diff --git a/maintainers/team-list.nix b/maintainers/team-list.nix index 9c2f4680d89c..34f4576054ee 100644 --- a/maintainers/team-list.nix +++ b/maintainers/team-list.nix @@ -288,7 +288,6 @@ with lib.maintainers; { golang = { members = [ - c00w kalbasit mic92 zowoq diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index 5e735ce54d06..96ea3c885902 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -75,6 +75,8 @@ In addition to numerous new and upgraded packages, this release has the followin - [v2rayA](https://v2raya.org), a Linux web GUI client of Project V which supports V2Ray, Xray, SS, SSR, Trojan and Pingtunnel. Available as [services.v2raya](options.html#opt-services.v2raya.enable). +- [wstunnel](https://github.com/erebe/wstunnel), a proxy tunnelling arbitrary TCP or UDP traffic through a WebSocket connection. Instances may be configured via [services.wstunnel](options.html#opt-services.wstunnel.enable). + - [ulogd](https://www.netfilter.org/projects/ulogd/index.html), a userspace logging daemon for netfilter/iptables related logging. Available as [services.ulogd](options.html#opt-services.ulogd.enable). - [jellyseerr](https://github.com/Fallenbagel/jellyseerr), a web-based requests manager for Jellyfin, forked from Overseerr. Available as [services.jellyseerr](#opt-services.jellyseerr.enable). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 1e78eb1767ba..89bef0601778 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1040,6 +1040,7 @@ ./services/networking/wg-quick.nix ./services/networking/wireguard.nix ./services/networking/wpa_supplicant.nix + ./services/networking/wstunnel.nix ./services/networking/x2goserver.nix ./services/networking/xandikos.nix ./services/networking/xinetd.nix diff --git a/nixos/modules/services/networking/wstunnel.nix b/nixos/modules/services/networking/wstunnel.nix new file mode 100644 index 000000000000..440b617f60a3 --- /dev/null +++ b/nixos/modules/services/networking/wstunnel.nix @@ -0,0 +1,429 @@ +{ config, lib, options, pkgs, utils, ... }: +with lib; +let + cfg = config.services.wstunnel; + attrsToArgs = attrs: utils.escapeSystemdExecArgs ( + mapAttrsToList + (name: value: if value == true then "--${name}" else "--${name}=${value}") + attrs + ); + hostPortSubmodule = { + options = { + host = mkOption { + description = mdDoc "The hostname."; + type = types.str; + }; + port = mkOption { + description = mdDoc "The port."; + type = types.port; + }; + }; + }; + localRemoteSubmodule = { + options = { + local = mkOption { + description = mdDoc "Local address and port to listen on."; + type = types.submodule hostPortSubmodule; + example = { + host = "127.0.0.1"; + port = 51820; + }; + }; + remote = mkOption { + description = mdDoc "Address and port on remote to forward traffic to."; + type = types.submodule hostPortSubmodule; + example = { + host = "127.0.0.1"; + port = 51820; + }; + }; + }; + }; + hostPortToString = { host, port }: "${host}:${builtins.toString port}"; + localRemoteToString = { local, remote }: utils.escapeSystemdExecArg "${hostPortToString local}:${hostPortToString remote}"; + commonOptions = { + enable = mkOption { + description = mdDoc "Whether to enable this `wstunnel` instance."; + type = types.bool; + default = true; + }; + + package = mkPackageOptionMD pkgs "wstunnel" {}; + + autoStart = mkOption { + description = mdDoc "Whether this tunnel server should be started automatically."; + type = types.bool; + default = true; + }; + + extraArgs = mkOption { + description = mdDoc "Extra command line arguments to pass to `wstunnel`. Attributes of the form `argName = true;` will be translated to `--argName`, and `argName = \"value\"` to `--argName=value`."; + type = with types; attrsOf (either str bool); + default = {}; + example = { + "someNewOption" = true; + "someNewOptionWithValue" = "someValue"; + }; + }; + + verboseLogging = mkOption { + description = mdDoc "Enable verbose logging."; + type = types.bool; + default = false; + }; + + environmentFile = mkOption { + description = mdDoc "Environment file to be passed to the systemd service. Useful for passing secrets to the service to prevent them from being world-readable in the Nix store. Note however that the secrets are passed to `wstunnel` through the command line, which makes them locally readable for all users of the system at runtime."; + type = types.nullOr types.path; + default = null; + example = "/var/lib/secrets/wstunnelSecrets"; + }; + }; + + serverSubmodule = { config, ...}: { + options = commonOptions // { + listen = mkOption { + description = mdDoc "Address and port to listen on. Setting the port to a value below 1024 will also give the process the required `CAP_NET_BIND_SERVICE` capability."; + type = types.submodule hostPortSubmodule; + default = { + address = "0.0.0.0"; + port = if config.enableHTTPS then 443 else 80; + }; + defaultText = literalExpression '' + { + address = "0.0.0.0"; + port = if enableHTTPS then 443 else 80; + } + ''; + }; + + restrictTo = mkOption { + description = mdDoc "Accepted traffic will be forwarded only to this service. Set to `null` to allow forwarding to arbitrary addresses."; + type = types.nullOr (types.submodule hostPortSubmodule); + example = { + host = "127.0.0.1"; + port = 51820; + }; + }; + + enableHTTPS = mkOption { + description = mdDoc "Use HTTPS for the tunnel server."; + type = types.bool; + default = true; + }; + + tlsCertificate = mkOption { + description = mdDoc "TLS certificate to use instead of the hardcoded one in case of HTTPS connections. Use together with `tlsKey`."; + type = types.nullOr types.path; + default = null; + example = "/var/lib/secrets/cert.pem"; + }; + + tlsKey = mkOption { + description = mdDoc "TLS key to use instead of the hardcoded on in case of HTTPS connections. Use together with `tlsCertificate`."; + type = types.nullOr types.path; + default = null; + example = "/var/lib/secrets/key.pem"; + }; + + useACMEHost = mkOption { + description = mdDoc "Use a certificate generated by the NixOS ACME module for the given host. Note that this will not generate a new certificate - you will need to do so with `security.acme.certs`."; + type = types.nullOr types.str; + default = null; + example = "example.com"; + }; + }; + }; + clientSubmodule = { config, ... }: { + options = commonOptions // { + connectTo = mkOption { + description = mdDoc "Server address and port to connect to."; + type = types.submodule hostPortSubmodule; + example = { + host = "example.com"; + }; + }; + + enableHTTPS = mkOption { + description = mdDoc "Enable HTTPS when connecting to the server."; + type = types.bool; + default = true; + }; + + localToRemote = mkOption { + description = mdDoc "Local hosts and ports to listen on, plus the hosts and ports on remote to forward traffic to. Setting a local port to a value less than 1024 will additionally give the process the required CAP_NET_BIND_SERVICE capability."; + type = types.listOf (types.submodule localRemoteSubmodule); + default = []; + example = [ { + local = { + host = "127.0.0.1"; + port = 8080; + }; + remote = { + host = "127.0.0.1"; + port = 8080; + }; + } ]; + }; + + dynamicToRemote = mkOption { + description = mdDoc "Host and port for the SOCKS5 proxy to dynamically forward traffic to. Leave this at `null` to disable the SOCKS5 proxy. Setting the port to a value less than 1024 will additionally give the service the required CAP_NET_BIND_SERVICE capability."; + type = types.nullOr (types.submodule hostPortSubmodule); + default = null; + example = { + host = "127.0.0.1"; + port = 1080; + }; + }; + + udp = mkOption { + description = mdDoc "Whether to forward UDP instead of TCP traffic."; + type = types.bool; + default = false; + }; + + udpTimeout = mkOption { + description = mdDoc "When using UDP forwarding, timeout in seconds after which the tunnel connection is closed. `-1` means no timeout."; + type = types.int; + default = 30; + }; + + httpProxy = mkOption { + description = mdDoc '' + Proxy to use to connect to the wstunnel server (`USER:PASS@HOST:PORT`). + + ::: {.warning} + Passwords specified here will be world-readable in the Nix store! To pass a password to the service, point the `environmentFile` option to a file containing `PROXY_PASSWORD=` and set this option to `:$PROXY_PASSWORD@:`. Note however that this will also locally leak the passwords at runtime via e.g. /proc//cmdline. + + ::: + ''; + type = types.nullOr types.str; + default = null; + }; + + soMark = mkOption { + description = mdDoc "Mark network packets with the SO_MARK sockoption with the specified value. Setting this option will also enable the required `CAP_NET_ADMIN` capability for the systemd service."; + type = types.nullOr types.int; + default = null; + }; + + upgradePathPrefix = mkOption { + description = mdDoc "Use a specific HTTP path prefix that will show up in the upgrade request to the `wstunnel` server. Useful when running `wstunnel` behind a reverse proxy."; + type = types.nullOr types.str; + default = null; + example = "wstunnel"; + }; + + hostHeader = mkOption { + description = mdDoc "Use this as the HTTP host header instead of the real hostname. Useful for circumventing hostname-based firewalls."; + type = types.nullOr types.str; + default = null; + }; + + tlsSNI = mkOption { + description = mdDoc "Use this as the SNI while connecting via TLS. Useful for circumventing hostname-based firewalls."; + type = types.nullOr types.str; + default = null; + }; + + tlsVerifyCertificate = mkOption { + description = mdDoc "Whether to verify the TLS certificate of the server. It might be useful to set this to `false` when working with the `tlsSNI` option."; + type = types.bool; + default = true; + }; + + # The original argument name `websocketPingFrequency` is a misnomer, as the frequency is the inverse of the interval. + websocketPingInterval = mkOption { + description = mdDoc "Do a heartbeat ping every N seconds to keep up the websocket connection."; + type = types.nullOr types.ints.unsigned; + default = null; + }; + + upgradeCredentials = mkOption { + description = mdDoc '' + Use these credentials to authenticate during the HTTP upgrade request (Basic authorization type, `USER:[PASS]`). + + ::: {.warning} + Passwords specified here will be world-readable in the Nix store! To pass a password to the service, point the `environmentFile` option to a file containing `HTTP_PASSWORD=` and set this option to `:$HTTP_PASSWORD`. Note however that this will also locally leak the passwords at runtime via e.g. /proc//cmdline. + ::: + ''; + type = types.nullOr types.str; + default = null; + }; + + customHeaders = mkOption { + description = mdDoc "Custom HTTP headers to send during the upgrade request."; + type = types.attrsOf types.str; + default = {}; + example = { + "X-Some-Header" = "some-value"; + }; + }; + }; + }; + generateServerUnit = name: serverCfg: { + name = "wstunnel-server-${name}"; + value = { + description = "wstunnel server - ${name}"; + requires = [ "network.target" "network-online.target" ]; + after = [ "network.target" "network-online.target" ]; + wantedBy = optional serverCfg.autoStart "multi-user.target"; + + serviceConfig = let + certConfig = config.security.acme.certs."${serverCfg.useACMEHost}"; + in { + Type = "simple"; + ExecStart = with serverCfg; let + resolvedTlsCertificate = if useACMEHost != null + then "${certConfig.directory}/fullchain.pem" + else tlsCertificate; + resolvedTlsKey = if useACMEHost != null + then "${certConfig.directory}/key.pem" + else tlsKey; + in '' + ${package}/bin/wstunnel \ + --server \ + ${optionalString (restrictTo != null) "--restrictTo=${utils.escapeSystemdExecArg (hostPortToString restrictTo)}"} \ + ${optionalString (resolvedTlsCertificate != null) "--tlsCertificate=${utils.escapeSystemdExecArg resolvedTlsCertificate}"} \ + ${optionalString (resolvedTlsKey != null) "--tlsKey=${utils.escapeSystemdExecArg resolvedTlsKey}"} \ + ${optionalString verboseLogging "--verbose"} \ + ${attrsToArgs extraArgs} \ + ${utils.escapeSystemdExecArg "${if enableHTTPS then "wss" else "ws"}://${hostPortToString listen}"} + ''; + EnvironmentFile = optional (serverCfg.environmentFile != null) serverCfg.environmentFile; + DynamicUser = true; + SupplementaryGroups = optional (serverCfg.useACMEHost != null) certConfig.group; + PrivateTmp = true; + AmbientCapabilities = optional (serverCfg.listen.port < 1024) [ "CAP_NET_BIND_SERVICE" ]; + NoNewPrivileges = true; + RestrictNamespaces = "uts ipc pid user cgroup"; + ProtectSystem = "strict"; + ProtectHome = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + PrivateDevices = true; + RestrictSUIDSGID = true; + + }; + }; + }; + generateClientUnit = name: clientCfg: { + name = "wstunnel-client-${name}"; + value = { + description = "wstunnel client - ${name}"; + requires = [ "network.target" "network-online.target" ]; + after = [ "network.target" "network-online.target" ]; + wantedBy = optional clientCfg.autoStart "multi-user.target"; + + serviceConfig = { + Type = "simple"; + ExecStart = with clientCfg; '' + ${package}/bin/wstunnel \ + ${concatStringsSep " " (builtins.map (x: "--localToRemote=${localRemoteToString x}") localToRemote)} \ + ${concatStringsSep " " (mapAttrsToList (n: v: "--customHeaders=\"${n}: ${v}\"") customHeaders)} \ + ${optionalString (dynamicToRemote != null) "--dynamicToRemote=${utils.escapeSystemdExecArg (hostPortToString dynamicToRemote)}"} \ + ${optionalString udp "--udp"} \ + ${optionalString (httpProxy != null) "--httpProxy=${httpProxy}"} \ + ${optionalString (soMark != null) "--soMark=${toString soMark}"} \ + ${optionalString (upgradePathPrefix != null) "--upgradePathPrefix=${upgradePathPrefix}"} \ + ${optionalString (hostHeader != null) "--hostHeader=${hostHeader}"} \ + ${optionalString (tlsSNI != null) "--tlsSNI=${tlsSNI}"} \ + ${optionalString tlsVerifyCertificate "--tlsVerifyCertificate"} \ + ${optionalString (websocketPingInterval != null) "--websocketPingFrequency=${toString websocketPingInterval}"} \ + ${optionalString (upgradeCredentials != null) "--upgradeCredentials=${upgradeCredentials}"} \ + --udpTimeoutSec=${toString udpTimeout} \ + ${optionalString verboseLogging "--verbose"} \ + ${attrsToArgs extraArgs} \ + ${utils.escapeSystemdExecArg "${if enableHTTPS then "wss" else "ws"}://${hostPortToString connectTo}"} + ''; + EnvironmentFile = optional (clientCfg.environmentFile != null) clientCfg.environmentFile; + DynamicUser = true; + PrivateTmp = true; + AmbientCapabilities = (optional (clientCfg.soMark != null) [ "CAP_NET_ADMIN" ]) ++ (optional ((clientCfg.dynamicToRemote.port or 1024) < 1024 || (any (x: x.local.port < 1024) clientCfg.localToRemote)) [ "CAP_NET_BIND_SERVICE" ]); + NoNewPrivileges = true; + RestrictNamespaces = "uts ipc pid user cgroup"; + ProtectSystem = "strict"; + ProtectHome = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + PrivateDevices = true; + RestrictSUIDSGID = true; + }; + }; + }; +in { + options.services.wstunnel = { + enable = mkEnableOption (mdDoc "wstunnel"); + + servers = mkOption { + description = mdDoc "`wstunnel` servers to set up."; + type = types.attrsOf (types.submodule serverSubmodule); + default = {}; + example = { + "wg-tunnel" = { + listen.port = 8080; + enableHTTPS = true; + tlsCertificate = "/var/lib/secrets/fullchain.pem"; + tlsKey = "/var/lib/secrets/key.pem"; + restrictTo = { + host = "127.0.0.1"; + port = 51820; + }; + }; + }; + }; + + clients = mkOption { + description = mdDoc "`wstunnel` clients to set up."; + type = types.attrsOf (types.submodule clientSubmodule); + default = {}; + example = { + "wg-tunnel" = { + connectTo = { + host = "example.com"; + port = 8080; + }; + enableHTTPS = true; + localToRemote = { + local = { + host = "127.0.0.1"; + port = 51820; + }; + remote = { + host = "127.0.0.1"; + port = 51820; + }; + }; + udp = true; + }; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services = (mapAttrs' generateServerUnit (filterAttrs (n: v: v.enable) cfg.servers)) // (mapAttrs' generateClientUnit (filterAttrs (n: v: v.enable) cfg.clients)); + + assertions = (mapAttrsToList (name: serverCfg: { + assertion = !(serverCfg.useACMEHost != null && (serverCfg.tlsCertificate != null || serverCfg.tlsKey != null)); + message = '' + Options services.wstunnel.servers."${name}".useACMEHost and services.wstunnel.servers."${name}".{tlsCertificate, tlsKey} are mutually exclusive. + ''; + }) cfg.servers) ++ + (mapAttrsToList (name: serverCfg: { + assertion = !((serverCfg.tlsCertificate != null || serverCfg.tlsKey != null) && !(serverCfg.tlsCertificate != null && serverCfg.tlsKey != null)); + message = '' + services.wstunnel.servers."${name}".tlsCertificate and services.wstunnel.servers."${name}".tlsKey need to be set together. + ''; + }) cfg.servers) ++ + (mapAttrsToList (name: clientCfg: { + assertion = !(clientCfg.localToRemote == [] && clientCfg.dynamicToRemote == null); + message = '' + Either one of services.wstunnel.clients."${name}".localToRemote or services.wstunnel.clients."${name}".dynamicToRemote must be set. + ''; + }) cfg.clients); + }; + + meta.maintainers = with maintainers; [ alyaeanyx ]; +} diff --git a/pkgs/applications/misc/tuba/default.nix b/pkgs/applications/misc/tuba/default.nix index f884a3984d6c..f98a5d0c3e98 100644 --- a/pkgs/applications/misc/tuba/default.nix +++ b/pkgs/applications/misc/tuba/default.nix @@ -6,16 +6,17 @@ , ninja , python3 , pkg-config -, wrapGAppsHook +, wrapGAppsHook4 , desktop-file-utils , gtk4 , libadwaita , json-glib , glib , glib-networking +, gtksourceview5 , libxml2 , libgee -, libsoup +, libsoup_3 , libsecret , gst_all_1 , nix-update-script @@ -23,12 +24,12 @@ stdenv.mkDerivation rec { pname = "tuba"; - version = "0.1.0"; + version = "0.2.0"; src = fetchFromGitHub { owner = "GeopJr"; repo = "Tuba"; rev = "v${version}"; - hash = "sha256-dkURVzbDBrE4bBUvf2fPqvgLKE07tn7jl3OudZpEWUo="; + hash = "sha256-LPhGGIHvN/hc71PL50TBw1Q0ysubdtJaEiUEI29HRrE="; }; nativeBuildInputs = [ @@ -37,17 +38,18 @@ stdenv.mkDerivation rec { pkg-config vala python3 - wrapGAppsHook + wrapGAppsHook4 desktop-file-utils ]; buildInputs = [ glib glib-networking + gtksourceview5 json-glib libxml2 libgee - libsoup + libsoup_3 gtk4 libadwaita libsecret @@ -68,7 +70,9 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Browse the Fediverse"; homepage = "https://tuba.geopjr.dev/"; + mainProgram = "dev.geopjr.Tuba"; license = licenses.gpl3Only; + changelog = "https://github.com/GeopJr/Tuba/releases/tag/v${version}"; maintainers = with maintainers; [ chuangzhu ]; }; } diff --git a/pkgs/applications/office/treesheets/default.nix b/pkgs/applications/office/treesheets/default.nix index eb6746af7527..a2a967bf31cf 100644 --- a/pkgs/applications/office/treesheets/default.nix +++ b/pkgs/applications/office/treesheets/default.nix @@ -12,13 +12,13 @@ stdenv.mkDerivation rec { pname = "treesheets"; - version = "unstable-2023-03-18"; + version = "unstable-2023-04-04"; src = fetchFromGitHub { owner = "aardappel"; repo = "treesheets"; - rev = "fd73698ba15b36cfd1f1726e51558405a56c6cd2"; - sha256 = "kGpze5aBbBjhLTU9jV2xX44iO82skgbxVKc0lHndezw="; + rev = "a7d0065763c0bf0cfc2b410b17cb1fce33619616"; + sha256 = "wDAheXzObiqFkZ2ZVQAzMVZT5mzIEzxh6jNwPiPoWis="; }; nativeBuildInputs = [ diff --git a/pkgs/data/icons/numix-icon-theme-square/default.nix b/pkgs/data/icons/numix-icon-theme-square/default.nix index 9aa84ad472ab..0c64d55f0618 100644 --- a/pkgs/data/icons/numix-icon-theme-square/default.nix +++ b/pkgs/data/icons/numix-icon-theme-square/default.nix @@ -2,13 +2,13 @@ stdenvNoCC.mkDerivation rec { pname = "numix-icon-theme-square"; - version = "23.03.19"; + version = "23.04.05"; src = fetchFromGitHub { owner = "numixproject"; repo = pname; rev = version; - sha256 = "sha256-Hdwby8U9D+k4AjKyDeWhCfGr7z7ETNQPr1lnwweAp7g="; + sha256 = "sha256-fyb0qHmZev7kH8/q6mk2WPT30Szx1/jLIweq12eAIaw="; }; nativeBuildInputs = [ gtk3 ]; diff --git a/pkgs/development/ocaml-modules/atdgen/codec-runtime.nix b/pkgs/development/ocaml-modules/atdgen/codec-runtime.nix index 6dce840e914c..ab1e82df1e99 100644 --- a/pkgs/development/ocaml-modules/atdgen/codec-runtime.nix +++ b/pkgs/development/ocaml-modules/atdgen/codec-runtime.nix @@ -2,11 +2,13 @@ buildDunePackage rec { pname = "atdgen-codec-runtime"; - version = "2.10.0"; + version = "2.11.0"; + + duneVersion = "3"; src = fetchurl { url = "https://github.com/ahrefs/atd/releases/download/${version}/atdts-${version}.tbz"; - sha256 = "sha256-d9J0CaTp2sQbnKLp6mCDbGwYAIsioVer7ftaLSSFCZg="; + hash = "sha256-TTTuSxNKydPmTmztUapLoxntBIrAo8aWYIJ/G5cok1Y="; }; meta = { diff --git a/pkgs/development/ocaml-modules/atdgen/default.nix b/pkgs/development/ocaml-modules/atdgen/default.nix index 07ee079cae30..60bca80fa6f4 100644 --- a/pkgs/development/ocaml-modules/atdgen/default.nix +++ b/pkgs/development/ocaml-modules/atdgen/default.nix @@ -6,6 +6,8 @@ buildDunePackage { pname = "atdgen"; inherit (atdgen-codec-runtime) version src; + duneVersion = "3"; + buildInputs = [ atd re ]; propagatedBuildInputs = [ atdgen-runtime ]; diff --git a/pkgs/development/ocaml-modules/atdgen/runtime.nix b/pkgs/development/ocaml-modules/atdgen/runtime.nix index 0006e8613c58..c70d3752cdef 100644 --- a/pkgs/development/ocaml-modules/atdgen/runtime.nix +++ b/pkgs/development/ocaml-modules/atdgen/runtime.nix @@ -5,6 +5,7 @@ buildDunePackage rec { inherit (atdgen-codec-runtime) version src; minimalOCamlVersion = "4.08"; + duneVersion = "3"; propagatedBuildInputs = [ biniou yojson ]; diff --git a/pkgs/development/ocaml-modules/elpi/default.nix b/pkgs/development/ocaml-modules/elpi/default.nix index e921ffd06456..4467ce3de8cd 100644 --- a/pkgs/development/ocaml-modules/elpi/default.nix +++ b/pkgs/development/ocaml-modules/elpi/default.nix @@ -35,6 +35,7 @@ buildDunePackage rec { ./atd_2_10.patch; minimalOCamlVersion = "4.04"; + duneVersion = "3"; # atdgen is both a library and executable nativeBuildInputs = [ perl ] diff --git a/pkgs/development/python-modules/asyncwhois/default.nix b/pkgs/development/python-modules/asyncwhois/default.nix index 6f9d5a5eac00..f650e7a17e65 100644 --- a/pkgs/development/python-modules/asyncwhois/default.nix +++ b/pkgs/development/python-modules/asyncwhois/default.nix @@ -11,7 +11,7 @@ buildPythonPackage rec { pname = "asyncwhois"; - version = "1.0.4"; + version = "1.0.5"; format = "setuptools"; disabled = pythonOlder "3.7"; @@ -20,7 +20,7 @@ buildPythonPackage rec { owner = "pogzyb"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-ygpmm0CF+L871CpHZEmzdJQvin1uYZMb7kkilrom1YU="; + hash = "sha256-ILKnJlPT8BuZK06xk7fWYXcdn9SRL5zA3+B6CfJwvKM="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/jiwer/default.nix b/pkgs/development/python-modules/jiwer/default.nix index 42c9192255f8..94d92579d7ab 100644 --- a/pkgs/development/python-modules/jiwer/default.nix +++ b/pkgs/development/python-modules/jiwer/default.nix @@ -2,6 +2,7 @@ , buildPythonPackage , fetchFromGitHub , poetry-core +, pythonRelaxDepsHook , rapidfuzz , click }: @@ -20,6 +21,7 @@ buildPythonPackage rec { nativeBuildInputs = [ poetry-core + pythonRelaxDepsHook ]; propagatedBuildInputs = [ @@ -27,10 +29,14 @@ buildPythonPackage rec { click ]; + pythonRelaxDeps = [ + "rapidfuzz" + ]; + pythonImportsCheck = [ "jiwer" ]; meta = with lib; { - description = "JiWER is a simple and fast python package to evaluate an automatic speech recognition system"; + description = "A simple and fast python package to evaluate an automatic speech recognition system"; homepage = "https://github.com/jitsi/jiwer"; license = licenses.asl20; maintainers = with maintainers; [ GaetanLepage ]; diff --git a/pkgs/development/python-modules/lsprotocol/default.nix b/pkgs/development/python-modules/lsprotocol/default.nix index b447ab18cba5..8e945b841091 100644 --- a/pkgs/development/python-modules/lsprotocol/default.nix +++ b/pkgs/development/python-modules/lsprotocol/default.nix @@ -13,7 +13,7 @@ buildPythonPackage rec { pname = "lsprotocol"; - version = "2022.0.0a10"; + version = "2023.0.0a1"; format = "pyproject"; disabled = pythonOlder "3.7"; @@ -22,7 +22,7 @@ buildPythonPackage rec { owner = "microsoft"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-IAFNEWpBRVAGcJNIV1bog9K2nANRw/qJfCJ9+Wu/yJc="; + hash = "sha256-gfsqn9NtO7meMks4dUhrTYVlr69Ffh339GD9FvCJvJM="; }; nativeBuildInputs = [ @@ -44,6 +44,14 @@ buildPythonPackage rec { pyhamcrest ]; + preBuild = '' + cd packages/python + ''; + + preCheck = '' + cd ../../ + ''; + checkPhase = '' runHook preCheck diff --git a/pkgs/development/python-modules/mitmproxy-wireguard/default.nix b/pkgs/development/python-modules/mitmproxy-wireguard/default.nix index 47c3a230cdd8..b67459a5de02 100644 --- a/pkgs/development/python-modules/mitmproxy-wireguard/default.nix +++ b/pkgs/development/python-modules/mitmproxy-wireguard/default.nix @@ -11,7 +11,7 @@ buildPythonPackage rec { pname = "mitmproxy-wireguard"; - version = "0.1.21"; + version = "0.1.23"; format = "pyproject"; disabled = pythonOlder "3.7"; @@ -20,7 +20,7 @@ buildPythonPackage rec { owner = "decathorpe"; repo = "mitmproxy_wireguard"; rev = "refs/tags/${version}"; - hash = "sha256-479JCAxc6bK5X8nKKyzLvmuxPYPj5M19sZiO9vaK0DM="; + hash = "sha256-z9ucTBLLRXc1lcHA0r1wUleoP8X7yIlHrtdZdLD9qJk="; }; buildInputs = lib.optionals stdenv.isDarwin [ @@ -38,7 +38,7 @@ buildPythonPackage rec { cargoDeps = rustPlatform.fetchCargoTarball { inherit src; name = "${pname}-${version}"; - hash = "sha256-3reDkpnLTS32MZvvbRzDJovzUPAZmn2WRThmmeHGVXY="; + hash = "sha256-qgyAaUpyuWVYMxUA4Gg8inlUMlSLo++16+nVvmDMhTQ="; }; # Module has no tests, only a test client diff --git a/pkgs/development/python-modules/pontos/default.nix b/pkgs/development/python-modules/pontos/default.nix index 81250bf2f90d..674699bb0e91 100644 --- a/pkgs/development/python-modules/pontos/default.nix +++ b/pkgs/development/python-modules/pontos/default.nix @@ -17,7 +17,7 @@ buildPythonPackage rec { pname = "pontos"; - version = "23.3.6"; + version = "23.4.0"; format = "pyproject"; disabled = pythonOlder "3.9"; @@ -26,7 +26,7 @@ buildPythonPackage rec { owner = "greenbone"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-cs+UeE5QRL/yzFABpMQ4masbLHwG++Ipu5GidXJ1Y0E="; + hash = "sha256-nMuf8k7o7cCpvk9IUp7lz6jM7rqCxHq4uT51R1w8jtM="; }; nativeBuildInputs = [ diff --git a/pkgs/development/skaware-packages/execline/default.nix b/pkgs/development/skaware-packages/execline/default.nix index 204e305041af..c57db9240155 100644 --- a/pkgs/development/skaware-packages/execline/default.nix +++ b/pkgs/development/skaware-packages/execline/default.nix @@ -2,7 +2,7 @@ with skawarePackages; let - version = "2.9.1.0"; + version = "2.9.3.0"; # Maintainer of manpages uses following versioning scheme: for every # upstream $version he tags manpages release as ${version}.1, and, @@ -19,7 +19,7 @@ in buildPackage { inherit version; pname = "execline"; - sha256 = "tdaOAh+gxGeQidJlEQpsgfTswUEGe/aG3MtL/QYcBAQ="; + sha256 = "yAJ/pwki0RfN7ozCDSd+ONA/2WDm0TbYzsMmA9TsI40="; description = "A small scripting language, to be used in place of a shell in non-interactive scripts"; diff --git a/pkgs/development/skaware-packages/mdevd/default.nix b/pkgs/development/skaware-packages/mdevd/default.nix index 0c471087750d..3762e4a16d94 100644 --- a/pkgs/development/skaware-packages/mdevd/default.nix +++ b/pkgs/development/skaware-packages/mdevd/default.nix @@ -4,8 +4,8 @@ with skawarePackages; buildPackage { pname = "mdevd"; - version = "0.1.6.1"; - sha256 = "XAHk55QW22zZk++KkBRii48fC2xkMnWYhIhRL6pUBLE="; + version = "0.1.6.2"; + sha256 = "rC/PkATweQRZLFiU4sQB4VuwJ+zze8uOpmHip5k0R74="; description = "mdev-compatible Linux hotplug manager daemon"; platforms = lib.platforms.linux; diff --git a/pkgs/development/skaware-packages/nsss/default.nix b/pkgs/development/skaware-packages/nsss/default.nix index 95d83ce7424d..1533da89bcbe 100644 --- a/pkgs/development/skaware-packages/nsss/default.nix +++ b/pkgs/development/skaware-packages/nsss/default.nix @@ -4,8 +4,8 @@ with skawarePackages; buildPackage { pname = "nsss"; - version = "0.2.0.2"; - sha256 = "e6XqmitSjoNhJ1DkiRzZulbVxE9TCrxCRTqLk5Cmwuw="; + version = "0.2.0.3"; + sha256 = "seOX7VsydhGnwsjB3GDpH+81PFT+rUZPiHcgvAkUFI4="; description = "An implementation of a subset of the pwd.h, group.h and shadow.h family of functions."; diff --git a/pkgs/development/skaware-packages/s6-linux-init/default.nix b/pkgs/development/skaware-packages/s6-linux-init/default.nix index 81243b092cfd..f95e2343cb14 100644 --- a/pkgs/development/skaware-packages/s6-linux-init/default.nix +++ b/pkgs/development/skaware-packages/s6-linux-init/default.nix @@ -4,8 +4,8 @@ with skawarePackages; buildPackage { pname = "s6-linux-init"; - version = "1.0.8.1"; - sha256 = "KdBjEZRQGQJEju0MRoQNYNgOs7uXr8MwtNEVYUSPx8w="; + version = "1.1.1.0"; + sha256 = "rUg/NTJleQB+Wn48ufH9EXfq9x7FwRxHzXhKBClWqO4="; description = "A set of minimalistic tools used to create a s6-based init system, including a /sbin/init binary, on a Linux kernel"; platforms = lib.platforms.linux; diff --git a/pkgs/development/skaware-packages/s6-linux-utils/default.nix b/pkgs/development/skaware-packages/s6-linux-utils/default.nix index afca1f30de46..f6eba321c198 100644 --- a/pkgs/development/skaware-packages/s6-linux-utils/default.nix +++ b/pkgs/development/skaware-packages/s6-linux-utils/default.nix @@ -4,8 +4,8 @@ with skawarePackages; buildPackage { pname = "s6-linux-utils"; - version = "2.6.0.1"; - sha256 = "/YUZIdSrthHrry0Nby2VNAlS5+fc1b/FQRUSCuDeGeQ="; + version = "2.6.1.2"; + sha256 = "2GPcXXgt535GUEFFGI+1fbsLZiUGF6Z9NB6wy0qdnNk="; description = "A set of minimalistic Linux-specific system utilities"; platforms = lib.platforms.linux; @@ -25,6 +25,7 @@ buildPackage { postInstall = '' # remove all s6 executables from build directory rm $(find -name "s6-*" -type f -mindepth 1 -maxdepth 1 -executable) rngseed + rm libs6ps.a.xyzzy mv doc $doc/share/doc/s6-linux-utils/html ''; diff --git a/pkgs/development/skaware-packages/s6-networking/default.nix b/pkgs/development/skaware-packages/s6-networking/default.nix index 687a8f180c77..e8367dd19cda 100644 --- a/pkgs/development/skaware-packages/s6-networking/default.nix +++ b/pkgs/development/skaware-packages/s6-networking/default.nix @@ -19,8 +19,8 @@ assert sslSupportEnabled -> sslLibs ? ${sslSupport}; buildPackage { pname = "s6-networking"; - version = "2.5.1.2"; - sha256 = "0HLetnpMpNfFEmQMXzOnZse4VDZJSXJ9NgBzjGdp8UY="; + version = "2.5.1.3"; + sha256 = "oJ5DyVn/ngyqj/QAJgjnPA9X+H8EqNnCTmya/v5F6Xc="; description = "A suite of small networking utilities for Unix systems"; diff --git a/pkgs/development/skaware-packages/s6-portable-utils/default.nix b/pkgs/development/skaware-packages/s6-portable-utils/default.nix index 9b73c1ac9bc0..759731bfe1b1 100644 --- a/pkgs/development/skaware-packages/s6-portable-utils/default.nix +++ b/pkgs/development/skaware-packages/s6-portable-utils/default.nix @@ -4,8 +4,8 @@ with skawarePackages; buildPackage { pname = "s6-portable-utils"; - version = "2.2.5.1"; - sha256 = "RXMd0uZ0QNEk55sIRDGh66jC0SN/Fyi2l35TOv93ra4="; + version = "2.3.0.2"; + sha256 = "hxQmkTTwEmUNqsBA5WRjct6lZYucDYmnygO7Kr7E0eg="; description = "A set of tiny general Unix utilities optimized for simplicity and small size"; diff --git a/pkgs/development/skaware-packages/s6-rc/default.nix b/pkgs/development/skaware-packages/s6-rc/default.nix index 881d4748fd42..442e29dac17d 100644 --- a/pkgs/development/skaware-packages/s6-rc/default.nix +++ b/pkgs/development/skaware-packages/s6-rc/default.nix @@ -4,8 +4,8 @@ with skawarePackages; buildPackage { pname = "s6-rc"; - version = "0.5.3.3"; - sha256 = "M5jxDAYy45vWnkirVtVv3mtIx/AgDq0Dom+ygwkIZSo="; + version = "0.5.4.1"; + sha256 = "1yaMq3xUIzBc+VmKM9T82rijFZUrPsgPechbjLdhWPY="; description = "A service manager for s6-based systems"; platforms = lib.platforms.unix; diff --git a/pkgs/development/skaware-packages/s6/default.nix b/pkgs/development/skaware-packages/s6/default.nix index 9116ec67b77d..35d90086ad16 100644 --- a/pkgs/development/skaware-packages/s6/default.nix +++ b/pkgs/development/skaware-packages/s6/default.nix @@ -4,8 +4,8 @@ with skawarePackages; buildPackage { pname = "s6"; - version = "2.11.2.0"; - sha256 = "n7Q2kOYBjZRzO03BjMaSbwJFRQik3YYGDJtLnSDcgDc="; + version = "2.11.3.2"; + sha256 = "fBYTitLw/74O0q6N0M7K2p98eH7dM6aQhNIZEQaT33Q="; description = "skarnet.org's small & secure supervision software suite"; diff --git a/pkgs/development/skaware-packages/skalibs/default.nix b/pkgs/development/skaware-packages/skalibs/default.nix index 2094d84beb6b..3123b8c42761 100644 --- a/pkgs/development/skaware-packages/skalibs/default.nix +++ b/pkgs/development/skaware-packages/skalibs/default.nix @@ -4,8 +4,8 @@ with skawarePackages; buildPackage { pname = "skalibs"; - version = "2.13.0.0"; - sha256 = "uHW/PfPw9QCYTMr+RampWt1+QCaznujaYg8JYGvnT8w="; + version = "2.13.1.1"; + sha256 = "snKhq3mff6xEubT7Ws54qWFrL+SIIVl1S4CIxNgZnjM="; description = "A set of general-purpose C programming libraries"; diff --git a/pkgs/development/tools/argc/default.nix b/pkgs/development/tools/argc/default.nix index ce1e569b56de..d8e7c0ffb748 100644 --- a/pkgs/development/tools/argc/default.nix +++ b/pkgs/development/tools/argc/default.nix @@ -2,21 +2,24 @@ rustPlatform.buildRustPackage rec { pname = "argc"; - version = "0.15.1"; + version = "1.0.0"; src = fetchFromGitHub { owner = "sigoden"; repo = pname; rev = "v${version}"; - sha256 = "sha256-hN8M12evYxqNSsQKm0oRf3/b7WUf8k8pWa+0vRHstv4="; + hash = "sha256-lZtAhsEfMzj8Irl7LQPzjBNiKKy8091p2XoB5wSPhKM="; }; - cargoSha256 = "sha256-JCFBA9LuNILJs4flzD/bGpv/R2vxMlA0aFTVdGKKs5I="; + cargoHash = "sha256-L0FX4RuJ5n76CCWVpGQryX7usXGBN55W9+y83s9JJug="; nativeBuildInputs = [ installShellFiles ]; postInstall = '' - installShellCompletion completions/argc.{bash,fish,zsh} + installShellCompletion --cmd argc \ + --bash <($out/bin/argc --argc-completions bash) \ + --fish <($out/bin/argc --argc-completions fish) \ + --zsh <($out/bin/argc --argc-completions zsh) ''; meta = with lib; { diff --git a/pkgs/development/tools/cloud-nuke/default.nix b/pkgs/development/tools/cloud-nuke/default.nix index 565f6d9a6a9a..67abc09d6a30 100644 --- a/pkgs/development/tools/cloud-nuke/default.nix +++ b/pkgs/development/tools/cloud-nuke/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "cloud-nuke"; - version = "0.27.1"; + version = "0.29.0"; src = fetchFromGitHub { owner = "gruntwork-io"; repo = pname; rev = "v${version}"; - hash = "sha256-HzQKbG2Bzh3JcvRn6dUlL+n9IeDj/EhC7ir9HcmS96w="; + hash = "sha256-v+YUd9dPp3KO1lsGDrDEEdrXNM53M0TOCF643pjq3tA="; }; - vendorHash = "sha256-++LBd8FDZzZlwlCvwc1foBm8yx62YcJr0enJZxb9ZI0="; + vendorHash = "sha256-shn/0xUQO9cm54wYJBWNOsP1NalYKOTJ5Kf4i6KCfx4="; ldflags = [ "-s" "-w" "-X main.VERSION=${version}" ]; diff --git a/pkgs/development/tools/tracy/0001-remove-unifiedtypeidentifiers-framework b/pkgs/development/tools/tracy/0001-remove-unifiedtypeidentifiers-framework new file mode 100644 index 000000000000..0dc5a7eb68f1 --- /dev/null +++ b/pkgs/development/tools/tracy/0001-remove-unifiedtypeidentifiers-framework @@ -0,0 +1,13 @@ +diff --git a/profiler/build/unix/legacy.mk b/profiler/build/unix/legacy.mk +index 24765f1a..8baffb68 100644 +--- a/profiler/build/unix/legacy.mk ++++ b/profiler/build/unix/legacy.mk +@@ -16,7 +16,7 @@ else + UNAME := $(shell uname -s) + ifeq ($(UNAME),Darwin) + SRC3 += ../../../nfd/nfd_cocoa.m +- LIBS += -framework CoreFoundation -framework AppKit -framework UniformTypeIdentifiers ++ LIBS += -framework CoreFoundation -framework AppKit + else + ifdef TRACY_GTK_FILESELECTOR + SRC += ../../../nfd/nfd_gtk.cpp diff --git a/pkgs/development/tools/tracy/default.nix b/pkgs/development/tools/tracy/default.nix index 00e121adc718..a380b9fbd791 100644 --- a/pkgs/development/tools/tracy/default.nix +++ b/pkgs/development/tools/tracy/default.nix @@ -1,25 +1,29 @@ { stdenv, lib, darwin, fetchFromGitHub -, tbb, gtk3, glfw, pkg-config, freetype, Carbon, AppKit, capstone, dbus +, tbb, glfw, pkg-config, freetype, Carbon, AppKit, capstone, dbus, hicolor-icon-theme }: let disableLTO = stdenv.cc.isClang && stdenv.isDarwin; # workaround issue #19098 in stdenv.mkDerivation rec { pname = "tracy"; - version = "0.9"; + version = "0.9.1"; src = fetchFromGitHub { owner = "wolfpld"; repo = "tracy"; rev = "v${version}"; - sha256 = "sha256-cdVkY1dSag37JdbsoJp2/0QHO5G+zsftqwBVqRpMiew="; + sha256 = "sha256-K1lQNRS8+ju9HyKNVXtHqslrPWcPgazzTitvwkIO3P4"; }; + patches = [ ] + ++ lib.optionals (stdenv.isDarwin && !(lib.versionAtLeast stdenv.hostPlatform.darwinMinVersion "11")) [ ./0001-remove-unifiedtypeidentifiers-framework ]; + nativeBuildInputs = [ pkg-config ]; buildInputs = [ glfw capstone ] ++ lib.optionals stdenv.isDarwin [ Carbon AppKit freetype ] - ++ lib.optionals stdenv.isLinux [ gtk3 tbb dbus ]; + ++ lib.optionals (stdenv.isDarwin && lib.versionAtLeast stdenv.hostPlatform.darwinMinVersion "11") [ darwin.apple_sdk.frameworks.UniformTypeIdentifiers ] + ++ lib.optionals stdenv.isLinux [ tbb dbus hicolor-icon-theme freetype ]; env.NIX_CFLAGS_COMPILE = toString ([ ] # Apple's compiler finds a format string security error on @@ -32,7 +36,7 @@ in stdenv.mkDerivation rec { NIX_CFLAGS_LINK = lib.optional disableLTO "-fno-lto"; buildPhase = '' - make -j $NIX_BUILD_CORES -C profiler/build/unix release + make -j $NIX_BUILD_CORES -C profiler/build/unix release LEGACY=1 make -j $NIX_BUILD_CORES -C import-chrome/build/unix/ release make -j $NIX_BUILD_CORES -C capture/build/unix/ release make -j $NIX_BUILD_CORES -C update/build/unix/ release diff --git a/pkgs/tools/misc/wakatime/default.nix b/pkgs/tools/misc/wakatime/default.nix index eda5790c7c41..d2274d908956 100644 --- a/pkgs/tools/misc/wakatime/default.nix +++ b/pkgs/tools/misc/wakatime/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "wakatime"; - version = "1.70.0"; + version = "1.70.1"; src = fetchFromGitHub { owner = "wakatime"; repo = "wakatime-cli"; rev = "v${version}"; - hash = "sha256-JURz3xPZIqrPreh+kT+o62cOhw55anUH4kqaT3t0tM0="; + hash = "sha256-PZIO8ULvSdsOeRLGPrsRyoql8Z4Xq7z4q/AErw239BI="; }; vendorHash = "sha256-SlYYrlRDBvhNm2BxemK9HzzsqM/RGH/sDQXpoGEY8rw=";