Merge master into staging-next
This commit is contained in:
commit
784572e7cf
39 changed files with 888 additions and 218 deletions
|
@ -496,7 +496,7 @@ runTests {
|
|||
|
||||
testToPretty =
|
||||
let
|
||||
deriv = derivation { name = "test"; builder = "/bin/sh"; system = builtins.currentSystem; };
|
||||
deriv = derivation { name = "test"; builder = "/bin/sh"; system = "aarch64-linux"; };
|
||||
in {
|
||||
expr = mapAttrs (const (generators.toPretty { multiline = false; })) rec {
|
||||
int = 42;
|
||||
|
|
|
@ -19,8 +19,16 @@
|
|||
</section>
|
||||
<section xml:id="sec-release-22.05-new-services">
|
||||
<title>New Services</title>
|
||||
<para>
|
||||
</para>
|
||||
<itemizedlist spacing="compact">
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw">aesmd</link>,
|
||||
the Intel SGX Architectural Enclave Service Manager. Available
|
||||
as
|
||||
<link linkend="opt-services.aesmd.enable">services.aesmd</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="sec-release-22.05-incompatibilities">
|
||||
<title>Backward Incompatibilities</title>
|
||||
|
|
|
@ -8,6 +8,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
## New Services {#sec-release-22.05-new-services}
|
||||
|
||||
- [aesmd](https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw), the Intel SGX Architectural Enclave Service Manager. Available as [services.aesmd](#opt-services.aesmd.enable).
|
||||
|
||||
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
|
||||
|
||||
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.
|
||||
|
|
47
nixos/modules/hardware/cpu/intel-sgx.nix
Normal file
47
nixos/modules/hardware/cpu/intel-sgx.nix
Normal file
|
@ -0,0 +1,47 @@
|
|||
{ config, lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.hardware.cpu.intel.sgx.provision;
|
||||
defaultGroup = "sgx_prv";
|
||||
in
|
||||
{
|
||||
options.hardware.cpu.intel.sgx.provision = {
|
||||
enable = mkEnableOption "access to the Intel SGX provisioning device";
|
||||
user = mkOption {
|
||||
description = "Owner to assign to the SGX provisioning device.";
|
||||
type = types.str;
|
||||
default = "root";
|
||||
};
|
||||
group = mkOption {
|
||||
description = "Group to assign to the SGX provisioning device.";
|
||||
type = types.str;
|
||||
default = defaultGroup;
|
||||
};
|
||||
mode = mkOption {
|
||||
description = "Mode to set for the SGX provisioning device.";
|
||||
type = types.str;
|
||||
default = "0660";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [
|
||||
{
|
||||
assertion = hasAttr cfg.user config.users.users;
|
||||
message = "Given user does not exist";
|
||||
}
|
||||
{
|
||||
assertion = (cfg.group == defaultGroup) || (hasAttr cfg.group config.users.groups);
|
||||
message = "Given group does not exist";
|
||||
}
|
||||
];
|
||||
|
||||
users.groups = optionalAttrs (cfg.group == defaultGroup) {
|
||||
"${cfg.group}" = { };
|
||||
};
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="misc", KERNEL=="sgx_provision", OWNER="${cfg.user}", GROUP="${cfg.group}", MODE="${cfg.mode}"
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -45,6 +45,7 @@
|
|||
./hardware/ckb-next.nix
|
||||
./hardware/cpu/amd-microcode.nix
|
||||
./hardware/cpu/intel-microcode.nix
|
||||
./hardware/cpu/intel-sgx.nix
|
||||
./hardware/corectrl.nix
|
||||
./hardware/digitalbitbox.nix
|
||||
./hardware/device-tree.nix
|
||||
|
@ -928,6 +929,7 @@
|
|||
./services/search/kibana.nix
|
||||
./services/search/meilisearch.nix
|
||||
./services/search/solr.nix
|
||||
./services/security/aesmd.nix
|
||||
./services/security/certmgr.nix
|
||||
./services/security/cfssl.nix
|
||||
./services/security/clamav.nix
|
||||
|
|
227
nixos/modules/services/security/aesmd.nix
Normal file
227
nixos/modules/services/security/aesmd.nix
Normal file
|
@ -0,0 +1,227 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.services.aesmd;
|
||||
|
||||
sgx-psw = pkgs.sgx-psw.override { inherit (cfg) debug; };
|
||||
|
||||
configFile = with cfg.settings; pkgs.writeText "aesmd.conf" (
|
||||
concatStringsSep "\n" (
|
||||
optional (whitelistUrl != null) "whitelist url = ${whitelistUrl}" ++
|
||||
optional (proxy != null) "aesm proxy = ${proxy}" ++
|
||||
optional (proxyType != null) "proxy type = ${proxyType}" ++
|
||||
optional (defaultQuotingType != null) "default quoting type = ${defaultQuotingType}" ++
|
||||
# Newline at end of file
|
||||
[ "" ]
|
||||
)
|
||||
);
|
||||
in
|
||||
{
|
||||
options.services.aesmd = {
|
||||
enable = mkEnableOption "Intel's Architectural Enclave Service Manager (AESM) for Intel SGX";
|
||||
debug = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to build the PSW package in debug mode.";
|
||||
};
|
||||
settings = mkOption {
|
||||
description = "AESM configuration";
|
||||
default = { };
|
||||
type = types.submodule {
|
||||
options.whitelistUrl = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
example = "http://whitelist.trustedservices.intel.com/SGX/LCWL/Linux/sgx_white_list_cert.bin";
|
||||
description = "URL to retrieve authorized Intel SGX enclave signers.";
|
||||
};
|
||||
options.proxy = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
example = "http://proxy_url:1234";
|
||||
description = "HTTP network proxy.";
|
||||
};
|
||||
options.proxyType = mkOption {
|
||||
type = with types; nullOr (enum [ "default" "direct" "manual" ]);
|
||||
default = if (cfg.settings.proxy != null) then "manual" else null;
|
||||
example = "default";
|
||||
description = ''
|
||||
Type of proxy to use. The <literal>default</literal> uses the system's default proxy.
|
||||
If <literal>direct</literal> is given, uses no proxy.
|
||||
A value of <literal>manual</literal> uses the proxy from
|
||||
<option>services.aesmd.settings.proxy</option>.
|
||||
'';
|
||||
};
|
||||
options.defaultQuotingType = mkOption {
|
||||
type = with types; nullOr (enum [ "ecdsa_256" "epid_linkable" "epid_unlinkable" ]);
|
||||
default = null;
|
||||
example = "ecdsa_256";
|
||||
description = "Attestation quote type.";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [{
|
||||
assertion = !(config.boot.specialFileSystems."/dev".options ? "noexec");
|
||||
message = "SGX requires exec permission for /dev";
|
||||
}];
|
||||
|
||||
hardware.cpu.intel.sgx.provision.enable = true;
|
||||
|
||||
systemd.services.aesmd =
|
||||
let
|
||||
storeAesmFolder = "${sgx-psw}/aesm";
|
||||
# Hardcoded path AESM_DATA_FOLDER in psw/ae/aesm_service/source/oal/linux/aesm_util.cpp
|
||||
aesmDataFolder = "/var/opt/aesmd/data";
|
||||
aesmStateDirSystemd = "%S/aesmd";
|
||||
in
|
||||
{
|
||||
description = "Intel Architectural Enclave Service Manager";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
after = [
|
||||
"auditd.service"
|
||||
"network.target"
|
||||
"syslog.target"
|
||||
];
|
||||
|
||||
environment = {
|
||||
NAME = "aesm_service";
|
||||
AESM_PATH = storeAesmFolder;
|
||||
LD_LIBRARY_PATH = storeAesmFolder;
|
||||
};
|
||||
|
||||
# Make sure any of the SGX application enclave devices is available
|
||||
unitConfig.AssertPathExists = [
|
||||
# legacy out-of-tree driver
|
||||
"|/dev/isgx"
|
||||
# DCAP driver
|
||||
"|/dev/sgx/enclave"
|
||||
# in-tree driver
|
||||
"|/dev/sgx_enclave"
|
||||
];
|
||||
|
||||
serviceConfig = rec {
|
||||
ExecStartPre = pkgs.writeShellScript "copy-aesmd-data-files.sh" ''
|
||||
set -euo pipefail
|
||||
whiteListFile="${aesmDataFolder}/white_list_cert_to_be_verify.bin"
|
||||
if [[ ! -f "$whiteListFile" ]]; then
|
||||
${pkgs.coreutils}/bin/install -m 644 -D \
|
||||
"${storeAesmFolder}/data/white_list_cert_to_be_verify.bin" \
|
||||
"$whiteListFile"
|
||||
fi
|
||||
'';
|
||||
ExecStart = "${sgx-psw}/bin/aesm_service --no-daemon";
|
||||
ExecReload = ''${pkgs.coreutils}/bin/kill -SIGHUP "$MAINPID"'';
|
||||
|
||||
Restart = "on-failure";
|
||||
RestartSec = "15s";
|
||||
|
||||
DynamicUser = true;
|
||||
Group = "sgx";
|
||||
SupplementaryGroups = [
|
||||
config.hardware.cpu.intel.sgx.provision.group
|
||||
];
|
||||
|
||||
Type = "simple";
|
||||
|
||||
WorkingDirectory = storeAesmFolder;
|
||||
StateDirectory = "aesmd";
|
||||
StateDirectoryMode = "0700";
|
||||
RuntimeDirectory = "aesmd";
|
||||
RuntimeDirectoryMode = "0750";
|
||||
|
||||
# Hardening
|
||||
|
||||
# chroot into the runtime directory
|
||||
RootDirectory = "%t/aesmd";
|
||||
BindReadOnlyPaths = [
|
||||
builtins.storeDir
|
||||
# Hardcoded path AESM_CONFIG_FILE in psw/ae/aesm_service/source/utils/aesm_config.cpp
|
||||
"${configFile}:/etc/aesmd.conf"
|
||||
];
|
||||
BindPaths = [
|
||||
# Hardcoded path CONFIG_SOCKET_PATH in psw/ae/aesm_service/source/core/ipc/SocketConfig.h
|
||||
"%t/aesmd:/var/run/aesmd"
|
||||
"%S/aesmd:/var/opt/aesmd"
|
||||
];
|
||||
|
||||
# PrivateDevices=true will mount /dev noexec which breaks AESM
|
||||
PrivateDevices = false;
|
||||
DevicePolicy = "closed";
|
||||
DeviceAllow = [
|
||||
# legacy out-of-tree driver
|
||||
"/dev/isgx rw"
|
||||
# DCAP driver
|
||||
"/dev/sgx rw"
|
||||
# in-tree driver
|
||||
"/dev/sgx_enclave rw"
|
||||
"/dev/sgx_provision rw"
|
||||
];
|
||||
|
||||
# Requires Internet access for attestation
|
||||
PrivateNetwork = false;
|
||||
|
||||
RestrictAddressFamilies = [
|
||||
# Allocates the socket /var/run/aesmd/aesm.socket
|
||||
"AF_UNIX"
|
||||
# Uses the HTTP protocol to initialize some services
|
||||
"AF_INET"
|
||||
"AF_INET6"
|
||||
];
|
||||
|
||||
# True breaks stuff
|
||||
MemoryDenyWriteExecute = false;
|
||||
|
||||
# needs the ipc syscall in order to run
|
||||
SystemCallFilter = [
|
||||
"@system-service"
|
||||
"~@aio"
|
||||
"~@chown"
|
||||
"~@clock"
|
||||
"~@cpu-emulation"
|
||||
"~@debug"
|
||||
"~@keyring"
|
||||
"~@memlock"
|
||||
"~@module"
|
||||
"~@mount"
|
||||
"~@privileged"
|
||||
"~@raw-io"
|
||||
"~@reboot"
|
||||
"~@resources"
|
||||
"~@setuid"
|
||||
"~@swap"
|
||||
"~@sync"
|
||||
"~@timer"
|
||||
];
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallErrorNumber = "EPERM";
|
||||
|
||||
CapabilityBoundingSet = "";
|
||||
KeyringMode = "private";
|
||||
LockPersonality = true;
|
||||
NoNewPrivileges = true;
|
||||
NotifyAccess = "none";
|
||||
PrivateMounts = true;
|
||||
PrivateTmp = true;
|
||||
PrivateUsers = true;
|
||||
ProcSubset = "pid";
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHome = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectProc = "invisible";
|
||||
ProtectSystem = "strict";
|
||||
RemoveIPC = true;
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
UMask = "0066";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -526,8 +526,8 @@ in {
|
|||
# FIXME(@Ma27) remove as soon as nextcloud properly supports
|
||||
# mariadb >=10.6.
|
||||
isUnsupportedMariadb =
|
||||
# All currently supported Nextcloud versions are affected.
|
||||
(versionOlder cfg.package.version "23")
|
||||
# All currently supported Nextcloud versions are affected (https://github.com/nextcloud/server/issues/25436).
|
||||
(versionOlder cfg.package.version "24")
|
||||
# This module uses mysql
|
||||
&& (cfg.config.dbtype == "mysql")
|
||||
# MySQL is managed via NixOS
|
||||
|
|
62
nixos/tests/aesmd.nix
Normal file
62
nixos/tests/aesmd.nix
Normal file
|
@ -0,0 +1,62 @@
|
|||
import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
||||
name = "aesmd";
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ veehaitch ];
|
||||
};
|
||||
|
||||
machine = { lib, ... }: {
|
||||
services.aesmd = {
|
||||
enable = true;
|
||||
settings = {
|
||||
defaultQuotingType = "ecdsa_256";
|
||||
proxyType = "direct";
|
||||
whitelistUrl = "http://nixos.org";
|
||||
};
|
||||
};
|
||||
|
||||
# Should have access to the AESM socket
|
||||
users.users."sgxtest" = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "sgx" ];
|
||||
};
|
||||
|
||||
# Should NOT have access to the AESM socket
|
||||
users.users."nosgxtest".isNormalUser = true;
|
||||
|
||||
# We don't have a real SGX machine in NixOS tests
|
||||
systemd.services.aesmd.unitConfig.AssertPathExists = lib.mkForce [ ];
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
with subtest("aesmd.service starts"):
|
||||
machine.wait_for_unit("aesmd.service")
|
||||
status, main_pid = machine.systemctl("show --property MainPID --value aesmd.service")
|
||||
assert status == 0, "Could not get MainPID of aesmd.service"
|
||||
main_pid = main_pid.strip()
|
||||
|
||||
with subtest("aesmd.service runtime directory permissions"):
|
||||
runtime_dir = "/run/aesmd";
|
||||
res = machine.succeed(f"stat -c '%a %U %G' {runtime_dir}").strip()
|
||||
assert "750 aesmd sgx" == res, f"{runtime_dir} does not have the expected permissions: {res}"
|
||||
|
||||
with subtest("aesm.socket available on host"):
|
||||
socket_path = "/var/run/aesmd/aesm.socket"
|
||||
machine.wait_until_succeeds(f"test -S {socket_path}")
|
||||
machine.succeed(f"test 777 -eq $(stat -c '%a' {socket_path})")
|
||||
for op in [ "-r", "-w", "-x" ]:
|
||||
machine.succeed(f"sudo -u sgxtest test {op} {socket_path}")
|
||||
machine.fail(f"sudo -u nosgxtest test {op} {socket_path}")
|
||||
|
||||
with subtest("Copies white_list_cert_to_be_verify.bin"):
|
||||
whitelist_path = "/var/opt/aesmd/data/white_list_cert_to_be_verify.bin"
|
||||
whitelist_perms = machine.succeed(
|
||||
f"nsenter -m -t {main_pid} ${pkgs.coreutils}/bin/stat -c '%a' {whitelist_path}"
|
||||
).strip()
|
||||
assert "644" == whitelist_perms, f"white_list_cert_to_be_verify.bin has permissions {whitelist_perms}"
|
||||
|
||||
with subtest("Writes and binds aesm.conf in service namespace"):
|
||||
aesmd_config = machine.succeed(f"nsenter -m -t {main_pid} ${pkgs.coreutils}/bin/cat /etc/aesmd.conf")
|
||||
|
||||
assert aesmd_config == "whitelist url = http://nixos.org\nproxy type = direct\ndefault quoting type = ecdsa_256\n", "aesmd.conf differs"
|
||||
'';
|
||||
})
|
|
@ -23,6 +23,7 @@ in
|
|||
{
|
||||
_3proxy = handleTest ./3proxy.nix {};
|
||||
acme = handleTest ./acme.nix {};
|
||||
aesmd = handleTest ./aesmd.nix {};
|
||||
agda = handleTest ./agda.nix {};
|
||||
airsonic = handleTest ./airsonic.nix {};
|
||||
amazon-init-shell = handleTest ./amazon-init-shell.nix {};
|
||||
|
|
|
@ -35,11 +35,11 @@ let
|
|||
in
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "bisq-desktop";
|
||||
version = "1.7.5";
|
||||
version = "1.8.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/bisq-network/bisq/releases/download/v${version}/Bisq-64bit-${version}.deb";
|
||||
sha256 = "0mwlmya53xaps8x8c5cvk9zxy0ddijkrba8x3jp2glql34wac3ri";
|
||||
sha256 = "1q6x6w8mp5ax852hlvi2p61xgckb2lpr2ml21a9mfs9421b6m8h2";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ makeWrapper copyDesktopItems imagemagick dpkg gnutar zip xz ];
|
||||
|
|
|
@ -196,10 +196,10 @@ rec {
|
|||
passthru = { inherit plugins; };
|
||||
};
|
||||
|
||||
terraform_1_0 = mkTerraform {
|
||||
version = "1.0.11";
|
||||
sha256 = "0k05s4zm16vksq21f1q00y2lzfgi5fhs1ygydm8jk0srs9x8ask7";
|
||||
vendorSha256 = "1brgghl7fb26va4adix443rl1dkjaqrr4jkknxjkcaps0knqp172";
|
||||
terraform_1 = mkTerraform {
|
||||
version = "1.1.0";
|
||||
sha256 = "sha256-nnYMoQitqFbOjI8twDh9hWDb1qxMNNVy6wldxkyDKY0=";
|
||||
vendorSha256 = "sha256-inPNvNUcil9X0VQ/pVgZdnnmn9UCfEz7qXiuKDj8RYM=";
|
||||
patches = [ ./provider-path-0_15.patch ];
|
||||
passthru = { inherit plugins; };
|
||||
};
|
||||
|
@ -213,7 +213,7 @@ rec {
|
|||
mainTf = writeText "main.tf" ''
|
||||
resource "random_id" "test" {}
|
||||
'';
|
||||
terraform = terraform_1_0.withPlugins (p: [ p.random ]);
|
||||
terraform = terraform_1.withPlugins (p: [ p.random ]);
|
||||
test =
|
||||
runCommand "terraform-plugin-test" { buildInputs = [ terraform ]; } ''
|
||||
set -e
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
"name": "element-desktop",
|
||||
"productName": "Element",
|
||||
"main": "lib/electron-main.js",
|
||||
"version": "1.9.6",
|
||||
"version": "1.9.7",
|
||||
"description": "A feature-rich client for Matrix.org",
|
||||
"author": "Element",
|
||||
"repository": {
|
||||
|
@ -83,7 +83,7 @@
|
|||
},
|
||||
"build": {
|
||||
"appId": "im.riot.app",
|
||||
"electronVersion": "13.5.1",
|
||||
"electronVersion": "13.5.2",
|
||||
"files": [
|
||||
"package.json",
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"version": "1.9.6",
|
||||
"desktopSrcHash": "AJLKp9VbNF0XvcQe6t0/pw1hiVCgRiRb27KJooQ2NlQ=",
|
||||
"desktopYarnHash": "1xa8vrqj3g3hfhzrk8m7yr57my9ipyyhw8vsx4m86v8i1iqrpmnm",
|
||||
"webHash": "161w6i122i81jyb23mpxlf7k5wx2v4c6ai2liywn89q74hj3axr5"
|
||||
"version": "1.9.7",
|
||||
"desktopSrcHash": "bUzIIPNVgK2whQJoEZOaoa+jsJx4No+xji6hXK6wxFY=",
|
||||
"desktopYarnHash": "1n9dqpvq31k94mx5s1dgqavaxdd0jrzcwdx106c5dnq6xnxs941p",
|
||||
"webHash": "1fx1nznqbwvs84kpc239ms9kpzy9p72hrz3qqbzay8p9x4gc1ws3"
|
||||
}
|
||||
|
|
|
@ -2,17 +2,17 @@
|
|||
, libiconv, Security }:
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
version = "0.6.1";
|
||||
version = "0.6.2";
|
||||
pname = "rink";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "tiffany352";
|
||||
repo = "rink-rs";
|
||||
rev = "v${version}";
|
||||
sha256 = "1h93xlavcjvx588q8wkpbzph88yjjhhvzcfxr5nicdca0jnha5ch";
|
||||
sha256 = "sha256-l2Rj15zaJm94EHwvOssfvYQNOoWj45Nq9M85n+A0vo4=";
|
||||
};
|
||||
|
||||
cargoSha256 = "0x4rvfnw3gl2aj6i006nkk3y1f8skyv8g0ss3z2v6qj9nhs7pyir";
|
||||
cargoSha256 = "sha256-GhuvwVkDRFjC6BghaNMFZZG9hResTN1u0AuvIXlFmig=";
|
||||
|
||||
nativeBuildInputs = [ pkg-config ];
|
||||
buildInputs = [ ncurses ]
|
||||
|
|
|
@ -1,32 +0,0 @@
|
|||
{ lib
|
||||
, buildGoPackage
|
||||
, fetchFromGitHub
|
||||
, pkg-config
|
||||
, libgit2_0_27
|
||||
}:
|
||||
|
||||
buildGoPackage rec {
|
||||
version = "0.2.3";
|
||||
pname = "gitin";
|
||||
|
||||
goPackagePath = "github.com/isacikgoz/gitin";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "isacikgoz";
|
||||
repo = "gitin";
|
||||
rev = "v${version}";
|
||||
sha256 = "00z6i0bjk3hdxbc0cy12ss75b41yvzyl5pm6rdrvsjhzavry2fa3";
|
||||
};
|
||||
|
||||
goDeps = ./deps.nix;
|
||||
|
||||
nativeBuildInputs = [ pkg-config ];
|
||||
buildInputs = [ libgit2_0_27 ];
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/isacikgoz/gitin";
|
||||
description = "Text-based user interface for git";
|
||||
license = licenses.bsd3;
|
||||
maintainers = with maintainers; [ kimat ];
|
||||
};
|
||||
}
|
|
@ -1,121 +0,0 @@
|
|||
# This file was generated by https://github.com/kamilchm/go2nix v1.3.0
|
||||
[
|
||||
{
|
||||
goPackagePath = "github.com/alecthomas/template";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/alecthomas/template";
|
||||
rev = "fb15b899a75114aa79cc930e33c46b577cc664b1";
|
||||
sha256 = "1vlasv4dgycydh5wx6jdcvz40zdv90zz1h7836z7lhsi2ymvii26";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/alecthomas/units";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/alecthomas/units";
|
||||
rev = "f65c72e2690dc4b403c8bd637baf4611cd4c069b";
|
||||
sha256 = "04jyqm7m3m01ppfy1f9xk4qvrwvs78q9zml6llyf2b3v5k6b2bbc";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/fatih/color";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/fatih/color";
|
||||
rev = "daf2830f2741ebb735b21709a520c5f37d642d85";
|
||||
sha256 = "086z8ssmr1fn9ba4mqnw7pnccfpys6l5yfhvycv1gdrsk7n27mvs";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/isacikgoz/gia";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/isacikgoz/gia";
|
||||
rev = "00556493579ec25f4e199b85ee1e2a73c98d15bb";
|
||||
sha256 = "16nqi4z1pgybcw05wbp3qnbbq407smcr56hq7npnhkirngc5j822";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/jroimartin/gocui";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/jroimartin/gocui";
|
||||
rev = "c055c87ae801372cd74a0839b972db4f7697ae5f";
|
||||
sha256 = "1b1cbjg925l1c5v3ls8amni9716190yzf847cqs9wjnj82z8qa47";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/justincampbell/timeago";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/justincampbell/timeago";
|
||||
rev = "027f40306f1dbe89d24087611680ef95543bf876";
|
||||
sha256 = "1p3va1cn9x5pyvq7k64mnvbxp5zy7h9z49syjyglixgg6avdbp1v";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/kelseyhightower/envconfig";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/kelseyhightower/envconfig";
|
||||
rev = "0b417c4ec4a8a82eecc22a1459a504aa55163d61";
|
||||
sha256 = "1a7b35njpqz94gbd7wvsl3wjzpd5y1fj1lrg2sdh00yq0nax1qj9";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/mattn/go-runewidth";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/mattn/go-runewidth";
|
||||
rev = "14e809f6d78fcf9f48ff9b70981472b64c05f754";
|
||||
sha256 = "1mvlxcdwr0vwp8b2wqs6y7hk72y28sqh03dz5x0xkg48d4y9cplj";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/nsf/termbox-go";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/nsf/termbox-go";
|
||||
rev = "38ba6e5628f1d70bac606cfd210b9ad1a16c3027";
|
||||
sha256 = "03xx5vbnavklsk6wykcc7qhmhvn2074sx0ql06b51vqsxwsa6zw2";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/sahilm/fuzzy";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/sahilm/fuzzy";
|
||||
rev = "d88f8cb825ddd46a2ce86b60382e11645220ee33";
|
||||
sha256 = "0nl4l02s3961p11aj1vgajfy28rqlya2z6af2xjncra59gfhqvlq";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/waigani/diffparser";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/waigani/diffparser";
|
||||
rev = "7391f219313d9175703f67561b222fd2a81bca30";
|
||||
sha256 = "0h3y3ivlghdvkyqsh5lcidqdajhc9g7m1xqm73j9a0ayby0sx1ql";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "gopkg.in/alecthomas/kingpin.v2";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://gopkg.in/alecthomas/kingpin.v2";
|
||||
rev = "947dcec5ba9c011838740e680966fd7087a71d0d";
|
||||
sha256 = "0mndnv3hdngr3bxp7yxfd47cas4prv98sqw534mx7vp38gd88n5r";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "gopkg.in/libgit2/git2go.v27";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://gopkg.in/libgit2/git2go.v27";
|
||||
rev = "6cc7d3dc6aec2781fe0239315da215f49c76e2f8";
|
||||
sha256 = "0b2m4rjadngyd675bi1k21pyi9r91dsxngzd4mikacpd7yshgvaq";
|
||||
};
|
||||
}
|
||||
]
|
||||
|
|
@ -5,18 +5,28 @@
|
|||
, gnome-themes-extra
|
||||
, gtk-engine-murrine
|
||||
, sassc
|
||||
, accentColor ? "default"
|
||||
, tweaks ? [ ] # can be "solid" "compact" "black" "primary"
|
||||
}:
|
||||
|
||||
stdenvNoCC.mkDerivation rec {
|
||||
let
|
||||
validTweaks = [ "solid" "compact" "black" "primary" ];
|
||||
unknownTweaks = lib.subtractLists validTweaks tweaks;
|
||||
in
|
||||
assert lib.assertMsg (unknownTweaks == [ ]) ''
|
||||
You entered wrong tweaks: ${toString unknownTweaks}
|
||||
Valid tweaks are: ${toString validTweaks}
|
||||
'';
|
||||
|
||||
stdenvNoCC.mkDerivation
|
||||
rec {
|
||||
pname = "orchis-theme";
|
||||
version = "2021-06-25";
|
||||
version = "2021-12-13";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
repo = "Orchis-theme";
|
||||
owner = "vinceliuice";
|
||||
rev = version;
|
||||
sha256 = "sha256-j0nsw1yR1yOckXiIMtzhC3w6kvfzxQQHgwdY6l0OuXw=";
|
||||
sha256 = "sha256-PN2ucGMDzRv4v86X1zVIs9+GkbMWuja2WaSQLFvJYd0=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ gtk3 sassc ];
|
||||
|
@ -31,7 +41,7 @@ stdenvNoCC.mkDerivation rec {
|
|||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
bash install.sh -d $out/share/themes -t ${accentColor}
|
||||
bash install.sh -d $out/share/themes -t all ${lib.optionalString (tweaks != []) "--tweaks " + builtins.toString tweaks}
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
|
|
|
@ -13,11 +13,11 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "gnome-shell-extensions";
|
||||
version = "41.0";
|
||||
version = "41.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://gnome/sources/gnome-shell-extensions/${lib.versions.major version}/${pname}-${version}.tar.xz";
|
||||
sha256 = "2E+qwUSLOPl12cGUkMWSivxcWixJ3X5/ga9pD5Rm/Gg=";
|
||||
sha256 = "0ObyJz8I1S2SX8K7ZrR7KOXvUNG4oUAgh3xmJCPVB9M=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
|
|
@ -66,13 +66,13 @@ let
|
|||
in
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "gnome-shell";
|
||||
version = "41.1";
|
||||
version = "41.2";
|
||||
|
||||
outputs = [ "out" "devdoc" ];
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://gnome/sources/gnome-shell/${lib.versions.major version}/${pname}-${version}.tar.xz";
|
||||
sha256 = "X3QkVt/gBgXA8JCjcoymJ5e8SeUK+FK71yhdoaBRf/Y=";
|
||||
sha256 = "OEZR6wUTk9ur4AbRrQV78p1c1z67h7x3n/Xhwx6AqCc=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
|
|
@ -46,13 +46,13 @@
|
|||
|
||||
let self = stdenv.mkDerivation rec {
|
||||
pname = "mutter";
|
||||
version = "41.1";
|
||||
version = "41.2";
|
||||
|
||||
outputs = [ "out" "dev" "man" ];
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://gnome/sources/mutter/${lib.versions.major version}/${pname}-${version}.tar.xz";
|
||||
sha256 = "WOY/0LxD81E08hMTr/Suv5LIKdbfTcmaBEoeN2aR4/M=";
|
||||
sha256 = "AN+oEvHEhtdKK3P0IEWuEYL5JGx3lNZ9dLXlQ+pwBhc=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
|
|
@ -1,8 +1,20 @@
|
|||
{ lib, stdenv, fetchFromGitHub, glib }:
|
||||
{ lib
|
||||
, stdenv
|
||||
, fetchFromGitHub
|
||||
, glib
|
||||
, substituteAll
|
||||
, hddtemp
|
||||
, liquidctl
|
||||
, lm_sensors
|
||||
, netcat-gnu
|
||||
, nvme-cli
|
||||
, procps
|
||||
, smartmontools
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "gnome-shell-extension-freon";
|
||||
version = "44";
|
||||
version = "45";
|
||||
|
||||
passthru = {
|
||||
extensionUuid = "freon@UshakovVasilii_Github.yahoo.com";
|
||||
|
@ -13,11 +25,20 @@ stdenv.mkDerivation rec {
|
|||
owner = "UshakovVasilii";
|
||||
repo = "gnome-shell-extension-freon";
|
||||
rev = "EGO-${version}";
|
||||
sha256 = "sha256-4DYAIC9N5id3vQe0WaOFP+MymsrPK18hbYqO4DjG+2U=";
|
||||
sha256 = "sha256-tPb7SzHSwvz7VV+kZTmcw1eAdtL1J7FJ3BOtg4Us8jc=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ glib ];
|
||||
|
||||
patches = [
|
||||
(substituteAll {
|
||||
src = ./fix_paths.patch;
|
||||
inherit hddtemp liquidctl lm_sensors procps smartmontools;
|
||||
netcat = netcat-gnu;
|
||||
nvmecli = nvme-cli;
|
||||
})
|
||||
];
|
||||
|
||||
buildPhase = ''
|
||||
runHook preBuild
|
||||
glib-compile-schemas --strict --targetdir="freon@UshakovVasilii_Github.yahoo.com/schemas" "freon@UshakovVasilii_Github.yahoo.com/schemas"
|
||||
|
|
85
pkgs/desktops/gnome/extensions/freon/fix_paths.patch
Normal file
85
pkgs/desktops/gnome/extensions/freon/fix_paths.patch
Normal file
|
@ -0,0 +1,85 @@
|
|||
diff --git a/freon@UshakovVasilii_Github.yahoo.com/hddtempUtil.js b/freon@UshakovVasilii_Github.yahoo.com/hddtempUtil.js
|
||||
index e5d1d6d..856654b 100644
|
||||
--- a/freon@UshakovVasilii_Github.yahoo.com/hddtempUtil.js
|
||||
+++ b/freon@UshakovVasilii_Github.yahoo.com/hddtempUtil.js
|
||||
@@ -7,7 +7,7 @@ var HddtempUtil = class extends CommandLineUtil.CommandLineUtil {
|
||||
|
||||
constructor() {
|
||||
super();
|
||||
- let hddtempArgv = GLib.find_program_in_path('hddtemp');
|
||||
+ let hddtempArgv = GLib.find_program_in_path('@hddtemp@/bin/hddtemp');
|
||||
if(hddtempArgv) {
|
||||
// check if this user can run hddtemp directly.
|
||||
if(!GLib.spawn_command_line_sync(hddtempArgv)[3]){
|
||||
@@ -19,8 +19,8 @@ var HddtempUtil = class extends CommandLineUtil.CommandLineUtil {
|
||||
// doesn't seem to be the case… is it running as a daemon?
|
||||
// Check first for systemd
|
||||
let systemctl = GLib.find_program_in_path('systemctl');
|
||||
- let pidof = GLib.find_program_in_path('pidof');
|
||||
- let nc = GLib.find_program_in_path('nc');
|
||||
+ let pidof = GLib.find_program_in_path('@procps@/bin/pidof');
|
||||
+ let nc = GLib.find_program_in_path('@netcat@/bin/nc');
|
||||
let pid = undefined;
|
||||
|
||||
if(systemctl) {
|
||||
@@ -35,7 +35,7 @@ var HddtempUtil = class extends CommandLineUtil.CommandLineUtil {
|
||||
|
||||
// systemd isn't used on this system, try sysvinit instead
|
||||
if(!pid && pidof) {
|
||||
- let output = GLib.spawn_command_line_sync("pidof hddtemp")[1].toString().trim();
|
||||
+ let output = GLib.spawn_command_line_sync("@procps@/bin/pidof hddtemp")[1].toString().trim();
|
||||
if(output.length)
|
||||
pid = Number(output.trim());
|
||||
}
|
||||
diff --git a/freon@UshakovVasilii_Github.yahoo.com/liquidctlUtil.js b/freon@UshakovVasilii_Github.yahoo.com/liquidctlUtil.js
|
||||
index 766bf62..7cd4e94 100644
|
||||
--- a/freon@UshakovVasilii_Github.yahoo.com/liquidctlUtil.js
|
||||
+++ b/freon@UshakovVasilii_Github.yahoo.com/liquidctlUtil.js
|
||||
@@ -8,7 +8,7 @@ const commandLineUtil = Me.imports.commandLineUtil;
|
||||
var LiquidctlUtil = class extends commandLineUtil.CommandLineUtil {
|
||||
constructor() {
|
||||
super();
|
||||
- const path = GLib.find_program_in_path('liquidctl');
|
||||
+ const path = GLib.find_program_in_path('@liquidctl@/bin/liquidctl');
|
||||
this._argv = path ? [path, 'status', '--json'] : null;
|
||||
}
|
||||
|
||||
diff --git a/freon@UshakovVasilii_Github.yahoo.com/nvmecliUtil.js b/freon@UshakovVasilii_Github.yahoo.com/nvmecliUtil.js
|
||||
index ae2ea93..2349b9e 100644
|
||||
--- a/freon@UshakovVasilii_Github.yahoo.com/nvmecliUtil.js
|
||||
+++ b/freon@UshakovVasilii_Github.yahoo.com/nvmecliUtil.js
|
||||
@@ -3,7 +3,7 @@ const GLib = imports.gi.GLib;
|
||||
const Me = imports.misc.extensionUtils.getCurrentExtension();
|
||||
|
||||
function getNvmeData (argv){
|
||||
- const nvme = GLib.find_program_in_path('nvme')
|
||||
+ const nvme = GLib.find_program_in_path('@nvmecli@/bin/nvme')
|
||||
return JSON.parse(GLib.spawn_command_line_sync(`${nvme} ${argv} -o json`)[1].toString())
|
||||
}
|
||||
|
||||
diff --git a/freon@UshakovVasilii_Github.yahoo.com/sensorsUtil.js b/freon@UshakovVasilii_Github.yahoo.com/sensorsUtil.js
|
||||
index 62fa580..c017748 100644
|
||||
--- a/freon@UshakovVasilii_Github.yahoo.com/sensorsUtil.js
|
||||
+++ b/freon@UshakovVasilii_Github.yahoo.com/sensorsUtil.js
|
||||
@@ -7,7 +7,7 @@ var SensorsUtil = class extends CommandLineUtil.CommandLineUtil {
|
||||
|
||||
constructor() {
|
||||
super();
|
||||
- let path = GLib.find_program_in_path('sensors');
|
||||
+ let path = GLib.find_program_in_path('@lm_sensors@/bin/sensors');
|
||||
// -A: Do not show adapter -j: JSON output
|
||||
this._argv = path ? [path, '-A', '-j'] : null;
|
||||
}
|
||||
diff --git a/freon@UshakovVasilii_Github.yahoo.com/smartctlUtil.js b/freon@UshakovVasilii_Github.yahoo.com/smartctlUtil.js
|
||||
index 03d469b..6057a3b 100644
|
||||
--- a/freon@UshakovVasilii_Github.yahoo.com/smartctlUtil.js
|
||||
+++ b/freon@UshakovVasilii_Github.yahoo.com/smartctlUtil.js
|
||||
@@ -3,7 +3,7 @@ const GLib = imports.gi.GLib;
|
||||
const Me = imports.misc.extensionUtils.getCurrentExtension();
|
||||
const ByteArray = imports.byteArray;
|
||||
function getSmartData (argv){
|
||||
- const smartctl = GLib.find_program_in_path('smartctl')
|
||||
+ const smartctl = GLib.find_program_in_path('@smartmontools@/bin/smartctl')
|
||||
return JSON.parse(ByteArray.toString( GLib.spawn_command_line_sync(`${smartctl} ${argv} -j`)[1] ))
|
||||
}
|
||||
|
|
@ -2,13 +2,13 @@
|
|||
|
||||
mkDerivation rec {
|
||||
pname = "cubical";
|
||||
version = "0.3pred5030a9";
|
||||
version = "0.4prec3e097a";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
repo = pname;
|
||||
owner = "agda";
|
||||
rev = "d5030a9c89070255fc575add4e9f37b97e6a0c0c";
|
||||
sha256 = "18achbxap4ikydigmz3m3xjfn3i9dw4rn8yih82vrlc01j02nqpi";
|
||||
rev = "c3e097a98c84083550fa31101346bd42a0501add";
|
||||
sha256 = "101cni2a9xvia1mglb94z61jm8xk9r5kc1sn44cri0qsmk1zbqxs";
|
||||
};
|
||||
|
||||
LC_ALL = "en_US.UTF-8";
|
||||
|
|
55
pkgs/development/python-modules/msoffcrypto-tool/default.nix
Normal file
55
pkgs/development/python-modules/msoffcrypto-tool/default.nix
Normal file
|
@ -0,0 +1,55 @@
|
|||
{ lib
|
||||
, olefile
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, poetry-core
|
||||
, cryptography
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
, setuptools
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "msoffcrypto-tool";
|
||||
version = "4.12.0";
|
||||
format = "pyproject";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "nolze";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-EBEwldh2Ct/4oxnAF1hWeW/uRrVsCYEi0cJaZubofFk=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
poetry-core
|
||||
];
|
||||
|
||||
propagatedBuildInputs = [
|
||||
cryptography
|
||||
olefile
|
||||
setuptools
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
disabledTests = [
|
||||
# Test fails with AssertionError
|
||||
"test_cli"
|
||||
];
|
||||
|
||||
pythonImportsCheck = [
|
||||
"msoffcrypto"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Python tool and library for decrypting MS Office files with passwords or other keys";
|
||||
homepage = "https://github.com/nolze/msoffcrypto-tool";
|
||||
license = with licenses; [ mit ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
57
pkgs/development/python-modules/oletools/default.nix
Normal file
57
pkgs/development/python-modules/oletools/default.nix
Normal file
|
@ -0,0 +1,57 @@
|
|||
{ lib
|
||||
, buildPythonPackage
|
||||
, colorclass
|
||||
, easygui
|
||||
, fetchFromGitHub
|
||||
, msoffcrypto-tool
|
||||
, olefile
|
||||
, pcodedmp
|
||||
, pyparsing
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
, setuptools
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "oletools";
|
||||
version = "0.60";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "decalage2";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-gatUVkf8iT1OGnahX1BzQLDypCqhS1EvkAgUHJ6myA4=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
colorclass
|
||||
easygui
|
||||
msoffcrypto-tool
|
||||
olefile
|
||||
pcodedmp
|
||||
pyparsing
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
disabledTests = [
|
||||
# Test fails with AssertionError: Tuples differ: ('MS Word 2007+...
|
||||
"test_all"
|
||||
];
|
||||
|
||||
pythonImportsCheck = [
|
||||
"oletools"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Python tool to analyze MS OLE2 files and MS Office documents";
|
||||
homepage = "https://github.com/decalage2/oletools";
|
||||
license = with licenses; [ bsd2 /* and */ mit ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
41
pkgs/development/python-modules/pcodedmp/default.nix
Normal file
41
pkgs/development/python-modules/pcodedmp/default.nix
Normal file
|
@ -0,0 +1,41 @@
|
|||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "pcodedmp";
|
||||
version = "1.2.6";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "bontchev";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "sha256-SYOFGMvrzxDPMACaCvqwU28Mh9LEuvFBGvAph4X+geo=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
# Circular dependency
|
||||
substituteInPlace setup.py \
|
||||
--replace "'oletools>=0.54'," ""
|
||||
'';
|
||||
|
||||
# Module doesn't have tests
|
||||
doCheck = false;
|
||||
|
||||
pythonImportsCheck = [
|
||||
"pcodedmp"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Python VBA p-code disassembler";
|
||||
homepage = "https://github.com/bontchev/pcodedmp";
|
||||
license = with licenses; [ gpl3Only ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
|
@ -7,13 +7,14 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "python_http_client";
|
||||
version = "3.3.3";
|
||||
version = "3.3.4";
|
||||
format = "setuptools";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "sendgrid";
|
||||
repo = "python-http-client";
|
||||
rev = version;
|
||||
sha256 = "sha256-cZqyu67xP0UIKYbhYYTNL5kLiPjjMjayde75sqkHZhg=";
|
||||
sha256 = "sha256-wTXHq+tC+rfvmDZIWvcGhQZqm6DxOmx50BsX0c6asec=";
|
||||
};
|
||||
|
||||
checkInputs = [
|
||||
|
@ -21,9 +22,9 @@ buildPythonPackage rec {
|
|||
pytestCheckHook
|
||||
];
|
||||
|
||||
# Failure was fixed by https://github.com/sendgrid/python-http-client/commit/6d62911ab0d0645b499e14bb17c302b48f3c10e4
|
||||
disabledTests = [ "test__daterange" ];
|
||||
pythonImportsCheck = [ "python_http_client" ];
|
||||
pythonImportsCheck = [
|
||||
"python_http_client"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Python HTTP library to call APIs";
|
||||
|
|
|
@ -2,16 +2,16 @@
|
|||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "cargo-feature";
|
||||
version = "0.5.5";
|
||||
version = "0.6.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Riey";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-0Ski+LytE636HHduisYJJq3khRsaJJ4YhpmaU5On348=";
|
||||
sha256 = "sha256-9TP67YtvRtgLtsKACL5xjXq5kZtYpTWsTqQsbOKPwtY=";
|
||||
};
|
||||
|
||||
cargoSha256 = "sha256-PA/s/BrqUftdGc5Lvd0glL9Dr8GLX9pYMq6WRRUQwEk=";
|
||||
cargoSha256 = "sha256-MkLsQebQdqfUuARIdQZg47kMPudstJUgRQgUuovoLes=";
|
||||
|
||||
buildInputs = lib.optional stdenv.isDarwin libiconv;
|
||||
|
||||
|
|
|
@ -2,13 +2,13 @@
|
|||
|
||||
buildGoModule rec {
|
||||
pname = "vultr-cli";
|
||||
version = "2.9.0";
|
||||
version = "2.11.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "vultr";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-xgp+hNNStyakfS8h72CqRTeJVTgA4p4CkoCoTFmFRyI=";
|
||||
sha256 = "sha256-v5RbStmQX7D+i+oyekilLPsl6lta5rkJV4Uf0mjIF8Y=";
|
||||
};
|
||||
|
||||
vendorSha256 = null;
|
||||
|
|
190
pkgs/os-specific/linux/sgx/psw/default.nix
Normal file
190
pkgs/os-specific/linux/sgx/psw/default.nix
Normal file
|
@ -0,0 +1,190 @@
|
|||
{ stdenv
|
||||
, lib
|
||||
, fetchurl
|
||||
, cmake
|
||||
, coreutils
|
||||
, curl
|
||||
, file
|
||||
, glibc
|
||||
, makeWrapper
|
||||
, nixosTests
|
||||
, protobuf
|
||||
, python3
|
||||
, sgx-sdk
|
||||
, shadow
|
||||
, systemd
|
||||
, util-linux
|
||||
, which
|
||||
, debug ? false
|
||||
}:
|
||||
stdenv.mkDerivation rec {
|
||||
inherit (sgx-sdk) version versionTag src;
|
||||
pname = "sgx-psw";
|
||||
|
||||
postUnpack =
|
||||
let
|
||||
ae.prebuilt = fetchurl {
|
||||
url = "https://download.01.org/intel-sgx/sgx-linux/${versionTag}/prebuilt_ae_${versionTag}.tar.gz";
|
||||
hash = "sha256-nGKZEpT2Mx0DLgqjv9qbZqBt1pQaSHcnA0K6nHma3sk";
|
||||
};
|
||||
dcap = rec {
|
||||
version = "1.11";
|
||||
filename = "prebuilt_dcap_${version}.tar.gz";
|
||||
prebuilt = fetchurl {
|
||||
url = "https://download.01.org/intel-sgx/sgx-dcap/${version}/linux/${filename}";
|
||||
hash = "sha256-ShGScS4yNLki04RNPxxLvqzGmy4U1L0gVETvfAo8w9M=";
|
||||
};
|
||||
};
|
||||
in
|
||||
sgx-sdk.postUnpack + ''
|
||||
# Make sure we use the correct version of prebuilt DCAP
|
||||
grep -q 'ae_file_name=${dcap.filename}' "$src/external/dcap_source/QuoteGeneration/download_prebuilt.sh" \
|
||||
|| (echo "Could not find expected prebuilt DCAP ${dcap.filename} in linux-sgx source" >&2 && exit 1)
|
||||
|
||||
tar -zxf ${ae.prebuilt} -C $sourceRoot/
|
||||
tar -zxf ${dcap.prebuilt} -C $sourceRoot/external/dcap_source/QuoteGeneration/
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [
|
||||
cmake
|
||||
file
|
||||
makeWrapper
|
||||
python3
|
||||
sgx-sdk
|
||||
which
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
curl
|
||||
protobuf
|
||||
];
|
||||
|
||||
hardeningDisable = lib.optionals debug [
|
||||
"fortify"
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
# https://github.com/intel/linux-sgx/pull/730
|
||||
substituteInPlace buildenv.mk --replace '/bin/cp' 'cp'
|
||||
substituteInPlace psw/ae/aesm_service/source/CMakeLists.txt \
|
||||
--replace '/usr/bin/getconf' 'getconf'
|
||||
|
||||
# https://github.com/intel/SGXDataCenterAttestationPrimitives/pull/205
|
||||
substituteInPlace ./external/dcap_source/QuoteGeneration/buildenv.mk \
|
||||
--replace '/bin/cp' 'cp'
|
||||
substituteInPlace external/dcap_source/tools/SGXPlatformRegistration/Makefile \
|
||||
--replace '/bin/cp' 'cp'
|
||||
substituteInPlace external/dcap_source/tools/SGXPlatformRegistration/buildenv.mk \
|
||||
--replace '/bin/cp' 'cp'
|
||||
|
||||
patchShebangs \
|
||||
linux/installer/bin/build-installpkg.sh \
|
||||
linux/installer/common/psw/createTarball.sh \
|
||||
linux/installer/common/psw/install.sh
|
||||
'';
|
||||
|
||||
dontUseCmakeConfigure = true;
|
||||
|
||||
# Randomly fails if enabled
|
||||
enableParallelBuilding = false;
|
||||
|
||||
buildFlags = [
|
||||
"psw_install_pkg"
|
||||
] ++ lib.optionals debug [
|
||||
"DEBUG=1"
|
||||
];
|
||||
|
||||
installFlags = [
|
||||
"-C linux/installer/common/psw/output"
|
||||
"DESTDIR=$(TMPDIR)/install"
|
||||
];
|
||||
|
||||
postInstall = ''
|
||||
installDir=$TMPDIR/install
|
||||
sgxPswDir=$installDir/opt/intel/sgxpsw
|
||||
|
||||
mv $installDir/usr/lib64/ $out/lib/
|
||||
ln -sr $out/lib $out/lib64
|
||||
|
||||
# Install udev rules to lib/udev/rules.d
|
||||
mv $sgxPswDir/udev/ $out/lib/
|
||||
|
||||
# Install example AESM config
|
||||
mkdir $out/etc/
|
||||
mv $sgxPswDir/aesm/conf/aesmd.conf $out/etc/
|
||||
rmdir $sgxPswDir/aesm/conf/
|
||||
|
||||
# Delete init service
|
||||
rm $sgxPswDir/aesm/aesmd.conf
|
||||
|
||||
# Move systemd services
|
||||
mkdir -p $out/lib/systemd/system/
|
||||
mv $sgxPswDir/aesm/aesmd.service $out/lib/systemd/system/
|
||||
mv $sgxPswDir/remount-dev-exec.service $out/lib/systemd/system/
|
||||
|
||||
# Move misc files
|
||||
mkdir $out/share/
|
||||
mv $sgxPswDir/licenses $out/share/
|
||||
|
||||
# Remove unnecessary files
|
||||
rm $sgxPswDir/{cleanup.sh,startup.sh}
|
||||
rm -r $sgxPswDir/scripts
|
||||
|
||||
mv $sgxPswDir/aesm/ $out/
|
||||
|
||||
mkdir $out/bin
|
||||
makeWrapper $out/aesm/aesm_service $out/bin/aesm_service \
|
||||
--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ protobuf ]}:$out/aesm \
|
||||
--run "cd $out/aesm"
|
||||
|
||||
# Make sure we didn't forget to handle any files
|
||||
rmdir $sgxPswDir || (echo "Error: The directory $installDir still contains unhandled files: $(ls -A $installDir)" >&2 && exit 1)
|
||||
'';
|
||||
|
||||
# Most—if not all—of those fixups are not relevant for NixOS as we have our own
|
||||
# NixOS module which is based on those files without relying on them. Still, it
|
||||
# is helpful to have properly patched versions for non-NixOS distributions.
|
||||
postFixup = ''
|
||||
header "Fixing aesmd.service"
|
||||
substituteInPlace $out/lib/systemd/system/aesmd.service \
|
||||
--replace '@aesm_folder@' \
|
||||
"$out/aesm" \
|
||||
--replace 'Type=forking' \
|
||||
'Type=simple' \
|
||||
--replace "ExecStart=$out/aesm/aesm_service" \
|
||||
"ExecStart=$out/bin/aesm_service --no-daemon"\
|
||||
--replace "/bin/mkdir" \
|
||||
"${coreutils}/bin/mkdir" \
|
||||
--replace "/bin/chown" \
|
||||
"${coreutils}/bin/chown" \
|
||||
--replace "/bin/chmod" \
|
||||
"${coreutils}/bin/chmod" \
|
||||
--replace "/bin/kill" \
|
||||
"${coreutils}/bin/kill"
|
||||
|
||||
header "Fixing remount-dev-exec.service"
|
||||
substituteInPlace $out/lib/systemd/system/remount-dev-exec.service \
|
||||
--replace '/bin/mount' \
|
||||
"${util-linux}/bin/mount"
|
||||
|
||||
header "Fixing linksgx.sh"
|
||||
# https://github.com/intel/linux-sgx/pull/736
|
||||
substituteInPlace $out/aesm/linksgx.sh \
|
||||
--replace '/usr/bin/getent' \
|
||||
'${glibc.bin}/bin/getent' \
|
||||
--replace '/usr/sbin/usermod' \
|
||||
'${shadow}/bin/usermod'
|
||||
'';
|
||||
|
||||
passthru.tests = {
|
||||
service = nixosTests.aesmd;
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
description = "Intel SGX Architectural Enclave Service Manager";
|
||||
homepage = "https://github.com/intel/linux-sgx";
|
||||
maintainers = with maintainers; [ veehaitch citadelcore ];
|
||||
platforms = [ "x86_64-linux" ];
|
||||
license = with licenses; [ bsd3 ];
|
||||
};
|
||||
}
|
|
@ -21,13 +21,13 @@
|
|||
, validatePkgConfig
|
||||
, writeShellScript
|
||||
, writeText
|
||||
, debug ? false
|
||||
}:
|
||||
with lib;
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "sgx-sdk";
|
||||
version = "2.14.100.2";
|
||||
|
||||
versionTag = concatStringsSep "." (take 2 (splitVersion version));
|
||||
versionTag = lib.concatStringsSep "." (lib.take 2 (lib.splitVersion version));
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "intel";
|
||||
|
@ -140,6 +140,8 @@ stdenv.mkDerivation rec {
|
|||
|
||||
buildFlags = [
|
||||
"sdk_install_pkg"
|
||||
] ++ lib.optionals debug [
|
||||
"DEBUG=1"
|
||||
];
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
@ -264,7 +266,7 @@ stdenv.mkDerivation rec {
|
|||
|
||||
passthru.tests = callPackage ./samples.nix { };
|
||||
|
||||
meta = {
|
||||
meta = with lib; {
|
||||
description = "Intel SGX SDK for Linux built with IPP Crypto Library";
|
||||
homepage = "https://github.com/intel/linux-sgx";
|
||||
maintainers = with maintainers; [ sbellem arturcygan veehaitch ];
|
|
@ -5,16 +5,16 @@
|
|||
|
||||
buildGoModule rec {
|
||||
pname = "trivy";
|
||||
version = "0.21.1";
|
||||
version = "0.21.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "aquasecurity";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-KxGG59H5EzIcYigvbQlrwpZLP4zMqErO3vDKhBOPc3w=";
|
||||
sha256 = "sha256-k8bjwKoAXt9XFQX7rHhdrcu3FoaU31Ra78PQHNVCfq0=";
|
||||
};
|
||||
|
||||
vendorSha256 = "sha256-lITzqPMsZk/G2nG4LcUdyTb3gE3rtlXET/c2UaYODvU=";
|
||||
vendorSha256 = "sha256-rJvmY0557QOb8D1/LhN8w64ds3HwqolLmGdntS5CJPQ=";
|
||||
|
||||
excludedPackages = "misc";
|
||||
|
||||
|
|
|
@ -2,11 +2,11 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "abcMIDI";
|
||||
version = "2021.12.05";
|
||||
version = "2021.12.10";
|
||||
|
||||
src = fetchzip {
|
||||
url = "https://ifdo.ca/~seymour/runabc/${pname}-${version}.zip";
|
||||
hash = "sha256-q3iyIheV7g6l2S6CSKqt9VQKa9i8xg5RKOO3JfFXuLI=";
|
||||
hash = "sha256-Jvj7gOrIT0IXihPkPDH9n80bg4xllvPTKxIWA3wX5B0=";
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
|
|
|
@ -12,16 +12,16 @@
|
|||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "zellij";
|
||||
version = "0.21.0";
|
||||
version = "0.22.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "zellij-org";
|
||||
repo = "zellij";
|
||||
rev = "v${version}";
|
||||
sha256 = "1n033qvidahpfsp4k3x30sav3asldhjlsbydb23vg0v7bxjl2c2q";
|
||||
sha256 = "sha256-bia1q2IPrlVeSLsD/HGkWwAUW8THAuzXQR2Iw0v8TKM=";
|
||||
};
|
||||
|
||||
cargoSha256 = "1pjmlwx966pgri58xx2zqr84wili0bzpl9gzhjdkvcx0j1f66anb";
|
||||
cargoSha256 = "sha256-ptM0QrrWFy9rb/CpLYuzRE48Wr429lcE9xnV8uA8mGs=";
|
||||
|
||||
nativeBuildInputs = [
|
||||
installShellFiles
|
||||
|
|
|
@ -296,6 +296,7 @@ mapAliases ({
|
|||
svn_all_fast_export = svn-all-fast-export;
|
||||
topGit = top-git;
|
||||
};
|
||||
gitin = throw "gitin has been remove because it was unmaintained and depended on an insecure version of libgit2"; # added 2021-12-07
|
||||
glib_networking = glib-networking; # added 2018-02-25
|
||||
gmailieer = lieer; # added 2020-04-19
|
||||
gmvault = throw "gmvault has been removed because it is unmaintained, mostly broken, and insecure"; # added 2021-03-08
|
||||
|
@ -929,7 +930,8 @@ mapAliases ({
|
|||
telepathy_salut = telepathy-salut; # added 2018-02-25
|
||||
telnet = inetutils; # added 2018-05-15
|
||||
terminus = throw "terminus has been removed, it was unmaintained in nixpkgs"; # added 2021-08-21
|
||||
terraform_1_0_0 = terraform_1_0; # added 2021-06-15
|
||||
terraform_1_0_0 = throw "terraform_1_0_0 has been renamed to terraform_1"; # added 2021-06-15
|
||||
terraform_1_0 = throw "terraform_1_0 has been renamed to terraform_1"; # added 2021-12-08
|
||||
terraform-provider-ibm = terraform-providers.ibm; # added 2018-09-28
|
||||
terraform-provider-libvirt = terraform-providers.libvirt; # added 2018-09-28
|
||||
terraform-provider-lxd = terraform-providers.lxd; # added 2020-03-16
|
||||
|
|
|
@ -373,6 +373,8 @@ with pkgs;
|
|||
|
||||
onesixtyone = callPackage ../tools/security/onesixtyone {};
|
||||
|
||||
oletools = with python3.pkgs; toPythonApplication oletools;
|
||||
|
||||
creddump = callPackage ../tools/security/creddump {};
|
||||
|
||||
credential-detector = callPackage ../tools/security/credential-detector { };
|
||||
|
@ -5797,8 +5799,6 @@ with pkgs;
|
|||
|
||||
github-runner = callPackage ../development/tools/continuous-integration/github-runner { };
|
||||
|
||||
gitin = callPackage ../applications/version-management/git-and-tools/gitin { };
|
||||
|
||||
gitinspector = callPackage ../applications/version-management/gitinspector { };
|
||||
|
||||
gitkraken = callPackage ../applications/version-management/gitkraken { };
|
||||
|
@ -18799,6 +18799,8 @@ with pkgs;
|
|||
|
||||
msgpack = callPackage ../development/libraries/msgpack { };
|
||||
|
||||
msoffcrypto-tool = with python3.pkgs; toPythonApplication msoffcrypto-tool;
|
||||
|
||||
msilbc = callPackage ../development/libraries/msilbc { };
|
||||
|
||||
mp4v2 = callPackage ../development/libraries/mp4v2 { };
|
||||
|
@ -22765,7 +22767,9 @@ with pkgs;
|
|||
|
||||
seturgent = callPackage ../os-specific/linux/seturgent { };
|
||||
|
||||
sgx-sdk = callPackage ../os-specific/linux/sgx-sdk { };
|
||||
sgx-sdk = callPackage ../os-specific/linux/sgx/sdk { };
|
||||
|
||||
sgx-psw = callPackage ../os-specific/linux/sgx/psw { };
|
||||
|
||||
shadow = callPackage ../os-specific/linux/shadow { };
|
||||
|
||||
|
@ -33230,11 +33234,11 @@ with pkgs;
|
|||
terraform_0_13
|
||||
terraform_0_14
|
||||
terraform_0_15
|
||||
terraform_1_0
|
||||
terraform_1
|
||||
terraform_plugins_test
|
||||
;
|
||||
|
||||
terraform = terraform_1_0;
|
||||
terraform = terraform_1;
|
||||
# deprecated
|
||||
terraform-full = terraform.full;
|
||||
|
||||
|
|
|
@ -5043,6 +5043,8 @@ in {
|
|||
|
||||
msldap = callPackage ../development/python-modules/msldap { };
|
||||
|
||||
msoffcrypto-tool = callPackage ../development/python-modules/msoffcrypto-tool { };
|
||||
|
||||
mss = callPackage ../development/python-modules/mss { };
|
||||
|
||||
msrestazure = callPackage ../development/python-modules/msrestazure { };
|
||||
|
@ -5422,6 +5424,8 @@ in {
|
|||
|
||||
olefile = callPackage ../development/python-modules/olefile { };
|
||||
|
||||
oletools = callPackage ../development/python-modules/oletools { };
|
||||
|
||||
omegaconf = callPackage ../development/python-modules/omegaconf { };
|
||||
|
||||
omnilogic = callPackage ../development/python-modules/omnilogic { };
|
||||
|
@ -5707,6 +5711,8 @@ in {
|
|||
|
||||
pc-ble-driver-py = toPythonModule (callPackage ../development/python-modules/pc-ble-driver-py { });
|
||||
|
||||
pcodedmp = callPackage ../development/python-modules/pcodedmp { };
|
||||
|
||||
pcpp = callPackage ../development/python-modules/pcpp { };
|
||||
|
||||
pdf2image = callPackage ../development/python-modules/pdf2image { };
|
||||
|
|
Loading…
Reference in a new issue