From 611fe0fd976a4c42dcdc14ad624008c7e599a605 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Wed, 17 Mar 2021 04:20:00 +0000 Subject: [PATCH 01/33] heroku: 7.47.11 -> 7.51.0 --- pkgs/development/tools/heroku/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/heroku/default.nix b/pkgs/development/tools/heroku/default.nix index 81c059d2939f..35fccf0e62ee 100644 --- a/pkgs/development/tools/heroku/default.nix +++ b/pkgs/development/tools/heroku/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "heroku"; - version = "7.47.11"; + version = "7.51.0"; src = fetchurl { url = "https://cli-assets.heroku.com/heroku-v${version}/heroku-v${version}.tar.xz"; - sha256 = "1inf2radpkd9jndap91cw0wbb2qmi71i287vyydl492372cf3cs2"; + sha256 = "0wcqk4iy4r57k6fd6l0732yp5mclqfla1lfvx96ay45jnhh7rknx"; }; nativeBuildInputs = [ makeWrapper ]; From 810008828fbcd7fba3d71c81b4aa2f01f8da9810 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Fri, 8 Jan 2021 01:58:22 +0000 Subject: [PATCH 02/33] pomerium: init at 0.11.1 --- pkgs/servers/http/pomerium/default.nix | 75 ++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 77 insertions(+) create mode 100644 pkgs/servers/http/pomerium/default.nix diff --git a/pkgs/servers/http/pomerium/default.nix b/pkgs/servers/http/pomerium/default.nix new file mode 100644 index 000000000000..5d2f96da022e --- /dev/null +++ b/pkgs/servers/http/pomerium/default.nix @@ -0,0 +1,75 @@ +{ buildGoModule +, fetchFromGitHub +, lib +, envoy +, zip +}: + +let + inherit (lib) concatStringsSep mapAttrsToList; +in +buildGoModule rec { + pname = "pomerium"; + version = "0.11.1"; + src = fetchFromGitHub { + owner = "pomerium"; + repo = "pomerium"; + rev = "v${version}"; + hash = "sha256-9xx4eQovgAx3YEOsp64HErN7Roo7i2QeymRh8umyOnI="; + }; + + vendorSha256 = "sha256-hDRqTGUXB+/jA+ccZ5LyKMF/zV9+xLxcqErdnPwB2U8="; + subPackages = [ + "cmd/pomerium" + "cmd/pomerium-cli" + ]; + + buildFlagsArray = let + # Set a variety of useful meta variables for stamping the build with. + setVars = { + Version = "v${version}"; + BuildMeta = "nixpkgs"; + ProjectName = "pomerium"; + ProjectURL = "github.com/pomerium/pomerium"; + }; + varFlags = concatStringsSep " " (mapAttrsToList (name: value: "-X github.com/pomerium/pomerium/internal/version.${name}=${value}") setVars); + in [ + "-ldflags=${varFlags}" + ]; + + nativeBuildInputs = [ + zip + ]; + + # Pomerium expects to have envoy append to it in a zip. + # We use a store-only (-0) zip, so that the Nix scanner can find any store references we had in the envoy binary. + postBuild = '' + # Append Envoy + pushd $NIX_BUILD_TOP + mkdir -p envoy + cd envoy + cp ${envoy}/bin/envoy envoy + zip -0 envoy.zip envoy + popd + + mv $GOPATH/bin/pomerium $GOPATH/bin/pomerium.old + cat $GOPATH/bin/pomerium.old $NIX_BUILD_TOP/envoy/envoy.zip >$GOPATH/bin/pomerium + zip --adjust-sfx $GOPATH/bin/pomerium + ''; + + # We also need to set dontStrip to avoid having the envoy ZIP stripped off the end. + dontStrip = true; + + installPhase = '' + install -Dm0755 $GOPATH/bin/pomerium $out/bin/pomerium + install -Dm0755 $GOPATH/bin/pomerium-cli $out/bin/pomerium-cli + ''; + + meta = with lib; { + homepage = "https://pomerium.io"; + description = "Authenticating reverse proxy"; + license = licenses.asl20; + maintainers = with maintainers; [ lukegb ]; + platforms = [ "x86_64-linux" ]; # Envoy derivation is x86_64-linux only. + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6fa4ac304b6a..22cddc587bcb 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -18511,6 +18511,8 @@ in }; pflogsumm = callPackage ../servers/mail/postfix/pflogsumm.nix { }; + pomerium = callPackage ../servers/http/pomerium { }; + postgrey = callPackage ../servers/mail/postgrey { }; pshs = callPackage ../servers/http/pshs { }; From cb2f1df0348268ed5b7bec54becb6a010be33e03 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Fri, 8 Jan 2021 03:02:47 +0000 Subject: [PATCH 03/33] nixos/pomerium: init --- nixos/modules/module-list.nix | 1 + .../modules/services/web-servers/pomerium.nix | 115 ++++++++++++++++++ 2 files changed, 116 insertions(+) create mode 100644 nixos/modules/services/web-servers/pomerium.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index ca7898687b8b..e91336fe98b2 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -948,6 +948,7 @@ ./services/web-servers/nginx/default.nix ./services/web-servers/nginx/gitweb.nix ./services/web-servers/phpfpm/default.nix + ./services/web-servers/pomerium.nix ./services/web-servers/unit/default.nix ./services/web-servers/shellinabox.nix ./services/web-servers/tomcat.nix diff --git a/nixos/modules/services/web-servers/pomerium.nix b/nixos/modules/services/web-servers/pomerium.nix new file mode 100644 index 000000000000..ae249d803aa2 --- /dev/null +++ b/nixos/modules/services/web-servers/pomerium.nix @@ -0,0 +1,115 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + format = pkgs.formats.yaml {}; +in +{ + options.services.pomerium = { + enable = mkEnableOption "the Pomerium authenticating reverse proxy"; + + configFile = mkOption { + type = with types; nullOr path; + default = null; + description = "Path to Pomerium config YAML. If set, overrides services.pomerium.settings."; + }; + + useACMEHost = mkOption { + type = with types; nullOr str; + default = null; + description = '' + If set, use a NixOS-generated ACME certificate with the specified name. + + Note that this will require you to use a non-HTTP-based challenge, or + disable Pomerium's in-built HTTP redirect server by setting + http_redirect_addr to null and use a different HTTP server for serving + the challenge response. + + If you're using an HTTP-based challenge, you should use the + Pomerium-native autocert option instead. + ''; + }; + + settings = mkOption { + description = '' + The contents of Pomerium's config.yaml, in Nix expressions. + + Specifying configFile will override this in its entirety. + + See the Pomerium + configuration reference for more information about what to put + here. + ''; + default = {}; + type = format.type; + }; + + secretsFile = mkOption { + type = with types; nullOr path; + default = null; + description = '' + Path to file containing secrets for Pomerium, in systemd + EnvironmentFile format. See the systemd.exec(5) man page. + ''; + }; + }; + + config = let + cfg = config.services.pomerium; + cfgFile = if cfg.configFile != null then cfg.configFile else (format.generate "pomerium.yaml" cfg.settings); + in mkIf cfg.enable ({ + systemd.services.pomerium = { + description = "Pomerium authenticating reverse proxy"; + wants = [ "network.target" ] ++ (optional (cfg.useACMEHost != null) "acme-finished-${cfg.useACMEHost}.target"); + after = [ "network.target" ] ++ (optional (cfg.useACMEHost != null) "acme-finished-${cfg.useACMEHost}.target"); + wantedBy = [ "multi-user.target" ]; + environment = optionalAttrs (cfg.useACMEHost != null) { + CERTIFICATE_FILE = "fullchain.pem"; + CERTIFICATE_KEY_FILE = "key.pem"; + }; + startLimitIntervalSec = 60; + + serviceConfig = { + DynamicUser = true; + StateDirectory = [ "pomerium" ]; + ExecStart = "${pkgs.pomerium}/bin/pomerium -config ${cfgFile}"; + + PrivateUsers = false; # breaks CAP_NET_BIND_SERVICE + MemoryDenyWriteExecute = false; # breaks LuaJIT + + NoNewPrivileges = true; + PrivateTmp = true; + PrivateDevices = true; + DevicePolicy = "closed"; + ProtectSystem = "strict"; + ProtectHome = true; + ProtectControlGroups = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectKernelLogs = true; + RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK"; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + LockPersonality = true; + SystemCallArchitectures = "native"; + + EnvironmentFile = cfg.secretsFile; + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; + CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; + + WorkingDirectory = mkIf (cfg.useACMEHost != null) "$CREDENTIALS_DIRECTORY"; + LoadCredential = optionals (cfg.useACMEHost != null) [ + "fullchain.pem:/var/lib/acme/${cfg.useACMEHost}/fullchain.pem" + "key.pem:/var/lib/acme/${cfg.useACMEHost}/key.pem" + ]; + }; + }; + security.acme.certs = mkIf (cfg.useACMEHost != null) { + ${cfg.useACMEHost}.postRun = mkAfter '' + /run/current-system/systemd/bin/systemctl -q is-active pomerium.service && /run/current-system/systemd/bin/systemctl restart pomerium.service + ''; + }; + }); +} From 309e836c3348debeef30463543b1a6830415db6b Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Fri, 8 Jan 2021 03:03:00 +0000 Subject: [PATCH 04/33] nixos/tests/pomerium: init --- .../modules/services/web-servers/pomerium.nix | 24 ++++- nixos/tests/all-tests.nix | 1 + nixos/tests/pomerium.nix | 102 ++++++++++++++++++ 3 files changed, 123 insertions(+), 4 deletions(-) create mode 100644 nixos/tests/pomerium.nix diff --git a/nixos/modules/services/web-servers/pomerium.nix b/nixos/modules/services/web-servers/pomerium.nix index ae249d803aa2..a96df1dbf6de 100644 --- a/nixos/modules/services/web-servers/pomerium.nix +++ b/nixos/modules/services/web-servers/pomerium.nix @@ -106,10 +106,26 @@ in ]; }; }; - security.acme.certs = mkIf (cfg.useACMEHost != null) { - ${cfg.useACMEHost}.postRun = mkAfter '' - /run/current-system/systemd/bin/systemctl -q is-active pomerium.service && /run/current-system/systemd/bin/systemctl restart pomerium.service - ''; + + # postRun hooks on cert renew can't be used to restart Nginx since renewal + # runs as the unprivileged acme user. sslTargets are added to wantedBy + before + # which allows the acme-finished-$cert.target to signify the successful updating + # of certs end-to-end. + systemd.services.pomerium-config-reload = mkIf (cfg.useACMEHost != null) { + # TODO(lukegb): figure out how to make config reloading work with credentials. + + wantedBy = [ "acme-finished-${cfg.useACMEHost}.target" "multi-user.target" ]; + # Before the finished targets, after the renew services. + before = [ "acme-finished-${cfg.useACMEHost}.target" ]; + after = [ "acme-${cfg.useACMEHost}.service" ]; + # Block reloading if not all certs exist yet. + unitConfig.ConditionPathExists = [ "${certs.${cfg.useACMEHost}.directory}/fullchain.pem" ]; + serviceConfig = { + Type = "oneshot"; + TimeoutSec = 60; + ExecCondition = "/run/current-system/systemd/bin/systemctl -q is-active pomerium.service"; + ExecStart = "/run/current-system/systemd/bin/systemctl restart pomerium.service"; + }; }; }); } diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 65c7d84ee644..6cef215b1335 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -318,6 +318,7 @@ in plikd = handleTest ./plikd.nix {}; plotinus = handleTest ./plotinus.nix {}; podman = handleTestOn ["x86_64-linux"] ./podman.nix {}; + pomerium = handleTestOn ["x86_64-linux"] ./pomerium.nix {}; postfix = handleTest ./postfix.nix {}; postfix-raise-smtpd-tls-security-level = handleTest ./postfix-raise-smtpd-tls-security-level.nix {}; postgis = handleTest ./postgis.nix {}; diff --git a/nixos/tests/pomerium.nix b/nixos/tests/pomerium.nix new file mode 100644 index 000000000000..933614bb7d8a --- /dev/null +++ b/nixos/tests/pomerium.nix @@ -0,0 +1,102 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "pomerium"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ lukegb ]; + }; + + nodes = let base = myIP: { pkgs, lib, ... }: { + virtualisation.vlans = [ 1 ]; + networking = { + dhcpcd.enable = false; + firewall.allowedTCPPorts = [ 80 443 ]; + hosts = { + "192.168.1.1" = [ "pomerium" "pom-auth" ]; + "192.168.1.2" = [ "backend" "dummy-oidc" ]; + }; + interfaces.eth1.ipv4.addresses = pkgs.lib.mkOverride 0 [ + { address = myIP; prefixLength = 24; } + ]; + }; + }; in { + pomerium = { pkgs, lib, ... }: { + imports = [ (base "192.168.1.1") ]; + services.pomerium = { + enable = true; + settings = { + address = ":80"; + insecure_server = true; + authenticate_service_url = "http://pom-auth"; + + idp_provider = "oidc"; + idp_scopes = [ "oidc" ]; + idp_client_id = "dummy"; + idp_provider_url = "http://dummy-oidc"; + + policy = [{ + from = "https://my.website"; + to = "http://192.168.1.2"; + allow_public_unauthenticated_access = true; + preserve_host_header = true; + } { + from = "https://login.required"; + to = "http://192.168.1.2"; + allowed_domains = [ "my.domain" ]; + preserve_host_header = true; + }]; + }; + secretsFile = pkgs.writeText "pomerium-secrets" '' + # 12345678901234567890123456789012 in base64 + COOKIE_SECRET=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI= + IDP_CLIENT_SECRET=dummy + ''; + }; + }; + backend = { pkgs, lib, ... }: { + imports = [ (base "192.168.1.2") ]; + services.nginx.enable = true; + services.nginx.virtualHosts."my.website" = { + root = pkgs.runCommand "testdir" {} '' + mkdir "$out" + echo hello world > "$out/index.html" + ''; + }; + services.nginx.virtualHosts."dummy-oidc" = { + root = pkgs.runCommand "testdir" {} '' + mkdir -p "$out/.well-known" + cat <"$out/.well-known/openid-configuration" + { + "issuer": "http://dummy-oidc", + "authorization_endpoint": "http://dummy-oidc/auth.txt", + "token_endpoint": "http://dummy-oidc/token", + "jwks_uri": "http://dummy-oidc/jwks.json", + "userinfo_endpoint": "http://dummy-oidc/userinfo", + "id_token_signing_alg_values_supported": ["RS256"] + } + EOF + echo hello I am login page >"$out/auth.txt" + ''; + }; + }; + }; + + testScript = { ... }: '' + backend.wait_for_unit("nginx") + backend.wait_for_open_port(80) + + pomerium.wait_for_unit("pomerium") + pomerium.wait_for_open_port(80) + + with subtest("no authentication required"): + pomerium.succeed( + "curl --resolve my.website:80:127.0.0.1 http://my.website | grep -q 'hello world'" + ) + + with subtest("login required"): + pomerium.succeed( + "curl -I --resolve login.required:80:127.0.0.1 http://login.required | grep -q pom-auth" + ) + pomerium.succeed( + "curl -L --resolve login.required:80:127.0.0.1 http://login.required | grep -q 'hello I am login page'" + ) + ''; +}) From f081b0c9bb61823db8416482bd32906a9e2f8148 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Fri, 8 Jan 2021 03:04:24 +0000 Subject: [PATCH 05/33] envoy, pomerium: add Pomerium NixOS test to passthru.tests --- pkgs/servers/http/envoy/default.nix | 6 ++++++ pkgs/servers/http/pomerium/default.nix | 5 +++++ 2 files changed, 11 insertions(+) diff --git a/pkgs/servers/http/envoy/default.nix b/pkgs/servers/http/envoy/default.nix index 3a4535281513..e6ecbb868603 100644 --- a/pkgs/servers/http/envoy/default.nix +++ b/pkgs/servers/http/envoy/default.nix @@ -6,6 +6,7 @@ , go , ninja , python3 +, nixosTests }: let @@ -110,6 +111,11 @@ buildBazelPackage rec { "--cxxopt=-Wno-uninitialized" ]; + passthru.tests = { + # No tests for Envoy itself (yet), but it's tested as a core component of Pomerium. + inherit (nixosTests) pomerium; + }; + meta = with lib; { homepage = "https://envoyproxy.io"; description = "Cloud-native edge and service proxy"; diff --git a/pkgs/servers/http/pomerium/default.nix b/pkgs/servers/http/pomerium/default.nix index 5d2f96da022e..20b339967db3 100644 --- a/pkgs/servers/http/pomerium/default.nix +++ b/pkgs/servers/http/pomerium/default.nix @@ -3,6 +3,7 @@ , lib , envoy , zip +, nixosTests }: let @@ -65,6 +66,10 @@ buildGoModule rec { install -Dm0755 $GOPATH/bin/pomerium-cli $out/bin/pomerium-cli ''; + passthru.tests = { + inherit (nixosTests) pomerium; + }; + meta = with lib; { homepage = "https://pomerium.io"; description = "Authenticating reverse proxy"; From d4eb533993771fc13fdbbd3292df26e14bf86af3 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Mon, 29 Mar 2021 11:35:21 +0100 Subject: [PATCH 06/33] pomerium: 0.11.1 -> 0.13.3 Bump pomerium to v0.13.3. Co-authored-by: contrun --- pkgs/servers/http/pomerium/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/servers/http/pomerium/default.nix b/pkgs/servers/http/pomerium/default.nix index 20b339967db3..0605a12eca47 100644 --- a/pkgs/servers/http/pomerium/default.nix +++ b/pkgs/servers/http/pomerium/default.nix @@ -11,15 +11,15 @@ let in buildGoModule rec { pname = "pomerium"; - version = "0.11.1"; + version = "0.13.3"; src = fetchFromGitHub { owner = "pomerium"; repo = "pomerium"; rev = "v${version}"; - hash = "sha256-9xx4eQovgAx3YEOsp64HErN7Roo7i2QeymRh8umyOnI="; + hash = "sha256-g0w1aIHvf2rJANvGWHeUxdnyCDsvy/PQ9Kp8nDdT/0w="; }; - vendorSha256 = "sha256-hDRqTGUXB+/jA+ccZ5LyKMF/zV9+xLxcqErdnPwB2U8="; + vendorSha256 = "sha256-grihU85OcGyf9/KKrv87xZonX5r+Z1oHQTf84Ya61fg="; subPackages = [ "cmd/pomerium" "cmd/pomerium-cli" From 7c445708709fc064b2e4bfd48588f69a27fbe19a Mon Sep 17 00:00:00 2001 From: ajs124 Date: Tue, 30 Mar 2021 17:25:35 +0200 Subject: [PATCH 07/33] nginxMainline: 1.19.8 -> 1.19.9 --- pkgs/servers/http/nginx/mainline.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/http/nginx/mainline.nix b/pkgs/servers/http/nginx/mainline.nix index 0c33ab431de0..0409f6a26ea4 100644 --- a/pkgs/servers/http/nginx/mainline.nix +++ b/pkgs/servers/http/nginx/mainline.nix @@ -1,6 +1,6 @@ { callPackage, ... }@args: callPackage ./generic.nix args { - version = "1.19.8"; - sha256 = "01cb6hsaik1sfjihbrldmwrcn54gk4plfy350sl1b4rml6qik29h"; + version = "1.19.9"; + sha256 = "0hfqqyfgqa6wqazmb3d434nb3r5p8szfisa0m6nfh9lqdbqdyd9f"; } From 610652c1c89890d58e63fd704db8ff20e48ae412 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Tue, 30 Mar 2021 15:50:53 +0000 Subject: [PATCH 08/33] oneshot: 1.3.1 -> 1.4.1 --- pkgs/tools/networking/oneshot/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/networking/oneshot/default.nix b/pkgs/tools/networking/oneshot/default.nix index 0f886fda03c9..48c20643580f 100644 --- a/pkgs/tools/networking/oneshot/default.nix +++ b/pkgs/tools/networking/oneshot/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "oneshot"; - version = "1.3.1"; + version = "1.4.1"; src = fetchFromGitHub { owner = "raphaelreyna"; repo = "oneshot"; rev = "v${version}"; - sha256 = "047mncv9abs4xj7bh9lhc3wan37cldjjyrpkis7pvx6zhzml74kf"; + sha256 = "sha256-UD67xYBb1rvGMSPurte5z2Hcd7+JtXDPbgp3BVBdLuk="; }; - vendorSha256 = "1cxr96yrrmz37r542mc5376jll9lqjqm18k8761h9jqfbzmh9rkp"; + vendorSha256 = "sha256-d+YE618OywSDOWiiULHENFEqzRmFVUFKPuPXnL1JubM="; doCheck = false; From f0d795f7c81357aa1e3b3b68d1f3149de7735656 Mon Sep 17 00:00:00 2001 From: JesusMtnez Date: Wed, 31 Mar 2021 09:12:34 +0200 Subject: [PATCH 09/33] slack: fix missing libxshmfence --- .../networking/instant-messengers/slack/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/applications/networking/instant-messengers/slack/default.nix b/pkgs/applications/networking/instant-messengers/slack/default.nix index 091b12cd2945..1775e45d4e6e 100644 --- a/pkgs/applications/networking/instant-messengers/slack/default.nix +++ b/pkgs/applications/networking/instant-messengers/slack/default.nix @@ -26,6 +26,7 @@ , libuuid , libxcb , libxkbcommon +, libxshmfence , mesa , nspr , nss @@ -117,6 +118,7 @@ let xorg.libXi xorg.libXrandr xorg.libXrender + xorg.libxshmfence xorg.libXtst xorg.libxkbfile ] + ":${stdenv.cc.cc.lib}/lib64"; From b1bda26ec09b2c3c57ca8a59b6359e62141e89d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Samuel=20Gr=C3=A4fenstein?= Date: Wed, 31 Mar 2021 10:14:18 +0200 Subject: [PATCH 10/33] nixos/all-firmware: fix eval with allowAliases set to false Fix eval when `nixpkgs.config.allowAliases = false;` is set. --- nixos/modules/hardware/all-firmware.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/hardware/all-firmware.nix b/nixos/modules/hardware/all-firmware.nix index 8cf3e5633dc7..3e88a4c20adc 100644 --- a/nixos/modules/hardware/all-firmware.nix +++ b/nixos/modules/hardware/all-firmware.nix @@ -49,7 +49,7 @@ in { rt5677-firmware rtl8723bs-firmware rtl8761b-firmware - rtlwifi_new-firmware + rtw88-firmware zd1211fw alsa-firmware sof-firmware From 97904f8424ccbba6de4ae63e7e97c2c4edf65567 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Tue, 30 Mar 2021 18:24:52 +0200 Subject: [PATCH 11/33] qt5.qtwebengine: fix Qt version number in cmake This fixes the build failures in packages depending on qtwebengine and using cmake to find the Qt dependencies (like libsForQt5.messagelib). --- pkgs/development/libraries/qt-5/5.15/default.nix | 4 +++- pkgs/development/libraries/qt-5/modules/qtwebengine.nix | 4 ++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/qt-5/5.15/default.nix b/pkgs/development/libraries/qt-5/5.15/default.nix index c32f4b001e9d..f969254b5952 100644 --- a/pkgs/development/libraries/qt-5/5.15/default.nix +++ b/pkgs/development/libraries/qt-5/5.15/default.nix @@ -203,7 +203,9 @@ let qtvirtualkeyboard = callPackage ../modules/qtvirtualkeyboard.nix {}; qtwayland = callPackage ../modules/qtwayland.nix {}; qtwebchannel = callPackage ../modules/qtwebchannel.nix {}; - qtwebengine = callPackage ../modules/qtwebengine.nix {}; + qtwebengine = callPackage ../modules/qtwebengine.nix { + inherit (srcs.qtwebengine) version; + }; qtwebglplugin = callPackage ../modules/qtwebglplugin.nix {}; qtwebkit = callPackage ../modules/qtwebkit.nix {}; qtwebsockets = callPackage ../modules/qtwebsockets.nix {}; diff --git a/pkgs/development/libraries/qt-5/modules/qtwebengine.nix b/pkgs/development/libraries/qt-5/modules/qtwebengine.nix index f994c7ef6c9a..cd3fa583303d 100644 --- a/pkgs/development/libraries/qt-5/modules/qtwebengine.nix +++ b/pkgs/development/libraries/qt-5/modules/qtwebengine.nix @@ -17,6 +17,7 @@ , cups, darwin, openbsm, runCommand, xcbuild, writeScriptBin , ffmpeg_3 ? null , lib, stdenv, fetchpatch +, version ? null , qtCompatVersion }: @@ -230,6 +231,9 @@ qtModule { [Paths] Prefix = .. EOF + '' + lib.optionalString (lib.versions.majorMinor qtCompatVersion == "5.15") '' + # Fix for out-of-sync QtWebEngine and Qt releases (since 5.15.3) + sed 's/${lib.head (lib.splitString "-" version)} /${qtCompatVersion} /' -i "$out"/lib/cmake/*/*Config.cmake ''; meta = with lib; { From 9495de73ddb74e1ace3a8650e6aa6714cfd7ec94 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Wed, 31 Mar 2021 12:53:28 +0200 Subject: [PATCH 12/33] chromium: 89.0.4389.90 -> 89.0.4389.114 https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html This update includes 8 security fixes. CVEs: CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199 --- .../networking/browsers/chromium/upstream-info.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index 723ea6235c2f..cc99017a0972 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -1,8 +1,8 @@ { "stable": { - "version": "89.0.4389.90", - "sha256": "16i7bgk2jbcqs2p28nk5mlf0k6wah594pcsfm8b154nxbyf0iihi", - "sha256bin64": "1hgpx7isp9krarj7jpbhs97ym4i9j9a1srywv9pdfzbhw6cid2pk", + "version": "89.0.4389.114", + "sha256": "007df9p78bbmk3iyfi8qn57mmn68qqrdhx6z8n2hl8ksd7lspw7j", + "sha256bin64": "06wblyvyr93032fbzwm6qpzz4jjm6adziq4i4n6kmfdix2ajif8a", "deps": { "gn": { "version": "2021-01-07", From f725bcbdb8df200839f7536d7587d282ae04d77b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Wed, 31 Mar 2021 13:16:29 +0200 Subject: [PATCH 13/33] prs: 0.2.6 -> 0.2.7 --- pkgs/tools/security/prs/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/security/prs/default.nix b/pkgs/tools/security/prs/default.nix index 64028b3f4432..2d96c89970ec 100644 --- a/pkgs/tools/security/prs/default.nix +++ b/pkgs/tools/security/prs/default.nix @@ -12,16 +12,16 @@ rustPlatform.buildRustPackage rec { pname = "prs"; - version = "0.2.6"; + version = "0.2.7"; src = fetchFromGitLab { owner = "timvisee"; repo = "prs"; rev = "v${version}"; - sha256 = "sha256-2fpR9XCcKby+hI7Dzpr2qi1QgOzdgJp0Um57tQmi01A="; + sha256 = "sha256-1Jrgf5UW6k0x3q6kQIB6Q7moOhConEnUU9r+21W5Uu8="; }; - cargoSha256 = "sha256-0oWNGrJ24gPkPp5PR/pQ1tIYkXztQJFAdPz162V5THY="; + cargoSha256 = "sha256-N3pLW/OGeurrl+AlwdfbZ3T7WzEOAuyUMdIR164Xp7k="; postPatch = '' # The GPGME backend is recommended From 1eb15e0ae617ecf209ba7aa3e9a61d09d39202a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Wed, 31 Mar 2021 13:17:25 +0200 Subject: [PATCH 14/33] abcmidi: 2021.03.27 -> 2021.03.30 --- pkgs/tools/audio/abcmidi/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/audio/abcmidi/default.nix b/pkgs/tools/audio/abcmidi/default.nix index 26484b436c95..e1c2844813d4 100644 --- a/pkgs/tools/audio/abcmidi/default.nix +++ b/pkgs/tools/audio/abcmidi/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "abcMIDI"; - version = "2021.03.27"; + version = "2021.03.30"; src = fetchzip { url = "https://ifdo.ca/~seymour/runabc/${pname}-${version}.zip"; - sha256 = "sha256-dOUdxH1jJUr9MkU6mf0nwbjY5NYUJpHGkjUZWbRSGsw="; + sha256 = "sha256-eOQbvs/mtFn7AmvSezO/jRm8+cO5tF7ggcF9DwwfqVc="; }; meta = with lib; { From 4188cd1a0e1f67bfd77ae2e4e4d7dd35b7e3d95e Mon Sep 17 00:00:00 2001 From: Maxim Zhukov Date: Sun, 28 Mar 2021 20:18:13 +0300 Subject: [PATCH 15/33] maintainers: add mephistophiles (myself) --- maintainers/maintainer-list.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index b08dbcd8de9d..31741787635c 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -6176,6 +6176,12 @@ github = "meutraa"; githubId = 68550871; }; + mephistophiles = { + email = "mussitantesmortem@gmail.com"; + name = "Maxim Zhukov"; + github = "Mephistophiles"; + githubId = 4850908; + }; mfossen = { email = "msfossen@gmail.com"; github = "mfossen"; From 38a5da70882bc48c6cd4828343b67c045c1e0c53 Mon Sep 17 00:00:00 2001 From: Maxim Zhukov Date: Sun, 28 Mar 2021 11:39:28 +0300 Subject: [PATCH 16/33] i3wm: i3-auto-layout: init at 0.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Sandro Co-authored-by: Robert Schütz Signed-off-by: Maxim Zhukov --- .../window-managers/i3/auto-layout.nix | 26 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 28 insertions(+) create mode 100644 pkgs/applications/window-managers/i3/auto-layout.nix diff --git a/pkgs/applications/window-managers/i3/auto-layout.nix b/pkgs/applications/window-managers/i3/auto-layout.nix new file mode 100644 index 000000000000..d24715aa9804 --- /dev/null +++ b/pkgs/applications/window-managers/i3/auto-layout.nix @@ -0,0 +1,26 @@ +{ lib, rustPlatform, fetchFromGitHub }: + +rustPlatform.buildRustPackage rec { + pname = "i3-auto-layout"; + version = "0.2"; + + src = fetchFromGitHub { + owner = "chmln"; + repo = pname; + rev = "v${version}"; + sha256 = "0ps08lga6qkgc8cgf5cx2lgwlqcnd2yazphh9xd2fznnzrllfxxz"; + }; + + cargoSha256 = "1ch5mh515rlqmr65x96xcvrx6iaigqgjxc7sbwbznzkc5kmvwhc0"; + + # Currently no tests are implemented, so we avoid building the package twice + doCheck = false; + + meta = with lib; { + description = "Automatic, optimal tiling for i3wm"; + homepage = "https://github.com/chmln/i3-auto-layout"; + license = licenses.mit; + maintainers = with maintainers; [ mephistophiles ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 0d1eccc373d6..4a72f7125c43 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23334,6 +23334,8 @@ in xcb-util-cursor = if stdenv.isDarwin then xcb-util-cursor-HEAD else xcb-util-cursor; }; + i3-auto-layout = callPackage ../applications/window-managers/i3/auto-layout.nix { }; + i3-gaps = callPackage ../applications/window-managers/i3/gaps.nix { }; i3altlayout = callPackage ../applications/window-managers/i3/altlayout.nix { }; From 6dfaa2884a5536dc80bdeac20d9298bef577b15c Mon Sep 17 00:00:00 2001 From: Nikolay Korotkiy Date: Wed, 31 Mar 2021 15:34:51 +0300 Subject: [PATCH 17/33] =?UTF-8?q?lagrange:=201.2.2=20=E2=86=92=201.3.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/applications/networking/browsers/lagrange/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/browsers/lagrange/default.nix b/pkgs/applications/networking/browsers/lagrange/default.nix index deea3decc294..30e154e5222c 100644 --- a/pkgs/applications/networking/browsers/lagrange/default.nix +++ b/pkgs/applications/networking/browsers/lagrange/default.nix @@ -14,13 +14,13 @@ stdenv.mkDerivation rec { pname = "lagrange"; - version = "1.2.2"; + version = "1.3.0"; src = fetchFromGitHub { owner = "skyjake"; repo = "lagrange"; rev = "v${version}"; - sha256 = "sha256-Y+BiXKxlUSZXaLcz75l333ZBkKyII9IyTmKQwjshBkE="; + sha256 = "sha256-85KshJEL7ri10mSm/KgcT03WLEwRMMTGczb6mGx66Jw="; fetchSubmodules = true; }; From 0f45da1e1bf53ddb36ec5e9a884f00e12ec6601d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Wed, 31 Mar 2021 13:23:41 +0200 Subject: [PATCH 18/33] pika-backup: 0.2.2 -> 0.2.3 --- pkgs/applications/backup/pika-backup/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/backup/pika-backup/default.nix b/pkgs/applications/backup/pika-backup/default.nix index 7f7be99f9a24..f04a5a2d8bfb 100644 --- a/pkgs/applications/backup/pika-backup/default.nix +++ b/pkgs/applications/backup/pika-backup/default.nix @@ -19,20 +19,20 @@ stdenv.mkDerivation rec { pname = "pika-backup"; - version = "0.2.2"; + version = "0.2.3"; src = fetchFromGitLab { domain = "gitlab.gnome.org"; owner = "World"; repo = "pika-backup"; rev = "v${version}"; - sha256 = "16284gv31wdwmb99056962d1gh6xz26ami6synr47nsbbp5l0s6k"; + sha256 = "sha256-jy22eyuzM2y7vByT3TOlAUuTKtPepkB9iiHQT1YGQ88="; }; cargoDeps = rustPlatform.fetchCargoTarball { inherit src; name = "${pname}-${version}"; - sha256 = "12ymjwpxx3sdna8w5j9fnwwfk8ynk9ziwl0lkpq68y0vyllln5an"; + sha256 = "1ndcpgw18w3l5f7vv5vw8lxhgd5y1zxfarwnyfx13m7kcv8m3vyj"; }; patches = [ From 381e8d16a910b94a9607a1797dc83c883a31df4b Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Wed, 31 Mar 2021 15:33:16 +0200 Subject: [PATCH 19/33] EmptyEpsilon: 2020.11.23 -> 2021.03.31 ChangeLog: * https://github.com/daid/EmptyEpsilon/releases/tag/EE-2021.03.16 * https://github.com/daid/EmptyEpsilon/releases/tag/EE-2021.03.31 --- pkgs/games/empty-epsilon/default.nix | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/pkgs/games/empty-epsilon/default.nix b/pkgs/games/empty-epsilon/default.nix index dc761fb7d7a2..d444c50d976d 100644 --- a/pkgs/games/empty-epsilon/default.nix +++ b/pkgs/games/empty-epsilon/default.nix @@ -2,21 +2,23 @@ let - major = "2020"; - minor = "11"; - patch = "23"; + major = "2021"; + minor = "03"; + patch.seriousproton = "30"; + patch.emptyepsilon = "31"; - version = "${major}.${minor}.${patch}"; + version.seriousproton = "${major}.${minor}.${patch.seriousproton}"; + version.emptyepsilon = "${major}.${minor}.${patch.emptyepsilon}"; serious-proton = stdenv.mkDerivation { pname = "serious-proton"; - inherit version; + version = version.seriousproton; src = fetchFromGitHub { owner = "daid"; repo = "SeriousProton"; - rev = "EE-${version}"; - sha256 = "sha256-/gwJPlvvOCv5XIsiVgZ8Eb/7vgwG/V+s/soGVCfYrwo="; + rev = "EE-${version.seriousproton}"; + sha256 = "sha256-wxb/CxJ/HKsVngeahjygZFPMMxitkHdVD0EQ3svxgIU="; }; nativeBuildInputs = [ cmake ]; @@ -36,13 +38,13 @@ in stdenv.mkDerivation { pname = "empty-epsilon"; - inherit version; + version = version.emptyepsilon; src = fetchFromGitHub { owner = "daid"; repo = "EmptyEpsilon"; - rev = "EE-${version}"; - sha256 = "sha256-HbF6xThR+ogNHbAcXF03DaBhwVhNEr5BJO7jeeVZH/o="; + rev = "EE-${version.emptyepsilon}"; + sha256 = "sha256-x0XJPMU0prubTb4ti/W/dH5P9abNwbjqkeUhKQpct9o="; }; nativeBuildInputs = [ cmake ]; @@ -50,10 +52,10 @@ stdenv.mkDerivation { cmakeFlags = [ "-DSERIOUS_PROTON_DIR=${serious-proton.src}" - "-DCPACK_PACKAGE_VERSION=${version}" + "-DCPACK_PACKAGE_VERSION=${version.emptyepsilon}" "-DCPACK_PACKAGE_VERSION_MAJOR=${major}" "-DCPACK_PACKAGE_VERSION_MINOR=${minor}" - "-DCPACK_PACKAGE_VERSION_PATCH=${patch}" + "-DCPACK_PACKAGE_VERSION_PATCH=${patch.emptyepsilon}" ]; meta = with lib; { From 623687ca7f007ae37c3313970c1a293f9e55952b Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 29 Mar 2021 09:40:11 -0400 Subject: [PATCH 20/33] linux: 5.11.9 -> 5.11.10 --- pkgs/os-specific/linux/kernel/linux-5.11.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-5.11.nix b/pkgs/os-specific/linux/kernel/linux-5.11.nix index cf9302757f6e..945c74e8dd99 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.11.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.11.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.11.9"; + version = "5.11.10"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0dcqn6s85sd4zl7rv8ay88p5z12xvy2rma0dx6g6b480rg68sxal"; + sha256 = "07fw48sy8p17jmm24x3rl99cwxiwhwjrxnmy3g542w9kzawaqwnk"; }; } // (args.argsOverride or {})) From 2a47ac792248c82fec8fc61733e5c00f1f1a836a Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 29 Mar 2021 09:40:32 -0400 Subject: [PATCH 21/33] linux-rt_5_10: 5.10.21-rt34 -> 5.10.25-rt35 --- pkgs/os-specific/linux/kernel/linux-rt-5.10.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix index 0f017bb4b24c..cd6273d21e9e 100644 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.10.21-rt34"; # updated by ./update-rt.sh + version = "5.10.25-rt35"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -18,14 +18,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "1bz2gmyvpl4vsk0r6fsnh451fzvvfbv63rw8ia75gfv52vzyczwy"; + sha256 = "1p8s8vp5b6vjmvhj3plm0pr0d9qp5lrwm6l40a4bjr1vk9myf2lk"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "12c2qpifcgij7hilhd7xrnqaz04gqf41m93pmlm8cv4nxz58cy36"; + sha256 = "0kvawcyxg0xzhx73xs9g9s0hr7bs44sy4zvfzvcg2m9hdyafry0k"; }; }; in [ rt-patch ] ++ lib.remove rt-patch kernelPatches; From 5368c6d11e1cca79075e50d33b3a263cdef2c781 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 29 Mar 2021 09:40:59 -0400 Subject: [PATCH 22/33] linux/hardened/patches/5.10: 5.10.25-hardened1 -> 5.10.26-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index a8cdaafcdfe5..9075850fcbe2 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -13,9 +13,9 @@ }, "5.10": { "extra": "-hardened1", - "name": "linux-hardened-5.10.25-hardened1.patch", - "sha256": "0d5fid229769frifr7g20ly553gxdqqvajfwyzqwjpr82jjzxlis", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.25-hardened1/linux-hardened-5.10.25-hardened1.patch" + "name": "linux-hardened-5.10.26-hardened1.patch", + "sha256": "08f4yks3fjv5zi85zbxa3aqfllb6nbr58hm6kchd83l6rknnix4r", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.26-hardened1/linux-hardened-5.10.26-hardened1.patch" }, "5.11": { "extra": "-hardened1", From efd912178772c255a59997bbe1369927d5684424 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 29 Mar 2021 09:41:03 -0400 Subject: [PATCH 23/33] linux/hardened/patches/5.11: 5.11.9-hardened1 -> 5.11.10-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 9075850fcbe2..a3f67106781a 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -19,9 +19,9 @@ }, "5.11": { "extra": "-hardened1", - "name": "linux-hardened-5.11.9-hardened1.patch", - "sha256": "169jcalr81ckad08vx489h8j6k42s0rzxbpkr6knyrd7rv06ddk0", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.11.9-hardened1/linux-hardened-5.11.9-hardened1.patch" + "name": "linux-hardened-5.11.10-hardened1.patch", + "sha256": "16083fvl5km751dps7mzjc2fl1qp9jqnyn7lg8jlfxc8w32bbxwv", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.11.10-hardened1/linux-hardened-5.11.10-hardened1.patch" }, "5.4": { "extra": "-hardened1", From 285301cd1f3ec4521be8a9b816a99a095c34715c Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 29 Mar 2021 19:39:38 +0200 Subject: [PATCH 24/33] linuxPackages: 5.4 -> 5.10 The 5.10 series is the next longterm version of the linux kernel and I've been using it on multiple x86_64 machines ever since it came out. I think it is time to switch over the default now, so we get some additional testing in time for NixOS 21.05. --- nixos/doc/manual/release-notes/rl-2105.xml | 3 +++ pkgs/top-level/all-packages.nix | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml index 9adf8acce630..916cea929727 100644 --- a/nixos/doc/manual/release-notes/rl-2105.xml +++ b/nixos/doc/manual/release-notes/rl-2105.xml @@ -23,6 +23,9 @@ Support is planned until the end of December 2021, handing over to 21.11. + + The default Linux kernel was updated to the 5.10 LTS series, coming from the 5.4 LTS series. + GNOME desktop environment was upgraded to 3.38, see its release notes. diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 881d5abd3ceb..fb412a356ecd 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -19891,7 +19891,7 @@ in }); # The current default kernel / kernel modules. - linuxPackages = linuxPackages_5_4; + linuxPackages = linuxPackages_5_10; linux = linuxPackages.kernel; # Update this when adding the newest kernel major version! From b1f42e48deff5872951462bd0fd60e3cdba4a141 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Wed, 31 Mar 2021 11:36:22 -0400 Subject: [PATCH 25/33] python3Packages.sagemaker: Add packaging dependency --- pkgs/development/python-modules/sagemaker/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/python-modules/sagemaker/default.nix b/pkgs/development/python-modules/sagemaker/default.nix index c62f5ede3cad..836407524365 100644 --- a/pkgs/development/python-modules/sagemaker/default.nix +++ b/pkgs/development/python-modules/sagemaker/default.nix @@ -10,6 +10,7 @@ , protobuf3-to-dict , smdebug-rulesconfig , pandas +, packaging }: buildPythonPackage rec { @@ -32,6 +33,7 @@ buildPythonPackage rec { google-pasta importlib-metadata numpy + packaging protobuf protobuf3-to-dict smdebug-rulesconfig From 0ed3d9e3bf58272297810eb7a77f5531941cb4a3 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Wed, 31 Mar 2021 11:40:43 -0400 Subject: [PATCH 26/33] python3Packages.botocore: 1.20.40 -> 1.20.41 --- pkgs/development/python-modules/botocore/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/botocore/default.nix b/pkgs/development/python-modules/botocore/default.nix index 039d52baa9fd..a0555d7f1ca7 100644 --- a/pkgs/development/python-modules/botocore/default.nix +++ b/pkgs/development/python-modules/botocore/default.nix @@ -13,11 +13,11 @@ buildPythonPackage rec { pname = "botocore"; - version = "1.20.40"; # N.B: if you change this, change boto3 and awscli to a matching version + version = "1.20.41"; # N.B: if you change this, change boto3 and awscli to a matching version src = fetchPypi { inherit pname version; - sha256 = "sha256-ajWpl3zb16g52UjdX549JgwZt93nTgqETJcgaITTu6A="; + sha256 = "sha256-Y/ZQ/Ja84UHoGUp2HmiQ/qL7puASU676Ma5p8UUBXCE="; }; propagatedBuildInputs = [ From 094b663923b2ef791abbb023f92ab66ab9e7ffa0 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Wed, 31 Mar 2021 11:41:27 -0400 Subject: [PATCH 27/33] python3Packages.boto3: 1.17.40 -> 1.17.41 --- pkgs/development/python-modules/boto3/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/boto3/default.nix b/pkgs/development/python-modules/boto3/default.nix index c287295b61d0..bf5604e6d981 100644 --- a/pkgs/development/python-modules/boto3/default.nix +++ b/pkgs/development/python-modules/boto3/default.nix @@ -13,11 +13,11 @@ buildPythonPackage rec { pname = "boto3"; - version = "1.17.40"; # N.B: if you change this, change botocore and awscli to a matching version + version = "1.17.41"; # N.B: if you change this, change botocore and awscli to a matching version src = fetchPypi { inherit pname version; - sha256 = "sha256-7pmbRrLGMOUOewUtbf4iQgOjSNg7AOFoylAAmvDydsE="; + sha256 = "sha256-2FsOBdfelhabACS3aykr5isB729cqFOlElBjRrgtKrs="; }; propagatedBuildInputs = [ botocore jmespath s3transfer ] ++ lib.optionals (!isPy3k) [ futures ]; From 565ebdcb349433d27e243ab86a29d88276518aa3 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Wed, 31 Mar 2021 11:42:47 -0400 Subject: [PATCH 28/33] awscli: 1.19.40 -> 1.19.41 --- pkgs/tools/admin/awscli/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/admin/awscli/default.nix b/pkgs/tools/admin/awscli/default.nix index ff244501516b..943c69e76294 100644 --- a/pkgs/tools/admin/awscli/default.nix +++ b/pkgs/tools/admin/awscli/default.nix @@ -21,11 +21,11 @@ let in with py.pkgs; buildPythonApplication rec { pname = "awscli"; - version = "1.19.40"; # N.B: if you change this, change botocore and boto3 to a matching version too + version = "1.19.41"; # N.B: if you change this, change botocore and boto3 to a matching version too src = fetchPypi { inherit pname version; - sha256 = "sha256-J1IuTA/DrBCDclRA3cjAU71Um4Eygjgo+rMTyvT/my4="; + sha256 = "sha256-DKKE2iMn6BHmcohHY6Uv7q9Om8FkbTbsk0CaxueBJHA="; }; # https://github.com/aws/aws-cli/issues/4837 From fb811eaf6b210fa7546aed69dbfbefdfc864966e Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Wed, 31 Mar 2021 15:43:29 +0000 Subject: [PATCH 29/33] =?UTF-8?q?oh-my-zsh:=202021-03-28=20=E2=86=92=20202?= =?UTF-8?q?1-03-31?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/shells/zsh/oh-my-zsh/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/shells/zsh/oh-my-zsh/default.nix b/pkgs/shells/zsh/oh-my-zsh/default.nix index 19ab0ee44eb5..f25e71476380 100644 --- a/pkgs/shells/zsh/oh-my-zsh/default.nix +++ b/pkgs/shells/zsh/oh-my-zsh/default.nix @@ -5,15 +5,15 @@ , git, nix, nixfmt, jq, coreutils, gnused, curl, cacert }: stdenv.mkDerivation rec { - version = "2021-03-28"; + version = "2021-03-31"; pname = "oh-my-zsh"; - rev = "69507c9518f7c7889d8f47ec8e67bfda02405817"; + rev = "2b1d4122796fea12dcaa7545cfca59fb43e6393e"; src = fetchFromGitHub { inherit rev; owner = "ohmyzsh"; repo = "ohmyzsh"; - sha256 = "0p5jjynwnf6yh2n0z46avavy7kb7dlqd145hd1qakig7csaclphd"; + sha256 = "1c1hcmvfrfwds1zn165vpfh11a19s6kb20bxy2dzpby5cs15g6bc"; }; installPhase = '' From 6cd2ceb4721e010547769d261e8a66bb13fdaed0 Mon Sep 17 00:00:00 2001 From: Jonathan Ringer Date: Wed, 31 Mar 2021 09:30:27 -0700 Subject: [PATCH 30/33] steam: fix paradox launcher --- pkgs/games/steam/fhsenv.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/games/steam/fhsenv.nix b/pkgs/games/steam/fhsenv.nix index 3600b2f1442a..1a2ca5161eb7 100644 --- a/pkgs/games/steam/fhsenv.nix +++ b/pkgs/games/steam/fhsenv.nix @@ -106,6 +106,7 @@ in buildFHSUserEnv rec { gst_all_1.gst-plugins-ugly gst_all_1.gst-plugins-base libdrm + libxkbcommon # paradox launcher mono xorg.xkeyboardconfig xorg.libpciaccess @@ -205,7 +206,6 @@ in buildFHSUserEnv rec { libidn tbb wayland - libxkbcommon # Other things from runtime flac From 88d445b18b4a7be72baad28a7b58a42012105936 Mon Sep 17 00:00:00 2001 From: Izorkin Date: Wed, 31 Mar 2021 10:32:46 +0300 Subject: [PATCH 31/33] zlib-ng: init at 2.0.2 --- .../development/libraries/zlib-ng/default.nix | 34 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 36 insertions(+) create mode 100644 pkgs/development/libraries/zlib-ng/default.nix diff --git a/pkgs/development/libraries/zlib-ng/default.nix b/pkgs/development/libraries/zlib-ng/default.nix new file mode 100644 index 000000000000..7ba07cd92407 --- /dev/null +++ b/pkgs/development/libraries/zlib-ng/default.nix @@ -0,0 +1,34 @@ +{ lib, stdenv, fetchFromGitHub +, cmake, pkg-config +, withZlibCompat ? false +}: + +stdenv.mkDerivation rec { + pname = "zlib-ng"; + version = "2.0.2"; + + src = fetchFromGitHub { + owner = "zlib-ng"; + repo = "zlib-ng"; + rev = version; + sha256 = "1cl6asrav2512j7p02zcpibywjljws0m7aazvb3q2r9qiyvyswji"; + }; + + outputs = [ "out" "dev" "bin" ]; + + nativeBuildInputs = [ cmake pkg-config ]; + + cmakeFlags = [ + "-DCMAKE_INSTALL_PREFIX=/" + "-DBUILD_SHARED_LIBS=ON" + "-DINSTALL_UTILS=ON" + ] ++ lib.optionals withZlibCompat [ "-DZLIB_COMPAT=ON" ]; + + meta = with lib; { + description = "zlib data compression library for the next generation systems"; + homepage = "https://github.com/zlib-ng/zlib-ng"; + license = licenses.zlib; + platforms = platforms.all; + maintainers = with maintainers; [ izorkin ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index c21d9efd7dd0..ee11f997af67 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -17788,6 +17788,8 @@ in zlib = callPackage ../development/libraries/zlib { }; + zlib-ng = callPackage ../development/libraries/zlib-ng { }; + libdynd = callPackage ../development/libraries/libdynd { }; zlog = callPackage ../development/libraries/zlog { }; From 7b02acac3e004f560819e442d0bec23d6816ee9f Mon Sep 17 00:00:00 2001 From: dawidsowa Date: Wed, 31 Mar 2021 19:31:50 +0200 Subject: [PATCH 32/33] play-with-mpv: init at 2020-05-18 (#93473) Co-authored-by: Sandro --- pkgs/tools/video/play-with-mpv/default.nix | 35 ++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 37 insertions(+) create mode 100644 pkgs/tools/video/play-with-mpv/default.nix diff --git a/pkgs/tools/video/play-with-mpv/default.nix b/pkgs/tools/video/play-with-mpv/default.nix new file mode 100644 index 000000000000..d9ab0493160e --- /dev/null +++ b/pkgs/tools/video/play-with-mpv/default.nix @@ -0,0 +1,35 @@ +{ lib, python3Packages, fetchFromGitHub, fetchurl, youtube-dl, git }: + +let + install_freedesktop = fetchurl { + url = "https://github.com/thann/install_freedesktop/tarball/2673e8da4a67bee0ffc52a0ea381a541b4becdd4"; + sha256 = "0j8d5jdcyqbl5p6sc1ags86v3hr2sghmqqi99d1mvc064g90ckrv"; + }; +in +python3Packages.buildPythonApplication rec { + pname = "play-with-mpv"; + version = "unstable-2020-05-18"; + + src = fetchFromGitHub { + owner = "thann"; + repo = "play-with-mpv"; + rev = "656448e03fe9de9e8bd21959f2a3b47c4acb8c3e"; + sha256 = "1qma8b3lnkdhxdjsnrq7n9zgy53q62j4naaqqs07kjxbn72zb4p4"; + }; + + nativeBuildInputs = [ git ]; + propagatedBuildInputs = [ youtube-dl ]; + + postPatch = '' + substituteInPlace setup.py --replace \ + '"https://github.com/thann/install_freedesktop/tarball/master#egg=install_freedesktop-0.2.0"' \ + '"file://${install_freedesktop}#egg=install_freedesktop-0.2.0"' + ''; + + meta = with lib; { + description = "Chrome extension and python server that allows you to play videos in webpages with MPV instead"; + homepage = "https://github.com/Thann/play-with-mpv"; + license = licenses.mit; + maintainers = with maintainers; [ dawidsowa ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index fb412a356ecd..610e31059f1e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1496,6 +1496,8 @@ in pebble = callPackage ../tools/admin/pebble { }; + play-with-mpv = callPackage ../tools/video/play-with-mpv { }; + reattach-to-user-namespace = callPackage ../os-specific/darwin/reattach-to-user-namespace {}; skhd = callPackage ../os-specific/darwin/skhd { From aa9588f01ffdea7c7103cf75947e6fb55a06b385 Mon Sep 17 00:00:00 2001 From: Thomas Marchand Date: Wed, 31 Mar 2021 19:36:23 +0200 Subject: [PATCH 33/33] crypto-org-wallet: init at version 0.1.1 (#117497) Co-authored-by: Sandro --- .../blockchains/crypto-org-wallet.nix | 33 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 35 insertions(+) create mode 100644 pkgs/applications/blockchains/crypto-org-wallet.nix diff --git a/pkgs/applications/blockchains/crypto-org-wallet.nix b/pkgs/applications/blockchains/crypto-org-wallet.nix new file mode 100644 index 000000000000..be45967018d0 --- /dev/null +++ b/pkgs/applications/blockchains/crypto-org-wallet.nix @@ -0,0 +1,33 @@ +{ lib, fetchurl, makeDesktopItem, appimageTools, imagemagick }: + +let + pname = "chain-desktop-wallet"; + version = "0.1.1"; + name = "${pname}-${version}"; + + src = fetchurl { + url = "https://github.com/crypto-com/${pname}/releases/download/v${version}/${name}-x86_64.AppImage"; + sha256 = "12076hf8dlz0hg1pb2ixwlslrh8gi6s1iawnvhnn6vz4jmjvq356"; + }; + + appimageContents = appimageTools.extractType2 { inherit name src; }; +in appimageTools.wrapType2 rec { + inherit name src; + + extraInstallCommands = '' + mv $out/bin/${name} $out/bin/${pname} + install -m 444 -D ${appimageContents}/${pname}.desktop $out/share/applications/${pname}.desktop + ${imagemagick}/bin/convert ${appimageContents}/${pname}.png -resize 512x512 ${pname}_512.png + install -m 444 -D ${pname}_512.png $out/share/icons/hicolor/512x512/apps/${pname}.png + substituteInPlace $out/share/applications/${pname}.desktop \ + --replace 'Exec=AppRun --no-sandbox %U' "Exec=$out/bin/${pname}" + ''; + + meta = with lib; { + description = "Crypto.org Chain desktop wallet (Beta)"; + homepage = "https://github.com/crypto-com/chain-desktop-wallet"; + license = licenses.asl20; + maintainers = with maintainers; [ th0rgal ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 610e31059f1e..b3c474c2bee8 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -28630,6 +28630,8 @@ in cryptoverif = callPackage ../applications/science/logic/cryptoverif { }; + crypto-org-wallet = callPackage ../applications/blockchains/crypto-org-wallet.nix { }; + caprice32 = callPackage ../misc/emulators/caprice32 { }; cubicle = callPackage ../applications/science/logic/cubicle {