Merge master into staging-next

maintainers/maintainer-list.nix

@@ -14620,6 +14620,12 @@
     githubId = 111265;
     name = "Ozan Sener";
   };
+  osnyx = {
+    email = "os@flyingcircus.io";
+    github = "osnyx";
+    githubId = 104593071;
+    name = "Oliver Schmidt";
+  };
   ostrolucky = {
     email = "gabriel.ostrolucky@gmail.com";
     github = "ostrolucky";
@@ -19945,6 +19951,12 @@
       fingerprint = "E631 8869 586F 99B4 F6E6  D785 5942 58F0 389D 2802";
     }];
   };
+  twitchy0 = {
+    email = "code@nitinpassa.com";
+    github = "twitchy0";
+    githubId = 131159000;
+    name = "Nitin Passa";
+  };
   twitchyliquid64 = {
     name = "Tom";
     email = "twitchyliquid64@ciphersink.net";

maintainers/team-list.nix

@@ -311,6 +311,8 @@ with lib.maintainers; {
       dpausp
       frlan
       leona
+      osnyx
+      ma27
     ];
     scope = "Team for Flying Circus employees who collectively maintain packages.";
     shortName = "Flying Circus employees";

nixos/modules/services/x11/desktop-managers/budgie.nix

@@ -159,7 +159,7 @@ in {
       ++ cfg.sessionPath;
 
     # Fonts.
-    fonts.packages = mkDefault [
+    fonts.packages = [
       pkgs.noto-fonts
       pkgs.hack-font
     ];

nixos/tests/all-tests.nix

@@ -683,6 +683,7 @@ in {
   peering-manager = handleTest ./web-apps/peering-manager.nix {};
   peertube = handleTestOn ["x86_64-linux"] ./web-apps/peertube.nix {};
   peroxide = handleTest ./peroxide.nix {};
+  pg_anonymizer = handleTest ./pg_anonymizer.nix {};
   pgadmin4 = handleTest ./pgadmin4.nix {};
   pgbouncer = handleTest ./pgbouncer.nix {};
   pgjwt = handleTest ./pgjwt.nix {};

nixos/tests/pg_anonymizer.nix

@@ -0,0 +1,94 @@
+import ./make-test-python.nix ({ pkgs, lib, ... }: {
+  name = "pg_anonymizer";
+  meta.maintainers = lib.teams.flyingcircus.members;
+
+  nodes.machine = { pkgs, ... }: {
+    environment.systemPackages = [ pkgs.pg-dump-anon ];
+    services.postgresql = {
+      enable = true;
+      extraPlugins = ps: [ ps.anonymizer ];
+      settings.shared_preload_libraries = "anon";
+    };
+  };
+
+  testScript = ''
+    start_all()
+    machine.wait_for_unit("multi-user.target")
+    machine.wait_for_unit("postgresql.service")
+
+    with subtest("Setup"):
+        machine.succeed("sudo -u postgres psql --command 'create database demo'")
+        machine.succeed(
+            "sudo -u postgres psql -d demo -f ${pkgs.writeText "init.sql" ''
+              create extension anon cascade;
+              select anon.init();
+              create table player(id serial, name text, points int);
+              insert into player(id,name,points) values (1,'Foo', 23);
+              insert into player(id,name,points) values (2,'Bar',42);
+              security label for anon on column player.name is 'MASKED WITH FUNCTION anon.fake_last_name();';
+              security label for anon on column player.points is 'MASKED WITH VALUE NULL';
+            ''}"
+        )
+
+    def get_player_table_contents():
+        return [
+            x.split(',') for x in machine.succeed("sudo -u postgres psql -d demo --csv --command 'select * from player'").splitlines()[1:]
+        ]
+
+    def check_anonymized_row(row, id, original_name):
+        assert row[0] == id, f"Expected first row to have ID {id}, but got {row[0]}"
+        assert row[1] != original_name, f"Expected first row to have a name other than {original_name}"
+        assert not bool(row[2]), "Expected points to be NULL in first row"
+
+    def find_xsv_in_dump(dump, sep=','):
+        """
+        Expecting to find a CSV (for pg_dump_anon) or TSV (for pg_dump) structure, looking like
+
+            COPY public.player ...
+            1,Shields,
+            2,Salazar,
+            \.
+
+        in the given dump (the commas are tabs in case of pg_dump).
+              Extract the CSV lines and split by `sep`.
+        """
+
+        try:
+            from itertools import dropwhile, takewhile
+            return [x.split(sep) for x in list(takewhile(
+                lambda x: x != "\\.",
+                dropwhile(
+                    lambda x: not x.startswith("COPY public.player"),
+                    dump.splitlines()
+                )
+            ))[1:]]
+        except:
+            print(f"Dump to process: {dump}")
+            raise
+
+    def check_original_data(output):
+        assert output[0] == ['1','Foo','23'], f"Expected first row from player table to be 1,Foo,23; got {output[0]}"
+        assert output[1] == ['2','Bar','42'], f"Expected first row from player table to be 2,Bar,42; got {output[1]}"
+
+    def check_anonymized_rows(output):
+        check_anonymized_row(output[0], '1', 'Foo')
+        check_anonymized_row(output[1], '2', 'Bar')
+
+    with subtest("Check initial state"):
+        check_original_data(get_player_table_contents())
+
+    with subtest("Anonymous dumps"):
+        check_original_data(find_xsv_in_dump(
+            machine.succeed("sudo -u postgres pg_dump demo"),
+            sep='\t'
+        ))
+        check_anonymized_rows(find_xsv_in_dump(
+            machine.succeed("sudo -u postgres pg_dump_anon -U postgres -h /run/postgresql -d demo"),
+            sep=','
+        ))
+
+    with subtest("Anonymize"):
+        machine.succeed("sudo -u postgres psql -d demo --command 'select anon.anonymize_database();'")
+        check_anonymized_rows(get_player_table_contents())
+  '';
+})

pkgs/applications/audio/spotifyd/default.nix

@@ -9,16 +9,16 @@
 
 rustPackages.rustPlatform.buildRustPackage rec {
   pname = "spotifyd";
-  version = "0.3.5";
+  version = "0.3.5-unstable-2024-02-18";
 
   src = fetchFromGitHub {
     owner = "Spotifyd";
     repo = "spotifyd";
-    rev = "v${version}";
-    hash = "sha256-+P85FWJIsfAv8/DnQFxfoWvNY8NpbZ2xUidfwN8tiA8=";
+    rev = "ff2f7a06e54bf05afd57a0243dc9f67abc15f040";
+    hash = "sha256-nebAd4a+ht+blRP52OF830/Dm15ZPwRL4IPWmmT9ViM=";
   };
 
-  cargoHash = "sha256-j+2yEtn3D+vNRcY4+NnqSX4xRQIE5Sq7bentxTh6kMI=";
+  cargoHash = "sha256-6BRIMTrWTwvX3yIGEYEvigMT+n4EtaruMdrej2Dd49w=";
 
   nativeBuildInputs = [ pkg-config ];
 
@@ -40,7 +40,7 @@ rustPackages.rustPlatform.buildRustPackage rec {
   meta = with lib; {
     description = "An open source Spotify client running as a UNIX daemon";
     homepage = "https://spotifyd.rs/";
-    changelog = "https://github.com/Spotifyd/spotifyd/raw/v${version}/CHANGELOG.md";
+    changelog = "https://github.com/Spotifyd/spotifyd/blob/${src.rev}/CHANGELOG.md";
     license = licenses.gpl3Plus;
     maintainers = with maintainers; [ anderslundstedt Br1ght0ne marsam ];
     platforms = platforms.unix;

pkgs/applications/virtualization/singularity/packages.nix

@@ -7,20 +7,20 @@ let
   apptainer = callPackage
     (import ./generic.nix rec {
       pname = "apptainer";
-      version = "1.2.5";
+      version = "1.3.0";
       projectName = "apptainer";
 
       src = fetchFromGitHub {
         owner = "apptainer";
         repo = "apptainer";
         rev = "refs/tags/v${version}";
-        hash = "sha256-1XuqyNXyYrmIfqp8450z8+qET15hKVfj2v2iN9QPmDk=";
+        hash = "sha256-YqPPTs7cIiMbOc8jOwr8KgUBVu2pTPlSL0Vvw/1n4co=";
       };
 
       # Update by running
       # nix-prefetch -E "{ sha256 }: ((import ./. { }).apptainer.override { vendorHash = sha256; }).goModules"
       # at the root directory of the Nixpkgs repository
-      vendorHash = "sha256-Y0gOqg+WGgssXGEYHc9IFwiIpkb3hetlQI89vseAQPc=";
+      vendorHash = "sha256-lWo6ic3Tdv1UInA5MtEaAgiheCin2JSh4nmheUooENY=";
 
       extraDescription = " (previously known as Singularity)";
       extraMeta.homepage = "https://apptainer.org";

pkgs/by-name/pg/pg-dump-anon/package.nix

@@ -0,0 +1,32 @@
+{ lib, fetchFromGitLab, buildGoModule, nixosTests, postgresql, makeWrapper }:
+
+buildGoModule rec {
+  pname = "pg-dump-anon";
+  version = "1.3.1";
+  src = fetchFromGitLab {
+    owner = "dalibo";
+    repo = "postgresql_anonymizer";
+    rev = version;
+    hash = "sha256-Z5Oz/cIYDxFUZwQijRk4xAOUdOK0LWR+px8WOcs+Rs0=";
+  };
+
+  sourceRoot = "${src.name}/pg_dump_anon";
+
+  vendorHash = "sha256-CwU1zoIayxvfnGL9kPdummPJiV+ECfSz4+q6gZGb8pw=";
+
+  passthru.tests = { inherit (nixosTests) pg_anonymizer; };
+
+  nativeBuildInputs = [ makeWrapper ];
+  postInstall = ''
+    wrapProgram $out/bin/pg_dump_anon \
+      --prefix PATH : ${lib.makeBinPath [ postgresql ]}
+  '';
+
+  meta = with lib; {
+    description = "Export databases with data being anonymized with the anonymizer extension";
+    homepage = "https://postgresql-anonymizer.readthedocs.io/en/stable/";
+    maintainers = teams.flyingcircus.members;
+    license = licenses.postgresql;
+    mainProgram = "pg_dump_anon";
+  };
+}

pkgs/by-name/tc/tcsh/package.nix

@@ -8,11 +8,11 @@
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "tcsh";
-  version = "6.24.10";
+  version = "6.24.11";
 
   src = fetchurl {
     url = "mirror://tcsh/tcsh-${finalAttrs.version}.tar.gz";
-    hash = "sha256-E0dcD763QTnTPteTvwD/u7KsLcn7HURGekEHYKujZmQ=";
+    hash = "sha256-tae2J6uz7y6NOoabtnXQ6SfYUHBER6Gyx3lGwNMkeZ0=";
   };
 
   strictDeps = true;

pkgs/desktops/xfce/applications/xfce4-terminal/default.nix

@@ -44,5 +44,6 @@ mkXfceDerivation {
   meta = with lib; {
     description = "A modern terminal emulator";
     maintainers = with maintainers; [ ] ++ teams.xfce.members;
+    mainProgram = "xfce4-terminal";
   };
 }

pkgs/development/compilers/erg/default.nix

@@ -9,16 +9,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "erg";
-  version = "0.6.30";
+  version = "0.6.32";
 
   src = fetchFromGitHub {
     owner = "erg-lang";
     repo = "erg";
     rev = "v${version}";
-    hash = "sha256-lStTLDXgdaaqyzdzU1V2JnKX8jt27Z1A23fkuZU8dt0=";
+    hash = "sha256-l+I6ue824dvZ1AmSS/y+Sh43OstJ5c+8xIXvoVpMFws=";
   };
 
-  cargoHash = "sha256-MsDan3wL9RhH0uhAuq0Lg8IRBXR8a3ooEBx6n2CMAVk=";
+  cargoHash = "sha256-SRltpqTviC+Dq9pPBuLjctOXOKTYw+zVlvA9wi0iFWg=";
 
   nativeBuildInputs = [
     makeWrapper

pkgs/development/interpreters/php/8.3.nix

@@ -2,8 +2,8 @@
 
 let
   base = callPackage ./generic.nix (_args // {
-    version = "8.3.3";
-    hash = "sha256-qvthO6eVlKI/5yL46QrUczAGEL+A50uKpS2pysLcTio=";
+    version = "8.3.4";
+    hash = "sha256-PFyvGODAokOq7JE6OeywkgQxla3eTD/ELpRdpbkndpU=";
   });
 in
 base.withExtensions ({ all, ... }: with all; ([

pkgs/development/php-packages/phalcon/default.nix

@@ -2,13 +2,13 @@
 
 buildPecl rec {
   pname = "phalcon";
-  version = "5.6.1";
+  version = "5.6.2";
 
   src = fetchFromGitHub {
     owner = "phalcon";
     repo = "cphalcon";
     rev = "v${version}";
-    hash = "sha256-1dCtj3pJGOY7sRe6xx8JgPPLSj/6qMemUnqrt9guPIk=";
+    hash = "sha256-AgyV9pxyXcXuhrRgozN2p67u8xZMepbWrzYaBZMFn6k=";
   };
 
   internalDeps = [ php.extensions.session php.extensions.pdo ];

pkgs/development/python-modules/orgparse/default.nix

@@ -0,0 +1,22 @@
+{ lib, python3Packages, fetchPypi }:
+
+python3Packages.buildPythonPackage rec {
+  pname = "orgparse";
+  version = "0.4.20231004";
+
+  src = fetchPypi {
+    inherit pname version;
+    hash = "sha256-pOOK6tq/mYiw9npmrNCCedGCILy8QioSkGDCiQu6kaA=";
+  };
+
+  nativeBuildInputs = [ python3Packages.setuptools-scm ];
+
+  pyproject = true;
+
+  meta = with lib; {
+    homepage = "https://github.com/karlicoss/orgparse";
+    description = "orgparse - Emacs org-mode parser in Python";
+    license = licenses.bsd2;
+    maintainers = with maintainers; [ twitchy0 ];
+  };
+}

pkgs/development/tools/ruff/default.nix

@@ -10,16 +10,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "ruff";
-  version = "0.3.1";
+  version = "0.3.2";
 
   src = fetchFromGitHub {
     owner = "astral-sh";
     repo = "ruff";
     rev = "refs/tags/v${version}";
-    hash = "sha256-MuvVpMBEQSOz6vSEhw7fmvAwgUu/7hrbtP8/MsIL57c=";
+    hash = "sha256-2Pt2HuDB9JLD9E1q0JH7jyVoc0II5uVL1l8pAod+9V4=";
   };
 
-  cargoHash = "sha256-zC4rXgqT0nw22adtoe51wN8XVbr6drXvqWqyJeqSGYc=";
+  cargoHash = "sha256-njHpqWXFNdwenV58+VGznnqbaNK1GoGtHSTfKU2MRbs=";
 
   nativeBuildInputs = [
     installShellFiles

pkgs/servers/http/tomcat/default.nix

@@ -39,12 +39,12 @@ let
 
 in {
   tomcat9 = common {
-    version = "9.0.85";
-    hash = "sha256-oYdNXi5yADqBJ25alSAASsoRPxNfyEEzQim2j20luh4=";
+    version = "9.0.87";
+    hash = "sha256-2kgvuSIAhtvzceGAqgnGQCr48EhYZzTN7dSgjEjUzgI=";
   };
 
   tomcat10 = common {
-    version = "10.1.18";
-    hash = "sha256-baC0y9MUDmSocZot4ZwgvzkC0mShQqgWrFUq4hat4xE=";
+    version = "10.1.19";
+    hash = "sha256-w+pp2SvPw+15Ko2AeUrNuFbxwF2KBF4XpxoliKDHULc=";
   };
 }

pkgs/servers/sql/postgresql/ext/anonymizer.nix

@@ -0,0 +1,32 @@
+{ lib, stdenv, pg-dump-anon, postgresql, runtimeShell }:
+
+stdenv.mkDerivation (finalAttrs: {
+  pname = "postgresql_anonymizer";
+
+  inherit (pg-dump-anon) version src passthru;
+
+  buildInputs = [ postgresql ];
+  nativeBuildInputs = [ postgresql ] ++ lib.optional postgresql.jitSupport postgresql.llvm;
+
+  strictDeps = true;
+
+  makeFlags = [
+    "BINDIR=${placeholder "out"}/bin"
+    "datadir=${placeholder "out"}/share/postgresql"
+    "pkglibdir=${placeholder "out"}/lib"
+    "DESTDIR="
+  ];
+
+  postInstall = ''
+    cat >$out/bin/pg_dump_anon.sh <<'EOF'
+    #!${runtimeShell}
+    echo "This script is deprecated by upstream. To use the new script,"
+    echo "please install pkgs.pg-dump-anon."
+    exit 1
+    EOF
+  '';
+
+  meta = pg-dump-anon.meta // {
+    description = "Extension to mask or replace personally identifiable information (PII) or commercially sensitive data from a PostgreSQL database";
+  };
+})

pkgs/servers/sql/postgresql/packages.nix

@@ -2,6 +2,8 @@ self: super: {
 
     age = super.callPackage ./ext/age.nix { };
 
+    anonymizer = super.callPackage ./ext/anonymizer.nix { };
+
     apache_datasketches = super.callPackage ./ext/apache_datasketches.nix { };
 
     citus = super.callPackage ./ext/citus.nix { };

pkgs/tools/X11/xdragon/default.nix

@@ -1,14 +1,14 @@
 { lib, stdenv, fetchFromGitHub, pkg-config, gtk3 }:
 
-stdenv.mkDerivation rec {
+stdenv.mkDerivation (finalAttrs: {
   pname = "xdragon";
   version = "1.2.0";
 
   src = fetchFromGitHub {
     owner = "mwh";
     repo = "dragon";
-    rev = "v${version}";
-    sha256 = "sha256-wqG6idlVvdN+sPwYgWu3UL0la5ssvymZibiak3KeV7M=";
+    rev = "v${finalAttrs.version}";
+    hash = "sha256-wqG6idlVvdN+sPwYgWu3UL0la5ssvymZibiak3KeV7M=";
   };
 
   nativeBuildInputs = [ pkg-config ];
@@ -24,5 +24,6 @@ stdenv.mkDerivation rec {
     homepage = "https://github.com/mwh/dragon";
     license = licenses.gpl3;
     maintainers = with maintainers; [ das_j ];
+    mainProgram = "xdragon";
   };
-}
+})

pkgs/tools/text/hck/default.nix

@@ -12,10 +12,10 @@ rustPlatform.buildRustPackage rec {
     owner = "sstadick";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-KPpvai7+El2JA97EXDCstZ66FeyVCe7w+ERDDNRZ/h8=";
+    hash = "sha256-KPpvai7+El2JA97EXDCstZ66FeyVCe7w+ERDDNRZ/h8=";
   };
 
-  cargoSha256 = "sha256-TpwUO0BL8kambnxAUE9+l6YYkNL1WzmkTYn1YxjufdY=";
+  cargoHash = "sha256-TpwUO0BL8kambnxAUE9+l6YYkNL1WzmkTYn1YxjufdY=";
 
   nativeBuildInputs = [ cmake ];
 
@@ -25,5 +25,6 @@ rustPlatform.buildRustPackage rec {
     changelog = "https://github.com/sstadick/hck/blob/v${version}/CHANGELOG.md";
     license = with licenses; [ mit /* or */ unlicense ];
     maintainers = with maintainers; [ figsoda ];
+    mainProgram = "hck";
   };
 }

pkgs/top-level/python-packages.nix

@@ -9060,6 +9060,8 @@ self: super: with self; {
 
   orderedset = callPackage ../development/python-modules/orderedset { };
 
+  orgparse = callPackage ../development/python-modules/orgparse { };
+
   orjson = callPackage ../development/python-modules/orjson { };
 
   orm = callPackage ../development/python-modules/orm { };