Merge master into staging-next

24 files changed, 213 insertions, 120 deletions

diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index 3bd3ed9bcb8..7024b0089b1 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -5896,6 +5896,12 @@
     githubId = 22836301;
     name = "Mateusz Mazur";
   };
+  mbaeten = {
+    email = "mbaeten@users.noreply.github.com";
+    github = "mbaeten";
+    githubId = 2649304;
+    name = "M. Baeten";
+  };
   mbakke = {
     email = "mbakke@fastmail.com";
     github = "mbakke";
diff --git a/nixos/doc/manual/installation/installing-virtualbox-guest.xml b/nixos/doc/manual/installation/installing-virtualbox-guest.xml
index 4957b700946..019e5098a8e 100644
--- a/nixos/doc/manual/installation/installing-virtualbox-guest.xml
+++ b/nixos/doc/manual/installation/installing-virtualbox-guest.xml
@@ -83,17 +83,12 @@
   VirtualBox settings (Machine / Settings / Shared Folders, then click on the
   "Add" icon). Add the following to the
   <literal>/etc/nixos/configuration.nix</literal> to auto-mount them. If you do
-  not add <literal>"nofail"</literal>, the system will not boot properly. The
-  same goes for disabling <literal>rngd</literal> which is normally used to get
-  randomness but this does not work in virtual machines.
+  not add <literal>"nofail"</literal>, the system will not boot properly.
  </para>
 
 <programlisting>
 { config, pkgs, ...} :
 {
-  security.rngd.enable = false; // otherwise vm will not boot
-  ...
-
   fileSystems."/virtualboxshare" = {
     fsType = "vboxsf";
     device = "nameofthesharedfolder";
diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml
index 9894ab02500..ca4b468e355 100644
--- a/nixos/doc/manual/release-notes/rl-2105.xml
+++ b/nixos/doc/manual/release-notes/rl-2105.xml
@@ -509,6 +509,15 @@ self: super:
      <varname>services.flashpolicyd</varname> module.
     </para>
    </listitem>
+   <listitem>
+    <para>
+      The <literal>security.rngd</literal> module has been removed.
+      It was disabled by default in 20.09 as it was functionally redundant
+      with krngd in the linux kernel. It is not necessary for any device that the kernel recognises
+      as an hardware RNG, as it will automatically run the krngd task to periodically collect random
+      data from the device and mix it into the kernel's RNG.
+    </para>
+   </listitem>
   </itemizedlist>
  </section>
 
diff --git a/nixos/modules/config/swap.nix b/nixos/modules/config/swap.nix
index 4bb66e9b514..59bc9e9d11e 100644
--- a/nixos/modules/config/swap.nix
+++ b/nixos/modules/config/swap.nix
@@ -185,8 +185,6 @@ in
           { description = "Initialisation of swap device ${sw.device}";
             wantedBy = [ "${realDevice'}.swap" ];
             before = [ "${realDevice'}.swap" ];
-            # If swap is encrypted, depending on rngd resolves a possible entropy starvation during boot
-            after = mkIf (config.security.rngd.enable && sw.randomEncryption.enable) [ "rngd.service" ];
             path = [ pkgs.util-linux ] ++ optional sw.randomEncryption.enable pkgs.cryptsetup;
 
             script =
diff --git a/nixos/modules/security/rngd.nix b/nixos/modules/security/rngd.nix
index cb885c4762d..8cca1c26d68 100644
--- a/nixos/modules/security/rngd.nix
+++ b/nixos/modules/security/rngd.nix
@@ -1,56 +1,16 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
+{ lib, ... }:
 let
-  cfg = config.security.rngd;
+  removed = k: lib.mkRemovedOptionModule [ "security" "rngd" k ];
 in
 {
-  options = {
-    security.rngd = {
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Whether to enable the rng daemon.  Devices that the kernel recognises
-          as entropy sources are handled automatically by krngd.
-        '';
-      };
-      debug = mkOption {
-        type = types.bool;
-        default = false;
-        description = "Whether to enable debug output (-d).";
-      };
-    };
-  };
-
-  config = mkIf cfg.enable {
-    systemd.services.rngd = {
-      bindsTo = [ "dev-random.device" ];
-
-      after = [ "dev-random.device" ];
-
-      # Clean shutdown without DefaultDependencies
-      conflicts = [ "shutdown.target" ];
-      before = [
-        "sysinit.target"
-        "shutdown.target"
-      ];
-
-      description = "Hardware RNG Entropy Gatherer Daemon";
-
-      # rngd may have to start early to avoid entropy starvation during boot with encrypted swap
-      unitConfig.DefaultDependencies = false;
-      serviceConfig = {
-        ExecStart = "${pkgs.rng-tools}/sbin/rngd -f"
-          + optionalString cfg.debug " -d";
-        # PrivateTmp would introduce a circular dependency if /tmp is on tmpfs and swap is encrypted,
-        # thus depending on rngd before swap, while swap depends on rngd to avoid entropy starvation.
-        NoNewPrivileges = true;
-        PrivateNetwork = true;
-        ProtectSystem = "full";
-        ProtectHome = true;
-      };
-    };
-  };
+  imports = [
+    (removed "enable" ''
+       rngd is not necessary for any device that the kernel recognises
+       as an hardware RNG, as it will automatically run the krngd task
+       to periodically collect random data from the device and mix it
+       into the kernel's RNG.
+    '')
+    (removed "debug"
+      "The rngd module was removed, so its debug option does nothing.")
+  ];
 }
diff --git a/nixos/modules/virtualisation/hyperv-guest.nix b/nixos/modules/virtualisation/hyperv-guest.nix
index 105224b8964..a3656c307f9 100644
--- a/nixos/modules/virtualisation/hyperv-guest.nix
+++ b/nixos/modules/virtualisation/hyperv-guest.nix
@@ -40,8 +40,6 @@ in {
 
     environment.systemPackages = [ config.boot.kernelPackages.hyperv-daemons.bin ];
 
-    security.rngd.enable = false;
-
     # enable hotadding cpu/memory
     services.udev.packages = lib.singleton (pkgs.writeTextFile {
       name = "hyperv-cpu-and-memory-hotadd-udev-rules";
diff --git a/pkgs/applications/audio/pragha/default.nix b/pkgs/applications/audio/pragha/default.nix
new file mode 100644
index 00000000000..bc6ef526ea7
--- /dev/null
+++ b/pkgs/applications/audio/pragha/default.nix
@@ -0,0 +1,103 @@
+{ lib
+, intltool
+, mkDerivation
+, installShellFiles
+, pkg-config
+, fetchFromGitHub
+, dbus-glib
+, desktop-file-utils
+, hicolor-icon-theme
+, pcre
+, qtbase
+, sqlite
+, taglib
+, zlib
+, gtk3
+, libpeas
+, libcddb
+, libcdio
+, gst_all_1, withGstPlugins ? true
+, glyr, withGlyr ? true
+, liblastfmSF, withLastfm ? true
+, libcdio-paranoia, withCD ? true
+, keybinder3, withKeybinder ? false
+, libnotify, withLibnotify ? false
+, libsoup, withLibsoup ? false
+, libgudev, withGudev ? false # experimental
+, libmtp, withMtp ? false # experimental
+, xfce, withXfce4ui ? false
+, totem-pl-parser, withTotemPlParser ? false
+# , grilo, withGrilo ? false
+# , rygel, withRygel ? true
+}:
+
+assert withGlyr -> withLastfm;
+assert withLastfm -> withCD;
+
+mkDerivation rec {
+  pname = "pragha";
+  version = "1.3.4";
+
+  src = fetchFromGitHub {
+    owner = "pragha-music-player";
+    repo = "pragha";
+    rev = "v${version}";
+    sha256 = "sha256:0n8gx8amg5l9g4w7s4agjf8mlmpgjydgzx3vryp9lzzs9xrd5vqh";
+  };
+
+  nativeBuildInputs = [
+    intltool
+    pkg-config
+    xfce.xfce4-dev-tools
+    desktop-file-utils
+    installShellFiles
+  ];
+
+  buildInputs = with gst_all_1; [
+    dbus-glib
+    gstreamer
+    gst-plugins-base
+    gtk3
+    hicolor-icon-theme
+    libpeas
+    pcre
+    qtbase
+    sqlite
+    taglib
+    zlib
+  ]
+  ++ lib.optionals withGstPlugins [ gst-plugins-good gst-plugins-bad gst-plugins-ugly ]
+  ++ lib.optionals withCD [ libcddb libcdio libcdio-paranoia ]
+  ++ lib.optional withGudev libgudev
+  ++ lib.optional withKeybinder keybinder3
+  ++ lib.optional withLibnotify libnotify
+  ++ lib.optional withLastfm liblastfmSF
+  ++ lib.optional withGlyr glyr
+  ++ lib.optional withLibsoup libsoup
+  ++ lib.optional withMtp libmtp
+  ++ lib.optional withXfce4ui xfce.libxfce4ui
+  ++ lib.optional withTotemPlParser totem-pl-parser
+  # ++ lib.optional withGrilo grilo
+  # ++ lib.optional withRygel rygel
+  ;
+
+  CFLAGS = [ "-DHAVE_PARANOIA_NEW_INCLUDES" ];
+
+  NIX_CFLAGS_COMPILE = "-I${lib.getDev gst_all_1.gst-plugins-base}/include/gstreamer-1.0";
+
+  postInstall = ''
+    qtWrapperArgs+=(--prefix GST_PLUGIN_SYSTEM_PATH_1_0 : "$GST_PLUGIN_SYSTEM_PATH_1_0")
+
+    install -m 444 data/${pname}.desktop $out/share/applications
+    install -d $out/share/pixmaps
+    installManPage data/${pname}.1
+  '';
+
+  meta = with lib; {
+    description = "A lightweight GTK+ music manager - fork of Consonance Music Manager";
+    homepage = "https://pragha-music-player.github.io/";
+    license = licenses.gpl3Plus;
+    maintainers = with maintainers; [ mbaeten ];
+    platforms = platforms.unix;
+  };
+}
diff --git a/pkgs/applications/misc/cointop/default.nix b/pkgs/applications/misc/cointop/default.nix
index e12c2c90dee..ffdcf021b02 100644
--- a/pkgs/applications/misc/cointop/default.nix
+++ b/pkgs/applications/misc/cointop/default.nix
@@ -2,13 +2,13 @@
 
 buildGoPackage rec {
   pname = "cointop";
-  version = "1.6.0";
+  version = "1.6.2";
 
   src = fetchFromGitHub {
     owner = "miguelmota";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-P2LR42Qn5bBF5xcfCbxiGFBwkW/kAKVGiyED37OdZLo=";
+    sha256 = "sha256-4Ae8lzaec7JeYfmeLleatUS/xQUjea7O4XJ9DOgJIMs=";
   };
 
   goPackagePath = "github.com/miguelmota/cointop";
diff --git a/pkgs/applications/misc/rofi/wrapper.nix b/pkgs/applications/misc/rofi/wrapper.nix
index 4e69f9cce14..6115544e79f 100644
--- a/pkgs/applications/misc/rofi/wrapper.nix
+++ b/pkgs/applications/misc/rofi/wrapper.nix
@@ -1,4 +1,4 @@
-{ symlinkJoin, lib, rofi-unwrapped, makeWrapper, hicolor-icon-theme, theme ? null, plugins ? [] }:
+{ symlinkJoin, lib, rofi-unwrapped, makeWrapper, wrapGAppsHook, gdk-pixbuf, hicolor-icon-theme, theme ? null, plugins ? [] }:
 
 symlinkJoin {
   name = "rofi-${rofi-unwrapped.version}";
@@ -7,16 +7,23 @@ symlinkJoin {
     rofi-unwrapped.out
   ] ++ (lib.forEach plugins (p: p.out));
 
-  buildInputs = [ makeWrapper ];
+  nativeBuildInputs = [ makeWrapper wrapGAppsHook ];
+  buildInputs = [ gdk-pixbuf ];
+
   preferLocalBuild = true;
   passthru.unwrapped = rofi-unwrapped;
+
+  dontWrapGApps = true;
+
   postBuild = ''
     rm -rf $out/bin
     mkdir $out/bin
     ln -s ${rofi-unwrapped}/bin/* $out/bin
-
     rm $out/bin/rofi
+
+    gappsWrapperArgsHook
     makeWrapper ${rofi-unwrapped}/bin/rofi $out/bin/rofi \
+      ''${gappsWrapperArgs[@]} \
       --prefix XDG_DATA_DIRS : ${hicolor-icon-theme}/share \
       ${lib.optionalString (plugins != []) ''--prefix XDG_DATA_DIRS : ${lib.concatStringsSep ":" (lib.forEach plugins (p: "${p.out}/share"))}''} \
       ${lib.optionalString (theme != null) ''--add-flags "-theme ${theme}"''} \
diff --git a/pkgs/applications/misc/swappy/default.nix b/pkgs/applications/misc/swappy/default.nix
index 58dede64894..69d7836e762 100644
--- a/pkgs/applications/misc/swappy/default.nix
+++ b/pkgs/applications/misc/swappy/default.nix
@@ -1,4 +1,6 @@
-{ lib, stdenv, fetchFromGitHub
+{ lib
+, stdenv
+, fetchFromGitHub
 , meson
 , ninja
 , wayland
@@ -9,22 +11,26 @@
 , scdoc
 , libnotify
 , glib
+, wrapGAppsHook
+, hicolor-icon-theme
 }:
 
 stdenv.mkDerivation rec {
   pname = "swappy";
-  version = "1.3.0";
+  version = "1.3.1";
 
   src = fetchFromGitHub {
     owner = "jtheoof";
     repo = pname;
     rev = "v${version}";
-    sha256 = "1bm184fbzylymh4kr7n8gy9plsdxif8xahc1zmkgdg1a0kwgws2x";
+    sha256 = "12z643c7vzffhjsxaz1lak99i4nwm688pha0hh4pg69jf5wz5xx3";
   };
 
-  nativeBuildInputs = [ glib meson ninja pkg-config scdoc ];
+  nativeBuildInputs = [ glib meson ninja pkg-config scdoc wrapGAppsHook ];
 
-  buildInputs = [ cairo pango gtk libnotify wayland glib ];
+  buildInputs = [
+    cairo pango gtk libnotify wayland glib hicolor-icon-theme
+  ];
 
   strictDeps = true;
 
diff --git a/pkgs/applications/networking/dnscontrol/default.nix b/pkgs/applications/networking/dnscontrol/default.nix
index 2af3e8fe560..1b8ff4622f2 100644
--- a/pkgs/applications/networking/dnscontrol/default.nix
+++ b/pkgs/applications/networking/dnscontrol/default.nix
@@ -2,16 +2,16 @@
 
 buildGoModule rec {
   pname = "dnscontrol";
-  version = "3.6.0";
+  version = "3.7.0";
 
   src = fetchFromGitHub {
     owner = "StackExchange";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-I1PaDHPocQuoSOyfnxDWwIR+7S9l/odX4SCeAae/jv8=";
+    sha256 = "sha256-el94Iq7/+1FfGpqbhKEO6FGpaCxoueoc/+Se+WfT+G0=";
   };
 
-  vendorSha256 = "sha256-H0i5MoVX5O0CgHOvefDEyzBWvBZvJZUrC9xBq9CHgeE=";
+  vendorSha256 = "sha256-MSHg1RWjbXm1pf6HTyJL4FcnLuacL9fO1F6zbouVkWg=";
 
   subPackages = [ "." ];
 
diff --git a/pkgs/applications/version-management/git-and-tools/git-cola/default.nix b/pkgs/applications/version-management/git-and-tools/git-cola/default.nix
index 5e105ad9dd3..37c10bf2f98 100644
--- a/pkgs/applications/version-management/git-and-tools/git-cola/default.nix
+++ b/pkgs/applications/version-management/git-and-tools/git-cola/default.nix
@@ -5,13 +5,13 @@ let
 
 in buildPythonApplication rec {
   pname = "git-cola";
-  version = "3.8";
+  version = "3.9";
 
   src = fetchFromGitHub {
     owner = "git-cola";
     repo = "git-cola";
     rev = "v${version}";
-    sha256 = "1qxv2k8lxcxpqx46ka7f042xk90xns5w9lc4009cxmsqvcdba03a";
+    sha256 = "11186pdgaw5p4iv10dqcnynf5pws2v9nhqqqca7z5b7m20fpfjl7";
   };
 
   buildInputs = [ git gettext ];
diff --git a/pkgs/development/libraries/libgcrypt/default.nix b/pkgs/development/libraries/libgcrypt/default.nix
index f3db8d8c03b..80cd5bc13cc 100644
--- a/pkgs/development/libraries/libgcrypt/default.nix
+++ b/pkgs/development/libraries/libgcrypt/default.nix
@@ -39,7 +39,7 @@ stdenv.mkDerivation rec {
   strictDeps = true;
 
   configureFlags = [ "--with-libgpg-error-prefix=${libgpgerror.dev}" ]
-   ++ lib.optional stdenv.hostPlatform.isMusl "--disable-asm";
+      ++ lib.optional (stdenv.hostPlatform.isMusl || (stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64)) "--disable-asm"; # for darwin see https://dev.gnupg.org/T5157
 
   # Necessary to generate correct assembly when compiling for aarch32 on
   # aarch64
diff --git a/pkgs/development/libraries/termbox/default.nix b/pkgs/development/libraries/termbox/default.nix
index e809240bcd1..51c2ca1c808 100644
--- a/pkgs/development/libraries/termbox/default.nix
+++ b/pkgs/development/libraries/termbox/default.nix
@@ -1,31 +1,22 @@
-{ lib, stdenv, fetchFromGitHub, python3, wafHook, fetchpatch }:
+{ lib, stdenv, fetchFromGitHub }:
 
 stdenv.mkDerivation rec {
   pname = "termbox";
-  version = "1.1.2";
+  version = "1.1.4";
   src = fetchFromGitHub {
-    owner = "nsf";
+    owner = "termbox";
     repo = "termbox";
     rev = "v${version}";
-    sha256 = "08yqxzb8fny8806p7x8a6f3phhlbfqdd7dhkv25calswj7w1ssvs";
+    sha256 = "075swv6ajx8m424dbmgbf6fs6nd5q004gjpvx48gkxmnf9spvykl";
   };
 
-  # patch which updates the `waf` version used to build
-  # to make the package buildable on Python 3.7
-  patches = [
-    (fetchpatch {
-      url = "https://github.com/nsf/termbox/commit/6fe63ac3ad63dc2c3ac45b770541cc8b7a1d2db7.patch";
-      sha256 = "1s5747v51sdwvpsg6k9y1j60yn9f63qnylkgy8zrsifjzzd5fzl6";
-    })
-  ];
-
-  nativeBuildInputs = [ python3 wafHook ];
+  makeFlags = [ "prefix=${placeholder "out"}" ];
 
   meta = with lib; {
     description = "Library for writing text-based user interfaces";
     license = licenses.mit;
-    homepage = "https://github.com/nsf/termbox#readme";
-    downloadPage = "https://github.com/nsf/termbox/releases";
+    homepage = "https://github.com/termbox/termbox#readme";
+    downloadPage = "https://github.com/termbox/termbox/releases";
     maintainers = with maintainers; [ fgaz ];
   };
 }
diff --git a/pkgs/development/tools/ocaml/ocamlmod/default.nix b/pkgs/development/tools/ocaml/ocamlmod/default.nix
index 77d39029551..cf24a132210 100644
--- a/pkgs/development/tools/ocaml/ocamlmod/default.nix
+++ b/pkgs/development/tools/ocaml/ocamlmod/default.nix
@@ -1,5 +1,10 @@
 { lib, stdenv, fetchurl, ocaml, findlib, ocamlbuild, ounit }:
 
+let
+  # ounit is only available for OCaml >= 4.04
+  doCheck = lib.versionAtLeast ocaml.version "4.04";
+in
+
 stdenv.mkDerivation {
   pname = "ocamlmod";
   version = "0.0.9";
@@ -9,13 +14,15 @@ stdenv.mkDerivation {
     sha256 = "0cgp9qqrq7ayyhddrmqmq1affvfqcn722qiakjq4dkywvp67h4aa";
   };
 
-  buildInputs = [ ocaml findlib ocamlbuild ounit ];
+  buildInputs = [ ocaml findlib ocamlbuild ];
 
-  configurePhase = "ocaml setup.ml -configure --prefix $out --enable-tests";
+  configurePhase = "ocaml setup.ml -configure --prefix $out"
+    + lib.optionalString doCheck " --enable-tests";
   buildPhase     = "ocaml setup.ml -build";
   installPhase   = "ocaml setup.ml -install";
 
-  doCheck = true;
+  inherit doCheck;
+  checkInputs = [ ounit ];
 
   checkPhase = "ocaml setup.ml -test";
 
diff --git a/pkgs/development/tools/rust/cargo-deny/default.nix b/pkgs/development/tools/rust/cargo-deny/default.nix
index ba126e57a14..ea7f01ada77 100644
--- a/pkgs/development/tools/rust/cargo-deny/default.nix
+++ b/pkgs/development/tools/rust/cargo-deny/default.nix
@@ -7,16 +7,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "cargo-deny";
-  version = "0.8.5";
+  version = "0.8.7";
 
   src = fetchFromGitHub {
     owner = "EmbarkStudios";
     repo = pname;
     rev = version;
-    sha256 = "01czsnhlvs78fpx1kpi75386657jmlrqpsj4474nxmgcs75igncx";
+    sha256 = "sha256-LXc4PFJ1FbdF3yotqqOkhhe+MKGZ4sqJgxAvDml9GeA=";
   };
 
-  cargoSha256 = "1d5vh6cifkvqxmbgc2z9259q8879fjw016z959hfivv38rragqbr";
+  cargoSha256 = "sha256-4FFyRhmMpzKmKrvU2bmGHWUnLAbTDU1bPv7RfhQfYeY=";
 
   doCheck = false;
 
diff --git a/pkgs/development/tools/yq-go/default.nix b/pkgs/development/tools/yq-go/default.nix
index 0a300ca82e2..955bc35c5ab 100644
--- a/pkgs/development/tools/yq-go/default.nix
+++ b/pkgs/development/tools/yq-go/default.nix
@@ -2,16 +2,16 @@
 
 buildGoModule rec {
   pname = "yq-go";
-  version = "4.5.0";
+  version = "4.6.0";
 
   src = fetchFromGitHub {
     owner = "mikefarah";
     rev = "v${version}";
     repo = "yq";
-    sha256 = "sha256-ehr9mCUbwQQSLR0iYoiJ3Xvgu+7Ue9Xvru9kAUkPCuQ=";
+    sha256 = "sha256-9D00I34pfoiI5cqXjsVLTT6XbFUYxgGit0ZuYeWSEyE=";
   };
 
-  vendorSha256 = "sha256-CUELy6ajaoVzomY5lMen24DFJke3IyFzqWYyF7sws5g=";
+  vendorSha256 = "sha256-66ccHSKpl6yB/NVhZ1X0dv4wnGCJAMvZhpKu2vF+QT4=";
 
   doCheck = false;
 
diff --git a/pkgs/os-specific/linux/kernel/linux-lqx.nix b/pkgs/os-specific/linux/kernel/linux-lqx.nix
index e466b76867c..c8575907f43 100644
--- a/pkgs/os-specific/linux/kernel/linux-lqx.nix
+++ b/pkgs/os-specific/linux/kernel/linux-lqx.nix
@@ -1,7 +1,7 @@
 { lib, fetchFromGitHub, buildLinux, linux_zen, ... } @ args:
 
 let
-  version = "5.10.10";
+  version = "5.10.15";
   suffix = "lqx2";
 in
 
@@ -14,7 +14,7 @@ buildLinux (args // {
     owner = "zen-kernel";
     repo = "zen-kernel";
     rev = "v${version}-${suffix}";
-    sha256 = "1cjgx9qjfkiaalqkcdmibsrq2frwd621rwcg6w05ms4w9lnwi3af";
+    sha256 = "11dgaqj1xr5hq6wxscrkln68dwqq4lakvfkr646x2yfynry1jqjk";
   };
 
   extraMeta = {
diff --git a/pkgs/os-specific/linux/kernel/linux-zen.nix b/pkgs/os-specific/linux/kernel/linux-zen.nix
index b30ee996649..0a658b73343 100644
--- a/pkgs/os-specific/linux/kernel/linux-zen.nix
+++ b/pkgs/os-specific/linux/kernel/linux-zen.nix
@@ -1,8 +1,8 @@
 { lib, fetchFromGitHub, buildLinux, ... } @ args:
 
 let
-  version = "5.10.10";
-  suffix = "zen1";
+  version = "5.10.15";
+  suffix = "zen2";
 in
 
 buildLinux (args // {
@@ -14,7 +14,7 @@ buildLinux (args // {
     owner = "zen-kernel";
     repo = "zen-kernel";
     rev = "v${version}-${suffix}";
-    sha256 = "0jsi2q8k1w5zs5l6z1brm2mxpl9arv6n6linc8yj6xc75nydw6w4";
+    sha256 = "18qgh79hi1ph6x16sbvq36icv7c5bkdvh193wqjnbvwf0yph09as";
   };
 
   extraMeta = {
diff --git a/pkgs/tools/misc/bdf2psf/default.nix b/pkgs/tools/misc/bdf2psf/default.nix
index ff14f2d1a4e..1a782661466 100644
--- a/pkgs/tools/misc/bdf2psf/default.nix
+++ b/pkgs/tools/misc/bdf2psf/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "bdf2psf";
-  version = "1.200";
+  version = "1.201";
 
   src = fetchurl {
     url = "mirror://debian/pool/main/c/console-setup/bdf2psf_${version}_all.deb";
-    sha256 = "07z686h2fv9b3446fcym0sfzxwgkm9cc4bd3zhpv6j8bdfadnjxw";
+    sha256 = "sha256-XVaROIxyNBBFoXf+K1mv4mW8wWozqMcs1cgaWj8L8Q0=";
   };
 
   nativeBuildInputs = [ dpkg ];
@@ -14,10 +14,16 @@ stdenv.mkDerivation rec {
   dontConfigure = true;
   dontBuild = true;
 
-  unpackPhase = "dpkg-deb -x $src .";
+  unpackPhase = ''
+    runHook preUnpack
+    dpkg-deb -x $src .
+    runHook postUnpack
+  '';
   installPhase = "
+    runHook preInstall
     substituteInPlace usr/bin/bdf2psf --replace /usr/bin/perl ${perl}/bin/perl
     mv usr $out
+    runHook postInstall
   ";
 
   meta = with lib; {
@@ -26,7 +32,7 @@ stdenv.mkDerivation rec {
     longDescription = ''
       Font converter to generate console fonts from BDF source fonts
     '';
-    license = licenses.gpl2;
+    license = licenses.gpl2Plus;
     maintainers = with maintainers; [ rnhmjoj vrthra ];
     platforms = platforms.unix;
   };
diff --git a/pkgs/tools/misc/powerline-go/default.nix b/pkgs/tools/misc/powerline-go/default.nix
index a4ee216288f..355c8a8ac08 100644
--- a/pkgs/tools/misc/powerline-go/default.nix
+++ b/pkgs/tools/misc/powerline-go/default.nix
@@ -1,4 +1,7 @@
-{ lib, buildGoModule, fetchFromGitHub }:
+{ lib
+, buildGoModule
+, fetchFromGitHub
+}:
 
 buildGoModule rec {
   pname = "powerline-go";
@@ -17,7 +20,9 @@ buildGoModule rec {
 
   meta = with lib; {
     description = "A Powerline like prompt for Bash, ZSH and Fish";
-    license = licenses.gpl3;
+    homepage = "https://github.com/justjanne/powerline-go";
+    changelog = "https://github.com/justjanne/powerline-go/releases/tag/v${version}";
+    license = licenses.gpl3Plus;
     platforms = platforms.unix;
     maintainers = with maintainers; [ sifmelcara ];
   };
diff --git a/pkgs/tools/package-management/emplace/default.nix b/pkgs/tools/package-management/emplace/default.nix
index e5da9a1d7b4..5a5b1458113 100644
--- a/pkgs/tools/package-management/emplace/default.nix
+++ b/pkgs/tools/package-management/emplace/default.nix
@@ -2,16 +2,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "emplace";
-  version = "1.0.0";
+  version = "1.1.0";
 
   src = fetchFromGitHub {
     owner = "tversteeg";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-dDFc13IVD4f5UgiHXAcqRKoZEPTn/iBOogT3XfdstK0=";
+    sha256 = "sha256-FO3N5Dyk87GzPEhQDX2QVDulw15BnpsljawY2RFy2Qk=";
   };
 
-  cargoSha256 = "sha256-QsYOR7tk5cRCF0+xkpJ/F+Z3pjBPxTDFvA1gEi82AOQ=";
+  cargoSha256 = "sha256-/XZ88ChOCLP5/pZ9UkAAWqO/jFUwbo5FJQ2GZip1gP4=";
 
   meta = with lib; {
     description = "Mirror installed software on multiple machines";
diff --git a/pkgs/tools/security/terrascan/default.nix b/pkgs/tools/security/terrascan/default.nix
index b37273aeb1d..ab4a7197647 100644
--- a/pkgs/tools/security/terrascan/default.nix
+++ b/pkgs/tools/security/terrascan/default.nix
@@ -5,16 +5,16 @@
 
 buildGoModule rec {
   pname = "terrascan";
-  version = "1.3.2";
+  version = "1.3.3";
 
   src = fetchFromGitHub {
     owner = "accurics";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-RZFh9RVU8RwtLGIP7OWnf0yNsXfElqWSXieljqp8ahU=";
+    sha256 = "sha256-mPd4HsWbPUNJTUNjQ5zQztoXZy2b9iLksdGKAjp0A58=";
   };
 
-  vendorSha256 = "sha256-Ya/33ocPhY5OSnCEyULsOIHaxwb1yNEle3JEYo/7/Yk=";
+  vendorSha256 = "sha256-eNQTJHqOCOTAPO+vil6rkV9bNWZIdXxGQPE4IpETFtA=";
 
   # tests want to download a vulnerable Terraform project
   doCheck = false;
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 6346ea8f3fe..abfacab1d53 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -23814,6 +23814,8 @@ in
 
   ncmpcpp = callPackage ../applications/audio/ncmpcpp { };
 
+  pragha = libsForQt5.callPackage ../applications/audio/pragha { };
+
   rofi-mpd = callPackage ../applications/audio/rofi-mpd { };
 
   rofi-calc = callPackage ../applications/science/math/rofi-calc { };