Merge master into staging-next

lib/tests/modules.sh

@@ -313,7 +313,7 @@ checkConfigOutput "bar" config.priorities ./raw.nix
 
 ## Option collision
 checkConfigError \
-  'The option .set. in module .*/declare-set.nix. would be a parent of the following options, but its type .attribute set of signed integers. does not support nested options.\n\s*- option[(]s[)] with prefix .set.enable. in module .*/declare-enable-nested.nix.' \
+  'The option .set. in module .*/declare-set.nix. would be a parent of the following options, but its type .attribute set of signed integer. does not support nested options.\n\s*- option[(]s[)] with prefix .set.enable. in module .*/declare-enable-nested.nix.' \
   config.set \
   ./declare-set.nix ./declare-enable-nested.nix
 

lib/types.nix

@@ -397,7 +397,7 @@ rec {
 
     listOf = elemType: mkOptionType rec {
       name = "listOf";
-      description = "list of ${elemType.description}s";
+      description = "list of ${elemType.description}";
       check = isList;
       merge = loc: defs:
         map (x: x.value) (filter (x: x ? value) (concatLists (imap1 (n: def:
@@ -426,7 +426,7 @@ rec {
 
     attrsOf = elemType: mkOptionType rec {
       name = "attrsOf";
-      description = "attribute set of ${elemType.description}s";
+      description = "attribute set of ${elemType.description}";
       check = isAttrs;
       merge = loc: defs:
         mapAttrs (n: v: v.value) (filterAttrs (n: v: v ? value) (zipAttrsWith (name: defs:
@@ -449,7 +449,7 @@ rec {
     # error that it's not defined. Use only if conditional definitions don't make sense.
     lazyAttrsOf = elemType: mkOptionType rec {
       name = "lazyAttrsOf";
-      description = "lazy attribute set of ${elemType.description}s";
+      description = "lazy attribute set of ${elemType.description}";
       check = isAttrs;
       merge = loc: defs:
         zipAttrsWith (name: defs:

nixos/modules/security/wrappers/wrapper.c

@@ -2,12 +2,12 @@
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
+#include <stdnoreturn.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/xattr.h>
 #include <fcntl.h>
 #include <dirent.h>
-#include <assert.h>
 #include <errno.h>
 #include <linux/capability.h>
 #include <sys/prctl.h>
@@ -16,10 +16,7 @@
 #include <syscall.h>
 #include <byteswap.h>
 
-// Make sure assertions are not compiled out, we use them to codify
-// invariants about this program and we want it to fail fast and
-// loudly if they are violated.
-#undef NDEBUG
+#define ASSERT(expr) ((expr) ? (void) 0 : assert_failure(#expr))
 
 extern char **environ;
 
@@ -38,6 +35,12 @@ static char *wrapper_debug = "WRAPPER_DEBUG";
 #define LE32_TO_H(x) (x)
 #endif
 
+static noreturn void assert_failure(const char *assertion) {
+    fprintf(stderr, "Assertion `%s` in NixOS's wrapper.c failed.\n", assertion);
+    fflush(stderr);
+    abort();
+}
+
 int get_last_cap(unsigned *last_cap) {
     FILE* file = fopen("/proc/sys/kernel/cap_last_cap", "r");
     if (file == NULL) {
@@ -167,6 +170,7 @@ int readlink_malloc(const char *p, char **ret) {
 }
 
 int main(int argc, char **argv) {
+    ASSERT(argc >= 1);
     char *self_path = NULL;
     int self_path_size = readlink_malloc("/proc/self/exe", &self_path);
     if (self_path_size < 0) {
@@ -181,36 +185,36 @@ int main(int argc, char **argv) {
     int len = strlen(wrapper_dir);
     if (len > 0 && '/' == wrapper_dir[len - 1])
       --len;
-    assert(!strncmp(self_path, wrapper_dir, len));
-    assert('/' == wrapper_dir[0]);
-    assert('/' == self_path[len]);
+    ASSERT(!strncmp(self_path, wrapper_dir, len));
+    ASSERT('/' == wrapper_dir[0]);
+    ASSERT('/' == self_path[len]);
 
     // Make *really* *really* sure that we were executed as
     // `self_path', and not, say, as some other setuid program. That
     // is, our effective uid/gid should match the uid/gid of
     // `self_path'.
     struct stat st;
-    assert(lstat(self_path, &st) != -1);
+    ASSERT(lstat(self_path, &st) != -1);
 
-    assert(!(st.st_mode & S_ISUID) || (st.st_uid == geteuid()));
-    assert(!(st.st_mode & S_ISGID) || (st.st_gid == getegid()));
+    ASSERT(!(st.st_mode & S_ISUID) || (st.st_uid == geteuid()));
+    ASSERT(!(st.st_mode & S_ISGID) || (st.st_gid == getegid()));
 
     // And, of course, we shouldn't be writable.
-    assert(!(st.st_mode & (S_IWGRP | S_IWOTH)));
+    ASSERT(!(st.st_mode & (S_IWGRP | S_IWOTH)));
 
     // Read the path of the real (wrapped) program from <self>.real.
     char real_fn[PATH_MAX + 10];
     int real_fn_size = snprintf(real_fn, sizeof(real_fn), "%s.real", self_path);
-    assert(real_fn_size < sizeof(real_fn));
+    ASSERT(real_fn_size < sizeof(real_fn));
 
     int fd_self = open(real_fn, O_RDONLY);
-    assert(fd_self != -1);
+    ASSERT(fd_self != -1);
 
     char source_prog[PATH_MAX];
     len = read(fd_self, source_prog, PATH_MAX);
-    assert(len != -1);
-    assert(len < sizeof(source_prog));
-    assert(len > 0);
+    ASSERT(len != -1);
+    ASSERT(len < sizeof(source_prog));
+    ASSERT(len > 0);
     source_prog[len] = 0;
 
     close(fd_self);

nixos/modules/services/misc/nitter.nix

@@ -277,7 +277,7 @@ in
           Add settings here to override NixOS module generated settings.
 
           Check the official repository for the available settings:
-          https://github.com/zedeus/nitter/blob/master/nitter.conf
+          https://github.com/zedeus/nitter/blob/master/nitter.example.conf
         '';
       };
 

pkgs/applications/networking/cluster/k0sctl/default.nix

@@ -1,20 +1,29 @@
 { lib
 , buildGoModule
 , fetchFromGitHub
+, fetchpatch
+, installShellFiles
 }:
 
 buildGoModule rec {
   pname = "k0sctl";
-  version = "0.11.4";
+  version = "0.12.6";
 
   src = fetchFromGitHub {
     owner = "k0sproject";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-Fk1aYSa3LqzxiHtlzH5pcNtodOprjfnCFh4UMqCa6Rc=";
+    sha256 = "sha256-TkkMO6xBHY5t5Rpd0ieSDXMrnQ+Xdq+65Rk93ZkYcUs=";
   };
 
-  vendorSha256 = "sha256-21C6wZ8lKQnbUg3aD0ZFVOgopblXyWk4WP/ubZVk3Yk=";
+  vendorSha256 = "sha256-nTAuvHcsJiW0XYX5GM1SL8cnOhwdrj6iw8tuAkEWNzQ=";
+
+  patches = [
+    (fetchpatch {
+      url = "https://github.com/k0sproject/${pname}/commit/22c694ab0335a1e6146d0d3f939ef79d2c005a3d.patch";
+      sha256 = "sha256-Ftq/vbQd5ArdHboDt6NdyuqpFalHVnsQBdpmyDG/t5Q=";
+    })
+  ];
 
   ldflags = [
     "-s"
@@ -23,6 +32,15 @@ buildGoModule rec {
     "-X github.com/k0sproject/k0sctl/version.Version=${version}"
   ];
 
+  nativeBuildInputs = [ installShellFiles ];
+
+  postInstall = ''
+    for shell in bash zsh fish; do
+      installShellCompletion --cmd ${pname} \
+        --$shell <($out/bin/${pname} completion --shell $shell)
+    done
+  '';
+
   meta = with lib; {
     description = "A bootstrapping and management tool for k0s clusters.";
     homepage = "https://k0sproject.io/";

pkgs/applications/networking/cluster/tilt/default.nix

@@ -5,13 +5,13 @@ buildGoModule rec {
   /* Do not use "dev" as a version. If you do, Tilt will consider itself
     running in development environment and try to serve assets from the
     source tree, which is not there once build completes.  */
-  version = "0.26.3";
+  version = "0.30.0";
 
   src = fetchFromGitHub {
     owner  = "tilt-dev";
     repo   = pname;
     rev    = "v${version}";
-    sha256 = "sha256-jrVf6vNlEkTgALS93o3kIiticvsyFHm5oA2Fh1edAGY=";
+    sha256 = "sha256-bZYm9T3NRNNtT8RDGwnXcXC7Rb/GuIxI/U06By4gR/w=";
   };
   vendorSha256 = null;
 

pkgs/applications/video/mpc-qt/default.nix

@@ -1,23 +1,16 @@
-{ lib, stdenv, mkDerivation, fetchFromGitLab, fetchpatch, pkg-config, qmake, qtx11extras, qttools, mpv }:
+{ lib, stdenv, mkDerivation, fetchFromGitHub, pkg-config, qmake, qtx11extras, qttools, mpv }:
 
 mkDerivation rec {
   pname = "mpc-qt";
-  version = "2019-06-09";
+  version = "22.02";
 
-  src = fetchFromGitLab {
+  src = fetchFromGitHub {
     owner = "mpc-qt";
     repo = "mpc-qt";
-    rev = "2abe6e7fc643068d50522468fe75d614861555ad";
-    sha256 = "1cis8dl9pm91mpnp696zvwsfp96gkwr8jgs45anbwd7ldw78w4x5";
+    rev = "v${version}";
+    sha256 = "sha256-DRbNDrWnaTT4A0dRFAv9MX/MDwV/rXIw+R8fQJmVN+g=";
   };
 
-  patches = [
-    (fetchpatch {
-      url = "https://gitlab.com/mpc-qt/mpc-qt/-/commit/02f2bc7a22e863a89ba322b9acb61cf1aef23ba0.diff";
-      sha256 = "0khld55i194zgi18d0wch5459lfzzkbfdbl1im8akvq8ks5xijis";
-    })
-  ];
-
   nativeBuildInputs = [ pkg-config qmake qttools ];
 
   buildInputs = [ mpv qtx11extras ];
@@ -26,7 +19,7 @@ mkDerivation rec {
 
   meta = with lib; {
     description = "Media Player Classic Qute Theater";
-    homepage = "https://gitlab.com/mpc-qt/mpc-qt";
+    homepage = "https://mpc-qt.github.io";
     license = licenses.gpl2;
     platforms = platforms.unix;
     broken = stdenv.isDarwin;

pkgs/development/libraries/bullet/default.nix

@@ -11,13 +11,13 @@
 
 stdenv.mkDerivation rec {
   pname = "bullet";
-  version = "3.22b";
+  version = "3.23";
 
   src = fetchFromGitHub {
     owner = "bulletphysics";
     repo = "bullet3";
     rev = version;
-    sha256 = "sha256-hf2b7enh9mziPKFcdU8NwLdhcxhV7Ididf9Bwwa+5/M=";
+    sha256 = "sha256-XZpwCVfSJD3W93BJrGefy3dGrevNzChU+TrKalMpY4Q=";
   };
 
   nativeBuildInputs = [ cmake ];

pkgs/development/libraries/libdigidocpp/default.nix

@@ -2,12 +2,12 @@
 , xercesc, xml-security-c, pkg-config, xsd, zlib, xalanc, xxd }:
 
 stdenv.mkDerivation rec {
-  version = "3.14.7";
+  version = "3.14.8";
   pname = "libdigidocpp";
 
   src = fetchurl {
      url = "https://github.com/open-eid/libdigidocpp/releases/download/v${version}/libdigidocpp-${version}.tar.gz";
-     sha256 = "sha256-QdctW2+T8kPNUJv30pXZ/qfnw1Uhq6gScSjUI+bZMfY=";
+     sha256 = "sha256-U5i5IAyJF4359q6M6mQemEuG7+inPYIXqLy8GHv4dkg=";
   };
 
   nativeBuildInputs = [ cmake pkg-config xxd ];

pkgs/development/nim-packages/jsony/default.nix

@@ -2,13 +2,13 @@
 
 buildNimPackage rec {
   pname = "jsony";
-  version = "1.1.3";
+  version = "d0e69bddf83874e15b5c2f52f8b1386ac080b443";
 
   src = fetchFromGitHub {
     owner = "treeform";
     repo = pname;
     rev = version;
-    hash = "sha256-jtUCoqwCmE536Kpv/vZxGgqiHyReZf1WOiBdUzmMhM4=";
+    sha256 = "1p250wb97nzz2g0vvq6mn521fx7sn1jpk1ralbzqh5q8clh4g7wr";
   };
 
   doCheck = true;

pkgs/development/nim-packages/supersnappy/default.nix

@@ -3,6 +3,6 @@
 fetchFromGitHub {
   owner = "guzba";
   repo = "supersnappy";
-  rev = "1.1.5";
-  sha256 = "1y26sgnszvdf5sn7j0jx2dpd4i03mvbk9i9ni9kbyrs798bjwi6z";
+  rev = "2.1.1";
+  sha256 = "03df1qgrbp84swhqy12ansyn951lkaw0kf1arbnki4fkgdnqdamf";
 }

pkgs/development/python-modules/pycep-parser/default.nix

@@ -12,7 +12,7 @@
 
 buildPythonPackage rec {
   pname = "pycep-parser";
-  version = "0.3.4";
+  version = "0.3.5";
   format = "pyproject";
 
   disabled = pythonOlder "3.7";
@@ -20,8 +20,8 @@ buildPythonPackage rec {
   src = fetchFromGitHub {
     owner = "gruebel";
     repo = "pycep";
-    rev = version;
-    hash = "sha256-o2sYPvZVevDqZV8EtKWTL2zHHzX2kmTZ4iVHsUhFv7M=";
+    rev = "refs/tags/${version}";
+    hash = "sha256-Nj/drNRSIBh8DaE+vzQRijQg8NVUK5qBClwU3aWiA48=";
   };
 
   nativeBuildInputs = [

pkgs/development/python-modules/pyskyqhub/default.nix

@@ -7,7 +7,7 @@
 
 buildPythonPackage rec {
   pname = "pyskyqhub";
-  version = "0.1.8";
+  version = "0.1.9";
   format = "setuptools";
 
   disabled = pythonOlder "3.8";
@@ -16,7 +16,7 @@ buildPythonPackage rec {
     owner = "RogerSelwyn";
     repo = "skyq_hub";
     rev = version;
-    sha256 = "sha256-1KNgF3d5w+aNKNkOZVkdD3VVLz/F8NyQ5MxO1UaWrFk=";
+    sha256 = "sha256-yXqtABbsCh1yb96lsEA0gquikVenGLCo6J93AeXAC8k=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/sanic/default.nix

@@ -82,6 +82,9 @@ buildPythonPackage rec {
 
     # needed for relative paths for some packages
     cd tests
+  '' + lib.optionalString stdenv.isDarwin  ''
+    # OSError: [Errno 24] Too many open files
+    ulimit -n 1024
   '';
 
   # uvloop usage is buggy

pkgs/development/tools/ocaml/merlin/4.x.nix

@@ -15,12 +15,13 @@
 }:
 
 let
-  merlinVersion = "4.4";
+  merlinVersion = "4.5";
 
   hashes = {
-    "4.4-411" = "sha256:0chx28098mmnjbnaz5wgzsn82rh1w9dhzqmsykb412cq13msl1q4";
-    "4.4-412" = "sha256:18xjpsiz7xbgjdnsxfc52l7yfh22harj0birlph4xm42d14pkn0n";
-    "4.4-413" = "sha256:1ilmh2gqpwgr51w2ba8r0s5zkj75h00wkw4az61ssvivn9jxr7k0";
+    "4.5-411" = "sha256:05nz6y7r91rh0lj8b6xdv3s3yknmvjc7y60v17kszgqnr887bvpn";
+    "4.5-412" = "sha256:0i5c3rfzinmwdjya7gv94zyknsm32qx9dlg472xpfqivwvnnhf1z";
+    "4.5-413" = "sha256:1sphq9anfg1qzrvj7hdcqflj6cmc1qiyfkljhng9fxnnr0i7550s";
+    "4.5-414" = "sha256:13h588kwih05zd9p3p7q528q4zc0d1l983kkvbmkxgay5d17nn1i";
   };
 
   ocamlVersionShorthand = lib.concatStrings
@@ -55,8 +56,6 @@ buildDunePackage {
     ./test.patch
   ;
 
-  useDune2 = true;
-
   strictDeps = true;
 
   nativeBuildInputs = [

pkgs/servers/nitter/default.nix

@@ -2,14 +2,14 @@
 
 nimPackages.buildNimPackage rec {
   pname = "nitter";
-  version = "unstable-2022-03-21";
+  version = "unstable-2022-05-13";
   nimBinOnly = true;
 
   src = fetchFromGitHub {
     owner = "zedeus";
     repo = "nitter";
-    rev = "6884f05041a9b8619ec709afacdfdd6482a120a0";
-    sha256 = "1mnc6jqljpqp9lgcrxxvf3aiswssr34v139cxfbwlmj45swmsazh";
+    rev = "683c052036b268028f0ecae020a1519bc586516d";
+    sha256 = "179z66jlwbdarrgvpdh8aqy2ihkiakd22wqydrfgpsgr59ma8fgl";
   };
 
   buildInputs = with nimPackages; [
@@ -29,6 +29,7 @@ nimPackages.buildNimPackage rec {
 
   postBuild = ''
     nim c --hint[Processing]:off -r tools/gencss
+    nim c --hint[Processing]:off -r tools/rendermd
   '';
 
   postInstall = ''

pkgs/tools/security/clamav/default.nix

@@ -1,52 +1,32 @@
-{ lib, stdenv, fetchurl, pkg-config
+{ lib, stdenv, fetchurl, pkg-config, cmake
 , zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl, libmilter, pcre2
 , libmspack, systemd, Foundation, json_c, check
+, rustc, rust-bindgen, rustfmt, cargo, python3
 }:
 
 stdenv.mkDerivation rec {
   pname = "clamav";
-  version = "0.103.6";
+  version = "0.105.0";
 
   src = fetchurl {
     url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz";
-    sha256 = "sha256-qqEuPcGfHTI7HFDXoQ+or1V+Q5AUnoZNWb3jm2rZujM=";
+    sha256 = "sha256-JwIDpUxFgEnbVPzZNoP/Wy2xkVHzY8SOgs7O/d4rNdQ=";
   };
 
-  # don't install sample config files into the absolute sysconfdir folder
-  postPatch = ''
-    substituteInPlace Makefile.in --replace ' etc ' ' '
-  '';
+  # Flaky test, remove this when https://github.com/Cisco-Talos/clamav/issues/343 is fixed
+  patches = [ ./remove-freshclam-test.patch ];
 
   enableParallelBuilding = true;
-  nativeBuildInputs = [ pkg-config ];
+  nativeBuildInputs = [ cmake pkg-config rustc rust-bindgen rustfmt cargo python3 ];
   buildInputs = [
     zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre2 libmspack json_c check
   ] ++ lib.optional stdenv.isLinux systemd
     ++ lib.optional stdenv.isDarwin Foundation;
 
-  configureFlags = [
-    "--libdir=$(out)/lib"
-    "--sysconfdir=/etc/clamav"
-    "--disable-llvm" # enabling breaks the build at the moment
-    "--with-zlib=${zlib.dev}"
-    "--with-xml=${libxml2.dev}"
-    "--with-openssl=${openssl.dev}"
-    "--with-libcurl=${curl.dev}"
-    "--with-libjson=${json_c.dev}"
-    "--with-system-libmspack"
-    "--enable-milter"
-    "--disable-unrar" # disable unrar because it's non-free and requires some extra patching to work properly
-    "--enable-check"
-  ] ++ lib.optional stdenv.isLinux
-    "--with-systemdsystemunitdir=$(out)/lib/systemd";
+  cmakeFlags = [
+    "-DSYSTEMD_UNIT_DIR=${placeholder "out"}/lib/systemd"
+  ];
 
-  postInstall = ''
-    mkdir $out/etc
-    cp etc/*.sample $out/etc
-  '';
-
-  # Only required for the unit tests
-  hardeningDisable = [ "format" ];
   doCheck = true;
 
   meta = with lib; {

pkgs/tools/security/clamav/remove-freshclam-test.patch

@@ -0,0 +1,20 @@
+diff --git a/unit_tests/CMakeLists.txt b/unit_tests/CMakeLists.txt
+index 1460357ba..1194abc9d 100644
+--- a/unit_tests/CMakeLists.txt
++++ b/unit_tests/CMakeLists.txt
+@@ -371,15 +371,6 @@ if(ENABLE_APP)
+         set_property(TEST clamd_valgrind PROPERTY ENVIRONMENT ${ENVIRONMENT} VALGRIND=${Valgrind_EXECUTABLE})
+     endif()
+ 
+-    add_test(NAME freshclam COMMAND ${PythonTest_COMMAND};freshclam_test.py
+-        WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
+-    set_property(TEST freshclam PROPERTY ENVIRONMENT ${ENVIRONMENT})
+-    if(Valgrind_FOUND)
+-        add_test(NAME freshclam_valgrind COMMAND ${PythonTest_COMMAND};freshclam_test.py
+-            WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
+-        set_property(TEST freshclam_valgrind PROPERTY ENVIRONMENT ${ENVIRONMENT} VALGRIND=${Valgrind_EXECUTABLE})
+-    endif()
+-
+     add_test(NAME sigtool COMMAND ${PythonTest_COMMAND};sigtool_test.py
+         WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
+     set_property(TEST sigtool PROPERTY ENVIRONMENT ${ENVIRONMENT})

pkgs/top-level/all-packages.nix

@@ -34706,7 +34706,9 @@ with pkgs;
 
   tgswitch = callPackage ../applications/networking/cluster/tgswitch {};
 
-  tilt = callPackage ../applications/networking/cluster/tilt { };
+  tilt = callPackage ../applications/networking/cluster/tilt {
+    buildGoModule = buildGo118Module;
+  };
 
   timeular = callPackage ../applications/office/timeular {};