diff --git a/doc/hooks/autoconf.section.md b/doc/hooks/autoconf.section.md
new file mode 100644
index 000000000000..13d75910f192
--- /dev/null
+++ b/doc/hooks/autoconf.section.md
@@ -0,0 +1,4 @@
+
+### Autoconf {#setup-hook-autoconf}
+
+The `autoreconfHook` derivation adds `autoreconfPhase`, which runs autoreconf, libtoolize and automake, essentially preparing the configure script in autotools-based builds. Most autotools-based packages come with the configure script pre-generated, but this hook is necessary for a few packages and when you need to patch the package’s configure scripts.
diff --git a/doc/hooks/automake.section.md b/doc/hooks/automake.section.md
new file mode 100644
index 000000000000..562ac18fcd93
--- /dev/null
+++ b/doc/hooks/automake.section.md
@@ -0,0 +1,4 @@
+
+### Automake {#setup-hook-automake}
+
+Adds the `share/aclocal` subdirectory of each build input to the `ACLOCAL_PATH` environment variable.
diff --git a/doc/hooks/autopatchelf.section.md b/doc/hooks/autopatchelf.section.md
new file mode 100644
index 000000000000..9c2852ccf279
--- /dev/null
+++ b/doc/hooks/autopatchelf.section.md
@@ -0,0 +1,12 @@
+
+### autoPatchelfHook {#setup-hook-autopatchelfhook}
+
+This is a special setup hook which helps in packaging proprietary software in that it automatically tries to find missing shared library dependencies of ELF files based on the given `buildInputs` and `nativeBuildInputs`.
+
+You can also specify a `runtimeDependencies` variable which lists dependencies to be unconditionally added to rpath of all executables. This is useful for programs that use dlopen 3 to load libraries at runtime.
+
+In certain situations you may want to run the main command (`autoPatchelf`) of the setup hook on a file or a set of directories instead of unconditionally patching all outputs. This can be done by setting the `dontAutoPatchelf` environment variable to a non-empty value.
+
+By default `autoPatchelf` will fail as soon as any ELF file requires a dependency which cannot be resolved via the given build inputs. In some situations you might prefer to just leave missing dependencies unpatched and continue to patch the rest. This can be achieved by setting the `autoPatchelfIgnoreMissingDeps` environment variable to a non-empty value. `autoPatchelfIgnoreMissingDeps` can be set to a list like `autoPatchelfIgnoreMissingDeps = [ "libcuda.so.1" "libcudart.so.1" ];` or to simply `[ "*" ]` to ignore all missing dependencies.
+
+The `autoPatchelf` command also recognizes a `--no-recurse` command line flag, which prevents it from recursing into subdirectories.
diff --git a/doc/hooks/breakpoint.section.md b/doc/hooks/breakpoint.section.md
new file mode 100644
index 000000000000..41e50653e91d
--- /dev/null
+++ b/doc/hooks/breakpoint.section.md
@@ -0,0 +1,18 @@
+
+### breakpointHook {#breakpointhook}
+
+This hook will make a build pause instead of stopping when a failure happens. It prevents nix from cleaning up the build environment immediately and allows the user to attach to a build environment using the `cntr` command. Upon build error it will print instructions on how to use `cntr`, which can be used to enter the environment for debugging. Installing cntr and running the command will provide shell access to the build sandbox of failed build. At `/var/lib/cntr` the sandboxed filesystem is mounted. All commands and files of the system are still accessible within the shell. To execute commands from the sandbox use the cntr exec subcommand. `cntr` is only supported on Linux-based platforms. To use it first add `cntr` to your `environment.systemPackages` on NixOS or alternatively to the root user on non-NixOS systems. Then in the package that is supposed to be inspected, add `breakpointHook` to `nativeBuildInputs`.
+
+```nix
+nativeBuildInputs = [ breakpointHook ];
+```
+
+When a build failure happens there will be an instruction printed that shows how to attach with `cntr` to the build sandbox.
+
+::: {.note}
+::: {.title}
+Caution with remote builds
+:::
+
+This won’t work with remote builds as the build environment is on a different machine and can’t be accessed by `cntr`. Remote builds can be turned off by setting `--option builders ''` for `nix-build` or `--builders ''` for `nix build`.
+:::
diff --git a/doc/hooks/cmake.section.md b/doc/hooks/cmake.section.md
new file mode 100644
index 000000000000..58fbfa45a2e0
--- /dev/null
+++ b/doc/hooks/cmake.section.md
@@ -0,0 +1,4 @@
+
+### cmake {#cmake}
+
+Overrides the default configure phase to run the CMake command. By default, we use the Make generator of CMake. In addition, dependencies are added automatically to `CMAKE_PREFIX_PATH` so that packages are correctly detected by CMake. Some additional flags are passed in to give similar behavior to configure-based packages. You can disable this hook’s behavior by setting `configurePhase` to a custom value, or by setting `dontUseCmakeConfigure`. `cmakeFlags` controls flags passed only to CMake. By default, parallel building is enabled as CMake supports parallel building almost everywhere. When Ninja is also in use, CMake will detect that and use the ninja generator.
diff --git a/doc/hooks/gdk-pixbuf.section.md b/doc/hooks/gdk-pixbuf.section.md
new file mode 100644
index 000000000000..565216560abc
--- /dev/null
+++ b/doc/hooks/gdk-pixbuf.section.md
@@ -0,0 +1,4 @@
+
+### gdk-pixbuf {#setup-hook-gdk-pixbuf}
+
+Exports `GDK_PIXBUF_MODULE_FILE` environment variable to the builder. Add librsvg package to `buildInputs` to get svg support. See also the [setup hook description in GNOME platform docs](#ssec-gnome-hooks-gdk-pixbuf).
diff --git a/doc/hooks/ghc.section.md b/doc/hooks/ghc.section.md
new file mode 100644
index 000000000000..a4b0841ea486
--- /dev/null
+++ b/doc/hooks/ghc.section.md
@@ -0,0 +1,4 @@
+
+### GHC {#ghc}
+
+Creates a temporary package database and registers every Haskell build input in it (TODO: how?).
diff --git a/doc/hooks/gnome.section.md b/doc/hooks/gnome.section.md
new file mode 100644
index 000000000000..8c209d9b472c
--- /dev/null
+++ b/doc/hooks/gnome.section.md
@@ -0,0 +1,4 @@
+
+### GNOME platform {#gnome-platform}
+
+Hooks related to GNOME platform and related libraries like GLib, GTK and GStreamer are described in [](#sec-language-gnome).
diff --git a/doc/hooks/index.xml b/doc/hooks/index.xml
index 6a046eae2885..ed703c03d8b0 100644
--- a/doc/hooks/index.xml
+++ b/doc/hooks/index.xml
@@ -6,5 +6,31 @@
Nixpkgs has several hook packages that augment the stdenv phases.
+
+ The stdenv built-in hooks are documented in .
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc/hooks/installShellFiles.section.md b/doc/hooks/installShellFiles.section.md
new file mode 100644
index 000000000000..d27527503fed
--- /dev/null
+++ b/doc/hooks/installShellFiles.section.md
@@ -0,0 +1,26 @@
+
+### `installShellFiles` {#installshellfiles}
+
+This hook helps with installing manpages and shell completion files. It exposes 2 shell functions `installManPage` and `installShellCompletion` that can be used from your `postInstall` hook.
+
+The `installManPage` function takes one or more paths to manpages to install. The manpages must have a section suffix, and may optionally be compressed (with `.gz` suffix). This function will place them into the correct directory.
+
+The `installShellCompletion` function takes one or more paths to shell completion files. By default it will autodetect the shell type from the completion file extension, but you may also specify it by passing one of `--bash`, `--fish`, or `--zsh`. These flags apply to all paths listed after them (up until another shell flag is given). Each path may also have a custom installation name provided by providing a flag `--name NAME` before the path. If this flag is not provided, zsh completions will be renamed automatically such that `foobar.zsh` becomes `_foobar`. A root name may be provided for all paths using the flag `--cmd NAME`; this synthesizes the appropriate name depending on the shell (e.g. `--cmd foo` will synthesize the name `foo.bash` for bash and `_foo` for zsh). The path may also be a fifo or named fd (such as produced by `<(cmd)`), in which case the shell and name must be provided.
+
+```nix
+nativeBuildInputs = [ installShellFiles ];
+postInstall = ''
+ installManPage doc/foobar.1 doc/barfoo.3
+ # explicit behavior
+ installShellCompletion --bash --name foobar.bash share/completions.bash
+ installShellCompletion --fish --name foobar.fish share/completions.fish
+ installShellCompletion --zsh --name _foobar share/completions.zsh
+ # implicit behavior
+ installShellCompletion share/completions/foobar.{bash,fish,zsh}
+ # using named fd
+ installShellCompletion --cmd foobar \
+ --bash <($out/bin/foobar --bash-completion) \
+ --fish <($out/bin/foobar --fish-completion) \
+ --zsh <($out/bin/foobar --zsh-completion)
+'';
+```
diff --git a/doc/hooks/libiconv.section.md b/doc/hooks/libiconv.section.md
new file mode 100644
index 000000000000..c228fe339e14
--- /dev/null
+++ b/doc/hooks/libiconv.section.md
@@ -0,0 +1,4 @@
+
+### libiconv, libintl {#libiconv-libintl}
+
+A few libraries automatically add to `NIX_LDFLAGS` their library, making their symbols automatically available to the linker. This includes libiconv and libintl (gettext). This is done to provide compatibility between GNU Linux, where libiconv and libintl are bundled in, and other systems where that might not be the case. Sometimes, this behavior is not desired. To disable this behavior, set `dontAddExtraLibs`.
diff --git a/doc/hooks/libxml2.section.md b/doc/hooks/libxml2.section.md
new file mode 100644
index 000000000000..770ef9ff3ffe
--- /dev/null
+++ b/doc/hooks/libxml2.section.md
@@ -0,0 +1,4 @@
+
+### libxml2 {#setup-hook-libxml2}
+
+Adds every file named `catalog.xml` found under the `xml/dtd` and `xml/xsl` subdirectories of each build input to the `XML_CATALOG_FILES` environment variable.
diff --git a/doc/hooks/meson.section.md b/doc/hooks/meson.section.md
new file mode 100644
index 000000000000..32804b5e32f2
--- /dev/null
+++ b/doc/hooks/meson.section.md
@@ -0,0 +1,26 @@
+
+### Meson {#meson}
+
+Overrides the configure phase to run meson to generate Ninja files. To run these files, you should accompany Meson with ninja. By default, `enableParallelBuilding` is enabled as Meson supports parallel building almost everywhere.
+
+#### Variables controlling Meson {#variables-controlling-meson}
+
+##### `mesonFlags` {#mesonflags}
+
+Controls the flags passed to meson.
+
+##### `mesonBuildType` {#mesonbuildtype}
+
+Which [`--buildtype`](https://mesonbuild.com/Builtin-options.html#core-options) to pass to Meson. We default to `plain`.
+
+##### `mesonAutoFeatures` {#mesonautofeatures}
+
+What value to set [`-Dauto_features=`](https://mesonbuild.com/Builtin-options.html#core-options) to. We default to `enabled`.
+
+##### `mesonWrapMode` {#mesonwrapmode}
+
+What value to set [`-Dwrap_mode=`](https://mesonbuild.com/Builtin-options.html#core-options) to. We default to `nodownload` as we disallow network access.
+
+##### `dontUseMesonConfigure` {#dontusemesonconfigure}
+
+Disables using Meson’s `configurePhase`.
diff --git a/doc/hooks/ninja.section.md b/doc/hooks/ninja.section.md
new file mode 100644
index 000000000000..5ea1ee87070a
--- /dev/null
+++ b/doc/hooks/ninja.section.md
@@ -0,0 +1,4 @@
+
+### ninja {#ninja}
+
+Overrides the build, install, and check phase to run ninja instead of make. You can disable this behavior with the `dontUseNinjaBuild`, `dontUseNinjaInstall`, and `dontUseNinjaCheck`, respectively. Parallel building is enabled by default in Ninja.
diff --git a/doc/hooks/perl.section.md b/doc/hooks/perl.section.md
new file mode 100644
index 000000000000..403227a9bf18
--- /dev/null
+++ b/doc/hooks/perl.section.md
@@ -0,0 +1,4 @@
+
+### Perl {#setup-hook-perl}
+
+Adds the `lib/site_perl` subdirectory of each build input to the `PERL5LIB` environment variable. For instance, if `buildInputs` contains Perl, then the `lib/site_perl` subdirectory of each input is added to the `PERL5LIB` environment variable.
diff --git a/doc/hooks/pkg-config.section.md b/doc/hooks/pkg-config.section.md
new file mode 100644
index 000000000000..969c81f6d18a
--- /dev/null
+++ b/doc/hooks/pkg-config.section.md
@@ -0,0 +1,4 @@
+
+### pkg-config {#setup-hook-pkg-config}
+
+Adds the `lib/pkgconfig` and `share/pkgconfig` subdirectories of each build input to the `PKG_CONFIG_PATH` environment variable.
diff --git a/doc/hooks/python.section.md b/doc/hooks/python.section.md
new file mode 100644
index 000000000000..a46a727e95b1
--- /dev/null
+++ b/doc/hooks/python.section.md
@@ -0,0 +1,4 @@
+
+### Python {#setup-hook-python}
+
+Adds the `lib/${python.libPrefix}/site-packages` subdirectory of each build input to the `PYTHONPATH` environment variable.
diff --git a/doc/hooks/qt-4.section.md b/doc/hooks/qt-4.section.md
new file mode 100644
index 000000000000..f15d858e2377
--- /dev/null
+++ b/doc/hooks/qt-4.section.md
@@ -0,0 +1,4 @@
+
+### Qt 4 {#qt-4}
+
+Sets the `QTDIR` environment variable to Qt’s path.
diff --git a/doc/hooks/scons.section.md b/doc/hooks/scons.section.md
new file mode 100644
index 000000000000..1392269e5d55
--- /dev/null
+++ b/doc/hooks/scons.section.md
@@ -0,0 +1,4 @@
+
+### scons {#scons}
+
+Overrides the build, install, and check phases. This uses the scons build system as a replacement for make. scons does not provide a configure phase, so everything is managed at build and install time.
diff --git a/doc/hooks/tetex-tex-live.section.md b/doc/hooks/tetex-tex-live.section.md
new file mode 100644
index 000000000000..0ecdcc12e45a
--- /dev/null
+++ b/doc/hooks/tetex-tex-live.section.md
@@ -0,0 +1,4 @@
+
+### teTeX / TeX Live {#tetex-tex-live}
+
+Adds the `share/texmf-nix` subdirectory of each build input to the `TEXINPUTS` environment variable.
diff --git a/doc/hooks/unzip.section.md b/doc/hooks/unzip.section.md
new file mode 100644
index 000000000000..91dc072de662
--- /dev/null
+++ b/doc/hooks/unzip.section.md
@@ -0,0 +1,4 @@
+
+### unzip {#unzip}
+
+This setup hook will allow you to unzip .zip files specified in `$src`. There are many similar packages like `unrar`, `undmg`, etc.
diff --git a/doc/hooks/validatePkgConfig.section.md b/doc/hooks/validatePkgConfig.section.md
new file mode 100644
index 000000000000..8719ae930fcb
--- /dev/null
+++ b/doc/hooks/validatePkgConfig.section.md
@@ -0,0 +1,4 @@
+
+### validatePkgConfig {#validatepkgconfig}
+
+The `validatePkgConfig` hook validates all pkg-config (`.pc`) files in a package. This helps catching some common errors in pkg-config files, such as undefined variables.
diff --git a/doc/hooks/waf.section.md b/doc/hooks/waf.section.md
new file mode 100644
index 000000000000..de65abde4502
--- /dev/null
+++ b/doc/hooks/waf.section.md
@@ -0,0 +1,4 @@
+
+### wafHook {#wafhook}
+
+Overrides the configure, build, and install phases. This will run the “waf” script used by many projects. If `wafPath` (default `./waf`) doesn’t exist, it will copy the version of waf available in Nixpkgs. `wafFlags` can be used to pass flags to the waf script.
diff --git a/doc/hooks/xcbuild.section.md b/doc/hooks/xcbuild.section.md
new file mode 100644
index 000000000000..1426431f6dce
--- /dev/null
+++ b/doc/hooks/xcbuild.section.md
@@ -0,0 +1,4 @@
+
+### xcbuildHook {#xcbuildhook}
+
+Overrides the build and install phases to run the "xcbuild" command. This hook is needed when a project only comes with build files for the XCode build system. You can disable this behavior by setting buildPhase and configurePhase to a custom value. xcbuildFlags controls flags passed only to xcbuild.
diff --git a/doc/stdenv/stdenv.chapter.md b/doc/stdenv/stdenv.chapter.md
index e87ab4727077..166587d3284c 100644
--- a/doc/stdenv/stdenv.chapter.md
+++ b/doc/stdenv/stdenv.chapter.md
@@ -1109,13 +1109,15 @@ This setup hook moves any libraries installed in the `lib64/` subdirectory into
This setup hook moves any systemd user units installed in the `lib/` subdirectory into `share/`. In addition, a link is provided from `share/` to `lib/` for compatibility. This is needed for systemd to find user services when installed into the user profile.
+This hook only runs when compiling for Linux.
+
### `set-source-date-epoch-to-latest.sh` {#set-source-date-epoch-to-latest.sh}
This sets `SOURCE_DATE_EPOCH` to the modification time of the most recent file.
-### Bintools Wrapper {#bintools-wrapper}
+### Bintools Wrapper and hook {#bintools-wrapper}
-The Bintools Wrapper wraps the binary utilities for a bunch of miscellaneous purposes. These are GNU Binutils when targetting Linux, and a mix of cctools and GNU binutils for Darwin. \[The “Bintools” name is supposed to be a compromise between “Binutils” and “cctools” not denoting any specific implementation.\] Specifically, the underlying bintools package, and a C standard library (glibc or Darwin’s libSystem, just for the dynamic loader) are all fed in, and dependency finding, hardening (see below), and purity checks for each are handled by the Bintools Wrapper. Packages typically depend on CC Wrapper, which in turn (at run time) depends on the Bintools Wrapper.
+The Bintools Wrapper wraps the binary utilities for a bunch of miscellaneous purposes. These are GNU Binutils when targeting Linux, and a mix of cctools and GNU binutils for Darwin. \[The “Bintools” name is supposed to be a compromise between “Binutils” and “cctools” not denoting any specific implementation.\] Specifically, the underlying bintools package, and a C standard library (glibc or Darwin’s libSystem, just for the dynamic loader) are all fed in, and dependency finding, hardening (see below), and purity checks for each are handled by the Bintools Wrapper. Packages typically depend on CC Wrapper, which in turn (at run time) depends on the Bintools Wrapper.
The Bintools Wrapper was only just recently split off from CC Wrapper, so the division of labor is still being worked out. For example, it shouldn’t care about the C standard library, but just take a derivation with the dynamic loader (which happens to be the glibc on linux). Dependency finding however is a task both wrappers will continue to need to share, and probably the most important to understand. It is currently accomplished by collecting directories of host-platform dependencies (i.e. `buildInputs` and `nativeBuildInputs`) in environment variables. The Bintools Wrapper’s setup hook causes any `lib` and `lib64` subdirectories to be added to `NIX_LDFLAGS`. Since the CC Wrapper and the Bintools Wrapper use the same strategy, most of the Bintools Wrapper code is sparsely commented and refers to the CC Wrapper. But the CC Wrapper’s code, by contrast, has quite lengthy comments. The Bintools Wrapper merely cites those, rather than repeating them, to avoid falling out of sync.
@@ -1123,173 +1125,20 @@ A final task of the setup hook is defining a number of standard environment vari
A problem with this final task is that the Bintools Wrapper is honest and defines `LD` as `ld`. Most packages, however, firstly use the C compiler for linking, secondly use `LD` anyways, defining it as the C compiler, and thirdly, only so define `LD` when it is undefined as a fallback. This triple-threat means Bintools Wrapper will break those packages, as LD is already defined as the actual linker which the package won’t override yet doesn’t want to use. The workaround is to define, just for the problematic package, `LD` as the C compiler. A good way to do this would be `preConfigure = "LD=$CC"`.
-### CC Wrapper {#cc-wrapper}
+### CC Wrapper and hook {#cc-wrapper}
The CC Wrapper wraps a C toolchain for a bunch of miscellaneous purposes. Specifically, a C compiler (GCC or Clang), wrapped binary tools, and a C standard library (glibc or Darwin’s libSystem, just for the dynamic loader) are all fed in, and dependency finding, hardening (see below), and purity checks for each are handled by the CC Wrapper. Packages typically depend on the CC Wrapper, which in turn (at run-time) depends on the Bintools Wrapper.
-Dependency finding is undoubtedly the main task of the CC Wrapper. This works just like the Bintools Wrapper, except that any `include` subdirectory of any relevant dependency is added to `NIX_CFLAGS_COMPILE`. The setup hook itself contains some lengthy comments describing the exact convoluted mechanism by which this is accomplished.
+Dependency finding is undoubtedly the main task of the CC Wrapper. This works just like the Bintools Wrapper, except that any `include` subdirectory of any relevant dependency is added to `NIX_CFLAGS_COMPILE`. The setup hook itself contains elaborate comments describing the exact mechanism by which this is accomplished.
Similarly, the CC Wrapper follows the Bintools Wrapper in defining standard environment variables with the names of the tools it wraps, for the same reasons described above. Importantly, while it includes a `cc` symlink to the c compiler for portability, the `CC` will be defined using the compiler’s “real name” (i.e. `gcc` or `clang`). This helps lousy build systems that inspect on the name of the compiler rather than run it.
Here are some more packages that provide a setup hook. Since the list of hooks is extensible, this is not an exhaustive list. The mechanism is only to be used as a last resort, so it might cover most uses.
-### Perl {#setup-hook-perl}
+### Other hooks
-Adds the `lib/site_perl` subdirectory of each build input to the `PERL5LIB` environment variable. For instance, if `buildInputs` contains Perl, then the `lib/site_perl` subdirectory of each input is added to the `PERL5LIB` environment variable.
-
-### Python {#setup-hook-python}
-
-Adds the `lib/${python.libPrefix}/site-packages` subdirectory of each build input to the `PYTHONPATH` environment variable.
-
-### pkg-config {#setup-hook-pkg-config}
-
-Adds the `lib/pkgconfig` and `share/pkgconfig` subdirectories of each build input to the `PKG_CONFIG_PATH` environment variable.
-
-### Automake {#setup-hook-automake}
-
-Adds the `share/aclocal` subdirectory of each build input to the `ACLOCAL_PATH` environment variable.
-
-### Autoconf {#setup-hook-autoconf}
-
-The `autoreconfHook` derivation adds `autoreconfPhase`, which runs autoreconf, libtoolize and automake, essentially preparing the configure script in autotools-based builds. Most autotools-based packages come with the configure script pre-generated, but this hook is necessary for a few packages and when you need to patch the package’s configure scripts.
-
-### libxml2 {#setup-hook-libxml2}
-
-Adds every file named `catalog.xml` found under the `xml/dtd` and `xml/xsl` subdirectories of each build input to the `XML_CATALOG_FILES` environment variable.
-
-### teTeX / TeX Live {#tetex-tex-live}
-
-Adds the `share/texmf-nix` subdirectory of each build input to the `TEXINPUTS` environment variable.
-
-### Qt 4 {#qt-4}
-
-Sets the `QTDIR` environment variable to Qt’s path.
-
-### gdk-pixbuf {#setup-hook-gdk-pixbuf}
-
-Exports `GDK_PIXBUF_MODULE_FILE` environment variable to the builder. Add librsvg package to `buildInputs` to get svg support. See also the [setup hook description in GNOME platform docs](#ssec-gnome-hooks-gdk-pixbuf).
-
-### GHC {#ghc}
-
-Creates a temporary package database and registers every Haskell build input in it (TODO: how?).
-
-### GNOME platform {#gnome-platform}
-
-Hooks related to GNOME platform and related libraries like GLib, GTK and GStreamer are described in [](#sec-language-gnome).
-
-### autoPatchelfHook {#setup-hook-autopatchelfhook}
-
-This is a special setup hook which helps in packaging proprietary software in that it automatically tries to find missing shared library dependencies of ELF files based on the given `buildInputs` and `nativeBuildInputs`.
-
-You can also specify a `runtimeDependencies` variable which lists dependencies to be unconditionally added to rpath of all executables. This is useful for programs that use dlopen 3 to load libraries at runtime.
-
-In certain situations you may want to run the main command (`autoPatchelf`) of the setup hook on a file or a set of directories instead of unconditionally patching all outputs. This can be done by setting the `dontAutoPatchelf` environment variable to a non-empty value.
-
-By default `autoPatchelf` will fail as soon as any ELF file requires a dependency which cannot be resolved via the given build inputs. In some situations you might prefer to just leave missing dependencies unpatched and continue to patch the rest. This can be achieved by setting the `autoPatchelfIgnoreMissingDeps` environment variable to a non-empty value. `autoPatchelfIgnoreMissingDeps` can be set to a list like `autoPatchelfIgnoreMissingDeps = [ "libcuda.so.1" "libcudart.so.1" ];` or to simply `[ "*" ]` to ignore all missing dependencies.
-
-The `autoPatchelf` command also recognizes a `--no-recurse` command line flag, which prevents it from recursing into subdirectories.
-
-### breakpointHook {#breakpointhook}
-
-This hook will make a build pause instead of stopping when a failure happens. It prevents nix from cleaning up the build environment immediately and allows the user to attach to a build environment using the `cntr` command. Upon build error it will print instructions on how to use `cntr`, which can be used to enter the environment for debugging. Installing cntr and running the command will provide shell access to the build sandbox of failed build. At `/var/lib/cntr` the sandboxed filesystem is mounted. All commands and files of the system are still accessible within the shell. To execute commands from the sandbox use the cntr exec subcommand. `cntr` is only supported on Linux-based platforms. To use it first add `cntr` to your `environment.systemPackages` on NixOS or alternatively to the root user on non-NixOS systems. Then in the package that is supposed to be inspected, add `breakpointHook` to `nativeBuildInputs`.
-
-```nix
-nativeBuildInputs = [ breakpointHook ];
-```
-
-When a build failure happens there will be an instruction printed that shows how to attach with `cntr` to the build sandbox.
-
-::: {.note}
-::: {.title}
-Caution with remote builds
-:::
-
-This won’t work with remote builds as the build environment is on a different machine and can’t be accessed by `cntr`. Remote builds can be turned off by setting `--option builders ''` for `nix-build` or `--builders ''` for `nix build`.
-:::
-
-### installShellFiles {#installshellfiles}
-
-This hook helps with installing manpages and shell completion files. It exposes 2 shell functions `installManPage` and `installShellCompletion` that can be used from your `postInstall` hook.
-
-The `installManPage` function takes one or more paths to manpages to install. The manpages must have a section suffix, and may optionally be compressed (with `.gz` suffix). This function will place them into the correct directory.
-
-The `installShellCompletion` function takes one or more paths to shell completion files. By default it will autodetect the shell type from the completion file extension, but you may also specify it by passing one of `--bash`, `--fish`, or `--zsh`. These flags apply to all paths listed after them (up until another shell flag is given). Each path may also have a custom installation name provided by providing a flag `--name NAME` before the path. If this flag is not provided, zsh completions will be renamed automatically such that `foobar.zsh` becomes `_foobar`. A root name may be provided for all paths using the flag `--cmd NAME`; this synthesizes the appropriate name depending on the shell (e.g. `--cmd foo` will synthesize the name `foo.bash` for bash and `_foo` for zsh). The path may also be a fifo or named fd (such as produced by `<(cmd)`), in which case the shell and name must be provided.
-
-```nix
-nativeBuildInputs = [ installShellFiles ];
-postInstall = ''
- installManPage doc/foobar.1 doc/barfoo.3
- # explicit behavior
- installShellCompletion --bash --name foobar.bash share/completions.bash
- installShellCompletion --fish --name foobar.fish share/completions.fish
- installShellCompletion --zsh --name _foobar share/completions.zsh
- # implicit behavior
- installShellCompletion share/completions/foobar.{bash,fish,zsh}
- # using named fd
- installShellCompletion --cmd foobar \
- --bash <($out/bin/foobar --bash-completion) \
- --fish <($out/bin/foobar --fish-completion) \
- --zsh <($out/bin/foobar --zsh-completion)
-'';
-```
-
-### libiconv, libintl {#libiconv-libintl}
-
-A few libraries automatically add to `NIX_LDFLAGS` their library, making their symbols automatically available to the linker. This includes libiconv and libintl (gettext). This is done to provide compatibility between GNU Linux, where libiconv and libintl are bundled in, and other systems where that might not be the case. Sometimes, this behavior is not desired. To disable this behavior, set `dontAddExtraLibs`.
-
-### validatePkgConfig {#validatepkgconfig}
-
-The `validatePkgConfig` hook validates all pkg-config (`.pc`) files in a package. This helps catching some common errors in pkg-config files, such as undefined variables.
-
-### cmake {#cmake}
-
-Overrides the default configure phase to run the CMake command. By default, we use the Make generator of CMake. In addition, dependencies are added automatically to `CMAKE_PREFIX_PATH` so that packages are correctly detected by CMake. Some additional flags are passed in to give similar behavior to configure-based packages. You can disable this hook’s behavior by setting `configurePhase` to a custom value, or by setting `dontUseCmakeConfigure`. `cmakeFlags` controls flags passed only to CMake. By default, parallel building is enabled as CMake supports parallel building almost everywhere. When Ninja is also in use, CMake will detect that and use the ninja generator.
-
-### xcbuildHook {#xcbuildhook}
-
-Overrides the build and install phases to run the "xcbuild" command. This hook is needed when a project only comes with build files for the XCode build system. You can disable this behavior by setting buildPhase and configurePhase to a custom value. xcbuildFlags controls flags passed only to xcbuild.
-
-### Meson {#meson}
-
-Overrides the configure phase to run meson to generate Ninja files. To run these files, you should accompany Meson with ninja. By default, `enableParallelBuilding` is enabled as Meson supports parallel building almost everywhere.
-
-#### Variables controlling Meson {#variables-controlling-meson}
-
-##### `mesonFlags` {#mesonflags}
-
-Controls the flags passed to meson.
-
-##### `mesonBuildType` {#mesonbuildtype}
-
-Which [`--buildtype`](https://mesonbuild.com/Builtin-options.html#core-options) to pass to Meson. We default to `plain`.
-
-##### `mesonAutoFeatures` {#mesonautofeatures}
-
-What value to set [`-Dauto_features=`](https://mesonbuild.com/Builtin-options.html#core-options) to. We default to `enabled`.
-
-##### `mesonWrapMode` {#mesonwrapmode}
-
-What value to set [`-Dwrap_mode=`](https://mesonbuild.com/Builtin-options.html#core-options) to. We default to `nodownload` as we disallow network access.
-
-##### `dontUseMesonConfigure` {#dontusemesonconfigure}
-
-Disables using Meson’s `configurePhase`.
-
-### ninja {#ninja}
-
-Overrides the build, install, and check phase to run ninja instead of make. You can disable this behavior with the `dontUseNinjaBuild`, `dontUseNinjaInstall`, and `dontUseNinjaCheck`, respectively. Parallel building is enabled by default in Ninja.
-
-### unzip {#unzip}
-
-This setup hook will allow you to unzip .zip files specified in `$src`. There are many similar packages like `unrar`, `undmg`, etc.
-
-### wafHook {#wafhook}
-
-Overrides the configure, build, and install phases. This will run the “waf” script used by many projects. If `wafPath` (default `./waf`) doesn’t exist, it will copy the version of waf available in Nixpkgs. `wafFlags` can be used to pass flags to the waf script.
-
-### scons {#scons}
-
-Overrides the build, install, and check phases. This uses the scons build system as a replacement for make. scons does not provide a configure phase, so everything is managed at build and install time.
+Many other packages provide hooks, that are not part of `stdenv`. You can find
+these in the [Hooks Reference](#chap-hooks).
## Purity in Nixpkgs {#sec-purity-in-nixpkgs}
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index 6019bf4d7117..3e5cefc356cd 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -6397,6 +6397,15 @@
githubId = 1204734;
name = "Emil Karlson";
};
+ jlamur = {
+ email = "contact@juleslamur.fr";
+ github = "jlamur";
+ githubId = 7054317;
+ name = "Jules Lamur";
+ keys = [{
+ fingerprint = "B768 6CD7 451A 650D 9C54 4204 6710 CF0C 1CBD 7762";
+ }];
+ };
jlesquembre = {
email = "jl@lafuente.me";
github = "jlesquembre";
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
index aa421f8837b9..479bdff7bfa8 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
@@ -629,6 +629,47 @@
instead.
+
+
+ systemd-networkd v250 deprecated, renamed,
+ and moved some sections and settings which leads to the
+ following breaking module changes:
+
+
+
+
+ systemd.network.networks.<name>.dhcpV6PrefixDelegationConfig
+ is renamed to
+ systemd.network.networks.<name>.dhcpPrefixDelegationConfig.
+
+
+
+
+ systemd.network.networks.<name>.dhcpV6Config
+ no longer accepts the
+ ForceDHCPv6PDOtherInformation= setting.
+ Please use the WithoutRA= and
+ UseDelegatedPrefix= settings in your
+ systemd.network.networks.<name>.dhcpV6Config
+ and the DHCPv6Client= setting in your
+ systemd.network.networks.<name>.ipv6AcceptRAConfig
+ to control when the DHCPv6 client is started and how the
+ delegated prefixes are handled by the DHCPv6 client.
+
+
+
+
+ systemd.network.networks.<name>.networkConfig
+ no longer accepts the IPv6Token=
+ setting. Use the Token= setting in your
+ systemd.network.networks.<name>.ipv6AcceptRAConfig
+ instead. The
+ systemd.network.networks.<name>.ipv6Prefixes.*.ipv6PrefixConfig
+ now also accepts the Token= setting.
+
+
+
+
The meta.mainProgram attribute of packages
diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md
index 2172aebafe23..6bf1a7cb93c6 100644
--- a/nixos/doc/manual/release-notes/rl-2211.section.md
+++ b/nixos/doc/manual/release-notes/rl-2211.section.md
@@ -207,6 +207,12 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
- The `aws` package has been removed due to being abandoned by the upstream. It is recommended to use `awscli` or `awscli2` instead.
+- `systemd-networkd` v250 deprecated, renamed, and moved some sections and settings which leads to the following breaking module changes:
+
+ * `systemd.network.networks..dhcpV6PrefixDelegationConfig` is renamed to `systemd.network.networks..dhcpPrefixDelegationConfig`.
+ * `systemd.network.networks..dhcpV6Config` no longer accepts the `ForceDHCPv6PDOtherInformation=` setting. Please use the `WithoutRA=` and `UseDelegatedPrefix=` settings in your `systemd.network.networks..dhcpV6Config` and the `DHCPv6Client=` setting in your `systemd.network.networks..ipv6AcceptRAConfig` to control when the DHCPv6 client is started and how the delegated prefixes are handled by the DHCPv6 client.
+ * `systemd.network.networks..networkConfig` no longer accepts the `IPv6Token=` setting. Use the `Token=` setting in your `systemd.network.networks..ipv6AcceptRAConfig` instead. The `systemd.network.networks..ipv6Prefixes.*.ipv6PrefixConfig` now also accepts the `Token=` setting.
+
- The `meta.mainProgram` attribute of packages in `wineWowPackages` now defaults to `"wine64"`.
- The `paperless` module now defaults `PAPERLESS_TIME_ZONE` to your configured system timezone.
diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix
index cb60117f0eb8..a9b81dd116bb 100644
--- a/nixos/modules/system/boot/networkd.nix
+++ b/nixos/modules/system/boot/networkd.nix
@@ -501,7 +501,6 @@ let
"LinkLocalAddressing"
"IPv4LLRoute"
"DefaultRouteOnDevice"
- "IPv6Token"
"LLMNR"
"MulticastDNS"
"DNSOverTLS"
@@ -526,7 +525,7 @@ let
"IPv6ProxyNDP"
"IPv6ProxyNDPAddress"
"IPv6SendRA"
- "DHCPv6PrefixDelegation"
+ "DHCPPrefixDelegation"
"IPv6MTUBytes"
"Bridge"
"Bond"
@@ -569,12 +568,11 @@ let
(assertValueOneOf "IPv4ProxyARP" boolValues)
(assertValueOneOf "IPv6ProxyNDP" boolValues)
(assertValueOneOf "IPv6SendRA" boolValues)
- (assertValueOneOf "DHCPv6PrefixDelegation" boolValues)
+ (assertValueOneOf "DHCPPrefixDelegation" boolValues)
(assertByteFormat "IPv6MTUBytes")
(assertValueOneOf "ActiveSlave" boolValues)
(assertValueOneOf "PrimarySlave" boolValues)
(assertValueOneOf "ConfigureWithoutCarrier" boolValues)
- (assertValueOneOf "IgnoreCarrierLoss" boolValues)
(assertValueOneOf "KeepConfiguration" (boolValues ++ ["static" "dhcp-on-stop" "dhcp"]))
];
@@ -619,6 +617,7 @@ let
"User"
"SuppressPrefixLength"
"Type"
+ "SuppressInterfaceGroup"
])
(assertInt "TypeOfService")
(assertRange "TypeOfService" 0 255)
@@ -632,6 +631,7 @@ let
(assertInt "SuppressPrefixLength")
(assertRange "SuppressPrefixLength" 0 128)
(assertValueOneOf "Type" ["blackhole" "unreachable" "prohibit"])
+ (assertRange "SuppressInterfaceGroup" 0 2147483647)
];
sectionRoute = checkUnitConfig "Route" [
@@ -711,6 +711,9 @@ let
"BlackList"
"RequestOptions"
"SendOption"
+ "FallbackLeaseLifetimeSec"
+ "Label"
+ "Use6RD"
])
(assertValueOneOf "UseDNS" boolValues)
(assertValueOneOf "RoutesToDNS" boolValues)
@@ -733,6 +736,8 @@ let
(assertPort "ListenPort")
(assertValueOneOf "SendRelease" boolValues)
(assertValueOneOf "SendDecline" boolValues)
+ (assertValueOneOf "FallbackLeaseLifetimeSec" ["forever" "infinity"])
+ (assertValueOneOf "Use6RD" boolValues)
];
sectionDHCPv6 = checkUnitConfig "DHCPv6" [
@@ -745,7 +750,6 @@ let
"MUDURL"
"RequestOptions"
"SendVendorOption"
- "ForceDHCPv6PDOtherInformation"
"PrefixDelegationHint"
"WithoutRA"
"SendOption"
@@ -754,27 +758,33 @@ let
"DUIDType"
"DUIDRawData"
"IAID"
+ "UseDelegatedPrefix"
])
(assertValueOneOf "UseAddress" boolValues)
(assertValueOneOf "UseDNS" boolValues)
(assertValueOneOf "UseNTP" boolValues)
(assertInt "RouteMetric")
(assertValueOneOf "RapidCommit" boolValues)
- (assertValueOneOf "ForceDHCPv6PDOtherInformation" boolValues)
- (assertValueOneOf "WithoutRA" ["solicit" "information-request"])
+ (assertValueOneOf "WithoutRA" ["no" "solicit" "information-request"])
(assertRange "SendOption" 1 65536)
(assertInt "IAID")
+ (assertValueOneOf "UseDelegatedPrefix" boolValues)
];
- sectionDHCPv6PrefixDelegation = checkUnitConfig "DHCPv6PrefixDelegation" [
+ sectionDHCPPrefixDelegation = checkUnitConfig "DHCPPrefixDelegation" [
(assertOnlyFields [
+ "UplinkInterface"
"SubnetId"
"Announce"
"Assign"
"Token"
+ "ManageTemporaryAddress"
+ "RouteMetric"
])
(assertValueOneOf "Announce" boolValues)
(assertValueOneOf "Assign" boolValues)
+ (assertValueOneOf "ManageTemporaryAddress" boolValues)
+ (assertRange "RouteMetric" 0 4294967295)
];
sectionIPv6AcceptRA = checkUnitConfig "IPv6AcceptRA" [
@@ -792,6 +802,10 @@ let
"RouteAllowList"
"DHCPv6Client"
"RouteMetric"
+ "UseMTU"
+ "UseGateway"
+ "UseRoutePrefix"
+ "Token"
])
(assertValueOneOf "UseDNS" boolValues)
(assertValueOneOf "UseDomains" (boolValues ++ ["route"]))
@@ -799,6 +813,9 @@ let
(assertValueOneOf "UseAutonomousPrefix" boolValues)
(assertValueOneOf "UseOnLinkPrefix" boolValues)
(assertValueOneOf "DHCPv6Client" (boolValues ++ ["always"]))
+ (assertValueOneOf "UseMTU" boolValues)
+ (assertValueOneOf "UseGateway" boolValues)
+ (assertValueOneOf "UseRoutePrefix" boolValues)
];
sectionDHCPServer = checkUnitConfig "DHCPServer" [
@@ -874,6 +891,7 @@ let
"Prefix"
"PreferredLifetimeSec"
"ValidLifetimeSec"
+ "Token"
])
(assertValueOneOf "AddressAutoconfiguration" boolValues)
(assertValueOneOf "OnLink" boolValues)
@@ -1338,12 +1356,17 @@ let
};
dhcpV6PrefixDelegationConfig = mkOption {
+ visible = false;
+ apply = _: throw "The option `systemd.network.networks..dhcpV6PrefixDelegationConfig` has been renamed to `systemd.network.networks..dhcpPrefixDelegationConfig`.";
+ };
+
+ dhcpPrefixDelegationConfig = mkOption {
default = {};
example = { SubnetId = "auto"; Announce = true; };
- type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv6PrefixDelegation;
+ type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPPrefixDelegation;
description = lib.mdDoc ''
Each attribute in this set specifies an option in the
- `[DHCPv6PrefixDelegation]` section of the unit. See
+ `[DHCPPrefixDelegation]` section of the unit. See
{manpage}`systemd.network(5)` for details.
'';
};
@@ -1789,9 +1812,9 @@ let
[DHCPv6]
${attrsToSection def.dhcpV6Config}
''
- + optionalString (def.dhcpV6PrefixDelegationConfig != { }) ''
- [DHCPv6PrefixDelegation]
- ${attrsToSection def.dhcpV6PrefixDelegationConfig}
+ + optionalString (def.dhcpPrefixDelegationConfig != { }) ''
+ [DHCPPrefixDelegation]
+ ${attrsToSection def.dhcpPrefixDelegationConfig}
''
+ optionalString (def.ipv6AcceptRAConfig != { }) ''
[IPv6AcceptRA]
diff --git a/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix b/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix
index bf5049251c72..279b9aac8edb 100644
--- a/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix
+++ b/nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix
@@ -227,7 +227,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
IPv6AcceptRA = false;
# Delegate prefixes from the DHCPv6 PD pool.
- DHCPv6PrefixDelegation = true;
+ DHCPPrefixDelegation = true;
IPv6SendRA = true;
};
diff --git a/pkgs/applications/editors/vscode/vscode.nix b/pkgs/applications/editors/vscode/vscode.nix
index 1ae65c1cbf4b..4c154ebf9cbe 100644
--- a/pkgs/applications/editors/vscode/vscode.nix
+++ b/pkgs/applications/editors/vscode/vscode.nix
@@ -18,17 +18,17 @@ let
archive_fmt = if stdenv.isDarwin then "zip" else "tar.gz";
sha256 = {
- x86_64-linux = "0ar8gpklaa0aa3k1934jyg2vh65hzncx0awl1f0wz8n4fjasfrpc";
- x86_64-darwin = "0jkpzyg2pk2d88w2ffrp2lr0qadss7ccycx4vpmjmw62d3sap8n1";
- aarch64-linux = "1g7lzqghagz63pljg4wy34z706j70vjmk49cl8v27jbnsgnva56a";
- aarch64-darwin = "132ml95xlyv5c343bfv0gpgr8rmk85xspsy9baninlmhnmy7mivv";
- armv7l-linux = "04anb6r7hkk3y3vahx32nxj5dz2i66rrnl0561xkcjr4cqvxykiw";
+ x86_64-linux = "0hj6rpg65ivnnvzfjm16vjpjzzqbabpw5ldrr78x7ddrr06h02z6";
+ x86_64-darwin = "01gskihfp5s0j4dw8nxmfsp0sav1zqlmylmvwhi1y2qqq4y9c3w9";
+ aarch64-linux = "07n1svlkd2ji4b6yvhci6qvx429xipp8y418cqq3173gw8v59lws";
+ aarch64-darwin = "0gr94l7lk54fhhhqbiv23hd7d25xilqlwla2dbs5c171nj9pz325";
+ armv7l-linux = "0nxnjrzwfvma9zl4x11r45qwqq8mk91cxg47mg33qgr22lvbgz63";
}.${system} or throwSystem;
in
callPackage ./generic.nix rec {
# Please backport all compatible updates to the stable release.
# This is important for the extension ecosystem.
- version = "1.71.2";
+ version = "1.72.1";
pname = "vscode";
executableName = "code" + lib.optionalString isInsiders "-insiders";
diff --git a/pkgs/applications/networking/browsers/misc/widevine-cdm.nix b/pkgs/applications/networking/browsers/misc/widevine-cdm.nix
new file mode 100644
index 000000000000..41021cfdaa7c
--- /dev/null
+++ b/pkgs/applications/networking/browsers/misc/widevine-cdm.nix
@@ -0,0 +1,26 @@
+{ lib, stdenv, fetchzip
+}:
+
+stdenv.mkDerivation rec {
+ pname = "widevine-cdm";
+ version = "4.10.2449.0";
+
+ src = fetchzip {
+ url = "https://dl.google.com/widevine-cdm/${version}-linux-x64.zip";
+ sha256 = "sha256-f2kAkP+s3fB+krEZsiujEoI4oznkzSyaIB/CRJZWlXE=";
+ stripRoot = false;
+ };
+
+ installPhase = ''
+ install -vD libwidevinecdm.so $out/libwidevinecdm.so
+ '';
+
+ meta = with lib; {
+ description = "Widevine CDM";
+ homepage = "https://www.widevine.com";
+ sourceProvenance = with sourceTypes; [ binaryNativeCode ];
+ license = licenses.unfree;
+ maintainers = with maintainers; [ jlamur ];
+ platforms = [ "x86_64-linux" ];
+ };
+}
diff --git a/pkgs/applications/networking/browsers/qutebrowser/default.nix b/pkgs/applications/networking/browsers/qutebrowser/default.nix
index 27dd55fc787f..4f10e76d0e4f 100644
--- a/pkgs/applications/networking/browsers/qutebrowser/default.nix
+++ b/pkgs/applications/networking/browsers/qutebrowser/default.nix
@@ -12,6 +12,8 @@
, qtbase ? null
, qtwebengine ? null
, wrapGAppsHook ? null
+, enableWideVine ? false
+, widevine-cdm
}: let
isQt6 = mkDerivationWith == null;
@@ -149,6 +151,7 @@ buildPythonApplication {
--add-flags '--backend ${backend}'
--set QUTE_QTWEBENGINE_VERSION_OVERRIDE "${lib.getVersion qtwebengine}"
${lib.optionalString (pipewireSupport && backend == "webengine") ''--prefix LD_LIBRARY_PATH : ${libPath}''}
+ ${lib.optionalString enableWideVine ''--add-flags "--qt-flag widevine-path=${widevine-cdm}/libwidevinecdm.so"''}
)
'';
@@ -157,6 +160,6 @@ buildPythonApplication {
description = "Keyboard-focused browser with a minimal GUI";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ jagajaga rnhmjoj ebzzry dotlambda ];
- inherit (backendPackage.meta) platforms;
+ platforms = if enableWideVine then [ "x86_64-linux" ] else backendPackage.meta.platforms;
};
}
diff --git a/pkgs/applications/networking/instant-messengers/element/pin.json b/pkgs/applications/networking/instant-messengers/element/pin.json
index ce17529cd398..f5f38124ceb6 100644
--- a/pkgs/applications/networking/instant-messengers/element/pin.json
+++ b/pkgs/applications/networking/instant-messengers/element/pin.json
@@ -1,7 +1,7 @@
{
- "version": "1.11.8",
- "desktopSrcHash": "l6IwztPEPSo3WgdUBPO4ZNgfoLts8NaqvoHekAhfVGg=",
- "desktopYarnHash": "105xj2xwc9g8cfiby0x93gy8w8w5c76mzzxck5mgvawcc6qpvmrc",
- "webSrcHash": "Etxlq2TEaZM9Qz4ig5H00DsshJoFH6+wtt+RL1dR2n4=",
- "webYarnHash": "1q05r2shv1c3kghwksjzrh9rl25ins6r2y46ng7smdml4f9vdcc0"
+ "version": "1.11.10",
+ "desktopSrcHash": "cywTZ5OgKaFkHh3i3KLfb8HH8ZlIAOY3Xn2WHyY0fNM=",
+ "desktopYarnHash": "1xwnw9hbbrr72xs2d43qwhbmhfk3w4z80cipyrmdj5y248y8sz84",
+ "webSrcHash": "r7WZUWgPDEBS9xpc1YmmPVGch7B2ouJOFAoKdcC/55Q=",
+ "webYarnHash": "0s8wxf13jc9x4zykhm4abgq3a38mjya7z43kjsags1fxhilf09bc"
}
diff --git a/pkgs/applications/networking/remote/freerdp/default.nix b/pkgs/applications/networking/remote/freerdp/default.nix
index c769b7de6c86..89e952945c87 100644
--- a/pkgs/applications/networking/remote/freerdp/default.nix
+++ b/pkgs/applications/networking/remote/freerdp/default.nix
@@ -52,13 +52,13 @@ let
in
stdenv.mkDerivation rec {
pname = "freerdp";
- version = "2.8.0";
+ version = "2.8.1";
src = fetchFromGitHub {
owner = "FreeRDP";
repo = "FreeRDP";
rev = version;
- sha256 = "sha256-bVq/99jMkxTjckMjWoK4pBa0jD/AYezgKUPJziNSqI0=";
+ sha256 = "sha256-0heCwXFms6Ni/F1TaS5QEK+ePlR9DXUrzVj3vA5DvCk=";
};
postPatch = ''
diff --git a/pkgs/applications/virtualization/qemu/9pfs-use-GHashTable-for-fid-table.patch b/pkgs/applications/virtualization/qemu/9pfs-use-GHashTable-for-fid-table.patch
new file mode 100644
index 000000000000..2e6f1699637b
--- /dev/null
+++ b/pkgs/applications/virtualization/qemu/9pfs-use-GHashTable-for-fid-table.patch
@@ -0,0 +1,371 @@
+From 8ab70b8958a8f9cb9bd316eecd3ccbcf05c06614 Mon Sep 17 00:00:00 2001
+From: Linus Heckemann
+Date: Tue, 4 Oct 2022 12:41:21 +0200
+Subject: [PATCH] 9pfs: use GHashTable for fid table
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The previous implementation would iterate over the fid table for
+lookup operations, resulting in an operation with O(n) complexity on
+the number of open files and poor cache locality -- for every open,
+stat, read, write, etc operation.
+
+This change uses a hashtable for this instead, significantly improving
+the performance of the 9p filesystem. The runtime of NixOS's simple
+installer test, which copies ~122k files totalling ~1.8GiB from 9p,
+decreased by a factor of about 10.
+
+Signed-off-by: Linus Heckemann
+Reviewed-by: Philippe Mathieu-Daudé
+Reviewed-by: Greg Kurz
+[CS: - Retain BUG_ON(f->clunked) in get_fid().
+ - Add TODO comment in clunk_fid(). ]
+Message-Id: <20221004104121.713689-1-git@sphalerite.org>
+[CS: - Drop unnecessary goto and out: label. ]
+Signed-off-by: Christian Schoenebeck
+---
+ hw/9pfs/9p.c | 194 +++++++++++++++++++++++++++++----------------------
+ hw/9pfs/9p.h | 2 +-
+ 2 files changed, 112 insertions(+), 84 deletions(-)
+
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index aebadeaa03..9bf13133e5 100644
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -256,7 +256,8 @@ static size_t v9fs_string_size(V9fsString *str)
+ }
+
+ /*
+- * returns 0 if fid got re-opened, 1 if not, < 0 on error */
++ * returns 0 if fid got re-opened, 1 if not, < 0 on error
++ */
+ static int coroutine_fn v9fs_reopen_fid(V9fsPDU *pdu, V9fsFidState *f)
+ {
+ int err = 1;
+@@ -282,33 +283,32 @@ static V9fsFidState *coroutine_fn get_fid(V9fsPDU *pdu, int32_t fid)
+ V9fsFidState *f;
+ V9fsState *s = pdu->s;
+
+- QSIMPLEQ_FOREACH(f, &s->fid_list, next) {
++ f = g_hash_table_lookup(s->fids, GINT_TO_POINTER(fid));
++ if (f) {
+ BUG_ON(f->clunked);
+- if (f->fid == fid) {
+- /*
+- * Update the fid ref upfront so that
+- * we don't get reclaimed when we yield
+- * in open later.
+- */
+- f->ref++;
+- /*
+- * check whether we need to reopen the
+- * file. We might have closed the fd
+- * while trying to free up some file
+- * descriptors.
+- */
+- err = v9fs_reopen_fid(pdu, f);
+- if (err < 0) {
+- f->ref--;
+- return NULL;
+- }
+- /*
+- * Mark the fid as referenced so that the LRU
+- * reclaim won't close the file descriptor
+- */
+- f->flags |= FID_REFERENCED;
+- return f;
++ /*
++ * Update the fid ref upfront so that
++ * we don't get reclaimed when we yield
++ * in open later.
++ */
++ f->ref++;
++ /*
++ * check whether we need to reopen the
++ * file. We might have closed the fd
++ * while trying to free up some file
++ * descriptors.
++ */
++ err = v9fs_reopen_fid(pdu, f);
++ if (err < 0) {
++ f->ref--;
++ return NULL;
+ }
++ /*
++ * Mark the fid as referenced so that the LRU
++ * reclaim won't close the file descriptor
++ */
++ f->flags |= FID_REFERENCED;
++ return f;
+ }
+ return NULL;
+ }
+@@ -317,12 +317,11 @@ static V9fsFidState *alloc_fid(V9fsState *s, int32_t fid)
+ {
+ V9fsFidState *f;
+
+- QSIMPLEQ_FOREACH(f, &s->fid_list, next) {
++ f = g_hash_table_lookup(s->fids, GINT_TO_POINTER(fid));
++ if (f) {
+ /* If fid is already there return NULL */
+ BUG_ON(f->clunked);
+- if (f->fid == fid) {
+- return NULL;
+- }
++ return NULL;
+ }
+ f = g_new0(V9fsFidState, 1);
+ f->fid = fid;
+@@ -333,7 +332,7 @@ static V9fsFidState *alloc_fid(V9fsState *s, int32_t fid)
+ * reclaim won't close the file descriptor
+ */
+ f->flags |= FID_REFERENCED;
+- QSIMPLEQ_INSERT_TAIL(&s->fid_list, f, next);
++ g_hash_table_insert(s->fids, GINT_TO_POINTER(fid), f);
+
+ v9fs_readdir_init(s->proto_version, &f->fs.dir);
+ v9fs_readdir_init(s->proto_version, &f->fs_reclaim.dir);
+@@ -424,12 +423,12 @@ static V9fsFidState *clunk_fid(V9fsState *s, int32_t fid)
+ {
+ V9fsFidState *fidp;
+
+- QSIMPLEQ_FOREACH(fidp, &s->fid_list, next) {
+- if (fidp->fid == fid) {
+- QSIMPLEQ_REMOVE(&s->fid_list, fidp, V9fsFidState, next);
+- fidp->clunked = true;
+- return fidp;
+- }
++ /* TODO: Use g_hash_table_steal_extended() instead? */
++ fidp = g_hash_table_lookup(s->fids, GINT_TO_POINTER(fid));
++ if (fidp) {
++ g_hash_table_remove(s->fids, GINT_TO_POINTER(fid));
++ fidp->clunked = true;
++ return fidp;
+ }
+ return NULL;
+ }
+@@ -439,10 +438,15 @@ void coroutine_fn v9fs_reclaim_fd(V9fsPDU *pdu)
+ int reclaim_count = 0;
+ V9fsState *s = pdu->s;
+ V9fsFidState *f;
++ GHashTableIter iter;
++ gpointer fid;
++
++ g_hash_table_iter_init(&iter, s->fids);
++
+ QSLIST_HEAD(, V9fsFidState) reclaim_list =
+ QSLIST_HEAD_INITIALIZER(reclaim_list);
+
+- QSIMPLEQ_FOREACH(f, &s->fid_list, next) {
++ while (g_hash_table_iter_next(&iter, &fid, (gpointer *) &f)) {
+ /*
+ * Unlink fids cannot be reclaimed. Check
+ * for them and skip them. Also skip fids
+@@ -514,72 +518,85 @@ void coroutine_fn v9fs_reclaim_fd(V9fsPDU *pdu)
+ }
+ }
+
++/*
++ * This is used when a path is removed from the directory tree. Any
++ * fids that still reference it must not be closed from then on, since
++ * they cannot be reopened.
++ */
+ static int coroutine_fn v9fs_mark_fids_unreclaim(V9fsPDU *pdu, V9fsPath *path)
+ {
+- int err;
++ int err = 0;
+ V9fsState *s = pdu->s;
+- V9fsFidState *fidp, *fidp_next;
++ V9fsFidState *fidp;
++ gpointer fid;
++ GHashTableIter iter;
++ /*
++ * The most common case is probably that we have exactly one
++ * fid for the given path, so preallocate exactly one.
++ */
++ g_autoptr(GArray) to_reopen = g_array_sized_new(FALSE, FALSE,
++ sizeof(V9fsFidState *), 1);
++ gint i;
+
+- fidp = QSIMPLEQ_FIRST(&s->fid_list);
+- if (!fidp) {
+- return 0;
+- }
++ g_hash_table_iter_init(&iter, s->fids);
+
+ /*
+- * v9fs_reopen_fid() can yield : a reference on the fid must be held
+- * to ensure its pointer remains valid and we can safely pass it to
+- * QSIMPLEQ_NEXT(). The corresponding put_fid() can also yield so
+- * we must keep a reference on the next fid as well. So the logic here
+- * is to get a reference on a fid and only put it back during the next
+- * iteration after we could get a reference on the next fid. Start with
+- * the first one.
++ * We iterate over the fid table looking for the entries we need
++ * to reopen, and store them in to_reopen. This is because
++ * v9fs_reopen_fid() and put_fid() yield. This allows the fid table
++ * to be modified in the meantime, invalidating our iterator.
+ */
+- for (fidp->ref++; fidp; fidp = fidp_next) {
++ while (g_hash_table_iter_next(&iter, &fid, (gpointer *) &fidp)) {
+ if (fidp->path.size == path->size &&
+ !memcmp(fidp->path.data, path->data, path->size)) {
+- /* Mark the fid non reclaimable. */
+- fidp->flags |= FID_NON_RECLAIMABLE;
+-
+- /* reopen the file/dir if already closed */
+- err = v9fs_reopen_fid(pdu, fidp);
+- if (err < 0) {
+- put_fid(pdu, fidp);
+- return err;
+- }
+- }
+-
+- fidp_next = QSIMPLEQ_NEXT(fidp, next);
+-
+- if (fidp_next) {
+ /*
+- * Ensure the next fid survives a potential clunk request during
+- * put_fid() below and v9fs_reopen_fid() in the next iteration.
++ * Ensure the fid survives a potential clunk request during
++ * v9fs_reopen_fid or put_fid.
+ */
+- fidp_next->ref++;
++ fidp->ref++;
++ fidp->flags |= FID_NON_RECLAIMABLE;
++ g_array_append_val(to_reopen, fidp);
+ }
++ }
+
+- /* We're done with this fid */
+- put_fid(pdu, fidp);
++ for (i = 0; i < to_reopen->len; i++) {
++ fidp = g_array_index(to_reopen, V9fsFidState*, i);
++ /* reopen the file/dir if already closed */
++ err = v9fs_reopen_fid(pdu, fidp);
++ if (err < 0) {
++ break;
++ }
+ }
+
+- return 0;
++ for (i = 0; i < to_reopen->len; i++) {
++ put_fid(pdu, g_array_index(to_reopen, V9fsFidState*, i));
++ }
++ return err;
+ }
+
+ static void coroutine_fn virtfs_reset(V9fsPDU *pdu)
+ {
+ V9fsState *s = pdu->s;
+ V9fsFidState *fidp;
++ GList *freeing;
++ /*
++ * Get a list of all the values (fid states) in the table, which
++ * we then...
++ */
++ g_autoptr(GList) fids = g_hash_table_get_values(s->fids);
+
+- /* Free all fids */
+- while (!QSIMPLEQ_EMPTY(&s->fid_list)) {
+- /* Get fid */
+- fidp = QSIMPLEQ_FIRST(&s->fid_list);
+- fidp->ref++;
++ /* ... remove from the table, taking over ownership. */
++ g_hash_table_steal_all(s->fids);
+
+- /* Clunk fid */
+- QSIMPLEQ_REMOVE(&s->fid_list, fidp, V9fsFidState, next);
++ /*
++ * This allows us to release our references to them asynchronously without
++ * iterating over the hash table and risking iterator invalidation
++ * through concurrent modifications.
++ */
++ for (freeing = fids; freeing; freeing = freeing->next) {
++ fidp = freeing->data;
++ fidp->ref++;
+ fidp->clunked = true;
+-
+ put_fid(pdu, fidp);
+ }
+ }
+@@ -3205,6 +3222,8 @@ static int coroutine_fn v9fs_complete_rename(V9fsPDU *pdu, V9fsFidState *fidp,
+ V9fsFidState *tfidp;
+ V9fsState *s = pdu->s;
+ V9fsFidState *dirfidp = NULL;
++ GHashTableIter iter;
++ gpointer fid;
+
+ v9fs_path_init(&new_path);
+ if (newdirfid != -1) {
+@@ -3238,11 +3257,13 @@ static int coroutine_fn v9fs_complete_rename(V9fsPDU *pdu, V9fsFidState *fidp,
+ if (err < 0) {
+ goto out;
+ }
++
+ /*
+ * Fixup fid's pointing to the old name to
+ * start pointing to the new name
+ */
+- QSIMPLEQ_FOREACH(tfidp, &s->fid_list, next) {
++ g_hash_table_iter_init(&iter, s->fids);
++ while (g_hash_table_iter_next(&iter, &fid, (gpointer *) &tfidp)) {
+ if (v9fs_path_is_ancestor(&fidp->path, &tfidp->path)) {
+ /* replace the name */
+ v9fs_fix_path(&tfidp->path, &new_path, strlen(fidp->path.data));
+@@ -3320,6 +3341,8 @@ static int coroutine_fn v9fs_fix_fid_paths(V9fsPDU *pdu, V9fsPath *olddir,
+ V9fsPath oldpath, newpath;
+ V9fsState *s = pdu->s;
+ int err;
++ GHashTableIter iter;
++ gpointer fid;
+
+ v9fs_path_init(&oldpath);
+ v9fs_path_init(&newpath);
+@@ -3336,7 +3359,8 @@ static int coroutine_fn v9fs_fix_fid_paths(V9fsPDU *pdu, V9fsPath *olddir,
+ * Fixup fid's pointing to the old name to
+ * start pointing to the new name
+ */
+- QSIMPLEQ_FOREACH(tfidp, &s->fid_list, next) {
++ g_hash_table_iter_init(&iter, s->fids);
++ while (g_hash_table_iter_next(&iter, &fid, (gpointer *) &tfidp)) {
+ if (v9fs_path_is_ancestor(&oldpath, &tfidp->path)) {
+ /* replace the name */
+ v9fs_fix_path(&tfidp->path, &newpath, strlen(oldpath.data));
+@@ -4226,7 +4250,7 @@ int v9fs_device_realize_common(V9fsState *s, const V9fsTransport *t,
+ s->ctx.fmode = fse->fmode;
+ s->ctx.dmode = fse->dmode;
+
+- QSIMPLEQ_INIT(&s->fid_list);
++ s->fids = g_hash_table_new(NULL, NULL);
+ qemu_co_rwlock_init(&s->rename_lock);
+
+ if (s->ops->init(&s->ctx, errp) < 0) {
+@@ -4286,6 +4310,10 @@ void v9fs_device_unrealize_common(V9fsState *s)
+ if (s->ctx.fst) {
+ fsdev_throttle_cleanup(s->ctx.fst);
+ }
++ if (s->fids) {
++ g_hash_table_destroy(s->fids);
++ s->fids = NULL;
++ }
+ g_free(s->tag);
+ qp_table_destroy(&s->qpd_table);
+ qp_table_destroy(&s->qpp_table);
+diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h
+index 994f952600..10fd2076c2 100644
+--- a/hw/9pfs/9p.h
++++ b/hw/9pfs/9p.h
+@@ -339,7 +339,7 @@ typedef struct {
+ struct V9fsState {
+ QLIST_HEAD(, V9fsPDU) free_list;
+ QLIST_HEAD(, V9fsPDU) active_list;
+- QSIMPLEQ_HEAD(, V9fsFidState) fid_list;
++ GHashTable *fids;
+ FileOperations *ops;
+ FsContext ctx;
+ char *tag;
+--
+2.36.2
+
diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix
index 4f55b48bc540..410c3bf2d9e2 100644
--- a/pkgs/applications/virtualization/qemu/default.nix
+++ b/pkgs/applications/virtualization/qemu/default.nix
@@ -3,7 +3,7 @@
, bison, lzo, snappy, libaio, libtasn1, gnutls, nettle, curl, ninja, meson, sigtool
, makeWrapper, runtimeShell, removeReferencesTo
, attr, libcap, libcap_ng, socat
-, CoreServices, Cocoa, Hypervisor, rez, setfile
+, CoreServices, Cocoa, Hypervisor, rez, setfile, vmnet
, guestAgentSupport ? with stdenv.hostPlatform; isLinux || isSunOS || isWindows
, numaSupport ? stdenv.isLinux && !stdenv.isAarch32, numactl
, seccompSupport ? stdenv.isLinux, libseccomp
@@ -60,7 +60,7 @@ stdenv.mkDerivation rec {
gnutls nettle curl
]
++ lib.optionals ncursesSupport [ ncurses ]
- ++ lib.optionals stdenv.isDarwin [ CoreServices Cocoa Hypervisor rez setfile ]
+ ++ lib.optionals stdenv.isDarwin [ CoreServices Cocoa Hypervisor rez setfile vmnet ]
++ lib.optionals seccompSupport [ libseccomp ]
++ lib.optionals numaSupport [ numactl ]
++ lib.optionals alsaSupport [ alsa-lib ]
@@ -111,6 +111,7 @@ stdenv.mkDerivation rec {
sha256 = "sha256-oC+bRjEHixv1QEFO9XAm4HHOwoiT+NkhknKGPydnZ5E=";
revert = true;
})
+ ./9pfs-use-GHashTable-for-fid-table.patch
]
++ lib.optional nixosTestRunner ./force-uid0-on-9p.patch;
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix
index e5b39cdd9dce..a3145e504f23 100644
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@@ -984,33 +984,34 @@ rec {
# following lines, double-check that your code behaves properly
# when the number of layers equals:
# maxLayers-1, maxLayers, and maxLayers+1, 0
- store_layers="$(
- paths |
- jq -sR '
- rtrimstr("\n") | split("\n")
- | (.[:$maxLayers-1] | map([.])) + [ .[$maxLayers-1:] ]
- | map(select(length > 0))
+ paths |
+ jq -sR '
+ rtrimstr("\n") | split("\n")
+ | (.[:$maxLayers-1] | map([.])) + [ .[$maxLayers-1:] ]
+ | map(select(length > 0))
' \
- --argjson maxLayers "$availableLayers"
- )"
+ --argjson maxLayers "$availableLayers" > store_layers.json
+ # The index on $store_layers is necessary because the --slurpfile
+ # automatically reads the file as an array.
cat ${baseJson} | jq '
. + {
"store_dir": $store_dir,
"from_image": $from_image,
- "store_layers": $store_layers,
+ "store_layers": $store_layers[0],
"customisation_layer", $customisation_layer,
"repo_tag": $repo_tag,
"created": $created
}
' --arg store_dir "${storeDir}" \
--argjson from_image ${if fromImage == null then "null" else "'\"${fromImage}\"'"} \
- --argjson store_layers "$store_layers" \
+ --slurpfile store_layers store_layers.json \
--arg customisation_layer ${customisationLayer} \
--arg repo_tag "$imageName:$imageTag" \
--arg created "$created" |
tee $out
'';
+
result = runCommand "stream-${baseName}"
{
inherit (conf) imageName;
diff --git a/pkgs/development/coq-modules/relation-algebra/default.nix b/pkgs/development/coq-modules/relation-algebra/default.nix
index 204be2931a50..d2124d56f3f5 100644
--- a/pkgs/development/coq-modules/relation-algebra/default.nix
+++ b/pkgs/development/coq-modules/relation-algebra/default.nix
@@ -10,6 +10,7 @@ mkCoqDerivation {
then "v.${v}"
else "v${v}";
+ release."1.7.8".sha256 = "sha256-RITFd3G5TjY+rFzW073Ao1AGU+u6OGQyQeGHVodAXnA=";
release."1.7.7".sha256 = "sha256:1dff3id6nypl2alhk9rcifj3dab0j78dym05blc525lawsmc26l2";
release."1.7.6".sha256 = "sha256:02gsj06zcy9zgd0h1ibqspwfiwm36pkkgg9cz37k4bxzcapxcr6w";
release."1.7.5".sha256 = "sha256-XdO8agoJmNXPv8Ho+KTlLCB4oRlQsb0w06aM9M16ZBU=";
@@ -20,6 +21,7 @@ mkCoqDerivation {
inherit version;
defaultVersion = with versions; switch coq.coq-version [
+ { case = isEq "8.16"; out = "1.7.8"; }
{ case = isEq "8.15"; out = "1.7.7"; }
{ case = isEq "8.14"; out = "1.7.6"; }
{ case = isEq "8.13"; out = "1.7.5"; }
diff --git a/pkgs/development/libraries/at-spi2-core/default.nix b/pkgs/development/libraries/at-spi2-core/default.nix
index 766877645869..3a2f446cf84f 100644
--- a/pkgs/development/libraries/at-spi2-core/default.nix
+++ b/pkgs/development/libraries/at-spi2-core/default.nix
@@ -58,7 +58,7 @@ stdenv.mkDerivation rec {
doCheck = false;
mesonFlags = [
- "-Dintrospection=${if stdenv.buildPlatform == stdenv.hostPlatform then "yes" else "no"}"
+ "-Dintrospection=yes"
# Provide dbus-daemon fallback when it is not already running when
# at-spi2-bus-launcher is executed. This allows us to avoid
# including the entire dbus closure in libraries linked with
diff --git a/pkgs/development/libraries/nss/latest.nix b/pkgs/development/libraries/nss/latest.nix
index 825694aad889..09eaa64e600a 100644
--- a/pkgs/development/libraries/nss/latest.nix
+++ b/pkgs/development/libraries/nss/latest.nix
@@ -5,6 +5,6 @@
# Example: nix-shell ./maintainers/scripts/update.nix --argstr package cacert
import ./generic.nix {
- version = "3.83";
- hash = "sha256-qyPqZ/lkCQuLc8gKZ0CCVxw25fTrqSBXrGSMnB3vASg=";
+ version = "3.84";
+ hash = "sha256-mjh//jUP8U8AHZQ/lswMBkiRVR1x4al6Xdv/5/EgeiU=";
}
diff --git a/pkgs/development/tools/misc/linuxkit/default.nix b/pkgs/development/tools/misc/linuxkit/default.nix
index da608ba5a061..94ae7f527125 100644
--- a/pkgs/development/tools/misc/linuxkit/default.nix
+++ b/pkgs/development/tools/misc/linuxkit/default.nix
@@ -2,7 +2,7 @@
buildGoPackage rec {
pname = "linuxkit";
- version = "0.8";
+ version = "1.0.0";
goPackagePath = "github.com/linuxkit/linuxkit";
@@ -10,7 +10,7 @@ buildGoPackage rec {
owner = "linuxkit";
repo = "linuxkit";
rev = "v${version}";
- sha256 = "15jj60k8wz9cahjbdscnwyyfb1k1grjh7yrilb1cj4r8mby4sp2g";
+ sha256 = "sha256-y/jsMr7HmrHjVMn4fyQ3MPHION8hQO2G4udX1AMx8bk=";
};
subPackages = [ "src/cmd/linuxkit" ];
diff --git a/pkgs/development/tools/oh-my-posh/default.nix b/pkgs/development/tools/oh-my-posh/default.nix
index 832cfb102231..72d501935be0 100644
--- a/pkgs/development/tools/oh-my-posh/default.nix
+++ b/pkgs/development/tools/oh-my-posh/default.nix
@@ -2,13 +2,13 @@
buildGoModule rec {
pname = "oh-my-posh";
- version = "12.1.0";
+ version = "12.2.0";
src = fetchFromGitHub {
owner = "jandedobbeleer";
repo = pname;
rev = "v${version}";
- sha256 = "sha256-kVhdOx4+S0GLYcOIYMN9yzvDDL+/8oke69wqYJ/s5+Q=";
+ sha256 = "sha256-zWoM9STdyJbgNqX5FQ70T+0dbENW7aOjHV+BShAHi8I=";
};
vendorSha256 = "sha256-zL5tkBkZa2Twc2FNNNUIycd/QvkpR1XEntpJ0j4z/xo=";
diff --git a/pkgs/development/tools/ruff/default.nix b/pkgs/development/tools/ruff/default.nix
index a8c76f3e5e2e..55198659371c 100644
--- a/pkgs/development/tools/ruff/default.nix
+++ b/pkgs/development/tools/ruff/default.nix
@@ -8,16 +8,16 @@
rustPlatform.buildRustPackage rec {
pname = "ruff";
- version = "0.0.69";
+ version = "0.0.72";
src = fetchFromGitHub {
owner = "charliermarsh";
repo = pname;
rev = "v${version}";
- sha256 = "sha256-5TAuWBb4RJGO7prliR+c1wAOmTRaJ/erwK9ISQTiaNA=";
+ sha256 = "sha256-K2wrPDb0GcwhGzLFNGXMH7CKTleOHwe3FtA82BZk+Bo=";
};
- cargoSha256 = "sha256-bv51Hj/JMfFr9SLGQxAoWDCeLr4cI6jpYxnnncAQ6kU=";
+ cargoSha256 = "sha256-acB8kcdItJyE2Mr+fU0yojpDJh02V21DZfqQ5q+Wn20=";
buildInputs = lib.optionals stdenv.isDarwin [
CoreServices
diff --git a/pkgs/development/tools/toml2nix/Cargo.lock b/pkgs/development/tools/toml2nix/Cargo.lock
new file mode 100644
index 000000000000..f6b37fbc189d
--- /dev/null
+++ b/pkgs/development/tools/toml2nix/Cargo.lock
@@ -0,0 +1,25 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 3
+
+[[package]]
+name = "serde"
+version = "1.0.145"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "728eb6351430bccb993660dfffc5a72f91ccc1295abaa8ce19b27ebe4f75568b"
+
+[[package]]
+name = "toml"
+version = "0.4.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "758664fc71a3a69038656bee8b6be6477d2a6c315a6b81f7081f591bffa4111f"
+dependencies = [
+ "serde",
+]
+
+[[package]]
+name = "toml2nix"
+version = "0.1.1"
+dependencies = [
+ "toml",
+]
diff --git a/pkgs/development/tools/toml2nix/default.nix b/pkgs/development/tools/toml2nix/default.nix
new file mode 100644
index 000000000000..6987619dbcb5
--- /dev/null
+++ b/pkgs/development/tools/toml2nix/default.nix
@@ -0,0 +1,24 @@
+{ lib, rustPlatform, fetchCrate }:
+
+rustPlatform.buildRustPackage rec {
+ pname = "toml2nix";
+ version = "0.1.1";
+
+ src = fetchCrate {
+ inherit pname version;
+ sha256 = "sha256-YhluLS4tFMibFrDzgIvNtfjM5dAqJQvygeZocKn3+Jg=";
+ };
+
+ cargoLock.lockFile = ./Cargo.lock;
+
+ postPatch = ''
+ ln -s ${./Cargo.lock} Cargo.lock
+ '';
+
+ meta = with lib; {
+ description = "A tool to convert TOML files to Nix expressions";
+ homepage = "https://crates.io/crates/toml2nix";
+ license = with licenses; [ mit /* or */ asl20 ];
+ maintainers = with maintainers; [ figsoda ];
+ };
+}
diff --git a/pkgs/tools/admin/credhub-cli/default.nix b/pkgs/tools/admin/credhub-cli/default.nix
index 30c16e4676d8..ed87e44daf5e 100644
--- a/pkgs/tools/admin/credhub-cli/default.nix
+++ b/pkgs/tools/admin/credhub-cli/default.nix
@@ -2,13 +2,13 @@
buildGoModule rec {
pname = "credhub-cli";
- version = "2.9.4";
+ version = "2.9.5";
src = fetchFromGitHub {
owner = "cloudfoundry-incubator";
repo = "credhub-cli";
rev = version;
- sha256 = "sha256-vRzap9JiV6HzQJKVAByLPMCqADMufoool8Nuw2xu2L4=";
+ sha256 = "sha256-M2FIzLl1pQ/TJinG4UOh2VQWfZx4iT3Qw6pJhjv88cM=";
};
# these tests require network access that we're not going to give them
diff --git a/pkgs/tools/toml2nix/default.nix b/pkgs/tools/toml2nix/default.nix
deleted file mode 100644
index ac4de4eee144..000000000000
--- a/pkgs/tools/toml2nix/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-# Generated by carnix 0.9.7: carnix generate-nix
-{ lib, buildPlatform, buildRustCrate, buildRustCrateHelpers, cratesIO, fetchgit }:
-with buildRustCrateHelpers;
-let inherit (lib.lists) fold;
- inherit (lib.attrsets) recursiveUpdate;
-in
-let crates = cratesIO; in
-rec {
- toml2nix = crates.crates.toml2nix."0.1.1" deps;
- __all = [ (toml2nix {}) ];
- deps.serde."1.0.84" = {};
- deps.toml."0.4.10" = {
- serde = "1.0.84";
- };
- deps.toml2nix."0.1.1" = {
- toml = "0.4.10";
- };
-}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index f79b8318d872..31c10d26faf8 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -11924,7 +11924,7 @@ with pkgs;
toml2json = callPackage ../development/tools/toml2json { };
- toml2nix = (callPackage ../tools/toml2nix { }).toml2nix { };
+ toml2nix = callPackage ../development/tools/toml2nix { };
topgrade = callPackage ../tools/misc/topgrade {
inherit (darwin.apple_sdk.frameworks) Cocoa Foundation;
@@ -31096,7 +31096,7 @@ with pkgs;
qdirstat = libsForQt5.callPackage ../applications/misc/qdirstat {};
qemu = callPackage ../applications/virtualization/qemu {
- inherit (darwin.apple_sdk.frameworks) CoreServices Cocoa Hypervisor;
+ inherit (darwin.apple_sdk.frameworks) CoreServices Cocoa Hypervisor vmnet;
inherit (darwin.stubs) rez setfile;
inherit (darwin) sigtool;
};
@@ -37692,4 +37692,6 @@ with pkgs;
swaysettings = callPackage ../applications/misc/swaysettings { };
aitrack = libsForQt5.callPackage ../applications/misc/aitrack { };
+
+ widevine-cdm = callPackage ../applications/networking/browsers/misc/widevine-cdm.nix { };
}
diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix
index a2b547d5fbb7..b4d54893a49b 100644
--- a/pkgs/top-level/perl-packages.nix
+++ b/pkgs/top-level/perl-packages.nix
@@ -19417,10 +19417,10 @@ let
perlldap = buildPerlPackage {
pname = "perl-ldap";
- version = "0.66";
+ version = "0.68";
src = fetchurl {
- url = "mirror://cpan/authors/id/M/MA/MARSCHAP/perl-ldap-0.66.tar.gz";
- hash = "sha256-CSY85hZugMmNaJ1B0JmVuBM4n9Bpt4RgH23Ff44rQQI=";
+ url = "mirror://cpan/authors/id/M/MA/MARSCHAP/perl-ldap-0.68.tar.gz";
+ hash = "sha256-4vOJ/j56nkthSIaSkZrXI7mPO0ebUoj2ENqownmVs1E=";
};
# ldapi socket location should match the one compiled into the openldap package
postPatch = ''