Merge staging-next into staging

This commit is contained in:
github-actions[bot] 2021-12-17 12:02:12 +00:00 committed by GitHub
commit a6adcc1edf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
58 changed files with 691 additions and 333 deletions

View file

@ -36,6 +36,13 @@
<link linkend="opt-services.filebeat.enable">services.filebeat</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/ngoduykhanh/PowerDNS-Admin">PowerDNS-Admin</link>,
a web interface for the PowerDNS server. Available at
<link xlink:href="options.html#opt-services.powerdns-admin.enable">services.powerdns-admin</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-incompatibilities">

View file

@ -12,6 +12,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html), a lightweight shipper for forwarding and centralizing log data. Available as [services.filebeat](#opt-services.filebeat.enable).
- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable).
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.

View file

@ -1026,6 +1026,7 @@
./services/web-apps/plantuml-server.nix
./services/web-apps/plausible.nix
./services/web-apps/pgpkeyserver-lite.nix
./services/web-apps/powerdns-admin.nix
./services/web-apps/matomo.nix
./services/web-apps/moinmoin.nix
./services/web-apps/openwebrx.nix

View file

@ -10,6 +10,8 @@ let
stateDir = "%S/${systemdDir}";
# %L: Log directory root (usually /var/log); see systemd.unit(5)
logsDir = "%L/${systemdDir}";
# Name of file stored in service state directory
currentConfigTokenFilename = ".current-token";
in
{
options.services.github-runner = {
@ -144,13 +146,11 @@ in
ExecStart = "${cfg.package}/bin/runsvc.sh";
# Does the following, sequentially:
# - Copy the current and the previous `tokenFile` to the $RUNTIME_DIRECTORY
# and make it accessible to the service user to allow for a content
# comparison.
# - If the module configuration or the token has changed, clear the state directory.
# - Configure the runner.
# - Copy the configured `tokenFile` to the $STATE_DIRECTORY and make it
# inaccessible to the service user.
# - If the module configuration or the token has changed, purge the state directory,
# and create the current and the new token file with the contents of the configured
# token. While both files have the same content, only the later is accessible by
# the service user.
# - Configure the runner using the new token file. When finished, delete it.
# - Set up the directory structure by creating the necessary symlinks.
ExecStartPre =
let
@ -173,37 +173,20 @@ in
currentConfigPath = "$STATE_DIRECTORY/.nixos-current-config.json";
runnerRegistrationConfig = getAttrs [ "name" "tokenFile" "url" "runnerGroup" "extraLabels" ] cfg;
newConfigPath = builtins.toFile "${svcName}-config.json" (builtins.toJSON runnerRegistrationConfig);
currentConfigTokenFilename = ".current-token";
newConfigTokenFilename = ".new-token";
runnerCredFiles = [
".credentials"
".credentials_rsaparams"
".runner"
];
ownConfigTokens = writeScript "own-config-tokens" ''
# Copy current and new token file to runtime dir and make it accessible to the service user
cp ${escapeShellArg cfg.tokenFile} "$RUNTIME_DIRECTORY/${newConfigTokenFilename}"
chmod 600 "$RUNTIME_DIRECTORY/${newConfigTokenFilename}"
chown "$USER" "$RUNTIME_DIRECTORY/${newConfigTokenFilename}"
if [[ -e "$STATE_DIRECTORY/${currentConfigTokenFilename}" ]]; then
cp "$STATE_DIRECTORY/${currentConfigTokenFilename}" "$RUNTIME_DIRECTORY/${currentConfigTokenFilename}"
chmod 600 "$RUNTIME_DIRECTORY/${currentConfigTokenFilename}"
chown "$USER" "$RUNTIME_DIRECTORY/${currentConfigTokenFilename}"
fi
'';
disownConfigTokens = writeScript "disown-config-tokens" ''
# Make the token inaccessible to the runner service user
chmod 600 "$STATE_DIRECTORY/${currentConfigTokenFilename}"
chown root:root "$STATE_DIRECTORY/${currentConfigTokenFilename}"
'';
unconfigureRunner = writeScript "unconfigure" ''
differs=
# Set `differs = 1` if current and new runner config differ or if `currentConfigPath` does not exist
${pkgs.diffutils}/bin/diff -q '${newConfigPath}' "${currentConfigPath}" >/dev/null 2>&1 || differs=1
# Also trigger a registration if the token content changed
${pkgs.diffutils}/bin/diff -q \
"$RUNTIME_DIRECTORY"/{${currentConfigTokenFilename},${newConfigTokenFilename}} \
"$STATE_DIRECTORY"/${currentConfigTokenFilename} \
${escapeShellArg cfg.tokenFile} \
>/dev/null 2>&1 || differs=1
if [[ -n "$differs" ]]; then
@ -211,13 +194,18 @@ in
echo "The old runner will still appear in the GitHub Actions UI." \
"You have to remove it manually."
find "$STATE_DIRECTORY/" -mindepth 1 -delete
# Copy the configured token file to the state dir and allow the service user to read the file
install --mode=666 ${escapeShellArg cfg.tokenFile} "$STATE_DIRECTORY/${newConfigTokenFilename}"
# Also copy current file to allow for a diff on the next start
install --mode=600 ${escapeShellArg cfg.tokenFile} "$STATE_DIRECTORY/${currentConfigTokenFilename}"
fi
'';
configureRunner = writeScript "configure" ''
empty=$(ls -A "$STATE_DIRECTORY")
if [[ -z "$empty" ]]; then
if [[ -e "$STATE_DIRECTORY/${newConfigTokenFilename}" ]]; then
echo "Configuring GitHub Actions Runner"
token=$(< "$RUNTIME_DIRECTORY"/${newConfigTokenFilename})
token=$(< "$STATE_DIRECTORY"/${newConfigTokenFilename})
RUNNER_ROOT="$STATE_DIRECTORY" ${cfg.package}/bin/config.sh \
--unattended \
--work "$RUNTIME_DIRECTORY" \
@ -234,8 +222,7 @@ in
rm -rf "$STATE_DIRECTORY/_diag/"
# Cleanup token from config
rm -f "$RUNTIME_DIRECTORY"/${currentConfigTokenFilename}
mv "$RUNTIME_DIRECTORY"/${newConfigTokenFilename} "$STATE_DIRECTORY/${currentConfigTokenFilename}"
rm "$STATE_DIRECTORY/${newConfigTokenFilename}"
# Symlink to new config
ln -s '${newConfigPath}' "${currentConfigPath}"
@ -250,10 +237,8 @@ in
'';
in
map (x: "${x} ${escapeShellArgs [ stateDir runtimeDir logsDir ]}") [
"+${ownConfigTokens}" # runs as root
unconfigureRunner
"+${unconfigureRunner}" # runs as root
configureRunner
"+${disownConfigTokens}" # runs as root
setupRuntimeDir
];
@ -266,6 +251,13 @@ in
StateDirectoryMode = "0700";
WorkingDirectory = runtimeDir;
InaccessiblePaths = [
# Token file path given in the configuration
cfg.tokenFile
# Token file in the state directory
"${stateDir}/${currentConfigTokenFilename}"
];
# By default, use a dynamically allocated user
DynamicUser = true;

View file

@ -0,0 +1,149 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.powerdns-admin;
configText = ''
${cfg.config}
''
+ optionalString (cfg.secretKeyFile != null) ''
with open('${cfg.secretKeyFile}') as file:
SECRET_KEY = file.read()
''
+ optionalString (cfg.saltFile != null) ''
with open('${cfg.saltFile}') as file:
SALT = file.read()
'';
in
{
options.services.powerdns-admin = {
enable = mkEnableOption "the PowerDNS web interface";
extraArgs = mkOption {
type = types.listOf types.str;
default = [ ];
example = literalExpression ''
[ "-b" "127.0.0.1:8000" ]
'';
description = ''
Extra arguments passed to powerdns-admin.
'';
};
config = mkOption {
type = types.str;
default = "";
example = ''
BIND_ADDRESS = '127.0.0.1'
PORT = 8000
SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin@/powerdnsadmin?host=/run/postgresql'
'';
description = ''
Configuration python file.
See <link xlink:href="https://github.com/ngoduykhanh/PowerDNS-Admin/blob/v${pkgs.powerdns-admin.version}/configs/development.py">the example configuration</link>
for options.
'';
};
secretKeyFile = mkOption {
type = types.nullOr types.path;
example = "/etc/powerdns-admin/secret";
description = ''
The secret used to create cookies.
This needs to be set, otherwise the default is used and everyone can forge valid login cookies.
Set this to null to ignore this setting and configure it through another way.
'';
};
saltFile = mkOption {
type = types.nullOr types.path;
example = "/etc/powerdns-admin/salt";
description = ''
The salt used for serialization.
This should be set, otherwise the default is used.
Set this to null to ignore this setting and configure it through another way.
'';
};
};
config = mkIf cfg.enable {
systemd.services.powerdns-admin = {
description = "PowerDNS web interface";
wantedBy = [ "multi-user.target" ];
after = [ "networking.target" ];
environment.FLASK_CONF = builtins.toFile "powerdns-admin-config.py" configText;
environment.PYTHONPATH = pkgs.powerdns-admin.pythonPath;
serviceConfig = {
ExecStart = "${pkgs.powerdns-admin}/bin/powerdns-admin --pid /run/powerdns-admin/pid ${escapeShellArgs cfg.extraArgs}";
ExecStartPre = "${pkgs.coreutils}/bin/env FLASK_APP=${pkgs.powerdns-admin}/share/powerdnsadmin/__init__.py ${pkgs.python3Packages.flask}/bin/flask db upgrade -d ${pkgs.powerdns-admin}/share/migrations";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
ExecStop = "${pkgs.coreutils}/bin/kill -TERM $MAINPID";
PIDFile = "/run/powerdns-admin/pid";
RuntimeDirectory = "powerdns-admin";
User = "powerdnsadmin";
Group = "powerdnsadmin";
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
BindReadOnlyPaths = [
"/nix/store"
"-/etc/resolv.conf"
"-/etc/nsswitch.conf"
"-/etc/hosts"
"-/etc/localtime"
]
++ (optional (cfg.secretKeyFile != null) cfg.secretKeyFile)
++ (optional (cfg.saltFile != null) cfg.saltFile);
CapabilityBoundingSet = "CAP_NET_BIND_SERVICE";
# ProtectClock= adds DeviceAllow=char-rtc r
DeviceAllow = "";
# Implies ProtectSystem=strict, which re-mounts all paths
#DynamicUser = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
# Needs to start a server
#PrivateNetwork = true;
PrivateTmp = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectHome = true;
ProtectHostname = true;
# Would re-mount paths ignored by temporary root
#ProtectSystem = "strict";
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
# gunicorn needs setuid
SystemCallFilter = [
"@system-service"
"~@privileged @resources @keyring"
# These got removed by the line above but are needed
"@setuid @chown"
];
TemporaryFileSystem = "/:ro";
# Does not work well with the temporary root
#UMask = "0066";
};
};
users.groups.powerdnsadmin = { };
users.users.powerdnsadmin = {
description = "PowerDNS web interface user";
isSystemUser = true;
group = "powerdnsadmin";
};
};
}

View file

@ -381,6 +381,7 @@ in
postgresql = handleTest ./postgresql.nix {};
postgresql-wal-receiver = handleTest ./postgresql-wal-receiver.nix {};
powerdns = handleTest ./powerdns.nix {};
powerdns-admin = handleTest ./powerdns-admin.nix {};
power-profiles-daemon = handleTest ./power-profiles-daemon.nix {};
pppd = handleTest ./pppd.nix {};
predictable-interface-names = handleTest ./predictable-interface-names.nix {};

View file

@ -0,0 +1,117 @@
# Test powerdns-admin
{ system ? builtins.currentSystem
, config ? { }
, pkgs ? import ../.. { inherit system config; }
}:
with import ../lib/testing-python.nix { inherit system pkgs; };
with pkgs.lib;
let
defaultConfig = ''
BIND_ADDRESS = '127.0.0.1'
PORT = 8000
'';
makeAppTest = name: configs: makeTest {
name = "powerdns-admin-${name}";
meta = with pkgs.lib.maintainers; {
maintainers = [ Flakebi zhaofengli ];
};
nodes.server = { pkgs, config, ... }: mkMerge ([
{
services.powerdns-admin = {
enable = true;
secretKeyFile = "/etc/powerdns-admin/secret";
saltFile = "/etc/powerdns-admin/salt";
};
# It's insecure to have secrets in the world-readable nix store, but this is just a test
environment.etc."powerdns-admin/secret".text = "secret key";
environment.etc."powerdns-admin/salt".text = "salt";
environment.systemPackages = [
(pkgs.writeShellScriptBin "run-test" config.system.build.testScript)
];
}
] ++ configs);
testScript = ''
server.wait_for_unit("powerdns-admin.service")
server.wait_until_succeeds("run-test", timeout=10)
'';
};
matrix = {
backend = {
mysql = {
services.powerdns-admin = {
config = ''
${defaultConfig}
SQLALCHEMY_DATABASE_URI = 'mysql://powerdnsadmin@/powerdnsadmin?unix_socket=/run/mysqld/mysqld.sock'
'';
};
systemd.services.powerdns-admin = {
after = [ "mysql.service" ];
serviceConfig.BindPaths = "/run/mysqld";
};
services.mysql = {
enable = true;
package = pkgs.mariadb;
ensureDatabases = [ "powerdnsadmin" ];
ensureUsers = [
{
name = "powerdnsadmin";
ensurePermissions = {
"powerdnsadmin.*" = "ALL PRIVILEGES";
};
}
];
};
};
postgresql = {
services.powerdns-admin = {
config = ''
${defaultConfig}
SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin@/powerdnsadmin?host=/run/postgresql'
'';
};
systemd.services.powerdns-admin = {
after = [ "postgresql.service" ];
serviceConfig.BindPaths = "/run/postgresql";
};
services.postgresql = {
enable = true;
ensureDatabases = [ "powerdnsadmin" ];
ensureUsers = [
{
name = "powerdnsadmin";
ensurePermissions = {
"DATABASE powerdnsadmin" = "ALL PRIVILEGES";
};
}
];
};
};
};
listen = {
tcp = {
services.powerdns-admin.extraArgs = [ "-b" "127.0.0.1:8000" ];
system.build.testScript = ''
curl -sSf http://127.0.0.1:8000/
'';
};
unix = {
services.powerdns-admin.extraArgs = [ "-b" "unix:/run/powerdns-admin/http.sock" ];
system.build.testScript = ''
curl -sSf --unix-socket /run/powerdns-admin/http.sock http://somehost/
'';
};
};
};
in
with matrix; {
postgresql = makeAppTest "postgresql" [ backend.postgresql listen.tcp ];
mysql = makeAppTest "mysql" [ backend.mysql listen.tcp ];
unix-listener = makeAppTest "unix-listener" [ backend.postgresql listen.unix ];
}

View file

@ -6,11 +6,11 @@
stdenv.mkDerivation rec {
pname = "bitwig-studio";
version = "4.1.1";
version = "4.1.2";
src = fetchurl {
url = "https://downloads.bitwig.com/stable/${version}/${pname}-${version}.deb";
sha256 = "sha256-bhd3Ij4y1r5pHrpQkbHuMTNl8Z3w0HsbCkr1C0CVFvQ=";
sha256 = "sha256-fXrpTOA6Uh4DgGU+3A7SV23Sb+Z2Ud4rCPmMk5I1MnA=";
};
nativeBuildInputs = [ dpkg makeWrapper wrapGAppsHook ];

View file

@ -7,16 +7,16 @@
}:
rustPlatform.buildRustPackage rec {
pname = "polkadot";
version = "0.9.12-1";
version = "0.9.14";
src = fetchFromGitHub {
owner = "paritytech";
repo = "polkadot";
rev = "v${version}";
sha256 = "sha256-+HATcxdIDQGDIQBF08yy/eKBcS10Hp7C0nZFVsYFNwQ=";
sha256 = "sha256-SCi+hpdMUTX1NLF1RUce0d/2G19sVfJ5IsmM1xcAUKo=";
};
cargoSha256 = "sha256-1qg4ZnSORRVI7eCVMrR7lY3tzo7KJt+dC2RBXqbKrig=";
cargoSha256 = "sha256-ZcIsbMI96qX0LLJXmkCRS9g40ccZOH/upPbAA7XEZIw=";
nativeBuildInputs = [ clang ];

View file

@ -1,31 +1,19 @@
{ lib, stdenv, fetchFromGitHub, fetchpatch
{ lib, stdenv, fetchFromGitHub
, cmake, halide
, libpng, libjpeg, libtiff, libraw
}:
stdenv.mkDerivation rec {
pname = "hdr-plus-unstable";
version = "2020-10-29";
pname = "hdr-plus";
version = "unstable-2021-12-10";
src = fetchFromGitHub {
owner = "timothybrooks";
repo = "hdr-plus";
rev = "132bd73ccd4eaef9830124605c93f06a98607cfa";
sha256 = "1n49ggrppf336p7n510kapzh376791bysxj3f33m3bdzksq360ps";
rev = "0ab70564493bdbcd5aca899b5885505d0c824435";
sha256 = "sha256-QV8bGxkwFpbNzJG4kmrWwFQxUo2XzLPnoI1e32UmM6g=";
};
patches = [
# PR #70, fixes incompatibility with Halide 10.0.0
(fetchpatch {
url = "https://github.com/timothybrooks/hdr-plus/pull/70/commits/077e1a476279539c72e615210762dca27984c57b.patch";
sha256 = "1sg2l1bqs2smpfpy4flwg86fzhcc4yf7zx998v1bfhim43yyrx59";
})
];
postPatch = ''
sed -i '2a #include <array>' src/InputSource.h
'';
nativeBuildInputs = [ cmake ];
buildInputs = [ halide libpng libjpeg libtiff libraw ];

View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, autoreconfHook
{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config
, curl, db, libgeotiff
, libXpm, libXt, motif, pcre
, perl, proj, rastermagick, shapelib
@ -6,17 +6,21 @@
stdenv.mkDerivation rec {
pname = "xastir";
version = "2.1.6";
version = "2.1.8";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "Release-${version}";
sha256 = "0yrvwy6hlc73gzwrsrczflyymyz0k33hj991ajrd1vijq14m3n91";
hash = "sha256-hRe0KO1lWOv3hNNDMS70t+X1rxuhNlNKykmo4LEU+U0=";
};
buildInputs = [
nativeBuildInputs = [
autoreconfHook
pkg-config
];
buildInputs = [
curl db libgeotiff
libXpm libXt motif pcre
perl proj rastermagick shapelib

View file

@ -7,10 +7,10 @@ in
rec {
firefox = common rec {
pname = "firefox";
version = "95.0";
version = "95.0.1";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "350672a2cd99195c67dafc0e71c6eaf1e23e85a5fe92775697119a054f17c34a736035e23d7f2bb404b544f0f144efef3843cfc293596a6e61d1ea36efc3a724";
sha512 = "54887c3adbf7202b835ae1ac928c3c95516ef11f9894456561dad500a1a61623f926b37f6e02fef0898e7ee0fd9147a71e5432634e6e0a2c2fecd08509799c37";
};
meta = {

View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "pgo-client";
version = "4.7.3";
version = "4.7.4";
src = fetchFromGitHub {
owner = "CrunchyData";
repo = "postgres-operator";
rev = "v${version}";
sha256 = "sha256-nIflJLHhzEMq4RZUHjZYvBW+cxsi/gc9ZnMoGCesbrc=";
sha256 = "sha256-8L3eFMATCGIM6xxUM7mi/D3njHMFk7cgPLJotilAS5k=";
};
vendorSha256 = "sha256-m8b6Lh6it67A6cppdBDX4X0u7Kde4GQz9wln/TrHVwI=";
vendorSha256 = "sha256-4Vz7Lioj6iLU7dbz/B2BSAgfaCl2MyC8MM9yiyWLi2o=";
subPackages = [ "cmd/pgo" ];

View file

@ -183,11 +183,9 @@ stdenv.mkDerivation {
meta = with lib; {
description = "Mozilla Thunderbird, a full-featured email client (binary package)";
homepage = "http://www.mozilla.org/thunderbird/";
license = {
free = false;
url = "http://www.mozilla.org/en-US/foundation/trademarks/policy/";
};
license = licenses.mpl20;
maintainers = with lib.maintainers; [ ];
platforms = platforms.linux;
hydraPlatforms = [ ];
};
}

View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, mkYarnPackage, writeText, python3 }:
{ lib, stdenv, fetchFromGitHub, mkYarnPackage, nixosTests, writeText, python3 }:
let
version = "0.2.3";
@ -23,8 +23,8 @@ let
pythonDeps = with python.pkgs; [
flask flask_assets flask_login flask_sqlalchemy flask_migrate flask-seasurf flask_mail flask-sslify
mysqlclient sqlalchemy
configobj bcrypt requests ldap pyotp qrcode dnspython
mysqlclient psycopg2 sqlalchemy
cffi configobj cryptography bcrypt requests ldap pyotp qrcode dnspython
gunicorn python3-saml pyopenssl pytz cssmin jsmin authlib bravado-core
lima pytimeparse pyyaml
];
@ -91,6 +91,7 @@ in stdenv.mkDerivation rec {
postPatch = ''
rm -r powerdnsadmin/static powerdnsadmin/assets.py
sed -i "s/id:/'id':/" migrations/versions/787bdba9e147_init_db.py
'';
installPhase = ''
@ -100,7 +101,7 @@ in stdenv.mkDerivation rec {
wrapPythonPrograms
mkdir -p $out/share $out/bin
cp -r powerdnsadmin $out/share/powerdnsadmin
cp -r migrations powerdnsadmin $out/share/
ln -s ${assets} $out/share/powerdnsadmin/static
ln -s ${assetsPy} $out/share/powerdnsadmin/assets.py
@ -114,6 +115,12 @@ in stdenv.mkDerivation rec {
runHook postInstall
'';
passthru = {
# PYTHONPATH of all dependencies used by the package
pythonPath = python3.pkgs.makePythonPath pythonDeps;
tests = nixosTests.powerdns-admin;
};
meta = with lib; {
description = "A PowerDNS web interface with advanced features";
homepage = "https://github.com/ngoduykhanh/PowerDNS-Admin";

View file

@ -9,18 +9,18 @@
buildGoModule rec {
pname = "shellhub-agent";
version = "0.7.2";
version = "0.8.1";
src = fetchFromGitHub {
owner = "shellhub-io";
repo = "shellhub";
rev = "v${version}";
sha256 = "02ka7acynkwkml2pavlv4j5vkm6x5aq5sfxgydv26qzs39f1wdgc";
sha256 = "LafREMle3v/XLLsfS+sNSE4Q9AwX4v8Mg9/9RngbN40=";
};
modRoot = "./agent";
vendorSha256 = "18z3vwcwkyj6hcvl35qmj034237h9l18dvcbx1hxry7qdwv807c9";
vendorSha256 = "sha256-3bHDDjfpXgmS6lpIOkpouTKTjHT1gMbUWnuskaOptUM=";
ldflags = [ "-s" "-w" "-X main.AgentVersion=v${version}" ];

View file

@ -114,7 +114,7 @@ rec {
echo "mounting Nix store..."
mkdir -p /fs${storeDir}
mount -t 9p store /fs${storeDir} -o trans=virtio,version=9p2000.L,cache=loose
mount -t 9p store /fs${storeDir} -o trans=virtio,version=9p2000.L,cache=loose,msize=131072
mkdir -p /fs/tmp /fs/run /fs/var
mount -t tmpfs -o "mode=1777" none /fs/tmp
@ -123,7 +123,7 @@ rec {
echo "mounting host's temporary directory..."
mkdir -p /fs/tmp/xchg
mount -t 9p xchg /fs/tmp/xchg -o trans=virtio,version=9p2000.L
mount -t 9p xchg /fs/tmp/xchg -o trans=virtio,version=9p2000.L,msize=131072
mkdir -p /fs/proc
mount -t proc none /fs/proc

View file

@ -14,15 +14,15 @@ let
in
stdenv.mkDerivation rec {
pname = "nextpnr";
version = "2021.11.24"; # tagged as 0.1, but we'll keep tracking HEAD
version = "2021.15.21";
srcs = [
(fetchFromGitHub {
owner = "YosysHQ";
repo = "nextpnr";
rev = "fd2d4a8f999947ece42f791e19ddc4c2d8b823f2";
sha256 = "sha256-bGh3svJeVRJO0rTnSYoTndeQrTENx6j9t+GCGX4RX4k=";
name = "nextpnr";
owner = "YosysHQ";
repo = "nextpnr";
rev = "d04cfd5f0f6da184f5b8a03f0ce18fbd1d98eca3";
hash = "sha256-gm/+kwIZ/m10+KuCJoK45F56nKZD3tM0myHwbFKIKAs=";
name = "nextpnr";
})
(fetchFromGitHub {
owner = "YosysHQ";

View file

@ -34,13 +34,13 @@
stdenv.mkDerivation rec {
pname = "yosys";
version = "0.11+52";
version = "0.12+36";
src = fetchFromGitHub {
owner = "YosysHQ";
repo = "yosys";
rev = "2be110cb0ba645f95f62ee01b6a6fa46a85d5b26";
hash = "sha256-A1QKu6SbtpJJPF8/LA5SMUP3/+n5giM6rOYdc6vkl90=";
rev = "60c3ea367c942459a95e610ed98f277ce46c0142";
hash = "sha256-NcfhNUmb3IDG08XgS+NGbRLI8sn4aQkOA7RF7wucDug=";
};
enableParallelBuilding = true;

View file

@ -5,9 +5,10 @@ with lib; mkCoqDerivation {
owner = "snu-sf";
inherit version;
defaultVersion = with versions; switch coq.coq-version [
{ case = range "8.6" "8.13"; out = "4.0.2"; }
{ case = range "8.6" "8.13"; out = "4.1.1"; }
{ case = isEq "8.5"; out = "1.2.8"; }
] null;
release."4.1.1".sha256 = "1qap8cyv649lr1s11r7h5jzdjd4hsna8kph15qy5fw24h5nx6byy";
release."4.0.2".sha256 = "1q96bsxclqx84xn5vkid501jkwlc1p6fhb8szrlrp82zglj58b0b";
release."1.2.8".sha256 = "05fskx5x1qgaf9qv626m38y5izichzzqc7g2rglzrkygbskrrwsb";
releaseRev = v: "v${v}";

View file

@ -1,25 +1,28 @@
{ lib, stdenv, fetchFromGitHub, python3, boost, cmake }:
let
rev = "03e0070f263fbe31c247de61d259544722786210";
rev = "2f06397673bbca3da11928d538b8ab7d01c944c6";
# git describe --tags
realVersion = "1.0-532-g${builtins.substring 0 7 rev}";
realVersion = "1.0-534-g${builtins.substring 0 7 rev}";
in stdenv.mkDerivation rec {
pname = "trellis";
version = "2021-09-01";
version = "2021-12-14";
srcs = [
(fetchFromGitHub {
owner = "YosysHQ";
repo = "prjtrellis";
inherit rev;
sha256 = "joQMsjVj8d3M3IaqOkfVQ1I5qPDM8HHJiye+Ak8f3dg=";
hash = "sha256-m5CalAIbzY2bhOvpBbPBeLZeDp+itk1HlRsSmtiddaA=";
name = "trellis";
})
(fetchFromGitHub {
owner = "YosysHQ";
repo = "prjtrellis-db";
# note: the upstream submodule points to revision 0ee729d20eaf,
# but that's just the tip of the branch that was merged into master.
# fdf4bf275a is the merge commit itself
rev = "fdf4bf275a7402654bc643db537173e2fbc86103";
sha256 = "eDq2wU2pnfK9bOkEVZ07NQPv02Dc6iB+p5GTtVBiyQA=";
name = "trellis-database";

View file

@ -1,20 +1,34 @@
{ lib, stdenv, fetchurl, jre }:
{ lib, stdenv, fetchurl, makeWrapper, jre }:
stdenv.mkDerivation rec {
pname = "alda";
version = "1.5.0";
version = "2.0.6";
src = fetchurl {
url = "https://github.com/alda-lang/alda/releases/download/${version}/alda";
sha256 = "sha256-OHbOsgYN87ThU7EgjCgxADnOv32qIi+7XwDwcW0dmV0=";
src_alda = fetchurl {
url = "https://alda-releases.nyc3.digitaloceanspaces.com/${version}/client/linux-amd64/alda";
sha256 = "1078hywl3gim5wfgxb0xwbk1dn80ls3i7y33n76qsdd4b0x0sn7i";
};
src_player = fetchurl {
url = "https://alda-releases.nyc3.digitaloceanspaces.com/${version}/player/non-windows/alda-player";
sha256 = "1g7k2qnh4vcw63604z7zbvhbpn7l1v3m9mx4j4vywfq6qar1r6ck";
};
dontUnpack = true;
installPhase = ''
install -Dm755 $src $out/bin/alda
sed -i -e '1 s!java!${jre}/bin/java!' $out/bin/alda
'';
nativeBuildInputs = [ makeWrapper ];
installPhase =
let
binPath = lib.makeBinPath [ jre ];
in
''
install -D $src_alda $out/bin/alda
install -D $src_player $out/bin/alda-player
wrapProgram $out/bin/alda --prefix PATH : $out/bin:${binPath}
wrapProgram $out/bin/alda-player --prefix PATH : $out/bin:${binPath}
'';
meta = with lib; {
description = "A music programming language for musicians";
@ -23,5 +37,4 @@ stdenv.mkDerivation rec {
maintainers = [ maintainers.ericdallo ];
platforms = jre.meta.platforms;
};
}

View file

@ -2,13 +2,14 @@
stdenv.mkDerivation rec {
pname = "assimp";
version = "5.0.1";
version = "5.1.3";
outputs = [ "out" "lib" "dev" ];
src = fetchFromGitHub{
owner = "assimp";
repo = "assimp";
rev = "v${version}";
sha256 = "00vxzfcrs856qnyk806wqr67nmpjk06mjby0fqmyhm6i1jj2hg1w";
hash = "sha256-GNSfaP8O5IsjGwtC3DFaV4OiMMUXIcmHmz+5TCT/HP8=";
};
nativeBuildInputs = [ cmake ];
@ -16,7 +17,7 @@ stdenv.mkDerivation rec {
meta = with lib; {
description = "A library to import various 3D model formats";
homepage = "http://assimp.sourceforge.net/";
homepage = "https://www.assimp.org/";
license = licenses.bsd3;
maintainers = with maintainers; [ ehmry ];
platforms = platforms.linux ++ platforms.darwin;

View file

@ -1,33 +1,35 @@
{ lib, stdenv, fetchFromGitHub, cmake
{ lib
, stdenv
, fetchFromGitHub
, cmake
, python3
, withAnimation ? true
, withTranscoder ? true
}:
let
cmakeBool = b: if b then "ON" else "OFF";
in
stdenv.mkDerivation rec {
version = "1.4.3";
version = "1.5.0";
pname = "draco";
src = fetchFromGitHub {
owner = "google";
repo = "draco";
rev = version;
sha256 = "sha256-eSu6tkWbRHzJkWwPgljaScAuL0gRkp8PJUHWC8mUvOw=";
hash = "sha256-BoJg2lZBPVVm6Nc0XK8QSISpe+B8tpgRg9PFncN4+fY=";
fetchSubmodules = true;
};
nativeBuildInputs = [ cmake ];
nativeBuildInputs = [ cmake python3 ];
cmakeFlags = [
# Fake these since we are building from a tarball
"-Ddraco_git_hash=${version}"
"-Ddraco_git_desc=${version}"
"-DBUILD_UNITY_PLUGIN=1"
"-DDRACO_ANIMATION_ENCODING=${cmakeBool withAnimation}"
"-DDRACO_TRANSCODER_SUPPORTED=${cmakeBool withTranscoder}"
"-DBUILD_SHARED_LIBS=${cmakeBool true}"
];
# Upstream mistakenly installs to /nix/store/.../nix/store/.../*, work around that
postInstall = ''
mv $out/nix/store/*/* $out
rm -rf $out/nix
'';
meta = with lib; {
description = "Library for compressing and decompressing 3D geometric meshes and point clouds";
homepage = "https://google.github.io/draco/";

View file

@ -1,19 +1,19 @@
{ lib, stdenv, fetchFromGitHub, cmake, protozero, expat, zlib, bzip2, boost }:
{ lib, stdenv, fetchFromGitHub, cmake, protozero, expat, zlib, bzip2, boost, lz4 }:
stdenv.mkDerivation rec {
pname = "libosmium";
version = "2.17.1";
version = "2.17.2";
src = fetchFromGitHub {
owner = "osmcode";
repo = "libosmium";
rev = "v${version}";
sha256 = "sha256-riNcIC60gw9qxF8UmPjq03XuD3of0BxKbZpgwjMNh3c=";
sha256 = "sha256-+WeEK7rWoUPAiAsgd5qT2bwDf+5IlP4uuyh7+i2L/HU=";
};
nativeBuildInputs = [ cmake ];
buildInputs = [ protozero zlib bzip2 expat boost ];
buildInputs = [ protozero zlib bzip2 expat boost lz4 ];
cmakeFlags = [ "-DINSTALL_GDALCPP:BOOL=ON" ];

View file

@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
NIX_LDFLAGS = lib.optionalString stdenv.isDarwin "-lX11";
meta = with lib; {
homepage = "https://people.freedesktop.org/~aplattner/vdpau/";
homepage = "https://www.freedesktop.org/wiki/Software/VDPAU/";
description = "Library to use the Video Decode and Presentation API for Unix (VDPAU)";
license = licenses.mit; # expat version
platforms = platforms.unix;

View file

@ -2,12 +2,12 @@
stdenv.mkDerivation rec {
pname = "tkrzw";
version = "0.9.51";
version = "1.0.21";
# TODO: defeat multi-output reference cycles
src = fetchurl {
url = "https://dbmx.net/tkrzw/pkg/tkrzw-${version}.tar.gz";
hash = "sha256-UqF2cJ/r8OksAKyHw6B9UiBFIXgKeDmD2ZyJ+iPkY2w=";
hash = "sha256-1g3sIRXxYtD8XGVNpbn4HLTCi+xl2yfJklbUouMQcHs=";
};
enableParallelBuilding = true;

View file

@ -1,25 +0,0 @@
{ lib, buildNimPackage, fetchFromGitHub, python27 }:
buildNimPackage rec {
pname = "python";
version = "1.2";
src = fetchFromGitHub {
owner = "nim-lang";
repo = pname;
rev = "b7c3b2c447a69fdb0a974ba149062e52182fda08";
hash = "sha256-Wl4on0rf4zbNxmwmq/ZkNiPIFCZY+1BdokPQoba2EVI=";
};
postPatch = let pythonLib = "${python27}/lib/libpython2.7.so";
in ''
substituteInPlace src/python.nim \
--replace 'items(LibNames)' "[\"${pythonLib}\"]" \
--replace 'dynlib: dllname' 'dynlib: "${pythonLib}"'
'';
doCheck = true;
meta = with lib;
src.meta // {
description = "Nim wrapper for the Python 2 programming language";
license = [ licenses.mit ];
maintainers = [ maintainers.ehmry ];
};
}

View file

@ -1,4 +1,4 @@
{ lib, buildNimPackage, fetchFromGitHub, python, rocksdb, snappy, spryvm, stew
{ lib, buildNimPackage, fetchFromGitHub, rocksdb, snappy, spryvm, stew
, tempfile, ui }:
buildNimPackage rec {
@ -10,8 +10,8 @@ buildNimPackage rec {
rev = "098da7bb34a9113d5db5402fecfc76b1c3fa3b36";
hash = "sha256-PfWBrG2Z16tLgcN8JYpHaNMysBbbYX812Lkgk0ItMwE=";
};
buildInputs = [ python rocksdb snappy spryvm stew tempfile ui ];
patches = [ ./nil.patch ];
buildInputs = [ rocksdb snappy spryvm stew tempfile ui ];
patches = [ ./nil.patch ./python.patch ];
doCheck = true;
meta = with lib;
src.meta // {

View file

@ -0,0 +1,43 @@
diff --git a/src/ispry.nim b/src/ispry.nim
index 23ad6c3..d2cfc89 100644
--- a/src/ispry.nim
+++ b/src/ispry.nim
@@ -21,7 +21,7 @@ import spryvm/sprycore, spryvm/sprylib, spryvm/spryextend, spryvm/sprymath,
spryvm/spryos, spryvm/spryio, spryvm/sprymemfile, spryvm/sprythread,
spryvm/spryoo, spryvm/sprydebug, spryvm/sprycompress, spryvm/sprystring,
spryvm/sprymodules, spryvm/spryreflect, spryvm/spryblock, spryvm/sprynet,
- spryvm/sprysmtp, spryvm/spryjson, spryvm/sprysqlite, spryvm/sprypython,
+ spryvm/sprysmtp, spryvm/spryjson, spryvm/sprysqlite,
spryvm/spryrocksdb
const Prompt = ">>> "
@@ -63,7 +63,6 @@ proc main() =
spry.addMemfile()
spry.addThread()
- spry.addPython()
spry.addDebug()
spry.addCompress()
spry.addReflect()
diff --git a/src/spry.nim b/src/spry.nim
index 670a280..cda9027 100644
--- a/src/spry.nim
+++ b/src/spry.nim
@@ -14,8 +14,7 @@ import spryvm/sprycore, spryvm/sprylib, spryvm/spryextend, spryvm/sprymath,
spryvm/spryos, spryvm/spryio, spryvm/sprymemfile, spryvm/sprythread,
spryvm/spryoo, spryvm/sprydebug, spryvm/sprycompress, spryvm/sprystring,
spryvm/sprymodules, spryvm/spryreflect, spryvm/spryui, spryvm/spryblock, spryvm/sprynet,
- spryvm/sprysmtp, spryvm/spryjson, spryvm/sprysqlite, spryvm/spryrocksdb,
- spryvm/sprypython
+ spryvm/sprysmtp, spryvm/spryjson, spryvm/sprysqlite, spryvm/spryrocksdb
var spry = newInterpreter()
@@ -34,7 +33,6 @@ spry.addOO()
spry.addMemfile()
spry.addThread()
-spry.addPython()
spry.addDebug()
spry.addCompress()
spry.addReflect()

View file

@ -309,20 +309,13 @@ let
prisma = super.prisma.override rec {
nativeBuildInputs = [ pkgs.makeWrapper ];
version = "3.5.0";
inherit (pkgs.prisma-engines) version;
src = fetchurl {
url = "https://registry.npmjs.org/prisma/-/prisma-${version}.tgz";
sha512 = "sha512-WEYQ+H98O0yigG+lI0gfh4iyBChvnM6QTXPDtY9eFraLXAmyb6tf/T2mUdrUAU1AEvHLVzQA5A+RpONZlQozBg==";
sha512 = "sha512-6SqgHS/5Rq6HtHjsWsTxlj+ySamGyCLBUQfotc2lStOjPv52IQuDVpp58GieNqc9VnfuFyHUvTZw7aQB+G2fvQ==";
};
dependencies = [ rec {
name = "_at_prisma_slash_engines";
packageName = "@prisma/engines";
version = "3.5.0-38.78a5df6def6943431f4c022e1428dbc3e833cf8e";
src = fetchurl {
url = "https://registry.npmjs.org/@prisma/engines/-/engines-${version}.tgz";
sha512 = "sha512-MqZUrxuLlIbjB3wu8LrRJOKcvR4k3dunKoI4Q2bPfAwLQY0XlpsLZ3TRVW1c32ooVk939p6iGNkaCUo63Et36g==";
};
}];
postInstall = with pkgs; ''
wrapProgram "$out/bin/prisma" \
--set PRISMA_MIGRATION_ENGINE_BINARY ${prisma-engines}/bin/migration-engine \

View file

@ -3,14 +3,14 @@
buildPythonPackage rec {
pname = "bx-python";
version = "0.8.12";
version = "0.8.13";
disabled = pythonOlder "3.6";
src = fetchFromGitHub {
owner = "bxlab";
repo = "bx-python";
rev = "v${version}";
sha256 = "sha256-bOoD2dY6Zf4HRMqZcGSot1owu/5VEkF6wpuMTzVUlFU=";
sha256 = "0r3z02mvaswijalr42ikpa7crvliijy0aigsvp5m0frp05n4irf5";
};
nativeBuildInputs = [ cython ];

View file

@ -16,7 +16,7 @@
buildPythonPackage rec {
pname = "cyclonedx-python-lib";
version = "0.12.2";
version = "0.12.3";
format = "pyproject";
disabled = pythonOlder "3.6";
@ -25,7 +25,7 @@ buildPythonPackage rec {
owner = "CycloneDX";
repo = pname;
rev = "v${version}";
sha256 = "sha256-+NIC+dxajG5wffIFUC5MqRAiodh8ynO1fp1XTOxaR1g=";
sha256 = "1404wcwjglq025n8ncsrl2h64g1sly83cs9sc6jpiw1g5ay4a1vi";
};
nativeBuildInputs = [

View file

@ -19,7 +19,7 @@
, shamir-mnemonic
, typing-extensions
, trezor-udev-rules
, pytest
, pytestCheckHook
}:
buildPythonPackage rec {
@ -54,16 +54,7 @@ buildPythonPackage rec {
trezor-udev-rules
];
checkInputs = [
pytest
];
# disable test_tx_api.py as it requires being online
checkPhase = ''
runHook preCheck
pytest --pyargs tests --ignore tests/test_tx_api.py
runHook postCheck
'';
checkInputs = [ pytestCheckHook ];
postFixup = ''
mkdir completions

View file

@ -17,6 +17,9 @@
, xdg-user-dirs
, xrandr
, zsync
, OVMF
, quickemu
, testVersion
}:
let
runtimePaths = [
@ -40,15 +43,20 @@ in
stdenv.mkDerivation rec {
pname = "quickemu";
version = "2.2.7";
version = "3.11";
src = fetchFromGitHub {
owner = "wimpysworld";
repo = pname;
owner = "quickemu-project";
repo = "quickemu";
rev = version;
sha256 = "sha256-TNG1pCePsi12QQafhayhj+V5EXq+v7qmaW5v5X8ER6s=";
sha256 = "1xwf9vwbr57wmyxfcqzl1jnmfx3ffh7sfqf0zcdq41wqkm8s106n";
};
patches = [
./efi_vars_ensure_writable.patch
./input_overrides.patch
];
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
@ -56,16 +64,21 @@ stdenv.mkDerivation rec {
install -Dm755 -t "$out/bin" quickemu quickget macrecovery
for f in quickget macrecovery quickemu; do
wrapProgram $out/bin/$f --prefix PATH : "${lib.makeBinPath runtimePaths}"
done
for f in quickget macrecovery quickemu; do
wrapProgram $out/bin/$f \
--prefix PATH : "${lib.makeBinPath runtimePaths}" \
--set ENV_EFI_CODE "${OVMF.fd}/FV/OVMF_CODE.fd" \
--set ENV_EFI_VARS "${OVMF.fd}/FV/OVMF_VARS.fd"
done
runHook postInstall
'';
passthru.tests = testVersion { package = quickemu; };
meta = with lib; {
description = "Quickly create and run optimised Windows, macOS and Linux desktop virtual machines";
homepage = "https://github.com/wimpysworld/quickemu";
homepage = "https://github.com/quickemu-project/quickemu";
license = licenses.mit;
maintainers = with maintainers; [ fedx-sudo ];
};

View file

@ -0,0 +1,13 @@
diff --git a/quickemu b/quickemu
index a9a60a5..1a932ac 100755
--- a/quickemu
+++ b/quickemu
@@ -197,7 +197,7 @@ function efi_vars() {
if [ ! -e "${VARS_OUT}" ]; then
if [ -e "${VARS_IN}" ]; then
- cp "${VARS_IN}" "${VARS_OUT}"
+ cp "${VARS_IN}" "${VARS_OUT}" && chmod +w "${VARS_OUT}"
else
echo "ERROR! ${VARS_IN} was not found. Please install edk2."
exit 1

View file

@ -0,0 +1,28 @@
diff --git a/quickemu b/quickemu
index 1a932ac..ab2f752 100755
--- a/quickemu
+++ b/quickemu
@@ -383,7 +383,10 @@ function vm_boot() {
# https://bugzilla.redhat.com/show_bug.cgi?id=1929357#c5
case ${secureboot} in
on)
- if [ -e "/usr/share/OVMF/OVMF_CODE_4M.secboot.fd" ]; then
+ if [[ ${ENV_EFI_CODE_SECURE} && ${ENV_EFI_CODE_SECURE-x} ]] && [[ ${ENV_EFI_VARS_SECURE} && ${ENV_EFI_VARS_SECURE-x} ]]; then
+ EFI_CODE="${ENV_EFI_CODE_SECURE}"
+ efi_vars "${ENV_EFI_VARS_SECURE}" "${EFI_VARS}"
+ elif [ -e "/usr/share/OVMF/OVMF_CODE_4M.secboot.fd" ]; then
EFI_CODE="/usr/share/OVMF/OVMF_CODE_4M.secboot.fd"
efi_vars "/usr/share/OVMF/OVMF_VARS_4M.fd" "${EFI_VARS}"
elif [ -e "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd" ]; then
@@ -402,7 +405,10 @@ function vm_boot() {
fi
;;
*)
- if [ -e "/usr/share/OVMF/OVMF_CODE_4M.fd" ]; then
+ if [[ ${ENV_EFI_CODE} && ${ENV_EFI_CODE-x} ]] && [[ ${ENV_EFI_VARS} && ${ENV_EFI_VARS-x} ]]; then
+ EFI_CODE="${ENV_EFI_CODE}"
+ efi_vars "${ENV_EFI_VARS}" "${EFI_VARS}"
+ elif [ -e "/usr/share/OVMF/OVMF_CODE_4M.fd" ]; then
EFI_CODE="/usr/share/OVMF/OVMF_CODE_4M.fd"
efi_vars "/usr/share/OVMF/OVMF_VARS_4M.fd" "${EFI_VARS}"
elif [ -e "/usr/share/edk2/ovmf/OVMF_CODE.fd" ]; then

View file

@ -46,13 +46,13 @@ with py.pkgs;
buildPythonApplication rec {
pname = "checkov";
version = "2.0.664";
version = "2.0.668";
src = fetchFromGitHub {
owner = "bridgecrewio";
repo = pname;
rev = version;
sha256 = "sha256-t7u47gkUtn9EwBWtz97GkiM8tyGCFk4S5UTQ+OosI2o=";
sha256 = "sha256-kCqhNxqI+9F9nQvZDOYjC2Bb5a1x4a9b9aqvDe/siP0=";
};
nativeBuildInputs = with py.pkgs; [

View file

@ -14,6 +14,7 @@
, lttng-ust
, makeWrapper
, nodejs-12_x
, nodejs-16_x
, openssl
, stdenv
, zlib
@ -37,13 +38,13 @@ let
in
stdenv.mkDerivation rec {
pname = "github-runner";
version = "2.284.0";
version = "2.285.1";
src = fetchFromGitHub {
owner = "actions";
repo = "runner";
rev = "v${version}";
sha256 = "sha256-JR0OzbT5gGhO/dxb/eSjP/d/VxW/aLmTs/oPwN8b8Rc=";
hash = "sha256-SlKUuebsoZ9OgYuDTNOlY1KMg01LFSFazrLCctiFq3A=";
};
nativeBuildInputs = [
@ -142,6 +143,9 @@ stdenv.mkDerivation rec {
disabledTests = [
# Self-updating is patched out, hence this test will fail
"FullyQualifiedName!=GitHub.Runner.Common.Tests.Listener.RunnerL0.TestRunOnceHandleUpdateMessage"
] ++ lib.optionals (stdenv.hostPlatform.system == "aarch64-linux") [
# "JavaScript Actions in Alpine containers are only supported on x64 Linux runners. Detected Linux Arm64"
"FullyQualifiedName!=GitHub.Runner.Common.Tests.Worker.StepHostL0.DetermineNodeRuntimeVersionInAlpineContainerAsync"
] ++ map
# Online tests
(x: "FullyQualifiedName!=GitHub.Runner.Common.Tests.Worker.ActionManagerL0.PrepareActions_${x}")
@ -189,6 +193,7 @@ stdenv.mkDerivation rec {
mkdir -p _layout/externals
ln -s ${nodejs-12_x} _layout/externals/node12
ln -s ${nodejs-16_x} _layout/externals/node16
# BUILDCONFIG needs to be "Debug"
dotnet msbuild \
@ -230,11 +235,12 @@ stdenv.mkDerivation rec {
--replace './externals' "$out/externals" \
--replace './bin' "$out/lib"
# The upstream package includes Node 12 and expects it at the path
# externals/node12. As opposed to the official releases, we don't
# link the Alpine Node flavor.
# The upstream package includes Node {12,16} and expects it at the path
# externals/node{12,16}. As opposed to the official releases, we don't
# link the Alpine Node flavors.
mkdir -p $out/externals
ln -s ${nodejs-12_x} $out/externals/node12
ln -s ${nodejs-16_x} $out/externals/node16
runHook postInstall
'';

View file

@ -10,19 +10,19 @@
rustPlatform.buildRustPackage rec {
pname = "prisma-engines";
version = "3.5.0";
version = "3.6.0";
src = fetchFromGitHub {
owner = "prisma";
repo = "prisma-engines";
rev = version;
sha256 = "sha256-c4t7r9Os0nmQEBpNeZ+XdTPc/5X6Dyw0dd7J4pw5s88=";
sha256 = "sha256-opo4CM/ONZfVWhv/2r9Mfu8eNTgcG2hwvJmSrQ/OPDA=";
};
# Use system openssl.
OPENSSL_NO_VENDOR = 1;
cargoSha256 = "sha256-rjqFEY7GXXWzlw5E6Wg4KPz25BbvQPuLW5m8+3CbcRw=";
cargoSha256 = "sha256-Zrv5cI2uyGu4hOH8lKOrzA+U3ZLE+MEeD5fBxhI+eIk=";
nativeBuildInputs = [ pkg-config ];

View file

@ -2,7 +2,7 @@
let
baseName = "scalafmt";
version = "3.0.8";
version = "3.2.1";
deps = stdenv.mkDerivation {
name = "${baseName}-deps-${version}";
buildCommand = ''
@ -13,7 +13,7 @@ let
'';
outputHashMode = "recursive";
outputHashAlgo = "sha256";
outputHash = "VBU6Jg6Sq3RBy0ym5YbjLjvcfx/85f6wNMmkGVV0W88=";
outputHash = "v1IODq88Wpjm7IxSKmD9Nub3r4XNP+jNT0A6ApX3Cas=";
};
in
stdenv.mkDerivation {

View file

@ -10,17 +10,17 @@ let
};
self = common.overrideAttrs (common: rec {
version = "0.F-2";
version = "0.F-3";
src = fetchFromGitHub {
owner = "CleverRaven";
repo = "Cataclysm-DDA";
rev = version;
sha256 = "sha256-8AZOrO/Wxui+LqAZo8hURktMTycecIgOONUJmE3M+vM=";
sha256 = "sha256-2su1uQaWl9WG41207dRvOTdVKcQsEz/y0uTi9JX52uI=";
};
makeFlags = common.makeFlags ++ [
# Makefile declares version as 0.F, even under 0.F-2
# Makefile declares version as 0.F, with no minor release number
"VERSION=${version}"
];

View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "vkquake";
version = "1.11.0";
version = "1.12.1";
src = fetchFromGitHub {
owner = "Novum";
repo = "vkQuake";
rev = version;
sha256 = "sha256-FbHqpBiTJWeJPBHUBTOIuXRoLttmDIpip5wUvuVw8YI=";
sha256 = "sha256-D6JtYhR+bkYYm4yuipNrsonziDGiDWICEohy4Mgdr+0=";
};
sourceRoot = "source/Quake";

View file

@ -21,8 +21,7 @@ stdenv.mkDerivation rec {
--replace /etc "$out/etc"
substituteInPlace $WRAPPER \
--replace "\`cp " "\`cp -p " \
--replace "\`mv " "\`cp -p "
--replace "cp " "cp -p "
'';
buildPhase = ''
@ -33,11 +32,18 @@ stdenv.mkDerivation rec {
installPhase = ''
TARGETFOLDER=$out/opt/brother/Printers/mfcj470dw/cupswrapper/
mkdir -p $out/opt/brother/Printers/mfcj470dw/cupswrapper/
PPDFOLDER=$out/share/cups/model/
FILTERFOLDER=$out/lib/cups/filter/
mkdir -p $TARGETFOLDER
mkdir -p $PPDFOLDER
mkdir -p $FILTERFOLDER
cp brcupsconfpt1/brcupsconfpt1 $TARGETFOLDER
cp cupswrapper/cupswrappermfcj470dw $TARGETFOLDER/
cp PPD/brother_mfcj470dw_printer_en.ppd $TARGETFOLDER/
cp cupswrapper/cupswrappermfcj470dw $TARGETFOLDER
cp PPD/brother_mfcj470dw_printer_en.ppd $PPDFOLDER
ln -s ${mfcj470dwlpr}/lib/cups/filter/brother_lpdwrapper_mfcj470dw $FILTERFOLDER/
'';
cleanPhase = ''

View file

@ -25,14 +25,14 @@ stdenv.mkDerivation rec {
let
ae.prebuilt = fetchurl {
url = "https://download.01.org/intel-sgx/sgx-linux/${versionTag}/prebuilt_ae_${versionTag}.tar.gz";
hash = "sha256-nGKZEpT2Mx0DLgqjv9qbZqBt1pQaSHcnA0K6nHma3sk";
hash = "sha256-JriA9UGYFkAPuCtRizk8RMM1YOYGR/eO9ILnx47A40s=";
};
dcap = rec {
version = "1.11";
version = "1.12.1";
filename = "prebuilt_dcap_${version}.tar.gz";
prebuilt = fetchurl {
url = "https://download.01.org/intel-sgx/sgx-dcap/${version}/linux/${filename}";
hash = "sha256-ShGScS4yNLki04RNPxxLvqzGmy4U1L0gVETvfAo8w9M=";
hash = "sha256-V/XHva9Sq3P36xSW+Sd0G6Dnk4H0ANO1Ns/u+FI1eGI=";
};
};
in

View file

@ -1,7 +1,8 @@
{ lib
, stdenv
, fetchzip
, fetchFromGitHub
, fetchpatch
, fetchzip
, callPackage
, autoconf
, automake
@ -25,40 +26,33 @@
}:
stdenv.mkDerivation rec {
pname = "sgx-sdk";
version = "2.14.100.2";
versionTag = lib.concatStringsSep "." (lib.take 2 (lib.splitVersion version));
# Version as given in se_version.h
version = "2.15.101.1";
# Version as used in the Git tag
versionTag = "2.15.1";
src = fetchFromGitHub {
owner = "intel";
repo = "linux-sgx";
rev = "sgx_${versionTag}";
hash = "sha256-D/QZWBUe1gRbbjWnV10b7IPoM3utefAsOEKnQuasIrM=";
hash = "sha256-e11COTR5eDPMB81aPRKatvIkAOeX+OZgnvn2utiv78M=";
fetchSubmodules = true;
};
postUnpack =
let
optlibName = "optimized_libs_${versionTag}.tar.gz";
optimizedLibs = fetchzip {
url = "https://download.01.org/intel-sgx/sgx-linux/${versionTag}/${optlibName}";
hash = "sha256-FjNhNV9+KDMvBYdWXZbua6qYOc3Z1/jtcF4j52TSxQY=";
stripRoot = false;
};
sgxIPPCryptoHeader = "${optimizedLibs}/external/ippcp_internal/inc/sgx_ippcp.h";
in
''
# Make sure this is the right version of linux-sgx
grep -q '"${version}"' "$src/common/inc/internal/se_version.h" \
|| (echo "Could not find expected version ${version} in linux-sgx source" >&2 && exit 1)
postUnpack = ''
# Make sure this is the right version of linux-sgx
grep -q '"${version}"' "$src/common/inc/internal/se_version.h" \
|| (echo "Could not find expected version ${version} in linux-sgx source" >&2 && exit 1)
'';
# Make sure we use the correct version to build IPP Crypto
grep -q 'optlib_name=${optlibName}' "$src/download_prebuilt.sh" \
|| (echo "Could not find expected optimized libs ${optlibName} in linux-sgx source" >&2 && exit 1)
# Add missing sgx_ippcp.h: https://github.com/intel/linux-sgx/pull/752
ln -s ${sgxIPPCryptoHeader} "$sourceRoot/external/ippcp_internal/inc/sgx_ippcp.h"
'';
patches = [
# Commit to add missing sgx_ippcp.h not yet part of this release
(fetchpatch {
name = "add-missing-sgx_ippcp-header.patch";
url = "https://github.com/intel/linux-sgx/commit/51d1087b707a47e18588da7bae23e5f686d44be6.patch";
sha256 = "sha256-RZC14H1oEuGp0zn8CySDPy1KNqP/POqb+KMYoQt2A7M=";
})
];
postPatch = ''
# https://github.com/intel/linux-sgx/pull/730
@ -121,7 +115,7 @@ stdenv.mkDerivation rec {
pushd 'external/ippcp_internal'
install ${ipp-crypto-no_mitigation}/include/* inc/
cp -r ${ipp-crypto-no_mitigation}/include/. inc/
install -D -m a+rw ${ipp-crypto-no_mitigation}/lib/intel64/libippcp.a \
lib/linux/intel64/no_mitigation/libippcp.a
@ -131,7 +125,7 @@ stdenv.mkDerivation rec {
lib/linux/intel64/cve_2020_0551_cf/libippcp.a
rm inc/ippcp.h
patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i inc/ippcp20u3.patch -o inc/ippcp.h
patch ${ipp-crypto-no_mitigation}/include/ippcp.h -i inc/ippcp21u3.patch -o inc/ippcp.h
install -D ${ipp-crypto-no_mitigation.src}/LICENSE license/LICENSE
@ -227,8 +221,7 @@ stdenv.mkDerivation rec {
--replace '/opt/intel/sgxsdk' "$out"
for file in $out/share/SampleCode/*/Makefile; do
substituteInPlace $file \
--replace '/opt/intel/sgxsdk' "$out" \
--replace '$(SGX_SDK)/buildenv.mk' "$out/share/bin/buildenv.mk"
--replace '/opt/intel/sgxsdk' "$out"
done
header "Fixing BINUTILS_DIR in buildenv.mk"

View file

@ -2,23 +2,35 @@
, stdenv
, fetchFromGitHub
, cmake
, python3
, nasm
, openssl
, python3
, extraCmakeFlags ? [ ]
}:
stdenv.mkDerivation rec {
pname = "ipp-crypto";
version = "2020_update3";
version = "2021.3";
src = fetchFromGitHub {
owner = "intel";
repo = "ipp-crypto";
rev = "ipp-crypto_${version}";
sha256 = "02vlda6mlhbd12ljzdf65klpx4kmx1ylch9w3yllsiya4hwqzy4b";
rev = "ippcp_${version}";
hash = "sha256-QEJXvQ//zhQqibFxXwPMdS1MHewgyb24LRmkycVSGrM=";
};
# Fix typo: https://github.com/intel/ipp-crypto/pull/33
postPatch = ''
substituteInPlace sources/cmake/ippcp-gen-config.cmake \
--replace 'ippcpo-config.cmake' 'ippcp-config.cmake'
'';
cmakeFlags = [ "-DARCH=intel64" ] ++ extraCmakeFlags;
nativeBuildInputs = [ cmake python3 nasm ];
nativeBuildInputs = [
cmake
nasm
openssl
python3
];
}

View file

@ -12,7 +12,11 @@ let
buildInputs = [
sgx-sdk
];
enableParallelBuilding = true;
# The samples don't have proper support for parallel building
# causing them to fail randomly.
enableParallelBuilding = false;
buildFlags = [
"SGX_MODE=SIM"
];
@ -44,6 +48,7 @@ in
# Requires interaction
doInstallCheck = false;
});
protobufSGXDemo = buildSample "ProtobufSGXDemo";
remoteAttestation = (buildSample "RemoteAttestation").overrideAttrs (oldAttrs: {
dontFixup = true;
installCheckPhase = ''
@ -52,6 +57,7 @@ in
});
sampleEnclave = buildSample "SampleEnclave";
sampleEnclavePCL = buildSample "SampleEnclavePCL";
sampleEnclaveGMIPP = buildSample "SampleEnclaveGMIPP";
sealUnseal = buildSample "SealUnseal";
switchless = buildSample "Switchless";
}

View file

@ -0,0 +1,39 @@
{ lib
, stdenv
, fetchurl
, pkg-config
, mod_ca
, apr
, aprutil
, apacheHttpd
}:
stdenv.mkDerivation rec {
pname = "mod_itk";
version = "2.4.7-04";
src = fetchurl {
url = "http://mpm-itk.sesse.net/mpm-itk-${version}.tar.gz";
sha256 = "sha256:1kzgd1332pgpxf489kr0vdwsaik0y8wp3q282d4wa5jlk7l877v0";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [ mod_ca apr aprutil apacheHttpd ];
installPhase = ''
runHook preInstall
mkdir -p $out/modules
${apacheHttpd.dev}/bin/apxs -S LIBEXECDIR=$out/modules -i mpm_itk.la
runHook postInstall
'';
meta = with lib; {
description = "an MPM (Multi-Processing Module) for the Apache web server.";
maintainers = [ maintainers.zupo ];
homepage = "http://mpm-itk.sesse.net/";
license = licenses.asl20;
platforms = platforms.unix;
};
}

View file

@ -45,7 +45,6 @@ nimPackages.buildNimPackage rec {
homepage = "https://github.com/zedeus/nitter";
maintainers = with maintainers; [ erdnaxe ];
license = licenses.agpl3Only;
platforms = [ "x86_64-linux" ];
mainProgram = "nitter";
};
}

View file

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "tailscale";
version = "1.18.1";
version = "1.18.2";
src = fetchFromGitHub {
owner = "tailscale";
repo = "tailscale";
rev = "v${version}";
sha256 = "sha256-DmgCuv10TiB4UYISthJ1UghuPdvRKYl0cU9VxDvFjMc=";
sha256 = "sha256-8leFG2gYXw+orN/2NfjTvgRqSZSdso7OHIgECEJrO9k=";
};
nativeBuildInputs = lib.optionals stdenv.isLinux [ makeWrapper ];

View file

@ -21,7 +21,9 @@ mkDerivation rec {
};
patches = [
# Support for USE_LAUNCHER_ABSOLUTE_PATH.
# Use absolute install path for `Exec=` in the desktop file.
# This is required since KWin relies on absolute paths in `Exec=` to find a process'
# corresponding desktop file and check if it's allowed to take screenshot.
# Should be removed when the next release comes out.
(fetchpatch {
url = "https://github.com/flameshot-org/flameshot/commit/1031980ed1e62d24d7f719998b7951d48801e3fa.patch";
@ -44,9 +46,6 @@ mkDerivation rec {
nativeBuildInputs = [ cmake qttools qtsvg ];
buildInputs = [ qtbase ];
# Use relative path for the .desktop file.
cmakeFlags = [ "-DUSE_LAUNCHER_ABSOLUTE_PATH=OFF" ];
meta = with lib; {
description = "Powerful yet simple to use screenshot software";
homepage = "https://github.com/flameshot-org/flameshot";

View file

@ -35,6 +35,8 @@ stdenv.mkDerivation rec {
url = "https://github.com/deiv/driftnet/pull/33/commits/bef5f3509ab5710161e9e21ea960a997eada534f.patch";
sha256 = "1b7p9fkgp7dxv965l7q7y632s80h3nnrkaqnak2h0hakwv0i4pvm";
})
# https://github.com/deiv/driftnet/issues/37
./libwebsockets-4.3.0.patch
];
enableParallelBuilding = true;
@ -59,6 +61,6 @@ stdenv.mkDerivation rec {
homepage = "https://github.com/deiv/driftnet";
maintainers = with maintainers; [ offline ];
platforms = platforms.linux ++ platforms.darwin;
license = licenses.gpl2;
license = licenses.gpl2Plus;
};
}

View file

@ -1,61 +0,0 @@
diff --git a/src/compat/compat.h b/src/compat/compat.h
index 6add422..ea80406 100644
--- a/src/compat/compat.h
+++ b/src/compat/compat.h
@@ -17,7 +17,7 @@
#include <config.h>
#endif
-#ifdef __FreeBSD__
+#if defined(__FreeBSD__) || defined(__APPLE__)
#include <sys/types.h>
#endif
diff --git a/src/network/layer2.c b/src/network/layer2.c
index 763f0ac..2497b72 100644
--- a/src/network/layer2.c
+++ b/src/network/layer2.c
@@ -14,7 +14,7 @@
#include <string.h>
-#ifdef __FreeBSD__
+#if defined(__FreeBSD__) || defined(__APPLE__)
#include <netinet/in_systm.h>
#include <netinet/in.h>
#else
@@ -29,7 +29,7 @@
/*
* Freebsd and Cygwin doesn't define 'ethhdr'
*/
-#if defined(__FreeBSD__) || defined(__CYGWIN__)
+#if defined(__FreeBSD__) || defined(__CYGWIN__) || defined(__APPLE__)
#define ETH_ALEN 6 /* Octets in one ethernet addr */
#define ETH_P_IP 0x0800 /* Internet Protocol packet */
diff --git a/src/network/layer3.c b/src/network/layer3.c
index 7864126..aae2041 100644
--- a/src/network/layer3.c
+++ b/src/network/layer3.c
@@ -15,7 +15,7 @@
#include <string.h>
#include <assert.h>
-#ifdef __FreeBSD__
+#if defined(__FreeBSD__) || defined(__APPLE__)
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <sys/socket.h>
diff --git a/src/pid.c b/src/pid.c
index 621834e..94e7dcc 100644
--- a/src/pid.c
+++ b/src/pid.c
@@ -14,7 +14,7 @@
#include "compat/compat.h"
-#ifdef __FreeBSD__
+#if defined(__FreeBSD__) || defined(__APPLE__)
#include <sys/stat.h>
#endif
#include <fcntl.h>

View file

@ -0,0 +1,12 @@
diff --git a/src/http_display/httpd.c b/src/http_display/httpd.c
index f4709ef..7921d23 100644
--- a/src/http_display/httpd.c
+++ b/src/http_display/httpd.c
@@ -191,7 +191,6 @@ static void * http_server_dispatch(void *arg)
LWSMPRO_FILE, /* mount type is a directory in a filesystem */
1, /* strlen("/"), ie length of the mountpoint */
NULL,
- { NULL, NULL } // sentinel
};
memset(&info, 0, sizeof info);

View file

@ -1,6 +1,6 @@
{ lib
, stdenv
, fetchFromGitHub, fetchpatch
, fetchFromGitHub
, autoreconfHook
, pkg-config
, libtasn1, openssl, fuse, glib, libseccomp, json-glib
@ -8,32 +8,32 @@
, unixtools, expect, socat
, gnutls
, perl
# Tests
, python3, which
}:
stdenv.mkDerivation rec {
pname = "swtpm";
version = "0.6.1";
version = "0.7.0";
src = fetchFromGitHub {
owner = "stefanberger";
repo = "swtpm";
rev = "v${version}";
sha256 = "sha256-iy8xjKnPLq1ntZa9x+KtLDznzu6m+1db3NPeGQESUVo=";
sha256 = "sha256-5MKQmZxTW8WofmTkV9kGeGN5RxsgVVMFZEF3rPDUO6Q=";
};
patches = [
(fetchpatch {
url = "https://patch-diff.githubusercontent.com/raw/stefanberger/swtpm/pull/527.patch";
sha256 = "sha256-cpKHP15a27ifmmswSgHoNzGPO6TY/ZuJIfM5xLOlqlU=";
})
];
nativeBuildInputs = [
pkg-config unixtools.netstat expect socat
perl # for pod2man
autoreconfHook
];
checkInputs = [
python3 which
];
buildInputs = [
libtpms
openssl libtasn1 libseccomp
@ -47,17 +47,20 @@ stdenv.mkDerivation rec {
];
postPatch = ''
patchShebangs tests/*
# Makefile tries to create the directory /var/lib/swtpm-localca, which fails
substituteInPlace samples/Makefile.am \
--replace 'install-data-local:' 'do-not-execute:'
# Use the correct path to the certtool binary
# instead of relying on it being in the environment
substituteInPlace samples/swtpm_localca.c --replace \
substituteInPlace src/swtpm_localca/swtpm_localca.c --replace \
'# define CERTTOOL_NAME "certtool"' \
'# define CERTTOOL_NAME "${gnutls}/bin/certtool"'
'';
doCheck = true;
enableParallelBuilding = true;
outputs = [ "out" "man" ];

View file

@ -20716,6 +20716,8 @@ with pkgs;
mod_wsgi2 = callPackage ../servers/http/apache-modules/mod_wsgi { python = python2; ncurses = null; };
mod_wsgi3 = callPackage ../servers/http/apache-modules/mod_wsgi { python = python3; };
mod_itk = callPackage ../servers/http/apache-modules/mod_itk { };
php = pkgs.php.override { inherit apacheHttpd; };
subversion = pkgs.subversion.override { httpServer = true; inherit apacheHttpd; };
@ -29438,7 +29440,7 @@ with pkgs;
};
xastir = callPackage ../applications/misc/xastir {
rastermagick = imagemagick;
rastermagick = imagemagick6;
inherit (xorg) libXt;
};

View file

@ -48,8 +48,6 @@ lib.makeScope newScope (self:
pixie = callPackage ../development/nim-packages/pixie { };
python = callPackage ../development/nim-packages/python { };
redis = callPackage ../development/nim-packages/redis { };
redpool = callPackage ../development/nim-packages/redpool { };