BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge master into haskell-updates

Browse source
This commit is contained in:
github-actions[bot] 2022-05-20 00:12:22 +00:00 committed by GitHub
commit d39d933474
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
42 changed files with 318 additions and 148 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
doc/doc-support/default.nix
View file

@ -23,6 +23,14 @@ let
<xsl:import href="${./parameters.xml}"/>
</xsl:stylesheet>
'';
# NB: This file describes the Nixpkgs manual, which happens to use module
# docs infra originally developed for NixOS.
optionsDoc = pkgs.nixosOptionsDoc {
inherit (pkgs.lib.evalModules { modules = [ ../../pkgs/top-level/config.nix ]; }) options;
documentType = "none";
};
in pkgs.runCommand "doc-support" {}
''
mkdir result
@ -30,6 +38,7 @@ in pkgs.runCommand "doc-support" {}
cd result
ln -s ${locationsXml} ./function-locations.xml
ln -s ${functionDocs} ./function-docs
ln -s ${optionsDoc.optionsDocBook} ./config-options.docbook.xml
ln -s ${pkgs.docbook5}/xml/rng/docbook/docbook.rng ./docbook.rng
ln -s ${pkgs.docbook_xsl_ns}/xml/xsl ./xsl

8
doc/using/configuration.chapter.md
View file

@ -164,6 +164,14 @@ There are several ways to tweak how Nix handles a package which has been marked
Note that `permittedInsecurePackages` is only checked if `allowInsecurePredicate` is not specified.
### `config` Options Reference
The following attributes can be passed in [`config`](#chap-packageconfig).
```{=docbook}
<include xmlns="http://www.w3.org/2001/XInclude" href="../doc-support/result/config-options.docbook.xml"/>
```
## Modify packages via `packageOverrides` {#sec-modify-via-packageOverrides}
You can define a function called `packageOverrides` in your local `~/.config/nixpkgs/config.nix` to override Nix packages. It must be a function that takes pkgs as an argument and returns a modified set of packages.

8
maintainers/maintainer-list.nix
View file

@ -6715,13 +6715,13 @@
name = "Jim Fowler";
};
kittywitch = {
email = "kat@kittywit.ch";
email = "kat@inskip.me";
github = "kittywitch";
githubId = 67870215;
name = "kat witch";
name = "Kat Inskip";
keys = [{
longkeyid = "rsa4096/0x7248991EFA8EFBEE";
fingerprint = "01F5 0A29 D4AA 9117 5A11 BDB1 7248 991E FA8E FBEE";
longkeyid = "rsa4096/0xE8DDE3ED1C90F3A0";
fingerprint = "9CC6 44B5 69CD A59B C874 C4C9 E8DD E3ED 1C90 F3A0";
}];
};
kiwi = {

3
nixos/lib/make-options-doc/default.nix
View file

@ -20,6 +20,8 @@
, lib
, options
, transformOptions ? lib.id # function for additional tranformations of the options
, documentType ? "appendix" # TODO deprecate "appendix" in favor of "none"
# and/or rename function to moduleOptionDoc for clean slate
, revision ? "" # Specify revision for the options
# a set of options the docs we are generating will be merged into, as if by recursiveUpdate.
# used to split the options doc build into a static part (nixos/modules) and a dynamic part
@ -161,6 +163,7 @@ in rec {
${pkgs.python3Minimal}/bin/python ${./sortXML.py} $optionsXML sorted.xml
${pkgs.libxslt.bin}/bin/xsltproc \
--stringparam documentType '${documentType}' \
--stringparam revision '${revision}' \
-o intermediate.xml ${./options-to-docbook.xsl} sorted.xml
${pkgs.libxslt.bin}/bin/xsltproc \

18
nixos/lib/make-options-doc/options-to-docbook.xsl
View file

@ -12,12 +12,25 @@
<xsl:output method='xml' encoding="UTF-8" />
<xsl:param name="revision" />
<xsl:param name="documentType" />
<xsl:param name="program" />
<xsl:template match="/expr/list">
<appendix xml:id="appendix-configuration-options">
<title>Configuration Options</title>
<xsl:choose>
<xsl:when test="$documentType = 'appendix'">
<appendix xml:id="appendix-configuration-options">
<title>Configuration Options</title>
<xsl:call-template name="variable-list"/>
</appendix>
</xsl:when>
<xsl:otherwise>
<xsl:call-template name="variable-list"/>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template name="variable-list">
<variablelist xml:id="configuration-variable-list">
<xsl:for-each select="attrs">
<xsl:variable name="id" select="
@ -102,7 +115,6 @@
</xsl:for-each>
</variablelist>
</appendix>
</xsl:template>

5
nixos/modules/services/networking/uptermd.nix
View file

@ -85,6 +85,7 @@ in
AmbientCapabilities = mkIf (cfg.port < 1024) [ "CAP_NET_BIND_SERVICE" ];
CapabilityBoundingSet = mkIf (cfg.port < 1024) [ "CAP_NET_BIND_SERVICE" ];
PrivateUsers = cfg.port >= 1024;
DynamicUser = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
PrivateDevices = true;
@ -95,7 +96,9 @@ in
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
ProtectProc = "invisible";
# AF_UNIX is for ssh-keygen, which relies on nscd to resolve the uid to a user
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";

7
nixos/tests/uptermd.nix
View file

@ -30,11 +30,14 @@ in
server.wait_for_unit("uptermd.service")
server.wait_for_unit("network-online.target")
# wait for upterm port to be reachable
client1.wait_until_succeeds("nc -z -v server 1337")
# Add SSH hostkeys from the server to both clients
# uptermd needs an '@cert-authority entry so we need to modify the known_hosts file
client1.execute("sleep 3; mkdir -p ~/.ssh && ssh -o StrictHostKeyChecking=no -p 1337 server ls")
client1.execute("mkdir -p ~/.ssh && ssh -o StrictHostKeyChecking=no -p 1337 server ls")
client1.execute("echo @cert-authority $(cat ~/.ssh/known_hosts) > ~/.ssh/known_hosts")
client2.execute("sleep 3; mkdir -p ~/.ssh && ssh -o StrictHostKeyChecking=no -p 1337 server ls")
client2.execute("mkdir -p ~/.ssh && ssh -o StrictHostKeyChecking=no -p 1337 server ls")
client2.execute("echo @cert-authority $(cat ~/.ssh/known_hosts) > ~/.ssh/known_hosts")
client1.wait_for_unit("multi-user.target")

17
pkgs/applications/emulators/bsnes/bsnes-hd/default.nix
View file

@ -1,9 +1,10 @@
{ lib, stdenv, fetchFromGitHub
, pkg-config
, wrapGAppsHook
, libX11, libXv
, udev
, SDL2
, gtk2, gtksourceview
, gtk3, gtksourceview3
, alsa-lib, libao, openal, libpulseaudio
, libicns, Cocoa, OpenAL
}:
@ -34,16 +35,23 @@ stdenv.mkDerivation {
./macos-copy-app-to-prefix.patch
];
nativeBuildInputs = [ pkg-config ]
nativeBuildInputs = [ pkg-config wrapGAppsHook ]
++ lib.optionals stdenv.isDarwin [ libicns ];
buildInputs = [ SDL2 libao ]
++ lib.optionals stdenv.isLinux [ libX11 libXv udev gtk2 gtksourceview alsa-lib openal libpulseaudio ]
++ lib.optionals stdenv.isLinux [ libX11 libXv udev gtk3 gtksourceview3 alsa-lib openal libpulseaudio ]
++ lib.optionals stdenv.isDarwin [ Cocoa OpenAL ];
enableParallelBuilding = true;
makeFlags = [ "-C" "bsnes" "prefix=$(out)" ];
makeFlags = [ "-C" "bsnes" "hiro=gtk3" "prefix=$(out)" ];
# https://github.com/bsnes-emu/bsnes/issues/107
preFixup = ''
gappsWrapperArgs+=(
--prefix GDK_BACKEND : x11
)
'';
meta = with lib; {
description = "A fork of bsnes that adds HD video features";
@ -51,5 +59,6 @@ stdenv.mkDerivation {
license = licenses.gpl3Only;
maintainers = with maintainers; [ stevebob ];
platforms = platforms.unix;
mainProgram = "bsnes";
};
}

4
pkgs/applications/misc/octoprint/default.nix
View file

@ -74,13 +74,13 @@ let
self: super: {
octoprint = self.buildPythonPackage rec {
pname = "OctoPrint";
version = "1.8.0rc5";
version = "1.8.0";
src = fetchFromGitHub {
owner = "OctoPrint";
repo = "OctoPrint";
rev = version;
sha256 = "sha256-FeT45w6VXaFV4BsuOMk58nxxiu9jhCNnA2F7Uh/3sB0=";
sha256 = "sha256-GDKXHLigMAork+KAFOs8znNhaTYVTWVB2Tb+4sAqF8o=";
};
propagatedBuildInputs = with super; [

40
pkgs/applications/misc/tilemaker/default.nix Normal file
View file

@ -0,0 +1,40 @@
{ lib, stdenv, fetchFromGitHub, buildPackages, cmake, installShellFiles
, boost, lua, protobuf, rapidjson, shapelib, sqlite, zlib }:
stdenv.mkDerivation rec {
pname = "tilemaker";
version = "2.2.0";
src = fetchFromGitHub {
owner = "systemed";
repo = pname;
rev = "v${version}";
hash = "sha256-st6WDCk1RZ2lbfrudtcD+zenntyTMRHrIXw3nX5FHOU=";
};
postPatch = ''
substituteInPlace src/tilemaker.cpp \
--replace "config.json" "$out/share/tilemaker/config-openmaptiles.json" \
--replace "process.lua" "$out/share/tilemaker/process-openmaptiles.lua"
'';
nativeBuildInputs = [ cmake installShellFiles ];
buildInputs = [ boost lua protobuf rapidjson shapelib sqlite zlib ];
cmakeFlags = lib.optional (stdenv.hostPlatform != stdenv.buildPlatform)
"-DPROTOBUF_PROTOC_EXECUTABLE=${buildPackages.protobuf}/bin/protoc";
postInstall = ''
installManPage ../docs/man/tilemaker.1
install -Dm644 ../resources/* -t $out/share/tilemaker
'';
meta = with lib; {
description = "Make OpenStreetMap vector tiles without the stack";
homepage = "https://tilemaker.org/";
license = licenses.free; # FTWPL
maintainers = with maintainers; [ sikmir ];
platforms = platforms.unix;
};
}

5
pkgs/applications/networking/cluster/terraform/default.nix
View file

@ -63,10 +63,11 @@ let
kalbasit
marsam
maxeaubrey
techknowlogick
timstott
zimbatm
zowoq
] ++ teams.numtide.members;
techknowlogick
];
};
} // attrs');

16
pkgs/applications/networking/instant-messengers/deltachat-cursed/default.nix
View file

@ -1,9 +1,6 @@
{ lib
, python3
, fetchFromGitHub
, wrapGAppsHook
, gobject-introspection
, libnotify
}:
python3.pkgs.buildPythonApplication rec {
@ -19,29 +16,16 @@ python3.pkgs.buildPythonApplication rec {
nativeBuildInputs = [
python3.pkgs.setuptools-scm
wrapGAppsHook
];
SETUPTOOLS_SCM_PRETEND_VERSION = version;
buildInputs = [
gobject-introspection
libnotify
];
propagatedBuildInputs = with python3.pkgs; [
deltachat
notify-py
pygobject3
urwid-readline
];
dontWrapGApps = true;
preFixup = ''
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
doCheck = false; # no tests implemented
meta = with lib; {

21
pkgs/applications/networking/protocol/default.nix
View file

@ -1,8 +1,12 @@
{ lib, buildPythonApplication, fetchFromGitHub }:
{ lib
, python3
, fetchFromGitHub
}:
buildPythonApplication {
pname = "protocol-unstable";
version = "2019-03-28";
python3.pkgs.buildPythonApplication rec {
pname = "protocol";
version = "unstable-2019-03-28";
format = "setuptools";
src = fetchFromGitHub {
owner = "luismartingarcia";
@ -11,10 +15,15 @@ buildPythonApplication {
sha256 = "13l10jhf4vghanmhh3pn91b2jdciispxy0qadz4n08blp85qn9cm";
};
postPatch = ''
substituteInPlace setup.py \
--replace "scripts=['protocol', 'constants.py', 'specs.py']" "scripts=['protocol'], py_modules=['constants', 'specs']"
'';
meta = with lib; {
description = "An ASCII Header Generator for Network Protocols";
description = "ASCII Header Generator for Network Protocols";
homepage = "https://github.com/luismartingarcia/protocol";
license = licenses.gpl3;
license = licenses.gpl3Plus;
maintainers = with maintainers; [ teto ];
};
}

10
pkgs/development/interpreters/bats/default.nix
View file

@ -18,13 +18,13 @@
resholve.mkDerivation rec {
pname = "bats";
version = "1.6.0";
version = "1.7.0";
src = fetchFromGitHub {
owner = "bats-core";
repo = "bats-core";
rev = "v${version}";
sha256 = "sha256-s+SAqX70WeTz6s5ObXYFBVPVUEqvD1d7AX2sGHkjVQ4=";
sha256 = "sha256-joNne/dDVCNtzdTQ64rK8GimT+DOWUa7f410hml2s8Q=";
};
patchPhase = ''
@ -77,6 +77,8 @@ resholve.mkDerivation rec {
"${placeholder "out"}/lib/bats-core/common.bash"
"${placeholder "out"}/lib/bats-core/semaphore.bash"
"${placeholder "out"}/lib/bats-core/formatter.bash"
"${placeholder "out"}/lib/bats-core/warnings.bash"
"$setup_suite_file" # via cli arg
];
"$report_formatter" = true;
"$formatter" = true;
@ -105,6 +107,7 @@ resholve.mkDerivation rec {
passthru.tests.upstream = bats.unresholved.overrideAttrs (old: {
name = "${bats.name}-tests";
dontInstall = true; # just need the build directory
installCheckInputs = [
ncurses
parallel # skips some tests if it can't detect
@ -115,8 +118,6 @@ resholve.mkDerivation rec {
installCheckPhase = ''
# TODO: cut if https://github.com/bats-core/bats-core/issues/418 allows
sed -i '/test works even if PATH is reset/a skip "disabled for nix build"' test/bats.bats
# TODO: cut when https://github.com/bats-core/bats-core/pull/554 allows
substituteInPlace test/parallel.bats --replace '&& type -p shlock' '|| type -p shlock'
# skip tests that assume bats `install.sh` will be in BATS_ROOT
rm test/root.bats
@ -126,7 +127,6 @@ resholve.mkDerivation rec {
"/usr/bin/env bash" "${bash}/bin/bash"
${bats}/bin/bats test
rm -rf $out
touch $out
'';
});

6
pkgs/development/libraries/libdeltachat/default.nix
View file

@ -17,13 +17,13 @@
stdenv.mkDerivation rec {
pname = "libdeltachat";
version = "1.80.0";
version = "1.82.0";
src = fetchFromGitHub {
owner = "deltachat";
repo = "deltachat-core-rust";
rev = version;
hash = "sha256-4b2tf7QmLQ5ltnkxUGCwA1TZSQRoyKaRGcxBxbSKDaE=";
hash = "sha256-cc5DFQucG1b+1QN0HTJLKAfCF3UvRunL07d4WdT6368=";
};
patches = [
@ -33,7 +33,7 @@ stdenv.mkDerivation rec {
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
name = "${pname}-${version}";
hash = "sha256-t1/xztmiuJMqNkIe7cBzO7MaZQb6GtnIX5wxEpC+IFo=";
hash = "sha256-WYjTpHTYJGqvsUI8De6+tGgjYY1nKqPyfKP9IdZfrNY=";
};
nativeBuildInputs = [

4
pkgs/development/libraries/precice/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "precice";
version = "2.3.0";
version = "2.4.0";
src = fetchFromGitHub {
owner = "precice";
repo = pname;
rev = "v${version}";
sha256 = "sha256:0p8d2xf4bl41b30yp38sqyp4fipwgcdhl0khxcv5g69fxvz2i2il";
sha256 = "0qmwdxpbmy4dvjxav3dls18qns734j0yfvxvjrh1nnkk36qhfp3q";
};
cmakeFlags = [

4
pkgs/development/python-modules/azure-mgmt-servicelinker/default.nix
View file

@ -8,11 +8,11 @@
buildPythonPackage rec {
pname = "azure-mgmt-servicelinker";
version = "1.0.0";
version = "1.1.0";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-lAjgwEa2TJDEUU8pwfwkU8EyA1bhLkcAv++I6WHb7Xs=";
sha256 = "sha256-QVw6Y9HachwBRwCbF0cSGLCAkSJtNnXBvsj5YX1TmJU=";
extension = "zip";
};

4
pkgs/development/python-modules/fastavro/default.nix
View file

@ -15,14 +15,14 @@
buildPythonPackage rec {
pname = "fastavro";
version = "1.4.11";
version = "1.4.12";
disabled = pythonOlder "3.6";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "refs/tags/${version}";
sha256 = "sha256-PK8+NFJurJ0nD5coEFj8lXWg4VMcpX0954qDb1GW6Gk=";
sha256 = "sha256-t3SM7pTsl3JLWeJSESzXGONyjufwCHMaqK95JI3isYY=";
};
preBuild = ''

23
pkgs/development/python-modules/pydy/default.nix
View file

@ -6,31 +6,38 @@
, numpy
, scipy
, sympy
, pytestCheckHook
}:
buildPythonPackage rec {
pname = "pydy";
version = "0.6.0";
format = "setuptools";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-e/Ssfd5llioA7ccLULlRdHR113IbR4AJ4/HmzQuU7vI=";
};
checkInputs = [
nose
cython
];
propagatedBuildInputs = [
numpy
scipy
sympy
];
checkPhase = ''
nosetests
'';
checkInputs = [
nose
cython
pytestCheckHook
];
disabledTests = [
# Tests not fixed yet. Check https://github.com/pydy/pydy/issues/465
"test_generate_cse"
"test_generate_code_blocks"
"test_doprint"
"test_OctaveMatrixGenerator"
];
meta = with lib; {
description = "Python tool kit for multi-body dynamics";

39
pkgs/development/python-modules/pyfzf/default.nix Normal file
View file

@ -0,0 +1,39 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, fzf
, pythonOlder
}:
buildPythonPackage rec {
pname = "pyfzf";
version = "0.3.1";
format = "setuptools";
disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "nk412";
repo = pname;
rev = version;
hash = "sha256-w+ZjQGFd/lR2TiTHc2uQSJXORmzJJZXsr9BO4PIw/Co=";
};
propagatedBuildInputs = [
fzf
];
pythonImportsCheck = [
"pyfzf"
];
# Module has no tests
doCheck = false;
meta = with lib; {
description = "Wrapper for fzf";
homepage = "https://github.com/nk412/pyfzf";
license = licenses.mit;
maintainers = with maintainers; [ fab ];
};
}

12
pkgs/development/python-modules/scikit-build/default.nix
View file

@ -1,7 +1,6 @@
{ lib
, buildPythonPackage
, fetchPypi
, fetchpatch
, distro
, packaging
, python
@ -24,21 +23,14 @@
buildPythonPackage rec {
pname = "scikit-build";
version = "0.14.1";
version = "0.15.0";
format = "pyproject";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-Fwc9g3tWVRvt6Pa++utOuj2UM15ZAjmELjZg8HY6CRo=";
sha256 = "sha256-5yPNDzSJoEI3C56piLu5z9dyXoslsgyhx5gYIfz2X7k=";
};
patches = [
(fetchpatch {
url = "https://github.com/scikit-build/scikit-build/commit/59cf7a5b09a71d418947db3c9d487471c4573a24.patch";
sha256 = "sha256-oQllX3qzwWwllczXUMObrwndCfvMdS5FulEhbBORAks=";
})
];
propagatedBuildInputs = [
distro
packaging

13
pkgs/os-specific/linux/batman-adv/default.nix
View file

@ -16,19 +16,6 @@ stdenv.mkDerivation rec {
sha256 = cfg.sha256.${pname};
};
patches = [
# batman-adv: make mc_forwarding atomic
(fetchpatch {
url = "https://git.open-mesh.org/batman-adv.git/blobdiff_plain/c142c00f6b1a2ad5f5d74202fb1249e6a6575407..56db7c0540e733a1f063ccd6bab1b537a80857eb:/net/batman-adv/multicast.c";
hash = "sha256-2zXg8mZ3/iK9E/kyn+wHSrlLq87HuK72xuXojQ9KjkI=";
})
# batman-adv: compat: Add atomic mc_fowarding support for stable kernels
(fetchpatch {
url = "https://git.open-mesh.org/batman-adv.git/blobdiff_plain/f07a0c37ab278fb6a9e95cad89429b1282f1ab59..350adcaec82fbaa358a2406343b6130ac8dad126:/net/batman-adv/multicast.c";
hash = "sha256-r/Xp5bmDo9GVfAF6bn2Xq+cOq5ddQe+D5s/h37uI6bM=";
})
];
nativeBuildInputs = kernel.moduleBuildDependencies;
makeFlags = kernel.makeFlags ++ [
"KERNELPATH=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"

8
pkgs/os-specific/linux/batman-adv/version.nix
View file

@ -1,9 +1,9 @@
{
version = "2022.0";
version = "2022.1";
sha256 = {
batman-adv = "sha256-STOHBbwgdwmshNdmaI5wJXEAnIJ8CjIHiOpR+4h3FKo=";
alfred = "sha256-q7odrGHsz81jKeczHQVV/syTd2D7NsbPVc5sHXUc/Zg=";
batctl = "sha256-iTlm+aLWpQch3hJM5i2l096cIOBVdspIK8VwTMWm9z0=";
batman-adv = "sha256-bQQdNTCr1LJJq/Wpb8Ki4kFDG/lEO1R/2yWi2P0ymkA=";
alfred = "sha256-OgrCuybgyz8nMtSHNmmgoi6YJej5qOerrJhjY/J1CX8=";
batctl = "sha256-h+iak4lxuGJCJoG7NBBOmytLZRLR0WXelTYw3zjWGmg=";
};
}

60
pkgs/os-specific/linux/kernel/hardened/patches.json
View file

@ -2,61 +2,61 @@
"4.14": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-4.14.278-hardened1.patch",
"sha256": "10sihdsfc7zcn2n70gym790ql5lkgiy1q7lv7vavyxbg3j6yzayb",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.278-hardened1/linux-hardened-4.14.278-hardened1.patch"
"name": "linux-hardened-4.14.280-hardened1.patch",
"sha256": "0hkn7rbgvnv9v7pzrg5g6ygmdzlrjl3yama9kp9aw0xw2akghmb4",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.280-hardened1/linux-hardened-4.14.280-hardened1.patch"
},
"sha256": "1glb6z3nicd2lzhvwcqj54642agk0bbg022wnc3ckld5ngpd9miw",
"version": "4.14.278"
"sha256": "01jr0f7mq919s7xxvv8sc1mg6isc1ggij33l2s0n6jvykm23ghrr",
"version": "4.14.280"
},
"4.19": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-4.19.242-hardened1.patch",
"sha256": "05fmppfvimppvqi1ghvg43jz8sdd56dffvy9sazpl53vpz3bysy6",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.242-hardened1/linux-hardened-4.19.242-hardened1.patch"
"name": "linux-hardened-4.19.244-hardened1.patch",
"sha256": "063q4vd0spk602s4if751341jaansh0764qq7fhy764j31678n0j",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.244-hardened1/linux-hardened-4.19.244-hardened1.patch"
},
"sha256": "18k5fbzclk7g657bs8idwqjk7hakzx6256b1a3506sy29q4zvg2r",
"version": "4.19.242"
"sha256": "1g9562v6ny196rw2n3kj43nrz65qa7imwnmfasvj6x8fm8bdhz79",
"version": "4.19.244"
},
"5.10": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-5.10.115-hardened1.patch",
"sha256": "09sgj4wrsi5j5hz8k3zs8zxq4g0a27dnhpjs1nxvqdz6b8f4xkap",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.115-hardened1/linux-hardened-5.10.115-hardened1.patch"
"name": "linux-hardened-5.10.117-hardened1.patch",
"sha256": "1l53sjknm8q76r1jljm321cmh6ic36pc9w5rmi68lbds19ndfpx3",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.117-hardened1/linux-hardened-5.10.117-hardened1.patch"
},
"sha256": "0w9gwizyqjgsj93dqqvlh6bqkmpzjajhj09319nqncc95yrigr7m",
"version": "5.10.115"
"sha256": "1iyw3nmsga2binmrhfnzsf1pvn2bs21a8jw6vm89k26z5h8zfgkh",
"version": "5.10.117"
},
"5.15": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-5.15.39-hardened1.patch",
"sha256": "137zp9z15adf464awh5cl371qvhv2c79yfnva3k31zp0ivjb7kgg",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.39-hardened1/linux-hardened-5.15.39-hardened1.patch"
"name": "linux-hardened-5.15.41-hardened1.patch",
"sha256": "1y98rvn4qyx8w8bjchfzsd7g9gkhfm20cwaj3p88sgq7q81kyz8s",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.41-hardened1/linux-hardened-5.15.41-hardened1.patch"
},
"sha256": "1bfpiyccjggysd04flaana0x69n1lcpckzpw1v6kh3ly9xil31l8",
"version": "5.15.39"
"sha256": "07jrsr54rvhry3g401h58r1773zinq49dbrkb9v1p6q27gyb2z1w",
"version": "5.15.41"
},
"5.17": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-5.17.7-hardened1.patch",
"sha256": "0p2s6blyzi0ynfrqm5l8ayh41kjkrmznlly6znh3djc1k3l5fc8v",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.17.7-hardened1/linux-hardened-5.17.7-hardened1.patch"
"name": "linux-hardened-5.17.9-hardened1.patch",
"sha256": "0n7zz04vnajpsfn662fxx75jinnr0kpqwzyypgwn99v4lmsxvza1",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.17.9-hardened1/linux-hardened-5.17.9-hardened1.patch"
},
"sha256": "16ccf7n6fns9z93c65lchn5v3fgl9c5vkr1v6p0c1xifn7v7xxi2",
"version": "5.17.7"
"sha256": "0y2rmn86z3cvgv71b6sjjyafnlbanlib1kjpjjqzjbgg86y2890p",
"version": "5.17.9"
},
"5.4": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-5.4.193-hardened1.patch",
"sha256": "1c24chfjkv5yk3gzawxygfl6l58i7a6l2swdk35g5sv8s6p0a9jl",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.193-hardened1/linux-hardened-5.4.193-hardened1.patch"
"name": "linux-hardened-5.4.195-hardened1.patch",
"sha256": "1q7a211jw22nl1yz3k3cv6g4h7csir0wwyypzij54xbg3k7by0p9",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.195-hardened1/linux-hardened-5.4.195-hardened1.patch"
},
"sha256": "187jfk9hf52n5z9yv56vq1knp3kdcbyk5w5k98ziwcbdjm1x65hd",
"version": "5.4.193"
"sha256": "078380qhds2jwfmrchna6p27wpfb74pvnj4xiyc5k38gysfmnbzj",
"version": "5.4.195"
}
}

4
pkgs/os-specific/linux/kernel/linux-4.14.nix
View file

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "4.14.278";
version = "4.14.280";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "1glb6z3nicd2lzhvwcqj54642agk0bbg022wnc3ckld5ngpd9miw";
sha256 = "01jr0f7mq919s7xxvv8sc1mg6isc1ggij33l2s0n6jvykm23ghrr";
};
} // (args.argsOverride or {}))

4
pkgs/os-specific/linux/kernel/linux-4.19.nix
View file

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "4.19.242";
version = "4.19.244";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "18k5fbzclk7g657bs8idwqjk7hakzx6256b1a3506sy29q4zvg2r";
sha256 = "1g9562v6ny196rw2n3kj43nrz65qa7imwnmfasvj6x8fm8bdhz79";
};
} // (args.argsOverride or {}))

4
pkgs/os-specific/linux/kernel/linux-4.9.nix
View file

@ -1,12 +1,12 @@
{ buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args:
buildLinux (args // rec {
version = "4.9.313";
version = "4.9.315";
extraMeta.branch = "4.9";
extraMeta.broken = stdenv.isAarch64;
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "1p3vr1h01ph6x0pxrr6y6k5c4nrhvq650dfngv5mkrgsc5w7ffz0";
sha256 = "1171p90s00jxg1clyz8kp81ilmdzygg131mxysr6lpkaisahkjg6";
};
} // (args.argsOverride or {}))

4
pkgs/os-specific/linux/kernel/linux-5.10.nix
View file

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "5.10.115";
version = "5.10.117";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "0w9gwizyqjgsj93dqqvlh6bqkmpzjajhj09319nqncc95yrigr7m";
sha256 = "1iyw3nmsga2binmrhfnzsf1pvn2bs21a8jw6vm89k26z5h8zfgkh";
};
} // (args.argsOverride or {}))

4
pkgs/os-specific/linux/kernel/linux-5.15.nix
View file

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "5.15.39";
version = "5.15.41";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -15,6 +15,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "1bfpiyccjggysd04flaana0x69n1lcpckzpw1v6kh3ly9xil31l8";
sha256 = "07jrsr54rvhry3g401h58r1773zinq49dbrkb9v1p6q27gyb2z1w";
};
} // (args.argsOverride or { }))

4
pkgs/os-specific/linux/kernel/linux-5.17.nix
View file

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "5.17.7";
version = "5.17.9";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "16ccf7n6fns9z93c65lchn5v3fgl9c5vkr1v6p0c1xifn7v7xxi2";
sha256 = "0y2rmn86z3cvgv71b6sjjyafnlbanlib1kjpjjqzjbgg86y2890p";
};
} // (args.argsOverride or { }))

4
pkgs/os-specific/linux/kernel/linux-5.4.nix
View file

@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
version = "5.4.193";
version = "5.4.195";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "187jfk9hf52n5z9yv56vq1knp3kdcbyk5w5k98ziwcbdjm1x65hd";
sha256 = "078380qhds2jwfmrchna6p27wpfb74pvnj4xiyc5k38gysfmnbzj";
};
} // (args.argsOverride or {}))

4
pkgs/os-specific/linux/kernel/linux-libre.nix
View file

@ -1,8 +1,8 @@
{ stdenv, lib, fetchsvn, linux
, scripts ? fetchsvn {
url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/";
rev = "18713";
sha256 = "10744jp1i7z3jwpc42vrmdfpq1yblf3vy17yb04xdfhimkflw77p";
rev = "18738";
sha256 = "024iw4352h8b1kbbimqgid95h868swiw45wn91sjkpmwr612v6kd";
}
, ...
}:

6
pkgs/os-specific/linux/kernel/linux-rt-5.10.nix
View file

@ -6,7 +6,7 @@
, ... } @ args:
let
version = "5.10.109-rt65"; # updated by ./update-rt.sh
version = "5.10.115-rt67"; # updated by ./update-rt.sh
branch = lib.versions.majorMinor version;
kversion = builtins.elemAt (lib.splitString "-" version) 0;
in buildLinux (args // {
@ -18,14 +18,14 @@ in buildLinux (args // {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz";
sha256 = "1p0k46isy2wzzms801lrnb59f1nb9mhywjj7fnkrwrj9nbn25yqq";
sha256 = "0w9gwizyqjgsj93dqqvlh6bqkmpzjajhj09319nqncc95yrigr7m";
};
kernelPatches = let rt-patch = {
name = "rt";
patch = fetchurl {
url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz";
sha256 = "0w7bs5kmwvbyfy5js218ys42s8i51m8v0mbkfhiynlpm3iph357q";
sha256 = "16igpdqq8nqzf98pkrs9v692d1r1fpnwrh3qxrkja0fgzswdwc0j";
};
}; in [ rt-patch ] ++ kernelPatches;

6
pkgs/os-specific/linux/kernel/linux-rt-5.4.nix
View file

@ -6,7 +6,7 @@
, ... } @ args:
let
version = "5.4.188-rt73"; # updated by ./update-rt.sh
version = "5.4.193-rt74"; # updated by ./update-rt.sh
branch = lib.versions.majorMinor version;
kversion = builtins.elemAt (lib.splitString "-" version) 0;
in buildLinux (args // {
@ -14,14 +14,14 @@ in buildLinux (args // {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz";
sha256 = "1g7xf2jx1hx580f42yirfgv9v0f9f88wzxxx0wiwx7wcqbyqpg4z";
sha256 = "187jfk9hf52n5z9yv56vq1knp3kdcbyk5w5k98ziwcbdjm1x65hd";
};
kernelPatches = let rt-patch = {
name = "rt";
patch = fetchurl {
url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz";
sha256 = "17qx5xrchgss7zxg9lg91mqh0v3irx355003g7rj12h8y5r16l58";
sha256 = "1gn4ii5pr0870ba481nqbd5rxk7ajrarv1p5mipfi42x07rpn7c2";
};
}; in [ rt-patch ] ++ kernelPatches;

2
pkgs/tools/admin/docker-credential-helpers/default.nix
View file

@ -45,5 +45,7 @@ buildGoPackage rec {
license = licenses.mit;
maintainers = [ maintainers.marsam ];
platforms = platforms.linux ++ platforms.darwin;
} // lib.optionalAttrs stdenv.isDarwin {
mainProgram = "docker-credential-osxkeychain";
};
}

4
pkgs/tools/networking/babeld/default.nix
View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "babeld";
version = "1.11";
version = "1.12.1";
src = fetchurl {
url = "https://www.irif.fr/~jch/software/files/${pname}-${version}.tar.gz";
sha256 = "sha256-mTFa6vLqIH8XfBaFX/o0/DVK8bWYjAcODy/KOg1ND6U=";
sha256 = "sha256-mrWdesdB82MN8j+cO2fGApTYs0q2IjmPm4l3OoeOyx4=";
};
preBuild = ''

7
pkgs/tools/security/arsenal/default.nix
View file

@ -5,19 +5,22 @@
python3.pkgs.buildPythonApplication rec {
pname = "arsenal";
version = "1.0.2";
version = "1.1.0";
format = "setuptools";
src = fetchFromGitHub {
owner = "Orange-Cyberdefense";
repo = "arsenal";
rev = version;
sha256 = "sha256-RZxGSrtEa3hAtowD2lUb9BgwpSWlYo90fU9nDvUfoAk=";
sha256 = "sha256-NbNXyR5aNKvRJU9JWGk/ndwU1bhNgDOdcRqBkAY9nPA=";
};
propagatedBuildInputs = with python3.pkgs; [
libtmux
docutils
pyfzf
pyperclip
pyyaml
];
# Project has no tests

45
pkgs/tools/security/badrobot/default.nix Normal file
View file

@ -0,0 +1,45 @@
{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
buildGoModule rec {
pname = "badrobot";
version = "0.1.2";
src = fetchFromGitHub {
owner = "controlplaneio";
repo = pname;
rev = "v${version}";
sha256 = "sha256-LGoNM8wu1qaq4cVEzR723/cueZlndE1Z2PCYEOU+nPQ=";
};
vendorSha256 = "sha256-FS4kFVi+3NOJOfWfy5m/hDrQvCzpmsNSB/PliF6cVps=";
nativeBuildInputs = [ installShellFiles ];
ldflags = [
"-s"
"-w"
"-X github.com/controlplaneio/badrobot/cmd.version=v${version}"
];
postInstall = ''
installShellCompletion --cmd badrobot \
--bash <($out/bin/badrobot completion bash) \
--fish <($out/bin/badrobot completion fish) \
--zsh <($out/bin/badrobot completion zsh)
'';
meta = with lib; {
homepage = "https://github.com/controlplaneio/badrobot";
changelog = "https://github.com/controlplaneio/badrobot/blob/v${version}/CHANGELOG.md";
description = "Operator Security Audit Tool";
longDescription = ''
Badrobot is a Kubernetes Operator audit tool. It statically analyses
manifests for high risk configurations such as lack of security
restrictions on the deployed controller and the permissions of an
associated clusterole. The risk analysis is primarily focussed on the
likelihood that a compromised Operator would be able to obtain full
cluster permissions.
'';
license = with licenses; [ asl20 ];
maintainers = with maintainers; [ jk ];
};
}

9
pkgs/top-level/all-packages.nix
View file

@ -1428,7 +1428,6 @@ with pkgs;
ares = callPackage ../applications/emulators/bsnes/ares { };
bsnes-hd = callPackage ../applications/emulators/bsnes/bsnes-hd {
inherit (gnome2) gtksourceview;
inherit (darwin.apple_sdk.frameworks) Cocoa OpenAL;
};
@ -2577,6 +2576,8 @@ with pkgs;
inherit (darwin.apple_sdk.frameworks) Security;
};
badrobot = callPackage ../tools/security/badrobot {};
bao = callPackage ../tools/security/bao {};
bar = callPackage ../tools/system/bar {};
@ -17985,6 +17986,7 @@ with pkgs;
};
itk4 = callPackage ../development/libraries/itk/4.x.nix {
stdenv = if stdenv.cc.isGNU && stdenv.system == "x86_64-linux" then gcc10Stdenv else stdenv;
inherit (darwin.apple_sdk.frameworks) Cocoa;
};
@ -29969,6 +29971,8 @@ with pkgs;
tig = callPackage ../applications/version-management/git-and-tools/tig { };
tilemaker = callPackage ../applications/misc/tilemaker { };
timbreid = callPackage ../applications/audio/pd-plugins/timbreid {
fftw = fftwSinglePrec;
};
@ -32662,6 +32666,7 @@ with pkgs;
angsd = callPackage ../applications/science/biology/angsd { };
ants = callPackage ../applications/science/biology/ants {
stdenv = if stdenv.cc.isGNU && stdenv.system == "x86_64-linux" then gcc10Stdenv else stdenv;
inherit (darwin.apple_sdk.frameworks) Cocoa;
};
@ -34425,7 +34430,7 @@ with pkgs;
pt = callPackage ../applications/misc/pt { };
protocol = python3Packages.callPackage ../applications/networking/protocol { };
protocol = callPackage ../applications/networking/protocol { };
pykms = callPackage ../tools/networking/pykms { };

5
pkgs/top-level/config.nix
View file

@ -20,6 +20,11 @@ let
/* Internal stuff */
# Hide built-in module system options from docs.
_module.args = mkOption {
internal = true;
};
warnings = mkOption {
type = types.listOf types.str;
default = [];

2
pkgs/top-level/perl-packages.nix
View file

@ -19533,7 +19533,7 @@ let
url = "mirror://cpan/authors/id/Y/YV/YVES/Sereal-4.018.tar.gz";
sha256 = "0pqygrl88jp2w73jd9cw4k22fhvh5vcwqbiwl9wpxm67ql95cwwa";
};
buildInputs = [ TestDeep TestLongString TestMemoryGrowth TestWarn ];
buildInputs = [ TestDeep TestLongString TestWarn ];
propagatedBuildInputs = [ SerealDecoder SerealEncoder ];
meta = {
homepage = "https://github.com/Sereal/Sereal";

4
pkgs/top-level/python-packages.nix
View file

@ -7232,6 +7232,10 @@ in {
pyfxa = callPackage ../development/python-modules/pyfxa { };
pyfzf = callPackage ../development/python-modules/pyfzf {
inherit (pkgs) fzf;
};
pygal = callPackage ../development/python-modules/pygal { };
pygame = callPackage ../development/python-modules/pygame {