diff options
50 files changed, 680 insertions, 196 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index 40316b980f3..be7f176614c 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -178,6 +178,12 @@ services.mysql.initialScript = pkgs.writeText "mariadb-init.sql" '' </listitem> <listitem> <para> + <literal>vmware</literal> has been removed from the <literal>services.x11.videoDrivers</literal> defaults. + For VMWare guests set <literal>virtualisation.vmware.guest.enable</literal> to <literal>true</literal> which will include the appropriate drivers. + </para> + </listitem> + <listitem> + <para> The initrd SSH support now uses OpenSSH rather than Dropbear to allow the use of Ed25519 keys and other OpenSSH-specific functionality. Host keys must now be in the OpenSSH format, and at diff --git a/nixos/modules/config/i18n.nix b/nixos/modules/config/i18n.nix index cc2ddda9d32..feb76581a72 100644 --- a/nixos/modules/config/i18n.nix +++ b/nixos/modules/config/i18n.nix @@ -68,7 +68,8 @@ with lib; config = { environment.systemPackages = - optional (config.i18n.supportedLocales != []) config.i18n.glibcLocales; + # We increase the priority a little, so that plain glibc in systemPackages can't win. + optional (config.i18n.supportedLocales != []) (lib.setPrio (-1) config.i18n.glibcLocales); environment.sessionVariables = { LANG = config.i18n.defaultLocale; diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index f9ad1457fc8..0318acae50f 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -21,6 +21,7 @@ let # `serviceOpts.script` or `serviceOpts.serviceConfig.ExecStart` exporterOpts = genAttrs [ + "apcupsd" "bind" "blackbox" "collectd" @@ -28,6 +29,8 @@ let "dovecot" "fritzbox" "json" + "keylight" + "lnd" "mail" "mikrotik" "minio" diff --git a/nixos/modules/services/monitoring/prometheus/exporters/apcupsd.nix b/nixos/modules/services/monitoring/prometheus/exporters/apcupsd.nix new file mode 100644 index 00000000000..57c35a742c5 --- /dev/null +++ b/nixos/modules/services/monitoring/prometheus/exporters/apcupsd.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, options }: + +with lib; + +let + cfg = config.services.prometheus.exporters.apcupsd; +in +{ + port = 9162; + extraOpts = { + apcupsdAddress = mkOption { + type = types.str; + default = ":3551"; + description = '' + Address of the apcupsd Network Information Server (NIS). + ''; + }; + + apcupsdNetwork = mkOption { + type = types.enum ["tcp" "tcp4" "tcp6"]; + default = "tcp"; + description = '' + Network of the apcupsd Network Information Server (NIS): one of "tcp", "tcp4", or "tcp6". + ''; + }; + }; + serviceOpts = { + serviceConfig = { + ExecStart = '' + ${pkgs.prometheus-apcupsd-exporter}/bin/apcupsd_exporter \ + -telemetry.addr ${cfg.listenAddress}:${toString cfg.port} \ + -apcupsd.addr ${cfg.apcupsdAddress} \ + -apcupsd.network ${cfg.apcupsdNetwork} \ + ${concatStringsSep " \\\n " cfg.extraFlags} + ''; + }; + }; +} diff --git a/nixos/modules/services/monitoring/prometheus/exporters/keylight.nix b/nixos/modules/services/monitoring/prometheus/exporters/keylight.nix new file mode 100644 index 00000000000..dfa56343b87 --- /dev/null +++ b/nixos/modules/services/monitoring/prometheus/exporters/keylight.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, options }: + +with lib; + +let + cfg = config.services.prometheus.exporters.keylight; +in +{ + port = 9288; + serviceOpts = { + serviceConfig = { + ExecStart = '' + ${pkgs.prometheus-keylight-exporter}/bin/keylight_exporter \ + -metrics.addr ${cfg.listenAddress}:${toString cfg.port} \ + ${concatStringsSep " \\\n " cfg.extraFlags} + ''; + }; + }; +} diff --git a/nixos/modules/services/monitoring/prometheus/exporters/lnd.nix b/nixos/modules/services/monitoring/prometheus/exporters/lnd.nix new file mode 100644 index 00000000000..35f97202057 --- /dev/null +++ b/nixos/modules/services/monitoring/prometheus/exporters/lnd.nix @@ -0,0 +1,46 @@ +{ config, lib, pkgs, options }: + +with lib; + +let + cfg = config.services.prometheus.exporters.lnd; +in +{ + port = 9092; + extraOpts = { + lndHost = mkOption { + type = types.str; + default = "localhost:10009"; + description = '' + lnd instance gRPC address:port. + ''; + }; + + lndTlsPath = mkOption { + type = types.path; + description = '' + Path to lnd TLS certificate. + ''; + }; + + lndMacaroonDir = mkOption { + type = types.path; + description = '' + Path to lnd macaroons. + ''; + }; + }; + serviceOpts.serviceConfig = { + ExecStart = '' + ${pkgs.prometheus-lnd-exporter}/bin/lndmon \ + --prometheus.listenaddr=${cfg.listenAddress}:${toString cfg.port} \ + --prometheus.logdir=/var/log/prometheus-lnd-exporter \ + --lnd.host=${cfg.lndHost} \ + --lnd.tlspath=${cfg.lndTlsPath} \ + --lnd.macaroondir=${cfg.lndMacaroonDir} \ + ${concatStringsSep " \\\n " cfg.extraFlags} + ''; + LogsDirectory = "prometheus-lnd-exporter"; + ReadOnlyPaths = [ cfg.lndTlsPath cfg.lndMacaroonDir ]; + }; +} diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 6aec1c0753a..400173745d3 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -246,7 +246,7 @@ in videoDrivers = mkOption { type = types.listOf types.str; # !!! We'd like "nv" here, but it segfaults the X server. - default = [ "radeon" "cirrus" "vesa" "vmware" "modesetting" ]; + default = [ "radeon" "cirrus" "vesa" "modesetting" ]; example = [ "ati_unfree" "amdgpu" "amdgpu-pro" "nv" "nvidia" "nvidiaLegacy390" "nvidiaLegacy340" "nvidiaLegacy304" diff --git a/nixos/modules/virtualisation/lxd.nix b/nixos/modules/virtualisation/lxd.nix index 53b89a9f55b..3958fc2c1d7 100644 --- a/nixos/modules/virtualisation/lxd.nix +++ b/nixos/modules/virtualisation/lxd.nix @@ -15,7 +15,6 @@ in ###### interface options = { - virtualisation.lxd = { enable = mkOption { type = types.bool; @@ -25,12 +24,18 @@ in containers. Users in the "lxd" group can interact with the daemon (e.g. to start or stop containers) using the <command>lxc</command> command line tool, among others. + + Most of the time, you'll also want to start lxcfs, so + that containers can "see" the limits: + <code> + virtualisation.lxc.lxcfs.enable = true; + </code> ''; }; package = mkOption { type = types.package; - default = pkgs.lxd; + default = pkgs.lxd.override { nftablesSupport = config.networking.nftables.enable; }; defaultText = "pkgs.lxd"; description = '' The LXD package to use. @@ -65,6 +70,7 @@ in with nixos. ''; }; + recommendedSysctlSettings = mkOption { type = types.bool; default = false; @@ -83,7 +89,6 @@ in ###### implementation config = mkIf cfg.enable { - environment.systemPackages = [ cfg.package ]; security.apparmor = { @@ -115,6 +120,12 @@ in LimitNOFILE = "1048576"; LimitNPROC = "infinity"; TasksMax = "infinity"; + + # By default, `lxd` loads configuration files from hard-coded + # `/usr/share/lxc/config` - since this is a no-go for us, we have to + # explicitly tell it where the actual configuration files are + Environment = mkIf (config.virtualisation.lxc.lxcfs.enable) + "LXD_LXC_TEMPLATE_CONFIG=${pkgs.lxcfs}/share/lxc/config"; }; }; diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 8e262d8eee7..1bf091b361c 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -178,6 +178,8 @@ in limesurvey = handleTest ./limesurvey.nix {}; login = handleTest ./login.nix {}; loki = handleTest ./loki.nix {}; + lxd = handleTest ./lxd.nix {}; + lxd-nftables = handleTest ./lxd-nftables.nix {}; #logstash = handleTest ./logstash.nix {}; lorri = handleTest ./lorri/default.nix {}; magnetico = handleTest ./magnetico.nix {}; diff --git a/nixos/tests/lxd-nftables.nix b/nixos/tests/lxd-nftables.nix new file mode 100644 index 00000000000..25517914db8 --- /dev/null +++ b/nixos/tests/lxd-nftables.nix @@ -0,0 +1,50 @@ +# This test makes sure that lxd stops implicitly depending on iptables when +# user enabled nftables. +# +# It has been extracted from `lxd.nix` for clarity, and because switching from +# iptables to nftables requires a full reboot, which is a bit hard inside NixOS +# tests. + +import ./make-test-python.nix ({ pkgs, ...} : { + name = "lxd-nftables"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ patryk27 ]; + }; + + machine = { lib, ... }: { + virtualisation = { + lxd.enable = true; + }; + + networking = { + firewall.enable = false; + nftables.enable = true; + nftables.ruleset = '' + table inet filter { + chain incoming { + type filter hook input priority 0; + policy accept; + } + + chain forward { + type filter hook forward priority 0; + policy accept; + } + + chain output { + type filter hook output priority 0; + policy accept; + } + } + ''; + }; + }; + + testScript = '' + machine.wait_for_unit("network.target") + + with subtest("When nftables are enabled, lxd doesn't depend on iptables anymore"): + machine.succeed("lsmod | grep nf_tables") + machine.fail("lsmod | grep ip_tables") + ''; +}) diff --git a/nixos/tests/lxd.nix b/nixos/tests/lxd.nix new file mode 100644 index 00000000000..db2d44dff55 --- /dev/null +++ b/nixos/tests/lxd.nix @@ -0,0 +1,135 @@ +import ./make-test-python.nix ({ pkgs, ...} : + +let + # Since we don't have access to the internet during the tests, we have to + # pre-fetch lxd containers beforehand. + # + # I've chosen to import Alpine Linux, because its image is turbo-tiny and, + # generally, sufficient for our tests. + + alpine-meta = pkgs.fetchurl { + url = "https://uk.images.linuxcontainers.org/images/alpine/3.11/i386/default/20200608_13:00/lxd.tar.xz"; + sha256 = "1hkvaj3rr333zmx1759njy435lps33gl4ks8zfm7m4nqvipm26a0"; + }; + + alpine-rootfs = pkgs.fetchurl { + url = "https://uk.images.linuxcontainers.org/images/alpine/3.11/i386/default/20200608_13:00/rootfs.tar.xz"; + sha256 = "1v82zdra4j5xwsff09qlp7h5vbsg54s0j7rdg4rynichfid3r347"; + }; + + lxd-config = pkgs.writeText "config.yaml" '' + storage_pools: + - name: default + driver: dir + config: + source: /var/lxd-pool + + networks: + - name: lxdbr0 + type: bridge + config: + ipv4.address: auto + ipv6.address: none + + profiles: + - name: default + devices: + eth0: + name: eth0 + network: lxdbr0 + type: nic + root: + path: / + pool: default + type: disk + ''; + +in { + name = "lxd"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ patryk27 ]; + }; + + machine = { lib, ... }: { + virtualisation = { + # Since we're testing `limits.cpu`, we've gotta have a known number of + # cores to lay on + cores = 2; + + # Ditto, for `limits.memory` + memorySize = 512; + + lxc.lxcfs.enable = true; + lxd.enable = true; + }; + }; + + testScript = '' + machine.wait_for_unit("sockets.target") + machine.wait_for_unit("lxd.service") + + # It takes additional second for lxd to settle + machine.sleep(1) + + # lxd expects the pool's directory to already exist + machine.succeed("mkdir /var/lxd-pool") + + machine.succeed( + "cat ${lxd-config} | lxd init --preseed" + ) + + machine.succeed( + "lxc image import ${alpine-meta} ${alpine-rootfs} --alias alpine" + ) + + with subtest("Containers can be launched and destroyed"): + machine.succeed("lxc launch alpine test") + machine.succeed("lxc exec test true") + machine.succeed("lxc delete -f test") + + with subtest("Containers are being mounted with lxcfs inside"): + machine.succeed("lxc launch alpine test") + + ## ---------- ## + ## limits.cpu ## + + machine.succeed("lxc config set test limits.cpu 1") + + # Since Alpine doesn't have `nproc` pre-installed, we've gotta resort + # to the primal methods + assert ( + "1" + == machine.succeed("lxc exec test grep -- -c ^processor /proc/cpuinfo").strip() + ) + + machine.succeed("lxc config set test limits.cpu 2") + + assert ( + "2" + == machine.succeed("lxc exec test grep -- -c ^processor /proc/cpuinfo").strip() + ) + + ## ------------- ## + ## limits.memory ## + + machine.succeed("lxc config set test limits.memory 64MB") + + assert ( + "MemTotal: 62500 kB" + == machine.succeed("lxc exec test grep -- MemTotal /proc/meminfo").strip() + ) + + machine.succeed("lxc config set test limits.memory 128MB") + + assert ( + "MemTotal: 125000 kB" + == machine.succeed("lxc exec test grep -- MemTotal /proc/meminfo").strip() + ) + + machine.succeed("lxc delete -f test") + + with subtest("Unless explicitly changed, lxd leans on iptables"): + machine.succeed("lsmod | grep ip_tables") + machine.fail("lsmod | grep nf_tables") + ''; +}) diff --git a/nixos/tests/prometheus-exporters.nix b/nixos/tests/prometheus-exporters.nix index 4fc3668cfaf..4dbd6431222 100644 --- a/nixos/tests/prometheus-exporters.nix +++ b/nixos/tests/prometheus-exporters.nix @@ -56,6 +56,21 @@ let */ exporterTests = { + apcupsd = { + exporterConfig = { + enable = true; + }; + metricProvider = { + services.apcupsd.enable = true; + }; + exporterTest = '' + wait_for_unit("apcupsd.service") + wait_for_open_port(3551) + wait_for_unit("prometheus-apcupsd-exporter.service") + wait_for_open_port(9162) + succeed("curl -sSf http://localhost:9162/metrics | grep -q 'apcupsd_info'") + ''; + }; bind = { exporterConfig = { @@ -202,6 +217,69 @@ let ''; }; + keylight = { + # A hardware device is required to properly test this exporter, so just + # perform a couple of basic sanity checks that the exporter is running + # and requires a target, but cannot reach a specified target. + exporterConfig = { + enable = true; + }; + exporterTest = '' + wait_for_unit("prometheus-keylight-exporter.service") + wait_for_open_port(9288) + succeed( + "curl -sS --write-out '%{http_code}' -o /dev/null http://localhost:9288/metrics | grep -q '400'" + ) + succeed( + "curl -sS --write-out '%{http_code}' -o /dev/null http://localhost:9288/metrics?target=nosuchdevice | grep -q '500'" + ) + ''; + }; + + lnd = { + exporterConfig = { + enable = true; + lndTlsPath = "/var/lib/lnd/tls.cert"; + lndMacaroonDir = "/var/lib/lnd"; + }; + metricProvider = { + systemd.services.prometheus-lnd-exporter.serviceConfig.DynamicUser = false; + services.bitcoind.enable = true; + services.bitcoind.extraConfig = '' + rpcauth=bitcoinrpc:e8fe33f797e698ac258c16c8d7aadfbe$872bdb8f4d787367c26bcfd75e6c23c4f19d44a69f5d1ad329e5adf3f82710f7 + bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332 + bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333 + ''; + systemd.services.lnd = { + serviceConfig.ExecStart = '' + ${pkgs.lnd}/bin/lnd \ + --datadir=/var/lib/lnd \ + --tlscertpath=/var/lib/lnd/tls.cert \ + --tlskeypath=/var/lib/lnd/tls.key \ + --logdir=/var/log/lnd \ + --bitcoin.active \ + --bitcoin.mainnet \ + --bitcoin.node=bitcoind \ + --bitcoind.rpcuser=bitcoinrpc \ + --bitcoind.rpcpass=hunter2 \ + --bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332 \ + --bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333 \ + --readonlymacaroonpath=/var/lib/lnd/readonly.macaroon + ''; + serviceConfig.StateDirectory = "lnd"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + }; + }; + exporterTest = '' + wait_for_unit("lnd.service") + wait_for_open_port(10009) + wait_for_unit("prometheus-lnd-exporter.service") + wait_for_open_port(9092) + succeed("curl -sSf localhost:9092/metrics | grep -q '^promhttp_metric_handler'") + ''; + }; + mail = { exporterConfig = { enable = true; diff --git a/pkgs/applications/audio/mp3blaster/default.nix b/pkgs/applications/audio/mp3blaster/default.nix index 2943a31454a..74814a1b7ce 100644 --- a/pkgs/applications/audio/mp3blaster/default.nix +++ b/pkgs/applications/audio/mp3blaster/default.nix @@ -1,13 +1,12 @@ { stdenv, fetchFromGitHub, ncurses, libvorbis, SDL }: -stdenv.mkDerivation rec { - - version = "3.2.6"; +stdenv.mkDerivation rec { pname = "mp3blaster"; + version = "3.2.6"; src = fetchFromGitHub { owner = "stragulus"; - repo = "mp3blaster"; + repo = pname; rev = "v${version}"; sha256 = "0pzwml3yhysn8vyffw9q9p9rs8gixqkmg4n715vm23ib6wxbliqs"; }; @@ -17,14 +16,17 @@ stdenv.mkDerivation rec { libvorbis ] ++ stdenv.lib.optional stdenv.isDarwin SDL; - buildFlags = [ "CXXFLAGS=-Wno-narrowing" ]; + NIX_CFLAGS_COMPILE = toString ([ + "-Wno-narrowing" + ] ++ stdenv.lib.optionals stdenv.cc.isClang [ + "-Wno-reserved-user-defined-literal" + ]); meta = with stdenv.lib; { description = "An audio player for the text console"; homepage = "http://www.mp3blaster.org/"; license = licenses.gpl2; maintainers = with maintainers; [ earldouglas ]; - platforms = platforms.all; + platforms = with platforms; linux ++ darwin; }; - } diff --git a/pkgs/applications/editors/setzer/default.nix b/pkgs/applications/editors/setzer/default.nix new file mode 100644 index 00000000000..5a0ef754db1 --- /dev/null +++ b/pkgs/applications/editors/setzer/default.nix @@ -0,0 +1,60 @@ +{ lib +, python3 +, fetchFromGitHub +, meson +, ninja +, gettext +, appstream +, appstream-glib +, wrapGAppsHook +, gobject-introspection +, gtksourceview4 +, gspell +, poppler_gi +, webkitgtk +, librsvg +}: + +python3.pkgs.buildPythonApplication rec { + pname = "setzer"; + version = "0.2.8"; + + src = fetchFromGitHub { + owner = "cvfosammmm"; + repo = "Setzer"; + rev = "v${version}"; + sha256 = "1llxxjj038nd2p857bjdyyhzskn56826qi259v47vaqlv9hkifil"; + }; + + format = "other"; + + nativeBuildInputs = [ + meson + ninja + gettext + appstream # for appstreamcli + appstream-glib + wrapGAppsHook + ]; + + buildInputs = [ + gobject-introspection + gtksourceview4 + gspell + poppler_gi + webkitgtk + librsvg + ]; + + propagatedBuildInputs = with python3.pkgs; [ + pygobject3 + pyxdg + ]; + + meta = with lib; { + description = "LaTeX editor written in Python with Gtk"; + homepage = src.meta.homepage; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ dotlambda ]; + }; +} diff --git a/pkgs/applications/graphics/ImageMagick/7.0.nix b/pkgs/applications/graphics/ImageMagick/7.0.nix index 4472e41e9d1..9bcf517e1d9 100644 --- a/pkgs/applications/graphics/ImageMagick/7.0.nix +++ b/pkgs/applications/graphics/ImageMagick/7.0.nix @@ -13,8 +13,8 @@ let else throw "ImageMagick is not supported on this platform."; cfg = { - version = "7.0.10-14"; - sha256 = "1qcsq5884iqis1adpfbx3cwki8v4q9wwh70fpcaqnwwmznmqfq4j"; + version = "7.0.10-17"; + sha256 = "15cj9qkikx13j6gfqaawi4nh09lnzg3asf5mdcswx6z6yhbf90zx"; patches = []; }; in diff --git a/pkgs/applications/kde/ark/default.nix b/pkgs/applications/kde/ark/default.nix index dbbfcf80c6b..76cc423f546 100644 --- a/pkgs/applications/kde/ark/default.nix +++ b/pkgs/applications/kde/ark/default.nix @@ -9,14 +9,14 @@ libarchive, libzip, # Archive tools - lrzip, + p7zip, lrzip, # Unfree tools unfreeEnableUnrar ? false, unrar, }: let - extraTools = [ lrzip ] ++ lib.optional unfreeEnableUnrar unrar; + extraTools = [ p7zip lrzip ] ++ lib.optional unfreeEnableUnrar unrar; in mkDerivation { diff --git a/pkgs/applications/networking/ipfs-cluster/default.nix b/pkgs/applications/networking/ipfs-cluster/default.nix index c41912794d0..ee9e368a659 100644 --- a/pkgs/applications/networking/ipfs-cluster/default.nix +++ b/pkgs/applications/networking/ipfs-cluster/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "ipfs-cluster"; - version = "0.12.1"; + version = "0.13.0"; rev = "v${version}"; - vendorSha256 = "1n0zb3v83wsy8y3k7xbpjc2ykh1b2n6p10d5wkflhga49q7rf64h"; + vendorSha256 = "00fkyxxi4iz16v0j33270x8qrspqpsv9j6csnikjy0klyb038pfq"; src = fetchFromGitHub { owner = "ipfs"; repo = "ipfs-cluster"; inherit rev; - sha256 = "1jh6ynj50jd4w79widaqrgm3h3yz5h03vq0lbsx717a8d9073blh"; + sha256 = "0jf3ngxqkgss5f1kifp5lp3kllb21jxc475ysl01ma8l3smqdvya"; }; meta = with stdenv.lib; { diff --git a/pkgs/applications/version-management/gitlab/data.json b/pkgs/applications/version-management/gitlab/data.json index 308a2399458..bc342ff2b5e 100644 --- a/pkgs/applications/version-management/gitlab/data.json +++ b/pkgs/applications/version-management/gitlab/data.json @@ -1,13 +1,13 @@ { - "version": "13.0.4", - "repo_hash": "15pfg3ss1diqsnlf0xpx4ixlpjnvzghzjfvs6y3bv21qnjfwkp0g", + "version": "13.0.6", + "repo_hash": "0iyzx5lnkwp6m8q5p60gzsjmpf6qflvzl0vzfw37hymnxwq646zy", "owner": "gitlab-org", "repo": "gitlab", - "rev": "v13.0.4-ee", + "rev": "v13.0.6-ee", "passthru": { - "GITALY_SERVER_VERSION": "13.0.4", + "GITALY_SERVER_VERSION": "13.0.6", "GITLAB_PAGES_VERSION": "1.18.0", "GITLAB_SHELL_VERSION": "13.2.0", - "GITLAB_WORKHORSE_VERSION": "8.31.1" + "GITLAB_WORKHORSE_VERSION": "8.31.2" } } \ No newline at end of file diff --git a/pkgs/applications/version-management/gitlab/gitaly/default.nix b/pkgs/applications/version-management/gitlab/gitaly/default.nix index 374bf953f78..8f51b33fbd4 100644 --- a/pkgs/applications/version-management/gitlab/gitaly/default.nix +++ b/pkgs/applications/version-management/gitlab/gitaly/default.nix @@ -19,14 +19,14 @@ let }; }; in buildGoPackage rec { - version = "13.0.4"; + version = "13.0.6"; pname = "gitaly"; src = fetchFromGitLab { owner = "gitlab-org"; repo = "gitaly"; rev = "v${version}"; - sha256 = "1hnjv2q98016srvjmyjpd5fkpg68mra6qk0asl1l83z2vin2xrkm"; + sha256 = "14vp73z9f0p3m1bjykkfzrmw9miyjxiqm79rns477xbm2dbmwa4s"; }; # Fix a check which assumes that hook files are writeable by their diff --git a/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix b/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix index f6710643f6d..6386a9cc5aa 100644 --- a/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix +++ b/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix @@ -3,13 +3,13 @@ buildGoPackage rec { pname = "gitlab-workhorse"; - version = "8.31.1"; + version = "8.31.2"; src = fetchFromGitLab { owner = "gitlab-org"; repo = "gitlab-workhorse"; rev = "v${version}"; - sha256 = "1c2y1icil98qay9d95q1rlpi0ffhll990grkkib9srsn55b2i86v"; + sha256 = "0wvhhjfb490mjdrmc9xwr3qfh3941xn3b02c757ghrvzwv329wvg"; }; goPackagePath = "gitlab.com/gitlab-org/gitlab-workhorse"; diff --git a/pkgs/applications/video/mpv/wrapper.nix b/pkgs/applications/video/mpv/wrapper.nix index 1658f922ab3..ad6383046b1 100644 --- a/pkgs/applications/video/mpv/wrapper.nix +++ b/pkgs/applications/video/mpv/wrapper.nix @@ -32,10 +32,10 @@ let # All arguments besides the input and output binaries (${mpv}/bin/mpv and # $out/bin/mpv). These are used by the darwin specific makeWrapper call # used to wrap $out/Applications/mpv.app/Contents/MacOS/mpv as well. - mostMakeWrapperArgs = builtins.concatStringsSep " " ([ "--argv0" "'$0'" + mostMakeWrapperArgs = lib.strings.escapeShellArgs ([ "--argv0" "'$0'" # These are always needed (TODO: Explain why) - "--prefix" "LUA_CPATH" "\\;" "${mpv.luaEnv}/lib/lua/${mpv.lua.luaversion}/\\?.so" - "--prefix" "LUA_PATH" "\\;" "${mpv.luaEnv}/share/lua/${mpv.lua.luaversion}/\\?.lua" + "--prefix" "LUA_CPATH" ";" "${mpv.luaEnv}/lib/lua/${mpv.lua.luaversion}/?.so" + "--prefix" "LUA_PATH" ";" "${mpv.luaEnv}/share/lua/${mpv.lua.luaversion}/?.lua" ] ++ lib.optionals mpv.vapoursynthSupport [ "--prefix" "PYTHONPATH" ":" "${mpv.vapoursynth}/lib/${mpv.vapoursynth.python3.sitePackages}" ] ++ lib.optionals (binPath != "") [ @@ -52,7 +52,7 @@ let ) scripts )) ++ extraMakeWrapperArgs) ; - umpvWrapperArgs = builtins.concatStringsSep " " ([ + umpvWrapperArgs = lib.strings.escapeShellArgs ([ "--argv0" "'$0'" "--set" "MPV" "$out/bin/mpv" ] ++ extraUmpvWrapperArgs) diff --git a/pkgs/applications/window-managers/icewm/default.nix b/pkgs/applications/window-managers/icewm/default.nix index b6b07d8d727..05cca88e619 100644 --- a/pkgs/applications/window-managers/icewm/default.nix +++ b/pkgs/applications/window-managers/icewm/default.nix @@ -1,6 +1,6 @@ { stdenv, fetchFromGitHub, cmake, gettext, perl, asciidoc , libjpeg, libtiff, libungif, libpng, imlib, expat -, freetype, fontconfig, pkgconfig, gdk-pixbuf +, freetype, fontconfig, pkgconfig, gdk-pixbuf, gdk-pixbuf-xlib, glib , mkfontdir, libX11, libXft, libXext, libXinerama , libXrandr, libICE, libSM, libXpm, libXdmcp, libxcb , libpthreadstubs, pcre, libXdamage, libXcomposite, libXfixes @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { buildInputs = [ gettext libjpeg libtiff libungif libpng imlib expat - freetype fontconfig gdk-pixbuf mkfontdir libX11 + freetype fontconfig gdk-pixbuf gdk-pixbuf-xlib glib mkfontdir libX11 libXft libXext libXinerama libXrandr libICE libSM libXpm libXdmcp libxcb libpthreadstubs pcre libsndfile fribidi libXdamage libXcomposite libXfixes diff --git a/pkgs/build-support/emacs/wrapper.nix b/pkgs/build-support/emacs/wrapper.nix index 25f068cd3fa..1f2fbd8068e 100644 --- a/pkgs/build-support/emacs/wrapper.nix +++ b/pkgs/build-support/emacs/wrapper.nix @@ -174,7 +174,7 @@ runCommand mkdir -p $out/share # Link icons and desktop files into place - for dir in applications icons info man; do + for dir in applications icons info man emacs; do ln -s $emacs/share/$dir $out/share/$dir done '' diff --git a/pkgs/development/compilers/abcl/default.nix b/pkgs/development/compilers/abcl/default.nix index 005e4186b15..543ba6036e4 100644 --- a/pkgs/development/compilers/abcl/default.nix +++ b/pkgs/development/compilers/abcl/default.nix @@ -1,11 +1,11 @@ {stdenv, fetchurl, ant, jre, jdk}: stdenv.mkDerivation rec { pname = "abcl"; - version = "1.6.1"; + version = "1.7.0"; # or fetchFromGitHub(owner,repo,rev) or fetchgit(rev) src = fetchurl { url = "https://common-lisp.net/project/armedbear/releases/${version}/${pname}-src-${version}.tar.gz"; - sha256 = "04myiba6g0vij2ym2dmb0156k20ki2lz13dxwp2bk9kvjn2zg88b"; + sha256 = "0pbn5s22zygk6k0rzjc9g76220628lj1b3057gr0n4grl11p4lx5"; }; configurePhase = '' mkdir nix-tools diff --git a/pkgs/development/compilers/go-jsonnet/default.nix b/pkgs/development/compilers/go-jsonnet/default.nix index 6c00d5ee6ce..d85cf1adfe7 100644 --- a/pkgs/development/compilers/go-jsonnet/default.nix +++ b/pkgs/development/compilers/go-jsonnet/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "go-jsonnet"; - version = "0.15.0"; + version = "0.16.0"; src = fetchFromGitHub { owner = "google"; repo = "go-jsonnet"; rev = "v${version}"; - sha256 = "0l6cwky2xl7m8nnc9abp76bhkdcf2ldbbv3r8p30xv2yr5wd1j8i"; + sha256 = "17606gc75wnkm64am4hmlv7m3fy2hi8rnzadp6nrgpcd6rl26m83"; }; - vendorSha256 = "1vdv0nq31mjprxzxf8x0diaigissy07vnm338h8jrk5i74x5by39"; + vendorSha256 = "0nsm4gsbbn8myz4yfi6m7qc3iizhdambsr18iks0clkdn3mi2jn1"; subPackages = [ "cmd/jsonnet" ]; diff --git a/pkgs/development/compilers/julia/1.3.nix b/pkgs/development/compilers/julia/1.3.nix index b67a78b4a5a..15694734d48 100644 --- a/pkgs/development/compilers/julia/1.3.nix +++ b/pkgs/development/compilers/julia/1.3.nix @@ -114,7 +114,7 @@ stdenv.mkDerivation rec { LD_LIBRARY_PATH = makeLibraryPath [ arpack fftw fftwSinglePrec gmp libgit2 mpfr blas openlibm - openspecfun pcre2 + openspecfun pcre2 lapack ]; enableParallelBuilding = true; diff --git a/pkgs/development/libraries/gdk-pixbuf/xlib.nix b/pkgs/development/libraries/gdk-pixbuf/xlib.nix index e5f1718f075..53414d92128 100644 --- a/pkgs/development/libraries/gdk-pixbuf/xlib.nix +++ b/pkgs/development/libraries/gdk-pixbuf/xlib.nix @@ -20,8 +20,8 @@ stdenv.mkDerivation rec { domain = "gitlab.gnome.org"; owner = "Archive"; repo = "gdk-pixbuf-xlib"; - rev = "dc22ea36f69755007c66877284596df270532cc1"; - sha256 = "XhBQ4wano+MtGaqF6JNKoWgYQN6eBW+b8ZCGEBGt8IM="; + rev = "19482794a621d542b223219940e836257d4ae2c9"; + sha256 = "7Qv6tyjR0/iFXYHx5jPhvLLLt0Ms2nzpyWw02oXTkZc="; }; nativeBuildInputs = [ @@ -33,12 +33,9 @@ stdenv.mkDerivation rec { gtk-doc ]; - buildInputs = [ - libX11 - ]; - propagatedBuildInputs = [ gdk-pixbuf + libX11 ]; mesonFlags = [ diff --git a/pkgs/development/libraries/gjs/default.nix b/pkgs/development/libraries/gjs/default.nix index ee29c6a97a4..357bf076459 100644 --- a/pkgs/development/libraries/gjs/default.nix +++ b/pkgs/development/libraries/gjs/default.nix @@ -17,6 +17,7 @@ , dbus , gdk-pixbuf , makeWrapper +, which , xvfb_run , nixosTests }: @@ -28,11 +29,11 @@ let ]; in stdenv.mkDerivation rec { pname = "gjs"; - version = "1.64.2"; + version = "1.64.3"; src = fetchurl { url = "mirror://gnome/sources/gjs/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "0ywrsfmkxaw11z83dnmb9yqkn6k3c1mkxw2mv6arbwad6x6q7zqm"; + sha256 = "1rl524rmdbpmp5xdkm8dx3znq47l7dgvh192x80zjf8wc1af35lx"; }; outputs = [ "out" "dev" "installedTests" ]; @@ -42,6 +43,7 @@ in stdenv.mkDerivation rec { ninja pkgconfig makeWrapper + which # for locale detection libxml2 # for xml-stripblanks ]; @@ -74,11 +76,10 @@ in stdenv.mkDerivation rec { ./installed-tests-path.patch ]; - # Gio test is failing - # https://github.com/NixOS/nixpkgs/pull/81626#issuecomment-599325843 - doCheck = false; + doCheck = true; postPatch = '' + patchShebangs build/choose-tests-locale.sh substituteInPlace installed-tests/debugger-test.sh --subst-var-by gjsConsole $out/bin/gjs-console ''; @@ -95,7 +96,15 @@ in stdenv.mkDerivation rec { ''; postInstall = '' + # TODO: make the glib setup hook handle this + installedTestsSchemaDatadir="$installedTests/share/gsettings-schemas/${pname}-${version}" + mkdir -p "$installedTestsSchemaDatadir" + mv "$installedTests/share/glib-2.0" "$installedTestsSchemaDatadir" + ''; + + postFixup = '' wrapProgram "$installedTests/libexec/gjs/installed-tests/minijasmine" \ + --prefix XDG_DATA_DIRS : "$installedTestsSchemaDatadir" \ --prefix GI_TYPELIB_PATH : "${stdenv.lib.makeSearchPath "lib/girepository-1.0" testDeps}" ''; diff --git a/pkgs/development/libraries/gjs/installed-tests-path.patch b/pkgs/development/libraries/gjs/installed-tests-path.patch index 11a39b2dd9a..f9b1515b68e 100644 --- a/pkgs/development/libraries/gjs/installed-tests-path.patch +++ b/pkgs/development/libraries/gjs/installed-tests-path.patch @@ -1,5 +1,5 @@ diff --git a/installed-tests/meson.build b/installed-tests/meson.build -index 294d20c6..1e5029e0 100644 +index 7e842025..1e5029e0 100644 --- a/installed-tests/meson.build +++ b/installed-tests/meson.build @@ -1,7 +1,7 @@ @@ -12,6 +12,19 @@ index 294d20c6..1e5029e0 100644 # Simple shell script tests # +diff --git a/meson.build b/meson.build +index 084d5396..e5d73fcd 100644 +--- a/meson.build ++++ b/meson.build +@@ -540,7 +540,7 @@ install_data('installed-tests/extra/lsan.supp', + install_dir: get_option('datadir') / api_name / 'lsan') + + if get_option('installed_tests') +- schemadir = abs_datadir / 'glib-2.0' / 'schemas' ++ schemadir = get_option('installed_test_prefix') / 'share' / 'glib-2.0' / 'schemas' + install_data('installed-tests/js/org.gnome.GjsTest.gschema.xml', install_dir: schemadir) + meson.add_install_script('build/compile-gschemas.py', schemadir) + endif diff --git a/meson_options.txt b/meson_options.txt index 66f66024..008687cb 100644 --- a/meson_options.txt diff --git a/pkgs/development/libraries/libmilter/darwin.patch b/pkgs/development/libraries/libmilter/darwin.patch new file mode 100644 index 00000000000..be46662d6b3 --- /dev/null +++ b/pkgs/development/libraries/libmilter/darwin.patch @@ -0,0 +1,28 @@ +Fix build issues on Darwin. + +--- a/devtools/OS/Darwin 2014-03-05 01:59:45.000000000 +0100 ++++ b/devtools/OS/Darwin 2020-05-18 14:47:57.000000000 +0200 +@@ -8,6 +8,8 @@ + # We look a lot more like 4.4BSD than NeXTStep or OpenStep. + # + define(`confCC', `cc -traditional-cpp -pipe ${Extra_CC_Flags}') ++define(`confCCOPTS_SO', `-fPIC') ++define(`confSOEXT', `dylib') + define(`confMAPDEF', `-DNEWDB -DNIS -DMAP_REGEX -DNETINFO -DAUTO_NETINFO_ALIASES -DAUTO_NETINFO_HOSTS') + define(`confENVDEF', `-DDARWIN') + define(`confLDOPTS', `${Extra_LD_Flags}') +--- a/sendmail/sendmail.h 2020-05-18 14:51:17.000000000 +0200 ++++ b/sendmail/sendmail.h 2020-05-18 14:51:00.000000000 +0200 +@@ -104,7 +104,11 @@ + # endif /* NETX25 */ + + # if NAMED_BIND +-# include <arpa/nameser.h> ++# ifdef __APPLE__ ++# include <arpa/nameser_compat.h> ++# else ++# include <arpa/nameser.h> ++# endif + # ifdef NOERROR + # undef NOERROR /* avoid <sys/streams.h> conflict */ + # endif /* NOERROR */ diff --git a/pkgs/development/libraries/libmilter/default.nix b/pkgs/development/libraries/libmilter/default.nix index 8d677d858de..f937d818a55 100644 --- a/pkgs/development/libraries/libmilter/default.nix +++ b/pkgs/development/libraries/libmilter/default.nix @@ -28,10 +28,11 @@ stdenv.mkDerivation rec { define(\`confLIBGRP', \`root') APPENDDEF(\`confENVDEF', \`-DNETINET6') EOF + export MILTER_SOVER=1 sh Build -f ./a.m4 ''; - patches = [ ./install.patch ./sharedlib.patch ./glibc-2.30.patch ]; + patches = [ ./install.patch ./sharedlib.patch ./glibc-2.30.patch ./darwin.patch ]; nativeBuildInputs = [ m4 ]; diff --git a/pkgs/development/libraries/libmilter/sharedlib.patch b/pkgs/development/libraries/libmilter/sharedlib.patch index bbc69a516ff..1e256c59ec3 100644 --- a/pkgs/development/libraries/libmilter/sharedlib.patch +++ b/pkgs/development/libraries/libmilter/sharedlib.patch @@ -16,28 +16,29 @@ diff -Nru sendmail-8.14.3.orig/devtools/M4/UNIX/milterlibrary.m4 sendmail-8.14.3 +# +divert(0)dnl +include(confBUILDTOOLSDIR`/M4/'bldM4_TYPE_DIR`/links.m4')dnl ++define(`confSOEXT', ifdef(`confSOEXT', `confSOEXT', `so'))dnl +bldLIST_PUSH_ITEM(`bldC_PRODUCTS', bldCURRENT_PRODUCT)dnl -+bldPUSH_TARGET(bldCURRENT_PRODUCT`.so' bldCURRENT_PRODUCT`.a')dnl ++bldPUSH_TARGET(bldCURRENT_PRODUCT`.'confSOEXT bldCURRENT_PRODUCT`.a')dnl +bldPUSH_INSTALL_TARGET(`install-'bldCURRENT_PRODUCT)dnl +bldPUSH_CLEAN_TARGET(bldCURRENT_PRODUCT`-clean')dnl + +include(confBUILDTOOLSDIR`/M4/'bldM4_TYPE_DIR`/defines.m4') +divert(bldTARGETS_SECTION) -+bldCURRENT_PRODUCT.so: ${BEFORE} ${bldCURRENT_PRODUCT`OBJS'} -+ ${CCLINK} ${LDOPTS_SO} -o bldCURRENT_PRODUCT.so -Wl,confSONAME,bldCURRENT_PRODUCT.so.${MILTER_SOVER} ${bldCURRENT_PRODUCT`OBJS'} -lc ${LIBS} ++bldCURRENT_PRODUCT`.'confSOEXT: ${BEFORE} ${bldCURRENT_PRODUCT`OBJS'} ++ ${CCLINK} ${LDOPTS_SO} -o bldCURRENT_PRODUCT.confSOEXT ifdef(`confSONAME',`-Wl,confSONAME,bldCURRENT_PRODUCT.confSOEXT.${MILTER_SOVER}') ${bldCURRENT_PRODUCT`OBJS'} -lc ${LIBS} +bldCURRENT_PRODUCT.a: ${BEFORE} ${bldCURRENT_PRODUCT`OBJS'} + ${AR} ${AROPTS} bldCURRENT_PRODUCT.a ${bldCURRENT_PRODUCT`OBJS'} + ${RANLIB} ${RANLIBOPTS} bldCURRENT_PRODUCT.a +ifdef(`bldLINK_SOURCES', `bldMAKE_SOURCE_LINKS(bldLINK_SOURCES)') + -+install-`'bldCURRENT_PRODUCT: bldCURRENT_PRODUCT.so bldCURRENT_PRODUCT.a ++install-`'bldCURRENT_PRODUCT: bldCURRENT_PRODUCT.confSOEXT bldCURRENT_PRODUCT.a +ifdef(`bldINSTALLABLE', ` ifdef(`confMKDIR', `if [ ! -d "${DESTDIR}${bldINSTALL_DIR`'LIBDIR}" ]; then confMKDIR -p "${DESTDIR}${bldINSTALL_DIR`'LIBDIR}"; else :; fi ') -+ ${INSTALL} -c bldCURRENT_PRODUCT.so "${DESTDIR}${LIBDIR}/bldCURRENT_PRODUCT.so.${MILTER_SOVER}" -+ ${LN} ${LNOPTS} bldCURRENT_PRODUCT.so.${MILTER_SOVER} "${DESTDIR}${LIBDIR}/bldCURRENT_PRODUCT.so" -+ ${INSTALL} -c bldCURRENT_PRODUCT.a "${DESTDIR}${LIBDIR}"') ++ ${INSTALL} -c bldCURRENT_PRODUCT.confSOEXT "${DESTDIR}${LIBDIR}/bldCURRENT_PRODUCT.confSOEXT.${MILTER_SOVER}" ++ ${LN} ${LNOPTS} bldCURRENT_PRODUCT.confSOEXT.${MILTER_SOVER} "${DESTDIR}${LIBDIR}/bldCURRENT_PRODUCT.confSOEXT" ++ ${INSTALL} -c -m 644 bldCURRENT_PRODUCT.a "${DESTDIR}${LIBDIR}"') + +bldCURRENT_PRODUCT-clean: -+ rm -f ${OBJS} bldCURRENT_PRODUCT.so bldCURRENT_PRODUCT.a ${MANPAGES} ++ rm -f ${OBJS} bldCURRENT_PRODUCT.confSOEXT bldCURRENT_PRODUCT.a ${MANPAGES} + +divert(0) +COPTS+= confCCOPTS_SO diff --git a/pkgs/development/libraries/libosinfo/default.nix b/pkgs/development/libraries/libosinfo/default.nix index 39a3bf6b2c5..6e751253594 100644 --- a/pkgs/development/libraries/libosinfo/default.nix +++ b/pkgs/development/libraries/libosinfo/default.nix @@ -23,11 +23,11 @@ stdenv.mkDerivation rec { pname = "libosinfo"; - version = "1.7.1"; + version = "1.8.0"; src = fetchurl { url = "https://releases.pagure.org/${pname}/${pname}-${version}.tar.xz"; - sha256 = "1s97sv24bybggjx6hgqba2qdqz3ivfpd4cmkh4zm5y59sim109mv"; + sha256 = "1988l5rykpzvml1l7bi2hcax0gdc811vja0f92cnr7r01nz35zs9"; }; outputs = [ "out" "dev" "devdoc" ]; diff --git a/pkgs/development/libraries/protozero/default.nix b/pkgs/development/libraries/protozero/default.nix index 0bbfab62fcd..1c8e7e99313 100644 --- a/pkgs/development/libraries/protozero/default.nix +++ b/pkgs/development/libraries/protozero/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "protozero"; - version = "1.6.8"; + version = "1.7.0"; src = fetchFromGitHub { owner = "mapbox"; repo = "protozero"; rev = "v${version}"; - sha256 = "1hfijpfylf1c71wa3mk70gjc88b6k1q7cxb87cwqdflw5q2x8ma6"; + sha256 = "0fdihfl5j68wayjjxvpvhvnjq1anzcfnfl09f68wpzbkg3zmhblz"; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/python-modules/binwalk/default.nix b/pkgs/development/python-modules/binwalk/default.nix index e8a20b6df47..97c6b957a43 100644 --- a/pkgs/development/python-modules/binwalk/default.nix +++ b/pkgs/development/python-modules/binwalk/default.nix @@ -7,6 +7,7 @@ , gzip , bzip2 , gnutar +, p7zip , cabextract , lzma , nose @@ -28,7 +29,7 @@ buildPythonPackage { sha256 = "1bxgj569fzwv6jhcbl864nmlsi9x1k1r20aywjxc8b9b1zgqrlvc"; }; - propagatedBuildInputs = [ zlib xz ncompress gzip bzip2 gnutar cabextract lzma pycrypto ] + propagatedBuildInputs = [ zlib xz ncompress gzip bzip2 gnutar p7zip cabextract lzma pycrypto ] ++ stdenv.lib.optional visualizationSupport pyqtgraph; # setup.py only installs version.py during install, not test diff --git a/pkgs/misc/emulators/wine/staging.nix b/pkgs/misc/emulators/wine/staging.nix index 5c2469f8f44..48ea93a97a8 100644 --- a/pkgs/misc/emulators/wine/staging.nix +++ b/pkgs/misc/emulators/wine/staging.nix @@ -7,7 +7,7 @@ let patch = (callPackage ./sources.nix {}).staging; (mkBuildInputs wineUnstable.pkgArches pkgNames) ++ extra; in assert stdenv.lib.getVersion wineUnstable == patch.version; -stdenv.lib.overrideDerivation wineUnstable (self: { +(stdenv.lib.overrideDerivation wineUnstable (self: { buildInputs = build-inputs [ "perl" "utillinux" "autoconf" ] self.buildInputs; name = "${self.name}-staging"; @@ -21,4 +21,8 @@ stdenv.lib.overrideDerivation wineUnstable (self: { ./patchinstall.sh DESTDIR="$PWD/.." --all cd .. ''; -}) +})) // { + meta = wineUnstable.meta // { + description = wineUnstable.meta.description + " (with staging patches)"; + }; +} diff --git a/pkgs/os-specific/linux/lxcfs/default.nix b/pkgs/os-specific/linux/lxcfs/default.nix index 68d05f0be65..4011b388562 100644 --- a/pkgs/os-specific/linux/lxcfs/default.nix +++ b/pkgs/os-specific/linux/lxcfs/default.nix @@ -1,4 +1,5 @@ { config, stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, help2man, fuse +, utillinux, makeWrapper , enableDebugBuild ? config.lxcfs.enableDebugBuild or false }: with stdenv.lib; @@ -13,7 +14,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ pkgconfig help2man autoreconfHook ]; - buildInputs = [ fuse ]; + buildInputs = [ fuse makeWrapper ]; preConfigure = stdenv.lib.optionalString enableDebugBuild '' sed -i 's,#AM_CFLAGS += -DDEBUG,AM_CFLAGS += -DDEBUG,' Makefile.am @@ -27,6 +28,12 @@ stdenv.mkDerivation rec { installFlags = [ "SYSTEMD_UNIT_DIR=\${out}/lib/systemd" ]; + postInstall = '' + # `mount` hook requires access to the `mount` command from `utillinux`: + wrapProgram "$out/share/lxcfs/lxc.mount.hook" \ + --prefix PATH : "${utillinux}/bin" + ''; + postFixup = '' # liblxcfs.so is reloaded with dlopen() patchelf --set-rpath "$(patchelf --print-rpath "$out/bin/lxcfs"):$out/lib" "$out/bin/lxcfs" diff --git a/pkgs/servers/monitoring/prometheus/keylight-exporter.nix b/pkgs/servers/monitoring/prometheus/keylight-exporter.nix new file mode 100644 index 00000000000..e1be2a0bddc --- /dev/null +++ b/pkgs/servers/monitoring/prometheus/keylight-exporter.nix @@ -0,0 +1,22 @@ +{ stdenv, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "keylight-exporter"; + version = "0.1.1"; + + src = fetchFromGitHub { + owner = "mdlayher"; + repo = "keylight_exporter"; + rev = "v${version}"; + sha256 = "141npawcnxj3sz2xqsnyf06r4x1azk3g55941i8gjr7pwcla34r7"; + }; + + vendorSha256 = "0w065ls8dp687jmps4xdffcarss1wyls14dngr43g58xjw6519gb"; + + meta = with stdenv.lib; { + homepage = "https://github.com/mdlayher/keylight_exporter"; + description = "Prometheus exporter for Elgato Key Light devices."; + license = licenses.mit; + maintainers = with maintainers; [ mdlayher ]; + }; +} diff --git a/pkgs/servers/monitoring/prometheus/lnd-exporter.nix b/pkgs/servers/monitoring/prometheus/lnd-exporter.nix new file mode 100644 index 00000000000..225e7c57543 --- /dev/null +++ b/pkgs/servers/monitoring/prometheus/lnd-exporter.nix @@ -0,0 +1,22 @@ +{ stdenv, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "lndmon-unstable"; + version = "2020-01-09"; + + src = fetchFromGitHub { + owner = "lightninglabs"; + repo = "lndmon"; + sha256 = "0d4z8yv2459wsi4c91qs5an13acn73fd8s321xya5vxxiyf51q24"; + rev = "2c7c5ce0fcb4e7eef4df60efe8a644587a309f6c"; + }; + + vendorSha256 = "083h2ksnqmcr48958r5pag9a28xvljpc3prip6wn70ifp2wpjpin"; + + meta = with stdenv.lib; { + inherit (src.meta) homepage; + description = "Prometheus exporter for lnd (Lightning Network Daemon)"; + license = licenses.mit; + maintainers = with maintainers; [ mmilata ]; + }; +} diff --git a/pkgs/shells/nushell/default.nix b/pkgs/shells/nushell/default.nix index ecef2fc436e..5994e2829ed 100644 --- a/pkgs/shells/nushell/default.nix +++ b/pkgs/shells/nushell/default.nix @@ -10,21 +10,20 @@ , AppKit , Security , withStableFeatures ? true -, withTestBinaries ? true }: rustPlatform.buildRustPackage rec { pname = "nushell"; - version = "0.14.0"; + version = "0.15.0"; src = fetchFromGitHub { owner = pname; repo = pname; rev = version; - sha256 = "1g289zma19mh85xl5ffq1f3cv76piqavbhzs9m55mkg9wrhmgljd"; + sha256 = "1s08shhg826hbpcjzlhwj0r5qqckz8rv2xjg22rz1qvsjyhkmv7r"; }; - cargoSha256 = "16a32q2la7f4628m947dwif3j3wszsy603sj29ch6l2vdab40i3p"; + cargoSha256 = "0lz7119znpxyaj9ac1skfbx0s0dkh3hwk00g0zjn3r6k8fh9gj4d"; nativeBuildInputs = [ pkg-config ] ++ lib.optionals (withStableFeatures && stdenv.isLinux) [ python3 ]; @@ -36,19 +35,10 @@ rustPlatform.buildRustPackage rec { cargoBuildFlags = lib.optional withStableFeatures "--features stable"; - cargoTestFlags = lib.optional withTestBinaries "--features test-bins"; - preCheck = '' export HOME=$TMPDIR ''; - checkPhase = '' - runHook preCheck - echo "Running cargo cargo test ${lib.strings.concatStringsSep " " cargoTestFlags} -- ''${checkFlags} ''${checkFlagsArray+''${checkFlagsArray[@]}}" - cargo test ${lib.strings.concatStringsSep " " cargoTestFlags} -- ''${checkFlags} ''${checkFlagsArray+"''${checkFlagsArray[@]}"} - runHook postCheck - ''; - meta = with lib; { description = "A modern shell written in Rust"; homepage = "https://www.nushell.sh/"; diff --git a/pkgs/tools/admin/lxd/default.nix b/pkgs/tools/admin/lxd/default.nix index 43cd243561b..562149414b3 100644 --- a/pkgs/tools/admin/lxd/default.nix +++ b/pkgs/tools/admin/lxd/default.nix @@ -1,13 +1,21 @@ { stdenv, hwdata, pkgconfig, lxc, buildGoPackage, fetchurl , makeWrapper, acl, rsync, gnutar, xz, btrfs-progs, gzip, dnsmasq -, squashfsTools, iproute, iptables, ebtables, libcap, libco-canonical, dqlite -, raft-canonical, sqlite-replication, udev +, squashfsTools, iproute, iptables, ebtables, iptables-nftables-compat, libcap +, libco-canonical, dqlite, raft-canonical, sqlite-replication, udev , writeShellScriptBin, apparmor-profiles, apparmor-parser , criu , bash , installShellFiles +, nftablesSupport ? false }: +let + networkPkgs = if nftablesSupport then + [ iptables-nftables-compat ] + else + [ iptables ebtables ]; + +in buildGoPackage rec { pname = "lxd"; version = "4.2"; @@ -38,12 +46,14 @@ buildGoPackage rec { # test binaries, code generation rm $out/bin/{deps,macaroon-identity,generate} - wrapProgram $out/bin/lxd --prefix PATH : ${stdenv.lib.makeBinPath [ - acl rsync gnutar xz btrfs-progs gzip dnsmasq squashfsTools iproute iptables ebtables bash criu - (writeShellScriptBin "apparmor_parser" '' - exec '${apparmor-parser}/bin/apparmor_parser' -I '${apparmor-profiles}/etc/apparmor.d' "$@" - '') - ]} + wrapProgram $out/bin/lxd --prefix PATH : ${stdenv.lib.makeBinPath ( + networkPkgs + ++ [ acl rsync gnutar xz btrfs-progs gzip dnsmasq squashfsTools iproute bash criu ] + ++ [ (writeShellScriptBin "apparmor_parser" '' + exec '${apparmor-parser}/bin/apparmor_parser' -I '${apparmor-profiles}/etc/apparmor.d' "$@" + '') ] + ) + } installShellCompletion --bash go/src/github.com/lxc/lxd/scripts/bash/lxd-client ''; diff --git a/pkgs/tools/archivers/p7zip/12-CVE-2016-9296.patch b/pkgs/tools/archivers/p7zip/12-CVE-2016-9296.patch deleted file mode 100644 index 42245c92c0a..00000000000 --- a/pkgs/tools/archivers/p7zip/12-CVE-2016-9296.patch +++ /dev/null @@ -1,23 +0,0 @@ -From: Robert Luberda <robert@debian.org> -Date: Sat, 19 Nov 2016 08:48:08 +0100 -Subject: Fix nullptr dereference (CVE-2016-9296) - -Patch taken from https://sourceforge.net/p/p7zip/bugs/185/ ---- - CPP/7zip/Archive/7z/7zIn.cpp | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/CPP/7zip/Archive/7z/7zIn.cpp b/CPP/7zip/Archive/7z/7zIn.cpp -index b0c6b98..7c6dde2 100644 ---- a/CPP/7zip/Archive/7z/7zIn.cpp -+++ b/CPP/7zip/Archive/7z/7zIn.cpp -@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedStreams( - if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i]) - ThrowIncorrect(); - } -- HeadersSize += folders.PackPositions[folders.NumPackStreams]; -+ if (folders.PackPositions) -+ HeadersSize += folders.PackPositions[folders.NumPackStreams]; - return S_OK; - } - diff --git a/pkgs/tools/archivers/p7zip/13-CVE-2017-17969.patch b/pkgs/tools/archivers/p7zip/13-CVE-2017-17969.patch deleted file mode 100644 index a9787c4a908..00000000000 --- a/pkgs/tools/archivers/p7zip/13-CVE-2017-17969.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: =?utf-8?q?Antoine_Beaupr=C3=A9?= <anarcat@debian.org> -Date: Fri, 2 Feb 2018 11:11:41 +0100 -Subject: Heap-based buffer overflow in 7zip/Compress/ShrinkDecoder.cpp - -Origin: vendor, https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/27d7/attachment/CVE-2017-17969.patch -Forwarded: https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/#27d7 -Bug: https://sourceforge.net/p/p7zip/bugs/204/ -Bug-Debian: https://bugs.debian.org/888297 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17969 -Reviewed-by: Salvatore Bonaccorso <carnil@debian.org> -Last-Update: 2018-02-01 -Applied-Upstream: 18.00-beta ---- - CPP/7zip/Compress/ShrinkDecoder.cpp | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp b/CPP/7zip/Compress/ShrinkDecoder.cpp -index 80b7e67..ca37764 100644 ---- a/CPP/7zip/Compress/ShrinkDecoder.cpp -+++ b/CPP/7zip/Compress/ShrinkDecoder.cpp -@@ -121,8 +121,13 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * - { - _stack[i++] = _suffixes[cur]; - cur = _parents[cur]; -+ if (cur >= kNumItems || i >= kNumItems) -+ break; - } -- -+ -+ if (cur >= kNumItems || i >= kNumItems) -+ break; -+ - _stack[i++] = (Byte)cur; - lastChar2 = (Byte)cur; - diff --git a/pkgs/tools/archivers/p7zip/default.nix b/pkgs/tools/archivers/p7zip/default.nix index d6ad699eaa8..773d37f0b75 100644 --- a/pkgs/tools/archivers/p7zip/default.nix +++ b/pkgs/tools/archivers/p7zip/default.nix @@ -1,28 +1,17 @@ -{ stdenv, fetchurl, fetchpatch, lib, enableUnfree ? false }: +{ stdenv, fetchFromGitHub, lib, enableUnfree ? false }: stdenv.mkDerivation rec { pname = "p7zip"; - version = "16.02"; + version = "17.01"; - src = fetchurl { - url = "mirror://sourceforge/p7zip/p7zip_${version}_src_all.tar.bz2"; - sha256 = "5eb20ac0e2944f6cb9c2d51dd6c4518941c185347d4089ea89087ffdd6e2341f"; - }; - patches = [ - ./12-CVE-2016-9296.patch - ./13-CVE-2017-17969.patch - (fetchpatch { - name = "3-CVE-2018-5996.patch"; - url = "https://raw.githubusercontent.com/termux/termux-packages/master/packages/p7zip/3-CVE-2018-5996.patch"; - sha256 = "1zivvkazmza0653i498ccp3zbpbpc7dvxl3zxwllbx41b6n589yp"; - }) - (fetchpatch { - name = "4-CVE-2018-10115.patch"; - url = "https://raw.githubusercontent.com/termux/termux-packages/master/packages/p7zip/4-CVE-2018-10115.patch"; - sha256 = "1cr7q8gnrk9yp6dcvxaqi1yhdbgp964nkv65ls41mw1kdfm44zn6"; - }) - ]; + src = fetchFromGitHub { + owner = "szcnick"; + repo = pname; + rev = "v${version}"; + sha256 = "0gczdmypwbfnxzb11rjrrndjkkb3jzxfby2cchn5j8ysny13mfps"; + } + ; # Default makefile is full of impurities on Darwin. The patch doesn't hurt Linux so I'm leaving it unconditional postPatch = '' @@ -39,14 +28,15 @@ stdenv.mkDerivation rec { # (see DOC/License.txt, https://fedoraproject.org/wiki/Licensing:Unrar) rm -r CPP/7zip/Compress/Rar* find . -name makefile'*' -exec sed -i '/Rar/d' {} + + chmod +x install.sh ''; preConfigure = '' makeFlagsArray=(DEST_HOME=$out) - buildFlags=all3 - '' + stdenv.lib.optionalString stdenv.isDarwin '' - cp makefile.macosx_llvm_64bits makefile.machine - ''; + buildFlags=all3 + '' + stdenv.lib.optionalString stdenv.isDarwin '' + cp makefile.macosx_llvm_64bits makefile.machine +''; enableParallelBuilding = true; @@ -55,15 +45,10 @@ stdenv.mkDerivation rec { NIX_CFLAGS_COMPILE = stdenv.lib.optionalString stdenv.cc.isClang "-Wno-error=c++11-narrowing"; meta = { - homepage = "http://p7zip.sourceforge.net/"; - description = "A port of the 7-zip archiver"; + homepage = "https://github.com/szcnick/p7zip"; + description = "A new p7zip fork with additional codecs and improvements (forked from https://sourceforge.net/projects/p7zip/)"; platforms = stdenv.lib.platforms.unix; maintainers = [ stdenv.lib.maintainers.raskin ]; - knownVulnerabilities = [ - # p7zip is abandoned, according to this thread on its forums: - # https://sourceforge.net/p/p7zip/discussion/383043/thread/fa143cf2/#1817 - "p7zip is abandoned and may not receive important security fixes" - ]; # RAR code is under non-free UnRAR license, but we remove it license = if enableUnfree then lib.licenses.unfree else lib.licenses.lgpl2Plus; }; diff --git a/pkgs/tools/compression/dtrx/default.nix b/pkgs/tools/compression/dtrx/default.nix index edca969a1e8..81a446066d9 100644 --- a/pkgs/tools/compression/dtrx/default.nix +++ b/pkgs/tools/compression/dtrx/default.nix @@ -1,18 +1,15 @@ {stdenv, lib, fetchurl, pythonPackages -, gnutar, unzip, lhasa, rpm, binutils, cpio, gzip, cabextract, unrar, unshield +, gnutar, unzip, lhasa, rpm, binutils, cpio, gzip, p7zip, cabextract, unrar, unshield , bzip2, xz, lzip -# unsafe: -# ,p7zip -# unzip is no longer handled by p7zip, since it's unsafe -, unzipSupport ? true +# unzip is handled by p7zip +, unzipSupport ? false , unrarSupport ? false }: let - # p7zip - archivers = lib.makeBinPath ([ gnutar lhasa rpm binutils cpio gzip cabextract unshield ] - ++ lib.optional (unzipSupport) unzip - ++ lib.optional (unrarSupport) unrar - ++ [ bzip2 xz lzip ]); + archivers = lib.makeBinPath ([ gnutar lhasa rpm binutils cpio gzip p7zip cabextract unshield ] + ++ lib.optional (unzipSupport) unzip + ++ lib.optional (unrarSupport) unrar + ++ [ bzip2 xz lzip ]); in pythonPackages.buildPythonApplication rec { pname = "dtrx"; diff --git a/pkgs/tools/misc/clex/default.nix b/pkgs/tools/misc/clex/default.nix index 5e5bf4166ff..7a6a78af59a 100644 --- a/pkgs/tools/misc/clex/default.nix +++ b/pkgs/tools/misc/clex/default.nix @@ -24,6 +24,6 @@ stdenv.mkDerivation rec { ''; homepage = "http://www.clex.sk"; license = licenses.gpl2Plus; - platforms = platforms.linux; + platforms = with platforms; linux ++ darwin; }; } diff --git a/pkgs/tools/misc/woeusb/default.nix b/pkgs/tools/misc/woeusb/default.nix index 991ab622490..4c235b4866f 100644 --- a/pkgs/tools/misc/woeusb/default.nix +++ b/pkgs/tools/misc/woeusb/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchFromGitHub, autoreconfHook, makeWrapper -, coreutils, dosfstools, findutils, gawk, gnugrep, grub2_light, ncurses, ntfs3g, parted, utillinux, wget +, coreutils, dosfstools, findutils, gawk, gnugrep, grub2_light, ncurses, ntfs3g, parted, p7zip, utillinux, wget , wxGTK30 }: stdenv.mkDerivation rec { @@ -39,7 +39,7 @@ stdenv.mkDerivation rec { # should be patched with a less useless default PATH, but for now # we add everything we need manually. wrapProgram "$out/bin/woeusb" \ - --set PATH '${stdenv.lib.makeBinPath [ coreutils dosfstools findutils gawk gnugrep grub2_light ncurses ntfs3g parted utillinux wget ]}' + --set PATH '${stdenv.lib.makeBinPath [ coreutils dosfstools findutils gawk gnugrep grub2_light ncurses ntfs3g parted utillinux wget p7zip ]}' ''; doInstallCheck = true; diff --git a/pkgs/tools/security/mkp224o/default.nix b/pkgs/tools/security/mkp224o/default.nix index 5640debf124..dc17cc60276 100644 --- a/pkgs/tools/security/mkp224o/default.nix +++ b/pkgs/tools/security/mkp224o/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "mkp224o"; - version = "1.4.0"; + version = "1.5.0"; src = fetchFromGitHub { owner = "cathugger"; repo = "mkp224o"; rev = "v${version}"; - sha256 = "0b7xs4gnyfhdkwl8wkb6mazas88ybnlbxck59p4n2mnlndvd8kb7"; + sha256 = "0b2cn96wg4l8jkkqqp8l2295xlmm2jc8nrw6rdqb5g0zkpfmrxbb"; }; buildCommand = diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 03b03ff2a84..d96a16b1399 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -309,7 +309,7 @@ mapAliases ({ msf = metasploit; # added 2018-04-25 libmsgpack = msgpack; # added 2018-08-17 mssys = ms-sys; # added 2015-12-13 - mpv-with-scripts = throw "Use wrapMpv for editing the environment of mpv"; # added 2012-05-22 + mpv-with-scripts = self.wrapMpv self.mpv-unwrapped { }; # added 2020-05-22 multipath_tools = multipath-tools; # added 2016-01-21 mupen64plus1_5 = mupen64plus; # added 2016-02-12 mysqlWorkbench = mysql-workbench; # added 2017-01-19 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index cc405432704..128d580d190 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6559,6 +6559,8 @@ in setserial = callPackage ../tools/system/setserial { }; + setzer = callPackage ../applications/editors/setzer { }; + seqdiag = with python3Packages; toPythonApplication seqdiag; sequoia = callPackage ../tools/security/sequoia { @@ -16167,6 +16169,8 @@ in prometheus-gitlab-ci-pipelines-exporter = callPackage ../servers/monitoring/prometheus/gitlab-ci-pipelines-exporter.nix { }; prometheus-haproxy-exporter = callPackage ../servers/monitoring/prometheus/haproxy-exporter.nix { }; prometheus-json-exporter = callPackage ../servers/monitoring/prometheus/json-exporter.nix { }; + prometheus-keylight-exporter = callPackage ../servers/monitoring/prometheus/keylight-exporter.nix { }; + prometheus-lnd-exporter = callPackage ../servers/monitoring/prometheus/lnd-exporter.nix { }; prometheus-mail-exporter = callPackage ../servers/monitoring/prometheus/mail-exporter.nix { }; prometheus-mesos-exporter = callPackage ../servers/monitoring/prometheus/mesos-exporter.nix { }; prometheus-mikrotik-exporter = callPackage ../servers/monitoring/prometheus/mikrotik-exporter.nix { }; |