Merge master into staging-next

This commit is contained in:
github-actions[bot] 2022-01-05 12:01:03 +00:00 committed by GitHub
commit 204521c63b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
20 changed files with 160 additions and 62 deletions

View file

@ -66,7 +66,8 @@ let
stringLength sub substring tail trace;
inherit (self.trivial) id const pipe concat or and bitAnd bitOr bitXor
bitNot boolToString mergeAttrs flip mapNullable inNixShell isFloat min max
importJSON importTOML warn warnIf info showWarnings nixpkgsVersion version
importJSON importTOML warn warnIf throwIfNot
info showWarnings nixpkgsVersion version
mod compare splitByAndCompare functionArgs setFunctionArgs isFunction
toHexString toBaseDigits;
inherit (self.fixedPoints) fix fix' converge extends composeExtensions

View file

@ -325,6 +325,28 @@ rec {
*/
warnIf = cond: msg: if cond then warn msg else id;
/*
Like the `assert b; e` expression, but with a custom error message and
without the semicolon.
If true, return the identity function, `r: r`.
If false, throw the error message.
Calls can be juxtaposed using function application, as `(r: r) a = a`, so
`(r: r) (r: r) a = a`, and so forth.
Type: bool -> string -> a -> a
Example:
throwIfNot (lib.isList overlays) "The overlays argument to nixpkgs must be a list."
lib.foldr (x: throwIfNot (lib.isFunction x) "All overlays passed to nixpkgs must be functions.") (r: r) overlays
pkgs
*/
throwIfNot = cond: msg: if cond then x: x else throw msg;
info = msg: builtins.trace "INFO: ${msg}";
showWarnings = warnings: res: lib.foldr (w: x: warn w x) res warnings;

View file

@ -8220,6 +8220,12 @@
githubId = 4996739;
name = "Masayuki Takeda";
};
mtesseract = {
email = "moritz@stackrox.com";
github = "mtesseract";
githubId = 11706080;
name = "Moritz Clasmeier";
};
MtP = {
email = "marko.nixos@poikonen.de";
github = "MtP76";

View file

@ -1,4 +1,4 @@
{ lib, fetchurl, gettext, wrapGAppsHook
{ lib, fetchurl, fetchFromGitLab, gettext, wrapGAppsHook
# Native dependencies
, python3, gtk3, gobject-introspection, gnome
@ -41,6 +41,21 @@ python3.pkgs.buildPythonApplication rec {
gettext wrapGAppsHook
];
# Workaround for https://dev.gajim.org/gajim/gajim/-/issues/10719.
# We don't use plugin release URL because it's updated in place.
plugins = fetchFromGitLab {
domain = "dev.gajim.org";
owner = "gajim";
repo = "gajim-plugins";
rev = "fea522e4360cec6ceacbf1df92644ab3343d4b99";
sha256 = "sha256-CmwEiLsdldoOfgHfWL/5hf/dp0HEDNAIlc5N0Np20KE=";
};
postPatch = ''
mkdir -p gajim/data/plugins
cp -r $plugins/plugin_installer gajim/data/plugins
'';
dontWrapGApps = true;
preFixup = ''
@ -59,7 +74,8 @@ python3.pkgs.buildPythonApplication rec {
checkPhase = ''
xvfb-run dbus-run-session \
--config-file=${dbus.daemon}/share/dbus-1/session.conf \
${python3.interpreter} setup.py test
${python3.interpreter} -m unittest discover -s test/unit -v
${python3.interpreter} -m unittest discover -s test/no_gui -v
'';
# necessary for wrapGAppsHook

View file

@ -12,8 +12,6 @@ stdenv.mkDerivation rec {
sha256 = "sha256-Z2J17YMzQNZqABIa5eyJDT7BWfXveymzs+DWsrklPIs=";
};
sourceRoot = "source/Box2D";
nativeBuildInputs = [ cmake pkg-config ];
buildInputs = [ libGLU libGL freeglut libX11 xorgproto libXi ];
@ -24,6 +22,7 @@ stdenv.mkDerivation rec {
];
prePatch = ''
cd Box2D
substituteInPlace Box2D/Common/b2Settings.h \
--replace 'b2_maxPolygonVertices 8' 'b2_maxPolygonVertices 15'
'';

View file

@ -7,12 +7,12 @@
buildPythonPackage rec {
pname = "deezer-py";
version = "1.3.2";
version = "1.3.5";
disabled = pythonOlder "3.6";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-G4GREc+PWvaphnOuzBePraj4pHgmhhKqsyVHKOPwGik=";
sha256 = "5bc30e8887a7dc1dfec2970d825a69c7c932564300fc84b4e68cbf59bf109baa";
};
propagatedBuildInputs = [ requests ];

View file

@ -14,7 +14,7 @@
buildPythonPackage rec {
pname = "env-canada";
version = "0.5.18";
version = "0.5.20";
format = "setuptools";
disabled = pythonOlder "3.8";
@ -23,7 +23,7 @@ buildPythonPackage rec {
owner = "michaeldavie";
repo = "env_canada";
rev = "v${version}";
sha256 = "1w2fclpmcb41k2a3226jk62hdclc8b18kxih2ads90r4yxgpxc8p";
sha256 = "sha256-gYl5+rtOzci3nhgP74VM37tNk9pPWgcNBfcSSG1fSJs=";
};
propagatedBuildInputs = [

View file

@ -7,7 +7,7 @@
buildPythonPackage rec {
pname = "goodwe";
version = "0.2.9";
version = "0.2.10";
format = "pyproject";
disabled = pythonOlder "3.8";
@ -16,7 +16,7 @@ buildPythonPackage rec {
owner = "marcelblijleven";
repo = pname;
rev = "v${version}";
sha256 = "0l895nyq2g7isvim2fx4ivdh3xzhyc10yzqvqnlg3fr56l5srfch";
sha256 = "1c4wks67vm2dwzmm3xqkidyss04vkx4mpkkr8l1c7c5myfk1n157";
};
checkInputs = [

View file

@ -13,7 +13,7 @@
buildPythonPackage rec {
pname = "google-nest-sdm";
version = "1.2.1";
version = "1.3.0";
format = "setuptools";
disabled = pythonOlder "3.8";
@ -22,7 +22,7 @@ buildPythonPackage rec {
owner = "allenporter";
repo = "python-google-nest-sdm";
rev = version;
sha256 = "sha256-gg5JAkTUuch6HcRLl1Xm/LAoC32EcayG1w3Fk7GrZD8=";
sha256 = "sha256-E0e4lLUBzHKA3clmb/JUBE0KGciQ1xrmLTSeSkGDsWo=";
};
propagatedBuildInputs = [

View file

@ -7,12 +7,12 @@
buildPythonPackage rec {
pname = "ipympl";
version = "0.8.4";
version = "0.8.5";
format = "wheel";
src = fetchPypi {
inherit pname version format;
sha256 = "2f955c1c04d8e6df883d57866450657040bfc568edeabcace801cbdbaf4d0295";
sha256 = "120a084d84e6a6a00fc39c73e10345dcd9855efb3fa6e774f3e72057a866715c";
};

View file

@ -8,13 +8,13 @@
buildPythonPackage rec {
pname = "mypy-boto3-s3";
version = "1.20.17";
version = "1.20.28";
disabled = pythonOlder "3.6";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-7Zw8NxOEXDRmLChxHQXVU/HzR8z6HuLxX8bB3pZuCqc=";
sha256 = "85ac23d06f9d0d794f60041b4c4f271d2bb8f5a83375c963e4a9e73e51ba9ca5";
};
propagatedBuildInputs = [

View file

@ -9,14 +9,14 @@
buildPythonPackage rec {
pname = "watermark";
version = "2.2.0";
version = "2.3.0";
disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "rasbt";
repo = pname;
rev = "d3553b68dd30ac5b0951a6fae6083236e4c7f3bd";
sha256 = "0w2mzi344x1mrv8d9jca67bhig34jissr9sqrk68gpg5n10alblb";
rev = "v${version}";
sha256 = "1kl9yn1pkl84d3lcz7bvphqkydsgs0p5k0ja0msy3hrxxfzdzd16";
};
propagatedBuildInputs = [

View file

@ -115,14 +115,14 @@ rec {
headers = "1idam1xirxqxqg4g7n33kdx2skk0r351m00g59a8yx9z82g06ah9";
};
electron_13 = mkElectron "13.6.3" {
armv7l-linux = "a293a9684e16a427a9f68d101814575a4b1dd232dc3fca47552f906019a6cadc";
aarch64-linux = "1599d259832c806b98751a68fb93112711963d259024f0e36f12f064995b3251";
x86_64-linux = "7607422a4ba80cda4bd7fefb2fbe2f4e0b9a73db92e1e82dc01012a85b5d0d2b";
i686-linux = "db9261c05ed57af2fcd4a84b89d299c76948b9d57ce0dba38e3240eb43935257";
x86_64-darwin = "6bf09794d6f020bbaaf806a7758da125137b3c96646f4503eb81b9541e50e02f";
aarch64-darwin = "374ddf0581794b31eee900828172f9218193c032c0e46bffcfac6aec95c22f1a";
headers = "0v1n8izy83qq3ljs6191a7mzr6nnda5ib9ava1cjddkshl8pampq";
electron_13 = mkElectron "13.6.6" {
armv7l-linux = "4d8a8bde1c993bfc20afb2b23e55101ad2048f5ddd89ab86043f510470aeba8d";
aarch64-linux = "6d1480f80d43cdebd9f74cb62b64c9d16bee29b68b863faf7c50fcb91f63985c";
x86_64-linux = "62b9ba2fea4f0f54fd54bce8a532d14132302a66ec99173764f44234fa76925e";
i686-linux = "b83860318b2e591b150dc9578ea749f66ab9a18aafbe69dadb622b9ca131e695";
x86_64-darwin = "a59b7270f86286e4ee217552b8729621f4b282360ad15391886d5686008b6933";
aarch64-darwin = "1f445d2f02d1054a760bdaafb755677a35c495e64385e2d2a5547b6750a82dfa";
headers = "0qdlw17jxhhcamr8g2ybbs2jkijzdq82qgc3knr4kdxb425q898r";
};
electron_14 = mkElectron "14.2.3" {
@ -145,13 +145,13 @@ rec {
headers = "1xnbzskvf8p5a07bha41qqnw1hb68f019qrda3z2jn96m3qnj46r";
};
electron_16 = mkElectron "16.0.5" {
armv7l-linux = "16381d22f6f3c7990435598fc50addf8addde2fa749ab23672733ec90b8d53ef";
aarch64-linux = "6274bdf2a3894ce9ddb70800df497a034893e1be5e2d07763e339550009d53b6";
x86_64-linux = "2830a9f8fc5e7fa4f70997e11d55b250e90db511b29da22699e1fe23b153128c";
i686-linux = "363e2588f57f3d31e506e759f723768b543baf248dfb518d06747ffa0a8d8ab1";
x86_64-darwin = "0bb7f2c506d8c3e9ef7ec4049baf87a3365cbf80c569f6eb98ddc1a2ddb653e6";
aarch64-darwin = "de4eac412a942a0b238792a38c0c80691d1a7ef2eba850c15619c0db9da89f1a";
headers = "1pdi86sq60z9bqd81fvgl14c3bk21wk9mwkqyn653yq4zk0mqpi5";
electron_16 = mkElectron "16.0.6" {
armv7l-linux = "f15d665cbf487538f5448a318519e16e3c07a5f7b55895541df1c067c9cfcb55";
aarch64-linux = "92037b0886a9404c7f9027e7597df552b2c0011ded100537f4287e4e925db6dc";
x86_64-linux = "0017aba47756b962b9571ccd9dcf6297af0f603b879e26f49bab8728bb64567d";
i686-linux = "11ae3628d27d12612a8742b72b0dc4521c9b2cd303619046c6f6a36282f43c72";
x86_64-darwin = "250489ca6b1bec91f4d59766c1d4f65407f016765395517a6dfd5625e93d646f";
aarch64-darwin = "a4416627a3055308259689fd156a7d4fd704983420a20e8939409b08195af204";
headers = "00iq8v3nm42f9fphwd50vdng51bd291rk33zcavpidiw29hrqi9m";
};
}

View file

@ -0,0 +1,31 @@
{ lib, buildGoModule, fetchFromGitHub, testVersion, kube-linter }:
buildGoModule rec {
pname = "kube-linter";
version = "0.2.5";
src = fetchFromGitHub {
owner = "stackrox";
repo = pname;
rev = "${version}";
sha256 = "GUDrUEBorV4/ZqPnfNYcsbW4Zr1LpS3yL+4OgxFbTOk=";
};
vendorSha256 = "xGghTP9thICOGIfc5VPJK06DeXfLiTckwa4nXv83/P8=";
ldflags = [
"-s" "-w" "-X golang.stackrox.io/kube-linter/internal/version.version=${version}"
];
passthru.tests.version = testVersion {
package = kube-linter;
command = "kube-linter version";
};
meta = with lib; {
description = "A static analysis tool that checks Kubernetes YAML files and Helm charts";
homepage = "https://kubelinter.io";
license = licenses.asl20;
maintainers = with maintainers; [ mtesseract ];
};
}

View file

@ -1,4 +1,6 @@
{ stdenvNoCC, lib, fetchzip, pkgs
{ stdenv, stdenvNoCC, lib, fetchzip, pkgs
, enableStatic ? stdenv.hostPlatform.isStatic
, enableShared ? !stdenv.hostPlatform.isStatic
}:
let
@ -92,10 +94,17 @@ stdenvNoCC.mkDerivation rec {
cp -v ${prebuilt_crt.out}/*.o $out/lib/
cp -v ${prebuilt_crt.out}/libgcc.a $out/lib/
cp -v ${prebuilt_ndk_crt.out}/*.o $out/lib/
'' + lib.optionalString enableShared ''
for i in libc.so libm.so libdl.so liblog.so; do
cp -v ${prebuilt_libs.out}/$i $out/lib/
done
'' + lib.optionalString enableStatic ''
# no liblog.a; while it's also part of the base libraries,
# it's only available as shared object in the prebuilts.
for i in libc.a libm.a libdl.a; do
cp -v ${prebuilt_ndk_crt.out}/$i $out/lib/
done
'' + ''
mkdir -p $dev/include
cp -v $out/include/*.h $dev/include/
'';

View file

@ -4,6 +4,7 @@
, src
, extraPatches ? []
, extraNativeBuildInputs ? []
, extraConfigureFlags ? []
, extraMeta ? {}
}:
@ -94,7 +95,8 @@ stdenv.mkDerivation rec {
++ optional withFIDO "--with-security-key-builtin=yes"
++ optional withKerberos (assert libkrb5 != null; "--with-kerberos5=${libkrb5}")
++ optional stdenv.isDarwin "--disable-libutil"
++ optional (!linkOpenssl) "--without-openssl";
++ optional (!linkOpenssl) "--without-openssl"
++ extraConfigureFlags;
buildFlags = [ "SSH_KEYSIGN=ssh-keysign" ];

View file

@ -19,29 +19,30 @@ in
openssh_hpn = common rec {
pname = "openssh-with-hpn";
version = "8.4p1";
version = "8.8p1";
extraDesc = " with high performance networking patches";
src = fetchFromGitHub {
owner = "rapier1";
repo = "openssh-portable";
rev = "hpn-KitchenSink-${builtins.replaceStrings [ "." "p" ] [ "_" "_P" ] version}";
hash = "sha256-SYQPDGxZR41m4g603RaZaOYm4vCr9uZnFnZoKhruueY=";
src = fetchurl {
url = "mirror://openbsd/OpenSSH/portable/openssh-${version}.tar.gz";
sha256 = "1s8z6f7mi1pwsl79cqai8cr350m5lf2ifcxff57wx6mvm478k425";
};
extraPatches = [
./ssh-keysign-8.4.patch
./ssh-keysign-8.5.patch
# See https://github.com/openssh/openssh-portable/pull/206
./ssh-copy-id-fix-eof.patch
# HPN Patch from FreeBSD ports
(fetchpatch {
name = "ssh-hpn.patch";
url = "https://raw.githubusercontent.com/freebsd/freebsd-ports/a981593e/security/openssh-portable/files/extra-patch-hpn";
stripLen = 1;
sha256 = "sha256-+JvpPxktZAjhxLLK1lF4ijG9VlSWkqbRwotaLe6en64=";
})
];
extraNativeBuildInputs = [ autoreconfHook ];
extraMeta.knownVulnerabilities = [
"CVE-2021-28041"
"CVE-2021-41617"
];
extraConfigureFlags = [ "--with-hpn" ];
extraMeta.maintainers = with lib.maintainers; [ abbe ];
};
openssh_gssapi = common rec {

View file

@ -1,17 +1,16 @@
{ lib, stdenv, fetchFromGitHub, callPackage, makeWrapper
, clang, llvm, libbfd, libopcodes, libunwind, libblocksruntime
}:
{ lib, stdenv, fetchFromGitHub, callPackage, makeWrapper, clang, llvm, libbfd
, libopcodes, libunwind, libblocksruntime }:
let
honggfuzz = stdenv.mkDerivation rec {
pname = "honggfuzz";
version = "2.4";
version = "2.5";
src = fetchFromGitHub {
owner = "google";
repo = pname;
rev = version;
sha256 = "sha256-sU5lmlfmvVWo4K96sI+xQsPfTMd1wsLbihcKI4aTj6g=";
sha256 = "sha256-TkyUKmiiSAfCnfQhSOUxuce6+dRyMmHy7vFK59jPIxM=";
};
postPatch = ''
@ -28,7 +27,8 @@ let
makeFlags = [ "PREFIX=$(out)" ];
meta = {
description = "A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer";
description =
"A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer";
longDescription = ''
Honggfuzz is a security oriented, feedback-driven, evolutionary,
easy-to-use fuzzer with interesting analysis options. It is

View file

@ -14969,6 +14969,8 @@ with pkgs;
kubectx = callPackage ../development/tools/kubectx { };
kube-linter = callPackage ../development/tools/kube-linter { };
kube-prompt = callPackage ../development/tools/kube-prompt { };
kubei = callPackage ../tools/security/kubei { };

View file

@ -49,6 +49,15 @@ let # Rename the function arguments
in let
lib = import ../../lib;
inherit (lib) throwIfNot;
checked =
throwIfNot (lib.isList overlays) "The overlays argument to nixpkgs must be a list."
lib.foldr (x: throwIfNot (lib.isFunction x) "All overlays passed to nixpkgs must be functions.") (r: r) overlays
throwIfNot (lib.isList crossOverlays) "The crossOverlays argument to nixpkgs must be a list."
lib.foldr (x: throwIfNot (lib.isFunction x) "All crossOverlays passed to nixpkgs must be functions.") (r: r) crossOverlays
;
localSystem = lib.systems.elaborate args.localSystem;
# Condition preserves sharing which in turn affects equality.
@ -121,4 +130,4 @@ in let
pkgs = boot stages;
in pkgs
in checked pkgs