From 0a5b8d9bf64b94ec36c61ad4da4c34cda85a7aed Mon Sep 17 00:00:00 2001 From: Fahad Sadah Date: Tue, 6 Aug 2019 23:29:54 +0100 Subject: [PATCH 01/76] kernel config: CONFIG_DRM_DP_AUX_CHARDEV --- pkgs/os-specific/linux/kernel/common-config.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index b392dc853d35..1978e5896333 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -192,6 +192,8 @@ let DRM_AMDGPU_SI = whenAtLeast "4.9" yes; # (stable) amdgpu support for bonaire and newer chipsets DRM_AMDGPU_CIK = whenAtLeast "4.9" yes; + # Allow device firmware updates + DRM_DP_AUX_CHARDEV = whenAtLeast "4.6" yes; } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux") { # Intel GVT-g graphics virtualization supports 64-bit only DRM_I915_GVT = whenAtLeast "4.16" yes; From 46d3cf2c1b45951753c059fc8a1d8c4e6c736785 Mon Sep 17 00:00:00 2001 From: Konrad Borowski Date: Sun, 15 Mar 2020 10:32:15 +0100 Subject: [PATCH 02/76] hovercraft: 2.6 -> 2.7 --- pkgs/applications/misc/hovercraft/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/hovercraft/default.nix b/pkgs/applications/misc/hovercraft/default.nix index ba23078bba93..34bbfe9391de 100644 --- a/pkgs/applications/misc/hovercraft/default.nix +++ b/pkgs/applications/misc/hovercraft/default.nix @@ -13,14 +13,14 @@ buildPythonApplication rec { pname = "hovercraft"; - version = "2.6"; + version = "2.7"; disabled = ! isPy3k; src = fetchFromGitHub { owner = "regebro"; repo = "hovercraft"; rev = version; - sha256 = "150sn6kvqi2s89di1akl5i0g81fasji2ipr12zq5s4dcnhw4r5wp"; + sha256 = "0k0gjlqjz424rymcfdjpj6a71ppblfls5f8y2hd800d1as4im8az"; }; checkInputs = [ manuel ]; From b7d93e03740026944d687e69c82348472c802776 Mon Sep 17 00:00:00 2001 From: Serg Nesterov Date: Sun, 30 Aug 2020 23:21:37 +0300 Subject: [PATCH 03/76] navi: 2.9.0 -> 2.10.0 --- pkgs/applications/misc/navi/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/applications/misc/navi/default.nix b/pkgs/applications/misc/navi/default.nix index 008d19576da4..62951f3fcabb 100644 --- a/pkgs/applications/misc/navi/default.nix +++ b/pkgs/applications/misc/navi/default.nix @@ -1,22 +1,22 @@ -{ rustPlatform, fetchFromGitHub, lib, fzf, makeWrapper }: +{ fetchFromGitHub, fzf, lib, makeWrapper, rustPlatform, wget }: rustPlatform.buildRustPackage rec { pname = "navi"; - version = "2.9.0"; + version = "2.10.0"; src = fetchFromGitHub { owner = "denisidoro"; repo = "navi"; rev = "v${version}"; - sha256 = "16rwhpyk0zqks9z9bv2a1a8vww2m6867kg33bjbr29hawjg68jql"; + sha256 = "1fpfc3ikb6rhb8m0dp9ybh46mnqaw361rrsbv6yrivwfm3zc4w2w"; }; - cargoSha256 = "19w9gm389lj1zwhyjifhc2fzkvrvqvyc80lwxz070cnj11ir2l9m"; + cargoSha256 = "0klizxrb92h7qfxs89m08ksdq698wx4kxsdhqhr5ld9dy3b6ks32"; nativeBuildInputs = [ makeWrapper ]; postInstall = '' - wrapProgram $out/bin/navi --prefix PATH : ${lib.makeBinPath [ fzf ]} + wrapProgram $out/bin/navi --prefix PATH : ${lib.makeBinPath [ fzf wget ]} ''; meta = with lib; { From 982c5a1f0e7f282f856391304aa4da7bb36c45b8 Mon Sep 17 00:00:00 2001 From: Lucas Savva Date: Fri, 19 Jun 2020 20:27:46 +0100 Subject: [PATCH 04/76] nixos/acme: Restructure module - Use an acme user and group, allow group override only - Use hashes to determine when certs actually need to regenerate - Avoid running lego more than necessary - Harden permissions - Support "systemctl clean" for cert regeneration - Support reuse of keys between some configuration changes - Permissions fix services solves for previously root owned certs - Add a note about multiple account creation and emails - Migrate extraDomains to a list - Deprecate user option - Use minica for self-signed certs - Rewrite all tests I thought of a few more cases where things may go wrong, and added tests to cover them. In particular, the web server reload services were depending on the target - which stays alive, meaning that the renewal timer wouldn't be triggering a reload and old certs would stay on the web servers. I encountered some problems ensuring that the reload took place without accidently triggering it as part of the test. The sync commands I added ended up being essential and I'm not sure why, it seems like either node.succeed ends too early or there's an oddity of the vm's filesystem I'm not aware of. - Fix duplicate systemd rules on reload services Since useACMEHost is not unique to every vhost, if one cert was reused many times it would create duplicate entries in ${server}-config-reload.service for wants, before and ConditionPathExists --- nixos/modules/security/acme.nix | 632 +++++++++++------- nixos/modules/security/acme.xml | 8 +- nixos/modules/services/networking/prosody.xml | 5 +- .../web-servers/apache-httpd/default.nix | 77 ++- .../services/web-servers/nginx/default.nix | 88 +-- nixos/tests/acme.nix | 341 ++++++---- nixos/tests/common/acme/client/default.nix | 11 +- nixos/tests/common/acme/server/default.nix | 72 +- nixos/tests/common/acme/server/mkcerts.nix | 69 -- nixos/tests/common/acme/server/mkcerts.sh | 6 - .../common/acme/server/snakeoil-certs.nix | 207 +----- ...postfix-raise-smtpd-tls-security-level.nix | 3 - nixos/tests/postfix.nix | 13 +- pkgs/tools/security/minica/default.nix | 34 + pkgs/top-level/all-packages.nix | 2 + 15 files changed, 839 insertions(+), 729 deletions(-) delete mode 100644 nixos/tests/common/acme/server/mkcerts.nix delete mode 100755 nixos/tests/common/acme/server/mkcerts.sh create mode 100644 pkgs/tools/security/minica/default.nix diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index 29635dbe8643..91b7dd0c989f 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -1,11 +1,309 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, options, ... }: with lib; let - cfg = config.security.acme; + # Used to calculate timer accuracy for coalescing + numCerts = length (builtins.attrNames cfg.certs); + _24hSecs = 60 * 60 * 24; + + # There are many services required to make cert renewals work. + # They all follow a common structure: + # - They inherit this commonServiceConfig + # - They all run as the acme user + # - They all use BindPath and StateDirectory where possible + # to set up a sort of build environment in /tmp + # The Group can vary depending on what the user has specified in + # security.acme.certs..group on some of the services. + commonServiceConfig = { + Type = "oneshot"; + User = "acme"; + Group = mkDefault "acme"; + UMask = 0027; + StateDirectoryMode = 750; + ProtectSystem = "full"; + PrivateTmp = true; + + WorkingDirectory = "/tmp"; + }; + + # In order to avoid race conditions creating the CA for selfsigned certs, + # we have a separate service which will create the necessary files. + selfsignCAService = { + description = "Generate self-signed certificate authority"; + + path = with pkgs; [ minica ]; + + unitConfig = { + ConditionPathExists = "!/var/lib/acme/.minica/key.pem"; + }; + + serviceConfig = commonServiceConfig // { + StateDirectory = "acme/.minica"; + BindPaths = "/var/lib/acme/.minica:/tmp/ca"; + }; + + # Working directory will be /tmp + script = '' + minica \ + --ca-key ca/key.pem \ + --ca-cert ca/cert.pem \ + --domains selfsigned.local + + chmod 600 ca/* + ''; + }; + + # Previously, all certs were owned by whatever user was configured in + # config.security.acme.certs..user. Now everything is owned by and + # run by the acme user. + userMigrationService = { + description = "Fix owner and group of all ACME certificates"; + + script = with builtins; concatStringsSep "\n" (mapAttrsToList (cert: data: '' + for fixpath in /var/lib/acme/${escapeShellArg cert} /var/lib/acme/.lego/${escapeShellArg cert}; do + if [ -d "$fixpath" ]; then + chmod -R 750 "$fixpath" + chown -R acme:${data.group} "$fixpath" + fi + done + '') certConfigs); + + # We don't want this to run every time a renewal happens + serviceConfig.RemainAfterExit = true; + }; + + certToConfig = cert: data: let + acmeServer = if data.server != null then data.server else cfg.server; + useDns = data.dnsProvider != null; + destPath = "/var/lib/acme/${cert}"; + + # Minica and lego have a "feature" which replaces * with _. We need + # to make this substitution to reference the output files from both programs. + # End users never see this since we rename the certs. + keyName = builtins.replaceStrings ["*"] ["_"] data.domain; + + # FIXME when mkChangedOptionModule supports submodules, change to that. + # This is a workaround + extraDomains = data.extraDomainNames ++ ( + optionals + (data.extraDomains != "_mkMergedOptionModule") + (builtins.attrNames data.extraDomains) + ); + + # Create hashes for cert data directories based on configuration + hashData = with builtins; '' + ${data.domain} ${data.keyType} + ${concatStringsSep " " ( + extraDomains + ++ data.extraLegoFlags + ++ data.extraLegoRunFlags + ++ data.extraLegoRenewFlags + )} + ${toString acmeServer} ${toString data.dnsProvider} + ${toString data.ocspMustStaple} + ''; + mkHash = with builtins; val: substring 0 20 (hashString "sha256" val); + certDir = mkHash hashData; + othersHash = mkHash "${toString acmeServer} ${data.keyType}"; + keyDir = "key-" + othersHash; + accountDir = "/var/lib/acme/.lego/accounts/" + othersHash; + + protocolOpts = if useDns then ( + [ "--dns" data.dnsProvider ] + ++ optionals (!data.dnsPropagationCheck) [ "--dns.disable-cp" ] + ) else ( + [ "--http" "--http.webroot" data.webroot ] + ); + + commonOpts = [ + "--accept-tos" # Checking the option is covered by the assertions + "--path" "." + "-d" data.domain + "--email" data.email + "--key-type" data.keyType + ] ++ protocolOpts + ++ optionals data.ocspMustStaple [ "--must-staple" ] + ++ optionals (acmeServer != null) [ "--server" acmeServer ] + ++ concatMap (name: [ "-d" name ]) extraDomains + ++ data.extraLegoFlags; + + runOpts = escapeShellArgs ( + commonOpts + ++ [ "run" ] + ++ data.extraLegoRunFlags + ); + renewOpts = escapeShellArgs ( + commonOpts + ++ [ "renew" "--reuse-key" "--days" (toString cfg.validMinDays) ] + ++ data.extraLegoRenewFlags + ); + + in { + inherit accountDir; + + webroot = data.webroot; + group = data.group; + + renewTimer = { + description = "Renew ACME Certificate for ${cert}"; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = cfg.renewInterval; + Unit = "acme-${cert}.service"; + Persistent = "yes"; + + # Allow systemd to pick a convenient time within the day + # to run the check. + # This allows the coalescing of multiple timer jobs. + # We divide by the number of certificates so that if you + # have many certificates, the renewals are distributed over + # the course of the day to avoid rate limits. + AccuracySec = "${toString (_24hSecs / numCerts)}s"; + + # Skew randomly within the day, per https://letsencrypt.org/docs/integration-guide/. + RandomizedDelaySec = "24h"; + }; + }; + + selfsignService = { + description = "Generate self-signed certificate for ${cert}"; + after = [ "acme-selfsigned-ca.service" "acme-fixperms.service" ]; + wants = [ "acme-selfsigned-ca.service" "acme-fixperms.service" ]; + + path = with pkgs; [ minica ]; + + unitConfig = { + ConditionPathExists = "!/var/lib/acme/${cert}/key.pem"; + }; + + serviceConfig = commonServiceConfig // { + Group = data.group; + + StateDirectory = "acme/${cert}"; + + BindPaths = "/var/lib/acme/.minica:/tmp/ca /var/lib/acme/${cert}:/tmp/${keyName}"; + }; + + # Working directory will be /tmp + # minica will output to a folder sharing the name of the first domain + # in the list, which will be ${data.domain} + script = '' + minica \ + --ca-key ca/key.pem \ + --ca-cert ca/cert.pem \ + --domains ${escapeShellArg (builtins.concatStringsSep "," ([ data.domain ] ++ extraDomains))} + + # Create files to match directory layout for real certificates + cd '${keyName}' + cp ../ca/cert.pem chain.pem + cat cert.pem chain.pem > fullchain.pem + cat key.pem fullchain.pem > full.pem + + chmod 640 * + + # Group might change between runs, re-apply it + chown 'acme:${data.group}' * + ''; + }; + + renewService = { + description = "Renew ACME certificate for ${cert}"; + after = [ "network.target" "network-online.target" "acme-selfsigned-${cert}.service" "acme-fixperms.service" ]; + wants = [ "network-online.target" "acme-selfsigned-${cert}.service" "acme-fixperms.service" ]; + + # https://github.com/NixOS/nixpkgs/pull/81371#issuecomment-605526099 + wantedBy = optionals (!config.boot.isContainer) [ "multi-user.target" ]; + + path = with pkgs; [ lego coreutils ]; + + serviceConfig = commonServiceConfig // { + Group = data.group; + + # AccountDir dir will be created by tmpfiles to ensure correct permissions + # And to avoid deletion during systemctl clean + # acme/.lego/${cert} is listed so that it is deleted during systemctl clean + StateDirectory = "acme/${cert} acme/.lego/${cert} acme/.lego/${cert}/${certDir} acme/.lego/${cert}/${keyDir}"; + + # Needs to be space separated, but can't use a multiline string because that'll include newlines + BindPaths = + "${accountDir}:/tmp/accounts " + + "/var/lib/acme/${cert}:/tmp/out " + + "/var/lib/acme/.lego/${cert}/${certDir}:/tmp/certificates " + + "/var/lib/acme/.lego/${cert}/${keyDir}:/tmp/keys"; + + # Only try loading the credentialsFile if the dns challenge is enabled + EnvironmentFile = mkIf useDns data.credentialsFile; + }; + + # Working directory will be /tmp + script = '' + set -euo pipefail + + # Safely copy keyDir contents into certificates (it might be empty). + cp -af keys/. certificates/ + + # Check if we can renew + if [ -e 'certificates/${keyName}.key' -a -e 'certificates/${keyName}.crt' ]; then + lego ${renewOpts} + + # Otherwise do a full run + else + lego ${runOpts} + fi + + chmod 640 certificates/* + chmod -R 700 accounts/* + + # Group might change between runs, re-apply it + chown 'acme:${data.group}' certificates/* + + # Copy the key to keyDir + cp -pf 'certificates/${keyName}.key' 'keys/' + + # Copy all certs to the "real" certs directory + CERT='certificates/${keyName}.crt' + CERT_CHANGED=no + if [ -e "$CERT" -a "$CERT" -nt out/fullchain.pem ]; then + CERT_CHANGED=yes + cp -p 'certificates/${keyName}.crt' out/fullchain.pem + cp -p 'certificates/${keyName}.key' out/key.pem + cp -p 'certificates/${keyName}.issuer.crt' out/chain.pem + ln -sf fullchain.pem out/cert.pem + cat out/key.pem out/fullchain.pem > out/full.pem + fi + + if [ "$CERT_CHANGED" = "yes" ]; then + cd out + set +euo pipefail + ${data.postRun} + fi + ''; + }; + }; + + certConfigs = mapAttrs certToConfig cfg.certs; + certOpts = { name, ... }: { options = { + # user option has been removed + user = mkOption { + visible = false; + default = "_mkRemovedOptionModule"; + }; + + # allowKeysForGroup option has been removed + allowKeysForGroup = mkOption { + visible = false; + default = "_mkRemovedOptionModule"; + }; + + # extraDomains was replaced with extraDomainNames + extraDomains = mkOption { + visible = false; + default = "_mkMergedOptionModule"; + }; + webroot = mkOption { type = types.nullOr types.str; default = null; @@ -41,35 +339,19 @@ let description = "Contact email address for the CA to be able to reach you."; }; - user = mkOption { - type = types.str; - default = "root"; - description = "User running the ACME client."; - }; - group = mkOption { type = types.str; - default = "root"; + default = "acme"; description = "Group running the ACME client."; }; - allowKeysForGroup = mkOption { - type = types.bool; - default = false; - description = '' - Give read permissions to the specified group - () to read SSL private certificates. - ''; - }; - postRun = mkOption { type = types.lines; default = ""; - example = "systemctl reload nginx.service"; + example = "cp full.pem backup.pem"; description = '' - Commands to run after new certificates go live. Typically - the web server and other servers using certificates need to - be reloaded. + Commands to run after new certificates go live. Note that + these commands run as the acme user and configured group. Executed in the same directory with the new certificate. ''; @@ -82,18 +364,17 @@ let description = "Directory where certificate and other state is stored."; }; - extraDomains = mkOption { - type = types.attrsOf (types.nullOr types.str); - default = {}; + extraDomainNames = mkOption { + type = types.listOf types.str; + default = []; example = literalExample '' - { - "example.org" = null; - "mydomain.org" = null; - } + [ + "example.org" + "mydomain.org" + ] ''; description = '' A list of extra domain names, which are included in the one certificate to be issued. - Setting a distinct server root is deprecated and not functional in 20.03+ ''; }; @@ -176,24 +457,8 @@ let }; }; -in +in { -{ - - ###### interface - imports = [ - (mkRemovedOptionModule [ "security" "acme" "production" ] '' - Use security.acme.server to define your staging ACME server URL instead. - - To use Let's Encrypt's staging server, use security.acme.server = - "https://acme-staging-v02.api.letsencrypt.org/directory". - '' - ) - (mkRemovedOptionModule [ "security" "acme" "directory"] "ACME Directory is now hardcoded to /var/lib/acme and its permisisons are managed by systemd. See https://github.com/NixOS/nixpkgs/issues/53852 for more info.") - (mkRemovedOptionModule [ "security" "acme" "preDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal") - (mkRemovedOptionModule [ "security" "acme" "activationDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal") - (mkChangedOptionModule [ "security" "acme" "validMin"] [ "security" "acme" "validMinDays"] (config: config.security.acme.validMin / (24 * 3600))) - ]; options = { security.acme = { @@ -266,7 +531,7 @@ in "example.com" = { webroot = "/var/www/challenges/"; email = "foo@example.com"; - extraDomains = { "www.example.com" = null; "foo.example.com" = null; }; + extraDomainNames = [ "www.example.com" "foo.example.com" ]; }; "bar.example.com" = { webroot = "/var/www/challenges/"; @@ -278,25 +543,40 @@ in }; }; - ###### implementation + imports = [ + (mkRemovedOptionModule [ "security" "acme" "production" ] '' + Use security.acme.server to define your staging ACME server URL instead. + + To use the let's encrypt staging server, use security.acme.server = + "https://acme-staging-v02.api.letsencrypt.org/directory". + '' + ) + (mkRemovedOptionModule [ "security" "acme" "directory" ] "ACME Directory is now hardcoded to /var/lib/acme and its permisisons are managed by systemd. See https://github.com/NixOS/nixpkgs/issues/53852 for more info.") + (mkRemovedOptionModule [ "security" "acme" "preDelay" ] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal") + (mkRemovedOptionModule [ "security" "acme" "activationDelay" ] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal") + (mkChangedOptionModule [ "security" "acme" "validMin" ] [ "security" "acme" "validMinDays" ] (config: config.security.acme.validMin / (24 * 3600))) + ]; + config = mkMerge [ (mkIf (cfg.certs != { }) { + # FIXME Most of these custom warnings and filters for security.acme.certs.* are required + # because using mkRemovedOptionModule/mkChangedOptionModule with attrsets isn't possible. + warnings = filter (w: w != "") (mapAttrsToList (cert: data: if data.extraDomains != "_mkMergedOptionModule" then '' + The option definition `security.acme.certs.${cert}.extraDomains` has changed + to `security.acme.certs.${cert}.extraDomainNames` and is now a list of strings. + Setting a custom webroot for extra domains is not possible, instead use separate certs. + '' else "") cfg.certs); + assertions = let - certs = (mapAttrsToList (k: v: v) cfg.certs); + certs = attrValues cfg.certs; in [ - { - assertion = all (certOpts: certOpts.dnsProvider == null || certOpts.webroot == null) certs; - message = '' - Options `security.acme.certs..dnsProvider` and - `security.acme.certs..webroot` are mutually exclusive. - ''; - } { assertion = cfg.email != null || all (certOpts: certOpts.email != null) certs; message = '' You must define `security.acme.certs..email` or - `security.acme.email` to register with the CA. + `security.acme.email` to register with the CA. Note that using + many different addresses for certs may trigger account rate limits. ''; } { @@ -307,184 +587,78 @@ in to `true`. For Let's Encrypt's ToS see https://letsencrypt.org/repository/ ''; } - ]; + ] ++ (builtins.concatLists (mapAttrsToList (cert: data: [ + { + assertion = data.user == "_mkRemovedOptionModule"; + message = '' + The option definition `security.acme.certs.${cert}.user' no longer has any effect; Please remove it. + Certificate user is now hard coded to the "acme" user. If you would + like another user to have access, consider adding them to the + "acme" group or changing security.acme.certs.${cert}.group. + ''; + } + { + assertion = data.allowKeysForGroup == "_mkRemovedOptionModule"; + message = '' + The option definition `security.acme.certs.${cert}.allowKeysForGroup' no longer has any effect; Please remove it. + All certs are readable by the configured group. If this is undesired, + consider changing security.acme.certs.${cert}.group to an unused group. + ''; + } + # * in the cert value breaks building of systemd services, and makes + # referencing them as a user quite weird too. Best practice is to use + # the domain option. + { + assertion = ! hasInfix "*" cert; + message = '' + The cert option path `security.acme.certs.${cert}.dnsProvider` + cannot contain a * character. + Instead, set `security.acme.certs.${cert}.domain = "${cert}";` + and remove the wildcard from the path. + ''; + } + { + assertion = data.dnsProvider == null || data.webroot == null; + message = '' + Options `security.acme.certs.${cert}.dnsProvider` and + `security.acme.certs.${cert}.webroot` are mutually exclusive. + ''; + } + ]) cfg.certs)); - systemd.services = let - services = concatLists servicesLists; - servicesLists = mapAttrsToList certToServices cfg.certs; - certToServices = cert: data: - let - # StateDirectory must be relative, and will be created under /var/lib by systemd - lpath = "acme/${cert}"; - apath = "/var/lib/${lpath}"; - spath = "/var/lib/acme/.lego/${cert}"; - keyName = builtins.replaceStrings ["*"] ["_"] data.domain; - requestedDomains = pipe ([ data.domain ] ++ (attrNames data.extraDomains)) [ - (domains: sort builtins.lessThan domains) - (domains: concatStringsSep "," domains) - ]; - fileMode = if data.allowKeysForGroup then "640" else "600"; - globalOpts = [ "-d" data.domain "--email" data.email "--path" "." "--key-type" data.keyType ] - ++ optionals (cfg.acceptTerms) [ "--accept-tos" ] - ++ optionals (data.dnsProvider != null && !data.dnsPropagationCheck) [ "--dns.disable-cp" ] - ++ concatLists (mapAttrsToList (name: root: [ "-d" name ]) data.extraDomains) - ++ (if data.dnsProvider != null then [ "--dns" data.dnsProvider ] else [ "--http" "--http.webroot" data.webroot ]) - ++ optionals (cfg.server != null || data.server != null) ["--server" (if data.server == null then cfg.server else data.server)] - ++ data.extraLegoFlags; - certOpts = optionals data.ocspMustStaple [ "--must-staple" ]; - runOpts = escapeShellArgs (globalOpts ++ [ "run" ] ++ certOpts ++ data.extraLegoRunFlags); - renewOpts = escapeShellArgs (globalOpts ++ - [ "renew" "--days" (toString cfg.validMinDays) ] ++ - certOpts ++ data.extraLegoRenewFlags); - acmeService = { - description = "Renew ACME Certificate for ${cert}"; - path = with pkgs; [ openssl ]; - after = [ "network.target" "network-online.target" ]; - wants = [ "network-online.target" ]; - wantedBy = mkIf (!config.boot.isContainer) [ "multi-user.target" ]; - serviceConfig = { - Type = "oneshot"; - User = data.user; - Group = data.group; - PrivateTmp = true; - StateDirectory = "acme/.lego/${cert} acme/.lego/accounts ${lpath}"; - StateDirectoryMode = if data.allowKeysForGroup then "750" else "700"; - WorkingDirectory = spath; - # Only try loading the credentialsFile if the dns challenge is enabled - EnvironmentFile = if data.dnsProvider != null then data.credentialsFile else null; - ExecStart = pkgs.writeScript "acme-start" '' - #!${pkgs.runtimeShell} -e - test -L ${spath}/accounts -o -d ${spath}/accounts || ln -s ../accounts ${spath}/accounts - LEGO_ARGS=(${runOpts}) - if [ -e ${spath}/certificates/${keyName}.crt ]; then - REQUESTED_DOMAINS="${requestedDomains}" - EXISTING_DOMAINS="$(openssl x509 -in ${spath}/certificates/${keyName}.crt -noout -ext subjectAltName | tail -n1 | sed -e 's/ *DNS://g')" - if [ "''${REQUESTED_DOMAINS}" == "''${EXISTING_DOMAINS}" ]; then - LEGO_ARGS=(${renewOpts}) - fi - fi - ${pkgs.lego}/bin/lego ''${LEGO_ARGS[@]} - ''; - ExecStartPost = - let - script = pkgs.writeScript "acme-post-start" '' - #!${pkgs.runtimeShell} -e - cd ${apath} + users.users.acme = { + home = "/var/lib/acme"; + group = "acme"; + isSystemUser = true; + }; - # Test that existing cert is older than new cert - KEY=${spath}/certificates/${keyName}.key - KEY_CHANGED=no - if [ -e $KEY -a $KEY -nt key.pem ]; then - KEY_CHANGED=yes - cp -p ${spath}/certificates/${keyName}.key key.pem - cp -p ${spath}/certificates/${keyName}.crt fullchain.pem - cp -p ${spath}/certificates/${keyName}.issuer.crt chain.pem - ln -sf fullchain.pem cert.pem - cat key.pem fullchain.pem > full.pem - fi + users.groups.acme = {}; - chmod ${fileMode} *.pem - chown '${data.user}:${data.group}' *.pem + systemd.services = { + "acme-fixperms" = userMigrationService; + } // (mapAttrs' (cert: conf: nameValuePair "acme-${cert}" conf.renewService) certConfigs) + // (optionalAttrs (cfg.preliminarySelfsigned) ({ + "acme-selfsigned-ca" = selfsignCAService; + } // (mapAttrs' (cert: conf: nameValuePair "acme-selfsigned-${cert}" conf.selfsignService) certConfigs))); - if [ "$KEY_CHANGED" = "yes" ]; then - : # noop in case postRun is empty - ${data.postRun} - fi - ''; - in - "+${script}"; - }; + systemd.timers = mapAttrs' (cert: conf: nameValuePair "acme-${cert}" conf.renewTimer) certConfigs; - }; - selfsignedService = { - description = "Create preliminary self-signed certificate for ${cert}"; - path = [ pkgs.openssl ]; - script = - '' - workdir="$(mktemp -d)" + # .lego and .lego/accounts specified to fix any incorrect permissions + systemd.tmpfiles.rules = [ + "d /var/lib/acme/.lego - acme acme" + "d /var/lib/acme/.lego/accounts - acme acme" + ] ++ (unique (concatMap (conf: [ + "d ${conf.accountDir} - acme acme" + ] ++ (optional (conf.webroot != null) "d ${conf.webroot}/.well-known/acme-challenge - acme ${conf.group}") + ) (attrValues certConfigs))); - # Create CA - openssl genrsa -des3 -passout pass:xxxx -out $workdir/ca.pass.key 2048 - openssl rsa -passin pass:xxxx -in $workdir/ca.pass.key -out $workdir/ca.key - openssl req -new -key $workdir/ca.key -out $workdir/ca.csr \ - -subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=Security Department/CN=example.com" - openssl x509 -req -days 1 -in $workdir/ca.csr -signkey $workdir/ca.key -out $workdir/ca.crt - - # Create key - openssl genrsa -des3 -passout pass:xxxx -out $workdir/server.pass.key 2048 - openssl rsa -passin pass:xxxx -in $workdir/server.pass.key -out $workdir/server.key - openssl req -new -key $workdir/server.key -out $workdir/server.csr \ - -subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com" - openssl x509 -req -days 1 -in $workdir/server.csr -CA $workdir/ca.crt \ - -CAkey $workdir/ca.key -CAserial $workdir/ca.srl -CAcreateserial \ - -out $workdir/server.crt - - # Copy key to destination - cp $workdir/server.key ${apath}/key.pem - - # Create fullchain.pem (same format as "simp_le ... -f fullchain.pem" creates) - cat $workdir/{server.crt,ca.crt} > "${apath}/fullchain.pem" - - # Create full.pem for e.g. lighttpd - cat $workdir/{server.key,server.crt,ca.crt} > "${apath}/full.pem" - - # Give key acme permissions - chown '${data.user}:${data.group}' "${apath}/"{key,fullchain,full}.pem - chmod ${fileMode} "${apath}/"{key,fullchain,full}.pem - ''; - serviceConfig = { - Type = "oneshot"; - PrivateTmp = true; - StateDirectory = lpath; - User = data.user; - Group = data.group; - }; - unitConfig = { - # Do not create self-signed key when key already exists - ConditionPathExists = "!${apath}/key.pem"; - }; - }; - in ( - [ { name = "acme-${cert}"; value = acmeService; } ] - ++ optional cfg.preliminarySelfsigned { name = "acme-selfsigned-${cert}"; value = selfsignedService; } - ); - servicesAttr = listToAttrs services; - in - servicesAttr; - - systemd.tmpfiles.rules = - map (data: "d ${data.webroot}/.well-known/acme-challenge - ${data.user} ${data.group}") (filter (data: data.webroot != null) (attrValues cfg.certs)); - - systemd.timers = let - # Allow systemd to pick a convenient time within the day - # to run the check. - # This allows the coalescing of multiple timer jobs. - # We divide by the number of certificates so that if you - # have many certificates, the renewals are distributed over - # the course of the day to avoid rate limits. - numCerts = length (attrNames cfg.certs); - _24hSecs = 60 * 60 * 24; - AccuracySec = "${toString (_24hSecs / numCerts)}s"; - in flip mapAttrs' cfg.certs (cert: data: nameValuePair - ("acme-${cert}") - ({ - description = "Renew ACME Certificate for ${cert}"; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = cfg.renewInterval; - Unit = "acme-${cert}.service"; - Persistent = "yes"; - inherit AccuracySec; - # Skew randomly within the day, per https://letsencrypt.org/docs/integration-guide/. - RandomizedDelaySec = "24h"; - }; - }) - ); - - systemd.targets.acme-selfsigned-certificates = mkIf cfg.preliminarySelfsigned {}; - systemd.targets.acme-certificates = {}; + # Create some targets which can be depended on to be "active" after cert renewals + systemd.targets = mapAttrs' (cert: conf: nameValuePair "acme-finished-${cert}" { + wantedBy = [ "default.target" ]; + wants = [ "acme-${cert}.service" "acme-selfsigned-${cert}.service" ]; + after = [ "acme-${cert}.service" "acme-selfsigned-${cert}.service" ]; + }) certConfigs; }) - ]; meta = { diff --git a/nixos/modules/security/acme.xml b/nixos/modules/security/acme.xml index f802faee9749..005eebd75c01 100644 --- a/nixos/modules/security/acme.xml +++ b/nixos/modules/security/acme.xml @@ -72,7 +72,7 @@ services.nginx = { "foo.example.com" = { forceSSL = true; enableACME = true; - # All serverAliases will be added as extra domains on the certificate. + # All serverAliases will be added as extra domain names on the certificate. serverAliases = [ "bar.example.com" ]; locations."/" = { root = "/var/www"; @@ -80,8 +80,8 @@ services.nginx = { }; # We can also add a different vhost and reuse the same certificate - # but we have to append extraDomains manually. - security.acme.certs."foo.example.com".extraDomains."baz.example.com" = null; + # but we have to append extraDomainNames manually. + security.acme.certs."foo.example.com".extraDomainNames = [ "baz.example.com" ]; "baz.example.com" = { forceSSL = true; useACMEHost = "foo.example.com"; @@ -165,7 +165,7 @@ services.httpd = { # Since we have a wildcard vhost to handle port 80, # we can generate certs for anything! # Just make sure your DNS resolves them. - extraDomains = [ "mail.example.com" ]; + extraDomainNames = [ "mail.example.com" ]; }; diff --git a/nixos/modules/services/networking/prosody.xml b/nixos/modules/services/networking/prosody.xml index 7859cb1578b7..14b7c60f1a05 100644 --- a/nixos/modules/services/networking/prosody.xml +++ b/nixos/modules/services/networking/prosody.xml @@ -65,7 +65,7 @@ services.prosody = { you'll need a single TLS certificate covering your main endpoint, the MUC one as well as the HTTP Upload one. We can generate such a certificate by leveraging the ACME - extraDomains module option. + extraDomainNames module option. Provided the setup detailed in the previous section, you'll need the following acme configuration to generate @@ -78,8 +78,7 @@ security.acme = { "example.org" = { webroot = "/var/www/example.org"; email = "root@example.org"; - extraDomains."conference.example.org" = null; - extraDomains."upload.example.org" = null; + extraDomainNames = [ "conference.example.org" "upload.example.org" ]; }; }; }; diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index fc4c2945394c..90ea75dfa342 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -6,6 +6,8 @@ let cfg = config.services.httpd; + certs = config.security.acme.certs; + runtimeDir = "/run/httpd"; pkg = cfg.package.out; @@ -26,6 +28,13 @@ let vhosts = attrValues cfg.virtualHosts; + # certName is used later on to determine systemd service names. + acmeEnabledVhosts = map (hostOpts: hostOpts // { + certName = if hostOpts.useACMEHost != null then hostOpts.useACMEHost else hostOpts.hostName; + }) (filter (hostOpts: hostOpts.enableACME || hostOpts.useACMEHost != null) vhosts); + + dependentCertNames = unique (map (hostOpts: hostOpts.certName) acmeEnabledVhosts); + mkListenInfo = hostOpts: if hostOpts.listen != [] then hostOpts.listen else ( @@ -125,13 +134,13 @@ let useACME = hostOpts.enableACME || hostOpts.useACMEHost != null; sslCertDir = - if hostOpts.enableACME then config.security.acme.certs.${hostOpts.hostName}.directory - else if hostOpts.useACMEHost != null then config.security.acme.certs.${hostOpts.useACMEHost}.directory + if hostOpts.enableACME then certs.${hostOpts.hostName}.directory + else if hostOpts.useACMEHost != null then certs.${hostOpts.useACMEHost}.directory else abort "This case should never happen."; - sslServerCert = if useACME then "${sslCertDir}/full.pem" else hostOpts.sslServerCert; + sslServerCert = if useACME then "${sslCertDir}/fullchain.pem" else hostOpts.sslServerCert; sslServerKey = if useACME then "${sslCertDir}/key.pem" else hostOpts.sslServerKey; - sslServerChain = if useACME then "${sslCertDir}/fullchain.pem" else hostOpts.sslServerChain; + sslServerChain = if useACME then "${sslCertDir}/chain.pem" else hostOpts.sslServerChain; acmeChallenge = optionalString useACME '' Alias /.well-known/acme-challenge/ "${hostOpts.acmeRoot}/.well-known/acme-challenge/" @@ -347,7 +356,6 @@ let cat ${php.phpIni} > $out echo "$options" >> $out ''; - in @@ -647,14 +655,17 @@ in wwwrun.gid = config.ids.gids.wwwrun; }; - security.acme.certs = mapAttrs (name: hostOpts: { - user = cfg.user; - group = mkDefault cfg.group; - email = if hostOpts.adminAddr != null then hostOpts.adminAddr else cfg.adminAddr; - webroot = hostOpts.acmeRoot; - extraDomains = genAttrs hostOpts.serverAliases (alias: null); - postRun = "systemctl reload httpd.service"; - }) (filterAttrs (name: hostOpts: hostOpts.enableACME) cfg.virtualHosts); + security.acme.certs = let + acmePairs = map (hostOpts: nameValuePair hostOpts.hostName { + group = mkDefault cfg.group; + webroot = hostOpts.acmeRoot; + extraDomainNames = hostOpts.serverAliases; + # Use the vhost-specific email address if provided, otherwise let + # security.acme.email or security.acme.certs..email be used. + email = mkOverride 2000 (if hostOpts.adminAddr != null then hostOpts.adminAddr else cfg.adminAddr); + # Filter for enableACME-only vhosts. Don't want to create dud certs + }) (filter (hostOpts: hostOpts.useACMEHost == null) acmeEnabledVhosts); + in listToAttrs acmePairs; environment.systemPackages = [ apachectl @@ -724,16 +735,12 @@ in "Z '${cfg.logDir}' - ${svc.User} ${svc.Group}" ]; - systemd.services.httpd = - let - vhostsACME = filter (hostOpts: hostOpts.enableACME) vhosts; - in - { description = "Apache HTTPD"; - + systemd.services.httpd = { + description = "Apache HTTPD"; wantedBy = [ "multi-user.target" ]; - wants = concatLists (map (hostOpts: [ "acme-${hostOpts.hostName}.service" "acme-selfsigned-${hostOpts.hostName}.service" ]) vhostsACME); - after = [ "network.target" "fs.target" ] ++ map (hostOpts: "acme-selfsigned-${hostOpts.hostName}.service") vhostsACME; - before = map (hostOpts: "acme-${hostOpts.hostName}.service") vhostsACME; + wants = concatLists (map (certName: [ "acme-finished-${certName}.target" ]) dependentCertNames); + after = [ "network.target" ] ++ map (certName: "acme-selfsigned-${certName}.service") dependentCertNames; + before = map (certName: "acme-${certName}.service") dependentCertNames; path = [ pkg pkgs.coreutils pkgs.gnugrep ]; @@ -767,5 +774,31 @@ in }; }; + # postRun hooks on cert renew can't be used to restart Apache since renewal + # runs as the unprivileged acme user. sslTargets are added to wantedBy + before + # which allows the acme-finished-$cert.target to signify the successful updating + # of certs end-to-end. + systemd.services.httpd-config-reload = let + sslServices = map (certName: "acme-${certName}.service") dependentCertNames; + sslTargets = map (certName: "acme-finished-${certName}.target") dependentCertNames; + in mkIf (sslServices != []) { + wantedBy = sslServices ++ [ "multi-user.target" ]; + # Before the finished targets, after the renew services. + # This service might be needed for HTTP-01 challenges, but we only want to confirm + # certs are updated _after_ config has been reloaded. + before = sslTargets; + after = sslServices; + # Block reloading if not all certs exist yet. + # Happens when config changes add new vhosts/certs. + unitConfig.ConditionPathExists = map (certName: certs.${certName}.directory + "/fullchain.pem") dependentCertNames; + serviceConfig = { + Type = "oneshot"; + TimeoutSec = 60; + ExecCondition = "/run/current-system/systemd/bin/systemctl -q is-active httpd.service"; + ExecStartPre = "${pkg}/bin/apachectl configtest"; + ExecStart = "/run/current-system/systemd/bin/systemctl reload httpd.service"; + }; + }; + }; } diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 461888c4cc4f..975b56d47822 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -6,23 +6,23 @@ let cfg = config.services.nginx; certs = config.security.acme.certs; vhostsConfigs = mapAttrsToList (vhostName: vhostConfig: vhostConfig) virtualHosts; - acmeEnabledVhosts = filter (vhostConfig: vhostConfig.enableACME && vhostConfig.useACMEHost == null) vhostsConfigs; + acmeEnabledVhosts = filter (vhostConfig: vhostConfig.enableACME || vhostConfig.useACMEHost != null) vhostsConfigs; + dependentCertNames = unique (map (hostOpts: hostOpts.certName) acmeEnabledVhosts); virtualHosts = mapAttrs (vhostName: vhostConfig: let serverName = if vhostConfig.serverName != null then vhostConfig.serverName else vhostName; + certName = if vhostConfig.useACMEHost != null + then vhostConfig.useACMEHost + else serverName; in vhostConfig // { - inherit serverName; - } // (optionalAttrs vhostConfig.enableACME { - sslCertificate = "${certs.${serverName}.directory}/fullchain.pem"; - sslCertificateKey = "${certs.${serverName}.directory}/key.pem"; - sslTrustedCertificate = "${certs.${serverName}.directory}/full.pem"; - }) // (optionalAttrs (vhostConfig.useACMEHost != null) { - sslCertificate = "${certs.${vhostConfig.useACMEHost}.directory}/fullchain.pem"; - sslCertificateKey = "${certs.${vhostConfig.useACMEHost}.directory}/key.pem"; - sslTrustedCertificate = "${certs.${vhostConfig.useACMEHost}.directory}/fullchain.pem"; + inherit serverName certName; + } // (optionalAttrs (vhostConfig.enableACME || vhostConfig.useACMEHost != null) { + sslCertificate = "${certs.${certName}.directory}/fullchain.pem"; + sslCertificateKey = "${certs.${certName}.directory}/key.pem"; + sslTrustedCertificate = "${certs.${certName}.directory}/chain.pem"; }) ) cfg.virtualHosts; enableIPv6 = config.networking.enableIPv6; @@ -691,12 +691,12 @@ in systemd.services.nginx = { description = "Nginx Web Server"; wantedBy = [ "multi-user.target" ]; - wants = concatLists (map (vhostConfig: ["acme-${vhostConfig.serverName}.service" "acme-selfsigned-${vhostConfig.serverName}.service"]) acmeEnabledVhosts); - after = [ "network.target" ] ++ map (vhostConfig: "acme-selfsigned-${vhostConfig.serverName}.service") acmeEnabledVhosts; + wants = concatLists (map (certName: [ "acme-finished-${certName}.target" ]) dependentCertNames); + after = [ "network.target" ] ++ map (certName: "acme-selfsigned-${certName}.service") dependentCertNames; # Nginx needs to be started in order to be able to request certificates # (it's hosting the acme challenge after all) # This fixes https://github.com/NixOS/nixpkgs/issues/81842 - before = map (vhostConfig: "acme-${vhostConfig.serverName}.service") acmeEnabledVhosts; + before = map (certName: "acme-${certName}.service") dependentCertNames; stopIfChanged = false; preStart = '' ${cfg.preStart} @@ -753,37 +753,41 @@ in source = configFile; }; - systemd.services.nginx-config-reload = mkIf cfg.enableReload { - wants = [ "nginx.service" ]; - wantedBy = [ "multi-user.target" ]; - restartTriggers = [ configFile ]; - # commented, because can cause extra delays during activate for this config: - # services.nginx.virtualHosts."_".locations."/".proxyPass = "http://blabla:3000"; - # stopIfChanged = false; - serviceConfig.Type = "oneshot"; - serviceConfig.TimeoutSec = 60; - script = '' - if /run/current-system/systemd/bin/systemctl -q is-active nginx.service ; then - /run/current-system/systemd/bin/systemctl reload nginx.service - fi - ''; - serviceConfig.RemainAfterExit = true; + # postRun hooks on cert renew can't be used to restart Nginx since renewal + # runs as the unprivileged acme user. sslTargets are added to wantedBy + before + # which allows the acme-finished-$cert.target to signify the successful updating + # of certs end-to-end. + systemd.services.nginx-config-reload = let + sslServices = map (certName: "acme-${certName}.service") dependentCertNames; + sslTargets = map (certName: "acme-finished-${certName}.target") dependentCertNames; + in mkIf (cfg.enableReload || sslServices != []) { + wants = optionals (cfg.enableReload) [ "nginx.service" ]; + wantedBy = sslServices ++ [ "multi-user.target" ]; + # Before the finished targets, after the renew services. + # This service might be needed for HTTP-01 challenges, but we only want to confirm + # certs are updated _after_ config has been reloaded. + before = sslTargets; + after = sslServices; + restartTriggers = optionals (cfg.enableReload) [ configFile ]; + # Block reloading if not all certs exist yet. + # Happens when config changes add new vhosts/certs. + unitConfig.ConditionPathExists = optionals (sslServices != []) (map (certName: certs.${certName}.directory + "/fullchain.pem") dependentCertNames); + serviceConfig = { + Type = "oneshot"; + TimeoutSec = 60; + ExecCondition = "/run/current-system/systemd/bin/systemctl -q is-active nginx.service"; + ExecStart = "/run/current-system/systemd/bin/systemctl reload nginx.service"; + }; }; - security.acme.certs = filterAttrs (n: v: v != {}) ( - let - acmePairs = map (vhostConfig: { name = vhostConfig.serverName; value = { - user = cfg.user; - group = lib.mkDefault cfg.group; - webroot = vhostConfig.acmeRoot; - extraDomains = genAttrs vhostConfig.serverAliases (alias: null); - postRun = '' - /run/current-system/systemd/bin/systemctl reload nginx - ''; - }; }) acmeEnabledVhosts; - in - listToAttrs acmePairs - ); + security.acme.certs = let + acmePairs = map (vhostConfig: nameValuePair vhostConfig.serverName { + group = mkDefault cfg.group; + webroot = vhostConfig.acmeRoot; + extraDomainNames = vhostConfig.serverAliases; + # Filter for enableACME-only vhosts. Don't want to create dud certs + }) (filter (vhostConfig: vhostConfig.useACMEHost == null) acmeEnabledVhosts); + in listToAttrs acmePairs; users.users = optionalAttrs (cfg.user == "nginx") { nginx = { diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix index a81884737213..37e82993b4e3 100644 --- a/nixos/tests/acme.nix +++ b/nixos/tests/acme.nix @@ -1,29 +1,43 @@ let commonConfig = ./common/acme/client; - dnsScript = {writeScript, dnsAddress, bash, curl}: writeScript "dns-hook.sh" '' - #!${bash}/bin/bash + dnsServerIP = nodes: nodes.dnsserver.config.networking.primaryIPAddress; + + dnsScript = {pkgs, nodes}: let + dnsAddress = dnsServerIP nodes; + in pkgs.writeShellScript "dns-hook.sh" '' set -euo pipefail echo '[INFO]' "[$2]" 'dns-hook.sh' $* if [ "$1" = "present" ]; then - ${curl}/bin/curl --data '{"host": "'"$2"'", "value": "'"$3"'"}' http://${dnsAddress}:8055/set-txt + ${pkgs.curl}/bin/curl --data '{"host": "'"$2"'", "value": "'"$3"'"}' http://${dnsAddress}:8055/set-txt else - ${curl}/bin/curl --data '{"host": "'"$2"'"}' http://${dnsAddress}:8055/clear-txt + ${pkgs.curl}/bin/curl --data '{"host": "'"$2"'"}' http://${dnsAddress}:8055/clear-txt fi ''; + documentRoot = pkgs: pkgs.runCommand "docroot" {} '' + mkdir -p "$out" + echo hello world > "$out/index.html" + ''; + + vhostBase = pkgs: { + forceSSL = true; + locations."/".root = documentRoot pkgs; + }; + in import ./make-test-python.nix ({ lib, ... }: { name = "acme"; meta.maintainers = lib.teams.acme.members; - nodes = rec { + nodes = { + # The fake ACME server which will respond to client requests acme = { nodes, lib, ... }: { imports = [ ./common/acme/server ]; - networking.nameservers = lib.mkForce [ - nodes.dnsserver.config.networking.primaryIPAddress - ]; + networking.nameservers = lib.mkForce [ (dnsServerIP nodes) ]; }; + # A fake DNS server which can be configured with records as desired + # Used to test DNS-01 challenge dnsserver = { nodes, pkgs, ... }: { networking.firewall.allowedTCPPorts = [ 8055 53 ]; networking.firewall.allowedUDPPorts = [ 53 ]; @@ -39,112 +53,87 @@ in import ./make-test-python.nix ({ lib, ... }: { }; }; - acmeStandalone = { nodes, lib, config, pkgs, ... }: { - imports = [ commonConfig ]; - networking.nameservers = lib.mkForce [ - nodes.dnsserver.config.networking.primaryIPAddress - ]; - networking.firewall.allowedTCPPorts = [ 80 ]; - security.acme.certs."standalone.test" = { - webroot = "/var/lib/acme/acme-challenges"; - }; - systemd.targets."acme-finished-standalone.test" = { - after = [ "acme-standalone.test.service" ]; - wantedBy = [ "acme-standalone.test.service" ]; - }; - services.nginx.enable = true; - services.nginx.virtualHosts."standalone.test" = { - locations."/.well-known/acme-challenge".root = "/var/lib/acme/acme-challenges"; - }; - }; - - webserver = { nodes, config, pkgs, lib, ... }: { + # A web server which will be the node requesting certs + webserver = { pkgs, nodes, lib, config, ... }: { imports = [ commonConfig ]; + networking.nameservers = lib.mkForce [ (dnsServerIP nodes) ]; networking.firewall.allowedTCPPorts = [ 80 443 ]; - networking.nameservers = lib.mkForce [ - nodes.dnsserver.config.networking.primaryIPAddress - ]; - # A target remains active. Use this to probe the fact that - # a service fired eventhough it is not RemainAfterExit - systemd.targets."acme-finished-a.example.test" = { - after = [ "acme-a.example.test.service" ]; - wantedBy = [ "acme-a.example.test.service" ]; - }; + # OpenSSL will be used for more thorough certificate validation + environment.systemPackages = [ pkgs.openssl ]; + # First tests configure a basic cert and run a bunch of openssl checks services.nginx.enable = true; - - services.nginx.virtualHosts."a.example.test" = { + services.nginx.virtualHosts."a.example.test" = (vhostBase pkgs) // { enableACME = true; - forceSSL = true; - locations."/".root = pkgs.runCommand "docroot" {} '' - mkdir -p "$out" - echo hello world > "$out/index.html" - ''; }; - security.acme.server = "https://acme.test/dir"; + # Used to determine if service reload was triggered + systemd.targets.test-renew-nginx = { + wants = [ "acme-a.example.test.service" ]; + after = [ "acme-a.example.test.service" "nginx-config-reload.service" ]; + }; - specialisation.second-cert.configuration = {pkgs, ...}: { - systemd.targets."acme-finished-b.example.test" = { - after = [ "acme-b.example.test.service" ]; - wantedBy = [ "acme-b.example.test.service" ]; + # Cert config changes will not cause the nginx configuration to change. + # This tests that the reload service is correctly triggered. + specialisation.cert-change.configuration = { pkgs, ... }: { + security.acme.certs."a.example.test".keyType = "ec384"; + }; + + # Now adding an alias to ensure that the certs are updated + specialisation.nginx-aliases.configuration = { pkgs, ... }: { + services.nginx.virtualHosts."a.example.test" = { + serverAliases = [ "b.example.test" ]; }; - services.nginx.virtualHosts."b.example.test" = { - enableACME = true; + }; + + # Test using Apache HTTPD + specialisation.httpd-aliases.configuration = { pkgs, config, lib, ... }: { + services.nginx.enable = lib.mkForce false; + services.httpd.enable = true; + services.httpd.adminAddr = config.security.acme.email; + services.httpd.virtualHosts."c.example.test" = { + serverAliases = [ "d.example.test" ]; forceSSL = true; - locations."/".root = pkgs.runCommand "docroot" {} '' - mkdir -p "$out" - echo hello world > "$out/index.html" - ''; + enableACME = true; + documentRoot = documentRoot pkgs; + }; + + # Used to determine if service reload was triggered + systemd.targets.test-renew-httpd = { + wants = [ "acme-c.example.test.service" ]; + after = [ "acme-c.example.test.service" "httpd-config-reload.service" ]; }; }; - specialisation.dns-01.configuration = {pkgs, config, nodes, lib, ...}: { + # Validation via DNS-01 challenge + specialisation.dns-01.configuration = { pkgs, config, nodes, ... }: { security.acme.certs."example.test" = { domain = "*.example.test"; + group = config.services.nginx.group; dnsProvider = "exec"; dnsPropagationCheck = false; - credentialsFile = with pkgs; writeText "wildcard.env" '' - EXEC_PATH=${dnsScript { inherit writeScript bash curl; dnsAddress = nodes.dnsserver.config.networking.primaryIPAddress; }} + credentialsFile = pkgs.writeText "wildcard.env" '' + EXEC_PATH=${dnsScript { inherit pkgs nodes; }} ''; - user = config.services.nginx.user; - group = config.services.nginx.group; }; - systemd.targets."acme-finished-example.test" = { - after = [ "acme-example.test.service" ]; - wantedBy = [ "acme-example.test.service" ]; - }; - systemd.services."acme-example.test" = { - before = [ "nginx.service" ]; - wantedBy = [ "nginx.service" ]; - }; - services.nginx.virtualHosts."c.example.test" = { - forceSSL = true; - sslCertificate = config.security.acme.certs."example.test".directory + "/cert.pem"; - sslTrustedCertificate = config.security.acme.certs."example.test".directory + "/full.pem"; - sslCertificateKey = config.security.acme.certs."example.test".directory + "/key.pem"; - locations."/".root = pkgs.runCommand "docroot" {} '' - mkdir -p "$out" - echo hello world > "$out/index.html" - ''; + + services.nginx.virtualHosts."dns.example.test" = (vhostBase pkgs) // { + useACMEHost = "example.test"; }; }; - # When nginx depends on a service that is slow to start up, requesting used to fail - # certificates fail. Reproducer for https://github.com/NixOS/nixpkgs/issues/81842 - specialisation.slow-startup.configuration = { pkgs, config, nodes, lib, ...}: { + # Validate service relationships by adding a slow start service to nginx' wants. + # Reproducer for https://github.com/NixOS/nixpkgs/issues/81842 + specialisation.slow-startup.configuration = { pkgs, config, nodes, lib, ... }: { systemd.services.my-slow-service = { wantedBy = [ "multi-user.target" "nginx.service" ]; before = [ "nginx.service" ]; preStart = "sleep 5"; script = "${pkgs.python3}/bin/python -m http.server"; }; - systemd.targets."acme-finished-d.example.com" = { - after = [ "acme-d.example.com.service" ]; - wantedBy = [ "acme-d.example.com.service" ]; - }; - services.nginx.virtualHosts."d.example.com" = { + + services.nginx.virtualHosts."slow.example.com" = { forceSSL = true; enableACME = true; locations."/".proxyPass = "http://localhost:8000"; @@ -152,11 +141,13 @@ in import ./make-test-python.nix ({ lib, ... }: { }; }; - client = {nodes, lib, ...}: { + # The client will be used to curl the webserver to validate configuration + client = {nodes, lib, pkgs, ...}: { imports = [ commonConfig ]; - networking.nameservers = lib.mkForce [ - nodes.dnsserver.config.networking.primaryIPAddress - ]; + networking.nameservers = lib.mkForce [ (dnsServerIP nodes) ]; + + # OpenSSL will be used for more thorough certificate validation + environment.systemPackages = [ pkgs.openssl ]; }; }; @@ -167,73 +158,155 @@ in import ./make-test-python.nix ({ lib, ... }: { in # Note, wait_for_unit does not work for oneshot services that do not have RemainAfterExit=true, # this is because a oneshot goes from inactive => activating => inactive, and never - # reaches the active state. To work around this, we create some mock target units which - # get pulled in by the oneshot units. The target units linger after activation, and hence we - # can use them to probe that a oneshot fired. It is a bit ugly, but it is the best we can do + # reaches the active state. Targets do not have this issue. + '' + has_switched = False + + + def switch_to(node, name): + global has_switched + if has_switched: + node.succeed( + "${switchToNewServer}" + ) + has_switched = True + node.succeed( + "/run/current-system/specialisation/{}/bin/switch-to-configuration test".format( + name + ) + ) + + + # Ensures the issuer of our cert matches the chain + # and matches the issuer we expect it to be. + # It's a good validation to ensure the cert.pem and fullchain.pem + # are not still selfsigned afer verification + def check_issuer(node, cert_name, issuer): + for fname in ("cert.pem", "fullchain.pem"): + node.succeed( + ( + """openssl x509 -noout -issuer -in /var/lib/acme/{cert_name}/{fname} \ + | tee /proc/self/fd/2 \ + | cut -d'=' -f2- \ + | grep "$(openssl x509 -noout -subject -in /var/lib/acme/{cert_name}/chain.pem \ + | cut -d'=' -f2-)\" \ + | grep -i '{issuer}' + """ + ).format(cert_name=cert_name, issuer=issuer, fname=fname) + ) + + + # Ensure cert comes before chain in fullchain.pem + def check_fullchain(node, cert_name): + node.succeed( + ( + """openssl crl2pkcs7 -nocrl -certfile /var/lib/acme/{cert_name}/fullchain.pem \ + | tee /proc/self/fd/2 \ + | openssl pkcs7 -print_certs -noout | head -1 | grep {cert_name} + """ + ).format(cert_name=cert_name) + ) + + + def check_connection(node, domain): + node.succeed( + ( + """openssl s_client -brief -verify 2 -verify_return_error -CAfile /tmp/ca.crt \ + -servername {domain} -connect {domain}:443 < /dev/null 2>&1 \ + | tee /proc/self/fd/2 + """ + ).format(domain=domain) + ) + + client.start() dnsserver.start() - acme.wait_for_unit("default.target") dnsserver.wait_for_unit("pebble-challtestsrv.service") + client.wait_for_unit("default.target") + client.succeed( - 'curl --data \'{"host": "acme.test", "addresses": ["${nodes.acme.config.networking.primaryIPAddress}"]}\' http://${nodes.dnsserver.config.networking.primaryIPAddress}:8055/add-a' - ) - client.succeed( - 'curl --data \'{"host": "standalone.test", "addresses": ["${nodes.acmeStandalone.config.networking.primaryIPAddress}"]}\' http://${nodes.dnsserver.config.networking.primaryIPAddress}:8055/add-a' + 'curl --data \'{"host": "acme.test", "addresses": ["${nodes.acme.config.networking.primaryIPAddress}"]}\' http://${dnsServerIP nodes}:8055/add-a' ) acme.start() - acmeStandalone.start() + webserver.start() acme.wait_for_unit("default.target") acme.wait_for_unit("pebble.service") - with subtest("can request certificate with HTTPS-01 challenge"): - acmeStandalone.wait_for_unit("default.target") - acmeStandalone.succeed("systemctl start acme-standalone.test.service") - acmeStandalone.wait_for_unit("acme-finished-standalone.test.target") - - client.wait_for_unit("default.target") - client.succeed("curl https://acme.test:15000/roots/0 > /tmp/ca.crt") client.succeed("curl https://acme.test:15000/intermediate-keys/0 >> /tmp/ca.crt") - with subtest("Can request certificate for nginx service"): + with subtest("Can request certificate with HTTPS-01 challenge"): + webserver.wait_for_unit("acme-finished-a.example.test.target") + check_fullchain(webserver, "a.example.test") + check_issuer(webserver, "a.example.test", "pebble") + check_connection(client, "a.example.test") + + with subtest("Can generate valid selfsigned certs"): + webserver.succeed("systemctl clean acme-a.example.test.service --what=state") + webserver.succeed("systemctl start acme-selfsigned-a.example.test.service") + check_fullchain(webserver, "a.example.test") + check_issuer(webserver, "a.example.test", "minica") + # Will succeed if nginx can load the certs + webserver.succeed("systemctl start nginx-config-reload.service") + + with subtest("Can reload nginx when timer triggers renewal"): + # These syncs are required because of weird scenarios where the cert files + # were not actually changed when the checks run. + webserver.succeed("sync") + webserver.succeed("systemctl start test-renew-nginx.target") + webserver.succeed("sync") + check_issuer(webserver, "a.example.test", "pebble") + check_connection(client, "a.example.test") + + with subtest("Can reload web server when cert configuration changes"): + switch_to(webserver, "cert-change") webserver.wait_for_unit("acme-finished-a.example.test.target") client.succeed( - "curl --cacert /tmp/ca.crt https://a.example.test/ | grep -qF 'hello world'" + """openssl s_client -CAfile /tmp/ca.crt -connect a.example.test:443 < /dev/null \ + | openssl x509 -noout -text | grep -i Public-Key | grep 384 + """ ) - with subtest("Can add another certificate for nginx service"): - webserver.succeed( - "/run/current-system/specialisation/second-cert/bin/switch-to-configuration test" - ) - webserver.wait_for_unit("acme-finished-b.example.test.target") - client.succeed( - "curl --cacert /tmp/ca.crt https://b.example.test/ | grep -qF 'hello world'" - ) + with subtest("Can request certificate with HTTPS-01 when nginx startup is delayed"): + switch_to(webserver, "slow-startup") + webserver.wait_for_unit("acme-finished-slow.example.com.target") + check_issuer(webserver, "slow.example.com", "pebble") + check_connection(client, "slow.example.com") + + with subtest("Can request certificate for vhost + aliases (nginx)"): + switch_to(webserver, "nginx-aliases") + webserver.wait_for_unit("acme-finished-a.example.test.target") + check_issuer(webserver, "a.example.test", "pebble") + check_connection(client, "a.example.test") + check_connection(client, "b.example.test") + + with subtest("Can request certificates for vhost + aliases (apache-httpd)"): + switch_to(webserver, "httpd-aliases") + webserver.wait_for_unit("acme-finished-c.example.test.target") + check_issuer(webserver, "c.example.test", "pebble") + check_connection(client, "c.example.test") + check_connection(client, "d.example.test") + + with subtest("Can reload httpd when timer triggers renewal"): + # Switch to selfsigned first + webserver.succeed("systemctl clean acme-c.example.test.service --what=state") + webserver.succeed("systemctl start acme-selfsigned-c.example.test.service") + webserver.succeed("sync") + check_issuer(webserver, "c.example.test", "minica") + webserver.succeed("systemctl start httpd-config-reload.service") + webserver.succeed("systemctl start test-renew-httpd.target") + webserver.succeed("sync") + check_issuer(webserver, "c.example.test", "pebble") + check_connection(client, "c.example.test") with subtest("Can request wildcard certificates using DNS-01 challenge"): - webserver.succeed( - "${switchToNewServer}" - ) - webserver.succeed( - "/run/current-system/specialisation/dns-01/bin/switch-to-configuration test" - ) + switch_to(webserver, "dns-01") webserver.wait_for_unit("acme-finished-example.test.target") - client.succeed( - "curl --cacert /tmp/ca.crt https://c.example.test/ | grep -qF 'hello world'" - ) - - with subtest("Can request certificate of nginx when startup is delayed"): - webserver.succeed( - "${switchToNewServer}" - ) - webserver.succeed( - "/run/current-system/specialisation/slow-startup/bin/switch-to-configuration test" - ) - webserver.wait_for_unit("acme-finished-d.example.com.target") - client.succeed("curl --cacert /tmp/ca.crt https://d.example.com/") + check_issuer(webserver, "example.test", "pebble") + check_connection(client, "dns.example.test") ''; }) diff --git a/nixos/tests/common/acme/client/default.nix b/nixos/tests/common/acme/client/default.nix index 80893da02524..1e9885e375c7 100644 --- a/nixos/tests/common/acme/client/default.nix +++ b/nixos/tests/common/acme/client/default.nix @@ -1,15 +1,14 @@ { lib, nodes, pkgs, ... }: - let - acme-ca = nodes.acme.config.test-support.acme.caCert; -in + caCert = nodes.acme.config.test-support.acme.caCert; + caDomain = nodes.acme.config.test-support.acme.caDomain; -{ +in { security.acme = { - server = "https://acme.test/dir"; + server = "https://${caDomain}/dir"; email = "hostmaster@example.test"; acceptTerms = true; }; - security.pki.certificateFiles = [ acme-ca ]; + security.pki.certificateFiles = [ caCert ]; } diff --git a/nixos/tests/common/acme/server/default.nix b/nixos/tests/common/acme/server/default.nix index 1a0ee882572c..4d8e664c4e17 100644 --- a/nixos/tests/common/acme/server/default.nix +++ b/nixos/tests/common/acme/server/default.nix @@ -3,7 +3,7 @@ # config.test-support.acme.caCert # # This value can be used inside the configuration of other test nodes to inject -# the snakeoil certificate into security.pki.certificateFiles or into package +# the test certificate into security.pki.certificateFiles or into package # overlays. # # Another value that's needed if you don't use a custom resolver (see below for @@ -50,19 +50,13 @@ # Also make sure that whenever you use a resolver from a different test node # that it has to be started _before_ the ACME service. { config, pkgs, lib, ... }: - - let - snakeOilCerts = import ./snakeoil-certs.nix; + testCerts = import ./snakeoil-certs.nix { + minica = pkgs.minica; + mkDerivation = pkgs.stdenv.mkDerivation; + }; + domain = testCerts.domain; - wfeDomain = "acme.test"; - wfeCertFile = snakeOilCerts.${wfeDomain}.cert; - wfeKeyFile = snakeOilCerts.${wfeDomain}.key; - - siteDomain = "acme.test"; - siteCertFile = snakeOilCerts.${siteDomain}.cert; - siteKeyFile = snakeOilCerts.${siteDomain}.key; - pebble = pkgs.pebble; resolver = let message = "You need to define a resolver for the acme test module."; firstNS = lib.head config.networking.nameservers; @@ -71,8 +65,9 @@ let pebbleConf.pebble = { listenAddress = "0.0.0.0:443"; managementListenAddress = "0.0.0.0:15000"; - certificate = snakeOilCerts.${wfeDomain}.cert; - privateKey = snakeOilCerts.${wfeDomain}.key; + # These certs and keys are used for the Web Front End (WFE) + certificate = testCerts.${domain}.cert; + privateKey = testCerts.${domain}.key; httpPort = 80; tlsPort = 443; ocspResponderURL = "http://0.0.0.0:4002"; @@ -80,18 +75,30 @@ let }; pebbleConfFile = pkgs.writeText "pebble.conf" (builtins.toJSON pebbleConf); - pebbleDataDir = "/root/pebble"; in { imports = [ ../../resolver.nix ]; - options.test-support.acme.caCert = lib.mkOption { - type = lib.types.path; - description = '' - A certificate file to use with the nodes attribute to - inject the snakeoil CA certificate used in the ACME server into - . - ''; + options.test-support.acme = with lib; { + caDomain = mkOption { + type = types.str; + readOnly = true; + default = domain; + description = '' + A domain name to use with the nodes attribute to + identify the CA server. + ''; + }; + caCert = mkOption { + type = types.path; + readOnly = true; + default = testCerts.ca.cert; + description = '' + A certificate file to use with the nodes attribute to + inject the test CA certificate used in the ACME server into + . + ''; + }; }; config = { @@ -99,35 +106,32 @@ in { resolver.enable = let isLocalResolver = config.networking.nameservers == [ "127.0.0.1" ]; in lib.mkOverride 900 isLocalResolver; - acme.caCert = snakeOilCerts.ca.cert; }; # This has priority 140, because modules/testing/test-instrumentation.nix # already overrides this with priority 150. networking.nameservers = lib.mkOverride 140 [ "127.0.0.1" ]; - networking.firewall.enable = false; + networking.firewall.allowedTCPPorts = [ 80 443 15000 4002 ]; networking.extraHosts = '' - 127.0.0.1 ${wfeDomain} - ${config.networking.primaryIPAddress} ${wfeDomain} ${siteDomain} + 127.0.0.1 ${domain} + ${config.networking.primaryIPAddress} ${domain} ''; systemd.services = { pebble = { enable = true; description = "Pebble ACME server"; - requires = [ ]; wantedBy = [ "network.target" ]; - preStart = '' - mkdir ${pebbleDataDir} - ''; - script = '' - cd ${pebbleDataDir} - ${pebble}/bin/pebble -config ${pebbleConfFile} - ''; + serviceConfig = { + RuntimeDirectory = "pebble"; + WorkingDirectory = "/run/pebble"; + # Required to bind on privileged ports. AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; + + ExecStart = "${pkgs.pebble}/bin/pebble -config ${pebbleConfFile}"; }; }; }; diff --git a/nixos/tests/common/acme/server/mkcerts.nix b/nixos/tests/common/acme/server/mkcerts.nix deleted file mode 100644 index c9616bf9672c..000000000000 --- a/nixos/tests/common/acme/server/mkcerts.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ pkgs ? import {} -, lib ? pkgs.lib -, domains ? [ "acme.test" ] -}: - -pkgs.runCommand "acme-snakeoil-ca" { - nativeBuildInputs = [ pkgs.openssl ]; -} '' - addpem() { - local file="$1"; shift - local storeFileName="$(IFS=.; echo "$*")" - - echo -n " " >> "$out" - - # Every following argument is an attribute, so let's recurse and check - # every attribute whether it must be quoted and write it into $out. - while [ -n "$1" ]; do - if expr match "$1" '^[a-zA-Z][a-zA-Z0-9]*$' > /dev/null; then - echo -n "$1" >> "$out" - else - echo -n '"' >> "$out" - echo -n "$1" | sed -e 's/["$]/\\&/g' >> "$out" - echo -n '"' >> "$out" - fi - shift - [ -z "$1" ] || echo -n . >> "$out" - done - - echo " = builtins.toFile \"$storeFileName\" '''" >> "$out" - sed -e 's/^/ /' "$file" >> "$out" - - echo " ''';" >> "$out" - } - - echo '# Generated via mkcert.sh in the same directory.' > "$out" - echo '{' >> "$out" - - openssl req -newkey rsa:4096 -x509 -sha256 -days 36500 \ - -subj '/CN=Snakeoil CA' -nodes -out ca.pem -keyout ca.key - - addpem ca.key ca key - addpem ca.pem ca cert - - ${lib.concatMapStrings (fqdn: let - opensslConfig = pkgs.writeText "snakeoil.cnf" '' - [req] - default_bits = 4096 - prompt = no - default_md = sha256 - req_extensions = req_ext - distinguished_name = dn - [dn] - CN = ${fqdn} - [req_ext] - subjectAltName = DNS:${fqdn} - ''; - in '' - export OPENSSL_CONF=${lib.escapeShellArg opensslConfig} - openssl genrsa -out snakeoil.key 4096 - openssl req -new -key snakeoil.key -out snakeoil.csr - openssl x509 -req -in snakeoil.csr -sha256 -set_serial 666 \ - -CA ca.pem -CAkey ca.key -out snakeoil.pem -days 36500 \ - -extfile "$OPENSSL_CONF" -extensions req_ext - addpem snakeoil.key ${lib.escapeShellArg fqdn} key - addpem snakeoil.pem ${lib.escapeShellArg fqdn} cert - '') domains} - - echo '}' >> "$out" -'' diff --git a/nixos/tests/common/acme/server/mkcerts.sh b/nixos/tests/common/acme/server/mkcerts.sh deleted file mode 100755 index cc7f8ca650dd..000000000000 --- a/nixos/tests/common/acme/server/mkcerts.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env nix-shell -#!nix-shell -p nix bash -i bash -set -e -cd "$(dirname "$0")" -storepath="$(nix-build --no-out-link mkcerts.nix)" -cat "$storepath" > snakeoil-certs.nix diff --git a/nixos/tests/common/acme/server/snakeoil-certs.nix b/nixos/tests/common/acme/server/snakeoil-certs.nix index 7325b027c7ef..4b6a38b8fa30 100644 --- a/nixos/tests/common/acme/server/snakeoil-certs.nix +++ b/nixos/tests/common/acme/server/snakeoil-certs.nix @@ -1,172 +1,37 @@ -# Generated via mkcert.sh in the same directory. -{ - ca.key = builtins.toFile "ca.key" '' - -----BEGIN PRIVATE KEY----- - MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDd1G7OFpXIoHnr - rxdw+hiJVDY6nQDDKFt9FBKwlv7x2hCvX7bnyvHaL7H61c+80McGPISrQn3+MjuR - Zuqwax49DddNXbGt4WqGlx4LAeI37OgNUUz9foNr2rDDV744vwp14/PD1f3nqpWf - Ogzzsh8rxac0mZ5Se9HxOIpI7NRNuHJjj7HWZ4YxeOvi289rmpu0JPcp25njw7h6 - FNfHu8GGp34Uj6wAxubdRyfViV8z9FMfbglLuA9i1OiSy3NQpq8VwBG+u/0iC7PQ - sQjxSragQu25sfATYIrFJQ4ZCvh0nxqKMeyPPBi6dAcMpa2AZAqtqv+CwWdo36Bt - S5XiC7rApgYn+yteKQHSbnCiG2W/boSbfg9lRk3w41dESENCADVajLb3Eovvp0tB - O/BALudvWjzAPbpXleVNr6ngWtGlsZTC7LXDgBqdW2KlzpZGcz+PW3ATlwip/ZFR - t7A15u5dVkWPVoPuQ0w1Tw+g9dxWFTNk3h+2d7K87IxQbcvqxeIDSEVFMrxo0e4C - G2udMcelZwARl6iNTAETa2zJW0XtAdGVM+HY1S/kU6U9J3nubDttAkAMABjPwyjL - G7hfyWqUHf9yPs49GsftAVvIy8XIeu0shD1BG11/VzvwpUCiRc+btuWi2erZ4ZfP - oQ5YoS9gt4S+Ipz7TPGBl+AUk9HO2QIDAQABAoICAGW+aLAXxc2GZUVHQp4r55Md - T94kYtQgL4435bafGwH8vchiQzcfazxiweRFqwl0TMS8fzE5xyYPDilLpfsStoTU - U1sFzVfuWviuWTY9P+/ctjZdgs2F+GtAm/CMzw+h9/9IdWbuQI3APO4SJxyjJw7h - kiZbCzXT2uAjybFXBq07GyQ1JSEszGzmhHLB1OoKuL2wcrj9IyFHhNZhtvLCWCoV - qotttjuI/xyg5VFYt5TRzEpPIu5a1pvDAYVK0XI9cXKtbLYp7RlveqMOgAaD+S2a - ZQTV60JH9n4j18p+sKR00SxvZ4vuyXzDePRBDUolGIy9MIJdiLueTiuzDmTmclnM - 8Yy7oliawW2Bn+1gaWpqmgzEUw9bXRSqIp2zGZ7HaQ+5c/MhS002+/i8WQyssfeg - 9EfI+Vl0D2avTxCECmsfjUxtkhzMYPVNbRPjt0QBEM+s8lDoNsP2zhMO441+TKpe - /5KZHIW+Y0US6GMIUs1o1byKfNz8Nj5HjEKO9CMyK6SBMJnCMroPD4H6opqk3lw9 - 4mk04BdN556EzyJDT0a5/VpXG2DUYwFaNwE1ZPMu3Yx6IBoM1xx8mR80vHQCddmF - NP+BzkpUiHf0Txyy0YQWECZ/anTt0Bo0XqY5tirIM2dkG0ngNl9tGlw6gVAY1ky8 - +cr7qKmhhwMWojaX/L+9AoIBAQD/BZAeF3l9I5RBh6ktWA+opzVyd6ejdLpc2Q1z - fmSmtUKRsEe51sWaIf6Sez408UaCMT2IQuppPgMnV8xfMM1/og75Cs8aPyAohwKo - IbOenXhLfFZiYB4y/Pac3F+FzNKsTT6n+fsE+82UHafY5ZI2FlPb2L0lfyx09zXv - fBYhcXgwSx5ymJLJSl8zFaEGn9qi3UB5ss44SaNM0n8SFGUQUk3PR7SFWSWgNxtl - CP7LWTsjXYoC/qBMe7b8JieK5aFk1EkkG1EkJvdiMnulMcMJzl+kj6LqVPmVDoZS - mMGvgKGJPpFgrbJ5wlA7uOhucGmMpFWP9RCav66DY4GHrLJPAoIBAQDerkZQ03AN - i2iJVjtL97TvDjrE8vtNFS/Auh8JyDIW4GGK3Y/ZoMedQpuu3e6NYM9aMjh+QJoA - kqhaiZ/tMXjEXJByglpc3a43g2ceWtJg5yLgexGgRtegbA57PRCo35Vhc6WycD1l - 6FZNxpTkd2BXX/69KWZ6PpSiLYPvdzxP5ZkYqoWRQIa4ee4orHfz/lUXJm1XwmyG - mx3hN9Z9m8Q/PGMGfwrorcp4DK53lmmhTZyPh+X5T5/KkVmrw/v5HEEB3JsknStR - 3DAqp2XZcRHsGQef9R7H+PINJm9nebjCraataaE4gr76znXKT23P80Ce5Lw6OQUW - XHhoL16gS+pXAoIBADTuz6ofTz01PFmZsfjSdXWZN1PKGEaqPOB2wP7+9h9QMkAR - KeId/Sfv9GotII1Woz70v4Pf983ebEMnSyla9NyQI7F3l+MnxSIEW/3P+PtsTgLF - DR0gPERzEzEd4Mnh6LyQz/eHwJ2ZMmOTADrZ8848Ni3EwAXfbrfcdBqAVAufBMZp - YSmCF72mLTpqO+EnHvd9GxvnjDxMtJOGgY+cIhoQK0xh4stm5JNrvMjs5A4LOGYv - zSyv80/Mwf92X/DJlwVZttDCxsXNPL3qIpX4TTZk2p9KnRMsjh1tRV4xjMpD1cOp - 8/zwMMJrHcI3sC70MERb+9KEmGy2ap+k8MbbhqsCggEAUAqqocDupR+4Kq2BUPQv - 6EHgJA0HAZUc/hSotXZtcsWiqiyr2Vkuhzt7BGcnqU/kGJK2tcL42D3fH/QaNUM0 - Grj+/voWCw1v4uprtYCF4GkUo0X5dvgf570Pk4LGqzz6z/Wm2LX5i9jwtLItsNWs - HpwVz97CxCwcdxMPOpNMbZek6TXaHvTnuAWz8pDT6TNBWLnqUcJECjpVii/s/Gdy - KhzFp38g57QYdABy8e9x9pYUMY9yvaO+VyzZ46DlwIxEXavzZDzOZnVUJvDW7krz - Wz8/+2I7dzvnnYx0POiG3gtXPzwZxFtS1IpD0r2sRjQ0xSiI9BCs4HXKngBw7gN7 - rwKCAQEAloJOFw4bafVXZVXuQVnLDm0/MNTfqxUzFE6V2WkMVkJqcpKt+ndApM8P - MJvojHWw1fmxDzIAwqZ9rXgnwWKydjSZBDYNjhGFUACVywHe5AjC4PPMUdltGptU - lY0BjC7qtwkVugr65goQkEzU61y9JgTqKpYsr3D+qXcoiDvWRuqk5Q0WfYJrUlE0 - APWaqbxmkqUVDRrXXrifiluupk+BCV7cFSnnknSYbd9FZd9DuKaoNBlkp2J9LZE+ - Ux74Cfro8SHINHmvqL+YLFUPVDWNeuXh5Kl6AaJ7yclCLXLxAIix3/rIf6mJeIGc - s9o9Sr49cibZ3CbMjCSNE3AOeVE1/Q== - -----END PRIVATE KEY----- - ''; - ca.cert = builtins.toFile "ca.cert" '' - -----BEGIN CERTIFICATE----- - MIIFDzCCAvegAwIBAgIUX0P6NfX4gRUpFz+TNV/f26GHokgwDQYJKoZIhvcNAQEL - BQAwFjEUMBIGA1UEAwwLU25ha2VvaWwgQ0EwIBcNMjAwODI0MDc0MjEyWhgPMjEy - MDA3MzEwNzQyMTJaMBYxFDASBgNVBAMMC1NuYWtlb2lsIENBMIICIjANBgkqhkiG - 9w0BAQEFAAOCAg8AMIICCgKCAgEA3dRuzhaVyKB5668XcPoYiVQ2Op0AwyhbfRQS - sJb+8doQr1+258rx2i+x+tXPvNDHBjyEq0J9/jI7kWbqsGsePQ3XTV2xreFqhpce - CwHiN+zoDVFM/X6Da9qww1e+OL8KdePzw9X956qVnzoM87IfK8WnNJmeUnvR8TiK - SOzUTbhyY4+x1meGMXjr4tvPa5qbtCT3KduZ48O4ehTXx7vBhqd+FI+sAMbm3Ucn - 1YlfM/RTH24JS7gPYtTokstzUKavFcARvrv9Iguz0LEI8Uq2oELtubHwE2CKxSUO - GQr4dJ8aijHsjzwYunQHDKWtgGQKrar/gsFnaN+gbUuV4gu6wKYGJ/srXikB0m5w - ohtlv26Em34PZUZN8ONXREhDQgA1Woy29xKL76dLQTvwQC7nb1o8wD26V5XlTa+p - 4FrRpbGUwuy1w4AanVtipc6WRnM/j1twE5cIqf2RUbewNebuXVZFj1aD7kNMNU8P - oPXcVhUzZN4ftneyvOyMUG3L6sXiA0hFRTK8aNHuAhtrnTHHpWcAEZeojUwBE2ts - yVtF7QHRlTPh2NUv5FOlPSd57mw7bQJADAAYz8Moyxu4X8lqlB3/cj7OPRrH7QFb - yMvFyHrtLIQ9QRtdf1c78KVAokXPm7blotnq2eGXz6EOWKEvYLeEviKc+0zxgZfg - FJPRztkCAwEAAaNTMFEwHQYDVR0OBBYEFNhBZxryvykCjfPO85xB3wof2enAMB8G - A1UdIwQYMBaAFNhBZxryvykCjfPO85xB3wof2enAMA8GA1UdEwEB/wQFMAMBAf8w - DQYJKoZIhvcNAQELBQADggIBAEZwlsQ+3yd1MVxLRy9RjoA8hI7iWBNmvPUyNjlb - l/L9N+dZgdx9G5h/KPRUyzvUc/uk/ZxTWVPIOp13WI65qwsBKrwvYKiXiwzjt+9V - CKDRc1sOghTSXk4FD3L5UcKvTQ2lRcFsqxbkopEwQWhoCuhe4vFyt3Nx8ZGLCBUD - 3I5zMHtO8FtpZWKJPw46Yc1kasv0nlfly/vUbnErYfgjWX1hgWUcRgYdKwO4sOZ7 - KbNma0WUsX5mWhXo4Kk7D15wATHO+j9s+j8m86duBL3A4HzpTo1DhHvBi0dkg0CO - XuSdByIzVLIPh3yhCHN1loRCP2rbzKM8IQeU/X5Q4UJeC/x9ew8Kk+RKXoHc8Y2C - JQO1DxuidyDJRhbb98wZo2YfIsdWQGjYZBe1XQRwBD28JnB+Rb9shml6lORWQn9y - P/STo9uWm5zvOCfqwbnCoetljDweItINx622G9SafBwPZc3o79oL7QSl8DgCtN6g - p0wGIlIBx+25w/96PqZcrYb8B7/uBHJviiKjBXDoIJWNiNRhW5HaFjeJdSKq7KIL - I/PO9KuHafif36ksG69X02Rio2/cTjgjEW1hGHcDRyyJWWaj7bd2eWuouh6FF22b - PA6FGY4vewDPnbLKLaix2ZIKxtedUDOH/qru3Mv58IFXmQ4iyM8oC8aOxYSQLZDn - 1yJD - -----END CERTIFICATE----- - ''; - "acme.test".key = builtins.toFile "acme.test.key" '' - -----BEGIN RSA PRIVATE KEY----- - MIIJKgIBAAKCAgEA3dJl4ByHHRcqbZzblszHIS5eEW3TcXTvllqC1nedGLGU9dnA - YbdpDUYhvWz/y9AfRZ1d8jYz01jZtt5xWYG0QoQUdkCc9QPPh0Axrl38cGliB6IZ - IY0qftW9zrLSgCOUnXL/45JqSpD57DHMSSiJl3hoOo4keBaMRN/UK6F3DxD/nZEs - h+yBBh2js3qxleExqkX8InmjK9pG8j7qa4Be5Lh4iILBHbGAMaxM7ViNAg4KgWyg - d5+4qB86JFtE/cJ+r3D62ARjVaxU6ePOL0AwS/vx5ls6DFQC7+1CpGCNemgLPzcc - 70s0V0SAnF73xHYqRWjJFtumyvyTkiQWLg0zDQOugWd3B9ADuaIEx2nviPyphAtj - M3ZKrL2zN1aIfqzbxJ/L8TQFa2WPsPU2+iza/m9kMfLXZ4XPF/SJxQ+5yVH+rxx5 - OWrXZ13nCMyeVoaXQofmG7oZvOQbtuT9r5DQZd9WN0P3G3sy0/dNnlNVn8uCBvXJ - TQhRKsy1FESZdgcFNtpJEG7BRG9Gc6i0V39aSRzShZyKJSBQhlc0FMTlX445EYsh - PKjEC/+Suq9wy/LuLjIkkqBbVg4617IlibLz0fDY/yrZqkfSqhCVsWnra21Ty3Mp - vD+wnskTzuGrvCVTe3KcWp+wkeH0xvhr8FXX6nn492YCfvZSITO3FF+qWt8CAwEA - AQKCAgEAk2xV0NCk66yNwjPRrTOD1IWgdyzqrijtYpvdAPSWL+c1/P8vYMIoy22k - 1uQuTSKQ5g9kdKmZYAlZCLRl2Pre9qYZg04GAsD5mAYN/rjwITWotTICSc4sRAeC - EnG+fPMovkvDzVdt1QjtURD3mFeculKH0wLNMhKqPswTkrvJCPZfLDVjxyJjzdC9 - D3enttjnzSaeH7t/upFjPXSbD79NUe1YDkH4XuetL1Y3+jYz4P279bBgJaC9dN7s - IWWXQJ+W2rrXu+GOs03JUXjZe4XJk3ZqmpJezfq3yQWCmQSigovLjcPvMwpkSut4 - HnTvbl6qUV8G5m4tOBMNcL8TDqAvIGY8Q2NAT0iKJN187FbHpjSwQL/Ckgqz/taJ - Q82LfIA1+IjwW372gY2Wge8tM/s3+2vOEn2k91sYfiKtrRFfrHBurehVQSpJb2gL - YPoUhUGu4C1nx44sQw+DgugOBp1BTKA1ZOBIk6NyS/J9sU3jSgMr88n10TyepP6w - OVk9kcNomnm/QIOyTDW4m76uoaxslg7kwOJ4j6wycddS8JtvEO4ZPk/fHZCbvlMv - /dAKsC3gigO2zW6IYYb7mSXI07Ew/rFH1NfSILiGw8GofJHDq3plGHZo9ycB6JC+ - 9C8n9IWjn8ahwbulCoQQhdHwXvf61t+RzNFuFiyAT0PF2FtD/eECggEBAPYBNSEY - DSQc/Wh+UlnwQsevxfzatohgQgQJRU1ZpbHQrl2uxk1ISEwrfqZwFmFotdjjzSYe - e1WQ0uFYtdm1V/QeQK+8W0u7E7/fof4dR6XxrzJ2QmtWEmCnLOBUKCfPc7/4p4IU - 7Q8PDwuwvXgaASZDaEsyTxL9bBrNMLFx9hIScQ9CaygpKvufilCHG79maoKArLwX - s7G16qlT4YeEdiNuLGv0Ce0txJuFYp7cGClWQhruw+jIbr+Sn9pL9cn8GboCiUAq - VgZKsofhEkKIEbP1uFypX2JnyRSE/h0qDDcH1sEXjR9zYYpQjVpk3Jiipgw4PXis - 79uat5/QzUqVc1sCggEBAObVp686K9NpxYNoEliMijIdzFnK5J/TvoX9BBMz0dXc - CgQW40tBcroU5nRl3oCjT1Agn8mxWLXH3czx6cPlSA8fnMTJmev8FaLnEcM15pGI - 8/VCBbTegdezJ8vPRS/T9c4CViXo7d0qDMkjNyn22ojPPFYh8M1KVNhibDTEpXMQ - vJxBJgvHePj+5pMOIKwAvQicqD07fNp6jVPmB/GnprBkjcCQZtshNJzWrW3jk7Fr - xWpQJ8nam8wHdMvfKhpzvD6azahwmfKKaQmh/RwmH4xdtIKdh4j+u+Ax+Bxi0g7V - GQfusIFB1MO48yS6E56WZMmsPy+jhTcIB4prIbfu4c0CggEBALgqqUKwRc4+Ybvj - rfUk+GmT/s3QUwx/u4xYAGjq7y/SgWcjG9PphC559WPWz/p2sITB7ehWs5CYTjdj - +SgWKdVY/KZThamJUTy4yAZ8lxH1gGpvvEOs+S8gmGkMt88t8ILMPWMWFW7LoEDp - PL74ANpLZn29GROnY1IhQQ3mughHhBqfZ6d2QnaDtsGYlD5TBvPSLv7VY7Jr9VR0 - toeEtAjMRzc+SFwmgmTHk9BIB1KTAAQ3sbTIsJh8xW1gpo5jTEND+Mpvp10oeMVe - yxPB2Db4gt/j8MOz3QaelbrxqplcJfsCjaT49RHeQiRlE/y070iApgx8s0idaFCd - ucLXZbcCggEBANkcsdg9RYVWoeCj3UWOAll6736xN/IgDb4mqVOKVN3qVT1dbbGV - wFvHVq66NdoWQH4kAUaKWN65OyQNkQqgt/MJj8EDwZNVCeCrp2hNZS0TfCn9TDK/ - aa7AojivHesLWNHIHtEPUdLIPzhbuAHvXcJ58M0upTfhpwXTJOVI5Dji0BPDrw47 - Msw3rBU6n35IP4Q/HHpjXl58EDuOS4B+aGjWWwF4kFWg2MR/oqWN/JdOv2LsO1A/ - HnR7ut4aa5ZvrunPXooERrf6eSsHQnLcZKX4aNTFZ/pxZbJMLYo9ZEdxJVbxqPAa - RA1HAuJTZiquV+Pb755WFfEZy0Xk19URiS0CggEAPT1e+9sdNC15z79SxvJQ4pmT - xiXat+1pq9pxp5HEOre2sSAd7CF5lu/1VQd6p0gtLZY+Aw4BXOyMtzYWgIap+u9j - ThFl9qrTFppG5KlFKKpQ8dQQ8ofO1akS8cK8nQeSdvrqEC/kGT2rmVdeevhBlfGy - BZi2ikhEQrz5jsLgIdT7sN2aLFYtmzLU9THTvlfm4ckQ7jOTxvVahb+WRe/iMCwP - Exrb83JDo31jHvAoYqUFrZkmPA+DUWFlrqb21pCzmC/0iQSuDcayRRjZkY/s5iAh - gtI6YyAsSL8hKvFVCC+VJf1QvFOpgUfsZjrIZuSc3puBWtN2dirHf7EfyxgEOg== - -----END RSA PRIVATE KEY----- - ''; - "acme.test".cert = builtins.toFile "acme.test.cert" '' - -----BEGIN CERTIFICATE----- - MIIEwDCCAqigAwIBAgICApowDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UEAwwLU25h - a2VvaWwgQ0EwIBcNMjAwODI0MDc0MjEzWhgPMjEyMDA3MzEwNzQyMTNaMBQxEjAQ - BgNVBAMMCWFjbWUudGVzdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB - AN3SZeAchx0XKm2c25bMxyEuXhFt03F075ZagtZ3nRixlPXZwGG3aQ1GIb1s/8vQ - H0WdXfI2M9NY2bbecVmBtEKEFHZAnPUDz4dAMa5d/HBpYgeiGSGNKn7Vvc6y0oAj - lJ1y/+OSakqQ+ewxzEkoiZd4aDqOJHgWjETf1Cuhdw8Q/52RLIfsgQYdo7N6sZXh - MapF/CJ5oyvaRvI+6muAXuS4eIiCwR2xgDGsTO1YjQIOCoFsoHefuKgfOiRbRP3C - fq9w+tgEY1WsVOnjzi9AMEv78eZbOgxUAu/tQqRgjXpoCz83HO9LNFdEgJxe98R2 - KkVoyRbbpsr8k5IkFi4NMw0DroFndwfQA7miBMdp74j8qYQLYzN2Sqy9szdWiH6s - 28Sfy/E0BWtlj7D1Nvos2v5vZDHy12eFzxf0icUPuclR/q8ceTlq12dd5wjMnlaG - l0KH5hu6GbzkG7bk/a+Q0GXfVjdD9xt7MtP3TZ5TVZ/Lggb1yU0IUSrMtRREmXYH - BTbaSRBuwURvRnOotFd/Wkkc0oWciiUgUIZXNBTE5V+OORGLITyoxAv/krqvcMvy - 7i4yJJKgW1YOOteyJYmy89Hw2P8q2apH0qoQlbFp62ttU8tzKbw/sJ7JE87hq7wl - U3tynFqfsJHh9Mb4a/BV1+p5+PdmAn72UiEztxRfqlrfAgMBAAGjGDAWMBQGA1Ud - EQQNMAuCCWFjbWUudGVzdDANBgkqhkiG9w0BAQsFAAOCAgEAM5WrCpBOmLrZ1QX8 - l6vxVXwoI8pnqyy3cbAm3aLRPbw4gb0Ot90Pv/LoMhP0fkrNOKwH/FGRjSXyti0X - TheKrP7aEf6XL2/Xnb8rK2jYMQo6YJU9T+wBJA6Q+GBrc8SE75KfOi5NWJr8T4Ju - Etb+G05hXClrN19VFzIoz3L4kRV+xNMialcOT3xQfHtXCQUgwAWpPlwcJA/Jf60m - XsfwQwk2Ir16wq+Lc3y+mQ7d/dbG+FVrngFk4qN2B9M/Zyv4N9ZBbqeDUn3mYtJE - FeJrwHgmwH6slf1gBN3gxUKRW7Bvzxk548NdmLOyN+Y4StsqbOaYGtShUJA7f1Ng - qQqdgvxZ9MNwwMv9QVDZEnaaew3/oWOSmQGAai4hrc7gLMLJmIxzgfd5P6Dr06e4 - 2zwsMuI8Qh/IDqu/CfmFYvaua0FEeyAtpoID9Y/KPM7fu9bJuxjZ6kqLVFkEi9nF - /rCMchcSA8N2z/vLPabpNotO7OYH3VD7aQGTfCL82dMlp1vwZ39S3Z1TFLLh3MZ+ - BYcAv8kUvCV6kIdPAXvJRSQOJUlJRV7XiI2mwugdDzMx69wQ0Zc1e4WyGfiSiVYm - ckSJ/EkxuwT/ZYLqCAKSFGMlFhad9g1Zyvd67XgfZq5p0pJTtGxtn5j8QHy6PM6m - NbjvWnP8lDU8j2l3eSG58S14iGs= - -----END CERTIFICATE----- - ''; +# Minica can provide a CA key and cert, plus a key +# and cert for our fake CA server's Web Front End (WFE). +{ minica, mkDerivation }: +let + domain = "acme.test"; + + selfSignedCertData = mkDerivation { + name = "test-certs"; + buildInputs = [ minica ]; + phases = [ "buildPhase" "installPhase" ]; + + buildPhase = '' + mkdir ca + minica \ + --ca-key ca/key.pem \ + --ca-cert ca/cert.pem \ + --domains ${domain} + chmod 600 ca/* + chmod 640 ${domain}/*.pem + ''; + + installPhase = '' + mkdir -p $out + mv ${domain} ca $out/ + ''; + }; +in { + inherit domain; + ca = { + cert = "${selfSignedCertData}/ca/cert.pem"; + key = "${selfSignedCertData}/ca/key.pem"; + }; + "${domain}" = { + cert = "${selfSignedCertData}/${domain}/cert.pem"; + key = "${selfSignedCertData}/${domain}/key.pem"; + }; } diff --git a/nixos/tests/postfix-raise-smtpd-tls-security-level.nix b/nixos/tests/postfix-raise-smtpd-tls-security-level.nix index b3c2156122d2..5fad1fed75b2 100644 --- a/nixos/tests/postfix-raise-smtpd-tls-security-level.nix +++ b/nixos/tests/postfix-raise-smtpd-tls-security-level.nix @@ -1,6 +1,3 @@ -let - certs = import ./common/acme/server/snakeoil-certs.nix; -in import ./make-test-python.nix { name = "postfix"; diff --git a/nixos/tests/postfix.nix b/nixos/tests/postfix.nix index b0674ca3a0d2..37ae76afec10 100644 --- a/nixos/tests/postfix.nix +++ b/nixos/tests/postfix.nix @@ -1,5 +1,6 @@ let certs = import ./common/acme/server/snakeoil-certs.nix; + domain = certs.domain; in import ./make-test-python.nix { name = "postfix"; @@ -11,8 +12,8 @@ import ./make-test-python.nix { enableSubmission = true; enableSubmissions = true; sslCACert = certs.ca.cert; - sslCert = certs."acme.test".cert; - sslKey = certs."acme.test".key; + sslCert = certs.${domain}.cert; + sslKey = certs.${domain}.key; submissionsOptions = { smtpd_sasl_auth_enable = "yes"; smtpd_client_restrictions = "permit"; @@ -25,7 +26,7 @@ import ./make-test-python.nix { ]; networking.extraHosts = '' - 127.0.0.1 acme.test + 127.0.0.1 ${domain} ''; environment.systemPackages = let @@ -33,7 +34,7 @@ import ./make-test-python.nix { #!${pkgs.python3.interpreter} import smtplib - with smtplib.SMTP('acme.test') as smtp: + with smtplib.SMTP('${domain}') as smtp: smtp.sendmail('root@localhost', 'alice@localhost', 'Subject: Test\n\nTest data.') smtp.quit() ''; @@ -45,7 +46,7 @@ import ./make-test-python.nix { ctx = ssl.create_default_context() - with smtplib.SMTP('acme.test') as smtp: + with smtplib.SMTP('${domain}') as smtp: smtp.ehlo() smtp.starttls(context=ctx) smtp.ehlo() @@ -60,7 +61,7 @@ import ./make-test-python.nix { ctx = ssl.create_default_context() - with smtplib.SMTP_SSL(host='acme.test', context=ctx) as smtp: + with smtplib.SMTP_SSL(host='${domain}', context=ctx) as smtp: smtp.sendmail('root@localhost', 'alice@localhost', 'Subject: Test SMTPS\n\nTest data.') smtp.quit() ''; diff --git a/pkgs/tools/security/minica/default.nix b/pkgs/tools/security/minica/default.nix new file mode 100644 index 000000000000..20ae3878a71f --- /dev/null +++ b/pkgs/tools/security/minica/default.nix @@ -0,0 +1,34 @@ +{ lib, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + pname = "minica"; + version = "1.0.2"; + + goPackagePath = "github.com/jsha/minica"; + + src = fetchFromGitHub { + owner = "jsha"; + repo = "minica"; + rev = "v${version}"; + sha256 = "18518wp3dcjhf3mdkg5iwxqr3326n6jwcnqhyibphnb2a58ap7ny"; + }; + + buildFlagsArray = '' + -ldflags= + -X main.BuildVersion=${version} + ''; + + meta = with lib; { + description = "A simple tool for generating self signed certificates."; + longDescription = '' + Minica is a simple CA intended for use in situations where the CA + operator also operates each host where a certificate will be used. It + automatically generates both a key and a certificate when asked to + produce a certificate. + ''; + homepage = "https://github.com/jsha/minica/"; + license = licenses.mit; + maintainers = with maintainers; [ m1cr0man ]; + platforms = platforms.linux ++ platforms.darwin; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 36268b0ee88c..cab987cfd077 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -4949,6 +4949,8 @@ in minergate-cli = callPackage ../applications/misc/minergate-cli { }; + minica = callPackage ../tools/security/minica { }; + minidlna = callPackage ../tools/networking/minidlna { }; minisign = callPackage ../tools/security/minisign { }; From 61dbf4bf8950c7e3cfeab07ad33cdb00d6a0525d Mon Sep 17 00:00:00 2001 From: Lucas Savva Date: Sun, 30 Aug 2020 18:38:30 +0100 Subject: [PATCH 05/76] nixos/acme: Add proper nginx/httpd config reload checks Testing of certs failed randomly when the web server was still returning old certs even after the reload was "complete". This was because the reload commands send process signals and do not wait for the worker processes to restart. This commit adds log watchers which wait for the worker processes to be restarted. --- .../web-servers/apache-httpd/default.nix | 2 +- nixos/tests/acme.nix | 38 +++++++++++++++---- 2 files changed, 32 insertions(+), 8 deletions(-) diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index 90ea75dfa342..6dd1c85132c9 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -795,7 +795,7 @@ in Type = "oneshot"; TimeoutSec = 60; ExecCondition = "/run/current-system/systemd/bin/systemctl -q is-active httpd.service"; - ExecStartPre = "${pkg}/bin/apachectl configtest"; + ExecStartPre = "${pkg}/bin/httpd -f ${httpdConf} -t"; ExecStart = "/run/current-system/systemd/bin/systemctl reload httpd.service"; }; }; diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix index 37e82993b4e3..c71e2bc3ca36 100644 --- a/nixos/tests/acme.nix +++ b/nixos/tests/acme.nix @@ -62,8 +62,11 @@ in import ./make-test-python.nix ({ lib, ... }: { # OpenSSL will be used for more thorough certificate validation environment.systemPackages = [ pkgs.openssl ]; - # First tests configure a basic cert and run a bunch of openssl checks + # Set log level to info so that we can see when the service is reloaded services.nginx.enable = true; + services.nginx.logError = "stderr info"; + + # First tests configure a basic cert and run a bunch of openssl checks services.nginx.virtualHosts."a.example.test" = (vhostBase pkgs) // { enableACME = true; }; @@ -178,6 +181,23 @@ in import ./make-test-python.nix ({ lib, ... }: { ) + # In order to determine if a config reload has finished, we need to watch + # the log files for the relevant lines + def wait_httpd_reload(node): + # Check for SIGUSER received + node.succeed("( tail -n3 -f /var/log/httpd/error.log & ) | grep -q AH00493") + # Check for service restart. This line also occurs when the service is started, + # hence the above check is necessary too. + node.succeed("( tail -n1 -f /var/log/httpd/error.log & ) | grep -q AH00094") + + + def wait_nginx_reload(node): + # Check for SIGHUP received + node.succeed("( journalctl -fu nginx -n18 & ) | grep -q SIGHUP") + # Check for SIGCHLD from killed worker processes + node.succeed("( journalctl -fu nginx -n10 & ) | grep -q SIGCHLD") + + # Ensures the issuer of our cert matches the chain # and matches the issuer we expect it to be. # It's a good validation to ensure the cert.pem and fullchain.pem @@ -241,6 +261,7 @@ in import ./make-test-python.nix ({ lib, ... }: { with subtest("Can request certificate with HTTPS-01 challenge"): webserver.wait_for_unit("acme-finished-a.example.test.target") + wait_nginx_reload(webserver) check_fullchain(webserver, "a.example.test") check_issuer(webserver, "a.example.test", "pebble") check_connection(client, "a.example.test") @@ -252,19 +273,18 @@ in import ./make-test-python.nix ({ lib, ... }: { check_issuer(webserver, "a.example.test", "minica") # Will succeed if nginx can load the certs webserver.succeed("systemctl start nginx-config-reload.service") + wait_nginx_reload(webserver) with subtest("Can reload nginx when timer triggers renewal"): - # These syncs are required because of weird scenarios where the cert files - # were not actually changed when the checks run. - webserver.succeed("sync") webserver.succeed("systemctl start test-renew-nginx.target") - webserver.succeed("sync") + wait_nginx_reload(webserver) check_issuer(webserver, "a.example.test", "pebble") check_connection(client, "a.example.test") with subtest("Can reload web server when cert configuration changes"): switch_to(webserver, "cert-change") webserver.wait_for_unit("acme-finished-a.example.test.target") + wait_nginx_reload(webserver) client.succeed( """openssl s_client -CAfile /tmp/ca.crt -connect a.example.test:443 < /dev/null \ | openssl x509 -noout -text | grep -i Public-Key | grep 384 @@ -274,12 +294,14 @@ in import ./make-test-python.nix ({ lib, ... }: { with subtest("Can request certificate with HTTPS-01 when nginx startup is delayed"): switch_to(webserver, "slow-startup") webserver.wait_for_unit("acme-finished-slow.example.com.target") + wait_nginx_reload(webserver) check_issuer(webserver, "slow.example.com", "pebble") check_connection(client, "slow.example.com") with subtest("Can request certificate for vhost + aliases (nginx)"): switch_to(webserver, "nginx-aliases") webserver.wait_for_unit("acme-finished-a.example.test.target") + wait_nginx_reload(webserver) check_issuer(webserver, "a.example.test", "pebble") check_connection(client, "a.example.test") check_connection(client, "b.example.test") @@ -287,6 +309,7 @@ in import ./make-test-python.nix ({ lib, ... }: { with subtest("Can request certificates for vhost + aliases (apache-httpd)"): switch_to(webserver, "httpd-aliases") webserver.wait_for_unit("acme-finished-c.example.test.target") + wait_httpd_reload(webserver) check_issuer(webserver, "c.example.test", "pebble") check_connection(client, "c.example.test") check_connection(client, "d.example.test") @@ -295,17 +318,18 @@ in import ./make-test-python.nix ({ lib, ... }: { # Switch to selfsigned first webserver.succeed("systemctl clean acme-c.example.test.service --what=state") webserver.succeed("systemctl start acme-selfsigned-c.example.test.service") - webserver.succeed("sync") + wait_httpd_reload(webserver) check_issuer(webserver, "c.example.test", "minica") webserver.succeed("systemctl start httpd-config-reload.service") webserver.succeed("systemctl start test-renew-httpd.target") - webserver.succeed("sync") + wait_httpd_reload(webserver) check_issuer(webserver, "c.example.test", "pebble") check_connection(client, "c.example.test") with subtest("Can request wildcard certificates using DNS-01 challenge"): switch_to(webserver, "dns-01") webserver.wait_for_unit("acme-finished-example.test.target") + wait_nginx_reload(webserver) check_issuer(webserver, "example.test", "pebble") check_connection(client, "dns.example.test") ''; From 1b6cfd9796788a3c5b8e8f27b49271f4a423c9a7 Mon Sep 17 00:00:00 2001 From: Lucas Savva Date: Thu, 3 Sep 2020 15:31:06 +0100 Subject: [PATCH 06/76] nixos/acme: Fix race condition, dont be smart with keys Attempting to reuse keys on a basis different to the cert (AKA, storing the key in a directory with a hashed name different to the cert it is associated with) was ineffective since when "lego run" is used it will ALWAYS generate a new key. This causes issues when you revert changes since your "reused" key will not be the one associated with the old cert. As such, I tore out the whole keyDir implementation. As for the race condition, checking the mtime of the cert file was not sufficient to detect changes. In testing, selfsigned and full certs could be generated/installed within 1 second of each other. cmp is now used instead. Also, I removed the nginx/httpd reload waiters in favour of simple retry logic for the curl-based tests --- nixos/modules/security/acme.nix | 23 +++---- nixos/tests/acme.nix | 109 ++++++++++++++------------------ 2 files changed, 56 insertions(+), 76 deletions(-) diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index 91b7dd0c989f..51392f6ce885 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -106,7 +106,6 @@ let mkHash = with builtins; val: substring 0 20 (hashString "sha256" val); certDir = mkHash hashData; othersHash = mkHash "${toString acmeServer} ${data.keyType}"; - keyDir = "key-" + othersHash; accountDir = "/var/lib/acme/.lego/accounts/" + othersHash; protocolOpts = if useDns then ( @@ -215,7 +214,7 @@ let # https://github.com/NixOS/nixpkgs/pull/81371#issuecomment-605526099 wantedBy = optionals (!config.boot.isContainer) [ "multi-user.target" ]; - path = with pkgs; [ lego coreutils ]; + path = with pkgs; [ lego coreutils diffutils ]; serviceConfig = commonServiceConfig // { Group = data.group; @@ -223,14 +222,13 @@ let # AccountDir dir will be created by tmpfiles to ensure correct permissions # And to avoid deletion during systemctl clean # acme/.lego/${cert} is listed so that it is deleted during systemctl clean - StateDirectory = "acme/${cert} acme/.lego/${cert} acme/.lego/${cert}/${certDir} acme/.lego/${cert}/${keyDir}"; + StateDirectory = "acme/${cert} acme/.lego/${cert} acme/.lego/${cert}/${certDir}"; # Needs to be space separated, but can't use a multiline string because that'll include newlines BindPaths = "${accountDir}:/tmp/accounts " + "/var/lib/acme/${cert}:/tmp/out " + - "/var/lib/acme/.lego/${cert}/${certDir}:/tmp/certificates " + - "/var/lib/acme/.lego/${cert}/${keyDir}:/tmp/keys"; + "/var/lib/acme/.lego/${cert}/${certDir}:/tmp/certificates "; # Only try loading the credentialsFile if the dns challenge is enabled EnvironmentFile = mkIf useDns data.credentialsFile; @@ -240,9 +238,6 @@ let script = '' set -euo pipefail - # Safely copy keyDir contents into certificates (it might be empty). - cp -af keys/. certificates/ - # Check if we can renew if [ -e 'certificates/${keyName}.key' -a -e 'certificates/${keyName}.crt' ]; then lego ${renewOpts} @@ -258,17 +253,15 @@ let # Group might change between runs, re-apply it chown 'acme:${data.group}' certificates/* - # Copy the key to keyDir - cp -pf 'certificates/${keyName}.key' 'keys/' - # Copy all certs to the "real" certs directory CERT='certificates/${keyName}.crt' CERT_CHANGED=no - if [ -e "$CERT" -a "$CERT" -nt out/fullchain.pem ]; then + if [ -e "$CERT" ] && ! cmp -s "$CERT" out/fullchain.pem; then CERT_CHANGED=yes - cp -p 'certificates/${keyName}.crt' out/fullchain.pem - cp -p 'certificates/${keyName}.key' out/key.pem - cp -p 'certificates/${keyName}.issuer.crt' out/chain.pem + echo Installing new certificate + cp -vp 'certificates/${keyName}.crt' out/fullchain.pem + cp -vp 'certificates/${keyName}.key' out/key.pem + cp -vp 'certificates/${keyName}.issuer.crt' out/chain.pem ln -sf fullchain.pem out/cert.pem cat out/key.pem out/fullchain.pem > out/full.pem fi diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix index c71e2bc3ca36..90ae06542c4c 100644 --- a/nixos/tests/acme.nix +++ b/nixos/tests/acme.nix @@ -164,6 +164,9 @@ in import ./make-test-python.nix ({ lib, ... }: { # reaches the active state. Targets do not have this issue. '' + import time + + has_switched = False @@ -175,70 +178,68 @@ in import ./make-test-python.nix ({ lib, ... }: { ) has_switched = True node.succeed( - "/run/current-system/specialisation/{}/bin/switch-to-configuration test".format( - name - ) + f"/run/current-system/specialisation/{name}/bin/switch-to-configuration test" ) - # In order to determine if a config reload has finished, we need to watch - # the log files for the relevant lines - def wait_httpd_reload(node): - # Check for SIGUSER received - node.succeed("( tail -n3 -f /var/log/httpd/error.log & ) | grep -q AH00493") - # Check for service restart. This line also occurs when the service is started, - # hence the above check is necessary too. - node.succeed("( tail -n1 -f /var/log/httpd/error.log & ) | grep -q AH00094") - - - def wait_nginx_reload(node): - # Check for SIGHUP received - node.succeed("( journalctl -fu nginx -n18 & ) | grep -q SIGHUP") - # Check for SIGCHLD from killed worker processes - node.succeed("( journalctl -fu nginx -n10 & ) | grep -q SIGCHLD") - - # Ensures the issuer of our cert matches the chain # and matches the issuer we expect it to be. # It's a good validation to ensure the cert.pem and fullchain.pem # are not still selfsigned afer verification def check_issuer(node, cert_name, issuer): for fname in ("cert.pem", "fullchain.pem"): - node.succeed( - ( - """openssl x509 -noout -issuer -in /var/lib/acme/{cert_name}/{fname} \ - | tee /proc/self/fd/2 \ - | cut -d'=' -f2- \ - | grep "$(openssl x509 -noout -subject -in /var/lib/acme/{cert_name}/chain.pem \ - | cut -d'=' -f2-)\" \ - | grep -i '{issuer}' - """ - ).format(cert_name=cert_name, issuer=issuer, fname=fname) - ) + actual_issuer = node.succeed( + f"openssl x509 -noout -issuer -in /var/lib/acme/{cert_name}/{fname}" + ).partition("=")[2] + print(f"{fname} issuer: {actual_issuer}") + assert issuer.lower() in actual_issuer.lower() # Ensure cert comes before chain in fullchain.pem def check_fullchain(node, cert_name): - node.succeed( - ( - """openssl crl2pkcs7 -nocrl -certfile /var/lib/acme/{cert_name}/fullchain.pem \ - | tee /proc/self/fd/2 \ - | openssl pkcs7 -print_certs -noout | head -1 | grep {cert_name} - """ - ).format(cert_name=cert_name) + subject_data = node.succeed( + f"openssl crl2pkcs7 -nocrl -certfile /var/lib/acme/{cert_name}/fullchain.pem" + " | openssl pkcs7 -print_certs -noout" ) + for line in subject_data.lower().split("\n"): + if "subject" in line: + print(f"First subject in fullchain.pem: ", line) + assert cert_name.lower() in line + return + + assert False - def check_connection(node, domain): - node.succeed( - ( - """openssl s_client -brief -verify 2 -verify_return_error -CAfile /tmp/ca.crt \ - -servername {domain} -connect {domain}:443 < /dev/null 2>&1 \ - | tee /proc/self/fd/2 - """ - ).format(domain=domain) + def check_connection(node, domain, retries=3): + if retries == 0: + assert False + + result = node.succeed( + "openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt" + f" -servername {domain} -connect {domain}:443 < /dev/null 2>&1" ) + for line in result.lower().split("\n"): + if "verification" in line and "error" in line: + time.sleep(1) + return check_connection(node, domain, retries - 1) + + + def check_connection_key_bits(node, domain, bits, retries=3): + if retries == 0: + assert False + + result = node.succeed( + "openssl s_client -CAfile /tmp/ca.crt" + f" -servername {domain} -connect {domain}:443 < /dev/null" + " | openssl x509 -noout -text | grep -i Public-Key" + ) + print("Key type:", result) + + if bits not in result: + time.sleep(1) + return check_connection_key_bits(node, domain, bits, retries - 1) + client.start() dnsserver.start() @@ -261,7 +262,6 @@ in import ./make-test-python.nix ({ lib, ... }: { with subtest("Can request certificate with HTTPS-01 challenge"): webserver.wait_for_unit("acme-finished-a.example.test.target") - wait_nginx_reload(webserver) check_fullchain(webserver, "a.example.test") check_issuer(webserver, "a.example.test", "pebble") check_connection(client, "a.example.test") @@ -273,35 +273,26 @@ in import ./make-test-python.nix ({ lib, ... }: { check_issuer(webserver, "a.example.test", "minica") # Will succeed if nginx can load the certs webserver.succeed("systemctl start nginx-config-reload.service") - wait_nginx_reload(webserver) with subtest("Can reload nginx when timer triggers renewal"): webserver.succeed("systemctl start test-renew-nginx.target") - wait_nginx_reload(webserver) check_issuer(webserver, "a.example.test", "pebble") check_connection(client, "a.example.test") with subtest("Can reload web server when cert configuration changes"): switch_to(webserver, "cert-change") webserver.wait_for_unit("acme-finished-a.example.test.target") - wait_nginx_reload(webserver) - client.succeed( - """openssl s_client -CAfile /tmp/ca.crt -connect a.example.test:443 < /dev/null \ - | openssl x509 -noout -text | grep -i Public-Key | grep 384 - """ - ) + check_connection_key_bits(client, "a.example.test", "384") with subtest("Can request certificate with HTTPS-01 when nginx startup is delayed"): switch_to(webserver, "slow-startup") webserver.wait_for_unit("acme-finished-slow.example.com.target") - wait_nginx_reload(webserver) check_issuer(webserver, "slow.example.com", "pebble") check_connection(client, "slow.example.com") with subtest("Can request certificate for vhost + aliases (nginx)"): switch_to(webserver, "nginx-aliases") webserver.wait_for_unit("acme-finished-a.example.test.target") - wait_nginx_reload(webserver) check_issuer(webserver, "a.example.test", "pebble") check_connection(client, "a.example.test") check_connection(client, "b.example.test") @@ -309,7 +300,6 @@ in import ./make-test-python.nix ({ lib, ... }: { with subtest("Can request certificates for vhost + aliases (apache-httpd)"): switch_to(webserver, "httpd-aliases") webserver.wait_for_unit("acme-finished-c.example.test.target") - wait_httpd_reload(webserver) check_issuer(webserver, "c.example.test", "pebble") check_connection(client, "c.example.test") check_connection(client, "d.example.test") @@ -318,18 +308,15 @@ in import ./make-test-python.nix ({ lib, ... }: { # Switch to selfsigned first webserver.succeed("systemctl clean acme-c.example.test.service --what=state") webserver.succeed("systemctl start acme-selfsigned-c.example.test.service") - wait_httpd_reload(webserver) check_issuer(webserver, "c.example.test", "minica") webserver.succeed("systemctl start httpd-config-reload.service") webserver.succeed("systemctl start test-renew-httpd.target") - wait_httpd_reload(webserver) check_issuer(webserver, "c.example.test", "pebble") check_connection(client, "c.example.test") with subtest("Can request wildcard certificates using DNS-01 challenge"): switch_to(webserver, "dns-01") webserver.wait_for_unit("acme-finished-example.test.target") - wait_nginx_reload(webserver) check_issuer(webserver, "example.test", "pebble") check_connection(client, "dns.example.test") ''; From 64ce52713ce1a01d6b39d72295caf1448d90b22f Mon Sep 17 00:00:00 2001 From: Bruno Bigras Date: Tue, 1 Sep 2020 01:03:20 -0400 Subject: [PATCH 07/76] nixos/tests/sssd-ldap: init --- nixos/tests/all-tests.nix | 1 + nixos/tests/sssd-ldap.nix | 78 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 nixos/tests/sssd-ldap.nix diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 60ef5a027637..7a0d45f64d8f 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -325,6 +325,7 @@ in sonarr = handleTest ./sonarr.nix {}; sslh = handleTest ./sslh.nix {}; sssd = handleTestOn ["x86_64-linux"] ./sssd.nix {}; + sssd-ldap = handleTestOn ["x86_64-linux"] ./sssd-ldap.nix {}; strongswan-swanctl = handleTest ./strongswan-swanctl.nix {}; sudo = handleTest ./sudo.nix {}; switchTest = handleTest ./switch-test.nix {}; diff --git a/nixos/tests/sssd-ldap.nix b/nixos/tests/sssd-ldap.nix new file mode 100644 index 000000000000..b68403a0102a --- /dev/null +++ b/nixos/tests/sssd-ldap.nix @@ -0,0 +1,78 @@ +import ./make-test-python.nix ({ pkgs, ... }: + let + dbDomain = "example.org"; + dbSuffix = "dc=example,dc=org"; + + ldapRootUser = "admin"; + ldapRootPassword = "foobar"; + + testUser = "alice"; + in + { + name = "sssd-ldap"; + + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ bbigras ]; + }; + + machine = { pkgs, ... }: { + services.openldap = { + enable = true; + rootdn = "cn=${ldapRootUser},${dbSuffix}"; + rootpw = ldapRootPassword; + suffix = dbSuffix; + declarativeContents = '' + dn: ${dbSuffix} + objectClass: top + objectClass: dcObject + objectClass: organization + o: ${dbDomain} + + dn: ou=posix,${dbSuffix} + objectClass: top + objectClass: organizationalUnit + + dn: ou=accounts,ou=posix,${dbSuffix} + objectClass: top + objectClass: organizationalUnit + + dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix} + objectClass: person + objectClass: posixAccount + # userPassword: somePasswordHash + homeDirectory: /home/${testUser} + uidNumber: 1234 + gidNumber: 1234 + cn: "" + sn: "" + ''; + }; + + services.sssd = { + enable = true; + config = '' + [sssd] + config_file_version = 2 + services = nss, pam, sudo + domains = ${dbDomain} + + [domain/${dbDomain}] + auth_provider = ldap + id_provider = ldap + ldap_uri = ldap://127.0.0.1:389 + ldap_search_base = ${dbSuffix} + ldap_default_bind_dn = cn=${ldapRootUser},${dbSuffix} + ldap_default_authtok_type = password + ldap_default_authtok = ${ldapRootPassword} + ''; + }; + }; + + testScript = '' + machine.start() + machine.wait_for_unit("openldap.service") + machine.wait_for_unit("sssd.service") + machine.succeed("getent passwd ${testUser}") + ''; + } +) From 67a5d660cbba42d4461cbc67296bb9e96fd9c74f Mon Sep 17 00:00:00 2001 From: Lucas Savva Date: Fri, 4 Sep 2020 18:48:47 +0100 Subject: [PATCH 08/76] nixos/acme: Run postRun script as root --- nixos/modules/security/acme.nix | 24 +++++++++++++----------- nixos/tests/acme.nix | 8 ++++++++ 2 files changed, 21 insertions(+), 11 deletions(-) diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index 51392f6ce885..e209c36cee45 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -168,7 +168,7 @@ let selfsignService = { description = "Generate self-signed certificate for ${cert}"; after = [ "acme-selfsigned-ca.service" "acme-fixperms.service" ]; - wants = [ "acme-selfsigned-ca.service" "acme-fixperms.service" ]; + requires = [ "acme-selfsigned-ca.service" "acme-fixperms.service" ]; path = with pkgs; [ minica ]; @@ -232,6 +232,15 @@ let # Only try loading the credentialsFile if the dns challenge is enabled EnvironmentFile = mkIf useDns data.credentialsFile; + + # Run as root (Prefixed with +) + ExecStartPost = "+" + (pkgs.writeShellScript "acme-postrun" '' + cd /var/lib/acme/${escapeShellArg cert} + if [ -e renewed ]; then + rm renewed + ${data.postRun} + fi + ''); }; # Working directory will be /tmp @@ -255,9 +264,8 @@ let # Copy all certs to the "real" certs directory CERT='certificates/${keyName}.crt' - CERT_CHANGED=no if [ -e "$CERT" ] && ! cmp -s "$CERT" out/fullchain.pem; then - CERT_CHANGED=yes + touch out/renewed echo Installing new certificate cp -vp 'certificates/${keyName}.crt' out/fullchain.pem cp -vp 'certificates/${keyName}.key' out/key.pem @@ -265,12 +273,6 @@ let ln -sf fullchain.pem out/cert.pem cat out/key.pem out/fullchain.pem > out/full.pem fi - - if [ "$CERT_CHANGED" = "yes" ]; then - cd out - set +euo pipefail - ${data.postRun} - fi ''; }; }; @@ -344,7 +346,7 @@ let example = "cp full.pem backup.pem"; description = '' Commands to run after new certificates go live. Note that - these commands run as the acme user and configured group. + these commands run as the root user. Executed in the same directory with the new certificate. ''; @@ -648,7 +650,7 @@ in { # Create some targets which can be depended on to be "active" after cert renewals systemd.targets = mapAttrs' (cert: conf: nameValuePair "acme-finished-${cert}" { wantedBy = [ "default.target" ]; - wants = [ "acme-${cert}.service" "acme-selfsigned-${cert}.service" ]; + requires = [ "acme-${cert}.service" "acme-selfsigned-${cert}.service" ]; after = [ "acme-${cert}.service" "acme-selfsigned-${cert}.service" ]; }) certConfigs; }) diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix index 90ae06542c4c..223945907da9 100644 --- a/nixos/tests/acme.nix +++ b/nixos/tests/acme.nix @@ -79,8 +79,15 @@ in import ./make-test-python.nix ({ lib, ... }: { # Cert config changes will not cause the nginx configuration to change. # This tests that the reload service is correctly triggered. + # It also tests that postRun is exec'd as root specialisation.cert-change.configuration = { pkgs, ... }: { security.acme.certs."a.example.test".keyType = "ec384"; + security.acme.certs."a.example.test".postRun = '' + set -euo pipefail + touch test + chown root:root test + echo testing > test + ''; }; # Now adding an alias to ensure that the certs are updated @@ -283,6 +290,7 @@ in import ./make-test-python.nix ({ lib, ... }: { switch_to(webserver, "cert-change") webserver.wait_for_unit("acme-finished-a.example.test.target") check_connection_key_bits(client, "a.example.test", "384") + webserver.succeed("grep testing /var/lib/acme/a.example.test/test") with subtest("Can request certificate with HTTPS-01 when nginx startup is delayed"): switch_to(webserver, "slow-startup") From f57824c915e350a488b109427351df2757424278 Mon Sep 17 00:00:00 2001 From: Lucas Savva Date: Fri, 4 Sep 2020 20:28:46 +0100 Subject: [PATCH 09/76] nixos/acme: Update docs, use assert more effectively --- nixos/doc/manual/release-notes/rl-2009.xml | 14 ++++++++++++++ nixos/modules/security/acme.xml | 12 ++++++++++++ nixos/tests/acme.nix | 6 ++---- 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index 0b8651e8f426..a19d9bb00509 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -394,6 +394,20 @@ php.override { + + + The ACME module has been overhauled for simplicity and maintainability. + Cert generation now implicitly uses the acme + user, and the security.acme.certs._name_.user option + has been removed. Instead, certificate access from other services is now + managed through group permissions. The module no longer runs lego + twice under certain conditions, and will correctly renew certificates if + their configuration is changed. Services which reload nginx and httpd after + certificate renewal are now properly configured too so you no longer have + to do this manually if you are using HTTPS enabled virtual hosts. A mechanism + for regenerating certs on demand has also been added and documented. + + Gollum received a major update to version 5.x and you may have to change diff --git a/nixos/modules/security/acme.xml b/nixos/modules/security/acme.xml index 005eebd75c01..17e94bc12fb2 100644 --- a/nixos/modules/security/acme.xml +++ b/nixos/modules/security/acme.xml @@ -251,4 +251,16 @@ chmod 400 /var/lib/secrets/certs.secret journalctl -fu acme-example.com.service and watching its log output. +
+ Regenerating certificates + + + Should you need to regenerate a particular certificate in a hurry, such + as when a vulnerability is found in Let's Encrypt, there is now a convenient + mechanism for doing so. Running systemctl clean acme-example.com.service + will remove all certificate files for the given domain, allowing you to then + systemctl start acme-example.com.service to generate fresh + ones. + +
diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix index 223945907da9..1c83ad3c9d83 100644 --- a/nixos/tests/acme.nix +++ b/nixos/tests/acme.nix @@ -218,8 +218,7 @@ in import ./make-test-python.nix ({ lib, ... }: { def check_connection(node, domain, retries=3): - if retries == 0: - assert False + assert retries >= 0 result = node.succeed( "openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt" @@ -233,8 +232,7 @@ in import ./make-test-python.nix ({ lib, ... }: { def check_connection_key_bits(node, domain, bits, retries=3): - if retries == 0: - assert False + assert retries >= 0 result = node.succeed( "openssl s_client -CAfile /tmp/ca.crt" From ff27ac4974417ff8b6113a4c1dfbeda834127df4 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 5 Sep 2020 04:00:39 +0000 Subject: [PATCH 10/76] lesspipe: 1.84 -> 1.85 --- pkgs/tools/misc/lesspipe/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/misc/lesspipe/default.nix b/pkgs/tools/misc/lesspipe/default.nix index 231e660f5826..8a13ef5dfd8a 100644 --- a/pkgs/tools/misc/lesspipe/default.nix +++ b/pkgs/tools/misc/lesspipe/default.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "lesspipe"; - version = "1.84"; + version = "1.85"; buildInputs = [ perl ]; preConfigure = "patchShebangs ."; @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { owner = "wofr06"; repo = "lesspipe"; rev = version; - sha256 = "124ffhzrikr88ab14rk6753n8adxijpmg7q3zx7nmqc52wpkfd8q"; + sha256 = "1v1jdkdq1phc93gdr6mjlk98gipxrkkq4bj8kks0kfdvjgdwkdaa"; }; patches = [ From f36c47f26bf39146b5c9620dce2057b4f6c15949 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 5 Sep 2020 07:31:19 +0000 Subject: [PATCH 11/76] miller: 5.9.0 -> 5.9.1 --- pkgs/tools/text/miller/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/text/miller/default.nix b/pkgs/tools/text/miller/default.nix index 4137fd4d2789..28f2c54729b8 100644 --- a/pkgs/tools/text/miller/default.nix +++ b/pkgs/tools/text/miller/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation rec { pname = "miller"; - version = "5.9.0"; + version = "5.9.1"; src = fetchFromGitHub { owner = "johnkerl"; repo = "miller"; rev = "v${version}"; - sha256 = "14fi6jlqb980qjcpb90fk85cglskq9b9i2k0216bhpvjmagywgp7"; + sha256 = "1i9bcpfjnl2yjnfmf0ar1l62zwq01ph0yylz0dby8k2l7cvq5ci6"; }; nativeBuildInputs = [ autoreconfHook flex libtool ]; From 1c368b0f13d96b3702476a69039c9680b3334d3c Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 5 Sep 2020 14:02:32 +0000 Subject: [PATCH 12/76] picard-tools: 2.23.3 -> 2.23.4 --- pkgs/applications/science/biology/picard-tools/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/science/biology/picard-tools/default.nix b/pkgs/applications/science/biology/picard-tools/default.nix index 99bac0c4b7a5..d496e78748d9 100644 --- a/pkgs/applications/science/biology/picard-tools/default.nix +++ b/pkgs/applications/science/biology/picard-tools/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "picard-tools"; - version = "2.23.3"; + version = "2.23.4"; src = fetchurl { url = "https://github.com/broadinstitute/picard/releases/download/${version}/picard.jar"; - sha256 = "08wgi0hijfbchr2srmndxq3h2fijvyvr8b6zv680fpcjixm5bbhf"; + sha256 = "0xg4nbx02a2kckr6p8pqjpv5rmp95bkmglgm1bma6f77s7hkab7q"; }; nativeBuildInputs = [ makeWrapper ]; From 436b3a435cf57e47214ff84361fb5280e435ad23 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 5 Sep 2020 19:26:24 +0000 Subject: [PATCH 13/76] terraform-ls: 0.6.1 -> 0.7.0 --- pkgs/development/tools/misc/terraform-ls/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/misc/terraform-ls/default.nix b/pkgs/development/tools/misc/terraform-ls/default.nix index 714416f9685b..4d999f32446b 100644 --- a/pkgs/development/tools/misc/terraform-ls/default.nix +++ b/pkgs/development/tools/misc/terraform-ls/default.nix @@ -2,13 +2,13 @@ buildGoPackage rec { pname = "terraform-ls"; - version = "0.6.1"; + version = "0.7.0"; src = fetchFromGitHub { owner = "hashicorp"; repo = pname; rev = "v${version}"; - sha256 = "0yhpxb9dkwi6rlabr0sd5rk15q0bin6yhww171jrzlnfl036l0sl"; + sha256 = "1afdd1zs242nh1cync5ip1fbah34wc3gbsx3hwwiisc8yziwiq18"; }; goPackagePath = "github.com/hashicorp/terraform-ls"; From 9323a3f3e428969662dc6314acfd2b067f4965fb Mon Sep 17 00:00:00 2001 From: Atemu Date: Sat, 5 Sep 2020 22:37:32 +0200 Subject: [PATCH 14/76] appimageTools: use buildFHSUserEnvBubblewrap I tested the execution of all dependent packages and all of them launch to the same screen as before. --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 5b0985e78393..30f2d7a6a334 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -121,7 +121,9 @@ in autoPatchelfHook = makeSetupHook { name = "auto-patchelf-hook"; } ../build-support/setup-hooks/auto-patchelf.sh; - appimageTools = callPackage ../build-support/appimage { }; + appimageTools = callPackage ../build-support/appimage { + buildFHSUserEnv = buildFHSUserEnvBubblewrap; + }; ensureNewerSourcesHook = { year }: makeSetupHook {} (writeScript "ensure-newer-sources-hook.sh" '' From 328e30e1a5be33ce068ce4d13a51f49aa5295469 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 5 Sep 2020 23:43:39 +0200 Subject: [PATCH 15/76] zigbee2mqtt: 1.14.3 -> 1.14.4 --- pkgs/servers/zigbee2mqtt/default.nix | 4 +- pkgs/servers/zigbee2mqtt/node-packages.nix | 1392 ++++++++++---------- 2 files changed, 670 insertions(+), 726 deletions(-) diff --git a/pkgs/servers/zigbee2mqtt/default.nix b/pkgs/servers/zigbee2mqtt/default.nix index 7680bfe2e417..235f0209674c 100644 --- a/pkgs/servers/zigbee2mqtt/default.nix +++ b/pkgs/servers/zigbee2mqtt/default.nix @@ -3,7 +3,7 @@ let package = (import ./node.nix { inherit pkgs system; }).package; in package.override rec { - version = "1.14.3"; + version = "1.14.4"; reconstructLock = true; postInstall = '' @@ -20,7 +20,7 @@ package.override rec { owner = "Koenkk"; repo = "zigbee2mqtt"; rev = version; - sha256 = "164ddb8i4r6rjahjic09sd24xbms4d6b6bnwx0d9fh8sn3ib4v06"; + sha256 = "1gyl4f7wh7796w4789pi0ix5y30677784miwylr8wrfqgb1hmddq"; }; passthru.tests.zigbee2mqtt = nixosTests.zigbee2mqtt; diff --git a/pkgs/servers/zigbee2mqtt/node-packages.nix b/pkgs/servers/zigbee2mqtt/node-packages.nix index 62cc54c86364..1605e25da652 100644 --- a/pkgs/servers/zigbee2mqtt/node-packages.nix +++ b/pkgs/servers/zigbee2mqtt/node-packages.nix @@ -31,22 +31,22 @@ let sha512 = "TPSvJfv73ng0pfnEOh17bYMPQbI95+nGWc71Ss4vZdRBHTDqmM9Z8ZV4rYz8Ks7sfzc95n30k6ODIq5UGnXcYQ=="; }; }; - "@babel/core-7.11.1" = { + "@babel/core-7.11.4" = { name = "_at_babel_slash_core"; packageName = "@babel/core"; - version = "7.11.1"; + version = "7.11.4"; src = fetchurl { - url = "https://registry.npmjs.org/@babel/core/-/core-7.11.1.tgz"; - sha512 = "XqF7F6FWQdKGGWAzGELL+aCO1p+lRY5Tj5/tbT3St1G8NaH70jhhDIKknIZaDans0OQBG5wRAldROLHSt44BgQ=="; + url = "https://registry.npmjs.org/@babel/core/-/core-7.11.4.tgz"; + sha512 = "5deljj5HlqRXN+5oJTY7Zs37iH3z3b++KjiKtIsJy1NrjOOVSEaJHEetLBhyu0aQOSNNZ/0IuEAan9GzRuDXHg=="; }; }; - "@babel/generator-7.11.0" = { + "@babel/generator-7.11.4" = { name = "_at_babel_slash_generator"; packageName = "@babel/generator"; - version = "7.11.0"; + version = "7.11.4"; src = fetchurl { - url = "https://registry.npmjs.org/@babel/generator/-/generator-7.11.0.tgz"; - sha512 = "fEm3Uzw7Mc9Xi//qU20cBKatTfs2aOtKqmvy/Vm7RkJEGFQ4xc9myCfbXxqK//ZS8MR/ciOHw6meGASJuKmDfQ=="; + url = "https://registry.npmjs.org/@babel/generator/-/generator-7.11.4.tgz"; + sha512 = "Rn26vueFx0eOoz7iifCN2UHT6rGtnkSGWSoDRIy8jZN3B91PzeSULbswfLoOWuTuAcNwpG/mxy+uCTDnZ9Mp1g=="; }; }; "@babel/helper-annotate-as-pure-7.10.4" = { @@ -103,13 +103,13 @@ let sha512 = "fMw4kgFB720aQFXSVaXr79pjjcW5puTCM16+rECJ/plGS+zByelE8l9nCpV1GibxTnFVmUuYG9U8wYfQHdzOEQ=="; }; }; - "@babel/helper-explode-assignable-expression-7.10.4" = { + "@babel/helper-explode-assignable-expression-7.11.4" = { name = "_at_babel_slash_helper-explode-assignable-expression"; packageName = "@babel/helper-explode-assignable-expression"; - version = "7.10.4"; + version = "7.11.4"; src = fetchurl { - url = "https://registry.npmjs.org/@babel/helper-explode-assignable-expression/-/helper-explode-assignable-expression-7.10.4.tgz"; - sha512 = "4K71RyRQNPRrR85sr5QY4X3VwG4wtVoXZB9+L3r1Gp38DhELyHCtovqydRi7c1Ovb17eRGiQ/FD5s8JdU0Uy5A=="; + url = "https://registry.npmjs.org/@babel/helper-explode-assignable-expression/-/helper-explode-assignable-expression-7.11.4.tgz"; + sha512 = "ux9hm3zR4WV1Y3xXxXkdG/0gxF9nvI0YVmKVhvK9AfMoaQkemL3sJpXw+Xbz65azo8qJiEz2XVDUpK3KYhH3ZQ=="; }; }; "@babel/helper-function-name-7.10.4" = { @@ -193,13 +193,13 @@ let sha512 = "68kdUAzDrljqBrio7DYAEgCoJHxppJOERHOgOrDN7WjOzP0ZQ1LsSDRXcemzVZaLvjaJsJEESb6qt+znNuENDg=="; }; }; - "@babel/helper-remap-async-to-generator-7.10.4" = { + "@babel/helper-remap-async-to-generator-7.11.4" = { name = "_at_babel_slash_helper-remap-async-to-generator"; packageName = "@babel/helper-remap-async-to-generator"; - version = "7.10.4"; + version = "7.11.4"; src = fetchurl { - url = "https://registry.npmjs.org/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.10.4.tgz"; - sha512 = "86Lsr6NNw3qTNl+TBcF1oRZMaVzJtbWTyTko+CQL/tvNvcGYEFKbLXDPxtW0HKk3McNOk4KzY55itGWCAGK5tg=="; + url = "https://registry.npmjs.org/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.11.4.tgz"; + sha512 = "tR5vJ/vBa9wFy3m5LLv2faapJLnDFxNWff2SAYkSE4rLUdbp7CdObYFgI7wK4T/Mj4UzpjPwzR8Pzmr5m7MHGA=="; }; }; "@babel/helper-replace-supers-7.10.4" = { @@ -274,13 +274,13 @@ let sha512 = "i6rgnR/YgPEQzZZnbTHHuZdlE8qyoBNalD6F+q4vAFlcMEcqmkoG+mPqJYJCo63qPf74+Y1UZsl3l6f7/RIkmA=="; }; }; - "@babel/parser-7.11.3" = { + "@babel/parser-7.11.4" = { name = "_at_babel_slash_parser"; packageName = "@babel/parser"; - version = "7.11.3"; + version = "7.11.4"; src = fetchurl { - url = "https://registry.npmjs.org/@babel/parser/-/parser-7.11.3.tgz"; - sha512 = "REo8xv7+sDxkKvoxEywIdsNFiZLybwdI7hcT5uEPyQrSMB4YQ973BfC9OOrD/81MaIjh6UxdulIQXkjmiH3PcA=="; + url = "https://registry.npmjs.org/@babel/parser/-/parser-7.11.4.tgz"; + sha512 = "MggwidiH+E9j5Sh8pbrX5sJvMcsqS5o+7iB42M9/k0CD63MjYbdP4nhSh7uB5wnv2/RVzTZFTxzF/kIa5mrCqA=="; }; }; "@babel/plugin-proposal-async-generator-functions-7.10.5" = { @@ -841,13 +841,13 @@ let sha512 = "2u1/k7rG/gTh02dylX2kL3S0IJNF+J6bfDSp4DI2Ma8QN6Y9x9pmAax59fsCk6QUQG0yqH47yJWA+u1I1LccAg=="; }; }; - "@babel/preset-modules-0.1.3" = { + "@babel/preset-modules-0.1.4" = { name = "_at_babel_slash_preset-modules"; packageName = "@babel/preset-modules"; - version = "0.1.3"; + version = "0.1.4"; src = fetchurl { - url = "https://registry.npmjs.org/@babel/preset-modules/-/preset-modules-0.1.3.tgz"; - sha512 = "Ra3JXOHBq2xd56xSF7lMKXdjBn3T772Y1Wet3yWnkDly9zHvJki029tAFzvAAK5cf4YV3yoxuP61crYRol6SVg=="; + url = "https://registry.npmjs.org/@babel/preset-modules/-/preset-modules-0.1.4.tgz"; + sha512 = "J36NhwnfdzpmH41M1DrnkkgAqhZaqr/NBdPfQ677mLzlaXo+oDiv1deyCDtgAhz8p328otdob0Du7+xgHGZbKg=="; }; }; "@babel/preset-typescript-7.10.4" = { @@ -940,94 +940,94 @@ let sha512 = "tsAQNx32a8CoFhjhijUIhI4kccIAgmGhy8LZMZgGfmXcpMbPRUqn5LWmgRttILi6yeGmBJd2xsPkFMs0PzgPCw=="; }; }; - "@jest/console-26.2.0" = { + "@jest/console-26.3.0" = { name = "_at_jest_slash_console"; packageName = "@jest/console"; - version = "26.2.0"; + version = "26.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/@jest/console/-/console-26.2.0.tgz"; - sha512 = "mXQfx3nSLwiHm1i7jbu+uvi+vvpVjNGzIQYLCfsat9rapC+MJkS4zBseNrgJE0vU921b3P67bQzhduphjY3Tig=="; + url = "https://registry.npmjs.org/@jest/console/-/console-26.3.0.tgz"; + sha512 = "/5Pn6sJev0nPUcAdpJHMVIsA8sKizL2ZkcKPE5+dJrCccks7tcM7c9wbgHudBJbxXLoTbqsHkG1Dofoem4F09w=="; }; }; - "@jest/core-26.2.2" = { + "@jest/core-26.4.2" = { name = "_at_jest_slash_core"; packageName = "@jest/core"; - version = "26.2.2"; + version = "26.4.2"; src = fetchurl { - url = "https://registry.npmjs.org/@jest/core/-/core-26.2.2.tgz"; - sha512 = "UwA8gNI8aeV4FHGfGAUfO/DHjrFVvlBravF1Tm9Kt6qFE+6YHR47kFhgdepOFpADEKstyO+MVdPvkV6/dyt9sA=="; + url = "https://registry.npmjs.org/@jest/core/-/core-26.4.2.tgz"; + sha512 = "sDva7YkeNprxJfepOctzS8cAk9TOekldh+5FhVuXS40+94SHbiicRO1VV2tSoRtgIo+POs/Cdyf8p76vPTd6dg=="; }; }; - "@jest/environment-26.2.0" = { + "@jest/environment-26.3.0" = { name = "_at_jest_slash_environment"; packageName = "@jest/environment"; - version = "26.2.0"; + version = "26.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/@jest/environment/-/environment-26.2.0.tgz"; - sha512 = "oCgp9NmEiJ5rbq9VI/v/yYLDpladAAVvFxZgNsnJxOETuzPZ0ZcKKHYjKYwCtPOP1WCrM5nmyuOhMStXFGHn+g=="; + url = "https://registry.npmjs.org/@jest/environment/-/environment-26.3.0.tgz"; + sha512 = "EW+MFEo0DGHahf83RAaiqQx688qpXgl99wdb8Fy67ybyzHwR1a58LHcO376xQJHfmoXTu89M09dH3J509cx2AA=="; }; }; - "@jest/fake-timers-26.2.0" = { + "@jest/fake-timers-26.3.0" = { name = "_at_jest_slash_fake-timers"; packageName = "@jest/fake-timers"; - version = "26.2.0"; + version = "26.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-26.2.0.tgz"; - sha512 = "45Gfe7YzYTKqTayBrEdAF0qYyAsNRBzfkV0IyVUm3cx7AsCWlnjilBM4T40w7IXT5VspOgMPikQlV0M6gHwy/g=="; + url = "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-26.3.0.tgz"; + sha512 = "ZL9ytUiRwVP8ujfRepffokBvD2KbxbqMhrXSBhSdAhISCw3gOkuntisiSFv+A6HN0n0fF4cxzICEKZENLmW+1A=="; }; }; - "@jest/globals-26.2.0" = { + "@jest/globals-26.4.2" = { name = "_at_jest_slash_globals"; packageName = "@jest/globals"; - version = "26.2.0"; + version = "26.4.2"; src = fetchurl { - url = "https://registry.npmjs.org/@jest/globals/-/globals-26.2.0.tgz"; - sha512 = "Hoc6ScEIPaym7RNytIL2ILSUWIGKlwEv+JNFof9dGYOdvPjb2evEURSslvCMkNuNg1ECEClTE8PH7ULlMJntYA=="; + url = "https://registry.npmjs.org/@jest/globals/-/globals-26.4.2.tgz"; + sha512 = "Ot5ouAlehhHLRhc+sDz2/9bmNv9p5ZWZ9LE1pXGGTCXBasmi5jnYjlgYcYt03FBwLmZXCZ7GrL29c33/XRQiow=="; }; }; - "@jest/reporters-26.2.2" = { + "@jest/reporters-26.4.1" = { name = "_at_jest_slash_reporters"; packageName = "@jest/reporters"; - version = "26.2.2"; + version = "26.4.1"; src = fetchurl { - url = "https://registry.npmjs.org/@jest/reporters/-/reporters-26.2.2.tgz"; - sha512 = "7854GPbdFTAorWVh+RNHyPO9waRIN6TcvCezKVxI1khvFq9YjINTW7J3WU+tbR038Ynn6WjYred6vtT0YmIWVQ=="; + url = "https://registry.npmjs.org/@jest/reporters/-/reporters-26.4.1.tgz"; + sha512 = "aROTkCLU8++yiRGVxLsuDmZsQEKO6LprlrxtAuzvtpbIFl3eIjgIf3EUxDKgomkS25R9ZzwGEdB5weCcBZlrpQ=="; }; }; - "@jest/source-map-26.1.0" = { + "@jest/source-map-26.3.0" = { name = "_at_jest_slash_source-map"; packageName = "@jest/source-map"; - version = "26.1.0"; + version = "26.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/@jest/source-map/-/source-map-26.1.0.tgz"; - sha512 = "XYRPYx4eEVX15cMT9mstnO7hkHP3krNtKfxUYd8L7gbtia8JvZZ6bMzSwa6IQJENbudTwKMw5R1BePRD+bkEmA=="; + url = "https://registry.npmjs.org/@jest/source-map/-/source-map-26.3.0.tgz"; + sha512 = "hWX5IHmMDWe1kyrKl7IhFwqOuAreIwHhbe44+XH2ZRHjrKIh0LO5eLQ/vxHFeAfRwJapmxuqlGAEYLadDq6ZGQ=="; }; }; - "@jest/test-result-26.2.0" = { + "@jest/test-result-26.3.0" = { name = "_at_jest_slash_test-result"; packageName = "@jest/test-result"; - version = "26.2.0"; + version = "26.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/@jest/test-result/-/test-result-26.2.0.tgz"; - sha512 = "kgPlmcVafpmfyQEu36HClK+CWI6wIaAWDHNxfQtGuKsgoa2uQAYdlxjMDBEa3CvI40+2U3v36gQF6oZBkoKatw=="; + url = "https://registry.npmjs.org/@jest/test-result/-/test-result-26.3.0.tgz"; + sha512 = "a8rbLqzW/q7HWheFVMtghXV79Xk+GWwOK1FrtimpI5n1la2SY0qHri3/b0/1F0Ve0/yJmV8pEhxDfVwiUBGtgg=="; }; }; - "@jest/test-sequencer-26.2.2" = { + "@jest/test-sequencer-26.4.2" = { name = "_at_jest_slash_test-sequencer"; packageName = "@jest/test-sequencer"; - version = "26.2.2"; + version = "26.4.2"; src = fetchurl { - url = "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-26.2.2.tgz"; - sha512 = "SliZWon5LNqV/lVXkeowSU6L8++FGOu3f43T01L1Gv6wnFDP00ER0utV9jyK9dVNdXqfMNCN66sfcyar/o7BNw=="; + url = "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-26.4.2.tgz"; + sha512 = "83DRD8N3M0tOhz9h0bn6Kl6dSp+US6DazuVF8J9m21WAp5x7CqSMaNycMP0aemC/SH/pDQQddbsfHRTBXVUgog=="; }; }; - "@jest/transform-26.2.2" = { + "@jest/transform-26.3.0" = { name = "_at_jest_slash_transform"; packageName = "@jest/transform"; - version = "26.2.2"; + version = "26.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/@jest/transform/-/transform-26.2.2.tgz"; - sha512 = "c1snhvi5wRVre1XyoO3Eef5SEWpuBCH/cEbntBUd9tI5sNYiBDmO0My/lc5IuuGYKp/HFIHV1eZpSx5yjdkhKw=="; + url = "https://registry.npmjs.org/@jest/transform/-/transform-26.3.0.tgz"; + sha512 = "Isj6NB68QorGoFWvcOjlUhpkT56PqNIsXKR7XfvoDlCANn/IANlh8DrKAA2l2JKC3yWSMH5wS0GwuQM20w3b2A=="; }; }; "@jest/types-25.5.0" = { @@ -1039,13 +1039,13 @@ let sha512 = "OXD0RgQ86Tu3MazKo8bnrkDRaDXXMGUqd+kTtLtK1Zb7CRzQcaSRPPPV37SvYTdevXEBVxe0HXylEjs8ibkmCw=="; }; }; - "@jest/types-26.2.0" = { + "@jest/types-26.3.0" = { name = "_at_jest_slash_types"; packageName = "@jest/types"; - version = "26.2.0"; + version = "26.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/@jest/types/-/types-26.2.0.tgz"; - sha512 = "lvm3rJvctxd7+wxKSxxbzpDbr4FXDLaC57WEKdUIZ2cjTYuxYSc0zlyD7Z4Uqr5VdKxRUrtwIkiqBuvgf8uKJA=="; + url = "https://registry.npmjs.org/@jest/types/-/types-26.3.0.tgz"; + sha512 = "BDPG23U0qDeAvU4f99haztXwdAg3hz4El95LkAM+tHAqqhiVzRpEGHHU8EDxT/AnxOrA65YjLBwDahdJ9pTLJQ=="; }; }; "@serialport/binding-abstract-9.0.1" = { @@ -1255,13 +1255,22 @@ let sha512 = "P/W9yOX/3oPZSpaYOCQzGqgCQRXn0FFO/V8bWrCQs+wLmvVVxk6CRBXALEvNs9OHIatlnlFokfhuDo2ug01ciw=="; }; }; - "@types/jest-26.0.9" = { + "@types/istanbul-reports-3.0.0" = { + name = "_at_types_slash_istanbul-reports"; + packageName = "@types/istanbul-reports"; + version = "3.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/@types/istanbul-reports/-/istanbul-reports-3.0.0.tgz"; + sha512 = "nwKNbvnwJ2/mndE9ItP/zc2TCzw6uuodnF4EHYWD+gCQDVBuRQL5UzbZD0/ezy1iKsFU2ZQiDqg4M9dN4+wZgA=="; + }; + }; + "@types/jest-26.0.10" = { name = "_at_types_slash_jest"; packageName = "@types/jest"; - version = "26.0.9"; + version = "26.0.10"; src = fetchurl { - url = "https://registry.npmjs.org/@types/jest/-/jest-26.0.9.tgz"; - sha512 = "k4qFfJ5AUKrWok5KYXp2EPm89b0P/KZpl7Vg4XuOTVVQEhLDBDBU3iBFrjjdgd8fLw96aAtmnwhXHl63bWeBQQ=="; + url = "https://registry.npmjs.org/@types/jest/-/jest-26.0.10.tgz"; + sha512 = "i2m0oyh8w/Lum7wWK/YOZJakYF8Mx08UaKA1CtbmFeDquVhAEdA7znacsVSf2hJ1OQ/OfVMGN90pw/AtzF8s/Q=="; }; }; "@types/json-schema-7.0.5" = { @@ -1282,13 +1291,13 @@ let sha512 = "M0ISm1qsNvkdXNZml1r/1bEVqt5SJHF/LFcCtH5dHfsSIG0LEj5FhwK0f4fZy9WPCsXjmrKfpzgEW/bdQuKqmQ=="; }; }; - "@types/node-14.0.27" = { + "@types/node-14.6.2" = { name = "_at_types_slash_node"; packageName = "@types/node"; - version = "14.0.27"; + version = "14.6.2"; src = fetchurl { - url = "https://registry.npmjs.org/@types/node/-/node-14.0.27.tgz"; - sha512 = "kVrqXhbclHNHGu9ztnAwSncIgJv/FaxmzXJvGXNdcCpV1b8u1/Mi6z6m0vwy0LzKeXFTPLH0NzwmoJ3fNCIq0g=="; + url = "https://registry.npmjs.org/@types/node/-/node-14.6.2.tgz"; + sha512 = "onlIwbaeqvZyniGPfdw/TEhKIh79pz66L1q06WUQqJLnAb6wbjvOtepLYTGHTqzdXgBYIE3ZdmqHDGsRsbBz7A=="; }; }; "@types/normalize-package-data-2.4.0" = { @@ -1300,13 +1309,13 @@ let sha512 = "f5j5b/Gf71L+dbqxIpQ4Z2WlmI/mPJ0fOkGGmFgtb6sAu97EPczzbS3/tJKxmcYDj55OX6ssqwDAWOHIYDRDGA=="; }; }; - "@types/prettier-2.0.2" = { + "@types/prettier-2.1.0" = { name = "_at_types_slash_prettier"; packageName = "@types/prettier"; - version = "2.0.2"; + version = "2.1.0"; src = fetchurl { - url = "https://registry.npmjs.org/@types/prettier/-/prettier-2.0.2.tgz"; - sha512 = "IkVfat549ggtkZUthUzEX49562eGikhSYeVGX97SkMFn+sTZrgRewXjQ4tPKFPCykZHkX1Zfd9OoELGqKU2jJA=="; + url = "https://registry.npmjs.org/@types/prettier/-/prettier-2.1.0.tgz"; + sha512 = "hiYA88aHiEIgDmeKlsyVsuQdcFn3Z2VuFd/Xm/HCnGnPD8UFU5BM128uzzRVVGEzKDKYUrRsRH9S2o+NUy/3IA=="; }; }; "@types/serialport-8.0.1" = { @@ -1345,13 +1354,13 @@ let sha512 = "FA/BWv8t8ZWJ+gEOnLLd8ygxH/2UFbAvgEonyfN6yWGLKc7zVjbpl2Y4CTjid9h2RfgPP6SEt6uHwEOply00yw=="; }; }; - "@typescript-eslint/eslint-plugin-3.8.0" = { + "@typescript-eslint/eslint-plugin-3.10.1" = { name = "_at_typescript-eslint_slash_eslint-plugin"; packageName = "@typescript-eslint/eslint-plugin"; - version = "3.8.0"; + version = "3.10.1"; src = fetchurl { - url = "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-3.8.0.tgz"; - sha512 = "lFb4VCDleFSR+eo4Ew+HvrJ37ZH1Y9ZyE+qyP7EiwBpcCVxwmUc5PAqhShCQ8N8U5vqYydm74nss+a0wrrCErw=="; + url = "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-3.10.1.tgz"; + sha512 = "PQg0emRtzZFWq6PxBcdxRH3QIQiyFO3WCVpRL3fgj5oQS3CDs3AeAKfv4DxNhzn8ITdNJGJ4D3Qw8eAJf3lXeQ=="; }; }; "@typescript-eslint/experimental-utils-2.34.0" = { @@ -1363,31 +1372,31 @@ let sha512 = "eS6FTkq+wuMJ+sgtuNTtcqavWXqsflWcfBnlYhg/nS4aZ1leewkXGbvBhaapn1q6qf4M71bsR1tez5JTRMuqwA=="; }; }; - "@typescript-eslint/experimental-utils-3.8.0" = { + "@typescript-eslint/experimental-utils-3.10.1" = { name = "_at_typescript-eslint_slash_experimental-utils"; packageName = "@typescript-eslint/experimental-utils"; - version = "3.8.0"; + version = "3.10.1"; src = fetchurl { - url = "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-3.8.0.tgz"; - sha512 = "o8T1blo1lAJE0QDsW7nSyvZHbiDzQDjINJKyB44Z3sSL39qBy5L10ScI/XwDtaiunoyKGLiY9bzRk4YjsUZl8w=="; + url = "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-3.10.1.tgz"; + sha512 = "DewqIgscDzmAfd5nOGe4zm6Bl7PKtMG2Ad0KG8CUZAHlXfAKTF9Ol5PXhiMh39yRL2ChRH1cuuUGOcVyyrhQIw=="; }; }; - "@typescript-eslint/parser-3.8.0" = { + "@typescript-eslint/parser-3.10.1" = { name = "_at_typescript-eslint_slash_parser"; packageName = "@typescript-eslint/parser"; - version = "3.8.0"; + version = "3.10.1"; src = fetchurl { - url = "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-3.8.0.tgz"; - sha512 = "u5vjOBaCsnMVQOvkKCXAmmOhyyMmFFf5dbkM3TIbg3MZ2pyv5peE4gj81UAbTHwTOXEwf7eCQTUMKrDl/+qGnA=="; + url = "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-3.10.1.tgz"; + sha512 = "Ug1RcWcrJP02hmtaXVS3axPPTTPnZjupqhgj+NnZ6BCkwSImWk/283347+x9wN+lqOdK9Eo3vsyiyDHgsmiEJw=="; }; }; - "@typescript-eslint/types-3.8.0" = { + "@typescript-eslint/types-3.10.1" = { name = "_at_typescript-eslint_slash_types"; packageName = "@typescript-eslint/types"; - version = "3.8.0"; + version = "3.10.1"; src = fetchurl { - url = "https://registry.npmjs.org/@typescript-eslint/types/-/types-3.8.0.tgz"; - sha512 = "8kROmEQkv6ss9kdQ44vCN1dTrgu4Qxrd2kXr10kz2NP5T8/7JnEfYNxCpPkArbLIhhkGLZV3aVMplH1RXQRF7Q=="; + url = "https://registry.npmjs.org/@typescript-eslint/types/-/types-3.10.1.tgz"; + sha512 = "+3+FCUJIahE9q0lDi1WleYzjCwJs5hIsbugIgnbB+dSCYUxl8L6PwmsyOPFZde2hc1DlTo/xnkOgiTLSyAbHiQ=="; }; }; "@typescript-eslint/typescript-estree-2.34.0" = { @@ -1399,22 +1408,22 @@ let sha512 = "OMAr+nJWKdlVM9LOqCqh3pQQPwxHAN7Du8DR6dmwCrAmxtiXQnhHJ6tBNtf+cggqfo51SG/FCwnKhXCIM7hnVg=="; }; }; - "@typescript-eslint/typescript-estree-3.8.0" = { + "@typescript-eslint/typescript-estree-3.10.1" = { name = "_at_typescript-eslint_slash_typescript-estree"; packageName = "@typescript-eslint/typescript-estree"; - version = "3.8.0"; + version = "3.10.1"; src = fetchurl { - url = "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-3.8.0.tgz"; - sha512 = "MTv9nPDhlKfclwnplRNDL44mP2SY96YmPGxmMbMy6x12I+pERcxpIUht7DXZaj4mOKKtet53wYYXU0ABaiXrLw=="; + url = "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-3.10.1.tgz"; + sha512 = "QbcXOuq6WYvnB3XPsZpIwztBoquEYLXh2MtwVU+kO8jgYCiv4G5xrSP/1wg4tkvrEE+esZVquIPX/dxPlePk1w=="; }; }; - "@typescript-eslint/visitor-keys-3.8.0" = { + "@typescript-eslint/visitor-keys-3.10.1" = { name = "_at_typescript-eslint_slash_visitor-keys"; packageName = "@typescript-eslint/visitor-keys"; - version = "3.8.0"; + version = "3.10.1"; src = fetchurl { - url = "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-3.8.0.tgz"; - sha512 = "gfqQWyVPpT9NpLREXNR820AYwgz+Kr1GuF3nf1wxpHD6hdxI62tq03ToomFnDxY0m3pUB39IF7sil7D5TQexLA=="; + url = "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-3.10.1.tgz"; + sha512 = "9JgC82AaQeglebjZMgYR5wgmfUdUc+EitGUUMW8u2nDckaeimzW+VsoLV6FoimPv2id3VQzfjwBxEMVz08ameQ=="; }; }; "abab-2.0.4" = { @@ -1471,13 +1480,13 @@ let sha512 = "01q25QQDwLSsyfhrKbn8yuur+JNw0H+0Y4JiGIKd3z9aYk/w/2kxD/Upc+t2ZBBSUNff50VjPsSW2YxM8QYKVg=="; }; }; - "ajv-6.12.3" = { + "ajv-6.12.4" = { name = "ajv"; packageName = "ajv"; - version = "6.12.3"; + version = "6.12.4"; src = fetchurl { - url = "https://registry.npmjs.org/ajv/-/ajv-6.12.3.tgz"; - sha512 = "4K0cK3L1hsqk9xIb2z9vs/XU+PGJZ9PNpJRDS9YLzmNdX6jmVPfamLvTJr0aDAusnHyCHO6MjzlkAsgtqp9teA=="; + url = "https://registry.npmjs.org/ajv/-/ajv-6.12.4.tgz"; + sha512 = "eienB2c9qVQs2KWexhkrdMLVDoIQCz5KSeLxwg9Lzk4DOfBtIK9PQwwufcsn1jjGuf9WZmqPMbGxOzfcuphJCQ=="; }; }; "ansi-colors-4.1.1" = { @@ -1678,15 +1687,6 @@ let sha512 = "z/WhQ5FPySLdvREByI2vZiTWwCnF0moMJ1hK9YQwDTHKh6I7/uSckMetoRGb5UBZPC1z0jlw+n/XCgjeH7y1AQ=="; }; }; - "async-limiter-1.0.1" = { - name = "async-limiter"; - packageName = "async-limiter"; - version = "1.0.1"; - src = fetchurl { - url = "https://registry.npmjs.org/async-limiter/-/async-limiter-1.0.1.tgz"; - sha512 = "csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ=="; - }; - }; "asynckit-0.4.0" = { name = "asynckit"; packageName = "asynckit"; @@ -1723,31 +1723,31 @@ let sha1 = "b46e890934a9591f2d2f6f86d7e6a9f1b3fe76a8"; }; }; - "aws4-1.10.0" = { + "aws4-1.10.1" = { name = "aws4"; packageName = "aws4"; - version = "1.10.0"; + version = "1.10.1"; src = fetchurl { - url = "https://registry.npmjs.org/aws4/-/aws4-1.10.0.tgz"; - sha512 = "3YDiu347mtVtjpyV3u5kVqQLP242c06zwDOgpeRnybmXlYYsLbtTrUBUm8i8srONt+FWobl5aibnU1030PeeuA=="; + url = "https://registry.npmjs.org/aws4/-/aws4-1.10.1.tgz"; + sha512 = "zg7Hz2k5lI8kb7U32998pRRFin7zJlkfezGJjUc2heaD4Pw2wObakCDVzkKztTm/Ln7eiVvYsjqak0Ed4LkMDA=="; }; }; - "axios-0.19.2" = { + "axios-0.20.0" = { name = "axios"; packageName = "axios"; - version = "0.19.2"; + version = "0.20.0"; src = fetchurl { - url = "https://registry.npmjs.org/axios/-/axios-0.19.2.tgz"; - sha512 = "fjgm5MvRHLhx+osE2xoekY70AhARk3a6hkN+3Io1jc00jtquGvxYlKlsFUhmUET0V5te6CcZI7lcv2Ym61mjHA=="; + url = "https://registry.npmjs.org/axios/-/axios-0.20.0.tgz"; + sha512 = "ANA4rr2BDcmmAQLOKft2fufrtuvlqR+cXNNinUmvfeSNCOF98PZL+7M/v1zIdGo7OLjEA9J2gXJL+j4zGsl0bA=="; }; }; - "babel-jest-26.2.2" = { + "babel-jest-26.3.0" = { name = "babel-jest"; packageName = "babel-jest"; - version = "26.2.2"; + version = "26.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/babel-jest/-/babel-jest-26.2.2.tgz"; - sha512 = "JmLuePHgA+DSOdOL8lPxCgD2LhPPm+rdw1vnxR73PpIrnmKCS2/aBhtkAcxQWuUcW2hBrH8MJ3LKXE7aWpNZyA=="; + url = "https://registry.npmjs.org/babel-jest/-/babel-jest-26.3.0.tgz"; + sha512 = "sxPnQGEyHAOPF8NcUsD0g7hDCnvLL2XyblRBcgrzTWBB/mAIpWow3n1bEL+VghnnZfreLhFSBsFluRoK2tRK4g=="; }; }; "babel-plugin-dynamic-import-node-2.3.3" = { @@ -1786,13 +1786,13 @@ let sha512 = "uyexu1sVwcdFnyq9o8UQYsXwXflIh8LvrF5+cKrYam93ned1CStffB3+BEcsxGSgagoA3GEyjDqO4a/58hyPYQ=="; }; }; - "babel-preset-jest-26.2.0" = { + "babel-preset-jest-26.3.0" = { name = "babel-preset-jest"; packageName = "babel-preset-jest"; - version = "26.2.0"; + version = "26.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-26.2.0.tgz"; - sha512 = "R1k8kdP3R9phYQugXeNnK/nvCGlBzG4m3EoIIukC80GXb6wCv2XiwPhK6K9MAkQcMszWBYvl2Wm+yigyXFQqXg=="; + url = "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-26.3.0.tgz"; + sha512 = "5WPdf7nyYi2/eRxCbVrE1kKCWxgWY4RsPEbdJWFm7QsesFGqjdkyLeu1zRkwM1cxK6EPIlNd6d2AxLk7J+t4pw=="; }; }; "balanced-match-1.0.0" = { @@ -1849,22 +1849,13 @@ let sha512 = "p2q/t/mhvuOj/UeLlV6566GD/guowlr0hHxClI0W9m7MWYkL1F0hLo+0Aexs9HSPCtR1SXQ0TD3MMKrXZajbiQ=="; }; }; - "bl-1.2.2" = { + "bl-4.0.3" = { name = "bl"; packageName = "bl"; - version = "1.2.2"; + version = "4.0.3"; src = fetchurl { - url = "https://registry.npmjs.org/bl/-/bl-1.2.2.tgz"; - sha512 = "e8tQYnZodmebYDWGH7KMRvtzKXaJHx3BbilrgZCfvyLUYdKpK1t5PSPmpkny/SgiTSCnjfLW7v5rlONXVFkQEA=="; - }; - }; - "bl-4.0.2" = { - name = "bl"; - packageName = "bl"; - version = "4.0.2"; - src = fetchurl { - url = "https://registry.npmjs.org/bl/-/bl-4.0.2.tgz"; - sha512 = "j4OH8f6Qg2bGuWfRiltT2HYGx0e1QcBTrK9KAHNMwMZdQnDZFk0ZSYIpADjYCB3U12nicC5tVJwSIhwOWjb4RQ=="; + url = "https://registry.npmjs.org/bl/-/bl-4.0.3.tgz"; + sha512 = "fs4G6/Hu4/EE+F75J8DuN/0IpQqNjAdC7aEQv7Qt8MHGUH7Ckv2MwTEEeN9QehD0pfIDkMI1bkHYkKy7xHyKIg=="; }; }; "brace-expansion-1.1.11" = { @@ -1984,13 +1975,13 @@ let sha512 = "8KMDF1Vz2gzOq54ONPJS65IvTUaB1cHJ2DMM7MbPmLZljDH1qpzzLsWdiN9pHh6qvkRVDTi/07+eNGch/oLU4w=="; }; }; - "caniuse-lite-1.0.30001112" = { + "caniuse-lite-1.0.30001119" = { name = "caniuse-lite"; packageName = "caniuse-lite"; - version = "1.0.30001112"; + version = "1.0.30001119"; src = fetchurl { - url = "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001112.tgz"; - sha512 = "J05RTQlqsatidif/38aN3PGULCLrg8OYQOlJUKbeYVzC2mGZkZLIztwRlB3MtrfLmawUmjFlNJvy/uhwniIe1Q=="; + url = "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001119.tgz"; + sha512 = "Hpwa4obv7EGP+TjkCh/wVvbtNJewxmtg4yVJBLFnxo35vbPapBr138bUWENkb5j5L9JZJ9RXLn4OrXRG/cecPQ=="; }; }; "capture-exit-2.0.0" = { @@ -2389,15 +2380,6 @@ let sha512 = "bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA=="; }; }; - "debug-3.1.0" = { - name = "debug"; - packageName = "debug"; - version = "3.1.0"; - src = fetchurl { - url = "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz"; - sha512 = "OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g=="; - }; - }; "debug-4.1.1" = { name = "debug"; packageName = "debug"; @@ -2551,13 +2533,13 @@ let sha512 = "Hq8o7+6GaZeoFjtpgvRBUknSXNeJiCx7V9Fr94ZMljNiCr9n9L8H8aJqgWOQiDDGdyn29fRNcDdRVJ5fdyihfg=="; }; }; - "diff-sequences-26.0.0" = { + "diff-sequences-26.3.0" = { name = "diff-sequences"; packageName = "diff-sequences"; - version = "26.0.0"; + version = "26.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/diff-sequences/-/diff-sequences-26.0.0.tgz"; - sha512 = "JC/eHYEC3aSS0vZGjuoc4vHA0yAQTzhQQldXMeMF+JlxLGJlCO38Gma82NV9gk1jGFz8mDzUMeaKXvjRRdJ2dg=="; + url = "https://registry.npmjs.org/diff-sequences/-/diff-sequences-26.3.0.tgz"; + sha512 = "5j5vdRcw3CNctePNYN0Wy2e/JbWT6cAYnXv5OuqPhDpyCGc0uLu2TK0zOCJWNB9kOIfYMSpIulRaDgIi4HJ6Ig=="; }; }; "doctrine-3.0.0" = { @@ -2596,13 +2578,13 @@ let sha1 = "3a83a904e54353287874c564b7549386849a98c9"; }; }; - "electron-to-chromium-1.3.526" = { + "electron-to-chromium-1.3.555" = { name = "electron-to-chromium"; packageName = "electron-to-chromium"; - version = "1.3.526"; + version = "1.3.555"; src = fetchurl { - url = "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.526.tgz"; - sha512 = "HiroW5ZbGwgT8kCnoEO8qnGjoTPzJxduvV/Vv/wH63eo2N6Zj3xT5fmmaSPAPUM05iN9/5fIEkIg3owTtV6QZg=="; + url = "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.555.tgz"; + sha512 = "/55x3nF2feXFZ5tdGUOr00TxnUjUgdxhrn+eCJ1FAcoAt+cKQTjQkUC5XF4frMWE1R5sjHk+JueuBalimfe5Pg=="; }; }; "emittery-0.7.1" = { @@ -2758,13 +2740,13 @@ let sha512 = "qFcX0XJkdg+PB3xjZZG/wKSuT1PnQWx57+TVSjIMmILd2yC/6ByYElPwJnslDsuWuSAp4AwJGumarAAmJch5Kw=="; }; }; - "eslint-7.6.0" = { + "eslint-7.7.0" = { name = "eslint"; packageName = "eslint"; - version = "7.6.0"; + version = "7.7.0"; src = fetchurl { - url = "https://registry.npmjs.org/eslint/-/eslint-7.6.0.tgz"; - sha512 = "QlAManNtqr7sozWm5TF4wIH9gmUm2hE3vNRUvyoYAa4y1l5/jxD/PQStEjBMQtCqZmSep8UxrcecI60hOpe61w=="; + url = "https://registry.npmjs.org/eslint/-/eslint-7.7.0.tgz"; + sha512 = "1KUxLzos0ZVsyL81PnRN335nDtQ8/vZUD6uMtWbF+5zDtjKcsklIi78XoE0MVL93QvWTu+E5y44VyyCsOMBrIg=="; }; }; "eslint-config-google-0.14.0" = { @@ -2812,13 +2794,13 @@ let sha512 = "6J72N8UNa462wa/KFODt/PJ3IU60SDpC3QXC1Hjc1BXXpfL2C9R5+AU7jhe0F6GREqVMh4Juu+NY7xn+6dipUQ=="; }; }; - "espree-7.2.0" = { + "espree-7.3.0" = { name = "espree"; packageName = "espree"; - version = "7.2.0"; + version = "7.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/espree/-/espree-7.2.0.tgz"; - sha512 = "H+cQ3+3JYRMEIOl87e7QdHX70ocly5iW4+dttuR8iYSPr/hXKFb+7dBsZ7+u1adC4VrnPlTkv0+OwuPnDop19g=="; + url = "https://registry.npmjs.org/espree/-/espree-7.3.0.tgz"; + sha512 = "dksIWsvKCixn1yrEXO8UosNSxaDoSYpq9reEjZSbHLpT5hpaCAKTLBwq0RHtLrIr+c0ByiYzWT8KTMRzoRCNlw=="; }; }; "esprima-4.0.1" = { @@ -2938,13 +2920,13 @@ let sha512 = "XYfuKMvj4O35f/pOXLObndIRvyQ+/+6AhODh+OKWj9S9498pHHn/IMszH+gt0fBCRWMNfk1ZSp5x3AifmnI2vg=="; }; }; - "expect-26.2.0" = { + "expect-26.4.2" = { name = "expect"; packageName = "expect"; - version = "26.2.0"; + version = "26.4.2"; src = fetchurl { - url = "https://registry.npmjs.org/expect/-/expect-26.2.0.tgz"; - sha512 = "8AMBQ9UVcoUXt0B7v+5/U5H6yiUR87L6eKCfjE3spx7Ya5lF+ebUo37MCFBML2OiLfkX1sxmQOZhIDonyVTkcw=="; + url = "https://registry.npmjs.org/expect/-/expect-26.4.2.tgz"; + sha512 = "IlJ3X52Z0lDHm7gjEp+m76uX46ldH5VpqmU0006vqDju/285twh7zaWMRhs67VpQhBwjjMchk+p5aA0VkERCAA=="; }; }; "ext-1.4.0" = { @@ -3127,13 +3109,13 @@ let sha512 = "GRnmB5gPyJpAhTQdSZTSp9uaPSvl09KoYcMQtsB9rQoOmzs9dH6ffeccH+Z+cv6P68Hu5bC6JjRh4Ah/mHSNRw=="; }; }; - "follow-redirects-1.5.10" = { + "follow-redirects-1.13.0" = { name = "follow-redirects"; packageName = "follow-redirects"; - version = "1.5.10"; + version = "1.13.0"; src = fetchurl { - url = "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.5.10.tgz"; - sha512 = "0V5l4Cizzvqt5D44aTXbFZz+FtyXV1vrDN6qrelxtfYQKW0KO0W2T/hkE8xvGa/540LkZlkaUjO4ailYTFtHVQ=="; + url = "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.13.0.tgz"; + sha512 = "aq6gF1BEKje4a9i9+5jimNFIpq4Q1WiwBToeRK5NvZBd/TRsmW8BsJfOEGkr76TbOyPVD3OVDN910EcUNtRYEA=="; }; }; "for-in-1.0.2" = { @@ -3181,15 +3163,6 @@ let sha512 = "y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow=="; }; }; - "fs-extra-8.1.0" = { - name = "fs-extra"; - packageName = "fs-extra"; - version = "8.1.0"; - src = fetchurl { - url = "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz"; - sha512 = "yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g=="; - }; - }; "fs-extra-9.0.1" = { name = "fs-extra"; packageName = "fs-extra"; @@ -3298,13 +3271,13 @@ let sha512 = "GMat4EJ5161kIy2HevLlr4luNjBgvmj413KaQA7jt4V8B4RDsfpHk7WQ9GVqfYyyx8OS/L66Kox+rJRNklLK7w=="; }; }; - "get-stream-5.1.0" = { + "get-stream-5.2.0" = { name = "get-stream"; packageName = "get-stream"; - version = "5.1.0"; + version = "5.2.0"; src = fetchurl { - url = "https://registry.npmjs.org/get-stream/-/get-stream-5.1.0.tgz"; - sha512 = "EXr1FOzrzTfGeL0gQdeFEvOMm2mzMOglyiOXSTpPC+iAjAKftbr3jpCMWynogwYnM+eSj9sHGc6wjIcDvYiygw=="; + url = "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz"; + sha512 = "nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA=="; }; }; "get-value-2.0.6" = { @@ -4108,40 +4081,40 @@ let sha512 = "9tZvz7AiR3PEDNGiV9vIouQ/EAcqMXFmkcA1CDFTwOB98OZVDL0PH9glHotf5Ugp6GCOTypfzGWI/OqjWNCRUw=="; }; }; - "jest-26.2.2" = { + "jest-26.4.2" = { name = "jest"; packageName = "jest"; - version = "26.2.2"; + version = "26.4.2"; src = fetchurl { - url = "https://registry.npmjs.org/jest/-/jest-26.2.2.tgz"; - sha512 = "EkJNyHiAG1+A8pqSz7cXttoVa34hOEzN/MrnJhYnfp5VHxflVcf2pu3oJSrhiy6LfIutLdWo+n6q63tjcoIeig=="; + url = "https://registry.npmjs.org/jest/-/jest-26.4.2.tgz"; + sha512 = "LLCjPrUh98Ik8CzW8LLVnSCfLaiY+wbK53U7VxnFSX7Q+kWC4noVeDvGWIFw0Amfq1lq2VfGm7YHWSLBV62MJw=="; }; }; - "jest-changed-files-26.2.0" = { + "jest-changed-files-26.3.0" = { name = "jest-changed-files"; packageName = "jest-changed-files"; - version = "26.2.0"; + version = "26.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-26.2.0.tgz"; - sha512 = "+RyJb+F1K/XBLIYiL449vo5D+CvlHv29QveJUWNPXuUicyZcq+tf1wNxmmFeRvAU1+TzhwqczSjxnCCFt7+8iA=="; + url = "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-26.3.0.tgz"; + sha512 = "1C4R4nijgPltX6fugKxM4oQ18zimS7LqQ+zTTY8lMCMFPrxqBFb7KJH0Z2fRQJvw2Slbaipsqq7s1mgX5Iot+g=="; }; }; - "jest-cli-26.2.2" = { + "jest-cli-26.4.2" = { name = "jest-cli"; packageName = "jest-cli"; - version = "26.2.2"; + version = "26.4.2"; src = fetchurl { - url = "https://registry.npmjs.org/jest-cli/-/jest-cli-26.2.2.tgz"; - sha512 = "vVcly0n/ijZvdy6gPQiQt0YANwX2hLTPQZHtW7Vi3gcFdKTtif7YpI85F8R8JYy5DFSWz4x1OW0arnxlziu5Lw=="; + url = "https://registry.npmjs.org/jest-cli/-/jest-cli-26.4.2.tgz"; + sha512 = "zb+lGd/SfrPvoRSC/0LWdaWCnscXc1mGYW//NP4/tmBvRPT3VntZ2jtKUONsRi59zc5JqmsSajA9ewJKFYp8Cw=="; }; }; - "jest-config-26.2.2" = { + "jest-config-26.4.2" = { name = "jest-config"; packageName = "jest-config"; - version = "26.2.2"; + version = "26.4.2"; src = fetchurl { - url = "https://registry.npmjs.org/jest-config/-/jest-config-26.2.2.tgz"; - sha512 = "2lhxH0y4YFOijMJ65usuf78m7+9/8+hAb1PZQtdRdgnQpAb4zP6KcVDDktpHEkspBKnc2lmFu+RQdHukUUbiTg=="; + url = "https://registry.npmjs.org/jest-config/-/jest-config-26.4.2.tgz"; + sha512 = "QBf7YGLuToiM8PmTnJEdRxyYy3mHWLh24LJZKVdXZ2PNdizSe1B/E8bVm+HYcjbEzGuVXDv/di+EzdO/6Gq80A=="; }; }; "jest-diff-25.5.0" = { @@ -4153,13 +4126,13 @@ let sha512 = "z1kygetuPiREYdNIumRpAHY6RXiGmp70YHptjdaxTWGmA085W3iCnXNx0DhflK3vwrKmrRWyY1wUpkPMVxMK7A=="; }; }; - "jest-diff-26.2.0" = { + "jest-diff-26.4.2" = { name = "jest-diff"; packageName = "jest-diff"; - version = "26.2.0"; + version = "26.4.2"; src = fetchurl { - url = "https://registry.npmjs.org/jest-diff/-/jest-diff-26.2.0.tgz"; - sha512 = "Wu4Aopi2nzCsHWLBlD48TgRy3Z7OsxlwvHNd1YSnHc7q1NJfrmyCPoUXrTIrydQOG5ApaYpsAsdfnMbJqV1/wQ=="; + url = "https://registry.npmjs.org/jest-diff/-/jest-diff-26.4.2.tgz"; + sha512 = "6T1XQY8U28WH0Z5rGpQ+VqZSZz8EN8rZcBtfvXaOkbwxIEeRre6qnuZQlbY1AJ4MKDxQF8EkrCvK+hL/VkyYLQ=="; }; }; "jest-docblock-26.0.0" = { @@ -4171,31 +4144,31 @@ let sha512 = "RDZ4Iz3QbtRWycd8bUEPxQsTlYazfYn/h5R65Fc6gOfwozFhoImx+affzky/FFBuqISPTqjXomoIGJVKBWoo0w=="; }; }; - "jest-each-26.2.0" = { + "jest-each-26.4.2" = { name = "jest-each"; packageName = "jest-each"; - version = "26.2.0"; + version = "26.4.2"; src = fetchurl { - url = "https://registry.npmjs.org/jest-each/-/jest-each-26.2.0.tgz"; - sha512 = "gHPCaho1twWHB5bpcfnozlc6mrMi+VAewVPNgmwf81x2Gzr6XO4dl+eOrwPWxbkYlgjgrYjWK2xgKnixbzH3Ew=="; + url = "https://registry.npmjs.org/jest-each/-/jest-each-26.4.2.tgz"; + sha512 = "p15rt8r8cUcRY0Mvo1fpkOGYm7iI8S6ySxgIdfh3oOIv+gHwrHTy5VWCGOecWUhDsit4Nz8avJWdT07WLpbwDA=="; }; }; - "jest-environment-jsdom-26.2.0" = { + "jest-environment-jsdom-26.3.0" = { name = "jest-environment-jsdom"; packageName = "jest-environment-jsdom"; - version = "26.2.0"; + version = "26.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/jest-environment-jsdom/-/jest-environment-jsdom-26.2.0.tgz"; - sha512 = "sDG24+5M4NuIGzkI3rJW8XUlrpkvIdE9Zz4jhD8OBnVxAw+Y1jUk9X+lAOD48nlfUTlnt3lbAI3k2Ox+WF3S0g=="; + url = "https://registry.npmjs.org/jest-environment-jsdom/-/jest-environment-jsdom-26.3.0.tgz"; + sha512 = "zra8He2btIMJkAzvLaiZ9QwEPGEetbxqmjEBQwhH3CA+Hhhu0jSiEJxnJMbX28TGUvPLxBt/zyaTLrOPF4yMJA=="; }; }; - "jest-environment-node-26.2.0" = { + "jest-environment-node-26.3.0" = { name = "jest-environment-node"; packageName = "jest-environment-node"; - version = "26.2.0"; + version = "26.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-26.2.0.tgz"; - sha512 = "4M5ExTYkJ19efBzkiXtBi74JqKLDciEk4CEsp5tTjWGYMrlKFQFtwIVG3tW1OGE0AlXhZjuHPwubuRYY4j4uOw=="; + url = "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-26.3.0.tgz"; + sha512 = "c9BvYoo+FGcMj5FunbBgtBnbR5qk3uky8PKyRVpSfe2/8+LrNQMiXX53z6q2kY+j15SkjQCOSL/6LHnCPLVHNw=="; }; }; "jest-get-type-25.2.6" = { @@ -4207,67 +4180,67 @@ let sha512 = "DxjtyzOHjObRM+sM1knti6or+eOgcGU4xVSb2HNP1TqO4ahsT+rqZg+nyqHWJSvWgKC5cG3QjGFBqxLghiF/Ig=="; }; }; - "jest-get-type-26.0.0" = { + "jest-get-type-26.3.0" = { name = "jest-get-type"; packageName = "jest-get-type"; - version = "26.0.0"; + version = "26.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/jest-get-type/-/jest-get-type-26.0.0.tgz"; - sha512 = "zRc1OAPnnws1EVfykXOj19zo2EMw5Hi6HLbFCSjpuJiXtOWAYIjNsHVSbpQ8bDX7L5BGYGI8m+HmKdjHYFF0kg=="; + url = "https://registry.npmjs.org/jest-get-type/-/jest-get-type-26.3.0.tgz"; + sha512 = "TpfaviN1R2pQWkIihlfEanwOXK0zcxrKEE4MlU6Tn7keoXdN6/3gK/xl0yEh8DOunn5pOVGKf8hB4R9gVh04ig=="; }; }; - "jest-haste-map-26.2.2" = { + "jest-haste-map-26.3.0" = { name = "jest-haste-map"; packageName = "jest-haste-map"; - version = "26.2.2"; + version = "26.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-26.2.2.tgz"; - sha512 = "3sJlMSt+NHnzCB+0KhJ1Ut4zKJBiJOlbrqEYNdRQGlXTv8kqzZWjUKQRY3pkjmlf+7rYjAV++MQ4D6g4DhAyOg=="; + url = "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-26.3.0.tgz"; + sha512 = "DHWBpTJgJhLLGwE5Z1ZaqLTYqeODQIZpby0zMBsCU9iRFHYyhklYqP4EiG73j5dkbaAdSZhgB938mL51Q5LeZA=="; }; }; - "jest-jasmine2-26.2.2" = { + "jest-jasmine2-26.4.2" = { name = "jest-jasmine2"; packageName = "jest-jasmine2"; - version = "26.2.2"; + version = "26.4.2"; src = fetchurl { - url = "https://registry.npmjs.org/jest-jasmine2/-/jest-jasmine2-26.2.2.tgz"; - sha512 = "Q8AAHpbiZMVMy4Hz9j1j1bg2yUmPa1W9StBvcHqRaKa9PHaDUMwds8LwaDyzP/2fkybcTQE4+pTMDOG9826tEw=="; + url = "https://registry.npmjs.org/jest-jasmine2/-/jest-jasmine2-26.4.2.tgz"; + sha512 = "z7H4EpCldHN1J8fNgsja58QftxBSL+JcwZmaXIvV9WKIM+x49F4GLHu/+BQh2kzRKHAgaN/E82od+8rTOBPyPA=="; }; }; - "jest-leak-detector-26.2.0" = { + "jest-leak-detector-26.4.2" = { name = "jest-leak-detector"; packageName = "jest-leak-detector"; - version = "26.2.0"; + version = "26.4.2"; src = fetchurl { - url = "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-26.2.0.tgz"; - sha512 = "aQdzTX1YiufkXA1teXZu5xXOJgy7wZQw6OJ0iH5CtQlOETe6gTSocaYKUNui1SzQ91xmqEUZ/WRavg9FD82rtQ=="; + url = "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-26.4.2.tgz"; + sha512 = "akzGcxwxtE+9ZJZRW+M2o+nTNnmQZxrHJxX/HjgDaU5+PLmY1qnQPnMjgADPGCRPhB+Yawe1iij0REe+k/aHoA=="; }; }; - "jest-matcher-utils-26.2.0" = { + "jest-matcher-utils-26.4.2" = { name = "jest-matcher-utils"; packageName = "jest-matcher-utils"; - version = "26.2.0"; + version = "26.4.2"; src = fetchurl { - url = "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-26.2.0.tgz"; - sha512 = "2cf/LW2VFb3ayPHrH36ZDjp9+CAeAe/pWBAwsV8t3dKcrINzXPVxq8qMWOxwt5BaeBCx4ZupVGH7VIgB8v66vQ=="; + url = "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-26.4.2.tgz"; + sha512 = "KcbNqWfWUG24R7tu9WcAOKKdiXiXCbMvQYT6iodZ9k1f7065k0keUOW6XpJMMvah+hTfqkhJhRXmA3r3zMAg0Q=="; }; }; - "jest-message-util-26.2.0" = { + "jest-message-util-26.3.0" = { name = "jest-message-util"; packageName = "jest-message-util"; - version = "26.2.0"; + version = "26.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/jest-message-util/-/jest-message-util-26.2.0.tgz"; - sha512 = "g362RhZaJuqeqG108n1sthz5vNpzTNy926eNDszo4ncRbmmcMRIUAZibnd6s5v2XSBCChAxQtCoN25gnzp7JbQ=="; + url = "https://registry.npmjs.org/jest-message-util/-/jest-message-util-26.3.0.tgz"; + sha512 = "xIavRYqr4/otGOiLxLZGj3ieMmjcNE73Ui+LdSW/Y790j5acqCsAdDiLIbzHCZMpN07JOENRWX5DcU+OQ+TjTA=="; }; }; - "jest-mock-26.2.0" = { + "jest-mock-26.3.0" = { name = "jest-mock"; packageName = "jest-mock"; - version = "26.2.0"; + version = "26.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/jest-mock/-/jest-mock-26.2.0.tgz"; - sha512 = "XeC7yWtWmWByoyVOHSsE7NYsbXJLtJNgmhD7z4MKumKm6ET0si81bsSLbQ64L5saK3TgsHo2B/UqG5KNZ1Sp/Q=="; + url = "https://registry.npmjs.org/jest-mock/-/jest-mock-26.3.0.tgz"; + sha512 = "PeaRrg8Dc6mnS35gOo/CbZovoDPKAeB1FICZiuagAgGvbWdNNyjQjkOaGUa/3N3JtpQ/Mh9P4A2D4Fv51NnP8Q=="; }; }; "jest-pnp-resolver-1.2.2" = { @@ -4288,94 +4261,94 @@ let sha512 = "Gv3ZIs/nA48/Zvjrl34bf+oD76JHiGDUxNOVgUjh3j890sblXryjY4rss71fPtD/njchl6PSE2hIhvyWa1eT0A=="; }; }; - "jest-resolve-26.2.2" = { + "jest-resolve-26.4.0" = { name = "jest-resolve"; packageName = "jest-resolve"; - version = "26.2.2"; + version = "26.4.0"; src = fetchurl { - url = "https://registry.npmjs.org/jest-resolve/-/jest-resolve-26.2.2.tgz"; - sha512 = "ye9Tj/ILn/0OgFPE/3dGpQPUqt4dHwIocxt5qSBkyzxQD8PbL0bVxBogX2FHxsd3zJA7V2H/cHXnBnNyyT9YoQ=="; + url = "https://registry.npmjs.org/jest-resolve/-/jest-resolve-26.4.0.tgz"; + sha512 = "bn/JoZTEXRSlEx3+SfgZcJAVuTMOksYq9xe9O6s4Ekg84aKBObEaVXKOEilULRqviSLAYJldnoWV9c07kwtiCg=="; }; }; - "jest-resolve-dependencies-26.2.2" = { + "jest-resolve-dependencies-26.4.2" = { name = "jest-resolve-dependencies"; packageName = "jest-resolve-dependencies"; - version = "26.2.2"; + version = "26.4.2"; src = fetchurl { - url = "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-26.2.2.tgz"; - sha512 = "S5vufDmVbQXnpP7435gr710xeBGUFcKNpNswke7RmFvDQtmqPjPVU/rCeMlEU0p6vfpnjhwMYeaVjKZAy5QYJA=="; + url = "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-26.4.2.tgz"; + sha512 = "ADHaOwqEcVc71uTfySzSowA/RdxUpCxhxa2FNLiin9vWLB1uLPad3we+JSSROq5+SrL9iYPdZZF8bdKM7XABTQ=="; }; }; - "jest-runner-26.2.2" = { + "jest-runner-26.4.2" = { name = "jest-runner"; packageName = "jest-runner"; - version = "26.2.2"; + version = "26.4.2"; src = fetchurl { - url = "https://registry.npmjs.org/jest-runner/-/jest-runner-26.2.2.tgz"; - sha512 = "/qb6ptgX+KQ+aNMohJf1We695kaAfuu3u3ouh66TWfhTpLd9WbqcF6163d/tMoEY8GqPztXPLuyG0rHRVDLxCA=="; + url = "https://registry.npmjs.org/jest-runner/-/jest-runner-26.4.2.tgz"; + sha512 = "FgjDHeVknDjw1gRAYaoUoShe1K3XUuFMkIaXbdhEys+1O4bEJS8Avmn4lBwoMfL8O5oFTdWYKcf3tEJyyYyk8g=="; }; }; - "jest-runtime-26.2.2" = { + "jest-runtime-26.4.2" = { name = "jest-runtime"; packageName = "jest-runtime"; - version = "26.2.2"; + version = "26.4.2"; src = fetchurl { - url = "https://registry.npmjs.org/jest-runtime/-/jest-runtime-26.2.2.tgz"; - sha512 = "a8VXM3DxCDnCIdl9+QucWFfQ28KdqmyVFqeKLigHdErtsx56O2ZIdQkhFSuP1XtVrG9nTNHbKxjh5XL1UaFDVQ=="; + url = "https://registry.npmjs.org/jest-runtime/-/jest-runtime-26.4.2.tgz"; + sha512 = "4Pe7Uk5a80FnbHwSOk7ojNCJvz3Ks2CNQWT5Z7MJo4tX0jb3V/LThKvD9tKPNVNyeMH98J/nzGlcwc00R2dSHQ=="; }; }; - "jest-serializer-26.2.0" = { + "jest-serializer-26.3.0" = { name = "jest-serializer"; packageName = "jest-serializer"; - version = "26.2.0"; + version = "26.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/jest-serializer/-/jest-serializer-26.2.0.tgz"; - sha512 = "V7snZI9IVmyJEu0Qy0inmuXgnMWDtrsbV2p9CRAcmlmPVwpC2ZM8wXyYpiugDQnwLHx0V4+Pnog9Exb3UO8M6Q=="; + url = "https://registry.npmjs.org/jest-serializer/-/jest-serializer-26.3.0.tgz"; + sha512 = "IDRBQBLPlKa4flg77fqg0n/pH87tcRKwe8zxOVTWISxGpPHYkRZ1dXKyh04JOja7gppc60+soKVZ791mruVdow=="; }; }; - "jest-snapshot-26.2.2" = { + "jest-snapshot-26.4.2" = { name = "jest-snapshot"; packageName = "jest-snapshot"; - version = "26.2.2"; + version = "26.4.2"; src = fetchurl { - url = "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-26.2.2.tgz"; - sha512 = "NdjD8aJS7ePu268Wy/n/aR1TUisG0BOY+QOW4f6h46UHEKOgYmmkvJhh2BqdVZQ0BHSxTMt04WpCf9njzx8KtA=="; + url = "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-26.4.2.tgz"; + sha512 = "N6Uub8FccKlf5SBFnL2Ri/xofbaA68Cc3MGjP/NuwgnsvWh+9hLIR/DhrxbSiKXMY9vUW5dI6EW1eHaDHqe9sg=="; }; }; - "jest-util-26.2.0" = { + "jest-util-26.3.0" = { name = "jest-util"; packageName = "jest-util"; - version = "26.2.0"; + version = "26.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/jest-util/-/jest-util-26.2.0.tgz"; - sha512 = "YmDwJxLZ1kFxpxPfhSJ0rIkiZOM0PQbRcfH0TzJOhqCisCAsI1WcmoQqO83My9xeVA2k4n+rzg2UuexVKzPpig=="; + url = "https://registry.npmjs.org/jest-util/-/jest-util-26.3.0.tgz"; + sha512 = "4zpn6bwV0+AMFN0IYhH/wnzIQzRaYVrz1A8sYnRnj4UXDXbOVtWmlaZkO9mipFqZ13okIfN87aDoJWB7VH6hcw=="; }; }; - "jest-validate-26.2.0" = { + "jest-validate-26.4.2" = { name = "jest-validate"; packageName = "jest-validate"; - version = "26.2.0"; + version = "26.4.2"; src = fetchurl { - url = "https://registry.npmjs.org/jest-validate/-/jest-validate-26.2.0.tgz"; - sha512 = "8XKn3hM6VIVmLNuyzYLCPsRCT83o8jMZYhbieh4dAyKLc4Ypr36rVKC+c8WMpWkfHHpGnEkvWUjjIAyobEIY/Q=="; + url = "https://registry.npmjs.org/jest-validate/-/jest-validate-26.4.2.tgz"; + sha512 = "blft+xDX7XXghfhY0mrsBCYhX365n8K5wNDC4XAcNKqqjEzsRUSXP44m6PL0QJEW2crxQFLLztVnJ4j7oPlQrQ=="; }; }; - "jest-watcher-26.2.0" = { + "jest-watcher-26.3.0" = { name = "jest-watcher"; packageName = "jest-watcher"; - version = "26.2.0"; + version = "26.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/jest-watcher/-/jest-watcher-26.2.0.tgz"; - sha512 = "674Boco4Joe0CzgKPL6K4Z9LgyLx+ZvW2GilbpYb8rFEUkmDGgsZdv1Hv5rxsRpb1HLgKUOL/JfbttRCuFdZXQ=="; + url = "https://registry.npmjs.org/jest-watcher/-/jest-watcher-26.3.0.tgz"; + sha512 = "XnLdKmyCGJ3VoF6G/p5ohbJ04q/vv5aH9ENI+i6BL0uu9WWB6Z7Z2lhQQk0d2AVZcRGp1yW+/TsoToMhBFPRdQ=="; }; }; - "jest-worker-26.2.1" = { + "jest-worker-26.3.0" = { name = "jest-worker"; packageName = "jest-worker"; - version = "26.2.1"; + version = "26.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/jest-worker/-/jest-worker-26.2.1.tgz"; - sha512 = "+XcGMMJDTeEGncRb5M5Zq9P7K4sQ1sirhjdOxsN1462h6lFo9w59bl2LVQmdGEEeU3m+maZCkS2Tcc9SfCHO4A=="; + url = "https://registry.npmjs.org/jest-worker/-/jest-worker-26.3.0.tgz"; + sha512 = "Vmpn2F6IASefL+DVBhPzI2J9/GJUsqzomdeN+P+dK8/jKxbh8R3BtFnx3FIta7wYlPU62cpJMJQo4kuOowcMnw=="; }; }; "js-tokens-4.0.0" = { @@ -4432,13 +4405,13 @@ let sha512 = "OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA=="; }; }; - "json-parse-better-errors-1.0.2" = { - name = "json-parse-better-errors"; - packageName = "json-parse-better-errors"; - version = "1.0.2"; + "json-parse-even-better-errors-2.3.0" = { + name = "json-parse-even-better-errors"; + packageName = "json-parse-even-better-errors"; + version = "2.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz"; - sha512 = "mrqyZKfX5EhL7hvqcV6WG1yYjnjeuYDzDhhcAAUrq8Po85NBQBJP+ZDUT75qZQ98IkUoBqdkExkukOU7Ts2wrw=="; + url = "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.0.tgz"; + sha512 = "o3aP+RsWDJZayj1SbHNQAI8x0v3T3SKiGoZlNYfbUP1S3omJQ6i9CnqADqkSPaOAxwua4/1YWx5CM7oiChJt2Q=="; }; }; "json-schema-0.2.3" = { @@ -4459,6 +4432,15 @@ let sha512 = "xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg=="; }; }; + "json-stable-stringify-1.0.1" = { + name = "json-stable-stringify"; + packageName = "json-stable-stringify"; + version = "1.0.1"; + src = fetchurl { + url = "https://registry.npmjs.org/json-stable-stringify/-/json-stable-stringify-1.0.1.tgz"; + sha1 = "9a759d39c5f2ff503fd5300646ed445f88c4f9af"; + }; + }; "json-stable-stringify-without-jsonify-1.0.1" = { name = "json-stable-stringify-without-jsonify"; packageName = "json-stable-stringify-without-jsonify"; @@ -4486,15 +4468,6 @@ let sha512 = "KXPvOm8K9IJKFM0bmdn8QXh7udDh1g/giieX0NLCaMnb4hEiVFqnop2ImTXCc5e0/oHz3LTqmHGtExn5hfMkOA=="; }; }; - "jsonfile-4.0.0" = { - name = "jsonfile"; - packageName = "jsonfile"; - version = "4.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz"; - sha1 = "8771aae0799b64076b76640fca058f9c10e33ecb"; - }; - }; "jsonfile-6.0.1" = { name = "jsonfile"; packageName = "jsonfile"; @@ -4504,6 +4477,15 @@ let sha512 = "jR2b5v7d2vIOust+w3wtFKZIfpC2pnRmFAhAC/BuweZFQR8qZzxH1OyrQ10HmdVYiXWkYUqPVsz91cG7EL2FBg=="; }; }; + "jsonify-0.0.0" = { + name = "jsonify"; + packageName = "jsonify"; + version = "0.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/jsonify/-/jsonify-0.0.0.tgz"; + sha1 = "2c74b6ee41d93ca51b7b5aaee8f503631d252a73"; + }; + }; "jsprim-1.4.1" = { name = "jsprim"; packageName = "jsprim"; @@ -4630,13 +4612,13 @@ let sha512 = "t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g=="; }; }; - "lodash-4.17.19" = { + "lodash-4.17.20" = { name = "lodash"; packageName = "lodash"; - version = "4.17.19"; + version = "4.17.20"; src = fetchurl { - url = "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz"; - sha512 = "JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ=="; + url = "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz"; + sha512 = "PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA=="; }; }; "lodash.sortby-4.7.0" = { @@ -4666,13 +4648,13 @@ let sha512 = "lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q=="; }; }; - "lunr-2.3.8" = { + "lunr-2.3.9" = { name = "lunr"; packageName = "lunr"; - version = "2.3.8"; + version = "2.3.9"; src = fetchurl { - url = "https://registry.npmjs.org/lunr/-/lunr-2.3.8.tgz"; - sha512 = "oxMeX/Y35PNFuZoHp+jUj5OSEmLCaIH4KTFJh7a93cHBoFmpw2IoPs22VIz7vyO2YUnx2Tn9dzIwO2P/4quIRg=="; + url = "https://registry.npmjs.org/lunr/-/lunr-2.3.9.tgz"; + sha512 = "zTU3DaZaF3Rt9rhN3uBMGQD3dD2/vFQqnvZCDv4dl5iOzq2IZQqTxu90r4E5J+nP70J3ilqVCrbho2eWaeW8Ow=="; }; }; "make-dir-2.1.0" = { @@ -4720,13 +4702,13 @@ let sha1 = "ecdca8f13144e660f1b5bd41f12f3479d98dfb8f"; }; }; - "marked-1.0.0" = { + "marked-1.1.1" = { name = "marked"; packageName = "marked"; - version = "1.0.0"; + version = "1.1.1"; src = fetchurl { - url = "https://registry.npmjs.org/marked/-/marked-1.0.0.tgz"; - sha512 = "Wo+L1pWTVibfrSr+TTtMuiMfNzmZWiOPeO7rZsQUY5bgsxpHesBEcIWJloWVTFnrMXnf/TL30eTFSGJddmQAng=="; + url = "https://registry.npmjs.org/marked/-/marked-1.1.1.tgz"; + sha512 = "mJzT8D2yPxoPh7h0UXkB+dBj4FykPJ2OIfxAWeIHrvoHDkFxukV/29QxoFQoPM6RLEwhIFdJpmKBlqVM3s2ZIw=="; }; }; "merge-stream-2.0.0" = { @@ -4864,22 +4846,22 @@ let sha512 = "al0MUK7cpIcglMv3YF13qSgdAIqxHTO7brRtaz3DlSULbqfazqkc5kEjNrLDOM7fsjshoFIihnU8snrP7zUvhQ=="; }; }; - "mqtt-4.1.0" = { + "mqtt-4.2.1" = { name = "mqtt"; packageName = "mqtt"; - version = "4.1.0"; + version = "4.2.1"; src = fetchurl { - url = "https://registry.npmjs.org/mqtt/-/mqtt-4.1.0.tgz"; - sha512 = "dBihVZzaB8p9G/2ktSfamiaHmMnpCpP2du08317ZuEX1kBAbZOG9aMJQ11EChXnOX3GKUeiZYaSITueceQKT2A=="; + url = "https://registry.npmjs.org/mqtt/-/mqtt-4.2.1.tgz"; + sha512 = "Iv893r+jWlo5GkNcPOfCGwW8M49IixwHiKLFFYTociEymSibUVCORVEjPXWPGzSxhn7BdlUeHicbRmWiv0Crkg=="; }; }; - "mqtt-packet-6.3.2" = { + "mqtt-packet-6.4.0" = { name = "mqtt-packet"; packageName = "mqtt-packet"; - version = "6.3.2"; + version = "6.4.0"; src = fetchurl { - url = "https://registry.npmjs.org/mqtt-packet/-/mqtt-packet-6.3.2.tgz"; - sha512 = "i56+2kN6F57KInGtjjfUXSl4xG8u/zOvfaXFLKFAbBXzWkXOmwcmjaSCBPayf2IQCkQU0+h+S2DizCo3CF6gQA=="; + url = "https://registry.npmjs.org/mqtt-packet/-/mqtt-packet-6.4.0.tgz"; + sha512 = "dNd1RPyBolklOR27hgHhy3TxkDk31ZaDu4ljAgJoHlnVsdACH8guwEZhpk3ZMn6GAdH6ENDLgtE285FHIiXzxA=="; }; }; "ms-2.0.0" = { @@ -4963,13 +4945,13 @@ let sha512 = "1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ=="; }; }; - "node-abi-2.18.0" = { + "node-abi-2.19.1" = { name = "node-abi"; packageName = "node-abi"; - version = "2.18.0"; + version = "2.19.1"; src = fetchurl { - url = "https://registry.npmjs.org/node-abi/-/node-abi-2.18.0.tgz"; - sha512 = "yi05ZoiuNNEbyT/xXfSySZE+yVnQW6fxPZuFbLyS1s6b5Kw3HzV2PHOM4XR+nsjzkHxByK+2Wg+yCQbe35l8dw=="; + url = "https://registry.npmjs.org/node-abi/-/node-abi-2.19.1.tgz"; + sha512 = "HbtmIuByq44yhAzK7b9j/FelKlHYISKQn0mtvcBrU5QBkhoCMp5bu8Hv5AI34DcKfOAcJBcOEMwLlwO62FFu9A=="; }; }; "node-int64-0.4.0" = { @@ -4990,13 +4972,13 @@ let sha1 = "8d9dbe28964a4ac5712e9131642107c71e90ec40"; }; }; - "node-notifier-7.0.2" = { + "node-notifier-8.0.0" = { name = "node-notifier"; packageName = "node-notifier"; - version = "7.0.2"; + version = "8.0.0"; src = fetchurl { - url = "https://registry.npmjs.org/node-notifier/-/node-notifier-7.0.2.tgz"; - sha512 = "ux+n4hPVETuTL8+daJXTOC6uKLgMsl1RYfFv7DKRzyvzBapqco0rZZ9g72ZN8VS6V+gvNYHYa/ofcCY8fkJWsA=="; + url = "https://registry.npmjs.org/node-notifier/-/node-notifier-8.0.0.tgz"; + sha512 = "46z7DUmcjoYdaWyXouuFNNfUo6eFa94t23c53c+lG/9Cvauk4a98rAUp9672X5dxGdQmLpPzTxzu8f/OeEPaFA=="; }; }; "node-releases-1.1.60" = { @@ -5179,13 +5161,13 @@ let sha512 = "5DXOiRKwuSEcQ/l0kGCF6Q3jcADFv5tSmRaJck/OqkVFcOzutB134KRSfF0xDrL39MNnqxbHBbUUcjZIhTgb2g=="; }; }; - "onetime-5.1.1" = { + "onetime-5.1.2" = { name = "onetime"; packageName = "onetime"; - version = "5.1.1"; + version = "5.1.2"; src = fetchurl { - url = "https://registry.npmjs.org/onetime/-/onetime-5.1.1.tgz"; - sha512 = "ZpZpjcJeugQfWsfyQlshVoowIIQ1qBGSVll4rfDq6JJVO//fesjoX808hXWfBjY+ROZgpKDI5TRSRBSoJiZ8eg=="; + url = "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz"; + sha512 = "kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg=="; }; }; "optionator-0.8.3" = { @@ -5269,13 +5251,13 @@ let sha512 = "GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g=="; }; }; - "parse-json-5.0.1" = { + "parse-json-5.1.0" = { name = "parse-json"; packageName = "parse-json"; - version = "5.0.1"; + version = "5.1.0"; src = fetchurl { - url = "https://registry.npmjs.org/parse-json/-/parse-json-5.0.1.tgz"; - sha512 = "ztoZ4/DYeXQq4E21v169sC8qWINGpcosGv9XhTDvg9/hWvx/zrFkc9BiWxR58OJLHGk28j5BL0SDLeV2WmFZlQ=="; + url = "https://registry.npmjs.org/parse-json/-/parse-json-5.1.0.tgz"; + sha512 = "+mi/lmVVNKFNVyLXV31ERiy2CY5E1/F6QtJFEzoChPRwwngMNXRDQ9GJ5WdE2Z2P4AujsOi0/+2qHID68KwfIQ=="; }; }; "parse5-5.1.1" = { @@ -5440,13 +5422,13 @@ let sha512 = "kbo/kq2LQ/A/is0PQwsEHM7Ca6//bGPPvU6UnsdDRSKTWxT/ru/xb88v4BJf6a69H+uTytOEsTusT9ksd/1iWQ=="; }; }; - "pretty-format-26.2.0" = { + "pretty-format-26.4.2" = { name = "pretty-format"; packageName = "pretty-format"; - version = "26.2.0"; + version = "26.4.2"; src = fetchurl { - url = "https://registry.npmjs.org/pretty-format/-/pretty-format-26.2.0.tgz"; - sha512 = "qi/8IuBu2clY9G7qCXgCdD1Bf9w+sXakdHTRToknzMtVy0g7c4MBWaZy7MfB7ndKZovRO6XRwJiAYqq+MC7SDA=="; + url = "https://registry.npmjs.org/pretty-format/-/pretty-format-26.4.2.tgz"; + sha512 = "zK6Gd8zDsEiVydOCGLkoBoZuqv8VTiHyAbKznXe/gaph/DAeZOmit9yMfgIz5adIgAMMs5XfoYSwAX3jcCO1tA=="; }; }; "process-nextick-args-2.0.1" = { @@ -6223,13 +6205,13 @@ let sha512 = "NzNVhJDYpwceVVii8/Hu6DKfD2G+NrQHlS/V/qgv763EYudVwEcMQNxd2lh+0VrUByXN/oJkl5grOhYWvQUYiw=="; }; }; - "split2-3.1.1" = { + "split2-3.2.2" = { name = "split2"; packageName = "split2"; - version = "3.1.1"; + version = "3.2.2"; src = fetchurl { - url = "https://registry.npmjs.org/split2/-/split2-3.1.1.tgz"; - sha512 = "emNzr1s7ruq4N+1993yht631/JH+jaj0NYBosuKmLcq+JkGQ9MmTw1RB1fGaTCzUuseRIClrlSLHRNYGwWQ58Q=="; + url = "https://registry.npmjs.org/split2/-/split2-3.2.2.tgz"; + sha512 = "9NThjpgZnifTkJpzTZ7Eue85S49QwpNhZTq6GRJwObb6jnLFNGB7Qm73V5HewTROPyxD0C29xqmaI68bQtV+hg=="; }; }; "sprintf-js-1.0.3" = { @@ -6430,13 +6412,13 @@ let sha512 = "QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow=="; }; }; - "supports-color-7.1.0" = { + "supports-color-7.2.0" = { name = "supports-color"; packageName = "supports-color"; - version = "7.1.0"; + version = "7.2.0"; src = fetchurl { - url = "https://registry.npmjs.org/supports-color/-/supports-color-7.1.0.tgz"; - sha512 = "oRSIpR8pxT1Wr2FquTNnGet79b3BWljqOuoW/h4oBhxJ/HUbX5nX6JSruTkvXDCFMwDPvsaTTbvMLKZWSy0R5g=="; + url = "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz"; + sha512 = "qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw=="; }; }; "supports-hyperlinks-2.1.0" = { @@ -6691,13 +6673,13 @@ let sha512 = "+5nt5AAniqsCnu2cEQQdpzCAh33kVx8n0VoFidKpB1dVVLAN/F+bgVOqOJqOnEnrhp222clB5p3vUlD+1QAnfg=="; }; }; - "type-2.0.0" = { + "type-2.1.0" = { name = "type"; packageName = "type"; - version = "2.0.0"; + version = "2.1.0"; src = fetchurl { - url = "https://registry.npmjs.org/type/-/type-2.0.0.tgz"; - sha512 = "KBt58xCHry4Cejnc2ISQAF7QY+ORngsWfxezO68+12hKV6lQY8P/psIkcbjeHWn7MqcgciWJyCCevFMJdIXpow=="; + url = "https://registry.npmjs.org/type/-/type-2.1.0.tgz"; + sha512 = "G9absDWvhAWCV2gmF1zKud3OyC61nZDwWvBL2DApaVFogI07CprggiQAOOjvp2NRjYWFzPyu7vwtDrQFq8jeSA=="; }; }; "type-check-0.3.2" = { @@ -6772,31 +6754,31 @@ let sha512 = "zdu8XMNEDepKKR+XYOXAVPtWui0ly0NtohUscw+UmaHiAWT8hrV1rr//H6V+0DvJ3OQ19S979M0laLfX8rm82Q=="; }; }; - "typedoc-0.17.8" = { + "typedoc-0.19.0" = { name = "typedoc"; packageName = "typedoc"; - version = "0.17.8"; + version = "0.19.0"; src = fetchurl { - url = "https://registry.npmjs.org/typedoc/-/typedoc-0.17.8.tgz"; - sha512 = "/OyrHCJ8jtzu+QZ+771YaxQ9s4g5Z3XsQE3Ma7q+BL392xxBn4UMvvCdVnqKC2T/dz03/VXSLVKOP3lHmDdc/w=="; + url = "https://registry.npmjs.org/typedoc/-/typedoc-0.19.0.tgz"; + sha512 = "Rn68JwgDDYyIWl3HXeSsLZcsvxd2anISjhKu64PvID7RETeS2Iwnc4cH60yqc8/N50Xo1d3MHPGYinCPhMMliQ=="; }; }; - "typedoc-default-themes-0.10.2" = { + "typedoc-default-themes-0.11.1" = { name = "typedoc-default-themes"; packageName = "typedoc-default-themes"; - version = "0.10.2"; + version = "0.11.1"; src = fetchurl { - url = "https://registry.npmjs.org/typedoc-default-themes/-/typedoc-default-themes-0.10.2.tgz"; - sha512 = "zo09yRj+xwLFE3hyhJeVHWRSPuKEIAsFK5r2u47KL/HBKqpwdUSanoaz5L34IKiSATFrjG5ywmIu98hPVMfxZg=="; + url = "https://registry.npmjs.org/typedoc-default-themes/-/typedoc-default-themes-0.11.1.tgz"; + sha512 = "1yl8pbhjrLywqGJx9TfT+wzP+ntudPYjgJdpCj+s5ed2etBkqZPOCBMKwpaN9o6pdoFQF195PggqWTLVEkaRQQ=="; }; }; - "typedoc-plugin-markdown-2.4.0" = { + "typedoc-plugin-markdown-2.4.2" = { name = "typedoc-plugin-markdown"; packageName = "typedoc-plugin-markdown"; - version = "2.4.0"; + version = "2.4.2"; src = fetchurl { - url = "https://registry.npmjs.org/typedoc-plugin-markdown/-/typedoc-plugin-markdown-2.4.0.tgz"; - sha512 = "m4eOwxSzeCbGNFzPDadNQcuMbkbc/45fgXsIP/m4K20i/8zVhCBmvoTxmKUqWYVTYc1BTtvQD5hY/qCueHoLFw=="; + url = "https://registry.npmjs.org/typedoc-plugin-markdown/-/typedoc-plugin-markdown-2.4.2.tgz"; + sha512 = "BBH+9/Uq5XbsqfzCDl8Jq4iaLXRMXRuAHZRFarAZX7df8+F3vUjDx/WHWoWqbZ/XUFzduLC2Iuy2qwsJX8SQ7A=="; }; }; "typedoc-plugin-no-inherit-1.1.10" = { @@ -6817,31 +6799,22 @@ let sha512 = "xHq9DzkoQywS7FyPneMm2/Hr9GRoCpjSQXkVN0W6SCJKP7fguqg2tasgh+8l5/mW6YSYvqCqEbkSYLbuD4Y6gA=="; }; }; - "typescript-3.9.7" = { + "typescript-4.0.2" = { name = "typescript"; packageName = "typescript"; - version = "3.9.7"; + version = "4.0.2"; src = fetchurl { - url = "https://registry.npmjs.org/typescript/-/typescript-3.9.7.tgz"; - sha512 = "BLbiRkiBzAwsjut4x/dsibSTB6yWpwT5qWmC2OfuCg3GgVQCSgMs4vEctYPhsaGtd0AeuuHMkjZ2h2WG8MSzRw=="; + url = "https://registry.npmjs.org/typescript/-/typescript-4.0.2.tgz"; + sha512 = "e4ERvRV2wb+rRZ/IQeb3jm2VxBsirQLpQhdxplZ2MEzGvDkkMmPglecnNDfSUBivMjP93vRbngYYDQqQ/78bcQ=="; }; }; - "uglify-js-3.10.1" = { + "uglify-js-3.10.2" = { name = "uglify-js"; packageName = "uglify-js"; - version = "3.10.1"; + version = "3.10.2"; src = fetchurl { - url = "https://registry.npmjs.org/uglify-js/-/uglify-js-3.10.1.tgz"; - sha512 = "RjxApKkrPJB6kjJxQS3iZlf///REXWYxYJxO/MpmlQzVkDWVI3PSnCBWezMecmTU/TRkNxrl8bmsfFQCp+LO+Q=="; - }; - }; - "ultron-1.1.1" = { - name = "ultron"; - packageName = "ultron"; - version = "1.1.1"; - src = fetchurl { - url = "https://registry.npmjs.org/ultron/-/ultron-1.1.1.tgz"; - sha512 = "UIEXBNeYmKptWH6z8ZnqTeS8fV74zG0/eRU9VGkpzz+LIJNs8W/zM/L+7ctCkRrgbNnnR0xxw4bKOr0cW0N0Og=="; + url = "https://registry.npmjs.org/uglify-js/-/uglify-js-3.10.2.tgz"; + sha512 = "GXCYNwqoo0MbLARghYjxVBxDCnU0tLqN7IPLdHHbibCb1NI5zBkU2EPcy/GaVxc0BtTjqyGXJCINe6JMR2Dpow=="; }; }; "unc-path-regex-0.1.2" = { @@ -6907,15 +6880,6 @@ let sha512 = "2nY4TnBE70yoxHkDli7DMazpWiP7xMdCYqU2nBRO0UB+ZpEkGsSija7MvmvnZFUeC+mrgiUfcHSr3LmRFIg4+A=="; }; }; - "universalify-0.1.2" = { - name = "universalify"; - packageName = "universalify"; - version = "0.1.2"; - src = fetchurl { - url = "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz"; - sha512 = "rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg=="; - }; - }; "universalify-1.0.0" = { name = "universalify"; packageName = "universalify"; @@ -7015,13 +6979,13 @@ let sha512 = "8OQ9CL+VWyt3JStj7HX7/ciTL2V3Rl1Wf5OL+SNTm0yK1KvtReVulksyeRnCANHHuUxHlQig+JJDlUhBt1NQDQ=="; }; }; - "v8-to-istanbul-4.1.4" = { + "v8-to-istanbul-5.0.1" = { name = "v8-to-istanbul"; packageName = "v8-to-istanbul"; - version = "4.1.4"; + version = "5.0.1"; src = fetchurl { - url = "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-4.1.4.tgz"; - sha512 = "Rw6vJHj1mbdK8edjR7+zuJrpDtKIgNdAvTSAcpYfgMIw+u2dPDntD3dgN4XQFLU2/fvFQdzj+EeSGfd/jnY5fQ=="; + url = "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-5.0.1.tgz"; + sha512 = "mbDNjuDajqYe3TXFk5qxcQy8L1msXNE37WTlLoqqpBfRsimbNcrlhQlDPntmECEcUvdC+AQ8CyMMf6EUx1r74Q=="; }; }; "validate-npm-package-license-3.0.4" = { @@ -7087,15 +7051,6 @@ let sha512 = "qBIvFLGiBpLjfwmYAaHPXsn+ho5xZnGvyGvsarywGNc8VyQJUMHJ8OBKGGrPER0okBeMDaan4mNBlgBROxuI8w=="; }; }; - "websocket-stream-5.5.2" = { - name = "websocket-stream"; - packageName = "websocket-stream"; - version = "5.5.2"; - src = fetchurl { - url = "https://registry.npmjs.org/websocket-stream/-/websocket-stream-5.5.2.tgz"; - sha512 = "8z49MKIHbGk3C4HtuHWDtYX8mYej1wWabjthC/RupM9ngeukU4IWoM46dgth1UOS/T4/IqgEdCDJuMe2039OQQ=="; - }; - }; "whatwg-encoding-1.0.5" = { name = "whatwg-encoding"; packageName = "whatwg-encoding"; @@ -7114,13 +7069,13 @@ let sha512 = "M4yMwr6mAnQz76TbJm914+gPpB/nCwvZbJU28cUD6dR004SAxDLOOSUaB1JDRqLtaOV/vi0IC5lEAGFgrjGv/g=="; }; }; - "whatwg-url-8.1.0" = { + "whatwg-url-8.2.1" = { name = "whatwg-url"; packageName = "whatwg-url"; - version = "8.1.0"; + version = "8.2.1"; src = fetchurl { - url = "https://registry.npmjs.org/whatwg-url/-/whatwg-url-8.1.0.tgz"; - sha512 = "vEIkwNi9Hqt4TV9RdnaBPNt+E2Sgmo3gePebCRgZ1R7g6d23+53zCTnuB0amKI4AXq6VM8jj2DUAa0S1vjJxkw=="; + url = "https://registry.npmjs.org/whatwg-url/-/whatwg-url-8.2.1.tgz"; + sha512 = "ZmVCr6nfBeaMxEHALLEGy0LszYjpJqf6PVNQUQ1qd9Et+q7Jpygd4rGGDXgHjD8e99yLFseD69msHDM4YwPZ4A=="; }; }; "which-1.3.1" = { @@ -7249,15 +7204,6 @@ let sha512 = "AvHcyZ5JnSfq3ioSyjrBkH9yW4m7Ayk8/9My/DD9onKeu/94fwrMocemO2QAJFAlnnDN+ZDS+ZjAR5ua1/PV/Q=="; }; }; - "ws-3.3.3" = { - name = "ws"; - packageName = "ws"; - version = "3.3.3"; - src = fetchurl { - url = "https://registry.npmjs.org/ws/-/ws-3.3.3.tgz"; - sha512 = "nnWLa/NwZSt4KQJu51MYlCcSQ5g7INpOrOMt4XV8j4dqTXdmlUmSHQ8/oLC069ckre0fRsgfvsKwbTdtKLCDkA=="; - }; - }; "ws-7.3.1" = { name = "ws"; packageName = "ws"; @@ -7321,41 +7267,45 @@ let sha512 = "o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ=="; }; }; - "zigbee-herdsman-0.12.116" = { + "zigbee-herdsman-0.12.127" = { name = "zigbee-herdsman"; packageName = "zigbee-herdsman"; - version = "0.12.116"; + version = "0.12.127"; src = fetchurl { - url = "https://registry.npmjs.org/zigbee-herdsman/-/zigbee-herdsman-0.12.116.tgz"; - sha512 = "eMpqW5KWiVR5jMW7gelDrZB7sgohD8CoJeAH91bd89zR/vM3sTnSTC/HRpqRlEsPeYqwCRBKExf57q2iDQbWaA=="; + url = "https://registry.npmjs.org/zigbee-herdsman/-/zigbee-herdsman-0.12.127.tgz"; + sha512 = "NbNwX+83byss1tQpZXydpo9iYuHa3RV88X2vHpmoNnv4WuHBjnSbmL/1sdiUB1URBIGeFgC9MxLiTtqxMyCehQ=="; }; }; - "zigbee-herdsman-converters-12.0.161" = { + "zigbee-herdsman-converters-12.0.178" = { name = "zigbee-herdsman-converters"; packageName = "zigbee-herdsman-converters"; - version = "12.0.161"; + version = "12.0.178"; src = fetchurl { - url = "https://registry.npmjs.org/zigbee-herdsman-converters/-/zigbee-herdsman-converters-12.0.161.tgz"; - sha512 = "iufUoZL86uTplW8vEjevFtAb7KITox2vXHB+0l9dE7lJqYyiGKyEoRqbjkmqBNqFjkJXD4eAM0VpsVAbHGbDMg=="; + url = "https://registry.npmjs.org/zigbee-herdsman-converters/-/zigbee-herdsman-converters-12.0.178.tgz"; + sha512 = "SOATRwJU8NCWay194BCzDr0+HkgF4ANv8Qw8Xmqbz60YZWsNh9y8tYrVbIbcTdiZKLGzambrmY66DgOntiTxNA=="; }; }; }; args = { name = "zigbee2mqtt"; packageName = "zigbee2mqtt"; - version = "1.14.3"; + version = "1.14.4"; src = ./.; dependencies = [ sources."@dabh/diagnostics-2.0.2" - sources."ajv-6.12.3" + sources."ajv-6.12.4" sources."argparse-1.0.10" sources."async-3.2.0" - sources."async-limiter-1.0.1" sources."balanced-match-1.0.0" sources."base64-js-1.3.1" sources."bindings-1.5.0" - sources."bl-1.2.2" + (sources."bl-4.0.3" // { + dependencies = [ + sources."readable-stream-3.6.0" + ]; + }) sources."brace-expansion-1.1.11" + sources."buffer-5.6.0" sources."buffer-from-1.1.1" sources."callback-stream-1.1.0" sources."color-3.0.0" @@ -7387,7 +7337,7 @@ let sources."event-emitter-0.3.5" (sources."ext-1.4.0" // { dependencies = [ - sources."type-2.0.0" + sources."type-2.1.0" ]; }) sources."extend-3.0.2" @@ -7405,6 +7355,7 @@ let sources."glossy-0.1.7" sources."help-me-1.1.0" sources."humanize-duration-3.23.1" + sources."ieee754-1.1.13" sources."inflight-1.0.6" sources."inherits-2.0.4" sources."is-absolute-1.0.0" @@ -7419,7 +7370,9 @@ let sources."isarray-1.0.0" sources."js-yaml-3.14.0" sources."json-schema-traverse-0.4.1" + sources."json-stable-stringify-1.0.1" sources."json-stable-stringify-without-jsonify-1.0.1" + sources."jsonify-0.0.0" sources."kuler-2.0.0" sources."leven-2.1.0" sources."logform-2.2.0" @@ -7427,8 +7380,12 @@ let sources."minimist-1.2.5" sources."mkdir-recursive-0.4.0" sources."moment-2.27.0" - sources."mqtt-4.1.0" - sources."mqtt-packet-6.3.2" + sources."mqtt-4.2.1" + (sources."mqtt-packet-6.4.0" // { + dependencies = [ + sources."safe-buffer-5.2.1" + ]; + }) sources."ms-2.1.2" sources."nan-2.14.1" sources."next-tick-1.0.0" @@ -7453,7 +7410,7 @@ let sources."safe-buffer-5.1.2" sources."semver-7.3.2" sources."simple-swizzle-0.2.2" - (sources."split2-3.1.1" // { + (sources."split2-3.2.2" // { dependencies = [ sources."readable-stream-3.6.0" ]; @@ -7469,13 +7426,11 @@ let sources."triple-beam-1.3.0" sources."type-1.2.0" sources."typedarray-0.0.6" - sources."ultron-1.1.1" sources."unc-path-regex-0.1.2" sources."unique-stream-2.3.1" sources."unix-dgram-2.0.3" sources."uri-js-4.2.2" sources."util-deprecate-1.0.2" - sources."websocket-stream-5.5.2" (sources."winston-3.3.3" // { dependencies = [ sources."readable-stream-3.6.0" @@ -7484,22 +7439,22 @@ let sources."winston-syslog-2.4.4" sources."winston-transport-4.4.0" sources."wrappy-1.0.2" - sources."ws-3.3.3" + sources."ws-7.3.1" sources."xtend-4.0.2" - (sources."zigbee-herdsman-0.12.116" // { + (sources."zigbee-herdsman-0.12.127" // { dependencies = [ sources."@babel/cli-7.10.5" sources."@babel/code-frame-7.10.4" sources."@babel/compat-data-7.11.0" - sources."@babel/core-7.11.1" - sources."@babel/generator-7.11.0" + sources."@babel/core-7.11.4" + sources."@babel/generator-7.11.4" sources."@babel/helper-annotate-as-pure-7.10.4" sources."@babel/helper-builder-binary-assignment-operator-visitor-7.10.4" sources."@babel/helper-compilation-targets-7.10.4" sources."@babel/helper-create-class-features-plugin-7.10.5" sources."@babel/helper-create-regexp-features-plugin-7.10.4" sources."@babel/helper-define-map-7.10.5" - sources."@babel/helper-explode-assignable-expression-7.10.4" + sources."@babel/helper-explode-assignable-expression-7.11.4" sources."@babel/helper-function-name-7.10.4" sources."@babel/helper-get-function-arity-7.10.4" sources."@babel/helper-hoist-variables-7.10.4" @@ -7509,7 +7464,7 @@ let sources."@babel/helper-optimise-call-expression-7.10.4" sources."@babel/helper-plugin-utils-7.10.4" sources."@babel/helper-regex-7.10.5" - sources."@babel/helper-remap-async-to-generator-7.10.4" + sources."@babel/helper-remap-async-to-generator-7.11.4" sources."@babel/helper-replace-supers-7.10.4" sources."@babel/helper-simple-access-7.10.4" sources."@babel/helper-skip-transparent-expression-wrappers-7.11.0" @@ -7518,7 +7473,7 @@ let sources."@babel/helper-wrap-function-7.10.4" sources."@babel/helpers-7.10.4" sources."@babel/highlight-7.10.4" - sources."@babel/parser-7.11.3" + sources."@babel/parser-7.11.4" sources."@babel/plugin-proposal-async-generator-functions-7.10.5" sources."@babel/plugin-proposal-class-properties-7.10.4" sources."@babel/plugin-proposal-dynamic-import-7.10.4" @@ -7581,7 +7536,7 @@ let sources."@babel/plugin-transform-unicode-escapes-7.10.4" sources."@babel/plugin-transform-unicode-regex-7.10.4" sources."@babel/preset-env-7.11.0" - sources."@babel/preset-modules-0.1.3" + sources."@babel/preset-modules-0.1.4" sources."@babel/preset-typescript-7.10.4" sources."@babel/runtime-7.11.2" sources."@babel/template-7.10.4" @@ -7591,21 +7546,23 @@ let sources."@cnakazawa/watch-1.0.4" sources."@istanbuljs/load-nyc-config-1.1.0" sources."@istanbuljs/schema-0.1.2" - (sources."@jest/console-26.2.0" // { + (sources."@jest/console-26.3.0" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" sources."slash-3.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) - (sources."@jest/core-26.2.2" // { + (sources."@jest/core-26.4.2" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-regex-5.0.0" sources."ansi-styles-4.2.1" sources."braces-3.0.2" @@ -7619,46 +7576,50 @@ let sources."rimraf-3.0.2" sources."slash-3.0.0" sources."strip-ansi-6.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" sources."to-regex-range-5.0.1" ]; }) - (sources."@jest/environment-26.2.0" // { + (sources."@jest/environment-26.3.0" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) - (sources."@jest/fake-timers-26.2.0" // { + (sources."@jest/fake-timers-26.3.0" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) - (sources."@jest/globals-26.2.0" // { + (sources."@jest/globals-26.4.2" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) - (sources."@jest/reporters-26.2.2" // { + (sources."@jest/reporters-26.4.1" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" @@ -7666,29 +7627,31 @@ let sources."has-flag-4.0.0" sources."slash-3.0.0" sources."source-map-0.6.1" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) - (sources."@jest/source-map-26.1.0" // { + (sources."@jest/source-map-26.3.0" // { dependencies = [ sources."source-map-0.6.1" ]; }) - (sources."@jest/test-result-26.2.0" // { + (sources."@jest/test-result-26.3.0" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) - sources."@jest/test-sequencer-26.2.2" - (sources."@jest/transform-26.2.2" // { + sources."@jest/test-sequencer-26.4.2" + (sources."@jest/transform-26.3.0" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."braces-3.0.2" sources."chalk-4.1.0" @@ -7700,7 +7663,7 @@ let sources."micromatch-4.0.2" sources."slash-3.0.0" sources."source-map-0.6.1" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" sources."to-regex-range-5.0.1" ]; }) @@ -7711,7 +7674,7 @@ let sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) sources."@serialport/binding-abstract-9.0.1" @@ -7737,36 +7700,36 @@ let sources."@types/istanbul-lib-coverage-2.0.3" sources."@types/istanbul-lib-report-3.0.0" sources."@types/istanbul-reports-1.1.2" - sources."@types/jest-26.0.9" + sources."@types/jest-26.0.10" sources."@types/json-schema-7.0.5" sources."@types/nedb-1.8.10" - sources."@types/node-14.0.27" + sources."@types/node-14.6.2" sources."@types/normalize-package-data-2.4.0" - sources."@types/prettier-2.0.2" + sources."@types/prettier-2.1.0" sources."@types/serialport-8.0.1" sources."@types/stack-utils-1.0.1" sources."@types/yargs-15.0.5" sources."@types/yargs-parser-15.0.0" - (sources."@typescript-eslint/eslint-plugin-3.8.0" // { + (sources."@typescript-eslint/eslint-plugin-3.10.1" // { dependencies = [ sources."semver-7.3.2" ]; }) - sources."@typescript-eslint/experimental-utils-3.8.0" - sources."@typescript-eslint/parser-3.8.0" - sources."@typescript-eslint/types-3.8.0" - (sources."@typescript-eslint/typescript-estree-3.8.0" // { + sources."@typescript-eslint/experimental-utils-3.10.1" + sources."@typescript-eslint/parser-3.10.1" + sources."@typescript-eslint/types-3.10.1" + (sources."@typescript-eslint/typescript-estree-3.10.1" // { dependencies = [ sources."semver-7.3.2" ]; }) - sources."@typescript-eslint/visitor-keys-3.8.0" + sources."@typescript-eslint/visitor-keys-3.10.1" sources."abab-2.0.4" sources."acorn-7.4.0" sources."acorn-globals-6.0.0" sources."acorn-jsx-5.2.0" sources."acorn-walk-7.2.0" - sources."ajv-6.12.3" + sources."ajv-6.12.4" sources."ansi-colors-4.1.1" (sources."ansi-escapes-4.3.1" // { dependencies = [ @@ -7796,24 +7759,25 @@ let sources."at-least-node-1.0.0" sources."atob-2.1.2" sources."aws-sign2-0.7.0" - sources."aws4-1.10.0" - (sources."babel-jest-26.2.2" // { + sources."aws4-1.10.1" + (sources."babel-jest-26.3.0" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" sources."slash-3.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) sources."babel-plugin-dynamic-import-node-2.3.3" sources."babel-plugin-istanbul-6.0.0" sources."babel-plugin-jest-hoist-26.2.0" sources."babel-preset-current-node-syntax-0.1.3" - sources."babel-preset-jest-26.2.0" + sources."babel-preset-jest-26.3.0" sources."balanced-match-1.0.0" (sources."base-0.11.2" // { dependencies = [ @@ -7829,7 +7793,7 @@ let sources."bcrypt-pbkdf-1.0.2" sources."binary-extensions-1.13.1" sources."bindings-1.5.0" - (sources."bl-4.0.2" // { + (sources."bl-4.0.3" // { dependencies = [ sources."readable-stream-3.6.0" ]; @@ -7848,7 +7812,7 @@ let sources."cache-base-1.0.1" sources."callsites-3.1.0" sources."camelcase-5.3.1" - sources."caniuse-lite-1.0.30001112" + sources."caniuse-lite-1.0.30001119" sources."capture-exit-2.0.0" sources."caseless-0.12.0" sources."chalk-2.4.2" @@ -7926,7 +7890,7 @@ let ]; }) sources."ecc-jsbn-0.1.2" - sources."electron-to-chromium-1.3.526" + sources."electron-to-chromium-1.3.555" sources."emittery-0.7.1" sources."emoji-regex-7.0.3" sources."end-of-stream-1.4.4" @@ -7943,7 +7907,7 @@ let sources."type-check-0.3.2" ]; }) - (sources."eslint-7.6.0" // { + (sources."eslint-7.7.0" // { dependencies = [ sources."ansi-regex-5.0.0" sources."ansi-styles-4.2.1" @@ -7960,14 +7924,14 @@ let sources."shebang-regex-3.0.0" sources."strip-ansi-6.0.0" sources."strip-json-comments-3.1.1" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" sources."which-2.0.2" ]; }) sources."eslint-scope-5.1.0" sources."eslint-utils-2.1.0" sources."eslint-visitor-keys-1.3.0" - sources."espree-7.2.0" + sources."espree-7.3.0" sources."esprima-4.0.1" (sources."esquery-1.3.1" // { dependencies = [ @@ -7989,16 +7953,17 @@ let ]; }) sources."expand-template-2.0.3" - (sources."expect-26.2.0" // { + (sources."expect-26.4.2" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" - sources."jest-get-type-26.0.0" - sources."supports-color-7.1.0" + sources."jest-get-type-26.3.0" + sources."supports-color-7.2.0" ]; }) sources."extend-3.0.2" @@ -8036,7 +8001,7 @@ let sources."form-data-2.3.3" sources."fragment-cache-0.2.1" sources."fs-constants-1.0.0" - sources."fs-extra-8.1.0" + sources."fs-extra-9.0.1" sources."fs-readdir-recursive-1.1.0" sources."fs.realpath-1.0.0" sources."fsevents-1.2.13" @@ -8148,7 +8113,7 @@ let sources."has-flag-4.0.0" sources."make-dir-3.1.0" sources."semver-6.3.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) (sources."istanbul-lib-source-maps-4.0.0" // { @@ -8157,41 +8122,44 @@ let ]; }) sources."istanbul-reports-3.0.2" - (sources."jest-26.2.2" // { + (sources."jest-26.4.2" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" - sources."jest-cli-26.2.2" - sources."supports-color-7.1.0" + sources."jest-cli-26.4.2" + sources."supports-color-7.2.0" ]; }) - (sources."jest-changed-files-26.2.0" // { + (sources."jest-changed-files-26.3.0" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."cross-spawn-7.0.3" sources."execa-4.0.3" - sources."get-stream-5.1.0" + sources."get-stream-5.2.0" sources."has-flag-4.0.0" sources."is-stream-2.0.0" sources."npm-run-path-4.0.1" sources."path-key-3.1.1" sources."shebang-command-2.0.0" sources."shebang-regex-3.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" sources."which-2.0.2" ]; }) - (sources."jest-config-26.2.2" // { + (sources."jest-config-26.4.2" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-regex-5.0.0" sources."ansi-styles-4.2.1" sources."braces-3.0.2" @@ -8201,10 +8169,10 @@ let sources."fill-range-7.0.1" sources."has-flag-4.0.0" sources."is-number-7.0.0" - sources."jest-get-type-26.0.0" + sources."jest-get-type-26.3.0" sources."micromatch-4.0.2" - sources."pretty-format-26.2.0" - sources."supports-color-7.1.0" + sources."pretty-format-26.4.2" + sources."supports-color-7.2.0" sources."to-regex-range-5.0.1" ]; }) @@ -8215,50 +8183,54 @@ let sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) sources."jest-docblock-26.0.0" - (sources."jest-each-26.2.0" // { + (sources."jest-each-26.4.2" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-regex-5.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" - sources."jest-get-type-26.0.0" - sources."pretty-format-26.2.0" - sources."supports-color-7.1.0" + sources."jest-get-type-26.3.0" + sources."pretty-format-26.4.2" + sources."supports-color-7.2.0" ]; }) - (sources."jest-environment-jsdom-26.2.0" // { + (sources."jest-environment-jsdom-26.3.0" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) - (sources."jest-environment-node-26.2.0" // { + (sources."jest-environment-node-26.3.0" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) sources."jest-get-type-25.2.6" - (sources."jest-haste-map-26.2.2" // { + (sources."jest-haste-map-26.3.0" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."anymatch-3.1.1" sources."braces-3.0.2" @@ -8270,56 +8242,60 @@ let sources."has-flag-4.0.0" sources."is-number-7.0.0" sources."micromatch-4.0.2" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" sources."to-regex-range-5.0.1" ]; }) - (sources."jest-jasmine2-26.2.2" // { + (sources."jest-jasmine2-26.4.2" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-regex-5.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" - sources."pretty-format-26.2.0" - sources."supports-color-7.1.0" + sources."pretty-format-26.4.2" + sources."supports-color-7.2.0" ]; }) - (sources."jest-leak-detector-26.2.0" // { + (sources."jest-leak-detector-26.4.2" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-regex-5.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" - sources."jest-get-type-26.0.0" - sources."pretty-format-26.2.0" - sources."supports-color-7.1.0" + sources."jest-get-type-26.3.0" + sources."pretty-format-26.4.2" + sources."supports-color-7.2.0" ]; }) - (sources."jest-matcher-utils-26.2.0" // { + (sources."jest-matcher-utils-26.4.2" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-regex-5.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" - sources."diff-sequences-26.0.0" + sources."diff-sequences-26.3.0" sources."has-flag-4.0.0" - sources."jest-diff-26.2.0" - sources."jest-get-type-26.0.0" - sources."pretty-format-26.2.0" - sources."supports-color-7.1.0" + sources."jest-diff-26.4.2" + sources."jest-get-type-26.3.0" + sources."pretty-format-26.4.2" + sources."supports-color-7.2.0" ]; }) - (sources."jest-message-util-26.2.0" // { + (sources."jest-message-util-26.3.0" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."braces-3.0.2" sources."chalk-4.1.0" @@ -8330,90 +8306,97 @@ let sources."is-number-7.0.0" sources."micromatch-4.0.2" sources."slash-3.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" sources."to-regex-range-5.0.1" ]; }) - (sources."jest-mock-26.2.0" // { + (sources."jest-mock-26.3.0" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) sources."jest-pnp-resolver-1.2.2" sources."jest-regex-util-26.0.0" - (sources."jest-resolve-26.2.2" // { + (sources."jest-resolve-26.4.0" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" sources."slash-3.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) - (sources."jest-resolve-dependencies-26.2.2" // { + (sources."jest-resolve-dependencies-26.4.2" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) - (sources."jest-runner-26.2.2" // { + (sources."jest-runner-26.4.2" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) - (sources."jest-runtime-26.2.2" // { + (sources."jest-runtime-26.4.2" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" sources."slash-3.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) - sources."jest-serializer-26.2.0" - (sources."jest-snapshot-26.2.2" // { + sources."jest-serializer-26.3.0" + (sources."jest-snapshot-26.4.2" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-regex-5.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" - sources."diff-sequences-26.0.0" + sources."diff-sequences-26.3.0" sources."has-flag-4.0.0" - sources."jest-diff-26.2.0" - sources."jest-get-type-26.0.0" - sources."pretty-format-26.2.0" + sources."jest-diff-26.4.2" + sources."jest-get-type-26.3.0" + sources."pretty-format-26.4.2" sources."semver-7.3.2" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) - (sources."jest-util-26.2.0" // { + (sources."jest-util-26.3.0" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."braces-3.0.2" sources."chalk-4.1.0" @@ -8423,13 +8406,14 @@ let sources."has-flag-4.0.0" sources."is-number-7.0.0" sources."micromatch-4.0.2" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" sources."to-regex-range-5.0.1" ]; }) - (sources."jest-validate-26.2.0" // { + (sources."jest-validate-26.4.2" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-regex-5.0.0" sources."ansi-styles-4.2.1" sources."camelcase-6.0.0" @@ -8437,26 +8421,27 @@ let sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" - sources."jest-get-type-26.0.0" - sources."pretty-format-26.2.0" - sources."supports-color-7.1.0" + sources."jest-get-type-26.3.0" + sources."pretty-format-26.4.2" + sources."supports-color-7.2.0" ]; }) - (sources."jest-watcher-26.2.0" // { + (sources."jest-watcher-26.3.0" // { dependencies = [ - sources."@jest/types-26.2.0" + sources."@jest/types-26.3.0" + sources."@types/istanbul-reports-3.0.0" sources."ansi-styles-4.2.1" sources."chalk-4.1.0" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) - (sources."jest-worker-26.2.1" // { + (sources."jest-worker-26.3.0" // { dependencies = [ sources."has-flag-4.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) sources."js-tokens-4.0.0" @@ -8464,13 +8449,13 @@ let sources."jsbn-0.1.1" sources."jsdom-16.4.0" sources."jsesc-2.5.2" - sources."json-parse-better-errors-1.0.2" + sources."json-parse-even-better-errors-2.3.0" sources."json-schema-0.2.3" sources."json-schema-traverse-0.4.1" sources."json-stable-stringify-without-jsonify-1.0.1" sources."json-stringify-safe-5.0.1" sources."json5-2.1.3" - sources."jsonfile-4.0.0" + sources."jsonfile-6.0.1" sources."jsprim-1.4.1" sources."kind-of-6.0.3" sources."kleur-3.0.3" @@ -8479,15 +8464,15 @@ let sources."levn-0.4.1" sources."lines-and-columns-1.1.6" sources."locate-path-5.0.0" - sources."lodash-4.17.19" + sources."lodash-4.17.20" sources."lodash.sortby-4.7.0" sources."loose-envify-1.4.0" - sources."lunr-2.3.8" + sources."lunr-2.3.9" sources."make-dir-2.1.0" sources."makeerror-1.0.11" sources."map-cache-0.2.2" sources."map-visit-1.0.0" - sources."marked-1.0.0" + sources."marked-1.1.1" sources."merge-stream-2.0.0" sources."micromatch-3.1.10" sources."mime-db-1.44.0" @@ -8506,10 +8491,10 @@ let sources."natural-compare-1.4.0" sources."neo-async-2.6.2" sources."nice-try-1.0.5" - sources."node-abi-2.18.0" + sources."node-abi-2.19.1" sources."node-int64-0.4.0" sources."node-modules-regexp-1.0.0" - (sources."node-notifier-7.0.2" // { + (sources."node-notifier-8.0.0" // { dependencies = [ sources."semver-7.3.2" sources."which-2.0.2" @@ -8536,7 +8521,7 @@ let sources."object.assign-4.1.0" sources."object.pick-1.3.0" sources."once-1.4.0" - sources."onetime-5.1.1" + sources."onetime-5.1.2" sources."optionator-0.9.1" sources."p-each-series-2.1.0" sources."p-finally-1.0.0" @@ -8544,7 +8529,7 @@ let sources."p-locate-4.1.0" sources."p-try-2.2.0" sources."parent-module-1.0.1" - sources."parse-json-5.0.1" + sources."parse-json-5.1.0" sources."parse5-5.1.1" sources."pascalcase-0.1.1" sources."path-dirname-1.0.2" @@ -8715,7 +8700,7 @@ let (sources."supports-hyperlinks-2.1.0" // { dependencies = [ sources."has-flag-4.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) sources."symbol-tree-3.2.4" @@ -8756,25 +8741,19 @@ let sources."type-detect-4.0.8" sources."type-fest-0.8.1" sources."typedarray-to-buffer-3.1.5" - sources."typedoc-0.17.8" - sources."typedoc-default-themes-0.10.2" - (sources."typedoc-plugin-markdown-2.4.0" // { - dependencies = [ - sources."fs-extra-9.0.1" - sources."jsonfile-6.0.1" - sources."universalify-1.0.0" - ]; - }) + sources."typedoc-0.19.0" + sources."typedoc-default-themes-0.11.1" + sources."typedoc-plugin-markdown-2.4.2" sources."typedoc-plugin-no-inherit-1.1.10" sources."typedoc-plugin-sourcefile-url-1.0.6" - sources."typescript-3.9.7" - sources."uglify-js-3.10.1" + sources."typescript-4.0.2" + sources."uglify-js-3.10.2" sources."unicode-canonical-property-names-ecmascript-1.0.4" sources."unicode-match-property-ecmascript-1.0.4" sources."unicode-match-property-value-ecmascript-1.2.0" sources."unicode-property-aliases-ecmascript-1.1.0" sources."union-value-1.0.1" - sources."universalify-0.1.2" + sources."universalify-1.0.0" (sources."unset-value-1.0.0" // { dependencies = [ (sources."has-value-0.3.1" // { @@ -8792,7 +8771,7 @@ let sources."util-deprecate-1.0.2" sources."uuid-8.3.0" sources."v8-compile-cache-2.1.1" - (sources."v8-to-istanbul-4.1.4" // { + (sources."v8-to-istanbul-5.0.1" // { dependencies = [ sources."source-map-0.7.3" ]; @@ -8805,11 +8784,7 @@ let sources."webidl-conversions-6.1.0" sources."whatwg-encoding-1.0.5" sources."whatwg-mimetype-2.3.0" - (sources."whatwg-url-8.1.0" // { - dependencies = [ - sources."webidl-conversions-5.0.0" - ]; - }) + sources."whatwg-url-8.2.1" sources."which-1.3.1" sources."which-module-2.0.0" sources."which-pm-runs-1.0.0" @@ -8847,18 +8822,16 @@ let sources."yargs-parser-18.1.3" ]; }) - (sources."zigbee-herdsman-converters-12.0.161" // { + (sources."zigbee-herdsman-converters-12.0.178" // { dependencies = [ sources."@babel/code-frame-7.10.4" - (sources."@babel/core-7.11.1" // { + (sources."@babel/core-7.11.4" // { dependencies = [ - sources."debug-4.1.1" - sources."ms-2.1.2" sources."semver-5.7.1" sources."source-map-0.5.7" ]; }) - (sources."@babel/generator-7.11.0" // { + (sources."@babel/generator-7.11.4" // { dependencies = [ sources."source-map-0.5.7" ]; @@ -8880,7 +8853,7 @@ let sources."chalk-2.4.2" ]; }) - sources."@babel/parser-7.11.3" + sources."@babel/parser-7.11.4" sources."@babel/plugin-syntax-async-generators-7.8.4" sources."@babel/plugin-syntax-bigint-7.8.3" sources."@babel/plugin-syntax-class-properties-7.10.4" @@ -8895,9 +8868,7 @@ let sources."@babel/template-7.10.4" (sources."@babel/traverse-7.11.0" // { dependencies = [ - sources."debug-4.1.1" sources."globals-11.12.0" - sources."ms-2.1.2" ]; }) sources."@babel/types-7.11.0" @@ -8909,21 +8880,21 @@ let ]; }) sources."@istanbuljs/schema-0.1.2" - sources."@jest/console-26.2.0" - (sources."@jest/core-26.2.2" // { + sources."@jest/console-26.3.0" + (sources."@jest/core-26.4.2" // { dependencies = [ sources."rimraf-3.0.2" ]; }) - sources."@jest/environment-26.2.0" - sources."@jest/fake-timers-26.2.0" - sources."@jest/globals-26.2.0" - sources."@jest/reporters-26.2.2" - sources."@jest/source-map-26.1.0" - sources."@jest/test-result-26.2.0" - sources."@jest/test-sequencer-26.2.2" - sources."@jest/transform-26.2.2" - sources."@jest/types-26.2.0" + sources."@jest/environment-26.3.0" + sources."@jest/fake-timers-26.3.0" + sources."@jest/globals-26.4.2" + sources."@jest/reporters-26.4.1" + sources."@jest/source-map-26.3.0" + sources."@jest/test-result-26.3.0" + sources."@jest/test-sequencer-26.4.2" + sources."@jest/transform-26.3.0" + sources."@jest/types-26.3.0" sources."@sinonjs/commons-1.8.1" sources."@sinonjs/fake-timers-6.0.1" sources."@types/babel__core-7.1.9" @@ -8934,33 +8905,23 @@ let sources."@types/graceful-fs-4.1.3" sources."@types/istanbul-lib-coverage-2.0.3" sources."@types/istanbul-lib-report-3.0.0" - sources."@types/istanbul-reports-1.1.2" + sources."@types/istanbul-reports-3.0.0" sources."@types/json-schema-7.0.5" - sources."@types/node-14.0.27" + sources."@types/node-14.6.2" sources."@types/normalize-package-data-2.4.0" - sources."@types/prettier-2.0.2" + sources."@types/prettier-2.1.0" sources."@types/stack-utils-1.0.1" sources."@types/yargs-15.0.5" sources."@types/yargs-parser-15.0.0" sources."@typescript-eslint/experimental-utils-2.34.0" - (sources."@typescript-eslint/typescript-estree-2.34.0" // { - dependencies = [ - sources."debug-4.1.1" - sources."ms-2.1.2" - ]; - }) + sources."@typescript-eslint/typescript-estree-2.34.0" sources."abab-2.0.4" sources."acorn-7.4.0" sources."acorn-globals-6.0.0" sources."acorn-jsx-5.2.0" sources."acorn-walk-7.2.0" - (sources."agent-base-6.0.1" // { - dependencies = [ - sources."debug-4.1.1" - sources."ms-2.1.2" - ]; - }) - sources."ajv-6.12.3" + sources."agent-base-6.0.1" + sources."ajv-6.12.4" sources."ansi-colors-4.1.1" (sources."ansi-escapes-4.3.1" // { dependencies = [ @@ -8982,13 +8943,13 @@ let sources."asynckit-0.4.0" sources."atob-2.1.2" sources."aws-sign2-0.7.0" - sources."aws4-1.10.0" - sources."axios-0.19.2" - sources."babel-jest-26.2.2" + sources."aws4-1.10.1" + sources."axios-0.20.0" + sources."babel-jest-26.3.0" sources."babel-plugin-istanbul-6.0.0" sources."babel-plugin-jest-hoist-26.2.0" sources."babel-preset-current-node-syntax-0.1.3" - sources."babel-preset-jest-26.2.0" + sources."babel-preset-jest-26.3.0" sources."balanced-match-1.0.0" (sources."base-0.11.2" // { dependencies = [ @@ -9000,7 +8961,7 @@ let }) sources."base64-js-1.3.1" sources."bcrypt-pbkdf-1.0.2" - sources."bl-4.0.2" + sources."bl-4.0.3" sources."brace-expansion-1.1.11" sources."braces-3.0.2" sources."browser-process-hrtime-1.0.0" @@ -9018,7 +8979,7 @@ let sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) sources."char-regex-1.0.2" @@ -9059,7 +9020,7 @@ let }) sources."dashdash-1.14.1" sources."data-urls-2.0.0" - sources."debug-3.1.0" + sources."debug-4.1.1" sources."decamelize-1.2.0" sources."decimal.js-10.2.0" sources."decode-uri-component-0.2.0" @@ -9074,7 +9035,7 @@ let }) sources."delayed-stream-1.0.0" sources."detect-newline-3.1.0" - sources."diff-sequences-26.0.0" + sources."diff-sequences-26.3.0" sources."doctrine-3.0.0" (sources."domexception-2.0.1" // { dependencies = [ @@ -9096,18 +9057,13 @@ let sources."type-check-0.3.2" ]; }) - (sources."eslint-7.6.0" // { - dependencies = [ - sources."debug-4.1.1" - sources."ms-2.1.2" - ]; - }) + sources."eslint-7.7.0" sources."eslint-config-google-0.14.0" sources."eslint-plugin-jest-23.20.0" sources."eslint-scope-5.1.0" sources."eslint-utils-2.1.0" sources."eslint-visitor-keys-1.3.0" - sources."espree-7.2.0" + sources."espree-7.3.0" sources."esprima-4.0.1" (sources."esquery-1.3.1" // { dependencies = [ @@ -9134,9 +9090,10 @@ let sources."debug-2.6.9" sources."define-property-0.2.5" sources."extend-shallow-2.0.1" + sources."ms-2.0.0" ]; }) - (sources."expect-26.2.0" // { + (sources."expect-26.4.2" // { dependencies = [ sources."ansi-styles-4.2.1" sources."color-convert-2.0.1" @@ -9168,7 +9125,7 @@ let sources."find-up-4.1.0" sources."flat-cache-2.0.1" sources."flatted-2.0.2" - sources."follow-redirects-1.5.10" + sources."follow-redirects-1.13.0" sources."for-in-1.0.2" sources."forever-agent-0.6.1" sources."form-data-2.3.3" @@ -9206,12 +9163,7 @@ let sources."html-encoding-sniffer-2.0.1" sources."html-escaper-2.0.2" sources."http-signature-1.2.0" - (sources."https-proxy-agent-5.0.0" // { - dependencies = [ - sources."debug-4.1.1" - sources."ms-2.1.2" - ]; - }) + sources."https-proxy-agent-5.0.0" sources."human-signals-1.1.1" sources."iconv-lite-0.4.24" sources."ieee754-1.1.13" @@ -9266,61 +9218,56 @@ let (sources."istanbul-lib-report-3.0.0" // { dependencies = [ sources."has-flag-4.0.0" - sources."supports-color-7.1.0" - ]; - }) - (sources."istanbul-lib-source-maps-4.0.0" // { - dependencies = [ - sources."debug-4.1.1" - sources."ms-2.1.2" + sources."supports-color-7.2.0" ]; }) + sources."istanbul-lib-source-maps-4.0.0" sources."istanbul-reports-3.0.2" - (sources."jest-26.2.2" // { + (sources."jest-26.4.2" // { dependencies = [ - sources."jest-cli-26.2.2" + sources."jest-cli-26.4.2" ]; }) - (sources."jest-changed-files-26.2.0" // { + (sources."jest-changed-files-26.3.0" // { dependencies = [ sources."execa-4.0.3" - sources."get-stream-5.1.0" + sources."get-stream-5.2.0" sources."is-stream-2.0.0" sources."npm-run-path-4.0.1" ]; }) - sources."jest-config-26.2.2" - sources."jest-diff-26.2.0" + sources."jest-config-26.4.2" + sources."jest-diff-26.4.2" sources."jest-docblock-26.0.0" - sources."jest-each-26.2.0" - sources."jest-environment-jsdom-26.2.0" - sources."jest-environment-node-26.2.0" - sources."jest-get-type-26.0.0" - sources."jest-haste-map-26.2.2" - sources."jest-jasmine2-26.2.2" - sources."jest-leak-detector-26.2.0" - sources."jest-matcher-utils-26.2.0" - sources."jest-message-util-26.2.0" - sources."jest-mock-26.2.0" + sources."jest-each-26.4.2" + sources."jest-environment-jsdom-26.3.0" + sources."jest-environment-node-26.3.0" + sources."jest-get-type-26.3.0" + sources."jest-haste-map-26.3.0" + sources."jest-jasmine2-26.4.2" + sources."jest-leak-detector-26.4.2" + sources."jest-matcher-utils-26.4.2" + sources."jest-message-util-26.3.0" + sources."jest-mock-26.3.0" sources."jest-pnp-resolver-1.2.2" sources."jest-regex-util-26.0.0" - sources."jest-resolve-26.2.2" - sources."jest-resolve-dependencies-26.2.2" - sources."jest-runner-26.2.2" - sources."jest-runtime-26.2.2" - sources."jest-serializer-26.2.0" - sources."jest-snapshot-26.2.2" - sources."jest-util-26.2.0" - (sources."jest-validate-26.2.0" // { + sources."jest-resolve-26.4.0" + sources."jest-resolve-dependencies-26.4.2" + sources."jest-runner-26.4.2" + sources."jest-runtime-26.4.2" + sources."jest-serializer-26.3.0" + sources."jest-snapshot-26.4.2" + sources."jest-util-26.3.0" + (sources."jest-validate-26.4.2" // { dependencies = [ sources."camelcase-6.0.0" ]; }) - sources."jest-watcher-26.2.0" - (sources."jest-worker-26.2.1" // { + sources."jest-watcher-26.3.0" + (sources."jest-worker-26.3.0" // { dependencies = [ sources."has-flag-4.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) sources."js-tokens-4.0.0" @@ -9328,7 +9275,7 @@ let sources."jsbn-0.1.1" sources."jsdom-16.4.0" sources."jsesc-2.5.2" - sources."json-parse-better-errors-1.0.2" + sources."json-parse-even-better-errors-2.3.0" sources."json-schema-0.2.3" sources."json-schema-traverse-0.4.1" sources."json-stable-stringify-without-jsonify-1.0.1" @@ -9341,7 +9288,7 @@ let sources."levn-0.4.1" sources."lines-and-columns-1.1.6" sources."locate-path-5.0.0" - sources."lodash-4.17.19" + sources."lodash-4.17.20" sources."lodash.sortby-4.7.0" (sources."make-dir-3.1.0" // { dependencies = [ @@ -9364,13 +9311,13 @@ let ]; }) sources."mkdirp-0.5.5" - sources."ms-2.0.0" + sources."ms-2.1.2" sources."nanomatch-1.2.13" sources."natural-compare-1.4.0" sources."nice-try-1.0.5" sources."node-int64-0.4.0" sources."node-modules-regexp-1.0.0" - sources."node-notifier-7.0.2" + sources."node-notifier-8.0.0" (sources."normalize-package-data-2.5.0" // { dependencies = [ sources."semver-5.7.1" @@ -9393,7 +9340,7 @@ let sources."object-visit-1.0.1" sources."object.pick-1.3.0" sources."once-1.4.0" - sources."onetime-5.1.1" + sources."onetime-5.1.2" sources."optionator-0.9.1" sources."p-each-series-2.1.0" sources."p-finally-1.0.0" @@ -9401,7 +9348,7 @@ let sources."p-locate-4.1.0" sources."p-try-2.2.0" sources."parent-module-1.0.1" - sources."parse-json-5.0.1" + sources."parse-json-5.1.0" sources."parse5-5.1.1" sources."pascalcase-0.1.1" sources."path-exists-4.0.0" @@ -9414,7 +9361,7 @@ let sources."pkg-dir-4.2.0" sources."posix-character-classes-0.1.1" sources."prelude-ls-1.2.1" - (sources."pretty-format-26.2.0" // { + (sources."pretty-format-26.4.2" // { dependencies = [ sources."ansi-styles-4.2.1" sources."color-convert-2.0.1" @@ -9511,6 +9458,7 @@ let sources."debug-2.6.9" sources."define-property-0.2.5" sources."extend-shallow-2.0.1" + sources."ms-2.0.0" sources."source-map-0.5.7" ]; }) @@ -9566,7 +9514,7 @@ let (sources."supports-hyperlinks-2.1.0" // { dependencies = [ sources."has-flag-4.0.0" - sources."supports-color-7.1.0" + sources."supports-color-7.2.0" ]; }) sources."symbol-tree-3.2.4" @@ -9612,7 +9560,7 @@ let sources."util-deprecate-1.0.2" sources."uuid-8.3.0" sources."v8-compile-cache-2.1.1" - (sources."v8-to-istanbul-4.1.4" // { + (sources."v8-to-istanbul-5.0.1" // { dependencies = [ sources."source-map-0.7.3" ]; @@ -9625,11 +9573,7 @@ let sources."webidl-conversions-6.1.0" sources."whatwg-encoding-1.0.5" sources."whatwg-mimetype-2.3.0" - (sources."whatwg-url-8.1.0" // { - dependencies = [ - sources."webidl-conversions-5.0.0" - ]; - }) + sources."whatwg-url-8.2.1" sources."which-2.0.2" sources."which-module-2.0.0" sources."word-wrap-1.2.3" From 34b5c5c1a408d105beb9b92b9ed5b1565135e75e Mon Sep 17 00:00:00 2001 From: Lucas Savva Date: Fri, 4 Sep 2020 23:39:22 +0100 Subject: [PATCH 16/76] nixos/acme: More features and fixes - Allow for key reuse when domains are the only thing that were changed. - Fixed systemd service failure when preliminarySelfsigned was set to false --- nixos/modules/security/acme.nix | 40 ++++++++++++++++++++------------- nixos/tests/acme.nix | 6 +++++ 2 files changed, 31 insertions(+), 15 deletions(-) diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index e209c36cee45..8e67d4ff8716 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -77,6 +77,7 @@ let acmeServer = if data.server != null then data.server else cfg.server; useDns = data.dnsProvider != null; destPath = "/var/lib/acme/${cert}"; + selfsignedDeps = optionals (cfg.preliminarySelfsigned) [ "acme-selfsigned-${cert}.service" ]; # Minica and lego have a "feature" which replaces * with _. We need # to make this substitution to reference the output files from both programs. @@ -92,19 +93,17 @@ let ); # Create hashes for cert data directories based on configuration + # Flags are separated to avoid collisions hashData = with builtins; '' - ${data.domain} ${data.keyType} - ${concatStringsSep " " ( - extraDomains - ++ data.extraLegoFlags - ++ data.extraLegoRunFlags - ++ data.extraLegoRenewFlags - )} + ${concatStringsSep " " data.extraLegoFlags} - + ${concatStringsSep " " data.extraLegoRunFlags} - + ${concatStringsSep " " data.extraLegoRenewFlags} - ${toString acmeServer} ${toString data.dnsProvider} - ${toString data.ocspMustStaple} + ${toString data.ocspMustStaple} ${data.keyType} ''; mkHash = with builtins; val: substring 0 20 (hashString "sha256" val); certDir = mkHash hashData; + domainHash = mkHash "${concatStringsSep " " extraDomains} ${data.domain}"; othersHash = mkHash "${toString acmeServer} ${data.keyType}"; accountDir = "/var/lib/acme/.lego/accounts/" + othersHash; @@ -134,12 +133,12 @@ let ); renewOpts = escapeShellArgs ( commonOpts - ++ [ "renew" "--reuse-key" "--days" (toString cfg.validMinDays) ] + ++ [ "renew" "--reuse-key" ] ++ data.extraLegoRenewFlags ); in { - inherit accountDir; + inherit accountDir selfsignedDeps; webroot = data.webroot; group = data.group; @@ -208,8 +207,8 @@ let renewService = { description = "Renew ACME certificate for ${cert}"; - after = [ "network.target" "network-online.target" "acme-selfsigned-${cert}.service" "acme-fixperms.service" ]; - wants = [ "network-online.target" "acme-selfsigned-${cert}.service" "acme-fixperms.service" ]; + after = [ "network.target" "network-online.target" "acme-fixperms.service" ] ++ selfsignedDeps; + wants = [ "network-online.target" "acme-fixperms.service" ] ++ selfsignedDeps; # https://github.com/NixOS/nixpkgs/pull/81371#issuecomment-605526099 wantedBy = optionals (!config.boot.isContainer) [ "multi-user.target" ]; @@ -247,15 +246,26 @@ let script = '' set -euo pipefail + echo '${domainHash}' > domainhash.txt + # Check if we can renew if [ -e 'certificates/${keyName}.key' -a -e 'certificates/${keyName}.crt' ]; then - lego ${renewOpts} + + # When domains are updated, there's no need to do a full + # Lego run, but it's likely renew won't work if days is too low. + if [ -e certificates/domainhash.txt ] && cmp -s domainhash.txt certificates/domainhash.txt; then + lego ${renewOpts} --days ${toString cfg.validMinDays} + else + # Any number > 90 works, but this one is over 9000 ;-) + lego ${renewOpts} --days 9001 + fi # Otherwise do a full run else lego ${runOpts} fi + mv domainhash.txt certificates/ chmod 640 certificates/* chmod -R 700 accounts/* @@ -650,8 +660,8 @@ in { # Create some targets which can be depended on to be "active" after cert renewals systemd.targets = mapAttrs' (cert: conf: nameValuePair "acme-finished-${cert}" { wantedBy = [ "default.target" ]; - requires = [ "acme-${cert}.service" "acme-selfsigned-${cert}.service" ]; - after = [ "acme-${cert}.service" "acme-selfsigned-${cert}.service" ]; + requires = [ "acme-${cert}.service" ] ++ conf.selfsignedDeps; + after = [ "acme-${cert}.service" ] ++ conf.selfsignedDeps; }) certConfigs; }) ]; diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix index 1c83ad3c9d83..64193ed8498c 100644 --- a/nixos/tests/acme.nix +++ b/nixos/tests/acme.nix @@ -297,11 +297,17 @@ in import ./make-test-python.nix ({ lib, ... }: { check_connection(client, "slow.example.com") with subtest("Can request certificate for vhost + aliases (nginx)"): + # Check the key hash before and after adding an alias. It should not change. + # The previous test reverts the ed384 change + webserver.wait_for_unit("acme-finished-a.example.test.target") + keyhash_old = webserver.succeed("md5sum /var/lib/acme/a.example.test/key.pem") switch_to(webserver, "nginx-aliases") webserver.wait_for_unit("acme-finished-a.example.test.target") check_issuer(webserver, "a.example.test", "pebble") check_connection(client, "a.example.test") check_connection(client, "b.example.test") + keyhash_new = webserver.succeed("md5sum /var/lib/acme/a.example.test/key.pem") + assert keyhash_old == keyhash_new with subtest("Can request certificates for vhost + aliases (apache-httpd)"): switch_to(webserver, "httpd-aliases") From de3a4a05694103b7c1ddb5c0bab72d19a244ef5d Mon Sep 17 00:00:00 2001 From: Doron Behar Date: Wed, 2 Sep 2020 20:24:47 +0300 Subject: [PATCH 17/76] pdfcpu: 0.3.4 -> 0.3.5 --- pkgs/applications/graphics/pdfcpu/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/graphics/pdfcpu/default.nix b/pkgs/applications/graphics/pdfcpu/default.nix index a1c354b2ac5b..08dc87f6684a 100644 --- a/pkgs/applications/graphics/pdfcpu/default.nix +++ b/pkgs/applications/graphics/pdfcpu/default.nix @@ -2,17 +2,18 @@ buildGoModule rec { pname = "pdfcpu"; - version = "0.3.4"; + version = "0.3.5"; src = fetchFromGitHub { owner = "pdfcpu"; repo = pname; rev = "v${version}"; - sha256 = "00c4psgfh4hia144zsdhrq83bw3fqda1ancv2gkn5ymxkbpnpyrn"; + sha256 = "0fb7l1h4dhn100y2ydq50cgj63fbr4p11x8h803rv6x3xwmviwcg"; }; - vendorSha256 = "09alkpfyxapycv6zsaz7prgbr0a1jzd78n7w2mh01mg4hhb2j3k7"; + vendorSha256 = "06xlwygqw3kzbjqlx09rs9hl4pfsmay5pj4c5hvkrj5z123ldvyw"; + # No tests doCheck = false; subPackages = [ "cmd/pdfcpu" ]; From 44f439fc2cb9f4b79161ee1627efcabcf446446a Mon Sep 17 00:00:00 2001 From: vasile luta Date: Sun, 6 Sep 2020 09:35:50 +0300 Subject: [PATCH 18/76] atlassian-jira: 8.10.0 -> 8.12.0 --- pkgs/servers/atlassian/jira.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/atlassian/jira.nix b/pkgs/servers/atlassian/jira.nix index 81bb6a0e5d2e..ab3746e6e0a6 100644 --- a/pkgs/servers/atlassian/jira.nix +++ b/pkgs/servers/atlassian/jira.nix @@ -8,11 +8,11 @@ stdenv.mkDerivation rec { pname = "atlassian-jira"; - version = "8.10.0"; + version = "8.12.0"; src = fetchurl { url = "https://product-downloads.atlassian.com/software/jira/downloads/atlassian-jira-software-${version}.tar.gz"; - sha256 = "1l0kxh4cwqyciylbccd4vfmsvq9cr5sfd0v2gbs3lz41av79mlwa"; + sha256 = "149yqj60b35mbvjz7jyh5a3ayh61kvwrz452s0zyb1q3pirj10xq"; }; buildPhase = '' From fd5f28afba55632d651c7593ea67f5729737c4e1 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Sun, 6 Sep 2020 19:38:09 +1000 Subject: [PATCH 19/76] vgrep: init at 2.4.0 --- pkgs/tools/text/vgrep/default.nix | 24 ++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 26 insertions(+) create mode 100644 pkgs/tools/text/vgrep/default.nix diff --git a/pkgs/tools/text/vgrep/default.nix b/pkgs/tools/text/vgrep/default.nix new file mode 100644 index 000000000000..12880b2e4eca --- /dev/null +++ b/pkgs/tools/text/vgrep/default.nix @@ -0,0 +1,24 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "vgrep"; + version = "2.4.0"; + + src = fetchFromGitHub { + owner = "vrothberg"; + repo = pname; + rev = "v${version}"; + sha256 = "109j04my2xib8m52a0337996a27nvfgzackpg20zs3nzn66dmvb7"; + }; + + vendorSha256 = null; + + buildFlagsArray = [ "-ldflags=-s -w -X main.version=${version}" ]; + + meta = with lib; { + description = "User-friendly pager for grep/git-grep/ripgrep"; + homepage = "https://github.com/vrothberg/vgrep"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ zowoq ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index ea01758e5e84..b5cc3f2a4211 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7637,6 +7637,8 @@ in verilog = callPackage ../applications/science/electronics/verilog {}; + vgrep = callPackage ../tools/text/vgrep { }; + vhd2vl = callPackage ../applications/science/electronics/vhd2vl { }; video2midi = callPackage ../tools/audio/video2midi { From e60ff5a3d063036f3fd6043d8433f0c297a8552a Mon Sep 17 00:00:00 2001 From: Gabriel Ebner Date: Sun, 6 Sep 2020 13:31:16 +0200 Subject: [PATCH 20/76] python3Packages.libarcus: 4.6.1 -> 4.7.1 --- pkgs/development/python-modules/libarcus/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/libarcus/default.nix b/pkgs/development/python-modules/libarcus/default.nix index cd5f0aef648c..5b68695f832e 100644 --- a/pkgs/development/python-modules/libarcus/default.nix +++ b/pkgs/development/python-modules/libarcus/default.nix @@ -3,14 +3,14 @@ buildPythonPackage rec { pname = "libarcus"; - version = "4.6.1"; + version = "4.7.1"; format = "other"; src = fetchFromGitHub { owner = "Ultimaker"; repo = "libArcus"; rev = version; - sha256 = "1sfy8skvgw6hiihs9jmfn7a13yappqwffir98pahyg7cim7p55kr"; + sha256 = "0wmrcvw7k34ib93shhmjzh6kpndgqr37kyr377sril5clmac0z1f"; }; disabled = pythonOlder "3.4.0"; From 497ff43da1b1d8d6df504ad0cc0057f2fc137d0c Mon Sep 17 00:00:00 2001 From: Gabriel Ebner Date: Sun, 6 Sep 2020 13:31:39 +0200 Subject: [PATCH 21/76] python3Packages.libsavitar: 4.6.1 -> 4.7.1 --- pkgs/development/python-modules/libsavitar/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/libsavitar/default.nix b/pkgs/development/python-modules/libsavitar/default.nix index 32717e127fb8..27144ccf1ad3 100644 --- a/pkgs/development/python-modules/libsavitar/default.nix +++ b/pkgs/development/python-modules/libsavitar/default.nix @@ -2,14 +2,14 @@ buildPythonPackage rec { pname = "libsavitar"; - version = "4.6.1"; + version = "4.7.1"; format = "other"; src = fetchFromGitHub { owner = "Ultimaker"; repo = "libSavitar"; rev = version; - sha256 = "0nk8zl5b0b36wrrkj271ck4phzxsigkjsazndscjslc9nkldmnpq"; + sha256 = "0mzr3ynfap51bcn6kshyi2h6iny2gpavn6g3b1xcsgzzlxqgfixf"; }; postPatch = '' From daa77cc74ade1e4af5832abe60fadee0a441c146 Mon Sep 17 00:00:00 2001 From: Gabriel Ebner Date: Sun, 6 Sep 2020 13:31:56 +0200 Subject: [PATCH 22/76] python3Packages.uranium: 4.6.1 -> 4.7.1 --- pkgs/development/python-modules/uranium/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/uranium/default.nix b/pkgs/development/python-modules/uranium/default.nix index af13fa8d17af..0bcfa0305e8c 100644 --- a/pkgs/development/python-modules/uranium/default.nix +++ b/pkgs/development/python-modules/uranium/default.nix @@ -2,7 +2,7 @@ , pyqt5, numpy, scipy, shapely, libarcus, doxygen, gettext, pythonOlder }: buildPythonPackage rec { - version = "4.6.1"; + version = "4.7.1"; pname = "uranium"; format = "other"; @@ -10,7 +10,7 @@ buildPythonPackage rec { owner = "Ultimaker"; repo = "Uranium"; rev = version; - sha256 = "07pksjbgxs1ks2i6pgxkwfg9c56pcql7f9p89dnwaf2rcn7yhx6r"; + sha256 = "1h5d3scy3cnbyhh0pbavflpqklhn2lbp7hl193rc5gx8yzr3mqbh"; }; disabled = pythonOlder "3.5.0"; From 7a0ef553bd0c2b2cf6f9bfa74ba8ecdb035fb57a Mon Sep 17 00:00:00 2001 From: Gabriel Ebner Date: Sun, 6 Sep 2020 13:32:08 +0200 Subject: [PATCH 23/76] curaengine: 4.6.1 -> 4.7.1 --- pkgs/applications/misc/curaengine/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/curaengine/default.nix b/pkgs/applications/misc/curaengine/default.nix index 0a4ec62ca786..5cc5db3115fb 100644 --- a/pkgs/applications/misc/curaengine/default.nix +++ b/pkgs/applications/misc/curaengine/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "curaengine"; - version = "4.6.1"; + version = "4.7.1"; src = fetchFromGitHub { owner = "Ultimaker"; repo = "CuraEngine"; rev = version; - sha256 = "1fr151hmdg2lhk9pbpan1hb1pafj784nijr4pz646ljmjh12vfk2"; + sha256 = "177fk6j4gn3ssi8j1qxj8p4486f7jkz328vc75agxnh7vhd4mwsm"; }; nativeBuildInputs = [ cmake ]; From 6b4f9a16c498923916d11a9f04c6bcfd78ef49d8 Mon Sep 17 00:00:00 2001 From: Gabriel Ebner Date: Sun, 6 Sep 2020 13:32:19 +0200 Subject: [PATCH 24/76] cura: 4.6.1 -> 4.7.1 --- pkgs/applications/misc/cura/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/misc/cura/default.nix b/pkgs/applications/misc/cura/default.nix index 1b5c7c23956e..c0aa0a481bdc 100644 --- a/pkgs/applications/misc/cura/default.nix +++ b/pkgs/applications/misc/cura/default.nix @@ -2,20 +2,20 @@ mkDerivation rec { pname = "cura"; - version = "4.6.1"; + version = "4.7.1"; src = fetchFromGitHub { owner = "Ultimaker"; repo = "Cura"; rev = version; - sha256 = "0h1r9caa579d3gfpcmch54rdbkg5df64ds2v84iqsbxwjp0rmn4n"; + sha256 = "19an168iad3cb5w8i71c0wbr79qnz5qnpxqx1j6dgh64qz6ffn2r"; }; materials = fetchFromGitHub { owner = "Ultimaker"; repo = "fdm_materials"; rev = version; - sha256 = "1k5c3qmixhpz3z2yi0fysxcyyf1yhcwmdlrcypkw827lhsialqp4"; + sha256 = "1w6i0dlff8b30q987x3y0zv8847fc8ppfcr9vi982msmv284c89z"; }; buildInputs = [ qtbase qtquickcontrols2 qtgraphicaleffects ]; From 6841659b942041038af438feb975a37a0e798da3 Mon Sep 17 00:00:00 2001 From: Gabriel Ebner Date: Sun, 6 Sep 2020 13:32:41 +0200 Subject: [PATCH 25/76] curaPlugins.octoprint: 3.5.12 -> 3.5.16 --- pkgs/applications/misc/cura/plugins.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/misc/cura/plugins.nix b/pkgs/applications/misc/cura/plugins.nix index 9fbe647046c0..9082feb38a7a 100644 --- a/pkgs/applications/misc/cura/plugins.nix +++ b/pkgs/applications/misc/cura/plugins.nix @@ -6,13 +6,13 @@ let octoprint = stdenv.mkDerivation rec { pname = "Cura-OctoPrintPlugin"; - version = "3.5.12"; + version = "3.5.16"; src = fetchFromGitHub { owner = "fieldOfView"; repo = pname; - rev = "ad522c0b7ead5fbe28da686a3cc75e351274c2bc"; - sha256 = "0ln11ng32bh0smfsk54mv2j3sadh0gwf031nmm95zrvbj9cr6yc0"; + rev = "8affa8aa9796cb37129d3b7222fff03f86c936cd"; + sha256 = "0l4qfcashkdmpdm8nm3klz6hmi1f0bmbpb9b1yn4mvg0fam6c5xi"; }; propagatedBuildInputs = with python3Packages; [ From a3bcf4f7cb94a3916d3201a634c8fd5d7e7c1e4d Mon Sep 17 00:00:00 2001 From: Nikolay Korotkiy Date: Thu, 27 Aug 2020 00:51:53 +0300 Subject: [PATCH 26/76] tippecanoe: 1.35.0 -> 1.36.0 --- pkgs/applications/misc/tippecanoe/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/tippecanoe/default.nix b/pkgs/applications/misc/tippecanoe/default.nix index c85192603cbc..455876a772b4 100644 --- a/pkgs/applications/misc/tippecanoe/default.nix +++ b/pkgs/applications/misc/tippecanoe/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "tippecanoe"; - version = "1.35.0"; + version = "1.36.0"; src = fetchFromGitHub { owner = "mapbox"; repo = pname; rev = version; - sha256 = "0v5ycc3gsqnl9pps3m45yrnb1gvw5pk6jdyr0q6516b4ac6x67m5"; + sha256 = "0lbmhly4ivnqc6qk1k3sdqvsg6x3nfd8gnjx846bhqj4wag3f88m"; }; buildInputs = [ sqlite zlib ]; @@ -25,5 +25,6 @@ stdenv.mkDerivation rec { license = licenses.bsd2; maintainers = with maintainers; [ sikmir ]; platforms = with platforms; linux ++ darwin; + broken = stdenv.hostPlatform.isAarch64; }; } From 9df0922740f59eb22bbc6c8ef2cfc3d2ea8d7656 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Romildo=20Malaquias?= Date: Thu, 3 Sep 2020 10:11:55 -0300 Subject: [PATCH 27/76] marwaita: 7.5.1 -> 7.6.1 --- pkgs/data/themes/marwaita/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/data/themes/marwaita/default.nix b/pkgs/data/themes/marwaita/default.nix index 5f09927e15c6..291f437c3ea5 100644 --- a/pkgs/data/themes/marwaita/default.nix +++ b/pkgs/data/themes/marwaita/default.nix @@ -8,13 +8,13 @@ stdenv.mkDerivation rec { pname = "marwaita"; - version = "7.5.1"; + version = "7.6.1"; src = fetchFromGitHub { owner = "darkomarko42"; repo = pname; rev = version; - sha256 = "0ig5wc6dkbly6yrvd13h4lyr8x0y7k3d9iv4rhg0pnjgcpna83mw"; + sha256 = "1n7flwrngwh6gmh72j40apf8qk52162m93hsfhgxzrivkhg37zi0"; }; buildInputs = [ @@ -37,7 +37,7 @@ stdenv.mkDerivation rec { ''; meta = with stdenv.lib; { - description = "GTK theme supporting Budgie, Pantheon, Mate and Xfce4 desktops"; + description = "GTK theme supporting Budgie, Pantheon, Mate, Xfce4 and GNOME desktops"; homepage = "https://www.pling.com/p/1239855/"; license = licenses.cc0; platforms = platforms.unix; From 92cff610d01c4adcf92986897534008ccdd31332 Mon Sep 17 00:00:00 2001 From: Wael Nasreddine Date: Sun, 6 Sep 2020 09:32:54 -0700 Subject: [PATCH 28/76] pgformatter: 4.3 -> 4.4 (#96920) --- pkgs/development/tools/pgformatter/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/pgformatter/default.nix b/pkgs/development/tools/pgformatter/default.nix index c1cb8cea8a65..1cd9f9ea17ba 100644 --- a/pkgs/development/tools/pgformatter/default.nix +++ b/pkgs/development/tools/pgformatter/default.nix @@ -2,13 +2,13 @@ perlPackages.buildPerlPackage rec { pname = "pgformatter"; - version = "4.3"; + version = "4.4"; src = fetchFromGitHub { owner = "darold"; repo = "pgFormatter"; rev = "v${version}"; - sha256 = "0n8ydj01nmnkd8glzjb0yrsyax1pmdfvaxb5xj4pkb2mf6zm94qy"; + sha256 = "1sqjw6q005lws7qhkd26jqyb1xqmpcklzw5hk8paxxi8mzyjn0jp"; }; outputs = [ "out" ]; From 1876163f16f67b6c603b818dde1a9cdffd4406db Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sun, 6 Sep 2020 09:39:58 -0700 Subject: [PATCH 29/76] bazel-kazel: 0.0.12 -> 0.1.0 (#97074) --- pkgs/development/tools/bazel-kazel/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/bazel-kazel/default.nix b/pkgs/development/tools/bazel-kazel/default.nix index 4ae2a3e68f90..55f79a993ac5 100644 --- a/pkgs/development/tools/bazel-kazel/default.nix +++ b/pkgs/development/tools/bazel-kazel/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "bazel-kazel"; - version = "0.0.12"; + version = "0.1.0"; src = fetchFromGitHub { owner = "kubernetes"; repo = "repo-infra"; rev = "v${version}"; - sha256 = "1mnyp116q54xy7flml4cdcsbczhyyqnpyn2pnqrzy49aahbhpn5z"; + sha256 = "121asn0h2vfgqnjk72wqjcfq0w15k15abjdm39i8hv455kzrc2hs"; }; vendorSha256 = "1pzkjh4n9ai8yqi98bkdhicjdr2l8j3fckl5n90c2gdcwqyxvgkf"; From f06b103ef9c8434f1de9be0681d1b72e47f8ecce Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 9 Jul 2020 03:20:03 +0000 Subject: [PATCH 30/76] eventstat: 0.04.09 -> 0.04.10 --- pkgs/os-specific/linux/eventstat/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/eventstat/default.nix b/pkgs/os-specific/linux/eventstat/default.nix index 6dfaa6ab38bb..ca4984257212 100644 --- a/pkgs/os-specific/linux/eventstat/default.nix +++ b/pkgs/os-specific/linux/eventstat/default.nix @@ -2,10 +2,10 @@ stdenv.mkDerivation rec { pname = "eventstat"; - version = "0.04.09"; + version = "0.04.10"; src = fetchzip { url = "https://kernel.ubuntu.com/~cking/tarballs/eventstat/eventstat-${version}.tar.gz"; - sha256 = "1b3m58mak62ym2amnmk62c2d6fypk30fw6jsmirh1qz7dwix4bl5"; + sha256 = "0rmg49m56qxji7gwci03pkk4f4hnaq1n2x1348dqkaf5zs5nhi6b"; }; buildInputs = [ ncurses ]; installFlags = [ "DESTDIR=$(out)" ]; From 2c58c24ef87a697461cfd1afc6eda35d8b261235 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 7 Jul 2020 23:13:37 +0000 Subject: [PATCH 31/76] wimlib: 1.13.1 -> 1.13.2 --- pkgs/tools/archivers/wimlib/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/archivers/wimlib/default.nix b/pkgs/tools/archivers/wimlib/default.nix index da01602cca43..51f75ee923d3 100644 --- a/pkgs/tools/archivers/wimlib/default.nix +++ b/pkgs/tools/archivers/wimlib/default.nix @@ -8,7 +8,7 @@ }: stdenv.mkDerivation rec { - version = "1.13.1"; + version = "1.13.2"; pname = "wimlib"; nativeBuildInputs = [ pkgconfig makeWrapper ]; @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://wimlib.net/downloads/${pname}-${version}.tar.gz"; - sha256 = "0pxgrpr3dr81rcf2jh71aiiq3v4anc5sj1nld18f2vhvbijbrx27"; + sha256 = "0id9ym3hzij4kpdrk0sz3ijxp5r0z1md5jch83pml9hdy1zbx5bj"; }; preBuild = '' From 6c2059b334795081e2ba4e64fef6c24b4e919f0a Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Fri, 10 Jul 2020 20:18:09 +0000 Subject: [PATCH 32/76] qwt6_qt4: 6.1.4 -> 6.1.5 --- pkgs/development/libraries/qwt/6_qt4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/qwt/6_qt4.nix b/pkgs/development/libraries/qwt/6_qt4.nix index 04bc0d7ed22e..4b7aa9cf7f98 100644 --- a/pkgs/development/libraries/qwt/6_qt4.nix +++ b/pkgs/development/libraries/qwt/6_qt4.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, qt4, qmake4Hook, AGL }: stdenv.mkDerivation rec { - name = "qwt-6.1.4"; + name = "qwt-6.1.5"; src = fetchurl { url = "mirror://sourceforge/qwt/${name}.tar.bz2"; - sha256 = "1navkcnmn0qz8kzsyqmk32d929zl72l0b580w1ica7z5559j2a8m"; + sha256 = "0hf0mpca248xlqn7xnzkfj8drf19gdyg5syzklvq8pibxiixwxj0"; }; buildInputs = [ From f151fd87d7d400e36a2196d2f946cc5f7f6ddf81 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 11 Jul 2020 04:23:28 +0000 Subject: [PATCH 33/76] sysvinit: 2.96 -> 2.97 --- pkgs/os-specific/linux/sysvinit/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/sysvinit/default.nix b/pkgs/os-specific/linux/sysvinit/default.nix index 0fc5acba4dac..5d081f2db825 100644 --- a/pkgs/os-specific/linux/sysvinit/default.nix +++ b/pkgs/os-specific/linux/sysvinit/default.nix @@ -1,13 +1,13 @@ { stdenv, fetchurl, withoutInitTools ? false }: -let version = "2.96"; in +let version = "2.97"; in stdenv.mkDerivation { name = (if withoutInitTools then "sysvtools" else "sysvinit") + "-" + version; src = fetchurl { url = "mirror://savannah/sysvinit/sysvinit-${version}.tar.xz"; - sha256 = "11xmcamvjmrw874zp0vc37hrqc4hz02i0iy8n4xa4dd25avjcbia"; + sha256 = "042iyayyh3j28vfbypzn822b73r3nfmyn79f9mixigqrfn2rcn9d"; }; prePatch = '' From 1311343c4073f1fe35029a714968561607e4031e Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Fri, 24 Jul 2020 01:47:41 +0000 Subject: [PATCH 34/76] fx_cast_bridge: 0.0.6 -> 0.0.7 --- pkgs/tools/misc/fx_cast/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/misc/fx_cast/default.nix b/pkgs/tools/misc/fx_cast/default.nix index ec977d48572d..d24ff0e05161 100644 --- a/pkgs/tools/misc/fx_cast/default.nix +++ b/pkgs/tools/misc/fx_cast/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "fx_cast_bridge"; - version = "0.0.6"; + version = "0.0.7"; src = fetchurl { url = "https://github.com/hensm/fx_cast/releases/download/v${version}/${pname}-${version}-x64.deb"; - sha256 = "1mjpwd27b0cpigz4cc2mdl97d78rj5ikn2bqfdic50lqjciaqi1b"; + sha256 = "0kd58vzsq1qzl7qsh1qv25ylxvr5y37li03gjb48x4vhd85slzz5"; }; nativeBuildInputs = [ dpkg ]; From c39f775f20bd840849dab133d941135443d2a682 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 2 Jul 2020 12:06:44 +0000 Subject: [PATCH 35/76] icingaweb2: 2.8.0 -> 2.8.1 --- pkgs/servers/icingaweb2/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/icingaweb2/default.nix b/pkgs/servers/icingaweb2/default.nix index a35b54592721..6414d445a00d 100644 --- a/pkgs/servers/icingaweb2/default.nix +++ b/pkgs/servers/icingaweb2/default.nix @@ -1,12 +1,12 @@ { stdenv, lib, fetchFromGitHub, makeWrapper, php }: with lib; stdenv.mkDerivation rec { pname = "icingaweb2"; - version = "2.8.0"; + version = "2.8.1"; src = fetchFromGitHub { owner = "Icinga"; repo = "icingaweb2"; rev = "v${version}"; - sha256 = "18q3d15w7d46g4vyq4iph5c1bbxcl8ikcdc8djrfi30wx36ziybs"; + sha256 = "1hmw681a2qv578npr389szkxpbhcfqzq9c1wzkbjjm3avnvi37mf"; }; nativeBuildInputs = [ makeWrapper ]; From cd435ce7d30fe5e04890d0f63cd9329fa14e1812 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 30 Jun 2020 09:29:04 +0000 Subject: [PATCH 36/76] opencl-clhpp: 2.0.11 -> 2.0.12 --- pkgs/development/libraries/opencl-clhpp/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/opencl-clhpp/default.nix b/pkgs/development/libraries/opencl-clhpp/default.nix index bf45bc90f197..1486ea93175b 100644 --- a/pkgs/development/libraries/opencl-clhpp/default.nix +++ b/pkgs/development/libraries/opencl-clhpp/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "opencl-clhpp"; - version = "2.0.11"; + version = "2.0.12"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "OpenCL-CLHPP"; rev = "v${version}"; - sha256 = "0a0n0f1lb86cwfm0ndzykcn965vz1v0n9n3rfmkiwrzkdhc9iy2y"; + sha256 = "04g3mg2cpbi048fxxkghra81bpxzqr4r3gspx5mvqipx1lzypsci"; }; nativeBuildInputs = [ cmake python ]; From a5121f73e3f89556d33e7b1fc9c6d70673b20458 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 30 Jun 2020 02:35:37 +0000 Subject: [PATCH 37/76] catch2: 2.12.2 -> 2.12.3 --- pkgs/development/libraries/catch2/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/catch2/default.nix b/pkgs/development/libraries/catch2/default.nix index ec3c04856fe3..49b2e9be02ca 100644 --- a/pkgs/development/libraries/catch2/default.nix +++ b/pkgs/development/libraries/catch2/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "catch2"; - version = "2.12.2"; + version = "2.12.3"; src = fetchFromGitHub { owner = "catchorg"; repo = "Catch2"; rev = "v${version}"; - sha256="17fr2k0jhdcrmmvvb9d8igmjbyads3hkdrakvmrpgc82srm78jcc"; + sha256="0rp30754frp88wbl17ksr40mmffw5xibq73blgx9jj42d7nl891x"; }; nativeBuildInputs = [ cmake ]; From d4f6c94d34dcd146fcb470b4b10c697a3e10cf77 Mon Sep 17 00:00:00 2001 From: Vincent Laporte Date: Tue, 1 Sep 2020 08:51:35 +0200 Subject: [PATCH 38/76] ocamlPackages.labltk: init at 8.06.9 for OCaml 4.11 --- pkgs/development/ocaml-modules/labltk/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/development/ocaml-modules/labltk/default.nix b/pkgs/development/ocaml-modules/labltk/default.nix index e7b68b907137..1c8edea66fb7 100644 --- a/pkgs/development/ocaml-modules/labltk/default.nix +++ b/pkgs/development/ocaml-modules/labltk/default.nix @@ -52,6 +52,10 @@ let param = version = "8.06.8"; sha256 = "0lfjc7lscq81ibqb3fcybdzs2r1i2xl7rsgi7linq46a0pcpkinw"; }; + "4.11" = mkNewParam { + version = "8.06.9"; + sha256 = "1k42k3bjkf22gk39lwwzqzfhgjyhxnclslldrzpg5qy1829pbnc0"; + }; }.${builtins.substring 0 4 ocaml.version}; in From 7dce8e217115c6a842ced6008df36f6c4831a0b4 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 7 Jul 2020 00:51:55 +0000 Subject: [PATCH 39/76] python27Packages.pydub: 0.24.0 -> 0.24.1 --- pkgs/development/python-modules/pydub/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pydub/default.nix b/pkgs/development/python-modules/pydub/default.nix index 8499db31e02c..42d33c00cbe8 100644 --- a/pkgs/development/python-modules/pydub/default.nix +++ b/pkgs/development/python-modules/pydub/default.nix @@ -2,13 +2,13 @@ buildPythonPackage rec { pname = "pydub"; - version = "0.24.0"; + version = "0.24.1"; # pypi version doesn't include required data files for tests src = fetchFromGitHub { owner = "jiaaro"; repo = pname; rev = "v${version}"; - sha256 = "0cnhkk44cn3wa4fmd1rwzdx2zgrn87qg25pbcp9wsisdlpn4bj6d"; + sha256 = "1pv4n54kkjpbjlvwh9b6a7zyq1ylg0fjmd2q4ws9nc2a6mrcivhc"; }; From e6cbcc2ac1f042e13d36a5c8f5c89777dad128b5 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Sun, 6 Sep 2020 20:29:31 +0200 Subject: [PATCH 40/76] python3Packages.scapy: 2.4.3 -> 2.4.4 (#97215) --- .../python-modules/scapy/default.nix | 50 +++++++++++++------ .../python-modules/scapy/fix-version.patch | 13 ----- 2 files changed, 36 insertions(+), 27 deletions(-) delete mode 100644 pkgs/development/python-modules/scapy/fix-version.patch diff --git a/pkgs/development/python-modules/scapy/default.nix b/pkgs/development/python-modules/scapy/default.nix index ec0ccc102f34..2b9eb5517a46 100644 --- a/pkgs/development/python-modules/scapy/default.nix +++ b/pkgs/development/python-modules/scapy/default.nix @@ -1,6 +1,6 @@ -{ buildPythonPackage, fetchFromGitHub, lib, isPyPy, isPy3k, pythonOlder +{ buildPythonPackage, fetchFromGitHub, lib, isPyPy , pycrypto, ecdsa # TODO -, enum34, mock +, tox, mock, coverage, can, brotli , withOptionalDeps ? true, tcpdump, ipython , withCryptography ? true, cryptography , withVoipSupport ? true, sox @@ -13,7 +13,7 @@ buildPythonPackage rec { pname = "scapy"; - version = "2.4.3"; + version = "2.4.4"; disabled = isPyPy; @@ -21,14 +21,11 @@ buildPythonPackage rec { owner = "secdev"; repo = "scapy"; rev = "v${version}"; - sha256 = "08ypdzp0p3gvmz3pwi0i9q5f7hz9cq8yn6gawia49ynallwnv4zy"; + sha256 = "1wpx7gps3g8q5ykbfcd67mxwcs416zg37b53fwfzzlc1m58vhk3p"; }; - # TODO: Temporary workaround - patches = [ ./fix-version.patch ]; - postPatch = '' - sed -i "s/NIXPKGS_SCAPY_VERSION/${version}/" scapy/__init__.py + printf "${version}" > scapy/VERSION '' + lib.optionalString withManufDb '' substituteInPlace scapy/data.py --replace "/opt/wireshark" "${wireshark}" ''; @@ -38,16 +35,41 @@ buildPythonPackage rec { ++ lib.optional withCryptography cryptography ++ lib.optional withVoipSupport sox ++ lib.optional withPlottingSupport matplotlib - ++ lib.optionals withGraphicsSupport [ pyx texlive.combined.scheme-minimal graphviz imagemagick ] - ++ lib.optional (isPy3k && pythonOlder "3.4") enum34 - ++ lib.optional doCheck mock; + ++ lib.optionals withGraphicsSupport [ pyx texlive.combined.scheme-minimal graphviz imagemagick ]; - # Tests fail with Python 3.6 (seems to be an upstream bug, I'll investigate) - doCheck = if isPy3k then false else true; + # Running the tests seems too complicated: + doCheck = false; + checkInputs = [ tox mock coverage can brotli ]; + checkPhase = '' + patchShebangs . + .config/ci/test.sh + ''; meta = with lib; { - description = "Powerful interactive network packet manipulation program"; + description = "A Python-based network packet manipulation program and library"; + longDescription = '' + Scapy is a powerful Python-based interactive packet manipulation program + and library. + + It is able to forge or decode packets of a wide number of protocols, send + them on the wire, capture them, store or read them using pcap files, + match requests and replies, and much more. It is designed to allow fast + packet prototyping by using default values that work. + + It can easily handle most classical tasks like scanning, tracerouting, + probing, unit tests, attacks or network discovery (it can replace hping, + 85% of nmap, arpspoof, arp-sk, arping, tcpdump, wireshark, p0f, etc.). It + also performs very well at a lot of other specific tasks that most other + tools can't handle, like sending invalid frames, injecting your own + 802.11 frames, combining techniques (VLAN hopping+ARP cache poisoning, + VoIP decoding on WEP protected channel, ...), etc. + + Scapy supports Python 2.7 and Python 3 (3.4 to 3.8). It's intended to be + cross platform, and runs on many different platforms (Linux, OSX, *BSD, + and Windows). + ''; homepage = "https://scapy.net/"; + changelog = "https://github.com/secdev/scapy/releases/tag/v${version}"; license = licenses.gpl2; platforms = platforms.unix; maintainers = with maintainers; [ primeos bjornfor ]; diff --git a/pkgs/development/python-modules/scapy/fix-version.patch b/pkgs/development/python-modules/scapy/fix-version.patch deleted file mode 100644 index c39458e9feac..000000000000 --- a/pkgs/development/python-modules/scapy/fix-version.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/scapy/__init__.py b/scapy/__init__.py -index d5ad6164..245ce2fb 100644 ---- a/scapy/__init__.py -+++ b/scapy/__init__.py -@@ -90,7 +90,7 @@ def _version(): - return 'unknown.version' - - --VERSION = __version__ = _version() -+VERSION = __version__ = "NIXPKGS_SCAPY_VERSION" - VERSION_MAIN = re.search(r"[0-9.]+", VERSION).group() - - if __name__ == "__main__": From 02590c96209d374d7f720293fcb8337e17104bc9 Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Sun, 6 Sep 2020 14:57:51 -0400 Subject: [PATCH 41/76] nixos/qemu-vm: support nix run --- nixos/modules/virtualisation/qemu-vm.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 42e43f5ee023..d3ee3d54b3b7 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -702,7 +702,7 @@ in services.qemuGuest.enable = cfg.qemu.guestAgent.enable; - system.build.vm = pkgs.runCommand "nixos-vm" { preferLocalBuild = true; } + system.build.vm = pkgs.runCommand "run-${config.system.name}-vm" { preferLocalBuild = true; } '' mkdir -p $out/bin ln -s ${config.system.build.toplevel} $out/system From a8d6e4b7a5ac72da37f1dae32b13687d8bf4bf5b Mon Sep 17 00:00:00 2001 From: Nikolay Korotkiy Date: Sun, 6 Sep 2020 22:10:45 +0300 Subject: [PATCH 42/76] hping: 20051105 -> 2014-12-26 (#94683) --- pkgs/tools/networking/hping/default.nix | 55 +++++++++++-------------- 1 file changed, 23 insertions(+), 32 deletions(-) diff --git a/pkgs/tools/networking/hping/default.nix b/pkgs/tools/networking/hping/default.nix index 1ef02b599e83..daa0ba38e9ee 100644 --- a/pkgs/tools/networking/hping/default.nix +++ b/pkgs/tools/networking/hping/default.nix @@ -1,50 +1,41 @@ -{ stdenv, fetchurl, libpcap, tcl }: +{ stdenv, fetchFromGitHub, libpcap, withTcl ? true, tcl }: stdenv.mkDerivation rec { pname = "hping"; - version = "20051105"; + version = "2014-12-26"; - src = fetchurl { - url = "http://www.hping.org/hping3-${version}.tar.gz"; - sha256 = "1s5f9xd1msx05ibhwaw37jmc7l9fahcxxslqz8a83p0i5ak739pm"; + src = fetchFromGitHub { + owner = "antirez"; + repo = pname; + rev = "3547c7691742c6eaa31f8402e0ccbb81387c1b99"; # there are no tags/releases + sha256 = "0y0n1ybij3yg9lfgzcwfmjz1sjg913zcqrv391xx83dm0j80sdpb"; }; - buildInputs = [ libpcap tcl ]; + buildInputs = [ libpcap ] ++ stdenv.lib.optional withTcl tcl; - configurePhase = '' - MANPATH="$out/share/man" ./configure - sed -i -r -e 's|/usr(/s?bin)|'"$out"'\1|g' Makefile - ''; - - TCLSH = "${tcl}/bin/tclsh"; - - prePatch = '' - sed -i -e '/#if.*defined(__i386__)/a \ - || defined(__x86_64__) \\ - ' bytesex.h - - sed -i -e 's|#include.*net/bpf.h|#include |' \ + postPatch = '' + substituteInPlace Makefile.in --replace "gcc" "$CC" + substituteInPlace version.c --replace "RELEASE_DATE" "\"$version\"" + '' + stdenv.lib.optionalString stdenv.isLinux '' + sed -i -e 's|#include |#include |' \ libpcap_stuff.c script.c - - sed -i -r -e 's|"(/usr/(local/)?)?bin/"|"${tcl}/bin"|g' \ - -e 's!/usr/(local/)?(lib|include)!${tcl}/\2!g' \ - configure ''; - preInstall = '' - mkdir -vp "$out/sbin" "$out/share/man/man8" - ''; + configureFlags = [ (if withTcl then "TCLSH=${tcl}/bin/tclsh" else "--no-tcl") ]; - postInstall = '' - ln -vs hping3.8.gz "$out/share/man/man8/hping.8.gz" - ln -vs hping3.8.gz "$out/share/man/man8/hping2.8.gz" + installPhase = '' + install -Dm755 hping3 -t $out/sbin + ln -s $out/sbin/hping3 $out/sbin/hping + ln -s $out/sbin/hping3 $out/sbin/hping2 + install -Dm644 docs/hping3.8 -t $out/share/man/man8 + ln -s hping3.8.gz $out/share/man/man8/hping.8.gz + ln -s hping3.8.gz $out/share/man/man8/hping2.8.gz ''; meta = with stdenv.lib; { description = "A command-line oriented TCP/IP packet assembler/analyzer"; homepage = "http://www.hping.org/"; - license = licenses.gpl2; - platforms = platforms.all; - broken = stdenv.isDarwin; + license = licenses.gpl2Only; + platforms = platforms.unix; }; } From 1835fc455bf1fb71fc1ad36715acca630e4c871a Mon Sep 17 00:00:00 2001 From: Matthieu Coudron Date: Mon, 16 Sep 2019 19:21:23 +0900 Subject: [PATCH 43/76] services.openssh: add banner Add the possibility to setup a banner. Co-authored-by: Silvan Mosberger --- nixos/modules/services/networking/ssh/sshd.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 17f31e3a488d..0db77e07978d 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -232,6 +232,14 @@ in ''; }; + banner = mkOption { + type = types.nullOr types.lines; + default = null; + description = '' + Message to display to the remote user before authentication is allowed. + ''; + }; + authorizedKeysFiles = mkOption { type = types.listOf types.str; default = []; @@ -474,6 +482,8 @@ in '' UsePAM yes + Banner ${if cfg.banner == null then "none" else pkgs.writeText "ssh_banner" cfg.banner} + AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} ${concatMapStrings (port: '' Port ${toString port} From cac533953182afb16d07036778578e4b49719d8d Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Sun, 6 Sep 2020 16:41:58 +0200 Subject: [PATCH 44/76] nixos/doc/borgbackup: correct install instructions for `vorta` No need to fiddle around with `flatpack` to get `vorta`, a graphical desktop-client for `borgbackup` running as it's available in `nixpkgs`. --- nixos/modules/services/backup/borgbackup.xml | 22 ++------------------ 1 file changed, 2 insertions(+), 20 deletions(-) diff --git a/nixos/modules/services/backup/borgbackup.xml b/nixos/modules/services/backup/borgbackup.xml index bef7db608f82..a197f38ffb9d 100644 --- a/nixos/modules/services/backup/borgbackup.xml +++ b/nixos/modules/services/backup/borgbackup.xml @@ -197,26 +197,8 @@ sudo borg init --encryption=repokey-blake2 \ disk failure, ransomware and theft. - It is available as a flatpak package. To enable it you must set the - following two configuration items. - - - -services.flatpak.enable = true ; -# next line is needed to avoid the Error -# Error deploying: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: -services.accounts-daemon.enable = true; - - - As a normal user you must first install, then run vorta using the - following commands: - -flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo -flatpak install flathub com.borgbase.Vorta -flatpak run --branch=stable --arch=x86_64 --command=vorta com.borgbase.Vorta - - After running flatpak install you can start Vorta also via - the KDE application menu. + It can be installed in NixOS e.g. by adding pkgs.vorta + to . Details about using Vorta can be found under Date: Fri, 3 Jul 2020 21:06:32 +0000 Subject: [PATCH 45/76] keepalived: 2.0.20 -> 2.1.3 --- pkgs/tools/networking/keepalived/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/keepalived/default.nix b/pkgs/tools/networking/keepalived/default.nix index 076953161a33..11ebe228be88 100644 --- a/pkgs/tools/networking/keepalived/default.nix +++ b/pkgs/tools/networking/keepalived/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { pname = "keepalived"; - version = "2.0.20"; + version = "2.1.3"; src = fetchFromGitHub { owner = "acassen"; repo = "keepalived"; rev = "v${version}"; - sha256 = "0ijzw56hbac24dhrgjd0hjgf45072imyzq3mcgsirdl3xqjc6x12"; + sha256 = "1zdfvicpll7a5iw6p12pmdcg8y30mr0j5miycn0nhjp8yzi9hdc5"; }; buildInputs = [ From e976a70f5f7fbe2d5d91d5141e18864da4fde459 Mon Sep 17 00:00:00 2001 From: Dave Gallant Date: Sun, 6 Sep 2020 17:08:05 -0400 Subject: [PATCH 46/76] awscli2: 2.0.36 -> 2.0.46 (#97304) --- pkgs/tools/admin/awscli2/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/tools/admin/awscli2/default.nix b/pkgs/tools/admin/awscli2/default.nix index c264c86260e2..bcf0a6c4b0cd 100644 --- a/pkgs/tools/admin/awscli2/default.nix +++ b/pkgs/tools/admin/awscli2/default.nix @@ -8,12 +8,12 @@ let py = python3.override { packageOverrides = self: super: { botocore = super.botocore.overridePythonAttrs (oldAttrs: rec { - version = "2.0.0dev40"; + version = "2.0.0dev50"; src = fetchFromGitHub { owner = "boto"; repo = "botocore"; - rev = "6b3f96c5e985597053850f0c2761d503d4c18bfe"; - sha256 = "1ffx86m3b592kj331800qbcz5f532z8kzf1wmd04i4bfiqvqn4h8"; + rev = "e3dceaf9052cc8e221ea757207d5ba37054af2b8"; + sha256 = "0fcf78il4z6gr4gg0jy2h5045ifkslsgldnk6zyvzcl5gykp8i2f"; }; }); prompt_toolkit = super.prompt_toolkit.overridePythonAttrs (oldAttrs: rec { @@ -29,13 +29,13 @@ let in with py.pkgs; buildPythonApplication rec { pname = "awscli2"; - version = "2.0.36"; # N.B: if you change this, change botocore to a matching version too + version = "2.0.46"; # N.B: if you change this, change botocore to a matching version too src = fetchFromGitHub { owner = "aws"; repo = "aws-cli"; rev = version; - hash = "sha256:05c9lss7jg7bwaij1nxwg50grah68zamcixy8jiw3hpc1vdighql"; + hash = "sha256:10bq4m7hsmj1m7nwr3jgpfvm8bx091vl2hig574r1bjmsi32vy58"; }; postPatch = '' From 22e61f43147c3f0480c7bab0b43ea594e7be7316 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Sun, 6 Sep 2020 12:07:46 +1000 Subject: [PATCH 47/76] buildah: 1.15.2 -> 1.16.0 https://github.com/containers/buildah/releases/tag/V1.16.0 --- pkgs/development/tools/buildah/default.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/pkgs/development/tools/buildah/default.nix b/pkgs/development/tools/buildah/default.nix index ec47fdadd1b9..7f1d90291f44 100644 --- a/pkgs/development/tools/buildah/default.nix +++ b/pkgs/development/tools/buildah/default.nix @@ -1,6 +1,7 @@ { stdenv , buildGoModule , fetchFromGitHub +, go-md2man , installShellFiles , pkg-config , gpgme @@ -13,13 +14,13 @@ buildGoModule rec { pname = "buildah"; - version = "1.15.2"; + version = "1.16.0"; src = fetchFromGitHub { owner = "containers"; repo = "buildah"; - rev = "v${version}"; - sha256 = "13kqcdrdzkbg6h5za6hhkzdx4nbrg5yl97ydj2hfcakl00q4y0dp"; + rev = "V${version}"; + sha256 = "0z9fblxm3pk2jqw7h36clmj8k4k39n6ab536lyh0rp6p7hz5a988"; }; outputs = [ "out" "man" ]; @@ -28,7 +29,7 @@ buildGoModule rec { doCheck = false; - nativeBuildInputs = [ installShellFiles pkg-config ]; + nativeBuildInputs = [ go-md2man installShellFiles pkg-config ]; buildInputs = [ btrfs-progs @@ -41,12 +42,12 @@ buildGoModule rec { buildPhase = '' patchShebangs . - make GIT_COMMIT="unknown" - make -C docs + make bin/buildah GIT_COMMIT="unknown" + make -C docs GOMD2MAN="${go-md2man}/bin/go-md2man" ''; installPhase = '' - install -Dm755 buildah $out/bin/buildah + install -Dm755 bin/buildah $out/bin/buildah installShellCompletion --bash contrib/completions/bash/buildah make -C docs install PREFIX="$man" ''; From 60f27064aaa6b2c1257447ac3f80bf6830ab61a8 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Sun, 6 Sep 2020 23:20:05 +0200 Subject: [PATCH 48/76] gammastep: 2.0.1 -> 2.0.2 (#97290) --- pkgs/applications/misc/redshift/default.nix | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/pkgs/applications/misc/redshift/default.nix b/pkgs/applications/misc/redshift/default.nix index a95e5226f9bd..86c787df62aa 100644 --- a/pkgs/applications/misc/redshift/default.nix +++ b/pkgs/applications/misc/redshift/default.nix @@ -24,11 +24,6 @@ let ./575.patch ]; - postPatch = stdenv.lib.optionalString (pname == "gammastep") '' - substituteInPlace configure.ac \ - --replace "[gammastep], [2.0]" "[gammastep], [${version}]" - ''; - nativeBuildInputs = [ autoconf automake @@ -132,13 +127,13 @@ rec { gammastep = mkRedshift rec { pname = "gammastep"; - version = "2.0.1"; + version = "2.0.2"; src = fetchFromGitLab { owner = "chinstrap"; repo = pname; rev = "v${version}"; - sha256 = "1ky4h892sg2mfbwwq5xv0vnjflsl2x3nsy5q456r1kyk1gwkj0rg"; + sha256 = "09wqlz3yya955galhs20014qfwm2yk0lxhyqdsw8gwddvcpyprzg"; }; meta = redshift.meta // { From 1fa610bdf089891d18efbfdd2d6c6b5b3b62a384 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Sun, 6 Sep 2020 23:20:30 +0200 Subject: [PATCH 49/76] chromium: Prefix $PATH with xdg_utils (#96922) This is required for certain URIs that require launching external programs (e.g. mailto:, magnet:, or irc:) or setting the default browser via xdg-settings. Fix #96897 and fix #92751. --- pkgs/applications/networking/browsers/chromium/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index b04c3cce7764..1c811acd2547 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -1,5 +1,5 @@ { newScope, config, stdenv, fetchurl, makeWrapper -, llvmPackages_10, llvmPackages_11, ed, gnugrep, coreutils +, llvmPackages_10, llvmPackages_11, ed, gnugrep, coreutils, xdg_utils , glib, gtk3, gnome3, gsettings-desktop-schemas, gn, fetchgit , libva ? null , pipewire_0_2 @@ -204,6 +204,9 @@ in stdenv.mkDerivation { export XDG_DATA_DIRS=$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH\''${XDG_DATA_DIRS:+:}\$XDG_DATA_DIRS + # Mainly for xdg-open but also other xdg-* tools: + export PATH="${xdg_utils}/bin\''${PATH:+:}\$PATH" + . w EOF From 1cd9dafce0bc6cf391bd158d37c40e3d29a4c2f3 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 30 Jun 2020 10:50:17 +0000 Subject: [PATCH 50/76] ott: 0.30 -> 0.31 --- pkgs/applications/science/logic/ott/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/science/logic/ott/default.nix b/pkgs/applications/science/logic/ott/default.nix index fa2ad9c4abc4..4f1b984b995f 100644 --- a/pkgs/applications/science/logic/ott/default.nix +++ b/pkgs/applications/science/logic/ott/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "ott"; - version = "0.30"; + version = "0.31"; src = fetchFromGitHub { owner = "ott-lang"; repo = "ott"; rev = version; - sha256 = "16bxfnm30z94x36vr8vs6zd6fj55vnb7aypjl6hf7clk42040brc"; + sha256 = "0l81126i2qkz11fs5yrjdgymnqgjcs5avb7f951h61yh1s68jpnn"; }; nativeBuildInputs = [ pkgconfig ]; From 0b64a70398f904165a25369afe350515f39156fe Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Fri, 3 Jul 2020 14:21:49 +0000 Subject: [PATCH 51/76] guile-sdl2: 0.4.0 -> 0.5.0 --- pkgs/development/guile-modules/guile-sdl2/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/guile-modules/guile-sdl2/default.nix b/pkgs/development/guile-modules/guile-sdl2/default.nix index be885d990ece..061d3c4a1dba 100644 --- a/pkgs/development/guile-modules/guile-sdl2/default.nix +++ b/pkgs/development/guile-modules/guile-sdl2/default.nix @@ -5,13 +5,13 @@ let name = "${pname}-${version}"; pname = "guile-sdl2"; - version = "0.4.0"; + version = "0.5.0"; in stdenv.mkDerivation { inherit name; src = fetchurl { url = "https://files.dthompson.us/${pname}/${name}.tar.gz"; - sha256 = "0zcxwgyadwpbhq6h5mv2569c3kalgra26zc186y9fqiyyzmh1v9s"; + sha256 = "118x0cg7fzbsyrfhy5f9ab7dqp9czgia0ycgzp6sn3nlsdrcnr4m"; }; nativeBuildInputs = [ libtool pkgconfig ]; From dd2727773a23d5aac1f084f0b0891bf5b797199d Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Sun, 6 Sep 2020 19:45:10 -0400 Subject: [PATCH 52/76] Revert "nixos/qemu-vm: support nix run" This reverts commit 02590c96209d374d7f720293fcb8337e17104bc9. https://github.com/NixOS/nixpkgs/commit/02590c96209d374d7f720293fcb8337e17104bc9#commitcomment-42078853 --- nixos/modules/virtualisation/qemu-vm.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index d3ee3d54b3b7..42e43f5ee023 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -702,7 +702,7 @@ in services.qemuGuest.enable = cfg.qemu.guestAgent.enable; - system.build.vm = pkgs.runCommand "run-${config.system.name}-vm" { preferLocalBuild = true; } + system.build.vm = pkgs.runCommand "nixos-vm" { preferLocalBuild = true; } '' mkdir -p $out/bin ln -s ${config.system.build.toplevel} $out/system From 8d5d41e776eb2052d14eb100f8a31b96a42c12e3 Mon Sep 17 00:00:00 2001 From: Diego Rodriguez Date: Sun, 6 Sep 2020 18:24:12 -0600 Subject: [PATCH 53/76] kubernetes-helm: 3.3.0 -> 3.3.1 (#97147) --- pkgs/applications/networking/cluster/helm/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/networking/cluster/helm/default.nix b/pkgs/applications/networking/cluster/helm/default.nix index bb76ad698821..3e24a3d06087 100644 --- a/pkgs/applications/networking/cluster/helm/default.nix +++ b/pkgs/applications/networking/cluster/helm/default.nix @@ -2,15 +2,15 @@ buildGoModule rec { pname = "helm"; - version = "3.3.0"; + version = "3.3.1"; src = fetchFromGitHub { owner = "helm"; repo = "helm"; rev = "v${version}"; - sha256 = "0bp2yscrvdm46w2nxas5zs9mcvdn2yp05k0wmcjl7gh42fs6hmcs"; + sha256 = "0y3ilvafzwizd9zqvp8jijkkd1c2yy7zyl5xfma1zv2x96p7xgqh"; }; - vendorSha256 = "0lccglh5qpm5kp8xp1pn7y4cfxjpax83gyzjmnhh9h5y9zwgqp03"; + vendorSha256 = "0f8a0psvic923rh13f5041p7hr6w8dy9qxdw3l195yky5cf3fj6w"; doCheck = false; @@ -28,6 +28,6 @@ buildGoModule rec { homepage = "https://github.com/kubernetes/helm"; description = "A package manager for kubernetes"; license = licenses.asl20; - maintainers = with maintainers; [ rlupton20 edude03 saschagrunert Frostman ]; + maintainers = with maintainers; [ rlupton20 edude03 saschagrunert Frostman Chili-Man ]; }; } From 6ed06dca054f0f0ebf1ba6e355b8cf7dbb5166d6 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Mon, 7 Sep 2020 00:47:22 +0000 Subject: [PATCH 54/76] terragrunt: 0.23.33 -> 0.23.40 --- pkgs/applications/networking/cluster/terragrunt/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/cluster/terragrunt/default.nix b/pkgs/applications/networking/cluster/terragrunt/default.nix index 14744f188b0b..e8b602b8a804 100644 --- a/pkgs/applications/networking/cluster/terragrunt/default.nix +++ b/pkgs/applications/networking/cluster/terragrunt/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "terragrunt"; - version = "0.23.33"; + version = "0.23.40"; src = fetchFromGitHub { owner = "gruntwork-io"; repo = pname; rev = "v${version}"; - sha256 = "0fsyvmdg2llnzy0yzmiihnb865ccq2sn6d3i935dflppnjyp01p4"; + sha256 = "0gd2g1nl8dgj24mzk4qymcwnp6prbi3qxj863rkpi3k32zy2iw4k"; }; - vendorSha256 = "05p72l724qqf61dn0frahf4awvkkcw8cpl6nhwlacd1jw8c14fjl"; + vendorSha256 = "0f466qn5vp74mwx9s4rcbw1x793w8hr5dcf2c12sgshya1bxs4nl"; doCheck = false; From 2ff86abc6950f67c39db69a038d0a5fbb0ccbc05 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Mon, 7 Sep 2020 04:44:53 +0000 Subject: [PATCH 55/76] topgrade: 5.5.0 -> 5.7.0 --- pkgs/tools/misc/topgrade/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/misc/topgrade/default.nix b/pkgs/tools/misc/topgrade/default.nix index f009de0a6fce..b7b38766db38 100644 --- a/pkgs/tools/misc/topgrade/default.nix +++ b/pkgs/tools/misc/topgrade/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "topgrade"; - version = "5.5.0"; + version = "5.7.0"; src = fetchFromGitHub { owner = "r-darwish"; repo = pname; rev = "v${version}"; - sha256 = "1adx029cq30g0qnrvdq2di8bpadzdxrpbsqchxfsda8zg6cprh1j"; + sha256 = "0nxqi2rykfxhvn8jzprklsc47iilxp1pmm2f17ikfyf5dgi69whb"; }; - cargoSha256 = "0jpjn6sb8bkwnq7np487hb8bkm6rv84mihmqwy3ymgdzlqcng6sk"; + cargoSha256 = "05afmz2n006331hc8yi2mq9kj574xi1iq6gr983jj75ix7n40rgg"; buildInputs = lib.optional stdenv.isDarwin Foundation; From 3690d1d7fc59875ed573b31abd3095edad6e0ea8 Mon Sep 17 00:00:00 2001 From: Peter Hoeg Date: Sun, 6 Sep 2020 10:14:02 +0800 Subject: [PATCH 56/76] calibre: build with py3 by default --- pkgs/applications/misc/calibre/default.nix | 59 ++++++++++------------ pkgs/top-level/all-packages.nix | 6 ++- 2 files changed, 31 insertions(+), 34 deletions(-) diff --git a/pkgs/applications/misc/calibre/default.nix b/pkgs/applications/misc/calibre/default.nix index a548177567ce..ea2307e4e9e0 100644 --- a/pkgs/applications/misc/calibre/default.nix +++ b/pkgs/applications/misc/calibre/default.nix @@ -16,7 +16,7 @@ , hyphen , unrarSupport ? false , chmlib -, python2Packages +, pythonPackages , libusb1 , libmtp , xdg_utils @@ -24,10 +24,6 @@ , removeReferencesTo }: -let - pypkgs = python2Packages; - -in mkDerivation rec { pname = "calibre"; version = "4.22.0"; @@ -47,7 +43,7 @@ mkDerivation rec { ] ++ lib.optional (!unrarSupport) ./dont_build_unrar_plugin.patch; prePatch = '' - sed -i "/pyqt_sip_dir/ s:=.*:= '${pypkgs.pyqt5}/share/sip/PyQt5':" \ + sed -i "/pyqt_sip_dir/ s:=.*:= '${pythonPackages.pyqt5}/share/sip/PyQt5':" \ setup/build_environment.py # Remove unneeded files and libs @@ -61,52 +57,49 @@ mkDerivation rec { nativeBuildInputs = [ pkgconfig qmake removeReferencesTo ]; - CALIBRE_PY3_PORT = builtins.toString pypkgs.isPy3k; + CALIBRE_PY3_PORT = builtins.toString pythonPackages.isPy3k; buildInputs = [ - poppler_utils - libpng - imagemagick - libjpeg - fontconfig - podofo - qtbase chmlib - icu + fontconfig hunspell hyphen - sqlite - libusb1 + icu + imagemagick + libjpeg libmtp + libpng + libusb1 + podofo + poppler_utils + qtbase + sqlite xdg_utils ] ++ ( - with pypkgs; [ + with pythonPackages; [ apsw - cssselect + beautifulsoup4 css-parser + cssselect dateutil dnspython feedparser + html2text html5-parser lxml markdown + mechanize + msgpack netifaces pillow - python pyqt5 - sip - regex - msgpack - beautifulsoup4 - html2text pyqtwebengine + python + regex + sip # the following are distributed with calibre, but we use upstream instead odfpy ] - ) ++ lib.optionals (!pypkgs.isPy3k) ( - with pypkgs; [ - mechanize - ] ); installPhase = '' @@ -121,18 +114,17 @@ mkDerivation rec { export FC_LIB_DIR=${fontconfig.lib}/lib export PODOFO_INC_DIR=${podofo.dev}/include/podofo export PODOFO_LIB_DIR=${podofo.lib}/lib - export SIP_BIN=${pypkgs.sip}/bin/sip + export SIP_BIN=${pythonPackages.sip}/bin/sip export XDG_DATA_HOME=$out/share export XDG_UTILS_INSTALL_MODE="user" - ${pypkgs.python.interpreter} setup.py install --root=$out \ + ${pythonPackages.python.interpreter} setup.py install --root=$out \ --prefix=$out \ --libdir=$out/lib \ --staging-root=$out \ --staging-libdir=$out/lib \ --staging-sharedir=$out/share - PYFILES="$out/bin/* $out/lib/calibre/calibre/web/feeds/*.py $out/lib/calibre/calibre/ebooks/metadata/*.py $out/lib/calibre/calibre/ebooks/rtf2xml/*.py" @@ -154,7 +146,8 @@ mkDerivation rec { # 2018-11-06) was a single string like the following: # /nix/store/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-podofo-0.9.6-dev/include/podofo/base/PdfVariant.h preFixup = '' - remove-references-to -t ${podofo.dev} $out/lib/calibre/calibre/plugins/podofo.so + remove-references-to -t ${podofo.dev} \ + $out/lib/calibre/calibre/plugins${lib.optionalString pythonPackages.isPy3k "/3"}/podofo.so for program in $out/bin/*; do wrapProgram $program \ diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 7a5414477e9d..3eedc0ed6d19 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -19691,7 +19691,11 @@ in calculix = callPackage ../applications/science/math/calculix {}; - calibre = libsForQt5.callPackage ../applications/misc/calibre { }; + calibre-py2 = libsForQt5.callPackage ../applications/misc/calibre { pythonPackages = python2Packages; }; + + calibre-py3 = libsForQt5.callPackage ../applications/misc/calibre { pythonPackages = python3Packages; }; + + calibre = self.calibre-py3; calligra = libsForQt5.callPackage ../applications/office/calligra { inherit (kdeApplications) akonadi-calendar akonadi-contacts; From 4b25b12ff7f42baa5d8331cae82c4adf76ed3f12 Mon Sep 17 00:00:00 2001 From: Peter Hoeg Date: Mon, 7 Sep 2020 12:47:46 +0800 Subject: [PATCH 57/76] calibre: 4.22.0 -> 4.23.0 --- pkgs/applications/misc/calibre/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/calibre/default.nix b/pkgs/applications/misc/calibre/default.nix index ea2307e4e9e0..92a491a0056f 100644 --- a/pkgs/applications/misc/calibre/default.nix +++ b/pkgs/applications/misc/calibre/default.nix @@ -26,11 +26,11 @@ mkDerivation rec { pname = "calibre"; - version = "4.22.0"; + version = "4.23.0"; src = fetchurl { url = "https://download.calibre-ebook.com/${version}/${pname}-${version}.tar.xz"; - sha256 = "0d0wmd3ijk8px1d662igal4lfmpyzynfzs6ms1bb9nf42mq2pxai"; + sha256 = "sha256-Ft5RRzzw4zb5RqVyUaHk9Pu6H4V/F9j8FKoTLn61lRg="; }; patches = [ From 2497bf4279e50b8764f70e9474293199d83e02ac Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Mon, 7 Sep 2020 00:00:00 -0500 Subject: [PATCH 58/76] calibre: remove self reference --- pkgs/top-level/all-packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 8965e1fb59c8..f1c58a40adf2 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -19705,7 +19705,7 @@ in calibre-py3 = libsForQt5.callPackage ../applications/misc/calibre { pythonPackages = python3Packages; }; - calibre = self.calibre-py3; + calibre = calibre-py3; calligra = libsForQt5.callPackage ../applications/office/calligra { inherit (kdeApplications) akonadi-calendar akonadi-contacts; From 02e6ed4b627a805c1a51cacdf5afdb8af8cb0496 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Mon, 7 Sep 2020 15:19:22 +1000 Subject: [PATCH 59/76] scc: 2.12.0 -> 2.13.0 https://github.com/boyter/scc/releases/tag/v2.13.0 --- pkgs/development/tools/misc/scc/default.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/development/tools/misc/scc/default.nix b/pkgs/development/tools/misc/scc/default.nix index 47596789de7a..8a6a1471d0a4 100644 --- a/pkgs/development/tools/misc/scc/default.nix +++ b/pkgs/development/tools/misc/scc/default.nix @@ -1,20 +1,20 @@ -{ stdenv, buildGoPackage, fetchFromGitHub }: +{ stdenv, buildGoModule, fetchFromGitHub }: -buildGoPackage rec { +buildGoModule rec { pname = "scc"; - version = "2.12.0"; + version = "2.13.0"; src = fetchFromGitHub { owner = "boyter"; repo = "scc"; rev = "v${version}"; - sha256 = "0hbcq5qn97kr9d4q9m2p1mj3ijn8zmwycrs5bgf1kfiwr09wg2yh"; + sha256 = "16p5g20n5jsbisbgikk9xny94xx6c0dxf19saa686ghh31jr2hh3"; }; - goPackagePath = "github.com/boyter/scc"; + vendorSha256 = null; # scc has a scripts/ sub-package that's for testing. - subPackages = [ "./" ]; + excludedPackages = [ "scripts" ]; meta = with stdenv.lib; { homepage = "https://github.com/boyter/scc"; From 1936b11f63d2f58ef0c7216e53e56deb804a715e Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Mon, 7 Sep 2020 07:19:26 +0200 Subject: [PATCH 60/76] utils.bash: also "fix" cc-wrapper and pkg-config-wrapper --- pkgs/build-support/cc-wrapper/default.nix | 2 +- pkgs/build-support/pkg-config-wrapper/default.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index bfb15f2f7836..fff57dd7c48f 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -453,7 +453,7 @@ stdenv.mkDerivation { substituteAll ${./add-flags.sh} $out/nix-support/add-flags.sh substituteAll ${./add-hardening.sh} $out/nix-support/add-hardening.sh - substituteAll ${../wrapper-common/utils.bash} $out/nix-support/utils.bash + substituteAll ${if stdenv.isDarwin then ../wrapper-common/utils.bash.darwin else ../wrapper-common/utils.bash} $out/nix-support/utils.bash '' ## diff --git a/pkgs/build-support/pkg-config-wrapper/default.nix b/pkgs/build-support/pkg-config-wrapper/default.nix index e01df107dd17..b1b9325ea6e5 100644 --- a/pkgs/build-support/pkg-config-wrapper/default.nix +++ b/pkgs/build-support/pkg-config-wrapper/default.nix @@ -107,7 +107,7 @@ stdenv.mkDerivation { + '' substituteAll ${./add-flags.sh} $out/nix-support/add-flags.sh - substituteAll ${../wrapper-common/utils.bash} $out/nix-support/utils.bash + substituteAll ${if stdenv.isDarwin then ../wrapper-common/utils.bash.darwin else ../wrapper-common/utils.bash} $out/nix-support/utils.bash '' ## From 6f7120772ef869e5c3850b2584fad556e7de21ee Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Mon, 7 Sep 2020 05:33:04 +0000 Subject: [PATCH 61/76] ugrep: 2.5.3 -> 2.5.5 --- pkgs/tools/text/ugrep/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/text/ugrep/default.nix b/pkgs/tools/text/ugrep/default.nix index 3e225ec3567c..6f44c360267f 100644 --- a/pkgs/tools/text/ugrep/default.nix +++ b/pkgs/tools/text/ugrep/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "ugrep"; - version = "2.5.3"; + version = "2.5.5"; src = fetchFromGitHub { owner = "Genivia"; repo = pname; rev = "v${version}"; - sha256 = "16ly1dz8wxnjk6kc88dl2x0ijmzw5v87fhai9fnardwfmycn7ivc"; + sha256 = "0ba9h0m9c28rllym1djij3b97k4rj06nsgajmbxg5mpxfzplgxy2"; }; buildInputs = [ boost bzip2 lz4 pcre2 xz zlib ]; From b6efe9d6403047b6e4205b1ff33f899e760bedc6 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Mon, 7 Sep 2020 05:38:54 +0000 Subject: [PATCH 62/76] vale: 2.3.3 -> 2.3.4 --- pkgs/tools/text/vale/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/text/vale/default.nix b/pkgs/tools/text/vale/default.nix index 69390b4d3d37..8a63d82eacb2 100644 --- a/pkgs/tools/text/vale/default.nix +++ b/pkgs/tools/text/vale/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "vale"; - version = "2.3.3"; + version = "2.3.4"; subPackages = [ "." ]; outputs = [ "out" "data" ]; @@ -11,7 +11,7 @@ buildGoModule rec { owner = "errata-ai"; repo = "vale"; rev = "v${version}"; - sha256 = "13b565l87nm3gpxxhw1bpjx7yqcgf5124k3wh7r149z38xyqc3wk"; + sha256 = "0vk7kk2a2891vm46lss8q2893n2zdirlicac2f3xfkrbb5lhkicd"; }; vendorSha256 = null; From 8532b0ae337eda5d60f62c8ed1499ff0d61f5835 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Mon, 7 Sep 2020 05:51:01 +0000 Subject: [PATCH 63/76] vultr-cli: 0.3.2 -> 0.4.0 --- pkgs/development/tools/vultr-cli/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/vultr-cli/default.nix b/pkgs/development/tools/vultr-cli/default.nix index a6da5f6cdc93..c0b34fe3ca68 100644 --- a/pkgs/development/tools/vultr-cli/default.nix +++ b/pkgs/development/tools/vultr-cli/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "vultr-cli"; - version = "0.3.2"; + version = "0.4.0"; src = fetchFromGitHub { owner = "vultr"; repo = pname; rev = "v${version}"; - sha256 = "1gqc4w5j9x7vxvxah6hmqd5i1lxyybpml7yfzzcbngwgwm3y5ym0"; + sha256 = "0gp1v62iqh3hk46cc5sh8a1nw5nf98m969fdhgxdppwr5dhj9isp"; }; vendorSha256 = null; From 4dd118b4f90f4a12b442dd58baf533a610a9de81 Mon Sep 17 00:00:00 2001 From: 0x4A6F <0x4A6F@users.noreply.github.com> Date: Mon, 31 Aug 2020 19:25:20 +0000 Subject: [PATCH 64/76] timescale-prometheus: 0.1.0-beta.2 -> 0.1.0-beta.4 --- pkgs/servers/monitoring/timescale-prometheus/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/monitoring/timescale-prometheus/default.nix b/pkgs/servers/monitoring/timescale-prometheus/default.nix index f5f4a4fd417f..6a0383610eb6 100644 --- a/pkgs/servers/monitoring/timescale-prometheus/default.nix +++ b/pkgs/servers/monitoring/timescale-prometheus/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "timescale-prometheus"; - version = "0.1.0-beta.2"; + version = "0.1.0-beta.4"; src = fetchFromGitHub { owner = "timescale"; repo = pname; rev = "${version}"; - sha256 = "1rrr0qb27hh3kcmmxapr1j39dhfxf02vihpjf4b7zpwdf1mpvrbc"; + sha256 = "1q9zjxxjxa5kkhlsh69bvgns3kzf23z84jjzg294qb7y7xypym5q"; }; vendorSha256 = "sha256:0y5rq2y48kf2z1z3a8ags6rqzfvjs54klk2679fk8x0yjamj5x04"; From 2a82f71bed9c031dc9b444fbcb0279213ce83dab Mon Sep 17 00:00:00 2001 From: Vincent Laporte Date: Mon, 7 Sep 2020 06:28:26 +0200 Subject: [PATCH 65/76] =?UTF-8?q?proverif:=202.01=20=E2=86=92=202.02pl1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/applications/science/logic/proverif/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/science/logic/proverif/default.nix b/pkgs/applications/science/logic/proverif/default.nix index 6a9367b30aa0..6acae2bcb766 100644 --- a/pkgs/applications/science/logic/proverif/default.nix +++ b/pkgs/applications/science/logic/proverif/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "proverif"; - version = "2.01"; + version = "2.02pl1"; src = fetchurl { url = "http://prosecco.gforge.inria.fr/personal/bblanche/proverif/proverif${version}.tar.gz"; - sha256 = "01wp5431c77z0aaa99h8bnm5yhr6jslpqc8iyg0a7gxfqnb19gxi"; + sha256 = "1jmzfpx0hdgfmkq0jp6i3k5av9xxgndjaj743wfy37svn0ga4jjx"; }; buildInputs = with ocamlPackages; [ ocaml findlib lablgtk ]; From 5d5109683912682435d8e7012cfb6a7a20962af8 Mon Sep 17 00:00:00 2001 From: WilliButz Date: Mon, 7 Sep 2020 10:14:33 +0200 Subject: [PATCH 66/76] nixos/prometheus-exporters: fix default firewall filter Instead of always using the default port of one exporter for its default firewall filter, the port from the current service configuration is used. --- nixos/modules/services/monitoring/prometheus/exporters.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index 59748efe0ded..a5492d972f15 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -84,7 +84,8 @@ let }; firewallFilter = mkOption { type = types.str; - default = "-p tcp -m tcp --dport ${toString port}"; + default = "-p tcp -m tcp --dport ${toString cfg.${name}.port}"; + defaultText = "-p tcp -m tcp --dport ${toString port}"; example = literalExample '' "-i eth0 -p tcp -m tcp --dport ${toString port}" ''; From 7b537f99c0937655d0e67646da62380548c02523 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Mon, 7 Sep 2020 18:29:15 +1000 Subject: [PATCH 67/76] exa: remove maintainer --- pkgs/tools/misc/exa/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/tools/misc/exa/default.nix b/pkgs/tools/misc/exa/default.nix index 13c8b3f1d4f5..fd6baadb685c 100644 --- a/pkgs/tools/misc/exa/default.nix +++ b/pkgs/tools/misc/exa/default.nix @@ -57,6 +57,6 @@ buildRustPackage rec { ''; homepage = "https://the.exa.website"; license = licenses.mit; - maintainers = with maintainers; [ ehegnes lilyball globin zowoq ]; + maintainers = with maintainers; [ ehegnes lilyball globin ]; }; } From 3487a7b8aab2a260ad2a13c9e47794aec24f4f67 Mon Sep 17 00:00:00 2001 From: rople380 <55679162+rople380@users.noreply.github.com> Date: Mon, 7 Sep 2020 20:12:11 +1000 Subject: [PATCH 68/76] exodus: 20.1.30 -> 20.8.28 --- pkgs/applications/blockchains/exodus/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/blockchains/exodus/default.nix b/pkgs/applications/blockchains/exodus/default.nix index 758673229afa..af49bb9121f6 100644 --- a/pkgs/applications/blockchains/exodus/default.nix +++ b/pkgs/applications/blockchains/exodus/default.nix @@ -4,11 +4,11 @@ cups, vivaldi-ffmpeg-codecs, libpulseaudio, at-spi2-core }: stdenv.mkDerivation rec { pname = "exodus"; - version = "20.1.30"; + version = "20.8.28"; src = fetchurl { url = "https://downloads.exodus.io/releases/${pname}-linux-x64-${version}.zip"; - sha256 = "0jns5zqjm0gqn18ypghbgk6gb713mh7p44ax1r8y4vcwijlp5nql"; + sha256 = "fde9165f71f0d641f6892ddce3ec26d200e8095a383f2b4c8f924de4041d65ef"; }; sourceRoot = "."; @@ -75,6 +75,6 @@ stdenv.mkDerivation rec { description = "Top-rated cryptocurrency wallet with Trezor integration and built-in Exchange"; license = licenses.unfree; platforms = platforms.linux; - maintainers = [ maintainers.mmahut ]; + maintainers = with maintainers; [ mmahut rople380 ]; }; } From 1d2c243d9e95ae38a30705bf97c39d23be447901 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Sun, 6 Sep 2020 04:20:00 +0000 Subject: [PATCH 69/76] dune_2: fix hash --- pkgs/development/tools/ocaml/dune/2.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/tools/ocaml/dune/2.nix b/pkgs/development/tools/ocaml/dune/2.nix index 30823b43acbc..177fa96f5b96 100644 --- a/pkgs/development/tools/ocaml/dune/2.nix +++ b/pkgs/development/tools/ocaml/dune/2.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://github.com/ocaml/dune/releases/download/${version}/dune-${version}.tbz"; - sha256 = "0lnfmc06yhbdiv6mmp0aksnnvzz4aw4zabrdg89p5msyzir3qrvn"; + sha256 = "0pcjf209gynjwipnpplaqyvyivnawqiwhvqnivhkybisicpqyln3"; }; buildInputs = [ ocaml findlib ]; From d7fa5b6aad540e11e8e71aae427f1ac664e4b80b Mon Sep 17 00:00:00 2001 From: Vincent Laporte Date: Sat, 5 Sep 2020 07:14:32 +0200 Subject: [PATCH 70/76] =?UTF-8?q?liferea:=201.12.6=20=E2=86=92=201.12.9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../applications/networking/newsreaders/liferea/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/newsreaders/liferea/default.nix b/pkgs/applications/networking/newsreaders/liferea/default.nix index 2632acd73d35..5f7defccb2a6 100644 --- a/pkgs/applications/networking/newsreaders/liferea/default.nix +++ b/pkgs/applications/networking/newsreaders/liferea/default.nix @@ -23,11 +23,11 @@ stdenv.mkDerivation rec { pname = "liferea"; - version = "1.12.6"; + version = "1.12.9"; src = fetchurl { - url = "https://github.com/lwindolf/${pname}/releases/download/v${version}/${pname}-${version}b.tar.bz2"; - sha256 = "03pr1gmiv5y0i92bkhcxr8s311ll91chz19wb96jkixx32xav91d"; + url = "https://github.com/lwindolf/${pname}/releases/download/v${version}/${pname}-${version}.tar.bz2"; + sha256 = "06ybr1wjlfir8iqjx6x0v1knd4b2hsy30qmkk4kssy6ky2ahc66q"; }; nativeBuildInputs = [ From 3c0e3697520cbe7d9eb3a64bfd87de840bf4aa77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 7 Sep 2020 13:40:02 +0200 Subject: [PATCH 71/76] liferea: remove myself from meta.maintainers I haven't been really using it anymore recently, and fortunately we have another active maintainer :-) --- pkgs/applications/networking/newsreaders/liferea/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/networking/newsreaders/liferea/default.nix b/pkgs/applications/networking/newsreaders/liferea/default.nix index 5f7defccb2a6..8ec460802375 100644 --- a/pkgs/applications/networking/newsreaders/liferea/default.nix +++ b/pkgs/applications/networking/newsreaders/liferea/default.nix @@ -73,7 +73,7 @@ stdenv.mkDerivation rec { description = "A GTK-based news feed aggregator"; homepage = "http://lzone.de/liferea/"; license = licenses.gpl2Plus; - maintainers = with maintainers; [ vcunat romildo ]; + maintainers = with maintainers; [ romildo ]; platforms = platforms.linux; longDescription = '' From bd954783b2505498332fd79ebe34ea3d85e4f48b Mon Sep 17 00:00:00 2001 From: Vincent Laporte Date: Sun, 6 Sep 2020 18:52:52 +0200 Subject: [PATCH 72/76] =?UTF-8?q?liquidsoap:=201.3.4=20=E2=86=92=201.4.2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/tools/audio/liquidsoap/full.nix | 24 +++++++++++++++++++----- pkgs/top-level/all-packages.nix | 1 - 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/pkgs/tools/audio/liquidsoap/full.nix b/pkgs/tools/audio/liquidsoap/full.nix index 2aa01dfe073f..a228c23651db 100644 --- a/pkgs/tools/audio/liquidsoap/full.nix +++ b/pkgs/tools/audio/liquidsoap/full.nix @@ -2,13 +2,18 @@ , ocamlPackages , libao, portaudio, alsaLib, libpulseaudio, libjack2 , libsamplerate, libmad, taglib, lame, libogg -, libvorbis, speex, libtheora, libopus, fdk_aac +, libvorbis, speex, libtheora, libopus , faad2, flac, ladspaH, ffmpeg, frei0r, dssi }: let pname = "liquidsoap"; - version = "1.3.4"; + version = "1.4.2"; + + ocaml-ffmpeg = fetchurl { + url = "https://github.com/savonet/ocaml-ffmpeg/releases/download/v0.4.2/ocaml-ffmpeg-0.4.2.tar.gz"; + sha256 = "1lx5s1avds9fsh77828ifn71r2g89rxakhs8pp995a675phm9viw"; + }; packageFilters = map (p: "-e '/ocaml-${p}/d'" ) [ "gstreamer" "shine" "aacplus" "schroedinger" @@ -19,10 +24,17 @@ stdenv.mkDerivation { name = "${pname}-full-${version}"; src = fetchurl { - url = "https://github.com/savonet/${pname}/releases/download/${version}/${pname}-${version}-full.tar.bz2"; - sha256 = "11l1h42sljfxcdhddc8klya4bk99j7a1pndwnzvscb04pvmfmlk0"; + url = "https://github.com/savonet/${pname}/releases/download/v${version}/${pname}-${version}-full.tar.gz"; + sha256 = "0wkwnzj1a0vizv7sr1blwk5gzm2qi0n02ndijnq1i50cwrgxs1a4"; }; + # Use ocaml-srt and ocaml-fdkaac from nixpkgs + # Use ocaml-ffmpeg at 0.4.2 for compatibility with ffmpeg 4.3 + prePatch = '' + rm -rf ocaml-srt*/ ocaml-fdkaac*/ ocaml-ffmpeg*/ + tar xzf ${ocaml-ffmpeg} + ''; + preConfigure = /* we prefer system-wide libs */ '' sed -i "s|gsed|sed|" Makefile make bootstrap @@ -42,10 +54,12 @@ stdenv.mkDerivation { [ which ocamlPackages.ocaml ocamlPackages.findlib libao portaudio alsaLib libpulseaudio libjack2 libsamplerate libmad taglib lame libogg - libvorbis speex libtheora libopus fdk_aac + libvorbis speex libtheora libopus faad2 flac ladspaH ffmpeg frei0r dssi ocamlPackages.xmlm ocamlPackages.ocaml_pcre ocamlPackages.camomile + ocamlPackages.fdkaac + ocamlPackages.srt ocamlPackages.sedlex_2 ocamlPackages.menhir ]; hardeningDisable = [ "format" "fortify" ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f1c58a40adf2..83a20fd228b9 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -4857,7 +4857,6 @@ in liquidsoap = callPackage ../tools/audio/liquidsoap/full.nix { ffmpeg = ffmpeg-full; - ocamlPackages = ocaml-ng.ocamlPackages_4_07; }; lksctp-tools = callPackage ../os-specific/linux/lksctp-tools { }; From 85afe9cbe9c8e2eb02ae8c5e0b31fb7d7a3614ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 7 Sep 2020 15:39:55 +0200 Subject: [PATCH 73/76] nixos/tests/installer: increase RAM in the VM 1G apparently isn't sufficient anymore, at least in swraid case: https://hydra.nixos.org/build/126561574 --- nixos/tests/installer.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index df89949074f9..d80cfb4bd83f 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -285,7 +285,7 @@ let ]; virtualisation.diskSize = 8 * 1024; - virtualisation.memorySize = 1024; + virtualisation.memorySize = 1536; # Use a small /dev/vdb as the root disk for the # installer. This ensures the target disk (/dev/vda) is From a31736120c5de6e632f5a0ba1ed34e53fc1c1b00 Mon Sep 17 00:00:00 2001 From: Evan Stoll Date: Sun, 6 Sep 2020 12:04:31 -0400 Subject: [PATCH 74/76] nixos/lorri: add package option --- nixos/modules/services/development/lorri.nix | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/development/lorri.nix b/nixos/modules/services/development/lorri.nix index c843aa56d133..fc576e4c18ba 100644 --- a/nixos/modules/services/development/lorri.nix +++ b/nixos/modules/services/development/lorri.nix @@ -15,6 +15,15 @@ in { issued by the `lorri` command. ''; }; + package = lib.mkOption { + default = pkgs.lorri; + type = lib.types.package; + description = '' + The lorri package to use. + ''; + defaultText = lib.literalExample "pkgs.lorri"; + example = lib.literalExample "pkgs.lorri"; + }; }; }; @@ -34,7 +43,7 @@ in { after = [ "lorri.socket" ]; path = with pkgs; [ config.nix.package git gnutar gzip ]; serviceConfig = { - ExecStart = "${pkgs.lorri}/bin/lorri daemon"; + ExecStart = "${cfg.package}/bin/lorri daemon"; PrivateTmp = true; ProtectSystem = "strict"; ProtectHome = "read-only"; @@ -42,6 +51,6 @@ in { }; }; - environment.systemPackages = [ pkgs.lorri ]; + environment.systemPackages = [ cfg.package ]; }; } From 06ac3c1d2a4d0f9476baa660574110f64b6dbf72 Mon Sep 17 00:00:00 2001 From: Emery Hemingway Date: Mon, 17 Aug 2020 16:37:29 +0200 Subject: [PATCH 75/76] nim: patch to fix dynamic library loading --- pkgs/applications/misc/nimmm/default.nix | 2 - .../science/biology/mosdepth/default.nix | 4 +- pkgs/development/compilers/nim/default.nix | 4 ++ pkgs/development/compilers/nim/nixbuild.patch | 51 +++++++++++++++++++ 4 files changed, 57 insertions(+), 4 deletions(-) create mode 100644 pkgs/development/compilers/nim/nixbuild.patch diff --git a/pkgs/applications/misc/nimmm/default.nix b/pkgs/applications/misc/nimmm/default.nix index 16400d76f64a..383057ca6551 100644 --- a/pkgs/applications/misc/nimmm/default.nix +++ b/pkgs/applications/misc/nimmm/default.nix @@ -36,8 +36,6 @@ in stdenv.mkDerivation rec { nativeBuildInputs = [ nim ]; buildInputs = [ termbox pcre ]; - NIX_LDFLAGS = "-lpcre"; - buildPhase = '' export HOME=$TMPDIR; nim -p:${noise} -p:${nimbox} -p:${lscolors}/src c -d:release src/nimmm.nim diff --git a/pkgs/applications/science/biology/mosdepth/default.nix b/pkgs/applications/science/biology/mosdepth/default.nix index 21af5b82207b..96aed307f0b8 100644 --- a/pkgs/applications/science/biology/mosdepth/default.nix +++ b/pkgs/applications/science/biology/mosdepth/default.nix @@ -26,14 +26,14 @@ in stdenv.mkDerivation rec { sha256 = "01gm9gj2x2zs4yx6wk761fi1papi7qr3gp4ln1kkn8n2f9y9h849"; }; - buildInputs = [ nim ]; + buildInputs = [ nim htslib pcre ]; buildPhase = '' HOME=$TMPDIR nim -p:${hts-nim}/src -p:${docopt}/src c --nilseqs:on -d:release mosdepth.nim ''; + installPhase = "install -Dt $out/bin mosdepth"; - fixupPhase = "patchelf --set-rpath ${stdenv.lib.makeLibraryPath [ stdenv.cc.cc htslib pcre ]} $out/bin/mosdepth"; meta = with stdenv.lib; { description = "fast BAM/CRAM depth calculation for WGS, exome, or targeted sequencing."; diff --git a/pkgs/development/compilers/nim/default.nix b/pkgs/development/compilers/nim/default.nix index 543a6120577f..d497cc76e9bb 100644 --- a/pkgs/development/compilers/nim/default.nix +++ b/pkgs/development/compilers/nim/default.nix @@ -28,6 +28,10 @@ stdenv.mkDerivation rec { openssl pcre readline boehmgc sfml sqlite ]; + patches = [ ./nixbuild.patch ]; + + postPatch = "echo define:nixbuild >> config/nim.cfg"; + buildPhase = '' runHook preBuild diff --git a/pkgs/development/compilers/nim/nixbuild.patch b/pkgs/development/compilers/nim/nixbuild.patch new file mode 100644 index 000000000000..bdfd04744e16 --- /dev/null +++ b/pkgs/development/compilers/nim/nixbuild.patch @@ -0,0 +1,51 @@ +commit 164ba50fc74b980f77047080b2ae1ea099ae9b27 +Author: Emery Hemingway +Date: Mon Sep 7 14:09:22 2020 +0200 + + Load libaries by absolute path on NixOS + + If "nixbuild" is defined then choose dynamic runtime libraries by + searching $NIX_LDFLAGS at compile-time. + + Fix #15194 + +diff --git a/lib/pure/dynlib.nim b/lib/pure/dynlib.nim +index f31ae94dd..debed9c07 100644 +--- a/lib/pure/dynlib.nim ++++ b/lib/pure/dynlib.nim +@@ -56,6 +56,9 @@ + + import strutils + ++when defined(nixbuild): ++ import os ++ + type + LibHandle* = pointer ## a handle to a dynamically loaded library + +@@ -95,6 +98,25 @@ proc libCandidates*(s: string, dest: var seq[string]) = + libCandidates(prefix & middle & suffix, dest) + else: + add(dest, s) ++ when defined(nixbuild): ++ # Nix doesn't have a global library directory so ++ # load libraries using an absolute path if one ++ # can be derived from NIX_LDFLAGS. ++ # ++ # During Nix/NixOS packaging the line "define:nixbuild" ++ # should be appended to the ../../config/nim.cfg file ++ # to enable this behavior by default. ++ # ++ var libDirs = split(getEnv("LD_LIBRARY_PATH"), ':') ++ for flag in split(getEnv("NIX_LDFLAGS")): ++ if flag.startsWith("-L"): ++ libDirs.add(flag[2..flag.high]) ++ for lib in dest: ++ for dir in libDirs: ++ let abs = dir / lib ++ if existsFile(abs): ++ dest = @[abs] ++ return + + proc loadLibPattern*(pattern: string, globalSymbols = false): LibHandle = + ## loads a library with name matching `pattern`, similar to what `dlimport` From dc09e3edfc4c1a4bf612cd2dcefd05096d8a9026 Mon Sep 17 00:00:00 2001 From: Emery Hemingway Date: Mon, 24 Aug 2020 11:08:20 +0200 Subject: [PATCH 76/76] nim: wrap compiler for cross-compilation support --- .../science/biology/mosdepth/default.nix | 3 +- .../compilers/nim/NIM_CONFIG_DIR.patch | 23 ++ pkgs/development/compilers/nim/default.nix | 304 ++++++++++++++---- pkgs/top-level/all-packages.nix | 2 + 4 files changed, 270 insertions(+), 62 deletions(-) create mode 100644 pkgs/development/compilers/nim/NIM_CONFIG_DIR.patch diff --git a/pkgs/applications/science/biology/mosdepth/default.nix b/pkgs/applications/science/biology/mosdepth/default.nix index 96aed307f0b8..1ce6357d2e81 100644 --- a/pkgs/applications/science/biology/mosdepth/default.nix +++ b/pkgs/applications/science/biology/mosdepth/default.nix @@ -26,7 +26,8 @@ in stdenv.mkDerivation rec { sha256 = "01gm9gj2x2zs4yx6wk761fi1papi7qr3gp4ln1kkn8n2f9y9h849"; }; - buildInputs = [ nim htslib pcre ]; + nativeBuildInputs = [ nim ]; + buildInputs = [ htslib pcre ]; buildPhase = '' HOME=$TMPDIR diff --git a/pkgs/development/compilers/nim/NIM_CONFIG_DIR.patch b/pkgs/development/compilers/nim/NIM_CONFIG_DIR.patch new file mode 100644 index 000000000000..61e05b791cf8 --- /dev/null +++ b/pkgs/development/compilers/nim/NIM_CONFIG_DIR.patch @@ -0,0 +1,23 @@ +diff --git a/compiler/nimconf.nim b/compiler/nimconf.nim +index a470179bd..73cfa1a23 100644 +--- a/compiler/nimconf.nim ++++ b/compiler/nimconf.nim +@@ -225,10 +225,15 @@ proc getUserConfigPath*(filename: RelativeFile): AbsoluteFile = + proc getSystemConfigPath*(conf: ConfigRef; filename: RelativeFile): AbsoluteFile = + # try standard configuration file (installation did not distribute files + # the UNIX way) +- let p = getPrefixDir(conf) +- result = p / RelativeDir"config" / filename ++ let ++ prefix = getPrefixDir(conf) ++ env = getEnv("NIM_CONFIG_PATH") ++ if env != "": ++ result = env.toAbsoluteDir / filename ++ else: ++ result = prefix / RelativeDir"config" / filename + when defined(unix): +- if not fileExists(result): result = p / RelativeDir"etc/nim" / filename ++ if not fileExists(result): result = prefix / RelativeDir"etc/nim" / filename + if not fileExists(result): result = AbsoluteDir"/etc/nim" / filename + + proc loadConfigs*(cfg: RelativeFile; cache: IdentCache; conf: ConfigRef) = diff --git a/pkgs/development/compilers/nim/default.nix b/pkgs/development/compilers/nim/default.nix index d497cc76e9bb..8ac9f8e048cc 100644 --- a/pkgs/development/compilers/nim/default.nix +++ b/pkgs/development/compilers/nim/default.nix @@ -1,73 +1,255 @@ -# based on https://github.com/nim-lang/Nim/blob/v0.18.0/.travis.yml +# https://nim-lang.github.io/Nim/packaging.html -{ stdenv, lib, fetchurl, makeWrapper, openssl, pcre, readline, - boehmgc, sfml, sqlite }: +{ stdenv, lib, fetchgit, fetchurl, makeWrapper, gdb, openssl, pcre, readline +, boehmgc, sqlite, nim-unwrapped, nim-stdlib, nim }: -stdenv.mkDerivation rec { - pname = "nim"; +let version = "1.2.6"; - src = fetchurl { - url = "https://nim-lang.org/download/${pname}-${version}.tar.xz"; + url = "https://nim-lang.org/download/nim-${version}.tar.xz"; sha256 = "0zk5qzxayqjw7kq6p92j4008g9bbyilyymhdc5xq9sln5rqym26z"; }; - enableParallelBuilding = true; - - NIX_LDFLAGS = "-lcrypto -lpcre -lreadline -lgc -lsqlite3"; - - # we could create a separate derivation for the "written in c" version of nim - # used for bootstrapping, but koch insists on moving the nim compiler around - # as part of building it, so it cannot be read-only - - nativeBuildInputs = [ - makeWrapper - ]; - - buildInputs = [ - openssl pcre readline boehmgc sfml sqlite - ]; - - patches = [ ./nixbuild.patch ]; - - postPatch = "echo define:nixbuild >> config/nim.cfg"; - - buildPhase = '' - runHook preBuild - - # build.sh wants to write to $HOME/.cache - HOME=$TMPDIR - sh build.sh - ./bin/nim c koch - ./koch boot -d:release \ - -d:useGnuReadline \ - ${lib.optionals (stdenv.isDarwin || stdenv.isLinux) "-d:nativeStacktrace"} - ./koch tools -d:release - - runHook postBuild - ''; - - installPhase = '' - runHook preInstall - - install -Dt $out/bin bin/* koch - ./koch install $out - mv $out/nim/bin/* $out/bin/ && rmdir $out/nim/bin - mv $out/nim/* $out/ && rmdir $out/nim - - # Fortify hardening appends -O2 to gcc flags which is unwanted for unoptimized nim builds. - wrapProgram $out/bin/nim \ - --run 'NIX_HARDENING_ENABLE=''${NIX_HARDENING_ENABLE/fortify/}' \ - --suffix PATH : ${lib.makeBinPath [ stdenv.cc ]} - - runHook postInstall - ''; - - meta = with stdenv.lib; { + meta = with lib; { description = "Statically typed, imperative programming language"; homepage = "https://nim-lang.org/"; license = licenses.mit; maintainers = with maintainers; [ ehmry ]; - platforms = with platforms; linux ++ darwin; # arbitrary }; -} + + parseCpu = platform: + with platform; + # Derive a Nim CPU identifier + if isAarch32 then + "arm" + else if isAarch64 then + "arm64" + else if isAlpha then + "alpha" + else if isAvr then + "avr" + else if isMips && is32bit then + "mips" + else if isMips && is64bit then + "mips64" + else if isMsp430 then + "msp430" + else if isPowerPC && is32bit then + "powerpc" + else if isPowerPC && is64bit then + "powerpc64" + else if isRiscV && is64bit then + "riscv64" + else if isSparc then + "sparc" + else if isx86_32 then + "i386" + else if isx86_64 then + "amd64" + else + abort "no Nim CPU support known for ${config}"; + + parseOs = platform: + with platform; + # Derive a Nim OS identifier + if isAndroid then + "Android" + else if isDarwin then + "MacOSX" + else if isFreeBSD then + "FreeBSD" + else if isGenode then + "Genode" + else if isLinux then + "Linux" + else if isNetBSD then + "NetBSD" + else if isNone then + "Standalone" + else if isOpenBSD then + "OpenBSD" + else if isWindows then + "Windows" + else if isiOS then + "iOS" + else + abort "no Nim OS support known for ${config}"; + + parsePlatform = p: { + cpu = parseCpu p; + os = parseOs p; + }; + + nimHost = parsePlatform stdenv.hostPlatform; + nimTarget = parsePlatform stdenv.targetPlatform; + + wrapperInputs = rec { + + bootstrap = stdenv.mkDerivation rec { + pname = "nim-bootstrap"; + version = "0.20.0"; + + src = fetchgit { + # A Git checkout is much smaller than a GitHub tarball. + url = "https://github.com/nim-lang/csources.git"; + rev = "v" + version; + sha256 = "0i6vsfy1sgapx43n226q8m0pvn159sw2mhp50zm3hhb9zfijanis"; + }; + + enableParallelBuilding = true; + + installPhase = '' + runHook preInstall + install -Dt $out/bin bin/nim + runHook postInstall + ''; + }; + + unwrapped = stdenv.mkDerivation { + # https://nim-lang.github.io/Nim/packaging.html + pname = "nim-unwrapped"; + inherit version src; + + buildInputs = [ boehmgc openssl pcre readline sqlite ]; + + patches = [ + ./NIM_CONFIG_DIR.patch + # Override compiler configuration via an environmental variable + + ./nixbuild.patch + # Load libraries at runtime by absolute path + ]; + + configurePhase = '' + runHook preConfigure + cp ${bootstrap}/bin/nim bin/ + echo 'define:nixbuild' >> config/nim.cfg + runHook postConfigure + ''; + + kochArgs = [ + "--cpu:${nimHost.cpu}" + "--os:${nimHost.os}" + "-d:release" + "-d:useGnuReadline" + ] ++ lib.optional (stdenv.isDarwin || stdenv.isLinux) + "-d:nativeStacktrace"; + + buildPhase = '' + runHook preBuild + local HOME=$TMPDIR + ./bin/nim c koch + ./koch boot $kochArgs --parallelBuild:$NIX_BUILD_CORES + ./koch tools $kochArgs --parallelBuild:$NIX_BUILD_CORES + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + install -Dt $out/bin bin/* + runHook postInstall + ''; + + inherit meta; + }; + + stdlib = stdenv.mkDerivation { + pname = "nim-stdlib"; + inherit (nim-unwrapped) version src patches; + + dontConfigure = true; + dontBuild = true; + + installPhase = '' + runHook preInstall + touch bin/nim + ./install.sh $TMPDIR + cp -r $TMPDIR/nim/lib $out + runHook postInstall + ''; + + meta = meta // { + description = meta.description + " (standard library)"; + }; + }; + }; + + wrapped = let + nim = nim-unwrapped; + inherit (stdenv) targetPlatform; + in stdenv.mkDerivation { + name = "${targetPlatform.config}-nim-wrapper-${nim.version}"; + inherit (nim) version; + preferLocalBuild = true; + + nativeBuildInputs = [ makeWrapper ]; + + unpackPhase = '' + runHook preUnpack + tar xf ${nim.src} nim-$version/config/nim.cfg + cd nim-$version + runHook postUnpack + ''; + + dontConfigure = true; + + wrapperArgs = [ + "--prefix PATH : ${lib.makeBinPath [ stdenv.cc gdb ]}:${ + placeholder "out" + }/bin" + "--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ stdenv.cc.libc openssl ]}" + "--set NIM_CONFIG_PATH ${placeholder "out"}/etc/nim" + ]; + + buildPhase = with stdenv; + let + ccType = if cc.isGNU then + "gcc" + else if cc.isClang then + "clang" + else + abort "no Nim configuration available for ${cc.name}"; + in '' + runHook preBuild + cat >> config/nim.cfg << EOF + + define:nixbuild + os = ${nimTarget.os} + cpu = ${nimTarget.cpu} + cc = ${ccType} + EOF + + mkdir -p $out/bin $out/etc/nim + export cc=$CC + export cxx=$CXX + substituteAll config/nim.cfg $out/etc/nim/nim.cfg \ + --replace "cc = gcc" "" + + for binpath in ${nim}/bin/nim?*; do + local binname=`basename $binpath` + makeWrapper $binpath $out/bin/${targetPlatform.config}-$binname \ + $wrapperArgs + ln -s $out/bin/${targetPlatform.config}-$binname $out/bin/$binname + done + + makeWrapper ${nim}/bin/nim $out/bin/${targetPlatform.config}-nim \ + $wrapperArgs \ + --set NIX_HARDENING_ENABLE "''${NIX_HARDENING_ENABLE/fortify}" \ + --add-flags --lib:${nim-stdlib} + ln -s $out/bin/${targetPlatform.config}-nim $out/bin/nim + + runHook postBuild + ''; + # Fortify hardening appends -O2 to gcc flags which is unwanted for unoptimized nim builds. + + dontInstall = true; + + meta = meta // { + description = nim.meta.description + + " (${targetPlatform.config} wrapper)"; + platforms = lib.platforms.unix; + }; + + }; + +in wrapped // wrapperInputs diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index bc1c16f474a0..e8de40a13e73 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -9445,6 +9445,8 @@ in mozart2-binary = callPackage ../development/compilers/mozart/binary.nix { }; nim = callPackage ../development/compilers/nim { }; + nim-unwrapped = nim.unwrapped; + nim-stdlib = nim.stdlib; nrpl = callPackage ../development/tools/nrpl { }; neko = callPackage ../development/compilers/neko { };