chn/nixpkgs
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixpkgs.git synced 2026-01-11 18:32:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into staging-next

Browse Source
This commit is contained in:
K900
2024-12-12 21:08:33 +03:00
parent da49cc09b4 4571740d16
commit 81eb6d64ab
306 changed files with 7251 additions and 17152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.github/labeler.yml vendored
View File

@@ -328,6 +328,7 @@
- any-glob-to-any-file:
- doc/languages-frameworks/nim.section.md
- pkgs/build-support/build-nim-package.nix
- pkgs/build-support/build-nim-sbom.nix
- pkgs/by-name/ni/nim*
- pkgs/top-level/nim-overrides.nix

8
.github/workflows/check-nix-format.yml vendored
View File

@@ -13,15 +13,19 @@ permissions:
contents: read
jobs:
get-merge-commit:
uses: ./.github/workflows/get-merge-commit.yml
nixos:
name: nixfmt-check
runs-on: ubuntu-latest
if: "!contains(github.event.pull_request.title, '[skip treewide]')"
needs: get-merge-commit
if: "needs.get-merge-commit.outputs.mergedSha && !contains(github.event.pull_request.title, '[skip treewide]')"
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
# Fetches the merge commit and its parents
fetch-depth: 2
- name: Checking out base branch

7
.github/workflows/codeowners-v2.yml vendored
View File

@@ -33,10 +33,15 @@ env:
DRY_MODE: ${{ github.event.pull_request.draft && '1' || '' }}
jobs:
get-merge-commit:
uses: ./.github/workflows/get-merge-commit.yml
# Check that code owners is valid
check:
name: Check
runs-on: ubuntu-latest
needs: get-merge-commit
if: needs.get-merge-commit.outputs.mergedSha
steps:
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
@@ -65,7 +70,7 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: refs/pull/${{ github.event.number }}/merge
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
path: pr
- name: Validate codeowners

8
.github/workflows/editorconfig-v2.yml vendored
View File

@@ -11,10 +11,14 @@ on:
- 'release-**'
jobs:
get-merge-commit:
uses: ./.github/workflows/get-merge-commit.yml
tests:
name: editorconfig-check
runs-on: ubuntu-latest
if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
needs: get-merge-commit
if: "needs.get-merge-commit.outputs.mergedSha && github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
steps:
- name: Get list of changed files from PR
env:
@@ -30,7 +34,7 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:
# nixpkgs commit is pinned so that it doesn't break

2
.github/workflows/eval-lib-tests.yml vendored
View File

@@ -15,9 +15,9 @@ jobs:
name: nixpkgs-lib-tests
runs-on: ubuntu-latest
needs: get-merge-commit
if: needs.get-merge-commit.outputs.mergedSha
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
if: needs.get-merge-commit.outputs.mergedSha
with:
# pull_request_target checks out the base branch by default
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}

25
.github/workflows/eval.yml vendored
View File

@@ -23,22 +23,21 @@ jobs:
name: Attributes
runs-on: ubuntu-latest
needs: get-merge-commit
# Skip this and dependent steps if the PR can't be merged
if: needs.get-merge-commit.outputs.mergedSha
outputs:
mergedSha: ${{ needs.get-merge-commit.outputs.mergedSha }}
baseSha: ${{ steps.baseSha.outputs.baseSha }}
systems: ${{ steps.systems.outputs.systems }}
steps:
- name: Check out the PR at the test merge commit
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
# Add this to _all_ subsequent steps to skip them
if: needs.get-merge-commit.outputs.mergedSha
with:
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
fetch-depth: 2
path: nixpkgs
- name: Determine base commit
if: github.event_name == 'pull_request_target' && needs.get-merge-commit.outputs.mergedSha
if: github.event_name == 'pull_request_target'
id: baseSha
run: |
baseSha=$(git -C nixpkgs rev-parse HEAD^1)
@@ -46,18 +45,15 @@ jobs:
- name: Install Nix
uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
if: needs.get-merge-commit.outputs.mergedSha
- name: Evaluate the list of all attributes and get the systems matrix
id: systems
if: needs.get-merge-commit.outputs.mergedSha
run: |
nix-build nixpkgs/ci -A eval.attrpathsSuperset
echo "systems=$(<result/systems.json)" >> "$GITHUB_OUTPUT"
- name: Upload the list of all attributes
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if: needs.get-merge-commit.outputs.mergedSha
with:
name: paths
path: result/*
@@ -65,12 +61,12 @@ jobs:
eval-aliases:
name: Eval nixpkgs with aliases enabled
runs-on: ubuntu-latest
needs: attrs
needs: [ attrs, get-merge-commit ]
steps:
- name: Check out the PR at the test merge commit
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.attrs.outputs.mergedSha }}
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
path: nixpkgs
- name: Install Nix
@@ -83,9 +79,7 @@ jobs:
outpaths:
name: Outpaths
runs-on: ubuntu-latest
needs: attrs
# Skip this and future steps if the PR can't be merged
if: needs.attrs.outputs.mergedSha
needs: [ attrs, get-merge-commit ]
strategy:
matrix:
system: ${{ fromJSON(needs.attrs.outputs.systems) }}
@@ -99,7 +93,7 @@ jobs:
- name: Check out the PR at the test merge commit
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.attrs.outputs.mergedSha }}
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
path: nixpkgs
- name: Install Nix
@@ -117,7 +111,6 @@ jobs:
- name: Upload the output paths and eval stats
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if: needs.attrs.outputs.mergedSha
with:
name: intermediate-${{ matrix.system }}
path: result/*
@@ -125,7 +118,7 @@ jobs:
process:
name: Process
runs-on: ubuntu-latest
needs: [ outpaths, attrs ]
needs: [ outpaths, attrs, get-merge-commit ]
outputs:
baseRunId: ${{ steps.baseRunId.outputs.baseRunId }}
steps:
@@ -138,7 +131,7 @@ jobs:
- name: Check out the PR at the test merge commit
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.attrs.outputs.mergedSha }}
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
path: nixpkgs
- name: Install Nix

8
.github/workflows/nix-parse-v2.yml vendored
View File

@@ -11,10 +11,14 @@ on:
- 'release-**'
jobs:
get-merge-commit:
uses: ./.github/workflows/get-merge-commit.yml
tests:
name: nix-files-parseable-check
runs-on: ubuntu-latest
if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
needs: get-merge-commit
if: "needs.get-merge-commit.outputs.mergedSha && github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
steps:
- name: Get list of changed files from PR
env:
@@ -30,7 +34,7 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }}
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:

6
.github/workflows/nixpkgs-vet.yml vendored
View File

@@ -29,24 +29,21 @@ jobs:
# This should take 1 minute at most, but let's be generous. The default of 6 hours is definitely too long.
timeout-minutes: 10
needs: get-merge-commit
if: needs.get-merge-commit.outputs.mergedSha
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
if: needs.get-merge-commit.outputs.mergedSha
with:
# pull_request_target checks out the base branch by default
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
# Fetches the merge commit and its parents
fetch-depth: 2
- name: Checking out base branch
if: needs.get-merge-commit.outputs.mergedSha
run: |
base=$(mktemp -d)
git worktree add "$base" "$(git rev-parse HEAD^1)"
echo "base=$base" >> "$GITHUB_ENV"
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
if: needs.get-merge-commit.outputs.mergedSha
- name: Fetching the pinned tool
if: needs.get-merge-commit.outputs.mergedSha
# Update the pinned version using ci/nixpkgs-vet/update-pinned-tool.sh
run: |
# The pinned version of the tooling to use.
@@ -59,7 +56,6 @@ jobs:
# Adds a result symlink as a GC root.
nix-store --realise "$toolPath" --add-root result
- name: Running nixpkgs-vet
if: needs.get-merge-commit.outputs.mergedSha
env:
# Force terminal colors to be enabled. The library that `nixpkgs-vet` uses respects https://bixense.com/clicolors/
CLICOLOR_FORCE: 1

1
ci/OWNERS
View File

@@ -361,6 +361,7 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
# nim
/doc/languages-frameworks/nim.section.md @ehmry
/pkgs/build-support/build-nim-package.nix @ehmry
/pkgs/build-support/build-nim-sbom.nix @ehmry
/pkgs/top-level/nim-overrides.nix @ehmry
# terraform providers

2
ci/eval/default.nix
View File

@@ -49,7 +49,7 @@ let
export NIX_STATE_DIR=$(mktemp -d)
mkdir $out
export GC_INITIAL_HEAP_SIZE=4g
command time -v \
command time -f "Attribute eval done [%MKB max resident, %Es elapsed] %C" \
nix-instantiate --eval --strict --json --show-trace \
"$src/pkgs/top-level/release-attrpaths-superset.nix" \
-A paths \

46
doc/languages-frameworks/nim.section.md
View File

@@ -1,7 +1,9 @@
# Nim {#nim}
# Nim {#sec-language-nim}
The Nim compiler and a builder function is available.
Nim programs are built using `buildNimPackage` and a lockfile containing Nim dependencies.
Nim programs are built using a lockfile and either `buildNimPackage` or `buildNimSbom`.
## buildNimPackage {#buildNimPackage}
The following example shows a Nim program that depends only on Nim libraries:
```nix
@@ -15,7 +17,7 @@ buildNimPackage (finalAttrs: {
owner = "inv2004";
repo = "ttop";
rev = "v${finalAttrs.version}";
hash = "sha256-oPdaUqh6eN1X5kAYVvevOndkB/xnQng9QVLX9bu5P5E=";
hash = lib.fakeHash;
};
lockFile = ./lock.json;
@@ -26,7 +28,7 @@ buildNimPackage (finalAttrs: {
})
```
## `buildNimPackage` parameters {#buildnimpackage-parameters}
### `buildNimPackage` parameters {#buildnimpackage-parameters}
The `buildNimPackage` function takes an attrset of parameters that are passed on to `stdenv.mkDerivation`.
@@ -41,7 +43,7 @@ The following parameters are specific to `buildNimPackage`:
Use this to specify defines with arguments in the form of `-d:${name}=${value}`.
* `nimDoc` ? false`: Build and install HTML documentation.
## Lockfiles {#nim-lockfiles}
### Lockfiles {#nim-lockfiles}
Nim lockfiles are created with the `nim_lk` utility.
Run `nim_lk` with the source directory as an argument and it will print a lockfile to stdout.
```sh
@@ -50,9 +52,41 @@ $ nix build -f . ttop.src
$ nix run -f . nim_lk ./result | jq --sort-keys > pkgs/by-name/tt/ttop/lock.json
```
## buildNimSbom {#buildNimSbom}
An alternative to `buildNimPackage` is `buildNimSbom` which builds packages from [CycloneDX SBOM](https://cyclonedx.org/) files.
`buildNimSbom` resolves Nim dependencies to [fixed-output derivations](https://nixos.org/manual/nix/stable/glossary#gloss-fixed-output-derivation) using the [nix:fod namespace](#sec-interop.cylonedx-fod).
In the following minimal example only the source code checkout and a `buildInput` are specified.
The SBOM file provides metadata such as `pname` and `version` as well as the sources to Nim dependencies.
```nix
# pkgs/by-name/ni/nim_lk/package.nix
{
lib,
buildNimSbom,
fetchFromSourcehut,
openssl,
}:
buildNimSbom (finalAttrs: {
src = fetchFromSourcehut {
owner = "~ehmry";
repo = "nim_lk";
rev = finalAttrs.version;
hash = lib.fakeHash;
};
buildInputs = [ openssl ];
}) ./sbom.json
```
### Generating SBOMs {#generating-nim-sboms}
The [nim_lk](https://git.sr.ht/~ehmry/nim_lk) utility can generate SBOMs from [Nimble](https://github.com/nim-lang/nimble) package metadata.
See the [nim_lk documentation](https://git.sr.ht/~ehmry/nim_lk#nimble-to-cyclonedx-sbom) for more information.
## Overriding Nim packages {#nim-overrides}
The `buildNimPackage` function generates flags and additional build dependencies from the `lockFile` parameter passed to `buildNimPackage`. Using [`overrideAttrs`](#sec-pkg-overrideAttrs) on the final package will apply after this has already been generated, so this can't be used to override the `lockFile` in a package built with `buildNimPackage`. To be able to override parameters before flags and build dependencies are generated from the `lockFile`, use `overrideNimAttrs` instead with the same syntax as `overrideAttrs`:
The `buildNimPackage` and `buildNimSbom` functions generate flags and additional build dependencies from the `lockFile` parameter passed to `buildNimPackage`. Using [`overrideAttrs`](#sec-pkg-overrideAttrs) on the final package will apply after this has already been generated, so this can't be used to override the `lockFile` in a package built with `buildNimPackage`. To be able to override parameters before flags and build dependencies are generated from the `lockFile`, use `overrideNimAttrs` instead with the same syntax as `overrideAttrs`:
```nix
pkgs.nitter.overrideNimAttrs {

13
doc/redirects.json
View File

@@ -3223,8 +3223,11 @@
"manifest-file-via-maven-plugin": [
"index.html#manifest-file-via-maven-plugin"
],
"nim": [
"index.html#nim"
"sec-language-nim": [
"index.html#sec-language-nim"
],
"buildNimPackage": [
"index.html#buildNimPackage"
],
"buildnimpackage-parameters": [
"index.html#buildnimpackage-parameters"
@@ -3232,6 +3235,12 @@
"nim-lockfiles": [
"index.html#nim-lockfiles"
],
"buildNimSbom": [
"index.html#buildNimSbom"
],
"generating-nim-sboms": [
"index.html#generating-nim-sboms"
],
"nim-overrides": [
"index.html#nim-overrides"
],

6
lib/systems/parse.nix
View File

@@ -441,7 +441,7 @@ rec {
mkSkeletonFromList = l: {
"1" = if elemAt l 0 == "avr"
then { cpu = elemAt l 0; kernel = "none"; abi = "unknown"; }
else throw "Target specification with 1 components is ambiguous";
else throw "system string '${lib.concatStringsSep "-" l}' with 1 component is ambiguous";
"2" = # We only do 2-part hacks for things Nix already supports
if elemAt l 1 == "cygwin"
then { cpu = elemAt l 0; kernel = "windows"; abi = "cygnus"; }
@@ -479,10 +479,10 @@ rec {
then "windows" # autotools breaks on -gnu for window
else elemAt l 2;
}
else throw "Target specification with 3 components is ambiguous";
else throw "system string '${lib.concatStringsSep "-" l}' with 3 components is ambiguous";
"4" = { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; abi = elemAt l 3; };
}.${toString (length l)}
or (throw "system string has invalid number of hyphen-separated components");
or (throw "system string '${lib.concatStringsSep "-" l}' has invalid number of hyphen-separated components");
# This should revert the job done by config.guess from the gcc compiler.
mkSystemFromSkeleton = { cpu

30
maintainers/maintainer-list.nix
View File

@@ -1400,6 +1400,13 @@
githubId = 638836;
name = "Andreas Rammhold";
};
andre4ik3 = {
name = "andre4ik3";
email = "andre4ik3@fastmail.com";
matrix = "@andre4ik3:matrix.org";
github = "andre4ik3";
githubId = 62390580;
};
andreasfelix = {
email = "fandreas@physik.hu-berlin.de";
github = "felix-andreas";
@@ -11324,6 +11331,11 @@
githubId = 7183441;
name = "Justin Lovinger";
};
justinrubek = {
github = "justinrubek";
githubId = 25621857;
name = "Justin Rubek";
};
justinwoo = {
email = "moomoowoo@gmail.com";
github = "justinwoo";
@@ -13880,6 +13892,12 @@
githubId = 26458780;
name = "Matthew Croughan";
};
matthewdargan = {
email = "matthewdargan57@gmail.com";
githubId = 18505904;
github = "matthewdargan";
name = "Matthew Dargan";
};
matthew-levan = {
email = "matthew@coeli.network";
github = "matthew-levan";
@@ -19840,6 +19858,12 @@
githubId = 1153271;
name = "Sander van der Burg";
};
sandptel = {
email = "sandppatel15@gmail.com";
github = "sandptel";
githubId = 96694484;
name = "Sandeep Patel";
};
Sanskarzz = {
email = "sanskar.gur@gmail.com";
github = "Sanskarzz";
@@ -22385,6 +22409,12 @@
githubId = 1634990;
name = "Tom McLaughlin";
};
thomaslepoix = {
email = "thomas.lepoix@protonmail.ch";
github = "thomaslepoix";
githubId = 26417323;
name = "Thomas Lepoix";
};
ThomasMader = {
email = "thomas.mader@gmail.com";
github = "ThomasMader";

1
maintainers/scripts/kde/collect-missing-deps.py
View File

@@ -26,6 +26,7 @@ OK_MISSING_BY_PACKAGE = {
"Python3", # only used for license checks
},
"discover": {
"ApkQt", # we don't have APK (duh)
"rpm-ostree-1", # we don't have rpm-ostree (duh)
"Snapd", # we don't have snaps and probably never will
"packagekitqt6", # intentionally disabled

10
maintainers/team-list.nix
View File

@@ -452,6 +452,16 @@ with lib.maintainers;
enableFeatureFreezePing = true;
};
gnome-circle = {
members = [
aleksana
dawidd6
getchoo
];
scope = "Maintain GNOME Circle applications.";
shortName = "GNOME Circle";
};
graalvm-ce = {
members = [
bandresen

2
nixos/doc/manual/release-notes/rl-2411.section.md
View File

@@ -911,6 +911,8 @@
- `freecad` now supports addons and custom configuration in nix-way, which can be used by calling `freecad.customize`.
- `buildNimSbom` was added as an alternative to `buildNimPackage`. `buildNimSbom` uses [SBOMs](https://cyclonedx.org/) to generate packages whereas `buildNimPackage` uses a custom JSON lockfile format.
## Detailed Migration Information {#sec-release-24.11-migration}
### `sound` options removal {#sec-release-24.11-migration-sound}

12
nixos/doc/manual/release-notes/rl-2505.section.md
View File

@@ -17,6 +17,8 @@
This introduces some backwardsincompatible changes; see the [upstream release notes](https://releases.llvm.org/) for details.
- The default PHP version has been updated to 8.3.
- `nixos-rebuild-ng`, a full rewrite of `nixos-rebuild` in Python, is available for testing. You can enable it by setting [system.rebuild.enableNg](options.html#opt-system.rebuild.enableNg) in your configuration (this will replace the old `nixos-rebuild`), or by adding `nixos-rebuild-ng` to your `environment.systemPackages` (in this case, it will live side-by-side with `nixos-rebuild` as `nixos-rebuild-ng`). It is expected that the next major version of NixOS (25.11) will enable `system.rebuild.enableNg` by default.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## New Modules {#sec-release-25.05-new-modules}
@@ -25,6 +27,8 @@
- [Bazecor](https://github.com/Dygmalab/Bazecor), the graphical configurator for Dygma Products.
- [scanservjs](https://github.com/sbs20/scanservjs/), a web UI for SANE scanners. Available at [services.scanservjs](#opt-services.scanservjs.enable).
- [Kimai](https://www.kimai.org/), a web-based multi-user time-tracking application. Available as [services.kimai](options.html#opt-services.kimai).
- [Omnom](https://github.com/asciimoo/omnom), a webpage bookmarking and snapshotting service. Available as [services.omnom](options.html#opt-services.omnom.enable).
@@ -41,6 +45,8 @@
- [agorakit](https://github.com/agorakit/agorakit), an organization tool for citizens' collectives. Available with [services.agorakit](options.html#opt-services.agorakit.enable).
- [waagent](https://github.com/Azure/WALinuxAgent), the Microsoft Azure Linux Agent (waagent) manages Linux provisioning and VM interaction with the Azure Fabric Controller. Available with [services.waagent](options.html#opt-services.waagent.enable).
- [mqtt-exporter](https://github.com/kpetremann/mqtt-exporter/), a Prometheus exporter for exposing messages from MQTT. Available as [services.prometheus.exporters.mqtt](#opt-services.prometheus.exporters.mqtt.enable).
- [Buffyboard](https://gitlab.postmarketos.org/postmarketOS/buffybox/-/tree/master/buffyboard), a framebuffer on-screen keyboard. Available as [services.buffyboard](option.html#opt-services.buffyboard).
@@ -97,6 +103,10 @@
- `nodePackages.expo-cli` has been removed, as it was deprecated by upstream. The suggested replacement is the `npx expo` command.
- DokuWiki with the Caddy webserver (`services.dokuwiki.webserver = "caddy"`) now sets up sites with Caddy's automatic HTTPS instead of HTTP-only.
To keep the old behavior for a site `example.com`, set `services.caddy.virtualHosts."example.com".hostName = "http://example.com"`.
If you set custom Caddy options for a DokuWiki site, migrate these options by removing `http://` from `services.caddy.virtualHosts."http://example.com"`.
- `vscode-utils.buildVscodeExtension` now requires pname as an argument
- `nerdfonts` has been separated into individual font packages under the namespace `nerd-fonts`. The directories for font
@@ -111,6 +121,8 @@
- `nodePackages.ganache` has been removed, as the package has been deprecated by upstream.
- `virtualisation.azure.agent` option provided by `azure-agent.nix` is replaced by `services.waagent`, and will be removed in a future release.
- `containerd` has been updated to v2, which contains breaking changes. See the [containerd
2.0](https://github.com/containerd/containerd/blob/main/docs/containerd-2.0.md) documentation for more
details.

18
nixos/modules/installer/tools/tools.nix
View File

@@ -45,6 +45,11 @@ let
nixos-install = pkgs.nixos-install.override { nix = config.nix.package; };
nixos-rebuild = pkgs.nixos-rebuild.override { nix = config.nix.package; };
nixos-rebuild-ng = pkgs.nixos-rebuild-ng.override {
nix = config.nix.package;
withNgSuffix = false;
withReexec = true;
};
defaultConfigTemplate = ''
# Edit this configuration file to define what should be installed on
@@ -214,6 +219,13 @@ in
'';
};
options.system.rebuild.enableNg = lib.mkEnableOption "" // {
description = ''
Whether to use nixos-rebuild-ng in place of nixos-rebuild, the
Python-based re-implementation of the original in Bash.
'';
};
imports = let
mkToolModule = { name, package ? pkgs.${name} }: { config, ... }: {
options.system.tools.${name}.enable = lib.mkEnableOption "${name} script" // {
@@ -240,7 +252,11 @@ in
# These may be used in auxiliary scripts (ie not part of toplevel), so they are defined unconditionally.
system.build = {
inherit nixos-generate-config nixos-install nixos-rebuild;
inherit nixos-generate-config nixos-install;
nixos-rebuild =
if config.system.rebuild.enableNg
then nixos-rebuild-ng
else nixos-rebuild;
nixos-option = lib.warn "Accessing nixos-option through `config.system.build` is deprecated, use `pkgs.nixos-option` instead." pkgs.nixos-option;
nixos-enter = lib.warn "Accessing nixos-enter through `config.system.build` is deprecated, use `pkgs.nixos-enter` instead." pkgs.nixos-enter;
};

2
nixos/modules/module-list.nix
View File

@@ -624,6 +624,7 @@
./services/hardware/sane_extra_backends/brscan4.nix
./services/hardware/sane_extra_backends/brscan5.nix
./services/hardware/sane_extra_backends/dsseries.nix
./services/hardware/scanservjs.nix
./services/hardware/spacenavd.nix
./services/hardware/supergfxd.nix
./services/hardware/tcsd.nix
@@ -1765,6 +1766,7 @@
./virtualisation/virtualbox-host.nix
./virtualisation/vmware-guest.nix
./virtualisation/vmware-host.nix
./virtualisation/waagent.nix
./virtualisation/waydroid.nix
./virtualisation/xe-guest-utilities.nix
./virtualisation/xen-dom0.nix

12
nixos/modules/services/databases/postgresql.md
View File

@@ -45,9 +45,9 @@ By default, PostgreSQL stores its databases in {file}`/var/lib/postgresql/$psqlS
## Initializing {#module-services-postgres-initializing}
As of NixOS 23.11,
As of NixOS 24.05,
`services.postgresql.ensureUsers.*.ensurePermissions` has been
deprecated, after a change to default permissions in PostgreSQL 15
removed, after a change to default permissions in PostgreSQL 15
invalidated most of its previous use cases:
- In psql < 15, `ALL PRIVILEGES` used to include `CREATE TABLE`, where
@@ -375,6 +375,14 @@ several common hardening options from `systemd`, most notably:
* A stricter default UMask (`0027`).
* Only sockets of type `AF_INET`/`AF_INET6`/`AF_NETLINK`/`AF_UNIX` allowed.
* Restricted filesystem access (private `/tmp`, most of the file-system hierachy is mounted read-only, only process directories in `/proc` that are owned by the same user).
* When using [`TABLESPACE`](https://www.postgresql.org/docs/current/manage-ag-tablespaces.html)s, make sure to add the filesystem paths to `ReadWritePaths` like this:
```nix
{
systemd.services.postgresql.serviceConfig.ReadWritePaths = [
"/path/to/tablespace/location"
];
}
```
The NixOS module also contains necessary adjustments for extensions from `nixpkgs`
if these are enabled. If an extension or a postgresql feature from `nixpkgs` breaks

20
nixos/modules/services/databases/postgresql.nix
View File

@@ -71,7 +71,7 @@ let
touch $out
'';
groupAccessAvailable = versionAtLeast postgresql.version "11.0";
groupAccessAvailable = versionAtLeast cfg.finalPackage.version "11.0";
extensionNames = map getName postgresql.installedExtensions;
extensionInstalled = extension: elem extension extensionNames;
@@ -113,6 +113,17 @@ in
example = "postgresql_15";
};
finalPackage = mkOption {
type = types.package;
readOnly = true;
default = postgresql;
defaultText = "with config.services.postgresql; package.withPackages extensions";
description = ''
The postgresql package that will effectively be used in the system.
It consists of the base package with plugins applied to it.
'';
};
checkConfig = mkOption {
type = types.bool;
default = true;
@@ -583,7 +594,7 @@ in
users.groups.postgres.gid = config.ids.gids.postgres;
environment.systemPackages = [ postgresql ];
environment.systemPackages = [ cfg.finalPackage ];
environment.pathsToLink = [
"/share/postgresql"
@@ -601,7 +612,7 @@ in
environment.PGDATA = cfg.dataDir;
path = [ postgresql ];
path = [ cfg.finalPackage ];
preStart = ''
if ! test -e ${cfg.dataDir}/PG_VERSION; then
@@ -682,7 +693,7 @@ in
# receiving systemd's SIGINT.
TimeoutSec = 120;
ExecStart = "${postgresql}/bin/postgres";
ExecStart = "${cfg.finalPackage}/bin/postgres";
# Hardening
CapabilityBoundingSet = [ "" ];
@@ -733,7 +744,6 @@ in
unitConfig.RequiresMountsFor = "${cfg.dataDir}";
};
};
meta.doc = ./postgresql.md;

155
nixos/modules/services/hardware/scanservjs.nix Normal file
View File

@@ -0,0 +1,155 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.scanservjs;
settings = {
scanimage = lib.getExe' config.hardware.sane.backends-package "scanimage";
convert = lib.getExe' pkgs.imagemagick "convert";
tesseract = lib.getExe pkgs.tesseract;
# it defaults to config/devices.json, but "config" dir doesn't exist by default and scanservjs doesn't create it
devicesPath = "devices.json";
} // cfg.settings;
settingsFormat = pkgs.formats.json { };
leafs =
attrs:
builtins.concatLists (
lib.mapAttrsToList (k: v: if builtins.isAttrs v then leafs v else [ v ]) attrs
);
package = pkgs.scanservjs;
configFile = pkgs.writeText "config.local.js" ''
/* eslint-disable no-unused-vars */
module.exports = {
afterConfig(config) {
${
builtins.concatStringsSep "" (
leafs (
lib.mapAttrsRecursive (path: val: ''
${builtins.concatStringsSep "." path} = ${builtins.toJSON val};
'') { config = settings; }
)
)
}
${cfg.extraConfig}
},
afterDevices(devices) {
${cfg.extraDevicesConfig}
},
async afterScan(fileInfo) {
${cfg.runAfterScan}
},
actions: [
${builtins.concatStringsSep ",\n" cfg.extraActions}
],
};
'';
in
{
options.services.scanservjs = {
enable = lib.mkEnableOption "scanservjs";
stateDir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/scanservjs";
description = ''
State directory for scanservjs.
'';
};
settings = lib.mkOption {
default = { };
description = ''
Config to set in config.local.js's `afterConfig`.
'';
type = lib.types.submodule {
freeformType = settingsFormat.type;
options.host = lib.mkOption {
type = lib.types.str;
description = "The IP to listen on.";
default = "127.0.0.1";
};
options.port = lib.mkOption {
type = lib.types.port;
description = "The port to listen on.";
default = 8080;
};
};
};
extraConfig = lib.mkOption {
default = "";
type = lib.types.lines;
description = ''
Extra code to add to config.local.js's `afterConfig`.
'';
};
extraDevicesConfig = lib.mkOption {
default = "";
type = lib.types.lines;
description = ''
Extra code to add to config.local.js's `afterDevices`.
'';
};
runAfterScan = lib.mkOption {
default = "";
type = lib.types.lines;
description = ''
Extra code to add to config.local.js's `afterScan`.
'';
};
extraActions = lib.mkOption {
default = [ ];
type = lib.types.listOf lib.types.lines;
description = "Actions to add to config.local.js's `actions`.";
};
};
config = lib.mkIf cfg.enable {
hardware.sane.enable = true;
users.users.scanservjs = {
group = "scanservjs";
extraGroups = [
"scanner"
"lp"
];
home = cfg.stateDir;
isSystemUser = true;
createHome = true;
};
users.groups.scanservjs = { };
systemd.services.scanservjs = {
description = "scanservjs";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
# yes, those paths are configurable, but the config option isn't always used...
# a lot of the time scanservjs just takes those from PATH
path = with pkgs; [
coreutils
config.hardware.sane.backends-package
imagemagick
tesseract
];
environment = {
NIX_SCANSERVJS_CONFIG_PATH = configFile;
SANE_CONFIG_DIR = "/etc/sane-config";
LD_LIBRARY_PATH = "/etc/sane-libs";
};
serviceConfig = {
ExecStart = lib.getExe package;
Restart = "always";
User = "scanservjs";
Group = "scanservjs";
WorkingDirectory = cfg.stateDir;
};
};
};
}

2
nixos/modules/services/web-apps/dokuwiki.nix
View File

@@ -475,7 +475,7 @@ in
services.caddy = {
enable = true;
virtualHosts = mapAttrs' (hostName: cfg: (
nameValuePair "http://${hostName}" {
nameValuePair hostName {
extraConfig = ''
root * ${pkg hostName cfg}/share/dokuwiki
file_server

8
nixos/modules/services/web-servers/minio.nix
View File

@@ -40,6 +40,12 @@ in
description = "The config directory, for the access keys and other settings.";
};
certificatesDir = mkOption {
default = "/var/lib/minio/certs";
type = types.path;
description = "The directory where TLS certificates are stored.";
};
accessKey = mkOption {
default = "";
type = types.str;
@@ -102,7 +108,7 @@ in
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${cfg.package}/bin/minio server --json --address ${cfg.listenAddress} --console-address ${cfg.consoleAddress} --config-dir=${cfg.configDir} ${toString cfg.dataDir}";
ExecStart = "${cfg.package}/bin/minio server --json --address ${cfg.listenAddress} --console-address ${cfg.consoleAddress} --config-dir=${cfg.configDir} --certs-dir=${cfg.certificatesDir} ${toString cfg.dataDir}";
Type = "simple";
User = "minio";
Group = "minio";

14
nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh
View File

@@ -11,18 +11,24 @@ usage() {
}
timeout= # Timeout in centiseconds
menu=1 # Enable menu by default
default= # Default configuration
target=/boot # Target directory
numGenerations=0 # Number of other generations to include in the menu
while getopts "t:c:d:g:n:r" opt; do
case "$opt" in
t) # U-Boot interprets '0' as infinite and negative as instant boot
t) # U-Boot interprets '0' as infinite
if [ "$OPTARG" -lt 0 ]; then
# When negative (or null coerced to -1), disable timeout which means that we wait forever for input
timeout=0
elif [ "$OPTARG" = 0 ]; then
timeout=-10
# When zero, which means disabled in Nix module, disable menu which results in instant boot of the default item
# .. timeout is actually ignored by u-Boot but set here for the rest of the script
timeout=1
menu=0
else
# Positive results in centi-seconds of timeout, which when passed with no input results in boot of the default item
timeout=$((OPTARG * 10))
fi
;;
@@ -126,10 +132,12 @@ cat > $tmpFile <<EOF
# Change this to e.g. nixos-42 to temporarily boot to an older configuration.
DEFAULT nixos-default
MENU TITLE ------------------------------------------------------------
TIMEOUT $timeout
EOF
[ "$menu" == "1" ] \
&& echo "MENU TITLE ------------------------------------------------------------" >> $tmpFile
addEntry $default default >> $tmpFile
if [ "$numGenerations" -gt 0 ]; then

6
nixos/modules/system/boot/systemd/tmpfiles.nix
View File

@@ -7,6 +7,10 @@ let
initrdCfg = config.boot.initrd.systemd.tmpfiles;
systemd = config.systemd.package;
attrsWith' = placeholder: elemType: types.attrsWith {
inherit elemType placeholder;
};
settingsOption = {
description = ''
Declare systemd-tmpfiles rules to create, delete, and clean up volatile
@@ -25,7 +29,7 @@ let
};
};
default = {};
type = types.attrsOf (types.attrsOf (types.attrsOf (types.submodule ({ name, config, ... }: {
type = attrsWith' "config-name" (attrsWith' "tmpfiles-type" (attrsWith' "path" (types.submodule ({ name, config, ... }: {
options.type = mkOption {
type = types.str;
default = name;

343
nixos/modules/virtualisation/azure-agent.nix
View File

@@ -1,291 +1,56 @@
{ config, lib, pkgs, ... }:
{ lib, ... }:
with lib;
let
cfg = config.virtualisation.azure.agent;
provisionedHook = pkgs.writeScript "provisioned-hook" ''
#!${pkgs.runtimeShell}
/run/current-system/systemd/bin/systemctl start provisioned.target
'';
in
{
###### interface
options.virtualisation.azure.agent = {
enable = mkOption {
default = false;
description = "Whether to enable the Windows Azure Linux Agent.";
};
verboseLogging = mkOption {
default = false;
description = "Whether to enable verbose logging.";
};
mountResourceDisk = mkOption {
default = true;
description = "Whether the agent should format (ext4) and mount the resource disk to /mnt/resource.";
};
};
###### implementation
config = lib.mkIf cfg.enable {
assertions = [{
assertion = config.networking.networkmanager.enable == false;
message = "Windows Azure Linux Agent is not compatible with NetworkManager";
}];
boot.initrd.kernelModules = [ "ata_piix" ];
networking.firewall.allowedUDPPorts = [ 68 ];
environment.etc."waagent.conf".text = ''
#
# Microsoft Azure Linux Agent Configuration
#
# Enable extension handling. Do not disable this unless you do not need password reset,
# backup, monitoring, or any extension handling whatsoever.
Extensions.Enabled=y
# How often (in seconds) to poll for new goal states
Extensions.GoalStatePeriod=6
# Which provisioning agent to use. Supported values are "auto" (default), "waagent",
# "cloud-init", or "disabled".
Provisioning.Agent=auto
# Password authentication for root account will be unavailable.
Provisioning.DeleteRootPassword=n
# Generate fresh host key pair.
Provisioning.RegenerateSshHostKeyPair=n
# Supported values are "rsa", "dsa", "ecdsa", "ed25519", and "auto".
# The "auto" option is supported on OpenSSH 5.9 (2011) and later.
Provisioning.SshHostKeyPairType=ed25519
# Monitor host name changes and publish changes via DHCP requests.
Provisioning.MonitorHostName=y
# How often (in seconds) to monitor host name changes.
Provisioning.MonitorHostNamePeriod=30
# Decode CustomData from Base64.
Provisioning.DecodeCustomData=n
# Execute CustomData after provisioning.
Provisioning.ExecuteCustomData=n
# Algorithm used by crypt when generating password hash.
#Provisioning.PasswordCryptId=6
# Length of random salt used when generating password hash.
#Provisioning.PasswordCryptSaltLength=10
# Allow reset password of sys user
Provisioning.AllowResetSysUser=n
# Format if unformatted. If 'n', resource disk will not be mounted.
ResourceDisk.Format=${if cfg.mountResourceDisk then "y" else "n"}
# File system on the resource disk
# Typically ext3 or ext4. FreeBSD images should use 'ufs2' here.
ResourceDisk.Filesystem=ext4
# Mount point for the resource disk
ResourceDisk.MountPoint=/mnt/resource
# Create and use swapfile on resource disk.
ResourceDisk.EnableSwap=n
# Size of the swapfile.
ResourceDisk.SwapSizeMB=0
# Comma-separated list of mount options. See mount(8) for valid options.
ResourceDisk.MountOptions=None
# Enable verbose logging (y|n)
Logs.Verbose=${if cfg.verboseLogging then "y" else "n"}
# Enable Console logging, default is y
# Logs.Console=y
# Enable periodic log collection, default is n
Logs.Collect=n
# How frequently to collect logs, default is each hour
Logs.CollectPeriod=3600
# Is FIPS enabled
OS.EnableFIPS=n
# Root device timeout in seconds.
OS.RootDeviceScsiTimeout=300
# How often (in seconds) to set the root device timeout.
OS.RootDeviceScsiTimeoutPeriod=30
# If "None", the system default version is used.
OS.OpensslPath=${pkgs.openssl_3.bin}/bin/openssl
# Set the SSH ClientAliveInterval
# OS.SshClientAliveInterval=180
# Set the path to SSH keys and configuration files
OS.SshDir=/etc/ssh
# If set, agent will use proxy server to access internet
#HttpProxy.Host=None
#HttpProxy.Port=None
# Detect Scvmm environment, default is n
# DetectScvmmEnv=n
#
# Lib.Dir=/var/lib/waagent
#
# DVD.MountPoint=/mnt/cdrom/secure
#
# Pid.File=/var/run/waagent.pid
#
# Extension.LogDir=/var/log/azure
#
# Home.Dir=/home
# Enable RDMA management and set up, should only be used in HPC images
OS.EnableRDMA=n
# Enable checking RDMA driver version and update
# OS.CheckRdmaDriver=y
# Enable or disable goal state processing auto-update, default is enabled
AutoUpdate.Enabled=n
# Determine the update family, this should not be changed
# AutoUpdate.GAFamily=Prod
# Determine if the overprovisioning feature is enabled. If yes, hold extension
# handling until inVMArtifactsProfile.OnHold is false.
# Default is enabled
EnableOverProvisioning=n
# Allow fallback to HTTP if HTTPS is unavailable
# Note: Allowing HTTP (vs. HTTPS) may cause security risks
# OS.AllowHTTP=n
# Add firewall rules to protect access to Azure host node services
OS.EnableFirewall=n
# How often (in seconds) to check the firewall rules
OS.EnableFirewallPeriod=30
# How often (in seconds) to remove the udev rules for persistent network interface
# names (75-persistent-net-generator.rules and /etc/udev/rules.d/70-persistent-net.rules)
OS.RemovePersistentNetRulesPeriod=30
# How often (in seconds) to monitor for DHCP client restarts
OS.MonitorDhcpClientRestartPeriod=30
'';
services.udev.packages = [ pkgs.waagent ];
# Provide waagent-shipped udev rules in initrd too.
boot.initrd.services.udev.packages = [ pkgs.waagent ];
# udev rules shell out to chmod, cut and readlink, which are all
# provided by pkgs.coreutils, which is in services.udev.path, but not
# boot.initrd.services.udev.binPackages.
boot.initrd.services.udev.binPackages = [ pkgs.coreutils ];
networking.dhcpcd.persistent = true;
services.logrotate = {
enable = true;
settings."/var/log/waagent.log" = {
compress = true;
frequency = "monthly";
rotate = 6;
};
};
systemd.targets.provisioned = {
description = "Services Requiring Azure VM provisioning to have finished";
};
systemd.services.consume-hypervisor-entropy =
{
description = "Consume entropy in ACPI table provided by Hyper-V";
wantedBy = [ "sshd.service" "waagent.service" ];
before = [ "sshd.service" "waagent.service" ];
path = [ pkgs.coreutils ];
script =
''
echo "Fetching entropy..."
cat /sys/firmware/acpi/tables/OEM0 > /dev/random
'';
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
serviceConfig.StandardError = "journal+console";
serviceConfig.StandardOutput = "journal+console";
};
systemd.services.waagent = {
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" "sshd.service" ];
wants = [ "network-online.target" ];
path = [
pkgs.e2fsprogs
pkgs.bash
pkgs.findutils
pkgs.gnugrep
pkgs.gnused
pkgs.iproute2
pkgs.iptables
# for hostname
pkgs.nettools
pkgs.openssh
pkgs.openssl
pkgs.parted
# for pidof
pkgs.procps
# for useradd, usermod
pkgs.shadow
pkgs.util-linux # for (u)mount, fdisk, sfdisk, mkswap
# waagent's Microsoft.OSTCExtensions.VMAccessForLinux needs Python 3
pkgs.python39
# waagent's Microsoft.CPlat.Core.RunCommandLinux needs lsof
pkgs.lsof
];
description = "Windows Azure Agent Service";
unitConfig.ConditionPathExists = "/etc/waagent.conf";
serviceConfig = {
ExecStart = "${pkgs.waagent}/bin/waagent -daemon";
Type = "simple";
};
};
# waagent will generate files under /etc/sudoers.d during provisioning
security.sudo.extraConfig = ''
#includedir /etc/sudoers.d
'';
};
}
warn
''
`virtualisation.azure.agent` provided by `azure-agent.nix` module has been replaced
by `services.waagent` options, and will be removed in a future release.
''
{
imports = [
(mkRenamedOptionModule
[
"virtualisation"
"azure"
"agent"
"enable"
]
[
"services"
"waagent"
"enable"
]
)
(mkRenamedOptionModule
[
"virtualisation"
"azure"
"agent"
"verboseLogging"
]
[
"services"
"waagent"
"settings"
"Logs"
"Verbose"
]
)
(mkRenamedOptionModule
[
"virtualisation"
"azure"
"agent"
"mountResourceDisk"
]
[
"services"
"waagent"
"settings"
"ResourceDisk"
"Format"
]
)
];
}

25
nixos/modules/virtualisation/oci-containers.nix
View File

@@ -295,28 +295,19 @@ let
'';
};
capAdd = mkOption {
capabilities = mkOption {
type = with types; lazyAttrsOf (nullOr bool);
default = { };
description = ''
Capabilities to add to container
'';
example = literalExpression ''
{
SYS_ADMIN = true;
{
'';
};
capDrop = mkOption {
type = with types; lazyAttrsOf (nullOr bool);
default = { };
description = ''
Capabilities to drop from container
Capabilities to configure for the container.
When set to true, capability is added to the container.
When set to false, capability is dropped from the container.
When null, default runtime settings apply.
'';
example = literalExpression ''
{
SYS_ADMIN = true;
SYS_WRITE = false;
{
'';
};
@@ -441,10 +432,10 @@ let
++ optional (container.workdir != null) "-w ${escapeShellArg container.workdir}"
++ optional (container.privileged) "--privileged"
++ mapAttrsToList (k: _: "--cap-add=${escapeShellArg k}") (
filterAttrs (_: v: v == true) container.capAdd
filterAttrs (_: v: v == true) container.capabilities
)
++ mapAttrsToList (k: _: "--cap-drop=${escapeShellArg k}") (
filterAttrs (_: v: v == true) container.capDrop
filterAttrs (_: v: v == false) container.capabilities
)
++ map (d: "--device=${escapeShellArg d}") container.devices
++ map (n: "--network=${escapeShellArg n}") container.networks

364
nixos/modules/virtualisation/waagent.nix Normal file
View File

@@ -0,0 +1,364 @@
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.services.waagent;
# Format for waagent.conf
settingsFormat = {
type =
with types;
let
singleAtom =
(nullOr (oneOf [
bool
str
int
float
]))
// {
description = "atom (bool, string, int or float) or null";
};
atom = either singleAtom (listOf singleAtom) // {
description = singleAtom.description + " or a list of them";
};
in
attrsOf (
either atom (attrsOf atom)
// {
description = atom.description + "or an attribute set of them";
}
);
generate =
name: value:
let
# Transform non-attribute values
transform =
x:
# Transform bool to "y" or "n"
if (isBool x) then
(if x then "y" else "n")
# Concatenate list items with comma
else if (isList x) then
concatStringsSep "," (map transform x)
else
toString x;
# Convert to format of waagent.conf
recurse =
path: value:
if builtins.isAttrs value then
pipe value [
(mapAttrsToList (k: v: recurse (path ++ [ k ]) v))
concatLists
]
else
[
{
name = concatStringsSep "." path;
inherit value;
}
];
convert =
attrs:
pipe (recurse [ ] attrs) [
# Filter out null values and emoty lists
(filter (kv: kv.value != null && kv.value != [ ]))
# Transform to Key=Value form, then concatenate
(map (kv: "${kv.name}=${transform kv.value}"))
(concatStringsSep "\n")
];
in
pkgs.writeText name (convert value);
};
settingsType = types.submodule {
freeformType = settingsFormat.type;
options = {
Provisioning = {
Enable = mkOption {
type = types.bool;
default = !config.services.cloud-init.enable;
defaultText = literalExpression "!config.services.cloud-init.enable";
description = ''
Whether to enable provisioning functionality in the agent.
If provisioning is disabled, SSH host and user keys in the image are preserved
and configuration in the Azure provisioning API is ignored.
Set to `false` if cloud-init is used for provisioning tasks.
'';
};
Agent = mkOption {
type = types.enum [
"auto"
"waagent"
"cloud-init"
"disabled"
];
default = "auto";
description = ''
Which provisioning agent to use.
'';
};
};
ResourceDisk = {
Format = mkEnableOption ''
If set to `true`, waagent formats and mounts the resource disk that the platform provides,
unless the file system type in `ResourceDisk.FileSystem` is set to `ntfs`.
The agent makes a single Linux partition (ID 83) available on the disk.
This partition isn't formatted if it can be successfully mounted.
This configuration has no effect if resource disk is managed by cloud-init.
'';
FileSystem = mkOption {
type = types.str;
default = "ext4";
description = ''
The file system type for the resource disk.
If the string is `X`, then `mkfs.X` should be present in the environment.
You can add additional filesystem packages using `services.waagent.extraPackages`.
This configuration has no effect if resource disk is managed by cloud-init.
'';
};
MountPoint = mkOption {
type = types.str;
default = "/mnt/resource";
description = ''
This option specifies the path at which the resource disk is mounted.
The resource disk is a temporary disk and might be emptied when the VM is deprovisioned.
This configuration has no effect if resource disk is managed by cloud-init.
'';
};
MountOptions = mkOption {
type = with types; listOf str;
default = [ ];
example = [
"nodev"
"nosuid"
];
description = ''
This option specifies disk mount options to be passed to the `mount -o` command.
For more information, see the `mount(8)` manual page.
'';
};
EnableSwap = mkEnableOption ''
If enabled, the agent creates a swap file (`/swapfile`) on the resource disk
and adds it to the system swap space.
This configuration has no effect if resource disk is managed by cloud-init.
'';
SwapSizeMB = mkOption {
type = types.int;
default = 0;
description = ''
Specifies the size of the swap file in megabytes.
This configuration has no effect if resource disk is managed by cloud-init.
'';
};
};
Logs.Verbose = lib.mkEnableOption ''
If you set this option, log verbosity is boosted.
Waagent logs to `/var/log/waagent.log` and uses the system logrotate functionality to rotate logs.
'';
OS = {
EnableRDMA = lib.mkEnableOption ''
If enabled, the agent attempts to install and then load an RDMA kernel driver
that matches the version of the firmware on the underlying hardware.
'';
RootDeviceScsiTimeout = lib.mkOption {
type = types.nullOr types.int;
default = 300;
description = ''
Configures the SCSI timeout in seconds on the OS disk and data drives.
If set to `null`, the system defaults are used.
'';
};
};
HttpProxy = {
Host = lib.mkOption {
type = types.nullOr types.str;
default = null;
description = ''
If you set http proxy, waagent will use is proxy to access the Internet.
'';
};
Port = lib.mkOption {
type = types.nullOr types.int;
default = null;
description = ''
If you set http proxy, waagent will use this proxy to access the Internet.
'';
};
};
AutoUpdate.Enable = lib.mkEnableOption ''
Enable or disable autoupdate for goal state processing.
'';
};
};
in
{
options.services.waagent = {
enable = lib.mkEnableOption ''
Whether to enable the Windows Azure Linux Agent.
'';
package = lib.mkPackageOption pkgs "waagent" { };
extraPackages = lib.mkOption {
default = [ ];
description = ''
Additional packages to add to the waagent {env}`PATH`.
'';
example = lib.literalExpression "[ pkgs.powershell ]";
type = lib.types.listOf lib.types.package;
};
settings = lib.mkOption {
type = settingsType;
default = { };
description = ''
The waagent.conf configuration, see https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/agent-linux for documentation.
'';
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = (cfg.settings.HttpProxy.Host != null) -> (cfg.settings.HttpProxy.Port != null);
message = "Option services.waagent.settings.HttpProxy.Port must be set if services.waagent.settings.HttpProxy.Host is set.";
}
];
boot.initrd.kernelModules = [ "ata_piix" ];
networking.firewall.allowedUDPPorts = [ 68 ];
services.udev.packages = with pkgs; [ waagent ];
boot.initrd.services.udev = with pkgs; {
# Provide waagent-shipped udev rules in initrd too.
packages = [ waagent ];
# udev rules shell out to chmod, cut and readlink, which are all
# provided by pkgs.coreutils, which is in services.udev.path, but not
# boot.initrd.services.udev.binPackages.
binPackages = [ coreutils ];
};
networking.dhcpcd.persistent = true;
services.logrotate = {
enable = true;
settings."/var/log/waagent.log" = {
compress = true;
frequency = "monthly";
rotate = 6;
};
};
# Write settings to /etc/waagent.conf
environment.etc."waagent.conf".source = settingsFormat.generate "waagent.conf" cfg.settings;
systemd.targets.provisioned = {
description = "Services Requiring Azure VM provisioning to have finished";
};
systemd.services.consume-hypervisor-entropy = {
description = "Consume entropy in ACPI table provided by Hyper-V";
wantedBy = [
"sshd.service"
"waagent.service"
];
before = [
"sshd.service"
"waagent.service"
];
path = [ pkgs.coreutils ];
script = ''
echo "Fetching entropy..."
cat /sys/firmware/acpi/tables/OEM0 > /dev/random
'';
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
serviceConfig.StandardError = "journal+console";
serviceConfig.StandardOutput = "journal+console";
};
systemd.services.waagent = {
wantedBy = [ "multi-user.target" ];
after = [
"network-online.target"
] ++ lib.optionals config.services.cloud-init.enable [ "cloud-init.service" ];
wants = [
"network-online.target"
"sshd.service"
"sshd-keygen.service"
];
path =
with pkgs;
[
e2fsprogs
bash
findutils
gnugrep
gnused
iproute2
iptables
openssh
openssl
parted
# for hostname
nettools
# for pidof
procps
# for useradd, usermod
shadow
util-linux # for (u)mount, fdisk, sfdisk, mkswap
# waagent's Microsoft.CPlat.Core.RunCommandLinux needs lsof
lsof
]
++ cfg.extraPackages;
description = "Windows Azure Agent Service";
unitConfig.ConditionPathExists = "/etc/waagent.conf";
serviceConfig = {
ExecStart = "${lib.getExe cfg.package} -daemon";
Type = "simple";
Restart = "always";
Slice = "azure.slice";
CPUAccounting = true;
MemoryAccounting = true;
};
};
# waagent will generate files under /etc/sudoers.d during provisioning
security.sudo.extraConfig = ''
#includedir /etc/sudoers.d
'';
};
}

21
nixos/tests/all-tests.nix
View File

@@ -340,7 +340,6 @@ in {
firefox-beta = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-beta; };
firefox-devedition = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-devedition; };
firefox-esr = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-esr; }; # used in `tested` job
firefox-esr-115 = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-esr-115; };
firefox-esr-128 = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-esr-128; };
firefoxpwa = handleTest ./firefoxpwa.nix {};
firejail = handleTest ./firejail.nix {};
@@ -712,8 +711,23 @@ in {
nixops = handleTest ./nixops/default.nix {};
nixos-generate-config = handleTest ./nixos-generate-config.nix {};
nixos-rebuild-install-bootloader = handleTestOn ["x86_64-linux"] ./nixos-rebuild-install-bootloader.nix {};
nixos-rebuild-specialisations = runTestOn ["x86_64-linux"] ./nixos-rebuild-specialisations.nix;
nixos-rebuild-target-host = runTest ./nixos-rebuild-target-host.nix;
nixos-rebuild-install-bootloader-ng = handleTestOn ["x86_64-linux"] ./nixos-rebuild-install-bootloader.nix { withNg = true; };
nixos-rebuild-specialisations = runTestOn ["x86_64-linux"] {
imports = [ ./nixos-rebuild-specialisations.nix ];
_module.args.withNg = false;
};
nixos-rebuild-specialisations-ng = runTestOn ["x86_64-linux"] {
imports = [ ./nixos-rebuild-specialisations.nix ];
_module.args.withNg = true;
};
nixos-rebuild-target-host = runTest {
imports = [ ./nixos-rebuild-target-host.nix ];
_module.args.withNg = false;
};
nixos-rebuild-target-host-ng = runTest {
imports = [ ./nixos-rebuild-target-host.nix ];
_module.args.withNg = true;
};
nixpkgs = pkgs.callPackage ../modules/misc/nixpkgs/test.nix { inherit evalMinimalConfig; };
nixseparatedebuginfod = handleTest ./nixseparatedebuginfod.nix {};
node-red = handleTest ./node-red.nix {};
@@ -1124,6 +1138,7 @@ in {
vscode-remote-ssh = handleTestOn ["x86_64-linux"] ./vscode-remote-ssh.nix {};
vscodium = discoverTests (import ./vscodium.nix);
vsftpd = handleTest ./vsftpd.nix {};
waagent = handleTest ./waagent.nix {};
wakapi = handleTest ./wakapi.nix {};
warzone2100 = handleTest ./warzone2100.nix {};
wasabibackend = handleTest ./wasabibackend.nix {};

5
nixos/tests/dokuwiki.nix
View File

@@ -78,6 +78,11 @@ let
};
};
services.caddy.virtualHosts = {
"site1.local".hostName = "http://site1.local";
"site2.local".hostName = "http://site2.local";
};
networking.firewall.allowedTCPPorts = [ 80 ];
networking.hosts."127.0.0.1" = [ "site1.local" "site2.local" ];
};

2
nixos/tests/google-oslogin/default.nix
View File

@@ -16,7 +16,7 @@ import ../make-test-python.nix (
{
name = "google-oslogin";
meta = with pkgs.lib.maintainers; {
maintainers = [ flokli ];
maintainers = [ ];
};
nodes = {

43
nixos/tests/minio.nix
View File

@@ -1,16 +1,35 @@
import ./make-test-python.nix ({ pkgs, ... }:
let
tls-cert =
pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } ''
openssl req \
-x509 -newkey rsa:4096 -sha256 -days 365 \
-nodes -out cert.pem -keyout key.pem \
-subj '/CN=minio' -addext "subjectAltName=DNS:localhost"
mkdir -p $out
cp key.pem cert.pem $out
'';
accessKey = "BKIKJAA5BMMU2RHO6IBB";
secretKey = "V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12";
minioPythonScript = pkgs.writeScript "minio-test.py" ''
#! ${pkgs.python3.withPackages(ps: [ ps.minio ])}/bin/python
import io
import os
import sys
from minio import Minio
if len(sys.argv) > 1 and sys.argv[1] == 'tls':
tls = True
else:
tls = False
minioClient = Minio('localhost:9000',
access_key='${accessKey}',
secret_key='${secretKey}',
secure=False)
secure=tls,
cert_check=False)
sio = io.BytesIO()
sio.write(b'Test from Python')
sio.seek(0, os.SEEK_END)
@@ -56,6 +75,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
machine.wait_for_unit("multi-user.target")
machine.copy_from_host("${credsFull}", "${rootCredentialsFile}")
# Test non-TLS server
machine.wait_for_unit("minio.service")
machine.wait_for_open_port(9000)
@@ -67,6 +87,27 @@ import ./make-test-python.nix ({ pkgs, ... }:
machine.succeed("${minioPythonScript}")
assert "test-bucket" in machine.succeed("mc ls minio")
assert "Test from Python" in machine.succeed("mc cat minio/test-bucket/test.txt")
machine.succeed("mc rb --force minio/test-bucket")
machine.systemctl("stop minio.service")
# Test TLS server
machine.copy_from_host("${tls-cert}/cert.pem", "/var/lib/minio/certs/public.crt")
machine.copy_from_host("${tls-cert}/key.pem", "/var/lib/minio/certs/private.key")
machine.systemctl("start minio.service")
machine.wait_for_unit("minio.service")
machine.wait_for_open_port(9000)
# Create a test bucket on the server
machine.succeed(
"mc config host add minio https://localhost:9000 ${accessKey} ${secretKey} --api s3v4"
)
machine.succeed("mc --insecure mb minio/test-bucket")
machine.succeed("${minioPythonScript} tls")
assert "test-bucket" in machine.succeed("mc --insecure ls minio")
assert "Test from Python" in machine.succeed("mc --insecure cat minio/test-bucket/test.txt")
machine.succeed("mc --insecure rb --force minio/test-bucket")
machine.shutdown()
'';
})

8
nixos/tests/nixos-rebuild-install-bootloader.nix
View File

@@ -1,4 +1,4 @@
import ./make-test-python.nix ({ pkgs, ... }: {
import ./make-test-python.nix ({ pkgs, lib, withNg ? false, ... }: {
name = "nixos-rebuild-install-bootloader";
nodes = {
@@ -15,6 +15,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
};
system.includeBuildDependencies = true;
system.rebuild.enableNg = withNg;
virtualisation = {
cores = 2;
@@ -27,7 +28,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
testScript =
let
configFile = pkgs.writeText "configuration.nix" ''
configFile = pkgs.writeText "configuration.nix" /* nix */ ''
{ lib, pkgs, ... }: {
imports = [
./hardware-configuration.nix
@@ -40,12 +41,13 @@ import ./make-test-python.nix ({ pkgs, ... }: {
forceInstall = true;
};
system.rebuild.enableNg = ${lib.boolToString withNg};
documentation.enable = false;
}
'';
in
''
/* python */ ''
machine.start()
machine.succeed("udevadm settle")
machine.wait_for_unit("multi-user.target")

9
nixos/tests/nixos-rebuild-specialisations.nix
View File

@@ -1,4 +1,4 @@
{ hostPkgs, ... }: {
{ hostPkgs, lib, withNg, ... }: {
name = "nixos-rebuild-specialisations";
# TODO: remove overlay from nixos/modules/profiles/installation-device.nix
@@ -25,6 +25,7 @@
pkgs.grub2
];
system.rebuild.enableNg = withNg;
system.switch.enable = true;
virtualisation = {
@@ -36,7 +37,7 @@
testScript =
let
configFile = hostPkgs.writeText "configuration.nix" ''
configFile = hostPkgs.writeText "configuration.nix" /* nix */ ''
{ lib, pkgs, ... }: {
imports = [
./hardware-configuration.nix
@@ -55,6 +56,8 @@
(pkgs.writeShellScriptBin "parent" "")
];
system.rebuild.enableNg = ${lib.boolToString withNg};
specialisation.foo = {
inheritParentConfig = true;
@@ -78,7 +81,7 @@
'';
in
''
/* python */ ''
machine.start()
machine.succeed("udevadm settle")
machine.wait_for_unit("multi-user.target")

22
nixos/tests/nixos-rebuild-target-host.nix
View File

@@ -1,4 +1,4 @@
{ hostPkgs, ... }: {
{ hostPkgs, lib, withNg, ... }: {
name = "nixos-rebuild-target-host";
# TODO: remove overlay from nixos/modules/profiles/installation-device.nix
@@ -30,6 +30,7 @@
system.build.publicKey = snakeOilPublicKey;
# We don't switch on `deployer`, but we need it to have the dependencies
# available, to be picked up by system.includeBuildDependencies above.
system.rebuild.enableNg = withNg;
system.switch.enable = true;
};
@@ -83,7 +84,7 @@
targetNetworkJSON = hostPkgs.writeText "target-network.json"
(builtins.toJSON nodes.target.system.build.networkConfig);
configFile = hostname: hostPkgs.writeText "configuration.nix" ''
configFile = hostname: hostPkgs.writeText "configuration.nix" /* nix */ ''
{ lib, modulesPath, ... }: {
imports = [
(modulesPath + "/virtualisation/qemu-vm.nix")
@@ -100,12 +101,24 @@
forceInstall = true;
};
system.rebuild.enableNg = ${lib.boolToString withNg};
${lib.optionalString withNg /* nix */ ''
nixpkgs.overlays = [
(final: prev: {
# Set tmpdir inside nixos-rebuild-ng to test
# "Deploy works with very long TMPDIR"
nixos-rebuild-ng = prev.nixos-rebuild-ng.override { withTmpdir = "/tmp"; };
})
];
''}
# this will be asserted
networking.hostName = "${hostname}";
}
'';
in
''
/* python */ ''
start_all()
target.wait_for_open_port(22)
@@ -137,7 +150,8 @@
assert target_hostname == "config-2-deployed", f"{target_hostname=}"
with subtest("Deploy to bob@target with password based sudo"):
deployer.succeed("passh -c 3 -C -p ${nodes.target.users.users.bob.password} -P \"\[sudo\] password\" nixos-rebuild switch -I nixos-config=/root/configuration-3.nix --target-host bob@target --use-remote-sudo &>/dev/console")
# TODO: investigate why --ask-sudo-password from nixos-rebuild-ng is not working here
deployer.succeed(r'${lib.optionalString withNg "NIX_SSHOPTS=-t "}passh -c 3 -C -p ${nodes.target.users.users.bob.password} -P "\[sudo\] password" nixos-rebuild switch -I nixos-config=/root/configuration-3.nix --target-host bob@target --use-remote-sudo &>/dev/console')
target_hostname = deployer.succeed("ssh alice@target cat /etc/hostname").rstrip()
assert target_hostname == "config-3-deployed", f"{target_hostname=}"

100
nixos/tests/oci-containers.nix
View File

@@ -1,64 +1,70 @@
{ system ? builtins.currentSystem
, config ? {}
, pkgs ? import ../.. { inherit system config; }
, lib ? pkgs.lib
{
system ? builtins.currentSystem,
config ? { },
pkgs ? import ../.. { inherit system config; },
lib ? pkgs.lib,
}:
let
inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest;
mkOCITest = backend: makeTest {
name = "oci-containers-${backend}";
mkOCITest =
backend:
makeTest {
name = "oci-containers-${backend}";
meta.maintainers = lib.teams.serokell.members
++ (with lib.maintainers; [ benley ]);
meta.maintainers = lib.teams.serokell.members ++ (with lib.maintainers; [ benley ]);
nodes = {
${backend} = { pkgs, ... }: {
virtualisation.oci-containers = {
inherit backend;
containers.nginx = {
image = "nginx-container";
imageStream = pkgs.dockerTools.examples.nginxStream;
ports = ["8181:80"];
capAdd = {
CAP_AUDIT_READ = true;
nodes = {
${backend} =
{ pkgs, ... }:
{
virtualisation.oci-containers = {
inherit backend;
containers.nginx = {
image = "nginx-container";
imageStream = pkgs.dockerTools.examples.nginxStream;
ports = [ "8181:80" ];
capabilities = {
CAP_AUDIT_READ = true;
CAP_AUDIT_WRITE = false;
};
privileged = false;
devices = [
"/dev/random:/dev/random"
];
};
};
capDrop = {
CAP_AUDIT_WRITE = true;
};
privileged = false;
devices = [
"/dev/random:/dev/random"
];
# Stop systemd from killing remaining processes if ExecStop script
# doesn't work, so that proper stopping can be tested.
systemd.services."${backend}-nginx".serviceConfig.KillSignal = "SIGCONT";
};
};
# Stop systemd from killing remaining processes if ExecStop script
# doesn't work, so that proper stopping can be tested.
systemd.services."${backend}-nginx".serviceConfig.KillSignal = "SIGCONT";
};
testScript = ''
import json
start_all()
${backend}.wait_for_unit("${backend}-nginx.service")
${backend}.wait_for_open_port(8181)
${backend}.wait_until_succeeds("curl -f http://localhost:8181 | grep Hello")
output = json.loads(${backend}.succeed("${backend} inspect nginx --format json").strip())[0]
${backend}.succeed("systemctl stop ${backend}-nginx.service", timeout=10)
assert output['HostConfig']['CapAdd'] == ["CAP_AUDIT_READ"]
assert output['HostConfig']['CapDrop'] == ${
if backend == "docker" then "[\"CAP_AUDIT_WRITE\"]" else "[]"
} # Rootless podman runs with no capabilities so it cannot drop them
assert output['HostConfig']['Privileged'] == False
assert output['HostConfig']['Devices'] == [{'PathOnHost': '/dev/random', 'PathInContainer': '/dev/random', 'CgroupPermissions': '${
if backend == "docker" then "rwm" else ""
}'}]
'';
};
testScript = ''
import json
start_all()
${backend}.wait_for_unit("${backend}-nginx.service")
${backend}.wait_for_open_port(8181)
${backend}.wait_until_succeeds("curl -f http://localhost:8181 | grep Hello")
output = json.loads(${backend}.succeed("${backend} inspect nginx --format json").strip())[0]
${backend}.succeed("systemctl stop ${backend}-nginx.service", timeout=10)
assert output['HostConfig']['CapAdd'] == ["CAP_AUDIT_READ"]
assert output['HostConfig']['CapDrop'] == ${if backend == "docker" then "[\"CAP_AUDIT_WRITE\"]" else "[]"} # Rootless podman runs with no capabilities so it cannot drop them
assert output['HostConfig']['Privileged'] == False
assert output['HostConfig']['Devices'] == [{'PathOnHost': '/dev/random', 'PathInContainer': '/dev/random', 'CgroupPermissions': '${if backend == "docker" then "rwm" else ""}'}]
'';
};
in
lib.foldl' (attrs: backend: attrs // { ${backend} = mkOCITest backend; }) {} [
lib.foldl' (attrs: backend: attrs // { ${backend} = mkOCITest backend; }) { } [
"docker"
"podman"
]

72
nixos/tests/waagent.nix Normal file
View File

@@ -0,0 +1,72 @@
import ./make-test-python.nix (
{ lib, pkgs, ... }:
let
confPath = "/etc/waagent.conf";
in
{
name = "waagent";
meta = {
maintainers = with lib.maintainers; [ codgician ];
};
nodes.machine = {
services.waagent = {
enable = true;
settings = {
Provisioning = {
Enable = false;
Agent = "waagent";
DeleteRootPassword = false;
RegenerateSshHostKeyPair = false;
SshHostKeyPairType = "ed25519";
MonitorHostName = false;
};
ResourceDisk = {
Format = false;
MountOptions = [
"compress=lzo"
"mode=0600"
];
};
OS.RootDeviceScsiTimeout = 300;
HttpProxy = {
Host = null;
Port = null;
};
CGroups = {
EnforceLimits = false;
Excluded = [ ];
};
};
};
};
testScript = ''
# Defined values should be reflected in waagent.conf
machine.succeed("grep -q '^Provisioning.Enable=n$' '${confPath}'")
machine.succeed("grep -q '^Provisioning.Agent=waagent$' '${confPath}'")
machine.succeed("grep -q '^Provisioning.DeleteRootPassword=n$' '${confPath}'")
machine.succeed("grep -q '^Provisioning.RegenerateSshHostKeyPair=n$' '${confPath}'")
machine.succeed("grep -q '^Provisioning.SshHostKeyPairType=ed25519$' '${confPath}'")
machine.succeed("grep -q '^Provisioning.MonitorHostName=n$' '${confPath}'")
machine.succeed("grep -q '^ResourceDisk.Format=n$' '${confPath}'")
machine.succeed("grep -q '^ResourceDisk.MountOptions=compress=lzo,mode=0600$' '${confPath}'")
machine.succeed("grep -q '^OS.RootDeviceScsiTimeout=300$' '${confPath}'")
# Undocumented options should also be supported
machine.succeed("grep -q '^CGroups.EnforceLimits=n$' '${confPath}'")
# Null values should be skipped and not exist in waagent.conf
machine.fail("grep -q '^HttpProxy.Host=' '${confPath}'")
machine.fail("grep -q '^HttpProxy.Port=' '${confPath}'")
# Empty lists should be skipped and not exist in waagent.conf
machine.fail("grep -q '^CGroups.Excluded=' '${confPath}'")
# Test service start
# Skip testing actual functionality due to lacking Azure infrasturcture
machine.wait_for_unit("waagent.service")
'';
}
)

5
pkgs/README.md
View File

@@ -492,6 +492,11 @@ Examples going from bad to best practices:
Sometimes, changes are needed to the source to allow building a derivation in nixpkgs, or to get earlier access to an upstream fix or improvement.
When using the `patches` parameter to `mkDerivation`, make sure the patch name clearly describes the reason for the patch, or add a comment.
> [!Note]
> The version of the package does not need to be changed just because a patch is applied. Declarative package installations don't depend on the version, while imperative `nix-env` installations can use [`upgrade --eq/leq/--always`](https://nix.dev/manual/nix/2.25/command-ref/nix-env/upgrade#flags).
>
> See [Versioning](#versioning) for details on package versioning.
### Fetching patches
In the interest of keeping our maintenance burden and the size of Nixpkgs to a minimum, patches already merged upstream or published elsewhere _should_ be retrieved using `fetchpatch`:

4
pkgs/applications/audio/musescore/default.nix
View File

@@ -37,13 +37,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "musescore";
version = "4.4.3";
version = "4.4.4";
src = fetchFromGitHub {
owner = "musescore";
repo = "MuseScore";
rev = "v${finalAttrs.version}";
sha256 = "sha256-bHpPhav9JBPkwJA9o+IFHRWbvxWnGkD1wHBHS4XJ/YE=";
sha256 = "sha256-/1kAgzmSbnuCqd6YxbaYW2+gE0Gvy373y5VfUK4OVzI=";
};
cmakeFlags = [

5
pkgs/applications/editors/jetbrains/default.nix
View File

@@ -91,8 +91,9 @@ let
url = products."${pname}".url;
sha256 = products."${pname}".sha256;
};
inherit (products."${pname}") version;
buildNumber = products."${pname}".build_number;
version = if fromSource then communitySources."${pname}".version else products."${pname}".version;
buildNumber =
if fromSource then communitySources."${pname}".buildNumber else products."${pname}".build_number;
inherit (ideInfo."${pname}") wmClass product;
productShort = ideInfo."${pname}".productShort or ideInfo."${pname}".product;
meta = mkMeta ideInfo."${pname}".meta fromSource;

2
pkgs/applications/editors/jetbrains/readme.md
View File

@@ -20,7 +20,7 @@ To test the build process of every IDE (as well as the process for adding plugin
- Source builds need a bit more effort, as they **aren't automated at the moment**:
- Find the build of the stable release you want to target (usually different for pycharm and idea, should have three components)
- I find this at https://jetbrains.com/updates/updates.xml (search for `product name="`, then `fullNumber`)
- Update the `buildVer` field in source/default.nix
- Update the `version` & `buildNumber` fields in source/default.nix
- Empty the `ideaHash`, `androidHash`, `jpsHash` and `restarterHash` (only `ideaHash` and `restarterHash` changes on a regular basis) fields and try to build to get the new hashes
- Run `nix build .#jetbrains.(idea/pycharm)-community-src.src.src`, then `./source/build_maven.py source/idea_maven_artefacts.json result/`
- Update `source/brokenPlugins.json` (from https://plugins.jetbrains.com/files/brokenPlugins.json)

23
pkgs/applications/editors/jetbrains/source/build.nix
View File

@@ -19,7 +19,8 @@
, pkg-config
, xorg
, buildVer
, version
, buildNumber
, buildType
, ideaHash
, androidHash
@@ -35,14 +36,14 @@ let
ideaSrc = fetchFromGitHub {
owner = "jetbrains";
repo = "intellij-community";
rev = "${buildType}/${buildVer}";
rev = "${buildType}/${buildNumber}";
hash = ideaHash;
};
androidSrc = fetchFromGitHub {
owner = "jetbrains";
repo = "android";
rev = "${buildType}/${buildVer}";
rev = "${buildType}/${buildNumber}";
hash = androidHash;
};
@@ -75,7 +76,7 @@ let
libdbm = stdenv.mkDerivation {
pname = "libdbm";
version = buildVer;
version = buildNumber;
nativeBuildInputs = [ cmake pkg-config ];
buildInputs = [ glib xorg.libX11 libdbusmenu ];
inherit src;
@@ -95,12 +96,12 @@ let
fsnotifier = stdenv.mkDerivation {
pname = "fsnotifier";
version = buildVer;
version = buildNumber;
inherit src;
sourceRoot = "${src.name}/native/fsNotifier/linux";
buildPhase = ''
runHook preBuild
$CC -O2 -Wall -Wextra -Wpedantic -D "VERSION=\"${buildVer}\"" -std=c11 main.c inotify.c util.c -o fsnotifier
$CC -O2 -Wall -Wextra -Wpedantic -D "VERSION=\"${buildNumber}\"" -std=c11 main.c inotify.c util.c -o fsnotifier
runHook postBuild
'';
installPhase = ''
@@ -113,7 +114,7 @@ let
restarter = rustPlatform.buildRustPackage {
pname = "restarter";
version = buildVer;
version = buildNumber;
inherit src;
sourceRoot = "${src.name}/native/restarter";
cargoHash = restarterHash;
@@ -136,7 +137,7 @@ let
jps-bootstrap = stdenvNoCC.mkDerivation {
pname = "jps-bootstrap";
version = buildVer;
version = buildNumber;
inherit src;
sourceRoot = "${src.name}/platform/jps-bootstrap";
nativeBuildInputs = [ ant makeWrapper jbr ];
@@ -200,7 +201,7 @@ let
in
stdenvNoCC.mkDerivation rec {
pname = "${buildType}-community";
version = buildVer;
inherit version buildNumber;
name = "${pname}-${version}.tar.gz";
inherit src;
nativeBuildInputs = [ p7zip jbr jps-bootstrap ];
@@ -230,7 +231,7 @@ stdenvNoCC.mkDerivation rec {
-e 's|MAVEN_REPO_HERE|${mvnRepo}/.m2/repository/|' \
-e 's|MAVEN_PATH_HERE|${maven}/maven|' \
-i build/deps/src/org/jetbrains/intellij/build/impl/BundledMavenDownloader.kt
echo '${buildVer}.SNAPSHOT' > build.txt
echo '${buildNumber}.SNAPSHOT' > build.txt
'';
configurePhase = ''
@@ -239,7 +240,7 @@ stdenvNoCC.mkDerivation rec {
ln -s "$repo"/.m2 /build/.m2
export JPS_BOOTSTRAP_COMMUNITY_HOME=/build/source
jps-bootstrap \
-Dbuild.number=${buildVer} \
-Dbuild.number=${buildNumber} \
-Djps.kotlin.home=${kotlin} \
-Dintellij.build.target.os=linux \
-Dintellij.build.target.arch=x64 \

6
pkgs/applications/editors/jetbrains/source/default.nix
View File

@@ -3,7 +3,8 @@
{
idea-community = callPackage ./build.nix {
buildVer = "241.17890.1";
version = "2024.1.3";
buildNumber = "241.17890.1";
buildType = "idea";
ideaHash = "sha256-jWFnewxRkriSmV6CgGX1r//uaErMINfx3Z+JpkE34jk=";
androidHash = "sha256-hX2YdRYNRg0guskNiYfxdl9osgZojRen82IhgA6G0Eo=";
@@ -12,7 +13,8 @@
mvnDeps = ./idea_maven_artefacts.json;
};
pycharm-community = callPackage ./build.nix {
buildVer = "241.17890.14";
version = "2024.1.3";
buildNumber = "241.17890.14";
buildType = "pycharm";
ideaHash = "sha256-tTB91/RHEWP/ZILPNFAbolVBLvgjLXTdD/uF/pdJ22Y=";
androidHash = "sha256-hX2YdRYNRg0guskNiYfxdl9osgZojRen82IhgA6G0Eo=";

2
pkgs/applications/graphics/gnome-obfuscate/default.nix
View File

@@ -76,6 +76,6 @@ stdenv.mkDerivation (finalAttrs: {
license = licenses.gpl3Plus;
platforms = platforms.all;
mainProgram = "obfuscate";
maintainers = with maintainers; [ fgaz ];
maintainers = with maintainers; [ fgaz ] ++ lib.teams.gnome-circle.members;
};
})

2
pkgs/applications/misc/collision/default.nix
View File

@@ -108,6 +108,6 @@ crystal.buildCrystalPackage rec {
homepage = "https://github.com/GeopJr/Collision";
license = licenses.bsd2;
mainProgram = "collision";
maintainers = with maintainers; [ sund3RRR ];
maintainers = with maintainers; [ sund3RRR ] ++ lib.teams.gnome-circle.members;
};
}

4
pkgs/applications/misc/gallery-dl/default.nix
View File

@@ -10,13 +10,13 @@
buildPythonApplication rec {
pname = "gallery-dl";
version = "1.27.7";
version = "1.28.1";
format = "setuptools";
src = fetchPypi {
inherit version;
pname = "gallery_dl";
hash = "sha256-9YcxD7AH4U2dOhAiUnknwwGFy9pplFFQ7Rn4cOvDdEc=";
hash = "sha256-1UxLZZoDJsaiPqb+zaiWb9TyQIknKlrz6RN21B0sNe4=";
};
propagatedBuildInputs = [

18
pkgs/applications/networking/browsers/chromium/info.json
View File

@@ -766,7 +766,7 @@
}
},
"ungoogled-chromium": {
"version": "131.0.6778.108",
"version": "131.0.6778.139",
"deps": {
"depot_tools": {
"rev": "20b9bdcace7ed561d6a75728c85373503473cb6b",
@@ -777,16 +777,16 @@
"hash": "sha256-a8yCdBsl0nBMPS+pCLwrkAvQNP/THx/z/GySyOgx4Jk="
},
"ungoogled-patches": {
"rev": "131.0.6778.108-1",
"hash": "sha256-xFtxgZRbtG8qxvTyt++wa69dQvr61K29mTubkxoI1Y8="
"rev": "131.0.6778.139-1",
"hash": "sha256-6ehqckNitebDNEiY9qgbk8XMLADhpayxodpSFjlUDTA="
},
"npmHash": "sha256-b1l8SwjAfoColoa3zhTMPEF/rRuxzT3ATHE77rWU5EA="
},
"DEPS": {
"src": {
"url": "https://chromium.googlesource.com/chromium/src.git",
"rev": "3b014839fbc4fb688b2f5af512d6ce312ad208b1",
"hash": "sha256-ypzu3LveMFcOFm7+JlaERjzs3SK/n9+sfm5wOKB8/zw=",
"rev": "c35bbcbd7c2775a12a3f320e05ac0022939b1a8a",
"hash": "sha256-oJ4y9W51RMiUk40Uz8b3LJH0kMD5GMDG2V//Tng4/4A=",
"recompress": true
},
"src/third_party/clang-format/script": {
@@ -1126,8 +1126,8 @@
},
"src/third_party/icu": {
"url": "https://chromium.googlesource.com/chromium/deps/icu.git",
"rev": "4239b1559d11d4fa66c100543eda4161e060311e",
"hash": "sha256-7568UHNDOzyTCLy3TAwxZLUrKfB6A1yKA0wVZQJjKoI="
"rev": "ba7ed88cc5ffa428a82a0f787dd61031aa5ef4ca",
"hash": "sha256-WtCoxcbEkkZayB6kXdQEhZ7/ue+ka6cguhFbpeWUBJA="
},
"src/third_party/jsoncpp/source": {
"url": "https://chromium.googlesource.com/external/github.com/open-source-parsers/jsoncpp.git",
@@ -1526,8 +1526,8 @@
},
"src/v8": {
"url": "https://chromium.googlesource.com/v8/v8.git",
"rev": "e38771cb283b9689683c5ac0b5831dd89f8ec690",
"hash": "sha256-csSDnepYxil0R3PD/LVxW7JBcasOKG4l6q6vj8zHV/I="
"rev": "b97fcc24b3523da5e389d2a6d76857f134be09c5",
"hash": "sha256-5Es9Zot/DH+UKq3+aCgeQC+Llgj7/lmPXUYvar/hX7I="
}
}
}

4
pkgs/applications/networking/cluster/kuma/default.nix
View File

@@ -15,14 +15,14 @@
buildGoModule rec {
inherit pname;
version = "2.9.1";
version = "2.9.2";
tags = lib.optionals enableGateway [ "gateway" ];
src = fetchFromGitHub {
owner = "kumahq";
repo = "kuma";
rev = version;
hash = "sha256-aU1YYYnE7hkVL7f5zd/FXgAW95PpLCIGF4+Ulh3Dq4Q=";
hash = "sha256-c7ps2J15Hms1sM3e4uPvKZwYjhudEdw+220jNQemxag=";
};
vendorHash = "sha256-++oL9OetEApRdfjypknPE3GFjLZbKexjtnySIOZJg8U=";

10
pkgs/applications/networking/cluster/terraform-providers/providers.json
View File

@@ -198,13 +198,13 @@
"vendorHash": "sha256-/dOiXO2aPkuZaFiwv/6AXJdIADgx8T7eOwvJfBBoqg8="
},
"buildkite": {
"hash": "sha256-ECluix3yh9QTRPKNjpqJ1lkhpe+26M992fDsb35MAhU=",
"hash": "sha256-ogwUk5zYE3tdJB8zylkPpzfnUgmAhFQ4K0Vj3Jl0aog=",
"homepage": "https://registry.terraform.io/providers/buildkite/buildkite",
"owner": "buildkite",
"repo": "terraform-provider-buildkite",
"rev": "v1.13.0",
"rev": "v1.13.1",
"spdx": "MIT",
"vendorHash": "sha256-dUTwCqp2XTz+OoAxsdIczcMaitZaOBc3eUP8PpCDrHI="
"vendorHash": "sha256-IQ2zYe1eqq+LIhcHBxGGzcPRs4Atmipn++ERYvLNmvg="
},
"ccloud": {
"hash": "sha256-bGyVfB9eenE6QZZw0bAxnve0KW0ZQ54slTaaWZXDBOc=",
@@ -345,11 +345,11 @@
"vendorHash": "sha256-quoFrJbB1vjz+MdV+jnr7FPACHuUe5Gx9POLubD2IaM="
},
"digitalocean": {
"hash": "sha256-hxY0yg6syB7Dym323MOj6y0ZzLM0jCWO08zJmg4AvGk=",
"hash": "sha256-6oS9RIQYHOJwV0wHvfyZvPUWfK6q+aqXK2CHN06yoLY=",
"homepage": "https://registry.terraform.io/providers/digitalocean/digitalocean",
"owner": "digitalocean",
"repo": "terraform-provider-digitalocean",
"rev": "v2.44.1",
"rev": "v2.45.0",
"spdx": "MPL-2.0",
"vendorHash": null
},

100
pkgs/applications/networking/p2p/qbittorrent/default.nix
View File

@@ -1,100 +0,0 @@
{ lib
, stdenv
, fetchFromGitHub
, boost
, cmake
, Cocoa
, libtorrent-rasterbar
, ninja
, qtbase
, qtsvg
, qttools
, wrapGAppsHook3
, wrapQtAppsHook
, guiSupport ? true
, dbus
, qtwayland
, trackerSearch ? true
, python3
, webuiSupport ? true
}:
let
qtVersion = lib.versions.major qtbase.version;
in
stdenv.mkDerivation rec {
pname = "qbittorrent"
+ lib.optionalString (!guiSupport) "-nox";
version = "5.0.1";
src = fetchFromGitHub {
owner = "qbittorrent";
repo = "qBittorrent";
rev = "release-${version}";
hash = "sha256-BmfTQGftQIkRrlSpJy0yHTh0r3D2CWLIo+tnL0+OeA4=";
};
nativeBuildInputs = [
cmake
ninja
wrapGAppsHook3
wrapQtAppsHook
];
buildInputs = [
boost
libtorrent-rasterbar
qtbase
qtsvg
qttools
] ++ lib.optionals stdenv.hostPlatform.isDarwin [
Cocoa
] ++ lib.optionals guiSupport [
dbus
] ++ lib.optionals (guiSupport && stdenv.hostPlatform.isLinux) [
qtwayland
] ++ lib.optionals trackerSearch [
python3
];
cmakeFlags = lib.optionals (!guiSupport) [
"-DGUI=OFF"
"-DSYSTEMD=ON"
"-DSYSTEMD_SERVICES_INSTALL_DIR=${placeholder "out"}/lib/systemd/system"
] ++ lib.optionals (!webuiSupport) [
"-DWEBUI=OFF"
];
qtWrapperArgs = lib.optionals trackerSearch [
"--prefix PATH : ${lib.makeBinPath [ python3 ]}"
];
dontWrapGApps = true;
postInstall = lib.optionalString stdenv.hostPlatform.isDarwin ''
APP_NAME=qbittorrent${lib.optionalString (!guiSupport) "-nox"}
mkdir -p $out/{Applications,bin}
cp -R $APP_NAME.app $out/Applications
makeWrapper $out/{Applications/$APP_NAME.app/Contents/MacOS,bin}/$APP_NAME
'';
preFixup = ''
qtWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
meta = with lib; {
description = "Featureful free software BitTorrent client";
homepage = "https://www.qbittorrent.org";
changelog = "https://github.com/qbittorrent/qBittorrent/blob/release-${version}/Changelog";
license = licenses.gpl2Plus;
platforms = platforms.unix;
maintainers = with maintainers; [ Anton-Latukha kashw2 ];
mainProgram =
"qbittorrent"
+ lib.optionalString (!guiSupport) "-nox";
};
}

17
pkgs/applications/science/electronics/qucs-s/default.nix
View File

@@ -4,6 +4,7 @@
, flex
, bison
, qtbase
, qtcharts
, qttools
, qtsvg
, qtwayland
@@ -13,22 +14,27 @@
, gperf
, adms
, ngspice
, kernels ? [ ngspice ]
, qucsator-rf
, kernels ? [ ngspice qucsator-rf ]
}:
stdenv.mkDerivation rec {
pname = "qucs-s";
version = "24.1.0";
version = "24.4.1";
src = fetchFromGitHub {
owner = "ra3xdh";
repo = "qucs_s";
rev = version;
sha256 = "sha256-ei9CPlJg+Kfjh7vu5VnT6DNLmmnA8wZ2A1jXnm//Fgo=";
hash = "sha256-ll5P8cqJBzoieExElggn5tRbDcmH7L3yvcbtAQ0BBww=";
};
nativeBuildInputs = [ flex bison wrapQtAppsHook cmake ];
buildInputs = [ qtbase qttools qtsvg qtwayland libX11 gperf adms ] ++ kernels;
buildInputs = [ qtbase qttools qtcharts qtsvg qtwayland libX11 gperf adms ] ++ kernels;
cmakeFlags = [
"-DWITH_QT6=ON"
];
# Make custom kernels avaible from qucs-s
qtWrapperArgs = [ "--prefix" "PATH" ":" (lib.makeBinPath kernels) ];
@@ -48,7 +54,8 @@ stdenv.mkDerivation rec {
'';
homepage = "https://ra3xdh.github.io/";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ mazurel kashw2 ];
mainProgram = "qucs-s";
maintainers = with maintainers; [ mazurel kashw2 thomaslepoix ];
platforms = with platforms; linux;
};
}

13
pkgs/applications/science/misc/graphia/default.nix
View File

@@ -13,24 +13,15 @@
stdenv.mkDerivation rec {
pname = "graphia";
version = "4.2";
version = "5.1";
src = fetchFromGitHub {
owner = "graphia-app";
repo = "graphia";
rev = version;
sha256 = "sha256-8+tlQbTr6BGx+/gjviuNrQQWcxC/j6dJ+PxwB4fYmqQ=";
sha256 = "sha256-gAJwAz3iKa4auRtsrPS9dz3ieiB09FeL6VN5Psq1i8Y=";
};
patches = [
# Fix gcc-13 build:
(fetchpatch {
name = "gcc-13.patch";
url = "https://github.com/graphia-app/graphia/commit/78fb55a4d73f96e9a182de433c7da60330bd5b5e.patch";
hash = "sha256-waI2ur3gOKMQvqB2Qnyz7oMOMConl3jLMVKKmOmTpJs=";
})
];
nativeBuildInputs = [
cmake
git # needs to define some hash as a version

205
pkgs/build-support/build-nim-sbom.nix Normal file
View File

@@ -0,0 +1,205 @@
{
lib,
stdenv,
fetchgit,
fetchzip,
runCommand,
xorg,
nim,
nimOverrides,
}:
let
fetchers = {
fetchzip =
{ url, sha256, ... }:
fetchzip {
name = "source";
inherit url sha256;
};
fetchgit =
{
fetchSubmodules ? false,
leaveDotGit ? false,
rev,
sha256,
url,
...
}:
fetchgit {
inherit
fetchSubmodules
leaveDotGit
rev
sha256
url
;
};
};
filterPropertiesToAttrs =
prefix: properties:
lib.pipe properties [
(builtins.filter ({ name, ... }: (lib.strings.hasPrefix prefix name)))
(map (
{ name, value }:
{
name = lib.strings.removePrefix prefix name;
inherit value;
}
))
builtins.listToAttrs
];
buildNimCfg =
{ backend, components, ... }:
let
componentSrcDirs = map (
{ properties, ... }:
let
fodProps = filterPropertiesToAttrs "nix:fod:" properties;
fod = fetchers.${fodProps.method} fodProps;
srcDir = fodProps.srcDir or "";
in
if srcDir == "" then fod else "${fod}/${srcDir}"
) components;
in
runCommand "nim.cfg"
{
outputs = [
"out"
"src"
];
nativeBuildInputs = [ xorg.lndir ];
}
''
cat << EOF >> $out
backend:${backend}
path:"$src"
EOF
mkdir -p "$src"
${lib.strings.concatMapStrings (d: ''
lndir "${d}" "$src"
'') componentSrcDirs}
'';
buildCommands = lib.attrsets.mapAttrsToList (
output: input: ''
nim compile $nimFlags --out:${output} ${input}
''
);
installCommands = lib.attrsets.mapAttrsToList (
output: input: ''
install -Dt $out/bin ${output}
''
);
applySbom =
sbom:
{
nimFlags ? [ ],
nimRelease ? true,
passthru ? { },
...
}@prevAttrs:
let
properties = # SBOM metadata.component.properties as an attrset.
lib.attrsets.recursiveUpdate (builtins.listToAttrs sbom.metadata.component.properties)
passthru.properties or { };
nimBin = # A mapping of Nim module file paths to names of programs.
lib.attrsets.recursiveUpdate (lib.pipe properties [
(lib.attrsets.filterAttrs (name: value: lib.strings.hasPrefix "nim:bin:" name))
(lib.attrsets.mapAttrs' (
name: value: {
name = lib.strings.removePrefix "nim:bin:" name;
value = "${properties."nim:binDir" or (properties."nim:srcDir" or ".")}/${value}";
}
))
]) passthru.nimBin or { };
in
{
strictDeps = true;
pname = prevAttrs.pname or sbom.metadata.component.name;
version = prevAttrs.version or sbom.metadata.component.version or null;
nimFlags =
nimFlags
++ (lib.optional nimRelease "-d:release")
++ (
let
srcDir = properties."nim:srcDir" or "";
in
lib.optional (srcDir != "") "--path:${srcDir}"
);
configurePhase =
prevAttrs.configurePhase or ''
runHook preConfigure
echo "nim.cfg << $nimCfg"
cat $nimCfg >> nim.cfg
cat << EOF >> nim.cfg
nimcache:"$NIX_BUILD_TOP/nimcache"
parallelBuild:$NIX_BUILD_CORES
EOF
runHook postConfigure
'';
buildPhase =
prevAttrs.buildPhase or ''
runHook preBuild
${lib.strings.concatLines (buildCommands nimBin)}
runHook postBuild
'';
installPhase =
prevAttrs.installPhase or ''
runHook preInstall
${lib.strings.concatLines (installCommands nimBin)}
runHook postInstall
'';
nativeBuildInputs = (prevAttrs.nativeBuildInputs or [ ]) ++ [ nim ];
nimCfg =
prevAttrs.nimCfg or (buildNimCfg {
backend = prevAttrs.nimBackend or properties."nim:backend" or "c";
inherit (sbom) components;
});
passthru = passthru // {
inherit sbom properties nimBin;
};
};
applyOverrides =
prevAttrs:
builtins.foldl' (
prevAttrs:
{ name, ... }@component:
if (builtins.hasAttr name nimOverrides) then
let
result = nimOverrides.${name} component prevAttrs;
in
prevAttrs // (if builtins.isAttrs result then result else result { })
else
prevAttrs
) prevAttrs prevAttrs.passthru.sbom.components;
compose =
callerArg: sbom: finalAttrs:
let
callerAttrs = if builtins.isAttrs callerArg then callerArg else callerArg finalAttrs;
sbomAttrs = callerAttrs // (applySbom sbom callerAttrs);
overrideAttrs = sbomAttrs // (applyOverrides sbomAttrs);
in
overrideAttrs;
in
callerArg: sbomArg:
let
sbom = if builtins.isAttrs sbomArg then sbomArg else builtins.fromJSON (builtins.readFile sbomArg);
overrideSbom = f: stdenv.mkDerivation (compose callerArg (sbom // (f sbom)));
in
(stdenv.mkDerivation (compose callerArg sbom)) // { inherit overrideSbom; }

6
pkgs/by-name/ag/agate/package.nix
View File

@@ -11,16 +11,16 @@
rustPlatform.buildRustPackage rec {
pname = "agate";
version = "3.3.10";
version = "3.3.11";
src = fetchFromGitHub {
owner = "mbrubeck";
repo = "agate";
rev = "v${version}";
hash = "sha256-uuMOe5yi0DSD7mTPnI0m/lpkv6Lb669vndwPE01oSUU=";
hash = "sha256-w02vc89U0a1NmEqneHq0M5u+OKaFbTAVqJDFZgRp7l0=";
};
cargoHash = "sha256-6iEpOUhpWClgfAry8xIHJUPaAVKdPVaq3cTrSql9roo=";
cargoHash = "sha256-CUEjumDmRf3uUejE5pg1aS1CbVByPSeb9HWRyXzC2YY=";
nativeBuildInputs = [ pkg-config ];

4
pkgs/by-name/al/albert/package.nix
View File

@@ -14,13 +14,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "albert";
version = "0.26.6";
version = "0.26.10";
src = fetchFromGitHub {
owner = "albertlauncher";
repo = "albert";
rev = "v${finalAttrs.version}";
hash = "sha256-Z4YgqqtJPYMzpnMt74TX2Hi0AEMyhRc2QHSVuwuaxfE=";
hash = "sha256-GVYRcrSXz4EXb3isoUN3x/68CAfr0wMgnvv+CzW/yZY=";
fetchSubmodules = true;
};

2
pkgs/by-name/am/amberol/package.nix
View File

@@ -75,7 +75,7 @@ stdenv.mkDerivation rec {
meta = {
homepage = "https://gitlab.gnome.org/World/amberol";
description = "Small and simple sound and music player";
maintainers = with lib.maintainers; [ linsui ];
maintainers = with lib.maintainers; [ linsui ] ++ lib.teams.gnome-circle.members;
license = lib.licenses.gpl3Plus;
platforms = lib.platforms.linux;
mainProgram = "amberol";

10
pkgs/by-name/ap/apostrophe/package.nix
View File

@@ -105,10 +105,12 @@ python3Packages.buildPythonApplication {
description = "Distraction free Markdown editor for GNU/Linux";
license = lib.licenses.gpl3Plus;
platforms = lib.platforms.linux;
maintainers = with lib.maintainers; [
sternenseemann
aleksana
];
maintainers =
with lib.maintainers;
[
sternenseemann
]
++ lib.teams.gnome-circle.members;
mainProgram = "apostrophe";
};
}

62
pkgs/by-name/as/asciinema_3/package.nix Normal file
View File

@@ -0,0 +1,62 @@
{
lib,
fetchFromGitHub,
python3,
rustPlatform,
testers,
}:
let
self = rustPlatform.buildRustPackage {
pname = "asciinema";
version = "3.0.0-rc.3";
src = fetchFromGitHub {
name = "asciinema-source-${self.version}";
owner = "asciinema";
repo = "asciinema";
rev = "v${self.version}";
hash = "sha256-TYJ17uVj8v1u630MTb033h0X3aYRXY9d89GjAxG8muk=";
};
cargoHash = "sha256-CYDy0CedwG/ThTV+XOfOg8ncxF3tdTEGakmu4MXfiE4=";
nativeCheckInputs = [ python3 ];
checkFlags = [
# ---- pty::tests::exec_quick stdout ----
# thread 'pty::tests::exec_quick' panicked at src/pty.rs:494:10:
# called `Result::unwrap()` on an `Err` value: EBADF: Bad file number
"--skip=pty::tests::exec_quick"
];
strictDeps = true;
passthru = {
tests.version = testers.testVersion {
package = self;
command = "asciinema --version";
};
};
meta = {
homepage = "https://asciinema.org/";
description = "Terminal session recorder and the best companion of asciinema.org";
longDescription = ''
asciinema is a suite of tools for recording, replaying, and sharing
terminal sessions. It is free and open-source software (FOSS), created
by Marcin Kulik.
Its typical use cases include creating tutorials, demonstrating
command-line tools, and sharing reproducible bug reports. It focuses on
simplicity and interoperability, which makes it a popular choice among
computer users working with the command-line, such as developers or
system administrators.
'';
license = with lib.licenses; [ gpl3Plus ];
mainProgram = "asciinema";
maintainers = with lib.maintainers; [ jiriks74 ];
};
};
in
self

4
pkgs/by-name/au/audacity/package.nix
View File

@@ -62,13 +62,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "audacity";
version = "3.7.0";
version = "3.7.1";
src = fetchFromGitHub {
owner = "audacity";
repo = "audacity";
rev = "Audacity-${finalAttrs.version}";
hash = "sha256-jwsn/L9e1ViWLOh8Xc4lTS9FhanD4GK0BllCwtPamZc=";
hash = "sha256-QKydqpkqG7znBEdtVEayC2SyNGU8tQX6AfxdeJN8tDg=";
};
postPatch =

2
pkgs/by-name/au/audio-sharing/package.nix
View File

@@ -74,7 +74,7 @@ stdenv.mkDerivation (finalAttrs: {
homepage = "https://gitlab.gnome.org/World/AudioSharing";
description = "Automatically share the current audio playback in the form of an RTSP stream";
mainProgram = "audio-sharing";
maintainers = with maintainers; [ benediktbroich ];
maintainers = with maintainers; [ benediktbroich ] ++ lib.teams.gnome-circle.members;
license = licenses.gpl3Plus;
platforms = platforms.linux;
};

2
pkgs/by-name/au/authenticator/package.nix
View File

@@ -85,7 +85,7 @@ stdenv.mkDerivation rec {
mainProgram = "authenticator";
homepage = "https://gitlab.gnome.org/World/Authenticator";
license = lib.licenses.gpl3Plus;
maintainers = with lib.maintainers; [ austinbutler ];
maintainers = with lib.maintainers; [ austinbutler ] ++ lib.teams.gnome-circle.members;
platforms = lib.platforms.linux;
};
}

49
pkgs/by-name/ba/bartender/package.nix
View File

@@ -1,17 +1,25 @@
{ lib
, stdenvNoCC
, fetchurl
, _7zz
{
lib,
stdenvNoCC,
fetchurl,
_7zz,
curl,
cacert,
xmlstarlet,
writeShellApplication,
common-updater-scripts,
}:
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "bartender";
version = "5.2.3";
version = "5.2.7";
src = fetchurl {
name = "Bartender ${lib.versions.major finalAttrs.version}.dmg";
url = "https://www.macbartender.com/B2/updates/${builtins.replaceStrings [ "." ] [ "-" ] finalAttrs.version}/Bartender%20${lib.versions.major finalAttrs.version}.dmg";
hash = "sha256-G1XL6o5Rk/U5SsT/Q5vWaVSg0qerfzVizjFmudWAI3E=";
url = "https://www.macbartender.com/B2/updates/${
builtins.replaceStrings [ "." ] [ "-" ] finalAttrs.version
}/Bartender%20${lib.versions.major finalAttrs.version}.dmg";
hash = "sha256-TY6ioG80W8q6LC0FCMRQMJh4DiEKiM6htVf+irvmpnI=";
};
dontPatch = true;
@@ -32,6 +40,22 @@ stdenvNoCC.mkDerivation (finalAttrs: {
runHook postInstall
'';
passthru.updateScript = lib.getExe (writeShellApplication {
name = "bartender-update-script";
runtimeInputs = [
curl
cacert
xmlstarlet
common-updater-scripts
];
text = ''
version_major="${lib.versions.major finalAttrs.version}"
url="https://www.macbartender.com/B2/updates/AppcastB$version_major.xml"
version=$(curl -s "$url" | xmlstarlet sel -t -v '(//item)[last()]/sparkle:shortVersionString' -n)
update-source-version bartender "$version"
'';
});
meta = {
description = "Take control of your menu bar";
longDescription = ''
@@ -39,10 +63,15 @@ stdenvNoCC.mkDerivation (finalAttrs: {
Bartender improves your workflow with quick reveal, search, custom hotkeys and triggers, and lots more.
'';
homepage = "https://www.macbartender.com";
changelog = "https://www.macbartender.com/Bartender${lib.versions.major finalAttrs.version}/release_notes/";
changelog = "https://macbartender.com/B2/updates/${
builtins.replaceStrings [ "." ] [ "-" ] finalAttrs.version
}/rnotes.html";
license = [ lib.licenses.unfree ];
sourceProvenance = [ lib.sourceTypes.binaryNativeCode ];
maintainers = with lib.maintainers; [ stepbrobd DimitarNestorov ];
platforms = [ "aarch64-darwin" "x86_64-darwin" ];
maintainers = with lib.maintainers; [
stepbrobd
DimitarNestorov
];
platforms = lib.platforms.darwin;
};
})

2
pkgs/by-name/bi/biblioteca/package.nix
View File

@@ -96,7 +96,7 @@ stdenv.mkDerivation (finalAttrs: {
meta = {
homepage = "https://apps.gnome.org/Biblioteca/";
platforms = lib.platforms.linux;
maintainers = with lib.maintainers; [ bot-wxt1221 ];
maintainers = with lib.maintainers; [ bot-wxt1221 ] ++ lib.teams.gnome-circle.members;
license = lib.licenses.gpl3Only;
description = "Documentation viewer for GNOME";
mainProgram = "biblioteca";

2
pkgs/by-name/bi/binary/package.nix
View File

@@ -61,7 +61,7 @@ python3Packages.buildPythonApplication rec {
homepage = "https://github.com/fizzyizzy05/binary";
changelog = "https://github.com/fizzyizzy05/binary/releases/tag/${version}";
license = lib.licenses.gpl3Plus;
maintainers = with lib.maintainers; [ getchoo ];
maintainers = lib.teams.gnome-circle.members;
mainProgram = "binary";
platforms = lib.platforms.linux;
};

10
pkgs/by-name/bl/blanket/package.nix
View File

@@ -67,10 +67,12 @@ python3Packages.buildPythonApplication rec {
homepage = "https://github.com/rafaelmardojai/blanket";
license = lib.licenses.gpl3Plus;
mainProgram = "blanket";
maintainers = with lib.maintainers; [
onny
aleksana
];
maintainers =
with lib.maintainers;
[
onny
]
++ lib.teams.gnome-circle.members;
platforms = lib.platforms.linux;
};
}

4
pkgs/by-name/bn/bngblaster/package.nix
View File

@@ -13,13 +13,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "bngblaster";
version = "0.9.12";
version = "0.9.13";
src = fetchFromGitHub {
owner = "rtbrick";
repo = "bngblaster";
rev = finalAttrs.version;
hash = "sha256-wbjqZ3lZZzctHDjQM0DDrkMX3obIFJEj+R7M7JGU0Uk=";
hash = "sha256-fMaa4UCERsZ/LIXJT4XIeb0TLYAJVzhdFFd+56n6ASA=";
};
nativeBuildInputs = [ cmake ];

2
pkgs/by-name/bo/boatswain/package.nix
View File

@@ -62,7 +62,7 @@ stdenv.mkDerivation rec {
mainProgram = "boatswain";
license = licenses.gpl3Plus;
platforms = platforms.unix;
maintainers = with maintainers; [ _0xMRTT ];
maintainers = with maintainers; [ _0xMRTT ] ++ lib.teams.gnome-circle.members;
broken = stdenv.hostPlatform.isDarwin;
};
}

47
pkgs/tools/system/bottom/default.nix → pkgs/by-name/bo/bottom/package.nix
View File

@@ -2,11 +2,12 @@
lib,
rustPlatform,
fetchFromGitHub,
autoAddDriverRunpath,
installShellFiles,
stdenv,
darwin,
bottom,
testers,
apple-sdk_11,
versionCheckHook,
nix-update-script,
}:
rustPlatform.buildRustPackage rec {
@@ -15,20 +16,21 @@ rustPlatform.buildRustPackage rec {
src = fetchFromGitHub {
owner = "ClementTsang";
repo = pname;
rev = version;
repo = "bottom";
tag = version;
hash = "sha256-hm0Xfd/iW+431HflvZErjzeZtSdXVb/ReoNIeETJ5Ik=";
};
cargoHash = "sha256-FQbJx6ijX8kE4qxT7OQ7FwxLKJB5/moTKhBK0bfvBas=";
nativeBuildInputs = [ installShellFiles ];
buildInputs = lib.optionals stdenv.hostPlatform.isDarwin [
darwin.apple_sdk_11_0.frameworks.Foundation
nativeBuildInputs = [
autoAddDriverRunpath
installShellFiles
];
doCheck = false;
buildInputs = lib.optionals stdenv.hostPlatform.isDarwin [
apple-sdk_11
];
postInstall = ''
installManPage target/tmp/bottom/manpage/btm.1
@@ -39,21 +41,32 @@ rustPlatform.buildRustPackage rec {
install -Dm444 desktop/bottom.desktop -t $out/share/applications
'';
preCheck = ''
HOME=$(mktemp -d)
'';
doInstallCheck = true;
nativeInstallCheckInputs = [
versionCheckHook
];
versionCheckProgram = "${placeholder "out"}/bin/btm";
BTM_GENERATE = true;
passthru.tests.version = testers.testVersion {
package = bottom;
passthru = {
updateScript = nix-update-script { };
};
meta = with lib; {
meta = {
changelog = "https://github.com/ClementTsang/bottom/blob/${version}/CHANGELOG.md";
description = "Cross-platform graphical process/system monitor with a customizable interface";
homepage = "https://github.com/ClementTsang/bottom";
changelog = "https://github.com/ClementTsang/bottom/blob/${version}/CHANGELOG.md";
license = licenses.mit;
maintainers = with maintainers; [
license = lib.licenses.mit;
mainProgram = "btm";
maintainers = with lib.maintainers; [
berbiche
figsoda
gepbird
];
mainProgram = "btm";
};
}

4
pkgs/by-name/bu/bup/package.nix
View File

@@ -15,7 +15,7 @@
assert par2Support -> par2cmdline != null;
let
version = "0.33.4";
version = "0.33.5";
pythonDeps =
with python3.pkgs;
@@ -38,7 +38,7 @@ stdenv.mkDerivation {
repo = "bup";
owner = "bup";
rev = version;
hash = "sha256-9rWzHONcu4W/JcnDUGPbuGksroODbhdL6bNF+3Dd2ag=";
hash = "sha256-5CaH7aZTmGgQwXpyORG2/Ne/8uPlGXl7mkzokLhWExU=";
};
buildInputs = [

2
pkgs/by-name/ca/cartridges/package.nix
View File

@@ -80,7 +80,7 @@ python3Packages.buildPythonApplication rec {
homepage = "https://apps.gnome.org/Cartridges/";
changelog = "https://github.com/kra-mo/cartridges/releases/tag/${version}";
license = lib.licenses.gpl3Plus;
maintainers = with lib.maintainers; [ getchoo ];
maintainers = lib.teams.gnome-circle.members;
mainProgram = "cartridges";
platforms = lib.platforms.linux;
};

2
pkgs/data/fonts/catamaran/default.nix → pkgs/by-name/ca/catamaran/package.nix
View File

@@ -37,6 +37,6 @@ stdenvNoCC.mkDerivation rec {
'';
license = licenses.ofl;
platforms = platforms.all;
maintainers = with maintainers; [ wyred50 ];
maintainers = with maintainers; [ ];
};
}

14
pkgs/by-name/cb/cbconvert/gui.nix
View File

@@ -1,10 +1,9 @@
{
buildGoModule,
cbconvert,
cbconvert-gui,
gtk3,
pkg-config,
testers,
versionCheckHook,
wrapGAppsHook3,
}:
@@ -34,18 +33,15 @@ buildGoModule rec {
];
postInstall = ''
install -D --mode=0644 --target-directory=$out/icons/hicolor/256x256/apps dist/linux/io.github.gen2brain.cbconvert.png
install -D --mode=0644 --target-directory=$out/share/icons/hicolor/256x256/apps dist/linux/io.github.gen2brain.cbconvert.png
install -D --mode=0644 --target-directory=$out/share/applications/ dist/linux/io.github.gen2brain.cbconvert.desktop
install -D --mode=0644 --target-directory=$out/share/metainfo dist/linux/io.github.gen2brain.cbconvert.metainfo.xml
install -D --mode=0644 --target-directory=$out/share/thumbnailers dist/linux/io.github.gen2brain.cbconvert.thumbnailer
'';
passthru = {
tests.version = testers.testVersion {
package = cbconvert-gui;
command = "cbconvert-gui version";
};
};
doInstallCheck = true;
nativeInstallCheckInputs = [ versionCheckHook ];
versionCheckProgramArg = "version";
meta = cbconvert.meta // {
mainProgram = "cbconvert-gui";

11
pkgs/by-name/cb/cbconvert/package.nix
View File

@@ -2,13 +2,12 @@
buildGoModule,
bzip2,
callPackage,
cbconvert,
fetchFromGitHub,
lib,
libunarr,
mupdf-headless,
nix-update-script,
testers,
versionCheckHook,
zlib,
}:
@@ -42,13 +41,13 @@ buildGoModule rec {
zlib
];
doInstallCheck = true;
nativeInstallCheckInputs = [ versionCheckHook ];
versionCheckProgramArg = "version";
passthru = {
gui = callPackage ./gui.nix { };
updateScript = nix-update-script { };
tests.version = testers.testVersion {
package = cbconvert;
command = "cbconvert version";
};
};
meta = {

2
pkgs/by-name/ch/chess-clock/package.nix
View File

@@ -51,6 +51,6 @@ stdenv.mkDerivation rec {
homepage = "https://gitlab.gnome.org/World/chess-clock";
license = licenses.gpl3Plus;
mainProgram = "chess-clock";
maintainers = with maintainers; [ michaelgrahamevans ];
maintainers = with maintainers; [ michaelgrahamevans ] ++ lib.teams.gnome-circle.members;
};
}

2
pkgs/by-name/ci/citations/package.nix
View File

@@ -89,7 +89,7 @@ stdenv.mkDerivation (finalAttrs: {
description = "Manage your bibliographies using the BibTeX format";
homepage = "https://apps.gnome.org/app/org.gnome.World.Citations";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ benediktbroich ];
maintainers = with maintainers; [ benediktbroich ] ++ lib.teams.gnome-circle.members;
platforms = platforms.unix;
mainProgram = "citations";
};

2
pkgs/by-name/cl/clairvoyant/package.nix
View File

@@ -43,6 +43,6 @@ stdenv.mkDerivation (finalAttrs: {
homepage = "https://github.com/cassidyjames/clairvoyant";
license = licenses.gpl3Plus;
mainProgram = "com.github.cassidyjames.clairvoyant";
maintainers = with maintainers; [ michaelgrahamevans ];
maintainers = with maintainers; [ michaelgrahamevans ] ++ lib.teams.gnome-circle.members;
};
})

6
pkgs/by-name/cl/clboss/package.nix
View File

@@ -7,17 +7,18 @@
pkg-config,
curlWithGnuTls,
libev,
libunwind,
sqlite,
}:
stdenv.mkDerivation rec {
pname = "clboss";
version = "0.14.0";
version = "0.14.1";
# The release tarball includes the pre-generated file `commit_hash.h` that is required for building
src = fetchzip {
url = "https://github.com/ZmnSCPxj/clboss/releases/download/v${version}/clboss-v${version}.tar.gz";
hash = "sha256-Qp8br4ZxiqaxFZ6Tb+wFpqp2APmnU9QdNkM8MyGAtrw=";
hash = "sha256-JMbNHEI0j78LJYsBZ/Z4qvEdRqgQtWG1HlGW3SBXUCg=";
};
nativeBuildInputs = [
@@ -25,6 +26,7 @@ stdenv.mkDerivation rec {
autoreconfHook
pkg-config
libev
libunwind
curlWithGnuTls
sqlite
];

4
pkgs/by-name/co/codux/package.nix
View File

@@ -6,11 +6,11 @@
let
pname = "codux";
version = "15.37.3";
version = "15.39.1";
src = fetchurl {
url = "https://github.com/wixplosives/codux-versions/releases/download/${version}/Codux-${version}.x86_64.AppImage";
hash = "sha256-SY2UmagOKdqbeWd6a/cUO9t3l8qjUy755YrhOBu8oi0=";
hash = "sha256-H+be1k8ecOJf6awrLrzVfniyFMSzEUUrRXPiUEtIVrc=";
};
appimageContents = appimageTools.extractType2 { inherit pname version src; };

2
pkgs/by-name/co/commit/package.nix
View File

@@ -78,7 +78,7 @@ stdenv.mkDerivation (finalAttrs: {
description = "Commit message editor";
homepage = "https://github.com/sonnyp/Commit";
license = lib.licenses.gpl3Only;
maintainers = with lib.maintainers; [ getchoo ];
maintainers = lib.teams.gnome-circle.members;
mainProgram = "re.sonny.Commit";
platforms = lib.platforms.linux;
};

66
pkgs/by-name/co/concessio/package.nix Normal file
View File

@@ -0,0 +1,66 @@
{
lib,
stdenv,
desktop-file-utils,
fetchFromGitHub,
gjs,
glib,
gobject-introspection,
gtk4,
libadwaita,
meson,
ninja,
nix-update-script,
pkg-config,
wrapGAppsHook4,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "concessio";
version = "0.1.9";
src = fetchFromGitHub {
owner = "ronniedroid";
repo = "concessio";
tag = "v${finalAttrs.version}";
hash = "sha256-XH+4oEZSKa6lAS0zXxdlCsVJcGDglKSgaD+zoRM6Pws=";
};
strictDeps = true;
nativeBuildInputs = [
desktop-file-utils
gjs
glib # For `glib-compile-schema`
gobject-introspection
gtk4 # For `gtk-update-icon-cache`
meson
ninja
pkg-config
wrapGAppsHook4
];
buildInputs = [
gjs
libadwaita
];
# gjs uses the invocation name to add gresource files
# to get around this, we set the entry point name manually
preFixup = ''
sed -i "1 a imports.package._findEffectiveEntryPointName = () => 'io.github.ronniedroid.concessio';" $out/bin/io.github.ronniedroid.concessio
'';
passthru = {
updateScript = nix-update-script { };
};
meta = {
description = "Understand File Permissions";
homepage = "https://github.com/ronniedroid/concessio";
license = lib.licenses.gpl3Plus;
maintainers = with lib.maintainers; [ getchoo ];
mainProgram = "io.github.ronniedroid.concessio";
platforms = lib.intersectLists lib.platforms.linux gjs.meta.platforms;
};
})

4
pkgs/by-name/cr/crossplane-cli/package.nix
View File

@@ -9,13 +9,13 @@
buildGoModule rec {
pname = "crossplane-cli";
version = "1.18.0";
version = "1.18.1";
src = fetchFromGitHub {
owner = "crossplane";
repo = "crossplane";
rev = "v${version}";
hash = "sha256-4EdYFrYh8bVCOXc7coq7WfZk0Be9rghdvNlOYFn6bm4=";
hash = "sha256-IIgn7dNX/edcCmd4rQ+l1vaB4TcqNJSIx6WEBq4oNJY=";
};
vendorHash = "sha256-Am41aAV1AlKOIrC11byqshMDGjzzg7mGI4kARwLINl8=";

2
pkgs/by-name/cu/curtail/package.nix
View File

@@ -81,6 +81,6 @@ python3.pkgs.buildPythonApplication rec {
mainProgram = "curtail";
homepage = "https://github.com/Huluti/Curtail";
license = licenses.gpl3Only;
maintainers = with maintainers; [ aleksana ];
maintainers = lib.teams.gnome-circle.members;
};
}

4
pkgs/by-name/db/dbcsr/package.nix
View File

@@ -16,13 +16,13 @@
stdenv.mkDerivation rec {
pname = "dbcsr";
version = "2.7.0";
version = "2.8.0";
src = fetchFromGitHub {
owner = "cp2k";
repo = "dbcsr";
rev = "v${version}";
hash = "sha256-QEO7f27DLsCvKXgFJnneHs1kO+5V9xiURpbQuGg1P0M=";
hash = "sha256-YXySNw3+DiY7E57W1ypeWLyawwcWVGlmTM4Kgj7Nnmo=";
};
postPatch = ''

4
pkgs/by-name/dc/dcmtk/package.nix
View File

@@ -13,12 +13,12 @@
stdenv.mkDerivation rec {
pname = "dcmtk";
version = "3.6.8";
version = "3.6.9";
src = fetchFromGitHub {
owner = "DCMTK";
repo = pname;
rev = "DCMTK-${version}";
hash = "sha256-PQR9+xSlfBvogv0p6AL/yapelJpsYteA4T4lPkOIfLc=";
hash = "sha256-mdI/YqM38WhnCbsylIlmqLLWC5/QR+a8Wn9CNcN7KXU=";
};
nativeBuildInputs = [ cmake ];

2
pkgs/by-name/de/decibels/package.nix
View File

@@ -68,7 +68,7 @@ stdenv.mkDerivation rec {
homepage = "https://gitlab.gnome.org/GNOME/Incubator/decibels";
changelog = "https://gitlab.gnome.org/GNOME/Incubator/decibels/-/blob/main/NEWS?ref_type=tags";
license = lib.licenses.gpl3Only;
maintainers = with lib.maintainers; [ getchoo ];
maintainers = lib.teams.gnome-circle.members;
mainProgram = "org.gnome.Decibels";
platforms = lib.platforms.linux;
};

2
pkgs/by-name/de/decoder/package.nix
View File

@@ -47,6 +47,6 @@ stdenv.mkDerivation rec {
mainProgram = "decoder";
license = licenses.gpl2Plus;
platforms = platforms.linux;
maintainers = with maintainers; [ Luflosi ];
maintainers = with maintainers; [ Luflosi ] ++ lib.teams.gnome-circle.members;
};
}

2
pkgs/by-name/de/deja-dup/package.nix
View File

@@ -84,7 +84,7 @@ stdenv.mkDerivation (finalAttrs: {
'';
homepage = "https://apps.gnome.org/DejaDup/";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ jtojnar ];
maintainers = with maintainers; [ jtojnar ] ++ lib.teams.gnome-circle.members;
platforms = platforms.linux;
mainProgram = "deja-dup";
};

2
pkgs/by-name/di/dialect/package.nix
View File

@@ -78,7 +78,7 @@ python3.pkgs.buildPythonApplication rec {
meta = {
homepage = "https://github.com/dialect-app/dialect";
description = "Translation app for GNOME";
maintainers = with lib.maintainers; [ aleksana ];
maintainers = lib.teams.gnome-circle.members;
license = lib.licenses.gpl3Plus;
platforms = lib.platforms.linux;
mainProgram = "dialect";

11
pkgs/by-name/di/diebahn/package.nix
View File

@@ -82,9 +82,12 @@ stdenv.mkDerivation rec {
homepage = "https://gitlab.com/schmiddi-on-mobile/railway";
license = lib.licenses.gpl3Plus;
mainProgram = "diebahn";
maintainers = with lib.maintainers; [
dotlambda
lilacious
];
maintainers =
with lib.maintainers;
[
dotlambda
lilacious
]
++ lib.teams.gnome-circle.members;
};
}

59
pkgs/by-name/dp/dput-ng/package.nix Normal file
View File

@@ -0,0 +1,59 @@
{
lib,
python3,
fetchFromGitLab,
nix-update-script,
}:
let
version = "1.40";
in
python3.pkgs.buildPythonApplication {
pname = "dput-ng";
inherit version;
pyproject = true;
src = fetchFromGitLab {
domain = "salsa.debian.org";
owner = "debian";
repo = "dput-ng";
rev = "refs/tags/${version}";
hash = "sha256-97NrRUmIjrP41NyI4KOEzHLlaqxehZIhSVyx9hRZ0dw=";
};
build-system = with python3.pkgs; [
setuptools
];
dependencies = with python3.pkgs; [
jsonschema
paramiko
sphinx
coverage
xdg
python-debian
];
postInstall = ''
cp -r bin $out/
'';
pythonImportsCheck = [ "dput" ];
nativeCheckInputs = with python3.pkgs; [
pytestCheckHook
];
# Requires running dpkg
disabledTestPaths = [ "tests/test_upload.py" ];
passthru.updateScript = nix-update-script { };
meta = {
description = "Next-generation Debian package upload tool";
homepage = "https://dput.readthedocs.io/en/latest/";
license = with lib.licenses; [ gpl2Plus ];
platforms = lib.platforms.linux;
maintainers = with lib.maintainers; [ pluiedev ];
mainProgram = "dput";
};
}

7
pkgs/by-name/dr/dra-cla/package.nix
View File

@@ -15,13 +15,14 @@
stdenvNoCC.mkDerivation {
pname = "dra-cla";
version = "0-unstable-2024-06-07";
version = "3.0.5";
src = fetchFromGitHub {
owner = "CoolnsX";
repo = "dra-cla";
rev = "24d7eaa5d433bc2cbbba4f23552cd812506fefee";
hash = "sha256-BmBQSkLSq+BaxkzXEy3hlI3qNq2NCIoGKDKt7gyDz+s=";
# upstream is not tagging releases
rev = "68e9868354bd9fefa72dbe1e7991bc1f6d184aa2";
hash = "sha256-CF9XSbkhTrfNE6iR6Q/VWA8x0eDxRKy0Bz0YUuOEEt4=";
};
nativeBuildInputs = [ makeWrapper ];

6
pkgs/by-name/dr/dracula-theme/package.nix
View File

@@ -8,7 +8,7 @@
let
themeName = "Dracula";
version = "4.0.0-unstable-2024-11-26";
version = "4.0.0-unstable-2024-12-05";
in
stdenvNoCC.mkDerivation {
pname = "dracula-theme";
@@ -17,8 +17,8 @@ stdenvNoCC.mkDerivation {
src = fetchFromGitHub {
owner = "dracula";
repo = "gtk";
rev = "788add33099a70b8ebba321b882ebff23fdc0a98";
hash = "sha256-QlJ9gxFYQ+ZIpMUib2gNmO0JnY1C2h/f6/3cbwi0TUg=";
rev = "3478e48925f33af411393adaa4043193f03a4e9a";
hash = "sha256-/7/zJXk1LLZKWOpYbrFWBfhFcyddU1y0IwT+RXyyP1M=";
};
propagatedUserEnvPkgs = [

2
pkgs/by-name/ea/eartag/package.nix
View File

@@ -81,6 +81,6 @@ python3Packages.buildPythonApplication rec {
# being incorrectly identified as unfree software.
license = licenses.mit;
mainProgram = "eartag";
maintainers = with maintainers; [ foo-dogsquared ];
maintainers = with maintainers; [ foo-dogsquared ] ++ lib.teams.gnome-circle.members;
};
}

11
pkgs/by-name/ed/eddie/deps.nix generated Normal file
View File

@@ -0,0 +1,11 @@
# This file was automatically generated by passthru.fetch-deps.
# Please dont edit it manually, your changes might get overwritten!
{ fetchNuGet }:
[
(fetchNuGet {
pname = "Microsoft.CSharp";
version = "4.7.0";
hash = "sha256-Enknv2RsFF68lEPdrf5M+BpV1kHoLTVRApKUwuk/pj0=";
})
]

24
pkgs/by-name/ed/eddie/dont-set-rpath-in-eddie-tray.patch Normal file
View File

@@ -0,0 +1,24 @@
From 7e7d03d09990cf8e17091572258f12b77a661d74 Mon Sep 17 00:00:00 2001
From: Pavel Sobolev <contact@paveloom.dev>
Date: Fri, 6 Dec 2024 22:42:40 +0300
Subject: [PATCH 2/2] Don't set `RPATH` in `eddie-tray`.
---
src/App.Forms.Linux.Tray/build.sh | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/App.Forms.Linux.Tray/build.sh b/src/App.Forms.Linux.Tray/build.sh
index 771b2c7..bc1093c 100755
--- a/src/App.Forms.Linux.Tray/build.sh
+++ b/src/App.Forms.Linux.Tray/build.sh
@@ -35,7 +35,6 @@ g++ "$BASEPATH/main.cpp" -fPIC -o "$BASEPATH/bin/eddie-tray" `pkg-config --cflag
strip -S --strip-unneeded "$BASEPATH/bin/eddie-tray"
chmod a+x "$BASEPATH/bin/eddie-tray"
-patchelf --set-rpath '$ORIGIN' "$BASEPATH/bin/eddie-tray"
echo "Building eddie-tray - Done"
exit 0
--
2.47.0

144
pkgs/by-name/ed/eddie/package.nix Normal file
View File

@@ -0,0 +1,144 @@
{
lib,
buildDotnetModule,
fetchFromGitHub,
dotnetCorePackages,
gcc,
makeWrapper,
msbuild,
pkg-config,
curl,
gtk3,
libayatana-appindicator,
openssh,
openvpn,
stunnel,
gtk2,
libayatana-indicator,
mono,
eddie,
testers,
}:
buildDotnetModule rec {
pname = "eddie";
version = "2.24.4";
src = fetchFromGitHub {
owner = "AirVPN";
repo = "Eddie";
# Upstream uses the summaries of commits for
# specifying the versions of experimental builds
rev = "aeaa7e594d71610dd2c231a8dc5c5aaddc89a7c1";
hash = "sha256-AlnWqrKoZb4s4MfPClxlEqzKIOwWL/frA+dx2kCNwW4=";
};
patches = [
./dont-set-rpath-in-eddie-tray.patch
./remove-the-postbuild-from-the-project-file.patch
];
projectFile = [ "src/App.CLI.Linux/App.CLI.Linux.net8.csproj" ];
nugetDeps = ./deps.nix;
dotnet-sdk = dotnetCorePackages.sdk_8_0;
dotnet-runtime = dotnetCorePackages.runtime_8_0;
nativeBuildInputs = [
gcc
makeWrapper
msbuild
pkg-config
];
buildInputs = [
curl
gtk3
libayatana-appindicator
];
nativeRuntimeInputs = lib.makeBinPath [
openssh
openvpn
stunnel
];
runtimeInputs = lib.makeLibraryPath [
gtk2
gtk3
libayatana-indicator
];
makeWrapperArgs = [
"--add-flags \"--path.resources=${placeholder "out"}/share/eddie-ui\""
"--prefix PATH : ${nativeRuntimeInputs}"
];
executables = [ "eddie-cli" ];
postPatch = ''
patchShebangs src
'';
postBuild = ''
src/App.CLI.Linux.Elevated/build.sh Release
src/Lib.Platform.Linux.Native/build.sh Release
src/App.Forms.Linux.Tray/build.sh Release
msbuild \
-v:minimal \
-p:Configuration=Release \
-p:TargetFrameworkVersion=v4.8 \
-p:DefineConstants="EDDIEMONO4LINUX" \
src/App.Forms.Linux/App.Forms.Linux.sln
'';
postInstall = ''
mkdir -p $out/lib/eddie-ui
mkdir -p $out/share/{applications,eddie-ui}
cp src/App.CLI.Linux.Elevated/bin/eddie-cli-elevated $out/lib/eddie-ui
cp src/Lib.Platform.Linux.Native/bin/libLib.Platform.Linux.Native.so $out/lib/eddie-ui
cp src/App.Forms.Linux.Tray/bin/eddie-tray $out/lib/eddie-ui
ln -s $out/lib/eddie-ui/eddie-cli-elevated $out/lib/eddie/eddie-cli-elevated
ln -s $out/lib/eddie-ui/libLib.Platform.Linux.Native.so $out/lib/eddie/Lib.Platform.Linux.Native.so
cp -r src/App.Forms.Linux/bin/*/Release/* $out/lib/eddie-ui
chmod +x $out/lib/eddie-ui/App.Forms.Linux.exe
cp -r resources/* $out/share/eddie-ui
cp -r repository/linux_arch/bundle/eddie-ui/usr/share/{applications,pixmaps,polkit-1} $out/share
substituteInPlace \
$out/share/{applications/eddie-ui.desktop,polkit-1/actions/org.airvpn.eddie.ui.elevated.policy} \
--replace-fail /usr $out
makeWrapper "${mono}/bin/mono" $out/bin/eddie-ui \
--add-flags $out/lib/eddie-ui/App.Forms.Linux.exe \
--prefix LD_LIBRARY_PATH : ${runtimeInputs} \
''${makeWrapperArgs[@]}
'';
passthru = {
tests.version = testers.testVersion {
package = eddie;
command = "eddie-cli version.short";
};
};
meta = {
description = "AirVPN's OpenVPN and WireGuard wrapper";
homepage = "https://eddie.website";
license = lib.licenses.gpl3Plus;
mainProgram = "eddie-ui";
maintainers = with lib.maintainers; [ paveloom ];
platforms = lib.platforms.linux;
};
}

27
pkgs/by-name/ed/eddie/remove-the-postbuild-from-the-project-file.patch Normal file
View File

@@ -0,0 +1,27 @@
From bfe8a4e0d75b97cf646818bfba52dfdbc3c4274c Mon Sep 17 00:00:00 2001
From: Pavel Sobolev <contact@paveloom.dev>
Date: Fri, 6 Dec 2024 22:42:40 +0300
Subject: [PATCH 1/2] Remove the postbuild from the project file.
---
src/App.CLI.Linux/App.CLI.Linux.net8.csproj | 5 -----
1 file changed, 5 deletions(-)
diff --git a/src/App.CLI.Linux/App.CLI.Linux.net8.csproj b/src/App.CLI.Linux/App.CLI.Linux.net8.csproj
index 8d53d36..b4b3822 100644
--- a/src/App.CLI.Linux/App.CLI.Linux.net8.csproj
+++ b/src/App.CLI.Linux/App.CLI.Linux.net8.csproj
@@ -50,9 +50,4 @@
<ProjectReference Include="..\Lib.Core\Lib.Core.net8.csproj" />
<ProjectReference Include="..\Lib.Platform.Linux\Lib.Platform.Linux.net8.csproj" />
</ItemGroup>
-
- <Target Name="LinuxPostBuild" AfterTargets="PostBuildEvent">
- <Exec Command="$(ProjectDir)/postbuild.sh &quot;$(TargetDir)&quot; $(RuntimeIdentifier) $(ConfigurationName)" />
- </Target>
-
</Project>
\ No newline at end of file
--
2.47.0

4
pkgs/by-name/eg/egl-wayland/package.nix
View File

@@ -15,7 +15,7 @@
stdenv.mkDerivation rec {
pname = "egl-wayland";
version = "1.1.16";
version = "1.1.17";
outputs = [ "out" "dev" ];
@@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
owner = "Nvidia";
repo = pname;
rev = version;
hash = "sha256-hX1pMz0X5ABNRsa3Q7W26hNeEaEMnnFb7ID+k6H8Nwg=";
hash = "sha256-/lj52qCbv07NDYDdF8SEjCIWWPAMcwXNvYXiU8IoC/A=";
};
postPatch = ''

Some files were not shown because too many files have changed in this diff Show More