diff options
31 files changed, 393 insertions, 55 deletions
diff --git a/doc/Makefile b/doc/Makefile index c6aed62a939..91b62fe138b 100644 --- a/doc/Makefile +++ b/doc/Makefile @@ -9,8 +9,10 @@ debug: .PHONY: format format: - find . -iname '*.xml' -type f -print0 | xargs -0 -I{} -n1 \ - xmlformat --config-file "$$XMLFORMAT_CONFIG" -i {} + find . -iname '*.xml' -type f | while read f; do \ + echo $$f ;\ + xmlformat --config-file "$$XMLFORMAT_CONFIG" -i $$f ;\ + done .PHONY: fix-misc-xml fix-misc-xml: diff --git a/doc/coding-conventions.xml b/doc/coding-conventions.xml index a8a4557b461..d2c7a1baae9 100644 --- a/doc/coding-conventions.xml +++ b/doc/coding-conventions.xml @@ -814,7 +814,7 @@ args.stdenv.mkDerivation (args // { <para> There are multiple ways to fetch a package source in nixpkgs. The general - guideline is that you should package sources with a high degree of + guideline is that you should package reproducible sources with a high degree of availability. Right now there is only one fetcher which has mirroring support and that is <literal>fetchurl</literal>. Note that you should also prefer protocols which have a corresponding proxy environment variable. @@ -876,6 +876,123 @@ src = fetchFromGitHub { </itemizedlist> </para> </section> + <section xml:id="sec-source-hashes"> + <title>Obtaining source hash</title> + + <para> + Preferred source hash type is sha256. There are several ways to get it. + </para> + + <orderedlist> + <listitem> + <para> + Prefetch URL (with <literal>nix-prefetch-<replaceable>XXX</replaceable> + <replaceable>URL</replaceable></literal>, where + <replaceable>XXX</replaceable> is one of <literal>url</literal>, + <literal>git</literal>, <literal>hg</literal>, <literal>cvs</literal>, + <literal>bzr</literal>, <literal>svn</literal>). Hash is printed to + stdout. + </para> + </listitem> + <listitem> + <para> + Prefetch by package source (with <literal>nix-prefetch-url + '<nixpkgs>' -A <replaceable>PACKAGE</replaceable>.src</literal>, + where <replaceable>PACKAGE</replaceable> is package attribute name). Hash + is printed to stdout. + </para> + <para> + This works well when you've upgraded existing package version and want to + find out new hash, but is useless if package can't be accessed by + attribute or package has multiple sources (<literal>.srcs</literal>, + architecture-dependent sources, etc). + </para> + </listitem> + <listitem> + <para> + Upstream provided hash: use it when upstream provides + <literal>sha256</literal> or <literal>sha512</literal> (when upstream + provides <literal>md5</literal>, don't use it, compute + <literal>sha256</literal> instead). + </para> + <para> + A little nuance is that <literal>nix-prefetch-*</literal> tools produce + hash encoded with <literal>base32</literal>, but upstream usually provides + hexadecimal (<literal>base16</literal>) encoding. Fetchers understand both + formats. Nixpkgs does not standardize on any one format. + </para> + <para> + You can convert between formats with nix-hash, for example: +<screen> +$ nix-hash --type sha256 --to-base32 <replaceable>HASH</replaceable> +</screen> + </para> + </listitem> + <listitem> + <para> + Extracting hash from local source tarball can be done with + <literal>sha256sum</literal>. Use <literal>nix-prefetch-url + file:///path/to/tarball </literal> if you want base32 hash. + </para> + </listitem> + <listitem> + <para> + Fake hash: set fake hash in package expression, perform build and extract + correct hash from error Nix prints. + </para> + <para> + For package updates it is enough to change one symbol to make hash fake. + For new packages, you can use <literal>lib.fakeSha256</literal>, + <literal>lib.fakeSha512</literal> or any other fake hash. + </para> + <para> + This is last resort method when reconstructing source URL is non-trivial + and <literal>nix-prefetch-url -A</literal> isn't applicable (for example, + <link xlink:href="https://github.com/NixOS/nixpkgs/blob/d2ab091dd308b99e4912b805a5eb088dd536adb9/pkgs/applications/video/kodi/default.nix#L73"> + one of <literal>kodi</literal> dependencies</link>). The easiest way then + would be replace hash with a fake one and rebuild. Nix build will fail and + error message will contain desired hash. + </para> + <warning><para>This method has security problems. Check below for details.</para></warning> + </listitem> + </orderedlist> + + <section xml:id="sec-source-hashes-security"> + <title>Obtaining hashes securely</title> + <para> + Let's say Man-in-the-Middle (MITM) sits close to your network. Then instead of fetching + source you can fetch malware, and instead of source hash you get hash of malware. Here are + security considerations for this scenario: + </para> + <itemizedlist> + <listitem> + <para> + <literal>http://</literal> URLs are not secure to prefetch hash from; + </para> + </listitem> + <listitem> + <para> + hashes from upstream (in method 3) should be obtained via secure protocol; + </para> + </listitem> + <listitem> + <para> + <literal>https://</literal> URLs are secure in methods 1, 2, 3; + </para> + </listitem> + <listitem> + <para> + <literal>https://</literal> URLs are not secure in method 5. When obtaining hashes + with fake hash method, TLS checks are disabled. So + refetch source hash from several different networks to exclude MITM scenario. + Alternatively, use fake hash method to make Nix error, but instead of extracting + hash from error, extract <literal>https://</literal> URL and prefetch it + with method 1. + </para> + </listitem> + </itemizedlist> + </section> + </section> <section xml:id="sec-patches"> <title>Patches</title> diff --git a/nixos/lib/make-squashfs.nix b/nixos/lib/make-squashfs.nix index 7ab84e47f53..ee76c9c5bf2 100644 --- a/nixos/lib/make-squashfs.nix +++ b/nixos/lib/make-squashfs.nix @@ -3,6 +3,9 @@ , # The root directory of the squashfs filesystem is filled with the # closures of the Nix store paths listed here. storeContents ? [] +, # Compression parameters. + # For zstd compression you can use "zstd -Xcompression-level 6". + comp ? "xz -Xdict-size 100%" }: stdenv.mkDerivation { @@ -20,6 +23,6 @@ stdenv.mkDerivation { # Generate the squashfs image. mksquashfs nix-path-registration $(cat $closureInfo/store-paths) $out \ - -keep-as-directory -all-root -b 1048576 -comp xz -Xdict-size 100% + -keep-as-directory -all-root -b 1048576 -comp ${comp} ''; } diff --git a/pkgs/applications/editors/neovim/default.nix b/pkgs/applications/editors/neovim/default.nix index 1bc7f1688ea..a3580b1afa7 100644 --- a/pkgs/applications/editors/neovim/default.nix +++ b/pkgs/applications/editors/neovim/default.nix @@ -11,13 +11,13 @@ let neovim = stdenv.mkDerivation rec { name = "neovim-unwrapped-${version}"; - version = "0.3.3"; + version = "0.3.4"; src = fetchFromGitHub { owner = "neovim"; repo = "neovim"; rev = "v${version}"; - sha256 = "0jf39br0c7kkvmc8b5n9b3lgy9cmf5sv1gghzafc8qk54bqymy2f"; + sha256 = "07ncvgp6xfhiwc6hd7qf7zk28n3yj47p26qj1ji29vqkwnk28y3s"; }; enableParallelBuilding = true; diff --git a/pkgs/applications/editors/neovim/neovim-remote.nix b/pkgs/applications/editors/neovim/neovim-remote.nix index d9b928f111a..1444d53da07 100644 --- a/pkgs/applications/editors/neovim/neovim-remote.nix +++ b/pkgs/applications/editors/neovim/neovim-remote.nix @@ -4,14 +4,14 @@ with stdenv.lib; pythonPackages.buildPythonPackage rec { pname = "neovim-remote"; - version = "2.1.3"; + version = "2.1.4"; disabled = !pythonPackages.isPy3k; src = fetchFromGitHub { owner = "mhinz"; repo = "neovim-remote"; rev = "v${version}"; - sha256 = "0nx987af29ajlpwnwfc3z8gplxv69gj53s4bzm6pwwsfbhfakdah"; + sha256 = "1s438cbyyzgg96b6639wk1ny6d6p2ywcba41l3r027wzyl7wrn8v"; }; propagatedBuildInputs = with pythonPackages; [ pynvim psutil ]; diff --git a/pkgs/applications/misc/coursera-dl/default.nix b/pkgs/applications/misc/coursera-dl/default.nix index a6afee13e47..0601514546f 100644 --- a/pkgs/applications/misc/coursera-dl/default.nix +++ b/pkgs/applications/misc/coursera-dl/default.nix @@ -22,6 +22,11 @@ in pythonPackages.buildPythonApplication rec { checkInputs = with pythonPackages; [ pytest mock ]; + postPatch = '' + substituteInPlace requirements.txt \ + --replace '==' '>=' + ''; + preConfigure = '' export LC_ALL=en_US.utf-8 ''; diff --git a/pkgs/applications/networking/instant-messengers/slack/default.nix b/pkgs/applications/networking/instant-messengers/slack/default.nix index 51b6fb1d69c..ece9c1089fa 100644 --- a/pkgs/applications/networking/instant-messengers/slack/default.nix +++ b/pkgs/applications/networking/instant-messengers/slack/default.nix @@ -1,14 +1,15 @@ { darkMode ? false, stdenv, fetchurl, dpkg, makeWrapper , alsaLib, atk, cairo, cups, curl, dbus, expat, fontconfig, freetype, glib , gnome2, gtk3, gdk_pixbuf, libnotify, libxcb, nspr, nss, pango -, systemd, xorg }: +, systemd, xorg, at-spi2-atk }: let - version = "3.3.3"; + version = "3.3.7"; rpath = stdenv.lib.makeLibraryPath [ alsaLib + at-spi2-atk atk cairo cups @@ -47,7 +48,7 @@ let if stdenv.hostPlatform.system == "x86_64-linux" then fetchurl { url = "https://downloads.slack-edge.com/linux_releases/slack-desktop-${version}-amd64.deb"; - sha256 = "01x4anbm62y49zfkyfvxih5rk8g2qi32ppb8j2a5pwssyw4wqbfi"; + sha256 = "1q3866iaby8rqim8h2m398wzi0isnnlsxirlq63fzz7a4g1hnc8p"; } else throw "Slack is not supported on ${stdenv.hostPlatform.system}"; diff --git a/pkgs/applications/networking/mailreaders/mutt/default.nix b/pkgs/applications/networking/mailreaders/mutt/default.nix index 6d03f2276d0..3afabb8bafb 100644 --- a/pkgs/applications/networking/mailreaders/mutt/default.nix +++ b/pkgs/applications/networking/mailreaders/mutt/default.nix @@ -27,15 +27,15 @@ with stdenv.lib; stdenv.mkDerivation rec { name = "mutt-${version}"; - version = "1.11.1"; + version = "1.11.2"; src = fetchurl { url = "http://ftp.mutt.org/pub/mutt/${name}.tar.gz"; - sha256 = "01fvn5h7l9rkwx6qz46svl4hmww108v4bmcywiw3prb26q0l2lbh"; + sha256 = "08w7lbhj5ba2zkjcd0cxkgfiy9y82yhg731xjg9i9292kz1x8p6s"; }; patches = optional smimeSupport (fetchpatch { - url = "https://salsa.debian.org/mutt-team/mutt/raw/debian/1.11.1-2/debian/patches/misc/smime.rc.patch"; + url = "https://salsa.debian.org/mutt-team/mutt/raw/debian/1.11.2-2/debian/patches/misc/smime.rc.patch"; sha256 = "1rl27qqwl4nw321ll5jcvfmkmz4fkvcsh5vihjcrhzzyf6vz8wmj"; }); diff --git a/pkgs/applications/networking/mpop/default.nix b/pkgs/applications/networking/mpop/default.nix index 912c23f107d..4a54fcf427e 100644 --- a/pkgs/applications/networking/mpop/default.nix +++ b/pkgs/applications/networking/mpop/default.nix @@ -3,12 +3,12 @@ with stdenv.lib; stdenv.mkDerivation rec { - version = "1.4.1"; + version = "1.4.2"; name = "mpop-${version}"; src = fetchurl { url = "https://marlam.de/mpop/releases/${name}.tar.xz"; - sha256 = "1b9mj6yfa8vg5flxw1xb8xalifjg87dghbg523i6fbr7679zl9iy"; + sha256 = "1rx5mhgqkm7swbynrhbsz32v85h0rydb4kqfgfs9jrznd9d14m2d"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/desktops/plasma-5/xdg-desktop-portal-kde.nix b/pkgs/desktops/plasma-5/xdg-desktop-portal-kde.nix index 5fdd6bea464..fc77e163e8f 100644 --- a/pkgs/desktops/plasma-5/xdg-desktop-portal-kde.nix +++ b/pkgs/desktops/plasma-5/xdg-desktop-portal-kde.nix @@ -1,13 +1,15 @@ { mkDerivation, extra-cmake-modules, gettext, kdoctools, python, - kcoreaddons, knotifications, kwayland, kwidgetsaddons + kcoreaddons, knotifications, kwayland, kwidgetsaddons, + cups, pcre, pipewire }: mkDerivation { name = "xdg-desktop-portal-kde"; nativeBuildInputs = [ extra-cmake-modules gettext kdoctools python ]; buildInputs = [ + cups pcre pipewire kcoreaddons knotifications kwayland kwidgetsaddons ]; } diff --git a/pkgs/development/interpreters/erlang/R21.nix b/pkgs/development/interpreters/erlang/R21.nix index b787f3f44f5..28166dfc0b0 100644 --- a/pkgs/development/interpreters/erlang/R21.nix +++ b/pkgs/development/interpreters/erlang/R21.nix @@ -1,8 +1,8 @@ { mkDerivation }: mkDerivation rec { - version = "21.2"; - sha256 = "0v9smdp2vxkpsz65a6ypwzl12fqdfrsi7k29f5i7af0v27r308cm"; + version = "21.2.3"; + sha256 = "1v47c7bddbp31y6f8yzdjyvgcx9sskxql33k7cs0p5fmr05hhxws"; prePatch = '' substituteInPlace configure.in --replace '`sw_vers -productVersion`' '10.10' diff --git a/pkgs/development/libraries/readline/8.0.nix b/pkgs/development/libraries/readline/8.0.nix new file mode 100644 index 00000000000..eefef972766 --- /dev/null +++ b/pkgs/development/libraries/readline/8.0.nix @@ -0,0 +1,66 @@ +{ fetchurl, stdenv, ncurses +}: + +stdenv.mkDerivation rec { + name = "readline-${version}"; + version = "8.0p${toString (builtins.length upstreamPatches)}"; + + src = fetchurl { + url = "mirror://gnu/readline/readline-${meta.branch}.tar.gz"; + sha256 = "0qg4924hf4hg0r0wbx2chswsr08734536fh5iagkd3a7f4czafg3"; + }; + + outputs = [ "out" "dev" "man" "doc" "info" ]; + + propagatedBuildInputs = [ncurses]; + + patchFlags = "-p0"; + + upstreamPatches = + (let + patch = nr: sha256: + fetchurl { + url = "mirror://gnu/readline/readline-${meta.branch}-patches/readline80-${nr}"; + inherit sha256; + }; + in + import ./readline-8.0-patches.nix patch); + + patches = + [ ./link-against-ncurses.patch + ./no-arch_only-6.3.patch + ] + ++ upstreamPatches; + + # Don't run the native `strip' when cross-compiling. + dontStrip = stdenv.hostPlatform != stdenv.buildPlatform; + bash_cv_func_sigsetjmp = if stdenv.isCygwin then "missing" else null; + + meta = with stdenv.lib; { + description = "Library for interactive line editing"; + + longDescription = '' + The GNU Readline library provides a set of functions for use by + applications that allow users to edit command lines as they are + typed in. Both Emacs and vi editing modes are available. The + Readline library includes additional functions to maintain a + list of previously-entered command lines, to recall and perhaps + reedit those lines, and perform csh-like history expansion on + previous commands. + + The history facilities are also placed into a separate library, + the History library, as part of the build process. The History + library may be used without Readline in applications which + desire its capabilities. + ''; + + homepage = https://savannah.gnu.org/projects/readline/; + + license = licenses.gpl3Plus; + + maintainers = with maintainers; [ vanschelven dtzWill ]; + + platforms = platforms.unix; + branch = "8.0"; + }; +} diff --git a/pkgs/development/libraries/readline/readline-8.0-patches.nix b/pkgs/development/libraries/readline/readline-8.0-patches.nix new file mode 100644 index 00000000000..b8019fb3350 --- /dev/null +++ b/pkgs/development/libraries/readline/readline-8.0-patches.nix @@ -0,0 +1,4 @@ +# Automatically generated by `update-patch-set.sh'; do not edit. + +patch: [ +] diff --git a/pkgs/development/python-modules/aniso8601/default.nix b/pkgs/development/python-modules/aniso8601/default.nix index 163e2c9b209..4f660239530 100644 --- a/pkgs/development/python-modules/aniso8601/default.nix +++ b/pkgs/development/python-modules/aniso8601/default.nix @@ -1,9 +1,9 @@ { stdenv, buildPythonPackage, fetchPypi -, dateutil }: +, dateutil, mock, isPy3k }: buildPythonPackage rec { pname = "aniso8601"; - version = "4.0.1"; + version = "4.1.0"; meta = with stdenv.lib; { description = "Parses ISO 8601 strings."; @@ -13,8 +13,10 @@ buildPythonPackage rec { propagatedBuildInputs = [ dateutil ]; + checkInputs = stdenv.lib.optional (!isPy3k) mock; + src = fetchPypi { inherit pname version; - sha256 = "15cwnadw2xdczdi13k9grrgqq67hxgys4l155dqsl2zh3glhsmp7"; + sha256 = "1x49k287ky1spv3msc9fwmc7ydyw6rlcr14nslgcmpjfn3pgzh03"; }; } diff --git a/pkgs/development/python-modules/base58/default.nix b/pkgs/development/python-modules/base58/default.nix index 43b2761f6bc..aafd73b8d8d 100644 --- a/pkgs/development/python-modules/base58/default.nix +++ b/pkgs/development/python-modules/base58/default.nix @@ -1,17 +1,15 @@ -{ stdenv, fetchFromGitHub, buildPythonPackage, pytest, pyhamcrest }: +{ stdenv, fetchPypi, buildPythonPackage, pytest, pyhamcrest }: buildPythonPackage rec { pname = "base58"; - version = "1.0.0"; + version = "1.0.3"; - src = fetchFromGitHub { - owner = "keis"; - repo = "base58"; - rev = "v${version}"; - sha256 = "0f8isdpvbgw0sqn9bj7hk47y8akpvdl8sn6rkszla0xb92ywj0f6"; + src = fetchPypi { + inherit pname version; + sha256 = "9a793c599979c497800eb414c852b80866f28daaed5494703fc129592cc83e60"; }; - buildInputs = [ pytest pyhamcrest ]; + checkInputs = [ pytest pyhamcrest ]; checkPhase = '' pytest ''; diff --git a/pkgs/development/python-modules/configargparse/default.nix b/pkgs/development/python-modules/configargparse/default.nix index 62e63a8e5b3..7d53f56a5a0 100644 --- a/pkgs/development/python-modules/configargparse/default.nix +++ b/pkgs/development/python-modules/configargparse/default.nix @@ -2,11 +2,11 @@ buildPythonPackage rec { pname = "ConfigArgParse"; - version = "0.13.0"; + version = "0.14.0"; src = fetchPypi { inherit pname version; - sha256 = "e6441aa58e23d3d122055808e5e2220fd742dff6e1e51082d2a4e4ed145dd788"; + sha256 = "149fy4zya0rsnlkvxbbq43cyr8lscb5k4pj1m6n7f1grwcmzwbif"; }; # no tests in tarball diff --git a/pkgs/development/python-modules/jaraco_classes/default.nix b/pkgs/development/python-modules/jaraco_classes/default.nix index 35c70c3c033..dadbb810465 100644 --- a/pkgs/development/python-modules/jaraco_classes/default.nix +++ b/pkgs/development/python-modules/jaraco_classes/default.nix @@ -2,10 +2,10 @@ buildPythonPackage rec { pname = "jaraco.classes"; - version = "1.5"; + version = "2.0"; src = fetchPypi { inherit pname version; - sha256 = "002zsifikv6qwigkjlij7jhyvbwv6793m8h9ckbkx2jizmgc80fi"; + sha256 = "1xfal9085bjh4fv57d6v9ibr5wf4llj73gp1ybdlqd2bralc9hnw"; }; doCheck = false; buildInputs = [ setuptools_scm ]; diff --git a/pkgs/development/python-modules/perf/default.nix b/pkgs/development/python-modules/perf/default.nix index 558886ce622..6c209ba8da0 100644 --- a/pkgs/development/python-modules/perf/default.nix +++ b/pkgs/development/python-modules/perf/default.nix @@ -15,11 +15,11 @@ buildPythonPackage rec { pname = "perf"; - version = "1.5.1"; + version = "1.6.0"; src = fetchPypi { inherit pname version; - sha256 = "5aae76e58bd3edd0c50adcc7c16926ebb9ed8c0e5058b435a30d58c6bb0394a8"; + sha256 = "1vrv83v8rhyl51yaxlqzw567vz5a9qwkymk3vqvcl5sa2yd3mzgp"; }; checkInputs = [ nose psutil ] ++ diff --git a/pkgs/development/web/postman/default.nix b/pkgs/development/web/postman/default.nix index bf18ce5d75c..79524b64d70 100644 --- a/pkgs/development/web/postman/default.nix +++ b/pkgs/development/web/postman/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "postman-${version}"; - version = "6.3.0"; + version = "6.7.1"; src = fetchurl { url = "https://dl.pstmn.io/download/version/${version}/linux64"; - sha256 = "09m511y977478567lc28mhy68b99ssajzhirc1c4anxnvvs7s6fa"; + sha256 = "1x8jj0xs67wi0qj6x22h54crndml6fl8a128s57v058fyxji6brx"; name = "${name}.tar.gz"; }; diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index ab4b1cc2fc9..1466b51b261 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -320,6 +320,7 @@ let SQUASHFS_LZO = yes; SQUASHFS_XZ = yes; SQUASHFS_LZ4 = yes; + SQUASHFS_ZSTD = whenAtLeast "4.14" yes; # Native Language Support modules, needed by some filesystems NLS = yes; diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index 6b314195bf8..efcf6c0d5bf 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.14.93"; + version = "4.14.94"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1b8v4962b0j9fkipqldp0agss2hgvlhn24krw619f27p0jr5y4mv"; + sha256 = "1w933hd1ffd62znsha5z9qgjpsnh03f3r01f4b69l814n25m2a77"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index bb3850e5a6d..fc51cb2bf69 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.19.15"; + version = "4.19.16"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0v9nbkxc017ydcah5q0yhrlq1f7awc33m6w4gpif2f0wvxfimxkq"; + sha256 = "1pqvn6dsh0xhdpawz4ag27vkw1abvb6sn3869i4fbrz33ww8i86q"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.20.nix b/pkgs/os-specific/linux/kernel/linux-4.20.nix index d21f5ed4c8c..f7636ae02d5 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.20.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.20.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.20.2"; + version = "4.20.3"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0sc60xj10r4pmlxisc57fy4f5pr7wgkgc96qc46cyj656fcbhjgb"; + sha256 = "0ibz33xgmvyvaql2jbl9kagv13nar9pjar7pawxyga04hh9bvhdr"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index 7f5be8957af..58cbd8fe4f2 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.4.170"; + version = "4.4.171"; extraMeta.branch = "4.4"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "04fia71k7hi9kmxmrqsdsi4nl6jw7vn1wkmdyh63hm89yz8dmy64"; + sha256 = "187g9x2zd738s1ric8zl205b7xipvr0l5i045clnhqwl5bd78h7x"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix index 5001b063e33..09f6ccc1325 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.9.150"; + version = "4.9.151"; extraMeta.branch = "4.9"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1r0pf44j523a142skgcy97ia32r46gg3ivzg1ziy8cxll9xigk4l"; + sha256 = "0p22xla6yq1zwhypfh1zkp0n12wjz5m806lmv8scwkbyh2amb5hm"; }; } // (args.argsOverride or {})) diff --git a/pkgs/servers/http/tengine/default.nix b/pkgs/servers/http/tengine/default.nix index 36f326d5590..fb343d1a05c 100644 --- a/pkgs/servers/http/tengine/default.nix +++ b/pkgs/servers/http/tengine/default.nix @@ -10,12 +10,12 @@ with stdenv.lib; stdenv.mkDerivation rec { - version = "2.2.2"; + version = "2.2.3"; name = "tengine-${version}"; src = fetchurl { - url = "https://github.com/alibaba/tengine/archive/${name}.tar.gz"; - sha256 = "1vq73wsldvj7rc61ag85pvnaacrrq9rs0pfqv71z5iyvb5r3bxc2"; + url = "https://github.com/alibaba/tengine/archive/${version}.tar.gz"; + sha256 = "0x12mfs0q7lihpl335ad222a1a2sdkqzj5q8zbybzr20frixjs42"; }; buildInputs = diff --git a/pkgs/servers/nats-streaming-server/default.nix b/pkgs/servers/nats-streaming-server/default.nix index 8270fa39821..cc73b2e1f6f 100644 --- a/pkgs/servers/nats-streaming-server/default.nix +++ b/pkgs/servers/nats-streaming-server/default.nix @@ -4,7 +4,7 @@ with lib; buildGoPackage rec { name = "nats-streaming-server-${version}"; - version = "0.11.0"; + version = "0.11.2"; rev = "v${version}"; goPackagePath = "github.com/nats-io/nats-streaming-server"; @@ -13,7 +13,7 @@ buildGoPackage rec { inherit rev; owner = "nats-io"; repo = "nats-streaming-server"; - sha256 = "0skkx3f7dpbf6nqpsbsk8ssn8hl55s9k76a5y5ksyqar5bdxvds5"; + sha256 = "1jd9c5yw3xxp5hln1g8w48l4cslhxbv0k2af47g6pya09kwknqkq"; }; meta = { diff --git a/pkgs/shells/bash/5.0.nix b/pkgs/shells/bash/5.0.nix new file mode 100644 index 00000000000..b78282ab6e4 --- /dev/null +++ b/pkgs/shells/bash/5.0.nix @@ -0,0 +1,126 @@ +{ stdenv, buildPackages +, fetchurl, binutils ? null, bison, utillinux + +# patch for cygwin requires readline support +, interactive ? stdenv.isCygwin, readline80 ? null +, withDocs ? false, texinfo ? null +}: + +with stdenv.lib; + +assert interactive -> readline80 != null; +assert withDocs -> texinfo != null; +assert stdenv.hostPlatform.isDarwin -> binutils != null; + +let + upstreamPatches = import ./bash-5.0-patches.nix (nr: sha256: fetchurl { + url = "mirror://gnu/bash/bash-5.0-patches/bash50-${nr}"; + inherit sha256; + }); +in + +stdenv.mkDerivation rec { + name = "bash-${optionalString interactive "interactive-"}${version}-p${toString (builtins.length upstreamPatches)}"; + version = "5.0"; + + src = fetchurl { + url = "mirror://gnu/bash/bash-${version}.tar.gz"; + sha256 = "0kgvfwqdcd90waczf4gx39xnrxzijhjrzyzv7s8v4w31qqm0za5l"; + }; + + hardeningDisable = [ "format" ]; + + outputs = [ "out" "dev" "man" "doc" "info" ]; + + NIX_CFLAGS_COMPILE = '' + -DSYS_BASHRC="/etc/bashrc" + -DSYS_BASH_LOGOUT="/etc/bash_logout" + -DDEFAULT_PATH_VALUE="/no-such-path" + -DSTANDARD_UTILS_PATH="/no-such-path" + -DNON_INTERACTIVE_LOGIN_SHELLS + -DSSH_SOURCE_BASHRC + ''; + + patchFlags = "-p0"; + + patches = upstreamPatches; + + configureFlags = [ + (if interactive then "--with-installed-readline" else "--disable-readline") + ] ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ + "bash_cv_job_control_missing=nomissing" + "bash_cv_sys_named_pipes=nomissing" + "bash_cv_getcwd_malloc=yes" + ] ++ optionals stdenv.hostPlatform.isCygwin [ + "--without-libintl-prefix" + "--without-libiconv-prefix" + "--with-installed-readline" + "bash_cv_dev_stdin=present" + "bash_cv_dev_fd=standard" + "bash_cv_termcap_lib=libncurses" + ] ++ optionals (stdenv.hostPlatform.libc == "musl") [ + "--without-bash-malloc" + "--disable-nls" + ]; + + # Note: Bison is needed because the patches above modify parse.y. + depsBuildBuild = [ buildPackages.stdenv.cc ]; + nativeBuildInputs = [ bison ] + ++ optional withDocs texinfo + ++ optional stdenv.hostPlatform.isDarwin binutils; + + buildInputs = optional interactive readline80; + + enableParallelBuilding = true; + + makeFlags = optional stdenv.hostPlatform.isCygwin [ + "LOCAL_LDFLAGS=-Wl,--export-all,--out-implib,libbash.dll.a" + "SHOBJ_LIBS=-lbash" + ]; + + checkInputs = [ utillinux ]; + doCheck = false; # dependency cycle, needs to be interactive + + postInstall = '' + ln -s bash "$out/bin/sh" + rm -f $out/lib/bash/Makefile.inc + ''; + + postFixup = if interactive + then '' + substituteInPlace "$out/bin/bashbug" \ + --replace '${stdenv.shell}' "$out/bin/bash" + '' + # most space is taken by locale data + else '' + rm -rf "$out/share" "$out/bin/bashbug" + ''; + + meta = with stdenv.lib; { + homepage = https://www.gnu.org/software/bash/; + description = + "GNU Bourne-Again Shell, the de facto standard shell on Linux" + + (if interactive then " (for interactive use)" else ""); + + longDescription = '' + Bash is the shell, or command language interpreter, that will + appear in the GNU operating system. Bash is an sh-compatible + shell that incorporates useful features from the Korn shell + (ksh) and C shell (csh). It is intended to conform to the IEEE + POSIX P1003.2/ISO 9945.2 Shell and Tools standard. It offers + functional improvements over sh for both programming and + interactive use. In addition, most sh scripts can be run by + Bash without modification. + ''; + + license = licenses.gpl3Plus; + + platforms = platforms.all; + + maintainers = with maintainers; [ peti dtzWill ]; + }; + + passthru = { + shellPath = "/bin/bash"; + }; +} diff --git a/pkgs/shells/bash/bash-5.0-patches.nix b/pkgs/shells/bash/bash-5.0-patches.nix new file mode 100644 index 00000000000..b8019fb3350 --- /dev/null +++ b/pkgs/shells/bash/bash-5.0-patches.nix @@ -0,0 +1,4 @@ +# Automatically generated by `update-patch-set.sh'; do not edit. + +patch: [ +] diff --git a/pkgs/tools/networking/ocserv/default.nix b/pkgs/tools/networking/ocserv/default.nix index d6458128b04..63a74c3ddb6 100644 --- a/pkgs/tools/networking/ocserv/default.nix +++ b/pkgs/tools/networking/ocserv/default.nix @@ -5,13 +5,13 @@ stdenv.mkDerivation rec { name = "ocserv-${version}"; - version = "0.12.1"; + version = "0.12.2"; src = fetchFromGitLab { owner = "openconnect"; repo = "ocserv"; rev = "ocserv_${stdenv.lib.replaceStrings [ "." ] [ "_" ] version}"; - sha256 = "0jn91a50r3ryj1ph9fzxwy2va877b0b37ahargxzn7biccd8nh0y"; + sha256 = "13lijg5qkkpn35laaimpw9l5g2dnnbmqn74lpcknmp6nm6j2wvci"; }; nativeBuildInputs = [ autoreconfHook pkgconfig ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 50f06c19088..590281de11a 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6524,6 +6524,11 @@ in any-nix-shell = callPackage ../shells/any-nix-shell { }; bash = lowPrio (callPackage ../shells/bash/4.4.nix { }); + bash_5 = lowPrio (callPackage ../shells/bash/5.0.nix { }); + bashInteractive_5 = lowPrio (callPackage ../shells/bash/5.0.nix { + interactive = true; + withDocs = true; + }); # WARNING: this attribute is used by nix-shell so it shouldn't be removed/renamed bashInteractive = callPackage ../shells/bash/4.4.nix { @@ -12395,6 +12400,8 @@ in readline70 = callPackage ../development/libraries/readline/7.0.nix { }; + readline80 = callPackage ../development/libraries/readline/8.0.nix { }; + readosm = callPackage ../development/libraries/readosm { }; lambdabot = callPackage ../development/tools/haskell/lambdabot { |