summary refs log tree commit diff
path: root/pkgs/tools
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools')
-rw-r--r--pkgs/tools/X11/xkb-switch-i3/default.nix34
-rw-r--r--pkgs/tools/X11/xwallpaper/default.nix3
-rw-r--r--pkgs/tools/admin/awscli/default.nix4
-rw-r--r--pkgs/tools/admin/chamber/default.nix14
-rw-r--r--pkgs/tools/admin/clair/default.nix7
-rw-r--r--pkgs/tools/admin/credhub-cli/default.nix44
-rw-r--r--pkgs/tools/admin/lexicon/default.nix4
-rw-r--r--pkgs/tools/audio/aucdtect/default.nix33
-rw-r--r--pkgs/tools/audio/volctl/default.nix46
-rw-r--r--pkgs/tools/backup/borg/default.nix4
-rw-r--r--pkgs/tools/backup/duplicity/default.nix4
-rw-r--r--pkgs/tools/backup/duplicity/use-installed-scripts-in-test.patch18
-rw-r--r--pkgs/tools/filesystems/bcachefs-tools/default.nix26
-rw-r--r--pkgs/tools/filesystems/glusterfs/default.nix54
-rw-r--r--pkgs/tools/filesystems/glusterfs/glusterfs-fix-bug-1489610-glusterfind-var-data-under-prefix.patch27
-rw-r--r--pkgs/tools/graphics/directx-shader-compiler/default.nix50
-rw-r--r--pkgs/tools/graphics/graphviz/base.nix2
-rw-r--r--pkgs/tools/graphics/jhead/default.nix5
-rw-r--r--pkgs/tools/misc/agedu/default.nix10
-rw-r--r--pkgs/tools/misc/barman/default.nix4
-rw-r--r--pkgs/tools/misc/broot/default.nix6
-rw-r--r--pkgs/tools/misc/calamares/default.nix17
-rw-r--r--pkgs/tools/misc/clac/default.nix15
-rw-r--r--pkgs/tools/misc/code-minimap/default.nix25
-rw-r--r--pkgs/tools/misc/duf/default.nix2
-rw-r--r--pkgs/tools/misc/esptool/default.nix22
-rw-r--r--pkgs/tools/misc/ethminer/default.nix11
-rw-r--r--pkgs/tools/misc/fbcat/default.nix33
-rw-r--r--pkgs/tools/misc/hdf4/default.nix3
-rw-r--r--pkgs/tools/misc/kcollectd/default.nix56
-rw-r--r--pkgs/tools/misc/kermit/default.nix5
-rw-r--r--pkgs/tools/misc/lf/default.nix6
-rw-r--r--pkgs/tools/misc/mutagen/default.nix18
-rw-r--r--pkgs/tools/misc/nix-direnv/default.nix4
-rw-r--r--pkgs/tools/misc/nvimpager/default.nix47
-rw-r--r--pkgs/tools/misc/picocom/default.nix48
-rw-r--r--pkgs/tools/misc/topgrade/default.nix6
-rw-r--r--pkgs/tools/misc/toybox/default.nix2
-rw-r--r--pkgs/tools/misc/woof/default.nix25
-rw-r--r--pkgs/tools/misc/you-get/default.nix4
-rw-r--r--pkgs/tools/misc/youtube-dl/default.nix4
-rw-r--r--pkgs/tools/misc/z-lua/default.nix10
-rw-r--r--pkgs/tools/misc/zalgo/default.nix25
-rw-r--r--pkgs/tools/networking/cjdns/default.nix6
-rw-r--r--pkgs/tools/networking/curl/default.nix4
-rw-r--r--pkgs/tools/networking/httpstat/default.nix4
-rw-r--r--pkgs/tools/networking/kapp/default.nix23
-rw-r--r--pkgs/tools/networking/libreswan/default.nix6
-rw-r--r--pkgs/tools/networking/openssh/default.nix21
-rw-r--r--pkgs/tools/networking/proxify/default.nix31
-rw-r--r--pkgs/tools/networking/qr-filetransfer/default.nix30
-rw-r--r--pkgs/tools/networking/qr-filetransfer/deps.nix66
-rw-r--r--pkgs/tools/networking/qrcp/default.nix33
-rw-r--r--pkgs/tools/package-management/libdnf/darwin.patch35
-rw-r--r--pkgs/tools/package-management/libdnf/default.nix66
-rw-r--r--pkgs/tools/package-management/librepo/default.nix9
-rw-r--r--pkgs/tools/package-management/microdnf/default.nix24
-rw-r--r--pkgs/tools/package-management/nix-update/default.nix4
-rw-r--r--pkgs/tools/package-management/protontricks/default.nix52
-rw-r--r--pkgs/tools/package-management/protontricks/steam-run.patch254
-rw-r--r--pkgs/tools/package-management/rpm/default.nix26
-rw-r--r--pkgs/tools/security/dnsx/default.nix31
-rw-r--r--pkgs/tools/security/enpass/data.json10
-rw-r--r--pkgs/tools/security/enpass/default.nix11
-rw-r--r--pkgs/tools/security/ffuf/default.nix34
-rw-r--r--pkgs/tools/security/gau/default.nix29
-rw-r--r--pkgs/tools/security/gospider/default.nix33
-rw-r--r--pkgs/tools/security/httpx/default.nix30
-rw-r--r--pkgs/tools/security/naabu/default.nix38
-rw-r--r--pkgs/tools/security/neopg/default.nix1
-rw-r--r--pkgs/tools/security/nuclei/default.nix36
-rw-r--r--pkgs/tools/security/onlykey-cli/default.nix24
-rw-r--r--pkgs/tools/security/rbw/default.nix7
-rw-r--r--pkgs/tools/security/step-ca/default.nix30
-rw-r--r--pkgs/tools/security/step-ca/deps.nix291
-rw-r--r--pkgs/tools/security/step-cli/default.nix23
-rw-r--r--pkgs/tools/security/step-cli/deps.nix453
-rw-r--r--pkgs/tools/security/sudo/default.nix4
-rw-r--r--pkgs/tools/security/teler/default.nix33
-rw-r--r--pkgs/tools/system/bottom/default.nix10
-rw-r--r--pkgs/tools/system/colorls/Gemfile.lock4
-rw-r--r--pkgs/tools/system/colorls/gemset.nix16
-rw-r--r--pkgs/tools/system/daemon/default.nix6
-rw-r--r--pkgs/tools/system/htop/default.nix4
-rw-r--r--pkgs/tools/system/rocm-smi/default.nix2
-rw-r--r--pkgs/tools/text/chroma/default.nix24
-rw-r--r--pkgs/tools/text/languagetool/default.nix1
-rw-r--r--pkgs/tools/text/ripgrep/default.nix3
-rw-r--r--pkgs/tools/text/ugrep/default.nix4
-rw-r--r--pkgs/tools/typesetting/bibclean/default.nix1
-rw-r--r--pkgs/tools/typesetting/lowdown/default.nix4
-rw-r--r--pkgs/tools/typesetting/tectonic/default.nix6
-rw-r--r--pkgs/tools/typesetting/tex/texlive/combine.nix4
-rw-r--r--pkgs/tools/virtualization/amazon-ecs-cli/default.nix6
94 files changed, 1510 insertions, 1184 deletions
diff --git a/pkgs/tools/X11/xkb-switch-i3/default.nix b/pkgs/tools/X11/xkb-switch-i3/default.nix
new file mode 100644
index 00000000000..9485cb62b2b
--- /dev/null
+++ b/pkgs/tools/X11/xkb-switch-i3/default.nix
@@ -0,0 +1,34 @@
+{ stdenv
+, cmake
+, fetchFromGitHub
+, i3
+, jsoncpp
+, libsigcxx
+, libX11
+, libxkbfile
+, pkg-config
+}:
+
+stdenv.mkDerivation rec {
+  pname = "xkb-switch-i3";
+  version = "1.8.1";
+
+  src = fetchFromGitHub {
+    owner = "Zebradil";
+    repo = "xkb-switch-i3";
+    rev = version;
+    sha256 = "15c19hp0n1k3w15qn97j6wp5b8hbk0mq6x3xjfn6dkkjfz1fl6cn";
+    fetchSubmodules = true;
+  };
+
+  nativeBuildInputs = [ cmake pkg-config ];
+  buildInputs = [ i3 jsoncpp libsigcxx libX11 libxkbfile ];
+
+  meta = with stdenv.lib; {
+    description = "Switch your X keyboard layouts from the command line(i3 edition)";
+    homepage = "https://github.com/Zebradil/xkb-switch-i3";
+    license = licenses.gpl3Plus;
+    maintainers = with maintainers; [ ewok ];
+    platforms = platforms.linux;
+  };
+}
diff --git a/pkgs/tools/X11/xwallpaper/default.nix b/pkgs/tools/X11/xwallpaper/default.nix
index 759613553fe..aab4d1180e0 100644
--- a/pkgs/tools/X11/xwallpaper/default.nix
+++ b/pkgs/tools/X11/xwallpaper/default.nix
@@ -5,6 +5,7 @@
 , pixman
 , xcbutil
 , xcbutilimage
+, libseccomp
 , libjpeg
 , libpng
 , libXpm
@@ -24,7 +25,7 @@ stdenv.mkDerivation rec {
   preConfigure = "./autogen.sh";
 
   nativeBuildInputs = [ pkg-config autoreconfHook ];
-  buildInputs = [ pixman xcbutilimage xcbutil libjpeg libpng libXpm ];
+  buildInputs = [ pixman xcbutilimage xcbutil libseccomp libjpeg libpng libXpm ];
 
   meta = with stdenv.lib; {
     homepage = "https://github.com/stoeckmann/xwallpaper";
diff --git a/pkgs/tools/admin/awscli/default.nix b/pkgs/tools/admin/awscli/default.nix
index edac64308c1..9c7f9936e59 100644
--- a/pkgs/tools/admin/awscli/default.nix
+++ b/pkgs/tools/admin/awscli/default.nix
@@ -28,11 +28,11 @@ let
 
 in with py.pkgs; buildPythonApplication rec {
   pname = "awscli";
-  version = "1.18.199"; # N.B: if you change this, change botocore to a matching version too
+  version = "1.18.204"; # N.B: if you change this, change botocore to a matching version too
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "09ncnglxy3ph0i4zh93cxgwsxy3hgsy6pvnln1845p2nwvjsw434";
+    sha256 = "sha256-YAyqRJbETCagcME63dt5b9WDRj6tq8Gdwk6qyAd86lE=";
   };
 
   postPatch = ''
diff --git a/pkgs/tools/admin/chamber/default.nix b/pkgs/tools/admin/chamber/default.nix
index 7a80ed37188..c2126181f36 100644
--- a/pkgs/tools/admin/chamber/default.nix
+++ b/pkgs/tools/admin/chamber/default.nix
@@ -1,15 +1,23 @@
-{ buildGoModule, lib, fetchFromGitHub }:
+{ buildGoModule, lib, fetchFromGitHub, fetchpatch }:
+
 buildGoModule rec {
   pname = "chamber";
-  version = "2.8.2";
+  version = "2.9.0";
 
   src = fetchFromGitHub {
     owner = "segmentio";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-7L9RaE4LvHRR6MUimze5QpbnfasWJdY4arfS/Usy2q0=";
+    sha256 = "eOMY9P/fCYvnl6KGNb6wohykLA0Sj9Ti0L18gx5dqUk=";
   };
 
+  patches = [
+    (fetchpatch {
+      url = "https://github.com/segmentio/chamber/commit/3aeb416cdf4c232552b653262e37047fc13b1f02.patch";
+      sha256 = "cyxNF9ZP4oG+1sfX9yWZCyntpAvwYUh5BzTirZQGejc=";
+    })
+  ];
+
   vendorSha256 = null;
 
   # set the version. see: chamber's Makefile
diff --git a/pkgs/tools/admin/clair/default.nix b/pkgs/tools/admin/clair/default.nix
index 565196280ce..cbe6e3eed1f 100644
--- a/pkgs/tools/admin/clair/default.nix
+++ b/pkgs/tools/admin/clair/default.nix
@@ -2,16 +2,16 @@
 
 buildGoModule rec {
   pname = "clair";
-  version = "2.1.4";
+  version = "4.0.0";
 
   src = fetchFromGitHub {
     owner = "quay";
     repo = pname;
     rev = "v${version}";
-    sha256 = "1bvwh3ghxb3ynq8a07ka9i0rzaqg1aikxvqxmpjkwjvhwk63lwqd";
+    sha256 = "10kgg2i5yzdfhylrdkmh8rsc4cgdnhcgfa8fa4dm8m3licjciwam";
   };
 
-  vendorSha256 = "0x31n50vd8660z816as6kms5dkv87b0mhblccpkvd9cbvcv2n37a";
+  vendorSha256 = "1l3b86f5xmyc6lskvb4ab30adcgzb69ayccc0wcz2f28sda3i80r";
 
   doCheck = false;
 
@@ -25,6 +25,7 @@ buildGoModule rec {
   meta = with lib; {
     description = "Vulnerability Static Analysis for Containers";
     homepage = "https://github.com/quay/clair";
+    changelog = "https://github.com/quay/clair/blob/v${version}/CHANGELOG.md";
     license = licenses.asl20;
     maintainers = with maintainers; [ marsam ];
   };
diff --git a/pkgs/tools/admin/credhub-cli/default.nix b/pkgs/tools/admin/credhub-cli/default.nix
new file mode 100644
index 00000000000..f3cc5141618
--- /dev/null
+++ b/pkgs/tools/admin/credhub-cli/default.nix
@@ -0,0 +1,44 @@
+{ stdenv, buildGoModule, fetchFromGitHub }:
+
+buildGoModule rec {
+  pname = "credhub-cli";
+  version = "2.9.0";
+
+  src = fetchFromGitHub {
+    owner = "cloudfoundry-incubator";
+    repo = "credhub-cli";
+    rev = version;
+    sha256 = "1j0i0b79ph2i52cj0qln8wvp6gwhl73akkn026h27vvmlw9sndc2";
+  };
+
+  # these tests require network access that we're not going to give them
+  postPatch = ''
+    rm commands/api_test.go
+    rm commands/socks5_test.go
+  '';
+  __darwinAllowLocalNetworking = true;
+
+  vendorSha256 = null;
+
+  buildFlagsArray = [
+    "-ldflags="
+    "-s"
+    "-w"
+    "-X code.cloudfoundry.org/credhub-cli/version.Version=${version}"
+  ];
+
+  postInstall = ''
+    ln -s $out/bin/credhub-cli $out/bin/credhub
+  '';
+
+  preCheck = ''
+    export HOME=$TMPDIR
+  '';
+
+  meta = with stdenv.lib; {
+    description = "Provides a command line interface to interact with CredHub servers";
+    homepage = "https://github.com/cloudfoundry-incubator/credhub-cli";
+    maintainers = with maintainers; [ ris ];
+    license = licenses.asl20;
+  };
+}
diff --git a/pkgs/tools/admin/lexicon/default.nix b/pkgs/tools/admin/lexicon/default.nix
index 4e87a68866c..6c105cf9b33 100644
--- a/pkgs/tools/admin/lexicon/default.nix
+++ b/pkgs/tools/admin/lexicon/default.nix
@@ -31,14 +31,14 @@ in
 
 buildPythonApplication rec {
   pname = "lexicon";
-  version = "3.4.3";
+  version = "3.5.2";
   format = "pyproject";
 
   src = fetchFromGitHub {
     owner = "AnalogJ";
     repo = pname;
     rev = "v${version}";
-    sha256 = "1ym4gj4xyd69rsc5niilvcb72gys22rjxhj4qd574vyx3ryl34za";
+    sha256 = "1jsc2ybbf3mbvgzkgliria494dpj23mgqnw2lh43cnd9rgsjvzn3";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/tools/audio/aucdtect/default.nix b/pkgs/tools/audio/aucdtect/default.nix
deleted file mode 100644
index ad9d5fb8690..00000000000
--- a/pkgs/tools/audio/aucdtect/default.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ stdenv, fetchurl, lib, rpmextract }:
-
-with lib;
-
-stdenv.mkDerivation rec {
-  pname = "aucdtect";
-  version = "0.8-2";
-
-  src = fetchurl {
-    url = "http://www.true-audio.com/ftp/${pname}-${version}.i586.rpm";
-    sha256 = "1lp5f0rq5b5n5il0c64m00gcfskarvgqslpryms9443d200y6mmd";
-  };
-
-  unpackCmd = "${rpmextract}/bin/rpmextract $src";
-
-  installPhase = ''
-    runHook preInstall
-
-    install -Dm755 local/bin/auCDtect $out/bin/aucdtect
-
-    runHook postInstall
-  '';
-
-  dontStrip = true;
-
-  meta = with stdenv.lib; {
-    description = "Verify authenticity of lossless audio files";
-    homepage = "http://tausoft.org";
-    license = licenses.unfreeRedistributable;
-    maintainers = with maintainers; [ peterhoeg ];
-    platforms = platforms.linux;
-  };
-}
diff --git a/pkgs/tools/audio/volctl/default.nix b/pkgs/tools/audio/volctl/default.nix
index 2a55015be10..1965fb08316 100644
--- a/pkgs/tools/audio/volctl/default.nix
+++ b/pkgs/tools/audio/volctl/default.nix
@@ -1,43 +1,49 @@
-{ stdenv, fetchFromGitHub, python3, libpulseaudio, glib, gtk3, gobject-introspection, wrapGAppsHook }:
+{ stdenv, python3Packages, fetchFromGitHub, wrapGAppsHook, gobject-introspection, libpulseaudio, glib, gtk3, pango, xorg }:
 
-python3.pkgs.buildPythonApplication rec {
+python3Packages.buildPythonApplication rec {
   pname = "volctl";
-  version = "0.6.3";
+  version = "0.8.0";
 
   src = fetchFromGitHub {
     owner = "buzz";
     repo = pname;
-    rev = version;
-    sha256 = "0rppqc5wiqxd83z2mgvhi6gdx7yhy9wnav1dbbi1wvm7lzw6fnil";
+    rev = "v${version}";
+    sha256 = "02scfscf4mdrphzrd7cbwbhpig9bhvaws8qk4zc81z8vvf3mcfv2";
   };
 
+  postPatch = ''
+    substituteInPlace volctl/lib/xwrappers.py \
+      --replace 'libXfixes.so' "${xorg.libXfixes}/lib/libXfixes.so" \
+      --replace 'libXfixes.so.3' "${xorg.libXfixes}/lib/libXfixes.so.3"
+  '';
+
+  preBuild = ''
+    export LD_LIBRARY_PATH=${libpulseaudio}/lib
+  '';
+
   nativeBuildInputs = [
     gobject-introspection
     wrapGAppsHook
   ];
 
-  buildInputs = [
-    glib
-    gtk3
-    libpulseaudio
-  ];
-
-  pythonPath = with python3.pkgs; [
+  propagatedBuildInputs = [ pango gtk3 ] ++ (with python3Packages; [
+    click
+    pycairo
     pygobject3
-  ];
+    pyyaml
+  ]);
 
+  # with strictDeps importing "gi.repository.Gtk" fails with "gi.RepositoryError: Typelib file for namespace 'Pango', version '1.0' not found"
   strictDeps = false;
 
-  preBuild = ''
-    export LD_LIBRARY_PATH=${libpulseaudio}/lib
-  '';
+  # no tests included
+  doCheck = false;
+
+  pythonImportsCheck = [ "volctl" ];
 
   preFixup = ''
     glib-compile-schemas ${glib.makeSchemaPath "$out" "${pname}-${version}"}
-
-    gappsWrapperArgs+=(
-      --prefix LD_LIBRARY_PATH : "${libpulseaudio}/lib"
-    )
+    gappsWrapperArgs+=(--prefix LD_LIBRARY_PATH : "${libpulseaudio}/lib")
   '';
 
   meta = with stdenv.lib; {
diff --git a/pkgs/tools/backup/borg/default.nix b/pkgs/tools/backup/borg/default.nix
index 7bfb9e57392..f7d9896431c 100644
--- a/pkgs/tools/backup/borg/default.nix
+++ b/pkgs/tools/backup/borg/default.nix
@@ -2,11 +2,11 @@
 
 python3.pkgs.buildPythonApplication rec {
   pname = "borgbackup";
-  version = "1.1.14";
+  version = "1.1.15";
 
   src = python3.pkgs.fetchPypi {
     inherit pname version;
-    sha256 = "1fpdj73cgp96xwasdcifxl7q2pr1my2f4vfdjpv771llri3hgfvx";
+    sha256 = "1g62sdzcw3zx4ccky125ciwnzx6z9kwyvskvp7ijmqxqk3nrxjs9";
   };
 
   nativeBuildInputs = with python3.pkgs; [
diff --git a/pkgs/tools/backup/duplicity/default.nix b/pkgs/tools/backup/duplicity/default.nix
index 1f62834e4d1..c29af7b2fd4 100644
--- a/pkgs/tools/backup/duplicity/default.nix
+++ b/pkgs/tools/backup/duplicity/default.nix
@@ -19,11 +19,11 @@ let
 in
 pythonPackages.buildPythonApplication rec {
   pname = "duplicity";
-  version = "0.8.13";
+  version = "0.8.15";
 
   src = fetchurl {
     url = "https://code.launchpad.net/duplicity/${majorMinor version}-series/${majorMinorPatch version}/+download/duplicity-${version}.tar.gz";
-    sha256 = "0lflg1ay4q4w9qzpmh6y2hza4fc3ig12q44qkd80ks17hj21bxa6";
+    sha256 = "1kg467mxg5a97v1rlv4shk32krgv8ys4nczq4b11av4bp1lgysdc";
   };
 
   patches = [
diff --git a/pkgs/tools/backup/duplicity/use-installed-scripts-in-test.patch b/pkgs/tools/backup/duplicity/use-installed-scripts-in-test.patch
index a3ba1422915..c02527cf394 100644
--- a/pkgs/tools/backup/duplicity/use-installed-scripts-in-test.patch
+++ b/pkgs/tools/backup/duplicity/use-installed-scripts-in-test.patch
@@ -38,12 +38,12 @@
          # """ERROR 2
 --- a/testing/functional/test_rdiffdir.py
 +++ b/testing/functional/test_rdiffdir.py
-@@ -38,7 +38,7 @@ class RdiffdirTest(FunctionalTestCase):
- 
-     def run_rdiffdir(self, argstring):
-         u"""Run rdiffdir with given arguments"""
--        self.run_cmd(u"../bin/rdiffdir " + argstring)
-+        self.run_cmd(u"rdiffdir " + argstring)
- 
-     def run_cycle(self, dirname_list):
-         u"""Run diff/patch cycle on directories in dirname_list"""
+@@ -42,7 +42,7 @@ class RdiffdirTest(FunctionalTestCase):
+         basepython = os.environ.get(u'TOXPYTHON', None)
+         if basepython is not None:
+             cmd_list.extend([basepython])
+-        cmd_list.extend([u"../bin/rdiffdir"])
++        cmd_list.extend([u"rdiffdir"])
+         cmd_list.extend(argstring.split())
+         cmdline = u" ".join([u'"%s"' % x for x in cmd_list])
+         self.run_cmd(cmdline)
diff --git a/pkgs/tools/filesystems/bcachefs-tools/default.nix b/pkgs/tools/filesystems/bcachefs-tools/default.nix
index ee2af363a56..5b2a4e32242 100644
--- a/pkgs/tools/filesystems/bcachefs-tools/default.nix
+++ b/pkgs/tools/filesystems/bcachefs-tools/default.nix
@@ -6,13 +6,13 @@ assert fuseSupport -> fuse3 != null;
 
 stdenv.mkDerivation {
   pname = "bcachefs-tools";
-  version = "2020-08-25";
+  version = "2020-11-17";
 
   src = fetchFromGitHub {
     owner = "koverstreet";
     repo = "bcachefs-tools";
-    rev = "487ddeb03c574e902c5b749b4307e87e2150976a";
-    sha256 = "1pcid7apxmbl9dyvxcqby3k489wi69k8pl596ddzmkw5gmhgvgid";
+    rev = "41bec63b265a38dd9fa168b6042ea5bf07135048";
+    sha256 = "1y3187kpw1bmnl97isv28k2sw8cmrnsn31a0dw745adwm0n7z6fj";
   };
 
   postPatch = ''
@@ -22,11 +22,7 @@ stdenv.mkDerivation {
                 "INITRAMFS_DIR=${placeholder "out"}/etc/initramfs-tools"
   '';
 
-  enableParallelBuilding = true;
-
-  nativeBuildInputs = [
-    pkgconfig
-  ];
+  nativeBuildInputs = [ pkgconfig ];
 
   buildInputs = [
     libuuid libscrypt libsodium keyutils liburcu zlib libaio
@@ -34,22 +30,14 @@ stdenv.mkDerivation {
   ] ++ stdenv.lib.optional fuseSupport fuse3;
 
   doCheck = false; # needs bcachefs module loaded on builder
-
-  checkFlags = [
-    "BCACHEFS_TEST_USE_VALGRIND=no"
-  ];
-
-  checkInputs = [
-    valgrind
-  ];
+  checkFlags = [ "BCACHEFS_TEST_USE_VALGRIND=no" ];
+  checkInputs = [ valgrind ];
 
   preCheck = stdenv.lib.optionalString fuseSupport ''
     rm tests/test_fuse.py
   '';
 
-  installFlags = [
-    "PREFIX=${placeholder "out"}"
-  ];
+  installFlags = [ "PREFIX=${placeholder "out"}" ];
 
   meta = with stdenv.lib; {
     description = "Tool for managing bcachefs filesystems";
diff --git a/pkgs/tools/filesystems/glusterfs/default.nix b/pkgs/tools/filesystems/glusterfs/default.nix
index f495b56e325..a4e6bc1182b 100644
--- a/pkgs/tools/filesystems/glusterfs/default.nix
+++ b/pkgs/tools/filesystems/glusterfs/default.nix
@@ -1,25 +1,17 @@
-{stdenv, fetchurl, fuse, bison, flex_2_5_35, openssl, python3, ncurses, readline,
+{stdenv, fetchFromGitHub, fuse, bison, flex_2_5_35, openssl, python3, ncurses, readline,
  autoconf, automake, libtool, pkgconfig, zlib, libaio, libxml2, acl, sqlite,
  liburcu, attr, makeWrapper, coreutils, gnused, gnugrep, which,
  openssh, gawk, findutils, util-linux, lvm2, btrfs-progs, e2fsprogs, xfsprogs, systemd,
  rsync, glibc, rpcsvc-proto, libtirpc
 }:
 let
-  s =
-  rec {
-    baseName="glusterfs";
-    # NOTE: On each glusterfs release, it should be checked if gluster added
-    #       new, or changed, Python scripts whose PYTHONPATH has to be set in
-    #       `postFixup` below, and whose runtime deps need to go into
-    #       `nativeBuildInputs`.
-    #       The command
-    #         find /nix/store/...-glusterfs-.../ -name '*.py' -executable
-    #       can help with finding new Python scripts.
-    version = "7.6";
-    name="${baseName}-${version}";
-    url="https://github.com/gluster/glusterfs/archive/v${version}.tar.gz";
-    sha256 = "0zdcv2jk8dp67id8ic30mkn97ccp07jf20g7v09a5k31pw9aqyih";
-  };
+  # NOTE: On each glusterfs release, it should be checked if gluster added
+  #       new, or changed, Python scripts whose PYTHONPATH has to be set in
+  #       `postFixup` below, and whose runtime deps need to go into
+  #       `nativeBuildInputs`.
+  #       The command
+  #         find /nix/store/...-glusterfs-.../ -name '*.py' -executable
+  #       can help with finding new Python scripts.
 
   buildInputs = [
     fuse bison flex_2_5_35 openssl ncurses readline
@@ -60,17 +52,18 @@ let
     which # which
     xfsprogs # xfs_info
   ];
-in
-stdenv.mkDerivation
-{
-  inherit (s) name version;
+in stdenv.mkDerivation rec {
+  pname = "glusterfs";
+  version = "8.3";
+
+  src = fetchFromGitHub {
+    owner = "gluster";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "09vvbymiacz2pzwnq6f2dd7g2zszzsivdncz45sh977v3z0n84az";
+  };
   inherit buildInputs propagatedBuildInputs;
 
-  patches = [
-    # Remove when https://bugzilla.redhat.com/show_bug.cgi?id=1489610 is fixed
-    ./glusterfs-fix-bug-1489610-glusterfind-var-data-under-prefix.patch
-  ];
-
   postPatch = ''
     sed -e '/chmod u+s/d' -i contrib/fuse-util/Makefile.am
     substituteInPlace libglusterfs/src/glusterfs/lvm-defaults.h \
@@ -91,7 +84,7 @@ stdenv.mkDerivation
   # but fails when the version is empty.
   # See upstream GlusterFS bug https://bugzilla.redhat.com/show_bug.cgi?id=1452705
   preConfigure = ''
-    echo "v${s.version}" > VERSION
+    echo "v${version}" > VERSION
     ./autogen.sh
     export PYTHON=${python3}/bin/python
     '';
@@ -109,7 +102,7 @@ stdenv.mkDerivation
   postInstall = ''
     cp -r $out/$out/* $out
     rm -r $out/nix
-    '';
+  '';
 
   postFixup = ''
     # glusterd invokes `gluster` and other utilities when telling other glusterd nodes to run commands.
@@ -153,7 +146,7 @@ stdenv.mkDerivation
     wrapProgram $out/share/glusterfs/scripts/eventsdash.py --set PATH "$GLUSTER_PATH" --set PYTHONPATH "$GLUSTER_PYTHONPATH" --set LD_LIBRARY_PATH "$GLUSTER_LD_LIBRARY_PATH"
     wrapProgram $out/libexec/glusterfs/glusterfind/brickfind.py --set PATH "$GLUSTER_PATH" --set PYTHONPATH "$GLUSTER_PYTHONPATH" --set LD_LIBRARY_PATH "$GLUSTER_LD_LIBRARY_PATH"
     wrapProgram $out/libexec/glusterfs/glusterfind/changelog.py --set PATH "$GLUSTER_PATH" --set PYTHONPATH "$GLUSTER_PYTHONPATH" --set LD_LIBRARY_PATH "$GLUSTER_LD_LIBRARY_PATH"
-    '';
+  '';
 
   doInstallCheck = true;
 
@@ -187,12 +180,7 @@ stdenv.mkDerivation
     rm -r $out/bin/conf.py
     '';
 
-  src = fetchurl {
-    inherit (s) url sha256;
-  };
-
   meta = with stdenv.lib; {
-    inherit (s) version;
     description = "Distributed storage system";
     homepage = "https://www.gluster.org";
     license = licenses.lgpl3Plus; # dual licese: choice of lgpl3Plus or gpl2
diff --git a/pkgs/tools/filesystems/glusterfs/glusterfs-fix-bug-1489610-glusterfind-var-data-under-prefix.patch b/pkgs/tools/filesystems/glusterfs/glusterfs-fix-bug-1489610-glusterfind-var-data-under-prefix.patch
deleted file mode 100644
index f08d73cf3a6..00000000000
--- a/pkgs/tools/filesystems/glusterfs/glusterfs-fix-bug-1489610-glusterfind-var-data-under-prefix.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From f523afac49e24ecc0fa4ad85195135689cf445f0 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Niklas=20Hamb=C3=BCchen?= <mail@nh2.me>
-Date: Wed, 27 Sep 2017 21:36:41 +0200
-Subject: [PATCH] Fix "glusterfind saves var data under $prefix instead of
- localstatedir". Fixes #1489610
-
-Change-Id: Id2362c20f34346c37acfb9eb1ad105d0b7b8b60f
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index f87d8a454..b4d3f5d10 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1118,7 +1118,7 @@ if test "x$exec_prefix" = xNONE; then
- 	exec_prefix="$(eval echo $prefix)"
- fi
- GLUSTERFS_LIBEXECDIR="$(eval echo $libexecdir)/glusterfs"
--GLUSTERFSD_MISCDIR="$(eval echo $prefix)/var/lib/misc/glusterfsd"
-+GLUSTERFSD_MISCDIR="$(eval echo $localstatedir)/lib/misc/glusterfsd"
- prefix=$old_prefix
- exec_prefix=$old_exec_prefix
-
---
-2.12.0
-
diff --git a/pkgs/tools/graphics/directx-shader-compiler/default.nix b/pkgs/tools/graphics/directx-shader-compiler/default.nix
new file mode 100644
index 00000000000..4e74d2c443f
--- /dev/null
+++ b/pkgs/tools/graphics/directx-shader-compiler/default.nix
@@ -0,0 +1,50 @@
+{ stdenv, fetchFromGitHub, cmake, python3, git }:
+
+stdenv.mkDerivation rec {
+  pname = "directx-shader-compiler";
+  version = "1.5.2010";
+
+  # Put headers in dev, there are lot of them which aren't necessary for
+  # using the compiler binary.
+  outputs = [ "out" "dev" ];
+
+  src = fetchFromGitHub {
+    owner = "microsoft";
+    repo = "DirectXShaderCompiler";
+    rev = "v${version}";
+    sha256 = "0ccfy1bfp0cm0pq63ri4yl1sr3fdn1a526bsnakg4bl6z4fwrnnj";
+    # We rely on the side effect of leaving the .git directory here for the
+    # version-grabbing functionality of the build system.
+    fetchSubmodules = true;
+  };
+
+  nativeBuildInputs = [ cmake git python3 ];
+
+  configurePhase = ''
+    # Requires some additional flags to cmake from a file in the repo
+    additionalCMakeFlags=$(< utils/cmake-predefined-config-params)
+    cmakeFlags="$additionalCMakeFlags''${cmakeFlags:+ $cmakeFlags}"
+    cmakeConfigurePhase
+  '';
+
+  # The default install target installs heaps of LLVM stuff.
+  #
+  # Upstream issue: https://github.com/microsoft/DirectXShaderCompiler/issues/3276
+  #
+  # The following is based on the CI script:
+  # https://github.com/microsoft/DirectXShaderCompiler/blob/master/appveyor.yml#L63-L66
+  installPhase = ''
+    mkdir -p $out/bin $out/lib $dev/include
+    mv bin/dxc* $out/bin/
+    mv lib/libdxcompiler.so* lib/libdxcompiler.*dylib $out/lib/
+    cp -r $src/include/dxc $dev/include/
+  '';
+
+  meta = with stdenv.lib; {
+    description = "A compiler to compile HLSL programs into DXIL and SPIR-V";
+    homepage = "https://github.com/microsoft/DirectXShaderCompiler";
+    platforms = with platforms; linux ++ darwin;
+    license = licenses.ncsa;
+    maintainers = with maintainers; [ expipiplus1 ];
+  };
+}
diff --git a/pkgs/tools/graphics/graphviz/base.nix b/pkgs/tools/graphics/graphviz/base.nix
index a65f5ce455c..cdec8427005 100644
--- a/pkgs/tools/graphics/graphviz/base.nix
+++ b/pkgs/tools/graphics/graphviz/base.nix
@@ -79,6 +79,8 @@ stdenv.mkDerivation {
       --replace /usr/bin/vimdot $out/bin/vimdot \
   '';
 
+  enableParallelBuilding = true;
+
   meta = with stdenv.lib; {
     homepage = "https://graphviz.org";
     description = "Graph visualization tools";
diff --git a/pkgs/tools/graphics/jhead/default.nix b/pkgs/tools/graphics/jhead/default.nix
index 19a0e26d9cc..1d3696a8cd2 100644
--- a/pkgs/tools/graphics/jhead/default.nix
+++ b/pkgs/tools/graphics/jhead/default.nix
@@ -43,5 +43,10 @@ stdenv.mkDerivation rec {
     license = licenses.publicDomain;
     maintainers = with maintainers; [ rycee ];
     platforms = platforms.all;
+    # https://github.com/NixOS/nixpkgs/issues/90828
+    knownVulnerabilities = [
+      "CVE-2020-6624"
+      "CVE-2020-6625"
+    ];
   };
 }
diff --git a/pkgs/tools/misc/agedu/default.nix b/pkgs/tools/misc/agedu/default.nix
index c9bad789ad2..3cdfa36337f 100644
--- a/pkgs/tools/misc/agedu/default.nix
+++ b/pkgs/tools/misc/agedu/default.nix
@@ -1,15 +1,17 @@
 {stdenv, fetchgit, autoreconfHook, halibut}:
 let
-  date = "20200206";
-  rev = "963bc9d";
+  date = "20200705";
+  rev = "2a7d4a2";
 in
 stdenv.mkDerivation {
-  name = "agedu-${date}.${rev}";
+  pname = "agedu";
+  version = "${date}.${rev}";
+
   # upstream provides tarballs but it seems they disappear after the next version is released
   src = fetchgit {
     url = "https://git.tartarus.org/simon/agedu.git";
     inherit rev;
-    sha256 = "1jmvgg2v6aqgbgpxbndrdhgfhlglrq4yv4sdbjaj6bsz9fb8lqhc";
+    sha256 = "gRNscl/vhBoZaHFCs9JjDBHDRoEpILJLtiI4YV+K/b4=";
   };
 
   nativeBuildInputs = [autoreconfHook halibut];
diff --git a/pkgs/tools/misc/barman/default.nix b/pkgs/tools/misc/barman/default.nix
index 2105ad0ae01..da79110f9a8 100644
--- a/pkgs/tools/misc/barman/default.nix
+++ b/pkgs/tools/misc/barman/default.nix
@@ -4,12 +4,12 @@
 
 buildPythonApplication rec {
   pname = "barman";
-  version = "2.11";
+  version = "2.12";
 
   outputs = [ "out" "man" ];
   src = fetchurl {
     url = "mirror://sourceforge/pgbarman/${version}/barman-${version}.tar.gz";
-    sha256 = "0w5lh4aavab9ynfy2mq09ga6j4vss4k0vlc3g6f5a9i4175g9pmr";
+    sha256 = "Ts8I6tlP2GRp90OIIKXy+cRWWvUO3Sm86zq2dtVP5YE=";
   };
 
   propagatedBuildInputs = [ dateutil argh psycopg2 boto3 argcomplete ];
diff --git a/pkgs/tools/misc/broot/default.nix b/pkgs/tools/misc/broot/default.nix
index fb8e2508294..4e40a4a336d 100644
--- a/pkgs/tools/misc/broot/default.nix
+++ b/pkgs/tools/misc/broot/default.nix
@@ -11,14 +11,14 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "broot";
-  version = "1.0.8";
+  version = "1.1.10";
 
   src = fetchCrate {
     inherit pname version;
-    sha256 = "06881c8qnh917y2mn5q5qlf86idz17xi2dapsad3m1zbdr53c25j";
+    sha256 = "04nidx43w4nnccgbrw30wg9ai8p7hbklxpn1gc6gr2325yhqvwhl";
   };
 
-  cargoSha256 = "1k5qm4h028172r7i2pz5l8886qviy7ni83qxn10a8d5hsgalarvx";
+  cargoSha256 = "1bzq0dsdnmxniwnb6989wlhih28c4lyd11sci821whs11lhlfpz0";
 
   nativeBuildInputs = [
     makeWrapper
diff --git a/pkgs/tools/misc/calamares/default.nix b/pkgs/tools/misc/calamares/default.nix
index 815129f7f0f..a671090460e 100644
--- a/pkgs/tools/misc/calamares/default.nix
+++ b/pkgs/tools/misc/calamares/default.nix
@@ -6,16 +6,17 @@
 
 mkDerivation rec {
   pname = "calamares";
-  version = "3.2.17.1";
+  version = "3.2.35.1";
 
   # release including submodule
   src = fetchurl {
     url = "https://github.com/${pname}/${pname}/releases/download/v${version}/${pname}-${version}.tar.gz";
-    sha256 = "156zpjyw8w4y23aa60mvg3d3mr0kzfq5jkl7ixgahq33zpc17ms8";
+    sha256 = "s2wnwcdrcJLG5NhugSkntBCYfPuv3T/9+PclbmK0BJ4=";
   };
 
+  nativeBuildInputs = [ cmake extra-cmake-modules ];
   buildInputs = [
-    boost cmake extra-cmake-modules kparts.dev kpmcore.out kservice.dev
+    boost kparts.dev kpmcore.out kservice.dev
     libatasmart libxcb libyamlcpp parted polkit-qt python qtbase
     qtquickcontrols qtsvg qttools qtwebengine.dev util-linux
   ];
@@ -32,18 +33,14 @@ mkDerivation rec {
 
   POLKITQT-1_POLICY_FILES_INSTALL_DIR = "$(out)/share/polkit-1/actions";
 
-  patchPhase = ''
+  postPatch = ''
     sed -e "s,/usr/bin/calamares,$out/bin/calamares," \
         -i calamares.desktop \
         -i com.github.calamares.calamares.policy
 
     sed -e 's,/usr/share/zoneinfo,${tzdata}/share/zoneinfo,' \
-        -i src/modules/locale/timezonewidget/localeconst.h \
         -i src/modules/locale/SetTimezoneJob.cpp
 
-    sed -e 's,/usr/share/i18n/locales,${glibc.out}/share/i18n/locales,' \
-        -i src/modules/locale/timezonewidget/localeconst.h
-
     sed -e 's,/usr/share/X11/xkb/rules/base.lst,${xkeyboard_config}/share/X11/xkb/rules/base.lst,' \
         -i src/modules/keyboard/keyboardwidget/keyboardglobal.h
 
@@ -56,8 +53,8 @@ mkDerivation rec {
 
   meta = with lib; {
     description = "Distribution-independent installer framework";
-    license = licenses.gpl3;
-    maintainers = with lib.maintainers; [ manveru ];
+    license = with licenses; [ gpl3Plus bsd2 ];
+    maintainers = with maintainers; [ manveru ];
     platforms = platforms.linux;
   };
 }
diff --git a/pkgs/tools/misc/clac/default.nix b/pkgs/tools/misc/clac/default.nix
index 8aea37ebddf..8d6e464e9bb 100644
--- a/pkgs/tools/misc/clac/default.nix
+++ b/pkgs/tools/misc/clac/default.nix
@@ -1,13 +1,14 @@
 { stdenv, fetchFromGitHub }:
+
 stdenv.mkDerivation rec {
   pname = "clac";
-  version = "0.0.0.20170503";
+  version = "0.3.3";
 
   src = fetchFromGitHub {
     owner = "soveran";
     repo = "clac";
-    rev = "e92bd5cbab0d694cef945e3478820c9505e06f04";
-    sha256 = "0j8p1npgq32s377c9lw959h5i2csq4yb27cvg7av17bji46816bv";
+    rev = version;
+    sha256 = "rsag8MWl/udwXC0Gj864fAuQ6ts1gzrN2N/zelazqjE=";
   };
 
   makeFlags = [ "PREFIX=$(out)" ];
@@ -17,12 +18,12 @@ stdenv.mkDerivation rec {
     cp README* LICENSE "$out/share/doc/${pname}"
   '';
 
-  meta = {
+  meta = with stdenv.lib; {
     inherit version;
     description = "Interactive stack-based calculator";
-    license = stdenv.lib.licenses.bsd2;
-    maintainers = [stdenv.lib.maintainers.raskin];
-    platforms = stdenv.lib.platforms.unix;
     homepage = "https://github.com/soveran/clac";
+    license = licenses.bsd2;
+    maintainers = with maintainers; [ raskin ];
+    platforms = platforms.unix;
   };
 }
diff --git a/pkgs/tools/misc/code-minimap/default.nix b/pkgs/tools/misc/code-minimap/default.nix
new file mode 100644
index 00000000000..8c43e2b903c
--- /dev/null
+++ b/pkgs/tools/misc/code-minimap/default.nix
@@ -0,0 +1,25 @@
+{ stdenv
+, rustPlatform
+, fetchFromGitHub
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "code-minimap";
+  version = "0.4.3";
+
+  src = fetchFromGitHub {
+    owner = "wfxr";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "03azqy4i15kfpd0gzjaw2di9xva4xdf95yb65b93z3y9y5wy4krc";
+  };
+
+  cargoSha256 = "1rxrdavj07i7qa5rf1i3aj7zdcp7c6lrg8yiy75r6lm4g98izzww";
+
+  meta = with stdenv.lib; {
+    description = "A high performance code minimap render";
+    homepage = "https://github.com/wfxr/code-minimap";
+    license = with licenses; [ asl20 /* or */ mit ];
+    maintainers = with maintainers; [ bsima ];
+  };
+}
diff --git a/pkgs/tools/misc/duf/default.nix b/pkgs/tools/misc/duf/default.nix
index 29456f54cd1..ed8a11e182c 100644
--- a/pkgs/tools/misc/duf/default.nix
+++ b/pkgs/tools/misc/duf/default.nix
@@ -21,7 +21,7 @@ buildGoModule rec {
     homepage = "https://github.com/muesli/duf/";
     description = "Disk Usage/Free Utility";
     license = licenses.mit;
-    platforms = platforms.linux;
+    platforms = platforms.unix;
     maintainers = with maintainers; [ petabyteboy penguwin ];
   };
 }
diff --git a/pkgs/tools/misc/esptool/default.nix b/pkgs/tools/misc/esptool/default.nix
index 465e30e7615..d1d6bc1cb10 100644
--- a/pkgs/tools/misc/esptool/default.nix
+++ b/pkgs/tools/misc/esptool/default.nix
@@ -2,17 +2,31 @@
 
 python3.pkgs.buildPythonApplication rec {
   pname = "esptool";
-  version = "2.7";
+  version = "3.0";
 
   src = fetchFromGitHub {
     owner = "espressif";
     repo = "esptool";
     rev = "v${version}";
-    sha256 = "1p5hx0rhs986ffqz78rdxg7jayndsq632399xby39k17kvd3mb31";
+    sha256 = "1y022qlcdgdx5a88lkc3sqavklz494afbfyh100lp7xfk3f2mjln";
   };
 
-  checkInputs = with python3.pkgs; [ flake8 flake8-future-import flake8-import-order openssl ];
-  propagatedBuildInputs = with python3.pkgs; [ pyserial pyaes ecdsa ];
+  checkInputs = with python3.pkgs;
+    [ flake8 flake8-future-import flake8-import-order openssl ];
+  propagatedBuildInputs = with python3.pkgs;
+    [ pyserial pyaes ecdsa reedsolo bitstring cryptography ];
+
+  # wrapPythonPrograms will overwrite esptool.py with a bash script,
+  # but espefuse.py tries to import it. Since we don't add any binary paths,
+  # use patchPythonScript directly.
+  dontWrapPythonPrograms = true;
+  postFixup = ''
+    buildPythonPath "$out $pythonPath"
+    for f in $out/bin/*.py; do
+        echo "Patching $f"
+        patchPythonScript "$f"
+    done
+  '';
 
   meta = with stdenv.lib; {
     description = "ESP8266 and ESP32 serial bootloader utility";
diff --git a/pkgs/tools/misc/ethminer/default.nix b/pkgs/tools/misc/ethminer/default.nix
index d593d677cc3..f84b0096d04 100644
--- a/pkgs/tools/misc/ethminer/default.nix
+++ b/pkgs/tools/misc/ethminer/default.nix
@@ -1,5 +1,5 @@
 {
-  stdenv,
+  clangStdenv,
   fetchFromGitHub,
   opencl-headers,
   cmake,
@@ -16,7 +16,11 @@
   cli11
 }:
 
-stdenv.mkDerivation rec {
+# Note that this requires clang < 9.0 to build, and currently
+# clangStdenv provides clang 7.1 which satisfies the requirement.
+let stdenv = clangStdenv;
+
+in stdenv.mkDerivation rec {
   pname = "ethminer";
   version = "0.18.0";
 
@@ -71,8 +75,5 @@ stdenv.mkDerivation rec {
     platforms = [ "x86_64-linux" ];
     maintainers = with maintainers; [ nand0p ];
     license = licenses.gpl2;
-    # Doesn't build with gcc9, and if overlayed to use gcc8 stdenv fails on CUDA issues.
-    broken = true;
   };
-
 }
diff --git a/pkgs/tools/misc/fbcat/default.nix b/pkgs/tools/misc/fbcat/default.nix
new file mode 100644
index 00000000000..4f640f13a27
--- /dev/null
+++ b/pkgs/tools/misc/fbcat/default.nix
@@ -0,0 +1,33 @@
+{ stdenv, fetchFromGitHub } :
+
+stdenv.mkDerivation rec {
+  pname = "fbcat";
+  version = "0.5.1";
+
+  src = fetchFromGitHub {
+    owner = "jwilk";
+    repo = pname;
+    rev = version;
+    sha256 = "08y79br4a4cgkjnslw0hw57441ybsapaw7wjdbak19mv9lnl5ll9";
+  };
+
+  # hardcoded because makefile target "install" depends on libxslt dependencies from network
+  # that are just too hard to monkeypatch here
+  # so this is the simple fix.
+  installPhase = ''
+    mkdir -p $out
+    install -d $out/bin
+    install -m755 fbcat $out/bin/
+    install -m755 fbgrab $out/bin/
+    install -d $out/share/man/man1
+  '';
+
+  meta = with stdenv.lib; {
+    homepage = "http://jwilk.net/software/fbcat";
+    description = "Framebuffer screenshot tool";
+    license = licenses.gpl2Plus;
+    maintainers = [ maintainers.matthiasbeyer ];
+    platforms = platforms.linux;
+  };
+}
+
diff --git a/pkgs/tools/misc/hdf4/default.nix b/pkgs/tools/misc/hdf4/default.nix
index 5e5154111dc..b15eba8b7bc 100644
--- a/pkgs/tools/misc/hdf4/default.nix
+++ b/pkgs/tools/misc/hdf4/default.nix
@@ -1,6 +1,7 @@
 { stdenv
 , fetchpatch
 , fetchurl
+, fixDarwinDylibNames
 , cmake
 , libjpeg
 , zlib
@@ -17,6 +18,8 @@ stdenv.mkDerivation rec {
 
   nativeBuildInputs = [
     cmake
+  ] ++ stdenv.lib.optionals stdenv.isDarwin [
+    fixDarwinDylibNames
   ];
 
   buildInputs = [
diff --git a/pkgs/tools/misc/kcollectd/default.nix b/pkgs/tools/misc/kcollectd/default.nix
new file mode 100644
index 00000000000..ffc64b1455a
--- /dev/null
+++ b/pkgs/tools/misc/kcollectd/default.nix
@@ -0,0 +1,56 @@
+{ lib
+, fetchFromGitLab
+, mkDerivation
+, qtbase
+, cmake
+, kconfig
+, kio
+, kiconthemes
+, kxmlgui
+, ki18n
+, kguiaddons
+, extra-cmake-modules
+, boost
+, shared-mime-info
+, rrdtool
+, breeze-icons
+}:
+
+mkDerivation rec {
+  pname = "kcollectd";
+  version = "0.11.99.0";
+  src = fetchFromGitLab {
+    owner = "aerusso";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "0h4ymvzihzbmyv3z0bp28g94wxc6c7lgi3my0xbka3advxr811gn";
+  };
+
+  nativeBuildInputs = [
+    cmake
+    extra-cmake-modules
+    shared-mime-info
+  ];
+
+  buildInputs = [
+    qtbase
+    kconfig
+    kio
+    kxmlgui
+    kiconthemes
+    ki18n
+    kguiaddons
+    boost
+    rrdtool
+    # otherwise some buttons are blank
+    breeze-icons
+  ];
+
+  meta = with lib; {
+    description = "A graphical frontend to collectd";
+    homepage = "https://www.antonioerusso.com/projects/kcollectd/";
+    maintainers = [ maintainers.symphorien ];
+    license = [ lib.licenses.gpl3Plus ];
+    platforms = lib.platforms.linux;
+  };
+}
diff --git a/pkgs/tools/misc/kermit/default.nix b/pkgs/tools/misc/kermit/default.nix
index f81d9b7266b..2155b8676be 100644
--- a/pkgs/tools/misc/kermit/default.nix
+++ b/pkgs/tools/misc/kermit/default.nix
@@ -16,12 +16,12 @@ stdenv.mkDerivation {
     tar xvzf $src
   '';
 
-  patchPhase = ''
+  postPatch = ''
     sed -i -e 's@-I/usr/include/ncurses@@' \
       -e 's@/usr/local@'"$out"@ makefile
   '';
 
-  buildPhase = "make -f makefile linux LNKFLAGS='-lcrypt -lresolv'";
+  buildPhase = "make -f makefile linux KFLAGS='-D_IO_file_flags' LNKFLAGS='-lcrypt -lresolv'";
 
   installPhase = ''
     mkdir -p $out/bin
@@ -35,6 +35,5 @@ stdenv.mkDerivation {
     license = licenses.bsd3;
     maintainers = with maintainers; [ pSub ];
     platforms = with platforms; linux;
-    broken = true;
   };
 }
diff --git a/pkgs/tools/misc/lf/default.nix b/pkgs/tools/misc/lf/default.nix
index da6fa0a338e..c3cb3200e06 100644
--- a/pkgs/tools/misc/lf/default.nix
+++ b/pkgs/tools/misc/lf/default.nix
@@ -2,16 +2,16 @@
 
 buildGoModule rec {
   pname = "lf";
-  version = "17";
+  version = "18";
 
   src = fetchFromGitHub {
     owner = "gokcehan";
     repo = "lf";
     rev = "r${version}";
-    sha256 = "0hs70hbbwz9kbbf13l2v32yv70n4aw8sz7rky82qdcqcpnpisjq8";
+    sha256 = "1xzy85lz99kwzvpkkaqlylynn57nhn76dff3cxy304d23y3r26w6";
   };
 
-  vendorSha256 = "1xjanlq67b6n07pha6ljgnl3n2ks4x3albvca317l68cvjiw3shs";
+  vendorSha256 = "12njqs39ympi2mqal1cdn0smp80yzcs8xmca1iih8pbmxv51r2gg";
 
   nativeBuildInputs = [ installShellFiles ];
 
diff --git a/pkgs/tools/misc/mutagen/default.nix b/pkgs/tools/misc/mutagen/default.nix
index 8d71f75622c..7e824cf90ca 100644
--- a/pkgs/tools/misc/mutagen/default.nix
+++ b/pkgs/tools/misc/mutagen/default.nix
@@ -1,4 +1,4 @@
-{ lib, buildGoModule, fetchFromGitHub }:
+{ lib, buildGoModule, fetchFromGitHub, fetchzip }:
 
 buildGoModule rec {
   pname = "mutagen";
@@ -13,10 +13,26 @@ buildGoModule rec {
 
   vendorSha256 = "0szs9yc49fyh55ra1wf8zj76kdah0x49d45cgivk3gqh2hl17j6l";
 
+  agents = fetchzip {
+    name = "mutagen-agents-${version}";
+    # The package architecture does not matter since all packages contain identical mutagen-agents.tar.gz.
+    url = "https://github.com/mutagen-io/mutagen/releases/download/v${version}/mutagen_linux_amd64_v${version}.tar.gz";
+    stripRoot = false;
+    extraPostFetch = ''
+      rm $out/mutagen # Keep only mutagen-agents.tar.gz.
+    '';
+    sha256 = "0k8iif09kvxfxx6qm5qmkf3lr7ar6i98ivkndimj680ah9v1hkj8";
+  };
+
   doCheck = false;
 
   subPackages = [ "cmd/mutagen" "cmd/mutagen-agent" ];
 
+  postInstall = ''
+    install -d $out/libexec
+    ln -s ${agents}/mutagen-agents.tar.gz $out/libexec/
+  '';
+
   meta = with lib; {
     description = "Make remote development work with your local tools";
     homepage = "https://mutagen.io/";
diff --git a/pkgs/tools/misc/nix-direnv/default.nix b/pkgs/tools/misc/nix-direnv/default.nix
index 11cb0dcf554..392de7d1bd9 100644
--- a/pkgs/tools/misc/nix-direnv/default.nix
+++ b/pkgs/tools/misc/nix-direnv/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "nix-direnv";
-  version = "1.1";
+  version = "1.2";
 
   src = fetchFromGitHub {
     owner = "nix-community";
     repo = "nix-direnv";
     rev = version;
-    sha256 = "sha256-xMz6e0OLeB3eltGrLV3Hew0lMjH5LSgqJ1l7JT2Ho/M=";
+    sha256 = "sha256-/mlM1EeUlr1nTUJ5rB41idzk3Mfy/htjjPUARYDFpb0=";
   };
 
   # Substitute instead of wrapping because the resulting file is
diff --git a/pkgs/tools/misc/nvimpager/default.nix b/pkgs/tools/misc/nvimpager/default.nix
new file mode 100644
index 00000000000..2c10c9fbfbb
--- /dev/null
+++ b/pkgs/tools/misc/nvimpager/default.nix
@@ -0,0 +1,47 @@
+{ fetchFromGitHub
+, stdenv
+, ncurses, neovim, procps
+, pandoc, lua51Packages, util-linux
+}:
+
+stdenv.mkDerivation rec {
+  pname = "nvimpager";
+  version = "0.9";
+
+  src = fetchFromGitHub {
+    owner = "lucc";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "1xy5387szfw0bp8dr7d4z33wd4xva7q219rvz8gc0vvv1vsy73va";
+  };
+
+  buildInputs = [
+    ncurses # for tput
+    procps # for nvim_get_proc() which uses ps(1)
+  ];
+  nativeBuildInputs = [ pandoc ];
+
+  makeFlags = [ "PREFIX=$(out)" ];
+  buildFlags = [ "nvimpager.configured" ];
+  preBuild = ''
+    patchShebangs nvimpager
+    substituteInPlace nvimpager --replace ':-nvim' ':-${neovim}/bin/nvim'
+    '';
+
+  doCheck = true;
+  checkInputs = [ lua51Packages.busted util-linux neovim ];
+  checkPhase = ''script -c "busted --lpath './?.lua' test"'';
+
+  meta = with stdenv.lib; {
+    description = "Use neovim as pager";
+    longDescription = ''
+      Use neovim as a pager to view manpages, diffs, etc with nvim's syntax
+      highlighting.  Includes a cat mode to print highlighted files to stdout
+      and a ansi esc mode to highlight ansi escape sequences in neovim.
+    '';
+    homepage = "https://github.com/lucc/nvimpager";
+    license = licenses.bsd2;
+    platforms = platforms.unix;
+    maintainers = [ maintainers.lucc ];
+  };
+}
diff --git a/pkgs/tools/misc/picocom/default.nix b/pkgs/tools/misc/picocom/default.nix
index 5dd83c4887b..1db8d00a902 100644
--- a/pkgs/tools/misc/picocom/default.nix
+++ b/pkgs/tools/misc/picocom/default.nix
@@ -1,36 +1,48 @@
-{ stdenv, fetchFromGitHub, makeWrapper, lrzsz, IOKit }:
-
-assert stdenv.isDarwin -> IOKit != null;
-
-with stdenv.lib;
+{ stdenv
+, fetchFromGitHub
+, installShellFiles
+, lrzsz
+, IOKit
+}:
 
 stdenv.mkDerivation rec {
   pname = "picocom";
-  version = "3.1";
+  # last tagged release is 3.1 but 3.2 is still considered a release
+  version = "3.2a";
 
+  # upstream is quiet as the original author is no longer active since March 2018
   src = fetchFromGitHub {
     owner = "npat-efault";
     repo = "picocom";
-    rev = version;
-    sha256 = "1vvjydqf0ax47nvdyyl67jafw5b3sfsav00xid6qpgia1gs2r72n";
+    rev = "1acf1ddabaf3576b4023c4f6f09c5a3e4b086fb8";
+    sha256 = "sha256-cs2bxqZfTbnY5d+VJ257C5hssaFvYup3tBKz68ROnAo=";
   };
 
-  buildInputs = [ makeWrapper ]
-    ++ optionals stdenv.isDarwin [ IOKit ];
+  postPatch = ''
+    substituteInPlace Makefile \
+      --replace '.picocom_history' '.cache/picocom_history'
 
-  installPhase = ''
-    mkdir -p $out/bin $out/share/man/man1
-    cp picocom $out/bin
-    cp picocom.1 $out/share/man/man1
+    substituteInPlace picocom.c \
+      --replace '"rz -vv"' '"${lrzsz}/bin/rz -vv"' \
+      --replace '"sz -vv"' '"${lrzsz}/bin/sz -vv"'
+  '';
 
-    wrapProgram $out/bin/picocom \
-      --prefix PATH ":" "${lrzsz}/bin"
+  enableParallelBuilding = true;
+
+  nativeBuildInputs = [ installShellFiles ];
+
+  buildInputs = stdenv.lib.optional stdenv.isDarwin IOKit;
+
+  installPhase = ''
+    install -Dm555 -t $out/bin picocom
+    installManPage picocom.1
+    installShellCompletion --bash bash_completion/picocom
   '';
 
-  meta = {
+  meta = with stdenv.lib; {
     description = "Minimal dumb-terminal emulation program";
     homepage = "https://github.com/npat-efault/picocom/";
-    license = stdenv.lib.licenses.gpl2Plus;
+    license = licenses.gpl2Plus;
     platforms = platforms.unix;
   };
 }
diff --git a/pkgs/tools/misc/topgrade/default.nix b/pkgs/tools/misc/topgrade/default.nix
index 04a11a92204..6a21bc56789 100644
--- a/pkgs/tools/misc/topgrade/default.nix
+++ b/pkgs/tools/misc/topgrade/default.nix
@@ -2,16 +2,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "topgrade";
-  version = "6.0.1";
+  version = "6.0.2";
 
   src = fetchFromGitHub {
     owner = "r-darwish";
     repo = pname;
     rev = "v${version}";
-    sha256 = "1bpq4zki98vw793rvrk9qwgh62f1qwzh0cm4a3h0bif43kg836n0";
+    sha256 = "1pqf7rs9b8j54rwg8i8alvf65c4jfp5q2hv3yr60aiidfjrawp34";
   };
 
-  cargoSha256 = "1486pfiv4lfzdz3hj5z6s7q8lhzrldffji3fsf10z50sm4fhq73q";
+  cargoSha256 = "1wh7xywp92h3in9a2nr6sia6l3852kw4s688sr1c2wjdf2i58lsg";
 
   buildInputs = lib.optional stdenv.isDarwin Foundation;
 
diff --git a/pkgs/tools/misc/toybox/default.nix b/pkgs/tools/misc/toybox/default.nix
index 9b38db5a727..e7a08877e90 100644
--- a/pkgs/tools/misc/toybox/default.nix
+++ b/pkgs/tools/misc/toybox/default.nix
@@ -1,5 +1,6 @@
 {
   stdenv, lib, fetchFromGitHub, which,
+  buildPackages,
   enableStatic ? false,
   enableMinimal ? false,
   extraConfig ? ""
@@ -16,6 +17,7 @@ stdenv.mkDerivation rec {
     sha256 = "0cgbmv6qk1haj709hjx5q4sl7wgh91i459gzs1203adwc7rvk6jv";
   };
 
+  depsBuildBuild = [ buildPackages.stdenv.cc ]; # needed for cross
   buildInputs = lib.optionals enableStatic [ stdenv.cc.libc stdenv.cc.libc.static ];
 
   postPatch = "patchShebangs .";
diff --git a/pkgs/tools/misc/woof/default.nix b/pkgs/tools/misc/woof/default.nix
index e89ef8dab0e..158a83a99ca 100644
--- a/pkgs/tools/misc/woof/default.nix
+++ b/pkgs/tools/misc/woof/default.nix
@@ -1,24 +1,25 @@
-{ stdenv, fetchurl, python }:
+{ stdenv, fetchFromGitHub, python3 }:
 
 stdenv.mkDerivation rec {
-  version = "2012-05-31";
+  version = "2020-12-17";
   pname = "woof";
 
-  src = fetchurl {
-    url = "http://www.home.unix-ag.org/simon/woof-${version}.py";
-    sha256 = "d84353d07f768321a1921a67193510bf292cf0213295e8c7689176f32e945572";
+  src = fetchFromGitHub {
+    owner = "simon-budig";
+    repo = "woof";
+    rev = "4aab9bca5b80379522ab0bdc5a07e4d652c375c5";
+    sha256 = "0ypd2fs8isv6bqmlrdl2djgs5lnk91y1c3rn4ar6sfkpsqp9krjn";
   };
 
-  buildInputs = [ python ];
+  propagatedBuildInputs = [ python3 ];
 
   dontUnpack = true;
 
-  installPhase =
-    ''
-      mkdir -p $out/bin
-      cp $src $out/bin/woof
-      chmod +x $out/bin/woof
-    '';
+  installPhase = ''
+    mkdir -p $out/bin
+    cp $src/woof $out/bin/woof
+    chmod +x $out/bin/woof
+  '';
 
   meta = with stdenv.lib; {
     homepage = "http://www.home.unix-ag.org/simon/woof.html";
diff --git a/pkgs/tools/misc/you-get/default.nix b/pkgs/tools/misc/you-get/default.nix
index 053d2ae59d2..6a13c455fe0 100644
--- a/pkgs/tools/misc/you-get/default.nix
+++ b/pkgs/tools/misc/you-get/default.nix
@@ -2,7 +2,7 @@
 
 buildPythonApplication rec {
   pname = "you-get";
-  version = "0.4.1488";
+  version = "0.4.1500";
 
   # Tests aren't packaged, but they all hit the real network so
   # probably aren't suitable for a build environment anyway.
@@ -10,7 +10,7 @@ buildPythonApplication rec {
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "28aec2f15e86ea1cbf9900827ade41388aa3f1ac43b4ab49999bce48f37cf9c3";
+    sha256 = "5a6cc0d661fe0cd4210bf467d6c89afd8611609e402690254722c1415736da92";
   };
 
   meta = with stdenv.lib; {
diff --git a/pkgs/tools/misc/youtube-dl/default.nix b/pkgs/tools/misc/youtube-dl/default.nix
index 9e2afd9b068..abb17946fbb 100644
--- a/pkgs/tools/misc/youtube-dl/default.nix
+++ b/pkgs/tools/misc/youtube-dl/default.nix
@@ -18,11 +18,11 @@ buildPythonPackage rec {
   # The websites youtube-dl deals with are a very moving target. That means that
   # downloads break constantly. Because of that, updates should always be backported
   # to the latest stable release.
-  version = "2020.12.14";
+  version = "2020.12.29";
 
   src = fetchurl {
     url = "https://yt-dl.org/downloads/${version}/${pname}-${version}.tar.gz";
-    sha256 = "0ws2nsvn0qlnnyxz9g95ffygscfmg5npzmwbq8iyyi6b2njsb0cn";
+    sha256 = "1hcr3mf63csp6lfpqszl5ibb2jhyl180s6pvbb7771jg0kdvlbbb";
   };
 
   nativeBuildInputs = [ installShellFiles makeWrapper ];
diff --git a/pkgs/tools/misc/z-lua/default.nix b/pkgs/tools/misc/z-lua/default.nix
index 59149506e6c..2b5a4643549 100644
--- a/pkgs/tools/misc/z-lua/default.nix
+++ b/pkgs/tools/misc/z-lua/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "z-lua";
-  version = "1.8.7";
+  version = "1.8.10";
 
   src = fetchFromGitHub {
     owner = "skywind3000";
     repo = "z.lua";
     rev = version;
-    sha256 = "14n1abv7gh4zajq471bgzpcv8l1159g00h9x83h719i9kxxsa2ba";
+    sha256 = "0q0qs07kmkpjv68j2bjgsrv6shl76mssnchfv82vjf8abkf8343b";
   };
 
   dontBuild = true;
@@ -20,8 +20,10 @@ stdenv.mkDerivation rec {
   installPhase = ''
     runHook preInstall
 
-    install -Dm755 z.lua $out/bin/z
-    wrapProgram $out/bin/z --set LUA_CPATH "${lua52Packages.luafilesystem}/lib/lua/5.2/lfs.so" --set _ZL_USE_LFS 1;
+    install -Dm755 z.lua $out/bin/z.lua
+    wrapProgram $out/bin/z.lua --set LUA_CPATH "${lua52Packages.luafilesystem}/lib/lua/5.2/lfs.so" --set _ZL_USE_LFS 1;
+    # Create symlink for backwards compatibility. See: https://github.com/NixOS/nixpkgs/pull/96081
+    ln -s $out/bin/z.lua $out/bin/z
 
     runHook postInstall
   '';
diff --git a/pkgs/tools/misc/zalgo/default.nix b/pkgs/tools/misc/zalgo/default.nix
new file mode 100644
index 00000000000..d9538141af0
--- /dev/null
+++ b/pkgs/tools/misc/zalgo/default.nix
@@ -0,0 +1,25 @@
+{ stdenv, fetchFromGitHub }:
+
+stdenv.mkDerivation rec {
+  pname = "zalgo";
+  version = "unstable-2020-08-26";
+
+  src = fetchFromGitHub {
+    owner = "lunasorcery";
+    repo = "zalgo";
+    rev = "6aa1f66cfe183f8164a666730dfeaf39133cf01a";
+    sha256 = "00q56yvfcj2f89wllrckvizihivqmd6l77nihb52ffqd99rdd24w";
+  };
+
+  installPhase = ''
+    install -Dm755 zalgo -t $out/bin
+  '';
+
+  meta = with stdenv.lib; {
+    description = "Read stdin and corrupt it with combining diacritics";
+    homepage = "https://github.com/lunasorcery/zalgo";
+    license = licenses.unfree;
+    platforms = platforms.unix;
+    maintainers = with maintainers; [ djanatyn ];
+  };
+}
diff --git a/pkgs/tools/networking/cjdns/default.nix b/pkgs/tools/networking/cjdns/default.nix
index 28a418c27f2..8cc891cce19 100644
--- a/pkgs/tools/networking/cjdns/default.nix
+++ b/pkgs/tools/networking/cjdns/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "cjdns";
-  version = "21";
+  version = "21.1";
 
   src = fetchFromGitHub {
     owner = "cjdelisle";
     repo = "cjdns";
     rev = "cjdns-v${version}";
-    sha256 = "1s9d8yrdrj2gviig05jhr0fnzazb88lih0amxfk0av786rvh7ymj";
+    sha256 = "NOmk+vMZ8i0E2MjrUzksk+tkJ9XVVNEXlE5OOTNa+Y0=";
   };
 
   buildInputs = [ which python27 nodejs ] ++
@@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
   meta = with stdenv.lib; {
     homepage = "https://github.com/cjdelisle/cjdns";
     description = "Encrypted networking for regular people";
-    license = licenses.gpl3;
+    license = licenses.gpl3Plus;
     maintainers = with maintainers; [ ehmry ];
     platforms = platforms.linux;
   };
diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix
index c466a48434f..82245f4cd26 100644
--- a/pkgs/tools/networking/curl/default.nix
+++ b/pkgs/tools/networking/curl/default.nix
@@ -34,14 +34,14 @@ assert gssSupport -> libkrb5 != null;
 
 stdenv.mkDerivation rec {
   pname = "curl";
-  version = "7.73.0";
+  version = "7.74.0";
 
   src = fetchurl {
     urls = [
       "https://curl.haxx.se/download/${pname}-${version}.tar.bz2"
       "https://github.com/curl/curl/releases/download/${lib.replaceStrings ["."] ["_"] pname}-${version}/${pname}-${version}.tar.bz2"
     ];
-    sha256 = "sha256-zzT+Cwe4APHAGkmabosq9Uj20OBE3KSinYikvuFG0TE=";
+    sha256 = "19bp3d91xq9vqwlbzq261j23mk9lz4lyka4gr2fm6dhnd3k66k8g";
   };
 
   outputs = [ "bin" "dev" "out" "man" "devdoc" ];
diff --git a/pkgs/tools/networking/httpstat/default.nix b/pkgs/tools/networking/httpstat/default.nix
index e9987a51eae..f404090e5e3 100644
--- a/pkgs/tools/networking/httpstat/default.nix
+++ b/pkgs/tools/networking/httpstat/default.nix
@@ -2,12 +2,12 @@
 
 pythonPackages.buildPythonApplication rec {
   pname = "httpstat";
-  version = "1.3.0";
+  version = "1.3.1";
   src = fetchFromGitHub {
     owner = "reorx";
     repo = pname;
     rev = version;
-    sha256 = "18k2glnyzxlmry19ijmndim2vqqn3c86smd7xc3haw6k7qafifx1";
+    sha256 = "sha256-zUdis41sQpJ1E3LdNwaCVj6gexi/Rk21IBUgoFISiDM=";
   };
   doCheck = false; # No tests
   buildInputs = [ glibcLocales ];
diff --git a/pkgs/tools/networking/kapp/default.nix b/pkgs/tools/networking/kapp/default.nix
new file mode 100644
index 00000000000..13076338529
--- /dev/null
+++ b/pkgs/tools/networking/kapp/default.nix
@@ -0,0 +1,23 @@
+{ lib, buildGoModule, fetchFromGitHub }:
+buildGoModule rec {
+  pname = "kapp";
+  version = "0.35.0";
+
+  src = fetchFromGitHub {
+    owner = "vmware-tanzu";
+    repo = "carvel-kapp";
+    rev = "v${version}";
+    sha256 = "1i4hpqpbwqb0yg3rx4z733zfslq3svmahfr39ss1ydylsipl02mg";
+  };
+
+  vendorSha256 = null;
+
+  subPackages = [ "cmd/kapp" ];
+
+  meta = with lib; {
+    description = "CLI tool that encourages Kubernetes users to manage bulk resources with an application abstraction for grouping";
+    homepage = "https://get-kapp.io";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ brodes ];
+  };
+}
diff --git a/pkgs/tools/networking/libreswan/default.nix b/pkgs/tools/networking/libreswan/default.nix
index 3e7719c40d4..7e6f2c475ca 100644
--- a/pkgs/tools/networking/libreswan/default.nix
+++ b/pkgs/tools/networking/libreswan/default.nix
@@ -29,6 +29,10 @@ stdenv.mkDerivation rec {
     "-Wno-error=format-truncation"
     "-Wno-error=pointer-compare"
     "-Wno-error=stringop-truncation"
+    # The following flag allows libreswan v3.32 to work with NSS 3.22, see
+    # https://github.com/libreswan/libreswan/issues/334.
+    # This flag should not be needed for libreswan v3.33 (which is not yet released).
+    "-DNSS_PKCS11_2_0_COMPAT=1"
   ];
 
   nativeBuildInputs = [ makeWrapper pkgconfig ];
@@ -82,7 +86,7 @@ stdenv.mkDerivation rec {
   meta = with stdenv.lib; {
     homepage = "https://libreswan.org";
     description = "A free software implementation of the VPN protocol based on IPSec and the Internet Key Exchange";
-    platforms = platforms.linux ++ platforms.darwin ++ platforms.freebsd;
+    platforms = platforms.linux ++ platforms.freebsd;
     license = licenses.gpl2;
     maintainers = [ maintainers.afranchuk ];
   };
diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix
index f8a518ca4dc..ef98f482140 100644
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@@ -1,4 +1,5 @@
 { stdenv
+, pkgs
 , fetchurl
 , fetchpatch
 , zlib
@@ -66,7 +67,9 @@ stdenv.mkDerivation rec {
       substituteInPlace Makefile.in --replace '$(INSTALL) -m 4711' '$(INSTALL) -m 0711'
     '';
 
-  nativeBuildInputs = [ pkgconfig ] ++ optional (hpnSupport || withGssapiPatches) autoreconfHook;
+  nativeBuildInputs = [ pkgconfig ]
+    ++ optional (hpnSupport || withGssapiPatches) autoreconfHook
+    ++ optional withKerberos pkgs.kerberos.dev;
   buildInputs = [ zlib openssl libedit pam ]
     ++ optional withFIDO libfido2
     ++ optional withKerberos kerberos;
@@ -75,6 +78,22 @@ stdenv.mkDerivation rec {
     # Setting LD causes `configure' and `make' to disagree about which linker
     # to use: `configure' wants `gcc', but `make' wants `ld'.
     unset LD
+  ''
+  # Upstream build system does not support static build, so we fall back
+  # on fragile patching of configure script.
+  #
+  # libedit is found by pkgconfig, but without --static flag, required
+  # to get also transitive dependencies for static linkage, hence sed
+  # expression.
+  #
+  # Kerberos can be found either by krb5-config or by fall-back shell
+  # code in openssh's configure.ac. Neither of them support static
+  # build, but patching code for krb5-config is simpler, so to get it
+  # into PATH, kerberos.dev is added into buildInputs.
+  + optionalString stdenv.hostPlatform.isStatic ''
+    sed -i "s,PKGCONFIG --libs,PKGCONFIG --libs --static,g" configure
+    sed -i 's#KRB5CONF --libs`#KRB5CONF --libs` -lkrb5support -lkeyutils#g' configure
+    sed -i 's#KRB5CONF --libs gssapi`#KRB5CONF --libs gssapi` -lkrb5support -lkeyutils#g' configure
   '';
 
   # I set --disable-strip because later we strip anyway. And it fails to strip
diff --git a/pkgs/tools/networking/proxify/default.nix b/pkgs/tools/networking/proxify/default.nix
new file mode 100644
index 00000000000..4a75b3ca2f1
--- /dev/null
+++ b/pkgs/tools/networking/proxify/default.nix
@@ -0,0 +1,31 @@
+{ buildGoModule
+, fetchFromGitHub
+, stdenv
+}:
+
+buildGoModule rec {
+  pname = "proxify";
+  version = "0.0.3";
+
+  src = fetchFromGitHub {
+    owner = "projectdiscovery";
+    repo = "proxify";
+    rev = "v${version}";
+    sha256 = "15j2q9zrs8bdf72jgldkai3xbi4irk69wyjzv48r74rdgf2k49gn";
+  };
+
+  vendorSha256 = "1x78n88ri8kph827k03x1q06zpbbbp7793xsvc376ljda5n6bqig";
+
+  meta = with stdenv.lib; {
+    description = "Proxy tool for HTTP/HTTPS traffic capture";
+    longDescription = ''
+      This tool supports multiple operations such as request/response dump, filtering
+      and manipulation via DSL language, upstream HTTP/Socks5 proxy. Additionally a
+      replay utility allows to import the dumped traffic (request/responses with correct
+      domain name) into other tools by simply setting the upstream proxy to proxify.
+    '';
+    homepage = "https://github.com/projectdiscovery/proxify";
+    license = licenses.mit;
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/tools/networking/qr-filetransfer/default.nix b/pkgs/tools/networking/qr-filetransfer/default.nix
deleted file mode 100644
index bb62be6d3e2..00000000000
--- a/pkgs/tools/networking/qr-filetransfer/default.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ stdenv, buildGoPackage, fetchFromGitHub }:
-
-buildGoPackage {
-  pname = "qr-filetransfer-unstable";
-  version = "2018-10-22";
-
-  goPackagePath = "github.com/claudiodangelis/qr-filetransfer";
-
-  src = fetchFromGitHub {
-    rev = "b1e5b91aa2aa469f870c62074e879d46e353edae";
-    owner = "claudiodangelis";
-    repo = "qr-filetransfer";
-    sha256 = "04cl3v6bzpaxp1scpsa42xxa1c1brbplq408bb7nixa98bacj4x1";
-  };
-
-  goDeps = ./deps.nix;
-
-  meta = with stdenv.lib; {
-    homepage = "https://github.com/claudiodangelis/qr-filetransfer";
-    description = "Transfer files over wifi by scanning a QR code from your terminal";
-    longDescription = ''
-      qr-filetransfer binds a web server to the address of your Wi-Fi network
-      interface on a random port and creates a handler for it. The default
-      handler serves the content and exits the program when the transfer is
-      complete.
-    '';
-    license = licenses.mit;
-    maintainers = with maintainers; [ fgaz ];
-  };
-}
diff --git a/pkgs/tools/networking/qr-filetransfer/deps.nix b/pkgs/tools/networking/qr-filetransfer/deps.nix
deleted file mode 100644
index a15dd968943..00000000000
--- a/pkgs/tools/networking/qr-filetransfer/deps.nix
+++ /dev/null
@@ -1,66 +0,0 @@
-# This file was generated by https://github.com/kamilchm/go2nix v1.3.0
-[
-  {
-    goPackagePath = "github.com/mattn/go-colorable";
-    fetch = {
-      type = "git";
-      url = "https://github.com/mattn/go-colorable";
-      rev = "efa589957cd060542a26d2dd7832fd6a6c6c3ade";
-      sha256 = "0kshi4hvm0ayrsxqxy0599iv81kryhd2fn9lwjyczpj593cq069r";
-    };
-  }
-  {
-    goPackagePath = "github.com/mattn/go-isatty";
-    fetch = {
-      type = "git";
-      url = "https://github.com/mattn/go-isatty";
-      rev = "3fb116b820352b7f0c281308a4d6250c22d94e27";
-      sha256 = "084hplr4n4g5nvp70clljk428hc963460xz0ggcj3xdi4w7hhsvv";
-    };
-  }
-  {
-    goPackagePath = "github.com/mattn/go-runewidth";
-    fetch = {
-      type = "git";
-      url = "https://github.com/mattn/go-runewidth";
-      rev = "c88d7e5f2e24de48a200a2655ac8a0910be9a0f7";
-      sha256 = "14prmzjlv9z31n6caaaq1kwi4p0mp3x4pv5r7d0575lcampa41jw";
-    };
-  }
-  {
-    goPackagePath = "github.com/mdp/qrterminal";
-    fetch = {
-      type = "git";
-      url = "https://github.com/mdp/qrterminal";
-      rev = "6967d3624af633162b77160078e12a4c14174470";
-      sha256 = "1f2zrdv9sw2a6ni1712d27cayr3f8whqagx6f0yglc5gdd9f3i2n";
-    };
-  }
-  {
-    goPackagePath = "golang.org/x/sys";
-    fetch = {
-      type = "git";
-      url = "https://go.googlesource.com/sys";
-      rev = "a5c9d58dba9a56f97aaa86f55e638b718c5a6c42";
-      sha256 = "02qv5i7yps35p7fa81345qz7k8i73gkigj69anwmpw9rhpmzayf9";
-    };
-  }
-  {
-    goPackagePath = "gopkg.in/cheggaaa/pb.v1";
-    fetch = {
-      type = "git";
-      url = "https://gopkg.in/cheggaaa/pb.v1";
-      rev = "007b75a044e968336a69a6c0c617251ab62ac14c";
-      sha256 = "0l8m5cy6fbir7nrsk985ap7dxp9qlfmh8r73g7j9zg7pfq3lkhad";
-    };
-  }
-  {
-    goPackagePath = "rsc.io/qr";
-    fetch = {
-      type = "git";
-      url = "https://github.com/rsc/qr";
-      rev = "ca9a01fc2f9505024045632c50e5e8cd6142fafe";
-      sha256 = "04yx493g0fqp8i59zjxnl4k3s0cl0kr5m8xh0ph8m10r1hkw0xr3";
-    };
-  }
-]
diff --git a/pkgs/tools/networking/qrcp/default.nix b/pkgs/tools/networking/qrcp/default.nix
new file mode 100644
index 00000000000..bf3b3936edd
--- /dev/null
+++ b/pkgs/tools/networking/qrcp/default.nix
@@ -0,0 +1,33 @@
+{ lib
+, buildGoModule
+, fetchFromGitHub
+}:
+
+buildGoModule rec {
+  pname = "qrcp";
+  version = "0.7.0";
+
+  src = fetchFromGitHub {
+    owner = "claudiodangelis";
+    repo = "qrcp";
+    rev = version;
+    sha256 = "0rx0pzy7p3dklayr2lkmyfdc00x9v4pd5xnzydbjx12hncnkpw4l";
+  };
+
+  vendorSha256 = "0iffy43x3njcahrxl99a71v8p7im102nzv8iqbvd5c6m14rsckqa";
+
+  subPackages = [ "." ];
+
+  meta = with lib; {
+    homepage = "https://claudiodangelis.com/qrcp/";
+    description = "Transfer files over wifi by scanning a QR code from your terminal";
+    longDescription = ''
+      qrcp binds a web server to the address of your Wi-Fi network
+      interface on a random port and creates a handler for it. The default
+      handler serves the content and exits the program when the transfer is
+      complete.
+    '';
+    license = licenses.mit;
+    maintainers = with maintainers; [ fgaz ];
+  };
+}
diff --git a/pkgs/tools/package-management/libdnf/darwin.patch b/pkgs/tools/package-management/libdnf/darwin.patch
new file mode 100644
index 00000000000..56bafb2f7b8
--- /dev/null
+++ b/pkgs/tools/package-management/libdnf/darwin.patch
@@ -0,0 +1,35 @@
+--- src/libdnf/hy-iutil.cpp	2020-12-02 07:53:42.000000000 -0800
++++ src/libdnf/hy-iutil.cpp	2020-12-21 14:24:14.000000000 -0800
+@@ -22,7 +22,7 @@
+ #include <errno.h>
+ #include <dirent.h>
+ #include <fcntl.h>
+-#include <linux/limits.h>
++#include <limits.h>
+ #include <pwd.h>
+ #include <unistd.h>
+ #include <stdio.h>
+--- src/libdnf/hy-util.cpp	2020-12-02 07:53:42.000000000 -0800
++++ src/libdnf/hy-util.cpp	2020-12-21 14:23:21.000000000 -0800
+@@ -24,7 +24,20 @@
+ #include <ctype.h>
+ #include <sys/utsname.h>
+ #include <sys/stat.h>
+-#include <sys/auxv.h>
++
++// Darwin compatibility hacks
++typedef int auxv_t;
++#ifndef AT_HWCAP2
++#define AT_HWCAP2 26
++#endif
++#ifndef AT_HWCAP
++#define AT_HWCAP 16
++#endif
++static unsigned long getauxval(unsigned long type)
++{
++  unsigned long ret = 0;
++  return ret;
++}
+ 
+ // hawkey
+ #include "dnf-types.h"
diff --git a/pkgs/tools/package-management/libdnf/default.nix b/pkgs/tools/package-management/libdnf/default.nix
new file mode 100644
index 00000000000..480222a45de
--- /dev/null
+++ b/pkgs/tools/package-management/libdnf/default.nix
@@ -0,0 +1,66 @@
+{ gcc9Stdenv, stdenv, fetchFromGitHub, cmake, gettext, pkg-config, gpgme, libsolv, openssl, check
+, pcre, json_c, libmodulemd, libsmartcols, sqlite, librepo, libyaml, rpm }:
+
+gcc9Stdenv.mkDerivation rec {
+  pname = "libdnf";
+  version = "0.55.2";
+
+  src = fetchFromGitHub {
+    owner = "rpm-software-management";
+    repo = pname;
+    rev = version;
+    sha256 = "0hiydwfa90nsrqk5ffa6ks1g73wnsgjgq7z7gwq9jj76a7gpfbfq";
+  };
+
+  patches = stdenv.lib.optionals stdenv.isDarwin [ ./darwin.patch ];
+
+  nativeBuildInputs = [
+    cmake
+    gettext
+    pkg-config
+  ];
+
+  buildInputs = [
+    check
+    gpgme
+    openssl
+    json_c
+    libsmartcols
+    libyaml
+    libmodulemd
+  ];
+
+  propagatedBuildInputs = [
+    sqlite
+    libsolv
+    librepo
+    rpm
+  ];
+
+  # See https://github.com/NixOS/nixpkgs/issues/107430
+  prePatch = ''
+    cp ${libsolv}/share/cmake/Modules/FindLibSolv.cmake cmake/modules/
+  '';
+
+  # See https://github.com/NixOS/nixpkgs/issues/107428
+  postPatch = ''
+    substituteInPlace CMakeLists.txt \
+      --replace "enable_testing()" "" \
+      --replace "add_subdirectory(tests)" ""
+  '';
+
+  cmakeFlags = [
+    "-DWITH_GTKDOC=OFF"
+    "-DWITH_HTML=OFF"
+    "-DWITH_BINDINGS=OFF"
+    "-DWITH_ZCHUNK=OFF"
+  ];
+
+  meta = with stdenv.lib; {
+    description = "Package management library.";
+    homepage = "https://github.com/rpm-software-management/libdnf";
+    license = licenses.gpl2Plus;
+    platforms = platforms.linux ++ platforms.darwin;
+    maintainers = with maintainers; [ rb2k ];
+  };
+}
diff --git a/pkgs/tools/package-management/librepo/default.nix b/pkgs/tools/package-management/librepo/default.nix
index 0e2cec68520..f636560844b 100644
--- a/pkgs/tools/package-management/librepo/default.nix
+++ b/pkgs/tools/package-management/librepo/default.nix
@@ -35,11 +35,12 @@ stdenv.mkDerivation rec {
     libxml2
     glib
     openssl
-    zchunk
     curl
     check
     gpgme
-  ];
+  ]
+  # zchunk currently has issues compiling in darwin, fine in linux
+  ++ stdenv.lib.optional stdenv.isLinux zchunk;
 
   # librepo/fastestmirror.h includes curl/curl.h, and pkg-config specfile refers to others in here
   propagatedBuildInputs = [
@@ -50,7 +51,7 @@ stdenv.mkDerivation rec {
 
   cmakeFlags = [
     "-DPYTHON_DESIRED=${stdenv.lib.substring 0 1 python.pythonVersion}"
-  ];
+  ] ++ stdenv.lib.optional stdenv.isDarwin "-DWITH_ZCHUNK=OFF";
 
   postFixup = ''
     moveToOutput "lib/${python.libPrefix}" "$py"
@@ -60,7 +61,7 @@ stdenv.mkDerivation rec {
     description = "Library providing C and Python (libcURL like) API for downloading linux repository metadata and packages";
     homepage = "https://rpm-software-management.github.io/librepo/";
     license = licenses.lgpl2Plus;
-    platforms = platforms.linux;
+    platforms = platforms.linux ++ platforms.darwin;
     maintainers = with maintainers; [ copumpkin ];
   };
 }
diff --git a/pkgs/tools/package-management/microdnf/default.nix b/pkgs/tools/package-management/microdnf/default.nix
new file mode 100644
index 00000000000..de473cf6a89
--- /dev/null
+++ b/pkgs/tools/package-management/microdnf/default.nix
@@ -0,0 +1,24 @@
+{ stdenv, fetchFromGitHub, cmake, gettext, libdnf, pkg-config, glib, libpeas, libsmartcols, help2man }:
+
+stdenv.mkDerivation rec {
+  pname = "microdnf";
+  version = "3.6.0";
+
+  src = fetchFromGitHub {
+    owner = "rpm-software-management";
+    repo = pname;
+    rev = version;
+    sha256 = "0a7lc3qsnblvznzsz3544l3n84184xi85zf7c3m3jhnmpmxsg39h";
+  };
+
+  nativeBuildInputs = [ pkg-config cmake gettext help2man ];
+  buildInputs = [ libdnf glib libpeas libsmartcols ];
+
+  meta = with stdenv.lib; {
+    description = "Lightweight implementation of dnf in C";
+    homepage = "https://github.com/rpm-software-management/microdnf";
+    license = licenses.gpl2Plus;
+    maintainers = with stdenv.lib.maintainers; [ rb2k ];
+    platforms = platforms.linux ++ platforms.darwin;
+  };
+}
diff --git a/pkgs/tools/package-management/nix-update/default.nix b/pkgs/tools/package-management/nix-update/default.nix
index 54492d173e8..34f63593612 100644
--- a/pkgs/tools/package-management/nix-update/default.nix
+++ b/pkgs/tools/package-management/nix-update/default.nix
@@ -7,13 +7,13 @@
 
 buildPythonApplication rec {
   pname = "nix-update";
-  version = "0.2";
+  version = "0.3";
 
   src = fetchFromGitHub {
     owner = "Mic92";
     repo = pname;
     rev = version;
-    sha256 = "12fsxy2rv2dgk8l10ymp10j01jkcbn9w0fv5iyb5db85q4xsrsm5";
+    sha256 = "sha256-cMllWFPK6pwqrocjkZKjnELIdtW4tj5Yu6AMw7Zd2JU=";
   };
 
   makeWrapperArgs = [
diff --git a/pkgs/tools/package-management/protontricks/default.nix b/pkgs/tools/package-management/protontricks/default.nix
index 02bc599f47d..e4e60442c8f 100644
--- a/pkgs/tools/package-management/protontricks/default.nix
+++ b/pkgs/tools/package-management/protontricks/default.nix
@@ -1,31 +1,29 @@
-{ stdenv
-, lib
+{ lib
 , buildPythonApplication
 , fetchFromGitHub
 , setuptools_scm
 , vdf
-, wine
+, steam-run
 , winetricks
 , zenity
-, pytest
+, pytestCheckHook
 }:
 
 buildPythonApplication rec {
   pname = "protontricks";
-  version = "1.4.2";
+  version = "1.4.3";
 
   src = fetchFromGitHub {
     owner = "Matoking";
     repo = pname;
     rev = version;
-    sha256 = "0ri4phi1rna9snrxa6gl23walyack09mgax7zpjqfpxivwls3ach";
+    sha256 = "0a5727igwafwvj8rr5lv0lx8rlfji3qkzmrbp0d15w5dc4fhknp0";
   };
 
-  # Fix interpreter in mock run.sh for tests
-  postPatch = ''
-    substituteInPlace tests/conftest.py \
-      --replace '#!/bin/bash' '#!${stdenv.shell}' \
-  '';
+  patches = [
+    # Use steam-run to run Proton binaries
+    ./steam-run.patch
+  ];
 
   preBuild = ''
     export SETUPTOOLS_SCM_PRETEND_VERSION="${version}"
@@ -34,22 +32,30 @@ buildPythonApplication rec {
   nativeBuildInputs = [ setuptools_scm ];
   propagatedBuildInputs = [ vdf ];
 
-  # The wine install shipped with Proton must run under steam's
-  # chrootenv, but winetricks and zenity break when running under
-  # it. See https://github.com/NixOS/nix/issues/902.
-  #
-  # The current workaround is to use wine from nixpkgs
   makeWrapperArgs = [
-    "--set STEAM_RUNTIME 0"
-    "--set-default WINE ${wine}/bin/wine"
-    "--set-default WINESERVER ${wine}/bin/wineserver"
-    "--prefix PATH : ${lib.makeBinPath [ winetricks zenity ]}"
+    "--prefix PATH : ${lib.makeBinPath [
+      steam-run
+      (winetricks.override {
+        # Remove default build of wine to reduce closure size.
+        # Falls back to wine in PATH when --no-runtime is passed.
+        wine = null;
+      })
+      zenity
+    ]}"
   ];
 
-  checkInputs = [ pytest ];
-  checkPhase = "pytest";
+  checkInputs = [ pytestCheckHook ];
+  disabledTests = [
+    # Steam runtime is hard-coded with steam-run.patch and can't be configured
+    "test_run_steam_runtime_not_found"
+    "test_unknown_steam_runtime_detected"
+
+    # Steam runtime 2 currently isn't supported
+    # See https://github.com/NixOS/nixpkgs/issues/100655
+    "test_run_winetricks_steam_runtime_v2"
+  ];
 
-  meta = with stdenv.lib; {
+  meta = with lib; {
     description = "A simple wrapper for running Winetricks commands for Proton-enabled games";
     homepage = "https://github.com/Matoking/protontricks";
     license = licenses.gpl3;
diff --git a/pkgs/tools/package-management/protontricks/steam-run.patch b/pkgs/tools/package-management/protontricks/steam-run.patch
new file mode 100644
index 00000000000..536072cafc4
--- /dev/null
+++ b/pkgs/tools/package-management/protontricks/steam-run.patch
@@ -0,0 +1,254 @@
+diff --git a/src/protontricks/cli.py b/src/protontricks/cli.py
+index 6506dae..2f762c9 100755
+--- a/src/protontricks/cli.py
++++ b/src/protontricks/cli.py
+@@ -14,7 +14,7 @@ import os
+ import logging
+ 
+ from . import __version__
+-from .steam import (find_proton_app, find_steam_path, find_steam_runtime_path,
++from .steam import (find_proton_app, find_steam_path,
+                     get_steam_apps, get_steam_lib_paths)
+ from .winetricks import get_winetricks_path
+ from .gui import select_steam_app_with_gui
+@@ -75,8 +75,7 @@ def main(args=None):
+             "WINE: path to a custom 'wine' executable\n"
+             "WINESERVER: path to a custom 'wineserver' executable\n"
+             "STEAM_RUNTIME: 1 = enable Steam Runtime, 0 = disable Steam "
+-            "Runtime, valid path = custom Steam Runtime path, "
+-            "empty = enable automatically (default)"
++            "Runtime, empty = enable automatically (default)"
+         ),
+         formatter_class=argparse.RawTextHelpFormatter
+     )
+@@ -133,14 +132,10 @@ def main(args=None):
+         sys.exit(-1)
+ 
+     # 2. Find Steam Runtime if enabled
+-    steam_runtime_path = None
++    steam_runtime = False
+ 
+     if os.environ.get("STEAM_RUNTIME", "") != "0" and not args.no_runtime:
+-        steam_runtime_path = find_steam_runtime_path(steam_root=steam_root)
+-
+-        if not steam_runtime_path:
+-            print("Steam Runtime was enabled but couldn't be found!")
+-            sys.exit(-1)
++        steam_runtime = True
+     else:
+         logger.info("Steam Runtime disabled.")
+ 
+@@ -194,7 +189,7 @@ def main(args=None):
+             winetricks_path=winetricks_path,
+             proton_app=proton_app,
+             steam_app=steam_app,
+-            steam_runtime_path=steam_runtime_path,
++            steam_runtime=steam_runtime,
+             command=[winetricks_path, "--gui"]
+         )
+         return
+@@ -261,7 +256,7 @@ def main(args=None):
+             winetricks_path=winetricks_path,
+             proton_app=proton_app,
+             steam_app=steam_app,
+-            steam_runtime_path=steam_runtime_path,
++            steam_runtime=steam_runtime,
+             command=[winetricks_path] + args.winetricks_command)
+     elif args.command:
+         run_command(
+@@ -269,7 +264,7 @@ def main(args=None):
+             proton_app=proton_app,
+             steam_app=steam_app,
+             command=args.command,
+-            steam_runtime_path=steam_runtime_path,
++            steam_runtime=steam_runtime,
+             # Pass the command directly into the shell *without*
+             # escaping it
+             cwd=steam_app.install_path,
+diff --git a/src/protontricks/steam.py b/src/protontricks/steam.py
+index 215b31d..aa545b8 100644
+--- a/src/protontricks/steam.py
++++ b/src/protontricks/steam.py
+@@ -11,7 +11,7 @@ from .util import lower_dict
+ 
+ __all__ = (
+     "COMMON_STEAM_DIRS", "SteamApp", "find_steam_path",
+-    "find_steam_proton_app", "find_proton_app", "find_steam_runtime_path",
++    "find_steam_proton_app", "find_proton_app",
+     "find_appid_proton_prefix", "get_steam_lib_paths", "get_steam_apps",
+     "get_custom_proton_installations"
+ )
+@@ -245,37 +245,6 @@ def find_steam_path():
+     return None, None
+ 
+ 
+-def find_steam_runtime_path(steam_root):
+-    """
+-    Find the Steam Runtime either using the STEAM_RUNTIME env or
+-    steam_root
+-    """
+-    env_steam_runtime = os.environ.get("STEAM_RUNTIME", "")
+-
+-    if env_steam_runtime == "0":
+-        # User has disabled Steam Runtime
+-        logger.info("STEAM_RUNTIME is 0. Disabling Steam Runtime.")
+-        return None
+-    elif env_steam_runtime and Path(env_steam_runtime).is_dir():
+-        # User has a custom Steam Runtime
+-        logger.info(
+-            "Using custom Steam Runtime at %s", env_steam_runtime)
+-        return Path(env_steam_runtime)
+-    elif env_steam_runtime in ["1", ""]:
+-        # User has enabled Steam Runtime or doesn't have STEAM_RUNTIME set;
+-        # default to enabled Steam Runtime in either case
+-        steam_runtime_path = steam_root / "ubuntu12_32" / "steam-runtime"
+-
+-        logger.info(
+-            "Using default Steam Runtime at %s", str(steam_runtime_path))
+-        return steam_runtime_path
+-
+-    logger.error(
+-        "Path in STEAM_RUNTIME doesn't point to a valid Steam Runtime!")
+-
+-    return None
+-
+-
+ APPINFO_STRUCT_HEADER = "<4sL"
+ APPINFO_STRUCT_SECTION = "<LLLLQ20sL"
+ 
+diff --git a/src/protontricks/util.py b/src/protontricks/util.py
+index a850427..390fc01 100644
+--- a/src/protontricks/util.py
++++ b/src/protontricks/util.py
+@@ -6,7 +6,7 @@ import stat
+ from pathlib import Path
+ from subprocess import check_output, run, PIPE
+ 
+-__all__ = ("get_runtime_library_paths", "create_wine_bin_dir", "run_command")
++__all__ = ("create_wine_bin_dir", "run_command")
+ 
+ logger = logging.getLogger("protontricks")
+ 
+@@ -25,70 +25,10 @@ def lower_dict(d):
+     return {k.lower(): v for k, v in d.items()}
+ 
+ 
+-def get_host_library_paths():
+-    """
+-    Get host library paths to use when creating the LD_LIBRARY_PATH environment
+-    variable for use with newer Steam Runtime installations
+-    """
+-    # The traditional Steam Runtime does the following when running the
+-    # `run.sh --print-steam-runtime-library-paths` command.
+-    # Since that command is unavailable with newer Steam Runtime releases,
+-    # do it ourselves here.
+-    result = run(
+-        ["/sbin/ldconfig", "-XNv"],
+-        check=True, stdout=PIPE, stderr=PIPE
+-    )
+-    lines = result.stdout.decode("utf-8").split("\n")
+-    paths = [
+-        line.split(":")[0] for line in lines
+-        if line.startswith("/") and ":" in line
+-    ]
+-
+-    return ":".join(paths)
+-
+-
+-def get_runtime_library_paths(steam_runtime_path, proton_app):
+-    """
+-    Get LD_LIBRARY_PATH value to run a command using Steam Runtime
+-    """
+-    if proton_app.required_tool_app:
+-        # bwrap based Steam Runtime is used for Proton installations that
+-        # use separate Steam runtimes
+-        # TODO: Try to run the Wine binaries inside an user namespace somehow.
+-        # Newer Steam Runtime environments may rely on a newer glibc than what
+-        # is available on the host system, which may cause potential problems
+-        # otherwise.
+-        runtime_root = next(
+-            proton_app.required_tool_app.install_path.glob("*/files/")
+-        )
+-        return "".join([
+-            str(proton_app.install_path / "dist" / "lib"), os.pathsep,
+-            str(proton_app.install_path / "dist" / "lib64"), os.pathsep,
+-            get_host_library_paths(), os.pathsep,
+-            str(runtime_root / "i686-pc-linux-gnu" / "lib"), os.pathsep,
+-            str(runtime_root / "x86_64-pc-linux-gnu" / "lib")
+-        ])
+-
+-    # Traditional LD_LIBRARY_PATH based Steam Runtime is used otherwise
+-    steam_runtime_paths = check_output([
+-        str(steam_runtime_path / "run.sh"),
+-        "--print-steam-runtime-library-paths"
+-    ])
+-    steam_runtime_paths = str(steam_runtime_paths, "utf-8")
+-    # Add Proton installation directory first into LD_LIBRARY_PATH
+-    # so that libwine.so.1 is picked up correctly (see issue #3)
+-    return "".join([
+-        str(proton_app.install_path / "dist" / "lib"), os.pathsep,
+-        str(proton_app.install_path / "dist" / "lib64"), os.pathsep,
+-        steam_runtime_paths
+-    ])
+-
+-
+ WINE_SCRIPT_TEMPLATE = (
+-    "#!/bin/bash\n"
++    "#!/bin/sh\n"
+     "# Helper script created by Protontricks to run Wine binaries using Steam Runtime\n"
+-    "export LD_LIBRARY_PATH=\"$PROTON_LD_LIBRARY_PATH\"\n"
+-    "exec \"$PROTON_PATH\"/dist/bin/{name} \"$@\""
++    "exec steam-run \"$PROTON_PATH\"/dist/bin/{name} \"$@\""
+ )
+ 
+ 
+@@ -149,7 +89,7 @@ def create_wine_bin_dir(proton_app):
+ 
+ def run_command(
+         winetricks_path, proton_app, steam_app, command,
+-        steam_runtime_path=None,
++        steam_runtime=False,
+         **kwargs):
+     """Run an arbitrary command with the correct environment variables
+     for the given Proton app
+@@ -157,7 +97,7 @@ def run_command(
+     The environment variables are set for the duration of the call
+     and restored afterwards
+ 
+-    If 'steam_runtime_path' is provided, run the command using Steam Runtime
++    If 'steam_runtime' is provided, run the command using Steam Runtime
+     """
+     # Make a copy of the environment variables to restore later
+     environ_copy = os.environ.copy()
+@@ -200,7 +140,7 @@ def run_command(
+     os.environ.pop("WINEARCH", "")
+ 
+     wine_bin_dir = None
+-    if steam_runtime_path:
++    if steam_runtime:
+         if proton_app.required_tool_app:
+             runtime_name = proton_app.required_tool_app.name
+             logger.info(
+@@ -217,8 +157,6 @@ def run_command(
+         # that load the underlying Proton Wine executables with Steam Runtime
+         # and Proton libraries instead of system libraries
+         wine_bin_dir = create_wine_bin_dir(proton_app=proton_app)
+-        os.environ["PROTON_LD_LIBRARY_PATH"] = \
+-            get_runtime_library_paths(steam_runtime_path, proton_app)
+         os.environ["PATH"] = "".join([
+             str(wine_bin_dir), os.pathsep, os.environ["PATH"]
+         ])
+diff --git a/tests/test_cli.py b/tests/test_cli.py
+index 19e1137..2ef56d6 100644
+--- a/tests/test_cli.py
++++ b/tests/test_cli.py
+@@ -114,9 +114,6 @@ class TestCLIRun:
+         assert str(command.args[0]).endswith(".local/bin/winetricks")
+         assert command.args[1] == "winecfg"
+         assert command.env["PATH"].startswith(str(wine_bin_dir))
+-        assert (
+-            "fake_steam_runtime/lib64" in command.env["PROTON_LD_LIBRARY_PATH"]
+-        )
+         assert command.env["WINE"] == str(wine_bin_dir / "wine")
+         assert command.env["WINELOADER"] == str(wine_bin_dir / "wine")
+         assert command.env["WINESERVER"] == str(wine_bin_dir / "wineserver")
diff --git a/pkgs/tools/package-management/rpm/default.nix b/pkgs/tools/package-management/rpm/default.nix
index 8acf57570d7..ac470d3e26a 100644
--- a/pkgs/tools/package-management/rpm/default.nix
+++ b/pkgs/tools/package-management/rpm/default.nix
@@ -1,21 +1,22 @@
-{ stdenv, lib
+{ stdenv, lib, fetchpatch
 , pkgconfig, autoreconfHook
-, fetchurl, cpio, zlib, bzip2, file, elfutils, libbfd, libarchive, nspr, nss, popt, db, xz, python, lua, llvmPackages
+, fetchurl, cpio, zlib, bzip2, file, elfutils, libbfd, libgcrypt, libarchive, nspr, nss, popt, db, xz, python, lua, llvmPackages
+, sqlite
 }:
 
 stdenv.mkDerivation rec {
   pname = "rpm";
-  version = "4.15.1";
+  version = "4.16.1.2";
 
   src = fetchurl {
     url = "http://ftp.rpm.org/releases/rpm-${lib.versions.majorMinor version}.x/rpm-${version}.tar.bz2";
-    sha256 = "0c6jwail90fhha3bpx70w4a2i8ycxwvnx6zwxm121l8wc3wlbvyx";
+    sha256 = "1k6ank2aad7r503w12m6m494mxr6iccj52wqhwbc94pwxsf34mw3";
   };
 
   outputs = [ "out" "dev" "man" ];
 
   nativeBuildInputs = [ autoreconfHook pkgconfig ];
-  buildInputs = [ cpio zlib bzip2 file libarchive nspr nss db xz python lua ]
+  buildInputs = [ cpio zlib bzip2 file libarchive libgcrypt nspr nss db xz python lua sqlite ]
                 ++ lib.optionals stdenv.cc.isClang [ llvmPackages.openmp ];
 
   # rpm/rpmlib.h includes popt.h, and then the pkg-config file mentions these as linkage requirements
@@ -28,14 +29,23 @@ stdenv.mkDerivation rec {
     "--with-external-db"
     "--with-lua"
     "--enable-python"
+    "--enable-ndb"
+    "--enable-sqlite"
     "--localstatedir=/var"
     "--sharedstatedir=/com"
   ];
 
-  postPatch = ''
-    # For Python3, the original expression evaluates as 'python3.4' but we want 'python3.4m' here
-    substituteInPlace configure.ac --replace 'python''${PYTHON_VERSION}' ${python.executable}
+  # Small fixes for ndb on darwin
+  # https://github.com/rpm-software-management/rpm/pull/1465
+  patches = [
+    (fetchpatch {
+      name = "darwin-support.patch";
+      url = "https://github.com/rpm-software-management/rpm/commit/2d20e371d5e38f4171235e5c64068cad30bda557.patch";
+      sha256 = "0p3j5q5a4hl357maf7018k3826jhcpqg6wfrnccrkv30g0ayk171";
+    })
+  ];
 
+  postPatch = ''
     substituteInPlace Makefile.am --replace '@$(MKDIR_P) $(DESTDIR)$(localstatedir)/tmp' ""
   '';
 
diff --git a/pkgs/tools/security/dnsx/default.nix b/pkgs/tools/security/dnsx/default.nix
new file mode 100644
index 00000000000..21bf7d4664c
--- /dev/null
+++ b/pkgs/tools/security/dnsx/default.nix
@@ -0,0 +1,31 @@
+{ buildGoModule
+, fetchFromGitHub
+, stdenv
+}:
+
+buildGoModule rec {
+  pname = "dnsx";
+  version = "1.0.1";
+
+  src = fetchFromGitHub {
+    owner = "projectdiscovery";
+    repo = "dnsx";
+    rev = "v${version}";
+    sha256 = "1pgq21pbnz2dm272zrhd455njj5vg4kywpd230acj675nlgir6y1";
+  };
+
+  vendorSha256 = "0j2cqvskzxbyfrvsv4gm4qwfjm0digizcg157z5iignnknddajax";
+
+  meta = with stdenv.lib; {
+    description = "Fast and multi-purpose DNS toolkit";
+    longDescription = ''
+      dnsx is a fast and multi-purpose DNS toolkit allow to run multiple
+      probers using retryabledns library, that allows you to perform
+      multiple DNS queries of your choice with a list of user supplied
+      resolvers.
+    '';
+    homepage = "https://github.com/projectdiscovery/dnsx";
+    license = licenses.mit;
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/tools/security/enpass/data.json b/pkgs/tools/security/enpass/data.json
index a4a3b919e64..7a52e260eb9 100644
--- a/pkgs/tools/security/enpass/data.json
+++ b/pkgs/tools/security/enpass/data.json
@@ -1,12 +1,12 @@
 {
   "amd64": {
-    "path": "pool/main/e/enpass/enpass_6.0.1.239_amd64.deb", 
-    "sha256": "408a2bb318564307607f13b52fec7667f425c01ac40cbe345ebfa191ab1479ba", 
-    "version": "6.0.1.239"
-  }, 
+    "path": "pool/main/e/enpass/enpass_6.5.1.723_amd64.deb",
+    "sha256": "d9bb408fa2253ce44ab5396898f7db13291ce23ae58964f4a27ade38bd5067bf",
+    "version": "6.5.1.723"
+  },
   "i386": {
     "path": "pool/main/e/enpass/enpass_5.6.9_i386.deb", 
     "sha256": "3f699ac3e2ecfd4afee1505d8d364d4f6b6b94c55ba989d0a80bd678ff66cb2c", 
     "version": "5.6.9"
   }
-}
\ No newline at end of file
+}
diff --git a/pkgs/tools/security/enpass/default.nix b/pkgs/tools/security/enpass/default.nix
index 370282d02d0..be2e5b06246 100644
--- a/pkgs/tools/security/enpass/default.nix
+++ b/pkgs/tools/security/enpass/default.nix
@@ -2,7 +2,7 @@
 , glib, libGLU, libGL, libpulseaudio, zlib, dbus, fontconfig, freetype
 , gtk3, pango
 , makeWrapper , python2Packages, lib
-, lsof, curl, libuuid, cups, mesa
+, lsof, curl, libuuid, cups, mesa, lzma, libxkbcommon
 }:
 
 let
@@ -38,6 +38,8 @@ let
     curl
     libuuid
     cups
+    lzma
+    libxkbcommon
   ]);
   package = stdenv.mkDerivation {
 
@@ -49,11 +51,12 @@ let
       url = "${baseUrl}/${data.path}";
     };
 
-    meta = {
-      description = "a well known password manager";
+    meta = with stdenv.lib; {
+      description = "A well known password manager";
       homepage = "https://www.enpass.io/";
-      license = lib.licenses.unfree;
+      license = licenses.unfree;
       platforms = [ "x86_64-linux" "i686-linux"];
+      maintainers = with maintainers; [ ewok ];
     };
 
     buildInputs = [makeWrapper dpkg];
diff --git a/pkgs/tools/security/ffuf/default.nix b/pkgs/tools/security/ffuf/default.nix
new file mode 100644
index 00000000000..77a286df4c6
--- /dev/null
+++ b/pkgs/tools/security/ffuf/default.nix
@@ -0,0 +1,34 @@
+{ buildGoModule
+, fetchFromGitHub
+, stdenv
+}:
+
+buildGoModule rec {
+  pname = "ffuf";
+  version = "1.1.0";
+
+  src = fetchFromGitHub {
+    owner = pname;
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "1jb2x0ybcb9zkqm7flpmr0hd3171xvnn6kxmfcgds4x8l9fbmxnr";
+  };
+
+  vendorSha256 = "0sjjj9z1dhilhpc8pq4154czrb79z9cm044jvn75kxcjv6v5l2m5";
+
+  # tests don't pass due to an issue with the memory addresses
+  # https://github.com/ffuf/ffuf/issues/367
+  doCheck = false;
+
+  meta = with stdenv.lib; {
+    description = "Fast web fuzzer written in Go";
+    longDescription = ''
+      FFUF, or “Fuzz Faster you Fool” is an open source web fuzzing tool,
+      intended for discovering elements and content within web applications
+      or web servers.
+    '';
+    homepage = "https://github.com/ffuf/ffuf";
+    license = licenses.mit;
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/tools/security/gau/default.nix b/pkgs/tools/security/gau/default.nix
new file mode 100644
index 00000000000..cfbae951526
--- /dev/null
+++ b/pkgs/tools/security/gau/default.nix
@@ -0,0 +1,29 @@
+{ buildGoModule
+, fetchFromGitHub
+, stdenv
+}:
+
+buildGoModule rec {
+  pname = "gau";
+  version = "1.1.0";
+
+  src = fetchFromGitHub {
+    owner = "lc";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "1srbql603vvlxc6p1ibw0982icdq9kcr1iamxlr8bmgldbm8215w";
+  };
+
+  vendorSha256 = "17ag2wvaxv2dyx3yx3fvlf36ww4a44660pn4gvpbrwacsan9as5s";
+
+  meta = with stdenv.lib; {
+    description = "Tool to fetch known URLs";
+    longDescription = ''
+      getallurls (gau) fetches known URLs from various sources for any
+      given domain.
+    '';
+    homepage = "https://github.com/lc/gau";
+    license = licenses.mit;
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/tools/security/gospider/default.nix b/pkgs/tools/security/gospider/default.nix
new file mode 100644
index 00000000000..7211c65d536
--- /dev/null
+++ b/pkgs/tools/security/gospider/default.nix
@@ -0,0 +1,33 @@
+{ buildGoModule
+, fetchFromGitHub
+, stdenv
+}:
+
+buildGoModule rec {
+  pname = "gospider";
+  version = "1.1.4";
+
+  src = fetchFromGitHub {
+    owner = "jaeles-project";
+    repo = pname;
+    rev = "${version}";
+    sha256 = "03gl8y2047iwa6bhmayyds3li21wy3sw1x4hpp9zgqgi95039q86";
+  };
+
+  vendorSha256 = "0dc4ddi26i38c5rvy9zbal27a7qvn17h64w1yhbig4iyb79b18ym";
+
+  # tests require internet access and API keys
+  doCheck = false;
+
+  meta = with stdenv.lib; {
+    description = "Fast web spider written in Go";
+    longDescription = ''
+      GoSpider is a fast web crawler that parses sitemap.xml and robots.txt file.
+      It can generate and verify link from JavaScript files, extract URLs from
+      various sources and can detect subdomains from the response source.
+    '';
+    homepage = "https://github.com/jaeles-project/gospider";
+    license = licenses.mit;
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/tools/security/httpx/default.nix b/pkgs/tools/security/httpx/default.nix
new file mode 100644
index 00000000000..c7d83075e9d
--- /dev/null
+++ b/pkgs/tools/security/httpx/default.nix
@@ -0,0 +1,30 @@
+{ buildGoModule
+, fetchFromGitHub
+, stdenv
+}:
+
+buildGoModule rec {
+  pname = "httpx";
+  version = "1.0.3";
+
+  src = fetchFromGitHub {
+    owner = "projectdiscovery";
+    repo = "httpx";
+    rev = "v${version}";
+    sha256 = "15ihc5926kbai16i59c7bmvgd162qq9dpd52g4vrp7dq4jrz155m";
+  };
+
+  vendorSha256 = "0fg93vhwpx113fpw8qg4ram4bdh6a8x3a36pr1c962s4vhrabwy2";
+
+  meta = with stdenv.lib; {
+    description = "Fast and multi-purpose HTTP toolkit";
+    longDescription = ''
+      httpx is a fast and multi-purpose HTTP toolkit allow to run multiple
+      probers using retryablehttp library, it is designed to maintain the
+      result reliability with increased threads.
+    '';
+    homepage = "https://github.com/projectdiscovery/httpx";
+    license = licenses.mit;
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/tools/security/naabu/default.nix b/pkgs/tools/security/naabu/default.nix
new file mode 100644
index 00000000000..a2295d87fec
--- /dev/null
+++ b/pkgs/tools/security/naabu/default.nix
@@ -0,0 +1,38 @@
+{ buildGoModule
+, fetchFromGitHub
+, lib
+, libpcap
+}:
+
+buildGoModule rec {
+  pname = "naabu";
+  version = "2.0.3";
+
+  src = fetchFromGitHub {
+    owner = "projectdiscovery";
+    repo = "naabu";
+    rev = "v${version}";
+    sha256 = "05iybf7q3y0piyw202yzld89fiz2dv2pmnpm1pd905phk5a23n1x";
+  };
+
+  vendorSha256 = "111qvkqdcdgir3dz267xckzlnfx72flnyi7ki7fa6ml7mkfyf70y";
+
+  buildInputs = [ libpcap ];
+
+  preBuild = ''
+    mv v2/* .
+  '';
+
+  meta = with lib; {
+    description = "Fast SYN/CONNECT port scanner";
+    longDescription = ''
+      Naabu is a port scanning tool written in Go that allows you to enumerate
+      valid ports for hosts in a fast and reliable manner. It is a really simple
+      tool that does fast SYN/CONNECT scans on the host/list of hosts and lists
+      all ports that return a reply.
+    '';
+    homepage = "https://github.com/projectdiscovery/naabu";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/tools/security/neopg/default.nix b/pkgs/tools/security/neopg/default.nix
index 4f4f660e20f..8c0d31853ff 100644
--- a/pkgs/tools/security/neopg/default.nix
+++ b/pkgs/tools/security/neopg/default.nix
@@ -44,5 +44,6 @@ stdenv.mkDerivation rec {
     '';
     maintainers = with maintainers; [ erictapen ];
     platforms = platforms.linux;
+    broken = true; # fails to build with recent versions of botan. https://github.com/das-labor/neopg/issues/98
   };
 }
diff --git a/pkgs/tools/security/nuclei/default.nix b/pkgs/tools/security/nuclei/default.nix
new file mode 100644
index 00000000000..22013352a38
--- /dev/null
+++ b/pkgs/tools/security/nuclei/default.nix
@@ -0,0 +1,36 @@
+{ buildGoModule
+, fetchFromGitHub
+, stdenv
+}:
+
+buildGoModule rec {
+  pname = "nuclei";
+  version = "2.2.0";
+
+  src = fetchFromGitHub {
+    owner = "projectdiscovery";
+    repo = "nuclei";
+    rev = "v${version}";
+    sha256 = "0xrvza86aczlnb11x58fiqch5g0q6gvpxwsi5dq3akfi95gk3a3x";
+  };
+
+  vendorSha256 = "1v3ax8l1lgp2vs50gsa2fhdd6bvyfdlkd118akrqmwxahyyyqycv";
+
+  preBuild = ''
+    mv v2/* .
+  '';
+
+  meta = with stdenv.lib; {
+    description = "Tool for configurable targeted scanning";
+    longDescription = ''
+      Nuclei is used to send requests across targets based on a template
+      leading to zero false positives and providing effective scanning
+      for known paths. Main use cases for nuclei are during initial
+      reconnaissance phase to quickly check for low hanging fruits or
+      CVEs across targets that are known and easily detectable.
+    '';
+    homepage = "https://github.com/projectdiscovery/nuclei";
+    license = licenses.mit;
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/tools/security/onlykey-cli/default.nix b/pkgs/tools/security/onlykey-cli/default.nix
new file mode 100644
index 00000000000..b342f203b44
--- /dev/null
+++ b/pkgs/tools/security/onlykey-cli/default.nix
@@ -0,0 +1,24 @@
+{ lib, python3Packages }:
+
+python3Packages.buildPythonApplication rec {
+  pname = "onlykey-cli";
+  version = "1.2.2";
+
+  src = python3Packages.fetchPypi {
+    inherit version;
+    pname = "onlykey";
+    sha256 = "1qkbgab5xlg7bd0jfzf8k5ppb1zhib76r050fiaqi5wibrqrfwdi";
+  };
+
+  # Requires having the physical onlykey (a usb security key)
+  doCheck = false;
+  propagatedBuildInputs =
+    with python3Packages; [ hidapi aenum six prompt_toolkit pynacl ecdsa cython ];
+
+  meta = with lib; {
+    description = "OnlyKey client and command-line tool";
+    homepage = "https://github.com/trustcrypto/python-onlykey";
+    license = licenses.mit;
+    maintainers = with maintainers; [ ranfdev ];
+  };
+}
diff --git a/pkgs/tools/security/rbw/default.nix b/pkgs/tools/security/rbw/default.nix
index e8c4b1f541b..bd5e8866374 100644
--- a/pkgs/tools/security/rbw/default.nix
+++ b/pkgs/tools/security/rbw/default.nix
@@ -20,15 +20,15 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "rbw";
-  version = "0.5.0";
+  version = "0.5.2";
 
   src = fetchCrate {
     inherit version;
     crateName = pname;
-    sha256 = "0p37kwkp153mkns4bh7k7gnksk6c31214wlw3faf42daav32mmgw";
+    sha256 = "1mxl71yz2iy5s6pbp33cwkfzzilkla4qqiskd6jsd5fdlrrwlxqm";
   };
 
-  cargoSha256 = "1vkgh0995xx0hr96mnzmdgd15gs6da7ynywqcjgcw5kr48bf1063";
+  cargoSha256 = "19gznam64s17kha3accgjks5rmd9kpqqgxg3dfrk7fg5v4431007";
 
   nativeBuildInputs = [
     pkgconfig
@@ -72,6 +72,7 @@ rustPlatform.buildRustPackage rec {
   meta = with lib; {
     description = "Unofficial command line client for Bitwarden";
     homepage = "https://crates.io/crates/rbw";
+    changelog = "https://git.tozt.net/rbw/plain/CHANGELOG.md?id=${version}";
     license = licenses.mit;
     maintainers = with maintainers; [ albakham luc65r marsam ];
   };
diff --git a/pkgs/tools/security/step-ca/default.nix b/pkgs/tools/security/step-ca/default.nix
index e5574be8ab9..f3c9990a3c7 100644
--- a/pkgs/tools/security/step-ca/default.nix
+++ b/pkgs/tools/security/step-ca/default.nix
@@ -1,19 +1,35 @@
-{ lib, buildGoPackage, fetchFromGitHub }:
+{ stdenv
+, lib
+, fetchFromGitHub
+, buildGoModule
+, pcsclite
+, PCSC
+, pkg-config
+}:
 
-buildGoPackage rec {
+buildGoModule rec {
   pname = "step-ca";
-  version = "0.13.3";
-
-  goPackagePath = "github.com/smallstep/certificates";
+  version = "0.15.6";
 
   src = fetchFromGitHub {
     owner = "smallstep";
     repo = "certificates";
     rev = "v${version}";
-    sha256 = "1i42j7v5a5qqqb9ng8irblfyzykhyws0394q3zac290ymjijxbnq";
+    sha256 = "0n26692ph4q4cmrqammfazmx1k9p2bydwqc57q4hz5ni6jd31zbz";
   };
 
-  goDeps = ./deps.nix;
+  vendorSha256 = "0w0phyqymcg2h2jjasxmkf4ryn4y1bqahcy94rs738cqr5ifyfbg";
+
+  nativeBuildInputs = [ pkg-config ];
+
+  buildInputs =
+    lib.optional stdenv.isLinux (lib.getDev pcsclite)
+    ++ lib.optional stdenv.isDarwin PCSC;
+
+  # Tests fail on darwin with
+  # panic: httptest: failed to listen on a port: listen tcp6 [::1]:0: bind: operation not permitted [recovered]
+  # probably some sandboxing issue
+  doCheck = stdenv.isLinux;
 
   meta = with lib; {
     description = "A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH";
diff --git a/pkgs/tools/security/step-ca/deps.nix b/pkgs/tools/security/step-ca/deps.nix
deleted file mode 100644
index 07607b6f65d..00000000000
--- a/pkgs/tools/security/step-ca/deps.nix
+++ /dev/null
@@ -1,291 +0,0 @@
-# file generated from Gopkg.lock using dep2nix (https://github.com/nixcloud/dep2nix)
-[
-  {
-    goPackagePath  = "github.com/AndreasBriese/bbloom";
-    fetch = {
-      type = "git";
-      url = "https://github.com/AndreasBriese/bbloom";
-      rev =  "e2d15f34fcf99d5dbb871c820ec73f710fca9815";
-      sha256 = "05kkrsmpragy69bj6s80pxlm3pbwxrkkx7wgk0xigs6y2n6ylpds";
-    };
-  }
-  {
-    goPackagePath  = "github.com/chzyer/readline";
-    fetch = {
-      type = "git";
-      url = "https://github.com/chzyer/readline";
-      rev =  "2972be24d48e78746da79ba8e24e8b488c9880de";
-      sha256 = "104q8dazj8yf6b089jjr82fy9h1g80zyyzvp3g8b44a7d8ngjj6r";
-    };
-  }
-  {
-    goPackagePath  = "github.com/dgraph-io/badger";
-    fetch = {
-      type = "git";
-      url = "https://github.com/dgraph-io/badger";
-      rev =  "391b6d3b93e6014fe8c2971fcc0c1266e47dbbd9";
-      sha256 = "13zyd6irxagwfv4azgmpk2qg8f80plhxrcjl8x89jzsjkl0a0pkx";
-    };
-  }
-  {
-    goPackagePath  = "github.com/dgryski/go-farm";
-    fetch = {
-      type = "git";
-      url = "https://github.com/dgryski/go-farm";
-      rev =  "6a90982ecee230ff6cba02d5bd386acc030be9d3";
-      sha256 = "1x3l4jgps0v1bjvd446kj4dp0ckswjckxgrng9afm275ixnf83ix";
-    };
-  }
-  {
-    goPackagePath  = "github.com/go-chi/chi";
-    fetch = {
-      type = "git";
-      url = "https://github.com/go-chi/chi";
-      rev =  "0ebf7795c516423a110473652e9ba3a59a504863";
-      sha256 = "18hwj6vni19ykp3bsmg9ggnl6y2hawym0vbsigdgx8craqbp7jb1";
-    };
-  }
-  {
-    goPackagePath  = "github.com/go-sql-driver/mysql";
-    fetch = {
-      type = "git";
-      url = "https://github.com/go-sql-driver/mysql";
-      rev =  "72cd26f257d44c1114970e19afddcd812016007e";
-      sha256 = "1fvsvwc1v2i0gqn01mynvi1shp5xm0xaym6xng09fcbqb56lbjx1";
-    };
-  }
-  {
-    goPackagePath  = "github.com/golang/protobuf";
-    fetch = {
-      type = "git";
-      url = "https://github.com/golang/protobuf";
-      rev =  "aa810b61a9c79d51363740d207bb46cf8e620ed5";
-      sha256 = "0kf4b59rcbb1cchfny2dm9jyznp8ri2hsb14n8iak1q8986xa0ab";
-    };
-  }
-  {
-    goPackagePath  = "github.com/juju/ansiterm";
-    fetch = {
-      type = "git";
-      url = "https://github.com/juju/ansiterm";
-      rev =  "720a0952cc2ac777afc295d9861263e2a4cf96a1";
-      sha256 = "0n6j0y7xhashp8gdkdl0r7vlbkdrkymrzxn9hxrx522k2isggs7h";
-    };
-  }
-  {
-    goPackagePath  = "github.com/konsorten/go-windows-terminal-sequences";
-    fetch = {
-      type = "git";
-      url = "https://github.com/konsorten/go-windows-terminal-sequences";
-      rev =  "5c8c8bd35d3832f5d134ae1e1e375b69a4d25242";
-      sha256 = "1lchgf27n276vma6iyxa0v1xds68n2g8lih5lavqnx5x6q5pw2ip";
-    };
-  }
-  {
-    goPackagePath  = "github.com/lunixbochs/vtclean";
-    fetch = {
-      type = "git";
-      url = "https://github.com/lunixbochs/vtclean";
-      rev =  "2d01aacdc34a083dca635ba869909f5fc0cd4f41";
-      sha256 = "1ss88dyx5hr4imvpg5lixvp0cf7c2qm4x9m8mdgshjpm92g5rqmf";
-    };
-  }
-  {
-    goPackagePath  = "github.com/manifoldco/promptui";
-    fetch = {
-      type = "git";
-      url = "https://github.com/manifoldco/promptui";
-      rev =  "157c96fb638a14d268b305cf2012582431fcc410";
-      sha256 = "0zha48i5f529q4j1qycybdzza4l9706hijiqws36ikd5jzg8i7wz";
-    };
-  }
-  {
-    goPackagePath  = "github.com/mattn/go-colorable";
-    fetch = {
-      type = "git";
-      url = "https://github.com/mattn/go-colorable";
-      rev =  "167de6bfdfba052fa6b2d3664c8f5272e23c9072";
-      sha256 = "1nwjmsppsjicr7anq8na6md7b1z84l9ppnlr045hhxjvbkqwalvx";
-    };
-  }
-  {
-    goPackagePath  = "github.com/mattn/go-isatty";
-    fetch = {
-      type = "git";
-      url = "https://github.com/mattn/go-isatty";
-      rev =  "6ca4dbf54d38eea1a992b3c722a76a5d1c4cb25c";
-      sha256 = "0zs92j2cqaw9j8qx1sdxpv3ap0rgbs0vrvi72m40mg8aa36gd39w";
-    };
-  }
-  {
-    goPackagePath  = "github.com/mmcloughlin/avo";
-    fetch = {
-      type = "git";
-      url = "https://github.com/mmcloughlin/avo";
-      rev =  "2e7d06bc7ada2979f17ccf8ebf486dba23b84fc7";
-      sha256 = "0fna1hhg193zy428lkj24a8853g3qviqs2c9xi96mji6ldprna5d";
-    };
-  }
-  {
-    goPackagePath  = "github.com/newrelic/go-agent";
-    fetch = {
-      type = "git";
-      url = "https://github.com/newrelic/go-agent";
-      rev =  "f5bce3387232559bcbe6a5f8227c4bf508dac1ba";
-      sha256 = "1zbp1cqhxp0sz3faymam6h1f91r1gl8dnnjx7qg8r06bd5fbzllb";
-    };
-  }
-  {
-    goPackagePath  = "github.com/pkg/errors";
-    fetch = {
-      type = "git";
-      url = "https://github.com/pkg/errors";
-      rev =  "ba968bfe8b2f7e042a574c888954fccecfa385b4";
-      sha256 = "0g5qcb4d4fd96midz0zdk8b9kz8xkzwfa8kr1cliqbg8sxsy5vd1";
-    };
-  }
-  {
-    goPackagePath  = "github.com/rs/xid";
-    fetch = {
-      type = "git";
-      url = "https://github.com/rs/xid";
-      rev =  "15d26544def341f036c5f8dca987a4cbe575032c";
-      sha256 = "1vgw1dikqw273awcci6pzifs7shkl5ah4l88j1zjbnpgbiwzlx9j";
-    };
-  }
-  {
-    goPackagePath  = "github.com/samfoo/ansi";
-    fetch = {
-      type = "git";
-      url = "https://github.com/samfoo/ansi";
-      rev =  "b6bd2ded7189ce35bc02233b554eb56a5146af73";
-      sha256 = "0sw2d7c6l2ry34x0n4j37ydr8s7hxnax76yh6n35gb2g6f1h46sz";
-    };
-  }
-  {
-    goPackagePath  = "github.com/shurcooL/sanitized_anchor_name";
-    fetch = {
-      type = "git";
-      url = "https://github.com/shurcooL/sanitized_anchor_name";
-      rev =  "86672fcb3f950f35f2e675df2240550f2a50762f";
-      sha256 = "142m507s9971cl8qdmbcw7sqxnkgi3xqd8wzvfq15p0w7w8i4a3h";
-    };
-  }
-  {
-    goPackagePath  = "github.com/sirupsen/logrus";
-    fetch = {
-      type = "git";
-      url = "https://github.com/sirupsen/logrus";
-      rev =  "ad15b42461921f1fb3529b058c6786c6a45d5162";
-      sha256 = "02xdfcp4f6dqvpavwf1vvr794qgz2fx8929paam7wnvcxy7ib606";
-    };
-  }
-  {
-    goPackagePath  = "github.com/smallstep/assert";
-    fetch = {
-      type = "git";
-      url = "https://github.com/smallstep/assert";
-      rev =  "de77670473b5492f5d0bce155b5c01534c2d13f7";
-      sha256 = "15z2b4qyylnwgq2pzlaxsdabqxh8dbna4ddprk9rzmsvnfkpds16";
-    };
-  }
-  {
-    goPackagePath  = "github.com/smallstep/cli";
-    fetch = {
-      type = "git";
-      url = "https://github.com/smallstep/cli";
-      rev =  "eeecaac062cb548ee2ab7c7563bc3c2f2160f019";
-      sha256 = "1khhd1vgwqb08vki1nh0k4i2yk6jjdqmnq4f8anqn125zsj7hvdk";
-    };
-  }
-  {
-    goPackagePath  = "github.com/smallstep/nosql";
-    fetch = {
-      type = "git";
-      url = "https://github.com/smallstep/nosql";
-      rev =  "f80b3f432de0662f07ebd58fe52b0a119fe5dcd9";
-      sha256 = "155blxdgaprl1py5g8p52gipp0ckz3k6v41hgsp83nay01yynafb";
-    };
-  }
-  {
-    goPackagePath  = "github.com/urfave/cli";
-    fetch = {
-      type = "git";
-      url = "https://github.com/urfave/cli";
-      rev =  "b67dcf995b6a7b7f14fad5fcb7cc5441b05e814b";
-      sha256 = "0n5vq4nydlhb7w12jiwphvxqdy4jwpxc3zwlxyhf05lq1nxfb56h";
-    };
-  }
-  {
-    goPackagePath  = "go.etcd.io/bbolt";
-    fetch = {
-      type = "git";
-      url = "https://github.com/etcd-io/bbolt";
-      rev =  "63597a96ec0ad9e6d43c3fc81e809909e0237461";
-      sha256 = "13d5l6p6c5wvkr6vn9hkhz9c593qifn7fgx0hg4d6jcvg1y0bnm2";
-    };
-  }
-  {
-    goPackagePath  = "golang.org/x/crypto";
-    fetch = {
-      type = "git";
-      url = "https://go.googlesource.com/crypto";
-      rev =  "4d3f4d9ffa16a13f451c3b2999e9c49e9750bf06";
-      sha256 = "0sbsgjm6wqa162ssrf1gnpv62ak5wjn1bn8v7sxwwfg8a93z1028";
-    };
-  }
-  {
-    goPackagePath  = "golang.org/x/net";
-    fetch = {
-      type = "git";
-      url = "https://go.googlesource.com/net";
-      rev =  "c44066c5c816ec500d459a2a324a753f78531ae0";
-      sha256 = "0mgww74bl15d0jvsh4f3qr1ckjzb8icb8hn0mgs5ppa0b2fgpc4f";
-    };
-  }
-  {
-    goPackagePath  = "golang.org/x/sys";
-    fetch = {
-      type = "git";
-      url = "https://go.googlesource.com/sys";
-      rev =  "9b800f95dbbc54abff0acf7ee32d88ba4e328c89";
-      sha256 = "07v3l7q7y59cwvw0mc85i39v7qjcc1jh4svwi789rmrqqm5nq7q6";
-    };
-  }
-  {
-    goPackagePath  = "golang.org/x/text";
-    fetch = {
-      type = "git";
-      url = "https://go.googlesource.com/text";
-      rev =  "f21a4dfb5e38f5895301dc265a8def02365cc3d0";
-      sha256 = "0r6x6zjzhr8ksqlpiwm5gdd7s209kwk5p4lw54xjvz10cs3qlq19";
-    };
-  }
-  {
-    goPackagePath  = "golang.org/x/tools";
-    fetch = {
-      type = "git";
-      url = "https://go.googlesource.com/tools";
-      rev =  "3a10b9bf0a52df7e992a8c3eb712a86d3c896c75";
-      sha256 = "19f3dijcc54jnd7458jab2dgpd0gzccmv2qympd9wi8cc8jpnhws";
-    };
-  }
-  {
-    goPackagePath  = "google.golang.org/appengine";
-    fetch = {
-      type = "git";
-      url = "https://github.com/golang/appengine";
-      rev =  "54a98f90d1c46b7731eb8fb305d2a321c30ef610";
-      sha256 = "0l7mkdnwhidv8m686x432vmx8z5nqcrr9f46ddgvrxbh4wvyfcll";
-    };
-  }
-  {
-    goPackagePath  = "gopkg.in/square/go-jose.v2";
-    fetch = {
-      type = "git";
-      url = "https://github.com/square/go-jose";
-      rev =  "730df5f748271903322feb182be83b43ebbbe27d";
-      sha256 = "11r93g9xrcjqj7qvq8sbd5hy5rnbpmim0vdsp6rbav8gl7wimaa3";
-    };
-  }
-]
\ No newline at end of file
diff --git a/pkgs/tools/security/step-cli/default.nix b/pkgs/tools/security/step-cli/default.nix
index d696b560f6d..2b6ec57bbf2 100644
--- a/pkgs/tools/security/step-cli/default.nix
+++ b/pkgs/tools/security/step-cli/default.nix
@@ -1,19 +1,26 @@
-{ lib, buildGoPackage, fetchFromGitHub }:
+{ lib
+, buildGoModule
+, fetchFromGitHub
+, fetchpatch
+}:
 
-buildGoPackage rec {
+buildGoModule rec {
   pname = "step-cli";
-  version = "0.13.3";
-
-  goPackagePath = "github.com/smallstep/cli";
+  version = "0.15.3-22-g3ddc5aa";
 
+  # 0.15.3 isn't enough, because we need https://github.com/smallstep/cli/pull/394
   src = fetchFromGitHub {
     owner = "smallstep";
     repo = "cli";
-    rev = "v${version}";
-    sha256 = "0b5hk9a8yq1nyh8m1gmf28yiha95xwsc4dk321g84hvai7g47pbr";
+    rev = "3ddc5aaafccb23ba9a20abfa70109a2923f298e3";
+    sha256 = "1kd04hi764xa3f9p6aw6k9f6wa4y6xsmzby5jxvvkhim4w78brw0";
   };
 
-  goDeps = ./deps.nix;
+  preCheck = ''
+    # Tries to connect to smallstep.com
+    rm command/certificate/remote_test.go
+  '';
+  vendorSha256 = "04hckq78g1p04b2q0rq4xw6d880hqhkabbx1pc3pf8r1m6jxwz10";
 
   meta = with lib; {
     description = "A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc";
diff --git a/pkgs/tools/security/step-cli/deps.nix b/pkgs/tools/security/step-cli/deps.nix
deleted file mode 100644
index bae1ba070a6..00000000000
--- a/pkgs/tools/security/step-cli/deps.nix
+++ /dev/null
@@ -1,453 +0,0 @@
-# file generated from Gopkg.lock using dep2nix (https://github.com/nixcloud/dep2nix)
-[
-  {
-    goPackagePath  = "github.com/AndreasBriese/bbloom";
-    fetch = {
-      type = "git";
-      url = "https://github.com/AndreasBriese/bbloom";
-      rev =  "e2d15f34fcf99d5dbb871c820ec73f710fca9815";
-      sha256 = "05kkrsmpragy69bj6s80pxlm3pbwxrkkx7wgk0xigs6y2n6ylpds";
-    };
-  }
-  {
-    goPackagePath  = "github.com/ThomasRooney/gexpect";
-    fetch = {
-      type = "git";
-      url = "https://github.com/ThomasRooney/gexpect";
-      rev =  "5482f03509440585d13d8f648989e05903001842";
-      sha256 = "04zan78ndabxlwsw2hdcqbz32435pw2s04ljza07jlxnxzjp4kws";
-    };
-  }
-  {
-    goPackagePath  = "github.com/asaskevich/govalidator";
-    fetch = {
-      type = "git";
-      url = "https://github.com/asaskevich/govalidator";
-      rev =  "ccb8e960c48f04d6935e72476ae4a51028f9e22f";
-      sha256 = "1sih4yb6fqmdp5g6594yyida0qm7dvvqcfvf8pgikydkxyqb8g0k";
-    };
-  }
-  {
-    goPackagePath  = "github.com/boombuler/barcode";
-    fetch = {
-      type = "git";
-      url = "https://github.com/boombuler/barcode";
-      rev =  "3cfea5ab600ae37946be2b763b8ec2c1cf2d272d";
-      sha256 = "1fzb8wz1ny2sc78g9rm0bcm80pgwvkm2k6lmim2sb4jgm1j3sajd";
-    };
-  }
-  {
-    goPackagePath  = "github.com/chzyer/readline";
-    fetch = {
-      type = "git";
-      url = "https://github.com/chzyer/readline";
-      rev =  "2972be24d48e78746da79ba8e24e8b488c9880de";
-      sha256 = "104q8dazj8yf6b089jjr82fy9h1g80zyyzvp3g8b44a7d8ngjj6r";
-    };
-  }
-  {
-    goPackagePath  = "github.com/corpix/uarand";
-    fetch = {
-      type = "git";
-      url = "https://github.com/corpix/uarand";
-      rev =  "2b8494104d86337cdd41d0a49cbed8e4583c0ab4";
-      sha256 = "06ml5m8l9wbr96gvyg6z1syawn797f8kmq74nhgry3vqpngyb6yn";
-    };
-  }
-  {
-    goPackagePath  = "github.com/davecgh/go-spew";
-    fetch = {
-      type = "git";
-      url = "https://github.com/davecgh/go-spew";
-      rev =  "8991bc29aa16c548c550c7ff78260e27b9ab7c73";
-      sha256 = "0hka6hmyvp701adzag2g26cxdj47g21x6jz4sc6jjz1mn59d474y";
-    };
-  }
-  {
-    goPackagePath  = "github.com/dgraph-io/badger";
-    fetch = {
-      type = "git";
-      url = "https://github.com/dgraph-io/badger";
-      rev =  "391b6d3b93e6014fe8c2971fcc0c1266e47dbbd9";
-      sha256 = "13zyd6irxagwfv4azgmpk2qg8f80plhxrcjl8x89jzsjkl0a0pkx";
-    };
-  }
-  {
-    goPackagePath  = "github.com/dgryski/go-farm";
-    fetch = {
-      type = "git";
-      url = "https://github.com/dgryski/go-farm";
-      rev =  "6a90982ecee230ff6cba02d5bd386acc030be9d3";
-      sha256 = "1x3l4jgps0v1bjvd446kj4dp0ckswjckxgrng9afm275ixnf83ix";
-    };
-  }
-  {
-    goPackagePath  = "github.com/go-chi/chi";
-    fetch = {
-      type = "git";
-      url = "https://github.com/go-chi/chi";
-      rev =  "0ebf7795c516423a110473652e9ba3a59a504863";
-      sha256 = "18hwj6vni19ykp3bsmg9ggnl6y2hawym0vbsigdgx8craqbp7jb1";
-    };
-  }
-  {
-    goPackagePath  = "github.com/go-sql-driver/mysql";
-    fetch = {
-      type = "git";
-      url = "https://github.com/go-sql-driver/mysql";
-      rev =  "72cd26f257d44c1114970e19afddcd812016007e";
-      sha256 = "1fvsvwc1v2i0gqn01mynvi1shp5xm0xaym6xng09fcbqb56lbjx1";
-    };
-  }
-  {
-    goPackagePath  = "github.com/golang/protobuf";
-    fetch = {
-      type = "git";
-      url = "https://github.com/golang/protobuf";
-      rev =  "b5d812f8a3706043e23a9cd5babf2e5423744d30";
-      sha256 = "15am4s4646qy6iv0g3kkqq52rzykqjhm4bf08dk0fy2r58knpsyl";
-    };
-  }
-  {
-    goPackagePath  = "github.com/google/certificate-transparency-go";
-    fetch = {
-      type = "git";
-      url = "https://github.com/google/certificate-transparency-go";
-      rev =  "3629d6846518309d22c16fee15d1007262a459d2";
-      sha256 = "16vsq7dd2kbbk3vwlrhm3jrlg5kq16wf4iz6d1gnyc32s5fcy9d7";
-    };
-  }
-  {
-    goPackagePath  = "github.com/icrowley/fake";
-    fetch = {
-      type = "git";
-      url = "https://github.com/icrowley/fake";
-      rev =  "4178557ae428460c3780a381c824a1f3aceb6325";
-      sha256 = "1mv4bxfphaqbvacy49v4lf4gf2nmadzpmjq0jbdx93wi5bnkc977";
-    };
-  }
-  {
-    goPackagePath  = "github.com/juju/ansiterm";
-    fetch = {
-      type = "git";
-      url = "https://github.com/juju/ansiterm";
-      rev =  "720a0952cc2ac777afc295d9861263e2a4cf96a1";
-      sha256 = "0n6j0y7xhashp8gdkdl0r7vlbkdrkymrzxn9hxrx522k2isggs7h";
-    };
-  }
-  {
-    goPackagePath  = "github.com/kballard/go-shellquote";
-    fetch = {
-      type = "git";
-      url = "https://github.com/kballard/go-shellquote";
-      rev =  "95032a82bc518f77982ea72343cc1ade730072f0";
-      sha256 = "1rspvmnsikdq95jmx3dykxd4k1rmgl98ryjrysvl0cf18hl1vq80";
-    };
-  }
-  {
-    goPackagePath  = "github.com/konsorten/go-windows-terminal-sequences";
-    fetch = {
-      type = "git";
-      url = "https://github.com/konsorten/go-windows-terminal-sequences";
-      rev =  "5c8c8bd35d3832f5d134ae1e1e375b69a4d25242";
-      sha256 = "1lchgf27n276vma6iyxa0v1xds68n2g8lih5lavqnx5x6q5pw2ip";
-    };
-  }
-  {
-    goPackagePath  = "github.com/kr/pty";
-    fetch = {
-      type = "git";
-      url = "https://github.com/kr/pty";
-      rev =  "db8e3cd836b82e82e0a9c8edc6896967dd31374f";
-      sha256 = "0knzlvndfgjm2k23vhp2xj1cv3fm31vbg5b20gdl1vnxk7rh549h";
-    };
-  }
-  {
-    goPackagePath  = "github.com/lunixbochs/vtclean";
-    fetch = {
-      type = "git";
-      url = "https://github.com/lunixbochs/vtclean";
-      rev =  "2d01aacdc34a083dca635ba869909f5fc0cd4f41";
-      sha256 = "1ss88dyx5hr4imvpg5lixvp0cf7c2qm4x9m8mdgshjpm92g5rqmf";
-    };
-  }
-  {
-    goPackagePath  = "github.com/manifoldco/promptui";
-    fetch = {
-      type = "git";
-      url = "https://github.com/manifoldco/promptui";
-      rev =  "157c96fb638a14d268b305cf2012582431fcc410";
-      sha256 = "0zha48i5f529q4j1qycybdzza4l9706hijiqws36ikd5jzg8i7wz";
-    };
-  }
-  {
-    goPackagePath  = "github.com/mattn/go-colorable";
-    fetch = {
-      type = "git";
-      url = "https://github.com/mattn/go-colorable";
-      rev =  "167de6bfdfba052fa6b2d3664c8f5272e23c9072";
-      sha256 = "1nwjmsppsjicr7anq8na6md7b1z84l9ppnlr045hhxjvbkqwalvx";
-    };
-  }
-  {
-    goPackagePath  = "github.com/mattn/go-isatty";
-    fetch = {
-      type = "git";
-      url = "https://github.com/mattn/go-isatty";
-      rev =  "6ca4dbf54d38eea1a992b3c722a76a5d1c4cb25c";
-      sha256 = "0zs92j2cqaw9j8qx1sdxpv3ap0rgbs0vrvi72m40mg8aa36gd39w";
-    };
-  }
-  {
-    goPackagePath  = "github.com/mmcloughlin/avo";
-    fetch = {
-      type = "git";
-      url = "https://github.com/mmcloughlin/avo";
-      rev =  "2e7d06bc7ada2979f17ccf8ebf486dba23b84fc7";
-      sha256 = "0fna1hhg193zy428lkj24a8853g3qviqs2c9xi96mji6ldprna5d";
-    };
-  }
-  {
-    goPackagePath  = "github.com/newrelic/go-agent";
-    fetch = {
-      type = "git";
-      url = "https://github.com/newrelic/go-agent";
-      rev =  "f5bce3387232559bcbe6a5f8227c4bf508dac1ba";
-      sha256 = "1zbp1cqhxp0sz3faymam6h1f91r1gl8dnnjx7qg8r06bd5fbzllb";
-    };
-  }
-  {
-    goPackagePath  = "github.com/pkg/errors";
-    fetch = {
-      type = "git";
-      url = "https://github.com/pkg/errors";
-      rev =  "ba968bfe8b2f7e042a574c888954fccecfa385b4";
-      sha256 = "0g5qcb4d4fd96midz0zdk8b9kz8xkzwfa8kr1cliqbg8sxsy5vd1";
-    };
-  }
-  {
-    goPackagePath  = "github.com/pmezard/go-difflib";
-    fetch = {
-      type = "git";
-      url = "https://github.com/pmezard/go-difflib";
-      rev =  "792786c7400a136282c1664665ae0a8db921c6c2";
-      sha256 = "0c1cn55m4rypmscgf0rrb88pn58j3ysvc2d0432dp3c6fqg6cnzw";
-    };
-  }
-  {
-    goPackagePath  = "github.com/pquerna/otp";
-    fetch = {
-      type = "git";
-      url = "https://github.com/pquerna/otp";
-      rev =  "b7b89250c468c06871d3837bee02e2d5c155ae19";
-      sha256 = "0gsl9rh8awira21z6cj26c6swasskx03z66q72yjc1mpbvyg6han";
-    };
-  }
-  {
-    goPackagePath  = "github.com/rs/xid";
-    fetch = {
-      type = "git";
-      url = "https://github.com/rs/xid";
-      rev =  "15d26544def341f036c5f8dca987a4cbe575032c";
-      sha256 = "1vgw1dikqw273awcci6pzifs7shkl5ah4l88j1zjbnpgbiwzlx9j";
-    };
-  }
-  {
-    goPackagePath  = "github.com/samfoo/ansi";
-    fetch = {
-      type = "git";
-      url = "https://github.com/samfoo/ansi";
-      rev =  "b6bd2ded7189ce35bc02233b554eb56a5146af73";
-      sha256 = "0sw2d7c6l2ry34x0n4j37ydr8s7hxnax76yh6n35gb2g6f1h46sz";
-    };
-  }
-  {
-    goPackagePath  = "github.com/shurcooL/sanitized_anchor_name";
-    fetch = {
-      type = "git";
-      url = "https://github.com/shurcooL/sanitized_anchor_name";
-      rev =  "86672fcb3f950f35f2e675df2240550f2a50762f";
-      sha256 = "142m507s9971cl8qdmbcw7sqxnkgi3xqd8wzvfq15p0w7w8i4a3h";
-    };
-  }
-  {
-    goPackagePath  = "github.com/sirupsen/logrus";
-    fetch = {
-      type = "git";
-      url = "https://github.com/sirupsen/logrus";
-      rev =  "ad15b42461921f1fb3529b058c6786c6a45d5162";
-      sha256 = "02xdfcp4f6dqvpavwf1vvr794qgz2fx8929paam7wnvcxy7ib606";
-    };
-  }
-  {
-    goPackagePath  = "github.com/smallstep/assert";
-    fetch = {
-      type = "git";
-      url = "https://github.com/smallstep/assert";
-      rev =  "de77670473b5492f5d0bce155b5c01534c2d13f7";
-      sha256 = "15z2b4qyylnwgq2pzlaxsdabqxh8dbna4ddprk9rzmsvnfkpds16";
-    };
-  }
-  {
-    goPackagePath  = "github.com/smallstep/certificates";
-    fetch = {
-      type = "git";
-      url = "https://github.com/smallstep/certificates";
-      rev =  "effb490d276f33b8cdab661df8b57a8ded67e082";
-      sha256 = "1i76bbm4rbpv4cw2ln36v0x74jjkss6j8pdh49hfvb75j2n32790";
-    };
-  }
-  {
-    goPackagePath  = "github.com/smallstep/certinfo";
-    fetch = {
-      type = "git";
-      url = "https://github.com/smallstep/certinfo";
-      rev =  "78e21b44234ef6ddeb58f5e8aad2ed09975b694a";
-      sha256 = "0zrxql9173vzn7zirv4299j0vw2mzwknivrg8rzhdbkhvbfiql9q";
-    };
-  }
-  {
-    goPackagePath  = "github.com/smallstep/nosql";
-    fetch = {
-      type = "git";
-      url = "https://github.com/smallstep/nosql";
-      rev =  "a0934e12468769d8cbede3ed316c47a4b88de4ca";
-      sha256 = "08bg0sgrhkzflyl0ybi8v2vmk8bfk5pmcyfrizpxssyql7k27fam";
-    };
-  }
-  {
-    goPackagePath  = "github.com/smallstep/truststore";
-    fetch = {
-      type = "git";
-      url = "https://github.com/smallstep/truststore";
-      rev =  "e16045d94a61ca04b60d5d246da3117e7eeb1ecf";
-      sha256 = "15cv3dkn2npf6rwhkb575sdq089rf70rha8wrym4ygc8rjbgwbab";
-    };
-  }
-  {
-    goPackagePath  = "github.com/smallstep/zcrypto";
-    fetch = {
-      type = "git";
-      url = "https://github.com/smallstep/zcrypto";
-      rev =  "6bab21fcaafc3d150cf793b6d5f25fe32f49c80e";
-      sha256 = "129az7k556lmnhh14ayrwzrp1y205zdgwk3rj1xcmgisx5irliqp";
-    };
-  }
-  {
-    goPackagePath  = "github.com/smallstep/zlint";
-    fetch = {
-      type = "git";
-      url = "https://github.com/smallstep/zlint";
-      rev =  "d84eaafe274f9dc1f811ebfbb073e18c466e2a44";
-      sha256 = "1xm7b1wvbify20vk9f3kmgmi5mnj5x2z3czc0r4zylcqcwwjkfd6";
-    };
-  }
-  {
-    goPackagePath  = "github.com/stretchr/testify";
-    fetch = {
-      type = "git";
-      url = "https://github.com/stretchr/testify";
-      rev =  "f35b8ab0b5a2cef36673838d662e249dd9c94686";
-      sha256 = "0dlszlshlxbmmfxj5hlwgv3r22x0y1af45gn1vd198nvvs3pnvfs";
-    };
-  }
-  {
-    goPackagePath  = "github.com/urfave/cli";
-    fetch = {
-      type = "git";
-      url = "https://github.com/urfave/cli";
-      rev =  "b67dcf995b6a7b7f14fad5fcb7cc5441b05e814b";
-      sha256 = "0n5vq4nydlhb7w12jiwphvxqdy4jwpxc3zwlxyhf05lq1nxfb56h";
-    };
-  }
-  {
-    goPackagePath  = "github.com/weppos/publicsuffix-go";
-    fetch = {
-      type = "git";
-      url = "https://github.com/weppos/publicsuffix-go";
-      rev =  "386050f8211b04c965721c3591e7d96650a1ea86";
-      sha256 = "17nvc0m0azm418w4mcyk7r1qcik0099vjpn455ia0lxhbqbl701b";
-    };
-  }
-  {
-    goPackagePath  = "go.etcd.io/bbolt";
-    fetch = {
-      type = "git";
-      url = "https://github.com/etcd-io/bbolt";
-      rev =  "63597a96ec0ad9e6d43c3fc81e809909e0237461";
-      sha256 = "13d5l6p6c5wvkr6vn9hkhz9c593qifn7fgx0hg4d6jcvg1y0bnm2";
-    };
-  }
-  {
-    goPackagePath  = "golang.org/x/crypto";
-    fetch = {
-      type = "git";
-      url = "https://go.googlesource.com/crypto";
-      rev =  "4d3f4d9ffa16a13f451c3b2999e9c49e9750bf06";
-      sha256 = "0sbsgjm6wqa162ssrf1gnpv62ak5wjn1bn8v7sxwwfg8a93z1028";
-    };
-  }
-  {
-    goPackagePath  = "golang.org/x/net";
-    fetch = {
-      type = "git";
-      url = "https://go.googlesource.com/net";
-      rev =  "c44066c5c816ec500d459a2a324a753f78531ae0";
-      sha256 = "0mgww74bl15d0jvsh4f3qr1ckjzb8icb8hn0mgs5ppa0b2fgpc4f";
-    };
-  }
-  {
-    goPackagePath  = "golang.org/x/sys";
-    fetch = {
-      type = "git";
-      url = "https://go.googlesource.com/sys";
-      rev =  "9b800f95dbbc54abff0acf7ee32d88ba4e328c89";
-      sha256 = "07v3l7q7y59cwvw0mc85i39v7qjcc1jh4svwi789rmrqqm5nq7q6";
-    };
-  }
-  {
-    goPackagePath  = "golang.org/x/text";
-    fetch = {
-      type = "git";
-      url = "https://go.googlesource.com/text";
-      rev =  "f21a4dfb5e38f5895301dc265a8def02365cc3d0";
-      sha256 = "0r6x6zjzhr8ksqlpiwm5gdd7s209kwk5p4lw54xjvz10cs3qlq19";
-    };
-  }
-  {
-    goPackagePath  = "golang.org/x/tools";
-    fetch = {
-      type = "git";
-      url = "https://go.googlesource.com/tools";
-      rev =  "3a10b9bf0a52df7e992a8c3eb712a86d3c896c75";
-      sha256 = "19f3dijcc54jnd7458jab2dgpd0gzccmv2qympd9wi8cc8jpnhws";
-    };
-  }
-  {
-    goPackagePath  = "google.golang.org/appengine";
-    fetch = {
-      type = "git";
-      url = "https://github.com/golang/appengine";
-      rev =  "54a98f90d1c46b7731eb8fb305d2a321c30ef610";
-      sha256 = "0l7mkdnwhidv8m686x432vmx8z5nqcrr9f46ddgvrxbh4wvyfcll";
-    };
-  }
-  {
-    goPackagePath  = "gopkg.in/square/go-jose.v2";
-    fetch = {
-      type = "git";
-      url = "https://github.com/square/go-jose";
-      rev =  "730df5f748271903322feb182be83b43ebbbe27d";
-      sha256 = "11r93g9xrcjqj7qvq8sbd5hy5rnbpmim0vdsp6rbav8gl7wimaa3";
-    };
-  }
-  {
-    goPackagePath  = "howett.net/plist";
-    fetch = {
-      type = "git";
-      url = "https://gitlab.howett.net/go/plist.git";
-      rev =  "591f970eefbbeb04d7b37f334a0c4c3256e32876";
-      sha256 = "1gr74rf6m8bgayf6mxcfaxb3cc49ldlhydzqfafx7di5nds5hxk9";
-    };
-  }
-]
diff --git a/pkgs/tools/security/sudo/default.nix b/pkgs/tools/security/sudo/default.nix
index ae29eeafd00..776823a6a28 100644
--- a/pkgs/tools/security/sudo/default.nix
+++ b/pkgs/tools/security/sudo/default.nix
@@ -6,11 +6,11 @@
 
 stdenv.mkDerivation rec {
   pname = "sudo";
-  version = "1.9.4";
+  version = "1.9.4p2";
 
   src = fetchurl {
     url = "https://www.sudo.ws/dist/${pname}-${version}.tar.gz";
-    sha256 = "1w03257akspgkkl757vmpq3p30sb2n6y61hll038mw9sqwnbv4cb";
+    sha256 = "0r0g8z289ipw0zpkhmm33cpfm42j01jds2q1wilhh3flg7xg2jn3";
   };
 
   prePatch = ''
diff --git a/pkgs/tools/security/teler/default.nix b/pkgs/tools/security/teler/default.nix
new file mode 100644
index 00000000000..37866375859
--- /dev/null
+++ b/pkgs/tools/security/teler/default.nix
@@ -0,0 +1,33 @@
+{ buildGoModule
+, fetchFromGitHub
+, stdenv
+}:
+
+buildGoModule rec {
+  pname = "teler";
+  version = "1.0.1";
+
+  src = fetchFromGitHub {
+    owner = "kitabisa";
+    repo = "teler";
+    rev = "v${version}";
+    sha256 = "07pfqgms5cj4y6zm984qjmmw1c8j9yjbgrp2spi9vzk96s3k3qn3";
+  };
+
+  vendorSha256 = "06szi2jw3nayd7pljjlww2gsllgnfg8scnjmc6qv5xl6gf797kdz";
+
+  # test require internet access
+  doCheck = false;
+
+  meta = with stdenv.lib; {
+    description = "Real-time HTTP Intrusion Detection";
+    longDescription = ''
+      teler is an real-time intrusion detection and threat alert
+      based on web log that runs in a terminal with resources that
+      we collect and provide by the community.
+    '';
+    homepage = "https://github.com/kitabisa/teler";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/tools/system/bottom/default.nix b/pkgs/tools/system/bottom/default.nix
index c7835c5989c..1a975aef393 100644
--- a/pkgs/tools/system/bottom/default.nix
+++ b/pkgs/tools/system/bottom/default.nix
@@ -2,20 +2,24 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "bottom";
-  version = "0.5.4";
+  version = "0.5.6";
 
   src = fetchFromGitHub {
     owner = "ClementTsang";
     repo = pname;
     rev = version;
-    sha256 = "1rpwgwgl05n0s89mhyvabzvsa33ibkd1msyrwfll4wbcbsn0ish7";
+    sha256 = "sha256-88uEEsb+coX8PTKrem+0t5AkamCmqJsFYsENFTZSsys=";
   };
 
+  prePatch = ''
+    rm .cargo/config.toml
+  '';
+
   nativeBuildInputs = [ installShellFiles ];
 
   buildInputs = stdenv.lib.optional stdenv.hostPlatform.isDarwin darwin.apple_sdk.frameworks.IOKit;
 
-  cargoSha256 = "0ykl66gs7k49vfjpw5i8xsbc1blmqm79vrsci2irsl5w642lbig5";
+  cargoSha256 = "sha256-qnh4Tl6JRgxBJbu+t9IJX/XChIR15rTRLvsl+/ZvPxY=";
 
   doCheck = false;
 
diff --git a/pkgs/tools/system/colorls/Gemfile.lock b/pkgs/tools/system/colorls/Gemfile.lock
index d138a167ce7..e9cd8cbf766 100644
--- a/pkgs/tools/system/colorls/Gemfile.lock
+++ b/pkgs/tools/system/colorls/Gemfile.lock
@@ -2,14 +2,16 @@ GEM
   remote: https://rubygems.org/
   specs:
     clocale (0.0.4)
-    colorls (1.4.2)
+    colorls (1.4.3)
       clocale (~> 0)
       filesize (~> 0)
       manpages (~> 0)
       rainbow (>= 2.2, < 4.0)
+      unicode-display_width (~> 1.7)
     filesize (0.2.0)
     manpages (0.6.1)
     rainbow (3.0.0)
+    unicode-display_width (1.7.0)
 
 PLATFORMS
   ruby
diff --git a/pkgs/tools/system/colorls/gemset.nix b/pkgs/tools/system/colorls/gemset.nix
index 2e4a26ff918..850aae35684 100644
--- a/pkgs/tools/system/colorls/gemset.nix
+++ b/pkgs/tools/system/colorls/gemset.nix
@@ -10,15 +10,15 @@
     version = "0.0.4";
   };
   colorls = {
-    dependencies = ["clocale" "filesize" "manpages" "rainbow"];
+    dependencies = ["clocale" "filesize" "manpages" "rainbow" "unicode-display_width"];
     groups = ["default"];
     platforms = [];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "0sw377wklld5zn1la0smxc2bg4rph2xf9d0h3zmxhmds06lb92db";
+      sha256 = "1w9d99qzgxw8wwa4z1vkdnr70fppx2g9shma6dz3ihjhajj2xvmq";
       type = "gem";
     };
-    version = "1.4.2";
+    version = "1.4.3";
   };
   filesize = {
     groups = ["default"];
@@ -50,4 +50,14 @@
     };
     version = "3.0.0";
   };
+  unicode-display_width = {
+    groups = ["default"];
+    platforms = [];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "06i3id27s60141x6fdnjn5rar1cywdwy64ilc59cz937303q3mna";
+      type = "gem";
+    };
+    version = "1.7.0";
+  };
 }
\ No newline at end of file
diff --git a/pkgs/tools/system/daemon/default.nix b/pkgs/tools/system/daemon/default.nix
index 29f976998d5..c419824f969 100644
--- a/pkgs/tools/system/daemon/default.nix
+++ b/pkgs/tools/system/daemon/default.nix
@@ -9,7 +9,11 @@ stdenv.mkDerivation rec {
     sha256 = "0b17zzl7bqnkn7a4pr3l6fxqfmxfld7izphrab5nvhc4wzng4spn";
   };
 
-  makeFlags = [ "PREFIX=$(out)" ];
+  makeFlags = [
+    "PREFIX=$(out)"
+    "CC=${stdenv.cc.targetPrefix}cc"
+  ];
+
   buildInputs = [ perl ];
 
   meta = with stdenv.lib; {
diff --git a/pkgs/tools/system/htop/default.nix b/pkgs/tools/system/htop/default.nix
index a36cb905d25..bf811942c3e 100644
--- a/pkgs/tools/system/htop/default.nix
+++ b/pkgs/tools/system/htop/default.nix
@@ -4,13 +4,13 @@
 
 stdenv.mkDerivation rec {
   pname = "htop";
-  version = "3.0.3";
+  version = "3.0.4";
 
   src = fetchFromGitHub {
     owner = "htop-dev";
     repo = pname;
     rev = version;
-    sha256 = "0ylig6g2w4r3qfb16cf922iriqyn64frkzpk87vpga16kclvf08y";
+    sha256 = "1fckfv96vzqjs3lzy0cgwsqv5vh1sxca3fhvgskmnkvr5bq6cia9";
   };
 
   nativeBuildInputs = [ autoreconfHook ];
diff --git a/pkgs/tools/system/rocm-smi/default.nix b/pkgs/tools/system/rocm-smi/default.nix
index 1ed1d913516..cd4eef89520 100644
--- a/pkgs/tools/system/rocm-smi/default.nix
+++ b/pkgs/tools/system/rocm-smi/default.nix
@@ -2,7 +2,7 @@
 
 buildPythonApplication rec {
   pname = "rocm-smi";
-  version = "3.10.0";
+  version = "4.0.0";
 
   src = fetchFromGitHub {
     owner = "RadeonOpenCompute";
diff --git a/pkgs/tools/text/chroma/default.nix b/pkgs/tools/text/chroma/default.nix
index 438681e1728..390793ffaf1 100644
--- a/pkgs/tools/text/chroma/default.nix
+++ b/pkgs/tools/text/chroma/default.nix
@@ -1,16 +1,32 @@
-{ lib, buildGoModule, fetchFromGitHub }:
+{ lib, buildGoModule, fetchFromGitHub, git }:
 
 buildGoModule rec {
   pname = "chroma";
-  version = "0.8.1";
+  version = "0.8.2";
 
   src = fetchFromGitHub {
     owner  = "alecthomas";
-    repo   = "chroma";
+    repo   = pname;
     rev    = "v${version}";
-    sha256 = "1gwwfn26aipzzvyy466gi6r54ypfy3ylnbi8c4xwch9pkgw16w98";
+    sha256 = "0vzxd0jvjaakwjvkkkjppakjb00z44k7gb5ng1i4924agh24n5ka";
+    leaveDotGit = true;
+    fetchSubmodules = true;
   };
 
+  nativeBuildInputs = [ git ];
+
+  # populate values otherwise taken care of by goreleaser
+  # https://github.com/alecthomas/chroma/issues/435
+  postPatch = ''
+    commit="$(git rev-parse HEAD)"
+    date=$(git show -s --format=%aI "$commit")
+
+    substituteInPlace cmd/chroma/main.go \
+      --replace 'version = "?"' 'version = "${version}"' \
+      --replace 'commit  = "?"' "commit = \"$commit\"" \
+      --replace 'date    = "?"' "date = \"$date\""
+  '';
+
   vendorSha256 = "16cnc4scgkx8jan81ymha2q1kidm6hzsnip5mmgbxpqcc2h7hv9m";
 
   subPackages = [ "cmd/chroma" ];
diff --git a/pkgs/tools/text/languagetool/default.nix b/pkgs/tools/text/languagetool/default.nix
index fc0ec487ad5..30029d2d4e9 100644
--- a/pkgs/tools/text/languagetool/default.nix
+++ b/pkgs/tools/text/languagetool/default.nix
@@ -30,6 +30,7 @@ stdenv.mkDerivation rec {
     maintainers = with maintainers; [
       edwtjo
     ];
+    platforms = jre.meta.platforms;
     description = "A proofreading program for English, French German, Polish, and more";
   };
 }
diff --git a/pkgs/tools/text/ripgrep/default.nix b/pkgs/tools/text/ripgrep/default.nix
index 7bd8a74f458..c69c6fef8cb 100644
--- a/pkgs/tools/text/ripgrep/default.nix
+++ b/pkgs/tools/text/ripgrep/default.nix
@@ -1,4 +1,5 @@
 { stdenv
+, nixosTests
 , fetchFromGitHub
 , rustPlatform
 , asciidoctor
@@ -34,6 +35,8 @@ rustPlatform.buildRustPackage rec {
     installShellCompletion --zsh complete/_rg
   '';
 
+  passthru.tests = { inherit (nixosTests) ripgrep; };
+
   meta = with stdenv.lib; {
     description = "A utility that combines the usability of The Silver Searcher with the raw speed of grep";
     homepage = "https://github.com/BurntSushi/ripgrep";
diff --git a/pkgs/tools/text/ugrep/default.nix b/pkgs/tools/text/ugrep/default.nix
index 353d85931ad..84dc21aba3e 100644
--- a/pkgs/tools/text/ugrep/default.nix
+++ b/pkgs/tools/text/ugrep/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "ugrep";
-  version = "3.0.6";
+  version = "3.1.0";
 
   src = fetchFromGitHub {
     owner = "Genivia";
     repo = pname;
     rev = "v${version}";
-    sha256 = "1s8glpk7li45rcf2xi21qv65dldl8sd3mmalf54pbzfcjri5fwz6";
+    sha256 = "08pq759f2vvdbig64y3k9kicvgr2d5x8ara7b182dcm3slbpib3l";
   };
 
   buildInputs = [ boost bzip2 lz4 pcre2 xz zlib ];
diff --git a/pkgs/tools/typesetting/bibclean/default.nix b/pkgs/tools/typesetting/bibclean/default.nix
index d0e2c79c0bc..c95c6921a4e 100644
--- a/pkgs/tools/typesetting/bibclean/default.nix
+++ b/pkgs/tools/typesetting/bibclean/default.nix
@@ -21,6 +21,7 @@ stdenv.mkDerivation rec {
     description = "Prettyprint and syntax check BibTeX and Scribe bibliography data base files";
     homepage = "http://ftp.math.utah.edu/pub/bibclean";
     license = licenses.gpl2;
+    platforms = platforms.all;
     maintainers = with maintainers; [ dtzWill ];
   };
 }
diff --git a/pkgs/tools/typesetting/lowdown/default.nix b/pkgs/tools/typesetting/lowdown/default.nix
index 017066a2c22..ecd25bf8e83 100644
--- a/pkgs/tools/typesetting/lowdown/default.nix
+++ b/pkgs/tools/typesetting/lowdown/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "lowdown";
-  version = "0.7.4";
+  version = "0.7.5";
 
   outputs = [ "out" "dev" ];
 
   src = fetchurl {
     url = "https://kristaps.bsd.lv/lowdown/snapshots/lowdown-${version}.tar.gz";
-    sha512 = "2iw5x3lf5knnscp0ifgk50yj48p54cbd34h94qrxa9vdybg2nnipklrqmmqblf6l7qph98h7jvlyr99m5qlrki9lvjr1jcgbgp31pn0";
+    sha512 = "1wfbrydbk0f0blhg5my3m5gw8bspwh3rdg4w4mcalnrwpypzd4zrggc4aj3zm72c5jikx6pnjb2k9w1s075k84f6q8p8chlzb3s4qd2";
   };
 
   nativeBuildInputs = [ which ];
diff --git a/pkgs/tools/typesetting/tectonic/default.nix b/pkgs/tools/typesetting/tectonic/default.nix
index fc4a971f230..d37a4a69570 100644
--- a/pkgs/tools/typesetting/tectonic/default.nix
+++ b/pkgs/tools/typesetting/tectonic/default.nix
@@ -3,16 +3,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "tectonic";
-  version = "0.3.3";
+  version = "0.4.0";
 
   src = fetchFromGitHub {
     owner = "tectonic-typesetting";
     repo = "tectonic";
     rev = "tectonic@${version}";
-    sha256 = "1ncczcchyphprkrb8spya400gi212a6akx18fm3j4xdhmg9caj3f";
+    sha256 = "1p93428ln3sfsflc7spjpfcgy81c4z5y0xhwv5mkgzf55g8nrin1";
   };
 
-  cargoSha256 = "11xvq0l9xrppcplkshd5wxv90s97x4iavhzbdk9px992zl0m6ar6";
+  cargoSha256 = "0jzngl1iwrq20cx3l0mwdrrddvyw977rwb75nz1k4hkxjnicc1ga";
 
   nativeBuildInputs = [ pkgconfig ];
 
diff --git a/pkgs/tools/typesetting/tex/texlive/combine.nix b/pkgs/tools/typesetting/tex/texlive/combine.nix
index 891495c46ca..0625fe16090 100644
--- a/pkgs/tools/typesetting/tex/texlive/combine.nix
+++ b/pkgs/tools/typesetting/tex/texlive/combine.nix
@@ -36,7 +36,7 @@ let
   mkUniqueOutPaths = pkgs: uniqueStrings
     (map (p: p.outPath) (builtins.filter lib.isDerivation pkgs));
 
-in buildEnv {
+in (buildEnv {
   name = "texlive-${extraName}-${bin.texliveYear}";
 
   extraPrefix = "/share/texmf";
@@ -271,6 +271,6 @@ in buildEnv {
   ''
     + bin.cleanBrokenLinks
   ;
-}
+}).overrideAttrs (_: { allowSubstitutes = true; })
 # TODO: make TeX fonts visible by fontconfig: it should be enough to install an appropriate file
 #       similarly, deal with xe(la)tex font visibility?
diff --git a/pkgs/tools/virtualization/amazon-ecs-cli/default.nix b/pkgs/tools/virtualization/amazon-ecs-cli/default.nix
index 4c37054f4a0..bd63481054c 100644
--- a/pkgs/tools/virtualization/amazon-ecs-cli/default.nix
+++ b/pkgs/tools/virtualization/amazon-ecs-cli/default.nix
@@ -2,18 +2,18 @@
 
 stdenv.mkDerivation rec {
   pname = "amazon-ecs-cli";
-  version = "1.20.0";
+  version = "1.21.0";
 
   src =
     if stdenv.hostPlatform.system == "x86_64-linux" then
       fetchurl {
         url = "https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-linux-amd64-v${version}";
-        sha256 = "11cw2hk48x66wlsg5bzay95l2pgncwnawzj4xmqmbchhhvphrvxr";
+        sha256 = "sEHwhirU2EYwtBRegiIvN4yr7VKtmy7e6xx5gZOkuY0=";
       }
     else if stdenv.hostPlatform.system == "x86_64-darwin" then
       fetchurl {
         url = "https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-darwin-amd64-v${version}";
-        sha256 = "1f4yq04sgwkj2p0j598a8vc54dzihmqvg9daa6mxnqj403ln0rg1";
+        sha256 = "1viala49sifpcmgn3jw24h5bkrlm4ffadjiqagbxj3lr0r78i9nm";
       }
     else throw "Architecture not supported";