diff options
58 files changed, 600 insertions, 553 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index 83bc2f82bbf..b958aab07c5 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -128,7 +128,7 @@ GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' WITH GRANT OPTION; </listitem> <listitem> <para> - Two new option <link linkend="opt-documentation.man.generateCaches">documentation.man.generateCaches</link> + The new option <link linkend="opt-documentation.man.generateCaches">documentation.man.generateCaches</link> has been added to automatically generate the <literal>man-db</literal> caches, which are needed by utilities like <command>whatis</command> and <command>apropos</command>. The caches are generated during the build of the NixOS configuration: since this can be expensive when a large number of packages are installed, the @@ -195,6 +195,15 @@ GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' WITH GRANT OPTION; The NixOS module system now supports freeform modules as a mix between <literal>types.attrsOf</literal> and <literal>types.submodule</literal>. These allow you to explicitly declare a subset of options while still permitting definitions without an associated option. See <xref linkend='sec-freeform-modules'/> for how to use them. </para> </listitem> + <listitem> + <para> + The GRUB module gained support for basic password protection, which + allows to restrict non-default entries in the boot menu to one or more + users. The users and passwords are defined via the option + <option>boot.loader.grub.users</option>. + Note: Password support is only avaiable in GRUB version 2. + </para> + </listitem> </itemizedlist> </section> diff --git a/nixos/lib/test-driver/test-driver.py b/nixos/lib/test-driver/test-driver.py index 7b8d5803aa5..f4e2bb6100f 100644 --- a/nixos/lib/test-driver/test-driver.py +++ b/nixos/lib/test-driver/test-driver.py @@ -424,15 +424,18 @@ class Machine: output += out return output - def fail(self, *commands: str) -> None: + def fail(self, *commands: str) -> str: """Execute each command and check that it fails.""" + output = "" for command in commands: with self.nested("must fail: {}".format(command)): - status, output = self.execute(command) + (status, out) = self.execute(command) if status == 0: raise Exception( "command `{}` unexpectedly succeeded".format(command) ) + output += out + return output def wait_until_succeeds(self, command: str) -> str: """Wait until a command returns success and return its output. diff --git a/nixos/modules/services/misc/ssm-agent.nix b/nixos/modules/services/misc/ssm-agent.nix index f7c05deeecb..00e806695fd 100644 --- a/nixos/modules/services/misc/ssm-agent.nix +++ b/nixos/modules/services/misc/ssm-agent.nix @@ -29,13 +29,15 @@ in { config = mkIf cfg.enable { systemd.services.ssm-agent = { + users.extraUsers.ssm-user = {}; + inherit (cfg.package.meta) description; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - path = [ fake-lsb-release ]; + path = [ fake-lsb-release pkgs.coreutils ]; serviceConfig = { - ExecStart = "${cfg.package}/bin/agent"; + ExecStart = "${cfg.package}/bin/amazon-ssm-agent"; KillMode = "process"; Restart = "on-failure"; RestartSec = "15min"; diff --git a/nixos/modules/services/monitoring/prometheus/default.nix b/nixos/modules/services/monitoring/prometheus/default.nix index 84a72afac2f..d7e06484b69 100644 --- a/nixos/modules/services/monitoring/prometheus/default.nix +++ b/nixos/modules/services/monitoring/prometheus/default.nix @@ -46,7 +46,7 @@ let cmdlineArgs = cfg.extraFlags ++ [ "--storage.tsdb.path=${workingDir}/data/" "--config.file=${prometheusYml}" - "--web.listen-address=${cfg.listenAddress}" + "--web.listen-address=${cfg.listenAddress}:${builtins.toString cfg.port}" "--alertmanager.notification-queue-capacity=${toString cfg.alertmanagerNotificationQueueCapacity}" "--alertmanager.timeout=${toString cfg.alertmanagerTimeout}s" ] ++ @@ -489,9 +489,17 @@ in { ''; }; + port = mkOption { + type = types.port; + default = 9090; + description = '' + Port to listen on. + ''; + }; + listenAddress = mkOption { type = types.str; - default = "0.0.0.0:9090"; + default = "0.0.0.0"; description = '' Address to listen on for the web interface, API, and telemetry. ''; @@ -619,6 +627,21 @@ in { }; config = mkIf cfg.enable { + assertions = [ + ( let + legacy = builtins.match "(.*):(.*)" cfg.listenAddress; + in { + assertion = legacy == null; + message = '' + Do not specify the port for Prometheus to listen on in the + listenAddress option; use the port option instead: + services.prometheus.listenAddress = ${builtins.elemAt legacy 0}; + services.prometheus.port = ${builtins.elemAt legacy 1}; + ''; + } + ) + ]; + users.groups.prometheus.gid = config.ids.gids.prometheus; users.users.prometheus = { description = "Prometheus daemon user"; diff --git a/nixos/modules/virtualisation/docker-preloader.nix b/nixos/modules/virtualisation/docker-preloader.nix deleted file mode 100644 index 6ab83058dee..00000000000 --- a/nixos/modules/virtualisation/docker-preloader.nix +++ /dev/null @@ -1,134 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -with builtins; - -let - cfg = config.virtualisation; - - sanitizeImageName = image: replaceStrings ["/"] ["-"] image.imageName; - hash = drv: head (split "-" (baseNameOf drv.outPath)); - # The label of an ext4 FS is limited to 16 bytes - labelFromImage = image: substring 0 16 (hash image); - - # The Docker image is loaded and some files from /var/lib/docker/ - # are written into a qcow image. - preload = image: pkgs.vmTools.runInLinuxVM ( - pkgs.runCommand "docker-preload-image-${sanitizeImageName image}" { - buildInputs = with pkgs; [ docker e2fsprogs utillinux curl kmod ]; - preVM = pkgs.vmTools.createEmptyImage { - size = cfg.dockerPreloader.qcowSize; - fullName = "docker-deamon-image.qcow2"; - }; - } - '' - mkfs.ext4 /dev/vda - e2label /dev/vda ${labelFromImage image} - mkdir -p /var/lib/docker - mount -t ext4 /dev/vda /var/lib/docker - - modprobe overlay - - # from https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount - mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup - cd /sys/fs/cgroup - for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do - mkdir -p $sys - if ! mountpoint -q $sys; then - if ! mount -n -t cgroup -o $sys cgroup $sys; then - rmdir $sys || true - fi - fi - done - - dockerd -H tcp://127.0.0.1:5555 -H unix:///var/run/docker.sock & - - until $(curl --output /dev/null --silent --connect-timeout 2 http://127.0.0.1:5555); do - printf '.' - sleep 1 - done - - docker load -i ${image} - - kill %1 - find /var/lib/docker/ -maxdepth 1 -mindepth 1 -not -name "image" -not -name "overlay2" | xargs rm -rf - ''); - - preloadedImages = map preload cfg.dockerPreloader.images; - -in - -{ - options.virtualisation.dockerPreloader = { - images = mkOption { - default = [ ]; - type = types.listOf types.package; - description = - '' - A list of Docker images to preload (in the /var/lib/docker directory). - ''; - }; - qcowSize = mkOption { - default = 1024; - type = types.int; - description = - '' - The size (MB) of qcow files. - ''; - }; - }; - - config = mkIf (cfg.dockerPreloader.images != []) { - assertions = [{ - # If docker.storageDriver is null, Docker choose the storage - # driver. So, in this case, we cannot be sure overlay2 is used. - assertion = cfg.docker.storageDriver == "overlay2" - || cfg.docker.storageDriver == "overlay" - || cfg.docker.storageDriver == null; - message = "The Docker image Preloader only works with overlay2 storage driver!"; - }]; - - virtualisation.qemu.options = - map (path: "-drive if=virtio,file=${path}/disk-image.qcow2,readonly,media=cdrom,format=qcow2") - preloadedImages; - - - # All attached QCOW files are mounted and their contents are linked - # to /var/lib/docker/ in order to make image available. - systemd.services.docker-preloader = { - description = "Preloaded Docker images"; - wantedBy = ["docker.service"]; - after = ["network.target"]; - path = with pkgs; [ mount rsync jq ]; - script = '' - mkdir -p /var/lib/docker/overlay2/l /var/lib/docker/image/overlay2 - echo '{}' > /tmp/repositories.json - - for i in ${concatStringsSep " " (map labelFromImage cfg.dockerPreloader.images)}; do - mkdir -p /mnt/docker-images/$i - - # The ext4 label is limited to 16 bytes - mount /dev/disk/by-label/$(echo $i | cut -c1-16) -o ro,noload /mnt/docker-images/$i - - find /mnt/docker-images/$i/overlay2/ -maxdepth 1 -mindepth 1 -not -name l\ - -exec ln -s '{}' /var/lib/docker/overlay2/ \; - cp -P /mnt/docker-images/$i/overlay2/l/* /var/lib/docker/overlay2/l/ - - rsync -a /mnt/docker-images/$i/image/ /var/lib/docker/image/ - - # Accumulate image definitions - cp /tmp/repositories.json /tmp/repositories.json.tmp - jq -s '.[0] * .[1]' \ - /tmp/repositories.json.tmp \ - /mnt/docker-images/$i/image/overlay2/repositories.json \ - > /tmp/repositories.json - done - - mv /tmp/repositories.json /var/lib/docker/image/overlay2/repositories.json - ''; - serviceConfig = { - Type = "oneshot"; - }; - }; - }; -} diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index a650dd72c2a..42e43f5ee02 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -264,7 +264,6 @@ in { imports = [ ../profiles/qemu-guest.nix - ./docker-preloader.nix ]; options = { diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 0ce5f89b27c..346407f9938 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -79,15 +79,13 @@ in docker = handleTestOn ["x86_64-linux"] ./docker.nix {}; oci-containers = handleTestOn ["x86_64-linux"] ./oci-containers.nix {}; docker-edge = handleTestOn ["x86_64-linux"] ./docker-edge.nix {}; - docker-preloader = handleTestOn ["x86_64-linux"] ./docker-preloader.nix {}; docker-registry = handleTest ./docker-registry.nix {}; docker-tools = handleTestOn ["x86_64-linux"] ./docker-tools.nix {}; docker-tools-overlay = handleTestOn ["x86_64-linux"] ./docker-tools-overlay.nix {}; documize = handleTest ./documize.nix {}; dokuwiki = handleTest ./dokuwiki.nix {}; dovecot = handleTest ./dovecot.nix {}; - # ec2-config doesn't work in a sandbox as the simulated ec2 instance needs network access - #ec2-config = (handleTestOn ["x86_64-linux"] ./ec2.nix {}).boot-ec2-config or {}; + ec2-config = (handleTestOn ["x86_64-linux"] ./ec2.nix {}).boot-ec2-config or {}; ec2-nixops = (handleTestOn ["x86_64-linux"] ./ec2.nix {}).boot-ec2-nixops or {}; ecryptfs = handleTest ./ecryptfs.nix {}; ejabberd = handleTest ./xmpp/ejabberd.nix {}; diff --git a/nixos/tests/common/ec2.nix b/nixos/tests/common/ec2.nix index ba087bb6009..502fe96231f 100644 --- a/nixos/tests/common/ec2.nix +++ b/nixos/tests/common/ec2.nix @@ -20,30 +20,44 @@ with pkgs.lib; in makeTest { name = "ec2-" + name; nodes = {}; - testScript = - '' - my $imageDir = ($ENV{'TMPDIR'} // "/tmp") . "/vm-state-machine"; - mkdir $imageDir, 0700; - my $diskImage = "$imageDir/machine.qcow2"; - system("qemu-img create -f qcow2 -o backing_file=${image} $diskImage") == 0 or die; - system("qemu-img resize $diskImage 10G") == 0 or die; + testScript = '' + import os + import subprocess - # Note: we use net=169.0.0.0/8 rather than - # net=169.254.0.0/16 to prevent dhcpcd from getting horribly - # confused. (It would get a DHCP lease in the 169.254.* - # range, which it would then configure and prompty delete - # again when it deletes link-local addresses.) Ideally we'd - # turn off the DHCP server, but qemu does not have an option - # to do that. - my $startCommand = "qemu-kvm -m 1024"; - $startCommand .= " -device virtio-net-pci,netdev=vlan0"; - $startCommand .= " -netdev 'user,id=vlan0,net=169.0.0.0/8,guestfwd=tcp:169.254.169.254:80-cmd:${pkgs.micro-httpd}/bin/micro_httpd ${metaData}'"; - $startCommand .= " -drive file=$diskImage,if=virtio,werror=report"; - $startCommand .= " \$QEMU_OPTS"; + image_dir = os.path.join( + os.environ.get("TMPDIR", tempfile.gettempdir()), "tmp", "vm-state-machine" + ) + os.makedirs(image_dir, mode=0o700, exist_ok=True) + disk_image = os.path.join(image_dir, "machine.qcow2") + subprocess.check_call( + [ + "qemu-img", + "create", + "-f", + "qcow2", + "-o", + "backing_file=${image}", + disk_image, + ] + ) + subprocess.check_call(["qemu-img", "resize", disk_image, "10G"]) - my $machine = createMachine({ startCommand => $startCommand }); + # Note: we use net=169.0.0.0/8 rather than + # net=169.254.0.0/16 to prevent dhcpcd from getting horribly + # confused. (It would get a DHCP lease in the 169.254.* + # range, which it would then configure and prompty delete + # again when it deletes link-local addresses.) Ideally we'd + # turn off the DHCP server, but qemu does not have an option + # to do that. + start_command = ( + "qemu-kvm -m 1024" + + " -device virtio-net-pci,netdev=vlan0" + + " -netdev 'user,id=vlan0,net=169.0.0.0/8,guestfwd=tcp:169.254.169.254:80-cmd:${pkgs.micro-httpd}/bin/micro_httpd ${metaData}'" + + f" -drive file={disk_image},if=virtio,werror=report" + + " $QEMU_OPTS" + ) - ${script} - ''; + machine = create_machine({"startCommand": start_command}) + '' + script; }; } diff --git a/nixos/tests/docker-preloader.nix b/nixos/tests/docker-preloader.nix deleted file mode 100644 index c3e8aced351..00000000000 --- a/nixos/tests/docker-preloader.nix +++ /dev/null @@ -1,27 +0,0 @@ -import ./make-test.nix ({ pkgs, ...} : { - name = "docker-preloader"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ lewo ]; - }; - - nodes = { - docker = - { pkgs, ... }: - { - virtualisation.docker.enable = true; - virtualisation.dockerPreloader.images = [ pkgs.dockerTools.examples.nix pkgs.dockerTools.examples.bash ]; - - services.openssh.enable = true; - services.openssh.permitRootLogin = "yes"; - services.openssh.extraConfig = "PermitEmptyPasswords yes"; - users.extraUsers.root.password = ""; - }; - }; - testScript = '' - startAll; - - $docker->waitForUnit("sockets.target"); - $docker->succeed("docker run nix nix-store --version"); - $docker->succeed("docker run bash bash --version"); - ''; -}) diff --git a/nixos/tests/ec2.nix b/nixos/tests/ec2.nix index 5a59d65e602..df067248016 100644 --- a/nixos/tests/ec2.nix +++ b/nixos/tests/ec2.nix @@ -3,58 +3,58 @@ pkgs ? import ../.. { inherit system config; } }: -with import ../lib/testing.nix { inherit system pkgs; }; +with import ../lib/testing-python.nix { inherit system pkgs; }; with pkgs.lib; with import common/ec2.nix { inherit makeTest pkgs; }; let - imageCfg = - (import ../lib/eval-config.nix { - inherit system; - modules = [ - ../maintainers/scripts/ec2/amazon-image.nix - ../modules/testing/test-instrumentation.nix - ../modules/profiles/qemu-guest.nix - { ec2.hvm = true; - - # Hack to make the partition resizing work in QEMU. - boot.initrd.postDeviceCommands = mkBefore - '' - ln -s vda /dev/xvda - ln -s vda1 /dev/xvda1 - ''; - - # Needed by nixos-rebuild due to the lack of network - # access. Determined by trial and error. - system.extraDependencies = - with pkgs; ( - [ - # Needed for a nixos-rebuild. - busybox - stdenv - stdenvNoCC - mkinitcpio-nfs-utils - unionfs-fuse - cloud-utils - desktop-file-utils - texinfo - libxslt.bin - xorg.lndir - - # These are used in the configure-from-userdata tests - # for EC2. Httpd and valgrind are requested by the - # configuration. - apacheHttpd apacheHttpd.doc apacheHttpd.man valgrind.doc - ] - ); - } - ]; - }).config; + imageCfg = (import ../lib/eval-config.nix { + inherit system; + modules = [ + ../maintainers/scripts/ec2/amazon-image.nix + ../modules/testing/test-instrumentation.nix + ../modules/profiles/qemu-guest.nix + { + ec2.hvm = true; + + # Hack to make the partition resizing work in QEMU. + boot.initrd.postDeviceCommands = mkBefore '' + ln -s vda /dev/xvda + ln -s vda1 /dev/xvda1 + ''; + + # Needed by nixos-rebuild due to the lack of network + # access. Determined by trial and error. + system.extraDependencies = with pkgs; ( [ + # Needed for a nixos-rebuild. + busybox + cloud-utils + desktop-file-utils + libxslt.bin + mkinitcpio-nfs-utils + stdenv + stdenvNoCC + texinfo + unionfs-fuse + xorg.lndir + + # These are used in the configure-from-userdata tests + # for EC2. Httpd and valgrind are requested by the + # configuration. + apacheHttpd + apacheHttpd.doc + apacheHttpd.man + valgrind.doc + ]); + } + ]; + }).config; image = "${imageCfg.system.build.amazonImage}/${imageCfg.amazonImage.name}.vhd"; sshKeys = import ./ssh-keys.nix pkgs; snakeOilPrivateKey = sshKeys.snakeOilPrivateKey.text; + snakeOilPrivateKeyFile = pkgs.writeText "private-key" snakeOilPrivateKey; snakeOilPublicKey = sshKeys.snakeOilPublicKey; in { @@ -68,43 +68,47 @@ in { SSH_HOST_ED25519_KEY:${replaceStrings ["\n"] ["|"] snakeOilPrivateKey} ''; script = '' - $machine->start; - $machine->waitForFile("/etc/ec2-metadata/user-data"); - $machine->waitForUnit("sshd.service"); + machine.start() + machine.wait_for_file("/etc/ec2-metadata/user-data") + machine.wait_for_unit("sshd.service") - $machine->succeed("grep unknown /etc/ec2-metadata/ami-manifest-path"); + machine.succeed("grep unknown /etc/ec2-metadata/ami-manifest-path") # We have no keys configured on the client side yet, so this should fail - $machine->fail("ssh -o BatchMode=yes localhost exit"); + machine.fail("ssh -o BatchMode=yes localhost exit") # Let's install our client private key - $machine->succeed("mkdir -p ~/.ssh"); + machine.succeed("mkdir -p ~/.ssh") - $machine->succeed("echo '${snakeOilPrivateKey}' > ~/.ssh/id_ed25519"); - $machine->succeed("chmod 600 ~/.ssh/id_ed25519"); + machine.copy_from_host_via_shell( + "${snakeOilPrivateKeyFile}", "~/.ssh/id_ed25519" + ) + machine.succeed("chmod 600 ~/.ssh/id_ed25519") # We haven't configured the host key yet, so this should still fail - $machine->fail("ssh -o BatchMode=yes localhost exit"); + machine.fail("ssh -o BatchMode=yes localhost exit") # Add the host key; ssh should finally succeed - $machine->succeed("echo localhost,127.0.0.1 ${snakeOilPublicKey} > ~/.ssh/known_hosts"); - $machine->succeed("ssh -o BatchMode=yes localhost exit"); + machine.succeed( + "echo localhost,127.0.0.1 ${snakeOilPublicKey} > ~/.ssh/known_hosts" + ) + machine.succeed("ssh -o BatchMode=yes localhost exit") # Test whether the root disk was resized. - my $blocks = $machine->succeed("stat -c %b -f /"); - my $bsize = $machine->succeed("stat -c %S -f /"); - my $size = $blocks * $bsize; - die "wrong free space $size" if $size < 9.7 * 1024 * 1024 * 1024 || $size > 10 * 1024 * 1024 * 1024; + blocks, block_size = map(int, machine.succeed("stat -c %b:%S -f /").split(":")) + GB = 1024 ** 3 + assert 9.7 * GB <= blocks * block_size <= 10 * GB # Just to make sure resizing is idempotent. - $machine->shutdown; - $machine->start; - $machine->waitForFile("/etc/ec2-metadata/user-data"); + machine.shutdown() + machine.start() + machine.wait_for_file("/etc/ec2-metadata/user-data") ''; }; boot-ec2-config = makeEc2Test { name = "config-userdata"; + meta.broken = true; # amazon-init wants to download from the internet while building the system inherit image; sshPublicKey = snakeOilPublicKey; @@ -133,17 +137,17 @@ in { } ''; script = '' - $machine->start; + machine.start() # amazon-init must succeed. if it fails, make the test fail - # immediately instead of timing out in waitForFile. - $machine->waitForUnit('amazon-init.service'); + # immediately instead of timing out in wait_for_file. + machine.wait_for_unit("amazon-init.service") - $machine->waitForFile("/etc/testFile"); - $machine->succeed("cat /etc/testFile | grep -q 'whoa'"); + machine.wait_for_file("/etc/testFile") + assert "whoa" in machine.succeed("cat /etc/testFile") - $machine->waitForUnit("httpd.service"); - $machine->succeed("curl http://localhost | grep Valgrind"); + machine.wait_for_unit("httpd.service") + assert "Valgrind" in machine.succeed("curl http://localhost") ''; }; } diff --git a/nixos/tests/gnome3.nix b/nixos/tests/gnome3.nix index b3d7aff8bd7..7e301be49d1 100644 --- a/nixos/tests/gnome3.nix +++ b/nixos/tests/gnome3.nix @@ -23,6 +23,13 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : { services.xserver.desktopManager.gnome3.enable = true; services.xserver.desktopManager.gnome3.debug = true; + environment.systemPackages = [ + (pkgs.makeAutostartItem { + name = "org.gnome.Terminal"; + package = pkgs.gnome3.gnome-terminal; + }) + ]; + virtualisation.memorySize = 1024; }; @@ -65,9 +72,6 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : { ) with subtest("Open Gnome Terminal"): - machine.succeed( - "${gnomeTerminalCommand}" - ) # correct output should be (true, '"gnome-terminal-server"') machine.wait_until_succeeds( "${wmClass} | grep -q 'gnome-terminal-server'" diff --git a/nixos/tests/hardened.nix b/nixos/tests/hardened.nix index 5ed0dfcf9ab..8d845de70e2 100644 --- a/nixos/tests/hardened.nix +++ b/nixos/tests/hardened.nix @@ -1,4 +1,4 @@ -import ./make-test.nix ({ pkgs, latestKernel ? false, ... } : { +import ./make-test-python.nix ({ pkgs, latestKernel ? false, ... } : { name = "hardened"; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ joachifm ]; @@ -47,84 +47,88 @@ import ./make-test.nix ({ pkgs, latestKernel ? false, ... } : { }; in '' - $machine->waitForUnit("multi-user.target"); + machine.wait_for_unit("multi-user.target") + + + with subtest("AppArmor profiles are loaded"): + machine.succeed("systemctl status apparmor.service") - subtest "apparmor-loaded", sub { - $machine->succeed("systemctl status apparmor.service"); - }; # AppArmor securityfs - subtest "apparmor-securityfs", sub { - $machine->succeed("mountpoint -q /sys/kernel/security"); - $machine->succeed("cat /sys/kernel/security/apparmor/profiles"); - }; + with subtest("AppArmor securityfs is mounted"): + machine.succeed("mountpoint -q /sys/kernel/security") + machine.succeed("cat /sys/kernel/security/apparmor/profiles") + # Test loading out-of-tree modules - subtest "extra-module-packages", sub { - $machine->succeed("grep -Fq wireguard /proc/modules"); - }; + with subtest("Out-of-tree modules can be loaded"): + machine.succeed("grep -Fq wireguard /proc/modules") + # Test hidepid - subtest "hidepid", sub { - $machine->succeed("grep -Fq hidepid=2 /proc/mounts"); + with subtest("hidepid=2 option is applied and works"): + machine.succeed("grep -Fq hidepid=2 /proc/mounts") # cannot use pgrep -u here, it segfaults when access to process info is denied - $machine->succeed("[ `su - sybil -c 'ps --no-headers --user root | wc -l'` = 0 ]"); - $machine->succeed("[ `su - alice -c 'ps --no-headers --user root | wc -l'` != 0 ]"); - }; + machine.succeed("[ `su - sybil -c 'ps --no-headers --user root | wc -l'` = 0 ]") + machine.succeed("[ `su - alice -c 'ps --no-headers --user root | wc -l'` != 0 ]") + # Test kernel module hardening - subtest "lock-modules", sub { + with subtest("No more kernel modules can be loaded"): # note: this better a be module we normally wouldn't load ... - $machine->fail("modprobe dccp"); - }; + machine.fail("modprobe dccp") + # Test userns - subtest "userns", sub { - $machine->succeed("unshare --user true"); - $machine->fail("su -l alice -c 'unshare --user true'"); - }; + with subtest("User namespaces are restricted"): + machine.succeed("unshare --user true") + machine.fail("su -l alice -c 'unshare --user true'") + # Test dmesg restriction - subtest "dmesg", sub { - $machine->fail("su -l alice -c dmesg"); - }; + with subtest("Regular users cannot access dmesg"): + machine.fail("su -l alice -c dmesg") + # Test access to kcore - subtest "kcore", sub { - $machine->fail("cat /proc/kcore"); - }; + with subtest("Kcore is inaccessible as root"): + machine.fail("cat /proc/kcore") + # Test deferred mount - subtest "mount", sub { - $machine->fail("mountpoint -q /efi"); # was deferred - $machine->execute("mkdir -p /efi"); - $machine->succeed("mount /dev/disk/by-label/EFISYS /efi"); - $machine->succeed("mountpoint -q /efi"); # now mounted - }; + with subtest("Deferred mounts work"): + machine.fail("mountpoint -q /efi") # was deferred + machine.execute("mkdir -p /efi") + machine.succeed("mount /dev/disk/by-label/EFISYS /efi") + machine.succeed("mountpoint -q /efi") # now mounted + # Test Nix dæmon usage - subtest "nix-daemon", sub { - $machine->fail("su -l nobody -s /bin/sh -c 'nix ping-store'"); - $machine->succeed("su -l alice -c 'nix ping-store'") =~ "OK"; - }; + with subtest("nix-daemon cannot be used by all users"): + machine.fail("su -l nobody -s /bin/sh -c 'nix ping-store'") + machine.succeed("su -l alice -c 'nix ping-store'") + # Test kernel image protection - subtest "kernelimage", sub { - $machine->fail("systemctl hibernate"); - $machine->fail("systemctl kexec"); - }; + with subtest("The kernel image is protected"): + machine.fail("systemctl hibernate") + machine.fail("systemctl kexec") - # Test hardened memory allocator - sub runMallocTestProg { - my ($progName, $errorText) = @_; - my $text = "fatal allocator error: " . $errorText; - $machine->fail("${hardened-malloc-tests}/bin/" . $progName) =~ $text; - }; - subtest "hardenedmalloc", sub { - runMallocTestProg("double_free_large", "invalid free"); - runMallocTestProg("unaligned_free_small", "invalid unaligned free"); - runMallocTestProg("write_after_free_small", "detected write after free"); - }; + # Test hardened memory allocator + def runMallocTestProg(prog_name, error_text): + text = "fatal allocator error: " + error_text + if not text in machine.fail( + "${hardened-malloc-tests}/bin/" + + prog_name + + " 2>&1" + ): + raise Exception("Hardened malloc does not work for {}".format(error_text)) + + + with subtest("The hardened memory allocator works"): + runMallocTestProg("double_free_large", "invalid free") + runMallocTestProg("unaligned_free_small", "invalid unaligned free") + runMallocTestProg("write_after_free_small", "detected write after free") ''; }) diff --git a/nixos/tests/openstack-image.nix b/nixos/tests/openstack-image.nix index 97c9137fe1d..0b57dfb8e7e 100644 --- a/nixos/tests/openstack-image.nix +++ b/nixos/tests/openstack-image.nix @@ -3,30 +3,30 @@ pkgs ? import ../.. { inherit system config; } }: -with import ../lib/testing.nix { inherit system pkgs; }; +with import ../lib/testing-python.nix { inherit system pkgs; }; with pkgs.lib; with import common/ec2.nix { inherit makeTest pkgs; }; let - image = - (import ../lib/eval-config.nix { - inherit system; - modules = [ - ../maintainers/scripts/openstack/openstack-image.nix - ../modules/testing/test-instrumentation.nix - ../modules/profiles/qemu-guest.nix - { - # Needed by nixos-rebuild due to lack of network access. - system.extraDependencies = with pkgs; [ - stdenv - ]; - } - ]; - }).config.system.build.openstackImage + "/nixos.qcow2"; + image = (import ../lib/eval-config.nix { + inherit system; + modules = [ + ../maintainers/scripts/openstack/openstack-image.nix + ../modules/testing/test-instrumentation.nix + ../modules/profiles/qemu-guest.nix + { + # Needed by nixos-rebuild due to lack of network access. + system.extraDependencies = with pkgs; [ + stdenv + ]; + } + ]; + }).config.system.build.openstackImage + "/nixos.qcow2"; sshKeys = import ./ssh-keys.nix pkgs; snakeOilPrivateKey = sshKeys.snakeOilPrivateKey.text; + snakeOilPrivateKeyFile = pkgs.writeText "private-key" snakeOilPrivateKey; snakeOilPublicKey = sshKeys.snakeOilPublicKey; in { @@ -39,32 +39,36 @@ in { SSH_HOST_ED25519_KEY:${replaceStrings ["\n"] ["|"] snakeOilPrivateKey} ''; script = '' - $machine->start; - $machine->waitForFile("/etc/ec2-metadata/user-data"); - $machine->waitForUnit("sshd.service"); + machine.start() + machine.wait_for_file("/etc/ec2-metadata/user-data") + machine.wait_for_unit("sshd.service") - $machine->succeed("grep unknown /etc/ec2-metadata/ami-manifest-path"); + machine.succeed("grep unknown /etc/ec2-metadata/ami-manifest-path") # We have no keys configured on the client side yet, so this should fail - $machine->fail("ssh -o BatchMode=yes localhost exit"); + machine.fail("ssh -o BatchMode=yes localhost exit") # Let's install our client private key - $machine->succeed("mkdir -p ~/.ssh"); + machine.succeed("mkdir -p ~/.ssh") - $machine->succeed("echo '${snakeOilPrivateKey}' > ~/.ssh/id_ed25519"); - $machine->succeed("chmod 600 ~/.ssh/id_ed25519"); + machine.copy_from_host_via_shell( + "${snakeOilPrivateKeyFile}", "~/.ssh/id_ed25519" + ) + machine.succeed("chmod 600 ~/.ssh/id_ed25519") # We haven't configured the host key yet, so this should still fail - $machine->fail("ssh -o BatchMode=yes localhost exit"); + machine.fail("ssh -o BatchMode=yes localhost exit") # Add the host key; ssh should finally succeed - $machine->succeed("echo localhost,127.0.0.1 ${snakeOilPublicKey} > ~/.ssh/known_hosts"); - $machine->succeed("ssh -o BatchMode=yes localhost exit"); + machine.succeed( + "echo localhost,127.0.0.1 ${snakeOilPublicKey} > ~/.ssh/known_hosts" + ) + machine.succeed("ssh -o BatchMode=yes localhost exit") # Just to make sure resizing is idempotent. - $machine->shutdown; - $machine->start; - $machine->waitForFile("/etc/ec2-metadata/user-data"); + machine.shutdown() + machine.start() + machine.wait_for_file("/etc/ec2-metadata/user-data") ''; }; @@ -86,9 +90,9 @@ in { } ''; script = '' - $machine->start; - $machine->waitForFile("/etc/testFile"); - $machine->succeed("cat /etc/testFile | grep -q 'whoa'"); + machine.start() + machine.wait_for_file("/etc/testFile") + assert "whoa" in machine.succeed("cat /etc/testFile") ''; }; } diff --git a/pkgs/applications/misc/html5validator/default.nix b/pkgs/applications/misc/html5validator/default.nix new file mode 100644 index 00000000000..657996d1da9 --- /dev/null +++ b/pkgs/applications/misc/html5validator/default.nix @@ -0,0 +1,25 @@ +{ buildPythonApplication, fetchFromGitHub, nose, openjdk, lib }: + +buildPythonApplication rec { + pname = "html5validator"; + version = "0.3.3"; + + src = fetchFromGitHub { + owner = "svenkreiss"; + repo = "html5validator"; + rev = "v${version}"; + sha256 = "130acqi0dsy3midg7hwslykzry6crr4ln6ia0f0avyywkz4bplsv"; + }; + + propagatedBuildInputs = [ openjdk ]; + + checkInputs = [ nose ]; + checkPhase = "PATH=$PATH:$out/bin nosetests"; + + meta = with lib; { + homepage = "https://github.com/svenkreiss/html5validator"; + description = "Command line tool that tests files for HTML5 validity"; + license = licenses.mit; + maintainers = [ maintainers.phunehehe ]; + }; +} diff --git a/pkgs/applications/misc/super_user_spark/default.nix b/pkgs/applications/misc/super_user_spark/default.nix deleted file mode 100644 index dd1218282d8..00000000000 --- a/pkgs/applications/misc/super_user_spark/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ mkDerivation, fetchgit, aeson, aeson-pretty, base, bytestring, directory -, filepath, hspec, hspec-core, HUnit, mtl, optparse-applicative -, parsec, process, pureMD5, QuickCheck, shelly, stdenv, text -, transformers, unix -}: -mkDerivation { - pname = "super-user-spark"; - version = "0.3.2.0-dev"; - src = fetchgit { - url = "https://github.com/NorfairKing/super-user-spark"; - sha256 = "0akyc51bghzkk8j75n0i8v8rrsklidwvljhx3aibxfbkqp33372g"; - rev = "ab8635682d67842b9e6d909cf3c618014e4157f2"; - }; - isLibrary = true; - isExecutable = true; - libraryHaskellDepends = [ - aeson aeson-pretty base bytestring directory filepath mtl - optparse-applicative parsec process pureMD5 shelly text - transformers unix - ]; - executableHaskellDepends = [ base ]; - testHaskellDepends = [ - aeson aeson-pretty base bytestring directory filepath hspec - hspec-core HUnit mtl optparse-applicative parsec process pureMD5 - QuickCheck shelly text transformers unix - ]; - jailbreak = true; - description = "Configure your dotfile deployment with a DSL"; - license = stdenv.lib.licenses.mit; - homepage = "https://github.com/NorfairKing/super-user-spark"; - maintainers = [ stdenv.lib.maintainers.badi ]; -} diff --git a/pkgs/applications/networking/browsers/opera/default.nix b/pkgs/applications/networking/browsers/opera/default.nix index 686ffee9148..f2bf39b548b 100644 --- a/pkgs/applications/networking/browsers/opera/default.nix +++ b/pkgs/applications/networking/browsers/opera/default.nix @@ -47,11 +47,11 @@ let in stdenv.mkDerivation rec { pname = "opera"; - version = "67.0.3575.31"; + version = "68.0.3618.63"; src = fetchurl { url = "${mirror}/${version}/linux/${pname}-stable_${version}_amd64.deb"; - sha256 = "1ghygin7xf5lwd77s8f6bag339di4alwlkqwjzlq20wzwx4lns4w"; + sha256 = "1643043ywz94x2yr7xyw7krfq53iwkr8qxlbydzq6zb2zina7jxd"; }; unpackCmd = "${dpkg}/bin/dpkg-deb -x $curSrc ."; diff --git a/pkgs/applications/networking/cluster/ssm-agent/default.nix b/pkgs/applications/networking/cluster/ssm-agent/default.nix index 0835d268cd7..c6f9217b35b 100644 --- a/pkgs/applications/networking/cluster/ssm-agent/default.nix +++ b/pkgs/applications/networking/cluster/ssm-agent/default.nix @@ -1,22 +1,56 @@ -{ stdenv, fetchFromGitHub, buildGoPackage }: +{ stdenv, fetchFromGitHub, buildGoPackage, bash, makeWrapper }: buildGoPackage rec { pname = "amazon-ssm-agent"; - version = "2.0.633.0"; + version = "2.3.1319.0"; goPackagePath = "github.com/aws/${pname}"; - subPackages = [ "agent" ]; + subPackages = [ + "agent" + "agent/framework/processor/executer/outofproc/worker" + "agent/framework/processor/executer/outofproc/worker" + "agent/framework/processor/executer/outofproc/sessionworker" + "agent/session/logging" + "agent/cli-main" + ]; + + buildInputs = [ makeWrapper ]; src = fetchFromGitHub { - rev = "v${version}"; + rev = version; owner = "aws"; repo = pname; - sha256 = "10arshfn2k3m3zzgw8b3xc6ywd0ss73746nq5srh2jir7mjzi4xv"; + sha256 = "1yiyhj7ckqa32b1rnbwn7zx89rsj00m5imn1xlpsw002ywxsxbnv"; }; preBuild = '' mv go/src/${goPackagePath}/vendor strange-vendor mv strange-vendor/src go/src/${goPackagePath}/vendor + + cd go/src/${goPackagePath} + echo ${version} > VERSION + + substituteInPlace agent/plugins/inventory/gatherers/application/dataProvider.go \ + --replace '"github.com/aws/amazon-ssm-agent/agent/plugins/configurepackage/localpackages"' "" + + go run agent/version/versiongenerator/version-gen.go + substituteInPlace agent/appconfig/constants_unix.go \ + --replace /usr/bin/ssm-document-worker $bin/bin/ssm-document-worker \ + --replace /usr/bin/ssm-session-worker $bin/bin/ssm-session-worker \ + --replace /usr/bin/ssm-session-logger $bin/bin/ssm-session-logger + cd - + ''; + + postBuild = '' + mv go/bin/agent go/bin/amazon-ssm-agent + mv go/bin/worker go/bin/ssm-document-worker + mv go/bin/sessionworker go/bin/ssm-session-worker + mv go/bin/logging go/bin/ssm-session-logger + mv go/bin/cli-main go/bin/ssm-cli + ''; + + postInstall = '' + wrapProgram $out/bin/amazon-ssm-agent --prefix PATH : ${bash}/bin ''; meta = with stdenv.lib; { @@ -24,7 +58,6 @@ buildGoPackage rec { homepage = "https://github.com/aws/amazon-ssm-agent"; license = licenses.asl20; platforms = platforms.unix; - maintainers = with maintainers; [ copumpkin ]; + maintainers = with maintainers; [ copumpkin manveru ]; }; } - diff --git a/pkgs/applications/networking/nextdns/default.nix b/pkgs/applications/networking/nextdns/default.nix index e6bb229b118..de3ff40e43c 100644 --- a/pkgs/applications/networking/nextdns/default.nix +++ b/pkgs/applications/networking/nextdns/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "nextdns"; - version = "1.7.0"; + version = "1.7.1"; src = fetchFromGitHub { owner = "nextdns"; repo = "nextdns"; rev = "v${version}"; - sha256 = "15xw8d6b9rv0lalzfllixm8n89clz9j8ag1gk4r16k7yv5l6xrpd"; + sha256 = "001swxmf7ga2g0ri3gsnwvgjcarwdhfg476ymblg34kk9wclidmy"; }; vendorSha256 = "09whpzsn16znyrknfm5zlhla253r69j6d751czza4c83m4r36swj"; diff --git a/pkgs/applications/office/espanso/default.nix b/pkgs/applications/office/espanso/default.nix index 04a40875f79..889f363dfb9 100644 --- a/pkgs/applications/office/espanso/default.nix +++ b/pkgs/applications/office/espanso/default.nix @@ -14,16 +14,16 @@ rustPlatform.buildRustPackage rec { pname = "espanso"; - version = "0.6.3"; + version = "0.7.0"; src = fetchFromGitHub { owner = "federico-terzi"; repo = pname; rev = "v${version}"; - sha256 = "1x5p7hniapggqd18rx26mjvdf33z7rm7zz5vsqm2siv3mcl19033"; + sha256 = "11xdnn1iwpx58s3wvjb6dkgfc6dzsblzb6fngc0np5vx8r2pccpg"; }; - cargoSha256 = "0liwwdncymjql5dw7rwhhimcr7qdbyvfgmsd0bawvi0ym7m1v408"; + cargoSha256 = "1yjpqjfrixscg52yhalybgp734w3sdqg5hxka8ppcvz7lp3w5b1s"; nativeBuildInputs = [ extra-cmake-modules diff --git a/pkgs/applications/science/electronics/kicad/base.nix b/pkgs/applications/science/electronics/kicad/base.nix index b7ab5fa70d9..2fd4c122041 100644 --- a/pkgs/applications/science/electronics/kicad/base.nix +++ b/pkgs/applications/science/electronics/kicad/base.nix @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { i18n = libraries.i18n; pname = "kicad-base"; - version = "${versions.${baseName}.kicadVersion.version}"; + version = "${builtins.substring 0 10 versions.${baseName}.kicadVersion.src.rev}"; src = fetchFromGitLab ( { diff --git a/pkgs/applications/science/electronics/kicad/default.nix b/pkgs/applications/science/electronics/kicad/default.nix index a8340a2c22c..e5ce1f0092e 100644 --- a/pkgs/applications/science/electronics/kicad/default.nix +++ b/pkgs/applications/science/electronics/kicad/default.nix @@ -9,7 +9,7 @@ , oceSupport ? false, opencascade , withOCCT ? true, opencascade-occt , ngspiceSupport ? true, libngspice -, scriptingSupport ? false, swig, python3 +, scriptingSupport ? true, swig, python3 , debug ? false, valgrind , with3d ? true , withI18n ? true diff --git a/pkgs/applications/science/electronics/kicad/libraries.nix b/pkgs/applications/science/electronics/kicad/libraries.nix index 4dde2a0a122..91ce30de5f0 100644 --- a/pkgs/applications/science/electronics/kicad/libraries.nix +++ b/pkgs/applications/science/electronics/kicad/libraries.nix @@ -15,7 +15,9 @@ let mkLib = name: stdenv.mkDerivation { pname = "kicad-${name}"; - version = "${version}"; + # Use the revision instead of `version` (which is an ISO 8601 date) + # to prevent duplicating the library when just the date changed + version = "${builtins.substring 0 10 libSources.${name}.rev}"; src = fetchFromGitHub ( { owner = "KiCad"; @@ -50,7 +52,7 @@ in i18n = let name = "i18n"; in stdenv.mkDerivation { pname = "kicad-${name}"; - version = "${version}"; + version = "${builtins.substring 0 10 libSources.${name}.rev}"; src = fetchFromGitLab ( { group = "kicad"; diff --git a/pkgs/applications/science/electronics/kicad/versions.nix b/pkgs/applications/science/electronics/kicad/versions.nix index 7299e8ee907..d001cc43367 100644 --- a/pkgs/applications/science/electronics/kicad/versions.nix +++ b/pkgs/applications/science/electronics/kicad/versions.nix @@ -27,25 +27,25 @@ }; "kicad-unstable" = { kicadVersion = { - version = "2020-07-21"; + version = "2020-08-22"; src = { - rev = "9a801d8b72f24e297a7d9d6e8cee2eef6cab2988"; - sha256 = "0yilmmng7y3rz1bxw2b0s0aqs8hdqr7ach2r45bx8v1f4bih4ka9"; + rev = "a2341f0f335b0abb9fc8cb86d19cbe6f9b38fade"; + sha256 = "0167yb39f800xarq3khn7sbdkgcx9j2ayhy8c7lhhks6kh7459g0"; }; }; libVersion = { - version = "2020-07-21"; + version = "2020-08-22"; libSources = { - i18n.rev = "a311975d139caf8be9848dd613a9800570adc245"; - i18n.sha256 = "1bkn2hhwcg8xdpn9yfm9nnqsg02c1nizhpxd4yhpxgifhh4psz1g"; - symbols.rev = "18572c4c118fe8ef779edf3131eebf2c33c6fa46"; - symbols.sha256 = "0hqx0aznzrnlbdkpsnl8mbs9bdgiv029d6zjh10nyjzcw27q3hxz"; + i18n.rev = "cbbb1efd940094bf0c3168280698b2b059a8c509"; + i18n.sha256 = "1q4jakn6m8smnr2mg7jgb520nrb6fag9mdvlcpx3smp3qbxka818"; + symbols.rev = "9ca6a5348cdeb88e699582d4ed051ff7303b44d3"; + symbols.sha256 = "13w6pb34rhz96rnar25z7kiscy6q1fm8l39hq1bpb8g9yn86ssz4"; templates.rev = "ae16953b81055855bcede4a33305413599d86a15"; templates.sha256 = "1pkv90p3liy3bj4nklxsvpzh9m56p0k5ldr22armvgqfaqaadx9v"; - footprints.rev = "4835f80b4a52256aa7a3eb650e6e0fef33a77d0d"; - footprints.sha256 = "00rc6phxmkry35i0xzry14axvh2akvvkly45s3xxi06vaydaw7i5"; - packages3d.rev = "9b560cf94a35b692ca516d37bdaf392ce10e549d"; - packages3d.sha256 = "0b9jglf77fy0n0r8xs4yqkv6zvipyfvp0z5dnqlzp32csy5aqpi1"; + footprints.rev = "f94c2d5d619d16033f69a555b449f59604d97865"; + footprints.sha256 = "1g71sk77jvqaf9xvgq6dkyvd9pij2lb4n0bn0dqnwddhwam935db"; + packages3d.rev = "f699b0e3c13fe75618086913e39279c85da14cc7"; + packages3d.sha256 = "0m5rb5axa946v729z35ga84in76y4zpk32qzi0hwqx957zy72hs9"; }; }; }; diff --git a/pkgs/applications/science/electronics/verilator/default.nix b/pkgs/applications/science/electronics/verilator/default.nix index 0613e22bbda..9c59ad3a394 100644 --- a/pkgs/applications/science/electronics/verilator/default.nix +++ b/pkgs/applications/science/electronics/verilator/default.nix @@ -1,22 +1,29 @@ -{ stdenv, fetchurl, perl, flex, bison }: +{ stdenv, fetchurl +, perl, flex, bison +}: stdenv.mkDerivation rec { pname = "verilator"; - version = "4.036"; + version = "4.040"; src = fetchurl { url = "https://www.veripool.org/ftp/${pname}-${version}.tgz"; - sha256 = "1sy02pgq3kvk8548l57hsh08vfbqdg8dghj8mwlybdi8fdjz4z1h"; + sha256 = "1qy0wllsmxva3c838spxwmacxx36r3njxwhgp172m4l3829785bf"; }; enableParallelBuilding = true; - buildInputs = [ perl flex bison ]; + buildInputs = [ perl ]; + nativeBuildInputs = [ flex bison ]; - meta = { + # these tests need some interpreter paths patched early on... + doCheck = false; + checkTarget = "test"; + + meta = with stdenv.lib; { description = "Fast and robust (System)Verilog simulator/compiler"; homepage = "https://www.veripool.org/wiki/verilator"; - license = stdenv.lib.licenses.lgpl3; - platforms = stdenv.lib.platforms.unix; - maintainers = with stdenv.lib.maintainers; [ thoughtpolice ]; + license = licenses.lgpl3; + platforms = platforms.unix; + maintainers = with maintainers; [ thoughtpolice ]; }; } diff --git a/pkgs/applications/science/logic/isabelle/default.nix b/pkgs/applications/science/logic/isabelle/default.nix index d2e49d81783..a12d75eabbe 100644 --- a/pkgs/applications/science/logic/isabelle/default.nix +++ b/pkgs/applications/science/logic/isabelle/default.nix @@ -3,18 +3,18 @@ stdenv.mkDerivation rec { pname = "isabelle"; - version = "2018"; + version = "2020"; dirname = "Isabelle${version}"; src = if stdenv.isDarwin then fetchurl { - url = "http://isabelle.in.tum.de/website-${dirname}/dist/${dirname}.dmg"; - sha256 = "0jwnvsf5whklq14ihaxs7b9nbic94mm56nvxljrdbvl6y628j9r5"; + url = "https://isabelle.in.tum.de/website-${dirname}/dist/${dirname}_macos.tar.gz"; + sha256 = "1sfr5filsaqj93g5y4p9n8g5652dhr4whj25x4lifdxr2pp560xx"; } else fetchurl { url = "https://isabelle.in.tum.de/website-${dirname}/dist/${dirname}_linux.tar.gz"; - sha256 = "1928lwrw1v1p9s23kix30ncpqm8djmrnjixj82f3ni2a8sc3hrsp"; + sha256 = "1bibabhlsvf6qsjjkgxcpq3cvl1z7r8yfcgqbhbvsiv69n3gyfk3"; }; buildInputs = [ perl polyml z3 ] @@ -42,14 +42,14 @@ stdenv.mkDerivation rec { ML_SOURCES="\$POLYML_HOME/src" EOF - cat >contrib/jdk/etc/settings <<EOF + cat >contrib/jdk*/etc/settings <<EOF ISABELLE_JAVA_PLATFORM=${stdenv.system} ISABELLE_JDK_HOME=${java} EOF echo ISABELLE_LINE_EDITOR=${rlwrap}/bin/rlwrap >>etc/settings - for comp in contrib/jdk contrib/polyml-* contrib/z3-*; do + for comp in contrib/jdk* contrib/polyml-* contrib/z3-*; do rm -rf $comp/x86* done '' + (if ! stdenv.isLinux then "" else '' @@ -66,7 +66,7 @@ stdenv.mkDerivation rec { bin/isabelle install $out/bin ''; - meta = { + meta = with stdenv.lib; { description = "A generic proof assistant"; longDescription = '' @@ -74,9 +74,9 @@ stdenv.mkDerivation rec { to be expressed in a formal language and provides tools for proving those formulas in a logical calculus. ''; - homepage = "http://isabelle.in.tum.de/"; - license = "LGPL"; - maintainers = [ stdenv.lib.maintainers.jwiegley ]; - platforms = stdenv.lib.platforms.linux; + homepage = "https://isabelle.in.tum.de/"; + license = licenses.bsd3; + maintainers = [ maintainers.jwiegley ]; + platforms = platforms.linux; }; } diff --git a/pkgs/applications/science/logic/mcy/default.nix b/pkgs/applications/science/logic/mcy/default.nix index bbdcacf2b50..eba910e07eb 100644 --- a/pkgs/applications/science/logic/mcy/default.nix +++ b/pkgs/applications/science/logic/mcy/default.nix @@ -7,13 +7,13 @@ let in stdenv.mkDerivation { pname = "mcy"; - version = "2020.07.06"; + version = "2020.08.03"; src = fetchFromGitHub { owner = "YosysHQ"; repo = "mcy"; - rev = "6e8433ed9acbface5e080719110a957d89d849df"; - sha256 = "1vbzg0rgmf7kp735m6p4msxc51vpsrdwk24ir7z0zxsb8lv53gg7"; + rev = "62048e69df13f8e03670424626755ae8ef4c36ff"; + sha256 = "15xxgzx1zxzx5kshqyrxnfx33cz6cjzxcdcn6z98jhs9bwyvf96f"; }; buildInputs = [ python ]; diff --git a/pkgs/applications/science/logic/symbiyosys/default.nix b/pkgs/applications/science/logic/symbiyosys/default.nix index b3ae4580256..9cf8b0845d4 100644 --- a/pkgs/applications/science/logic/symbiyosys/default.nix +++ b/pkgs/applications/science/logic/symbiyosys/default.nix @@ -1,20 +1,20 @@ { stdenv, fetchFromGitHub , bash, python3, yosys -, yices, boolector, aiger +, yices, boolector, z3, aiger }: stdenv.mkDerivation { pname = "symbiyosys"; - version = "2020.07.03"; + version = "2020.08.22"; src = fetchFromGitHub { owner = "YosysHQ"; repo = "SymbiYosys"; - rev = "06e80194c77f5cc38c6999b1d3047a2d6ca82e15"; - sha256 = "1hl03qy98pgq24ijyimf9pf7qxp42l7cki66wx48jys4m1s6n8v9"; + rev = "33b0bb7d836fe2a73dc7b10587222f2a718beef4"; + sha256 = "03rbrbwsji1sqcp2yhgbc0fca04zsryv2g4izjhdzv64nqjzjyhn"; }; - buildInputs = [ python3 ]; + buildInputs = [ ]; patchPhase = '' patchShebangs . @@ -26,14 +26,15 @@ stdenv.mkDerivation { # Fix various executable references substituteInPlace sbysrc/sby_core.py \ --replace '"/usr/bin/env", "bash"' '"${bash}/bin/bash"' \ - --replace ': "btormc"' ': "${boolector}/bin/btormc"' \ - --replace ': "yosys"' ': "${yosys}/bin/yosys"' \ - --replace ': "yosys-smtbmc"' ': "${yosys}/bin/yosys-smtbmc"' \ - --replace ': "yosys-abc"' ': "${yosys}/bin/yosys-abc"' \ - --replace ': "aigbmc"' ': "${aiger}/bin/aigbmc"' \ + --replace ', "btormc"' ', "${boolector}/bin/btormc"' \ + --replace ', "aigbmc"' ', "${aiger}/bin/aigbmc"' + + substituteInPlace sbysrc/sby_core.py \ + --replace '##yosys-program-prefix##' '"${yosys}/bin/"' ''; buildPhase = "true"; + installPhase = '' mkdir -p $out/bin $out/share/yosys/python3 @@ -43,6 +44,10 @@ stdenv.mkDerivation { chmod +x $out/bin/sby ''; + doCheck = false; # not all provers are yet packaged... + checkInputs = [ python3 yosys boolector yices z3 aiger ]; + checkPhase = "make test"; + meta = { description = "Tooling for Yosys-based verification flows"; homepage = "https://symbiyosys.readthedocs.io/"; diff --git a/pkgs/applications/science/math/qalculate-gtk/default.nix b/pkgs/applications/science/math/qalculate-gtk/default.nix index d1ab05d4cde..df622e7303d 100644 --- a/pkgs/applications/science/math/qalculate-gtk/default.nix +++ b/pkgs/applications/science/math/qalculate-gtk/default.nix @@ -12,7 +12,11 @@ stdenv.mkDerivation rec { }; patchPhase = '' + # The gnome-search-provider2.c file generated by gdbus-codegen depends + # on gio-unix-2.0, which is a Requires.private of gtk+-3.0, + # and private dependencies are dropped in our default patched pkg-config. # https://github.com/Qalculate/qalculate-gtk/pull/178 + # https://github.com/NixOS/nixpkgs/issues/292 substituteInPlace configure.ac --replace 'libxml-2.0' 'libxml-2.0 gio-unix-2.0' # https://github.com/Qalculate/qalculate-gtk/pull/179 diff --git a/pkgs/applications/version-management/git-and-tools/default.nix b/pkgs/applications/version-management/git-and-tools/default.nix index 41ef3cce465..657ae4605eb 100644 --- a/pkgs/applications/version-management/git-and-tools/default.nix +++ b/pkgs/applications/version-management/git-and-tools/default.nix @@ -98,7 +98,7 @@ let git-fame = callPackage ./git-fame {}; - git-fast-export = callPackage ./fast-export { }; + git-fast-export = callPackage ./fast-export { mercurial = mercurial_4; }; git-filter-repo = callPackage ./git-filter-repo { pythonPackages = python3Packages; diff --git a/pkgs/applications/version-management/git-and-tools/fast-export/default.nix b/pkgs/applications/version-management/git-and-tools/fast-export/default.nix index 22009f10d44..80f048d0575 100644 --- a/pkgs/applications/version-management/git-and-tools/fast-export/default.nix +++ b/pkgs/applications/version-management/git-and-tools/fast-export/default.nix @@ -1,13 +1,14 @@ -{stdenv, fetchgit, mercurial, makeWrapper}: +{stdenv, fetchFromGitHub, git, mercurial, makeWrapper}: stdenv.mkDerivation rec { pname = "fast-export"; - version = "190107"; + version = "200213"; - src = fetchgit { - url = "git://repo.or.cz/fast-export.git"; + src = fetchFromGitHub { + owner = "frej"; + repo = pname; rev = "v${version}"; - sha256 = "14azfps9jd5anivcvfwflgsvqdyy6gm9jy284kzx2ng9f7871d14"; + sha256 = "0hzyh66rlawxip4n2pvz7pbs0cq82clqv1d6c7hf60v1drjxw287"; }; buildInputs = [mercurial.python mercurial makeWrapper]; @@ -27,11 +28,34 @@ stdenv.mkDerivation rec { for script in $out/bin/*.sh; do wrapProgram $script \ - --prefix PATH : "${mercurial.python}/bin":$libexec \ + --prefix PATH : "${git}/bin":"${mercurial.python}/bin":$libexec \ --prefix PYTHONPATH : "${mercurial}/${mercurial.python.sitePackages}":$sitepackagesPath done ''; + doInstallCheck = true; + # deliberately not adding git or hg into installCheckInputs - package should + # be able to work without them in runtime env + installCheckPhase = '' + mkdir repo-hg + pushd repo-hg + ${mercurial}/bin/hg init + echo foo > bar + ${mercurial}/bin/hg add bar + ${mercurial}/bin/hg commit --message "baz" + popd + + mkdir repo-git + pushd repo-git + ${git}/bin/git init + ${git}/bin/git config core.ignoreCase false # for darwin + $out/bin/hg-fast-export.sh -r ../repo-hg/ --hg-hash + for s in "foo" "bar" "baz" ; do + (${git}/bin/git show | grep $s > /dev/null) && echo $s found + done + popd + ''; + meta = with stdenv.lib; { description = "Import mercurial into git"; homepage = "https://repo.or.cz/w/fast-export.git"; diff --git a/pkgs/desktops/gnome-3/core/gnome-shell/default.nix b/pkgs/desktops/gnome-3/core/gnome-shell/default.nix index 17f359e7d28..8f2e78c639c 100644 --- a/pkgs/desktops/gnome-3/core/gnome-shell/default.nix +++ b/pkgs/desktops/gnome-3/core/gnome-shell/default.nix @@ -67,13 +67,13 @@ let in stdenv.mkDerivation rec { pname = "gnome-shell"; - version = "3.36.4"; + version = "3.36.5"; outputs = [ "out" "devdoc" ]; src = fetchurl { - url = "mirror://gnome/sources/gnome-shell/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "1nyibrr98ijn65z9ki0k7xzcwcliwy2jqssz0l0jalpbkhnr751d"; + url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; + sha256 = "1hj7gmjmy92xndlgw7pzk5m6j2fbzcgfd1pxc32k38gml8qg19d4"; }; patches = [ diff --git a/pkgs/desktops/gnome-3/extensions/night-theme-switcher/default.nix b/pkgs/desktops/gnome-3/extensions/night-theme-switcher/default.nix index 71b53094674..f170a2fb190 100644 --- a/pkgs/desktops/gnome-3/extensions/night-theme-switcher/default.nix +++ b/pkgs/desktops/gnome-3/extensions/night-theme-switcher/default.nix @@ -1,26 +1,24 @@ -{ stdenv, fetchFromGitLab }: +{ stdenv, fetchFromGitLab, glib, gnome3, unzip }: stdenv.mkDerivation rec { pname = "gnome-shell-extension-night-theme-switcher"; - version = "19"; + version = "36"; src = fetchFromGitLab { owner = "rmnvgr"; repo = "nightthemeswitcher-gnome-shell-extension"; rev = "v${version}"; - sha256 = "1ll0yf1skf51wa10mlrajd1dy459w33kx0i3vhfcx2pdk7mw5a3c"; + sha256 = "1c88979qprwb5lj0v7va017w7rdr89a648anhw4k5q135jwyskpz"; }; - # makefile tries to do install in home directory using - # `gnome-extensions install` - dontBuild = true; + buildInputs = [ glib gnome3.gnome-shell unzip ]; uuid = "nightthemeswitcher@romainvigier.fr"; installPhase = '' runHook preInstall mkdir -p $out/share/gnome-shell/extensions/ - cp -r src/ $out/share/gnome-shell/extensions/${uuid} + unzip build/${uuid}.shell-extension.zip -d $out/share/gnome-shell/extensions/${uuid} runHook postInstall ''; diff --git a/pkgs/development/compilers/nextpnr/default.nix b/pkgs/development/compilers/nextpnr/default.nix index dc8f750c567..5dfefa61220 100644 --- a/pkgs/development/compilers/nextpnr/default.nix +++ b/pkgs/development/compilers/nextpnr/default.nix @@ -14,14 +14,14 @@ let in with stdenv; mkDerivation rec { pname = "nextpnr"; - version = "2020.07.08"; + version = "2020.08.22"; srcs = [ (fetchFromGitHub { owner = "YosysHQ"; repo = "nextpnr"; - rev = "3cafb16aa634d2bc369077d8d36760d23973a35b"; - sha256 = "0z6q8f2f97jr037d51h097vck9jspidjn0pb5irlj0xdnb5si0js"; + rev = "c8ecb8341ca766e1e7565cc2b652b63eaba67508"; + sha256 = "1cf9ad7w5x452qdc6m9c3in6v9yzip3n1as978lbdh76f5mc00fv"; name = "nextpnr"; }) (fetchFromGitHub { diff --git a/pkgs/development/compilers/yosys/default.nix b/pkgs/development/compilers/yosys/default.nix index 7d645da8b4b..c3185ca4e0e 100644 --- a/pkgs/development/compilers/yosys/default.nix +++ b/pkgs/development/compilers/yosys/default.nix @@ -16,13 +16,13 @@ stdenv.mkDerivation rec { pname = "yosys"; - version = "2020.07.07"; + version = "2020.08.22"; src = fetchFromGitHub { owner = "YosysHQ"; repo = "yosys"; - rev = "000fd08198487cd1d36e65e4470f4b0269c23a2b"; - sha256 = "01s252vwh4g1f4y99nfrkpf6hgvh9k63nz8hvpmjza5z8x6zf4i1"; + rev = "12132b6850747aec99715fdfa3184fe3ebefa015"; + sha256 = "1v6x1y2f3r8vi7pnkgx374rrv02xgmg9yg23f61n7d1v2rd6y5cc"; }; enableParallelBuilding = true; diff --git a/pkgs/development/coq-modules/coqprime/default.nix b/pkgs/development/coq-modules/coqprime/default.nix index a049fa94d41..0ead97ffbf0 100644 --- a/pkgs/development/coq-modules/coqprime/default.nix +++ b/pkgs/development/coq-modules/coqprime/default.nix @@ -6,6 +6,10 @@ let version = "8.8"; sha256 = "075yjczk79pf1hd3lgdjiz84ilkzfxjh18lgzrhhqp7d3kz5lxp5"; }; + v_8_10 = { + version = "8.10"; + sha256 = "0r9gnh5a5ykiiz5h1i8xnzgiydpwc4z9qhndxyya85xq0f910qaz"; + }; in { "8.7" = { @@ -14,10 +18,8 @@ let }; "8.8" = v_8_8; "8.9" = v_8_8; - "8.10" = { - version = "8.10"; - sha256 = "0r9gnh5a5ykiiz5h1i8xnzgiydpwc4z9qhndxyya85xq0f910qaz"; - }; + "8.10" = v_8_10; + "8.11" = v_8_10; }; param = params.${coq.coq-version}; in diff --git a/pkgs/development/interpreters/groovy/default.nix b/pkgs/development/interpreters/groovy/default.nix index 1572f5e4be2..97e997bdd69 100644 --- a/pkgs/development/interpreters/groovy/default.nix +++ b/pkgs/development/interpreters/groovy/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { pname = "groovy"; - version = "3.0.2"; + version = "3.0.3"; src = fetchurl { url = "http://dl.bintray.com/groovy/maven/apache-groovy-binary-${version}.zip"; - sha256 = "1ddw3fqrmwh4w6z6xgck4jhmq33rwgbmpjw07g12ri1vgw4xks9w"; + sha256 = "0xdm70b61pdj8z3g08az16y9b6cpz5hv7iwvwfyfyxrjdi47h419"; }; buildInputs = [ unzip makeWrapper ]; diff --git a/pkgs/development/libraries/libguestfs/default.nix b/pkgs/development/libraries/libguestfs/default.nix index 411ae0a3316..234e1164893 100644 --- a/pkgs/development/libraries/libguestfs/default.nix +++ b/pkgs/development/libraries/libguestfs/default.nix @@ -1,6 +1,6 @@ { stdenv, fetchurl, pkgconfig, autoreconfHook, makeWrapper , ncurses, cpio, gperf, cdrkit, flex, bison, qemu, pcre, augeas, libxml2 -, acl, libcap, libcap_ng, libconfig, systemd, fuse, yajl, libvirt, hivex +, acl, libcap, libcap_ng, libconfig, systemd, fuse, yajl, libvirt, hivex, db , gmp, readline, file, numactl, xen, libapparmor, jansson , getopt, perlPackages, ocamlPackages , appliance ? null @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { buildInputs = [ ncurses cpio gperf jansson cdrkit flex bison qemu pcre augeas libxml2 acl libcap libcap_ng libconfig - systemd fuse yajl libvirt gmp readline file hivex + systemd fuse yajl libvirt gmp readline file hivex db numactl xen libapparmor getopt perlPackages.ModuleBuild ] ++ (with perlPackages; [ perl libintl_perl GetoptLong SysVirt ]) ++ (with ocamlPackages; [ ocaml findlib ocamlbuild ocaml_libvirt gettext-stub ounit ]) diff --git a/pkgs/development/libraries/science/math/magma/default.nix b/pkgs/development/libraries/science/math/magma/default.nix index dbe162c60b3..38700c963bf 100644 --- a/pkgs/development/libraries/science/math/magma/default.nix +++ b/pkgs/development/libraries/science/math/magma/default.nix @@ -1,19 +1,21 @@ -{ stdenv, fetchurl, cmake, gfortran, cudatoolkit, libpthreadstubs, lapack, blas }: +{ stdenv, fetchurl, cmake, gfortran, ninja, cudatoolkit, libpthreadstubs, lapack, blas }: with stdenv.lib; -let version = "2.5.0"; +let version = "2.5.3"; in stdenv.mkDerivation { pname = "magma"; inherit version; src = fetchurl { url = "https://icl.cs.utk.edu/projectsfiles/magma/downloads/magma-${version}.tar.gz"; - sha256 = "0czspk93cv1fy37zyrrc9k306q4yzfxkhy1y4lj937dx8rz5rm2g"; + sha256 = "1xjy3irdx0w1zyhvn4x47zni5fwsh6z97xd4yqldz8zrm5lx40n6"; name = "magma-${version}.tar.gz"; }; - buildInputs = [ gfortran cudatoolkit libpthreadstubs cmake lapack blas ]; + nativeBuildInputs = [ gfortran cmake ninja ]; + + buildInputs = [ cudatoolkit libpthreadstubs lapack blas ]; doCheck = false; @@ -32,7 +34,7 @@ in stdenv.mkDerivation { mkdir -p $out/lib/pkgconfig cp -a ../include/*.h $out/include #cp -a sparse-iter/include/*.h $out/include - cp -a lib/*.a $out/lib + cp -a lib/*.so $out/lib cat ../lib/pkgconfig/magma.pc.in | \ sed -e s:@INSTALL_PREFIX@:"$out": | \ sed -e s:@CFLAGS@:"-I$out/include": | \ diff --git a/pkgs/development/ocaml-modules/hidapi/default.nix b/pkgs/development/ocaml-modules/hidapi/default.nix new file mode 100644 index 00000000000..cd95b34fa2b --- /dev/null +++ b/pkgs/development/ocaml-modules/hidapi/default.nix @@ -0,0 +1,27 @@ +{ pkgs, lib, fetchurl, buildDunePackage, pkg-config +, bigstring, +}: + +buildDunePackage rec { + pname = "hidapi"; + version = "1.1.1"; + + src = fetchurl { + url = "https://github.com/vbmithr/ocaml-hidapi/releases/download/${version}/${pname}-${version}.tbz"; + sha256 = "1j7rd7ajrzla76r3sxljx6fb18f4f4s3jd7vhv59l2ilxyxycai2"; + }; + + minimumOCamlVersion = "4.03"; + + buildInputs = [ pkgs.hidapi pkg-config ]; + propagatedBuildInputs = [ bigstring ]; + + doCheck = true; + + meta = with lib; { + homepage = https://github.com/vbmithr/ocaml-hidapi; + description = "Bindings to Signal11's hidapi library"; + license = licenses.isc; + maintainers = [ maintainers.alexfmpe ]; + }; +} diff --git a/pkgs/development/ocaml-modules/ocamlgraph/default.nix b/pkgs/development/ocaml-modules/ocamlgraph/default.nix index d2a94112eb3..df684f166e1 100644 --- a/pkgs/development/ocaml-modules/ocamlgraph/default.nix +++ b/pkgs/development/ocaml-modules/ocamlgraph/default.nix @@ -1,4 +1,7 @@ -{stdenv, fetchurl, ocaml, findlib, lablgtk ? null}: +{ stdenv, fetchurl, ocaml, findlib +, gtkSupport ? true +, lablgtk +}: stdenv.mkDerivation rec { pname = "ocamlgraph"; @@ -9,22 +12,19 @@ stdenv.mkDerivation rec { sha256 = "0m9g16wrrr86gw4fz2fazrh8nkqms0n863w7ndcvrmyafgxvxsnr"; }; - buildInputs = [ ocaml findlib lablgtk ]; - - patches = ./destdir.patch; - - postPatch = '' - sed -i 's@$(DESTDIR)$(OCAMLLIB)/ocamlgraph@$(DESTDIR)/lib/ocaml/${ocaml.version}/site-lib/ocamlgraph@' Makefile.in - sed -i 's@OCAMLFINDDEST := -destdir $(DESTDIR)@@' Makefile.in - ${stdenv.lib.optionalString (lablgtk != null) - "sed -i 's@+lablgtk2@${lablgtk}/lib/ocaml/${ocaml.version}/site-lib/lablgtk2 -I ${lablgtk}/lib/ocaml/${ocaml.version}/site-lib/stublibs@' configure Makefile.in editor/Makefile"} - ''; + buildInputs = [ ocaml findlib ] + ++ stdenv.lib.optional gtkSupport lablgtk + ; createFindlibDestdir = true; - buildPhase = '' - make all - make install-findlib + buildFlags = [ "all" ]; + installTargets = [ "install-findlib" ]; + + postInstall = stdenv.lib.optionalString gtkSupport '' + mkdir -p $out/bin + cp dgraph/dgraph.opt $out/bin/graph-viewer + cp editor/editor.opt $out/bin/graph-editor ''; meta = { diff --git a/pkgs/development/ocaml-modules/ocamlgraph/destdir.patch b/pkgs/development/ocaml-modules/ocamlgraph/destdir.patch deleted file mode 100644 index 38fca1c491f..00000000000 --- a/pkgs/development/ocaml-modules/ocamlgraph/destdir.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -Naur -x '*~' ocamlgraph-1.8.1/Makefile.in ocamlgraph-1.8.1-new//Makefile.in ---- ocamlgraph-1.8.1/Makefile.in 2011-10-17 09:57:03.000000000 -0430 -+++ ocamlgraph-1.8.1-new//Makefile.in 2011-11-24 13:01:22.626004819 -0430 -@@ -16,8 +16,8 @@ - ########################################################################## - - # Where to install the binaries --DESTDIR = - prefix =@prefix@ -+DESTDIR=$(prefix) - exec_prefix=@exec_prefix@ - datarootdir=@datarootdir@ - BINDIR =$(DESTDIR)@bindir@ diff --git a/pkgs/development/python-modules/awkward1/default.nix b/pkgs/development/python-modules/awkward1/default.nix index 635ffac2638..1e4958f37e6 100644 --- a/pkgs/development/python-modules/awkward1/default.nix +++ b/pkgs/development/python-modules/awkward1/default.nix @@ -10,11 +10,11 @@ buildPythonPackage rec { pname = "awkward1"; - version = "0.2.27"; + version = "0.2.33"; src = fetchPypi { inherit pname version; - sha256 = "c868437aabb2e95efbc522c43d47cac42e1c61904c7ddbebf2f41c6b63bb9c6f"; + sha256 = "bf3de210d0a88fb14a97c296f54ed2d5b686a785bb5fd7a31277f22b8daa9513"; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/python-modules/pandas/default.nix b/pkgs/development/python-modules/pandas/default.nix index cebb7c2b938..7b246a38cb9 100644 --- a/pkgs/development/python-modules/pandas/default.nix +++ b/pkgs/development/python-modules/pandas/default.nix @@ -58,6 +58,10 @@ in buildPythonPackage rec { xlwt ]; + # doesn't work with -Werror,-Wunused-command-line-argument + # https://github.com/NixOS/nixpkgs/issues/39687 + hardeningDisable = optional stdenv.cc.isClang "strictoverflow"; + # For OSX, we need to add a dependency on libcxx, which provides # `complex.h` and other libraries that pandas depends on to build. postPatch = optionalString isDarwin '' diff --git a/pkgs/development/python-modules/sabyenc3/default.nix b/pkgs/development/python-modules/sabyenc3/default.nix new file mode 100644 index 00000000000..05b667fedc1 --- /dev/null +++ b/pkgs/development/python-modules/sabyenc3/default.nix @@ -0,0 +1,22 @@ +{ lib, fetchPypi, python3Packages }: + +python3Packages.buildPythonPackage rec { + pname = "sabyenc3"; + version = "4.0.0"; + + src = fetchPypi { + inherit pname version; + sha256 = "0zfj1k4zij8ph8jwkq4d6i6axym8cil16yijxshqla5163d1031z"; + }; + + # tests are not included in pypi distribution + doCheck = false; + + meta = { + description = "yEnc Decoding for Python 3"; + homepage = "https://github.com/sabnzbd/sabyenc/"; + license = lib.licenses.lgpl3; + maintainers = [ lib.maintainers.lovek323 ]; + }; + +} diff --git a/pkgs/development/tools/icestorm/default.nix b/pkgs/development/tools/icestorm/default.nix index 091a4638433..15ca059a880 100644 --- a/pkgs/development/tools/icestorm/default.nix +++ b/pkgs/development/tools/icestorm/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { pname = "icestorm"; - version = "2020.07.08"; + version = "2020.08.19"; passthru = rec { pythonPkg = if usePyPy then pypy3 else python3; @@ -19,10 +19,10 @@ stdenv.mkDerivation rec { }; src = fetchFromGitHub { - owner = "cliffordwolf"; + owner = "YosysHQ"; repo = "icestorm"; - rev = "d12308775684cf43ab923227235b4ad43060015e"; - sha256 = "18ykv6np8sp7rb7c1cm3ha3qnj280gpkyn476faahb15jh0nbjmw"; + rev = "da52117ccd5b4147f64dc7345357ec5439cd7543"; + sha256 = "072bl3vmvb06ry0ci3b1sfjpm3iigb874khzja4azcai969ybp4k"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/development/tools/rust/maturin/default.nix b/pkgs/development/tools/rust/maturin/default.nix index 8ddbbcc8204..723ea94152c 100644 --- a/pkgs/development/tools/rust/maturin/default.nix +++ b/pkgs/development/tools/rust/maturin/default.nix @@ -5,16 +5,16 @@ let inherit (darwin.apple_sdk.frameworks) Security; in rustPlatform.buildRustPackage rec { name = "maturin-${version}"; - version = "0.8.2"; + version = "0.8.3"; src = fetchFromGitHub { owner = "PyO3"; repo = "maturin"; rev = "v${version}"; - sha256 = "1y6bxqbv7k8xvqjzgpf6n2n3yad4qxr2dwwlw8cb0knd7cfl2a2n"; + sha256 = "08l5r7d75id6qzf8xhkjv4hkdr64cq4dbcmdjywmvf9szjbnr65z"; }; - cargoSha256 = "1f12k6n58ycv79bv416566fnsnsng8jk3f6fy5j78py1qgy30swm"; + cargoSha256 = "1n0sxkhcdg2rbzqd7826pa7sxlnn0c2sc8l6lc98xw21vvqisc8n"; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/development/tools/trellis/default.nix b/pkgs/development/tools/trellis/default.nix index 6fc18fabe7b..21f14adc2f7 100644 --- a/pkgs/development/tools/trellis/default.nix +++ b/pkgs/development/tools/trellis/default.nix @@ -8,18 +8,18 @@ let in stdenv.mkDerivation rec { pname = "trellis"; - version = "2020.06.29"; + version = "2020.07.27"; # git describe --tags realVersion = with stdenv.lib; with builtins; - "1.0-176-g${substring 0 7 (elemAt srcs 0).rev}"; + "1.0-182-g${substring 0 7 (elemAt srcs 0).rev}"; srcs = [ (fetchFromGitHub { owner = "SymbiFlow"; repo = "prjtrellis"; - rev = "f93243b000c52b755c70829768d2ae6bcf7bb91a"; - sha256 = "0f7xv99bxmidk7byahc821yzy8mln29gknz3w239i9xbwxzc6wc4"; + rev = "8c0a6382e11b160ed88d17af8493c12a897617ed"; + sha256 = "1g0ppjfw8dq5cg5kl2p1p87grb0i88apaim4f5b6wj4sfqz8iln8"; name = "trellis"; }) diff --git a/pkgs/games/tome2/default.nix b/pkgs/games/tome2/default.nix index a632e523aaa..fa73697ab42 100644 --- a/pkgs/games/tome2/default.nix +++ b/pkgs/games/tome2/default.nix @@ -9,7 +9,7 @@ let name = pname; exec = "${pname}-x11"; icon = pname; - terminal = "False"; + terminal = "false"; comment = description; type = "Application"; categories = "Game;RolePlaying;"; diff --git a/pkgs/servers/bazarr/default.nix b/pkgs/servers/bazarr/default.nix index 075b5e58447..08b05084e9e 100644 --- a/pkgs/servers/bazarr/default.nix +++ b/pkgs/servers/bazarr/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "bazarr"; - version = "0.8.4.4"; + version = "0.9"; src = fetchurl { url = "https://github.com/morpheus65535/bazarr/archive/v${version}.tar.gz"; - sha256 = "09qpy5fyyidi45968qg37cighfh3rgwsi8pfz4fk5fp2v1xq23yg"; + sha256 = "106f0gagq81rwykppyfjc7q8ibq3j89lp08hqgbmcv26hxb89rbj"; }; nativeBuildInputs = [ makeWrapper ]; @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { cp -r * $out/src mkdir -p $out/bin - makeWrapper "${(python3.withPackages (ps: [ps.lxml])).interpreter}" \ + makeWrapper "${(python3.withPackages (ps: [ps.lxml ps.numpy])).interpreter}" \ $out/bin/bazarr \ --add-flags "$out/src/bazarr.py" \ ''; diff --git a/pkgs/servers/rippled/default.nix b/pkgs/servers/rippled/default.nix index 426b29c4b08..c9095339cc3 100644 --- a/pkgs/servers/rippled/default.nix +++ b/pkgs/servers/rippled/default.nix @@ -31,8 +31,8 @@ let nudb = fetchgit rec { url = "https://github.com/CPPAlliance/NuDB.git"; - rev = "2.0.1"; - sha256 = "10hlp2k7pc0c705f8sk0qw6mjfky0k08cjhh262bbjvp9fbdc7r4"; + rev = "2.0.3"; + sha256 = "0imd9sh6knydwa3pxa5bbvjs3bmb8650dnsvj04qgns6bynwlqh1"; leaveDotGit = true; fetchSubmodules = true; postFetch = "cd $out && git tag ${rev}"; @@ -49,8 +49,8 @@ let lz4 = fetchgit rec { url = "https://github.com/lz4/lz4.git"; - rev = "v1.8.2"; - sha256 = "1niv553q60hwn95yflzmrqkp1046hrid13h0yr36lm4fjza21h9w"; + rev = "v1.9.2"; + sha256 = "0322xy2vfhxkb8akas7vwajjgcigq1q8l9f5fnfmavcsd6kmxmgg"; leaveDotGit = true; fetchSubmodules = false; postFetch = "cd $out && git tag ${rev}"; @@ -58,8 +58,8 @@ let libarchive = fetchgit rec { url = "https://github.com/libarchive/libarchive.git"; - rev = "v3.3.3"; - sha256 = "165imgfmizpi4ffpiwfs8gxysn6lw3y1fxj5rga98filkl7hxs31"; + rev = "v3.4.3"; + sha256 = "00yrzy2129vr4nfhigd91651984sl447dyfjfz26dmzvna5hwzp1"; leaveDotGit = true; fetchSubmodules = false; postFetch = "cd $out && git tag ${rev}"; @@ -116,12 +116,12 @@ let }; in stdenv.mkDerivation rec { pname = "rippled"; - version = "1.5.0"; + version = "1.6.0"; src = fetchgit { url = "https://github.com/ripple/rippled.git"; rev = version; - sha256 = "0nh0x1ygrj3fw558vxbcp0md80qh27yrp3xhdlasrir7h1l2nplv"; + sha256 = "176i3dm98zp5jllslpzfhh52bd2lapq9i8r7m45v8sg9icvsmyz7"; leaveDotGit = true; fetchSubmodules = true; }; @@ -146,6 +146,9 @@ in stdenv.mkDerivation rec { git config --global url."file://${google-test}".insteadOf "${google-test.url}" git config --global url."file://${date}".insteadOf "${date.url}" + substituteInPlace Builds/CMake/deps/Sqlite.cmake --replace "http://www.sqlite.org/2018/sqlite-amalgamation-3260000.zip" "" + substituteInPlace Builds/CMake/deps/Sqlite.cmake --replace "https://www2.sqlite.org/2018/sqlite-amalgamation-3260000.zip" "" + substituteInPlace Builds/CMake/deps/Sqlite.cmake --replace "http://www2.sqlite.org/2018/sqlite-amalgamation-3260000.zip" "" substituteInPlace Builds/CMake/deps/Sqlite.cmake --replace "URL ${sqlite3.url}" "URL ${sqlite3}" ''; diff --git a/pkgs/servers/sabnzbd/default.nix b/pkgs/servers/sabnzbd/default.nix index 54d327d5fc4..f6b0574fa5c 100644 --- a/pkgs/servers/sabnzbd/default.nix +++ b/pkgs/servers/sabnzbd/default.nix @@ -1,17 +1,33 @@ -{stdenv, fetchFromGitHub, python2, par2cmdline, unzip, unrar, p7zip, makeWrapper}: +{ stdenv +, fetchFromGitHub +, python3 +, par2cmdline +, unzip +, unrar +, p7zip +, makeWrapper +}: let - pythonEnv = python2.withPackages(ps: with ps; [ cryptography cheetah yenc sabyenc ]); + pythonEnv = python3.withPackages(ps: with ps; [ + chardet + cheetah3 + cherrypy + cryptography + configobj + feedparser + sabyenc3 + ]); path = stdenv.lib.makeBinPath [ par2cmdline unrar unzip p7zip ]; in stdenv.mkDerivation rec { - version = "2.3.9"; + version = "3.0.1"; pname = "sabnzbd"; src = fetchFromGitHub { owner = pname; repo = pname; rev = version; - sha256 = "06ln00rqz4xpsqhq0f495893xq1w5dfjawb8dgfyjjfds8627p16"; + sha256 = "1zp8cxz56qmai1z6xcscnq85gxhv64dv1s5zqsqdn0zpbxyqqdlr"; }; buildInputs = [ pythonEnv makeWrapper ]; diff --git a/pkgs/tools/X11/xpra/default.nix b/pkgs/tools/X11/xpra/default.nix index 6fe433daf8b..7f46e017c36 100644 --- a/pkgs/tools/X11/xpra/default.nix +++ b/pkgs/tools/X11/xpra/default.nix @@ -90,9 +90,12 @@ in buildPythonApplication rec { "--with-vsock" ]; + dontWrapGApps = true; preFixup = '' - gappsWrapperArgs+=( + makeWrapperArgs+=( + "''${gappsWrapperArgs[@]}" --set XPRA_INSTALL_PREFIX "$out" + --set XPRA_COMMAND "$out/bin/xpra" --prefix LD_LIBRARY_PATH : ${libfakeXinerama}/lib --prefix PATH : ${stdenv.lib.makeBinPath [ getopt xorgserver xauth which utillinux pulseaudio ]} ) diff --git a/pkgs/tools/security/ibm-sw-tpm2/default.nix b/pkgs/tools/security/ibm-sw-tpm2/default.nix index d6e8a521a2f..c177726bbb1 100644 --- a/pkgs/tools/security/ibm-sw-tpm2/default.nix +++ b/pkgs/tools/security/ibm-sw-tpm2/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "ibm-sw-tpm2"; - version = "1628"; + version = "1637"; src = fetchurl { url = "mirror://sourceforge/ibmswtpm2/ibmtpm${version}.tar.gz"; - sha256 = "18wywbsdp5sjrapznk2ydbmx0whz513dhybn1lls24xfl7kp9s58"; + sha256 = "09z3wbv38dc8wnw1q961s6bcd0kvz2xkjp6dxg4kn914fwzlqfnx"; }; buildInputs = [ openssl ]; diff --git a/pkgs/tools/text/miller/default.nix b/pkgs/tools/text/miller/default.nix index ead501763e7..4137fd4d278 100644 --- a/pkgs/tools/text/miller/default.nix +++ b/pkgs/tools/text/miller/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation rec { pname = "miller"; - version = "5.8.0"; + version = "5.9.0"; src = fetchFromGitHub { owner = "johnkerl"; repo = "miller"; rev = "v${version}"; - sha256 = "06y1l730xps196jbnxahmd5alc9ba5m8hakm9sc8hx1q5b9ylfih"; + sha256 = "14fi6jlqb980qjcpb90fk85cglskq9b9i2k0216bhpvjmagywgp7"; }; nativeBuildInputs = [ autoreconfHook flex libtool ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index fb04b0e54ca..69155ee8def 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -196,6 +196,8 @@ in hobbes = callPackage ../development/tools/hobbes { }; + html5validator = python36Packages.callPackage ../applications/misc/html5validator { }; + proto-contrib = callPackage ../development/tools/proto-contrib {}; protoc-gen-doc = callPackage ../development/tools/protoc-gen-doc {}; @@ -1486,8 +1488,12 @@ in ''; }); - caddy = callPackage ../servers/caddy { }; - caddy2 = callPackage ../servers/caddy/v2.nix { }; + caddy = callPackage ../servers/caddy { + buildGoModule = buildGo114Module; + }; + caddy2 = callPackage ../servers/caddy/v2.nix { + buildGoModule = buildGo114Module; + }; traefik = callPackage ../servers/traefik { }; calamares = libsForQt5.callPackage ../tools/misc/calamares { @@ -7066,8 +7072,6 @@ in supertux-editor = callPackage ../applications/editors/supertux-editor { }; - super-user-spark = haskellPackages.callPackage ../applications/misc/super_user_spark { }; - svgbob = callPackage ../tools/graphics/svgbob { }; svgcleaner = callPackage ../tools/graphics/svgcleaner { }; @@ -8430,7 +8434,9 @@ in cmucl_binary = pkgsi686Linux.callPackage ../development/compilers/cmucl/binary.nix { }; - compcert = callPackage ../development/compilers/compcert { }; + compcert = callPackage ../development/compilers/compcert { + inherit (coqPackages_8_10) coq; + }; computecpp-unwrapped = callPackage ../development/compilers/computecpp {}; computecpp = wrapCCWith rec { @@ -22981,7 +22987,9 @@ in # this can be changed to python3 once pyside2 is updated to support the latest python version syncplay = python37.pkgs.callPackage ../applications/networking/syncplay { }; - inherit (callPackages ../applications/networking/syncthing { }) + inherit (callPackages ../applications/networking/syncthing { + buildGoModule = buildGo114Module; + }) syncthing syncthing-cli syncthing-discovery @@ -25821,11 +25829,11 @@ in ifstat-legacy = callPackage ../tools/networking/ifstat-legacy { }; isabelle = callPackage ../applications/science/logic/isabelle { - polyml = stdenv.lib.overrideDerivation polyml57 (attrs: { + polyml = stdenv.lib.overrideDerivation polyml (attrs: { configureFlags = [ "--enable-intinf-as-int" "--with-gmp" "--disable-shared" ]; }); - java = if stdenv.isLinux then jre else jdk; + java = openjdk11; }; iprover = callPackage ../applications/science/logic/iprover { }; diff --git a/pkgs/top-level/coq-packages.nix b/pkgs/top-level/coq-packages.nix index 38f23ed8cd4..c6c75cd7ffd 100644 --- a/pkgs/top-level/coq-packages.nix +++ b/pkgs/top-level/coq-packages.nix @@ -130,7 +130,7 @@ in rec { coqPackages_8_11 = mkCoqPackages coq_8_11; coqPackages_8_12 = mkCoqPackages coq_8_12; coqPackages = recurseIntoAttrs (lib.mapDerivationAttrset lib.dontDistribute - coqPackages_8_9 + coqPackages_8_11 ); coq = coqPackages.coq; diff --git a/pkgs/top-level/ocaml-packages.nix b/pkgs/top-level/ocaml-packages.nix index f47fd2fbcfa..720fd729efb 100644 --- a/pkgs/top-level/ocaml-packages.nix +++ b/pkgs/top-level/ocaml-packages.nix @@ -312,6 +312,8 @@ let herelib = callPackage ../development/ocaml-modules/herelib { }; + hidapi = callPackage ../development/ocaml-modules/hidapi { }; + higlo = callPackage ../development/ocaml-modules/higlo { }; hkdf = callPackage ../development/ocaml-modules/hkdf { }; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index dd5b52edc90..6c1c8f92879 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -1560,6 +1560,8 @@ in { sabyenc = callPackage ../development/python-modules/sabyenc { }; + sabyenc3 = callPackage ../development/python-modules/sabyenc3 { }; + salmon-mail = callPackage ../development/python-modules/salmon-mail { }; sanic-auth = callPackage ../development/python-modules/sanic-auth { }; |