From 86f9574b8bf607aa6624a5b20a6bad7920d92081 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 15 Oct 2021 21:49:41 +0200 Subject: [PATCH 01/47] ansible_2_11.collections: 4.5.0 -> 4.7.0 --- pkgs/development/python-modules/ansible/core.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/ansible/core.nix b/pkgs/development/python-modules/ansible/core.nix index dc87dcfeda83..574af6d37957 100644 --- a/pkgs/development/python-modules/ansible/core.nix +++ b/pkgs/development/python-modules/ansible/core.nix @@ -23,8 +23,8 @@ let ansible-collections = callPackage ./collections.nix { - version = "4.5.0"; - sha256 = "1c8dspqy4in7sgz10y1pggwnh1hv79wap7p7xhai0f0s6nr54lyc"; + version = "4.7.0"; + sha256 = "0aab9id6dqfw2111r731c7y1p77dpzczynmgl4d989p3a7n54z0b"; }; in buildPythonPackage rec { From 5bee472a9b76e594bc94b6bb37af06e37fffa3a4 Mon Sep 17 00:00:00 2001 From: Joerie de Gram Date: Sun, 17 Oct 2021 13:46:57 +0200 Subject: [PATCH 02/47] terminator: use `dontWrapGApps` to fix desktop icon Terminator is currently wrapped twice, which makes the python hook use a wrapped executable name to set argv[0]. As a result, Terminator can't be matched to its desktop entry and fails to group correctly in e.g. the GNOME app launcher. Ensuring we only wrap the executable once solves this. --- pkgs/applications/terminal-emulators/terminator/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkgs/applications/terminal-emulators/terminator/default.nix b/pkgs/applications/terminal-emulators/terminator/default.nix index e922a34423c0..67c7196e24da 100644 --- a/pkgs/applications/terminal-emulators/terminator/default.nix +++ b/pkgs/applications/terminal-emulators/terminator/default.nix @@ -56,6 +56,12 @@ python3.pkgs.buildPythonApplication rec { doCheck = false; + dontWrapGApps = true; + + preFixup = '' + makeWrapperArgs+=("''${gappsWrapperArgs[@]}") + ''; + meta = with lib; { description = "Terminal emulator with support for tiling and tabs"; longDescription = '' From eacb6f8e44b1ace3ad3eb3ec4920b3e8a518b98e Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 17 Oct 2021 02:55:08 +0200 Subject: [PATCH 03/47] python3Packages.crownstone-cloud: 1.4.5 -> 1.4.8 --- .../python-modules/crownstone-cloud/default.nix | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/pkgs/development/python-modules/crownstone-cloud/default.nix b/pkgs/development/python-modules/crownstone-cloud/default.nix index 94e6219264c0..882f7d95df57 100644 --- a/pkgs/development/python-modules/crownstone-cloud/default.nix +++ b/pkgs/development/python-modules/crownstone-cloud/default.nix @@ -10,7 +10,7 @@ buildPythonPackage rec { pname = "crownstone-cloud"; - version = "1.4.5"; + version = "1.4.8"; format = "setuptools"; disabled = pythonOlder "3.8"; @@ -18,8 +18,8 @@ buildPythonPackage rec { src = fetchFromGitHub { owner = "crownstone"; repo = "crownstone-lib-python-cloud"; - rev = "v${version}"; - sha256 = "1a8bkqkrc7iyggr5rr20qdqg67sycdx2d94dd1ylkmr7627r34ys"; + rev = version; + sha256 = "sha256-iHn4g52/QM0TS/flKkcFrX6IFrCjiXUxcjVLHNg6tVo="; }; propagatedBuildInputs = [ @@ -32,9 +32,13 @@ buildPythonPackage rec { pytestCheckHook ]; + disabledTests = [ + # https://github.com/crownstone/crownstone-lib-python-cloud/issues/1 + "test_data_structure" + ]; + postPatch = '' - substituteInPlace requirements.txt \ - --replace "codecov>=2.1.10" "" + sed -i '/codecov/d' requirements.txt ''; pythonImportsCheck = [ From bde5776146d8bf90f7c50549f0e36774fa580c8d Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 17 Oct 2021 03:01:50 +0200 Subject: [PATCH 04/47] python3Packages.simplisafe-python: 11.0.6 -> 12.0.2 --- .../python-modules/simplisafe-python/default.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/pkgs/development/python-modules/simplisafe-python/default.nix b/pkgs/development/python-modules/simplisafe-python/default.nix index 09f7a3056fbd..e61063a6a471 100644 --- a/pkgs/development/python-modules/simplisafe-python/default.nix +++ b/pkgs/development/python-modules/simplisafe-python/default.nix @@ -1,22 +1,24 @@ { lib , aiohttp -, aioresponses +, aresponses , asynctest , backoff , buildPythonPackage , fetchFromGitHub , poetry-core , pytest-aiohttp +, pytest-asyncio , pytestCheckHook , pythonOlder , pytz , types-pytz , voluptuous +, websockets }: buildPythonPackage rec { pname = "simplisafe-python"; - version = "11.0.6"; + version = "12.0.2"; format = "pyproject"; disabled = pythonOlder "3.7"; @@ -24,7 +26,7 @@ buildPythonPackage rec { owner = "bachya"; repo = pname; rev = version; - sha256 = "sha256-XVn/GBcTTthvsRJOnCZ0yOF3nUwbBZ2dfMJZsJXnE6U="; + sha256 = "sha256-/KnDsnx+Jrirj6uBkdao6PI2jhtzKqDK6cmmQgsO5T4="; }; nativeBuildInputs = [ poetry-core ]; @@ -35,12 +37,14 @@ buildPythonPackage rec { pytz types-pytz voluptuous + websockets ]; checkInputs = [ - aioresponses + aresponses asynctest pytest-aiohttp + pytest-asyncio pytestCheckHook ]; From 18a3921f0e4d55305d91fa95e1f33d7fe936674f Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 18 Oct 2021 12:11:39 +0200 Subject: [PATCH 05/47] python3Packages.pytile: 5.2.3 -> 5.2.4 --- pkgs/development/python-modules/pytile/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pytile/default.nix b/pkgs/development/python-modules/pytile/default.nix index 779703723eeb..93197e1c2bad 100644 --- a/pkgs/development/python-modules/pytile/default.nix +++ b/pkgs/development/python-modules/pytile/default.nix @@ -13,7 +13,7 @@ buildPythonPackage rec { pname = "pytile"; - version = "5.2.3"; + version = "5.2.4"; format = "pyproject"; disabled = pythonOlder "3.7"; @@ -21,7 +21,7 @@ buildPythonPackage rec { owner = "bachya"; repo = pname; rev = version; - sha256 = "01gxq6dbqjmsqndjcbqv79wd2wgs7krm0rn47k883gh2xg9sn606"; + sha256 = "sha256-9FbcGhRmXULJgfJOmy6mhiZwQUDNmvxZI/WxjJIbnc8="; }; nativeBuildInputs = [ From 521b3ca398f7e4510d1c57ebe4d35c89b3cde0e8 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 18 Oct 2021 12:35:41 +0200 Subject: [PATCH 06/47] home-assistant: 2021.10.4 -> 2021.10.6 --- pkgs/servers/home-assistant/component-packages.nix | 4 ++-- pkgs/servers/home-assistant/default.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/servers/home-assistant/component-packages.nix b/pkgs/servers/home-assistant/component-packages.nix index 5b00199373e6..56e30167ad35 100644 --- a/pkgs/servers/home-assistant/component-packages.nix +++ b/pkgs/servers/home-assistant/component-packages.nix @@ -2,7 +2,7 @@ # Do not edit! { - version = "2021.10.4"; + version = "2021.10.6"; components = { "abode" = ps: with ps; [ abodepy ]; "accuweather" = ps: with ps; [ accuweather ]; @@ -151,7 +151,7 @@ "cover" = ps: with ps; [ ]; "cppm_tracker" = ps: with ps; [ ]; # missing inputs: clearpasspy "cpuspeed" = ps: with ps; [ py-cpuinfo ]; - "crownstone" = ps: with ps; [ aiohttp-cors pyserial pyudev ]; # missing inputs: crownstone-cloud crownstone-sse crownstone-uart + "crownstone" = ps: with ps; [ aiohttp-cors crownstone-cloud crownstone-sse crownstone-uart pyserial pyudev ]; "cups" = ps: with ps; [ pycups ]; "currencylayer" = ps: with ps; [ ]; "daikin" = ps: with ps; [ pydaikin ]; diff --git a/pkgs/servers/home-assistant/default.nix b/pkgs/servers/home-assistant/default.nix index 49cb6670de20..a693fc377d23 100644 --- a/pkgs/servers/home-assistant/default.nix +++ b/pkgs/servers/home-assistant/default.nix @@ -114,7 +114,7 @@ let extraBuildInputs = extraPackages py.pkgs; # Don't forget to run parse-requirements.py after updating - hassVersion = "2021.10.4"; + hassVersion = "2021.10.6"; in with py.pkgs; buildPythonApplication rec { pname = "homeassistant"; @@ -131,7 +131,7 @@ in with py.pkgs; buildPythonApplication rec { owner = "home-assistant"; repo = "core"; rev = version; - sha256 = "1cl0h15285x7xba425d9anv882adi6bdqx4i3cicg3gf0nzcc8am"; + sha256 = "0275f327dzr4cggfw5n8x533b4h8zz8yli5d0js7cw1rmi3cmkbc"; }; # leave this in, so users don't have to constantly update their downstream patch handling From 11dabf448604bf2468b272e41650fd5a8987b850 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 18 Oct 2021 12:35:53 +0200 Subject: [PATCH 07/47] home-assistant: pin simplisafe-python at 11.0.7 --- pkgs/servers/home-assistant/default.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/pkgs/servers/home-assistant/default.nix b/pkgs/servers/home-assistant/default.nix index a693fc377d23..ef1ce97ae74c 100644 --- a/pkgs/servers/home-assistant/default.nix +++ b/pkgs/servers/home-assistant/default.nix @@ -68,6 +68,20 @@ let # Pinned due to API changes in 0.1.0 (mkOverride "poolsense" "0.0.8" "09y4fq0gdvgkfsykpxnvmfv92dpbknnq5v82spz43ak6hjnhgcyp") + # Pinned due to missing simpliypy.errors.PendingAuthorizationError in simplisafe-python>12 which results in a failing import + (self: super: { + simplisafe-python = super.simplisafe-python.overridePythonAttrs (oldAttrs: rec { + version = "11.0.7"; + src = fetchFromGitHub { + owner = "bachya"; + repo = "simplisafe-python"; + rev = version; + sha256 = "02nrighkdcd5n9qgbizm9gyfnpgdm4iibw7y8nbyfaxpng069fzp"; + }; + checkInputs = oldAttrs.checkInputs ++ [ super.aioresponses ]; + }); + }) + # Pinned due to changes in total-connect-client>0.58 which made the tests fails at the moment (self: super: { total-connect-client = super.total-connect-client.overridePythonAttrs (oldAttrs: rec { From 9b46e3084bdb6b15465dcff55f7d56d7e523d630 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 18 Oct 2021 19:18:55 +0200 Subject: [PATCH 08/47] nixos/prometheus: add hardening exceptions to node-exporter Conditionally grants access for the logind, wifi and network_route collectors. --- .../services/monitoring/prometheus/exporters/node.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/nixos/modules/services/monitoring/prometheus/exporters/node.nix b/nixos/modules/services/monitoring/prometheus/exporters/node.nix index baac21b050f5..5e5fc7cd5524 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters/node.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters/node.nix @@ -35,10 +35,15 @@ in ${concatMapStringsSep " " (x: "--no-collector." + x) cfg.disabledCollectors} \ --web.listen-address ${cfg.listenAddress}:${toString cfg.port} ${concatStringsSep " " cfg.extraFlags} ''; - # The systemd collector needs AF_UNIX - RestrictAddressFamilies = lib.optional (lib.any (x: x == "systemd") cfg.enabledCollectors) "AF_UNIX"; + RestrictAddressFamilies = optionals (any (collector: (collector == "logind" || collector == "systemd")) cfg.enabledCollectors) [ + # needs access to dbus via unix sockets (logind/systemd) + "AF_UNIX" + ] ++ optionals (any (collector: (collector == "network_route" || collector == "wifi")) cfg.enabledCollectors) [ + # needs netlink sockets for wireless collector + "AF_NETLINK" + ]; # The timex collector needs to access clock APIs - ProtectClock = lib.any (x: x == "timex") cfg.disabledCollectors; + ProtectClock = any (collector: collector == "timex") cfg.disabledCollectors; }; }; } From 4f88fb93316d99f512ef04820119b8383b0e1ca6 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Mon, 18 Oct 2021 23:27:00 +0200 Subject: [PATCH 09/47] roundcube: 1.4.11 -> 1.5.0 ChangeLog: https://github.com/roundcube/roundcubemail/releases/tag/1.5.0 --- nixos/modules/services/mail/roundcube.nix | 2 +- pkgs/servers/roundcube/default.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/modules/services/mail/roundcube.nix b/nixos/modules/services/mail/roundcube.nix index bf5abc7ba556..ac192c56aa60 100644 --- a/nixos/modules/services/mail/roundcube.nix +++ b/nixos/modules/services/mail/roundcube.nix @@ -7,7 +7,7 @@ let fpm = config.services.phpfpm.pools.roundcube; localDB = cfg.database.host == "localhost"; user = cfg.database.username; - phpWithPspell = pkgs.php74.withExtensions ({ enabled, all }: [ all.pspell ] ++ enabled); + phpWithPspell = pkgs.php80.withExtensions ({ enabled, all }: [ all.pspell ] ++ enabled); in { options.services.roundcube = { diff --git a/pkgs/servers/roundcube/default.nix b/pkgs/servers/roundcube/default.nix index 0b0b5a0f8299..4ae18f795332 100644 --- a/pkgs/servers/roundcube/default.nix +++ b/pkgs/servers/roundcube/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "roundcube"; - version = "1.4.11"; + version = "1.5.0"; src = fetchurl { url = "https://github.com/roundcube/roundcubemail/releases/download/${version}/roundcubemail-${version}-complete.tar.gz"; - sha256 = "sha256-rHMZBwwwX8LIjHcjYFVi2GBwMHMr7ukxzbQJHPBeabc="; + sha256 = "sha256-L9x7FmPl6ZcGv/NAk6pHMdS/IqWMtVWiUg7RveeNASw="; }; patches = [ ./0001-Don-t-resolve-symlinks-when-trying-to-find-INSTALL_P.patch ]; From 848c629e88856257136dc5821ad9987058125c94 Mon Sep 17 00:00:00 2001 From: Martino Fontana Date: Tue, 19 Oct 2021 16:24:54 +0200 Subject: [PATCH 10/47] maintainers: add martfont --- maintainers/maintainer-list.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 67259dd64034..9467796d45c0 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -6927,6 +6927,12 @@ githubId = 458783; name = "Martin Gammelsæter"; }; + martfont = { + name = "Martino Fontana"; + email = "tinozzo123@tutanota.com"; + github = "SuperSamus"; + githubId = 40663462; + }; marzipankaiser = { email = "nixos@gaisseml.de"; github = "marzipankaiser"; From 74a96b807a889e0584e0c507d6d00c4ba22bee61 Mon Sep 17 00:00:00 2001 From: AndersonTorres Date: Tue, 19 Oct 2021 18:56:26 -0300 Subject: [PATCH 11/47] cagebreak: use lib.makeBinPath instead of hardcoding bin paths --- pkgs/applications/window-managers/cagebreak/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/applications/window-managers/cagebreak/default.nix b/pkgs/applications/window-managers/cagebreak/default.nix index fe4b2be47929..124c1abe6f9c 100644 --- a/pkgs/applications/window-managers/cagebreak/default.nix +++ b/pkgs/applications/window-managers/cagebreak/default.nix @@ -74,7 +74,8 @@ stdenv.mkDerivation rec { ''; postFixup = lib.optionalString withXwayland '' - wrapProgram $out/bin/cagebreak --prefix PATH : "${xwayland}/bin" + wrapProgram $out/bin/cagebreak \ + --prefix PATH : "${lib.makeBinPath [ xwayland ]}" ''; meta = with lib; { From db2737e748bf2bd16ed514ddaa53a17096828f41 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Wed, 20 Oct 2021 08:43:59 +0200 Subject: [PATCH 12/47] python3Packages.archinfo: 9.0.10159 -> 9.0.10281 --- pkgs/development/python-modules/archinfo/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/archinfo/default.nix b/pkgs/development/python-modules/archinfo/default.nix index 88bb434a2cc6..7c63e6e08332 100644 --- a/pkgs/development/python-modules/archinfo/default.nix +++ b/pkgs/development/python-modules/archinfo/default.nix @@ -7,13 +7,13 @@ buildPythonPackage rec { pname = "archinfo"; - version = "9.0.10159"; + version = "9.0.10281"; src = fetchFromGitHub { owner = "angr"; repo = pname; rev = "v${version}"; - sha256 = "sha256-WkA4vSXzndd7ldNBVagEEodj+2GuYg9OURnMLhRq8W8="; + sha256 = "sha256-ZmrCVXvnUZQqxMonq3obmAJQGEgghk22NA2G5Y2BPQg="; }; checkInputs = [ From f278fc45741ebd2a1b9cbb60f81e91854bbdb451 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Wed, 20 Oct 2021 08:44:02 +0200 Subject: [PATCH 13/47] python3Packages.ailment: 9.0.10159 -> 9.0.10281 --- pkgs/development/python-modules/ailment/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/ailment/default.nix b/pkgs/development/python-modules/ailment/default.nix index 8d719f4c3357..d5676e4a625e 100644 --- a/pkgs/development/python-modules/ailment/default.nix +++ b/pkgs/development/python-modules/ailment/default.nix @@ -7,14 +7,14 @@ buildPythonPackage rec { pname = "ailment"; - version = "9.0.10159"; + version = "9.0.10281"; disabled = pythonOlder "3.6"; src = fetchFromGitHub { owner = "angr"; repo = pname; rev = "v${version}"; - sha256 = "sha256-45wdHlAkuzLqwy3B7bEm2fhHD8iT5xSVmeRGOa2SNnI="; + sha256 = "sha256-5XP7HcffdnFyUrQAga6MFKU3pS0aOeJRTtEQgSaPNDU="; }; propagatedBuildInputs = [ pyvex ]; From 2487b1413bc4fc54b16c4fc2ab7d5debfeefe864 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Wed, 20 Oct 2021 08:44:05 +0200 Subject: [PATCH 14/47] python3Packages.pyvex: 9.0.10159 -> 9.0.10281 --- pkgs/development/python-modules/pyvex/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pyvex/default.nix b/pkgs/development/python-modules/pyvex/default.nix index e8babafdf9a1..dc5b7b332999 100644 --- a/pkgs/development/python-modules/pyvex/default.nix +++ b/pkgs/development/python-modules/pyvex/default.nix @@ -11,11 +11,11 @@ buildPythonPackage rec { pname = "pyvex"; - version = "9.0.10159"; + version = "9.0.10281"; src = fetchPypi { inherit pname version; - sha256 = "sha256-9I9gAPbazuPdZDyoXpjw0IrTu+97dwznoOnyBzkNNCw="; + sha256 = "sha256-fa3VB/+z+1yt6uguJYH9/fj1QVV9PQuFWNyLHQhs0Oo="; }; postPatch = lib.optionalString stdenv.isDarwin '' From f6bddcddf644757afbbd76f5ba9ef62bd7fd1e68 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Wed, 20 Oct 2021 08:44:08 +0200 Subject: [PATCH 15/47] python3Packages.claripy: 9.0.10159 -> 9.0.10281 --- pkgs/development/python-modules/claripy/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/claripy/default.nix b/pkgs/development/python-modules/claripy/default.nix index 8a1da0241c94..750f5ec0f2ac 100644 --- a/pkgs/development/python-modules/claripy/default.nix +++ b/pkgs/development/python-modules/claripy/default.nix @@ -13,14 +13,14 @@ buildPythonPackage rec { pname = "claripy"; - version = "9.0.10159"; + version = "9.0.10281"; disabled = pythonOlder "3.6"; src = fetchFromGitHub { owner = "angr"; repo = pname; rev = "v${version}"; - sha256 = "sha256-0I3ITMCOuYm5fmmnQN+zy9lunvfsLb1qlUzSOnPGwlQ="; + sha256 = "sha256-URp429ZLZvdGgXaZq/xoV5ZZs+o+QrA/zbONl59z9QM="; }; # Use upstream z3 implementation From ff6cea9f2d4a8da219b5af83084a4529da2b8329 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Wed, 20 Oct 2021 08:44:12 +0200 Subject: [PATCH 16/47] python3Packages.cle: 9.0.10159 -> 9.0.10281 --- pkgs/development/python-modules/cle/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/cle/default.nix b/pkgs/development/python-modules/cle/default.nix index 7cdfec13c877..edb25c25ca32 100644 --- a/pkgs/development/python-modules/cle/default.nix +++ b/pkgs/development/python-modules/cle/default.nix @@ -15,7 +15,7 @@ let # The binaries are following the argr projects release cycle - version = "9.0.10159"; + version = "9.0.10281"; # Binary files from https://github.com/angr/binaries (only used for testing and only here) binaries = fetchFromGitHub { @@ -35,7 +35,7 @@ buildPythonPackage rec { owner = "angr"; repo = pname; rev = "v${version}"; - sha256 = "sha256-DkddaVmSIQToF5b7uj+96vCSZU0cJdfqIDSwDIFEEyI="; + sha256 = "sha256-BeFxak7cbRDjbxTjAlvXuh7ot0bS6xv3Z30c6PD+9nU="; }; propagatedBuildInputs = [ From 0ba5a0bc9850fa6da1c21ae7d94a5735cab9a06c Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Wed, 20 Oct 2021 08:44:15 +0200 Subject: [PATCH 17/47] python3Packages.angr: 9.0.10159 -> 9.0.10281 --- pkgs/development/python-modules/angr/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/angr/default.nix b/pkgs/development/python-modules/angr/default.nix index 21539a93f4b7..c9f4cf329094 100644 --- a/pkgs/development/python-modules/angr/default.nix +++ b/pkgs/development/python-modules/angr/default.nix @@ -43,14 +43,14 @@ in buildPythonPackage rec { pname = "angr"; - version = "9.0.10159"; + version = "9.0.10281"; disabled = pythonOlder "3.6"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "v${version}"; - sha256 = "sha256-j3SbKBoREeB4IJmXVm27K4C1FLcZwqFMFXQwWnMtE0g="; + sha256 = "sha256-ab4G71LjiQftV5NidGPUpt1/oKhJPZKsTN/fbLR1n80="; }; propagatedBuildInputs = [ From 97182187e2a5bdfb66b69a08ec830fd4092249ff Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Wed, 20 Oct 2021 08:44:18 +0200 Subject: [PATCH 18/47] python3Packages.angrop: 9.0.10159 -> 9.0.10281 --- pkgs/development/python-modules/angrop/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/angrop/default.nix b/pkgs/development/python-modules/angrop/default.nix index 71690bf31b2d..8ccfaee4cf70 100644 --- a/pkgs/development/python-modules/angrop/default.nix +++ b/pkgs/development/python-modules/angrop/default.nix @@ -9,14 +9,14 @@ buildPythonPackage rec { pname = "angrop"; - version = "9.0.10159"; + version = "9.0.10281"; disabled = pythonOlder "3.6"; src = fetchFromGitHub { owner = "angr"; repo = pname; rev = "v${version}"; - sha256 = "sha256-gVYriEt0/DPB0lDK9hGSnipGLCZtSOf27gtF8KwCMDA="; + sha256 = "sha256-A+e6rSuSI4kGxccJ34Dp6WohtRkc0EzeTAffxgOYg5o="; }; propagatedBuildInputs = [ From b862ed91078c37cd6ac5fcaa72a401f02113f754 Mon Sep 17 00:00:00 2001 From: Tom Wieczorek Date: Wed, 20 Oct 2021 10:37:40 +0200 Subject: [PATCH 19/47] kubecfg: add version to ldflags So that the version subcommand will list the actual version, instead of just "(dev build)". --- pkgs/applications/networking/cluster/kubecfg/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/applications/networking/cluster/kubecfg/default.nix b/pkgs/applications/networking/cluster/kubecfg/default.nix index 61e291340568..7c986bfcbd5b 100644 --- a/pkgs/applications/networking/cluster/kubecfg/default.nix +++ b/pkgs/applications/networking/cluster/kubecfg/default.nix @@ -15,6 +15,8 @@ buildGoPackage { goPackagePath = "github.com/bitnami/kubecfg"; + ldflags = [ "-X main.version=v${version}" ]; + meta = { description = "A tool for managing Kubernetes resources as code"; homepage = "https://github.com/bitnami/kubecfg"; From 12ec5a1f4eb8cb5f526f1ec5be181e752c0d85a8 Mon Sep 17 00:00:00 2001 From: Tom Wieczorek Date: Wed, 20 Oct 2021 11:01:26 +0200 Subject: [PATCH 20/47] kubecfg: add -s and -w to ldflags This turns of debug symbols and the symbol table. Co-authored-by: Sandro --- pkgs/applications/networking/cluster/kubecfg/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/networking/cluster/kubecfg/default.nix b/pkgs/applications/networking/cluster/kubecfg/default.nix index 7c986bfcbd5b..c46c6ed26301 100644 --- a/pkgs/applications/networking/cluster/kubecfg/default.nix +++ b/pkgs/applications/networking/cluster/kubecfg/default.nix @@ -15,7 +15,7 @@ buildGoPackage { goPackagePath = "github.com/bitnami/kubecfg"; - ldflags = [ "-X main.version=v${version}" ]; + ldflags = [ "-s" "-w" "-X main.version=v${version}" ]; meta = { description = "A tool for managing Kubernetes resources as code"; From 80b0ad667f8c1b80790f07661e9f0b172b32923c Mon Sep 17 00:00:00 2001 From: Martino Fontana Date: Wed, 20 Oct 2021 13:06:03 +0200 Subject: [PATCH 21/47] swaylock-fancy: 2020-02-22 -> 2021-10-11 --- .../applications/window-managers/sway/lock-fancy.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/pkgs/applications/window-managers/sway/lock-fancy.nix b/pkgs/applications/window-managers/sway/lock-fancy.nix index bee1f925f60a..8c2a7e91649a 100644 --- a/pkgs/applications/window-managers/sway/lock-fancy.nix +++ b/pkgs/applications/window-managers/sway/lock-fancy.nix @@ -1,5 +1,5 @@ -{ lib, stdenv, fetchFromGitHub, coreutils, grim, gawk, swaylock -, imagemagick, getopt, fontconfig, makeWrapper +{ lib, stdenv, fetchFromGitHub, coreutils, grim, gawk, jq, swaylock +, imagemagick, getopt, fontconfig, wmctrl, makeWrapper }: let @@ -7,20 +7,22 @@ let coreutils grim gawk + jq swaylock imagemagick getopt fontconfig + wmctrl ]; in stdenv.mkDerivation rec { pname = "swaylock-fancy-unstable"; - version = "2020-02-22"; + version = "2021-10-11"; src = fetchFromGitHub { owner = "Big-B"; repo = "swaylock-fancy"; - rev = "5cf977b12f372740aa7b7e5a607d583f93f1e028"; - sha256 = "0laqwzi6069sgz91i69438ns0g2nq4zkqickavrf80h4g3gcs8vm"; + rev = "265fbfb438392339bf676b0a9dbe294abe2a699e"; + sha256 = "NjxeJyWYXBb1P8sXKgb2EWjF+cNodTE83r1YwRYoBjM="; }; postPatch = '' From c4d7df2b7bd79afd6766e954789d3c92881d3b3e Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Wed, 20 Oct 2021 11:39:09 +0000 Subject: [PATCH 22/47] linux: 4.14.251 -> 4.14.252 --- pkgs/os-specific/linux/kernel/linux-4.14.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index 6044967eaf69..9ab5f2683bae 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.14.251"; + version = "4.14.252"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "08g1i6wylwi50rns2grdi9f0m8np64qvfqb28drafy772m2klinp"; + sha256 = "022rw51s8fzz6wcxa9xq6h60fglfx0hq7bmqgs5dlrci6plv4fwk"; }; } // (args.argsOverride or {})) From e4f4df78faf814f6bb010f0cf57407545dee69c6 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Wed, 20 Oct 2021 11:39:33 +0000 Subject: [PATCH 23/47] linux: 4.19.212 -> 4.19.213 --- pkgs/os-specific/linux/kernel/linux-4.19.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index 3cb9fb7009f4..c4b05e148243 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.19.212"; + version = "4.19.213"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0hxn3mzxh4hpnrkyjv9gipb81k6p0zd07a3xvb6fb6njvmwdpvsw"; + sha256 = "162f5y3jplql3ca5xy889mq6izjinryx2kx16zp582yvsqf8rwiq"; }; } // (args.argsOverride or {})) From a3edfb9ee541b2125ff5a479da1d4a8f9b4b7323 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Wed, 20 Oct 2021 11:39:50 +0000 Subject: [PATCH 24/47] linux: 5.10.74 -> 5.10.75 --- pkgs/os-specific/linux/kernel/linux-5.10.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix index a16c96b9eb83..5531a49f1cef 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.10.74"; + version = "5.10.75"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1c717mn47mg43k7xfwydygwv14r67aksn1c24c99hf8qf14acmap"; + sha256 = "0jrhhk89587caw54nhnwms93kq33qdm75x5f18cp61xrxxgjyaqa"; }; } // (args.argsOverride or {})) From a96f1a866ac14b157ae3e9d9119d7e54c8d9eef1 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Wed, 20 Oct 2021 11:39:55 +0000 Subject: [PATCH 25/47] linux: 5.14.13 -> 5.14.14 --- pkgs/os-specific/linux/kernel/linux-5.14.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-5.14.nix b/pkgs/os-specific/linux/kernel/linux-5.14.nix index ec19fa2357f2..337ef105d7c7 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.14.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.14.13"; + version = "5.14.14"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0kcn9g5jyd043f75wk3k34j430callzhw5jh1if9zacqq2s7haw3"; + sha256 = "0snh17ah49wmfmazy6x42rhvl484h657y0iq4l09a885sjb4xzsd"; }; } // (args.argsOverride or { })) From 25ef63bb788e4cb73e78aa4e3fe76a16c6853538 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Wed, 20 Oct 2021 11:40:01 +0000 Subject: [PATCH 26/47] linux: 5.4.154 -> 5.4.155 --- pkgs/os-specific/linux/kernel/linux-5.4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index 4b02d19d1cca..d34ada307b29 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.4.154"; + version = "5.4.155"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "01iwbz1ncakw90yykdw3cx04wnclwf1qa8nmlis08svbcvs99285"; + sha256 = "0f2hfz76rnhmv99zhbh7n1z48316ilxrxrnh4b5m3lj84y80y36c"; }; } // (args.argsOverride or {})) From cf0d47c50527d9712942ed2beed680cd8256f0fc Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Wed, 20 Oct 2021 11:40:36 +0000 Subject: [PATCH 27/47] linux/hardened/patches/4.14: 4.14.250-hardened1 -> 4.14.251-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 8e1902b61dc1..bd49861fa022 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -1,9 +1,9 @@ { "4.14": { "extra": "-hardened1", - "name": "linux-hardened-4.14.250-hardened1.patch", - "sha256": "1jgqmrj5djapvk56jwlfq181knhywzrk9cswv1lp5y2jwnnvlj9x", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.250-hardened1/linux-hardened-4.14.250-hardened1.patch" + "name": "linux-hardened-4.14.251-hardened1.patch", + "sha256": "1yv4b10w1psaj4m4r9jicf6c3wkyvb040p7gbdf1455nrcxnxr06", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.251-hardened1/linux-hardened-4.14.251-hardened1.patch" }, "4.19": { "extra": "-hardened1", From a33fc5384bb5e5d7debd7fa6faee3667957f0138 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Wed, 20 Oct 2021 11:40:37 +0000 Subject: [PATCH 28/47] linux/hardened/patches/4.19: 4.19.210-hardened1 -> 4.19.212-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index bd49861fa022..0b408ee836bf 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -7,9 +7,9 @@ }, "4.19": { "extra": "-hardened1", - "name": "linux-hardened-4.19.210-hardened1.patch", - "sha256": "0lnv0ym6jcf460hsn26lax65n2yb1vvzsfmckaz04jb2kdgm6hr5", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.210-hardened1/linux-hardened-4.19.210-hardened1.patch" + "name": "linux-hardened-4.19.212-hardened1.patch", + "sha256": "1ildbzxzvkaziqiqlvw92pjmkd64hxdd9sn3fdq88q1pdw5x2jb3", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.212-hardened1/linux-hardened-4.19.212-hardened1.patch" }, "5.10": { "extra": "-hardened1", From e94db0f89c15e28cd5aff93dc55466d06f7c85cd Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Wed, 20 Oct 2021 11:40:38 +0000 Subject: [PATCH 29/47] linux/hardened/patches/5.10: 5.10.72-hardened1 -> 5.10.74-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 0b408ee836bf..18f8cae4ea67 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -13,9 +13,9 @@ }, "5.10": { "extra": "-hardened1", - "name": "linux-hardened-5.10.72-hardened1.patch", - "sha256": "14zchx1hc4jrq7prv4kkswjnmyqv74wfkjvky57scc8yl04yaqs6", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.72-hardened1/linux-hardened-5.10.72-hardened1.patch" + "name": "linux-hardened-5.10.74-hardened1.patch", + "sha256": "0prcrifz1zmjxv492dgd78h8bdsx4bh92dsbnp01nn1wmwbajp8p", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.74-hardened1/linux-hardened-5.10.74-hardened1.patch" }, "5.14": { "extra": "-hardened1", From cf9f5f74dd76829a8e403e0324f04595462011a9 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Wed, 20 Oct 2021 11:40:39 +0000 Subject: [PATCH 30/47] linux/hardened/patches/5.14: 5.14.11-hardened1 -> 5.14.13-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 18f8cae4ea67..203519154185 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -19,9 +19,9 @@ }, "5.14": { "extra": "-hardened1", - "name": "linux-hardened-5.14.11-hardened1.patch", - "sha256": "05n74rnq5c2jx7iynxwgj5wypb0i0p3dar0ri2zxmyssasmbkfa7", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.14.11-hardened1/linux-hardened-5.14.11-hardened1.patch" + "name": "linux-hardened-5.14.13-hardened1.patch", + "sha256": "01kxjn1sndby3fjfq3g7z0ydrk8nv62bvpvprddqqc3bypk9q7m2", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.14.13-hardened1/linux-hardened-5.14.13-hardened1.patch" }, "5.4": { "extra": "-hardened1", From 75dbbe37be75baf6096e7fee61bd26a44743832c Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Wed, 20 Oct 2021 11:40:40 +0000 Subject: [PATCH 31/47] linux/hardened/patches/5.4: 5.4.152-hardened1 -> 5.4.154-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 203519154185..3ff41c8aa875 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -25,8 +25,8 @@ }, "5.4": { "extra": "-hardened1", - "name": "linux-hardened-5.4.152-hardened1.patch", - "sha256": "01rf9za9sv14pxpi0pj1izq4bihhldi2qnhaka5rxlw7nifzzsj2", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.152-hardened1/linux-hardened-5.4.152-hardened1.patch" + "name": "linux-hardened-5.4.154-hardened1.patch", + "sha256": "0d7w27n3wq9jaq0wbf3iv2f0jb1y2v4k0c87rb6sakivwajxn1aw", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.154-hardened1/linux-hardened-5.4.154-hardened1.patch" } } From d52872aaabd0e7516b34cabcf71edb2c3bd10f9e Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Wed, 20 Oct 2021 13:45:36 +0200 Subject: [PATCH 32/47] exploitdb: 2021-10-16 -> 2021-10-20 --- pkgs/tools/security/exploitdb/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/security/exploitdb/default.nix b/pkgs/tools/security/exploitdb/default.nix index 7d2793647d85..472e7c915948 100644 --- a/pkgs/tools/security/exploitdb/default.nix +++ b/pkgs/tools/security/exploitdb/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "exploitdb"; - version = "2021-10-16"; + version = "2021-10-20"; src = fetchFromGitHub { owner = "offensive-security"; repo = pname; rev = version; - sha256 = "sha256-kzMMcipE9AKOWka2yAuljwNG/g+8fF2rYehTtxdQY+k="; + sha256 = "sha256-IHZpfUJA0h1dDkq3pp+x+gT9RSTMq9egHyXGi6ZmBP8="; }; nativeBuildInputs = [ makeWrapper ]; From bda0cc3b1a58115a73b8c8ed1e78c020c6845d48 Mon Sep 17 00:00:00 2001 From: figsoda Date: Wed, 20 Oct 2021 08:38:21 -0400 Subject: [PATCH 33/47] image-roll: init at 1.3.1 Co-authored-by: Artturi --- .../graphics/image-roll/default.nix | 33 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 35 insertions(+) create mode 100644 pkgs/applications/graphics/image-roll/default.nix diff --git a/pkgs/applications/graphics/image-roll/default.nix b/pkgs/applications/graphics/image-roll/default.nix new file mode 100644 index 000000000000..eb5761fbd554 --- /dev/null +++ b/pkgs/applications/graphics/image-roll/default.nix @@ -0,0 +1,33 @@ +{ lib +, rustPlatform +, fetchFromGitHub +, glib +, pkg-config +, wrapGAppsHook +, gtk3 +}: + +rustPlatform.buildRustPackage rec { + pname = "image-roll"; + version = "1.3.1"; + + src = fetchFromGitHub { + owner = "weclaw1"; + repo = pname; + rev = version; + sha256 = "007jzmrn4cnqbi6fy5lxanbwa4pc72fbcv9irk3pfd0wspp05s8j"; + }; + + cargoSha256 = "sha256-dRRBfdGTXtoNbp7OWqOdNECXHCpj0ipkCOvcdekW+G4="; + + nativeBuildInputs = [ glib pkg-config wrapGAppsHook ]; + + buildInputs = [ gtk3 ]; + + meta = with lib; { + description = "Simple and fast GTK image viewer with basic image manipulation tools"; + homepage = "https://github.com/weclaw1/image-roll"; + license = licenses.mit; + maintainers = with maintainers; [ figsoda ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index ff0b603190ee..24a8aa07fd8f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -25600,6 +25600,8 @@ with pkgs; inherit (darwin.apple_sdk.frameworks) Security; }; + image-roll = callPackage ../applications/graphics/image-roll { }; + imagej = callPackage ../applications/graphics/imagej { }; imagemagick6_light = imagemagick6.override { From a97a3078de8b21aa3d47bdeb948e42d07cf471e7 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Wed, 20 Oct 2021 14:58:29 +0200 Subject: [PATCH 34/47] assh: 2.11.3 -> 2.12.0 --- pkgs/tools/networking/assh/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/networking/assh/default.nix b/pkgs/tools/networking/assh/default.nix index 5bbedf0f7e5b..4300f8797b84 100644 --- a/pkgs/tools/networking/assh/default.nix +++ b/pkgs/tools/networking/assh/default.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "assh"; - version = "2.11.3"; + version = "2.12.0"; src = fetchFromGitHub { repo = "advanced-ssh-config"; owner = "moul"; rev = "v${version}"; - sha256 = "sha256-NH7Dmqsu7uRhKWGFHBnh5GGqsNFOijDxsc+ATt28jtY="; + sha256 = "sha256-FqxxNTsZVmCsIGNHRWusFP2gba2+geqBubw+6PeR75c="; }; - vendorSha256 = "sha256-6OAsO7zWAgPfQWD9k+nYH7hnDDUlKIjTB61ivvoubn0="; + vendorSha256 = "sha256-AYBwuRSeam5i2gex9PSG9Qk+FHdEhIpY250CJo01cFE="; doCheck = false; From 3f8773153ad33d928027b99f77b0fff22acd92f2 Mon Sep 17 00:00:00 2001 From: superherointj <5861043+superherointj@users.noreply.github.com> Date: Wed, 20 Oct 2021 10:31:48 -0300 Subject: [PATCH 35/47] fluxcd: fix updateScript 5th attempt Co-authored-by: @NULLx76 --- pkgs/applications/networking/cluster/fluxcd/update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/networking/cluster/fluxcd/update.sh b/pkgs/applications/networking/cluster/fluxcd/update.sh index e9cc46b120cf..1ded63d4d86c 100755 --- a/pkgs/applications/networking/cluster/fluxcd/update.sh +++ b/pkgs/applications/networking/cluster/fluxcd/update.sh @@ -24,7 +24,7 @@ setKV vendorSha256 "0000000000000000000000000000000000000000000000000000" # The cd ../../../../../ set +e -VENDOR_SHA256=$(nix-build --no-out-link -A fluxcd 2>&1 | grep "got:" | cut -d':' -f3) +VENDOR_SHA256=$(nix-build --no-out-link -A fluxcd 2>&1 >/dev/null | grep "got:" | cut -d':' -f2 | sed 's| ||g') set -e cd - > /dev/null From 1bc62d183b97b7f83a8558bd13856e21140bd57d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Wed, 20 Oct 2021 16:47:30 +0200 Subject: [PATCH 36/47] gopls: 0.7.1 -> 0.7.3, add SuperSandro2000 as maintainer --- pkgs/development/tools/gopls/default.nix | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/pkgs/development/tools/gopls/default.nix b/pkgs/development/tools/gopls/default.nix index 388c34a0c078..dfbc064e0d32 100644 --- a/pkgs/development/tools/gopls/default.nix +++ b/pkgs/development/tools/gopls/default.nix @@ -2,16 +2,17 @@ buildGoModule rec { pname = "gopls"; - version = "0.7.1"; + version = "0.7.3"; src = fetchgit { - rev = "gopls/v${version}"; url = "https://go.googlesource.com/tools"; - sha256 = "0cq8mangcc1fz1ii7v4smxbpzynhwy6gvl80n5hvhjpgkp0k4fsm"; + rev = "gopls/v${version}"; + name = "gopls-source-${version}"; + sha256 = "sha256-aaRaStQ35a/SK4YIR5rjvp8gPxvoNuhLh2AGbr0c6p4="; }; modRoot = "gopls"; - vendorSha256 = "1mzn1nn3l080lch0yhh4g2sq02g95v14nha8k3d373vwvwg45igs"; + vendorSha256 = "sha256-8+sWd48w+ghQzznobBPcCQMuc9HLgOuAZPwD6lbbfj8="; doCheck = false; @@ -22,6 +23,6 @@ buildGoModule rec { description = "Official language server for the Go language"; homepage = "https://github.com/golang/tools/tree/master/gopls"; license = licenses.bsd3; - maintainers = with maintainers; [ mic92 zimbatm ]; + maintainers = with maintainers; [ mic92 SuperSandro2000 zimbatm ]; }; } From 77b713b5cdc04358edf4b5d0735ea0faf57e6b4f Mon Sep 17 00:00:00 2001 From: figsoda Date: Wed, 20 Oct 2021 10:27:17 -0400 Subject: [PATCH 37/47] timelimit: init at 1.9.2 --- pkgs/tools/misc/timelimit/default.nix | 28 +++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 30 insertions(+) create mode 100644 pkgs/tools/misc/timelimit/default.nix diff --git a/pkgs/tools/misc/timelimit/default.nix b/pkgs/tools/misc/timelimit/default.nix new file mode 100644 index 000000000000..22b71ca0f8f4 --- /dev/null +++ b/pkgs/tools/misc/timelimit/default.nix @@ -0,0 +1,28 @@ +{ lib, stdenv, fetchFromGitLab, perl }: + +stdenv.mkDerivation rec { + pname = "timelimit"; + version = "1.9.2"; + + src = fetchFromGitLab { + owner = "timelimit"; + repo = pname; + rev = "release/${version}"; + sha256 = "sha256-5IEAF8zCKaCVH6BAxjoa/2rrue9pRGBBkFzN57d+g+g="; + }; + + checkInputs = [ perl ]; + doCheck = true; + + installFlags = [ "PREFIX=$(out)" ]; + INSTALL_PROGRAM = "install -m755"; + INSTALL_DATA = "install -m644"; + + meta = with lib; { + description = "Execute a command and terminates the spawned process after a given time with a given signal"; + homepage = "https://devel.ringlet.net/sysutils/timelimit/"; + license = licenses.bsd2; + platforms = platforms.all; + maintainers = with maintainers; [ figsoda ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index ff0b603190ee..d62ac084ca9e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -28121,6 +28121,8 @@ with pkgs; fftw = fftwSinglePrec; }; + timelimit = callPackage ../tools/misc/timelimit { }; + timewarrior = callPackage ../applications/misc/timewarrior { }; timew-sync-server = callPackage ../applications/misc/timew-sync-server { }; From 0f9307a68429f285da0b4b84de4a2f132a0571e6 Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Wed, 20 Oct 2021 01:28:59 +0200 Subject: [PATCH 38/47] nethogs: fix cross-compiling --- pkgs/tools/networking/nethogs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/tools/networking/nethogs/default.nix b/pkgs/tools/networking/nethogs/default.nix index c6a8f3b7f4e9..872e22a4f2ab 100644 --- a/pkgs/tools/networking/nethogs/default.nix +++ b/pkgs/tools/networking/nethogs/default.nix @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { buildInputs = [ ncurses libpcap ]; - makeFlags = [ "VERSION=${version}" ]; + makeFlags = [ "VERSION=${version}" "nethogs" ]; installFlags = [ "PREFIX=$(out)" "sbin=$(out)/bin" ]; From 6c2fca809f89d48054df3f9b474a41a2e5150fbf Mon Sep 17 00:00:00 2001 From: Yuka Date: Wed, 20 Oct 2021 21:39:04 +0200 Subject: [PATCH 39/47] rootbar: wrong meta.homepage --- pkgs/applications/misc/rootbar/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/misc/rootbar/default.nix b/pkgs/applications/misc/rootbar/default.nix index d50cefb2a718..eab821c6dc64 100644 --- a/pkgs/applications/misc/rootbar/default.nix +++ b/pkgs/applications/misc/rootbar/default.nix @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { ]; meta = with lib; { - homepage = "https://github.com/alexays/waybar"; + homepage = "https://hg.sr.ht/~scoopta/rootbar"; description = "A bar for Wayland WMs"; longDescription = '' Root Bar is a bar for wlroots based wayland compositors such as sway and From b25c2fbed9aa9d9942af615e48c9c4d2bf400265 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Wed, 20 Oct 2021 22:02:20 +0200 Subject: [PATCH 40/47] matrix-synapse: 1.45.0 -> 1.45.1 ChangeLog: https://github.com/matrix-org/synapse/releases/tag/v1.45.1 --- pkgs/servers/matrix-synapse/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/matrix-synapse/default.nix b/pkgs/servers/matrix-synapse/default.nix index 2cb081aea630..5236f85a4ffe 100644 --- a/pkgs/servers/matrix-synapse/default.nix +++ b/pkgs/servers/matrix-synapse/default.nix @@ -27,11 +27,11 @@ let in buildPythonApplication rec { pname = "matrix-synapse"; - version = "1.45.0"; + version = "1.45.1"; src = fetchPypi { inherit pname version; - sha256 = "sha256-t8+sLhpjwaehe+cUi9weUZNTJAfNq/fwBZbM4SYKfnM="; + sha256 = "sha256-8ZcZdQbNxrRy91gxKSoasu8QmdV27T7HeWIRz0bStzY="; }; patches = [ From f0ef52fc1f03cca05657f7ef633943dd54bcfe5e Mon Sep 17 00:00:00 2001 From: superherointj <5861043+superherointj@users.noreply.github.com> Date: Wed, 20 Oct 2021 17:01:22 -0300 Subject: [PATCH 41/47] linkerd: fix updateScript 5th attempt --- .../networking/cluster/linkerd/update-edge.sh | 12 +++++------- .../networking/cluster/linkerd/update-stable.sh | 14 ++++++-------- 2 files changed, 11 insertions(+), 15 deletions(-) diff --git a/pkgs/applications/networking/cluster/linkerd/update-edge.sh b/pkgs/applications/networking/cluster/linkerd/update-edge.sh index 8bf49452b3e7..937d41a79423 100755 --- a/pkgs/applications/networking/cluster/linkerd/update-edge.sh +++ b/pkgs/applications/networking/cluster/linkerd/update-edge.sh @@ -5,13 +5,11 @@ set -x -eu -o pipefail cd $(dirname "$0") -TAG=$(curl ${GITHUB_TOKEN:+" -u \":$GITHUB_TOKEN\""} \ +VERSION=$(curl ${GITHUB_TOKEN:+" -u \":$GITHUB_TOKEN\""} \ --silent https://api.github.com/repos/linkerd/linkerd2/releases | \ - jq 'map(.tag_name)' | grep edge | sed 's/["|,| ]//g' | sort -r | head -n1) + jq 'map(.tag_name)' | grep edge | sed 's/["|,| ]//g' | sed 's/edge-//' | sort -V -r | head -n1) -VERSION=$(echo ${TAG} | sed 's/^edge-//') - -SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/linkerd/linkerd2/archive/refs/tags/${TAG}.tar.gz) +SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/linkerd/linkerd2/archive/refs/tags/edge-${VERSION}.tar.gz) setKV () { sed -i "s|$1 = \".*\"|$1 = \"${2:-}\"|" ./edge.nix @@ -19,11 +17,11 @@ setKV () { setKV version ${VERSION} setKV sha256 ${SHA256} -setKV vendorSha256 "" # Necessary to force clean build. +setKV vendorSha256 "0000000000000000000000000000000000000000000000000000" # Necessary to force clean build. cd ../../../../../ set +e -VENDOR_SHA256=$(nix-build --no-out-link -A linkerd_edge 2>&1 | grep "got:" | cut -d':' -f2 | sed 's| ||g') +VENDOR_SHA256=$(nix-build --no-out-link -A linkerd_edge 2>&1 >/dev/null | grep "got:" | cut -d':' -f2 | sed 's| ||g') set -e cd - > /dev/null diff --git a/pkgs/applications/networking/cluster/linkerd/update-stable.sh b/pkgs/applications/networking/cluster/linkerd/update-stable.sh index 37314ac1c460..5ec96af796c0 100755 --- a/pkgs/applications/networking/cluster/linkerd/update-stable.sh +++ b/pkgs/applications/networking/cluster/linkerd/update-stable.sh @@ -5,13 +5,11 @@ set -x -eu -o pipefail cd $(dirname "$0") -TAG=$(curl ${GITHUB_TOKEN:+" -u \":$GITHUB_TOKEN\""} \ - --silent https://api.github.com/repos/linkerd/linkerd2/releases/latest | \ - jq -r '.tag_name') +VERSION=$(curl ${GITHUB_TOKEN:+" -u \":$GITHUB_TOKEN\""} \ + --silent https://api.github.com/repos/linkerd/linkerd2/releases | \ + jq 'map(.tag_name)' | grep stable | sed 's/["|,| ]//g' | sed 's/stable-//' | sort -V -r | head -n1) -VERSION=$(echo ${TAG} | sed 's/^stable-//') - -SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/linkerd/linkerd2/archive/refs/tags/${TAG}.tar.gz) +SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/linkerd/linkerd2/archive/refs/tags/stable-${VERSION}.tar.gz) setKV () { sed -i "s|$1 = \".*\"|$1 = \"${2:-}\"|" ./default.nix @@ -19,11 +17,11 @@ setKV () { setKV version ${VERSION} setKV sha256 ${SHA256} -setKV vendorSha256 "" # Necessary to force clean build. +setKV vendorSha256 "0000000000000000000000000000000000000000000000000000" # Necessary to force clean build. cd ../../../../../ set +e -VENDOR_SHA256=$(nix-build --no-out-link -A linkerd 2>&1 | grep "got:" | cut -d':' -f2 | sed 's| ||g') +VENDOR_SHA256=$(nix-build --no-out-link -A linkerd 2>&1 >/dev/null | grep "got:" | cut -d':' -f2 | sed 's| ||g') set -e cd - > /dev/null From 5a1513b87fa8fdebfea8784a96066546c42e3dce Mon Sep 17 00:00:00 2001 From: superherointj <5861043+superherointj@users.noreply.github.com> Date: Wed, 20 Oct 2021 15:40:56 -0300 Subject: [PATCH 42/47] k3s: fix updateScript 5th attempt --- pkgs/applications/networking/cluster/k3s/default.nix | 3 +++ pkgs/applications/networking/cluster/k3s/update.sh | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/applications/networking/cluster/k3s/default.nix b/pkgs/applications/networking/cluster/k3s/default.nix index 78dffeb20ede..822a2c4b70a5 100644 --- a/pkgs/applications/networking/cluster/k3s/default.nix +++ b/pkgs/applications/networking/cluster/k3s/default.nix @@ -243,6 +243,9 @@ stdenv.mkDerivation rec { pname = "k3s"; version = k3sVersion; + # `src` here is a workaround for the updateScript bot. It couldn't be empty. + src = builtins.filterSource (path: type: false) ./.; + # Important utilities used by the kubelet, see # https://github.com/kubernetes/kubernetes/issues/26093#issuecomment-237202494 # Note the list in that issue is stale and some aren't relevant for k3s. diff --git a/pkgs/applications/networking/cluster/k3s/update.sh b/pkgs/applications/networking/cluster/k3s/update.sh index 7956e807e9ec..34257fcda2fc 100755 --- a/pkgs/applications/networking/cluster/k3s/update.sh +++ b/pkgs/applications/networking/cluster/k3s/update.sh @@ -12,7 +12,7 @@ LATEST_TAG_RAWFILE=${WORKDIR}/latest_tag.json curl --silent ${GITHUB_TOKEN:+"-u \":$GITHUB_TOKEN\""} \ https://api.github.com/repos/k3s-io/k3s/releases > ${LATEST_TAG_RAWFILE} -LATEST_TAG_NAME=$(jq 'map(.tag_name)' ${LATEST_TAG_RAWFILE} | grep -v -e rc -e engine | sed 's/["|,| ]//g' | sort -r | head -n1) +LATEST_TAG_NAME=$(jq 'map(.tag_name)' ${LATEST_TAG_RAWFILE} | grep -v -e rc -e engine | sed 's/["|,| ]//g' | sort -V -r | head -n1) K3S_VERSION=$(echo ${LATEST_TAG_NAME} | sed 's/^v//') K3S_COMMIT=$(curl --silent ${GITHUB_TOKEN:+"-u \":$GITHUB_TOKEN\""} \ From 685decb30772ac36135e939756a4237b8a82eb8a Mon Sep 17 00:00:00 2001 From: figsoda Date: Wed, 20 Oct 2021 16:41:28 -0400 Subject: [PATCH 43/47] hyperfine: 1.11.0 -> 1.12.0, add figsoda as a maintainer --- pkgs/tools/misc/hyperfine/default.nix | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/pkgs/tools/misc/hyperfine/default.nix b/pkgs/tools/misc/hyperfine/default.nix index 747c1e56a819..684d62b464f2 100644 --- a/pkgs/tools/misc/hyperfine/default.nix +++ b/pkgs/tools/misc/hyperfine/default.nix @@ -1,17 +1,21 @@ -{ lib, stdenv, fetchCrate, rustPlatform, installShellFiles +{ lib +, rustPlatform +, fetchCrate +, installShellFiles +, stdenv , Security }: rustPlatform.buildRustPackage rec { pname = "hyperfine"; - version = "1.11.0"; + version = "1.12.0"; src = fetchCrate { inherit pname version; - sha256 = "0dla2jzwcxkdx3n4fqkkh6wirqs2f31lvqsw2pjf1jbnnif54mzh"; + sha256 = "sha256-Vs754nvtYV5d736xsZ2foawfxMc25bUfMhm8Vxqxw6U="; }; - cargoSha256 = "13dd5x0mr1pqcba48w9v5jjpddapd7gk34d4bysbjqsriwpbrdgp"; + cargoSha256 = "sha256-X9WFnKP2+GM8V1kyd5VxpwBXql8Be5mugBVGrYdSsaM="; nativeBuildInputs = [ installShellFiles ]; buildInputs = lib.optional stdenv.isDarwin Security; @@ -26,8 +30,9 @@ rustPlatform.buildRustPackage rec { meta = with lib; { description = "Command-line benchmarking tool"; - homepage = "https://github.com/sharkdp/hyperfine"; - license = with licenses; [ asl20 /* or */ mit ]; - maintainers = [ maintainers.thoughtpolice ]; + homepage = "https://github.com/sharkdp/hyperfine"; + changelog = "https://github.com/sharkdp/hyperfine/blob/v${version}/CHANGELOG.md"; + license = with licenses; [ asl20 /* or */ mit ]; + maintainers = with maintainers; [ figsoda thoughtpolice ]; }; } From 92d4c88d6e07843f3a0fad094a7c1fe5a48c4757 Mon Sep 17 00:00:00 2001 From: Michael Adler Date: Wed, 20 Oct 2021 22:57:18 +0200 Subject: [PATCH 44/47] sumneko-lua-language-server: 2.4.3 -> 2.4.5 --- .../development/tools/sumneko-lua-language-server/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/sumneko-lua-language-server/default.nix b/pkgs/development/tools/sumneko-lua-language-server/default.nix index ed51a6fedc6b..1290da858746 100644 --- a/pkgs/development/tools/sumneko-lua-language-server/default.nix +++ b/pkgs/development/tools/sumneko-lua-language-server/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "sumneko-lua-language-server"; - version = "2.4.3"; + version = "2.4.5"; src = fetchFromGitHub { owner = "sumneko"; repo = "lua-language-server"; rev = version; - sha256 = "sha256-qap6TsqaCy+9prWiUow78eBgaWGq5eUkOXBTYFnAZyo="; + sha256 = "sha256-7eTYHZDJLmYTwe0K+RJMRl4tRz9o0DeniHD5+v9f1Jw="; fetchSubmodules = true; }; From 65930caffe78ccd3c0e4f00bfd79123fcba9e444 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 8 Oct 2021 23:17:40 +0200 Subject: [PATCH 45/47] linux: create maintainer team Now there are a few more folks who should get pinged on kernel changes: $ nix-instantiate -E 'with import ./. {}; (map (x: x.github) linux.meta.maintainers)' --eval --strict [ "TredwellGit" "mweinelt" "ma27" "nequissimus" "alyssais" "thoughtpolice" ] Refs #140281 --- maintainers/team-list.nix | 10 ++++++++++ pkgs/os-specific/linux/kernel/manual-config.nix | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/maintainers/team-list.nix b/maintainers/team-list.nix index 75a7940aa879..4a1ca99a5905 100644 --- a/maintainers/team-list.nix +++ b/maintainers/team-list.nix @@ -164,6 +164,16 @@ with lib.maintainers; { scope = "Maintain Kodi and related packages."; }; + linux-kernel = { + members = [ + TredwellGit + ma27 + nequissimus + qyliss + ]; + scope = "Maintain the Linux kernel."; + }; + mate = { members = [ j03 diff --git a/pkgs/os-specific/linux/kernel/manual-config.nix b/pkgs/os-specific/linux/kernel/manual-config.nix index 9c67df13d314..d9a959c50bc9 100644 --- a/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/pkgs/os-specific/linux/kernel/manual-config.nix @@ -293,7 +293,7 @@ let license = lib.licenses.gpl2Only; homepage = "https://www.kernel.org/"; repositories.git = "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git"; - maintainers = [ + maintainers = lib.teams.linux-kernel.members ++ [ maintainers.thoughtpolice ]; platforms = platforms.linux; From bb5aa0109b6db98a2e0a7ba88f5e0287e2374384 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Sat, 9 Oct 2021 14:48:27 +0200 Subject: [PATCH 46/47] linux: build hardened kernel with matching releases Until now we merged kernel updates even if no hardened versions were available yet. On one hand we don't want to delay patch-level updates, on the other hand users of hardened kernels have frequent breakage now[1]. This change aims to provide a solution this issue: * The hardened patchset now references the kernel version it's released for (including a sha256 hash for the fixed-output path of the source tarball). * The `hardenedKernelFor`-function doesn't just append hardened patches now, but also overrides version & src to match the kernel version the patch was built & tested for. Refs #140281 [1] https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.linuxPackages_hardened.kernel.x86_64-linux/all --- .../linux/kernel/hardened/patches.json | 60 ++++++++++++------- .../linux/kernel/hardened/update.py | 19 +++++- pkgs/os-specific/linux/kernel/patches.nix | 3 +- pkgs/top-level/linux-kernels.nix | 20 +++++-- 4 files changed, 74 insertions(+), 28 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 3ff41c8aa875..c0f9882cc145 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -1,32 +1,52 @@ { "4.14": { - "extra": "-hardened1", - "name": "linux-hardened-4.14.251-hardened1.patch", - "sha256": "1yv4b10w1psaj4m4r9jicf6c3wkyvb040p7gbdf1455nrcxnxr06", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.251-hardened1/linux-hardened-4.14.251-hardened1.patch" + "patch": { + "extra": "-hardened1", + "name": "linux-hardened-4.14.252-hardened1.patch", + "sha256": "1isqlqg4diz0i3f77rigvb07fs2p1v9w2h5165l0rnkb6h26i1gn", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.252-hardened1/linux-hardened-4.14.252-hardened1.patch" + }, + "sha256": "022rw51s8fzz6wcxa9xq6h60fglfx0hq7bmqgs5dlrci6plv4fwk", + "version": "4.14.252" }, "4.19": { - "extra": "-hardened1", - "name": "linux-hardened-4.19.212-hardened1.patch", - "sha256": "1ildbzxzvkaziqiqlvw92pjmkd64hxdd9sn3fdq88q1pdw5x2jb3", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.212-hardened1/linux-hardened-4.19.212-hardened1.patch" + "patch": { + "extra": "-hardened1", + "name": "linux-hardened-4.19.213-hardened1.patch", + "sha256": "03lk4m6sm3545s0xxx0w4sqgrsvrxqm8qg7swn05s36jj20viprm", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.213-hardened1/linux-hardened-4.19.213-hardened1.patch" + }, + "sha256": "162f5y3jplql3ca5xy889mq6izjinryx2kx16zp582yvsqf8rwiq", + "version": "4.19.213" }, "5.10": { - "extra": "-hardened1", - "name": "linux-hardened-5.10.74-hardened1.patch", - "sha256": "0prcrifz1zmjxv492dgd78h8bdsx4bh92dsbnp01nn1wmwbajp8p", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.74-hardened1/linux-hardened-5.10.74-hardened1.patch" + "patch": { + "extra": "-hardened1", + "name": "linux-hardened-5.10.75-hardened1.patch", + "sha256": "17gm50aislxihfnmr4vi0p0gpg13m2pbldjpi81clnx93a7rrfw2", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.75-hardened1/linux-hardened-5.10.75-hardened1.patch" + }, + "sha256": "0jrhhk89587caw54nhnwms93kq33qdm75x5f18cp61xrxxgjyaqa", + "version": "5.10.75" }, "5.14": { - "extra": "-hardened1", - "name": "linux-hardened-5.14.13-hardened1.patch", - "sha256": "01kxjn1sndby3fjfq3g7z0ydrk8nv62bvpvprddqqc3bypk9q7m2", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.14.13-hardened1/linux-hardened-5.14.13-hardened1.patch" + "patch": { + "extra": "-hardened1", + "name": "linux-hardened-5.14.14-hardened1.patch", + "sha256": "1hx5yal8jqnxr9c9ikvc6d0xp99kqjarj67720v9d4wvlmgsfabj", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.14.14-hardened1/linux-hardened-5.14.14-hardened1.patch" + }, + "sha256": "0snh17ah49wmfmazy6x42rhvl484h657y0iq4l09a885sjb4xzsd", + "version": "5.14.14" }, "5.4": { - "extra": "-hardened1", - "name": "linux-hardened-5.4.154-hardened1.patch", - "sha256": "0d7w27n3wq9jaq0wbf3iv2f0jb1y2v4k0c87rb6sakivwajxn1aw", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.154-hardened1/linux-hardened-5.4.154-hardened1.patch" + "patch": { + "extra": "-hardened1", + "name": "linux-hardened-5.4.155-hardened1.patch", + "sha256": "0l8h9i6asiypgbxl90370kzfsyyc3f4vwl2r191arvrsgw863bid", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.155-hardened1/linux-hardened-5.4.155-hardened1.patch" + }, + "sha256": "0f2hfz76rnhmv99zhbh7n1z48316ilxrxrnh4b5m3lj84y80y36c", + "version": "5.4.155" } } diff --git a/pkgs/os-specific/linux/kernel/hardened/update.py b/pkgs/os-specific/linux/kernel/hardened/update.py index f278b518c024..48567b68dc3e 100755 --- a/pkgs/os-specific/linux/kernel/hardened/update.py +++ b/pkgs/os-specific/linux/kernel/hardened/update.py @@ -31,7 +31,12 @@ VersionComponent = Union[int, str] Version = List[VersionComponent] -Patch = TypedDict("Patch", {"name": str, "url": str, "sha256": str, "extra": str}) +PatchData = TypedDict("PatchData", {"name": str, "url": str, "sha256": str, "extra": str}) +Patch = TypedDict("Patch", { + "patch": PatchData, + "version": str, + "sha256": str, +}) @dataclass @@ -133,7 +138,15 @@ def fetch_patch(*, name: str, release_info: ReleaseInfo) -> Optional[Patch]: if not sig_ok: return None - return Patch(name=patch_filename, url=patch_url, sha256=sha256, extra=extra) + kernel_ver = release_info.release.tag_name.replace("-hardened1", "") + major = kernel_ver.split('.')[0] + sha256_kernel, _ = nix_prefetch_url(f"mirror://kernel/linux/kernel/v{major}.x/linux-{kernel_ver}.tar.xz") + + return Patch( + patch=PatchData(name=patch_filename, url=patch_url, sha256=sha256, extra=extra), + version=kernel_ver, + sha256=sha256_kernel + ) def parse_version(version_str: str) -> Version: @@ -249,7 +262,7 @@ for kernel_key in sorted(releases.keys()): old_version_str: Optional[str] = None update: bool try: - old_filename = patches[kernel_key]["name"] + old_filename = patches[kernel_key]["patch"]["name"] old_version_str = old_filename.replace("linux-hardened-", "").replace( ".patch", "" ) diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index f41cedca0f69..b818ddc5f2ac 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -47,10 +47,11 @@ cpu-cgroup-v2 = import ./cpu-cgroup-v2-patches; hardened = let - mkPatch = kernelVersion: src: { + mkPatch = kernelVersion: { version, sha256, patch }: let src = patch; in { name = lib.removeSuffix ".patch" src.name; patch = fetchurl (lib.filterAttrs (k: v: k != "extra") src); extra = src.extra; + inherit version sha256; }; patches = builtins.fromJSON (builtins.readFile ./hardened/patches.json); in lib.mapAttrs mkPatch patches; diff --git a/pkgs/top-level/linux-kernels.nix b/pkgs/top-level/linux-kernels.nix index d1afd3422803..da6bd08e5673 100644 --- a/pkgs/top-level/linux-kernels.nix +++ b/pkgs/top-level/linux-kernels.nix @@ -10,6 +10,7 @@ , stdenvNoCC , newScope , lib +, fetchurl }: # When adding a kernel: @@ -26,16 +27,27 @@ let # Hardened Linux hardenedKernelFor = kernel': overrides: - let kernel = kernel'.override overrides; + let + kernel = kernel'.override overrides; + version = kernelPatches.hardened.${kernel.meta.branch}.version; + major = lib.versions.major version; + sha256 = kernelPatches.hardened.${kernel.meta.branch}.sha256; + modDirVersion' = builtins.replaceStrings [ kernel.version ] [ version ] kernel.modDirVersion; in kernel.override { structuredExtraConfig = import ../os-specific/linux/kernel/hardened/config.nix { - inherit lib; - inherit (kernel) version; + inherit lib version; + }; + argsOverride = { + inherit version; + src = fetchurl { + url = "mirror://kernel/linux/kernel/v${major}.x/linux-${version}.tar.xz"; + inherit sha256; + }; }; kernelPatches = kernel.kernelPatches ++ [ kernelPatches.hardened.${kernel.meta.branch} ]; - modDirVersionArg = kernel.modDirVersion + (kernelPatches.hardened.${kernel.meta.branch}).extra; + modDirVersionArg = modDirVersion' + (kernelPatches.hardened.${kernel.meta.branch}).extra; isHardened = true; }; in { From 11dab9f5703cd34f1e5bd2e899f8f02cf549b22c Mon Sep 17 00:00:00 2001 From: polykernel <81340136+polykernel@users.noreply.github.com> Date: Sat, 16 Oct 2021 00:10:26 -0400 Subject: [PATCH 47/47] fuzzel: 1.6.1 -> 1.6.4 The SVG and PNG options were adjusted to account for upstream changes on the meson build options and additional nanosvg backend for SVG support independent of cairo. --- pkgs/applications/misc/fuzzel/default.nix | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/pkgs/applications/misc/fuzzel/default.nix b/pkgs/applications/misc/fuzzel/default.nix index e43304c5bc18..e099414c0c28 100644 --- a/pkgs/applications/misc/fuzzel/default.nix +++ b/pkgs/applications/misc/fuzzel/default.nix @@ -13,29 +13,24 @@ , tllist , fcft , enableCairo ? true -, enablePNG ? true -, enableSVG ? true +, withPNGBackend ? "libpng" +, withSVGBackend ? "librsvg" # Optional dependencies , cairo , librsvg , libpng }: -let - # Courtesy of sternenseemann and FRidh, commit c9a7fdfcfb420be8e0179214d0d91a34f5974c54 - mesonFeatureFlag = opt: b: "-D${opt}=${if b then "enabled" else "disabled"}"; -in - stdenv.mkDerivation rec { pname = "fuzzel"; - version = "1.6.1"; + version = "1.6.4"; src = fetchFromGitea { domain = "codeberg.org"; owner = "dnkl"; repo = "fuzzel"; rev = version; - sha256 = "sha256-JW5sAlTprSRIdFbmSaUreGtNccERgQMGEW+WCSscYQk="; + sha256 = "sha256-wl3dO6EwLXWf0XtAIml1NlNRIvpIQJuq1pxLmo/pAUE="; }; nativeBuildInputs = [ @@ -54,15 +49,15 @@ stdenv.mkDerivation rec { tllist fcft ] ++ lib.optional enableCairo cairo - ++ lib.optional enablePNG libpng - ++ lib.optional enableSVG librsvg; + ++ lib.optional (withPNGBackend == "libpng") libpng + ++ lib.optional (withSVGBackend == "librsvg") librsvg; mesonBuildType = "release"; mesonFlags = [ - (mesonFeatureFlag "enable-cairo" enableCairo) - (mesonFeatureFlag "enable-png" enablePNG) - (mesonFeatureFlag "enable-svg" enableSVG) + "-Denable-cairo=${if enableCairo then "enabled" else "disabled"}" + "-Dpng-backend=${withPNGBackend}" + "-Dsvg-backend=${withSVGBackend}" ]; meta = with lib; {