BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge master into staging-next

Browse source
This commit is contained in:
github-actions[bot] 2022-11-20 18:01:14 +00:00 committed by GitHub
commit 1fde037c41
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
31 changed files with 564 additions and 153 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
View file

@ -139,6 +139,11 @@
other distributions.
</para>
</listitem>
<listitem>
<para>
PHP 8.2.0 RC 6 is available.
</para>
</listitem>
<listitem>
<para>
<literal>protonup</literal> has been aliased to and replaced
@ -624,6 +629,23 @@
binaries, use the <literal>p4d</literal> package instead.
</para>
</listitem>
<listitem>
<para>
The <literal>openssl</literal>-extension for the PHP
interpreter used by Nextcloud is built against OpenSSL 1.1 if
<xref linkend="opt-system.stateVersion" /> is below
<literal>22.11</literal>. This is to make sure that people
using
<link xlink:href="https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html">server-side
encryption</link> dont loose access to their files.
</para>
<para>
In any other case its safe to use OpenSSL 3 for PHPs openssl
extension. This can be done by setting
<xref linkend="opt-services.nextcloud.enableBrokenCiphersForSSE" />
to <literal>false</literal>.
</para>
</listitem>
<listitem>
<para>
The <literal>coq</literal> package and versioned variants

9
nixos/doc/manual/release-notes/rl-2211.section.md
View file

@ -57,6 +57,8 @@ In addition to numerous new and upgraded packages, this release has the followin
`mod_php` usage we still enable `ZTS` (Zend Thread Safe). This has been a
common practice for a long time in other distributions.
- PHP 8.2.0 RC 6 is available.
- `protonup` has been aliased to and replaced by `protonup-ng` due to upstream not maintaining it.
- Perl has been updated to 5.36, and its core module `HTTP::Tiny` was patched to verify SSL/TLS certificates by default.
@ -202,6 +204,13 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
- The `p4` package now only includes the open-source Perforce Helix Core command-line client and APIs. It no longer installs the unfree Helix Core Server binaries `p4d`, `p4broker`, and `p4p`. To install the Helix Core Server binaries, use the `p4d` package instead.
- The `openssl`-extension for the PHP interpreter used by Nextcloud is built against OpenSSL 1.1 if
[](#opt-system.stateVersion) is below `22.11`. This is to make sure that people using [server-side encryption](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html)
don't loose access to their files.
In any other case it's safe to use OpenSSL 3 for PHP's openssl extension. This can be done by setting
[](#opt-services.nextcloud.enableBrokenCiphersForSSE) to `false`.
- The `coq` package and versioned variants starting at `coq_8_14` no
longer include CoqIDE, which is now available through
`coqPackages.coqide`. It is still possible to get CoqIDE as part of

58
nixos/modules/services/web-apps/nextcloud.nix
View file

@ -13,7 +13,12 @@ let
phpPackage = cfg.phpPackage.buildEnv {
extensions = { enabled, all }:
(with all;
enabled
# disable default openssl extension
(lib.filter (e: e.pname != "php-openssl") enabled)
# use OpenSSL 1.1 for RC4 Nextcloud encryption if user
# has acknowledged the brokeness of the ciphers (RC4).
# TODO: remove when https://github.com/nextcloud/server/issues/32003 is fixed.
++ (if cfg.enableBrokenCiphersForSSE then [ cfg.phpPackage.extensions.openssl-legacy ] else [ cfg.phpPackage.extensions.openssl ])
++ optional cfg.enableImagemagick imagick
# Optionally enabled depending on caching settings
++ optional cfg.caching.apcu apcu
@ -80,6 +85,40 @@ in {
options.services.nextcloud = {
enable = mkEnableOption (lib.mdDoc "nextcloud");
enableBrokenCiphersForSSE = mkOption {
type = types.bool;
default = versionOlder stateVersion "22.11";
defaultText = literalExpression "versionOlder system.stateVersion \"22.11\"";
description = lib.mdDoc ''
This option enables using the OpenSSL PHP extension linked against OpenSSL 1.1
rather than latest OpenSSL ( 3), this is not recommended unless you need
it for server-side encryption (SSE). SSE uses the legacy RC4 cipher which is
considered broken for several years now. See also [RFC7465](https://datatracker.ietf.org/doc/html/rfc7465).
This cipher has been disabled in OpenSSL 3 and requires
a specific legacy profile to re-enable it.
If you deploy Nextcloud using OpenSSL  3 for PHP and have
server-side encryption configured, you will not be able to access
your files anymore. Enabling this option can restore access to your files.
Upon testing we didn't encounter any data corruption when turning
this on and off again, but this cannot be guaranteed for
each Nextcloud installation.
It is `true` by default for systems with a [](#opt-system.stateVersion) below
`22.11` to make sure that existing installations won't break on update. On newer
NixOS systems you have to explicitly enable it on your own.
Please note that this only provides additional value when using
external storage such as S3 since it's not an end-to-end encryption.
If this is not the case,
it is advised to [disable server-side encryption](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#disabling-encryption) and set this to `false`.
In the future, Nextcloud may move to AES-256-GCM, by then,
this option will be removed.
'';
};
hostName = mkOption {
type = types.str;
description = lib.mdDoc "FQDN for the nextcloud instance.";
@ -649,6 +688,23 @@ in {
++ (optional (versionOlder cfg.package.version "23") (upgradeWarning 22 "22.05"))
++ (optional (versionOlder cfg.package.version "24") (upgradeWarning 23 "22.05"))
++ (optional (versionOlder cfg.package.version "25") (upgradeWarning 24 "22.11"))
++ (optional cfg.enableBrokenCiphersForSSE ''
You're using PHP's openssl extension built against OpenSSL 1.1 for Nextcloud.
This is only necessary if you're using Nextcloud's server-side encryption.
Please keep in mind that it's using the broken RC4 cipher.
If you don't use that feature, you can switch to OpenSSL 3 and get
rid of this warning by declaring
services.nextcloud.enableBrokenCiphersForSSE = false;
If you need to use server-side encryption you can ignore this waring.
Otherwise you'd have to disable server-side encryption first in order
to be able to safely disable this option and get rid of this warning.
See <https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#disabling-encryption> on how to achieve this.
For more context, here is the implementing pull request: https://github.com/NixOS/nixpkgs/pull/198470
'')
++ (optional isUnsupportedMariadb ''
You seem to be using MariaDB at an unsupported version (i.e. at least 10.6)!
Please note that this isn't supported officially by Nextcloud. You can either

14
nixos/modules/services/web-apps/nextcloud.xml
View file

@ -170,6 +170,20 @@
</listitem>
</itemizedlist>
</listitem>
<listitem>
<formalpara>
<title>Server-side encryption</title>
<para>
Nextcloud supports <link xlink:href="https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html">server-side encryption (SSE)</link>.
This is not an end-to-end encryption, but can be used to encrypt files that will be persisted
to external storage such as S3. Please note that this won't work anymore when using OpenSSL 3
for PHP's openssl extension because this is implemented using the legacy cipher RC4.
If <xref linkend="opt-system.stateVersion" /> is <emphasis>above</emphasis> <literal>22.05</literal>,
this is disabled by default. To turn it on again and for further information please refer to
<xref linkend="opt-services.nextcloud.enableBrokenCiphersForSSE" />.
</para>
</formalpara>
</listitem>
</itemizedlist>
</section>

1
nixos/tests/all-tests.nix
View file

@ -495,6 +495,7 @@ in {
php = handleTest ./php {};
php80 = handleTest ./php { php = pkgs.php80; };
php81 = handleTest ./php { php = pkgs.php81; };
php82 = handleTest ./php { php = pkgs.php82; };
phylactery = handleTest ./web-apps/phylactery.nix {};
pict-rs = handleTest ./pict-rs.nix {};
pinnwand = handleTest ./pinnwand.nix {};

32
nixos/tests/common/acme/server/acme.test.cert.pem
View file

@ -1,19 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDLDCCAhSgAwIBAgIIRDAN3FHH//IwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
AxMVbWluaWNhIHJvb3QgY2EgNzg3NDZmMB4XDTIwMTAyMTEzMjgzNloXDTIyMTEy
MDEzMjgzNlowFDESMBAGA1UEAxMJYWNtZS50ZXN0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAo8XjMVUaljcaqQ5MFhfPuQgSwdyXEUbpSHz+5yPkE0h9
Z4Xu5BJF1Oq7h5ggCtadVsIspiY6Jm6aWDOjlh4myzW5UNBNUG3OPEk50vmmHFeH
pImHO/d8yb33QoF9VRcTZs4tuJYg7l9bSs4jNG72vYvv2YiGAcmjJcsmAZIfniCN
Xf/LjIm+Cxykn+Vo3UuzO1w5/iuofdgWO/aZxMezmXUivlL3ih4cNzCJei8WlB/l
EnHrkcy3ogRmmynP5zcz7vmGIJX2ji6dhCa4Got5B7eZK76o2QglhQXqPatG0AOY
H+RfQfzKemqPG5om9MgJtwFtTOU1LoaiBw//jXKESQIDAQABo3YwdDAOBgNVHQ8B
MIIDLDCCAhSgAwIBAgIIHvJkPAdMFGAwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
AxMVbWluaWNhIHJvb3QgY2EgNDYwMjMxMB4XDTIyMTEyMDE1MzcwNFoXDTI0MTIy
MDE1MzcwNFowFDESMBAGA1UEAxMJYWNtZS50ZXN0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAs/Xad8Jn0YMI8nTjbVakGsFplxSKkgWs9Jv8tETC1FBV
KNo3yF6IElBhzKw3eF6piZqDwNFXobuMCZ3Ckaj+EOdSA0DhjwUSBmEok/0siIu4
WbAS2iKwZGuJlJRYOmfXRPt2nNSPhuNHtZJoTWufN5K1XS+4v1dsVUWdWvkUuaC5
/uoujcYd4D6XDhJCubDCE+WSYk0KBLtMQ8irbNu4FGoCn5T7kDq46XwVjulWxc5q
dZ/Z/zgKQkoLaHgWKLjvuu7/CZw6RXyBlwVJh36pljixRnpnLfMMykO9Sq7Z3cR2
aVcMRjjeH0uScfFHIb3hvqyZLd+NHw3SqE8la/Nq1wIDAQABo3YwdDAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB
/wQCMAAwHwYDVR0jBBgwFoAU+8IZlLV/Qp5CXqpXMLvtxWlxcJwwFAYDVR0RBA0w
C4IJYWNtZS50ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQB0pe8I5/VDkB5VMgQB2GJV
GKzyigfWbVez9uLmqMj9PPP/zzYKSYeq+91aMuOZrnH7NqBxSTwanULkmqAmhbJJ
YkXw+FlFekf9FyxcuArzwzzNZDSGcjcdXpN8S2K1qkBd00iSJF9kU7pdZYCIKR20
QirdBrELEfsJ3GU62a6N3a2YsrisZUvq5TbjGJDcytAtt+WG3gmV7RInLdFfPwbw
bEHPCnx0uiV0nxLjd/aVT+RceVrFQVt4hR99jLoMlBitSKluZ1ljsrpIyroBhQT0
pp/pVi6HJdijG0fsPrC325NEGAwcpotLUhczoeM/rffKJd54wLhDkfYxOyRZXivs
/wQCMAAwHwYDVR0jBBgwFoAUW4rxHHeasqLl7KMK+F3uVN0JGwYwFAYDVR0RBA0w
C4IJYWNtZS50ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQBDT8HY62N6YbG7Fp3gPD2L
Y0ZFHAAYM5l+Qn55aYkaTxpaRFPAeh0POmTIgSXfFSQYR00w3x2ni0K1ecBI814y
Mkgoki+jP6JhgV1fPTa5Wqm2x/Ufcr6LbTIDVqO5zFxTdkqZHfC7sMahDNULVrN2
RVkTLppDfmQ+oFcwNvZSgK9SDJNMlsNllOyGGUuMSd1KjWU4/Wr0AmaS+V3Cjf14
MsvgVhN66ECom1yyy3q9HZgAoZy6lnHOWHD4BVXOmbS2Y1lSVv/atmiGH7F9nvNN
Ggh/+RmkXGczV80wT2TnivEamJGHA4kwThL40SRKfaTTX7miImI25E6+390hBXyw
-----END CERTIFICATE-----

50
nixos/tests/common/acme/server/acme.test.key.pem
View file

@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAo8XjMVUaljcaqQ5MFhfPuQgSwdyXEUbpSHz+5yPkE0h9Z4Xu
5BJF1Oq7h5ggCtadVsIspiY6Jm6aWDOjlh4myzW5UNBNUG3OPEk50vmmHFeHpImH
O/d8yb33QoF9VRcTZs4tuJYg7l9bSs4jNG72vYvv2YiGAcmjJcsmAZIfniCNXf/L
jIm+Cxykn+Vo3UuzO1w5/iuofdgWO/aZxMezmXUivlL3ih4cNzCJei8WlB/lEnHr
kcy3ogRmmynP5zcz7vmGIJX2ji6dhCa4Got5B7eZK76o2QglhQXqPatG0AOYH+Rf
QfzKemqPG5om9MgJtwFtTOU1LoaiBw//jXKESQIDAQABAoIBADox/2FwVFo8ioS4
R+Ex5OZjMAcjU6sX/516jTmlT05q2+UFerYgqB/YqXqtW/V9/brulN8VhmRRuRbO
grq9TBu5o3hMDK0f18EkZB/MBnLbx594H033y6gEkPBZAyhRYtuNOEH3VwxdZhtW
1Lu1EoiYSUqLcNMBy6+KWJ8GRaXyacMYBlj2lMHmyzkA/t1+2mwTGC3lT6zN0F5Y
E5umXOxsn6Tb6q3KM9O5IvtmMMKpgj4HIHZLZ6j40nNgHwGRaAv4Sha/vx0DeBw3
6VlNiTTPdShEkhESlM5/ocqTfI92VHJpM5gkqTYOWBi2aKIPfAopXoqoJdWl4pQ/
NCFIu2ECgYEAzntNKIcQtf0ewe0/POo07SIFirvz6jVtYNMTzeQfL6CoEjYArJeu
Vzc4wEQfA4ZFVerBb1/O6M449gI3zex1PH4AX0h8q8DSjrppK1Jt2TnpVh97k7Gg
Tnat/M/yW3lWYkcMVJJ3AYurXLFTT1dYP0HvBwZN04yInrEcPNXKfmcCgYEAywyJ
51d4AE94PrANathKqSI/gk8sP+L1gzylZCcUEAiGk/1r45iYB4HN2gvWbS+CvSdp
F7ShlDWrTaNh2Bm1dgTjc4pWb4J+CPy/KN2sgLwIuM4+ZWIZmEDcio6khrM/gNqK
aR7xUsvWsqU26O84woY/xR8IHjSNF7cFWE1H2c8CgYEAt6SSi2kVQ8dMg84uYE8t
o3qO00U3OycpkOQqyQQLeKC62veMwfRl6swCfX4Y11mkcTXJtPTRYd2Ia8StPUkB
PDwUuKoPt/JXUvoYb59wc7M+BIsbrdBdc2u6cw+/zfutCNuH6/AYSBeg4WAVaIuW
wSwzG1xP+8cR+5IqOzEqWCECgYATweeVTCyQEyuHJghYMi2poXx+iIesu7/aAkex
pB/Oo5W8xrb90XZRnK7UHbzCqRHWqAQQ23Gxgztk9ZXqui2vCzC6qGZauV7cLwPG
zTMg36sVmHP314DYEM+k59ZYiQ6P0jQPoIQo407D2VGrfsOOIhQIcUmP7tsfyJ5L
hlGMfwKBgGq4VNnnuX8I5kl03NpaKfG+M8jEHmVwtI9RkPTCCX9bMjeG0cDxqPTF
TRkf3r8UWQTZ5QfAfAXYAOlZvmGhHjSembRbXMrMdi3rGsYRSrQL6n5NHnORUaMy
FCWo4gyAnniry7tx9dVNgmHmbjEHuQnf8AC1r3dibRCjvJWUiQ8H
MIIEowIBAAKCAQEAs/Xad8Jn0YMI8nTjbVakGsFplxSKkgWs9Jv8tETC1FBVKNo3
yF6IElBhzKw3eF6piZqDwNFXobuMCZ3Ckaj+EOdSA0DhjwUSBmEok/0siIu4WbAS
2iKwZGuJlJRYOmfXRPt2nNSPhuNHtZJoTWufN5K1XS+4v1dsVUWdWvkUuaC5/uou
jcYd4D6XDhJCubDCE+WSYk0KBLtMQ8irbNu4FGoCn5T7kDq46XwVjulWxc5qdZ/Z
/zgKQkoLaHgWKLjvuu7/CZw6RXyBlwVJh36pljixRnpnLfMMykO9Sq7Z3cR2aVcM
RjjeH0uScfFHIb3hvqyZLd+NHw3SqE8la/Nq1wIDAQABAoIBAG2s50FXjLgmONyz
Giv3wrm/qF94GF+X7+l/64nd4jNM5imonJiT7C/lJ0V6q6/DWWXQcn2f191slJMD
v6HQMU8R+2yaLR1hxLN4oSdYA70QEgEvCr5Ap+n7k/SmWAL4aDzVWFuKPBLED178
ZG7SqU1QLxIk1F5gpFhvvc/Ev7nE0KAzTJ3jGyWHZjJ1TKAWHx6oeKOw4OejRcGO
+rDBfQrV59fiCy8CFraGPDGie5Eb7ioXyt4cf4/odtLol7bSIwH4BLwfvKJbRobi
gSjvL5JJLjhjWzeoj+JC4o0sWQegytWpNCHSFETfHQ8rlcagTN8JaTcBg6+wrR2O
OPeoFqkCgYEA7o9jSk7i23SiKo3C+T9KFIL2OS7akwUqIQZehZJ6LXljYEDP1lcz
wjvWuLGVzlST3fmumHIMZLjjBU1cMYAPZrbUrEeayATD4jBxyiXbHqhB3DQ0W4CX
obUhcdsLGsKp0zXls8FeiQs6GOeEwSDU+1nAL9/hLK7w6cJ2zyj8HBUCgYEAwR3H
/ltIjD8tXNF05ayOguzrbivx2vaXusskZgn9QqntoGqqsXLOgsqcUH0dtiTyVOn+
Nba7w+o5NfaAfE9uR+oeZSo1IJU8oEi/EZqXTcYf5p3oAjXXZ9wXX8kl91EjCzKl
0kDpSpsMhUzdB2i5I9Oh1fLaW4iMwyuY1CgnqjsCgYBHIJFmEmcpL3k6XtIHJoub
2gA3xHR+6UdKWW/NO4MaE9tBU5GkQpO4EcdPggM8ZZNA17Tq1vZDAa0OY6ZdS+VL
pq96Pk8z29fblL4Ym3jdhyU71oTV011iZXL3U2vYKrofsy4tjjX1fldwHXdDbdqS
povaulGU1QQXblemJH4mkQKBgC3IUq6Rk4x0OdvkaFM+6nZNlq8Cyg7AIU6OdG2g
dqNER+qc/yScdCr7v70xPEb/UVgiNTskvDUBJVkOvH08E4gHD/ep3vh/iOTy+iFB
RheRHeT9kJBdlVixC/WQaWjNmoJAGqHS87vVME214Dyubh35QUfIkE3c/IoUnuHF
N0obAoGBANJpPBF36H1nb+TcVerOBXI8oqeIyoq7f4W/wbIirnZq/XfBaaOL5R6v
6+p4LEcQ1Mf33Yfr5M4aR0q7fgNDg/g4LcMg6fI3+UwPC6lJY+K8zzF4fmGDhheC
D+LsZG0Funl9kT0yxPBQhCJmmkJNIHiSNuRLt9Infne2408+YV+T
-----END RSA PRIVATE KEY-----

34
nixos/tests/common/acme/server/ca.cert.pem
View file

@ -1,20 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIIeHRvRrNvbGQwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
AxMVbWluaWNhIHJvb3QgY2EgNzg3NDZmMCAXDTIwMTAyMTEzMjgzNloYDzIxMjAx
MDIxMTMyODM2WjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSA3ODc0NmYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrNTzVLDJOKtGYGLU98EEcLKps
tXHCLC6G54LKbEcU80fn+ArX8qsPSHyhdXQkcYjq6Vh/EDJ1TctyRSnvAjwyG4Aa
1Zy1QFc/JnjMjvzimCkUc9lQ+wkLwHSM/KGwR1cGjmtQ/EMClZTA0NwulJsXMKVz
bd5asXbq/yJTQ5Ww25HtdNjwRQXTvB7r3IKcY+DsED9CvFvC9oG/ZhtZqZuyyRdC
kFUrrv8WNUDkWSN+lMR6xMx8v0583IN6f11IhX0b+svK98G81B2eswBdkzvVyv9M
unZBO0JuJG8sdM502KhWLmzBC1ZbvgUBF9BumDRpMFH4DCj7+qQ2taWeGyc7AgMB
MIIDSzCCAjOgAwIBAgIIRgIx/Q6DdK0wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
AxMVbWluaWNhIHJvb3QgY2EgNDYwMjMxMCAXDTIyMTEyMDE1MzcwNFoYDzIxMjIx
MTIwMTUzNzA0WjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSA0NjAyMzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYxM/efiS7rNNzdu+AK+J57+om
QYsoteVpmwcU6Ul8Zr6pcsBSLetV2PCWGVKKfXdK1Ep+JdBoiuG8EY/wffYJy+So
WRRWX+bGIFly74urX2iOH/yimF8XMaHj4CzjMD1wM2rFLswL3VK2DM+wrCMO2zE2
BAiUAJ++ws99Dl74DQ9lGne8hMjFgzakINCNd948/t2+LMVxqCgQ7fI+iHA1X7QF
1AT5c86wd/GxLzfl343DxLSeMRFbGUVSH6NBBnIQdFDq1GjNGPbn8ZlDXw5WWeR5
ufnxcRRNpp3GnHG3/VOebFAr++5/0ze+QvF6XPXk9RZWvhh0dD14/8W/PMK1AgMB
AAGjgYYwgYMwDgYDVR0PAQH/BAQDAgKEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBT7whmUtX9CnkJe
qlcwu+3FaXFwnDAfBgNVHSMEGDAWgBT7whmUtX9CnkJeqlcwu+3FaXFwnDANBgkq
hkiG9w0BAQsFAAOCAQEARMe1wKmF33GjEoLLw0oDDS4EdAv26BzCwtrlljsEtwQN
95oSzUNd6o4Js7WCG2o543OX6cxzM+yju8TES3+vJKDgsbNMU0bWCv//tdrb0/G8
OkU3Kfi5q4fOauZ1pqGv/pXdfYhZ5ieB/zwis3ykANe5JfB0XqwCb1Vd0C3UCIS2
NPKngRwNSzphIsbzfvxGDkdM1enuGl5CVyDhrwTMqGaJGDSOv6U5jKFxKRvigqTN
Ls9lPmT5NXYETduWLBR3yUIdH6kZXrcozZ02B9vjOB2Cv4RMDc+9eM30CLIWpf1I
097e7JkhzxFhfC/bMMt3P1FeQc+fwH91wdBmNi7tQw==
BgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBRbivEcd5qyouXs
owr4Xe5U3QkbBjAfBgNVHSMEGDAWgBRbivEcd5qyouXsowr4Xe5U3QkbBjANBgkq
hkiG9w0BAQsFAAOCAQEAdSudxwrpXf/nxXJ8THob63UEvvof0o7uENbNPjqt7VZZ
lQeKnZOrzjYbTcsbyDpm/zsniT9620ntVcL4/IG2eeuSPA9btHNiFM6R3Nby8Op4
emqNzrS0DFqV/CAOAue+C44Vb9IS+ibFxEpI3GTH0FVWpEglLuesXKV+boy1aCNq
BYvk6lVplmnTtyfEUAQxyjJhTHu0+ZDwmw1+/NY9Wn2aeile+/G8ao+MBXARELmq
aoGKfFfrMGRT/KDSyODBEdJ1XkLr0TYjNvyctsaYBp9FhVQiuNMOyCku7EB8y+tZ
odYtLw6ecNnrjgQAnxSDg1ChrQ0wNSdPyjvycNgvjQ==
-----END CERTIFICATE-----

50
nixos/tests/common/acme/server/ca.key.pem
View file

@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAqzU81SwyTirRmBi1PfBBHCyqbLVxwiwuhueCymxHFPNH5/gK
1/KrD0h8oXV0JHGI6ulYfxAydU3LckUp7wI8MhuAGtWctUBXPyZ4zI784pgpFHPZ
UPsJC8B0jPyhsEdXBo5rUPxDApWUwNDcLpSbFzClc23eWrF26v8iU0OVsNuR7XTY
8EUF07we69yCnGPg7BA/QrxbwvaBv2YbWambsskXQpBVK67/FjVA5FkjfpTEesTM
fL9OfNyDen9dSIV9G/rLyvfBvNQdnrMAXZM71cr/TLp2QTtCbiRvLHTOdNioVi5s
wQtWW74FARfQbpg0aTBR+Awo+/qkNrWlnhsnOwIDAQABAoIBAA3ykVkgd5ysmlSU
trcsCnHcJaojgff6l3PACoSpG4VWaGY6a8+54julgRm6MtMBONFCX0ZCsImj484U
Wl0xRmwil2YYPuL5MeJgJPktMObY1IfpBCw3tz3w2M3fiuCMf0d2dMGtO1xLiUnH
+hgFXTkfamsj6ThkOrbcQBSebeRxbKM5hqyCaQoieV+0IJnyxUVq/apib8N50VsH
SHd4oqLUuEZgg6N70+l5DpzedJUb4nrwS/KhUHUBgnoPItYBCiGPmrwLk7fUhPs6
kTDqJDtc/xW/JbjmzhWEpVvtumcC/OEKULss7HLdeQqwVBrRQkznb0M9AnSra3d0
X11/Y4ECgYEA3FC8SquLPFb2lHK4+YbJ4Ac6QVWeYFEHiZ0Rj+CmONmjcAvOGLPE
SblRLm3Nbrkxbm8FF6/AfXa/rviAKEVPs5xqGfSDw/3n1uInPcmShiBCLwM/jHH5
NeVG+R5mTg5zyQ/pQMLWRcs+Ail+ZAnZuoGpW3Cdc8OtCUYFQ7XB6nsCgYEAxvBJ
zFxcTtsDzWbMWXejugQiUqJcEbKWwEfkRbf3J2rAVO2+EFr7LxdRfN2VwPiTQcWc
LnN2QN+ouOjqBMTh3qm5oQY+TLLHy86k9g1k0gXWkMRQgP2ZdfWH1HyrwjLUgLe1
VezFN7N1azgy6xFkInAAvuA4loxElZNvkGBgekECgYA/Xw26ILvNIGqO6qzgQXAh
+5I7JsiGheg4IjDiBMlrQtbrLMoceuD0H9UFGNplhel9DXwWgxxIOncKejpK2x0A
2fX+/0FDh+4+9hA5ipiV8gN3iGSoHkSDxy5yC9d7jlapt+TtFt4Rd1OfxZWwatDw
/8jaH3t6yAcmyrhK8KYVrwKBgAE5KwsBqmOlvyE9N5Z5QN189wUREIXfVkP6bTHs
jq2EX4hmKdwJ4y+H8i1VY31bSfSGlY5HkXuWpH/2lrHO0CDBZG3UDwADvWzIaYVF
0c/kz0v2mRQh+xaZmus4lQnNrDbaalgL666LAPbW0qFVaws3KxoBYPe0BxvwWyhF
H3LBAoGBAKRRNsq2pWQ8Gqxc0rVoH0FlexU9U2ci3lsLmgEB0A/o/kQkSyAxaRM+
VdKp3sWfO8o8lX5CVQslCNBSjDTNcat3Co4NEBLg6Xv1yKN/WN1GhusnchP9szsP
oU47gC89QhUyWSd6vvr2z2NG9C3cACxe4dhDSHQcE4nHSldzCKv2
MIIEowIBAAKCAQEAmMTP3n4ku6zTc3bvgCviee/qJkGLKLXlaZsHFOlJfGa+qXLA
Ui3rVdjwlhlSin13StRKfiXQaIrhvBGP8H32CcvkqFkUVl/mxiBZcu+Lq19ojh/8
ophfFzGh4+As4zA9cDNqxS7MC91StgzPsKwjDtsxNgQIlACfvsLPfQ5e+A0PZRp3
vITIxYM2pCDQjXfePP7dvizFcagoEO3yPohwNV+0BdQE+XPOsHfxsS835d+Nw8S0
njERWxlFUh+jQQZyEHRQ6tRozRj25/GZQ18OVlnkebn58XEUTaadxpxxt/1TnmxQ
K/vuf9M3vkLxelz15PUWVr4YdHQ9eP/FvzzCtQIDAQABAoIBAAMvJv4GNxHKWmXv
trI/N+s+uuytNQ9WKz/2QUGIU0XKhnLVt3h/CIazjOA0CupkDxZ6MktK0ns7WdUn
sI5cscImg8+We7wJJ7A9gF/K6mhaBr3foM5qyqCbIjqzs3vQx5cNG06c2RfuNwkg
XzvZeqmWnAH6N4uOL8Y0HUsH/6a/5rHEBTgUOnOidR8T1vdIN5vnpknef/H575ab
jTdDyb15Vns7nC4Q8lortkLsQzOt//LWpVuLZXGDm1Xi47ahNXM8Fo/MFK+xcBDF
onMFuclxImN3FqkyMH6PgJS392bZ1LLcmS4bqZ0oIwfUZ/kIEwAI2cTwEYfYmN7C
ekgvpsECgYEAxoJUcZW4iWvT8kznWKKT+YJAfTYmgwOxB1Dn3RxFA8cXocQQvwvM
mSl1AKOjWHFl/eW9s4zwy/fOnsN1m1tCTuWSNn5sudZSJfbd5CCiYaYTI66McCCm
5FGzqLM44Wm5y2qLa7l3in8Tza/645RpLXZyRfMInoW5In0XKbokLbkCgYEAxQM/
p63V5KuZYsm9BWNcCvAbS6G9NHjbeRrkAd171SSdibdwLIBeyn7A5JCiVqhZZbsO
1q1okO4m4j+JHzntWi63yXwG49sEVNaFbExPE4tfJeHD0Po8MJffoLNVTE+INT0B
fl1elhMpE9qpizFIHF7L8KnUf5Igi+yp0d6Amt0CgYACAhmGmKQoR736KosAm4xx
rr6mRaD4HFZzI39k/j84fZAgo9IjjKQCPKghXIZvg54rhmJ36YoaFiSx+Ho9Gxw9
nhbvlDHXY3KrTacLAsWBxWNWLhLfo4TstGLj5wRBS4eEpkxIx7SM4yI5J3mbScoS
mqsnSAEjUWkBD1DnrClniQKBgQCdfC9SNp+Yn6OJWIKE4Bwfkjf/iVbZrxKiCGDj
LM1kYFSeVciRijw72n8PNp7ObtyneZQu/4dq8zSZ/vf5wjB9uoKnyUEou1cHCkS1
gXpkwTBZ89K4JpAeuAjHSROSYLEc/ZtIDBMkHETl3hFRdx+RriWQR/HZ2FG0CIbn
gNmE8QKBgDlFu+TcspI2R9mKbHrbPTXOAlmi2g7RZ3jF1m4S/aZqSL/bqPRBb0OU
dY7MX4GHhJYR7RnMMROZQI0H4ZwWSMfokBDa96MDY107atK8TqZmYKaZQsEB8B4r
fMmKnQljYj91d/reowLJrQRf5SjBvtDIEIsiC8UgjQImAsZ8huEX
-----END RSA PRIVATE KEY-----

7
nixos/tests/nextcloud/basic.nix
View file

@ -37,6 +37,8 @@ in {
"d /var/lib/nextcloud-data 0750 nextcloud nginx - -"
];
system.stateVersion = "22.11"; # stateVersion >=21.11 to make sure that we use OpenSSL3
services.nextcloud = {
enable = true;
datadir = "/var/lib/nextcloud-data";
@ -99,6 +101,10 @@ in {
# This is just to ensure the nextcloud-occ program is working
nextcloud.succeed("nextcloud-occ status")
nextcloud.succeed("curl -sSf http://nextcloud/login")
# Ensure that no OpenSSL 1.1 is used.
nextcloud.succeed(
"${nodes.nextcloud.services.phpfpm.pools.nextcloud.phpPackage}/bin/php -i | grep 'OpenSSL Library Version' | awk -F'=>' '{ print $2 }' | awk '{ print $2 }' | grep -v 1.1"
)
nextcloud.succeed(
"${withRcloneEnv} ${copySharedFile}"
)
@ -108,5 +114,6 @@ in {
"${withRcloneEnv} ${diffSharedFile}"
)
assert "hi" in client.succeed("cat /mnt/dav/test-shared-file")
nextcloud.succeed("grep -vE '^HBEGIN:oc_encryption_module' /var/lib/nextcloud-data/data/root/files/test-shared-file")
'';
})) args

4
nixos/tests/nextcloud/default.nix
View file

@ -8,6 +8,10 @@ with pkgs.lib;
foldl
(matrix: ver: matrix // {
"basic${toString ver}" = import ./basic.nix { inherit system pkgs; nextcloudVersion = ver; };
"openssl-sse${toString ver}" = import ./openssl-sse.nix {
inherit system pkgs;
nextcloudVersion = ver;
};
"with-postgresql-and-redis${toString ver}" = import ./with-postgresql-and-redis.nix {
inherit system pkgs;
nextcloudVersion = ver;

105
nixos/tests/nextcloud/openssl-sse.nix Normal file
View file

@ -0,0 +1,105 @@
args@{ pkgs, nextcloudVersion ? 25, ... }:
(import ../make-test-python.nix ({ pkgs, ...}: let
adminuser = "root";
adminpass = "notproduction";
nextcloudBase = {
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "22.05"; # stateVersions <22.11 use openssl 1.1 by default
services.nextcloud = {
enable = true;
config.adminpassFile = "${pkgs.writeText "adminpass" adminpass}";
package = pkgs.${"nextcloud" + (toString nextcloudVersion)};
};
};
in {
name = "nextcloud-openssl";
meta = with pkgs.lib.maintainers; {
maintainers = [ ma27 ];
};
nodes.nextcloudwithopenssl1 = {
imports = [ nextcloudBase ];
services.nextcloud.hostName = "nextcloudwithopenssl1";
};
nodes.nextcloudwithopenssl3 = {
imports = [ nextcloudBase ];
services.nextcloud = {
hostName = "nextcloudwithopenssl3";
enableBrokenCiphersForSSE = false;
};
};
testScript = { nodes, ... }: let
withRcloneEnv = host: pkgs.writeScript "with-rclone-env" ''
#!${pkgs.runtimeShell}
export RCLONE_CONFIG_NEXTCLOUD_TYPE=webdav
export RCLONE_CONFIG_NEXTCLOUD_URL="http://${host}/remote.php/webdav/"
export RCLONE_CONFIG_NEXTCLOUD_VENDOR="nextcloud"
export RCLONE_CONFIG_NEXTCLOUD_USER="${adminuser}"
export RCLONE_CONFIG_NEXTCLOUD_PASS="$(${pkgs.rclone}/bin/rclone obscure ${adminpass})"
"''${@}"
'';
withRcloneEnv1 = withRcloneEnv "nextcloudwithopenssl1";
withRcloneEnv3 = withRcloneEnv "nextcloudwithopenssl3";
copySharedFile1 = pkgs.writeScript "copy-shared-file" ''
#!${pkgs.runtimeShell}
echo 'hi' | ${withRcloneEnv1} ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file
'';
copySharedFile3 = pkgs.writeScript "copy-shared-file" ''
#!${pkgs.runtimeShell}
echo 'bye' | ${withRcloneEnv3} ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file2
'';
openssl1-node = nodes.nextcloudwithopenssl1.config.system.build.toplevel;
openssl3-node = nodes.nextcloudwithopenssl3.config.system.build.toplevel;
in ''
nextcloudwithopenssl1.start()
nextcloudwithopenssl1.wait_for_unit("multi-user.target")
nextcloudwithopenssl1.succeed("nextcloud-occ status")
nextcloudwithopenssl1.succeed("curl -sSf http://nextcloudwithopenssl1/login")
with subtest("With OpenSSL 1 SSE can be enabled and used"):
nextcloudwithopenssl1.succeed("nextcloud-occ app:enable encryption")
nextcloudwithopenssl1.succeed("nextcloud-occ encryption:enable")
with subtest("Upload file and ensure it's encrypted"):
nextcloudwithopenssl1.succeed("${copySharedFile1}")
nextcloudwithopenssl1.succeed("grep -E '^HBEGIN:oc_encryption_module' /var/lib/nextcloud/data/root/files/test-shared-file")
nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi")
with subtest("Switch to OpenSSL 3"):
nextcloudwithopenssl1.succeed("${openssl3-node}/bin/switch-to-configuration test")
nextcloudwithopenssl1.wait_for_open_port(80)
nextcloudwithopenssl1.succeed("nextcloud-occ status")
with subtest("Existing encrypted files cannot be read, but new files can be added"):
nextcloudwithopenssl1.fail("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file >&2")
nextcloudwithopenssl1.succeed("nextcloud-occ encryption:disable")
nextcloudwithopenssl1.succeed("${copySharedFile3}")
nextcloudwithopenssl1.succeed("grep bye /var/lib/nextcloud/data/root/files/test-shared-file2")
nextcloudwithopenssl1.succeed("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye")
with subtest("Switch back to OpenSSL 1.1 and ensure that encrypted files are readable again"):
nextcloudwithopenssl1.succeed("${openssl1-node}/bin/switch-to-configuration test")
nextcloudwithopenssl1.wait_for_open_port(80)
nextcloudwithopenssl1.succeed("nextcloud-occ status")
nextcloudwithopenssl1.succeed("nextcloud-occ encryption:enable")
nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye")
nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi")
nextcloudwithopenssl1.succeed("grep -E '^HBEGIN:oc_encryption_module' /var/lib/nextcloud/data/root/files/test-shared-file")
nextcloudwithopenssl1.succeed("grep bye /var/lib/nextcloud/data/root/files/test-shared-file2")
with subtest("Ensure that everything can be decrypted"):
nextcloudwithopenssl1.succeed("echo y | nextcloud-occ encryption:decrypt-all >&2")
nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye")
nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi")
nextcloudwithopenssl1.succeed("grep -vE '^HBEGIN:oc_encryption_module' /var/lib/nextcloud/data/root/files/test-shared-file")
with subtest("Switch to OpenSSL 3 ensure that all files are usable now"):
nextcloudwithopenssl1.succeed("${openssl3-node}/bin/switch-to-configuration test")
nextcloudwithopenssl1.wait_for_open_port(80)
nextcloudwithopenssl1.succeed("nextcloud-occ status")
nextcloudwithopenssl1.succeed("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye")
nextcloudwithopenssl1.succeed("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi")
nextcloudwithopenssl1.shutdown()
'';
})) args

4
pkgs/applications/misc/gallery-dl/default.nix
View file

@ -2,13 +2,13 @@
buildPythonApplication rec {
pname = "gallery-dl";
version = "1.23.5";
version = "1.24.0";
format = "setuptools";
src = fetchPypi {
inherit version;
pname = "gallery_dl";
sha256 = "sha256-NhnuW7rq5Dgrnkw/nUO/pFg/Sh2D/d9gFCIb+gQy5QE=";
sha256 = "sha256-LGZjPkiX252IRgRG1fxVS4IdnKA3RgVjOhZLxYScIJo=";
};
propagatedBuildInputs = [

5
pkgs/applications/misc/tty-share/default.nix
View file

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "tty-share";
version = "2.2.1";
version = "2.3.0";
src = fetchFromGitHub {
owner = "elisescu";
repo = "tty-share";
rev = "v${version}";
sha256 = "sha256-aAqKfi0ZX0UB07yGY6x0HcMspvq4rcJXKHSONxAwMlc=";
sha256 = "sha256-/oK2m2kxmF9HHYfTK6NlZxKKkDS7Oay+ed7jR/+szs0=";
};
# Upstream has a `./vendor` directory with all deps which we rely upon.
@ -19,7 +19,6 @@ buildGoModule rec {
meta = with lib; {
homepage = "https://tty-share.com";
description = "Share terminal via browser for remote work or shared sessions";
platforms = platforms.linux;
license = licenses.mit;
maintainers = with maintainers; [ andys8 ];
};

61
pkgs/development/interpreters/php/8.2.nix Normal file
View file

@ -0,0 +1,61 @@
{ callPackage, lib, stdenv, fetchurl, ... }@_args:
let
hash = "sha256-sbT8sIwle3OugXxqLZO3jKXlrOQsX1iH7WRH8G+nv8Y=";
base = callPackage ./generic.nix (_args // {
version = "8.2.0";
phpAttrsOverrides = attrs: attrs // {
src = fetchurl {
url = "https://downloads.php.net/~sergey/php-8.2.0RC6.tar.xz";
inherit hash;
};
};
inherit hash;
});
in
base.withExtensions ({ all, ... }: with all; ([
bcmath
calendar
curl
ctype
dom
exif
fileinfo
filter
ftp
gd
gettext
gmp
iconv
imap
intl
ldap
mbstring
mysqli
mysqlnd
opcache
openssl
pcntl
pdo
pdo_mysql
pdo_odbc
pdo_pgsql
pdo_sqlite
pgsql
posix
readline
session
simplexml
sockets
soap
sodium
sysvsem
sqlite3
tokenizer
xmlreader
xmlwriter
zip
zlib
]))

2
pkgs/development/interpreters/php/generic.nix
View file

@ -91,7 +91,7 @@ let
[ ]
allExtensionFunctions;
getExtName = ext: lib.removePrefix "php-" (builtins.parseDrvName ext.name).name;
getExtName = ext: ext.extensionName;
# Recursively get a list of all internal dependencies
# for a list of extensions.

30
pkgs/development/libraries/libheif/default.nix
View file

@ -1,9 +1,27 @@
{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, dav1d, rav1e, libde265, x265, libpng,
libjpeg, libaom }:
{ lib
, stdenv
, fetchFromGitHub
, autoreconfHook
, pkg-config
, dav1d
, rav1e
, libde265
, x265
, libpng
, libjpeg
, libaom
# for passthru.tests
, gimp
, imagemagick
, imlib2Full
, imv
, vips
}:
stdenv.mkDerivation rec {
pname = "libheif";
version = "1.13.0";
version = "1.14.0";
outputs = [ "bin" "out" "dev" "man" ];
@ -11,7 +29,7 @@ stdenv.mkDerivation rec {
owner = "strukturag";
repo = "libheif";
rev = "v${version}";
sha256 = "sha256-/w/I6dgyiAscUqVpPjw2z6LbZJ6IBTeE5lawLg0awTM=";
sha256 = "sha256-MvCiVAHM9C/rxeh6f9Bd13GECc2ladEP7Av7y3eWDcY=";
};
nativeBuildInputs = [ autoreconfHook pkg-config ];
@ -19,6 +37,10 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true;
passthru.tests = {
inherit gimp imagemagick imlib2Full imv vips;
};
meta = {
homepage = "http://www.libheif.org/";
description = "ISO/IEC 23008-12:2017 HEIF image file format decoder and encoder";

3
pkgs/development/php-packages/datadog_trace/default.nix
View file

@ -1,4 +1,4 @@
{ buildPecl, curl, fetchFromGitHub, lib, pcre2 }:
{ buildPecl, curl, fetchFromGitHub, lib, pcre2, php }:
buildPecl rec {
pname = "ddtrace";
@ -14,6 +14,7 @@ buildPecl rec {
buildInputs = [ curl pcre2 ];
meta = with lib; {
broken = lib.versionOlder php.version "8.1"; # Broken on PHP older than 8.1.
description = "Datadog Tracing PHP Client";
homepage = "https://github.com/DataDog/dd-trace-php";
license = licenses.apsl20;

3
pkgs/development/php-packages/gnupg/default.nix
View file

@ -1,4 +1,4 @@
{ buildPecl, lib, gpgme, file, gnupg }:
{ buildPecl, lib, gpgme, file, gnupg, php }:
buildPecl {
pname = "gnupg";
@ -29,6 +29,7 @@ buildPecl {
doCheck = true;
meta = with lib; {
broken = lib.versionOlder php.version "8.1"; # Broken on PHP older than 8.1.
description = "PHP wrapper for GpgME library that provides access to GnuPG";
license = licenses.bsd3;
homepage = "https://pecl.php.net/package/gnupg";

14
pkgs/development/php-packages/oci8/default.nix
View file

@ -1,12 +1,18 @@
{ buildPecl, lib, oracle-instantclient }:
{ buildPecl, lib, oracle-instantclient, php }:
let
version = "3.0.1";
sha256 = "108ds92620dih5768z19hi0jxfa7wfg5hdvyyvpapir87c0ap914";
versionData = if (lib.versionOlder php.version "8.1") then {
version = "3.0.1";
sha256 = "108ds92620dih5768z19hi0jxfa7wfg5hdvyyvpapir87c0ap914";
} else {
version = "3.2.1";
sha256 = "zyF703DzRZDBhlNFFt/dknmZ7layqhgjG1/ZDN+PEsg=";
};
in
buildPecl {
pname = "oci8";
inherit version sha256;
inherit (versionData) version sha256;
buildInputs = [ oracle-instantclient ];
configureFlags = [ "--with-oci8=shared,instantclient,${oracle-instantclient.lib}/lib" ];

14
pkgs/development/php-packages/xdebug/default.nix
View file

@ -1,10 +1,18 @@
{ buildPecl, lib }:
{ buildPecl, lib, php }:
let
versionData = if (lib.versionOlder php.version "8.1") then {
version = "3.1.6";
sha256 = "1lnmrb5kgq8lbhjs48j3wwhqgk44pnqb1yjq4b5r6ysv9l5wlkjm";
} else {
version = "3.2.0RC2";
sha256 = "dQgXDP3Ifg+D0niWxaJ4ec71Vfr8KH40jv6QbxSyY+4=";
};
in
buildPecl {
pname = "xdebug";
version = "3.1.6";
sha256 = "1lnmrb5kgq8lbhjs48j3wwhqgk44pnqb1yjq4b5r6ysv9l5wlkjm";
inherit (versionData) version sha256;
doCheck = true;
checkTarget = "test";

17
pkgs/development/python-modules/numba/cuda_path.patch
View file

@ -1,5 +1,5 @@
diff --git a/numba/cuda/cuda_paths.py b/numba/cuda/cuda_paths.py
index b9988bc..a642680 100644
index 0da435d33..7b1fde087 100644
--- a/numba/cuda/cuda_paths.py
+++ b/numba/cuda/cuda_paths.py
@@ -24,10 +24,7 @@ def _find_valid_path(options):
@ -14,15 +14,12 @@ index b9988bc..a642680 100644
]
by, libdir = _find_valid_path(options)
return by, libdir
@@ -35,18 +32,16 @@ def _get_libdevice_path_decision():
@@ -35,16 +32,14 @@ def _get_libdevice_path_decision():
def _nvvm_lib_dir():
if IS_WIN32:
- return 'nvvm', 'bin'
+ return 'bin',
elif IS_OSX:
- return 'nvvm', 'lib'
+ return 'lib',
else:
- return 'nvvm', 'lib64'
+ return 'lib64',
@ -33,13 +30,13 @@ index b9988bc..a642680 100644
- ('Conda environment', get_conda_ctk()),
- ('CUDA_HOME', get_cuda_home(*_nvvm_lib_dir())),
- ('System', get_system_ctk(*_nvvm_lib_dir())),
+ ('Nix store', get_nix_ctk(*_nvvm_lib_dir())),
+ ('Nix store', get_nix_ctk(*_nvvm_lib_dir())),
]
by, path = _find_valid_path(options)
return by, path
@@ -74,14 +69,12 @@ def _cudalib_path():
elif IS_OSX:
return 'lib'
@@ -64,14 +59,12 @@ def _cudalib_path():
if IS_WIN32:
return 'bin'
else:
- return 'lib64'
+ return 'lib'
@ -54,7 +51,7 @@ index b9988bc..a642680 100644
]
by, libdir = _find_valid_path(options)
return by, libdir
@@ -92,6 +85,22 @@ def _get_cudalib_dir():
@@ -82,6 +75,22 @@ def _get_cudalib_dir():
return _env_path_tuple(by, libdir)

48
pkgs/development/python-modules/numba/default.nix
View file

@ -11,6 +11,8 @@
, libcxx
, importlib-metadata
, substituteAll
, runCommand
, fetchpatch
# CUDA-only dependencies:
, addOpenGLRunpath ? null
@ -23,14 +25,14 @@
let
inherit (cudaPackages) cudatoolkit;
in buildPythonPackage rec {
version = "0.56.2";
version = "0.56.4";
pname = "numba";
format = "setuptools";
disabled = pythonOlder "3.6" || pythonAtLeast "3.11";
src = fetchPypi {
inherit pname version;
hash = "sha256-NJLwpdCeJX/FIfU3emxrkH7sGSDRRznwskWLnSmUalo=";
hash = "sha256-Mtn+9BLIFIPX7+DOts9NMxD96LYkqc7MoA95BXOslu4=";
};
postPatch = ''
@ -55,7 +57,15 @@ in buildPythonPackage rec {
cudatoolkit.lib
];
patches = lib.optionals cudaSupport [
patches = [
# fix failure in test_cache_invalidate (numba.tests.test_caching.TestCache)
# remove when upgrading past version 0.56
(fetchpatch {
name = "fix-test-cache-invalidate-readonly.patch";
url = "https://github.com/numba/numba/commit/993e8c424055a7677b2755b184fc9e07549713b9.patch";
hash = "sha256-IhIqRLmP8gazx+KWIyCxZrNLMT4jZT8CWD3KcH4KjOo=";
})
] ++ lib.optionals cudaSupport [
(substituteAll {
src = ./cuda_path.patch;
cuda_toolkit_path = cudatoolkit;
@ -70,18 +80,40 @@ in buildPythonPackage rec {
done
'';
# Copy test script into $out and run the test suite.
# run a smoke test in a temporary directory so that
# a) Python picks up the installed library in $out instead of the build files
# b) we have somewhere to put $HOME so some caching tests work
# c) it doesn't take 6 CPU hours for the full suite
checkPhase = ''
${python.interpreter} -m numba.runtests
'';
runHook preCheck
# ImportError: cannot import name '_typeconv'
doCheck = false;
pushd $(mktemp -d)
HOME=. ${python.interpreter} -m numba.runtests -m $NIX_BUILD_CORES numba.tests.test_usecases
popd
runHook postCheck
'';
pythonImportsCheck = [
"numba"
];
passthru.tests = {
# CONTRIBUTOR NOTE: numba also contains CUDA tests, though these cannot be run in
# this sandbox environment. Consider running similar commands to those below outside the
# sandbox manually if you have the appropriate hardware; support will be detected
# and the corresponding tests enabled automatically.
# Also, the full suite currently does not complete on anything but x86_64-linux.
fullSuite = runCommand "${pname}-test" {} ''
pushd $(mktemp -d)
# pip and python in $PATH is needed for the test suite to pass fully
PATH=${python.withPackages (p: [ p.numba p.pip ])}/bin:$PATH
HOME=$PWD python -m numba.runtests -m $NIX_BUILD_CORES
popd
touch $out # stop Nix from complaining no output was generated and failing the build
'';
};
meta = with lib; {
description = "Compiling Python code using LLVM";
homepage = "https://numba.pydata.org/";

4
pkgs/development/tools/build-managers/buck/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "buck";
version = "2021.05.05.01";
version = "2022.05.05.01";
src = fetchFromGitHub {
owner = "facebook";
repo = pname;
rev = "v${version}";
sha256 = "sha256-mASJCLxW7320MXYUUWYfaxs9AbSdltxlae8OQsPUZJc=";
sha256 = "15v4sk1l43pgd5jxr5lxnh0ks6vb3xk5253n66s7vvsnph48j14q";
};
patches = [ ./pex-mtime.patch ];

32
pkgs/development/tools/continuous-integration/github-runner/default.nix
View file

@ -1,4 +1,5 @@
{ autoPatchelfHook
, autoSignDarwinBinariesHook
, coreutils
, curl
, dotnetCorePackages
@ -6,7 +7,6 @@
, fetchFromGitHub
, fetchurl
, git
, glibc
, icu
, libkrb5
, lib
@ -40,6 +40,8 @@ let
runtimeIds = {
"x86_64-linux" = "linux-x64";
"aarch64-linux" = "linux-arm64";
"x86_64-darwin" = "osx-x64";
"aarch64-darwin" = "osx-arm64";
};
runtimeId = runtimeIds.${stdenv.system};
fakeSha1 = "0000000000000000000000000000000000000000";
@ -61,16 +63,20 @@ stdenv.mkDerivation rec {
dotnetSdk
dotnetPackages.Nuget
makeWrapper
] ++ lib.optionals stdenv.isLinux [
autoPatchelfHook
] ++ lib.optionals (stdenv.isDarwin && stdenv.isAarch64) [
autoSignDarwinBinariesHook
];
buildInputs = [
curl # libcurl.so.4
libkrb5 # libgssapi_krb5.so.2
lttng-ust # liblttng-ust.so.0
stdenv.cc.cc.lib # libstdc++.so.6
zlib # libz.so.1
icu
] ++ lib.optionals stdenv.isLinux [
lttng-ust # liblttng-ust.so.0
];
patches = [
@ -104,6 +110,8 @@ stdenv.mkDerivation rec {
--replace '/bin/ln' '${coreutils}/bin/ln'
'';
DOTNET_SYSTEM_GLOBALIZATION_INVARIANT = stdenv.isDarwin;
configurePhase = ''
runHook preConfigure
@ -137,6 +145,8 @@ stdenv.mkDerivation rec {
doCheck = true;
__darwinAllowLocalNetworking = true;
# Fully qualified name of disabled tests
disabledTests =
[ "GitHub.Runner.Common.Tests.Listener.SelfUpdaterL0.TestSelfUpdateAsync" ]
@ -195,6 +205,13 @@ stdenv.mkDerivation rec {
++ lib.optionals (stdenv.hostPlatform.system == "aarch64-linux") [
# "JavaScript Actions in Alpine containers are only supported on x64 Linux runners. Detected Linux Arm64"
"GitHub.Runner.Common.Tests.Worker.StepHostL0.DetermineNodeRuntimeVersionInAlpineContainerAsync"
]
++ lib.optionals DOTNET_SYSTEM_GLOBALIZATION_INVARIANT [
"GitHub.Runner.Common.Tests.ProcessExtensionL0.SuccessReadProcessEnv"
"GitHub.Runner.Common.Tests.Util.StringUtilL0.FormatUsesInvariantCulture"
"GitHub.Runner.Common.Tests.Worker.VariablesL0.Constructor_SetsOrdinalIgnoreCaseComparer"
"GitHub.Runner.Common.Tests.Worker.WorkerL0.DispatchCancellation"
"GitHub.Runner.Common.Tests.Worker.WorkerL0.DispatchRunNewJob"
];
checkInputs = [ git ];
@ -269,7 +286,7 @@ stdenv.mkDerivation rec {
# Stripping breaks the binaries
dontStrip = true;
preFixup = ''
preFixup = lib.optionalString stdenv.isLinux ''
patchelf --replace-needed liblttng-ust.so.0 liblttng-ust.so $out/lib/libcoreclrtraceptprovider.so
'';
@ -277,17 +294,16 @@ stdenv.mkDerivation rec {
fix_rpath() {
patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $out/lib/$1
}
wrap() {
makeWrapper $out/lib/$1 $out/bin/$1 \
--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath (buildInputs ++ [ openssl ])} \
"''${@:2}"
}
'' + lib.optionalString stdenv.isLinux ''
fix_rpath Runner.Listener
fix_rpath Runner.PluginHost
fix_rpath Runner.Worker
'' + ''
wrap Runner.Listener
wrap Runner.PluginHost
wrap Runner.Worker
@ -296,7 +312,7 @@ stdenv.mkDerivation rec {
wrap config.sh --run 'export RUNNER_ROOT=''${RUNNER_ROOT:-$HOME/.github-runner}' \
--run 'mkdir -p $RUNNER_ROOT' \
--prefix PATH : ${lib.makeBinPath [ glibc.bin ]} \
--prefix PATH : ${lib.makeBinPath [ stdenv.cc ]} \
--chdir $out
'';
@ -308,7 +324,7 @@ stdenv.mkDerivation rec {
# Inspired by passthru.fetch-deps in pkgs/build-support/build-dotnet-module/default.nix
passthru.createDepsFile = writeShellApplication {
name = "create-deps-file";
runtimeInputs = [ dotnetSdk (nuget-to-nix.override { dotnet-sdk = dotnetSdk; }) ];
runtimeInputs = [ coreutils dotnetSdk (nuget-to-nix.override { dotnet-sdk = dotnetSdk; }) ];
text = ''
# Disable telemetry data
export DOTNET_CLI_TELEMETRY_OPTOUT=1

33
pkgs/servers/asterisk/default.nix
View file

@ -3,12 +3,30 @@
util-linux, dmidecode, libuuid, newt,
lua, speex, libopus, opusfile, libogg,
srtp, wget, curl, iksemel, pkg-config,
autoconf, libtool, automake,
autoconf, libtool, automake, fetchpatch,
python39, writeScript,
withOpus ? true,
}:
let
# remove when upgrading to pjsip >2.12.1
pjsip_patches = [
(fetchpatch {
name = "0150-CVE-2022-31031.patch";
url = "https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202.patch";
sha256 = "sha256-30kHrmB51UIw4x/J6/CD+vPKf/gBYDCcFoUpwEWkDMY=";
})
(fetchpatch {
name = "0151-CVE-2022-39244.patch";
url = "https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae.patch";
sha256 = "sha256-hTUMh6bYAizn6GF+sRV1vjKVxSf9pnI+eQdPOqsdJI4=";
})
(fetchpatch {
name = "0152-CVE-2022-39269.patch";
url = "https://github.com/pjsip/pjproject/commit/d2acb9af4e27b5ba75d658690406cec9c274c5cc.patch";
sha256 = "sha256-bKE/MrRAqN1FqD2ubhxIOOf5MgvZluHHeVXPjbR12iQ=";
})
];
common = {version, sha256, externals}: stdenv.mkDerivation {
inherit version;
pname = "asterisk";
@ -58,6 +76,9 @@ let
cp ${asterisk-opus}/codecs/* ./codecs
cp ${asterisk-opus}/formats/* ./formats
''}
${lib.concatMapStringsSep "\n" (patch: ''
cp ${patch} ./third-party/pjproject/patches/${patch.name}
'') pjsip_patches}
./bootstrap.sh
'';
@ -69,6 +90,7 @@ let
];
preBuild = ''
cat third-party/pjproject/source/pjlib-util/src/pjlib-util/scanner.c
make menuselect.makeopts
${lib.optionalString (externals ? "addons/mp3") ''
substituteInPlace menuselect.makeopts --replace 'format_mp3 ' ""
@ -93,9 +115,9 @@ let
};
};
pjproject_2_12 = fetchurl {
url = "https://raw.githubusercontent.com/asterisk/third-party/master/pjproject/2.12/pjproject-2.12.tar.bz2";
hash = "sha256-T3q4r/4WCAZCNGnULxMnNKH9wEK7gkseV/sV8IPasHQ=";
pjproject_2_12_1 = fetchurl {
url = "https://raw.githubusercontent.com/asterisk/third-party/master/pjproject/2.12.1/pjproject-2.12.1.tar.bz2";
hash = "sha256-DiNH1hB5ZheYzyUjFyk1EtlsMJlgjf+QRVKjEk+hNjc=";
};
mp3-202 = fetchsvn {
@ -116,7 +138,7 @@ let
versions = lib.mapAttrs (_: {version, sha256}: common {
inherit version sha256;
externals = {
"externals_cache/pjproject-2.12.tar.bz2" = pjproject_2_12;
"externals_cache/pjproject-2.12.1.tar.bz2" = pjproject_2_12_1;
"addons/mp3" = mp3-202;
};
}) (lib.importJSON ./versions.json);
@ -136,6 +158,7 @@ in {
# 16.x LTS 2018-10-09 2022-10-09 2023-10-09
# 18.x LTS 2020-10-20 2024-10-20 2025-10-20
# 19.x Standard 2021-11-02 2022-11-02 2023-11-02
# 20.x LTS 2022-11-02 2026-10-19 2027-10-19
asterisk-lts = versions.asterisk_18;
asterisk-stable = versions.asterisk_19;
asterisk = versions.asterisk_19.overrideAttrs (o: {

16
pkgs/servers/asterisk/versions.json
View file

@ -1,14 +1,18 @@
{
"asterisk_16": {
"sha256": "201c92e591fc1db2c71b264907beef594d62d660168d42b5e83f9dc593b1bce0",
"version": "16.26.1"
"sha256": "406a91290e18d25a6fc23ae6b9c56b1fb2bd70216e336c74cf9c26b908c89c3d",
"version": "16.29.0"
},
"asterisk_18": {
"sha256": "acbb58e5c3cd2b9c7c4506fa80b717c3c3c550ce9722ff0177b4f11f98725563",
"version": "18.12.1"
"sha256": "a963dafeba0e7e1051a1ac56964999c111dbcdb25a47010bc1f772bf8edbed75",
"version": "18.15.0"
},
"asterisk_19": {
"sha256": "6b0b985163f20fcc8f8878069b8a9ee725eef4cfbdb1c1031fe3840fb32d7abe",
"version": "19.4.1"
"sha256": "832a967c5a040b0768c0e8df1646762f7304019fcf7f2e065a8b4828fa4092b7",
"version": "19.7.0"
},
"asterisk_20": {
"sha256": "949022c20dc6da65b456e1b1b5b42a7901bb41fc9ce20920891739e7220d72eb",
"version": "20.0.0"
}
}

4
pkgs/tools/cd-dvd/ventoy-bin/default.nix
View file

@ -51,13 +51,13 @@ let
in
stdenv.mkDerivation (finalAttrs: {
pname = "ventoy-bin";
version = "1.0.81";
version = "1.0.82";
src = let
inherit (finalAttrs) version;
in fetchurl {
url = "https://github.com/ventoy/Ventoy/releases/download/v${version}/ventoy-${version}-linux.tar.gz";
hash = "sha256-15y05g+F+oEFYUUy7SE57GZ1RSHqdZnk2iOPsy1L0GI=";
hash = "sha256-NN36gg2rUZgAxyMoYhMc7IbWgQLrPvuWERDF7JVsFfw=";
};
patches = [

6
pkgs/tools/text/rust-petname/default.nix
View file

@ -2,15 +2,15 @@
rustPlatform.buildRustPackage rec {
pname = "rust-petname";
version = "1.1.2";
version = "1.1.3";
src = fetchCrate {
inherit version;
crateName = "petname";
sha256 = "sha256-DfRWGwnWVJBcbW7aPEzgPd+gfldP+ypZlk8FcPZzp8g=";
sha256 = "sha256-C6EJ8awdTV9TecMeYdbmleK8171+hvphjXJrWNJSXxo=";
};
cargoSha256 = "sha256-tCVJX8NcbT+6t2kDeCMfcSDaq3O89ycj08bxTmp3JHs=";
cargoSha256 = "sha256-mB4n1IxhNXrAsCz/jv5jgqyO9OgISZnI5E/vFu80+FE=";
meta = with lib; {
description = "Generate human readable random names";

16
pkgs/top-level/all-packages.nix
View file

@ -7197,7 +7197,9 @@ with pkgs;
github-backup = callPackage ../tools/misc/github-backup { };
github-runner = callPackage ../development/tools/continuous-integration/github-runner { };
github-runner = callPackage ../development/tools/continuous-integration/github-runner {
inherit (darwin) autoSignDarwinBinariesHook;
};
gitkraken = callPackage ../applications/version-management/gitkraken { };
@ -15784,6 +15786,16 @@ with pkgs;
phpExtensions = php.extensions;
phpPackages = php.packages;
# Import PHP82 interpreter, extensions and packages
php82 = callPackage ../development/interpreters/php/8.2.nix {
stdenv = if stdenv.cc.isClang then llvmPackages.stdenv else stdenv;
pcre2 = pcre2.override {
withJitSealloc = !stdenv.isDarwin;
};
};
php82Extensions = recurseIntoAttrs php82.extensions;
php82Packages = recurseIntoAttrs php82.packages;
# Import PHP81 interpreter, extensions and packages
php81 = callPackage ../development/interpreters/php/8.1.nix {
stdenv = if stdenv.cc.isClang then llvmPackages.stdenv else stdenv;
@ -23485,7 +23497,7 @@ with pkgs;
inherit (callPackages ../servers/asterisk { })
asterisk asterisk-stable asterisk-lts
asterisk_16 asterisk_18 asterisk_19;
asterisk_16 asterisk_18 asterisk_19 asterisk_20;
asterisk-module-sccp = callPackage ../servers/asterisk/sccp { };

19
pkgs/top-level/php-packages.nix
View file

@ -73,16 +73,17 @@ lib.makeScope pkgs.newScope (self: with self; {
# will mark the extension as a zend extension or not.
mkExtension = lib.makeOverridable
({ name
, configureFlags ? [ "--enable-${name}" ]
, configureFlags ? [ "--enable-${extName}" ]
, internalDeps ? [ ]
, postPhpize ? ""
, buildInputs ? [ ]
, zendExtension ? false
, doCheck ? true
, extName ? name
, ...
}@args: stdenv.mkDerivation ((builtins.removeAttrs args [ "name" ]) // {
pname = "php-${name}";
extensionName = name;
extensionName = extName;
outputs = [ "out" "dev" ];
@ -105,7 +106,7 @@ lib.makeScope pkgs.newScope (self: with self; {
cdToExtensionRootPhase = ''
# Go to extension source root.
cd "ext/${name}"
cd "ext/${extName}"
'';
preConfigure = ''
@ -141,7 +142,7 @@ lib.makeScope pkgs.newScope (self: with self; {
runHook preInstall
mkdir -p $out/lib/php/extensions
cp modules/${name}.so $out/lib/php/extensions/${name}.so
cp modules/${extName}.so $out/lib/php/extensions/${extName}.so
mkdir -p $dev/include
${rsync}/bin/rsync -r --filter="+ */" \
--filter="+ *.h" \
@ -416,6 +417,16 @@ lib.makeScope pkgs.newScope (self: with self; {
configureFlags = [ "--with-openssl" ];
doCheck = false;
}
# This provides a legacy OpenSSL PHP extension
# For situations where OpenSSL 3 do not support a set of features
# without a specific openssl.cnf file
{
name = "openssl-legacy";
extName = "openssl";
buildInputs = [ openssl_1_1 ];
configureFlags = [ "--with-openssl" ];
doCheck = false;
}
{ name = "pcntl"; }
{ name = "pdo"; doCheck = false; }
{