commit a6adcc1edfb50a2a4bd157977127720091d56a0f · pyrox.dev/nixpkgs

+7

nixos/doc/manual/from_md/release-notes/rl-2205.section.xml

···

       36
       36
        
                 <link linkend="opt-services.filebeat.enable">services.filebeat</link>.

     

       37
       37
        
               </para>

     

       38
       38
        
             </listitem>

     

       39
       39
       +
             <listitem>

     

       40
       40
       +
               <para>

     

       41
       41
       +
                 <link xlink:href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</link>,

     

       42
       42
       +
                 a web interface for the PowerDNS server. Available at

     

       43
       43
       +
                 <link xlink:href="options.html#opt-services.powerdns-admin.enable">services.powerdns-admin</link>.

     

       44
       44
       +
               </para>

     

       45
       45
       +
             </listitem>

     

       39
       46
        
           </itemizedlist>

     

       40
       47
        
         </section>

     

       41
       48
        
         <section xml:id="sec-release-22.05-incompatibilities">

+2

nixos/doc/manual/release-notes/rl-2205.section.md

···

       12
       12
        
       

     

       13
       13
        
       - [filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html), a lightweight shipper for forwarding and centralizing log data. Available as [services.filebeat](#opt-services.filebeat.enable).

     

       14
       14
        
       

     

       15
       15
       +
       - [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable).

     

       16
       16
       +
       

     

       15
       17
        
       ## Backward Incompatibilities {#sec-release-22.05-incompatibilities}

     

       16
       18
        
       

     

       17
       19
        
       - `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.

+1

nixos/modules/module-list.nix

···

       1026
       1026
        
         ./services/web-apps/plantuml-server.nix

     

       1027
       1027
        
         ./services/web-apps/plausible.nix

     

       1028
       1028
        
         ./services/web-apps/pgpkeyserver-lite.nix

     

       1029
       1029
       +
         ./services/web-apps/powerdns-admin.nix

     

       1029
       1030
        
         ./services/web-apps/matomo.nix

     

       1030
       1031
        
         ./services/web-apps/moinmoin.nix

     

       1031
       1032
        
         ./services/web-apps/openwebrx.nix

+26 -34

nixos/modules/services/continuous-integration/github-runner.nix

···

       10
       10
        
         stateDir = "%S/${systemdDir}";

     

       11
       11
        
         # %L: Log directory root (usually /var/log); see systemd.unit(5)

     

       12
       12
        
         logsDir = "%L/${systemdDir}";

     

       13
       13
       +
         # Name of file stored in service state directory

     

       14
       14
       +
         currentConfigTokenFilename = ".current-token";

     

       13
       15
        
       in

     

       14
       16
        
       {

     

       15
       17
        
         options.services.github-runner = {

     
···

       144
       146
        
               ExecStart = "${cfg.package}/bin/runsvc.sh";

     

       145
       147
        
       

     

       146
       148
        
               # Does the following, sequentially:

     

       147
       147
       -
               # - Copy the current and the previous `tokenFile` to the $RUNTIME_DIRECTORY

     

       148
       148
       -
               #   and make it accessible to the service user to allow for a content

     

       149
       149
       -
               #   comparison.

     

       150
       150
       -
               # - If the module configuration or the token has changed, clear the state directory.

     

       151
       151
       -
               # - Configure the runner.

     

       152
       152
       -
               # - Copy the configured `tokenFile` to the $STATE_DIRECTORY and make it

     

       153
       153
       -
               #   inaccessible to the service user.

     

       149
       149
       +
               # - If the module configuration or the token has changed, purge the state directory,

     

       150
       150
       +
               #   and create the current and the new token file with the contents of the configured

     

       151
       151
       +
               #   token. While both files have the same content, only the later is accessible by

     

       152
       152
       +
               #   the service user.

     

       153
       153
       +
               # - Configure the runner using the new token file. When finished, delete it.

     

       154
       154
        
               # - Set up the directory structure by creating the necessary symlinks.

     

       155
       155
        
               ExecStartPre =

     

       156
       156
        
                 let

     
···

       173
       173
        
                   currentConfigPath = "$STATE_DIRECTORY/.nixos-current-config.json";

     

       174
       174
        
                   runnerRegistrationConfig = getAttrs [ "name" "tokenFile" "url" "runnerGroup" "extraLabels" ] cfg;

     

       175
       175
        
                   newConfigPath = builtins.toFile "${svcName}-config.json" (builtins.toJSON runnerRegistrationConfig);

     

       176
       176
       -
                   currentConfigTokenFilename = ".current-token";

     

       177
       176
        
                   newConfigTokenFilename = ".new-token";

     

       178
       177
        
                   runnerCredFiles = [

     

       179
       178
        
                     ".credentials"

     

       180
       179
        
                     ".credentials_rsaparams"

     

       181
       180
        
                     ".runner"

     

       182
       181
        
                   ];

     

       183
       183
       -
                   ownConfigTokens = writeScript "own-config-tokens" ''

     

       184
       184
       -
                     # Copy current and new token file to runtime dir and make it accessible to the service user

     

       185
       185
       -
                     cp ${escapeShellArg cfg.tokenFile} "$RUNTIME_DIRECTORY/${newConfigTokenFilename}"

     

       186
       186
       -
                     chmod 600 "$RUNTIME_DIRECTORY/${newConfigTokenFilename}"

     

       187
       187
       -
                     chown "$USER" "$RUNTIME_DIRECTORY/${newConfigTokenFilename}"

     

       188
       188
       -
       

     

       189
       189
       -
                     if [[ -e "$STATE_DIRECTORY/${currentConfigTokenFilename}" ]]; then

     

       190
       190
       -
                       cp "$STATE_DIRECTORY/${currentConfigTokenFilename}" "$RUNTIME_DIRECTORY/${currentConfigTokenFilename}"

     

       191
       191
       -
                       chmod 600 "$RUNTIME_DIRECTORY/${currentConfigTokenFilename}"

     

       192
       192
       -
                       chown "$USER" "$RUNTIME_DIRECTORY/${currentConfigTokenFilename}"

     

       193
       193
       -
                     fi

     

       194
       194
       -
                   '';

     

       195
       195
       -
                   disownConfigTokens = writeScript "disown-config-tokens" ''

     

       196
       196
       -
                     # Make the token inaccessible to the runner service user

     

       197
       197
       -
                     chmod 600 "$STATE_DIRECTORY/${currentConfigTokenFilename}"

     

       198
       198
       -
                     chown root:root "$STATE_DIRECTORY/${currentConfigTokenFilename}"

     

       199
       199
       -
                   '';

     

       200
       182
        
                   unconfigureRunner = writeScript "unconfigure" ''

     

       201
       183
        
                     differs=

     

       202
       184
        
                     # Set `differs = 1` if current and new runner config differ or if `currentConfigPath` does not exist

     

       203
       185
        
                     ${pkgs.diffutils}/bin/diff -q '${newConfigPath}' "${currentConfigPath}" >/dev/null 2>&1 || differs=1

     

       204
       186
        
                     # Also trigger a registration if the token content changed

     

       205
       187
        
                     ${pkgs.diffutils}/bin/diff -q \

     

       206
       206
       -
                       "$RUNTIME_DIRECTORY"/{${currentConfigTokenFilename},${newConfigTokenFilename}} \

     

       188
       188
       +
                       "$STATE_DIRECTORY"/${currentConfigTokenFilename} \

     

       189
       189
       +
                       ${escapeShellArg cfg.tokenFile} \

     

       207
       190
        
                       >/dev/null 2>&1 || differs=1

     

       208
       191
        
       

     

       209
       192
        
                     if [[ -n "$differs" ]]; then

     
···

       211
       194
        
                       echo "The old runner will still appear in the GitHub Actions UI." \

     

       212
       195
        
                         "You have to remove it manually."

     

       213
       196
        
                       find "$STATE_DIRECTORY/" -mindepth 1 -delete

     

       197
       197
       +
       

     

       198
       198
       +
                       # Copy the configured token file to the state dir and allow the service user to read the file

     

       199
       199
       +
                       install --mode=666 ${escapeShellArg cfg.tokenFile} "$STATE_DIRECTORY/${newConfigTokenFilename}"

     

       200
       200
       +
                       # Also copy current file to allow for a diff on the next start

     

       201
       201
       +
                       install --mode=600 ${escapeShellArg cfg.tokenFile} "$STATE_DIRECTORY/${currentConfigTokenFilename}"

     

       214
       202
        
                     fi

     

       215
       203
        
                   '';

     

       216
       204
        
                   configureRunner = writeScript "configure" ''

     

       217
       217
       -
                     empty=$(ls -A "$STATE_DIRECTORY")

     

       218
       218
       -
                     if [[ -z "$empty" ]]; then

     

       205
       205
       +
                     if [[ -e "$STATE_DIRECTORY/${newConfigTokenFilename}" ]]; then

     

       219
       206
        
                       echo "Configuring GitHub Actions Runner"

     

       220
       220
       -
                       token=$(< "$RUNTIME_DIRECTORY"/${newConfigTokenFilename})

     

       207
       207
       +
       

     

       208
       208
       +
                       token=$(< "$STATE_DIRECTORY"/${newConfigTokenFilename})

     

       221
       209
        
                       RUNNER_ROOT="$STATE_DIRECTORY" ${cfg.package}/bin/config.sh \

     

       222
       210
        
                         --unattended \

     

       223
       211
        
                         --work "$RUNTIME_DIRECTORY" \

     
···

       234
       222
        
                       rm    -rf "$STATE_DIRECTORY/_diag/"

     

       235
       223
        
       

     

       236
       224
        
                       # Cleanup token from config

     

       237
       237
       -
                       rm -f "$RUNTIME_DIRECTORY"/${currentConfigTokenFilename}

     

       238
       238
       -
                       mv    "$RUNTIME_DIRECTORY"/${newConfigTokenFilename} "$STATE_DIRECTORY/${currentConfigTokenFilename}"

     

       225
       225
       +
                       rm "$STATE_DIRECTORY/${newConfigTokenFilename}"

     

       239
       226
        
       

     

       240
       227
        
                       # Symlink to new config

     

       241
       228
        
                       ln -s '${newConfigPath}' "${currentConfigPath}"

     
···

       250
       237
        
                   '';

     

       251
       238
        
                 in

     

       252
       239
        
                 map (x: "${x} ${escapeShellArgs [ stateDir runtimeDir logsDir ]}") [

     

       253
       253
       -
                   "+${ownConfigTokens}" # runs as root

     

       254
       254
       -
                   unconfigureRunner

     

       240
       240
       +
                   "+${unconfigureRunner}" # runs as root

     

       255
       241
        
                   configureRunner

     

       256
       256
       -
                   "+${disownConfigTokens}" # runs as root

     

       257
       242
        
                   setupRuntimeDir

     

       258
       243
        
                 ];

     

       259
       244
        
       

     
···

       265
       250
        
               StateDirectory = [ systemdDir ];

     

       266
       251
        
               StateDirectoryMode = "0700";

     

       267
       252
        
               WorkingDirectory = runtimeDir;

     

       253
       253
       +
       

     

       254
       254
       +
               InaccessiblePaths = [

     

       255
       255
       +
                 # Token file path given in the configuration

     

       256
       256
       +
                 cfg.tokenFile

     

       257
       257
       +
                 # Token file in the state directory

     

       258
       258
       +
                 "${stateDir}/${currentConfigTokenFilename}"

     

       259
       259
       +
               ];

     

       268
       260
        
       

     

       269
       261
        
               # By default, use a dynamically allocated user

     

       270
       262
        
               DynamicUser = true;

+149

nixos/modules/services/web-apps/powerdns-admin.nix

···

       1
       1
       +
       { config, lib, pkgs, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       with lib;

     

       4
       4
       +
       

     

       5
       5
       +
       let

     

       6
       6
       +
         cfg = config.services.powerdns-admin;

     

       7
       7
       +
       

     

       8
       8
       +
         configText = ''

     

       9
       9
       +
           ${cfg.config}

     

       10
       10
       +
         ''

     

       11
       11
       +
         + optionalString (cfg.secretKeyFile != null) ''

     

       12
       12
       +
           with open('${cfg.secretKeyFile}') as file:

     

       13
       13
       +
             SECRET_KEY = file.read()

     

       14
       14
       +
         ''

     

       15
       15
       +
         + optionalString (cfg.saltFile != null) ''

     

       16
       16
       +
           with open('${cfg.saltFile}') as file:

     

       17
       17
       +
             SALT = file.read()

     

       18
       18
       +
         '';

     

       19
       19
       +
       in

     

       20
       20
       +
       {

     

       21
       21
       +
         options.services.powerdns-admin = {

     

       22
       22
       +
           enable = mkEnableOption "the PowerDNS web interface";

     

       23
       23
       +
       

     

       24
       24
       +
           extraArgs = mkOption {

     

       25
       25
       +
             type = types.listOf types.str;

     

       26
       26
       +
             default = [ ];

     

       27
       27
       +
             example = literalExpression ''

     

       28
       28
       +
               [ "-b" "127.0.0.1:8000" ]

     

       29
       29
       +
             '';

     

       30
       30
       +
             description = ''

     

       31
       31
       +
               Extra arguments passed to powerdns-admin.

     

       32
       32
       +
             '';

     

       33
       33
       +
           };

     

       34
       34
       +
       

     

       35
       35
       +
           config = mkOption {

     

       36
       36
       +
             type = types.str;

     

       37
       37
       +
             default = "";

     

       38
       38
       +
             example = ''

     

       39
       39
       +
               BIND_ADDRESS = '127.0.0.1'

     

       40
       40
       +
               PORT = 8000

     

       41
       41
       +
               SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin@/powerdnsadmin?host=/run/postgresql'

     

       42
       42
       +
             '';

     

       43
       43
       +
             description = ''

     

       44
       44
       +
               Configuration python file.

     

       45
       45
       +
               See <link xlink:href="https://github.com/ngoduykhanh/PowerDNS-Admin/blob/v${pkgs.powerdns-admin.version}/configs/development.py">the example configuration</link>

     

       46
       46
       +
               for options.

     

       47
       47
       +
             '';

     

       48
       48
       +
           };

     

       49
       49
       +
       

     

       50
       50
       +
           secretKeyFile = mkOption {

     

       51
       51
       +
             type = types.nullOr types.path;

     

       52
       52
       +
             example = "/etc/powerdns-admin/secret";

     

       53
       53
       +
             description = ''

     

       54
       54
       +
               The secret used to create cookies.

     

       55
       55
       +
               This needs to be set, otherwise the default is used and everyone can forge valid login cookies.

     

       56
       56
       +
               Set this to null to ignore this setting and configure it through another way.

     

       57
       57
       +
             '';

     

       58
       58
       +
           };

     

       59
       59
       +
       

     

       60
       60
       +
           saltFile = mkOption {

     

       61
       61
       +
             type = types.nullOr types.path;

     

       62
       62
       +
             example = "/etc/powerdns-admin/salt";

     

       63
       63
       +
             description = ''

     

       64
       64
       +
               The salt used for serialization.

     

       65
       65
       +
               This should be set, otherwise the default is used.

     

       66
       66
       +
               Set this to null to ignore this setting and configure it through another way.

     

       67
       67
       +
             '';

     

       68
       68
       +
           };

     

       69
       69
       +
         };

     

       70
       70
       +
       

     

       71
       71
       +
         config = mkIf cfg.enable {

     

       72
       72
       +
           systemd.services.powerdns-admin = {

     

       73
       73
       +
             description = "PowerDNS web interface";

     

       74
       74
       +
             wantedBy = [ "multi-user.target" ];

     

       75
       75
       +
             after = [ "networking.target" ];

     

       76
       76
       +
       

     

       77
       77
       +
             environment.FLASK_CONF = builtins.toFile "powerdns-admin-config.py" configText;

     

       78
       78
       +
             environment.PYTHONPATH = pkgs.powerdns-admin.pythonPath;

     

       79
       79
       +
             serviceConfig = {

     

       80
       80
       +
               ExecStart = "${pkgs.powerdns-admin}/bin/powerdns-admin --pid /run/powerdns-admin/pid ${escapeShellArgs cfg.extraArgs}";

     

       81
       81
       +
               ExecStartPre = "${pkgs.coreutils}/bin/env FLASK_APP=${pkgs.powerdns-admin}/share/powerdnsadmin/__init__.py ${pkgs.python3Packages.flask}/bin/flask db upgrade -d ${pkgs.powerdns-admin}/share/migrations";

     

       82
       82
       +
               ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";

     

       83
       83
       +
               ExecStop = "${pkgs.coreutils}/bin/kill -TERM $MAINPID";

     

       84
       84
       +
               PIDFile = "/run/powerdns-admin/pid";

     

       85
       85
       +
               RuntimeDirectory = "powerdns-admin";

     

       86
       86
       +
               User = "powerdnsadmin";

     

       87
       87
       +
               Group = "powerdnsadmin";

     

       88
       88
       +
       

     

       89
       89
       +
               AmbientCapabilities = "CAP_NET_BIND_SERVICE";

     

       90
       90
       +
               BindReadOnlyPaths = [

     

       91
       91
       +
                 "/nix/store"

     

       92
       92
       +
                 "-/etc/resolv.conf"

     

       93
       93
       +
                 "-/etc/nsswitch.conf"

     

       94
       94
       +
                 "-/etc/hosts"

     

       95
       95
       +
                 "-/etc/localtime"

     

       96
       96
       +
               ]

     

       97
       97
       +
               ++ (optional (cfg.secretKeyFile != null) cfg.secretKeyFile)

     

       98
       98
       +
               ++ (optional (cfg.saltFile != null) cfg.saltFile);

     

       99
       99
       +
               CapabilityBoundingSet = "CAP_NET_BIND_SERVICE";

     

       100
       100
       +
               # ProtectClock= adds DeviceAllow=char-rtc r

     

       101
       101
       +
               DeviceAllow = "";

     

       102
       102
       +
               # Implies ProtectSystem=strict, which re-mounts all paths

     

       103
       103
       +
               #DynamicUser = true;

     

       104
       104
       +
               LockPersonality = true;

     

       105
       105
       +
               MemoryDenyWriteExecute = true;

     

       106
       106
       +
               NoNewPrivileges = true;

     

       107
       107
       +
               PrivateDevices = true;

     

       108
       108
       +
               PrivateMounts = true;

     

       109
       109
       +
               # Needs to start a server

     

       110
       110
       +
               #PrivateNetwork = true;

     

       111
       111
       +
               PrivateTmp = true;

     

       112
       112
       +
               PrivateUsers = true;

     

       113
       113
       +
               ProcSubset = "pid";

     

       114
       114
       +
               ProtectClock = true;

     

       115
       115
       +
               ProtectHome = true;

     

       116
       116
       +
               ProtectHostname = true;

     

       117
       117
       +
               # Would re-mount paths ignored by temporary root

     

       118
       118
       +
               #ProtectSystem = "strict";

     

       119
       119
       +
               ProtectControlGroups = true;

     

       120
       120
       +
               ProtectKernelLogs = true;

     

       121
       121
       +
               ProtectKernelModules = true;

     

       122
       122
       +
               ProtectKernelTunables = true;

     

       123
       123
       +
               ProtectProc = "invisible";

     

       124
       124
       +
               RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];

     

       125
       125
       +
               RestrictNamespaces = true;

     

       126
       126
       +
               RestrictRealtime = true;

     

       127
       127
       +
               RestrictSUIDSGID = true;

     

       128
       128
       +
               SystemCallArchitectures = "native";

     

       129
       129
       +
               # gunicorn needs setuid

     

       130
       130
       +
               SystemCallFilter = [

     

       131
       131
       +
                 "@system-service"

     

       132
       132
       +
                 "~@privileged @resources @keyring"

     

       133
       133
       +
                 # These got removed by the line above but are needed

     

       134
       134
       +
                 "@setuid @chown"

     

       135
       135
       +
               ];

     

       136
       136
       +
               TemporaryFileSystem = "/:ro";

     

       137
       137
       +
               # Does not work well with the temporary root

     

       138
       138
       +
               #UMask = "0066";

     

       139
       139
       +
             };

     

       140
       140
       +
           };

     

       141
       141
       +
       

     

       142
       142
       +
           users.groups.powerdnsadmin = { };

     

       143
       143
       +
           users.users.powerdnsadmin = {

     

       144
       144
       +
             description = "PowerDNS web interface user";

     

       145
       145
       +
             isSystemUser = true;

     

       146
       146
       +
             group = "powerdnsadmin";

     

       147
       147
       +
           };

     

       148
       148
       +
         };

     

       149
       149
       +
       }

+1

nixos/tests/all-tests.nix

···

       381
       381
        
         postgresql = handleTest ./postgresql.nix {};

     

       382
       382
        
         postgresql-wal-receiver = handleTest ./postgresql-wal-receiver.nix {};

     

       383
       383
        
         powerdns = handleTest ./powerdns.nix {};

     

       384
       384
       +
         powerdns-admin = handleTest ./powerdns-admin.nix {};

     

       384
       385
        
         power-profiles-daemon = handleTest ./power-profiles-daemon.nix {};

     

       385
       386
        
         pppd = handleTest ./pppd.nix {};

     

       386
       387
        
         predictable-interface-names = handleTest ./predictable-interface-names.nix {};

+117

nixos/tests/powerdns-admin.nix

···

       1
       1
       +
       # Test powerdns-admin

     

       2
       2
       +
       { system ? builtins.currentSystem

     

       3
       3
       +
       , config ? { }

     

       4
       4
       +
       , pkgs ? import ../.. { inherit system config; }

     

       5
       5
       +
       }:

     

       6
       6
       +
       

     

       7
       7
       +
       with import ../lib/testing-python.nix { inherit system pkgs; };

     

       8
       8
       +
       with pkgs.lib;

     

       9
       9
       +
       let

     

       10
       10
       +
         defaultConfig = ''

     

       11
       11
       +
           BIND_ADDRESS = '127.0.0.1'

     

       12
       12
       +
           PORT = 8000

     

       13
       13
       +
         '';

     

       14
       14
       +
       

     

       15
       15
       +
         makeAppTest = name: configs: makeTest {

     

       16
       16
       +
           name = "powerdns-admin-${name}";

     

       17
       17
       +
           meta = with pkgs.lib.maintainers; {

     

       18
       18
       +
             maintainers = [ Flakebi zhaofengli ];

     

       19
       19
       +
           };

     

       20
       20
       +
       

     

       21
       21
       +
           nodes.server = { pkgs, config, ... }: mkMerge ([

     

       22
       22
       +
             {

     

       23
       23
       +
               services.powerdns-admin = {

     

       24
       24
       +
                 enable = true;

     

       25
       25
       +
                 secretKeyFile = "/etc/powerdns-admin/secret";

     

       26
       26
       +
                 saltFile = "/etc/powerdns-admin/salt";

     

       27
       27
       +
               };

     

       28
       28
       +
               # It's insecure to have secrets in the world-readable nix store, but this is just a test

     

       29
       29
       +
               environment.etc."powerdns-admin/secret".text = "secret key";

     

       30
       30
       +
               environment.etc."powerdns-admin/salt".text = "salt";

     

       31
       31
       +
               environment.systemPackages = [

     

       32
       32
       +
                 (pkgs.writeShellScriptBin "run-test" config.system.build.testScript)

     

       33
       33
       +
               ];

     

       34
       34
       +
             }

     

       35
       35
       +
           ] ++ configs);

     

       36
       36
       +
       

     

       37
       37
       +
           testScript = ''

     

       38
       38
       +
             server.wait_for_unit("powerdns-admin.service")

     

       39
       39
       +
             server.wait_until_succeeds("run-test", timeout=10)

     

       40
       40
       +
           '';

     

       41
       41
       +
         };

     

       42
       42
       +
       

     

       43
       43
       +
         matrix = {

     

       44
       44
       +
           backend = {

     

       45
       45
       +
             mysql = {

     

       46
       46
       +
               services.powerdns-admin = {

     

       47
       47
       +
                 config = ''

     

       48
       48
       +
                   ${defaultConfig}

     

       49
       49
       +
                   SQLALCHEMY_DATABASE_URI = 'mysql://powerdnsadmin@/powerdnsadmin?unix_socket=/run/mysqld/mysqld.sock'

     

       50
       50
       +
                 '';

     

       51
       51
       +
               };

     

       52
       52
       +
               systemd.services.powerdns-admin = {

     

       53
       53
       +
                 after = [ "mysql.service" ];

     

       54
       54
       +
                 serviceConfig.BindPaths = "/run/mysqld";

     

       55
       55
       +
               };

     

       56
       56
       +
       

     

       57
       57
       +
               services.mysql = {

     

       58
       58
       +
                 enable = true;

     

       59
       59
       +
                 package = pkgs.mariadb;

     

       60
       60
       +
                 ensureDatabases = [ "powerdnsadmin" ];

     

       61
       61
       +
                 ensureUsers = [

     

       62
       62
       +
                   {

     

       63
       63
       +
                     name = "powerdnsadmin";

     

       64
       64
       +
                     ensurePermissions = {

     

       65
       65
       +
                       "powerdnsadmin.*" = "ALL PRIVILEGES";

     

       66
       66
       +
                     };

     

       67
       67
       +
                   }

     

       68
       68
       +
                 ];

     

       69
       69
       +
               };

     

       70
       70
       +
             };

     

       71
       71
       +
             postgresql = {

     

       72
       72
       +
               services.powerdns-admin = {

     

       73
       73
       +
                 config = ''

     

       74
       74
       +
                   ${defaultConfig}

     

       75
       75
       +
                   SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin@/powerdnsadmin?host=/run/postgresql'

     

       76
       76
       +
                 '';

     

       77
       77
       +
               };

     

       78
       78
       +
               systemd.services.powerdns-admin = {

     

       79
       79
       +
                 after = [ "postgresql.service" ];

     

       80
       80
       +
                 serviceConfig.BindPaths = "/run/postgresql";

     

       81
       81
       +
               };

     

       82
       82
       +
       

     

       83
       83
       +
               services.postgresql = {

     

       84
       84
       +
                 enable = true;

     

       85
       85
       +
                 ensureDatabases = [ "powerdnsadmin" ];

     

       86
       86
       +
                 ensureUsers = [

     

       87
       87
       +
                   {

     

       88
       88
       +
                     name = "powerdnsadmin";

     

       89
       89
       +
                     ensurePermissions = {

     

       90
       90
       +
                       "DATABASE powerdnsadmin" = "ALL PRIVILEGES";

     

       91
       91
       +
                     };

     

       92
       92
       +
                   }

     

       93
       93
       +
                 ];

     

       94
       94
       +
               };

     

       95
       95
       +
             };

     

       96
       96
       +
           };

     

       97
       97
       +
           listen = {

     

       98
       98
       +
             tcp = {

     

       99
       99
       +
               services.powerdns-admin.extraArgs = [ "-b" "127.0.0.1:8000" ];

     

       100
       100
       +
               system.build.testScript = ''

     

       101
       101
       +
                 curl -sSf http://127.0.0.1:8000/

     

       102
       102
       +
               '';

     

       103
       103
       +
             };

     

       104
       104
       +
             unix = {

     

       105
       105
       +
               services.powerdns-admin.extraArgs = [ "-b" "unix:/run/powerdns-admin/http.sock" ];

     

       106
       106
       +
               system.build.testScript = ''

     

       107
       107
       +
                 curl -sSf --unix-socket /run/powerdns-admin/http.sock http://somehost/

     

       108
       108
       +
               '';

     

       109
       109
       +
             };

     

       110
       110
       +
           };

     

       111
       111
       +
         };

     

       112
       112
       +
       in

     

       113
       113
       +
       with matrix; {

     

       114
       114
       +
         postgresql = makeAppTest "postgresql" [ backend.postgresql listen.tcp ];

     

       115
       115
       +
         mysql = makeAppTest "mysql" [ backend.mysql listen.tcp ];

     

       116
       116
       +
         unix-listener = makeAppTest "unix-listener" [ backend.postgresql listen.unix ];

     

       117
       117
       +
       }

+2 -2

pkgs/applications/audio/bitwig-studio/bitwig-studio4.nix

···

       6
       6
        
       

     

       7
       7
        
       stdenv.mkDerivation rec {

     

       8
       8
        
         pname = "bitwig-studio";

     

       9
       9
       -
         version = "4.1.1";

     

       9
       9
       +
         version = "4.1.2";

     

       10
       10
        
       

     

       11
       11
        
         src = fetchurl {

     

       12
       12
        
           url = "https://downloads.bitwig.com/stable/${version}/${pname}-${version}.deb";

     

       13
       13
       -
           sha256 = "sha256-bhd3Ij4y1r5pHrpQkbHuMTNl8Z3w0HsbCkr1C0CVFvQ=";

     

       13
       13
       +
           sha256 = "sha256-fXrpTOA6Uh4DgGU+3A7SV23Sb+Z2Ud4rCPmMk5I1MnA=";

     

       14
       14
        
         };

     

       15
       15
        
       

     

       16
       16
        
         nativeBuildInputs = [ dpkg makeWrapper wrapGAppsHook ];

+3 -3

pkgs/applications/blockchains/polkadot/default.nix

···

       7
       7
        
       }:

     

       8
       8
        
       rustPlatform.buildRustPackage rec {

     

       9
       9
        
         pname = "polkadot";

     

       10
       10
       -
         version = "0.9.12-1";

     

       10
       10
       +
         version = "0.9.14";

     

       11
       11
        
       

     

       12
       12
        
         src = fetchFromGitHub {

     

       13
       13
        
           owner = "paritytech";

     

       14
       14
        
           repo = "polkadot";

     

       15
       15
        
           rev = "v${version}";

     

       16
       16
       -
           sha256 = "sha256-+HATcxdIDQGDIQBF08yy/eKBcS10Hp7C0nZFVsYFNwQ=";

     

       16
       16
       +
           sha256 = "sha256-SCi+hpdMUTX1NLF1RUce0d/2G19sVfJ5IsmM1xcAUKo=";

     

       17
       17
        
         };

     

       18
       18
        
       

     

       19
       19
       -
         cargoSha256 = "sha256-1qg4ZnSORRVI7eCVMrR7lY3tzo7KJt+dC2RBXqbKrig=";

     

       19
       19
       +
         cargoSha256 = "sha256-ZcIsbMI96qX0LLJXmkCRS9g40ccZOH/upPbAA7XEZIw=";

     

       20
       20
        
       

     

       21
       21
        
         nativeBuildInputs = [ clang ];

     

       22
       22

+5 -17

pkgs/applications/graphics/hdr-plus/default.nix

···

       1
       1
       -
       { lib, stdenv, fetchFromGitHub, fetchpatch

     

       1
       1
       +
       { lib, stdenv, fetchFromGitHub

     

       2
       2
        
       , cmake, halide

     

       3
       3
        
       , libpng, libjpeg, libtiff, libraw

     

       4
       4
        
       }:

     

       5
       5
        
       

     

       6
       6
        
       stdenv.mkDerivation rec {

     

       7
       7
       -
         pname = "hdr-plus-unstable";

     

       8
       8
       -
         version = "2020-10-29";

     

       7
       7
       +
         pname = "hdr-plus";

     

       8
       8
       +
         version = "unstable-2021-12-10";

     

       9
       9
        
       

     

       10
       10
        
         src = fetchFromGitHub {

     

       11
       11
        
           owner = "timothybrooks";

     

       12
       12
        
           repo = "hdr-plus";

     

       13
       13
       -
           rev = "132bd73ccd4eaef9830124605c93f06a98607cfa";

     

       14
       14
       -
           sha256 = "1n49ggrppf336p7n510kapzh376791bysxj3f33m3bdzksq360ps";

     

       13
       13
       +
           rev = "0ab70564493bdbcd5aca899b5885505d0c824435";

     

       14
       14
       +
           sha256 = "sha256-QV8bGxkwFpbNzJG4kmrWwFQxUo2XzLPnoI1e32UmM6g=";

     

       15
       15
        
         };

     

       16
       16
       -
       

     

       17
       17
       -
         patches = [

     

       18
       18
       -
           # PR #70, fixes incompatibility with Halide 10.0.0

     

       19
       19
       -
           (fetchpatch {

     

       20
       20
       -
             url = "https://github.com/timothybrooks/hdr-plus/pull/70/commits/077e1a476279539c72e615210762dca27984c57b.patch";

     

       21
       21
       -
             sha256 = "1sg2l1bqs2smpfpy4flwg86fzhcc4yf7zx998v1bfhim43yyrx59";

     

       22
       22
       -
           })

     

       23
       23
       -
         ];

     

       24
       24
       -
       

     

       25
       25
       -
         postPatch = ''

     

       26
       26
       -
           sed -i '2a #include <array>' src/InputSource.h

     

       27
       27
       -
         '';

     

       28
       16
        
       

     

       29
       17
        
         nativeBuildInputs = [ cmake ];

     

       30
       18

+8 -4

pkgs/applications/misc/xastir/default.nix

···

       1
       1
       -
       { lib, stdenv, fetchFromGitHub, autoreconfHook

     

       1
       1
       +
       { lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config

     

       2
       2
        
       , curl, db, libgeotiff

     

       3
       3
        
       , libXpm, libXt, motif, pcre

     

       4
       4
        
       , perl, proj, rastermagick, shapelib

     
···

       6
       6
        
       

     

       7
       7
        
       stdenv.mkDerivation rec {

     

       8
       8
        
         pname = "xastir";

     

       9
       9
       -
         version = "2.1.6";

     

       9
       9
       +
         version = "2.1.8";

     

       10
       10
        
       

     

       11
       11
        
         src = fetchFromGitHub {

     

       12
       12
        
           owner = pname;

     

       13
       13
        
           repo = pname;

     

       14
       14
        
           rev = "Release-${version}";

     

       15
       15
       -
           sha256 = "0yrvwy6hlc73gzwrsrczflyymyz0k33hj991ajrd1vijq14m3n91";

     

       15
       15
       +
           hash = "sha256-hRe0KO1lWOv3hNNDMS70t+X1rxuhNlNKykmo4LEU+U0=";

     

       16
       16
        
         };

     

       17
       17
        
       

     

       18
       18
       -
         buildInputs = [

     

       18
       18
       +
         nativeBuildInputs = [

     

       19
       19
        
           autoreconfHook

     

       20
       20
       +
           pkg-config

     

       21
       21
       +
         ];

     

       22
       22
       +
       

     

       23
       23
       +
         buildInputs = [

     

       20
       24
        
           curl db libgeotiff

     

       21
       25
        
           libXpm libXt motif pcre

     

       22
       26
        
           perl proj rastermagick shapelib

+2 -2

pkgs/applications/networking/browsers/firefox/packages.nix

···

       7
       7
        
       rec {

     

       8
       8
        
         firefox = common rec {

     

       9
       9
        
           pname = "firefox";

     

       10
       10
       -
           version = "95.0";

     

       10
       10
       +
           version = "95.0.1";

     

       11
       11
        
           src = fetchurl {

     

       12
       12
        
             url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";

     

       13
       13
       -
             sha512 = "350672a2cd99195c67dafc0e71c6eaf1e23e85a5fe92775697119a054f17c34a736035e23d7f2bb404b544f0f144efef3843cfc293596a6e61d1ea36efc3a724";

     

       13
       13
       +
             sha512 = "54887c3adbf7202b835ae1ac928c3c95516ef11f9894456561dad500a1a61623f926b37f6e02fef0898e7ee0fd9147a71e5432634e6e0a2c2fecd08509799c37";

     

       14
       14
        
           };

     

       15
       15
        
       

     

       16
       16
        
           meta = {

+3 -3

pkgs/applications/networking/cluster/pgo-client/default.nix

···

       2
       2
        
       

     

       3
       3
        
       buildGoModule rec {

     

       4
       4
        
         pname = "pgo-client";

     

       5
       5
       -
         version = "4.7.3";

     

       5
       5
       +
         version = "4.7.4";

     

       6
       6
        
       

     

       7
       7
        
         src = fetchFromGitHub {

     

       8
       8
        
           owner = "CrunchyData";

     

       9
       9
        
           repo = "postgres-operator";

     

       10
       10
        
           rev = "v${version}";

     

       11
       11
       -
           sha256 = "sha256-nIflJLHhzEMq4RZUHjZYvBW+cxsi/gc9ZnMoGCesbrc=";

     

       11
       11
       +
           sha256 = "sha256-8L3eFMATCGIM6xxUM7mi/D3njHMFk7cgPLJotilAS5k=";

     

       12
       12
        
         };

     

       13
       13
        
       

     

       14
       14
       -
         vendorSha256 = "sha256-m8b6Lh6it67A6cppdBDX4X0u7Kde4GQz9wln/TrHVwI=";

     

       14
       14
       +
         vendorSha256 = "sha256-4Vz7Lioj6iLU7dbz/B2BSAgfaCl2MyC8MM9yiyWLi2o=";

     

       15
       15
        
       

     

       16
       16
        
         subPackages = [ "cmd/pgo" ];

     

       17
       17

+2 -4

pkgs/applications/networking/mailreaders/thunderbird-bin/default.nix

···

       183
       183
        
         meta = with lib; {

     

       184
       184
        
           description = "Mozilla Thunderbird, a full-featured email client (binary package)";

     

       185
       185
        
           homepage = "http://www.mozilla.org/thunderbird/";

     

       186
       186
       -
           license = {

     

       187
       187
       -
             free = false;

     

       188
       188
       -
             url = "http://www.mozilla.org/en-US/foundation/trademarks/policy/";

     

       189
       189
       -
           };

     

       186
       186
       +
           license = licenses.mpl20;

     

       190
       187
        
           maintainers = with lib.maintainers; [ ];

     

       191
       188
        
           platforms = platforms.linux;

     

       189
       189
       +
           hydraPlatforms = [ ];

     

       192
       190
        
         };

     

       193
       191
        
       }

+11 -4

pkgs/applications/networking/powerdns-admin/default.nix

···

       1
       1
       -
       { lib, stdenv, fetchFromGitHub, mkYarnPackage, writeText, python3 }:

     

       1
       1
       +
       { lib, stdenv, fetchFromGitHub, mkYarnPackage, nixosTests, writeText, python3 }:

     

       2
       2
        
       

     

       3
       3
        
       let

     

       4
       4
        
         version = "0.2.3";

     
···

       23
       23
        
       

     

       24
       24
        
         pythonDeps = with python.pkgs; [

     

       25
       25
        
           flask flask_assets flask_login flask_sqlalchemy flask_migrate flask-seasurf flask_mail flask-sslify

     

       26
       26
       -
           mysqlclient sqlalchemy

     

       27
       27
       -
           configobj bcrypt requests ldap pyotp qrcode dnspython

     

       26
       26
       +
           mysqlclient psycopg2 sqlalchemy

     

       27
       27
       +
           cffi configobj cryptography bcrypt requests ldap pyotp qrcode dnspython

     

       28
       28
        
           gunicorn python3-saml pyopenssl pytz cssmin jsmin authlib bravado-core

     

       29
       29
        
           lima pytimeparse pyyaml

     

       30
       30
        
         ];

     
···

       91
       91
        
       

     

       92
       92
        
         postPatch = ''

     

       93
       93
        
           rm -r powerdnsadmin/static powerdnsadmin/assets.py

     

       94
       94
       +
           sed -i "s/id:/'id':/" migrations/versions/787bdba9e147_init_db.py

     

       94
       95
        
         '';

     

       95
       96
        
       

     

       96
       97
        
         installPhase = ''

     
···

       100
       101
        
           wrapPythonPrograms

     

       101
       102
        
       

     

       102
       103
        
           mkdir -p $out/share $out/bin

     

       103
       103
       -
           cp -r powerdnsadmin $out/share/powerdnsadmin

     

       104
       104
       +
           cp -r migrations powerdnsadmin $out/share/

     

       104
       105
        
       

     

       105
       106
        
           ln -s ${assets} $out/share/powerdnsadmin/static

     

       106
       107
        
           ln -s ${assetsPy} $out/share/powerdnsadmin/assets.py

     
···

       113
       114
        
       

     

       114
       115
        
           runHook postInstall

     

       115
       116
        
         '';

     

       117
       117
       +
       

     

       118
       118
       +
         passthru = {

     

       119
       119
       +
           # PYTHONPATH of all dependencies used by the package

     

       120
       120
       +
           pythonPath = python3.pkgs.makePythonPath pythonDeps;

     

       121
       121
       +
           tests = nixosTests.powerdns-admin;

     

       122
       122
       +
         };

     

       116
       123
        
       

     

       117
       124
        
         meta = with lib; {

     

       118
       125
        
           description = "A PowerDNS web interface with advanced features";

+3 -3

pkgs/applications/networking/shellhub-agent/default.nix

···

       9
       9
        
       

     

       10
       10
        
       buildGoModule rec {

     

       11
       11
        
         pname = "shellhub-agent";

     

       12
       12
       -
         version = "0.7.2";

     

       12
       12
       +
         version = "0.8.1";

     

       13
       13
        
       

     

       14
       14
        
         src = fetchFromGitHub {

     

       15
       15
        
           owner = "shellhub-io";

     

       16
       16
        
           repo = "shellhub";

     

       17
       17
        
           rev = "v${version}";

     

       18
       18
       -
           sha256 = "02ka7acynkwkml2pavlv4j5vkm6x5aq5sfxgydv26qzs39f1wdgc";

     

       18
       18
       +
           sha256 = "LafREMle3v/XLLsfS+sNSE4Q9AwX4v8Mg9/9RngbN40=";

     

       19
       19
        
         };

     

       20
       20
        
       

     

       21
       21
        
         modRoot = "./agent";

     

       22
       22
        
       

     

       23
       23
       -
         vendorSha256 = "18z3vwcwkyj6hcvl35qmj034237h9l18dvcbx1hxry7qdwv807c9";

     

       23
       23
       +
         vendorSha256 = "sha256-3bHDDjfpXgmS6lpIOkpouTKTjHT1gMbUWnuskaOptUM=";

     

       24
       24
        
       

     

       25
       25
        
         ldflags = [ "-s" "-w" "-X main.AgentVersion=v${version}" ];

     

       26
       26

+2 -2

pkgs/build-support/vm/default.nix

···

       114
       114
        
       

     

       115
       115
        
           echo "mounting Nix store..."

     

       116
       116
        
           mkdir -p /fs${storeDir}

     

       117
       117
       -
           mount -t 9p store /fs${storeDir} -o trans=virtio,version=9p2000.L,cache=loose

     

       117
       117
       +
           mount -t 9p store /fs${storeDir} -o trans=virtio,version=9p2000.L,cache=loose,msize=131072

     

       118
       118
        
       

     

       119
       119
        
           mkdir -p /fs/tmp /fs/run /fs/var

     

       120
       120
        
           mount -t tmpfs -o "mode=1777" none /fs/tmp

     
···

       123
       123
        
       

     

       124
       124
        
           echo "mounting host's temporary directory..."

     

       125
       125
        
           mkdir -p /fs/tmp/xchg

     

       126
       126
       -
           mount -t 9p xchg /fs/tmp/xchg -o trans=virtio,version=9p2000.L

     

       126
       126
       +
           mount -t 9p xchg /fs/tmp/xchg -o trans=virtio,version=9p2000.L,msize=131072

     

       127
       127
        
       

     

       128
       128
        
           mkdir -p /fs/proc

     

       129
       129
        
           mount -t proc none /fs/proc

+6 -6

pkgs/development/compilers/nextpnr/default.nix

···

       14
       14
        
       in

     

       15
       15
        
       stdenv.mkDerivation rec {

     

       16
       16
        
         pname = "nextpnr";

     

       17
       17
       -
         version = "2021.11.24"; # tagged as 0.1, but we'll keep tracking HEAD

     

       17
       17
       +
         version = "2021.15.21";

     

       18
       18
        
       

     

       19
       19
        
         srcs = [

     

       20
       20
        
           (fetchFromGitHub {

     

       21
       21
       -
             owner  = "YosysHQ";

     

       22
       22
       -
             repo   = "nextpnr";

     

       23
       23
       -
             rev    = "fd2d4a8f999947ece42f791e19ddc4c2d8b823f2";

     

       24
       24
       -
             sha256 = "sha256-bGh3svJeVRJO0rTnSYoTndeQrTENx6j9t+GCGX4RX4k=";

     

       25
       25
       -
             name   = "nextpnr";

     

       21
       21
       +
             owner = "YosysHQ";

     

       22
       22
       +
             repo  = "nextpnr";

     

       23
       23
       +
             rev   = "d04cfd5f0f6da184f5b8a03f0ce18fbd1d98eca3";

     

       24
       24
       +
             hash  = "sha256-gm/+kwIZ/m10+KuCJoK45F56nKZD3tM0myHwbFKIKAs=";

     

       25
       25
       +
             name  = "nextpnr";

     

       26
       26
        
           })

     

       27
       27
        
           (fetchFromGitHub {

     

       28
       28
        
             owner  = "YosysHQ";

+3 -3

pkgs/development/compilers/yosys/default.nix

···

       34
       34
        
       

     

       35
       35
        
       stdenv.mkDerivation rec {

     

       36
       36
        
         pname   = "yosys";

     

       37
       37
       -
         version = "0.11+52";

     

       37
       37
       +
         version = "0.12+36";

     

       38
       38
        
       

     

       39
       39
        
         src = fetchFromGitHub {

     

       40
       40
        
           owner = "YosysHQ";

     

       41
       41
        
           repo  = "yosys";

     

       42
       42
       -
           rev   = "2be110cb0ba645f95f62ee01b6a6fa46a85d5b26";

     

       43
       43
       -
           hash  = "sha256-A1QKu6SbtpJJPF8/LA5SMUP3/+n5giM6rOYdc6vkl90=";

     

       42
       42
       +
           rev   = "60c3ea367c942459a95e610ed98f277ce46c0142";

     

       43
       43
       +
           hash  = "sha256-NcfhNUmb3IDG08XgS+NGbRLI8sn4aQkOA7RF7wucDug=";

     

       44
       44
        
         };

     

       45
       45
        
       

     

       46
       46
        
         enableParallelBuilding = true;

+2 -1

pkgs/development/coq-modules/paco/default.nix

···

       5
       5
        
         owner = "snu-sf";

     

       6
       6
        
         inherit version;

     

       7
       7
        
         defaultVersion = with versions; switch coq.coq-version [

     

       8
       8
       -
           { case = range "8.6" "8.13"; out = "4.0.2"; }

     

       8
       8
       +
           { case = range "8.6" "8.13"; out = "4.1.1"; }

     

       9
       9
        
           { case = isEq "8.5";         out = "1.2.8"; }

     

       10
       10
        
         ] null;

     

       11
       11
       +
         release."4.1.1".sha256 = "1qap8cyv649lr1s11r7h5jzdjd4hsna8kph15qy5fw24h5nx6byy";

     

       11
       12
        
         release."4.0.2".sha256 = "1q96bsxclqx84xn5vkid501jkwlc1p6fhb8szrlrp82zglj58b0b";

     

       12
       13
        
         release."1.2.8".sha256 = "05fskx5x1qgaf9qv626m38y5izichzzqc7g2rglzrkygbskrrwsb";

     

       13
       14
        
         releaseRev = v: "v${v}";

+7 -4

pkgs/development/embedded/fpga/trellis/default.nix

···

       1
       1
        
       { lib, stdenv, fetchFromGitHub, python3, boost, cmake }:

     

       2
       2
        
       

     

       3
       3
        
       let

     

       4
       4
       -
         rev = "03e0070f263fbe31c247de61d259544722786210";

     

       4
       4
       +
         rev = "2f06397673bbca3da11928d538b8ab7d01c944c6";

     

       5
       5
        
         # git describe --tags

     

       6
       6
       -
         realVersion = "1.0-532-g${builtins.substring 0 7 rev}";

     

       6
       6
       +
         realVersion = "1.0-534-g${builtins.substring 0 7 rev}";

     

       7
       7
        
       in stdenv.mkDerivation rec {

     

       8
       8
        
         pname = "trellis";

     

       9
       9
       -
         version = "2021-09-01";

     

       9
       9
       +
         version = "2021-12-14";

     

       10
       10
        
       

     

       11
       11
        
         srcs = [

     

       12
       12
        
           (fetchFromGitHub {

     

       13
       13
        
              owner  = "YosysHQ";

     

       14
       14
        
              repo   = "prjtrellis";

     

       15
       15
        
              inherit rev;

     

       16
       16
       -
              sha256 = "joQMsjVj8d3M3IaqOkfVQ1I5qPDM8HHJiye+Ak8f3dg=";

     

       16
       16
       +
              hash   = "sha256-m5CalAIbzY2bhOvpBbPBeLZeDp+itk1HlRsSmtiddaA=";

     

       17
       17
        
              name   = "trellis";

     

       18
       18
        
            })

     

       19
       19
        
       

     

       20
       20
        
           (fetchFromGitHub {

     

       21
       21
        
             owner  = "YosysHQ";

     

       22
       22
        
             repo   = "prjtrellis-db";

     

       23
       23
       +
             # note: the upstream submodule points to revision 0ee729d20eaf,

     

       24
       24
       +
             # but that's just the tip of the branch that was merged into master.

     

       25
       25
       +
             # fdf4bf275a is the merge commit itself

     

       23
       26
        
             rev    = "fdf4bf275a7402654bc643db537173e2fbc86103";

     

       24
       27
        
             sha256 = "eDq2wU2pnfK9bOkEVZ07NQPv02Dc6iB+p5GTtVBiyQA=";

     

       25
       28
        
             name   = "trellis-database";

+23 -10

pkgs/development/interpreters/alda/default.nix

···

       1
       1
       -
       { lib, stdenv, fetchurl, jre }:

     

       1
       1
       +
       { lib, stdenv, fetchurl, makeWrapper, jre }:

     

       2
       2
        
       

     

       3
       3
        
       stdenv.mkDerivation rec {

     

       4
       4
        
         pname = "alda";

     

       5
       5
       -
         version = "1.5.0";

     

       5
       5
       +
         version = "2.0.6";

     

       6
       6
       +
       

     

       7
       7
       +
         src_alda = fetchurl {

     

       8
       8
       +
           url = "https://alda-releases.nyc3.digitaloceanspaces.com/${version}/client/linux-amd64/alda";

     

       9
       9
       +
           sha256 = "1078hywl3gim5wfgxb0xwbk1dn80ls3i7y33n76qsdd4b0x0sn7i";

     

       10
       10
       +
         };

     

       6
       11
        
       

     

       7
       7
       -
         src = fetchurl {

     

       8
       8
       -
           url = "https://github.com/alda-lang/alda/releases/download/${version}/alda";

     

       9
       9
       -
           sha256 = "sha256-OHbOsgYN87ThU7EgjCgxADnOv32qIi+7XwDwcW0dmV0=";

     

       12
       12
       +
         src_player = fetchurl {

     

       13
       13
       +
           url = "https://alda-releases.nyc3.digitaloceanspaces.com/${version}/player/non-windows/alda-player";

     

       14
       14
       +
           sha256 = "1g7k2qnh4vcw63604z7zbvhbpn7l1v3m9mx4j4vywfq6qar1r6ck";

     

       10
       15
        
         };

     

       11
       16
        
       

     

       12
       17
        
         dontUnpack = true;

     

       13
       18
        
       

     

       14
       14
       -
         installPhase = ''

     

       15
       15
       -
           install -Dm755 $src $out/bin/alda

     

       16
       16
       -
           sed -i -e '1 s!java!${jre}/bin/java!' $out/bin/alda

     

       17
       17
       -
         '';

     

       19
       19
       +
         nativeBuildInputs = [ makeWrapper ];

     

       20
       20
       +
       

     

       21
       21
       +
         installPhase =

     

       22
       22
       +
           let

     

       23
       23
       +
             binPath = lib.makeBinPath [ jre ];

     

       24
       24
       +
           in

     

       25
       25
       +
           ''

     

       26
       26
       +
             install -D $src_alda $out/bin/alda

     

       27
       27
       +
             install -D $src_player $out/bin/alda-player

     

       28
       28
       +
       

     

       29
       29
       +
             wrapProgram $out/bin/alda --prefix PATH : $out/bin:${binPath}

     

       30
       30
       +
             wrapProgram $out/bin/alda-player --prefix PATH : $out/bin:${binPath}

     

       31
       31
       +
           '';

     

       18
       32
        
       

     

       19
       33
        
         meta = with lib; {

     

       20
       34
        
           description = "A music programming language for musicians";

     
···

       23
       37
        
           maintainers = [ maintainers.ericdallo ];

     

       24
       38
        
           platforms = jre.meta.platforms;

     

       25
       39
        
         };

     

       26
       26
       -
       

     

       27
       40
        
       }

+4 -3

pkgs/development/libraries/assimp/default.nix

···

       2
       2
        
       

     

       3
       3
        
       stdenv.mkDerivation rec {

     

       4
       4
        
         pname = "assimp";

     

       5
       5
       -
         version = "5.0.1";

     

       5
       5
       +
         version = "5.1.3";

     

       6
       6
       +
         outputs = [ "out" "lib" "dev" ];

     

       6
       7
        
       

     

       7
       8
        
         src = fetchFromGitHub{

     

       8
       9
        
           owner = "assimp";

     

       9
       10
        
           repo = "assimp";

     

       10
       11
        
           rev = "v${version}";

     

       11
       11
       -
           sha256 = "00vxzfcrs856qnyk806wqr67nmpjk06mjby0fqmyhm6i1jj2hg1w";

     

       12
       12
       +
           hash = "sha256-GNSfaP8O5IsjGwtC3DFaV4OiMMUXIcmHmz+5TCT/HP8=";

     

       12
       13
        
         };

     

       13
       14
        
       

     

       14
       15
        
         nativeBuildInputs = [ cmake ];

     
···

       16
       17
        
       

     

       17
       18
        
         meta = with lib; {

     

       18
       19
        
           description = "A library to import various 3D model formats";

     

       19
       19
       -
           homepage = "http://assimp.sourceforge.net/";

     

       20
       20
       +
           homepage = "https://www.assimp.org/";

     

       20
       21
        
           license = licenses.bsd3;

     

       21
       22
        
           maintainers = with maintainers; [ ehmry ];

     

       22
       23
        
           platforms = platforms.linux ++ platforms.darwin;

+17 -15

pkgs/development/libraries/draco/default.nix

···

       1
       1
       -
       { lib, stdenv, fetchFromGitHub, cmake

     

       1
       1
       +
       { lib

     

       2
       2
       +
       , stdenv

     

       3
       3
       +
       , fetchFromGitHub

     

       4
       4
       +
       , cmake

     

       5
       5
       +
       , python3

     

       6
       6
       +
       , withAnimation ? true

     

       7
       7
       +
       , withTranscoder ? true

     

       2
       8
        
       }:

     

       3
       9
        
       

     

       10
       10
       +
       let

     

       11
       11
       +
         cmakeBool = b: if b then "ON" else "OFF";

     

       12
       12
       +
       in

     

       4
       13
        
       stdenv.mkDerivation rec {

     

       5
       5
       -
         version = "1.4.3";

     

       14
       14
       +
         version = "1.5.0";

     

       6
       15
        
         pname = "draco";

     

       7
       16
        
       

     

       8
       17
        
         src = fetchFromGitHub {

     

       9
       18
        
           owner = "google";

     

       10
       19
        
           repo = "draco";

     

       11
       20
        
           rev = version;

     

       12
       12
       -
           sha256 = "sha256-eSu6tkWbRHzJkWwPgljaScAuL0gRkp8PJUHWC8mUvOw=";

     

       21
       21
       +
           hash = "sha256-BoJg2lZBPVVm6Nc0XK8QSISpe+B8tpgRg9PFncN4+fY=";

     

       22
       22
       +
           fetchSubmodules = true;

     

       13
       23
        
         };

     

       14
       24
        
       

     

       15
       15
       -
         nativeBuildInputs = [ cmake ];

     

       25
       25
       +
         nativeBuildInputs = [ cmake python3 ];

     

       16
       26
        
       

     

       17
       27
        
         cmakeFlags = [

     

       18
       18
       -
           # Fake these since we are building from a tarball

     

       19
       19
       -
           "-Ddraco_git_hash=${version}"

     

       20
       20
       -
           "-Ddraco_git_desc=${version}"

     

       21
       21
       -
       

     

       22
       22
       -
           "-DBUILD_UNITY_PLUGIN=1"

     

       28
       28
       +
           "-DDRACO_ANIMATION_ENCODING=${cmakeBool withAnimation}"

     

       29
       29
       +
           "-DDRACO_TRANSCODER_SUPPORTED=${cmakeBool withTranscoder}"

     

       30
       30
       +
           "-DBUILD_SHARED_LIBS=${cmakeBool true}"

     

       23
       31
        
         ];

     

       24
       24
       -
       

     

       25
       25
       -
         # Upstream mistakenly installs to /nix/store/.../nix/store/.../*, work around that

     

       26
       26
       -
         postInstall = ''

     

       27
       27
       -
           mv $out/nix/store/*/* $out

     

       28
       28
       -
           rm -rf $out/nix

     

       29
       29
       -
         '';

     

       30
       32
        
       

     

       31
       33
        
         meta = with lib; {

     

       32
       34
        
           description = "Library for compressing and decompressing 3D geometric meshes and point clouds";

+4 -4

pkgs/development/libraries/libosmium/default.nix

···

       1
       1
       -
       { lib, stdenv, fetchFromGitHub, cmake, protozero, expat, zlib, bzip2, boost }:

     

       1
       1
       +
       { lib, stdenv, fetchFromGitHub, cmake, protozero, expat, zlib, bzip2, boost, lz4 }:

     

       2
       2
        
       

     

       3
       3
        
       stdenv.mkDerivation rec {

     

       4
       4
        
         pname = "libosmium";

     

       5
       5
       -
         version = "2.17.1";

     

       5
       5
       +
         version = "2.17.2";

     

       6
       6
        
       

     

       7
       7
        
         src = fetchFromGitHub {

     

       8
       8
        
           owner = "osmcode";

     

       9
       9
        
           repo = "libosmium";

     

       10
       10
        
           rev = "v${version}";

     

       11
       11
       -
           sha256 = "sha256-riNcIC60gw9qxF8UmPjq03XuD3of0BxKbZpgwjMNh3c=";

     

       11
       11
       +
           sha256 = "sha256-+WeEK7rWoUPAiAsgd5qT2bwDf+5IlP4uuyh7+i2L/HU=";

     

       12
       12
        
         };

     

       13
       13
        
       

     

       14
       14
        
         nativeBuildInputs = [ cmake ];

     

       15
       15
        
       

     

       16
       16
       -
         buildInputs = [ protozero zlib bzip2 expat boost ];

     

       16
       16
       +
         buildInputs = [ protozero zlib bzip2 expat boost lz4 ];

     

       17
       17
        
       

     

       18
       18
        
         cmakeFlags = [ "-DINSTALL_GDALCPP:BOOL=ON" ];

     

       19
       19

+1 -1

pkgs/development/libraries/libvdpau/default.nix

···

       23
       23
        
         NIX_LDFLAGS = lib.optionalString stdenv.isDarwin "-lX11";

     

       24
       24
        
       

     

       25
       25
        
         meta = with lib; {

     

       26
       26
       -
           homepage = "https://people.freedesktop.org/~aplattner/vdpau/";

     

       26
       26
       +
           homepage = "https://www.freedesktop.org/wiki/Software/VDPAU/";

     

       27
       27
        
           description = "Library to use the Video Decode and Presentation API for Unix (VDPAU)";

     

       28
       28
        
           license = licenses.mit; # expat version

     

       29
       29
        
           platforms = platforms.unix;

+2 -2

pkgs/development/libraries/tkrzw/default.nix

···

       2
       2
        
       

     

       3
       3
        
       stdenv.mkDerivation rec {

     

       4
       4
        
         pname = "tkrzw";

     

       5
       5
       -
         version = "0.9.51";

     

       5
       5
       +
         version = "1.0.21";

     

       6
       6
        
         # TODO: defeat multi-output reference cycles

     

       7
       7
        
       

     

       8
       8
        
         src = fetchurl {

     

       9
       9
        
           url = "https://dbmx.net/tkrzw/pkg/tkrzw-${version}.tar.gz";

     

       10
       10
       -
           hash = "sha256-UqF2cJ/r8OksAKyHw6B9UiBFIXgKeDmD2ZyJ+iPkY2w=";

     

       10
       10
       +
           hash = "sha256-1g3sIRXxYtD8XGVNpbn4HLTCi+xl2yfJklbUouMQcHs=";

     

       11
       11
        
         };

     

       12
       12
        
       

     

       13
       13
        
         enableParallelBuilding = true;

-25

pkgs/development/nim-packages/python/default.nix

···

       1
       1
       -
       { lib, buildNimPackage, fetchFromGitHub, python27 }:

     

       2
       2
       -
       

     

       3
       3
       -
       buildNimPackage rec {

     

       4
       4
       -
         pname = "python";

     

       5
       5
       -
         version = "1.2";

     

       6
       6
       -
         src = fetchFromGitHub {

     

       7
       7
       -
           owner = "nim-lang";

     

       8
       8
       -
           repo = pname;

     

       9
       9
       -
           rev = "b7c3b2c447a69fdb0a974ba149062e52182fda08";

     

       10
       10
       -
           hash = "sha256-Wl4on0rf4zbNxmwmq/ZkNiPIFCZY+1BdokPQoba2EVI=";

     

       11
       11
       -
         };

     

       12
       12
       -
         postPatch = let pythonLib = "${python27}/lib/libpython2.7.so";

     

       13
       13
       -
         in ''

     

       14
       14
       -
           substituteInPlace src/python.nim \

     

       15
       15
       -
             --replace 'items(LibNames)' "[\"${pythonLib}\"]" \

     

       16
       16
       -
             --replace 'dynlib: dllname' 'dynlib: "${pythonLib}"'

     

       17
       17
       -
         '';

     

       18
       18
       -
         doCheck = true;

     

       19
       19
       -
         meta = with lib;

     

       20
       20
       -
           src.meta // {

     

       21
       21
       -
             description = "Nim wrapper for the Python 2 programming language";

     

       22
       22
       -
             license = [ licenses.mit ];

     

       23
       23
       -
             maintainers = [ maintainers.ehmry ];

     

       24
       24
       -
           };

     

       25
       25
       -
       }

+3 -3

pkgs/development/nim-packages/spry/default.nix

···

       1
       1
       -
       { lib, buildNimPackage, fetchFromGitHub, python, rocksdb, snappy, spryvm, stew

     

       1
       1
       +
       { lib, buildNimPackage, fetchFromGitHub, rocksdb, snappy, spryvm, stew

     

       2
       2
        
       , tempfile, ui }:

     

       3
       3
        
       

     

       4
       4
        
       buildNimPackage rec {

     
···

       10
       10
        
           rev = "098da7bb34a9113d5db5402fecfc76b1c3fa3b36";

     

       11
       11
        
           hash = "sha256-PfWBrG2Z16tLgcN8JYpHaNMysBbbYX812Lkgk0ItMwE=";

     

       12
       12
        
         };

     

       13
       13
       -
         buildInputs = [ python rocksdb snappy spryvm stew tempfile ui ];

     

       14
       14
       -
         patches = [ ./nil.patch ];

     

       13
       13
       +
         buildInputs = [ rocksdb snappy spryvm stew tempfile ui ];

     

       14
       14
       +
         patches = [ ./nil.patch ./python.patch ];

     

       15
       15
        
         doCheck = true;

     

       16
       16
        
         meta = with lib;

     

       17
       17
        
           src.meta // {

+43

pkgs/development/nim-packages/spry/python.patch

···

       1
       1
       +
       diff --git a/src/ispry.nim b/src/ispry.nim

     

       2
       2
       +
       index 23ad6c3..d2cfc89 100644

     

       3
       3
       +
       --- a/src/ispry.nim

     

       4
       4
       +
       +++ b/src/ispry.nim

     

       5
       5
       +
       @@ -21,7 +21,7 @@ import spryvm/sprycore, spryvm/sprylib, spryvm/spryextend, spryvm/sprymath,

     

       6
       6
       +
          spryvm/spryos, spryvm/spryio, spryvm/sprymemfile, spryvm/sprythread,

     

       7
       7
       +
          spryvm/spryoo, spryvm/sprydebug, spryvm/sprycompress, spryvm/sprystring,

     

       8
       8
       +
          spryvm/sprymodules, spryvm/spryreflect, spryvm/spryblock, spryvm/sprynet,

     

       9
       9
       +
       -  spryvm/sprysmtp, spryvm/spryjson, spryvm/sprysqlite, spryvm/sprypython,

     

       10
       10
       +
       +  spryvm/sprysmtp, spryvm/spryjson, spryvm/sprysqlite,

     

       11
       11
       +
          spryvm/spryrocksdb

     

       12
       12
       +
        

     

       13
       13
       +
        const Prompt = ">>> "

     

       14
       14
       +
       @@ -63,7 +63,6 @@ proc main() =

     

       15
       15
       +
        

     

       16
       16
       +
          spry.addMemfile()

     

       17
       17
       +
          spry.addThread()

     

       18
       18
       +
       -  spry.addPython()

     

       19
       19
       +
          spry.addDebug()

     

       20
       20
       +
          spry.addCompress()

     

       21
       21
       +
          spry.addReflect()

     

       22
       22
       +
       diff --git a/src/spry.nim b/src/spry.nim

     

       23
       23
       +
       index 670a280..cda9027 100644

     

       24
       24
       +
       --- a/src/spry.nim

     

       25
       25
       +
       +++ b/src/spry.nim

     

       26
       26
       +
       @@ -14,8 +14,7 @@ import spryvm/sprycore, spryvm/sprylib, spryvm/spryextend, spryvm/sprymath,

     

       27
       27
       +
          spryvm/spryos, spryvm/spryio, spryvm/sprymemfile, spryvm/sprythread,

     

       28
       28
       +
          spryvm/spryoo, spryvm/sprydebug, spryvm/sprycompress, spryvm/sprystring,

     

       29
       29
       +
          spryvm/sprymodules, spryvm/spryreflect, spryvm/spryui, spryvm/spryblock, spryvm/sprynet,

     

       30
       30
       +
       -  spryvm/sprysmtp, spryvm/spryjson, spryvm/sprysqlite, spryvm/spryrocksdb,

     

       31
       31
       +
       -  spryvm/sprypython

     

       32
       32
       +
       +  spryvm/sprysmtp, spryvm/spryjson, spryvm/sprysqlite, spryvm/spryrocksdb

     

       33
       33
       +
        

     

       34
       34
       +
        var spry = newInterpreter()

     

       35
       35
       +
        

     

       36
       36
       +
       @@ -34,7 +33,6 @@ spry.addOO()

     

       37
       37
       +
        

     

       38
       38
       +
        spry.addMemfile()

     

       39
       39
       +
        spry.addThread()

     

       40
       40
       +
       -spry.addPython()

     

       41
       41
       +
        spry.addDebug()

     

       42
       42
       +
        spry.addCompress()

     

       43
       43
       +
        spry.addReflect()

+4 -11

pkgs/development/node-packages/default.nix

···

       309
       309
        
       

     

       310
       310
        
           prisma = super.prisma.override rec {

     

       311
       311
        
             nativeBuildInputs = [ pkgs.makeWrapper ];

     

       312
       312
       -
             version = "3.5.0";

     

       312
       312
       +
       

     

       313
       313
       +
             inherit (pkgs.prisma-engines) version;

     

       314
       314
       +
       

     

       313
       315
        
             src = fetchurl {

     

       314
       316
        
               url = "https://registry.npmjs.org/prisma/-/prisma-${version}.tgz";

     

       315
       315
       -
               sha512 = "sha512-WEYQ+H98O0yigG+lI0gfh4iyBChvnM6QTXPDtY9eFraLXAmyb6tf/T2mUdrUAU1AEvHLVzQA5A+RpONZlQozBg==";

     

       317
       317
       +
               sha512 = "sha512-6SqgHS/5Rq6HtHjsWsTxlj+ySamGyCLBUQfotc2lStOjPv52IQuDVpp58GieNqc9VnfuFyHUvTZw7aQB+G2fvQ==";

     

       316
       318
        
             };

     

       317
       317
       -
             dependencies = [ rec {

     

       318
       318
       -
               name = "_at_prisma_slash_engines";

     

       319
       319
       -
               packageName = "@prisma/engines";

     

       320
       320
       -
               version = "3.5.0-38.78a5df6def6943431f4c022e1428dbc3e833cf8e";

     

       321
       321
       -
               src = fetchurl {

     

       322
       322
       -
                 url = "https://registry.npmjs.org/@prisma/engines/-/engines-${version}.tgz";

     

       323
       323
       -
                 sha512 = "sha512-MqZUrxuLlIbjB3wu8LrRJOKcvR4k3dunKoI4Q2bPfAwLQY0XlpsLZ3TRVW1c32ooVk939p6iGNkaCUo63Et36g==";

     

       324
       324
       -
               };

     

       325
       325
       -
             }];

     

       326
       319
        
             postInstall = with pkgs; ''

     

       327
       320
        
               wrapProgram "$out/bin/prisma" \

     

       328
       321
        
                 --set PRISMA_MIGRATION_ENGINE_BINARY ${prisma-engines}/bin/migration-engine \

+2 -2

pkgs/development/python-modules/bx-python/default.nix

···

       3
       3
        
       

     

       4
       4
        
       buildPythonPackage rec {

     

       5
       5
        
         pname = "bx-python";

     

       6
       6
       -
         version = "0.8.12";

     

       6
       6
       +
         version = "0.8.13";

     

       7
       7
        
         disabled = pythonOlder "3.6";

     

       8
       8
        
       

     

       9
       9
        
         src = fetchFromGitHub {

     

       10
       10
        
           owner = "bxlab";

     

       11
       11
        
           repo = "bx-python";

     

       12
       12
        
           rev = "v${version}";

     

       13
       13
       -
           sha256 = "sha256-bOoD2dY6Zf4HRMqZcGSot1owu/5VEkF6wpuMTzVUlFU=";

     

       13
       13
       +
           sha256 = "0r3z02mvaswijalr42ikpa7crvliijy0aigsvp5m0frp05n4irf5";

     

       14
       14
        
         };

     

       15
       15
        
       

     

       16
       16
        
         nativeBuildInputs = [ cython ];

+2 -2

pkgs/development/python-modules/cyclonedx-python-lib/default.nix

···

       16
       16
        
       

     

       17
       17
        
       buildPythonPackage rec {

     

       18
       18
        
         pname = "cyclonedx-python-lib";

     

       19
       19
       -
         version = "0.12.2";

     

       19
       19
       +
         version = "0.12.3";

     

       20
       20
        
         format = "pyproject";

     

       21
       21
        
       

     

       22
       22
        
         disabled = pythonOlder "3.6";

     
···

       25
       25
        
           owner = "CycloneDX";

     

       26
       26
        
           repo = pname;

     

       27
       27
        
           rev = "v${version}";

     

       28
       28
       -
           sha256 = "sha256-+NIC+dxajG5wffIFUC5MqRAiodh8ynO1fp1XTOxaR1g=";

     

       28
       28
       +
           sha256 = "1404wcwjglq025n8ncsrl2h64g1sly83cs9sc6jpiw1g5ay4a1vi";

     

       29
       29
        
         };

     

       30
       30
        
       

     

       31
       31
        
         nativeBuildInputs = [

+2 -11

pkgs/development/python-modules/trezor/default.nix

···

       19
       19
        
       , shamir-mnemonic

     

       20
       20
        
       , typing-extensions

     

       21
       21
        
       , trezor-udev-rules

     

       22
       22
       -
       , pytest

     

       22
       22
       +
       , pytestCheckHook

     

       23
       23
        
       }:

     

       24
       24
        
       

     

       25
       25
        
       buildPythonPackage rec {

     
···

       54
       54
        
           trezor-udev-rules

     

       55
       55
        
         ];

     

       56
       56
        
       

     

       57
       57
       -
         checkInputs = [

     

       58
       58
       -
           pytest

     

       59
       59
       -
         ];

     

       60
       60
       -
       

     

       61
       61
       -
         # disable test_tx_api.py as it requires being online

     

       62
       62
       -
         checkPhase = ''

     

       63
       63
       -
           runHook preCheck

     

       64
       64
       -
           pytest --pyargs tests --ignore tests/test_tx_api.py

     

       65
       65
       -
           runHook postCheck

     

       66
       66
       -
         '';

     

       57
       57
       +
         checkInputs = [ pytestCheckHook ];

     

       67
       58
        
       

     

       68
       59
        
         postFixup = ''

     

       69
       60
        
           mkdir completions

+21 -8

pkgs/development/quickemu/default.nix

···

       17
       17
        
       , xdg-user-dirs

     

       18
       18
        
       , xrandr

     

       19
       19
        
       , zsync

     

       20
       20
       +
       , OVMF

     

       21
       21
       +
       , quickemu

     

       22
       22
       +
       , testVersion

     

       20
       23
        
       }:

     

       21
       24
        
       let

     

       22
       25
        
         runtimePaths = [

     
···

       40
       43
        
       

     

       41
       44
        
       stdenv.mkDerivation rec {

     

       42
       45
        
         pname = "quickemu";

     

       43
       43
       -
         version = "2.2.7";

     

       46
       46
       +
         version = "3.11";

     

       44
       47
        
       

     

       45
       48
        
         src = fetchFromGitHub {

     

       46
       46
       -
           owner = "wimpysworld";

     

       47
       47
       -
           repo = pname;

     

       49
       49
       +
           owner = "quickemu-project";

     

       50
       50
       +
           repo = "quickemu";

     

       48
       51
        
           rev = version;

     

       49
       49
       -
           sha256 = "sha256-TNG1pCePsi12QQafhayhj+V5EXq+v7qmaW5v5X8ER6s=";

     

       52
       52
       +
           sha256 = "1xwf9vwbr57wmyxfcqzl1jnmfx3ffh7sfqf0zcdq41wqkm8s106n";

     

       50
       53
        
         };

     

       51
       54
        
       

     

       55
       55
       +
         patches = [

     

       56
       56
       +
           ./efi_vars_ensure_writable.patch

     

       57
       57
       +
           ./input_overrides.patch

     

       58
       58
       +
         ];

     

       59
       59
       +
       

     

       52
       60
        
         nativeBuildInputs = [ makeWrapper ];

     

       53
       61
        
       

     

       54
       62
        
         installPhase = ''

     
···

       56
       64
        
       

     

       57
       65
        
           install -Dm755 -t "$out/bin" quickemu quickget macrecovery

     

       58
       66
        
       

     

       59
       59
       -
          for f in quickget macrecovery quickemu; do

     

       60
       60
       -
           wrapProgram $out/bin/$f --prefix PATH : "${lib.makeBinPath runtimePaths}"

     

       61
       61
       -
          done

     

       67
       67
       +
           for f in quickget macrecovery quickemu; do

     

       68
       68
       +
             wrapProgram $out/bin/$f \

     

       69
       69
       +
               --prefix PATH : "${lib.makeBinPath runtimePaths}" \

     

       70
       70
       +
               --set ENV_EFI_CODE "${OVMF.fd}/FV/OVMF_CODE.fd" \

     

       71
       71
       +
               --set ENV_EFI_VARS "${OVMF.fd}/FV/OVMF_VARS.fd"

     

       72
       72
       +
           done

     

       62
       73
        
       

     

       63
       74
        
           runHook postInstall

     

       64
       75
        
         '';

     

       65
       76
        
       

     

       77
       77
       +
         passthru.tests = testVersion { package = quickemu; };

     

       78
       78
       +
       

     

       66
       79
        
         meta = with lib; {

     

       67
       80
        
           description = "Quickly create and run optimised Windows, macOS and Linux desktop virtual machines";

     

       68
       68
       -
           homepage = "https://github.com/wimpysworld/quickemu";

     

       81
       81
       +
           homepage = "https://github.com/quickemu-project/quickemu";

     

       69
       82
        
           license = licenses.mit;

     

       70
       83
        
           maintainers = with maintainers; [ fedx-sudo ];

     

       71
       84
        
         };

+13

pkgs/development/quickemu/efi_vars_ensure_writable.patch

···

       1
       1
       +
       diff --git a/quickemu b/quickemu

     

       2
       2
       +
       index a9a60a5..1a932ac 100755

     

       3
       3
       +
       --- a/quickemu

     

       4
       4
       +
       +++ b/quickemu

     

       5
       5
       +
       @@ -197,7 +197,7 @@ function efi_vars() {

     

       6
       6
       +
        

     

       7
       7
       +
          if [ ! -e "${VARS_OUT}" ]; then

     

       8
       8
       +
            if [ -e "${VARS_IN}" ]; then

     

       9
       9
       +
       -      cp "${VARS_IN}" "${VARS_OUT}"

     

       10
       10
       +
       +      cp "${VARS_IN}" "${VARS_OUT}" && chmod +w "${VARS_OUT}"

     

       11
       11
       +
            else

     

       12
       12
       +
              echo "ERROR! ${VARS_IN} was not found. Please install edk2."

     

       13
       13
       +
              exit 1

+28

pkgs/development/quickemu/input_overrides.patch

···

       1
       1
       +
       diff --git a/quickemu b/quickemu

     

       2
       2
       +
       index 1a932ac..ab2f752 100755

     

       3
       3
       +
       --- a/quickemu

     

       4
       4
       +
       +++ b/quickemu

     

       5
       5
       +
       @@ -383,7 +383,10 @@ function vm_boot() {

     

       6
       6
       +
            # https://bugzilla.redhat.com/show_bug.cgi?id=1929357#c5

     

       7
       7
       +
            case ${secureboot} in

     

       8
       8
       +
              on)

     

       9
       9
       +
       -        if [ -e "/usr/share/OVMF/OVMF_CODE_4M.secboot.fd" ]; then

     

       10
       10
       +
       +        if [[ ${ENV_EFI_CODE_SECURE} && ${ENV_EFI_CODE_SECURE-x} ]] && [[ ${ENV_EFI_VARS_SECURE} && ${ENV_EFI_VARS_SECURE-x} ]]; then

     

       11
       11
       +
       +          EFI_CODE="${ENV_EFI_CODE_SECURE}"

     

       12
       12
       +
       +          efi_vars "${ENV_EFI_VARS_SECURE}" "${EFI_VARS}"

     

       13
       13
       +
       +        elif [ -e "/usr/share/OVMF/OVMF_CODE_4M.secboot.fd" ]; then

     

       14
       14
       +
                  EFI_CODE="/usr/share/OVMF/OVMF_CODE_4M.secboot.fd"

     

       15
       15
       +
                  efi_vars "/usr/share/OVMF/OVMF_VARS_4M.fd" "${EFI_VARS}"

     

       16
       16
       +
                elif [ -e "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd" ]; then

     

       17
       17
       +
       @@ -402,7 +405,10 @@ function vm_boot() {

     

       18
       18
       +
                fi

     

       19
       19
       +
                ;;

     

       20
       20
       +
              *)

     

       21
       21
       +
       -        if [ -e "/usr/share/OVMF/OVMF_CODE_4M.fd" ]; then

     

       22
       22
       +
       +        if [[ ${ENV_EFI_CODE} && ${ENV_EFI_CODE-x} ]] && [[ ${ENV_EFI_VARS} && ${ENV_EFI_VARS-x} ]]; then

     

       23
       23
       +
       +          EFI_CODE="${ENV_EFI_CODE}"

     

       24
       24
       +
       +          efi_vars "${ENV_EFI_VARS}" "${EFI_VARS}"

     

       25
       25
       +
       +        elif [ -e "/usr/share/OVMF/OVMF_CODE_4M.fd" ]; then

     

       26
       26
       +
                  EFI_CODE="/usr/share/OVMF/OVMF_CODE_4M.fd"

     

       27
       27
       +
                  efi_vars "/usr/share/OVMF/OVMF_VARS_4M.fd" "${EFI_VARS}"

     

       28
       28
       +
                elif [ -e "/usr/share/edk2/ovmf/OVMF_CODE.fd" ]; then

+2 -2

pkgs/development/tools/analysis/checkov/default.nix

···

       46
       46
        
       

     

       47
       47
        
       buildPythonApplication rec {

     

       48
       48
        
         pname = "checkov";

     

       49
       49
       -
         version = "2.0.664";

     

       49
       49
       +
         version = "2.0.668";

     

       50
       50
        
       

     

       51
       51
        
         src = fetchFromGitHub {

     

       52
       52
        
           owner = "bridgecrewio";

     

       53
       53
        
           repo = pname;

     

       54
       54
        
           rev = version;

     

       55
       55
       -
           sha256 = "sha256-t7u47gkUtn9EwBWtz97GkiM8tyGCFk4S5UTQ+OosI2o=";

     

       55
       55
       +
           sha256 = "sha256-kCqhNxqI+9F9nQvZDOYjC2Bb5a1x4a9b9aqvDe/siP0=";

     

       56
       56
        
         };

     

       57
       57
        
       

     

       58
       58
        
         nativeBuildInputs = with py.pkgs; [

+11 -5

pkgs/development/tools/continuous-integration/github-runner/default.nix

···

       14
       14
        
       , lttng-ust

     

       15
       15
        
       , makeWrapper

     

       16
       16
        
       , nodejs-12_x

     

       17
       17
       +
       , nodejs-16_x

     

       17
       18
        
       , openssl

     

       18
       19
        
       , stdenv

     

       19
       20
        
       , zlib

     
···

       37
       38
        
       in

     

       38
       39
        
       stdenv.mkDerivation rec {

     

       39
       40
        
         pname = "github-runner";

     

       40
       40
       -
         version = "2.284.0";

     

       41
       41
       +
         version = "2.285.1";

     

       41
       42
        
       

     

       42
       43
        
         src = fetchFromGitHub {

     

       43
       44
        
           owner = "actions";

     

       44
       45
        
           repo = "runner";

     

       45
       46
        
           rev = "v${version}";

     

       46
       46
       -
           sha256 = "sha256-JR0OzbT5gGhO/dxb/eSjP/d/VxW/aLmTs/oPwN8b8Rc=";

     

       47
       47
       +
           hash = "sha256-SlKUuebsoZ9OgYuDTNOlY1KMg01LFSFazrLCctiFq3A=";

     

       47
       48
        
         };

     

       48
       49
        
       

     

       49
       50
        
         nativeBuildInputs = [

     
···

       142
       143
        
         disabledTests = [

     

       143
       144
        
           # Self-updating is patched out, hence this test will fail

     

       144
       145
        
           "FullyQualifiedName!=GitHub.Runner.Common.Tests.Listener.RunnerL0.TestRunOnceHandleUpdateMessage"

     

       146
       146
       +
         ] ++ lib.optionals (stdenv.hostPlatform.system == "aarch64-linux") [

     

       147
       147
       +
           # "JavaScript Actions in Alpine containers are only supported on x64 Linux runners. Detected Linux Arm64"

     

       148
       148
       +
           "FullyQualifiedName!=GitHub.Runner.Common.Tests.Worker.StepHostL0.DetermineNodeRuntimeVersionInAlpineContainerAsync"

     

       145
       149
        
         ] ++ map

     

       146
       150
        
           # Online tests

     

       147
       151
        
           (x: "FullyQualifiedName!=GitHub.Runner.Common.Tests.Worker.ActionManagerL0.PrepareActions_${x}")

     
···

       189
       193
        
       

     

       190
       194
        
           mkdir -p _layout/externals

     

       191
       195
        
           ln -s ${nodejs-12_x} _layout/externals/node12

     

       196
       196
       +
           ln -s ${nodejs-16_x} _layout/externals/node16

     

       192
       197
        
       

     

       193
       198
        
           # BUILDCONFIG needs to be "Debug"

     

       194
       199
        
           dotnet msbuild \

     
···

       230
       235
        
             --replace './externals' "$out/externals" \

     

       231
       236
        
             --replace './bin' "$out/lib"

     

       232
       237
        
       

     

       233
       233
       -
           # The upstream package includes Node 12 and expects it at the path

     

       234
       234
       -
           # externals/node12. As opposed to the official releases, we don't

     

       235
       235
       -
           # link the Alpine Node flavor.

     

       238
       238
       +
           # The upstream package includes Node {12,16} and expects it at the path

     

       239
       239
       +
           # externals/node{12,16}. As opposed to the official releases, we don't

     

       240
       240
       +
           # link the Alpine Node flavors.

     

       236
       241
        
           mkdir -p $out/externals

     

       237
       242
        
           ln -s ${nodejs-12_x} $out/externals/node12

     

       243
       243
       +
           ln -s ${nodejs-16_x} $out/externals/node16

     

       238
       244
        
       

     

       239
       245
        
           runHook postInstall

     

       240
       246
        
         '';

+3 -3

pkgs/development/tools/database/prisma-engines/default.nix

···

       10
       10
        
       

     

       11
       11
        
       rustPlatform.buildRustPackage rec {

     

       12
       12
        
         pname = "prisma-engines";

     

       13
       13
       -
         version = "3.5.0";

     

       13
       13
       +
         version = "3.6.0";

     

       14
       14
        
       

     

       15
       15
        
         src = fetchFromGitHub {

     

       16
       16
        
           owner = "prisma";

     

       17
       17
        
           repo = "prisma-engines";

     

       18
       18
        
           rev = version;

     

       19
       19
       -
           sha256 = "sha256-c4t7r9Os0nmQEBpNeZ+XdTPc/5X6Dyw0dd7J4pw5s88=";

     

       19
       19
       +
           sha256 = "sha256-opo4CM/ONZfVWhv/2r9Mfu8eNTgcG2hwvJmSrQ/OPDA=";

     

       20
       20
        
         };

     

       21
       21
        
       

     

       22
       22
        
         # Use system openssl.

     

       23
       23
        
         OPENSSL_NO_VENDOR = 1;

     

       24
       24
        
       

     

       25
       25
       -
         cargoSha256 = "sha256-rjqFEY7GXXWzlw5E6Wg4KPz25BbvQPuLW5m8+3CbcRw=";

     

       25
       25
       +
         cargoSha256 = "sha256-Zrv5cI2uyGu4hOH8lKOrzA+U3ZLE+MEeD5fBxhI+eIk=";

     

       26
       26
        
       

     

       27
       27
        
         nativeBuildInputs = [ pkg-config ];

     

       28
       28

+2 -2

pkgs/development/tools/scalafmt/default.nix

···

       2
       2
        
       

     

       3
       3
        
       let

     

       4
       4
        
         baseName = "scalafmt";

     

       5
       5
       -
         version = "3.0.8";

     

       5
       5
       +
         version = "3.2.1";

     

       6
       6
        
         deps = stdenv.mkDerivation {

     

       7
       7
        
           name = "${baseName}-deps-${version}";

     

       8
       8
        
           buildCommand = ''

     
···

       13
       13
        
           '';

     

       14
       14
        
           outputHashMode = "recursive";

     

       15
       15
        
           outputHashAlgo = "sha256";

     

       16
       16
       -
           outputHash     = "VBU6Jg6Sq3RBy0ym5YbjLjvcfx/85f6wNMmkGVV0W88=";

     

       16
       16
       +
           outputHash     = "v1IODq88Wpjm7IxSKmD9Nub3r4XNP+jNT0A6ApX3Cas=";

     

       17
       17
        
         };

     

       18
       18
        
       in

     

       19
       19
        
       stdenv.mkDerivation {

+3 -3

pkgs/games/cataclysm-dda/stable.nix

···

       10
       10
        
         };

     

       11
       11
        
       

     

       12
       12
        
         self = common.overrideAttrs (common: rec {

     

       13
       13
       -
           version = "0.F-2";

     

       13
       13
       +
           version = "0.F-3";

     

       14
       14
        
       

     

       15
       15
        
           src = fetchFromGitHub {

     

       16
       16
        
             owner = "CleverRaven";

     

       17
       17
        
             repo = "Cataclysm-DDA";

     

       18
       18
        
             rev = version;

     

       19
       19
       -
             sha256 = "sha256-8AZOrO/Wxui+LqAZo8hURktMTycecIgOONUJmE3M+vM=";

     

       19
       19
       +
             sha256 = "sha256-2su1uQaWl9WG41207dRvOTdVKcQsEz/y0uTi9JX52uI=";

     

       20
       20
        
           };

     

       21
       21
        
       

     

       22
       22
        
           makeFlags = common.makeFlags ++ [

     

       23
       23
       -
             # Makefile declares version as 0.F, even under 0.F-2

     

       23
       23
       +
             # Makefile declares version as 0.F, with no minor release number

     

       24
       24
        
             "VERSION=${version}"

     

       25
       25
        
           ];

     

       26
       26

+2 -2

pkgs/games/quakespasm/vulkan.nix

···

       2
       2
        
       

     

       3
       3
        
       stdenv.mkDerivation rec {

     

       4
       4
        
         pname = "vkquake";

     

       5
       5
       -
         version = "1.11.0";

     

       5
       5
       +
         version = "1.12.1";

     

       6
       6
        
       

     

       7
       7
        
         src = fetchFromGitHub {

     

       8
       8
        
           owner = "Novum";

     

       9
       9
        
           repo = "vkQuake";

     

       10
       10
        
           rev = version;

     

       11
       11
       -
           sha256 = "sha256-FbHqpBiTJWeJPBHUBTOIuXRoLttmDIpip5wUvuVw8YI=";

     

       11
       11
       +
           sha256 = "sha256-D6JtYhR+bkYYm4yuipNrsonziDGiDWICEohy4Mgdr+0=";

     

       12
       12
        
         };

     

       13
       13
        
       

     

       14
       14
        
         sourceRoot = "source/Quake";

+11 -5

pkgs/misc/cups/drivers/mfcj470dwcupswrapper/default.nix

···

       21
       21
        
           --replace /etc "$out/etc"

     

       22
       22
        
       

     

       23
       23
        
           substituteInPlace $WRAPPER \

     

       24
       24
       -
           --replace "\`cp " "\`cp -p " \

     

       25
       25
       -
           --replace "\`mv " "\`cp -p "

     

       24
       24
       +
           --replace "cp " "cp -p "

     

       26
       25
        
           '';

     

       27
       26
        
       

     

       28
       27
        
         buildPhase = ''

     
···

       33
       32
        
       

     

       34
       33
        
         installPhase = ''

     

       35
       34
        
           TARGETFOLDER=$out/opt/brother/Printers/mfcj470dw/cupswrapper/

     

       36
       36
       -
           mkdir -p $out/opt/brother/Printers/mfcj470dw/cupswrapper/

     

       35
       35
       +
           PPDFOLDER=$out/share/cups/model/

     

       36
       36
       +
           FILTERFOLDER=$out/lib/cups/filter/

     

       37
       37
       +
       

     

       38
       38
       +
           mkdir -p $TARGETFOLDER

     

       39
       39
       +
           mkdir -p $PPDFOLDER

     

       40
       40
       +
           mkdir -p $FILTERFOLDER

     

       37
       41
        
       

     

       38
       42
        
           cp brcupsconfpt1/brcupsconfpt1 $TARGETFOLDER

     

       39
       39
       -
           cp cupswrapper/cupswrappermfcj470dw $TARGETFOLDER/

     

       40
       40
       -
           cp PPD/brother_mfcj470dw_printer_en.ppd $TARGETFOLDER/

     

       43
       43
       +
           cp cupswrapper/cupswrappermfcj470dw $TARGETFOLDER

     

       44
       44
       +
           cp PPD/brother_mfcj470dw_printer_en.ppd $PPDFOLDER

     

       45
       45
       +
       

     

       46
       46
       +
           ln -s ${mfcj470dwlpr}/lib/cups/filter/brother_lpdwrapper_mfcj470dw $FILTERFOLDER/

     

       41
       47
        
           '';

     

       42
       48
        
       

     

       43
       49
        
         cleanPhase = ''

+3 -3

pkgs/os-specific/linux/sgx/psw/default.nix

···

       25
       25
        
           let

     

       26
       26
        
             ae.prebuilt = fetchurl {

     

       27
       27
        
               url = "https://download.01.org/intel-sgx/sgx-linux/${versionTag}/prebuilt_ae_${versionTag}.tar.gz";

     

       28
       28
       -
               hash = "sha256-nGKZEpT2Mx0DLgqjv9qbZqBt1pQaSHcnA0K6nHma3sk";

     

       28
       28
       +
               hash = "sha256-JriA9UGYFkAPuCtRizk8RMM1YOYGR/eO9ILnx47A40s=";

     

       29
       29
        
             };

     

       30
       30
        
             dcap = rec {

     

       31
       31
       -
               version = "1.11";

     

       31
       31
       +
               version = "1.12.1";

     

       32
       32
        
               filename = "prebuilt_dcap_${version}.tar.gz";

     

       33
       33
        
               prebuilt = fetchurl {

     

       34
       34
        
                 url = "https://download.01.org/intel-sgx/sgx-dcap/${version}/linux/${filename}";

     

       35
       35
       -
                 hash = "sha256-ShGScS4yNLki04RNPxxLvqzGmy4U1L0gVETvfAo8w9M=";

     

       35
       35
       +
                 hash = "sha256-V/XHva9Sq3P36xSW+Sd0G6Dnk4H0ANO1Ns/u+FI1eGI=";

     

       36
       36
        
               };

     

       37
       37
        
             };

     

       38
       38
        
           in

+23 -30

pkgs/os-specific/linux/sgx/sdk/default.nix

···

       1
       1
        
       { lib

     

       2
       2
        
       , stdenv

     

       3
       3
       +
       , fetchFromGitHub

     

       4
       4
       +
       , fetchpatch

     

       3
       5
        
       , fetchzip

     

       4
       4
       -
       , fetchFromGitHub

     

       5
       6
        
       , callPackage

     

       6
       7
        
       , autoconf

     

       7
       8
        
       , automake

     
···

       25
       26
        
       }:

     

       26
       27
        
       stdenv.mkDerivation rec {

     

       27
       28
        
         pname = "sgx-sdk";

     

       28
       28
       -
         version = "2.14.100.2";

     

       29
       29
       -
       

     

       30
       30
       -
         versionTag = lib.concatStringsSep "." (lib.take 2 (lib.splitVersion version));

     

       29
       29
       +
         # Version as given in se_version.h

     

       30
       30
       +
         version = "2.15.101.1";

     

       31
       31
       +
         # Version as used in the Git tag

     

       32
       32
       +
         versionTag = "2.15.1";

     

       31
       33
        
       

     

       32
       34
        
         src = fetchFromGitHub {

     

       33
       35
        
           owner = "intel";

     

       34
       36
        
           repo = "linux-sgx";

     

       35
       37
        
           rev = "sgx_${versionTag}";

     

       36
       36
       -
           hash = "sha256-D/QZWBUe1gRbbjWnV10b7IPoM3utefAsOEKnQuasIrM=";

     

       38
       38
       +
           hash = "sha256-e11COTR5eDPMB81aPRKatvIkAOeX+OZgnvn2utiv78M=";

     

       37
       39
        
           fetchSubmodules = true;

     

       38
       40
        
         };

     

       39
       41
        
       

     

       40
       40
       -
         postUnpack =

     

       41
       41
       -
           let

     

       42
       42
       -
             optlibName = "optimized_libs_${versionTag}.tar.gz";

     

       43
       43
       -
             optimizedLibs = fetchzip {

     

       44
       44
       -
               url = "https://download.01.org/intel-sgx/sgx-linux/${versionTag}/${optlibName}";

     

       45
       45
       -
               hash = "sha256-FjNhNV9+KDMvBYdWXZbua6qYOc3Z1/jtcF4j52TSxQY=";

     

       46
       46
       -
               stripRoot = false;

     

       47
       47
       -
             };

     

       48
       48
       -
             sgxIPPCryptoHeader = "${optimizedLibs}/external/ippcp_internal/inc/sgx_ippcp.h";

     

       49
       49
       -
           in

     

       50
       50
       -
           ''

     

       51
       51
       -
             # Make sure this is the right version of linux-sgx

     

       52
       52
       -
             grep -q '"${version}"' "$src/common/inc/internal/se_version.h" \

     

       53
       53
       -
               || (echo "Could not find expected version ${version} in linux-sgx source" >&2 && exit 1)

     

       42
       42
       +
         postUnpack = ''

     

       43
       43
       +
           # Make sure this is the right version of linux-sgx

     

       44
       44
       +
           grep -q '"${version}"' "$src/common/inc/internal/se_version.h" \

     

       45
       45
       +
             || (echo "Could not find expected version ${version} in linux-sgx source" >&2 && exit 1)

     

       46
       46
       +
         '';

     

       54
       47
        
       

     

       55
       55
       -
             # Make sure we use the correct version to build IPP Crypto

     

       56
       56
       -
             grep -q 'optlib_name=${optlibName}' "$src/download_prebuilt.sh" \

     

       57
       57
       -
               || (echo "Could not find expected optimized libs ${optlibName} in linux-sgx source" >&2 && exit 1)

     

       58
       58
       -
       

     

       59
       59
       -
             # Add missing sgx_ippcp.h: https://github.com/intel/linux-sgx/pull/752

     

       60
       60
       -
             ln -s ${sgxIPPCryptoHeader} "$sourceRoot/external/ippcp_internal/inc/sgx_ippcp.h"

     

       61
       61
       -
           '';

     

       48
       48
       +
         patches = [

     

       49
       49
       +
           # Commit to add missing sgx_ippcp.h not yet part of this release

     

       50
       50
       +
           (fetchpatch {

     

       51
       51
       +
             name = "add-missing-sgx_ippcp-header.patch";

     

       52
       52
       +
             url = "https://github.com/intel/linux-sgx/commit/51d1087b707a47e18588da7bae23e5f686d44be6.patch";

     

       53
       53
       +
             sha256 = "sha256-RZC14H1oEuGp0zn8CySDPy1KNqP/POqb+KMYoQt2A7M=";

     

       54
       54
       +
           })

     

       55
       55
       +
         ];

     

       62
       56
        
       

     

       63
       57
        
         postPatch = ''

     

       64
       58
        
           # https://github.com/intel/linux-sgx/pull/730

     
···

       121
       115
        
       

     

       122
       116
        
             pushd 'external/ippcp_internal'

     

       123
       117
        
       

     

       124
       124
       -
             install ${ipp-crypto-no_mitigation}/include/* inc/

     

       118
       118
       +
             cp -r ${ipp-crypto-no_mitigation}/include/. inc/

     

       125
       119
        
       

     

       126
       120
        
             install -D -m a+rw ${ipp-crypto-no_mitigation}/lib/intel64/libippcp.a \

     

       127
       121
        
               lib/linux/intel64/no_mitigation/libippcp.a

     
···

       131
       125
        
               lib/linux/intel64/cve_2020_0551_cf/libippcp.a

     

       132
       126
        
       

     

       133
       127
        
             rm inc/ippcp.h

     

       134
       134
       -
             patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i inc/ippcp20u3.patch -o inc/ippcp.h

     

       128
       128
       +
             patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i inc/ippcp21u3.patch -o inc/ippcp.h

     

       135
       129
        
       

     

       136
       130
        
             install -D ${ipp-crypto-no_mitigation.src}/LICENSE license/LICENSE

     

       137
       131
        
       

     
···

       227
       221
        
             --replace '/opt/intel/sgxsdk' "$out"

     

       228
       222
        
           for file in $out/share/SampleCode/*/Makefile; do

     

       229
       223
        
             substituteInPlace $file \

     

       230
       230
       -
               --replace '/opt/intel/sgxsdk' "$out" \

     

       231
       231
       -
               --replace '$(SGX_SDK)/buildenv.mk' "$out/share/bin/buildenv.mk"

     

       224
       224
       +
               --replace '/opt/intel/sgxsdk' "$out"

     

       232
       225
        
           done

     

       233
       226
        
       

     

       234
       227
        
           header "Fixing BINUTILS_DIR in buildenv.mk"

+17 -5

pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix

···

       2
       2
        
       , stdenv

     

       3
       3
        
       , fetchFromGitHub

     

       4
       4
        
       , cmake

     

       5
       5
       +
       , nasm

     

       6
       6
       +
       , openssl

     

       5
       7
        
       , python3

     

       6
       6
       -
       , nasm

     

       7
       8
        
       , extraCmakeFlags ? [ ]

     

       8
       9
        
       }:

     

       9
       10
        
       

     

       10
       11
        
       stdenv.mkDerivation rec {

     

       11
       12
        
         pname = "ipp-crypto";

     

       12
       12
       -
         version = "2020_update3";

     

       13
       13
       +
         version = "2021.3";

     

       13
       14
        
       

     

       14
       15
        
         src = fetchFromGitHub {

     

       15
       16
        
           owner = "intel";

     

       16
       17
        
           repo = "ipp-crypto";

     

       17
       17
       -
           rev = "ipp-crypto_${version}";

     

       18
       18
       -
           sha256 = "02vlda6mlhbd12ljzdf65klpx4kmx1ylch9w3yllsiya4hwqzy4b";

     

       18
       18
       +
           rev = "ippcp_${version}";

     

       19
       19
       +
           hash = "sha256-QEJXvQ//zhQqibFxXwPMdS1MHewgyb24LRmkycVSGrM=";

     

       19
       20
        
         };

     

       20
       21
        
       

     

       22
       22
       +
         # Fix typo: https://github.com/intel/ipp-crypto/pull/33

     

       23
       23
       +
         postPatch = ''

     

       24
       24
       +
           substituteInPlace sources/cmake/ippcp-gen-config.cmake \

     

       25
       25
       +
             --replace 'ippcpo-config.cmake' 'ippcp-config.cmake'

     

       26
       26
       +
         '';

     

       27
       27
       +
       

     

       21
       28
        
         cmakeFlags = [ "-DARCH=intel64" ] ++ extraCmakeFlags;

     

       22
       29
        
       

     

       23
       23
       -
         nativeBuildInputs = [ cmake python3 nasm ];

     

       30
       30
       +
         nativeBuildInputs = [

     

       31
       31
       +
           cmake

     

       32
       32
       +
           nasm

     

       33
       33
       +
           openssl

     

       34
       34
       +
           python3

     

       35
       35
       +
         ];

     

       24
       36
        
       }

+7 -1

pkgs/os-specific/linux/sgx/sdk/samples.nix

···

       12
       12
        
           buildInputs = [

     

       13
       13
        
             sgx-sdk

     

       14
       14
        
           ];

     

       15
       15
       -
           enableParallelBuilding = true;

     

       15
       15
       +
       

     

       16
       16
       +
           # The samples don't have proper support for parallel building

     

       17
       17
       +
           # causing them to fail randomly.

     

       18
       18
       +
           enableParallelBuilding = false;

     

       19
       19
       +
       

     

       16
       20
        
           buildFlags = [

     

       17
       21
        
             "SGX_MODE=SIM"

     

       18
       22
        
           ];

     
···

       44
       48
        
           # Requires interaction

     

       45
       49
        
           doInstallCheck = false;

     

       46
       50
        
         });

     

       51
       51
       +
         protobufSGXDemo = buildSample "ProtobufSGXDemo";

     

       47
       52
        
         remoteAttestation = (buildSample "RemoteAttestation").overrideAttrs (oldAttrs: {

     

       48
       53
        
           dontFixup = true;

     

       49
       54
        
           installCheckPhase = ''

     
···

       52
       57
        
         });

     

       53
       58
        
         sampleEnclave = buildSample "SampleEnclave";

     

       54
       59
        
         sampleEnclavePCL = buildSample "SampleEnclavePCL";

     

       60
       60
       +
         sampleEnclaveGMIPP = buildSample "SampleEnclaveGMIPP";

     

       55
       61
        
         sealUnseal = buildSample "SealUnseal";

     

       56
       62
        
         switchless = buildSample "Switchless";

     

       57
       63
        
       }

+39

pkgs/servers/http/apache-modules/mod_itk/default.nix

···

       1
       1
       +
       { lib

     

       2
       2
       +
       , stdenv

     

       3
       3
       +
       , fetchurl

     

       4
       4
       +
       , pkg-config

     

       5
       5
       +
       , mod_ca

     

       6
       6
       +
       , apr

     

       7
       7
       +
       , aprutil

     

       8
       8
       +
       , apacheHttpd

     

       9
       9
       +
       }:

     

       10
       10
       +
       

     

       11
       11
       +
       stdenv.mkDerivation rec {

     

       12
       12
       +
         pname = "mod_itk";

     

       13
       13
       +
         version = "2.4.7-04";

     

       14
       14
       +
       

     

       15
       15
       +
         src = fetchurl {

     

       16
       16
       +
           url = "http://mpm-itk.sesse.net/mpm-itk-${version}.tar.gz";

     

       17
       17
       +
           sha256 = "sha256:1kzgd1332pgpxf489kr0vdwsaik0y8wp3q282d4wa5jlk7l877v0";

     

       18
       18
       +
         };

     

       19
       19
       +
       

     

       20
       20
       +
         nativeBuildInputs = [ pkg-config ];

     

       21
       21
       +
         buildInputs = [ mod_ca apr aprutil apacheHttpd ];

     

       22
       22
       +
       

     

       23
       23
       +
         installPhase = ''

     

       24
       24
       +
           runHook preInstall

     

       25
       25
       +
       

     

       26
       26
       +
           mkdir -p $out/modules

     

       27
       27
       +
           ${apacheHttpd.dev}/bin/apxs -S LIBEXECDIR=$out/modules -i mpm_itk.la

     

       28
       28
       +
       

     

       29
       29
       +
           runHook postInstall

     

       30
       30
       +
         '';

     

       31
       31
       +
       

     

       32
       32
       +
         meta = with lib; {

     

       33
       33
       +
           description = "an MPM (Multi-Processing Module) for the Apache web server.";

     

       34
       34
       +
           maintainers = [ maintainers.zupo ];

     

       35
       35
       +
           homepage = "http://mpm-itk.sesse.net/";

     

       36
       36
       +
           license = licenses.asl20;

     

       37
       37
       +
           platforms = platforms.unix;

     

       38
       38
       +
         };

     

       39
       39
       +
       }

-1

pkgs/servers/nitter/default.nix

···

       45
       45
        
           homepage = "https://github.com/zedeus/nitter";

     

       46
       46
        
           maintainers = with maintainers; [ erdnaxe ];

     

       47
       47
        
           license = licenses.agpl3Only;

     

       48
       48
       -
           platforms = [ "x86_64-linux" ];

     

       49
       48
        
           mainProgram = "nitter";

     

       50
       49
        
         };

     

       51
       50
        
       }

+2 -2

pkgs/servers/tailscale/default.nix

···

       2
       2
        
       

     

       3
       3
        
       buildGoModule rec {

     

       4
       4
        
         pname = "tailscale";

     

       5
       5
       -
         version = "1.18.1";

     

       5
       5
       +
         version = "1.18.2";

     

       6
       6
        
       

     

       7
       7
        
         src = fetchFromGitHub {

     

       8
       8
        
           owner = "tailscale";

     

       9
       9
        
           repo = "tailscale";

     

       10
       10
        
           rev = "v${version}";

     

       11
       11
       -
           sha256 = "sha256-DmgCuv10TiB4UYISthJ1UghuPdvRKYl0cU9VxDvFjMc=";

     

       11
       11
       +
           sha256 = "sha256-8leFG2gYXw+orN/2NfjTvgRqSZSdso7OHIgECEJrO9k=";

     

       12
       12
        
         };

     

       13
       13
        
       

     

       14
       14
        
         nativeBuildInputs = lib.optionals stdenv.isLinux [ makeWrapper ];

+3 -4

pkgs/tools/misc/flameshot/default.nix

···

       21
       21
        
         };

     

       22
       22
        
       

     

       23
       23
        
         patches = [

     

       24
       24
       -
           # Support for USE_LAUNCHER_ABSOLUTE_PATH.

     

       24
       24
       +
           # Use absolute install path for `Exec=` in the desktop file.

     

       25
       25
       +
           # This is required since KWin relies on absolute paths in `Exec=` to find a process'

     

       26
       26
       +
           # corresponding desktop file and check if it's allowed to take screenshot.

     

       25
       27
        
           # Should be removed when the next release comes out.

     

       26
       28
        
           (fetchpatch {

     

       27
       29
        
             url = "https://github.com/flameshot-org/flameshot/commit/1031980ed1e62d24d7f719998b7951d48801e3fa.patch";

     
···

       43
       45
        
       

     

       44
       46
        
         nativeBuildInputs = [ cmake qttools qtsvg ];

     

       45
       47
        
         buildInputs = [ qtbase ];

     

       46
       46
       -
       

     

       47
       47
       -
         # Use relative path for the .desktop file.

     

       48
       48
       -
         cmakeFlags = [ "-DUSE_LAUNCHER_ABSOLUTE_PATH=OFF" ];

     

       49
       48
        
       

     

       50
       49
        
         meta = with lib; {

     

       51
       50
        
           description = "Powerful yet simple to use screenshot software";

+3 -1

pkgs/tools/networking/driftnet/default.nix

···

       35
       35
        
             url = "https://github.com/deiv/driftnet/pull/33/commits/bef5f3509ab5710161e9e21ea960a997eada534f.patch";

     

       36
       36
        
             sha256 = "1b7p9fkgp7dxv965l7q7y632s80h3nnrkaqnak2h0hakwv0i4pvm";

     

       37
       37
        
           })

     

       38
       38
       +
           # https://github.com/deiv/driftnet/issues/37

     

       39
       39
       +
           ./libwebsockets-4.3.0.patch

     

       38
       40
        
         ];

     

       39
       41
        
       

     

       40
       42
        
         enableParallelBuilding = true;

     
···

       59
       61
        
           homepage = "https://github.com/deiv/driftnet";

     

       60
       62
        
           maintainers = with maintainers; [ offline ];

     

       61
       63
        
           platforms = platforms.linux ++ platforms.darwin;

     

       62
       62
       -
           license = licenses.gpl2;

     

       64
       64
       +
           license = licenses.gpl2Plus;

     

       63
       65
        
         };

     

       64
       66
        
       }

-61

pkgs/tools/networking/driftnet/fix-darwin-build.patch

···

       1
       1
       -
       diff --git a/src/compat/compat.h b/src/compat/compat.h

     

       2
       2
       -
       index 6add422..ea80406 100644

     

       3
       3
       -
       --- a/src/compat/compat.h

     

       4
       4
       -
       +++ b/src/compat/compat.h

     

       5
       5
       -
       @@ -17,7 +17,7 @@

     

       6
       6
       -
            #include <config.h>

     

       7
       7
       -
        #endif

     

       8
       8
       -
        

     

       9
       9
       -
       -#ifdef __FreeBSD__

     

       10
       10
       -
       +#if defined(__FreeBSD__) || defined(__APPLE__)

     

       11
       11
       -
            #include <sys/types.h>

     

       12
       12
       -
        #endif

     

       13
       13
       -
        

     

       14
       14
       -
       diff --git a/src/network/layer2.c b/src/network/layer2.c

     

       15
       15
       -
       index 763f0ac..2497b72 100644

     

       16
       16
       -
       --- a/src/network/layer2.c

     

       17
       17
       -
       +++ b/src/network/layer2.c

     

       18
       18
       -
       @@ -14,7 +14,7 @@

     

       19
       19
       -
        

     

       20
       20
       -
        #include <string.h>

     

       21
       21
       -
        

     

       22
       22
       -
       -#ifdef __FreeBSD__

     

       23
       23
       -
       +#if defined(__FreeBSD__) || defined(__APPLE__)

     

       24
       24
       -
        #include <netinet/in_systm.h>

     

       25
       25
       -
        #include <netinet/in.h>

     

       26
       26
       -
        #else

     

       27
       27
       -
       @@ -29,7 +29,7 @@

     

       28
       28
       -
        /*

     

       29
       29
       -
         * Freebsd and Cygwin doesn't define 'ethhdr'

     

       30
       30
       -
         */

     

       31
       31
       -
       -#if defined(__FreeBSD__) || defined(__CYGWIN__)

     

       32
       32
       -
       +#if defined(__FreeBSD__) || defined(__CYGWIN__) || defined(__APPLE__)

     

       33
       33
       -
        

     

       34
       34
       -
        #define ETH_ALEN	6			/* Octets in one ethernet addr	 */

     

       35
       35
       -
        #define ETH_P_IP	0x0800		/* Internet Protocol packet	*/

     

       36
       36
       -
       diff --git a/src/network/layer3.c b/src/network/layer3.c

     

       37
       37
       -
       index 7864126..aae2041 100644

     

       38
       38
       -
       --- a/src/network/layer3.c

     

       39
       39
       -
       +++ b/src/network/layer3.c

     

       40
       40
       -
       @@ -15,7 +15,7 @@

     

       41
       41
       -
        #include <string.h>

     

       42
       42
       -
        #include <assert.h>

     

       43
       43
       -
        

     

       44
       44
       -
       -#ifdef __FreeBSD__

     

       45
       45
       -
       +#if defined(__FreeBSD__) || defined(__APPLE__)

     

       46
       46
       -
        #include <netinet/in_systm.h>

     

       47
       47
       -
        #include <netinet/in.h>

     

       48
       48
       -
        #include <sys/socket.h>

     

       49
       49
       -
       diff --git a/src/pid.c b/src/pid.c

     

       50
       50
       -
       index 621834e..94e7dcc 100644

     

       51
       51
       -
       --- a/src/pid.c

     

       52
       52
       -
       +++ b/src/pid.c

     

       53
       53
       -
       @@ -14,7 +14,7 @@

     

       54
       54
       -
        

     

       55
       55
       -
        #include "compat/compat.h"

     

       56
       56
       -
        

     

       57
       57
       -
       -#ifdef __FreeBSD__

     

       58
       58
       -
       +#if defined(__FreeBSD__) || defined(__APPLE__)

     

       59
       59
       -
        #include <sys/stat.h>

     

       60
       60
       -
        #endif

     

       61
       61
       -
        #include <fcntl.h>

+12

pkgs/tools/networking/driftnet/libwebsockets-4.3.0.patch

···

       1
       1
       +
       diff --git a/src/http_display/httpd.c b/src/http_display/httpd.c

     

       2
       2
       +
       index f4709ef..7921d23 100644

     

       3
       3
       +
       --- a/src/http_display/httpd.c

     

       4
       4
       +
       +++ b/src/http_display/httpd.c

     

       5
       5
       +
       @@ -191,7 +191,6 @@ static void * http_server_dispatch(void *arg)

     

       6
       6
       +
                LWSMPRO_FILE,                  /* mount type is a directory in a filesystem */

     

       7
       7
       +
                1,                                     /* strlen("/"), ie length of the mountpoint */

     

       8
       8
       +
                NULL,

     

       9
       9
       +
       -        { NULL, NULL } // sentinel

     

       10
       10
       +
            };

     

       11
       11
       +
       

     

       12
       12
       +
            memset(&info, 0, sizeof info);

+14 -11

pkgs/tools/security/swtpm/default.nix

···

       1
       1
        
       { lib

     

       2
       2
        
       , stdenv

     

       3
       3
       -
       , fetchFromGitHub, fetchpatch

     

       3
       3
       +
       , fetchFromGitHub

     

       4
       4
        
       , autoreconfHook

     

       5
       5
        
       , pkg-config

     

       6
       6
        
       , libtasn1, openssl, fuse, glib, libseccomp, json-glib

     
···

       8
       8
        
       , unixtools, expect, socat

     

       9
       9
        
       , gnutls

     

       10
       10
        
       , perl

     

       11
       11
       +
       

     

       12
       12
       +
       # Tests

     

       13
       13
       +
       , python3, which

     

       11
       14
        
       }:

     

       12
       15
        
       

     

       13
       16
        
       stdenv.mkDerivation rec {

     

       14
       17
        
         pname = "swtpm";

     

       15
       15
       -
         version = "0.6.1";

     

       18
       18
       +
         version = "0.7.0";

     

       16
       19
        
       

     

       17
       20
        
         src = fetchFromGitHub {

     

       18
       21
        
           owner = "stefanberger";

     

       19
       22
        
           repo = "swtpm";

     

       20
       23
        
           rev = "v${version}";

     

       21
       21
       -
           sha256 = "sha256-iy8xjKnPLq1ntZa9x+KtLDznzu6m+1db3NPeGQESUVo=";

     

       24
       24
       +
           sha256 = "sha256-5MKQmZxTW8WofmTkV9kGeGN5RxsgVVMFZEF3rPDUO6Q=";

     

       22
       25
        
         };

     

       23
       26
        
       

     

       24
       24
       -
         patches = [

     

       25
       25
       -
           (fetchpatch {

     

       26
       26
       -
             url = "https://patch-diff.githubusercontent.com/raw/stefanberger/swtpm/pull/527.patch";

     

       27
       27
       -
             sha256 = "sha256-cpKHP15a27ifmmswSgHoNzGPO6TY/ZuJIfM5xLOlqlU=";

     

       28
       28
       -
           })

     

       29
       29
       -
         ];

     

       30
       30
       -
       

     

       31
       27
        
         nativeBuildInputs = [

     

       32
       28
        
           pkg-config unixtools.netstat expect socat

     

       33
       29
        
           perl # for pod2man

     

       34
       30
        
           autoreconfHook

     

       35
       31
        
         ];

     

       36
       32
        
       

     

       33
       33
       +
         checkInputs = [

     

       34
       34
       +
           python3 which

     

       35
       35
       +
         ];

     

       36
       36
       +
       

     

       37
       37
        
         buildInputs = [

     

       38
       38
        
           libtpms

     

       39
       39
        
           openssl libtasn1 libseccomp

     
···

       47
       47
        
         ];

     

       48
       48
        
       

     

       49
       49
        
         postPatch = ''

     

       50
       50
       +
           patchShebangs tests/*

     

       51
       51
       +
       

     

       50
       52
        
           # Makefile tries to create the directory /var/lib/swtpm-localca, which fails

     

       51
       53
        
           substituteInPlace samples/Makefile.am \

     

       52
       54
        
               --replace 'install-data-local:' 'do-not-execute:'

     

       53
       55
        
       

     

       54
       56
        
           # Use the correct path to the certtool binary

     

       55
       57
        
           # instead of relying on it being in the environment

     

       56
       56
       -
           substituteInPlace samples/swtpm_localca.c --replace \

     

       58
       58
       +
           substituteInPlace src/swtpm_localca/swtpm_localca.c --replace \

     

       57
       59
        
               '# define CERTTOOL_NAME "certtool"' \

     

       58
       60
        
               '# define CERTTOOL_NAME "${gnutls}/bin/certtool"'

     

       59
       61
        
         '';

     

       60
       62
        
       

     

       63
       63
       +
         doCheck = true;

     

       61
       64
        
         enableParallelBuilding = true;

     

       62
       65
        
       

     

       63
       66
        
         outputs = [ "out" "man" ];

+3 -1

pkgs/top-level/all-packages.nix

···

       20716
       20716
        
           mod_wsgi2 = callPackage ../servers/http/apache-modules/mod_wsgi { python = python2; ncurses = null; };

     

       20717
       20717
        
           mod_wsgi3 = callPackage ../servers/http/apache-modules/mod_wsgi { python = python3; };

     

       20718
       20718
        
       

     

       20719
       20719
       +
           mod_itk = callPackage ../servers/http/apache-modules/mod_itk { };

     

       20720
       20720
       +
       

     

       20719
       20721
        
           php = pkgs.php.override { inherit apacheHttpd; };

     

       20720
       20722
        
       

     

       20721
       20723
        
           subversion = pkgs.subversion.override { httpServer = true; inherit apacheHttpd; };

     
···

       29438
       29440
        
         };

     

       29439
       29441
        
       

     

       29440
       29442
        
         xastir = callPackage ../applications/misc/xastir {

     

       29441
       29441
       -
           rastermagick = imagemagick;

     

       29443
       29443
       +
           rastermagick = imagemagick6;

     

       29442
       29444
        
           inherit (xorg) libXt;

     

       29443
       29445
        
         };

     

       29444
       29446

-2

pkgs/top-level/nim-packages.nix

···

       48
       48
        
       

     

       49
       49
        
           pixie = callPackage ../development/nim-packages/pixie { };

     

       50
       50
        
       

     

       51
       51
       -
           python = callPackage ../development/nim-packages/python { };

     

       52
       52
       -
       

     

       53
       51
        
           redis = callPackage ../development/nim-packages/redis { };

     

       54
       52
        
       

     

       55
       53
        
           redpool = callPackage ../development/nim-packages/redpool { };