Merge master into staging-next

maintainers/maintainer-list.nix

@@ -13824,4 +13824,10 @@
       fingerprint = "3586 3350 BFEA C101 DB1A 4AF0 1F81 112D 62A9 ADCE";
     }];
   };
+  ameer = {
+    name = "Ameer Taweel";
+    email = "ameertaweel2002@gmail.com";
+    github = "AmeerTaweel";
+    githubId = 20538273;
+  };
 }

nixos/modules/module-list.nix

@@ -1156,7 +1156,7 @@
   ./system/boot/systemd-nspawn.nix
   ./system/boot/timesyncd.nix
   ./system/boot/tmp.nix
-  ./system/etc/etc.nix
+  ./system/etc/etc-activation.nix
   ./tasks/auto-upgrade.nix
   ./tasks/bcache.nix
   ./tasks/cpu-freq.nix

nixos/modules/system/etc/etc-activation.nix

@@ -0,0 +1,12 @@
+{ config, lib, ... }:
+let
+  inherit (lib) stringAfter;
+in {
+
+  imports = [ ./etc.nix ];
+
+  config = {
+    system.activationScripts.etc =
+      stringAfter [ "users" "groups" ] config.system.build.etcActivationCommands;
+  };
+}

nixos/modules/system/etc/etc.nix

@@ -66,6 +66,8 @@ in
 
 {
 
+  imports = [ ../build.nix ];
+
   ###### interface
 
   options = {
@@ -188,14 +190,12 @@ in
   config = {
 
     system.build.etc = etc;
-
+    system.build.etcActivationCommands =
-    system.activationScripts.etc = stringAfter [ "users" "groups" ]
       ''
         # Set up the statically computed bits of /etc.
         echo "setting up /etc..."
         ${pkgs.perl.withPackages (p: [ p.FileSlurp ])}/bin/perl ${./setup-etc.pl} ${etc}/etc
       '';
-
   };
 
 }

nixos/modules/system/etc/test.nix

@@ -0,0 +1,70 @@
+{ lib
+, coreutils
+, fakechroot
+, fakeroot
+, evalMinimalConfig
+, pkgsModule
+, runCommand
+, util-linux
+, vmTools
+, writeText
+}:
+let
+  node = evalMinimalConfig ({ config, ... }: {
+    imports = [ pkgsModule ../etc/etc.nix ];
+    environment.etc."passwd" = {
+      text = passwdText;
+    };
+    environment.etc."hosts" = {
+      text = hostsText;
+      mode = "0751";
+    };
+  });
+  passwdText = ''
+    root:x:0:0:System administrator:/root:/run/current-system/sw/bin/bash
+  '';
+  hostsText = ''
+    127.0.0.1 localhost
+    ::1 localhost
+    # testing...
+  '';
+in
+lib.recurseIntoAttrs {
+  test-etc-vm =
+    vmTools.runInLinuxVM (runCommand "test-etc-vm" { } ''
+      mkdir -p /etc
+      ${node.config.system.build.etcActivationCommands}
+      set -x
+      [[ -L /etc/passwd ]]
+      diff /etc/passwd ${writeText "expected-passwd" passwdText}
+      [[ 751 = $(stat --format %a /etc/hosts) ]]
+      diff /etc/hosts ${writeText "expected-hosts" hostsText}
+      set +x
+      touch $out
+    '');
+
+  # fakeroot is behaving weird
+  test-etc-fakeroot =
+    runCommand "test-etc"
+      {
+        nativeBuildInputs = [
+          fakeroot
+          fakechroot
+          # for chroot
+          coreutils
+          # fakechroot needs getopt, which is provided by util-linux
+          util-linux
+        ];
+        fakeRootCommands = ''
+          mkdir -p /etc
+          ${node.config.system.build.etcActivationCommands}
+          diff /etc/hosts ${writeText "expected-hosts" hostsText}
+          touch $out
+        '';
+      } ''
+      mkdir fake-root
+      export FAKECHROOT_EXCLUDE_PATH=/dev:/proc:/sys:${builtins.storeDir}:$out
+      fakechroot fakeroot chroot $PWD/fake-root bash -c 'source $stdenv/setup; eval "$fakeRootCommands"'
+    '';
+
+}

nixos/modules/virtualisation/qemu-vm.nix

@@ -632,6 +632,15 @@ in
             Enable the Qemu guest agent.
           '';
         };
+
+      virtioKeyboard =
+        mkOption {
+          type = types.bool;
+          default = true;
+          description = ''
+            Enable the virtio-keyboard device.
+          '';
+        };
     };
 
     virtualisation.useNixStoreImage =
@@ -835,7 +844,9 @@ in
 
     # FIXME: Consolidate this one day.
     virtualisation.qemu.options = mkMerge [
-      [ "-device virtio-keyboard" ]
+      (mkIf cfg.qemu.virtioKeyboard [
+        "-device virtio-keyboard"
+      ])
       (mkIf pkgs.stdenv.hostPlatform.isx86 [
         "-usb" "-device usb-tablet,bus=usb-bus.0"
       ])

nixos/tests/all-tests.nix

@@ -141,6 +141,7 @@ in
   env = handleTest ./env.nix {};
   ergo = handleTest ./ergo.nix {};
   ergochat = handleTest ./ergochat.nix {};
+  etc = pkgs.callPackage ../modules/system/etc/test.nix { inherit evalMinimalConfig; };
   etcd = handleTestOn ["x86_64-linux"] ./etcd.nix {};
   etcd-cluster = handleTestOn ["x86_64-linux"] ./etcd-cluster.nix {};
   etebase-server = handleTest ./etebase-server.nix {};

pkgs/applications/blockchains/btcpayserver/default.nix

@@ -3,28 +3,22 @@
 
 buildDotnetModule rec {
   pname = "btcpayserver";
-  version = "1.3.7";
+  version = "1.4.3";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-W8WRw42hMNUaQZlfrl73REGIvLcj6Vso9Axx53ENkx0=";
+    sha256 = "sha256-CMa0+Djx07q77W/ezMhU+JP5EPXz4nfZ35TN8O6R/nc=";
   };
 
   projectFile = "BTCPayServer/BTCPayServer.csproj";
   nugetDeps = ./deps.nix;
 
-  dotnet-sdk = dotnetCorePackages.sdk_3_1;
+  dotnet-sdk = dotnetCorePackages.sdk_6_0;
-  dotnet-runtime = dotnetCorePackages.aspnetcore_3_1;
+  dotnet-runtime = dotnetCorePackages.aspnetcore_6_0;
 
-  dotnetFlags = lib.optionals altcoinSupport [ "/p:Configuration=Altcoins-Release" ];
+  buildType = if altcoinSupport then "Altcoins-Release" else "Release";
-
-  # btcpayserver requires the publish directory as its working dir
-  # https://github.com/btcpayserver/btcpayserver/issues/1894
-  preInstall = ''
-    makeWrapperArgs+=(--run "cd $out/lib/btcpayserver")
-  '';
 
   postFixup = ''
     mv $out/bin/{BTCPayServer,btcpayserver}

pkgs/applications/blockchains/nbxplorer/default.nix

@@ -2,20 +2,20 @@
 
 buildDotnetModule rec {
   pname = "nbxplorer";
-  version = "2.2.18";
+  version = "2.2.20";
 
   src = fetchFromGitHub {
     owner = "dgarage";
     repo = "NBXplorer";
     rev = "v${version}";
-    sha256 = "sha256-zjSHgMdK417bm1Z/B2kvloDnPTqzM9jEVkZvoKeBkzM=";
+    sha256 = "sha256-C3REnfecNwf3dtk6aLYAEsedHRlIrQZAokXtf6KI8U0=";
   };
 
   projectFile = "NBXplorer/NBXplorer.csproj";
   nugetDeps = ./deps.nix;
 
-  dotnet-sdk = dotnetCorePackages.sdk_3_1;
+  dotnet-sdk = dotnetCorePackages.sdk_6_0;
-  dotnet-runtime = dotnetCorePackages.aspnetcore_3_1;
+  dotnet-runtime = dotnetCorePackages.aspnetcore_6_0;
 
   postFixup = ''
     mv $out/bin/{NBXplorer,nbxplorer}

pkgs/applications/blockchains/nbxplorer/deps.nix

@@ -6,13 +6,13 @@
   })
   (fetchNuGet {
     pname = "Microsoft.AspNetCore.JsonPatch";
-    version = "3.1.19";
+    version = "6.0.1";
-    sha256 = "1fh3k85k988jw35sf5hvm6jwmvzmslzpfvf3jk3sn3f3s6gyk0an";
+    sha256 = "0rsqng2b8a3zaha9c2x1195das5wwvmnz31xf14ancgha4lxq68r";
   })
   (fetchNuGet {
     pname = "Microsoft.AspNetCore.Mvc.NewtonsoftJson";
-    version = "3.1.19";
+    version = "6.0.1";
-    sha256 = "1nh08kjdc152m85ycwxn1q8r69f0l02p6cac6q57nzlyy5gyj2rs";
+    sha256 = "179b2774s68im71r32lv4nydcp586x86zggs8ml6jcfjrd9fs5b1";
   })
   (fetchNuGet {
     pname = "Microsoft.Azure.Amqp";
@@ -226,8 +226,8 @@
   })
   (fetchNuGet {
     pname = "Newtonsoft.Json";
-    version = "12.0.2";
+    version = "13.0.1";
-    sha256 = "0w2fbji1smd2y7x25qqibf1qrznmv4s6s0jvrbvr6alb7mfyqvh5";
+    sha256 = "0fijg0w6iwap8gvzyjnndds0q4b8anwxxvik7y8vgq97dram4srb";
   })
   (fetchNuGet {
     pname = "Newtonsoft.Json";

pkgs/applications/networking/browsers/chromium/common.nix

@@ -292,7 +292,6 @@ let
       enable_hangout_services_extension = false;
       enable_js_type_check = false;
       enable_mdns = false;
-      enable_nacl_nonsfi = false;
       enable_one_click_signin = false;
       enable_reading_list = false;
       enable_remoting = false;

pkgs/development/python-modules/openrazer/daemon.nix

@@ -21,8 +21,6 @@ buildPythonApplication (common // rec {
 
   disabled = !isPy3k;
 
-  sourceRoot = "source/daemon";
-
   outputs = [ "out" "man" ];
 
   nativeBuildInputs = [ makeWrapper wrapGAppsHook ];
@@ -37,6 +35,10 @@ buildPythonApplication (common // rec {
     setproctitle
   ];
 
+  prePatch = ''
+    cd daemon
+  '';
+
   postPatch = ''
     substituteInPlace openrazer_daemon/daemon.py --replace "plugdev" "openrazer"
   '';

pkgs/development/tools/rust/bindgen/default.nix

@@ -1,75 +1,45 @@
-{ lib, fetchFromGitHub, rustPlatform, clang, llvmPackages_latest, rustfmt, writeTextFile
+{ rust-bindgen-unwrapped, zlib, bash, runCommand, runCommandCC }:
-, runtimeShell
+let
-, bash
+  clang = rust-bindgen-unwrapped.clang;
-}:
+  self = runCommand "rust-bindgen-${rust-bindgen-unwrapped.version}"
-
+    {
-rustPlatform.buildRustPackage rec {
+      #for substituteAll
-  pname = "rust-bindgen";
+      inherit bash;
-  version = "0.59.2";
+      unwrapped = rust-bindgen-unwrapped;
-
+      libclang = clang.cc.lib;
-  RUSTFLAGS = "--cap-lints warn"; # probably OK to remove after update
+      meta = rust-bindgen-unwrapped.meta // {
-
+        longDescription = rust-bindgen-unwrapped.meta.longDescription + ''
-  src = fetchFromGitHub {
+          This version of bindgen is wrapped with the required compiler flags
-    owner = "rust-lang";
+          required to find the c and c++ standard libary, as well as the libraries
-    repo = pname;
+          specified in the buildInputs of your derivation.
-    rev = "v${version}";
+        '';
-    sha256 = "sha256-bJYdyf5uZgWe7fQ80/3QsRV0qyExYn6P9UET3tzwPFs=";
+      };
-  };
+      passthru.tests = {
-
+        simple-c = runCommandCC "simple-c-bindgen-tests" { } ''
-  cargoSha256 = "sha256-zhENlrqj611RkKDvpDtDFWc58wfQVamkJnpe2nvRieE=";
+          echo '#include <stdlib.h>' > a.c
-
+          ${self}/bin/bindgen a.c --whitelist-function atoi | tee output
-  #for substituteAll
+          grep atoi output
-  libclang = llvmPackages_latest.libclang.lib;
+          touch $out
-  inherit bash;
+        '';
-
+        simple-cpp = runCommandCC "simple-cpp-bindgen-tests" { } ''
-  buildInputs = [ libclang ];
+          echo '#include <cmath>' > a.cpp
-
+          ${self}/bin/bindgen a.cpp --whitelist-function erf -- -xc++ | tee output
-  propagatedBuildInputs = [ clang ]; # to populate NIX_CXXSTDLIB_COMPILE
+          grep erf output
-
+          touch $out
-  configurePhase = ''
+        '';
-    export LIBCLANG_PATH="${libclang.lib}/lib"
+        with-lib = runCommandCC "zlib-bindgen-tests" { buildInputs = [ zlib ]; } ''
-  '';
+          echo '#include <zlib.h>' > a.c
-
+          ${self}/bin/bindgen a.c --whitelist-function compress | tee output
-  postInstall = ''
+          grep compress output
-    mv $out/bin/{bindgen,.bindgen-wrapped};
+          touch $out
+        '';
+      };
+    } ''
+    mkdir -p $out/bin
+    export cincludes="$(< ${clang}/nix-support/cc-cflags) $(< ${clang}/nix-support/libc-cflags)"
+    export cxxincludes="$(< ${clang}/nix-support/libcxx-cxxflags)"
     substituteAll ${./wrapper.sh} $out/bin/bindgen
     chmod +x $out/bin/bindgen
   '';
-
+in
-  doCheck = true;
+self
-  checkInputs =
-    let fakeRustup = writeTextFile {
-      name = "fake-rustup";
-      executable = true;
-      destination = "/bin/rustup";
-      text = ''
-        #!${runtimeShell}
-        shift
-        shift
-        exec "$@"
-      '';
-    };
-  in [
-    rustfmt
-    fakeRustup # the test suite insists in calling `rustup run nightly rustfmt`
-    clang
-  ];
-  preCheck = ''
-    # for the ci folder, notably
-    patchShebangs .
-  '';
-
-  meta = with lib; {
-    description = "Automatically generates Rust FFI bindings to C (and some C++) libraries";
-    longDescription = ''
-      Bindgen takes a c or c++ header file and turns them into
-      rust ffi declarations.
-      As with most compiler related software, this will only work
-      inside a nix-shell with the required libraries as buildInputs.
-    '';
-    homepage = "https://github.com/rust-lang/rust-bindgen";
-    license = with licenses; [ bsd3 ];
-    platforms = platforms.unix;
-    maintainers = with maintainers; [ johntitor ralith ];
-  };
-}

pkgs/development/tools/rust/bindgen/unwrapped.nix

@@ -0,0 +1,63 @@
+{ lib, fetchFromGitHub, rustPlatform, clang, rustfmt, writeTextFile
+, runtimeShell
+, bash
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "rust-bindgen-unwrapped";
+  version = "0.59.2";
+
+  RUSTFLAGS = "--cap-lints warn"; # probably OK to remove after update
+
+  src = fetchFromGitHub {
+    owner = "rust-lang";
+    repo = "rust-bindgen";
+    rev = "v${version}";
+    sha256 = "sha256-bJYdyf5uZgWe7fQ80/3QsRV0qyExYn6P9UET3tzwPFs=";
+  };
+
+  cargoSha256 = "sha256-RKZY5vf6CSFaKweuuNkeFF0ZXlSUibAkcL/YhkE0MoQ=";
+
+  buildInputs = [ clang.cc.lib ];
+
+  preConfigure = ''
+    export LIBCLANG_PATH="${clang.cc.lib}/lib"
+  '';
+
+  doCheck = true;
+  checkInputs =
+    let fakeRustup = writeTextFile {
+      name = "fake-rustup";
+      executable = true;
+      destination = "/bin/rustup";
+      text = ''
+        #!${runtimeShell}
+        shift
+        shift
+        exec "$@"
+      '';
+    };
+  in [
+    rustfmt
+    fakeRustup # the test suite insists in calling `rustup run nightly rustfmt`
+    clang
+  ];
+  preCheck = ''
+    # for the ci folder, notably
+    patchShebangs .
+  '';
+
+  passthru = { inherit clang; };
+
+  meta = with lib; {
+    description = "Automatically generates Rust FFI bindings to C (and some C++) libraries";
+    longDescription = ''
+      Bindgen takes a c or c++ header file and turns them into
+      rust ffi declarations.
+    '';
+    homepage = "https://github.com/rust-lang/rust-bindgen";
+    license = with licenses; [ bsd3 ];
+    platforms = platforms.unix;
+    maintainers = with maintainers; [ johntitor ralith ];
+  };
+}

pkgs/development/tools/rust/bindgen/wrapper.sh

@@ -22,7 +22,7 @@ for e in "$@"; do
 done;
 cxxflags=
 if [[ $cxx -eq 1 ]]; then
-  cxxflags=$NIX_CXXSTDLIB_COMPILE
+  cxxflags="@cxxincludes@"
 fi;
 if [[ -n "$NIX_DEBUG" ]]; then
   set -x;
@@ -30,7 +30,7 @@ fi;
 export LIBCLANG_PATH="@libclang@/lib"
 # shellcheck disable=SC2086
 # cxxflags and NIX_CFLAGS_COMPILE should be word-split
-exec -a "$0" @out@/bin/.bindgen-wrapped "$@" $sep $cxxflags $NIX_CFLAGS_COMPILE
+exec -a "$0" @unwrapped@/bin/bindgen "$@" $sep $cxxflags @cincludes@ $NIX_CFLAGS_COMPILE
 # note that we add the flags after $@ which is incorrect. This is only for the sake
 # of simplicity.
 

pkgs/games/flare/default.nix

@@ -1,7 +1,7 @@
 { lib, buildEnv, callPackage, makeWrapper, Cocoa }:
 
 buildEnv {
-  name = "flare-1.12";
+  name = "flare-1.13";
 
   paths = [
     (callPackage ./engine.nix { inherit Cocoa; })
@@ -17,7 +17,7 @@ buildEnv {
   meta = with lib; {
     description = "Fantasy action RPG using the FLARE engine";
     homepage = "https://flarerpg.org/";
-    maintainers = [ maintainers.aanderse ];
+    maintainers = with maintainers; [ aanderse McSinyx ];
     license = [ licenses.gpl3 licenses.cc-by-sa-30 ];
     platforms = platforms.unix;
   };

pkgs/games/flare/engine.nix

@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "flare-engine";
-  version = "1.12";
+  version = "1.13";
 
   src = fetchFromGitHub {
     owner = "flareteam";
     repo = pname;
     rev = "v${version}";
-    sha256 = "0swav6fzz970wj4iic3b7y06haa05720s2wivc8w7wcw9nzcac7j";
+    sha256 = "sha256-53JCjVu6vG4js5UryQIccpD8qdS+EfxSyV4v2LOYe+c=";
   };
 
   patches = [ ./desktop.patch ];
@@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     description = "Free/Libre Action Roleplaying Engine";
     homepage = "https://github.com/flareteam/flare-engine";
-    maintainers = [ maintainers.aanderse ];
+    maintainers = with maintainers; [ aanderse McSinyx ];
     license = [ licenses.gpl3 ];
     platforms = platforms.unix;
   };

pkgs/games/flare/game.nix

@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "flare-game";
-  version = "1.12";
+  version = "1.13";
 
   src = fetchFromGitHub {
     owner = "flareteam";
     repo = pname;
     rev = "v${version}";
-    sha256 = "15k9r7w587pvkzrln0670hhq5fzif8k7xmrhb0nl3z3fi6dw3mmc";
+    sha256 = "sha256-zfZTHw8obq5/z9+mCY0LIq9suvyh91ypqpxc3dNxI4o=";
   };
 
   nativeBuildInputs = [ cmake ];
@@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     description = "Fantasy action RPG using the FLARE engine";
     homepage = "https://github.com/flareteam/flare-game";
-    maintainers = [ maintainers.aanderse ];
+    maintainers = with maintainers; [ aanderse McSinyx ];
     license = [ licenses.cc-by-sa-30 ];
     platforms = platforms.unix;
   };

pkgs/os-specific/linux/firejail/default.nix

@@ -11,13 +11,13 @@
 
 stdenv.mkDerivation rec {
   pname = "firejail";
-  version = "0.9.66";
+  version = "0.9.68";
 
   src = fetchFromGitHub {
     owner = "netblue30";
     repo = "firejail";
     rev = version;
-    sha256 = "sha256-oKstTiGt0r4wePaZ9u1o78GZ1XWJ27aS0BdLxmfYk9Q=";
+    sha256 = "18yy1mykx7h78yj7sz729i3dlsrgi25m17m5x9gbrvsx7f87rw7j";
   };
 
   nativeBuildInputs = [
@@ -40,9 +40,6 @@ stdenv.mkDerivation rec {
     # By default fbuilder hardcodes the firejail binary to the install path.
     # On NixOS the firejail binary is a setuid wrapper available in $PATH.
     ./fbuilder-call-firejail-on-path.patch
-    # Disable symlink check on /etc/hosts, see
-    # https://github.com/netblue30/firejail/issues/2758#issuecomment-805174951
-    ./remove-link-check.patch
   ];
 
   prePatch = ''

pkgs/os-specific/linux/firejail/fbuilder-call-firejail-on-path.patch

@@ -1,11 +1,11 @@
 --- a/src/fbuilder/build_profile.c
 +++ b/src/fbuilder/build_profile.c
-@@ -67,7 +67,7 @@
+@@ -48,7 +48,7 @@
- 		errExit("asprintf");
+ 	// build command
- 
+ 	char *cmd[len];
- 	char *cmdlist[] = {
+ 	unsigned curr_len = 0;
--	  BINDIR "/firejail",
+-	cmd[curr_len++] = BINDIR "/firejail";
-+	  "firejail",
++	cmd[curr_len++] = "firejail";
- 	  "--quiet",
+ 	cmd[curr_len++] = "--quiet";
- 	  "--noprofile",
+ 	cmd[curr_len++] = "--noprofile";
- 	  "--caps.drop=all",
+ 	cmd[curr_len++] = "--caps.drop=all";

pkgs/os-specific/linux/firejail/mount-nix-dir-on-overlay.patch

@@ -1,6 +1,6 @@
---- a/src/firejail/fs.c
+--- a/src/firejail/fs_overlayfs.c
-+++ b/src/firejail/fs.c
++++ b/src/firejail/fs_overlayfs.c
-@@ -1143,6 +1143,16 @@
+@@ -327,6 +327,16 @@
  		errExit("mounting /dev");
  	fs_logger("whitelist /dev");
  
@@ -17,7 +17,7 @@
  	// mount-bind run directory
  	if (arg_debug)
  		printf("Mounting /run\n");
-@@ -1201,6 +1211,7 @@
+@@ -384,6 +394,7 @@
  	free(odiff);
  	free(owork);
  	free(dev);

pkgs/os-specific/linux/firejail/remove-link-check.patch

@@ -1,48 +0,0 @@
-From ccc726f8ec877d8cda720daa2498e43629b6dd48 Mon Sep 17 00:00:00 2001
-From: Jonas Heinrich <onny@project-insanity.org>
-Date: Sun, 19 Sep 2021 11:48:06 +0200
-Subject: [PATCH 1/2] remove hosts file link check
-
----
- src/firejail/fs_hostname.c | 4 ----
- 1 file changed, 4 deletions(-)
-
-diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c
-index 42255070c4..97ce70f9c1 100644
---- a/src/firejail/fs_hostname.c
-+++ b/src/firejail/fs_hostname.c
-@@ -132,10 +132,6 @@ char *fs_check_hosts_file(const char *fname) {
- 	invalid_filename(fname);
- 	char *rv = expand_home(fname, cfg.homedir);
- 
--	// no a link
--	if (is_link(rv))
--		goto errexit;
--
- 	// the user has read access to the file
- 	if (access(rv, R_OK))
- 		goto errexit;
-
-From c2c51e7ca56075e7388b4f50922b148615d1b125 Mon Sep 17 00:00:00 2001
-From: Jonas Heinrich <onny@project-insanity.org>
-Date: Sun, 19 Sep 2021 11:49:08 +0200
-Subject: [PATCH 2/2] remove hosts file link check
-
----
- src/firejail/fs_hostname.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c
-index 97ce70f9c1..b228707131 100644
---- a/src/firejail/fs_hostname.c
-+++ b/src/firejail/fs_hostname.c
-@@ -154,9 +154,6 @@ void fs_mount_hosts_file(void) {
- 	struct stat s;
- 	if (stat("/etc/hosts", &s) == -1)
- 		goto errexit;
--	// not a link
--	if (is_link("/etc/hosts"))
--		goto errexit;
- 	// owned by root
- 	if (s.st_uid != 0)
- 		goto errexit;

pkgs/os-specific/linux/kernel/linux-5.10.nix

@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.10.96";
+  version = "5.10.98";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "0j70nbsxy6qpynr3f9igl9wf14wx40diazf4j7w7mlwxh51a1r9m";
+    sha256 = "0hwl1ypllx9l5pv04yavz627qb31ki9mhznsak5bq48hbz0wc90v";
   };
 } // (args.argsOverride or {}))

pkgs/os-specific/linux/kernel/linux-5.15.nix

@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.15.19";
+  version = "5.15.21";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "0l70ckc0imnn7x9p9dawprzblszadk79468wx3zqz951yb4k5gh1";
+    sha256 = "1lgvf3mrsbwjdjfvznbf5c3np76a7xxqr2rw7i6196ywsxnfnki9";
   };
 } // (args.argsOverride or { }))

pkgs/os-specific/linux/kernel/linux-5.16.nix

@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.16.5";
+  version = "5.16.7";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "1ay7y7c2bdgvqd7hw8l9jxzx9m2rd5drdakjqnblz4w9sbcyvbpc";
+    sha256 = "1kd6v31z9rylnpyrv6b3i622ismxbiv165dcjh2fn5aliqzgalap";
   };
 } // (args.argsOverride or { }))

pkgs/os-specific/linux/kernel/linux-5.4.nix

@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.4.176";
+  version = "5.4.177";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "0h67d34n8cwq60rv8nw0a7n9mkihs0cg0b5zl6ihfyjflqj0jq6r";
+    sha256 = "0wvb5is8rqvfxia1i8lw4yd3fm2bhb6wdl0bdjq90dx7y46wpxqq";
   };
 } // (args.argsOverride or {}))

pkgs/servers/http/nginx/modules.nix

@@ -156,6 +156,21 @@ in
     };
   };
 
+  geoip2 = {
+    src = fetchFromGitHub {
+      name = "geoip2";
+      owner = "leev";
+      repo = "ngx_http_geoip2_module";
+      rev = "3.3";
+      sha256 = "EEn/qxPsBFgVBqOgPYTrRhaLPwSBlSPWYYSr3SL8wZA=";
+    };
+    inputs = [ pkgs.libmaxminddb ];
+
+    meta = {
+      maintainers = with lib.maintainers; [ pinpox ];
+    };
+  };
+
   http_proxy_connect_module_v18 = http_proxy_connect_module_generic "proxy_connect_rewrite_1018" // {
     supports = with lib.versions; version: major version == "1" && minor version == "18";
   };

pkgs/tools/misc/diffoscope/default.nix

@@ -11,11 +11,11 @@
 # Note: when upgrading this package, please run the list-missing-tools.sh script as described below!
 python3Packages.buildPythonApplication rec {
   pname = "diffoscope";
-  version = "202";
+  version = "203";
 
   src = fetchurl {
     url = "https://diffoscope.org/archive/diffoscope-${version}.tar.bz2";
-    sha256 = "sha256-Cek5C55hCcD+zWGEDsL8Fx2nEJv1Ajy4UELMclysM/M=";
+    sha256 = "sha256-xDH4Bd87hRnQ0xOeJijeon2RNAnvD3vfpvJgXoAXWAA=";
   };
 
   outputs = [ "out" "man" ];

pkgs/tools/misc/lookatme/default.nix

@@ -0,0 +1,57 @@
+{ lib, python3, fetchFromGitHub }:
+
+let
+  py = python3.override {
+    packageOverrides = self: super: {
+      self = py;
+      # use click 7
+      click = self.callPackage ../../../development/python2-modules/click/default.nix { };
+      # needs pyyaml 5
+      pyyaml = super.pyyaml.overridePythonAttrs (oldAttrs: rec {
+        name = "${oldAttrs.pname}-${version}";
+        version = "5.4.1";
+        src = fetchFromGitHub {
+          owner = "yaml";
+          repo = "pyyaml";
+          rev = version;
+          sha256 = "sha256-VUqnlOF/8zSOqh6JoEYOsfQ0P4g+eYqxyFTywgCS7gM=";
+        };
+        checkPhase = ''
+          runHook preCheck
+          PYTHONPATH="tests/lib3:$PYTHONPATH" ${self.python.interpreter} -m test_all
+          runHook postCheck
+        '';
+      });
+    };
+  };
+in
+with py.pkgs;
+
+buildPythonApplication rec {
+  pname = "lookatme";
+  version = "2.3.2";
+  format = "setuptools";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "sha256-qIZMkgOm5jXmxTFLTqMBhpLBhfCL8xvUxxqpS6NjcVw=";
+  };
+
+  checkInputs = [ pytest ];
+
+  propagatedBuildInputs = [
+    click
+    pyyaml
+    pygments
+    marshmallow
+    mistune
+    urwid
+  ];
+
+  meta = with lib; {
+    description = "An interactive, terminal-based markdown presenter";
+    homepage = "https://github.com/d0c-s4vage/lookatme";
+    license = licenses.mit;
+    maintainers = with maintainers; [ ameer ];
+  };
+}

pkgs/tools/security/snallygaster/default.nix

@@ -5,13 +5,13 @@
 
 python3Packages.buildPythonApplication rec {
   pname = "snallygaster";
-  version = "0.0.11";
+  version = "0.0.12";
 
   src = fetchFromGitHub {
     owner = "hannob";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-xUWnu+T6+5Ro6TrmtFD/Qd40FffY5rfuAvWzNkBhTME=";
+    sha256 = "sha256-JXuRCUWpoGhBbU38XMEQovCiVfbyBMJ+SIrt3iqFuAo=";
   };
 
   propagatedBuildInputs = with python3Packages; [

pkgs/tools/system/collectd/data.nix

@@ -1,14 +1,14 @@
 { stdenv, collectd }:
 
 stdenv.mkDerivation {
-  inherit (collectd) meta version;
-
   pname = "collectd-data";
+  inherit (collectd) meta src version;
 
-  dontUnpack = true;
+  dontConfigure = true;
+  dontBuild = true;
+  dontFixup = true;
 
   installPhase = ''
-    mkdir -p $out/share/collectd
+    install -Dm444 -t $out/share/collectd/ src/*.{db,conf}
-    cp ${collectd}/share/collectd/*.{db,conf} $out/share/collectd/
   '';
 }

pkgs/tools/system/fakechroot/default.nix

@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, fetchpatch, autoreconfHook, perl }:
+{ lib, stdenv, fetchFromGitHub, fetchpatch, autoreconfHook, nixosTests, perl }:
 
 stdenv.mkDerivation rec {
   pname = "fakechroot";
@@ -44,6 +44,13 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [ autoreconfHook ];
   buildInputs = [ perl ];
 
+  passthru = {
+    tests = {
+      # A lightweight *unit* test that exercises fakeroot and fakechroot together:
+      nixos-etc = nixosTests.etc.test-etc-fakeroot;
+    };
+  };
+
   meta = with lib; {
     homepage = "https://github.com/dex4er/fakechroot";
     description = "Give a fake chroot environment through LD_PRELOAD";

pkgs/tools/system/fakeroot/default.nix

@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, fetchpatch, getopt, libcap, gnused }:
+{ lib, stdenv, fetchurl, fetchpatch, getopt, libcap, gnused, nixosTests }:
 
 stdenv.mkDerivation rec {
   version = "1.23";
@@ -65,6 +65,13 @@ stdenv.mkDerivation rec {
     patch -p1 < ${patch-wraptmpf}
   '';
 
+  passthru = {
+    tests = {
+      # A lightweight *unit* test that exercises fakeroot and fakechroot together:
+      nixos-etc = nixosTests.etc.test-etc-fakeroot;
+    };
+  };
+
   meta = {
     homepage = "https://salsa.debian.org/clint/fakeroot";
     description = "Give a fake root environment through LD_PRELOAD";

pkgs/top-level/all-packages.nix

@@ -3054,6 +3054,8 @@ with pkgs;
 
   facedetect = callPackage ../tools/graphics/facedetect { };
 
+  findimagedupes = callPackage ../tools/graphics/findimagedupes { };
+
   facter = callPackage ../tools/system/facter { };
 
   fasd = callPackage ../tools/misc/fasd { };
@@ -13289,6 +13291,7 @@ with pkgs;
     inherit (darwin.apple_sdk.frameworks) CoreServices;
   };
   rust-analyzer = callPackage ../development/tools/rust/rust-analyzer/wrapper.nix { };
+  rust-bindgen-unwrapped = callPackage ../development/tools/rust/bindgen/unwrapped.nix { };
   rust-bindgen = callPackage ../development/tools/rust/bindgen { };
   rust-cbindgen = callPackage ../development/tools/rust/cbindgen {
     inherit (darwin.apple_sdk.frameworks) Security;
@@ -27238,6 +27241,8 @@ with pkgs;
     inherit (luajitPackages) luafilesystem;
   };
 
+  lookatme = callPackage ../tools/misc/lookatme {};
+
   looking-glass-client = callPackage ../applications/virtualization/looking-glass-client { };
 
   ltc-tools = callPackage ../applications/audio/ltc-tools { };
@@ -33437,6 +33442,20 @@ with pkgs;
       in
         c.config.system.build // c;
 
+  /*
+    A NixOS/home-manager/arion/... module that sets the `pkgs` module argument.
+   */
+  pkgsModule = { lib, options, ... }: {
+    config =
+      if options?nixpkgs.pkgs then {
+        # legacy / nixpkgs.nix style
+        nixpkgs.pkgs = pkgs;
+      }
+      else {
+        # minimal
+        _module.args.pkgs = pkgs;
+      };
+  };
 
   /*
    * Run a NixOS VM network test using this evaluation of Nixpkgs.

pkgs/top-level/perl-packages.nix

@@ -8982,8 +8982,6 @@ let
     buildInputs = [ TestPod ];
   };
 
-  findimagedupes = callPackage ../development/perl-modules/findimagedupes { };
-
   FindLib = buildPerlPackage {
     pname = "Find-Lib";
     version = "1.04";