17 files changed, 284 insertions, 139 deletions
diff --git a/pkgs/tools/archivers/7zz/default.nix b/pkgs/tools/archivers/7zz/default.nix
index c93a750e48f..c4ccae0272e 100644
--- a/pkgs/tools/archivers/7zz/default.nix
+++ b/pkgs/tools/archivers/7zz/default.nix
@@ -1,4 +1,14 @@
-{ stdenv, lib, fetchurl, p7zip, uasm, useUasm ? stdenv.isx86_64 }:
+{ stdenv
+, lib
+, fetchurl
+
+, uasm
+, useUasm ? stdenv.isx86_64
+
+  # RAR code is under non-free unRAR license
+  # see the meta.license section below for more details
+, enableUnfree ? false
+}:
 
 let
   inherit (stdenv.hostPlatform) system;
@@ -14,17 +24,38 @@ stdenv.mkDerivation rec {
   version = "21.07";
 
   src = fetchurl {
-    url = "https://7-zip.org/a/7z${lib.replaceStrings [ "." ] [ "" ] version}-src.7z";
-    sha256 = "sha256-0QdNVvQVqrmdmeWXp7ZtxFXbpjSa6KTInfdkdbahKEw=";
+    url = "https://7-zip.org/a/7z${lib.replaceStrings [ "." ] [ "" ] version}-src.tar.xz";
+    sha256 = {
+      free = "sha256-SMM6kQ6AZ05s4miJjMoE4NnsXQ0tlkdWx0q2HKjhaM8=";
+      unfree = "sha256-IT1ZRAfLjvy6NmELFSykkh7aFBYzELQ5A9E+aDE+Hjk=";
+    }.${if enableUnfree then "unfree" else "free"};
+    downloadToTemp = (!enableUnfree);
+    # remove the unRAR related code from the src drv
+    # > the license requires that you agree to these use restrictions,
+    # > or you must remove the software (source and binary) from your hard disks
+    # https://fedoraproject.org/wiki/Licensing:Unrar
+    postFetch = lib.optionalString (!enableUnfree) ''
+      mkdir tmp
+      tar xf $downloadedFile -C ./tmp
+      rm -r ./tmp/CPP/7zip/Compress/Rar*
+      tar cfJ $out -C ./tmp . \
+        --sort=name \
+        --mtime="@$SOURCE_DATE_EPOCH" \
+        --owner=0 --group=0 --numeric-owner \
+        --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime
+    '';
   };
 
   sourceRoot = "CPP/7zip/Bundles/Alone2";
 
-  makeFlags = lib.optionals useUasm [ "MY_ASM=uasm" ];
+  makeFlags =
+    lib.optionals useUasm [ "MY_ASM=uasm" ] ++
+    # it's the compression code with the restriction, see DOC/License.txt
+    lib.optionals (!enableUnfree) [ "DISABLE_RAR_COMPRESS=true" ];
 
   makefile = "../../cmpl_gcc${platformSuffix}.mak";
 
-  nativeBuildInputs = [ p7zip ] ++ lib.optionals useUasm [ uasm ];
+  nativeBuildInputs = lib.optionals useUasm [ uasm ];
 
   enableParallelBuilding = true;
 
@@ -40,14 +71,27 @@ stdenv.mkDerivation rec {
   doInstallCheck = true;
 
   installCheckPhase = ''
+    runHook preInstallCheck
+
     $out/bin/7zz --help | grep ${version}
+
+    runHook postInstallCheck
   '';
 
+  passthru.updateScript = ./update.sh;
+
   meta = with lib; {
     description = "Command line archiver utility";
     homepage = "https://7-zip.org";
-    license = licenses.lgpl21Plus;
-    maintainers = with maintainers; [ anna328p peterhoeg ];
+    license = with licenses;
+      # 7zip code is largely lgpl2Plus
+      # CPP/7zip/Compress/LzfseDecoder.cpp is bsd3
+      [ lgpl2Plus /* and */ bsd3 ] ++
+      # and CPP/7zip/Compress/Rar* are unfree with the unRAR license restriction
+      # the unRAR compression code is disabled by default
+      lib.optionals enableUnfree [ unfree ];
+    maintainers = with maintainers; [ anna328p peterhoeg jk ];
     platforms = platforms.linux;
+    mainProgram = "7zz";
   };
 }
diff --git a/pkgs/tools/archivers/7zz/update.sh b/pkgs/tools/archivers/7zz/update.sh
new file mode 100755
index 00000000000..bbc9804799a
--- /dev/null
+++ b/pkgs/tools/archivers/7zz/update.sh
@@ -0,0 +1,50 @@
+#! /usr/bin/env nix-shell
+#! nix-shell -i bash -p coreutils gnused curl jq
+set -euo pipefail
+cd "$(dirname "${BASH_SOURCE[0]}")"
+
+DRV_DIR="$PWD"
+
+OLD_VERSION="$(sed -nE 's/\s*version = "(.*)".*/\1/p' ./default.nix)"
+
+NEW_VERSION="$(curl "https://sourceforge.net/projects/sevenzip/best_release.json" | jq '.platform_releases.linux.filename' -r | cut -d/ -f3)"
+
+echo "comparing versions $OLD_VERSION => $NEW_VERSION"
+if [[ "$OLD_VERSION" == "$NEW_VERSION" ]]; then
+    echo "Already up to date! Doing nothing"
+    exit 0
+fi
+
+NIXPKGS_ROOT="$(realpath "$DRV_DIR/../../../..")"
+
+echo "getting free source hash"
+OLD_FREE_HASH="$(nix-instantiate --eval --strict -E "with import $NIXPKGS_ROOT {}; _7zz.src.drvAttrs.outputHash" | tr -d '"')"
+echo "getting unfree source hash"
+OLD_UNFREE_HASH="$(nix-instantiate --eval --strict -E "with import $NIXPKGS_ROOT {}; (_7zz.override { enableUnfree = true; }).src.drvAttrs.outputHash" | tr -d '"')"
+
+NEW_VERSION_FORMATTED="$(echo "$NEW_VERSION" | tr -d '.')"
+URL="https://7-zip.org/a/7z${NEW_VERSION_FORMATTED}-src.tar.xz"
+
+
+NEW_FREE_HASH=$(nix-prefetch -f "$NIXPKGS_ROOT" -E "_7zz.src" --url "$URL")
+
+NEW_UNFREE_OUT=$(nix-prefetch -f "$NIXPKGS_ROOT" -E "(_7zz.override { enableUnfree = true; }).src" --url "$URL" --output raw --print-path)
+# first line of raw output is the hash
+NEW_UNFREE_HASH="$(echo "$NEW_UNFREE_OUT" | sed -n 1p)"
+# second line of raw output is the src path
+NEW_UNFREE_SRC="$(echo "$NEW_UNFREE_OUT" | sed -n 2p)"
+# make sure to nuke the unfree src from the updater's machine
+# > the license requires that you agree to these use restrictions, or you must remove the software (source and binary) from your hard disks
+# https://fedoraproject.org/wiki/Licensing:Unrar
+nix-store --delete "$NEW_UNFREE_SRC"
+
+
+echo "updating version"
+sed -i "s/version = \"$OLD_VERSION\";/version = \"$NEW_VERSION\";/" "$DRV_DIR/default.nix"
+
+echo "updating free hash"
+sed -i "s@free = \"$OLD_FREE_HASH\";@free = \"$NEW_FREE_HASH\";@" "$DRV_DIR/default.nix"
+echo "updating unfree hash"
+sed -i "s@unfree = \"$OLD_UNFREE_HASH\";@unfree = \"$NEW_UNFREE_HASH\";@" "$DRV_DIR/default.nix"
+
+echo "done"
diff --git a/pkgs/tools/backup/bupstash/default.nix b/pkgs/tools/backup/bupstash/default.nix
index 91876f68d4a..0d3550c05bc 100644
--- a/pkgs/tools/backup/bupstash/default.nix
+++ b/pkgs/tools/backup/bupstash/default.nix
@@ -1,16 +1,16 @@
 { lib, fetchFromGitHub, installShellFiles, rustPlatform, ronn, pkg-config, libsodium }:
 rustPlatform.buildRustPackage rec {
   pname = "bupstash";
-  version = "0.10.3";
+  version = "0.11.0";
 
   src = fetchFromGitHub {
     owner = "andrewchambers";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-YN5pIXJRTQXqFGuXvyoSlYJEjAZ4wIYEKjEeF8qIJCI=";
+    sha256 = "sha256-9yWQQ8uzDkN3Pi2OiEn+oEazc3nH53dF2GswBCu8d3c=";
   };
 
-  cargoSha256 = "sha256-Erpg+Sktx+L2X9k6g1ngOyM8MNoucGcScOSPMB7vld8=";
+  cargoSha256 = "sha256-JAclSUFuQk768cgDEvG1rxux2xBGHl1d/NAoxw161YU=";
 
   nativeBuildInputs = [ ronn pkg-config installShellFiles ];
   buildInputs = [ libsodium ];
diff --git a/pkgs/tools/filesystems/dosfstools/default.nix b/pkgs/tools/filesystems/dosfstools/default.nix
index 14d054364fd..75a39fdfe92 100644
--- a/pkgs/tools/filesystems/dosfstools/default.nix
+++ b/pkgs/tools/filesystems/dosfstools/default.nix
@@ -1,21 +1,30 @@
-{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, libiconv }:
+{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, libiconv, gettext, xxd }:
 
 stdenv.mkDerivation rec {
   pname = "dosfstools";
-  version = "4.1";
+  version = "4.2";
 
   src = fetchFromGitHub {
     owner = "dosfstools";
     repo = "dosfstools";
     rev = "v${version}";
-    sha256 = "1a2zn1655d5f1m6jp9vpn3bp8yfxhcmxx3mx23ai9hmxiydiykr1";
+    sha256 = "sha256-2gxB0lQixiHOHw8uTetHekaM57fvUd9zOzSxWnvUz/c=";
   };
 
   nativeBuildInputs = [ autoreconfHook pkg-config ]
     ++ lib.optional stdenv.isDarwin libiconv;
 
+  # configure.ac:75: error: required file './config.rpath' not found
+  # https://github.com/dosfstools/dosfstools/blob/master/autogen.sh
+  postPatch = ''
+    cp ${gettext}/share/gettext/config.rpath config.rpath
+  '';
+
   configureFlags = [ "--enable-compat-symlinks" ];
 
+  checkInputs = [ xxd ];
+  doCheck = true;
+
   meta = {
     description = "Utilities for creating and checking FAT and VFAT file systems";
     homepage = "https://github.com/dosfstools/dosfstools";
diff --git a/pkgs/tools/misc/apkeep/default.nix b/pkgs/tools/misc/apkeep/default.nix
index d405302282f..ef7699ccf28 100644
--- a/pkgs/tools/misc/apkeep/default.nix
+++ b/pkgs/tools/misc/apkeep/default.nix
@@ -2,14 +2,14 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "apkeep";
-  version = "0.9.0";
+  version = "0.10.0";
 
   src = fetchCrate {
     inherit pname version;
-    sha256 = "sha256-ST1ifON25mizKZQX3fKeqBloXWW9LXDq5JkZIeiguRY=";
+    sha256 = "14vm3b2gbmn9pil0aagwchn4kyvi9311id6qv4a376qfb6r1aybf";
   };
 
-  cargoSha256 = "sha256-/Xh1s4PO336B1ioKe0IKVGDACpMuXOpxA82U6zn2lj0=";
+  cargoSha256 = "0i8wzc58ji317kjdw3ls1908z4bqlh1cgjph0fxsvs5i552qjkzp";
 
   prePatch = ''
     rm .cargo/config.toml
diff --git a/pkgs/tools/misc/opentelemetry-collector/default.nix b/pkgs/tools/misc/opentelemetry-collector/default.nix
index 851d4f2dc18..1feb290bb13 100644
--- a/pkgs/tools/misc/opentelemetry-collector/default.nix
+++ b/pkgs/tools/misc/opentelemetry-collector/default.nix
@@ -12,17 +12,17 @@ let
 in
 buildGoModule rec {
   pname = "opentelemetry-collector";
-  version = "0.46.0";
+  version = "0.47.0";
 
   src = fetchFromGitHub {
     owner = "open-telemetry";
     repo = "opentelemetry-collector";
     rev = "v${version}";
-    sha256 = "sha256-ibaA9oCSsId9A4ul5sfM+L8ExBl+Wv7rhGnb6TZ4WJw=";
+    sha256 = "sha256-1dMdQWV+gxbMc/2iVsB1LCsYxR0bt5AJEvoFq2/KHCg=";
   };
   # there is a nested go.mod
   sourceRoot = "source/cmd/otelcorecol";
-  vendorSha256 = "sha256-Okmsd/skfBmkyLv9oPFH0QvewFZFPpUH2ahWxHt7cy8=";
+  vendorSha256 = "sha256-ps6fUVg7vhGgy47WTJv/U1qHQ2MGXIWXNZ5Rddo1yQY=";
 
   preBuild = ''
     # set the build version, can't be done via ldflags
diff --git a/pkgs/tools/misc/rockbox-utility/default.nix b/pkgs/tools/misc/rockbox-utility/default.nix
index a75b90d6f54..bf191beca3f 100644
--- a/pkgs/tools/misc/rockbox-utility/default.nix
+++ b/pkgs/tools/misc/rockbox-utility/default.nix
@@ -1,9 +1,13 @@
-{ lib, stdenv, fetchurl, pkg-config, cryptopp
-, libusb1, qtbase, qttools, makeWrapper
-, qmake, withEspeak ? false, espeak ? null
-, qt5 }:
-
-let inherit (lib) getDev; in
+{ lib
+, stdenv
+, fetchurl
+, cryptopp
+, libusb1
+, makeWrapper
+, pkg-config
+, qt5
+, withEspeak ? false, espeak ? null
+}:
 
 stdenv.mkDerivation  rec {
   pname = "rockbox-utility";
@@ -11,16 +15,27 @@ stdenv.mkDerivation  rec {
 
   src = fetchurl {
     url = "https://download.rockbox.org/rbutil/source/RockboxUtility-v${version}-src.tar.bz2";
-    sha256 = "0zm9f01a810y7aq0nravbsl0vs9vargwvxnfl4iz9qsqygwlj69y";
+    hash = "sha256-PhlJ+fNY4/Qjoc72zV9WO+kNqF5bZQuwOh4EpAJwqX4=";
   };
 
-  buildInputs = [ cryptopp libusb1 qtbase qttools ]
-    ++ lib.optional withEspeak espeak;
-  nativeBuildInputs = [ makeWrapper pkg-config qmake qt5.wrapQtAppsHook ];
+  nativeBuildInputs = [
+    makeWrapper
+    pkg-config
+    qt5.qmake
+    qt5.wrapQtAppsHook
+  ];
+
+  buildInputs = [
+    cryptopp
+    libusb1
+    qt5.qtbase
+    qt5.qttools
+  ]
+  ++ lib.optional withEspeak espeak;
 
   postPatch = ''
     sed -i rbutil/rbutilqt/rbutilqt.pro \
-        -e '/^lrelease.commands =/ s|$$\[QT_INSTALL_BINS\]/lrelease -silent|${getDev qttools}/bin/lrelease|'
+        -e '/^lrelease.commands =/ s|$$\[QT_INSTALL_BINS\]/lrelease -silent|${lib.getDev qt5.qttools}/bin/lrelease|'
   '';
 
   preConfigure = ''
@@ -48,10 +63,10 @@ stdenv.mkDerivation  rec {
   enableParallelBuilding = false;
 
   meta = with lib; {
-    description = "Open source firmware for mp3 players";
     homepage = "https://www.rockbox.org";
-    license = licenses.gpl2;
+    description = "Open source firmware for digital music players";
+    license = licenses.gpl2Plus;
+    maintainers = with maintainers; [ AndersonTorres goibhniu ];
     platforms = platforms.linux;
-    maintainers = with maintainers; [ goibhniu ];
   };
 }
diff --git a/pkgs/tools/networking/boundary/default.nix b/pkgs/tools/networking/boundary/default.nix
index 3745856a8c0..c86c9c5fd68 100644
--- a/pkgs/tools/networking/boundary/default.nix
+++ b/pkgs/tools/networking/boundary/default.nix
@@ -2,7 +2,7 @@
 
 stdenv.mkDerivation rec {
   pname = "boundary";
-  version = "0.7.5";
+  version = "0.7.6";
 
   src =
     let
@@ -15,10 +15,10 @@ stdenv.mkDerivation rec {
         aarch64-darwin = "darwin_arm64";
       };
       sha256 = selectSystem {
-        x86_64-linux = "sha256-wqNeeEQhR8cj7Gpbzp7UQV0j+w0peo41uKqgK9BoLH4=";
-        aarch64-linux = "sha256-HK/6eMBWUW1IbYE5RpInhcQuIw16X9vQEZmOBje9Yzk=";
-        x86_64-darwin = "sha256-ghgkPlEN9DHFviQzcGS/+oG+9Qqy2AfJ2IEyiSMJwwY=";
-        aarch64-darwin = "sha256-F4iOCxAm8s34KktuS5PRPkIg9A0179H6zlOM3OuTyUw=";
+        x86_64-linux = "sha256-nsc8S63OUEo9db/hs9oA53Lk+amIsxB/O4TJCs4zdNw=";
+        aarch64-linux = "sha256-KttqYuF7xC88L49f7JKKr77FbKBihptoBIoemgFInm0=";
+        x86_64-darwin = "sha256-ov4CtiWsOU/AWfAo7x99RshW6+eU9lFD5ypo6MKyPM0=";
+        aarch64-darwin = "sha256-3E9fv8BSu7XXIwRmTrDECLNQKdoeUqitKbsTrXs+tTE=";
       };
     in
     fetchzip {
diff --git a/pkgs/tools/networking/innernet/default.nix b/pkgs/tools/networking/innernet/default.nix
index 67f9a9d793b..68ccdfc3870 100644
--- a/pkgs/tools/networking/innernet/default.nix
+++ b/pkgs/tools/networking/innernet/default.nix
@@ -13,15 +13,15 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "innernet";
-  version = "1.5.3";
+  version = "1.5.4";
 
   src = fetchFromGitHub {
     owner = "tonarino";
     repo = "innernet";
     rev = "v${version}";
-    sha256 = "sha256-dpoSjGtjGJTF/sQ8vbeAUCjnkYqz4zGnfO8br8gJbsQ=";
+    sha256 = "sha256-CcZ4241EU+ktPbFsuR/sF4yP6xAOFg+oW8thtAQZr/4=";
   };
-  cargoSha256 = "sha256-EmAlm3W9r6pP1VIxeM2UP1ZG9TjopTarckMfLDonr1k=";
+  cargoSha256 = "sha256-7APUSDxw6X4KJnFvm6xhiHL1D4NTNS2pC/4UVGyjJYY=";
 
   nativeBuildInputs = with llvmPackages; [
     llvm
diff --git a/pkgs/tools/networking/magic-wormhole-rs/Cargo.toml.patch b/pkgs/tools/networking/magic-wormhole-rs/Cargo.toml.patch
new file mode 100644
index 00000000000..debb1e26439
--- /dev/null
+++ b/pkgs/tools/networking/magic-wormhole-rs/Cargo.toml.patch
@@ -0,0 +1,67 @@
+diff --git a/Cargo.lock b/Cargo.lock
+index d33b5d6..ddde8ed 100644
+--- a/Cargo.lock
++++ b/Cargo.lock
+@@ -150,33 +150,6 @@ dependencies = [
+  "winapi 0.3.9",
+ ]
+ 
+-[[package]]
+-name = "async-std"
+-version = "1.10.0"
+-source = "registry+https://github.com/rust-lang/crates.io-index"
+-checksum = "f8056f1455169ab86dd47b47391e4ab0cbd25410a70e9fe675544f49bafaf952"
+-dependencies = [
+- "async-channel",
+- "async-global-executor",
+- "async-io",
+- "async-lock",
+- "crossbeam-utils",
+- "futures-channel",
+- "futures-core",
+- "futures-io",
+- "futures-lite",
+- "gloo-timers",
+- "kv-log-macro",
+- "log",
+- "memchr",
+- "num_cpus",
+- "once_cell",
+- "pin-project-lite",
+- "pin-utils",
+- "slab",
+- "wasm-bindgen-futures",
+-]
+-
+ [[package]]
+ name = "async-std"
+ version = "1.10.0"
+@@ -230,7 +203,7 @@ version = "0.16.1"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+ checksum = "5682ea0913e5c20780fe5785abacb85a411e7437bf52a1bedb93ddb3972cb8dd"
+ dependencies = [
+- "async-std 1.10.0 (registry+https://github.com/rust-lang/crates.io-index)",
++ "async-std",
+  "async-tls",
+  "futures-io",
+  "futures-util",
+@@ -1154,7 +1127,7 @@ name = "magic-wormhole"
+ version = "0.3.0"
+ dependencies = [
+  "async-io",
+- "async-std 1.10.0 (git+https://github.com/async-rs/async-std)",
++ "async-std",
+  "async-tungstenite",
+  "base64",
+  "bytecodec",
+diff --git a/Cargo.toml b/Cargo.toml
+index b4ff2c0..d4094af 100644
+--- a/Cargo.toml
++++ b/Cargo.toml
+@@ -82,3 +82,6 @@ required-features = ["bin"]
+ 
+ [profile.release]
+ overflow-checks = true
++
++[patch.crates-io]
++async-std = { version = "1.9.0", features = ["attributes", "unstable"], git = "https://github.com/async-rs/async-std" }
diff --git a/pkgs/tools/networking/magic-wormhole-rs/default.nix b/pkgs/tools/networking/magic-wormhole-rs/default.nix
new file mode 100644
index 00000000000..951a0664376
--- /dev/null
+++ b/pkgs/tools/networking/magic-wormhole-rs/default.nix
@@ -0,0 +1,32 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, rustPlatform
+}:
+rustPlatform.buildRustPackage rec {
+  name = "magic-wormhole-rs";
+  version = "0.3.0";
+
+  src = fetchFromGitHub {
+    owner = "magic-wormhole";
+    repo = "magic-wormhole.rs";
+    rev = version;
+    sha256 = "sha256-i4vJ6HmtM42m1x1UtOq9xlmhYIa5ZKXUm1rGFNRprmY=";
+  };
+
+  # this patch serves as a workaround for the problems of cargo-vendor described in
+  # https://github.com/NixOS/nixpkgs/issues/30742
+  # and can probably be removed once the issue is resolved
+  cargoPatches = [ ./Cargo.toml.patch ];
+  cargoSha256 = "sha256-DG1kyukgzDbolX9Mg9hK1TRyzIWbAX6f54jSM8clj/c=";
+
+  # all tests involve networking and are bound fail
+  doCheck = false;
+
+  meta = with lib; {
+    description = "Rust implementation of Magic Wormhole, with new features and enhancements";
+    homepage = "https://github.com/magic-wormhole/magic-wormhole.rs";
+    license = licenses.eupl12;
+    maintainers = with maintainers; [ zeri piegames ];
+  };
+}
diff --git a/pkgs/tools/package-management/cargo-about/default.nix b/pkgs/tools/package-management/cargo-about/default.nix
index a61aff2107d..0ed6f978ba9 100644
--- a/pkgs/tools/package-management/cargo-about/default.nix
+++ b/pkgs/tools/package-management/cargo-about/default.nix
@@ -2,19 +2,19 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "cargo-about";
-  version = "0.4.8";
+  version = "0.5.0";
 
   src = fetchFromGitHub {
     owner = "EmbarkStudios";
     repo = "cargo-about";
     rev = version;
-    sha256 = "sha256-cKzGg3fAXKqnBZES3YUMbv1ZAcLqo6AdrXKXSFSAnis=";
+    sha256 = "sha256-M09X7UwrTtrOhOphhpGHSAqxneY50jNrFKJCeBQhRfc=";
   };
 
   # enable pkg-config feature of zstd
   cargoPatches = [ ./zstd-pkg-config.patch ];
 
-  cargoSha256 = "sha256-OLrxqbTIhHMNPEnSAUbTqoYnaZi/BxbWUCxaTo9Zyww=";
+  cargoSha256 = "sha256-E1+OfVAzrezXoUz9Nlyhdq1xxEWm4UJhVyp+nG7UmYY=";
 
   nativeBuildInputs = [ pkg-config ];
 
diff --git a/pkgs/tools/security/grype/default.nix b/pkgs/tools/security/grype/default.nix
index a6ed2168670..1b80d7ecd88 100644
--- a/pkgs/tools/security/grype/default.nix
+++ b/pkgs/tools/security/grype/default.nix
@@ -6,23 +6,21 @@
 
 buildGoModule rec {
   pname = "grype";
-  version = "0.34.2";
+  version = "0.34.3";
 
   src = fetchFromGitHub {
     owner = "anchore";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-tMkMGM45/LcFllEgQ3UTl6FsLJmdsU8SLcLH/8+zMA4=";
+    sha256 = "sha256-iWmLfQ08+dhjvKQiK2iy2Tegk4jH9dGopu/6kdDRZd0=";
     # populate values that require us to use git. By doing this in postFetch we
     # can delete .git afterwards and maintain better reproducibility of the src.
     leaveDotGit = true;
     postFetch = ''
       cd "$out"
-      commit="$(git rev-parse HEAD)"
-      source_date_epoch=$(git log --date=format:'%Y-%m-%dT%H:%M:%SZ' -1 --pretty=%ad)
-      substituteInPlace "$out/internal/version/build.go" \
-        --replace 'gitCommit = valueNotProvided' "gitCommit = \"$commit\"" \
-        --replace 'buildDate = valueNotProvided' "buildDate = \"$source_date_epoch\""
+      git rev-parse HEAD > $out/COMMIT
+      # 0000-00-00T00:00:00Z
+      date -u -d "@$(git log -1 --pretty=%ct)" "+%Y-%m-%dT%H:%M:%SZ" > $out/SOURCE_DATE_EPOCH
       find "$out" -name .git -print0 | xargs -0 rm -rf
     '';
   };
@@ -37,14 +35,17 @@ buildGoModule rec {
     "-s"
     "-w"
     "-X github.com/anchore/grype/internal/version.version=${version}"
+    "-X github.com/anchore/grype/internal/version.gitDescription=v${version}"
     "-X github.com/anchore/grype/internal/version.gitTreeState=clean"
   ];
 
   preBuild = ''
     # grype version also displays the version of the syft library used
     # we need to grab it from the go.sum and add an ldflag for it
-    SYFTVERSION="$(grep "github.com/anchore/syft" go.sum -m 1 | awk '{print $2}')"
-    ldflags+=" -X github.com/anchore/grype/internal/version.syftVersion=$SYFTVERSION"
+    SYFT_VERSION="$(grep "github.com/anchore/syft" go.sum -m 1 | awk '{print $2}')"
+    ldflags+=" -X github.com/anchore/grype/internal/version.syftVersion=$SYFT_VERSION"
+    ldflags+=" -X github.com/anchore/grype/internal/version.gitCommit=$(cat COMMIT)"
+    ldflags+=" -X github.com/anchore/grype/internal/version.buildDate=$(cat SOURCE_DATE_EPOCH)"
   '';
 
   # Tests require a running Docker instance
diff --git a/pkgs/tools/security/spire/default.nix b/pkgs/tools/security/spire/default.nix
index 5f06abeda1b..8f36e4ce59e 100644
--- a/pkgs/tools/security/spire/default.nix
+++ b/pkgs/tools/security/spire/default.nix
@@ -2,7 +2,7 @@
 
 buildGoModule rec {
   pname = "spire";
-  version = "1.2.0";
+  version = "1.2.1";
 
   outputs = [ "out" "agent" "server" ];
 
@@ -10,10 +10,10 @@ buildGoModule rec {
     owner = "spiffe";
     repo = pname;
     rev = "v${version}";
-    sha256 = "01ph9jzh18bnidrsbnnxm3gxh0cgfllnjvf7a5haqz51lm6a9pny";
+    sha256 = "sha256-LK73RGSTwGhCXOglsqK8RAAldovRzliE78vi2ilTSrw=";
   };
 
-  vendorSha256 = "1fd1k5by4wcjmzfgi3gnrwnb38b0wa3w67kzjlx8s0nwapyfgx0b";
+  vendorSha256 = "sha256-am8ZTUX8Vph1Eg013NObMiSVeupS2hlHdpZ/1mO27dY=";
 
   subPackages = [ "cmd/spire-agent" "cmd/spire-server" ];
 
diff --git a/pkgs/tools/wayland/swayr/default.nix b/pkgs/tools/wayland/swayr/default.nix
index c1bcf3b4e9f..6237d1a88ee 100644
--- a/pkgs/tools/wayland/swayr/default.nix
+++ b/pkgs/tools/wayland/swayr/default.nix
@@ -2,16 +2,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "swayr";
-  version = "0.13.0";
+  version = "0.15.0";
 
   src = fetchFromSourcehut {
     owner = "~tsdh";
     repo = "swayr";
     rev = "v${version}";
-    sha256 = "sha256-V4ETsraJo9X10fPMGSuiokPiSlZGYHncOdfheGom1go=";
+    sha256 = "sha256-GLOJjGr29v4oVNCWgjPWluIiSeLoIYeOw2HwmSfxA8Y=";
   };
 
-  cargoSha256 = "sha256-3ErzkS8u+4Ve26jpDbsYr4BVDm/XEgydYdZ2ErtVuVA=";
+  cargoSha256 = "sha256-gg/IHrgfDZT+3FNM/se5X1YMcHX127jMNI/WDEpMzy4=";
 
   patches = [
     ./icon-paths.patch
diff --git a/pkgs/tools/wayland/ydotool/default.nix b/pkgs/tools/wayland/ydotool/default.nix
index 4a75eac8c57..8d55233638e 100644
--- a/pkgs/tools/wayland/ydotool/default.nix
+++ b/pkgs/tools/wayland/ydotool/default.nix
@@ -1,41 +1,26 @@
-{ lib, stdenv, fetchFromGitHub, pkg-config, cmake, boost, libevdevplus, libuinputplus, iodash, cxxopts}:
+{ lib, stdenv, fetchFromGitHub, pkg-config, cmake, scdoc }:
 
 stdenv.mkDerivation rec {
   pname = "ydotool";
-  version = "unstable-2021-01-20";
+  version = "1.0.1";
 
   src = fetchFromGitHub {
     owner = "ReimuNotMoe";
     repo = "ydotool";
-    rev = "b1d041f52f7bac364d6539b1251d29c3b77c0f37";
-    sha256 = "1gzdbx6fv0dbcyia3yyzhv93az2gf90aszb9kcj5cnxywfpv9w9g";
+    rev = "v${version}";
+    sha256 = "sha256-maXXGCqB8dkGO8956hsKSwM4HQdYn6z1jBFENQ9sKcA=";
   };
 
-  # upstream decided to use a cpp package manager called cpm.
-  # we need to disable that because it wants networking, furthermore,
-  # it does some system folder creating which also needs to be disabled.
-  # Both changes are to respect the sandbox.
-  patches = [ ./fixup-cmakelists.patch ];
-
-
-  # cxxopts is a header only library.
-  # See pull request: https://github.com/ReimuNotMoe/ydotool/pull/105
-  postPatch = ''
-    substituteInPlace CMakeLists.txt --replace \
-      "PUBLIC cxxopts" \
-      "PUBLIC"
-  '';
-
   nativeBuildInputs = [ cmake pkg-config ];
   buildInputs = [
-    boost libevdevplus libuinputplus iodash cxxopts
+    scdoc
   ];
 
   meta = with lib; {
     inherit (src.meta) homepage;
     description = "Generic Linux command-line automation tool";
-    license = licenses.mit;
-    maintainers = with maintainers; [ willibutz ];
+    license = licenses.agpl3Plus;
+    maintainers = with maintainers; [ willibutz kraem ];
     platforms = with platforms; linux;
   };
 }
diff --git a/pkgs/tools/wayland/ydotool/fixup-cmakelists.patch b/pkgs/tools/wayland/ydotool/fixup-cmakelists.patch
deleted file mode 100644
index 965d5c38d83..00000000000
--- a/pkgs/tools/wayland/ydotool/fixup-cmakelists.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From bb8bc44d22060cd1215712117cf30eae09f4f6ba Mon Sep 17 00:00:00 2001
-From: Jappie Klooster <jappieklooster@hotmail.com>
-Date: Fri, 2 Apr 2021 14:04:14 -0400
-Subject: [PATCH] Fixup cmaklists
-
-We remove cpm, which is a package manager for c++,
-which requires networking, so it's better just deleted.
-
-Furthermore we delete the adddirectory statements.
-These want to modify directories outside of the sandbox.
----
- CMakeLists.txt | 26 --------------------------
- 1 file changed, 26 deletions(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index b5e8789..b797538 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -13,30 +13,6 @@ endif()
- 
- include(${CPM_DOWNLOAD_LOCATION})
- 
--CPMAddPackage(
--        NAME IODash
--        GITHUB_REPOSITORY YukiWorkshop/IODash
--        VERSION 0.1.0
--)
--
--CPMAddPackage(
--        NAME libevdevPlus
--        GITHUB_REPOSITORY YukiWorkshop/libevdevPlus
--        VERSION 0.2.1
--)
--
--CPMAddPackage(
--        NAME libuInputPlus
--        GITHUB_REPOSITORY YukiWorkshop/libuInputPlus
--        VERSION 0.2.1
--)
--
--CPMAddPackage(
--        NAME cxxopts
--        GITHUB_REPOSITORY jarro2783/cxxopts
--        VERSION 3.0.0
--        GIT_TAG 2d8e17c4f88efce80e274cb03eeb902e055a91d3
--)
- 
- set(SOURCE_FILES_LIBRARY
-         CommonIncludes.hpp
-@@ -74,5 +50,3 @@ add_executable(ydotool ${SOURCE_FILES_CLIENT})
- target_link_libraries(ydotool ydotool_library dl pthread uInputPlus evdevPlus)
- install(TARGETS ydotool DESTINATION ${CMAKE_INSTALL_BINDIR})
- 
--add_subdirectory(Daemon)
--add_subdirectory(manpage)
--- 
-2.29.2
-