diff --git a/nixos/modules/config/krb5/default.nix b/nixos/modules/config/krb5/default.nix index c2302451d702..6db2a7e40391 100644 --- a/nixos/modules/config/krb5/default.nix +++ b/nixos/modules/config/krb5/default.nix @@ -84,7 +84,7 @@ in { type = types.package; default = pkgs.krb5Full; defaultText = "pkgs.krb5Full"; - example = literalExample "pkgs.heimdalFull"; + example = literalExample "pkgs.heimdal"; description = '' The Kerberos implementation that will be present in environment.systemPackages after enabling this diff --git a/nixos/modules/programs/atop.nix b/nixos/modules/programs/atop.nix index b45eb16e3eaf..918c228b3f52 100644 --- a/nixos/modules/programs/atop.nix +++ b/nixos/modules/programs/atop.nix @@ -141,8 +141,15 @@ in // mkService cfg.atopgpu.enable "atopgpu" [ atop ]; timers = mkTimer cfg.atopRotateTimer.enable "atop-rotate" [ atop ]; }; - security.wrappers = - lib.mkIf cfg.setuidWrapper.enable { atop = { source = "${atop}/bin/atop"; }; }; + + security.wrappers = lib.mkIf cfg.setuidWrapper.enable { + atop = + { setuid = true; + owner = "root"; + group = "root"; + source = "${atop}/bin/atop"; + }; + }; } ); } diff --git a/nixos/modules/programs/plotinus.nix b/nixos/modules/programs/plotinus.nix index e3549c79588b..2c90a41ba029 100644 --- a/nixos/modules/programs/plotinus.nix +++ b/nixos/modules/programs/plotinus.nix @@ -30,7 +30,7 @@ in ###### implementation config = mkIf cfg.enable { - environment.variables.XDG_DATA_DIRS = [ "${pkgs.plotinus}/share/gsettings-schemas/${pkgs.plotinus.name}" ]; + environment.sessionVariables.XDG_DATA_DIRS = [ "${pkgs.plotinus}/share/gsettings-schemas/${pkgs.plotinus.name}" ]; environment.variables.GTK3_MODULES = [ "${pkgs.plotinus}/lib/libplotinus.so" ]; }; } diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix index 33d217ba60ed..f2c76a56d8d7 100644 --- a/nixos/modules/services/cluster/kubernetes/default.nix +++ b/nixos/modules/services/cluster/kubernetes/default.nix @@ -5,28 +5,33 @@ with lib; let cfg = config.services.kubernetes; - defaultContainerdConfigFile = pkgs.writeText "containerd.toml" '' - version = 2 - root = "/var/lib/containerd" - state = "/run/containerd" - oom_score = 0 + defaultContainerdSettings = { + version = 2; + root = "/var/lib/containerd"; + state = "/run/containerd"; + oom_score = 0; - [grpc] - address = "/run/containerd/containerd.sock" + grpc = { + address = "/run/containerd/containerd.sock"; + }; - [plugins."io.containerd.grpc.v1.cri"] - sandbox_image = "pause:latest" + plugins."io.containerd.grpc.v1.cri" = { + sandbox_image = "pause:latest"; - [plugins."io.containerd.grpc.v1.cri".cni] - bin_dir = "/opt/cni/bin" - max_conf_num = 0 + cni = { + bin_dir = "/opt/cni/bin"; + max_conf_num = 0; + }; - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] - runtime_type = "io.containerd.runc.v2" + containerd.runtimes.runc = { + runtime_type = "io.containerd.runc.v2"; + }; - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes."io.containerd.runc.v2".options] - SystemdCgroup = true - ''; + containerd.runtimes."io.containerd.runc.v2".options = { + SystemdCgroup = true; + }; + }; + }; mkKubeConfig = name: conf: pkgs.writeText "${name}-kubeconfig" (builtins.toJSON { apiVersion = "v1"; @@ -248,7 +253,7 @@ in { (mkIf cfg.kubelet.enable { virtualisation.containerd = { enable = mkDefault true; - configFile = mkDefault defaultContainerdConfigFile; + settings = mkDefault defaultContainerdSettings; }; }) diff --git a/nixos/modules/services/networking/dnscrypt-wrapper.nix b/nixos/modules/services/networking/dnscrypt-wrapper.nix index 89360f4bf373..400d6e67044e 100644 --- a/nixos/modules/services/networking/dnscrypt-wrapper.nix +++ b/nixos/modules/services/networking/dnscrypt-wrapper.nix @@ -217,6 +217,7 @@ in { home = "${dataDir}"; createHome = true; isSystemUser = true; + group = "dnscrypt-wrapper"; }; users.groups.dnscrypt-wrapper = { }; diff --git a/nixos/modules/services/networking/flannel.nix b/nixos/modules/services/networking/flannel.nix index 32a7eb3ed69e..2d67a2a2ad22 100644 --- a/nixos/modules/services/networking/flannel.nix +++ b/nixos/modules/services/networking/flannel.nix @@ -164,7 +164,7 @@ in { path = [ pkgs.iptables ]; preStart = optionalString (cfg.storageBackend == "etcd") '' echo "setting network configuration" - until ${pkgs.etcdctl}/bin/etcdctl set /coreos.com/network/config '${builtins.toJSON networkConfig}' + until ${pkgs.etcd}/bin/etcdctl set /coreos.com/network/config '${builtins.toJSON networkConfig}' do echo "setting network configuration, retry" sleep 1 diff --git a/nixos/modules/services/search/meilisearch.nix b/nixos/modules/services/search/meilisearch.nix index 913a885993ca..9ed1a0e9053e 100644 --- a/nixos/modules/services/search/meilisearch.nix +++ b/nixos/modules/services/search/meilisearch.nix @@ -8,7 +8,7 @@ let in { - meta.maintainers = with maintainers; [ filalex77 ]; + meta.maintainers = with maintainers; [ Br1ght0ne ]; ###### interface diff --git a/nixos/modules/services/system/kerberos/heimdal.nix b/nixos/modules/services/system/kerberos/heimdal.nix index f0e56c7951a4..837c59caa562 100644 --- a/nixos/modules/services/system/kerberos/heimdal.nix +++ b/nixos/modules/services/system/kerberos/heimdal.nix @@ -27,7 +27,7 @@ in { # No documentation about correct triggers, so guessing at them. - config = mkIf (cfg.enable && kerberos == pkgs.heimdalFull) { + config = mkIf (cfg.enable && kerberos == pkgs.heimdal) { systemd.services.kadmind = { description = "Kerberos Administration Daemon"; wantedBy = [ "multi-user.target" ]; diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 325caba07ea3..66b0f4f258d3 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -223,7 +223,6 @@ in krb5 = discoverTests (import ./krb5 {}); ksm = handleTest ./ksm.nix {}; kubernetes = handleTestOn ["x86_64-linux"] ./kubernetes {}; - latestKernel.hardened = handleTest ./hardened.nix { latestKernel = true; }; latestKernel.login = handleTest ./login.nix { latestKernel = true; }; leaps = handleTest ./leaps.nix {}; libreddit = handleTest ./libreddit.nix {}; diff --git a/nixos/tests/atop.nix b/nixos/tests/atop.nix index 1f8b005041f0..f7a90346f3d7 100644 --- a/nixos/tests/atop.nix +++ b/nixos/tests/atop.nix @@ -105,8 +105,6 @@ let assertions = rec { }; in { - name = "atop"; - justThePackage = makeTest { name = "atop-justThePackage"; machine = { diff --git a/nixos/tests/cntr.nix b/nixos/tests/cntr.nix index 8cffd97459d0..668470756209 100644 --- a/nixos/tests/cntr.nix +++ b/nixos/tests/cntr.nix @@ -9,7 +9,7 @@ let makeTest { name = "cntr-${backend}"; - meta = { maintainers = with lib.maintainers; [ srk mic92 ]; }; + meta = { maintainers = with lib.maintainers; [ sorki mic92 ]; }; nodes = { ${backend} = { pkgs, ... }: { diff --git a/nixos/tests/ec2.nix b/nixos/tests/ec2.nix index df0672480168..aa3c2b7051f6 100644 --- a/nixos/tests/ec2.nix +++ b/nixos/tests/ec2.nix @@ -24,6 +24,11 @@ let ln -s vda1 /dev/xvda1 ''; + # In a NixOS test the serial console is occupied by the "backdoor" + # (see testing/test-instrumentation.nix) and is incompatible with + # the configuration in virtualisation/amazon-image.nix. + systemd.services."serial-getty@ttyS0".enable = mkForce false; + # Needed by nixos-rebuild due to the lack of network # access. Determined by trial and error. system.extraDependencies = with pkgs; ( [ diff --git a/nixos/tests/enlightenment.nix b/nixos/tests/enlightenment.nix index cc1da649d493..4623574ce92e 100644 --- a/nixos/tests/enlightenment.nix +++ b/nixos/tests/enlightenment.nix @@ -11,8 +11,8 @@ import ./make-test-python.nix ({ pkgs, ...} : imports = [ ./common/user-account.nix ]; services.xserver.enable = true; services.xserver.desktopManager.enlightenment.enable = true; - services.xserver.displayManager.lightdm = { - enable = true; + services.xserver.displayManager = { + lightdm.enable = true; autoLogin = { enable = true; user = "alice"; diff --git a/nixos/tests/hardened.nix b/nixos/tests/hardened.nix index b76ae83a3287..da7e0972e131 100644 --- a/nixos/tests/hardened.nix +++ b/nixos/tests/hardened.nix @@ -1,4 +1,4 @@ -import ./make-test-python.nix ({ pkgs, latestKernel ? false, ... } : { +import ./make-test-python.nix ({ pkgs, ... } : { name = "hardened"; meta = with pkgs.lib.maintainers; { maintainers = [ joachifm ]; @@ -10,8 +10,6 @@ import ./make-test-python.nix ({ pkgs, latestKernel ? false, ... } : { { users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; }; users.users.sybil = { isNormalUser = true; group = "wheel"; }; imports = [ ../modules/profiles/hardened.nix ]; - boot.kernelPackages = - lib.mkIf latestKernel pkgs.linuxPackages_latest_hardened; environment.memoryAllocator.provider = "graphene-hardened"; nix.useSandbox = false; virtualisation.emptyDiskImages = [ 4096 ]; diff --git a/nixos/tests/kerberos/heimdal.nix b/nixos/tests/kerberos/heimdal.nix index 8abae667d043..391a61cc9a90 100644 --- a/nixos/tests/kerberos/heimdal.nix +++ b/nixos/tests/kerberos/heimdal.nix @@ -9,7 +9,7 @@ import ../make-test-python.nix ({pkgs, ...}: { }; krb5 = { enable = true; - kerberos = pkgs.heimdalFull; + kerberos = pkgs.heimdal; libdefaults = { default_realm = "FOO.BAR"; }; diff --git a/nixos/tests/meilisearch.nix b/nixos/tests/meilisearch.nix index ef5781458ffd..c379bda74c59 100644 --- a/nixos/tests/meilisearch.nix +++ b/nixos/tests/meilisearch.nix @@ -10,7 +10,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: ''; in { name = "meilisearch"; - meta.maintainers = with lib.maintainers; [ filalex77 ]; + meta.maintainers = with lib.maintainers; [ Br1ght0ne ]; machine = { ... }: { environment.systemPackages = with pkgs; [ curl jq ]; diff --git a/nixos/tests/minio.nix b/nixos/tests/minio.nix index e49c517098ae..ad51f738d490 100644 --- a/nixos/tests/minio.nix +++ b/nixos/tests/minio.nix @@ -28,7 +28,10 @@ in { machine = { pkgs, ... }: { services.minio = { enable = true; - inherit accessKey secretKey; + rootCredentialsFile = pkgs.writeText "minio-credentials" '' + MINIO_ROOT_USER=${accessKey} + MINIO_ROOT_PASSWORD=${secretKey} + ''; }; environment.systemPackages = [ pkgs.minio-client ]; diff --git a/nixos/tests/mpv.nix b/nixos/tests/mpv.nix index bcfc17cf3328..9e44862cb1b4 100644 --- a/nixos/tests/mpv.nix +++ b/nixos/tests/mpv.nix @@ -14,7 +14,7 @@ in { environment.systemPackages = [ pkgs.curl - (pkgs.mpv-with-scripts.override { + (pkgs.wrapMpv pkgs.mpv-unwrapped { scripts = [ pkgs.mpvScripts.simple-mpv-webui ]; }) ]; diff --git a/nixos/tests/mysql/mariadb-galera-mariabackup.nix b/nixos/tests/mysql/mariadb-galera-mariabackup.nix index 1c73bc854a57..10682c361d1d 100644 --- a/nixos/tests/mysql/mariadb-galera-mariabackup.nix +++ b/nixos/tests/mysql/mariadb-galera-mariabackup.nix @@ -4,6 +4,16 @@ let mysqlenv-common = pkgs.buildEnv { name = "mysql-path-env-common"; pathsToLink = [ "/bin" ]; paths = with pkgs; [ bash gawk gnutar inetutils which ]; }; mysqlenv-mariabackup = pkgs.buildEnv { name = "mysql-path-env-mariabackup"; pathsToLink = [ "/bin" ]; paths = with pkgs; [ gzip iproute2 netcat procps pv socat ]; }; + # Common user configuration + users = { ... }: + { + users.users.testuser = { + isSystemUser = true; + group = "testusers"; + }; + users.groups.testusers = { }; + }; + in { name = "mariadb-galera-mariabackup"; meta = with pkgs.lib.maintainers; { @@ -17,6 +27,7 @@ in { galera_01 = { pkgs, ... }: { + imports = [ users ]; networking = { interfaces.eth1 = { ipv4.addresses = [ @@ -31,7 +42,6 @@ in { firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ]; firewall.allowedUDPPorts = [ 4567 ]; }; - users.users.testuser = { isSystemUser = true; }; systemd.services.mysql = with pkgs; { path = [ mysqlenv-common mysqlenv-mariabackup ]; }; @@ -75,6 +85,7 @@ in { galera_02 = { pkgs, ... }: { + imports = [ users ]; networking = { interfaces.eth1 = { ipv4.addresses = [ @@ -89,7 +100,6 @@ in { firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ]; firewall.allowedUDPPorts = [ 4567 ]; }; - users.users.testuser = { isSystemUser = true; }; systemd.services.mysql = with pkgs; { path = [ mysqlenv-common mysqlenv-mariabackup ]; }; @@ -122,6 +132,7 @@ in { galera_03 = { pkgs, ... }: { + imports = [ users ]; networking = { interfaces.eth1 = { ipv4.addresses = [ @@ -136,7 +147,6 @@ in { firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ]; firewall.allowedUDPPorts = [ 4567 ]; }; - users.users.testuser = { isSystemUser = true; }; systemd.services.mysql = with pkgs; { path = [ mysqlenv-common mysqlenv-mariabackup ]; }; diff --git a/nixos/tests/mysql/mariadb-galera-rsync.nix b/nixos/tests/mysql/mariadb-galera-rsync.nix index 709a8b5085cb..701e01e88718 100644 --- a/nixos/tests/mysql/mariadb-galera-rsync.nix +++ b/nixos/tests/mysql/mariadb-galera-rsync.nix @@ -4,6 +4,16 @@ let mysqlenv-common = pkgs.buildEnv { name = "mysql-path-env-common"; pathsToLink = [ "/bin" ]; paths = with pkgs; [ bash gawk gnutar inetutils which ]; }; mysqlenv-rsync = pkgs.buildEnv { name = "mysql-path-env-rsync"; pathsToLink = [ "/bin" ]; paths = with pkgs; [ lsof procps rsync stunnel ]; }; + # Common user configuration + users = { ... }: + { + users.users.testuser = { + isSystemUser = true; + group = "testusers"; + }; + users.groups.testusers = { }; + }; + in { name = "mariadb-galera-rsync"; meta = with pkgs.lib.maintainers; { @@ -17,6 +27,7 @@ in { galera_04 = { pkgs, ... }: { + imports = [ users ]; networking = { interfaces.eth1 = { ipv4.addresses = [ @@ -31,7 +42,6 @@ in { firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ]; firewall.allowedUDPPorts = [ 4567 ]; }; - users.users.testuser = { isSystemUser = true; }; systemd.services.mysql = with pkgs; { path = [ mysqlenv-common mysqlenv-rsync ]; }; @@ -70,6 +80,7 @@ in { galera_05 = { pkgs, ... }: { + imports = [ users ]; networking = { interfaces.eth1 = { ipv4.addresses = [ @@ -84,7 +95,6 @@ in { firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ]; firewall.allowedUDPPorts = [ 4567 ]; }; - users.users.testuser = { isSystemUser = true; }; systemd.services.mysql = with pkgs; { path = [ mysqlenv-common mysqlenv-rsync ]; }; @@ -116,6 +126,7 @@ in { galera_06 = { pkgs, ... }: { + imports = [ users ]; networking = { interfaces.eth1 = { ipv4.addresses = [ @@ -130,7 +141,6 @@ in { firewall.allowedTCPPorts = [ 3306 4444 4567 4568 ]; firewall.allowedUDPPorts = [ 4567 ]; }; - users.users.testuser = { isSystemUser = true; }; systemd.services.mysql = with pkgs; { path = [ mysqlenv-common mysqlenv-rsync ]; }; diff --git a/nixos/tests/mysql/mysql.nix b/nixos/tests/mysql/mysql.nix index 2ec9c3d50a3c..dce5fa26acf7 100644 --- a/nixos/tests/mysql/mysql.nix +++ b/nixos/tests/mysql/mysql.nix @@ -1,4 +1,26 @@ -import ./../make-test-python.nix ({ pkgs, ...} : { +import ./../make-test-python.nix ({ pkgs, ...}: + + +let + # Setup common users + users = { ... }: + { + users.groups.testusers = { }; + + users.users.testuser = { + isSystemUser = true; + group = "testusers"; + }; + + users.users.testuser2 = { + isSystemUser = true; + group = "testusers"; + }; + }; + +in + +{ name = "mysql"; meta = with pkgs.lib.maintainers; { maintainers = [ eelco shlevy ]; @@ -9,8 +31,8 @@ import ./../make-test-python.nix ({ pkgs, ...} : { { pkgs, ... }: { - users.users.testuser = { isSystemUser = true; }; - users.users.testuser2 = { isSystemUser = true; }; + imports = [ users ]; + services.mysql.enable = true; services.mysql.initialDatabases = [ { name = "testdb3"; schema = ./testdb.sql; } @@ -40,12 +62,12 @@ import ./../make-test-python.nix ({ pkgs, ...} : { { pkgs, ... }: { + imports = [ users ]; + # prevent oom: # Kernel panic - not syncing: Out of memory: compulsory panic_on_oom is enabled virtualisation.memorySize = 1024; - users.users.testuser = { isSystemUser = true; }; - users.users.testuser2 = { isSystemUser = true; }; services.mysql.enable = true; services.mysql.initialDatabases = [ { name = "testdb3"; schema = ./testdb.sql; } @@ -75,8 +97,8 @@ import ./../make-test-python.nix ({ pkgs, ...} : { { pkgs, ... }: { - users.users.testuser = { isSystemUser = true; }; - users.users.testuser2 = { isSystemUser = true; }; + imports = [ users ]; + services.mysql.enable = true; services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" '' ALTER USER root@localhost IDENTIFIED WITH unix_socket; diff --git a/nixos/tests/postfixadmin.nix b/nixos/tests/postfixadmin.nix index aba5e3eed102..b2712f4699ae 100644 --- a/nixos/tests/postfixadmin.nix +++ b/nixos/tests/postfixadmin.nix @@ -1,6 +1,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { name = "postfixadmin"; - meta = with pkgs.stdenv.lib.maintainers; { + meta = with pkgs.lib.maintainers; { maintainers = [ globin ]; }; diff --git a/nixos/tests/prometheus-exporters.nix b/nixos/tests/prometheus-exporters.nix index 61cdbbcf4558..38b93c4087c0 100644 --- a/nixos/tests/prometheus-exporters.nix +++ b/nixos/tests/prometheus-exporters.nix @@ -555,7 +555,11 @@ let WorkingDirectory = "/var/spool/mail"; }; }; - users.users.mailexporter.isSystemUser = true; + users.users.mailexporter = { + isSystemUser = true; + group = "mailexporter"; + }; + users.groups.mailexporter = {}; }; exporterTest = '' wait_for_unit("postfix.service") diff --git a/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix b/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix index 94f17605e001..68836c730729 100644 --- a/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix +++ b/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix @@ -42,6 +42,8 @@ import ./make-test-python.nix ({pkgs, ...}: { # DO NOT COPY THIS TO PRODUCTION AS IS. Think about it at least twice. # Everyone on the "isp" machine will be able to add routes to the kernel. security.wrappers.add-dhcpd-lease = { + owner = "root"; + group = "root"; source = pkgs.writeShellScript "add-dhcpd-lease" '' exec ${pkgs.iproute2}/bin/ip -6 route replace "$1" via "$2" ''; diff --git a/nixos/tests/tigervnc.nix b/nixos/tests/tigervnc.nix index c0a52808b279..092eaf238d80 100644 --- a/nixos/tests/tigervnc.nix +++ b/nixos/tests/tigervnc.nix @@ -6,7 +6,7 @@ with import ../lib/testing-python.nix { inherit system pkgs; }; makeTest { name = "tigervnc"; - meta = with pkgs.stdenv.lib.maintainers; { + meta = with pkgs.lib.maintainers; { maintainers = [ lheckemann ]; }; diff --git a/nixos/tests/wasabibackend.nix b/nixos/tests/wasabibackend.nix index 1832698ab698..75730fe24d09 100644 --- a/nixos/tests/wasabibackend.nix +++ b/nixos/tests/wasabibackend.nix @@ -14,7 +14,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { port = 18332; }; }; - services.bitcoind = { + services.bitcoind."testnet" = { enable = true; testnet = true; rpc.users = { diff --git a/pkgs/applications/blockchains/electrs/default.nix b/pkgs/applications/blockchains/electrs/default.nix index 527d368bf825..ec135b7e931d 100644 --- a/pkgs/applications/blockchains/electrs/default.nix +++ b/pkgs/applications/blockchains/electrs/default.nix @@ -2,24 +2,30 @@ , rustPlatform , fetchFromGitHub , llvmPackages +, rocksdb }: rustPlatform.buildRustPackage rec { pname = "electrs"; - version = "0.8.11"; + version = "0.8.12"; src = fetchFromGitHub { owner = "romanz"; repo = pname; rev = "v${version}"; - sha256 = "024sdyvrx7s4inldamq4c8lv0iijjyd18j1mm9x6xf2clmvicaa6"; + sha256 = "0kd5zki9f1pnwscnvd921dw0lc45nfkwk23l33nzdjn005lmsw7v"; }; + cargoSha256 = "1l8dwjwj21crxampzj5c0k98xnisgy3d9c3dkgf5vaybrcp04k85"; + # needed for librocksdb-sys nativeBuildInputs = [ llvmPackages.clang ]; LIBCLANG_PATH = "${llvmPackages.libclang.lib}/lib"; - cargoSha256 = "0yl50ryxidbs9wkabz919mgbmsgsqjp1bjw792l1lkgncq8z9r5b"; + # link rocksdb dynamically + ROCKSDB_INCLUDE_DIR = "${rocksdb}/include"; + ROCKSDB_LIB_DIR = "${rocksdb}/lib"; + cargoBuildFlags = "--no-default-features"; meta = with lib; { description = "An efficient re-implementation of Electrum Server in Rust"; diff --git a/pkgs/applications/blockchains/ledger-live-desktop/default.nix b/pkgs/applications/blockchains/ledger-live-desktop/default.nix index 4b3ba00fb960..acf03368d3c6 100644 --- a/pkgs/applications/blockchains/ledger-live-desktop/default.nix +++ b/pkgs/applications/blockchains/ledger-live-desktop/default.nix @@ -2,12 +2,12 @@ let pname = "ledger-live-desktop"; - version = "2.32.2"; + version = "2.33.1"; name = "${pname}-${version}"; src = fetchurl { url = "https://github.com/LedgerHQ/${pname}/releases/download/v${version}/${pname}-${version}-linux-x86_64.AppImage"; - sha256 = "14agkl6xf0f9s5qldla6p6kzl8zlx61q5m8qy63lq215hrzh9d50"; + sha256 = "1k1h37fbpsib9h8867m2dsfacdjs78gdm61gvrin5gpw1zj10syz"; }; appimageContents = appimageTools.extractType2 { diff --git a/pkgs/applications/misc/wike/default.nix b/pkgs/applications/misc/wike/default.nix index fac8ac2886d3..41722edc4c20 100644 --- a/pkgs/applications/misc/wike/default.nix +++ b/pkgs/applications/misc/wike/default.nix @@ -14,13 +14,13 @@ let ]); in stdenv.mkDerivation rec { pname = "wike"; - version = "1.5.6"; + version = "1.5.7"; src = fetchFromGitHub { owner = "hugolabe"; repo = "Wike"; rev = version; - sha256 = "1qnxzxqjj0sn522k15plskwa7nlhhbcipfc3w17fbq3k2zhpr1yy"; + sha256 = "sha256-SB+ApuSovqQCaZYPhH+duf+c07JDSSCRz8hTVhEa4gY="; }; nativeBuildInputs = [ diff --git a/pkgs/applications/networking/browsers/vieb/default.nix b/pkgs/applications/networking/browsers/vieb/default.nix index 78d08100dfa1..781163050944 100644 --- a/pkgs/applications/networking/browsers/vieb/default.nix +++ b/pkgs/applications/networking/browsers/vieb/default.nix @@ -2,13 +2,13 @@ mkYarnPackage rec { pname = "vieb"; - version = "6.0.0"; + version = "6.1.0"; src = fetchFromGitHub { owner = "Jelmerro"; repo = pname; rev = version; - sha256 = "sha256-3mX6z/CRUQdyQxYK50yqCZIrhPgitsyus4oLkbPqNvM="; + sha256 = "sha256-MJJeHnwfXouBygRT/wFWFMRHxQVf/3k2c7vp/tkD5co="; }; packageJSON = ./package.json; diff --git a/pkgs/applications/networking/cluster/k3s/default.nix b/pkgs/applications/networking/cluster/k3s/default.nix index 4b60ec6ea2dd..445483c1ecde 100644 --- a/pkgs/applications/networking/cluster/k3s/default.nix +++ b/pkgs/applications/networking/cluster/k3s/default.nix @@ -45,10 +45,16 @@ with lib; let k3sVersion = "1.21.4+k3s1"; # k3s git tag k3sCommit = "3e250fdbab72d88f7e6aae57446023a0567ffc97"; # k3s git commit at the above version + k3sRepoSha256 = "1w7drvk0bmlmqrxh1y6dxjy7dk6bdrl72pkd25lc1ir6wbzb05h9"; traefikChartVersion = "9.18.2"; # taken from ./scripts/download at TRAEFIK_VERSION + traefikChartSha256 = "sha256-9d7p0ngyMN27u4OPgz7yI14Zj9y36t9o/HMX5wyDpUI="; + k3sRootVersion = "0.9.1"; # taken from ./scripts/download at ROOT_VERSION + k3sRootSha256 = "sha256-qI84KYJKY/T6pqWZW9lOTq5NzZiu//v1zrMzUCiRTGQ="; + k3sCNIVersion = "0.8.6-k3s1"; # taken from ./scripts/version.sh at VERSION_CNIPLUGINS + k3sCNISha256 = "sha256-uAy17eRRAXPCcnh481KxFMvFQecnnBs24jn5YnVNfY4="; baseMeta = { description = "A lightweight Kubernetes distribution"; @@ -61,7 +67,7 @@ let # bundled into the k3s binary traefikChart = fetchurl { url = "https://helm.traefik.io/traefik/traefik-${traefikChartVersion}.tgz"; - sha256 = "sha256-9d7p0ngyMN27u4OPgz7yI14Zj9y36t9o/HMX5wyDpUI="; + sha256 = traefikChartSha256; }; # so, k3s is a complicated thing to package # This derivation attempts to avoid including any random binaries from the @@ -75,7 +81,7 @@ let k3sRoot = fetchzip { # Note: marked as apache 2.0 license url = "https://github.com/k3s-io/k3s-root/releases/download/v${k3sRootVersion}/k3s-root-amd64.tar"; - sha256 = "sha256-qI84KYJKY/T6pqWZW9lOTq5NzZiu//v1zrMzUCiRTGQ="; + sha256 = k3sRootSha256; stripRoot = false; }; k3sPlugins = buildGoPackage rec { @@ -89,7 +95,7 @@ let owner = "rancher"; repo = "plugins"; rev = "v${version}"; - sha256 = "sha256-uAy17eRRAXPCcnh481KxFMvFQecnnBs24jn5YnVNfY4="; + sha256 = k3sCNISha256; }; meta = baseMeta // { @@ -101,7 +107,7 @@ let k3sRepo = fetchgit { url = "https://github.com/k3s-io/k3s"; rev = "v${k3sVersion}"; - sha256 = "1w7drvk0bmlmqrxh1y6dxjy7dk6bdrl72pkd25lc1ir6wbzb05h9"; + sha256 = k3sRepoSha256; }; # Stage 1 of the k3s build: # Let's talk about how k3s is structured. @@ -280,5 +286,7 @@ stdenv.mkDerivation rec { $out/bin/k3s --version | grep v${k3sVersion} > /dev/null ''; + passthru.updateScript = ./update.sh; + meta = baseMeta; } diff --git a/pkgs/applications/networking/cluster/k3s/update.sh b/pkgs/applications/networking/cluster/k3s/update.sh new file mode 100755 index 000000000000..db895af71c6a --- /dev/null +++ b/pkgs/applications/networking/cluster/k3s/update.sh @@ -0,0 +1,62 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl gnugrep gnused jq + +set -eu -o pipefail + +WORKDIR=$(mktemp -d) +trap "rm -rf ${WORKDIR}" EXIT + +cd $(dirname "${BASH_SOURCE[0]}") + +LATEST_TAG_RAWFILE=${WORKDIR}/latest_tag.json +curl --silent ${GITHUB_TOKEN:+"-u \":$GITHUB_TOKEN\""} \ + https://api.github.com/repos/k3s-io/k3s/releases/latest > ${LATEST_TAG_RAWFILE} + +LATEST_TAG_NAME=$(jq -r '.tag_name' ${LATEST_TAG_RAWFILE}) + +K3S_VERSION=$(echo ${LATEST_TAG_NAME} | sed 's/^v//') + +LATEST_TAG_TARBALL_URL=$(jq -r '.tarball_url' ${LATEST_TAG_RAWFILE}) + +K3S_COMMIT=$(curl --silent ${GITHUB_TOKEN:+"-u \":$GITHUB_TOKEN\""} \ + https://api.github.com/repos/k3s-io/k3s/tags \ + | jq -r "map(select(.name == \"${LATEST_TAG_NAME}\")) | .[0] | .commit.sha") + +K3S_REPO_SHA256=$(nix-prefetch-url --quiet --unpack ${LATEST_TAG_TARBALL_URL}) + +FILE_SCRIPTS_DOWNLOAD=${WORKDIR}/scripts-download +curl --silent https://raw.githubusercontent.com/k3s-io/k3s/${K3S_COMMIT}/scripts/download > $FILE_SCRIPTS_DOWNLOAD + +FILE_SCRIPTS_VERSION=${WORKDIR}/scripts-version.sh +curl --silent https://raw.githubusercontent.com/k3s-io/k3s/${K3S_COMMIT}/scripts/version.sh > $FILE_SCRIPTS_VERSION + +TRAEFIK_CHART_VERSION=$(grep TRAEFIK_VERSION= $FILE_SCRIPTS_DOWNLOAD \ + | cut -d'=' -f2 | cut -d' ' -f1) +TRAEFIK_CHART_SHA256=$(nix-prefetch-url --quiet "https://helm.traefik.io/traefik/traefik-${TRAEFIK_CHART_VERSION}.tgz") + +K3S_ROOT_VERSION=$(grep ROOT_VERSION= $FILE_SCRIPTS_DOWNLOAD \ + | cut -d'=' -f2 | cut -d' ' -f1 | sed 's/^v//') +K3S_ROOT_SHA256=$(nix-prefetch-url --quiet --unpack \ + "https://github.com/k3s-io/k3s-root/releases/download/v${K3S_ROOT_VERSION}/k3s-root-amd64.tar") + +CNIPLUGINS_VERSION=$(grep VERSION_CNIPLUGINS= $FILE_SCRIPTS_VERSION \ + | cut -d'=' -f2 | cut -d' ' -f1 | sed -e 's/"//g' -e 's/^v//') +CNIPLUGINS_SHA256=$(nix-prefetch-url --quiet --unpack \ + "https://github.com/rancher/plugins/archive/refs/tags/v${CNIPLUGINS_VERSION}.tar.gz") + +setKV () { + sed -i "s/$1 = \".*\"/$1 = \"$2\"/" ./default.nix +} + +setKV k3sVersion ${K3S_VERSION} +setKV k3sCommit ${K3S_COMMIT} +setKV k3sRepoSha256 ${K3S_REPO_SHA256} + +setKV traefikChartVersion ${TRAEFIK_CHART_VERSION} +setKV traefikChartSha256 ${TRAEFIK_CHART_SHA256} + +setKV k3sRootVersion ${K3S_ROOT_VERSION} +setKV k3sRootSha256 ${K3S_ROOT_SHA256} + +setKV k3sCNIVersion ${CNIPLUGINS_VERSION} +setKV k3sCNISha256 ${CNIPLUGINS_SHA256} diff --git a/pkgs/applications/office/super-productivity/default.nix b/pkgs/applications/office/super-productivity/default.nix index 7cb9a9b7e992..2b3ee7ddc23e 100644 --- a/pkgs/applications/office/super-productivity/default.nix +++ b/pkgs/applications/office/super-productivity/default.nix @@ -5,11 +5,11 @@ let in stdenv.mkDerivation rec { pname = "super-productivity"; - version = "7.2.1"; + version = "7.5.1"; src = fetchurl { url = "https://github.com/johannesjo/super-productivity/releases/download/v${version}/superProductivity-${version}.AppImage"; - sha256 = "93eeb56fe923c48a9384cde0633e98a9d9dc5c0869fce63b9724ff74bb400049"; + sha256 = "sha256-ezJN/t0iNk0haMLPioEQSNXU4ugVeJe44GNVGd+cOF4="; name = "${pname}-${version}.AppImage"; }; diff --git a/pkgs/applications/version-management/git-and-tools/git-machete/default.nix b/pkgs/applications/version-management/git-and-tools/git-machete/default.nix index d73ae5c960f4..34a1c2528df2 100644 --- a/pkgs/applications/version-management/git-and-tools/git-machete/default.nix +++ b/pkgs/applications/version-management/git-and-tools/git-machete/default.nix @@ -1,6 +1,6 @@ { lib, buildPythonApplication, fetchPypi , installShellFiles, pbr -, flake8, mock, pycodestyle, pylint, tox +, flake8, mock, pycodestyle, pylint, stestr, tox , nix-update-script , testVersion, git-machete }: @@ -16,10 +16,7 @@ buildPythonApplication rec { nativeBuildInputs = [ installShellFiles pbr ]; - # TODO: Add missing check inputs (2019-11-22): - # - stestr - doCheck = false; - checkInputs = [ flake8 mock pycodestyle pylint tox ]; + checkInputs = [ flake8 mock pycodestyle pylint stestr tox ]; postInstall = '' installShellCompletion --bash --name git-machete completion/git-machete.completion.bash @@ -43,6 +40,6 @@ buildPythonApplication rec { description = "Git repository organizer and rebase/merge workflow automation tool"; license = licenses.mit; platforms = platforms.all; - maintainers = [ maintainers.blitz ]; + maintainers = with maintainers; [ blitz ]; }; } diff --git a/pkgs/development/libraries/symengine/default.nix b/pkgs/development/libraries/symengine/default.nix index 01ec3a4fba29..92ecf3e494e1 100644 --- a/pkgs/development/libraries/symengine/default.nix +++ b/pkgs/development/libraries/symengine/default.nix @@ -9,13 +9,13 @@ stdenv.mkDerivation rec { pname = "symengine"; - version = "0.7.0"; + version = "0.8.1"; src = fetchFromGitHub { owner = "symengine"; repo = "symengine"; rev = "v${version}"; - sha256 = "sha256-aoitTT9fwTIs3ovfqQjKGgrU+kT5mj+vDHt5lg49JHU="; + sha256 = "sha256-HTDOSgdWo9MWmKeXOkOHAJjgvihUAkSXoYTeMz9XXLI="; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/python-modules/cmd2/default.nix b/pkgs/development/python-modules/cmd2/default.nix index 7d979d1f0216..f74cf77c5e4a 100644 --- a/pkgs/development/python-modules/cmd2/default.nix +++ b/pkgs/development/python-modules/cmd2/default.nix @@ -68,6 +68,7 @@ buildPythonPackage rec { meta = with lib; { description = "Enhancements for standard library's cmd module"; homepage = "https://github.com/python-cmd2/cmd2"; + license = with licenses; [ mit ]; maintainers = with maintainers; [ teto ]; }; } diff --git a/pkgs/development/python-modules/maxcube-api/default.nix b/pkgs/development/python-modules/maxcube-api/default.nix new file mode 100644 index 000000000000..36bcc35fc036 --- /dev/null +++ b/pkgs/development/python-modules/maxcube-api/default.nix @@ -0,0 +1,42 @@ +{ lib +, buildPythonPackage +, pythonOlder +, fetchFromGitHub +, python +}: + +buildPythonPackage rec { + pname = "maxcube-api"; + version = "0.4.3"; + format = "setuptools"; + disabled = pythonOlder "3.7"; + + src = fetchFromGitHub { + owner = "hackercowboy"; + repo = "python-${pname}"; + rev = "V${version}"; + sha256 = "10k61gfpnqljf3p3qxr97xq7j67a9cr4ivd9v72hdni0znrbx6ym"; + }; + + postPatch = '' + substituteInPlace setup.py --replace "license=license" "license='MIT'" + ''; + + pythonImportsCheck = [ + "maxcube" + "maxcube.cube" + ]; + + checkPhase = '' + runHook preCheck + ${python.interpreter} -m unittest discover + runHook postCheck + ''; + + meta = with lib; { + description = "eQ-3/ELV MAX! Cube Python API"; + homepage = "https://github.com/hackercowboy/python-maxcube-api"; + license = licenses.mit; + maintainers = with maintainers; [ hexa ]; + }; +} diff --git a/pkgs/development/python-modules/notus-scanner/default.nix b/pkgs/development/python-modules/notus-scanner/default.nix new file mode 100644 index 000000000000..dbf01f3698d5 --- /dev/null +++ b/pkgs/development/python-modules/notus-scanner/default.nix @@ -0,0 +1,56 @@ +{ lib +, buildPythonPackage +, fetchFromGitHub +, fetchpatch +, paho-mqtt +, poetry-core +, psutil +, pytestCheckHook +, pythonOlder +}: + +buildPythonPackage rec { + pname = "notus-scanner"; + version = "unstable-2021-09-05"; + format = "pyproject"; + + disabled = pythonOlder "3.7"; + + src = fetchFromGitHub { + owner = "greenbone"; + repo = pname; + rev = "049f9a5e6439e4e5113e3b8f30b25ead12d42a56"; + sha256 = "1fjxyn8wg2kf6xy3pbh7d7yn20dk529p03xpqyz7s40n9nsxhnza"; + }; + + nativeBuildInputs = [ + poetry-core + ]; + + propagatedBuildInputs = [ + paho-mqtt + psutil + ]; + + checkInputs = [ + pytestCheckHook + ]; + + patches = [ + # Switch to poetry-core, https://github.com/greenbone/notus-scanner/pull/31 + (fetchpatch { + name = "switch-to-poetry-core.patch"; + url = "https://github.com/greenbone/notus-scanner/commit/b52eea317faca30d411096044f9e5ea20b58da65.patch"; + sha256 = "0q11aslhva47kkpsnpayra7spa849j894vqv34pjqhcnlyipqw6d"; + }) + ]; + + pythonImportsCheck = [ "notus.scanner" ]; + + meta = with lib; { + description = "Helper to create results from local security checks"; + homepage = "https://github.com/greenbone/notus-scanner"; + license = with licenses; [ agpl3Plus ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/pkgs/development/python-modules/pyspnego/default.nix b/pkgs/development/python-modules/pyspnego/default.nix index 2f8e775e3404..a1793118d28d 100644 --- a/pkgs/development/python-modules/pyspnego/default.nix +++ b/pkgs/development/python-modules/pyspnego/default.nix @@ -2,6 +2,9 @@ , buildPythonPackage , cryptography , fetchFromGitHub +, gssapi +, krb5 +, ruamel-yaml , pytest-mock , pytestCheckHook , pythonOlder @@ -10,18 +13,22 @@ buildPythonPackage rec { pname = "pyspnego"; - version = "0.1.6"; - disabled = pythonOlder "3.6"; + version = "0.2.0"; + + disabled = pythonOlder "3.7"; src = fetchFromGitHub { owner = "jborean93"; repo = pname; rev = "v${version}"; - sha256 = "0pfh2x0539f0k2qi2pbjm64b2fqp64c63xxpinvg1yfaw915kgpb"; + sha256 = "sha256-puv9aq53NbjSuN561XFou404N9pIxvvMjZMgnNx3SjM="; }; propagatedBuildInputs = [ cryptography + gssapi + krb5 + ruamel-yaml ]; checkInputs = [ @@ -30,6 +37,11 @@ buildPythonPackage rec { pytestCheckHook ]; + disabledTests = [ + # struct.error: unpack requires a buffer of 1 bytes + "test_credssp_invalid_client_authentication" + ]; + LC_ALL = "en_US.UTF-8"; pythonImportsCheck = [ "spnego" ]; diff --git a/pkgs/development/python-modules/symengine/default.nix b/pkgs/development/python-modules/symengine/default.nix index c20f2338fa2a..673e2682660b 100644 --- a/pkgs/development/python-modules/symengine/default.nix +++ b/pkgs/development/python-modules/symengine/default.nix @@ -11,18 +11,19 @@ buildPythonPackage rec { pname = "symengine"; - version = "0.7.2"; + version = "0.8.1"; src = fetchFromGitHub { owner = "symengine"; repo = "symengine.py"; rev = "v${version}"; - sha256 = "1xaclpvk7m6mbp70zrsvi3blz4v89pbsf7b6rpmx5903m6kxqr4m"; + sha256 = "0yyi3w03fk19i32jmns1baq3rpmf7xfykzkivc7dmnxmjmxvq2gr"; }; postConfigure = '' substituteInPlace setup.py \ - --replace "\"cmake\"" "\"${cmake}/bin/cmake\"" + --replace "\"cmake\"" "\"${cmake}/bin/cmake\"" \ + --replace "'cython>=0.29.24'" "'cython'" substituteInPlace cmake/FindCython.cmake \ --replace "SET(CYTHON_BIN cython" "SET(CYTHON_BIN ${cython}/bin/cython" diff --git a/pkgs/development/tools/protoc-gen-twirp_php/default.nix b/pkgs/development/tools/protoc-gen-twirp_php/default.nix index 08c8214c637e..62d0274bf073 100644 --- a/pkgs/development/tools/protoc-gen-twirp_php/default.nix +++ b/pkgs/development/tools/protoc-gen-twirp_php/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "protoc-gen-twirp_php"; - version = "0.7.1"; + version = "0.7.5"; # fetchFromGitHub currently not possible, because go.mod and go.sum are export-ignored src = fetchgit { url = "https://github.com/twirphp/twirp.git"; rev = "v${version}"; - sha256 = "sha256-94GN/Gq3RXXg83eUsmIcdF4VuK4syCgD0Zkc5eDiVYE="; + sha256 = "sha256-pHGGZaMBggBUu2CZCxWrZ592K5V93vPI2sZnFkqku2k="; }; - vendorSha256 = "sha256-gz4JELCffuh7dyFdBex8/SFZ1/PDXuC/93m3WNHwRss="; + vendorSha256 = "sha256-p7t+2QgPkcTmsK+jKcPCPDCchNup9F326yKc6JbJHOE="; subPackages = [ "protoc-gen-twirp_php" ]; diff --git a/pkgs/development/tools/rust/cargo-watch/default.nix b/pkgs/development/tools/rust/cargo-watch/default.nix index 46bd0a591a04..bc416cc656e6 100644 --- a/pkgs/development/tools/rust/cargo-watch/default.nix +++ b/pkgs/development/tools/rust/cargo-watch/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "cargo-watch"; - version = "8.0.0"; + version = "8.1.0"; src = fetchFromGitHub { owner = "passcod"; repo = pname; rev = "v${version}"; - sha256 = "sha256-3IgzMUCkcKUkhTb/ZNRONdvB6Ci0OBB1dcjtc65U8xE="; + sha256 = "sha256-Vvr/O0Xk9hmUVUFoOk/MzTlEvR0Spx5n/9lsE2HfkF8="; }; - cargoSha256 = "sha256-Xp/pxPKs41TXO/EUY5x8Bha7NUioMabbb73///fFr6U="; + cargoSha256 = "sha256-kX9CE95Z2nLb6VM19bu+UkOZ/hsjHUo/JMu0Y0xont0="; buildInputs = lib.optionals stdenv.isDarwin [ CoreServices Foundation libiconv ]; diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index 8869d0cf653c..4fd140a361c5 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.14.246"; + version = "4.14.247"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0fpgig84shpas1jc0h4s3aw9brkcq1as84gjbk4bfhc48bpi4mlw"; + sha256 = "1kdhlsqpmw68xnfiyx98id8wis6kkxca2d4n7w2ncax0kyzrwyz7"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index d081f92332b2..ada819f4850d 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.19.206"; + version = "4.19.207"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1h44lvzxd0cngj71bk8qba9dz7jlqj68ir6xjwfafglb81ppgsxp"; + sha256 = "1fb658n89xf9asnaqi0bnh64ir2f78bdqyjvfb983qad9wqsadym"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index 1469508eb0e3..f1e4329c2d41 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,12 +1,12 @@ { buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args: buildLinux (args // rec { - version = "4.4.283"; + version = "4.4.284"; extraMeta.branch = "4.4"; extraMeta.broken = stdenv.isAarch64; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1d9v4h4cbc4i371lhhwpxbmg88gna6xyi2ahfvv0clz60802y982"; + sha256 = "00xkd2p181cfkys4nri93xy7snmn8g2481x3qz0js7g9p3kz5bqf"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix index 89f45b8021a2..22f506f56581 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,12 +1,12 @@ { buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args: buildLinux (args // rec { - version = "4.9.282"; + version = "4.9.283"; extraMeta.branch = "4.9"; extraMeta.broken = stdenv.isAarch64; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "059fin4si93ya13xy831w84q496ksxidpd3kyw38918sfy4p6wk7"; + sha256 = "0pdh1lyhdp5c5n39wpr622kgchgf30iqk853a2rv9m3s3fry50lm"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix index e2320c99315d..720b619049a0 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.10.67"; + version = "5.10.68"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "10lap66d84s1cfakbgfsbabgxm42060c4wcvpzxbi4r5g2m40mwc"; + sha256 = "08cl4bg9k331apj5fjl3jx6s6l543dnbjc1cfvin951m7l787ahv"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.14.nix b/pkgs/os-specific/linux/kernel/linux-5.14.nix index 66c23ec16179..45d39795db6f 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.14.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.14.6"; + version = "5.14.7"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1v6cicakpg0fdp74r2a4h46sj7rzpjdf4cscbr8y67kpd098r12l"; + sha256 = "1avypasvic298823xzpzzkjbmfv9s8bjnmq92ri62qbakx23j9dg"; }; } // (args.argsOverride or { })) diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index f0da183e76b7..ff4f019fc51c 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.4.147"; + version = "5.4.148"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "07242nlxf4s73ffdir3dsi37cjmm6bw9w7kac0j7x1s1j8sh9h7n"; + sha256 = "1cwibh0y112hip5yd0n692rv44jh4sk2g6mj5n44g754k4i366a6"; }; } // (args.argsOverride or {})) diff --git a/pkgs/servers/home-assistant/component-packages.nix b/pkgs/servers/home-assistant/component-packages.nix index 287f19e52bbc..b1363880f9f8 100644 --- a/pkgs/servers/home-assistant/component-packages.nix +++ b/pkgs/servers/home-assistant/component-packages.nix @@ -493,7 +493,7 @@ "marytts" = ps: with ps; [ ]; # missing inputs: speak2mary "mastodon" = ps: with ps; [ mastodon-py ]; "matrix" = ps: with ps; [ matrix-client ]; - "maxcube" = ps: with ps; [ ]; # missing inputs: maxcube-api + "maxcube" = ps: with ps; [ maxcube-api ]; "mazda" = ps: with ps; [ pymazda ]; "mcp23017" = ps: with ps; [ ]; # missing inputs: RPi.GPIO adafruit-circuitpython-mcp230xx "media_extractor" = ps: with ps; [ aiohttp-cors youtube-dl-light ]; diff --git a/pkgs/servers/home-assistant/default.nix b/pkgs/servers/home-assistant/default.nix index b5cd8ab6f060..27c34e10e382 100644 --- a/pkgs/servers/home-assistant/default.nix +++ b/pkgs/servers/home-assistant/default.nix @@ -486,6 +486,7 @@ in with py.pkgs; buildPythonApplication rec { "mailbox" "manual" "manual_mqtt" + "maxcube" "mazda" "media_player" "media_source" diff --git a/pkgs/servers/nosql/redis/default.nix b/pkgs/servers/nosql/redis/default.nix index 77eae32e27f4..90de16b3ea16 100644 --- a/pkgs/servers/nosql/redis/default.nix +++ b/pkgs/servers/nosql/redis/default.nix @@ -1,6 +1,7 @@ { lib, stdenv, fetchurl, lua, pkg-config, nixosTests , withSystemd ? stdenv.isLinux && !stdenv.hostPlatform.isMusl, systemd -, tlsSupport ? true, openssl +# dependency ordering is broken at the moment when building with openssl +, tlsSupport ? !stdenv.hostPlatform.isStatic, openssl }: stdenv.mkDerivation rec { diff --git a/pkgs/servers/sql/dolt/default.nix b/pkgs/servers/sql/dolt/default.nix index e9fdf3d31b00..fb24a33c8625 100644 --- a/pkgs/servers/sql/dolt/default.nix +++ b/pkgs/servers/sql/dolt/default.nix @@ -2,18 +2,18 @@ buildGoModule rec { pname = "dolt"; - version = "0.27.4.2"; + version = "0.28.4"; src = fetchFromGitHub { owner = "liquidata-inc"; repo = "dolt"; rev = "v${version}"; - sha256 = "sha256-nEIYt9yPDxPbJ/IHH8eQpVSNtC5pYiagCC5TliqX11M="; + sha256 = "sha256-J/4YEiSmoWhs+pnJN21CwNwpujZ1cldLmgwajBB+IRU="; }; modRoot = "./go"; subPackages = [ "cmd/dolt" "cmd/git-dolt" "cmd/git-dolt-smudge" ]; - vendorSha256 = "sha256-XbKaPbPIgUxqJB8kgd3fJIESO9XvNREExdp06Th2bu0="; + vendorSha256 = "sha256-l3jRQ4Z7xku1nMfYfc6nJ3qF6A1maY0tRfZpHCtsujI="; doCheck = false; diff --git a/pkgs/tools/graphics/svgbob/default.nix b/pkgs/tools/graphics/svgbob/default.nix index 389f6415e9be..2e3740dabb7c 100644 --- a/pkgs/tools/graphics/svgbob/default.nix +++ b/pkgs/tools/graphics/svgbob/default.nix @@ -2,15 +2,15 @@ rustPlatform.buildRustPackage rec { pname = "svgbob"; - version = "0.5.4"; + version = "0.6.2"; src = fetchCrate { inherit version; crateName = "svgbob_cli"; - sha256 = "0qq7hkg32bqyw3vz3ibip7yrjg5m2ch9kdnwqrzaqqy9wb8d7154"; + sha256 = "sha256-9JASoUN/VzZS8ihepTQL2SXZitxKBMSJEv+13vzQd3w="; }; - cargoSha256 = "0p37qkgh1xpqmkr2p88njwhifpyqfh27qcwmmhwxdqcpzmmmkjhr"; + cargoSha256 = "sha256-pkdiow+9gsQ9rrSHwukd17r5CfsaJgYj6KA4wYKbtA0="; meta = with lib; { description = "Convert your ascii diagram scribbles into happy little SVG"; diff --git a/pkgs/tools/misc/dust/default.nix b/pkgs/tools/misc/dust/default.nix index 01c0ff4315e1..f5ce9db11027 100644 --- a/pkgs/tools/misc/dust/default.nix +++ b/pkgs/tools/misc/dust/default.nix @@ -2,13 +2,13 @@ rustPlatform.buildRustPackage rec { pname = "du-dust"; - version = "0.6.2"; + version = "0.7.5"; src = fetchFromGitHub { owner = "bootandy"; repo = "dust"; rev = "v${version}"; - sha256 = "sha256-5GhoL3by4sXhFJrNZi/UlERBa+s2oqDVVJODY0kdfxI="; + sha256 = "sha256-0r0cDzW18uF7DHvzkUCHHHN+2M21xdi2ffPwDGMtyw8="; # Remove unicode file names which leads to different checksums on HFS+ # vs. other filesystems because of unicode normalisation. extraPostFetch = '' @@ -16,7 +16,7 @@ rustPlatform.buildRustPackage rec { ''; }; - cargoSha256 = "sha256-cgH3jrZPGUHiBDeJ9qj80dU+Vbz+wHMOsCaGAvJY6mg="; + cargoSha256 = "sha256-LAow4DVqON5vrYBU8v8wzg/HcHxm1GqS9DMre3y12Jo="; doCheck = false; diff --git a/pkgs/tools/misc/svtplay-dl/default.nix b/pkgs/tools/misc/svtplay-dl/default.nix index 37462910dcfe..360e16b1fc18 100644 --- a/pkgs/tools/misc/svtplay-dl/default.nix +++ b/pkgs/tools/misc/svtplay-dl/default.nix @@ -9,13 +9,13 @@ let in stdenv.mkDerivation rec { pname = "svtplay-dl"; - version = "4.3"; + version = "4.5"; src = fetchFromGitHub { owner = "spaam"; repo = "svtplay-dl"; rev = version; - sha256 = "04gmiqg6mq96fw4v1v6947i216fsf0vcnjp3ya8bbii5na91y1aa"; + sha256 = "sha256-TiJWy5WU1VsseodfgfemAsUc5/hDwSlM03ITRYTvJbg="; }; pythonPaths = [ cryptography pyyaml requests ]; diff --git a/pkgs/tools/security/kubescape/default.nix b/pkgs/tools/security/kubescape/default.nix index 4863cd36ad14..2bf6bb8cad66 100644 --- a/pkgs/tools/security/kubescape/default.nix +++ b/pkgs/tools/security/kubescape/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "kubescape"; - version = "1.0.77"; + version = "1.0.85"; src = fetchFromGitHub { owner = "armosec"; repo = pname; rev = "v${version}"; - sha256 = "sha256-g2Mco4NuPVjS4/6KNhtb8864e7RiuzlrdIbM6NLJK7I="; + sha256 = "19r7dgr0y1k9qa4llxbgaf69j88vs9h2gx29bwbh6dq17q58sfdl"; }; - vendorSha256 = "sha256-FtglYTCLjQfDKxdnQZnpWm3QjJCiHGsPC/gW88DZu6I="; + vendorSha256 = "18mvv70g65pq1c7nn752j26d0vasx6cl2rqp5g1hg3cb61hjbn0n"; # One test is failing, disabling for now doCheck = false; diff --git a/pkgs/tools/system/java-service-wrapper/default.nix b/pkgs/tools/system/java-service-wrapper/default.nix index 4d1417b4b831..5d4df37a2b66 100644 --- a/pkgs/tools/system/java-service-wrapper/default.nix +++ b/pkgs/tools/system/java-service-wrapper/default.nix @@ -5,11 +5,11 @@ stdenv.mkDerivation rec { pname = "java-service-wrapper"; - version = "3.5.45"; + version = "3.5.46"; src = fetchurl { url = "https://wrapper.tanukisoftware.com/download/${version}/wrapper_${version}_src.tar.gz"; - sha256 = "sha256-rnlloa0DicWT1RlP2szDvBINvT5/RZ17GOarUzvX1AI="; + sha256 = "sha256-guHQyFSI0TidAuOr4zWaf3WRGeNW4+Or1sbWdhWuWtg="; }; buildInputs = [ jdk ]; diff --git a/pkgs/tools/typesetting/sile/default.nix b/pkgs/tools/typesetting/sile/default.nix index 049938581b67..27c8aada14c9 100644 --- a/pkgs/tools/typesetting/sile/default.nix +++ b/pkgs/tools/typesetting/sile/default.nix @@ -38,11 +38,11 @@ in stdenv.mkDerivation rec { pname = "sile"; - version = "0.11.1"; + version = "0.12.0"; src = fetchurl { url = "https://github.com/sile-typesetter/sile/releases/download/v${version}/${pname}-${version}.tar.xz"; - sha256 = "06bx94zx6skhizk2bbrid82sldwgxfycvjh6zx1zy1xz8gajgrm3"; + sha256 = "1rkdzf4khyvsn5qg455mdhnlacxlqgi9vchy369a66qp5nrs50y9"; }; configureFlags = [ diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 244488f9ddb8..05bdd07661ac 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -30491,6 +30491,8 @@ with pkgs; nota = haskellPackages.callPackage ../applications/science/math/nota { }; + notus-scanner = with python3Packages; toPythonApplication notus-scanner; + openblas = callPackage ../development/libraries/science/math/openblas { }; # A version of OpenBLAS using 32-bit integers on all platforms for compatibility with diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 950137206395..74d681d7b911 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -4492,6 +4492,8 @@ in { mautrix-appservice = self.mautrix; # alias 2019-12-28 + maxcube-api = callPackage ../development/python-modules/maxcube-api { }; + maxminddb = callPackage ../development/python-modules/maxminddb { }; maya = callPackage ../development/python-modules/maya { }; @@ -5004,6 +5006,8 @@ in { nototools = callPackage ../data/fonts/noto-fonts/tools.nix { }; + notus-scanner = callPackage ../development/python-modules/notus-scanner { }; + nplusone = callPackage ../development/python-modules/nplusone { }; npyscreen = callPackage ../development/python-modules/npyscreen { };