Merge master into staging-next

nixos/doc/manual/release-notes/rl-2405.section.md

@@ -154,6 +154,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
   The module now includes an optional config check, that is enabled by default, to make the change obvious before any deployment.
   More information about the configuration syntax change is available in the [upstream repository](https://github.com/prometheus/snmp_exporter/blob/b75fc6b839ee3f3ccbee68bee55f1ae99555084a/auth-split-migration.md).
 
+- [watchdogd](https://troglobit.com/projects/watchdogd/), a system and process supervisor using watchdog timers. Available as [services.watchdogd](#opt-services.watchdogd.enable).
+
 ## Other Notable Changes {#sec-release-24.05-notable-changes}
 
 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

nixos/modules/module-list.nix

@@ -849,6 +849,7 @@
   ./services/monitoring/vmagent.nix
   ./services/monitoring/vmalert.nix
   ./services/monitoring/vnstat.nix
+  ./services/monitoring/watchdogd.nix
   ./services/monitoring/zabbix-agent.nix
   ./services/monitoring/zabbix-proxy.nix
   ./services/monitoring/zabbix-server.nix

nixos/modules/security/acme/default.nix

@@ -897,10 +897,10 @@ in {
         certs = attrValues cfg.certs;
       in [
         {
-          assertion = cfg.email != null || all (certOpts: certOpts.email != null) certs;
+          assertion = cfg.defaults.email != null || all (certOpts: certOpts.email != null) certs;
           message = ''
             You must define `security.acme.certs.<name>.email` or
-            `security.acme.email` to register with the CA. Note that using
+            `security.acme.defaults.email` to register with the CA. Note that using
             many different addresses for certs may trigger account rate limits.
           '';
         }

nixos/modules/services/misc/portunus.nix

@@ -230,7 +230,10 @@ in
         description = "Self-contained authentication service";
         wantedBy = [ "multi-user.target" ];
         after = [ "network.target" ];
-        serviceConfig.ExecStart = "${cfg.package.out}/bin/portunus-orchestrator";
+        serviceConfig = {
+          ExecStart = "${cfg.package}/bin/portunus-orchestrator";
+          Restart = "on-failure";
+        };
         environment = {
           PORTUNUS_LDAP_SUFFIX = cfg.ldap.suffix;
           PORTUNUS_SERVER_BINARY = "${cfg.package}/bin/portunus-server";

nixos/modules/services/monitoring/watchdogd.nix

@@ -0,0 +1,131 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  cfg = config.services.watchdogd;
+
+  mkPluginOpts = plugin: defWarn: defCrit: {
+    enabled = mkEnableOption "watchdogd plugin ${plugin}";
+    interval = mkOption {
+      type = types.ints.unsigned;
+      default = 300;
+      description = ''
+        Amount of seconds between every poll.
+      '';
+    };
+    logmark = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether to log current stats every poll interval.
+      '';
+    };
+    warning = mkOption {
+      type = types.numbers.nonnegative;
+      default = defWarn;
+      description = ''
+        The high watermark level. Alert sent to log.
+      '';
+    };
+    critical = mkOption {
+      type = types.numbers.nonnegative;
+      default = defCrit;
+      description = ''
+        The critical watermark level. Alert sent to log, followed by reboot or script action.
+      '';
+    };
+  };
+in {
+  options.services.watchdogd = {
+    enable = mkEnableOption "watchdogd, an advanced system & process supervisor";
+    package = mkPackageOption pkgs "watchdogd" { };
+
+    settings = mkOption {
+      type = with types; submodule {
+        freeformType = let
+          valueType = oneOf [
+            bool
+            int
+            float
+            str
+          ];
+        in attrsOf (either valueType (attrsOf valueType));
+
+        options = {
+          timeout = mkOption {
+            type = types.ints.unsigned;
+            default = 15;
+            description = ''
+              The WDT timeout before reset.
+            '';
+          };
+          interval = mkOption {
+            type = types.ints.unsigned;
+            default = 5;
+            description = ''
+              The kick interval, i.e. how often {manpage}`watchdogd(8)` should reset the WDT timer.
+            '';
+          };
+
+          safe-exit = mkOption {
+            type = types.bool;
+            default = true;
+            description = ''
+              With {var}`safeExit` enabled, the daemon will ask the driver to disable the WDT before exiting.
+              However, some WDT drivers (or hardware) may not support this.
+            '';
+          };
+
+          filenr = mkPluginOpts "filenr" 0.9 1.0;
+
+          loadavg = mkPluginOpts "loadavg" 1.0 2.0;
+
+          meminfo = mkPluginOpts "meminfo" 0.9 0.95;
+        };
+      };
+      default = { };
+      description = ''
+        Configuration to put in {file}`watchdogd.conf`.
+        See {manpage}`watchdogd.conf(5)` for more details.
+      '';
+    };
+  };
+
+  config = let
+    toConfig = attrs: concatStringsSep "\n" (mapAttrsToList toValue attrs);
+
+    toValue = name: value:
+      if isAttrs value
+        then pipe value [
+          (mapAttrsToList toValue)
+          (map (s: "  ${s}"))
+          (concatStringsSep "\n")
+          (s: "${name} {\n${s}\n}")
+        ]
+      else if isBool value
+        then "${name} = ${boolToString value}"
+      else if any (f: f value) [isString isInt isFloat]
+        then "${name} = ${toString value}"
+      else throw ''
+        Found invalid type in `services.watchdogd.settings`: '${typeOf value}'
+      '';
+
+    watchdogdConf = pkgs.writeText "watchdogd.conf" (toConfig cfg.settings);
+  in mkIf cfg.enable {
+    environment.systemPackages = [ cfg.package ];
+
+    systemd.services.watchdogd = {
+      documentation = [
+        "man:watchdogd(8)"
+        "man:watchdogd.conf(5)"
+      ];
+      wantedBy = [ "multi-user.target" ];
+      description = "Advanced system & process supervisor";
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${cfg.package}/bin/watchdogd -n -f ${watchdogdConf}";
+      };
+    };
+  };
+
+  meta.maintainers = with maintainers; [ vifino ];
+}

nixos/tests/all-tests.nix

@@ -945,6 +945,7 @@ in {
   vsftpd = handleTest ./vsftpd.nix {};
   warzone2100 = handleTest ./warzone2100.nix {};
   wasabibackend = handleTest ./wasabibackend.nix {};
+  watchdogd = handleTest ./watchdogd.nix {};
   webhook = runTest ./webhook.nix;
   wiki-js = handleTest ./wiki-js.nix {};
   wine = handleTest ./wine.nix {};

nixos/tests/watchdogd.nix

@@ -0,0 +1,22 @@
+import ./make-test-python.nix ({ lib, ... }: {
+  name = "watchdogd";
+  meta.maintainers = with lib.maintainers; [ vifino ];
+
+  nodes.machine = { pkgs, ... }: {
+    virtualisation.qemu.options = [
+      "-device i6300esb" # virtual watchdog timer
+    ];
+    boot.kernelModules = [ "i6300esb" ];
+    services.watchdogd.enable = true;
+    services.watchdogd.settings = {
+      supervisor.enabled = true;
+    };
+  };
+
+  testScript = ''
+    machine.wait_for_unit("watchdogd.service")
+
+    assert "i6300ESB" in machine.succeed("watchdogctl status")
+    machine.succeed("watchdogctl test")
+  '';
+})

pkgs/applications/editors/rednotebook/default.nix

@@ -5,13 +5,13 @@
 
 buildPythonApplication rec {
   pname = "rednotebook";
-  version = "2.29.3";
+  version = "2.31";
 
   src = fetchFromGitHub {
     owner = "jendrikseipp";
     repo = "rednotebook";
     rev = "refs/tags/v${version}";
-    sha256 = "sha256-2qgWJ/bIravil/SuApA7pNXkxS5xUcdFpjVGO/ogDpw=";
+    sha256 = "sha256-TggbHXJqgQ4vFSCLncgzrqJLRT9zQs6YsTQ3/Z4Mixg=";
   };
 
   # We have not packaged tests.

pkgs/applications/editors/thonny/default.nix

@@ -4,13 +4,13 @@ with python3.pkgs;
 
 buildPythonApplication rec {
   pname = "thonny";
-  version = "4.1.2";
+  version = "4.1.4";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = pname;
     rev = "refs/tags/v${version}";
-    hash = "sha256-vVDTizU+WDWJ75Ln93TAFYn7PJq5qc3hxVJiNGtK24g=";
+    hash = "sha256-f4wR5OPzWbtSqE+hSW2zD8u3pPl5nPTtGvf2LzOXjI4=";
   };
 
   nativeBuildInputs = [ copyDesktopItems ];

pkgs/applications/emulators/sameboy/default.nix

@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "sameboy";
-  version = "0.16";
+  version = "0.16.1";
 
   src = fetchFromGitHub {
     owner = "LIJI32";
     repo = "SameBoy";
     rev = "v${version}";
-    sha256 = "sha256-sQVTCHOSc2N+Qs/rl0DfsUzg7P5Egws2UuNBQ9fpkoQ=";
+    sha256 = "sha256-0B9wN6CTx4T3P7RomOrz/bRdp/YGknPqmwWByAbGHvI=";
   };
 
   enableParallelBuilding = true;

pkgs/applications/misc/geoipupdate/default.nix

@@ -2,16 +2,16 @@
 
 buildGoModule rec {
   pname = "geoipupdate";
-  version = "6.0.0";
+  version = "6.1.0";
 
   src = fetchFromGitHub {
     owner = "maxmind";
     repo = "geoipupdate";
     rev = "v${version}";
-    sha256 = "sha256-Rm/W3Q5mb+qkrUYqWK83fi1FgO4KoL7+MjTuvhvY/qk=";
+    sha256 = "sha256-/iLWy3yKO34nnn5ygAewR036PzgUGIqdhXNK4fx3Ym8=";
   };
 
-  vendorHash = "sha256-YXybBVGCbdsP2pP7neHWI7KhkpE3tRo9Wpsx1RaEn9w=";
+  vendorHash = "sha256-jW5/09sOUvPZVM1wzL4xg/a14kZ0KsM8e+zEQoADsl4=";
 
   ldflags = [ "-X main.version=${version}" ];
 

pkgs/applications/misc/hyprdim/default.nix

@@ -7,16 +7,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "hyprdim";
-  version = "2.2.2";
+  version = "2.2.3";
 
   src = fetchFromGitHub {
     owner = "donovanglover";
     repo = "hyprdim";
     rev = version;
-    hash = "sha256-b2T/ueinKiheuK+siV29vJfEsEodq6qT2J3XxvoD/14=";
+    hash = "sha256-Eeh0D3DkC4ureDUE+BXTGcMFNmZ0hLSidlKlL4ZDgsQ=";
   };
 
-  cargoHash = "sha256-Sf32vaqcxVdg6/kDidxBSr5XDWg3aNEBpEl31do2ZJ8=";
+  cargoHash = "sha256-hgcGzRLB1L3yxJjw1ECDJPmbl1W+2OS4KDojclyVYrc=";
 
   nativeBuildInputs = [
     installShellFiles

pkgs/applications/misc/j4-dmenu-desktop/default.nix

@@ -1,18 +1,19 @@
 { lib, stdenv, fetchFromGitHub, cmake, dmenu }:
 
-stdenv.mkDerivation rec {
+stdenv.mkDerivation (finalAttrs: {
   pname = "j4-dmenu-desktop";
-  version = "2.18";
+  version = "unstable-2023-09-12";
 
   src = fetchFromGitHub {
     owner = "enkore";
-    repo = pname;
-    rev = "r${version}";
-    sha256 = "1gxpgifzy0hnpd0ymw3r32amzr32z3bgb90ldjzl438p6h1q0i26";
+    repo = "j4-dmenu-desktop";
+    rev = "7e3fd045482a8ea70619e422975b52feabc75175";
+    hash = "sha256-8PmfzQkHlEdMbrcQO0bPruP3jaKEcr/17x0/Z7Jedh0=";
   };
 
   postPatch = ''
-    sed -e 's,dmenu -i,${dmenu}/bin/dmenu -i,g' -i ./src/Main.hh
+    substituteInPlace src/main.cc \
+        --replace "dmenu -i" "${lib.getExe dmenu} -i"
   '';
 
   nativeBuildInputs = [ cmake ];
@@ -24,10 +25,12 @@ stdenv.mkDerivation rec {
   ];
 
   meta = with lib; {
-    description = "A wrapper for dmenu that recognize .desktop files";
+    changelog = "https://github.com/enkore/j4-dmenu-desktop/blob/${finalAttrs.src.rev}/CHANGELOG";
+    description = "A wrapper for dmenu that recognizes .desktop files";
     homepage = "https://github.com/enkore/j4-dmenu-desktop";
-    license = licenses.gpl3;
+    license = licenses.gpl3Only;
+    mainProgram = "j4-dmenu-desktop";
     maintainers = with maintainers; [ ericsagnes ];
     platforms = platforms.unix;
   };
-}
+})

pkgs/applications/networking/browsers/opera/default.nix

@@ -51,11 +51,11 @@ let
 in
 stdenv.mkDerivation rec {
   pname = "opera";
-  version = "106.0.4998.19";
+  version = "106.0.4998.52";
 
   src = fetchurl {
     url = "${mirror}/${version}/linux/${pname}-stable_${version}_amd64.deb";
-    hash = "sha256-deZhuxmFP87wEUjbLtsucSvlGTT4KOwhQYbAkpIAQeM=";
+    hash = "sha256-JTnKjK+ccMAef/VZuDpWS+FFDq6lolen0plckcPA+9w=";
   };
 
   unpackPhase = "dpkg-deb -x $src .";

pkgs/applications/networking/cluster/k8sgpt/default.nix

@@ -2,16 +2,16 @@
 
 buildGoModule rec {
   pname = "k8sgpt";
-  version = "0.3.24";
+  version = "0.3.26";
 
   src = fetchFromGitHub {
     owner = "k8sgpt-ai";
     repo = "k8sgpt";
     rev = "v${version}";
-    hash = "sha256-GxZDbG2G+TFd2lPpEqP1hIDXFJDOLh4Y7yZsHodok/c=";
+    hash = "sha256-FUYtBoJAnY8WRh0eABniOgg781UooG67RKTHp1u3SiQ=";
   };
 
-  vendorHash = "sha256-N/Qd51EmvTWy48Pj+UywBCRDG+k2zd6NTzGGm4jNyjQ=";
+  vendorHash = "sha256-sd4QIQQpDyPV4pqk9VJBApzRzjwxMFieCOQQjJzFXHc=";
 
   CGO_ENABLED = 0;
 

pkgs/applications/networking/instant-messengers/alfaview/default.nix

@@ -5,11 +5,11 @@
 
 stdenv.mkDerivation rec {
   pname = "alfaview";
-  version = "9.7.0";
+  version = "9.8.1";
 
   src = fetchurl {
     url = "https://assets.alfaview.com/stable/linux/deb/${pname}_${version}.deb";
-    hash = "sha256-nqIMnMz2FysBOyKpoHXQw9Gl0lmQg5oXmnZDqlPNZ+A=";
+    hash = "sha256-agi0f3aj5nHGV2/TAjaX+tY8/4nTdRlRiRn6rkTqokY=";
   };
 
   nativeBuildInputs = [

pkgs/applications/networking/p2p/qbittorrent/default.nix

@@ -30,13 +30,13 @@ stdenv.mkDerivation rec {
   pname = "qbittorrent"
     + lib.optionalString (guiSupport && qtVersion == "5") "-qt5"
     + lib.optionalString (!guiSupport) "-nox";
-  version = "4.6.2";
+  version = "4.6.3";
 
   src = fetchFromGitHub {
     owner = "qbittorrent";
     repo = "qBittorrent";
     rev = "release-${version}";
-    hash = "sha256-+leX0T+yJUG6F7WbHa3nCexQZmd7RRfK8Uc+suMJ+vI=";
+    hash = "sha256-4RVJ7xQY9zcB8+RUr80P9xKUXGxt0ATSzYmRDfZIowU=";
   };
 
   nativeBuildInputs = [

pkgs/applications/networking/sync/storj-uplink/default.nix

@@ -5,18 +5,18 @@
 
 buildGoModule rec {
   pname = "storj-uplink";
-  version = "1.93.2";
+  version = "1.94.2";
 
   src = fetchFromGitHub {
     owner = "storj";
     repo = "storj";
     rev = "v${version}";
-    hash = "sha256-3q3z5dYFjBpBbwj64Kp2fiTmxn2PUgc0DGJBMR71yN0=";
+    hash = "sha256-q2QLsbJSVnRch4CIlGI2Thuz0OOpGURIdy1BEKxUZ1A=";
   };
 
   subPackages = [ "cmd/uplink" ];
 
-  vendorHash = "sha256-1K74yoMMeMzjldMjZVmmCJRrLYBrVmmOgqqCA1CBzrQ=";
+  vendorHash = "sha256-UGx5pGfS7jWn7Uwjg1Gf/oQ3GbRTh5JSb38uPjxdUxc=";
 
   ldflags = [ "-s" "-w" ];
 

pkgs/applications/radio/flamp/default.nix

@@ -10,12 +10,12 @@
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "flamp";
-  version = "2.2.10";
+  version = "2.2.11";
 
   src = fetchgit {
     url = "https://git.code.sf.net/p/fldigi/flamp";
     rev = "v${finalAttrs.version}";
-    hash = "sha256-c0Q9QD3O8eQxRqaBhr79iuNVtWGC8kl+YWYS4xMgDN4=";
+    hash = "sha256-QYfTkciSbBLy49rF6xABMw8TXZ/0QyQ/yhJ2nuM7f/c=";
   };
 
   nativeBuildInputs = [

pkgs/applications/science/electronics/magic-vlsi/default.nix

@@ -13,11 +13,11 @@
 
 stdenv.mkDerivation rec {
   pname = "magic-vlsi";
-  version = "8.3.454";
+  version = "8.3.456";
 
   src = fetchurl {
     url    = "http://opencircuitdesign.com/magic/archive/magic-${version}.tgz";
-    sha256 = "sha256-nHZJ2L54J2x+H7S29TeGPInTgjEhRFv3h2ki0ccGYB0=";
+    sha256 = "sha256-PrKbLecFJ+th0x9A0fp550RnA8w9oWETMtFpQZP8tzw=";
   };
 
   nativeBuildInputs = [ python3 ];

pkgs/applications/terminal-emulators/kitty/default.nix

@@ -30,20 +30,20 @@
 with python3Packages;
 buildPythonApplication rec {
   pname = "kitty";
-  version = "0.31.0";
+  version = "0.32.0";
   format = "other";
 
   src = fetchFromGitHub {
     owner = "kovidgoyal";
     repo = "kitty";
     rev = "refs/tags/v${version}";
-    hash = "sha256-VWWuC4T0pyTgqPNm0gNL1j3FShU5b8S157C1dKLon1g=";
+    hash = "sha256-untfXvBAn39C+s1BxVjXoLpPvnw7TM/uPFB+zZHH8w8=";
   };
 
   goModules = (buildGoModule {
     pname = "kitty-go-modules";
     inherit src version;
-    vendorHash = "sha256-OyZAWefSIiLQO0icxMIHWH3BKgNas8HIxLcse/qWKcU=";
+    vendorHash = "sha256-WRDP3Uyttz/kWm07tjv7wNguF/a1YgZqutbvFEOHuE0=";
   }).goModules;
 
   buildInputs = [

pkgs/applications/version-management/git-quick-stats/default.nix

@@ -11,13 +11,13 @@
 
 stdenv.mkDerivation rec {
   pname = "git-quick-stats";
-  version = "2.5.3";
+  version = "2.5.4";
 
   src = fetchFromGitHub {
     repo = "git-quick-stats";
     owner = "arzzen";
     rev = version;
-    sha256 = "sha256-Fh8FSaclxOkTr49HixjwoM/367RjtdQ4dRyw87KylPs=";
+    sha256 = "sha256-dbi48rq3ijPa45xtTi6kAly/IwkX4aK1P9hmcPNQEqM=";
   };
 
   nativeBuildInputs = [ makeWrapper ];

pkgs/build-support/cc-wrapper/default.nix

@@ -264,25 +264,6 @@ stdenv.mkDerivation {
     inherit bintools;
     inherit cc libc libcxx nativeTools nativeLibc nativePrefix isGNU isClang;
 
-    # Expose the C++ standard library we're using. See the comments on "General
-    # libc++ support". This is also relevant when using older gcc than the
-    # stdenv's, as may be required e.g. by CUDAToolkit's nvcc.
-    cxxStdlib =
-      let
-        givenLibcxx = libcxx.isLLVM or false;
-        givenGccForLibs = useGccForLibs && gccForLibs.langCC or false;
-      in
-      if (!givenLibcxx) && givenGccForLibs then
-        { kind = "libstdc++"; package = gccForLibs; solib = gccForLibs_solib; }
-      else if givenLibcxx then
-        { kind = "libc++"; package = libcxx;  solib = libcxx_solib;}
-      else
-      # We're probably using the `libstdc++` that came with our `gcc`.
-      # TODO: this is maybe not always correct?
-      # TODO: what happens when `nativeTools = true`?
-        { kind = "libstdc++"; package = cc; solib = cc_solib; }
-    ;
-
     emacsBufferSetup = pkgs: ''
       ; We should handle propagation here too
       (mapc
@@ -462,13 +443,6 @@ stdenv.mkDerivation {
       echo "-L${gccForLibs}/lib/gcc/${targetPlatform.config}/${gccForLibs.version}" >> $out/nix-support/cc-ldflags
       echo "-L${gccForLibs_solib}/lib" >> $out/nix-support/cc-ldflags
     ''
-    # The above "fix" may be incorrect; gcc.cc.lib doesn't contain a
-    # `target-triple` dir but the correct fix may be to just remove the above?
-    #
-    # For clang it's not necessary (see `--gcc-toolchain` below) and for other
-    # situations adding in the above will bring in lots of other gcc libraries
-    # (i.e. sanitizer libraries, `libatomic`, `libquadmath`) besides just
-    # `libstdc++`; this may actually break clang.
 
     # TODO We would like to connect this to `useGccForLibs`, but we cannot yet
     # because `libcxxStdenv` on linux still needs this. Maybe someday we'll

pkgs/build-support/writers/test.nix

@@ -188,6 +188,7 @@ lib.recurseIntoAttrs {
     fsharp = expectSuccess (makeFSharpWriter {
       libraries = { fetchNuGet }: [
         (fetchNuGet { pname = "FSharp.SystemTextJson"; version = "0.17.4"; sha256 = "1bplzc9ybdqspii4q28l8gmfvzpkmgq5l1hlsiyg2h46w881lwg2"; })
+        (fetchNuGet { pname = "System.Text.Json"; version = "4.6.0"; sha256 = "0ism236hwi0k6axssfq58s1d8lihplwiz058pdvl8al71hagri39"; })
       ];
     } "test-writers-fsharp" ''
       #r "nuget: FSharp.SystemTextJson, 0.17.4"

pkgs/by-name/ht/htb-toolkit/disable-shell-prompt-change.patch

@@ -0,0 +1,307 @@
+--- a/src/main.rs	2024-01-17 23:44:21.346253718 +0100
++++ b/src/main.rs	2024-01-17 23:48:54.536921610 +0100
+@@ -15,7 +15,6 @@
+ use crate::utils::*;
+ use crate::vpn::*;
+ use std::fs;
+-use std::path::Path;
+ use std::process::Command;
+ 
+ #[tokio::main]
+@@ -44,16 +43,6 @@
+             eprintln!("Error creating folder: {}", err);
+         }
+     }
+-    
+-    // Create HTB config file if not existing
+-    let htb_config = format!("{}/.htb.conf", home);
+-
+-    let file = Path::new(&htb_config);
+-    if !file.exists() {
+-        let lines = ["# HTB configuration file.\n\n", "# Enable/Disable shell prompt change\n", "prompt_change=true\n"];
+-        fs::write(&htb_config, lines.join(""))
+-            .expect("Failed to create HTB config file");
+-    }
+ 
+     // Initialize Xorg in WSL for secret-tool popup window
+     if is_wsl() && is_display_zero() {
+@@ -104,13 +93,6 @@
+                 let _ = play_machine(&args[2]).await;
+             }
+         }
+-        "-p" => {
+-            if args.len() < 3 || (args[2] != "true" && args[2] != "false") {
+-                println!("Usage: {} -p <true|false>", args[0]);
+-            } else {
+-                prompt_setting(&args[2]);
+-            }
+-        }
+         "-r" => {
+             reset_machine().await;
+         }
+--- a/src/manage.rs	2024-01-17 22:50:22.450368210 +0100
++++ b/src/manage.rs	2024-01-17 23:49:21.143071918 +0100
+@@ -77,19 +77,14 @@
+     if machine_info.ip.is_empty() { //Starting Point case because SP IP address is assigned only after spawn of the machine
+         machine_info.ip = active_machine.ip;
+     }
+-    let mut user_info = PlayingUser::get_playinguser(&appkey).await;
+ 
+     // SP Machines change IP address when reset, so need to ask to write /etc/hosts
+     if machine_info.sp_flag {
+         let _ = add_hosts(&machine_info);
+     }
+-
+-    change_shell(&mut machine_info, &mut user_info);
+ }
+ 
+ pub async fn stop_machine() {
+-    let htb_path = format!("{}/.htb.conf", env::var("HOME").unwrap());
+-    let htbconfig = HTBConfig::get_current_config(&htb_path);
+     let appkey = get_appkey();
+     let active_machine = ActiveMachine::get_active(&appkey).await;
+ 
+@@ -126,31 +121,9 @@
+ 
+         // Await the result of the blocking task
+         blocking_task.await.expect("Blocking task failed");
+-
+-        if htbconfig.promptchange { //If the prompt is set to change during the playing, when you stop the machine, it should restore the original shell
+-            restore_shell();
+-        }
+     }
+ }
+ 
+-pub fn prompt_setting(option: &str) {
+-    let home = env::var("HOME").unwrap_or_default();
+-    let htb_config = format!("{}/.htb.conf", home);
+-
+-    let content = fs::read_to_string(&htb_config)
+-        .expect("Failed to read HTB config file");
+-
+-    let re = Regex::new(r"prompt_change=\w+")
+-        .expect("Failed to create regular expression");
+-
+-    let new_content = re.replace(&content, format!("prompt_change={}", option));
+-
+-    fs::write(&htb_config, new_content.to_string())
+-        .expect("Failed to write updated content to HTB config file");
+-
+-    println!("Prompt setting updated to: {}", option);
+-}
+-
+ pub async fn update_machines() -> io::Result<()> {
+ 
+     println!("Retrieving updated data from Hack The Box... Gimme some time hackerzzz...");
+--- a/src/play.rs	2024-01-17 22:50:25.709380651 +0100
++++ b/src/play.rs	2024-01-17 23:39:08.715395211 +0100
+@@ -4,7 +4,6 @@
+ use crate::types::*;
+ use crate::utils::*;
+ use crate::vpn::*;
+-use std::env;
+ use std::io::{self,Write};
+ use reqwest::Client;
+ use serde::Serialize;
+@@ -29,8 +28,6 @@
+ pub async fn play_machine(machine_name: &str) -> Result<(), Box<dyn std::error::Error>> {
+     let appkey = get_appkey();
+     let appkey_clone = appkey.clone(); // Clone the necessary data to avoid borrowed value error
+-    let htb_path = format!("{}/.htb.conf", env::var("HOME").unwrap());
+-    let htbconfig = HTBConfig::get_current_config(&htb_path);
+     
+     let mut machine_info = PlayingMachine::get_machine(machine_name, &appkey).await;
+ 
+@@ -103,7 +100,7 @@
+     
+     machine_info.ip = get_ip(&appkey_clone).await; // For Starting Point machines and VIP and VIP+ VPNs, if I call the play API two times on the same machine, the old IP address associated to the machine can still live for some seconds providing a wrong IP related to the new same machine. For this reason, it is better to compute always the IP address (no problems for free VPNs because they associate always the same IP address to the same machine)
+ 
+-    let mut user_info = PlayingUser::get_playinguser(&appkey_clone).await; // Before this it is needed to run HTB VPN to take the Attacker IP address
++    let user_info = PlayingUser::get_playinguser(&appkey_clone).await; // Before this it is needed to run HTB VPN to take the Attacker IP address
+ 
+     let _ = print_banner();
+ 
+@@ -115,10 +112,6 @@
+         println!("{}Hey! You have already found the Root Flag! Keep it up!{}", BGREEN, RESET);
+     }
+ 
+-    if htbconfig.promptchange { //If the prompt is set to change during the playing...
+-        change_shell(&mut machine_info, &mut user_info);
+-    }
+-
+     // Writing /etc/hosts
+     let _ = add_hosts(&machine_info);
+ 
+--- a/src/types.rs	2024-01-17 23:40:14.341769452 +0100
++++ b/src/types.rs	2024-01-17 23:43:14.159871196 +0100
+@@ -2,7 +2,6 @@
+ use crate::colors::*;
+ use crate::utils::get_interface_ip;
+ use core::time::Duration;
+-use std::fs;
+ use std::process;
+ use std::thread::sleep;
+ 
+@@ -485,37 +484,4 @@
+             ip: userip,
+         }
+     }
+-}
+-
+-pub struct HTBConfig {
+-    pub promptchange: bool,
+-}
+-
+-impl HTBConfig {
+-
+-    pub fn get_current_config(htb_config: &str) -> Self {
+-        HTBConfig {
+-            promptchange: Self::get_prompt_change(htb_config),
+-        }
+-    }
+-
+-    fn get_prompt_change(htb_config: &str) -> bool {
+-        let prompt_change = fs::read_to_string(htb_config).expect("Failed to read htconfig.");
+-
+-        let change_prompt = prompt_change.lines()
+-            .find(|line| line.starts_with("prompt_change="))
+-            .map(|line| line.split('=').nth(1).unwrap_or_default())
+-            .unwrap_or_default();
+-
+-        // Convert the change_prompt string to a bool
+-        
+-        match change_prompt {
+-            "true" => true,
+-            "false" => false,
+-            _ => {
+-                // Handle other cases if needed, e.g., return a default value
+-                false
+-            }
+-        }
+-    }
+ }
+\ No newline at end of file
+--- a/src/utils.rs	2024-01-17 23:29:49.215407440 +0100
++++ b/src/utils.rs	2024-01-17 23:46:20.681009209 +0100
+@@ -5,7 +5,6 @@
+ use crate::types::*;
+ use crate::vpn::*;
+ use pnet::datalink;
+-use regex::Regex;
+ use reqwest::Client;
+ use std::fs;
+ use std::net::IpAddr;
+@@ -13,96 +12,6 @@
+ use tokio::io::{AsyncWriteExt, BufWriter};
+ use tokio::sync::mpsc;
+ 
+-pub fn change_shell(machine_info: &mut PlayingMachine, user_info: &mut PlayingUser) {
+-    let result = std::env::var("SHELL").unwrap_or_default();
+-    let mut file_bak = String::new();
+-    let mut file = String::new();
+-    let mut prompt = String::new();
+-    let mut prompt_field = "";
+-
+-    if result.contains("bash") {
+-        file_bak = format!("{}/.bashrc.htb.bak", std::env::var("HOME").unwrap_or_default());
+-        file = format!("{}/.bashrc", std::env::var("HOME").unwrap_or_default());
+-        prompt = format!(
+-            "PS1=\"\\e[32m\\]┌──[Target:{}🚀🌐IP:{}🔥\\e[34m\\]Attacker:{}📡IP:{}\\e[32m\\]🏅Prize:{} points]\\n└──╼[👾]\\\\[\\e[36m\\]\\$(pwd) $ \\[\\e[0m\\]\"",
+-            machine_info.machine.name,
+-            machine_info.ip,
+-            user_info.user.name,
+-            get_interface_ip("tun0").expect("Error on getting tun0 IP address"),
+-            machine_info.machine.points
+-        );
+-        prompt_field = "PS1=.*";
+-    } else if result.contains("fish") {
+-        file_bak = format!("{}/.config/fish/functions/fish_prompt.fish.htb.bak", std::env::var("HOME").unwrap_or_default());
+-        file = format!("{}/.config/fish/functions/fish_prompt.fish", std::env::var("HOME").unwrap_or_default());
+-        prompt = format!(
+-            r#"function fish_prompt
+-    set_color 00ff00
+-    echo -n "┌──[Target:{}🚀🌐IP:{}"
+-    set_color ff00d7
+-    echo -n "🔥Attacker:{}📡IP:{}"
+-    set_color 00ff00
+-    echo "🏅Prize:{} points]"
+-    set_color 00ff00
+-    echo -n "└──╼[👾]"
+-    set_color 00ffff
+-    echo (pwd) '$' (set_color normal)
+-end"#,
+-            machine_info.machine.name,
+-            machine_info.ip,
+-            user_info.user.name,
+-            get_interface_ip("tun0").expect("Error on getting tun0 IP address"),
+-            machine_info.machine.points
+-        );
+-    } else if result.contains("zsh") {
+-        file_bak = format!("{}/.zshrc.htb.bak", std::env::var("HOME").unwrap_or_default());
+-        file = format!("{}/.zshrc", std::env::var("HOME").unwrap_or_default());
+-        prompt = format!(
+-            "PROMPT=\"%F{{46}}┌──[Target:{}🚀🌐IP:{}🔥%F{{201}}Attacker:{}📡IP:{}%F{{46}}🏅Prize:{} points]\"$'\\n'\"└──╼[👾]%F{{44}}%~ $%f \"" ,
+-            machine_info.machine.name,
+-            machine_info.ip,
+-            user_info.user.name,
+-            get_interface_ip("tun0").expect("Error on getting tun0 IP address"),
+-            machine_info.machine.points
+-        );
+-        prompt_field = "PROMPT=.*";
+-    }
+-
+-    if !std::path::Path::new(&file_bak).exists() {
+-        std::fs::copy(&file, &file_bak).unwrap_or_default();
+-    }
+-    
+-    if result.contains("bash") || result.contains("zsh") {
+-        let file_content = std::fs::read_to_string(&file).unwrap_or_default();
+-        let regex = Regex::new(prompt_field).unwrap();
+-        let new_file_content = regex.replace_all(&file_content, prompt);
+-        std::fs::write(&file, new_file_content.as_ref()).unwrap_or_default();
+-    } else if result.contains("fish") {
+-        std::fs::write(&file, &prompt).unwrap_or_default();
+-    }
+-}
+-
+-pub fn restore_shell() {
+-    let result = env::var("SHELL").unwrap_or_default();
+-    let mut file_bak = String::new();
+-    let mut file = String::new();
+-
+-    if result.contains("bash") {
+-        file_bak = format!("{}/.bashrc.htb.bak", env::var("HOME").unwrap());
+-        file = format!("{}/.bashrc", env::var("HOME").unwrap());
+-    } else if result.contains("fish") {
+-        file_bak = format!("{}/.config/fish/functions/fish_prompt.fish.htb.bak", env::var("HOME").unwrap());
+-        file = format!("{}/.config/fish/functions/fish_prompt.fish", env::var("HOME").unwrap());
+-    } else if result.contains("zsh") {
+-        file_bak = format!("{}/.zshrc.htb.bak", env::var("HOME").unwrap());
+-        file = format!("{}/.zshrc", env::var("HOME").unwrap());
+-    }
+-    if fs::metadata(&file).is_ok() && std::path::Path::new(&file_bak).exists() {
+-        //Restore the prompt file from the backup
+-        fs::copy(&file_bak, &file).expect("Failed to copy file");
+-    }
+-}
+-
+ pub fn display_target_info(machine_info: &PlayingMachine, user_info: &PlayingUser) {
+     println!();
+     println!("{}Our secret agent gathered some information about the target:{}", BYELLOW, RESET);
+@@ -184,7 +93,7 @@
+     println!("Play Hack The Box machines directly on your system.");
+     println!();
+     std::thread::sleep(std::time::Duration::from_secs(2)); //Showing the description for some secs before showing the help message
+-    println!("{} [-h] [-a] [-f] [-k] <set|reset|delete> [-m] <machine-name> [-l] <free|retired|starting> [-p] <true|false> [-r] [-s] [-u] [-v] <vpn-name>", env::args().next().unwrap());
++    println!("{} [-h] [-a] [-f] [-k] <set|reset|delete> [-m] <machine-name> [-l] <free|retired|starting> [-r] [-s] [-u] [-v] <vpn-name>", env::args().next().unwrap());
+     println!();
+     println!("Options:");
+     println!("-a                            Print information about the current active machine.");
+@@ -193,7 +102,6 @@
+     println!("-k <set|reset|delete>         Set, reset or delete the Hack The Box App Key.");
+     println!("-m <machine-name>             Specify the machine name to play.");
+     println!("-l <free|retired|starting>    List free, retired or starting point machines.");
+-    println!("-p <true|false>               Set if the shell prompt should be changed.");
+     println!("-r                            Reset the playing machine.");
+     println!("-s                            Stop the playing machine.");
+     println!("-u                            Update free machines in the Red Team menu.");

pkgs/by-name/ht/htb-toolkit/package.nix

@@ -0,0 +1,69 @@
+{ lib
+, rustPlatform
+, fetchFromGitHub
+, pkg-config
+, openssl
+, stdenv
+, darwin
+, coreutils
+, gnome
+, libsecret
+, bash
+, openvpn
+, nerdfonts
+, gzip
+, killall
+}:
+
+rustPlatform.buildRustPackage {
+  pname = "htb-toolkit";
+  version = "unstable-2024-01-17";
+
+  src = fetchFromGitHub {
+    owner = "D3vil0p3r";
+    repo = "htb-toolkit";
+    # https://github.com/D3vil0p3r/htb-toolkit/issues/3
+    rev = "54e11774ea8746ea540548082d3b25c22306b4fc";
+    hash = "sha256-QYUqdqFV9Qn+VbJTnz5hx5I0XV1nrzCoCKtRS7jBLsE=";
+  };
+
+  cargoHash = "sha256-XDE6A6EIAUbuzt8Zb/ROfDAPp0ZyN0WQ4D1gWHjRVhg=";
+
+  # Patch to disable prompt change of the shell when a target machine is run. Needed due to Nix declarative nature
+  patches = [
+    ./disable-shell-prompt-change.patch
+  ];
+
+  nativeBuildInputs = [
+    pkg-config
+  ];
+
+  buildInputs = [
+    gnome.gnome-keyring
+    openssl
+  ] ++ lib.optionals stdenv.isDarwin [
+    darwin.apple_sdk.frameworks.Security
+  ];
+
+  postPatch = ''
+    substituteInPlace src/manage.rs \
+      --replace /usr/share/htb-toolkit/icons/ $out/share/htb-toolkit/icons/
+    substituteInPlace src/utils.rs \
+      --replace /usr/bin/bash ${bash} \
+      --replace "\"base64\"" "\"${coreutils}/bin/base64\"" \
+      --replace "\"gunzip\"" "\"${gzip}/bin/gunzip\""
+    substituteInPlace src/appkey.rs \
+      --replace secret-tool ${lib.getExe libsecret}
+    substituteInPlace src/vpn.rs \
+      --replace "arg(\"openvpn\")" "arg(\"${openvpn}/bin/openvpn\")" \
+      --replace "arg(\"killall\")" "arg(\"${killall}/bin/killall\")"
+  '';
+
+  meta = with lib; {
+    description = "Play Hack The Box directly on your system";
+    homepage = "https://github.com/D3vil0p3r/htb-toolkit";
+    license = licenses.gpl3Plus;
+    maintainers = with maintainers; [ d3vil0p3r ];
+    mainProgram = "htb-toolkit";
+  };
+}

pkgs/by-name/wa/watchdogd/package.nix

@@ -0,0 +1,32 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, pkg-config
+, autoreconfHook
+, libite
+, libuev
+, libconfuse
+}:
+stdenv.mkDerivation rec {
+  pname = "watchdogd";
+  version = "4.0";
+
+  src = fetchFromGitHub {
+    owner = "troglobit";
+    repo = "watchdogd";
+    rev = version;
+    hash = "sha256-JNJj0CJGJXuIRpob2RXYqDRrU4Cn20PRxOjQ6TFsVYQ=";
+  };
+
+  nativeBuildInputs = [ pkg-config autoreconfHook ];
+  buildInputs = [ libite libuev libconfuse ];
+
+  meta = with lib; {
+    description = "Advanced system & process supervisor for Linux";
+    homepage = "https://troglobit.com/watchdogd.html";
+    changelog = "https://github.com/troglobit/watchdogd/releases/tag/${version}";
+    license = licenses.isc;
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ vifino ];
+  };
+}

pkgs/development/cuda-modules/backend-stdenv.nix

@@ -19,12 +19,34 @@ let
   assertCondition = true;
 in
 
+/*
 # We should use libstdc++ at least as new as nixpkgs' stdenv's one.
 assert let
   cxxStdlibCuda = cudaStdenv.cc.cxxStdlib.package;
   cxxStdlibNixpkgs = stdenv.cc.cxxStdlib.package;
+
+  # Expose the C++ standard library we're using. See the comments on "General
+  # libc++ support". This is also relevant when using older gcc than the
+  # stdenv's, as may be required e.g. by CUDAToolkit's nvcc.
+  cxxStdlib = libcxx:
+    let
+      givenLibcxx = libcxx != null && (libcxx.isLLVM or false);
+      givenGccForLibs = libcxx != null && !(libcxx.isLLVM or false) && (libcxx.isGNU or false);
+      libcxx_solib = "${lib.getLib libcxx}/lib";
+    in
+      if (!givenLibcxx) && givenGccForLibs then
+        { kind = "libstdc++"; package = libcxx; solib = libcxx_solib; }
+      else if givenLibcxx then
+        { kind = "libc++"; package = libcxx;  solib = libcxx_solib;}
+      else
+        # We're probably using the `libstdc++` that came with our `gcc`.
+        # TODO: this is maybe not always correct?
+        # TODO: what happens when `nativeTools = true`?
+        { kind = "libstdc++"; package = cc; solib = cc_solib; }
+  ;
 in
 ((stdenv.cc.cxxStdlib.kind or null) == "libstdc++")
 -> lib.versionAtLeast cxxStdlibCuda.version cxxStdlibNixpkgs.version;
+*/
 
 lib.extendDerivation assertCondition passthruExtra cudaStdenv

pkgs/development/cuda-modules/cuda/overrides.nix

@@ -112,7 +112,7 @@ attrsets.filterAttrs (attr: _: (builtins.hasAttr attr prev)) {
         useCcForLibs = true;
         gccForLibs = ccForLibs-wrapper.cc;
       };
-      cxxStdlibDir = ccForLibs-wrapper.cxxStdlib.solib;
+      cxxStdlibDir = ccForLibs-wrapper.cxxStdlib.solib or (throw "necessary to fix CI");
     in
     {
 

pkgs/development/libraries/caf/default.nix

@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "actor-framework";
-  version = "0.19.4";
+  version = "0.19.5";
 
   src = fetchFromGitHub {
     owner = "actor-framework";
     repo = "actor-framework";
     rev = version;
-    hash = "sha256-Qi3nyUSwrYBy8lCP+R6/u/WtnZJcgSwb07pZVScAzcU=";
+    hash = "sha256-G69qZ8aoaRP9Ug+BIhXrYs6xteUG3Zhxbo2O09LEh3s=";
   };
 
   nativeBuildInputs = [ cmake ];

pkgs/development/libraries/intel-gmmlib/default.nix

@@ -9,13 +9,13 @@
 
 stdenv.mkDerivation rec {
   pname = "intel-gmmlib";
-  version = "22.3.16";
+  version = "22.3.17";
 
   src = fetchFromGitHub {
     owner = "intel";
     repo = "gmmlib";
     rev = "intel-gmmlib-${version}";
-    sha256 = "sha256-6cN7qnFpVe362u4o0bZMKlUq1/eCpPZF0nBgon9Eav4=";
+    sha256 = "sha256-9utlENByIQSayKTdSJapLBWMI2gFpOReNZe7bpbEoj8=";
   };
 
   nativeBuildInputs = [ cmake ];

pkgs/development/libraries/kdsoap/default.nix

@@ -11,11 +11,11 @@ let
   cmakeName = if isQt6 then "KDSoap-qt6" else "KDSoap";
 in stdenv.mkDerivation rec {
   pname = "kdsoap";
-  version = "2.1.1";
+  version = "2.2.0";
 
   src = fetchurl {
     url = "https://github.com/KDAB/KDSoap/releases/download/kdsoap-${version}/kdsoap-${version}.tar.gz";
-    sha256 = "sha256-rtV/ayAN33YvXSiY9+kijdBwCIHESRrv5ABvf6X1xic=";
+    sha256 = "sha256-2e8RlIRCGXyfpEvW+63IQrcoCmDfxAV3r2b97WN681Y=";
   };
 
   outputs = [ "out" "dev" ];

pkgs/development/libraries/mbedtls/2.nix

@@ -1,6 +1,6 @@
 { callPackage }:
 
 callPackage ./generic.nix {
-  version = "2.28.5";
-  hash = "sha256-Gl4UQMSvAwYbOi2b/AUMz+zgkOl1o0UA2VveF/3ek8o=";
+  version = "2.28.6";
+  hash = "sha256-1YyA3O0/u7Tcf8rhNmrMGF64/tnitQH65THpXa7N7P8=";
 }

pkgs/development/libraries/mbedtls/3.nix

@@ -1,6 +1,6 @@
 { callPackage }:
 
 callPackage ./generic.nix {
-  version = "3.5.0";
-  hash = "sha256-uHHQmaAmFS8Vd7PrAfRpK+aNi3pJ76XBC7rFWcd16NU=";
+  version = "3.5.1";
+  hash = "sha256-HxsHcGbSExp1aG5yMR/J3kPL4zqnmNoN5T5wfV3APaw=";
 }

pkgs/development/libraries/mbedtls/generic.nix

@@ -52,7 +52,7 @@ stdenv.mkDerivation rec {
     homepage = "https://www.trustedfirmware.org/projects/mbed-tls/";
     changelog = "https://github.com/Mbed-TLS/mbedtls/blob/${pname}-${version}/ChangeLog";
     description = "Portable cryptographic and TLS library, formerly known as PolarSSL";
-    license = licenses.asl20;
+    license = [ licenses.asl20 /* or */ licenses.gpl2Plus ];
     platforms = platforms.all;
     maintainers = with maintainers; [ raphaelr ];
   };

pkgs/development/libraries/openturns/default.nix

@@ -26,13 +26,13 @@
 
 stdenv.mkDerivation rec {
   pname = "openturns";
-  version = "1.21.2";
+  version = "1.22";
 
   src = fetchFromGitHub {
     owner = "openturns";
     repo = "openturns";
     rev = "v${version}";
-    sha256 = "sha256-Zq+Z3jLjdba3566H4RdwztqbRRID5K5yHvoGmgzq8QM=";
+    sha256 = "sha256-ku3/mPoa1YJVJB99R/kWlOubIO+OZAiKfPqS/DrtJQk=";
   };
 
   nativeBuildInputs = [ cmake ] ++ lib.optional enablePython python3Packages.sphinx;

pkgs/development/python-modules/langchain-community/default.nix

@@ -17,7 +17,7 @@
 
 buildPythonPackage rec {
   pname = "langchain-community";
-  version = "0.0.12";
+  version = "0.0.13";
   pyproject = true;
 
   disabled = pythonOlder "3.8";
@@ -25,7 +25,7 @@ buildPythonPackage rec {
   src = fetchPypi {
     pname = "langchain_community";
     inherit version;
-    hash = "sha256-fP42xSsfuGwQldTewM9Gahx1KnRGEE6LOc8PcFEqSFE=";
+    hash = "sha256-z2bG/3/L61gvXojuAN7Op/3spczd2nJQRvKO/Gl8Qac=";
   };
 
   nativeBuildInputs = [

pkgs/development/python-modules/langchain-core/default.nix

@@ -15,7 +15,7 @@
 
 buildPythonPackage rec {
   pname = "langchain-core";
-  version = "0.1.10";
+  version = "0.1.11";
   pyproject = true;
 
   disabled = pythonOlder "3.8";
@@ -23,7 +23,7 @@ buildPythonPackage rec {
   src = fetchPypi {
     pname = "langchain_core";
     inherit version;
-    hash = "sha256-PJ4TgyZMEC/Mb4ZXANu5QWxJMaJdCsIZX2MRxrhnqhc=";
+    hash = "sha256-StS1ltv9vIOTyW1AmDuXrsFlqwumZDC+rnPj2HnBOg0=";
   };
 
   nativeBuildInputs = [

pkgs/development/python-modules/onnx/default.nix

@@ -7,13 +7,16 @@
 , nbval
 , numpy
 , parameterized
-, protobuf
+, protobuf_21
 , pybind11
 , pytestCheckHook
 , pythonOlder
 , tabulate
 , typing-extensions
 , abseil-cpp
+, google-re2
+, pillow
+, protobuf
 }:
 
 let
@@ -39,9 +42,13 @@ in buildPythonPackage rec {
 
   buildInputs = [
     abseil-cpp
+    protobuf
+    google-re2
+    pillow
   ];
 
   propagatedBuildInputs = [
+    protobuf_21
     protobuf
     numpy
     typing-extensions
@@ -66,10 +73,6 @@ in buildPythonPackage rec {
       --replace 'include(googletest)' ""
     substituteInPlace cmake/unittest.cmake \
       --replace 'googletest)' ')'
-  '' + ''
-      # remove this override in 1.15 that will enable to set the CMAKE_CXX_STANDARD with cmakeFlags
-      substituteInPlace CMakeLists.txt \
-        --replace 'CMAKE_CXX_STANDARD 11' 'CMAKE_CXX_STANDARD 17'
   '';
 
   preConfigure = ''

pkgs/development/python-modules/pydata-sphinx-theme/default.nix

@@ -12,7 +12,7 @@
 
 buildPythonPackage rec {
   pname = "pydata-sphinx-theme";
-  version = "0.15.1";
+  version = "0.15.2";
 
   format = "wheel";
 
@@ -23,7 +23,7 @@ buildPythonPackage rec {
     dist = "py3";
     python = "py3";
     pname = "pydata_sphinx_theme";
-    hash = "sha256-Bk776WE3vQrKuAQTdZ8ds4pCtR4kKbFZr3XEOnWQMgs=";
+    hash = "sha256-DF+h+pipsm2uWQZm/1dvJ+Jse6cI/udU7Lngc1ntRYg=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/pytoolconfig/default.nix

@@ -18,7 +18,7 @@
 
 buildPythonPackage rec {
   pname = "pytoolconfig";
-  version = "1.3.0";
+  version = "1.3.1";
   pyproject = true;
 
   disabled = pythonOlder "3.8";
@@ -27,7 +27,7 @@ buildPythonPackage rec {
     owner = "bagel897";
     repo = "pytoolconfig";
     rev = "refs/tags/v${version}";
-    hash = "sha256-V7dANGnvhBhRy8IyO/gg73BMwpWRaV/xTF8JmRC7DPA=";
+    hash = "sha256-h21SDgVsnCDZQf5GS7sFE19L/p+OlAFZGEYKc0RHn30=";
   };
 
   outputs = [

pkgs/development/python-modules/zconfig/default.nix

@@ -1,32 +1,62 @@
 { lib
 , stdenv
-, fetchPypi
 , buildPythonPackage
-, zope-testrunner
-, manuel
 , docutils
+, fetchPypi
+, manuel
 , pygments
+, pytestCheckHook
+, pythonOlder
+, setuptools
+, zope-testrunner
 }:
 
 buildPythonPackage rec {
-  pname = "ZConfig";
-  version = "3.6.1";
+  pname = "zconfig";
+  version = "4.0";
+  pyproject = true;
+
+  disabled = pythonOlder "3.7";
 
   src = fetchPypi {
-    inherit pname version;
-    hash = "sha256-RCLH1mOvdizXeVd1NmvGpnq0QKGreW6w90JbDpA08HY=";
+    pname = "ZConfig";
+    inherit version;
+    hash = "sha256-+NZC+6a6mNCGMb4sH3GtGVfAUf70qj0/ufHgjcYdAVY=";
   };
 
   patches = lib.optional stdenv.hostPlatform.isMusl ./remove-setlocale-test.patch;
 
-  buildInputs = [ manuel docutils ];
-  propagatedBuildInputs = [ zope-testrunner ];
-  nativeCheckInputs = [ pygments ];
+  nativeBuildInputs = [
+    setuptools
+  ];
+
+  buildInputs = [
+    docutils
+    manuel
+  ];
+
+  propagatedBuildInputs = [
+    zope-testrunner
+  ];
+
+  nativeCheckInputs = [
+    pygments
+    pytestCheckHook
+  ];
+
+  pythonImportsCheck = [
+    "ZConfig"
+  ];
+
+  pytestFlagsArray = [
+    "-s"
+  ];
 
   meta = with lib; {
     description = "Structured Configuration Library";
-    homepage = "https://pypi.python.org/pypi/ZConfig";
+    homepage = "https://github.com/zopefoundation/ZConfig";
+    changelog = "https://github.com/zopefoundation/ZConfig/blob/${version}/CHANGES.rst";
     license = licenses.zpl20;
-    maintainers = [ maintainers.goibhniu ];
+    maintainers = with maintainers; [ goibhniu ];
   };
 }

pkgs/development/tools/analysis/brakeman/Gemfile.lock

@@ -1,7 +1,9 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    brakeman (6.1.0)
+    brakeman (6.1.1)
+      racc
+    racc (1.7.3)
 
 PLATFORMS
   ruby
@@ -10,4 +12,4 @@ DEPENDENCIES
   brakeman
 
 BUNDLED WITH
-   2.4.22
+   2.5.3

pkgs/development/tools/analysis/brakeman/gemset.nix

@@ -1,12 +1,23 @@
 {
   brakeman = {
+    dependencies = ["racc"];
     groups = ["default"];
     platforms = [];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "00vlip5z1gc1npj1nxvcy2gvwya4fk01xzyhazkhz3ymdn9nch0d";
+      sha256 = "1ahkss5xpdw7vwykyd5kba74cs4r987fcn7ad5qvzhzhqdariqvy";
       type = "gem";
     };
-    version = "6.1.0";
+    version = "6.1.1";
+  };
+  racc = {
+    groups = ["default"];
+    platforms = [];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "01b9662zd2x9bp4rdjfid07h09zxj7kvn7f5fghbqhzc625ap1dp";
+      type = "gem";
+    };
+    version = "1.7.3";
   };
 }

pkgs/development/tools/revive/default.nix

@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "revive";
-  version = "1.3.5";
+  version = "1.3.6";
 
   src = fetchFromGitHub {
     owner = "mgechev";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-yHsEELeBG/dgV1uaYTOfvVVZQZ+AG1kKx86tn9GI+RA=";
+    sha256 = "sha256-0s90Q07D/a0n/SVgMOnjje9pSCWJOzRx5jH+t9th4rs=";
     # populate values that require us to use git. By doing this in postFetch we
     # can delete .git afterwards and maintain better reproducibility of the src.
     leaveDotGit = true;
@@ -18,7 +18,7 @@ buildGoModule rec {
       rm -rf $out/.git
     '';
   };
-  vendorHash = "sha256-hNLHVx3zuCheSfY6TSixfJj/76JQ9nOW+mBquIZCgSk=";
+  vendorHash = "sha256-rFFgh/BWEejqrhCzCeGWa2AfiNd8dYDvCKvcpXk42nY=";
 
   ldflags = [
     "-s"
@@ -35,7 +35,7 @@ buildGoModule rec {
 
   # The following tests fail when built by nix:
   #
-  # $ nix log /nix/store/build-revive.1.3.5.drv | grep FAIL
+  # $ nix log /nix/store/build-revive.1.3.6.drv | grep FAIL
   #
   # --- FAIL: TestAll (0.01s)
   # --- FAIL: TestTimeEqual (0.00s)

pkgs/development/tools/rust/cargo-show-asm/default.nix

@@ -9,14 +9,14 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "cargo-show-asm";
-  version = "0.2.25";
+  version = "0.2.28";
 
   src = fetchCrate {
     inherit pname version;
-    hash = "sha256-jIOJr0saR+k++bPlYsf9LzWCJEDC/DHb6KjRonhAImA=";
+    hash = "sha256-DZKl3FRgBzrgKDl/eVOFRW2jZXT8ul+ZgZbBxZcmgss=";
   };
 
-  cargoHash = "sha256-kp6bZQjmI4enJvxOX8L0c3ZlqohZn6uKYnjrrxd/Hjg=";
+  cargoHash = "sha256-QaRqrd4wHuMfAYy/vqkwdoWB1BDGx0YyjvFNqjSOM2I=";
 
   nativeBuildInputs = [
     installShellFiles

pkgs/development/tools/turso-cli/default.nix

@@ -8,13 +8,13 @@
 }:
 buildGo121Module rec {
   pname = "turso-cli";
-  version = "0.87.8";
+  version = "0.88.2";
 
   src = fetchFromGitHub {
     owner = "tursodatabase";
     repo = "turso-cli";
     rev = "v${version}";
-    hash = "sha256-7JdWAMMNOBRWx2sU8mQ2kLZBVDsXaVszlOQos2Ybiy4=";
+    hash = "sha256-9lnqjkDGQRu487Me895h/dyWDIVImQkU9bEiafjTbb8=";
   };
 
   vendorHash = "sha256-rTeW2RQhcdwJTAMQELm4cdObJbm8gk/I2Qz3Wk3+zpI=";

pkgs/games/naev/default.nix

@@ -26,13 +26,13 @@
 
 stdenv.mkDerivation rec {
   pname = "naev";
-  version = "0.11.0";
+  version = "0.11.2";
 
   src = fetchFromGitHub {
     owner = "naev";
     repo = "naev";
     rev = "v${version}";
-    sha256 = "sha256-JTXZzxjfnD3OKZq1wms9bPwIBXyu9FuZB6hvH7HwvRI=";
+    sha256 = "sha256-G6FsZnRWNTFjsIpQsxYcZhlyjhMUaalNlmLpYGQar0E=";
     fetchSubmodules = true;
   };
 

pkgs/os-specific/linux/eventstat/default.nix

@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "eventstat";
-  version = "0.05.01";
+  version = "0.06.00";
 
   src = fetchFromGitHub {
     owner = "ColinIanKing";
     repo = pname;
     rev = "V${version}";
-    hash = "sha256-raODDA1EKtZThFg0NV6EfrWj5mSQNaiekywfOfAvYXI=";
+    hash = "sha256-lCtXILpZn1/laRnsfE5DlQQQKKvfHxOJu87SkpWKeTE=";
   };
 
   buildInputs = [ ncurses ];

pkgs/os-specific/linux/mdevctl/default.nix

@@ -7,14 +7,14 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "mdevctl";
-  version = "1.2.0";
+  version = "1.3.0";
 
   src = fetchCrate {
     inherit pname version;
-    hash = "sha256-0X/3DWNDPOgSNNTqcj44sd7DNGFt+uGBjkc876dSgU8=";
+    hash = "sha256-4K4NW3DOTtzZJ7Gg0mnRPr88YeqEjTtKX+C4P8i923E=";
   };
 
-  cargoHash = "sha256-TmumQBWuH5fJOe2qzcDtEGbmCs2G9Gfl8mH7xifzRGc=";
+  cargoHash = "sha256-hCqNy32uPLsKfUJqiG2DRcXfqdvlp4bCutQmt+FieXc=";
 
   nativeBuildInputs = [
     docutils

pkgs/os-specific/linux/sasutils/default.nix

@@ -2,13 +2,13 @@
 
 python3Packages.buildPythonApplication rec {
   pname = "sasutils";
-  version = "0.4.0";
+  version = "0.5.0";
 
   src = fetchFromGitHub {
     owner = "stanford-rc";
     repo = pname;
     rev = "refs/tags/v${version}";
-    sha256 = "sha256-9JRw+UoxU0I5RHuimzYrM/3j8UWHuicVpoOdRRrj2Wc=";
+    sha256 = "sha256-DK0mEqlPf9UGtUxqbzB0l1xX0P4htYm2NYvV7zilhx0=";
   };
 
   nativeBuildInputs = [ installShellFiles ];

pkgs/servers/http/darkhttpd/default.nix

@@ -5,13 +5,13 @@
 
 stdenv.mkDerivation rec {
   pname = "darkhttpd";
-  version = "1.14";
+  version = "1.15";
 
   src = fetchFromGitHub {
     owner = "emikulic";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-J/tjT3Rfhk5++jbmLBrZu9O4GgTBqeycuz82NliCBxw=";
+    sha256 = "sha256-G1lh3nHo2iU/dkiBykl5+DSIC2c6SCqqv42Bw0Frz3A=";
   };
 
   enableParallelBuilding = true;

pkgs/servers/metabase/default.nix

@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "metabase";
-  version = "0.48.1";
+  version = "0.48.2";
 
   src = fetchurl {
     url = "https://downloads.metabase.com/v${version}/metabase.jar";
-    hash = "sha256-lU9HrX4/OUQNyI6gi5AYbYhjwkK8mWAIsdM4Tq87JAw=";
+    hash = "sha256-KY+/PNpmGgLyk3O55KkYL6Ev1v4G329Wp4GajKSn9zo=";
   };
 
   nativeBuildInputs = [ makeWrapper ];

pkgs/servers/sql/rqlite/default.nix

@@ -5,16 +5,16 @@
 
 buildGoModule rec {
   pname = "rqlite";
-  version = "8.13.2";
+  version = "8.16.3";
 
   src = fetchFromGitHub {
     owner = "rqlite";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-YwwA9oqMJuHWaJ7zcSLJjbq3urIyUe6aZZS4kEeq7/8=";
+    sha256 = "sha256-rgA2OGw5a3J/13864jArqK0BInQSN/7U7wvZ4Yv3+2g=";
   };
 
-  vendorHash = "sha256-qNI3SJdgaBi78Tvsd+RJ52vKZrbUQdEaEG/zTDKX0J4=";
+  vendorHash = "sha256-DTQiWE31rI0stANvc75Anguo5ymq8hH1vdZIZ5t4JLI=";
 
   subPackages = [ "cmd/rqlite" "cmd/rqlited" "cmd/rqbench" ];
 

pkgs/tools/admin/salt/default.nix

@@ -11,12 +11,12 @@
 
 python3.pkgs.buildPythonApplication rec {
   pname = "salt";
-  version = "3006.4";
+  version = "3006.5";
   format = "setuptools";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-0JeIXDPCz6oMzcYnylcNZ2kMjQN9x4Ab6IeIvMoQNq4=";
+    hash = "sha256-b5aH8lQt3ICEsXy0fwpMr9SJQBI7o+1XMfaqgf5/lz4=";
   };
 
   patches = [

pkgs/tools/misc/chafa/default.nix

@@ -4,14 +4,14 @@
 }:
 
 stdenv.mkDerivation rec {
-  version = "1.12.5";
+  version = "1.14.0";
   pname = "chafa";
 
   src = fetchFromGitHub {
     owner = "hpjansson";
     repo = "chafa";
     rev = version;
-    sha256 = "sha256-2li2Vp+W4Q2/8WY8FJ519BuVR9KzddIJ1j/GY/hLMZo=";
+    sha256 = "sha256-7l8+WD5/5uBXVnhwqiEScIEQ1dg0W2zqqZJ2AeKCZRU=";
   };
 
   nativeBuildInputs = [ autoconf

pkgs/tools/misc/sacad/default.nix

@@ -2,11 +2,11 @@
 
 python3Packages.buildPythonApplication rec {
   pname = "sacad";
-  version = "2.4.0";
+  version = "2.7.5";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-KLVkyiXjpqskM67W9uPl9aPKc3pYMu0nAfwI0OpOniE=";
+    sha256 = "sha256-ZJPcxKc0G8V7x9nyzKXaXpfNpMB3/qRoX0d4lfBZTFY=";
   };
 
   propagatedBuildInputs = with python3Packages; [

pkgs/tools/misc/trillian/default.nix

@@ -5,14 +5,14 @@
 
 buildGoModule rec {
   pname = "trillian";
-  version = "1.5.3";
-  vendorHash = "sha256-DsdkTYRQQjTCArD3bo1al8enFzjfT7DVfmjK5KUqPDI=";
+  version = "1.6.0";
+  vendorHash = "sha256-tLhq6ILiKzFM1lIK0DbiIKsn1NWEI168BMaf/MOAtEo=";
 
   src = fetchFromGitHub {
     owner = "google";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-fXqoe59JU5efAo5ByJ4027oqHakNCTvAtAq48MJZ9ZE=";
+    sha256 = "sha256-YHwT+ddVRyHkmXkw2vROL4PS948pOMj9UwOtHorbTAQ=";
   };
 
   subPackages = [

pkgs/tools/networking/mockoon/default.nix

@@ -5,11 +5,11 @@
 
 let
   pname = "mockoon";
-  version = "6.0.1";
+  version = "6.1.0";
 
   src = fetchurl {
     url = "https://github.com/mockoon/mockoon/releases/download/v${version}/mockoon-${version}.AppImage";
-    hash = "sha256-aV+jM/XxXbjkStSZE4x8qtrtYX/yKbye4WjO9PiaNQ4=";
+    hash = "sha256-harZU3TTIzfJoY/jAQI0dm7YSOr24Y9xk9L5ZaBLdD8=";
   };
 
   appimageContents = appimageTools.extractType2 {

pkgs/tools/networking/s3cmd/default.nix

@@ -2,13 +2,13 @@
 
 buildPythonApplication rec {
   pname = "s3cmd";
-  version = "2.3.0";
+  version = "2.4.0";
 
   src = fetchFromGitHub {
     owner = "s3tools";
     repo = "s3cmd";
     rev = "refs/tags/v${version}";
-    sha256 = "sha256-nb4WEH8ELaG/bIe4NtjD4p99VJoG90UQ662iWyvnr2U=";
+    sha256 = "sha256-cxwf6+9WFt3U7+JdKRgZxFElD+Dgf2P2VyejHVoiDJk=";
   };
 
   propagatedBuildInputs = [ python-magic python-dateutil ];

pkgs/tools/package-management/npm-check-updates/default.nix

@@ -5,16 +5,16 @@
 
 buildNpmPackage rec {
   pname = "npm-check-updates";
-  version = "16.14.0";
+  version = "16.14.12";
 
   src = fetchFromGitHub {
     owner = "raineorshine";
     repo = "npm-check-updates";
     rev = "v${version}";
-    hash = "sha256-X8Mu4Fd650H7eA2nfoefmr4jW974qLBLurmj2H4t7xY=";
+    hash = "sha256-3/DaEgPF9+wofYqA1XrJul4/cNGuGeXAeRg0HW0O+Ok=";
   };
 
-  npmDepsHash = "sha256-wm7/WlzqfE7DOT0jUTXBivlC9J8dyHa/OVSgi2SdO5w=";
+  npmDepsHash = "sha256-zUJKuiMycVCuXMh6caMzmi6qpgknVsvmqV3XykhlSBI=";
 
   meta = {
     changelog = "https://github.com/raineorshine/npm-check-updates/blob/${src.rev}/CHANGELOG.md";

pkgs/tools/security/osv-scanner/default.nix

@@ -6,16 +6,16 @@
 }:
 buildGoModule rec {
   pname = "osv-scanner";
-  version = "1.5.0";
+  version = "1.6.1";
 
   src = fetchFromGitHub {
     owner = "google";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-wWycONThNIqiSbpsopsc9AbAxOToWkTiNzkJ2I8Z0t4=";
+    hash = "sha256-ddzdOk2sHNzjCM4cLJY+H9h13MjamlC1RYcnOcDGV4M=";
   };
 
-  vendorHash = "sha256-CiRvryjBp3nUrPRxNqM88p4856yT+BuIsjvYuE+DmqI=";
+  vendorHash = "sha256-9cE4UcQipJYwQDZA4jlcV68BBTgft7oRVlngg/PAmWI=";
 
   subPackages = [
     "cmd/osv-scanner"
@@ -24,7 +24,7 @@ buildGoModule rec {
   ldflags = [
     "-s"
     "-w"
-    "-X main.version=${version}"
+    "-X github.com/google/osv-scanner/internal/version.OSVVersion=${version}"
     "-X main.commit=n/a"
     "-X main.date=1970-01-01T00:00:00Z"
   ];

pkgs/tools/security/vaultwarden/webvault.nix

@@ -7,13 +7,13 @@
 }:
 
 let
-  version = "2024.1.1";
+  version = "2024.1.1b";
 
   bw_web_builds = fetchFromGitHub {
     owner = "dani-garcia";
     repo = "bw_web_builds";
     rev = "v${version}";
-    hash = "sha256-xtfpxcJLP0C4FdnO45gsaecOWJ/cKC++Abm7iatTH1Y=";
+    hash = "sha256-jdr+3sIFdKmi0CI3TyFv+wCbhOBJECKQtx+X5EZjRsQ=";
   };
 
 in buildNpmPackage rec {
@@ -30,7 +30,7 @@ in buildNpmPackage rec {
   npmDepsHash = "sha256-IJ5JVz9hHu3NOzFJAyzfhsMfPQgYQGntDEDuBMI/iZc=";
 
   postPatch = ''
-    cp -r ${bw_web_builds}/{patches,resources} ..
+    ln -s ${bw_web_builds}/{patches,resources} ..
     PATH="${git}/bin:$PATH" VAULT_VERSION="${lib.removePrefix "web-" src.rev}" \
       bash ${bw_web_builds}/scripts/apply_patches.sh
   '';
@@ -66,6 +66,7 @@ in buildNpmPackage rec {
   meta = with lib; {
     description = "Integrates the web vault into vaultwarden";
     homepage = "https://github.com/dani-garcia/bw_web_builds";
+    changelog = "https://github.com/dani-garcia/bw_web_builds/releases/tag/v${version}";
     platforms = platforms.all;
     license = licenses.gpl3Plus;
     maintainers = with maintainers; [ dotlambda msteen mic92 ];

pkgs/tools/wayland/hyprland-per-window-layout/default.nix

@@ -2,16 +2,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "hyprland-per-window-layout";
-  version = "2.5";
+  version = "2.6";
 
   src = fetchFromGitHub {
     owner = "coffebar";
     repo = pname;
     rev = version;
-    hash = "sha256-muEM0jRNZ8osuZ6YSyNPFD/2IuXoNbR28It9cKeJwZ4=";
+    hash = "sha256-g6cFZXEWKB9IxP/ARe788tXFpDofJNDWMwUU15yKYhA=";
   };
 
-  cargoHash = "sha256-g7VCjxrf6qP6KcTNhHzFEFwP4EiIRTnjK6n93FGee54=";
+  cargoHash = "sha256-kVu81NnwcKksHeS5ZM/SgTuh2olMgdBBxY3cJxwuW0Q=";
 
   meta = with lib; {
     description = "Per window keyboard layout (language) for Hyprland wayland compositor";