diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2022-06-12 21:07:25 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-06-12 21:07:25 +0000 |
commit | 417350294c0285b22e75bb813c134c82f964f6a5 (patch) | |
tree | a9da70a79fc7c3cbfde391e7f168f5bfa7fd5490 | |
parent | 9881bc5fb7fef62d7fa2400c0932197f88e04493 (diff) | |
parent | 286ac3ea655baebdb5cf2414028d2be3b82a773b (diff) | |
download | nixpkgs-417350294c0285b22e75bb813c134c82f964f6a5.tar nixpkgs-417350294c0285b22e75bb813c134c82f964f6a5.tar.gz nixpkgs-417350294c0285b22e75bb813c134c82f964f6a5.tar.bz2 nixpkgs-417350294c0285b22e75bb813c134c82f964f6a5.tar.lz nixpkgs-417350294c0285b22e75bb813c134c82f964f6a5.tar.xz nixpkgs-417350294c0285b22e75bb813c134c82f964f6a5.tar.zst nixpkgs-417350294c0285b22e75bb813c134c82f964f6a5.zip |
Merge master into staging-next
-rw-r--r-- | maintainers/maintainer-list.nix | 6 | ||||
-rw-r--r-- | nixos/modules/security/wrappers/default.nix | 40 | ||||
-rw-r--r-- | pkgs/applications/graphics/krita/default.nix | 4 | ||||
-rw-r--r-- | pkgs/applications/graphics/krita/generic.nix | 8 | ||||
-rw-r--r-- | pkgs/development/tools/okteto/default.nix | 8 | ||||
-rw-r--r-- | pkgs/tools/security/vault/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/security/vault/vault-bin.nix | 12 |
7 files changed, 55 insertions, 29 deletions
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 7f0e7845879..691d95e31f5 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -9123,6 +9123,12 @@ githubId = 166791; name = "Neil Mayhew"; }; + nek0 = { + email = "nek0@nek0.eu"; + github = "nek0"; + githubId = 1859691; + name = "Amedeo Molnár"; + }; nelsonjeppesen = { email = "nix@jeppesen.io"; github = "NelsonJeppesen"; diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix index ec4fe33b8f1..169ef744262 100644 --- a/nixos/modules/security/wrappers/default.nix +++ b/nixos/modules/security/wrappers/default.nix @@ -202,21 +202,15 @@ in ###### implementation config = { - assertions = lib.concatLists (lib.mapAttrsToList - (name: opts: [ + assertions = lib.mapAttrsToList + (name: opts: { assertion = opts.setuid || opts.setgid -> opts.capabilities == ""; message = '' The security.wrappers.${name} wrapper is not valid: setuid/setgid and capabilities are mutually exclusive. ''; } - { assertion = lib.pathHasContext (toString opts.source) -> lib.pathExists opts.source; - message = '' - The security.wrappers.${name} wrapper is not valid: - the source store path '${opts.source}' does not exist. - ''; - } - ]) wrappers); + ) wrappers; security.wrappers = let @@ -279,5 +273,33 @@ in ln --symbolic "$wrapperDir" "${wrapperDir}" fi ''; + + ###### wrappers consistency checks + system.extraDependencies = lib.singleton (pkgs.runCommandLocal + "ensure-all-wrappers-paths-exist" { } + '' + # make sure we produce output + mkdir -p $out + + echo -n "Checking that Nix store paths of all wrapped programs exist... " + + declare -A wrappers + ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: + "wrappers['${n}']='${v.source}'") wrappers)} + + for name in "''${!wrappers[@]}"; do + path="''${wrappers[$name]}" + if [[ "$path" =~ /nix/store ]] && [ ! -e "$path" ]; then + test -t 1 && echo -ne '\033[1;31m' + echo "FAIL" + echo "The path $path does not exist!" + echo 'Please, check the value of `security.wrappers."'$name'".source`.' + test -t 1 && echo -ne '\033[0m' + exit 1 + fi + done + + echo "OK" + ''); }; } diff --git a/pkgs/applications/graphics/krita/default.nix b/pkgs/applications/graphics/krita/default.nix index 4aea1c4d981..603c1a44f4f 100644 --- a/pkgs/applications/graphics/krita/default.nix +++ b/pkgs/applications/graphics/krita/default.nix @@ -1,7 +1,7 @@ { callPackage, ... } @ args: callPackage ./generic.nix (args // { - version = "5.0.6"; + version = "5.0.8"; kde-channel = "stable"; - sha256 = "sha256:0qhf7vm13v33yk67n7wdcgrqpk7yvajdlkqcp7zhrl2z7qdnvmzd"; + sha256 = "sha256:7R0fpQc+4MQVDh/enhCTgpgOqU0y5YRShrv/ILa/XkU="; }) diff --git a/pkgs/applications/graphics/krita/generic.nix b/pkgs/applications/graphics/krita/generic.nix index 825e8882a55..d5f778b592a 100644 --- a/pkgs/applications/graphics/krita/generic.nix +++ b/pkgs/applications/graphics/krita/generic.nix @@ -54,16 +54,14 @@ mkDerivation rec { "-DCMAKE_BUILD_TYPE=RelWithDebInfo" ]; - postInstall = '' - for i in $out/bin/*; do - wrapProgram $i --prefix PYTHONPATH : "$PYTHONPATH" - done + preInstall = '' + qtWrapperArgs+=(--prefix PYTHONPATH : "$PYTHONPATH") ''; meta = with lib; { description = "A free and open source painting application"; homepage = "https://krita.org/"; - maintainers = with maintainers; [ abbradar sifmelcara ]; + maintainers = with maintainers; [ abbradar sifmelcara nek0 ]; platforms = platforms.linux; license = licenses.gpl3Only; }; diff --git a/pkgs/development/tools/okteto/default.nix b/pkgs/development/tools/okteto/default.nix index d1fb6615850..435ccd5a79f 100644 --- a/pkgs/development/tools/okteto/default.nix +++ b/pkgs/development/tools/okteto/default.nix @@ -2,23 +2,23 @@ buildGoModule rec { pname = "okteto"; - version = "2.3.1"; + version = "2.3.3"; src = fetchFromGitHub { owner = "okteto"; repo = "okteto"; rev = version; - sha256 = "sha256-2L6Ky7Mbky6VYx4kdBuYTtaJ9AzNufuYLrgERxLYpg8="; + sha256 = "sha256-rKhXzmBV59bj/Dj2ORU1ggOohAs56iB15es924pHXp4="; }; + vendorSha256 = "sha256-XT/ZLydN1oeuRupD3gjvY6+hOB/Lq5CQwhfr9/iT7JI="; + postPatch = '' # Disable some tests that need file system & network access. find cmd -name "*_test.go" | xargs rm -f rm -f pkg/analytics/track_test.go ''; - vendorSha256 = "sha256-XT/ZLydN1oeuRupD3gjvY6+hOB/Lq5CQwhfr9/iT7JI="; - nativeBuildInputs = [ installShellFiles ]; ldflags = [ diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix index 3d6c34d5bfa..039e41390d4 100644 --- a/pkgs/tools/security/vault/default.nix +++ b/pkgs/tools/security/vault/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "vault"; - version = "1.10.3"; + version = "1.10.4"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "sha256-12LOYp2ffTC/IOyNyT2PMnkP4FOKT8HROZNRWyTHxhA="; + sha256 = "sha256-RJCFbhpFx84R9CIU1OaaZbjBXltNY/1GC2gwgydX4n8="; }; - vendorSha256 = "sha256-w5nUkCNo9xfalbc/U7uYaHZsUdyMV3tKDypQM9MnwE4="; + vendorSha256 = "sha256-8fTAU/K0WkkS6an5Ffaxpnz8vABQXpiWaCroc8DTYmc="; subPackages = [ "." ]; diff --git a/pkgs/tools/security/vault/vault-bin.nix b/pkgs/tools/security/vault/vault-bin.nix index 55192c670e0..0e679ccb7af 100644 --- a/pkgs/tools/security/vault/vault-bin.nix +++ b/pkgs/tools/security/vault/vault-bin.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "vault-bin"; - version = "1.10.3"; + version = "1.10.4"; src = let @@ -16,11 +16,11 @@ stdenv.mkDerivation rec { aarch64-darwin = "darwin_arm64"; }; sha256 = selectSystem { - x86_64-linux = "sha256-hz7u6sW415h/AsGlyghImo3K54gbAS92N6L0dI8vV8Q="; - aarch64-linux = "sha256-DIrVgHeVvDNx0vRwXt2gzf3HDYzDeYQ2JVy+7KlrLUo="; - i686-linux = "sha256-B0xamHI6GnHrKLjhIBvs89keShJ45fRgyM7M214S9jY="; - x86_64-darwin = "sha256-ubPcl/e0nwYYw5SrN2jfrGSwLHbi99jklYMDZuVdf6s="; - aarch64-darwin = "sha256-4CKrelIzaXu2GccWo2ZTzGSqCMTM1qmJ0drGD8F3c0k="; + x86_64-linux = "sha256-cLCRZDOMx1bk+sZnArR9oOxuCowqFDwPINxWnONIqUU="; + aarch64-linux = "sha256-5MdszdDr+qK1RZnhXnAZjZ9+pal3ju6XMV6NnjVSUIg="; + i686-linux = "sha256-srlyVhh4j005kLdLdJoEjHbXw0DLHH4G/rUH+b4EdDE="; + x86_64-darwin = "sha256-Bep4LAm1/8PDA+fiWfR0nDUezP0VADKwry2rjYv8dTU="; + aarch64-darwin = "sha256-2mLIOun03SiXeSEFD+qRPOCj4LJB6LjB6aneJ78A5OQ="; }; in fetchzip { |