        "alloc-no-stdlib",

     

       482
       482
       -
        "alloc-stdlib",

     

       483
       483
       -
       ]

     

       484
       447
        
       

     

       485
       448
        
       [[package]]

     

       486
       449
        
       name = "bstr"

     
···

       4529
       4492
        
       

     

       4530
       4493
        
       [[package]]

     

       4531
       4494
        
       name = "uv"

     

       4532
       4532
       -
       version = "0.3.5"

     

       4495
       4495
       +
       version = "0.4.0"

     

       4533
       4496
        
       dependencies = [

     

       4534
       4497
        
        "anstream",

     

       4535
       4498
        
        "anyhow",

     
···

       4780
       4743
        
        "uv-auth",

     

       4781
       4744
        
        "uv-cache",

     

       4782
       4745
        
        "uv-normalize",

     

       4783
       4783
       -
        "uv-workspace",

     

       4784
       4746
        
       ]

     

       4785
       4747
        
       

     

       4786
       4748
        
       [[package]]

     
···

       5080
       5042
        
        "uv-state",

     

       5081
       5043
        
        "uv-warnings",

     

       5082
       5044
        
        "which",

     

       5083
       5083
       -
        "windows-sys 0.52.0",

     

       5045
       5045
       +
        "windows-sys 0.59.0",

     

       5084
       5046
        
        "winsafe 0.0.22",

     

       5085
       5047
        
       ]

     

       5086
       5048
        
       

     
···

       5284
       5246
        
       

     

       5285
       5247
        
       [[package]]

     

       5286
       5248
        
       name = "uv-version"

     

       5287
       5287
       -
       version = "0.3.5"

     

       5249
       5249
       +
       version = "0.4.0"

     

       5288
       5250
        
       

     

       5289
       5251
        
       [[package]]

     

       5290
       5252
        
       name = "uv-virtualenv"

+2 -2

pkgs/by-name/uv/uv/package.nix

···

       16
       16
        
       

     

       17
       17
        
       python3Packages.buildPythonApplication rec {

     

       18
       18
        
         pname = "uv";

     

       19
       19
       -
         version = "0.3.5";

     

       19
       19
       +
         version = "0.4.0";

     

       20
       20
        
         pyproject = true;

     

       21
       21
        
       

     

       22
       22
        
         src = fetchFromGitHub {

     

       23
       23
        
           owner = "astral-sh";

     

       24
       24
        
           repo = "uv";

     

       25
       25
        
           rev = "refs/tags/${version}";

     

       26
       26
       -
           hash = "sha256-D/BCxA7GOEu26xDkMmchXAMFB1pDewYSiOrNj2oSTyE=";

     

       26
       26
       +
           hash = "sha256-JEGcX4dT/cVLb07n2Y0nai17jW0tXpV18qaYVnoEpew=";

     

       27
       27
        
         };

     

       28
       28
        
       

     

       29
       29
        
         cargoDeps = rustPlatform.importCargoLock {

+8 -1

pkgs/by-name/wl/wlx-overlay-s/package.nix

···

       4
       4
        
         fetchFromGitHub,

     

       5
       5
        
         fontconfig,

     

       6
       6
        
         lib,

     

       7
       7
       +
         libGL,

     

       8
       8
       +
         libuuid,

     

       7
       9
        
         libX11,

     

       8
       10
        
         libXext,

     

       9
       11
        
         libXrandr,

     
···

       19
       21
        
         shaderc,

     

       20
       22
        
         stdenv,

     

       21
       23
        
         testers,

     

       24
       24
       +
         vulkan-loader,

     

       22
       25
        
         wayland,

     

       23
       26
        
         wlx-overlay-s,

     

       24
       27
        
       }:

     
···

       76
       79
        
         postInstall = ''

     

       77
       80
        
           patchelf $out/bin/wlx-overlay-s \

     

       78
       81
        
             --add-needed ${lib.getLib wayland}/lib/libwayland-client.so.0 \

     

       79
       79
       -
             --add-needed ${lib.getLib libxkbcommon}/lib/libxkbcommon.so.0

     

       82
       82
       +
             --add-needed ${lib.getLib libxkbcommon}/lib/libxkbcommon.so.0 \

     

       83
       83
       +
             --add-needed ${lib.getLib libGL}/lib/libEGL.so.1 \

     

       84
       84
       +
             --add-needed ${lib.getLib libGL}/lib/libGL.so.1 \

     

       85
       85
       +
             --add-needed ${lib.getLib vulkan-loader}/lib/libvulkan.so.1 \

     

       86
       86
       +
             --add-needed ${lib.getLib libuuid}/lib/libuuid.so.1

     

       80
       87
        
         '';

     

       81
       88
        
       

     

       82
       89
        
         passthru = {

+2 -2

pkgs/by-name/ya/yamlscript/package.nix

···

       2
       2
        
       

     

       3
       3
        
       buildGraalvmNativeImage rec {

     

       4
       4
        
         pname = "yamlscript";

     

       5
       5
       -
         version = "0.1.72";

     

       5
       5
       +
         version = "0.1.73";

     

       6
       6
        
       

     

       7
       7
        
         src = fetchurl {

     

       8
       8
        
           url = "https://github.com/yaml/yamlscript/releases/download/${version}/yamlscript.cli-${version}-standalone.jar";

     

       9
       9
       -
           hash = "sha256-Qp2/Bifh+KXUjpcW/Lct6nGBv50TUEOGTjVPkXGbD54=";

     

       9
       9
       +
           hash = "sha256-FXw476RXIFnjnK8cz/Kxni4dZ58LJvevcxiotDO7+bQ=";

     

       10
       10
        
         };

     

       11
       11
        
       

     

       12
       12
        
         executable = "ys";

+24

pkgs/development/ocaml-modules/backoff/default.nix

···

       1
       1
       +
       { lib, buildDunePackage, fetchurl, alcotest}:

     

       2
       2
       +
       

     

       3
       3
       +
       buildDunePackage rec {

     

       4
       4
       +
         pname = "backoff";

     

       5
       5
       +
         version = "0.1.0";

     

       6
       6
       +
       

     

       7
       7
       +
         src = fetchurl {

     

       8
       8
       +
           url = "https://github.com/ocaml-multicore/backoff/releases/download/${version}/backoff-${version}.tbz";

     

       9
       9
       +
           hash = "sha256-EaSseCKekNE03gaNiqh5Y11r8TF9XulR9AZboPWMIwA=";

     

       10
       10
       +
         };

     

       11
       11
       +
       

     

       12
       12
       +
         doCheck = true;

     

       13
       13
       +
       

     

       14
       14
       +
         checkInputs = [ alcotest ];

     

       15
       15
       +
       

     

       16
       16
       +
         meta = {

     

       17
       17
       +
           description = "Exponential backoff mechanism for OCaml";

     

       18
       18
       +
           homepage = "https://github.com/ocaml-multicore/backoff";

     

       19
       19
       +
           license = lib.licenses.isc;

     

       20
       20
       +
           maintainers = [ lib.maintainers.vbgl ];

     

       21
       21
       +
         };

     

       22
       22
       +
       

     

       23
       23
       +
         minimalOCamlVersion = "4.13";

     

       24
       24
       +
       }

+1

pkgs/development/ocaml-modules/domainslib/default.nix

···

       29
       29
        
           description = "Nested-parallel programming";

     

       30
       30
        
           license = lib.licenses.isc;

     

       31
       31
        
           maintainers = [ lib.maintainers.vbgl ];

     

       32
       32
       +
           broken = true; # Not compatible with saturn > 0.4.0

     

       32
       33
        
         };

     

       33
       34
        
       }

+22

pkgs/development/ocaml-modules/multicore-bench/default.nix

···

       1
       1
       +
       { lib, buildDunePackage, fetchurl

     

       2
       2
       +
       , domain-local-await, mtime, multicore-magic, yojson

     

       3
       3
       +
       }:

     

       4
       4
       +
       

     

       5
       5
       +
       buildDunePackage rec {

     

       6
       6
       +
         pname = "multicore-bench";

     

       7
       7
       +
         version = "0.1.4";

     

       8
       8
       +
       

     

       9
       9
       +
         src = fetchurl {

     

       10
       10
       +
           url = "https://github.com/ocaml-multicore/multicore-bench/releases/download/${version}/multicore-bench-${version}.tbz";

     

       11
       11
       +
           hash = "sha256-iCx5QvhYo/e53cW23Sza2as4aez4HeESVvLPF1DW85A=";

     

       12
       12
       +
         };

     

       13
       13
       +
       

     

       14
       14
       +
         propagatedBuildInputs = [ domain-local-await mtime multicore-magic yojson ];

     

       15
       15
       +
       

     

       16
       16
       +
         meta = {

     

       17
       17
       +
           description = "Framework for writing multicore benchmark executables to run on current-bench";

     

       18
       18
       +
           homepage = "https://github.com/ocaml-multicore/multicore-bench";

     

       19
       19
       +
           license = lib.licenses.isc;

     

       20
       20
       +
           maintainers = [ lib.maintainers.vbgl ];

     

       21
       21
       +
         };

     

       22
       22
       +
       }

+24

pkgs/development/ocaml-modules/multicore-magic/default.nix

···

       1
       1
       +
       { lib, buildDunePackage, fetchurl

     

       2
       2
       +
       , alcotest, domain_shims

     

       3
       3
       +
       }:

     

       4
       4
       +
       

     

       5
       5
       +
       buildDunePackage rec {

     

       6
       6
       +
         pname = "multicore-magic";

     

       7
       7
       +
         version = "2.3.0";

     

       8
       8
       +
       

     

       9
       9
       +
         src = fetchurl {

     

       10
       10
       +
           url = "https://github.com/ocaml-multicore/multicore-magic/releases/download/${version}/multicore-magic-${version}.tbz";

     

       11
       11
       +
           hash = "sha256-r50UqLOd2DoTz0CEXHpJMHX0fty+mGiAKTdtykgnzu4=";

     

       12
       12
       +
         };

     

       13
       13
       +
       

     

       14
       14
       +
         doCheck = true;

     

       15
       15
       +
       

     

       16
       16
       +
         checkInputs = [ alcotest domain_shims ];

     

       17
       17
       +
       

     

       18
       18
       +
         meta = {

     

       19
       19
       +
           description = "Low-level multicore utilities for OCaml";

     

       20
       20
       +
           license = lib.licenses.isc;

     

       21
       21
       +
           homepage = "https://github.com/ocaml-multicore/multicore-magic";

     

       22
       22
       +
           maintainers = [ lib.maintainers.vbgl ];

     

       23
       23
       +
         };

     

       24
       24
       +
       }

+10 -1

pkgs/development/ocaml-modules/saturn/default.nix

···

       1
       1
        
       { lib, buildDunePackage, ocaml

     

       2
       2
        
       , saturn_lockfree

     

       3
       3
       +
       , domain_shims

     

       3
       4
        
       , dscheck

     

       5
       5
       +
       , multicore-bench

     

       4
       6
        
       , qcheck, qcheck-alcotest, qcheck-stm

     

       5
       7
        
       }:

     

       6
       8
        
       

     
···

       12
       14
        
         propagatedBuildInputs = [ saturn_lockfree ];

     

       13
       15
        
       

     

       14
       16
        
         doCheck = lib.versionAtLeast ocaml.version "5.0";

     

       15
       15
       -
         checkInputs = [ dscheck qcheck qcheck-alcotest qcheck-stm ];

     

       17
       17
       +
         checkInputs = [

     

       18
       18
       +
           domain_shims

     

       19
       19
       +
           dscheck

     

       20
       20
       +
           multicore-bench

     

       21
       21
       +
           qcheck

     

       22
       22
       +
           qcheck-alcotest

     

       23
       23
       +
           qcheck-stm

     

       24
       24
       +
         ];

     

       16
       25
        
       

     

       17
       26
        
         meta = saturn_lockfree.meta // {

     

       18
       27
        
           description = "Parallelism-safe data structures for multicore OCaml";

+5 -5

pkgs/development/ocaml-modules/saturn/lockfree.nix

···

       1
       1
        
       { lib, fetchurl, buildDunePackage

     

       2
       2
       -
       , domain_shims

     

       2
       2
       +
       , backoff, multicore-magic

     

       3
       3
        
       }:

     

       4
       4
        
       

     

       5
       5
        
       buildDunePackage rec {

     

       6
       6
        
         pname = "saturn_lockfree";

     

       7
       7
       -
         version = "0.4.0";

     

       7
       7
       +
         version = "0.5.0";

     

       8
       8
        
       

     

       9
       9
       -
         minimalOCamlVersion = "4.12";

     

       9
       9
       +
         minimalOCamlVersion = "4.13";

     

       10
       10
        
       

     

       11
       11
        
         src = fetchurl {

     

       12
       12
        
           url = "https://github.com/ocaml-multicore/saturn/releases/download/${version}/saturn-${version}.tbz";

     

       13
       13
       -
           hash = "sha256-fHvslaJwVbQaqDVA/MHGqHybetYbxRGlMrhgXqM3iPs=";

     

       13
       13
       +
           hash = "sha256-ZmmxwIe5PiPYTTdvOHbOjRbv2b/bb9y0IekByfREPjk=";

     

       14
       14
        
         };

     

       15
       15
        
       

     

       16
       16
       -
         propagatedBuildInputs = [ domain_shims ];

     

       16
       16
       +
         propagatedBuildInputs = [ backoff multicore-magic ];

     

       17
       17
        
       

     

       18
       18
        
         meta = {

     

       19
       19
        
           description = "Lock-free data structures for multicore OCaml";

+19 -28

pkgs/development/python-modules/aeidon/default.nix

···

       1
       1
        
       {

     

       2
       2
        
         lib,

     

       3
       3
        
         buildPythonPackage,

     

       4
       4
       -
         fetchPypi,

     

       5
       5
       -
         gettext,

     

       6
       6
       -
         flake8,

     

       7
       7
       -
         isocodes,

     

       4
       4
       +
         fetchFromGitHub,

     

       5
       5
       +
         setuptools,

     

       8
       6
        
         pytestCheckHook,

     

       9
       7
        
         charset-normalizer,

     

       10
       8
        
       }:

     
···

       12
       10
        
       buildPythonPackage rec {

     

       13
       11
        
         pname = "aeidon";

     

       14
       12
        
         version = "1.15";

     

       13
       13
       +
         pyproject = true;

     

       15
       14
        
       

     

       16
       16
       -
         src = fetchPypi {

     

       17
       17
       -
           pname = "aeidon";

     

       18
       18
       -
           inherit version;

     

       19
       19
       -
           sha256 = "sha256-qGpGraRZFVaW1Jys24qvfPo5WDg7Q/fhvm44JH8ulVw=";

     

       15
       15
       +
         src = fetchFromGitHub {

     

       16
       16
       +
           owner = "otsaloma";

     

       17
       17
       +
           repo = "gaupol";

     

       18
       18
       +
           rev = "refs/tags/${version}";

     

       19
       19
       +
           hash = "sha256-lhNyeieeiBBm3rNDEU0BuWKeM6XYlOtv1voW8tR8cUM=";

     

       20
       20
        
         };

     

       21
       21
        
       

     

       22
       22
       -
         nativeBuildInputs = [

     

       23
       23
       -
           gettext

     

       24
       24
       -
           flake8

     

       25
       25
       -
         ];

     

       22
       22
       +
         postPatch = ''

     

       23
       23
       +
           mv setup.py setup_gaupol.py

     

       24
       24
       +
           substituteInPlace setup-aeidon.py \

     

       25
       25
       +
             --replace "from setup import" "from setup_gaupol import"

     

       26
       26
       +
           mv setup-aeidon.py setup.py

     

       27
       27
       +
         '';

     

       26
       28
        
       

     

       27
       27
       -
         dependencies = [ isocodes ];

     

       29
       29
       +
         build-system = [ setuptools ];

     

       28
       30
        
       

     

       29
       29
       -
         installPhase = ''

     

       30
       30
       -
           runHook preInstall

     

       31
       31
       -
           python setup.py --without-gaupol install --prefix=$out

     

       32
       32
       -
           runHook postInstall

     

       33
       33
       -
         '';

     

       31
       31
       +
         dependencies = [ charset-normalizer ];

     

       34
       32
        
       

     

       35
       35
       -
         nativeCheckInputs = [

     

       36
       36
       -
           pytestCheckHook

     

       37
       37
       -
           charset-normalizer

     

       38
       38
       -
         ];

     

       39
       39
       -
       

     

       40
       40
       -
         # Aeidon is looking in the wrong subdirectory for data

     

       41
       41
       -
         preCheck = ''

     

       42
       42
       -
           cp -r data aeidon/

     

       43
       43
       -
         '';

     

       33
       33
       +
         nativeCheckInputs = [ pytestCheckHook ];

     

       44
       34
        
       

     

       45
       35
        
         pytestFlagsArray = [ "aeidon/test" ];

     

       46
       36
        
       

     
···

       52
       42
        
         pythonImportsCheck = [ "aeidon" ];

     

       53
       43
        
       

     

       54
       44
        
         meta = with lib; {

     

       45
       45
       +
           changelog = "https://github.com/otsaloma/gaupol/releases/tag/${version}";

     

       55
       46
        
           description = "Reading, writing and manipulationg text-based subtitle files";

     

       56
       47
        
           homepage = "https://github.com/otsaloma/gaupol";

     

       57
       57
       -
           license = licenses.gpl3Only;

     

       48
       48
       +
           license = licenses.gpl3Plus;

     

       58
       49
        
           maintainers = with maintainers; [ erictapen ];

     

       59
       50
        
         };

     

       60
       51

+2 -2

pkgs/development/python-modules/craft-platforms/default.nix

···

       14
       14
        
       

     

       15
       15
        
       buildPythonPackage rec {

     

       16
       16
        
         pname = "craft-platforms";

     

       17
       17
       -
         version = "0.1.1";

     

       17
       17
       +
         version = "0.2.0";

     

       18
       18
        
         pyproject = true;

     

       19
       19
        
       

     

       20
       20
        
         disabled = pythonOlder "3.10";

     
···

       23
       23
        
           owner = "canonical";

     

       24
       24
        
           repo = "craft-platforms";

     

       25
       25
        
           rev = "refs/tags/${version}";

     

       26
       26
       -
           hash = "sha256-KzskmSw7NsH1CAYjPf2281Ob71Jd6AhWxtp5tR3IqyU=";

     

       26
       26
       +
           hash = "sha256-chCPuncy+//Y5iohTh0d8qRNaEno6Sqze2Zoas3uwPQ=";

     

       27
       27
        
         };

     

       28
       28
        
       

     

       29
       29
        
         postPatch = ''

+2 -2

pkgs/development/python-modules/gvm-tools/default.nix

···

       11
       11
        
       

     

       12
       12
        
       buildPythonPackage rec {

     

       13
       13
        
         pname = "gvm-tools";

     

       14
       14
       -
         version = "24.7.0";

     

       14
       14
       +
         version = "24.8.0";

     

       15
       15
        
         pyproject = true;

     

       16
       16
        
       

     

       17
       17
        
         disabled = pythonOlder "3.9";

     
···

       20
       20
        
           owner = "greenbone";

     

       21
       21
        
           repo = "gvm-tools";

     

       22
       22
        
           rev = "refs/tags/v${version}";

     

       23
       23
       -
           hash = "sha256-m4wEAx2WyVIMi+xucqUCPr2PLxLo00haObjf+0swUdA=";

     

       23
       23
       +
           hash = "sha256-MwLwJyxKu4O0cEabBjcdhqtqW3uwgbyVlezZysUDYa4=";

     

       24
       24
        
         };

     

       25
       25
        
       

     

       26
       26
        
         __darwinAllowLocalNetworking = true;

+2 -2

pkgs/development/python-modules/lib4sbom/default.nix

···

       12
       12
        
       

     

       13
       13
        
       buildPythonPackage rec {

     

       14
       14
        
         pname = "lib4sbom";

     

       15
       15
       -
         version = "0.7.3";

     

       15
       15
       +
         version = "0.7.4";

     

       16
       16
        
         pyproject = true;

     

       17
       17
        
       

     

       18
       18
        
         disabled = pythonOlder "3.7";

     
···

       21
       21
        
           owner = "anthonyharrison";

     

       22
       22
        
           repo = "lib4sbom";

     

       23
       23
        
           rev = "refs/tags/v${version}";

     

       24
       24
       -
           hash = "sha256-RuIvhlLnWf/ayU6tjpHYKvBFqU8ojPwJK/pDIdLrD2s=";

     

       24
       24
       +
           hash = "sha256-Uqv6E9qMJRsfYICVAiZEQGlG/0w8aECuh8wMa85FnlE=";

     

       25
       25
        
         };

     

       26
       26
        
       

     

       27
       27
        
         build-system = [ setuptools ];

+2 -2

pkgs/development/python-modules/model-bakery/default.nix

···

       11
       11
        
       

     

       12
       12
        
       buildPythonPackage rec {

     

       13
       13
        
         pname = "model-bakery";

     

       14
       14
       -
         version = "1.19.4";

     

       14
       14
       +
         version = "1.19.5";

     

       15
       15
        
         pyproject = true;

     

       16
       16
        
       

     

       17
       17
        
         disabled = pythonOlder "3.8";

     
···

       20
       20
        
           owner = "model-bakers";

     

       21
       21
        
           repo = "model_bakery";

     

       22
       22
        
           rev = "refs/tags/${version}";

     

       23
       23
       -
           hash = "sha256-Jok5fQ8z9/v6n482yYA06ugC+4SSMuV7fmt1cdv3/dg=";

     

       23
       23
       +
           hash = "sha256-hOXE3mddGmRRgO9qAlj3bnmco8QTg2rD0sgui3J9pp8=";

     

       24
       24
        
         };

     

       25
       25
        
       

     

       26
       26
        
         build-system = [ hatchling ];

+2 -2

pkgs/development/python-modules/python-gvm/default.nix

···

       15
       15
        
       

     

       16
       16
        
       buildPythonPackage rec {

     

       17
       17
        
         pname = "python-gvm";

     

       18
       18
       -
         version = "24.7.0";

     

       18
       18
       +
         version = "24.8.0";

     

       19
       19
        
         pyproject = true;

     

       20
       20
        
       

     

       21
       21
        
         disabled = pythonOlder "3.9";

     
···

       24
       24
        
           owner = "greenbone";

     

       25
       25
        
           repo = "python-gvm";

     

       26
       26
        
           rev = "refs/tags/v${version}";

     

       27
       27
       -
           hash = "sha256-WsZxISvPw4uvRKv5CYpcLunAxvoCvVWTSp+m2QTEe0g=";

     

       27
       27
       +
           hash = "sha256-JyImC75Le6S2kQXSU/Ze4TNaitJSJ8LD9j/ny+xjoGA=";

     

       28
       28
        
         };

     

       29
       29
        
       

     

       30
       30
        
         build-system = [ poetry-core ];

+5 -6

pkgs/development/python-modules/stravalib/default.nix

···

       15
       15
        
       

     

       16
       16
        
       buildPythonPackage rec {

     

       17
       17
        
         pname = "stravalib";

     

       18
       18
       -
         version = "1.6";

     

       18
       18
       +
         version = "2.0";

     

       19
       19
        
         pyproject = true;

     

       20
       20
        
       

     

       21
       21
       -
         disabled = pythonOlder "3.9";

     

       21
       21
       +
         disabled = pythonOlder "3.10";

     

       22
       22
        
       

     

       23
       23
        
         src = fetchFromGitHub {

     

       24
       24
        
           owner = "stravalib";

     

       25
       25
        
           repo = "stravalib";

     

       26
       26
        
           rev = "refs/tags/v${version}";

     

       27
       27
       -
           hash = "sha256-U+QlSrijvT77/m+yjhFxbcVTQe51J+PR4Kc8N+qG+wI=";

     

       27
       27
       +
           hash = "sha256-uF29fK+ZSSO688zKYYiSEygBUJZ6NBcvdgGgz3I1I6Q=";

     

       28
       28
        
         };

     

       29
       29
        
       

     

       30
       30
       -
         nativeBuildInputs = [

     

       30
       30
       +
         build-system = [

     

       31
       31
        
           setuptools

     

       32
       32
        
           setuptools-scm

     

       33
       33
        
         ];

     

       34
       34
        
       

     

       35
       35
       -
         propagatedBuildInputs = [

     

       35
       35
       +
         dependencies = [

     

       36
       36
        
           arrow

     

       37
       37
        
           pint

     

       38
       38
        
           pydantic

     
···

       52
       52
        
           changelog = "https://github.com/stravalib/stravalib/releases/tag/v${version}";

     

       53
       53
        
           license = licenses.asl20;

     

       54
       54
        
           maintainers = with maintainers; [ sikmir ];

     

       55
       55
       -
           broken = lib.versionAtLeast pydantic.version "2";

     

       56
       55
        
         };

     

       57
       56
        
       }

+1 -1

pkgs/development/tools/rust/cargo-clone/default.nix

···

       39
       39
        
           homepage = "https://github.com/janlikar/cargo-clone";

     

       40
       40
        
           changelog = "https://github.com/janlikar/cargo-clone/blob/v${version}/CHANGELOG.md";

     

       41
       41
        
           license = with licenses; [ asl20 mit ];

     

       42
       42
       -
           maintainers = with maintainers; [ figsoda matthiasbeyer ];

     

       42
       42
       +
           maintainers = with maintainers; [ figsoda matthiasbeyer janlikar ];

     

       43
       43
        
         };

     

       44
       44
        
       }

+1

pkgs/development/tools/wlcs/default.nix

···

       34
       34
        
           boost

     

       35
       35
        
           gtest

     

       36
       36
        
           wayland

     

       37
       37
       +
           wayland-scanner # needed by cmake

     

       37
       38
        
         ];

     

       38
       39
        
       

     

       39
       40
        
         passthru = {

+2

pkgs/kde/gear/konsole/default.nix

···

       7
       7
        
         pname = "konsole";

     

       8
       8
        
       

     

       9
       9
        
         extraBuildInputs = [qt5compat qtmultimedia];

     

       10
       10
       +
       

     

       11
       11
       +
         meta.mainProgram = "konsole";

     

       10
       12
        
       }

+14 -2

pkgs/os-specific/linux/compsize/default.nix

···

       1
       1
       -
       { lib, stdenv, fetchFromGitHub, btrfs-progs }:

     

       1
       1
       +
       { lib, stdenv, fetchFromGitHub, fetchurl, btrfs-progs }:

     

       2
       2
        
       

     

       3
       3
       +
       let

     

       4
       4
       +
         # https://github.com/kilobyte/compsize/issues/52

     

       5
       5
       +
         btrfs-progs' = btrfs-progs.overrideAttrs (old: rec {

     

       6
       6
       +
           pname = "btrfs-progs";

     

       7
       7
       +
           version = "6.10";

     

       8
       8
       +
           src = fetchurl {

     

       9
       9
       +
             url = "mirror://kernel/linux/kernel/people/kdave/btrfs-progs/btrfs-progs-v${version}.tar.xz";

     

       10
       10
       +
             hash = "sha256-M4KoTj/P4f/eoHphqz9OhmZdOPo18fNFSNXfhnQj4N8=";

     

       11
       11
       +
           };

     

       12
       12
       +
         });

     

       13
       13
       +
       

     

       14
       14
       +
       in

     

       3
       15
        
       stdenv.mkDerivation rec {

     

       4
       16
        
         pname = "compsize";

     

       5
       17
        
         version = "1.5";

     
···

       11
       23
        
           sha256 = "sha256-OX41ChtHX36lVRL7O2gH21Dfw6GPPEClD+yafR/PFm8=";

     

       12
       24
        
         };

     

       13
       25
        
       

     

       14
       14
       -
         buildInputs = [ btrfs-progs ];

     

       26
       26
       +
         buildInputs = [ btrfs-progs' ];

     

       15
       27
        
       

     

       16
       28
        
         installFlags = [

     

       17
       29
        
           "PREFIX=${placeholder "out"}"

+4 -4

pkgs/os-specific/linux/kernel/zen-kernels.nix

···

       5
       5
        
         variants = {

     

       6
       6
        
           # ./update-zen.py zen

     

       7
       7
        
           zen = {

     

       8
       8
       -
             version = "6.10.5"; #zen

     

       8
       8
       +
             version = "6.10.7"; #zen

     

       9
       9
        
             suffix = "zen1"; #zen

     

       10
       10
       -
             sha256 = "08ibz7560xsmlnrm8j13hxf8hjjcxfmnjdrwffqc81g9g6rvpqra"; #zen

     

       10
       10
       +
             sha256 = "1km3b7nad429hw7d8ff14zj1cg0fhh65ycrrwk4iaxj6rvafzsz1"; #zen

     

       11
       11
        
             isLqx = false;

     

       12
       12
        
           };

     

       13
       13
        
           # ./update-zen.py lqx

     

       14
       14
        
           lqx = {

     

       15
       15
       -
             version = "6.10.5"; #lqx

     

       15
       15
       +
             version = "6.10.6"; #lqx

     

       16
       16
        
             suffix = "lqx1"; #lqx

     

       17
       17
       -
             sha256 = "09rscj20j94qkmvk0hlpjm6v1n1ndnkv2vl035gsp5lwggws2jqm"; #lqx

     

       17
       17
       +
             sha256 = "0b1pqsssnxc69yhx2wai5xnj6cb9713z33m8xal25jjgx9z4v8kv"; #lqx

     

       18
       18
        
             isLqx = true;

     

       19
       19
        
           };

     

       20
       20
        
         };

+4 -4

pkgs/os-specific/linux/nfs-utils/default.nix

···

       1
       1
        
       { stdenv, fetchurl, fetchpatch, lib, pkg-config, util-linux, libcap, libtirpc, libevent

     

       2
       2
        
       , sqlite, libkrb5, kmod, libuuid, keyutils, lvm2, systemd, coreutils, tcp_wrappers

     

       3
       3
       -
       , python3, buildPackages, nixosTests, rpcsvc-proto, openldap

     

       3
       3
       +
       , python3, buildPackages, nixosTests, rpcsvc-proto, openldap, libxml2

     

       4
       4
        
       , enablePython ? true, enableLdap ? true

     

       5
       5
        
       }:

     

       6
       6
        
       

     
···

       10
       10
        
       

     

       11
       11
        
       stdenv.mkDerivation rec {

     

       12
       12
        
         pname = "nfs-utils";

     

       13
       13
       -
         version = "2.6.4";

     

       13
       13
       +
         version = "2.7.1";

     

       14
       14
        
       

     

       15
       15
        
         src = fetchurl {

     

       16
       16
        
           url = "mirror://kernel/linux/utils/nfs-utils/${version}/${pname}-${version}.tar.xz";

     

       17
       17
       -
           hash = "sha256-AbOw+5x9C7q/URTHNlQgMHSMeI7C/Zc0dEIB6bChEZ0=";

     

       17
       17
       +
           hash = "sha256-iFyUioSli8pBSPRZWI+ac2nbtA3MRm8E5FXGsQ/Qqkg=";

     

       18
       18
        
         };

     

       19
       19
        
       

     

       20
       20
        
         # libnfsidmap is built together with nfs-utils from the same source,

     
···

       25
       25
        
       

     

       26
       26
        
         buildInputs = [

     

       27
       27
        
           libtirpc libcap libevent sqlite lvm2

     

       28
       28
       -
           libuuid keyutils libkrb5 tcp_wrappers

     

       28
       28
       +
           libuuid keyutils libkrb5 tcp_wrappers libxml2

     

       29
       29
        
         ] ++ lib.optional enablePython python3

     

       30
       30
        
           ++ lib.optional enableLdap  openldap;

     

       31
       31

+3 -22

pkgs/servers/ldap/389/default.nix

···

       31
       31
        
       , withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd, systemd

     

       32
       32
        
       , zlib

     

       33
       33
        
       , rsync

     

       34
       34
       -
       , fetchpatch

     

       35
       34
        
       , withCockpit ? true

     

       36
       35
        
       , withAsan ? false

     

       37
       36
        
       }:

     

       38
       37
        
       

     

       39
       38
        
       stdenv.mkDerivation rec {

     

       40
       39
        
         pname = "389-ds-base";

     

       41
       41
       -
         version = "2.4.5";

     

       40
       40
       +
         version = "2.4.6";

     

       42
       41
        
       

     

       43
       42
        
         src = fetchFromGitHub {

     

       44
       43
        
           owner = "389ds";

     

       45
       44
        
           repo = pname;

     

       46
       45
        
           rev = "${pname}-${version}";

     

       47
       47
       -
           hash = "sha256-12JCd2R00L0T5EPUNO/Aw2HRID+z2krNQ09RSX9Qkj8=";

     

       46
       46
       +
           hash = "sha256-+FTCzEyQY71TCkj8HMnSkrnQtxjHxOmtYhfZEAYOLis=";

     

       48
       47
        
         };

     

       49
       48
        
       

     

       50
       50
       -
         patches = [

     

       51
       51
       -
           (fetchpatch {

     

       52
       52
       -
             name = "fix-32bit.patch";

     

       53
       53
       -
             url = "https://github.com/389ds/389-ds-base/commit/1fe029c495cc9f069c989cfbb09d449a078c56e2.patch";

     

       54
       54
       -
             hash = "sha256-b0HSaDjuEUKERIXKg8np+lZDdZNmrCTAXybJzF+0hq0=";

     

       55
       55
       -
           })

     

       56
       56
       -
           (fetchpatch {

     

       57
       57
       -
             name = "CVE-2024-2199.patch";

     

       58
       58
       -
             url = "https://git.rockylinux.org/staging/rpms/389-ds-base/-/raw/dae373bd6b4e7d6f35a096e6f27be1c3bf1e48ac/SOURCES/0004-CVE-2024-2199.patch";

     

       59
       59
       -
             hash = "sha256-grANphTafCoa9NQy+FowwPhGQnvuCbfGnSpQ1Wp69Vg=";

     

       60
       60
       -
           })

     

       61
       61
       -
           (fetchpatch {

     

       62
       62
       -
             name = "CVE-2024-3657.patch";

     

       63
       63
       -
             url = "https://git.rockylinux.org/staging/rpms/389-ds-base/-/raw/dae373bd6b4e7d6f35a096e6f27be1c3bf1e48ac/SOURCES/0005-CVE-2024-3657.patch";

     

       64
       64
       -
             hash = "sha256-CuiCXQp3PMiYERzFk7oH3T91yQ1dP/gtLNWF0eqGAQ4=";

     

       65
       65
       -
           })

     

       66
       66
       -
         ];

     

       67
       67
       -
       

     

       68
       49
        
         cargoDeps = rustPlatform.fetchCargoTarball {

     

       69
       50
        
           inherit src;

     

       70
       51
        
           sourceRoot = "${src.name}/src";

     

       71
       52
        
           name = "${pname}-${version}";

     

       72
       72
       -
           hash = "sha256-fE3bJROwti9Ru0jhCiWhXcuQdxXTqzN9yOd2nlhKABI=";

     

       53
       53
       +
           hash = "sha256-2Ng268tfbMRU3Uyo5ljSS/HxPnw1abvGjcczo25HyVk=";

     

       73
       54
        
         };

     

       74
       55
        
       

     

       75
       56
        
         nativeBuildInputs = [

+2 -2

pkgs/servers/web-apps/matomo/default.nix

···

       7
       7
        
             hash = "sha256-cGnsxfpvt7FyhxFcA2/gWWe7CyanVGZVKtCDES3XLdI=";

     

       8
       8
        
           };

     

       9
       9
        
           matomo_5 = {

     

       10
       10
       -
             version = "5.0.2";

     

       11
       11
       -
             hash = "sha256-rLAShJLtzd3HB1Je+P+i8GKWdeklyC2sTnmPR07Md+8=";

     

       10
       10
       +
             version = "5.1.1";

     

       11
       11
       +
             hash = "sha256-xi6R9O/pOxBgga6+wwqziwDKK7Q1Ispldvxg+0mpdeQ=";

     

       12
       12
        
           };

     

       13
       13
        
           matomo-beta = {

     

       14
       14
        
             version = "5.0.0";

+2 -1

pkgs/tools/wayland/wtype/default.nix

···

       8
       8
        
       

     

       9
       9
        
       , libxkbcommon

     

       10
       10
        
       , wayland

     

       11
       11
       +
       , wayland-scanner

     

       11
       12
        
       }:

     

       12
       13
        
       

     

       13
       14
        
       stdenv.mkDerivation rec {

     
···

       22
       23
        
         };

     

       23
       24
        
       

     

       24
       25
        
         strictDeps = true;

     

       25
       25
       -
         nativeBuildInputs = [ meson ninja pkg-config wayland ];

     

       26
       26
       +
         nativeBuildInputs = [ meson ninja pkg-config wayland-scanner ];

     

       26
       27
        
         buildInputs = [ libxkbcommon wayland ];

     

       27
       28
        
       

     

       28
       29
        
         meta = with lib; {

+1 -1

pkgs/top-level/aliases.nix

···

       1467
       1467
        
       

     

       1468
       1468
        
         tabula = throw "tabula has been removed from nixpkgs, as it was broken"; # Added 2024-07-15

     

       1469
       1469
        
         tangogps = foxtrotgps; # Added 2020-01-26

     

       1470
       1470
       -
         taskwarrior = lib.warn "taskwarrior was replaced by taskwarrior3, which requires manual transition from taskwarrior 2.6, read upstram's docs: https://taskwarrior.org/docs/upgrade-3/" taskwarrior2;

     

       1470
       1470
       +
         taskwarrior = lib.warn "taskwarrior was replaced by taskwarrior3, which requires manual transition from taskwarrior 2.6, read upstream's docs: https://taskwarrior.org/docs/upgrade-3/" taskwarrior2;

     

       1471
       1471
        
         taplo-cli = taplo; # Added 2022-07-30

     

       1472
       1472
        
         taplo-lsp = taplo; # Added 2022-07-30

     

       1473
       1473
        
         taro = taproot-assets; # Added 2023-07-04

+6

pkgs/top-level/ocaml-packages.nix

···

       64
       64
        
       

     

       65
       65
        
           b0 = callPackage ../development/ocaml-modules/b0 { };

     

       66
       66
        
       

     

       67
       67
       +
           backoff = callPackage ../development/ocaml-modules/backoff { };

     

       68
       68
       +
       

     

       67
       69
        
           bap = janeStreet_0_15.bap;

     

       68
       70
        
       

     

       69
       71
        
           base64 = callPackage ../development/ocaml-modules/base64 { };

     
···

       1198
       1200
        
           msat = callPackage ../development/ocaml-modules/msat { };

     

       1199
       1201
        
       

     

       1200
       1202
        
           mtime =  callPackage ../development/ocaml-modules/mtime { };

     

       1203
       1203
       +
       

     

       1204
       1204
       +
           multicore-bench =  callPackage ../development/ocaml-modules/multicore-bench { };

     

       1205
       1205
       +
       

     

       1206
       1206
       +
           multicore-magic =  callPackage ../development/ocaml-modules/multicore-magic { };

     

       1201
       1207
        
       

     

       1202
       1208
        
           multipart-form-data =  callPackage ../development/ocaml-modules/multipart-form-data { };

     

       1203
       1209