From 6918b78ad9d83a9640d2406a6f401bc0cee22cf1 Mon Sep 17 00:00:00 2001 From: Neyts Zupan Date: Sat, 22 Mar 2025 21:47:35 +0000 Subject: [PATCH 01/58] paretosecurity: 0.0.91 -> 0.0.92 Add a test for linking a device to a team. --- nixos/tests/paretosecurity.nix | 52 ++++++++++++++++++++++++++++++++-- 1 file changed, 50 insertions(+), 2 deletions(-) diff --git a/nixos/tests/paretosecurity.nix b/nixos/tests/paretosecurity.nix index 176b6768270b..164e4a3e484d 100644 --- a/nixos/tests/paretosecurity.nix +++ b/nixos/tests/paretosecurity.nix @@ -4,11 +4,42 @@ meta.maintainers = [ lib.maintainers.zupo ]; nodes.terminal = - { config, pkgs, ... }: + { config, pkgs, lib, ... }: + let + # Create a patched version of the package that points to the local dashboard + # for easier testing + patchedPareto = pkgs.paretosecurity.overrideAttrs (oldAttrs: { + postPatch = '' + substituteInPlace team/report.go \ + --replace 'const reportURL = "https://dash.paretosecurity.com"' \ + 'const reportURL = "http://dashboard"' + ''; + }); + in { imports = [ ./common/user-account.nix ]; - services.paretosecurity.enable = true; + services.paretosecurity = { + enable = true; + package = patchedPareto; + }; + + }; + + nodes.dashboard = + { config, pkgs, ... }: + { + networking.firewall.allowedTCPPorts = [ 80 ]; + + services.nginx = { + enable = true; + virtualHosts."dashboard" = { + locations."/api/v1/team/".extraConfig = '' + add_header Content-Type application/json; + return 200 '{"message": "Linked device."}'; + ''; + }; + }; }; nodes.xfce = @@ -38,6 +69,14 @@ enableOCR = true; testScript = '' + # start networking + for m in [terminal, dashboard]: + m.systemctl("start network-online.target") + m.wait_for_unit("network-online.target") + + # paretosecurity expects .config to exist + terminal.succeed("su -- alice -c 'mkdir /home/alice/.config'") + terminal.succeed( "su -- alice -c 'paretosecurity check" # Disable some checks that need intricate test setup so that this test @@ -51,6 +90,15 @@ + "'" ) + terminal.succeed("su -- alice -c 'paretosecurity link" + + " paretosecurity://enrollTeam/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9." + + "eyJ0b2tlbiI6ImR1bW15LXRva2VuIiwidGVhbUlEIjoiZHVtbXktdGVhbS1pZCIsImlhdCI6" + + "MTcwMDAwMDAwMCwiZXhwIjoxOTAwMDAwMDAwfQ.WgnL6_S0EBJHwF1wEVUG8GtIcoVvK5IjWbZpUeZr4Qw'") + + config = terminal.succeed("cat /home/alice/.config/pareto.toml") + assert 'AuthToken = "dummy-token"' in config + assert 'TeamID = "dummy-team-id"' in config + xfce.wait_for_x() xfce.succeed("xdotool mousemove 850 10") xfce.wait_for_text("Pareto Security") From 5b96072b2bcfc026c562d5ea94311ee68a2e0933 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Mon, 24 Mar 2025 21:58:34 -0700 Subject: [PATCH 02/58] python313Packages.google-api-python-client: don't depend on oauth2client The dependency was removed in https://github.com/googleapis/google-api-python-client/pull/499. Also see https://google-auth.readthedocs.io/en/latest/oauth2client-deprecation.html. --- .../python-modules/google-api-python-client/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkgs/development/python-modules/google-api-python-client/default.nix b/pkgs/development/python-modules/google-api-python-client/default.nix index a076455e7a50..af7c4d31284c 100644 --- a/pkgs/development/python-modules/google-api-python-client/default.nix +++ b/pkgs/development/python-modules/google-api-python-client/default.nix @@ -7,7 +7,6 @@ google-api-core, httplib2, uritemplate, - oauth2client, setuptools, pythonOlder, }: @@ -33,7 +32,6 @@ buildPythonPackage rec { google-api-core httplib2 uritemplate - oauth2client ]; # No tests included in archive From 38b08b664c766a6ea642ff5468d53074c372ea02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Tue, 25 Mar 2025 11:56:40 -0700 Subject: [PATCH 03/58] python312Packages.certbot-dns-google: don't depend on oauth2client The dependency was removed in https://github.com/certbot/certbot/pull/9670. --- .../certbot-dns-google/default.nix | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/pkgs/development/python-modules/certbot-dns-google/default.nix b/pkgs/development/python-modules/certbot-dns-google/default.nix index 1061502b7bac..ed1d24e44ba4 100644 --- a/pkgs/development/python-modules/certbot-dns-google/default.nix +++ b/pkgs/development/python-modules/certbot-dns-google/default.nix @@ -3,33 +3,31 @@ acme, certbot, google-api-python-client, - oauth2client, + google-auth, pytestCheckHook, - pythonOlder, + setuptools, }: buildPythonPackage rec { pname = "certbot-dns-google"; - format = "setuptools"; - inherit (certbot) src version; - disabled = pythonOlder "3.6"; + pyproject = true; sourceRoot = "${src.name}/certbot-dns-google"; - propagatedBuildInputs = [ + build-system = [ setuptools ]; + + dependencies = [ acme certbot google-api-python-client - oauth2client + google-auth ]; nativeCheckInputs = [ pytestCheckHook ]; pytestFlagsArray = [ "-p no:cacheprovider" - # https://github.com/certbot/certbot/issues/9988 - "-Wignore::DeprecationWarning" ]; meta = certbot.meta // { From 250d6e6c57396106be94bf31ebe9ddb87f587da6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Tue, 25 Mar 2025 12:01:38 -0700 Subject: [PATCH 04/58] python312Packages.google-auth: don't depend on oauth2client The tests succeed without it. --- .../python-modules/google-auth/default.nix | 30 +++++++------------ 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/pkgs/development/python-modules/google-auth/default.nix b/pkgs/development/python-modules/google-auth/default.nix index 095159884bf4..11113fa11ed5 100644 --- a/pkgs/development/python-modules/google-auth/default.nix +++ b/pkgs/development/python-modules/google-auth/default.nix @@ -11,7 +11,6 @@ freezegun, grpcio, mock, - oauth2client, pyasn1-modules, pyjwt, pyopenssl, @@ -68,24 +67,17 @@ buildPythonPackage rec { requests = [ requests ]; }; - nativeCheckInputs = - [ - aioresponses - flask - freezegun - grpcio - mock - ] - ++ lib.optionals (pythonOlder "3.13") [ - oauth2client - ] - ++ [ - pytest-asyncio - pytest-localserver - pytestCheckHook - responses - ] - ++ lib.flatten (lib.attrValues optional-dependencies); + nativeCheckInputs = [ + aioresponses + flask + freezegun + grpcio + mock + pytest-asyncio + pytest-localserver + pytestCheckHook + responses + ] ++ lib.flatten (lib.attrValues optional-dependencies); pythonImportsCheck = [ "google.auth" From 4ca2d9ea56b56cb1e5e3262a90b60f009c95d7fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E0=B9=82=E0=B8=97=E0=B8=AA=E0=B8=BA=E0=B8=95=E0=B8=B1?= =?UTF-8?q?=E0=B8=A5?= Date: Wed, 26 Mar 2025 17:42:31 +0700 Subject: [PATCH 05/58] tree-sitter-grammars.tree-sitter-factor: init --- .../tools/parsing/tree-sitter/grammars/default.nix | 1 + .../tree-sitter/grammars/tree-sitter-factor.json | 12 ++++++++++++ .../development/tools/parsing/tree-sitter/update.nix | 4 ++++ 3 files changed, 17 insertions(+) create mode 100644 pkgs/development/tools/parsing/tree-sitter/grammars/tree-sitter-factor.json diff --git a/pkgs/development/tools/parsing/tree-sitter/grammars/default.nix b/pkgs/development/tools/parsing/tree-sitter/grammars/default.nix index 070dc6279edb..48f4d4196bd3 100644 --- a/pkgs/development/tools/parsing/tree-sitter/grammars/default.nix +++ b/pkgs/development/tools/parsing/tree-sitter/grammars/default.nix @@ -26,6 +26,7 @@ tree-sitter-elm = lib.importJSON ./tree-sitter-elm.json; tree-sitter-embedded-template = lib.importJSON ./tree-sitter-embedded-template.json; tree-sitter-erlang = lib.importJSON ./tree-sitter-erlang.json; + tree-sitter-factor = lib.importJSON ./tree-sitter-factor.json; tree-sitter-fennel = lib.importJSON ./tree-sitter-fennel.json; tree-sitter-fish = lib.importJSON ./tree-sitter-fish.json; tree-sitter-fortran = lib.importJSON ./tree-sitter-fortran.json; diff --git a/pkgs/development/tools/parsing/tree-sitter/grammars/tree-sitter-factor.json b/pkgs/development/tools/parsing/tree-sitter/grammars/tree-sitter-factor.json new file mode 100644 index 000000000000..0241833bbf3d --- /dev/null +++ b/pkgs/development/tools/parsing/tree-sitter/grammars/tree-sitter-factor.json @@ -0,0 +1,12 @@ +{ + "url": "https://github.com/erochest/tree-sitter-factor", + "rev": "554d8b705df61864eb41a0ecf3741e94eb9f0c54", + "date": "2025-01-11T21:45:26-05:00", + "path": "/nix/store/yvyrq221kqwjq19hw6lf8xzxj6z080d8-tree-sitter-factor", + "sha256": "14yciinyczi7h8dny0cgk5ghlfwjlgz1zqndwrk260n1994k5bb7", + "hash": "sha256-Z60ySUrBAiNm5s3iH/6jkjsKX5mPAW8bgid+5m2MzJM=", + "fetchLFS": false, + "fetchSubmodules": false, + "deepClone": false, + "leaveDotGit": false +} diff --git a/pkgs/development/tools/parsing/tree-sitter/update.nix b/pkgs/development/tools/parsing/tree-sitter/update.nix index 1ebdd083b0b5..c2956cf03d47 100644 --- a/pkgs/development/tools/parsing/tree-sitter/update.nix +++ b/pkgs/development/tools/parsing/tree-sitter/update.nix @@ -155,6 +155,10 @@ let orga = "MunifTanjim"; repo = "tree-sitter-lua"; }; + "tree-sitter-factor" = { + orga = "erochest"; + repo = "tree-sitter-factor"; + }; "tree-sitter-fennel" = { orga = "travonted"; repo = "tree-sitter-fennel"; From 6aaeae81aecd05517e03298f6c1bce8f27d2b4c6 Mon Sep 17 00:00:00 2001 From: Neyts Zupan Date: Tue, 25 Mar 2025 23:44:54 +0000 Subject: [PATCH 06/58] Take systemd configuration from upstream package instead of definiting them in the nixos module. --- .../services/security/paretosecurity.nix | 49 +++++++------------ nixos/tests/paretosecurity.nix | 33 ++++++++++--- pkgs/by-name/pa/paretosecurity/package.nix | 32 ++++++++---- 3 files changed, 67 insertions(+), 47 deletions(-) diff --git a/nixos/modules/services/security/paretosecurity.nix b/nixos/modules/services/security/paretosecurity.nix index cfcb89fb8f62..9ec196eee6a0 100644 --- a/nixos/modules/services/security/paretosecurity.nix +++ b/nixos/modules/services/security/paretosecurity.nix @@ -14,38 +14,27 @@ config = lib.mkIf config.services.paretosecurity.enable { environment.systemPackages = [ config.services.paretosecurity.package ]; + systemd.packages = [ config.services.paretosecurity.package ]; - systemd.sockets."paretosecurity" = { - wantedBy = [ "sockets.target" ]; - socketConfig = { - ListenStream = "/var/run/paretosecurity.sock"; - SocketMode = "0666"; + # In traditional Linux distributions, systemd would read the [Install] section from + # unit files and automatically create the appropriate symlinks to enable services. + # However, in NixOS, due to its immutable nature and the way the Nix store works, + # the [Install] sections are not processed during system activation. Instead, we + # must explicitly tell NixOS which units to enable by specifying their target + # dependencies here. This creates the necessary symlinks in the proper locations. + systemd.sockets.paretosecurity.wantedBy = [ "sockets.target" ]; + + # Enable the tray icon and timer services if the trayIcon option is enabled + systemd.user = lib.mkIf config.services.paretosecurity.trayIcon { + services.paretosecurity-trayicon = { + wantedBy = [ "graphical-session.target" ]; + }; + services.paretosecurity-user = { + wantedBy = [ "graphical-session.target" ]; + }; + timers.paretosecurity-user = { + wantedBy = [ "timers.target" ]; }; }; - - systemd.services."paretosecurity" = { - serviceConfig = { - ExecStart = "${config.services.paretosecurity.package}/bin/paretosecurity helper"; - User = "root"; - Group = "root"; - StandardInput = "socket"; - Type = "oneshot"; - RemainAfterExit = "no"; - StartLimitInterval = "1s"; - StartLimitBurst = 100; - ProtectSystem = "full"; - ProtectHome = true; - StandardOutput = "journal"; - StandardError = "journal"; - }; - }; - - systemd.user.services."paretosecurity-trayicon" = lib.mkIf config.services.paretosecurity.trayIcon { - wantedBy = [ "graphical-session.target" ]; - serviceConfig = { - ExecStart = "${config.services.paretosecurity.package}/bin/paretosecurity trayicon"; - }; - }; - }; } diff --git a/nixos/tests/paretosecurity.nix b/nixos/tests/paretosecurity.nix index 164e4a3e484d..a2b9317c678f 100644 --- a/nixos/tests/paretosecurity.nix +++ b/nixos/tests/paretosecurity.nix @@ -4,15 +4,20 @@ meta.maintainers = [ lib.maintainers.zupo ]; nodes.terminal = - { config, pkgs, lib, ... }: + { + config, + pkgs, + lib, + ... + }: let # Create a patched version of the package that points to the local dashboard # for easier testing patchedPareto = pkgs.paretosecurity.overrideAttrs (oldAttrs: { postPatch = '' substituteInPlace team/report.go \ - --replace 'const reportURL = "https://dash.paretosecurity.com"' \ - 'const reportURL = "http://dashboard"' + --replace-warn 'const reportURL = "https://dash.paretosecurity.com"' \ + 'const reportURL = "http://dashboard"' ''; }); in @@ -69,16 +74,18 @@ enableOCR = true; testScript = '' - # start networking + # Test setup + terminal.succeed("su - alice -c 'mkdir -p /home/alice/.config'") for m in [terminal, dashboard]: m.systemctl("start network-online.target") m.wait_for_unit("network-online.target") - # paretosecurity expects .config to exist - terminal.succeed("su -- alice -c 'mkdir /home/alice/.config'") + # Test 1: Test the systemd socket is installed & enabled + terminal.succeed('systemctl is-enabled paretosecurity.socket') + # Test 2: Test running checks terminal.succeed( - "su -- alice -c 'paretosecurity check" + "su - alice -c 'paretosecurity check" # Disable some checks that need intricate test setup so that this test # remains simple and fast. Tests for all checks and edge cases available # at https://github.com/ParetoSecurity/agent/tree/main/test/integration @@ -87,10 +94,12 @@ + " --skip 21830a4e-84f1-48fe-9c5b-beab436b2cdb" # Disk encryption + " --skip 44e4754a-0b42-4964-9cc2-b88b2023cb1e" # Pareto Security is up to date + " --skip f962c423-fdf5-428a-a57a-827abc9b253e" # Password manager installed + + " --skip 2e46c89a-5461-4865-a92e-3b799c12034a" # Firewall is enabled + "'" ) - terminal.succeed("su -- alice -c 'paretosecurity link" + # Test 3: Test linking + terminal.succeed("su - alice -c 'paretosecurity link" + " paretosecurity://enrollTeam/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9." + "eyJ0b2tlbiI6ImR1bW15LXRva2VuIiwidGVhbUlEIjoiZHVtbXktdGVhbS1pZCIsImlhdCI6" + "MTcwMDAwMDAwMCwiZXhwIjoxOTAwMDAwMDAwfQ.WgnL6_S0EBJHwF1wEVUG8GtIcoVvK5IjWbZpUeZr4Qw'") @@ -99,7 +108,15 @@ assert 'AuthToken = "dummy-token"' in config assert 'TeamID = "dummy-team-id"' in config + # Test 4: Test the tray icon xfce.wait_for_x() + for unit in [ + 'paretosecurity-trayicon', + 'paretosecurity-user', + 'paretosecurity-user.timer' + ]: + status, out = xfce.systemctl("is-enabled " + unit, "alice") + assert status == 0, f"Unit {unit} is not enabled (status: {status}): {out}" xfce.succeed("xdotool mousemove 850 10") xfce.wait_for_text("Pareto Security") xfce.succeed("xdotool click 1") diff --git a/pkgs/by-name/pa/paretosecurity/package.nix b/pkgs/by-name/pa/paretosecurity/package.nix index 824def6c114e..e6b5232d75cb 100644 --- a/pkgs/by-name/pa/paretosecurity/package.nix +++ b/pkgs/by-name/pa/paretosecurity/package.nix @@ -9,22 +9,18 @@ buildGoModule rec { pname = "paretosecurity"; - version = "0.0.91"; + version = "0.0.96"; src = fetchFromGitHub { owner = "ParetoSecurity"; repo = "agent"; rev = version; - hash = "sha256-/kGwV96Jp7U08jh/wPQMcoV48zQe9ixY7gpNdtFyOkk="; + hash = "sha256-SyeIGSDvrnOvyOJ0zC8CulpaMa+iZeRaMTJUSydz2tw="; }; - vendorHash = "sha256-kGrYoN0dGcSuQW47Y4LUFdHQYAoY74NOM1LLPdhmLhc="; + vendorHash = "sha256-O/OF3Y6HiiikMxf657k9eIM7UfkicIImAUxVVf/TgR8="; proxyVendor = true; - subPackages = [ - "cmd/paretosecurity" - ]; - ldflags = [ "-s" "-X=github.com/ParetoSecurity/agent/shared.Version=${version}" @@ -32,6 +28,23 @@ buildGoModule rec { "-X=github.com/ParetoSecurity/agent/shared.Date=1970-01-01T00:00:00Z" ]; + postInstall = '' + # Install global systemd files + install -Dm400 ${src}/apt/paretosecurity.socket $out/lib/systemd/system/paretosecurity.socket + install -Dm400 ${src}/apt/paretosecurity.service $out/lib/systemd/system/paretosecurity.service + substituteInPlace $out/lib/systemd/system/paretosecurity.service \ + --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity" + + # Install user systemd files + install -Dm444 ${src}/apt/paretosecurity-user.timer $out/lib/systemd/user/paretosecurity-user.timer + install -Dm444 ${src}/apt/paretosecurity-user.service $out/lib/systemd/user/paretosecurity-user.service + substituteInPlace $out/lib/systemd/user/paretosecurity-user.service \ + --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity" + install -Dm444 ${src}/apt/paretosecurity-trayicon.service $out/lib/systemd/user/paretosecurity-trayicon.service + substituteInPlace $out/lib/systemd/user/paretosecurity-trayicon.service \ + --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity" + ''; + passthru.tests = { version = testers.testVersion { version = "${version}"; @@ -50,12 +63,13 @@ buildGoModule rec { settings such as if you have disk encryption and firewall enabled. If you use the `services.paretosecurity` NixOS module, you also get a - root helper, so that you can run the checker in userspace. Some checks + root helper that allows you to run the checker in userspace. Some checks require root permissions, and the checker asks the helper to run those. Additionally, if you enable `services.paretosecurity.trayIcon`, you get a little Vilfredo Pareto living in your systray showing your the current - status of checks. + status of checks. This will also enable a systemd timer to update the + status of checks once per hour. Finally, you can run `paretosecurity link` to configure the agent to send the status of checks to https://dash.paretosecurity.com to make From 94a5d1986262aba667707491e89a01a230a46326 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 27 Mar 2025 08:51:35 +0000 Subject: [PATCH 07/58] azure-cli-extensions.containerapp: 1.1.0b3 -> 1.1.0b4 --- pkgs/by-name/az/azure-cli/extensions-manual.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/az/azure-cli/extensions-manual.nix b/pkgs/by-name/az/azure-cli/extensions-manual.nix index f9191d4ac0e4..1b0581fe24c8 100644 --- a/pkgs/by-name/az/azure-cli/extensions-manual.nix +++ b/pkgs/by-name/az/azure-cli/extensions-manual.nix @@ -83,9 +83,9 @@ containerapp = mkAzExtension rec { pname = "containerapp"; - version = "1.1.0b3"; + version = "1.1.0b4"; url = "https://azcliprod.blob.core.windows.net/cli-extensions/containerapp-${version}-py2.py3-none-any.whl"; - hash = "sha256-BPChKCEU89/+KWIlt4ocU37gLwyDUfGBO3QCqkFQhjI="; + hash = "sha256-d2pqanDERA54NGQwzO1S2D+WM1q5w1dmKjYbEdbknik="; description = "Microsoft Azure Command-Line Tools Containerapp Extension"; propagatedBuildInputs = with python3Packages; [ docker From 3e77df99289add39fa4ccabdd4ad438e9db3524f Mon Sep 17 00:00:00 2001 From: liberodark Date: Sat, 22 Feb 2025 21:10:15 +0100 Subject: [PATCH 08/58] ruffle: nightly-2025-01-25 -> nightly-2025-03-28 --- pkgs/by-name/ru/ruffle/package.nix | 221 +++++++++--------- .../ruffle/remove-deterministic-feature.patch | 52 ----- 2 files changed, 108 insertions(+), 165 deletions(-) delete mode 100644 pkgs/by-name/ru/ruffle/remove-deterministic-feature.patch diff --git a/pkgs/by-name/ru/ruffle/package.nix b/pkgs/by-name/ru/ruffle/package.nix index 5bda1d81b3c6..a6d38c66de49 100644 --- a/pkgs/by-name/ru/ruffle/package.nix +++ b/pkgs/by-name/ru/ruffle/package.nix @@ -1,31 +1,90 @@ { - alsa-lib, - fetchFromGitHub, - makeWrapper, - openssl, - pkg-config, - python3, - rustPlatform, - stdenvNoCC, lib, + stdenvNoCC, + rustPlatform, + withRuffleTools ? false, + fetchFromGitHub, + jre_minimal, + pkg-config, + wrapGAppsHook3, + darwin, + alsa-lib, + gtk3, + openssl, wayland, - xorg, vulkan-loader, udev, - jre_minimal, - cairo, - gtk3, - wrapGAppsHook3, - gsettings-desktop-schemas, - glib, libxkbcommon, openh264, - darwin, + writeShellApplication, + curl, + jq, + nix-update, }: -let +rustPlatform.buildRustPackage (finalAttrs: { pname = "ruffle"; - version = "nightly-2025-01-25"; - # TODO: Remove overridden derivation once ruffle accepts upstream openh264-2.5.0 + version = "0-nightly-2025-03-28"; + + src = fetchFromGitHub { + owner = "ruffle-rs"; + repo = "ruffle"; + tag = lib.strings.removePrefix "0-" finalAttrs.version; + hash = "sha256-p2EEoHXseIXms4Xjyi3aNWCU0W9slXkeqrCrPvq1BjI="; + }; + + useFetchCargoVendor = true; + cargoHash = "sha256-RcCIt6xVZaQA7eSgKngHtsGafHFwv1bISK0XKWoNWtI="; + cargoBuildFlags = lib.optional withRuffleTools "--workspace"; + + env = + let + tag = lib.strings.removePrefix "0-" finalAttrs.version; + versionDate = lib.strings.removePrefix "0-nightly-" finalAttrs.version; + in + { + VERGEN_IDEMPOTENT = "1"; + VERGEN_GIT_SHA = tag; + VERGEN_GIT_COMMIT_DATE = versionDate; + VERGEN_GIT_COMMIT_TIMESTAMP = "${versionDate}T00:00:00Z"; + }; + + nativeBuildInputs = + [ jre_minimal ] + ++ lib.optionals stdenvNoCC.hostPlatform.isLinux [ + pkg-config + wrapGAppsHook3 + ] + ++ lib.optionals stdenvNoCC.hostPlatform.isDarwin [ rustPlatform.bindgenHook ]; + + buildInputs = + lib.optionals stdenvNoCC.hostPlatform.isLinux [ + alsa-lib + gtk3 + openssl + wayland + vulkan-loader + udev + ] + ++ lib.optionals stdenvNoCC.hostPlatform.isDarwin [ darwin.apple_sdk.frameworks.AppKit ]; + + postInstall = + '' + mv $out/bin/ruffle_desktop $out/bin/ruffle + install -Dm644 LICENSE.md -t $out/share/doc/ruffle + install -Dm644 README.md -t $out/share/doc/ruffle + '' + + lib.optionalString stdenvNoCC.hostPlatform.isLinux '' + install -Dm644 desktop/packages/linux/rs.ruffle.Ruffle.desktop \ + -t $out/share/applications/ + + install -Dm644 desktop/packages/linux/rs.ruffle.Ruffle.svg \ + -t $out/share/icons/hicolor/scalable/apps/ + + install -Dm644 desktop/packages/linux/rs.ruffle.Ruffle.metainfo.xml \ + -t $out/share/metainfo/ + ''; + + # Prevents ruffle from downloading openh264 at runtime for Linux openh264-241 = if stdenvNoCC.hostPlatform.isLinux then openh264.overrideAttrs (_: rec { @@ -40,99 +99,35 @@ let }) else null; -in -rustPlatform.buildRustPackage { - inherit pname version; - - src = fetchFromGitHub { - owner = "ruffle-rs"; - repo = pname; - tag = version; - hash = "sha256-JLh0tatP70rYo2QXLKu6M9jJ1gFpY76sYaUJqW9U4E0="; - }; - - patches = [ ./remove-deterministic-feature.patch ]; - - useFetchCargoVendor = true; - cargoHash = "sha256-PbNp/V+xmU6Lo24a6pd9XoT/LQmINztjOHKoikG9N4Y="; - - nativeBuildInputs = - [ jre_minimal ] - ++ lib.optionals stdenvNoCC.hostPlatform.isLinux [ - glib - gsettings-desktop-schemas - makeWrapper - pkg-config - python3 - wrapGAppsHook3 - ] - ++ lib.optionals stdenvNoCC.hostPlatform.isDarwin [ rustPlatform.bindgenHook ]; - - buildInputs = - lib.optionals stdenvNoCC.hostPlatform.isLinux [ - alsa-lib - cairo - gtk3 - openssl - wayland - xorg.libX11 - xorg.libXcursor - xorg.libXi - xorg.libxcb - xorg.libXrender - vulkan-loader - udev - ] - ++ lib.optionals stdenvNoCC.hostPlatform.isDarwin [ darwin.apple_sdk.frameworks.AppKit ]; - - cargoBuildFlags = [ "--workspace" ]; - - postInstall = - '' - # Namespace binaries with "ruffle_" - mv $out/bin/exporter $out/bin/ruffle_exporter - mv $out/bin/mocket $out/bin/ruffle_mocket - mv $out/bin/stub-report $out/bin/ruffle_stub-report - mv $out/bin/build_playerglobal $out/bin/ruffle_build_playerglobal - - # This name is too specific - mv $out/bin/ruffle_desktop $out/bin/ruffle - '' - + lib.optionalString stdenvNoCC.hostPlatform.isLinux '' - install -Dm644 desktop/packages/linux/rs.ruffle.Ruffle.desktop \ - -t $out/share/applications/ - - install -Dm644 desktop/packages/linux/rs.ruffle.Ruffle.svg \ - -t $out/share/icons/hicolor/scalable/apps/ - - install -Dm644 desktop/packages/linux/rs.ruffle.Ruffle.metainfo.xml \ - -t $out/share/metainfo/ - - rm $out/bin/ruffle_web_safari - ''; preFixup = lib.optionalString stdenvNoCC.hostPlatform.isLinux '' - patchelf $out/bin/ruffle \ - --add-needed libxkbcommon-x11.so \ - --add-needed libwayland-client.so \ - --add-needed libopenh264.so \ - --add-rpath ${libxkbcommon}/lib:${wayland}/lib:${openh264-241}/lib + gappsWrapperArgs+=(--prefix LD_LIBRARY_PATH : ${ + lib.makeLibraryPath [ + libxkbcommon + finalAttrs.openh264-241 + vulkan-loader + wayland + ] + }) ''; - dontWrapGApps = true; - - postFixup = lib.optionalString stdenvNoCC.hostPlatform.isLinux '' - vulkanWrapperArgs+=( - --prefix LD_LIBRARY_PATH ':' ${vulkan-loader}/lib - ) - - wrapProgram $out/bin/ruffle_exporter \ - "''${vulkanWrapperArgs[@]}" - - wrapProgram $out/bin/ruffle \ - "''${vulkanWrapperArgs[@]}" \ - "''${gappsWrapperArgs[@]}" - ''; + passthru = { + updateScript = lib.getExe (writeShellApplication { + name = "ruffle-update"; + runtimeInputs = [ + curl + jq + nix-update + ]; + text = '' + version="$( \ + curl https://api.github.com/repos/ruffle-rs/ruffle/releases?per_page=1 | \ + jq -r ".[0].tag_name" \ + )" + exec nix-update --version "0-$version" ruffle + ''; + }); + }; meta = { description = "Cross platform Adobe Flash Player emulator"; @@ -142,13 +137,13 @@ rustPlatform.buildRustPackage { and 3 programs with machine-native performance thanks to being written in the Rust programming language. - This package for ruffle also includes the `exporter` and - `scanner` utilities which allow for generating screenshots as - PNGs and parsing `.swf` files in bulk respectively. + Additionally, overriding the `withRuffleTools` input to + `true` will build all the available packages in the ruffle + project, including the `exporter` and `scanner` utilities. ''; homepage = "https://ruffle.rs/"; downloadPage = "https://ruffle.rs/downloads"; - changelog = "https://github.com/ruffle-rs/ruffle/releases/tag/${version}"; + changelog = "https://github.com/ruffle-rs/ruffle/releases/tag/${lib.strings.removePrefix "0-" finalAttrs.version}"; license = [ lib.licenses.mit lib.licenses.asl20 @@ -160,4 +155,4 @@ rustPlatform.buildRustPackage { mainProgram = "ruffle"; platforms = lib.platforms.linux ++ lib.platforms.darwin; }; -} +}) diff --git a/pkgs/by-name/ru/ruffle/remove-deterministic-feature.patch b/pkgs/by-name/ru/ruffle/remove-deterministic-feature.patch deleted file mode 100644 index 804bc46c22be..000000000000 --- a/pkgs/by-name/ru/ruffle/remove-deterministic-feature.patch +++ /dev/null @@ -1,52 +0,0 @@ -diff --git a/exporter/Cargo.toml b/exporter/Cargo.toml -index 93066a30d..0f8b71ae4 100644 ---- a/exporter/Cargo.toml -+++ b/exporter/Cargo.toml -@@ -13,7 +13,7 @@ workspace = true - [dependencies] - clap = { workspace = true } - futures = { workspace = true } --ruffle_core = { path = "../core", features = ["deterministic", "default_font"] } -+ruffle_core = { path = "../core", features = ["default_font"] } - ruffle_render_wgpu = { path = "../render/wgpu", features = ["clap"] } - image = { workspace = true, features = ["png"] } - walkdir = { workspace = true } -diff --git a/scanner/Cargo.toml b/scanner/Cargo.toml -index 59781ba79..40cf54c24 100644 ---- a/scanner/Cargo.toml -+++ b/scanner/Cargo.toml -@@ -12,7 +12,7 @@ workspace = true - - [dependencies] - clap = { workspace = true } --ruffle_core = { path = "../core", features = ["deterministic"] } -+ruffle_core = { path = "../core" } - log = { workspace = true } - walkdir = { workspace = true } - serde = { workspace = true, features = ["derive"] } -diff --git a/tests/Cargo.toml b/tests/Cargo.toml -index 26bfc9a89..b7342b662 100644 ---- a/tests/Cargo.toml -+++ b/tests/Cargo.toml -@@ -27,7 +27,7 @@ ruffle_render_wgpu = { path = "../render/wgpu", optional = true } - regex = "1.11.1" - - [dev-dependencies] --ruffle_core = { path = "../core", features = ["deterministic", "timeline_debug", "avm_debug", "audio", "mp3", "aac", "default_font", "test_only_as3"] } -+ruffle_core = { path = "../core", features = ["timeline_debug", "avm_debug", "audio", "mp3", "aac", "default_font", "test_only_as3"] } - ruffle_test_framework = { path = "framework" } - libtest-mimic = "0.8.1" - walkdir = { workspace = true } -diff --git a/tests/framework/Cargo.toml b/tests/framework/Cargo.toml -index ffc59e25b..639028578 100644 ---- a/tests/framework/Cargo.toml -+++ b/tests/framework/Cargo.toml -@@ -11,7 +11,7 @@ version.workspace = true - workspace = true - - [dependencies] --ruffle_core = { path = "../../core", features = ["deterministic", "timeline_debug", "avm_debug", "audio", "mp3", "aac", "default_font", "serde"] } -+ruffle_core = { path = "../../core", features = ["timeline_debug", "avm_debug", "audio", "mp3", "aac", "default_font", "serde"] } - ruffle_render = { path = "../../render", features = ["serde"] } - ruffle_input_format = { path = "../input-format" } - ruffle_socket_format = { path = "../socket-format" } \ No newline at end of file From cc4dba893438e5a8e94fe79433a82b850cc64781 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Sun, 30 Mar 2025 19:33:14 -0700 Subject: [PATCH 09/58] routino: 3.4.1 -> 3.4.2 Changelog: http://routino.org/software/NEWS.txt --- pkgs/by-name/ro/routino/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/ro/routino/package.nix b/pkgs/by-name/ro/routino/package.nix index adffbdb9fd5e..2844356923b5 100644 --- a/pkgs/by-name/ro/routino/package.nix +++ b/pkgs/by-name/ro/routino/package.nix @@ -10,11 +10,11 @@ stdenv.mkDerivation rec { pname = "routino"; - version = "3.4.1"; + version = "3.4.2"; src = fetchurl { url = "https://routino.org/download/routino-${version}.tgz"; - hash = "sha256-C6qNKljRdV0ProbgSxfrZLgZH+Pl8kcpKmTb83GLhSs="; + hash = "sha256-Dms1u/KuS6qFYcslKfsvIFPx0ApdyWtKK/XlgW+kToI="; }; patchFlags = [ "-p0" ]; From 6412ed67a64bb5b893e273da5c14c263c926e36a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Sun, 30 Mar 2025 20:53:29 -0700 Subject: [PATCH 10/58] python313Packages.pathy: mark broken It is incompatible with recent versions of pathlib-abc. --- pkgs/development/python-modules/pathy/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/python-modules/pathy/default.nix b/pkgs/development/python-modules/pathy/default.nix index fa7286d46879..a8b2cace6fdb 100644 --- a/pkgs/development/python-modules/pathy/default.nix +++ b/pkgs/development/python-modules/pathy/default.nix @@ -48,6 +48,8 @@ buildPythonPackage rec { pythonImportsCheck = [ "pathy" ]; meta = with lib; { + # https://github.com/justindujardin/pathy/issues/113 + broken = pathlib-abc.version != "0.1.1"; description = "Path interface for local and cloud bucket storage"; mainProgram = "pathy"; homepage = "https://github.com/justindujardin/pathy"; From f82496aa9082ee4497ba4b3283f379d9ee247c3f Mon Sep 17 00:00:00 2001 From: Mauricio Collares Date: Mon, 31 Mar 2025 16:27:27 -0300 Subject: [PATCH 11/58] m4ri: 20240729 -> 20250128 --- pkgs/by-name/m4/m4ri/package.nix | 38 +++----------------------------- 1 file changed, 3 insertions(+), 35 deletions(-) diff --git a/pkgs/by-name/m4/m4ri/package.nix b/pkgs/by-name/m4/m4ri/package.nix index ecdaf447b6bb..a7d750da16e6 100644 --- a/pkgs/by-name/m4/m4ri/package.nix +++ b/pkgs/by-name/m4/m4ri/package.nix @@ -6,48 +6,16 @@ }: stdenv.mkDerivation rec { - version = "20240729"; + version = "20250128"; pname = "m4ri"; src = fetchFromGitHub { owner = "malb"; repo = "m4ri"; - # 20240729 has a broken m4ri.pc file, fixed in the next commit. - # TODO: remove if on update - rev = - if version == "20240729" then "775189bfea96ffaeab460513413fcf4fbcd64392" else "release-${version}"; - hash = "sha256-untwo0go8O8zNO0EyZ4n/n7mngSXLr3Z/FSkXA8ptnU="; + rev = version; + hash = "sha256-YoCTI4dLy95xuRJyNugIzGxE40B9pCWxRQtsyS/1Pds="; }; - # based on the list in m4/m4_ax_ext.m4 - configureFlags = builtins.map (s: "ax_cv_have_${s}_cpu_ext=no") ( - [ - "sha" - "xop" - ] - ++ lib.optional (!stdenv.hostPlatform.sse3Support) "sse3" - ++ lib.optional (!stdenv.hostPlatform.ssse3Support) "ssse3" - ++ lib.optional (!stdenv.hostPlatform.sse4_1Support) "sse41" - ++ lib.optional (!stdenv.hostPlatform.sse4_2Support) "sse42" - ++ lib.optional (!stdenv.hostPlatform.sse4_aSupport) "sse4a" - ++ lib.optional (!stdenv.hostPlatform.aesSupport) "aes" - ++ lib.optional (!stdenv.hostPlatform.avxSupport) "avx" - ++ lib.optional (!stdenv.hostPlatform.fmaSupport) "fma3" - ++ lib.optional (!stdenv.hostPlatform.fma4Support) "fma4" - ++ lib.optional (!stdenv.hostPlatform.avx2Support) "avx2" - ++ lib.optionals (!stdenv.hostPlatform.avx512Support) [ - "avx512f" - "avx512cd" - "avx512pf" - "avx512er" - "avx512vl" - "avx512bw" - "avx512dq" - "avx512ifma" - "avx512vbmi" - ] - ); - doCheck = true; nativeBuildInputs = [ From 291295f6940d0f275cf1fa483a41ed82a3b1e435 Mon Sep 17 00:00:00 2001 From: Mauricio Collares Date: Mon, 31 Mar 2025 16:31:02 -0300 Subject: [PATCH 12/58] m4rie: 20250103 -> 20250128 --- pkgs/by-name/m4/m4rie/package.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/pkgs/by-name/m4/m4rie/package.nix b/pkgs/by-name/m4/m4rie/package.nix index ed424dc6aa21..270638f4d730 100644 --- a/pkgs/by-name/m4/m4rie/package.nix +++ b/pkgs/by-name/m4/m4rie/package.nix @@ -1,20 +1,21 @@ { lib, stdenv, - fetchFromBitbucket, + fetchFromGitHub, autoreconfHook, + pkg-config, m4ri, }: stdenv.mkDerivation rec { - version = "20250103"; + version = "20250128"; pname = "m4rie"; - src = fetchFromBitbucket { + src = fetchFromGitHub { owner = "malb"; repo = "m4rie"; - rev = "release-${version}"; - hash = "sha256-CbzDLSqdtQ+CLKoKycznKzD3VCa+gfuh8TLvRC1fVz0="; + rev = version; + hash = "sha256-tw6ZX8hKfr9wQLF2nuO1dSkkTYZX6pzNWMlWfzLqQNE="; }; doCheck = true; @@ -28,6 +29,7 @@ stdenv.mkDerivation rec { makeFlags = [ ] ++ lib.optionals stdenv.hostPlatform.isDarwin [ "CFLAGS=-O0" ]; nativeBuildInputs = [ autoreconfHook + pkg-config ]; meta = with lib; { From 1ff2c3305574d1cebde5e6d1fedb3ec6280f4069 Mon Sep 17 00:00:00 2001 From: Arian van Putten Date: Tue, 1 Apr 2025 10:04:35 +0100 Subject: [PATCH 13/58] fluent-bit: 3.2.9 -> 3.2.6 fluent-bit 3.2.7, 3.2.8 and 3.2.9 are segfaulting when used in combination with the systemd input. Lets revert to 3.2.6 for now. Upstream bug: https://github.com/fluent/fluent-bit/issues/10139 Note that fluent-bit-3.2.7 fixes two high CVEs which we are now reintroducing. However they are only exploitable if you are using the OpenTelemetry input or the Prometheus Remote Write input. OpenTelemetry input: [CVE-2024-50609](https://nvd.nist.gov/vuln/detail/CVE-2024-50609) Prometheus Remote Write input: [CVE-2024-50608](https://nvd.nist.gov/vuln/detail/CVE-2024-50608) The problem is as follows: 3.2.7 started vendoring a copy of `libzstd` in tree and statically linking against it. Also, the fluent-bit binary exports the symbols of static libraries it links against. This is a problem because `libzstd` gets `dlopen()`ed by `libsystemd` when enumerating the journal (as journal logs are zstd compressed). and `libzstd` in Nixpkgs is built with `-DZSTD_LEGACY_SUPPORT=0` which causes `struct ZSTD_DCtx` to be 16 bytes smaller than without this flag https://github.com/facebook/zstd/blob/dev/lib/decompress/zstd_decompress_internal.h#L183-L187 `libsystemd` calls [`sym_ZSTD_createDCtx()`](https://github.com/systemd/systemd/blob/1e79a2923364b65fc9f347884dd5b9b2087f6e32/src/basic/compress.c#L480) which calls the function pointer returned by `dlsym()` which is calling into the `libzstd` that comes with `nixpkgs` and thus allocates a struct that is 16 bytes smaller. Later then `sym_ZSTD_freeDCtx()` is called. However because fluent-bit has `zstd` in its global symbol table, any functions that `sym_ZSTD_freeDCtx()` calls will be calls to the functions in the vendored fluent-bit version of the library which expects the larger struct. This then causes enough heap corruption to cause a segfault. E.g. the subsequent calls to `ZSTD_clearDict(dctx)` and `ZSTD_customFree(dctx->inBuff)` in https://github.com/facebook/zstd/blob/dev/lib/decompress/zstd_decompress.c#L324 will be working on a struct that is 16 bytes smaller than the one that was allocated by `libsystemd` and will cause a segfault at some point and thus are probably modifying pieces of memory that they shouldn't (gdb) bt #0 0x00007f10e7e9916c in __pthread_kill_implementation () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 #1 0x00007f10e7e40e86 in raise () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 #2 0x00007f10e7e2893a in abort () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 #3 0x000000000046a938 in flb_signal_handler () #4 #5 0x00007f10e7ea42b7 in unlink_chunk.isra () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 #6 0x00007f10e7ea45cd in _int_free_create_chunk () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 #7 0x00007f10e7ea5a1c in _int_free_merge_chunk () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 #8 0x00007f10e7ea5dc9 in _int_free () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 #9 0x00007f10e7ea8613 in free () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 #10 0x00007f10e80ad3b5 in ZSTD_freeDCtx () from /nix/store/wy0slah6yvchgra8nhp6vgrqa6ay72cq-zstd-1.5.6/lib/libzstd.so.1 #11 0x00007f10e8c90f6b in decompress_blob_zstd () from /nix/store/b2cfj7yk3wfg1jdwjzim7306hvsc5gnl-systemd-257.3/lib/libsystemd.so.0 #12 0x00007f10e8bf0efe in journal_file_data_payload () from /nix/store/b2cfj7yk3wfg1jdwjzim7306hvsc5gnl-systemd-257.3/lib/libsystemd.so.0 #13 0x00007f10e8c00f74 in sd_journal_enumerate_data () from /nix/store/b2cfj7yk3wfg1jdwjzim7306hvsc5gnl-systemd-257.3/lib/libsystemd.so.0 #14 0x00000000004eae2f in in_systemd_collect () #15 0x00000000004eb5a0 in in_systemd_collect_archive () #16 0x000000000047aa18 in flb_input_collector_fd () #17 0x0000000000495223 in flb_engine_start () #18 0x000000000046f304 in flb_lib_worker () #19 0x00007f10e7e972e3 in start_thread () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 #20 0x00007f10e7f1b2fc in __clone3 () from /nix/store/rmy663w9p7xb202rcln4jjzmvivznmz8-glibc-2.40-66/lib/libc.so.6 Reverts 7310ab328b827beaf7ea2e296561487e6272bed5 Reverts 4fbc6cf9c39450234c00ec87a4fdb0640d0a4f30 --- pkgs/by-name/fl/fluent-bit/package.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/fl/fluent-bit/package.nix b/pkgs/by-name/fl/fluent-bit/package.nix index 941a006b6161..52a06e4cda95 100644 --- a/pkgs/by-name/fl/fluent-bit/package.nix +++ b/pkgs/by-name/fl/fluent-bit/package.nix @@ -28,13 +28,14 @@ stdenv.mkDerivation (finalAttrs: { pname = "fluent-bit"; - version = "3.2.9"; + # FIXME: We are deliberately on 3.2.6 as 3.2.7 and above are causing segfaults (https://github.com/fluent/fluent-bit/issues/10139) + version = "3.2.6"; src = fetchFromGitHub { owner = "fluent"; repo = "fluent-bit"; tag = "v${finalAttrs.version}"; - hash = "sha256-10L+w9SLfblE9Ok9lvZdU1i63NRtw/pT5ePk+zJwvHQ="; + hash = "sha256-S0sb954n17z+zrVNkYd6yiV01aNbOLJLOV+34PRkSXQ="; }; # The source build documentation covers some dependencies and CMake options. From de1cc8fe1d16471543735b96e51e6434bb48e26f Mon Sep 17 00:00:00 2001 From: Sebaguardian Date: Tue, 1 Apr 2025 19:12:48 +0200 Subject: [PATCH 14/58] vimPlugins.jule-nvim: init at 2025-02-22 --- pkgs/applications/editors/vim/plugins/vim-plugin-names | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/applications/editors/vim/plugins/vim-plugin-names b/pkgs/applications/editors/vim/plugins/vim-plugin-names index 9de4fa3eb844..ccf8e647afcc 100644 --- a/pkgs/applications/editors/vim/plugins/vim-plugin-names +++ b/pkgs/applications/editors/vim/plugins/vim-plugin-names @@ -492,6 +492,7 @@ https://github.com/HiPhish/jinja.vim/,HEAD, https://github.com/vito-c/jq.vim/,, https://github.com/neoclide/jsonc.vim/,, https://github.com/Myzel394/jsonfly.nvim/,HEAD, +https://github.com/julelang/jule.nvim/,HEAD, https://github.com/JuliaEditorSupport/julia-vim/,, https://github.com/GCBallesteros/jupytext.nvim/,HEAD, https://github.com/rebelot/kanagawa.nvim/,, From 6ac38abf29cc60f2e4c7b405692dfa0b03afe60d Mon Sep 17 00:00:00 2001 From: "Adam C. Stephens" Date: Mon, 31 Mar 2025 17:17:52 -0400 Subject: [PATCH 15/58] nixos/tests/envoy: migrate to runTests --- nixos/tests/all-tests.nix | 5 +- nixos/tests/envoy.nix | 108 +++++++++++++++++++------------------- 2 files changed, 57 insertions(+), 56 deletions(-) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 3fc31d6f5909..ac99791699b2 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -407,7 +407,10 @@ in enlightenment = handleTest ./enlightenment.nix { }; env = handleTest ./env.nix { }; envfs = handleTest ./envfs.nix { }; - envoy = handleTest ./envoy.nix { }; + envoy = runTest { + imports = [ ./envoy.nix ]; + _module.args.envoyPackage = pkgs.envoy; + }; ergo = handleTest ./ergo.nix { }; ergochat = handleTest ./ergochat.nix { }; eris-server = handleTest ./eris-server.nix { }; diff --git a/nixos/tests/envoy.nix b/nixos/tests/envoy.nix index d669b2bb718f..6cbf782a421f 100644 --- a/nixos/tests/envoy.nix +++ b/nixos/tests/envoy.nix @@ -1,62 +1,60 @@ -import ./make-test-python.nix ( - { pkgs, lib, ... }: - { - name = "envoy"; - meta = with pkgs.lib.maintainers; { - maintainers = [ cameronnemo ]; - }; +{ envoyPackage, lib, ... }: +{ + name = envoyPackage.pname; - nodes.machine = - { pkgs, ... }: - { - services.envoy.enable = true; - services.envoy.settings = { - admin = { - access_log_path = "/dev/null"; - address = { - socket_address = { - protocol = "TCP"; - address = "127.0.0.1"; - port_value = 80; - }; - }; + meta = with lib.maintainers; { + maintainers = [ cameronnemo ]; + }; + + nodes.machine = { + services.envoy.enable = true; + services.envoy.package = envoyPackage; + services.envoy.settings = { + admin = { + access_log_path = "/dev/null"; + address = { + socket_address = { + protocol = "TCP"; + address = "127.0.0.1"; + port_value = 80; }; - static_resources = { - listeners = [ ]; - clusters = [ ]; - }; - }; - specialisation = { - withoutConfigValidation.configuration = - { ... }: - { - services.envoy = { - requireValidConfig = false; - settings.admin.access_log_path = lib.mkForce "/var/log/envoy/access.log"; - }; - }; }; }; + static_resources = { + listeners = [ ]; + clusters = [ ]; + }; + }; + specialisation = { + withoutConfigValidation.configuration = + { ... }: + { + services.envoy = { + requireValidConfig = false; + settings.admin.access_log_path = lib.mkForce "/var/log/envoy/access.log"; + }; + }; + }; + }; - testScript = - { nodes, ... }: - let - specialisations = "${nodes.machine.system.build.toplevel}/specialisation"; - in - '' - machine.start() + testScript = + { nodes, ... }: + let + specialisations = "${nodes.machine.system.build.toplevel}/specialisation"; + in + '' + machine.start() - with subtest("envoy.service starts and responds with ready"): - machine.wait_for_unit("envoy.service") - machine.wait_for_open_port(80) - machine.wait_until_succeeds("curl -fsS localhost:80/ready") + with subtest("envoy.service starts and responds with ready"): + machine.wait_for_unit("envoy.service") + machine.wait_for_open_port(80) + machine.wait_until_succeeds("curl -fsS localhost:80/ready") - with subtest("envoy.service works with config path not available at eval time"): - machine.succeed('${specialisations}/withoutConfigValidation/bin/switch-to-configuration test') - machine.wait_for_unit("envoy.service") - machine.wait_for_open_port(80) - machine.wait_until_succeeds("curl -fsS localhost:80/ready") - machine.succeed('test -f /var/log/envoy/access.log') - ''; - } -) + with subtest("envoy.service works with config path not available at eval time"): + machine.succeed('${specialisations}/withoutConfigValidation/bin/switch-to-configuration test') + machine.wait_for_unit("envoy.service") + machine.wait_for_open_port(80) + machine.wait_until_succeeds("curl -fsS localhost:80/ready") + machine.succeed('test -f /var/log/envoy/access.log') + ''; +} From b2f768a31c56788a1a6a108e428b04fdad69cc07 Mon Sep 17 00:00:00 2001 From: "Adam C. Stephens" Date: Mon, 31 Mar 2025 17:17:52 -0400 Subject: [PATCH 16/58] envoy-bin: init at 1.33.2 --- nixos/tests/all-tests.nix | 4 ++ pkgs/by-name/en/envoy-bin/package.nix | 77 +++++++++++++++++++++++++++ pkgs/by-name/en/envoy-bin/update.sh | 32 +++++++++++ 3 files changed, 113 insertions(+) create mode 100644 pkgs/by-name/en/envoy-bin/package.nix create mode 100755 pkgs/by-name/en/envoy-bin/update.sh diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index ac99791699b2..ed86de0b19fb 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -411,6 +411,10 @@ in imports = [ ./envoy.nix ]; _module.args.envoyPackage = pkgs.envoy; }; + envoy-bin = runTest { + imports = [ ./envoy.nix ]; + _module.args.envoyPackage = pkgs.envoy-bin; + }; ergo = handleTest ./ergo.nix { }; ergochat = handleTest ./ergochat.nix { }; eris-server = handleTest ./eris-server.nix { }; diff --git a/pkgs/by-name/en/envoy-bin/package.nix b/pkgs/by-name/en/envoy-bin/package.nix new file mode 100644 index 000000000000..9379db80d7ad --- /dev/null +++ b/pkgs/by-name/en/envoy-bin/package.nix @@ -0,0 +1,77 @@ +{ + lib, + stdenv, + autoPatchelfHook, + fetchurl, + makeWrapper, + nixosTests, + versionCheckHook, +}: +let + version = "1.33.2"; + inherit (stdenv.hostPlatform) system; + throwSystem = throw "envoy-bin is not available for ${system}."; + + plat = + { + aarch64-linux = "aarch_64"; + x86_64-linux = "x86_64"; + } + .${system} or throwSystem; + + hash = + { + aarch64-linux = "sha256-gew2iaghIu/wymgMSBdvTTUbb5iBp5zJ2QeKb7Swtqg="; + x86_64-linux = "sha256-vS/4fF78lf14gNcQkV9XPBqrTZxV2NqIbc2R30P610E="; + } + .${system} or throwSystem; +in +stdenv.mkDerivation { + pname = "envoy-bin"; + inherit version; + + src = fetchurl { + url = "https://github.com/envoyproxy/envoy/releases/download/v${version}/envoy-${version}-linux-${plat}"; + inherit hash; + }; + + nativeBuildInputs = [ autoPatchelfHook ]; + buildInputs = [ makeWrapper ]; + + dontUnpack = true; + dontBuild = true; + + installPhase = '' + runHook preInstall + mkdir -p $out/bin + install -m755 $src $out/bin/envoy + runHook postInstall + ''; + + nativeInstallCheckInputs = [ versionCheckHook ]; + doInstallCheck = true; + versionCheckProgram = "${placeholder "out"}/bin/envoy"; + versionCheckProgramArg = "--version"; + + passthru = { + tests.envoy-bin = nixosTests.envoy-bin; + + updateScript = ./update.sh; + }; + + meta = { + homepage = "https://envoyproxy.io"; + changelog = "https://github.com/envoyproxy/envoy/releases/tag/v${version}"; + description = "Cloud-native edge and service proxy"; + license = lib.licenses.asl20; + sourceProvenance = [ lib.sourceTypes.binaryNativeCode ]; + maintainers = with lib.maintainers; [ + adamcstephens + ]; + mainProgram = "envoy"; + platforms = [ + "x86_64-linux" + "aarch64-linux" + ]; + }; +} diff --git a/pkgs/by-name/en/envoy-bin/update.sh b/pkgs/by-name/en/envoy-bin/update.sh new file mode 100755 index 000000000000..df32827256aa --- /dev/null +++ b/pkgs/by-name/en/envoy-bin/update.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl gnused gawk nix-prefetch common-updater-scripts jq + +set -euo pipefail + +ROOT="$(dirname "$(readlink -f "$0")")" +NIX_DRV="$ROOT/package.nix" +if [ ! -f "$NIX_DRV" ]; then + echo "ERROR: cannot find package.nix in $ROOT" + exit 1 +fi + +fetch_arch() { + VER="$1" + ARCH="$2" + URL="https://github.com/envoyproxy/envoy/releases/download/v${VER}/envoy-${VER}-linux-${ARCH}" + nix hash convert --to sri --hash-algo sha256 "$(nix-prefetch-url --type sha256 "$URL")" +} + +replace_hash() { + sed -i "s#$1 = \"sha256-.\{44\}\"#$1 = \"$2\"#" "$NIX_DRV" +} + +VER=$(list-git-tags --url=https://github.com/envoyproxy/envoy | rg 'v[0-9\.]*$' | sed -e 's/^v//' | sort -V | tail -n 1) + +LINUX_X64_HASH=$(fetch_arch "$VER" "x86_64") +LINUX_AARCH64_HASH=$(fetch_arch "$VER" "aarch_64") + +sed -i "s/version = \".*\"/version = \"$VER\"/" "$NIX_DRV" + +replace_hash "x86_64-linux" "$LINUX_X64_HASH" +replace_hash "aarch64-linux" "$LINUX_AARCH64_HASH" From 37f9bb5231a6e8f363d288faef2ffe98ea06880b Mon Sep 17 00:00:00 2001 From: Katherine Jamison Date: Tue, 1 Apr 2025 18:18:03 -0600 Subject: [PATCH 17/58] linuxKernel.kernels.linux_lqx: 6.13.8-lqx1 -> 6.14.0-lqx1 --- pkgs/os-specific/linux/kernel/zen-kernels.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/zen-kernels.nix b/pkgs/os-specific/linux/kernel/zen-kernels.nix index e9ac6d07ea69..97af24aadb67 100644 --- a/pkgs/os-specific/linux/kernel/zen-kernels.nix +++ b/pkgs/os-specific/linux/kernel/zen-kernels.nix @@ -23,9 +23,9 @@ let }; # ./update-zen.py lqx lqx = { - version = "6.13.8"; # lqx + version = "6.14.0"; # lqx suffix = "lqx1"; # lqx - sha256 = "0r61imcqlqndmjxgzjjb2p4g2kfxdndm32qzai2jcg21910c2j2m"; # lqx + sha256 = "1py2zg8wr5azr88ixm04v3nvlfihk7iimzc7sdjgz2mb0ji5kxjc"; # lqx isLqx = true; }; }; From 443919025c9a4fd8b185d59198e61eb1681ea337 Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Wed, 2 Apr 2025 05:22:58 +0200 Subject: [PATCH 18/58] librewolf: 136.0.4-1 -> 137.0-1 --- .../networking/browsers/librewolf/src.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/applications/networking/browsers/librewolf/src.json b/pkgs/applications/networking/browsers/librewolf/src.json index 510aab612186..7c0bf123fb9c 100644 --- a/pkgs/applications/networking/browsers/librewolf/src.json +++ b/pkgs/applications/networking/browsers/librewolf/src.json @@ -1,11 +1,11 @@ { - "packageVersion": "136.0.4-1", + "packageVersion": "137.0-1", "source": { - "rev": "136.0.4-1", - "hash": "sha256-ymW9vj4CariMaswrMQRKYEvTofFRjc50gF9EmTuhsRA=" + "rev": "137.0-1", + "hash": "sha256-xynkPKn4JDLVdDEYjmBvEKIHoW83Xackpx/+rnXci5g=" }, "firefox": { - "version": "136.0.4", - "hash": "sha512-wiUqpi0BXO1lNMsqwHH2gImZe0ZpAIPMHv9LrTBq5shlQ3Ge0tNfb5c790Rn1qBKukYNMJwG3qQl52xyDjROKA==" + "version": "137.0", + "hash": "sha512-gaLAzBT/wuSeSTeebCq1bPtuE7ZmZqZPOr/0SkO7Ln3BcnTTJdHCCvBi1Av/gGPXiNSy+TGnpkbbiwcgTKa0gQ==" } } From 0ba099095089b3e22af0384f04e8aa34739da636 Mon Sep 17 00:00:00 2001 From: Aaron Jheng Date: Wed, 2 Apr 2025 12:04:30 +0800 Subject: [PATCH 19/58] vsce: 3.3.0 -> 3.3.2 --- pkgs/by-name/vs/vsce/package.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/pkgs/by-name/vs/vsce/package.nix b/pkgs/by-name/vs/vsce/package.nix index 835104babfea..91429d8bd801 100644 --- a/pkgs/by-name/vs/vsce/package.nix +++ b/pkgs/by-name/vs/vsce/package.nix @@ -10,21 +10,21 @@ nix-update-script, }: -buildNpmPackage rec { +buildNpmPackage (finalAttrs: { pname = "vsce"; - version = "3.3.0"; + version = "3.3.2"; src = fetchFromGitHub { owner = "microsoft"; repo = "vscode-vsce"; - rev = "v${version}"; - hash = "sha256-z2OxVK/zbKr1AvWO74aoZHU/e3GPCF0QMINdNhbzNXc="; + rev = "v${finalAttrs.version}"; + hash = "sha256-6Rls+t1NkU1bZuT8ZWpKYeGmAdMpNFuYGfdZhtszZQ8="; }; - npmDepsHash = "sha256-RIurea4cdH47q9axGtNTIZMeDOAqqdjovaE34A7M2uI="; + npmDepsHash = "sha256-HZkzH5flOPiTUvFW/DOi5n034RAvMoU9lRvB6Omdb2M="; postPatch = '' - substituteInPlace package.json --replace-fail '"version": "0.0.0"' '"version": "${version}"' + substituteInPlace package.json --replace-fail '"version": "0.0.0"' '"version": "${finalAttrs.version}"' ''; nativeBuildInputs = [ @@ -56,4 +56,4 @@ buildNpmPackage rec { license = lib.licenses.mit; mainProgram = "vsce"; }; -} +}) From 0059372ab2b2ebb2aac4ebdc8d134e8b5771b124 Mon Sep 17 00:00:00 2001 From: TessyJames28 Date: Tue, 1 Apr 2025 18:09:35 +0000 Subject: [PATCH 20/58] arandr: make reproducible by setting mtime=0 --- pkgs/by-name/ar/arandr/gzip-timestamp-fix.patch | 15 +++++++++++++++ pkgs/by-name/ar/arandr/package.nix | 13 ++++++++++--- 2 files changed, 25 insertions(+), 3 deletions(-) create mode 100644 pkgs/by-name/ar/arandr/gzip-timestamp-fix.patch diff --git a/pkgs/by-name/ar/arandr/gzip-timestamp-fix.patch b/pkgs/by-name/ar/arandr/gzip-timestamp-fix.patch new file mode 100644 index 000000000000..7d214afb41f2 --- /dev/null +++ b/pkgs/by-name/ar/arandr/gzip-timestamp-fix.patch @@ -0,0 +1,15 @@ +--- setup.py 2025-04-01 11:24:54.530984662 +0000 ++++ setup.py 2025-04-01 13:54:46.961341548 +0000 + +@@ -111,9 +111,11 @@ + info('compressing man page to %s', gzfile) + + if not self.dry_run: +- compressed = gzip.open(gzfile, 'w', 9) +- compressed.write(manpage) +- compressed.close() ++ with open(gzfile, 'wb') as file: ++ with gzip.GzipFile(fileobj=file, mode='wb', filename='', mtime=0, compresslevel=9) as compressed: ++ compressed.write(manpage) ++ compressed.close() ++ file.close() diff --git a/pkgs/by-name/ar/arandr/package.nix b/pkgs/by-name/ar/arandr/package.nix index 9c8f86e2c9b3..9a7b58a7b720 100644 --- a/pkgs/by-name/ar/arandr/package.nix +++ b/pkgs/by-name/ar/arandr/package.nix @@ -1,6 +1,7 @@ { lib, fetchurl, + fetchFromGitLab, python3Packages, gobject-introspection, gsettings-desktop-schemas, @@ -16,11 +17,17 @@ buildPythonApplication rec { pname = "arandr"; version = "0.1.11"; - src = fetchurl { - url = "https://christian.amsuess.com/tools/arandr/files/${pname}-${version}.tar.gz"; - hash = "sha256-5Mu+Npi7gSs5V3CHAXS+AJS7rrOREFqBH5X0LrGCrgI="; + src = fetchFromGitLab { + owner = "arandr"; + repo = "arandr"; + tag = version; + hash = "sha256-nQtfOKAnWKsy2DmvtRGJa4+Y9uGgX41BeHpd9m4d9YA="; }; + # patch to set mtime=0 on setup.py + patches = [ ./gzip-timestamp-fix.patch ]; + patchFlags = [ "-p0" ]; + preBuild = '' rm -rf data/po/* ''; From 9d1061dcb3107a28869a494bab732e6c2048e984 Mon Sep 17 00:00:00 2001 From: Felix Singer Date: Tue, 1 Apr 2025 16:49:12 +0200 Subject: [PATCH 21/58] gerrit: 3.11.1 -> 3.11.2 Signed-off-by: Felix Singer --- pkgs/by-name/ge/gerrit/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/ge/gerrit/package.nix b/pkgs/by-name/ge/gerrit/package.nix index ed246f12ed44..f48a32f03216 100644 --- a/pkgs/by-name/ge/gerrit/package.nix +++ b/pkgs/by-name/ge/gerrit/package.nix @@ -7,11 +7,11 @@ stdenv.mkDerivation rec { pname = "gerrit"; - version = "3.11.1"; + version = "3.11.2"; src = fetchurl { url = "https://gerrit-releases.storage.googleapis.com/gerrit-${version}.war"; - hash = "sha256-7gJyvFOisukzd2Vmqci7CiJqegYQSYQZvnSvR+Y9HM4="; + hash = "sha256-F3kWGIA7RvbPMAs9U9tAmraHpxbkW/TQ6R9XXVBaLXs="; }; buildCommand = '' From 808927def5b38d4d39bb297be902f98ca63d41f0 Mon Sep 17 00:00:00 2001 From: Piotr Kwiecinski <2151333+piotrkwiecinski@users.noreply.github.com> Date: Wed, 2 Apr 2025 12:35:10 +0200 Subject: [PATCH 22/58] nixosTests.caddy: migrate to runTest Part of #386873 --- nixos/tests/all-tests.nix | 2 +- nixos/tests/caddy.nix | 270 +++++++++++++++++++------------------- 2 files changed, 135 insertions(+), 137 deletions(-) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 5a52c753c16a..e4cff571f75b 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -270,7 +270,7 @@ in buildbot = runTest ./buildbot.nix; buildkite-agents = handleTest ./buildkite-agents.nix { }; c2fmzq = handleTest ./c2fmzq.nix { }; - caddy = handleTest ./caddy.nix { }; + caddy = runTest ./caddy.nix; cadvisor = handleTestOn [ "x86_64-linux" ] ./cadvisor.nix { }; cage = handleTest ./cage.nix { }; cagebreak = handleTest ./cagebreak.nix { }; diff --git a/nixos/tests/caddy.nix b/nixos/tests/caddy.nix index 500c9d7d94d1..b7cf6ff10cc9 100644 --- a/nixos/tests/caddy.nix +++ b/nixos/tests/caddy.nix @@ -1,155 +1,153 @@ -import ./make-test-python.nix ( - { pkgs, ... }: - { - name = "caddy"; - meta = with pkgs.lib.maintainers; { - maintainers = [ - Br1ght0ne - stepbrobd - ]; - }; +{ pkgs, ... }: +{ + name = "caddy"; + meta = with pkgs.lib.maintainers; { + maintainers = [ + Br1ght0ne + stepbrobd + ]; + }; - nodes = { - webserver = - { pkgs, ... }: - { - services.caddy.enable = true; + nodes = { + webserver = + { pkgs, ... }: + { + services.caddy.enable = true; + services.caddy.extraConfig = '' + http://localhost { + encode gzip + + file_server + root * ${ + pkgs.runCommand "testdir" { } '' + mkdir "$out" + echo hello world > "$out/example.html" + '' + } + } + ''; + services.caddy.enableReload = true; + + specialisation.config-reload.configuration = { services.caddy.extraConfig = '' - http://localhost { - encode gzip - - file_server - root * ${ - pkgs.runCommand "testdir" { } '' - mkdir "$out" - echo hello world > "$out/example.html" - '' - } + http://localhost:8080 { } ''; - services.caddy.enableReload = true; - - specialisation.config-reload.configuration = { - services.caddy.extraConfig = '' - http://localhost:8080 { - } - ''; + }; + specialisation.multiple-configs.configuration = { + services.caddy.virtualHosts = { + "http://localhost:8080" = { }; + "http://localhost:8081" = { }; }; - specialisation.multiple-configs.configuration = { - services.caddy.virtualHosts = { - "http://localhost:8080" = { }; - "http://localhost:8081" = { }; - }; + }; + specialisation.multiple-hostnames.configuration = { + services.caddy.virtualHosts = { + "http://localhost:8080 http://localhost:8081" = { }; }; - specialisation.multiple-hostnames.configuration = { - services.caddy.virtualHosts = { - "http://localhost:8080 http://localhost:8081" = { }; - }; - }; - specialisation.rfc42.configuration = { - services.caddy.settings = { - apps.http.servers.default = { - listen = [ ":80" ]; - routes = [ - { - handle = [ - { - body = "hello world"; - handler = "static_response"; - status_code = 200; - } - ]; - } - ]; - }; - }; - }; - specialisation.explicit-config-file.configuration = { - services.caddy.configFile = pkgs.writeText "Caddyfile" '' - localhost:80 - - respond "hello world" - ''; - }; - specialisation.with-plugins.configuration = { - services.caddy = { - package = pkgs.caddy.withPlugins { - plugins = [ "github.com/caddyserver/replace-response@v0.0.0-20241211194404-3865845790a7" ]; - hash = "sha256-WPmJPnyOrAnuJxvn3ywswqvLGV8SZzzn3gU1Tbtpao4="; - }; - configFile = pkgs.writeText "Caddyfile" '' + }; + specialisation.rfc42.configuration = { + services.caddy.settings = { + apps.http.servers.default = { + listen = [ ":80" ]; + routes = [ { - order replace after encode + handle = [ + { + body = "hello world"; + handler = "static_response"; + status_code = 200; + } + ]; } - - localhost:80 { - respond "hello world" - replace world caddy - } - ''; + ]; }; }; }; - }; + specialisation.explicit-config-file.configuration = { + services.caddy.configFile = pkgs.writeText "Caddyfile" '' + localhost:80 - testScript = - { nodes, ... }: - let - explicitConfigFile = "${nodes.webserver.system.build.toplevel}/specialisation/explicit-config-file"; - justReloadSystem = "${nodes.webserver.system.build.toplevel}/specialisation/config-reload"; - multipleConfigs = "${nodes.webserver.system.build.toplevel}/specialisation/multiple-configs"; - multipleHostnames = "${nodes.webserver.system.build.toplevel}/specialisation/multiple-hostnames"; - rfc42Config = "${nodes.webserver.system.build.toplevel}/specialisation/rfc42"; - withPluginsConfig = "${nodes.webserver.system.build.toplevel}/specialisation/with-plugins"; - in - '' - url = "http://localhost/example.html" - webserver.wait_for_unit("caddy") - webserver.wait_for_open_port(80) + respond "hello world" + ''; + }; + specialisation.with-plugins.configuration = { + services.caddy = { + package = pkgs.caddy.withPlugins { + plugins = [ "github.com/caddyserver/replace-response@v0.0.0-20241211194404-3865845790a7" ]; + hash = "sha256-WPmJPnyOrAnuJxvn3ywswqvLGV8SZzzn3gU1Tbtpao4="; + }; + configFile = pkgs.writeText "Caddyfile" '' + { + order replace after encode + } + + localhost:80 { + respond "hello world" + replace world caddy + } + ''; + }; + }; + }; + }; + + testScript = + { nodes, ... }: + let + explicitConfigFile = "${nodes.webserver.system.build.toplevel}/specialisation/explicit-config-file"; + justReloadSystem = "${nodes.webserver.system.build.toplevel}/specialisation/config-reload"; + multipleConfigs = "${nodes.webserver.system.build.toplevel}/specialisation/multiple-configs"; + multipleHostnames = "${nodes.webserver.system.build.toplevel}/specialisation/multiple-hostnames"; + rfc42Config = "${nodes.webserver.system.build.toplevel}/specialisation/rfc42"; + withPluginsConfig = "${nodes.webserver.system.build.toplevel}/specialisation/with-plugins"; + in + '' + url = "http://localhost/example.html" + webserver.wait_for_unit("caddy") + webserver.wait_for_open_port(80) - with subtest("config is reloaded on nixos-rebuild switch"): - webserver.succeed( - "${justReloadSystem}/bin/switch-to-configuration test >&2" - ) - webserver.wait_for_open_port(8080) - webserver.fail("journalctl -u caddy | grep -q -i stopped") - webserver.succeed("journalctl -u caddy | grep -q -i reloaded") + with subtest("config is reloaded on nixos-rebuild switch"): + webserver.succeed( + "${justReloadSystem}/bin/switch-to-configuration test >&2" + ) + webserver.wait_for_open_port(8080) + webserver.fail("journalctl -u caddy | grep -q -i stopped") + webserver.succeed("journalctl -u caddy | grep -q -i reloaded") - with subtest("multiple configs are correctly merged"): - webserver.succeed( - "${multipleConfigs}/bin/switch-to-configuration test >&2" - ) - webserver.wait_for_open_port(8080) - webserver.wait_for_open_port(8081) + with subtest("multiple configs are correctly merged"): + webserver.succeed( + "${multipleConfigs}/bin/switch-to-configuration test >&2" + ) + webserver.wait_for_open_port(8080) + webserver.wait_for_open_port(8081) - with subtest("a virtual host with multiple hostnames works"): - webserver.succeed( - "${multipleHostnames}/bin/switch-to-configuration test >&2" - ) - webserver.wait_for_open_port(8080) - webserver.wait_for_open_port(8081) + with subtest("a virtual host with multiple hostnames works"): + webserver.succeed( + "${multipleHostnames}/bin/switch-to-configuration test >&2" + ) + webserver.wait_for_open_port(8080) + webserver.wait_for_open_port(8081) - with subtest("rfc42 settings config"): - webserver.succeed( - "${rfc42Config}/bin/switch-to-configuration test >&2" - ) - webserver.wait_for_open_port(80) - webserver.succeed("curl http://localhost | grep hello") + with subtest("rfc42 settings config"): + webserver.succeed( + "${rfc42Config}/bin/switch-to-configuration test >&2" + ) + webserver.wait_for_open_port(80) + webserver.succeed("curl http://localhost | grep hello") - with subtest("explicit configFile"): - webserver.succeed( - "${explicitConfigFile}/bin/switch-to-configuration test >&2" - ) - webserver.wait_for_open_port(80) - webserver.succeed("curl http://localhost | grep hello") + with subtest("explicit configFile"): + webserver.succeed( + "${explicitConfigFile}/bin/switch-to-configuration test >&2" + ) + webserver.wait_for_open_port(80) + webserver.succeed("curl http://localhost | grep hello") - with subtest("plugins are correctled installed and configurable"): - webserver.succeed( - "${withPluginsConfig}/bin/switch-to-configuration test >&2" - ) - webserver.wait_for_open_port(80) - webserver.succeed("curl http://localhost | grep caddy") - ''; - } -) + with subtest("plugins are correctled installed and configurable"): + webserver.succeed( + "${withPluginsConfig}/bin/switch-to-configuration test >&2" + ) + webserver.wait_for_open_port(80) + webserver.succeed("curl http://localhost | grep caddy") + ''; +} From 42ae036a0cc1f0ac1036a29b6f1d257d36e7bcb0 Mon Sep 17 00:00:00 2001 From: Casey Link Date: Wed, 2 Apr 2025 12:55:25 +0200 Subject: [PATCH 23/58] tailwindcss_4: 4.1.0 -> 4.1.1 --- pkgs/by-name/ta/tailwindcss_4/package.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/by-name/ta/tailwindcss_4/package.nix b/pkgs/by-name/ta/tailwindcss_4/package.nix index f97d9153b874..d59c7182488a 100644 --- a/pkgs/by-name/ta/tailwindcss_4/package.nix +++ b/pkgs/by-name/ta/tailwindcss_4/package.nix @@ -7,7 +7,7 @@ makeWrapper, }: let - version = "4.1.0"; + version = "4.1.1"; inherit (stdenv.hostPlatform) system; throwSystem = throw "tailwindcss has not been packaged for ${system} yet."; @@ -22,10 +22,10 @@ let hash = { - aarch64-darwin = "sha256-g9Gj/LN4tEJRrNjAjtfhX+5l35PoL0O/aydCP1vSuTs="; - aarch64-linux = "sha256-85HVxqx9GPqfa6CgSBi42sW9LbmqKrKqjHyENjrb4HM="; - x86_64-darwin = "sha256-i4jtB/5K3jp7ujcj2Yk2JntEDnC1hHWohgvWxuV29OA="; - x86_64-linux = "sha256-hTek5N0YFtYAzMF/XrGolxxuDwvOanABe/8p5385RNk="; + aarch64-darwin = "sha256-moydWSkhoHmxd+4zeWwgneUNHOlJ9yqPXlGHhCQmYXA="; + aarch64-linux = "sha256-zTW+fGIkpwWRYMRJjZRJmO4YI5J6gOXOKUfq9KtGxKI="; + x86_64-darwin = "sha256-JPnnUj30uQVvj+dnq7+fG4Trt7ArLVPsP4G1RVUeZAA="; + x86_64-linux = "sha256-jIW4NmIW7dk3iTS0JY5V7PF9LfnWIVEDcYOUP0nWp1Y="; } .${system} or throwSystem; in From fe333224037b37adb2ce9340ae63ef695893ffe6 Mon Sep 17 00:00:00 2001 From: Casey Link Date: Wed, 2 Apr 2025 12:57:50 +0200 Subject: [PATCH 24/58] claude-code: 0.2.57 -> 0.2.59 --- pkgs/by-name/cl/claude-code/package-lock.json | 8 ++++---- pkgs/by-name/cl/claude-code/package.nix | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pkgs/by-name/cl/claude-code/package-lock.json b/pkgs/by-name/cl/claude-code/package-lock.json index f50e16fa50f3..9e1f0bc44794 100644 --- a/pkgs/by-name/cl/claude-code/package-lock.json +++ b/pkgs/by-name/cl/claude-code/package-lock.json @@ -5,13 +5,13 @@ "packages": { "": { "dependencies": { - "@anthropic-ai/claude-code": "^0.2.57" + "@anthropic-ai/claude-code": "^0.2.59" } }, "node_modules/@anthropic-ai/claude-code": { - "version": "0.2.57", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-0.2.57.tgz", - "integrity": "sha512-/NS22ojBphLj0zhEWV26WIcLS1JcMT809tmkiwHrb1D9fGJccbbfkLyMI7eg7TAmgnXUINWxlwmMIExdOsRXfQ==", + "version": "0.2.59", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-0.2.59.tgz", + "integrity": "sha512-hcUHEiPUmkgU00J4/1dlLgWvf5ZkWOjMpUrXhMq2o143LOElKuTGxPGt2RtmFHKk6DesFZcV/gabZYkcTqraBw==", "hasInstallScript": true, "license": "SEE LICENSE IN README.md", "bin": { diff --git a/pkgs/by-name/cl/claude-code/package.nix b/pkgs/by-name/cl/claude-code/package.nix index 1ae336d6c5cc..f213dbb17bd8 100644 --- a/pkgs/by-name/cl/claude-code/package.nix +++ b/pkgs/by-name/cl/claude-code/package.nix @@ -6,14 +6,14 @@ buildNpmPackage rec { pname = "claude-code"; - version = "0.2.57"; + version = "0.2.59"; src = fetchzip { url = "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-${version}.tgz"; - hash = "sha256-GCsw/QNcziytx15zwSQMY9JkKHnJb2KN2nwvkc7scy8="; + hash = "sha256-XHHWmDw9qBM4fQ975wSk12hJnr4+1H4AhlNc+IBV3qs="; }; - npmDepsHash = "sha256-GcYiQLcqWCAHL7FkD7M0YQV9ksgn8fo2Sb68x5/dA8k="; + npmDepsHash = "sha256-KorQlEB90EDE+NIxyUh1apqCDzgrCpwcaOy2mt2mz1s="; postPatch = '' cp ${./package-lock.json} package-lock.json From 045fbc389f8cd075a0f26840f3f68f79b857a285 Mon Sep 17 00:00:00 2001 From: Mikael Voss Date: Wed, 19 Mar 2025 18:00:44 +0100 Subject: [PATCH 25/58] nixos/tmpfiles: properly escape argument option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The systemd.tmpfiles.settings....argument option may contain arbitrary strings. This could allow intentional or unintentional introduction of new configuration lines. The argument field cannot be quoted, C‐style \xNN escape sequences are however permitted. By escaping whitespace and newline characters, the issue can be mitigated. --- .../modules/system/boot/systemd/tmpfiles.nix | 30 +++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/nixos/modules/system/boot/systemd/tmpfiles.nix b/nixos/modules/system/boot/systemd/tmpfiles.nix index b35fe9573fc9..d5541be0e966 100644 --- a/nixos/modules/system/boot/systemd/tmpfiles.nix +++ b/nixos/modules/system/boot/systemd/tmpfiles.nix @@ -18,6 +18,14 @@ let inherit elemType placeholder; }; + escapeArgument = lib.strings.escapeC [ + "\t" + "\n" + "\r" + " " + "\\" + ]; + settingsOption = { description = '' Declare systemd-tmpfiles rules to create, delete, and clean up volatile @@ -126,7 +134,7 @@ let # generates a single entry for a tmpfiles.d rule settingsEntryToRule = path: entry: '' - '${entry.type}' '${path}' '${entry.mode}' '${entry.user}' '${entry.group}' '${entry.age}' ${entry.argument} + '${entry.type}' '${path}' '${entry.mode}' '${entry.user}' '${entry.group}' '${entry.age}' ${escapeArgument entry.argument} ''; # generates a list of tmpfiles.d rules from the attrs (paths) under tmpfiles.settings. @@ -199,7 +207,25 @@ in "boot.initrd.systemd.storePaths will lead to errors in the future." "Found these problematic files: ${lib.concatStringsSep ", " paths}" ] - ); + ) + ++ (lib.flatten ( + lib.mapAttrsToList ( + name: paths: + lib.mapAttrsToList ( + path: entries: + lib.mapAttrsToList ( + type': entry: + lib.optional (lib.match ''.*\\([nrt]|x[0-9A-Fa-f]{2}).*'' entry.argument != null) ( + lib.concatStringsSep " " [ + "The argument option of ${name}.${type'}.${path} appears to" + "contain escape sequences, which will be escaped again." + "Unescape them if this is not intended: \"${entry.argument}\"" + ] + ) + ) entries + ) paths + ) cfg.settings + )); systemd.additionalUpstreamSystemUnits = [ "systemd-tmpfiles-clean.service" From 19909df1688b64e7e7f7f12dcbaa9723f7ea2c7c Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 2 Apr 2025 11:33:09 +0000 Subject: [PATCH 26/58] balena-cli: 21.1.0 -> 21.1.3 --- pkgs/by-name/ba/balena-cli/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/ba/balena-cli/package.nix b/pkgs/by-name/ba/balena-cli/package.nix index 191780802441..2672e0fb03db 100644 --- a/pkgs/by-name/ba/balena-cli/package.nix +++ b/pkgs/by-name/ba/balena-cli/package.nix @@ -22,16 +22,16 @@ let in buildNpmPackage' rec { pname = "balena-cli"; - version = "21.1.0"; + version = "21.1.3"; src = fetchFromGitHub { owner = "balena-io"; repo = "balena-cli"; rev = "v${version}"; - hash = "sha256-STixd/xJikV9qt2aG3smyLPEwG7fLYrN3jfVTwBxJrI="; + hash = "sha256-44r0dbcX/KRmfucNy4p/OMrKFC2J8P9eQpwTOTOmwS4="; }; - npmDepsHash = "sha256-dyUWQoR0EweHdNc5NN+qW2OdbCIspTQ1C/QsesnlvRU="; + npmDepsHash = "sha256-wEshPXXpFVOYzaqh6c5z47OccBEWMP5aarZP42PYgzk="; postPatch = '' ln -s npm-shrinkwrap.json package-lock.json From 387a5561fb13118317b938cd9f4af024ab415975 Mon Sep 17 00:00:00 2001 From: Mikael Voss Date: Sun, 13 Oct 2024 14:39:46 +0200 Subject: [PATCH 27/58] lib/systems/architectures: Define generic ARM64 inferiors --- lib/systems/architectures.nix | 35 ++++++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/lib/systems/architectures.nix b/lib/systems/architectures.nix index e4f67e3d8e9f..47576cf1da95 100644 --- a/lib/systems/architectures.nix +++ b/lib/systems/architectures.nix @@ -426,11 +426,44 @@ rec { ); znver5 = [ "znver4" ] ++ inferiors.znver4; + # ARM64 (AArch64) + armv8-a = [ ]; + "armv8.1-a" = [ "armv8-a" ]; + "armv8.2-a" = [ "armv8.1-a" ] ++ inferiors."armv8.1-a"; + "armv8.3-a" = [ "armv8.2-a" ] ++ inferiors."armv8.2-a"; + "armv8.4-a" = [ "armv8.3-a" ] ++ inferiors."armv8.3-a"; + "armv8.5-a" = [ "armv8.4-a" ] ++ inferiors."armv8.4-a"; + "armv8.6-a" = [ "armv8.5-a" ] ++ inferiors."armv8.5-a"; + "armv8.7-a" = [ "armv8.6-a" ] ++ inferiors."armv8.6-a"; + "armv8.8-a" = [ "armv8.7-a" ] ++ inferiors."armv8.7-a"; + "armv8.9-a" = [ "armv8.8-a" ] ++ inferiors."armv8.8-a"; + armv9-a = [ "armv8.5-a" ] ++ inferiors."armv8.5-a"; + "armv9.1-a" = [ + "armv9-a" + "armv8.6-a" + ] ++ inferiors."armv8.6-a"; + "armv9.2-a" = lib.unique ( + [ + "armv9.1-a" + "armv8.7-a" + ] + ++ inferiors."armv9.1-a" + ++ inferiors."armv8.7-a" + ); + "armv9.3-a" = lib.unique ( + [ + "armv9.2-a" + "armv8.8-a" + ] + ++ inferiors."armv9.2-a" + ++ inferiors."armv8.8-a" + ); + "armv9.4-a" = [ "armv9.3-a" ] ++ inferiors."armv9.3-a"; + # other armv5te = [ ]; armv6 = [ ]; armv7-a = [ ]; - armv8-a = [ ]; mips32 = [ ]; loongson2f = [ ]; }; From e693be89e712390a4f8161ca93976fef39602615 Mon Sep 17 00:00:00 2001 From: Mikael Voss Date: Sun, 13 Oct 2024 15:15:00 +0200 Subject: [PATCH 28/58] lib/systems/architectures: Define inferiors for common ARM64 CPUs --- lib/systems/architectures.nix | 269 +++++++++++++++++++--------------- 1 file changed, 148 insertions(+), 121 deletions(-) diff --git a/lib/systems/architectures.nix b/lib/systems/architectures.nix index 47576cf1da95..87cec7ec89e0 100644 --- a/lib/systems/architectures.nix +++ b/lib/systems/architectures.nix @@ -339,134 +339,161 @@ rec { }; # a superior CPU has all the features of an inferior and is able to build and test code for it - inferiors = { - # x86_64 Generic - default = [ ]; - x86-64 = [ ]; - x86-64-v2 = [ "x86-64" ]; - x86-64-v3 = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; - x86-64-v4 = [ "x86-64-v3" ] ++ inferiors.x86-64-v3; + inferiors = + let + withInferiors = archs: lib.unique (archs ++ lib.flatten (lib.attrVals archs inferiors)); + in + { + # x86_64 Generic + default = [ ]; + x86-64 = [ ]; + x86-64-v2 = [ "x86-64" ]; + x86-64-v3 = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; + x86-64-v4 = [ "x86-64-v3" ] ++ inferiors.x86-64-v3; - # x86_64 Intel - # https://gcc.gnu.org/onlinedocs/gcc/x86-Options.html - nehalem = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; - westmere = [ "nehalem" ] ++ inferiors.nehalem; - sandybridge = [ "westmere" ] ++ inferiors.westmere; - ivybridge = [ "sandybridge" ] ++ inferiors.sandybridge; + # x86_64 Intel + # https://gcc.gnu.org/onlinedocs/gcc/x86-Options.html + nehalem = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; + westmere = [ "nehalem" ] ++ inferiors.nehalem; + sandybridge = [ "westmere" ] ++ inferiors.westmere; + ivybridge = [ "sandybridge" ] ++ inferiors.sandybridge; - haswell = lib.unique ( - [ - "ivybridge" - "x86-64-v3" - ] - ++ inferiors.ivybridge - ++ inferiors.x86-64-v3 - ); - broadwell = [ "haswell" ] ++ inferiors.haswell; - skylake = [ "broadwell" ] ++ inferiors.broadwell; + haswell = lib.unique ( + [ + "ivybridge" + "x86-64-v3" + ] + ++ inferiors.ivybridge + ++ inferiors.x86-64-v3 + ); + broadwell = [ "haswell" ] ++ inferiors.haswell; + skylake = [ "broadwell" ] ++ inferiors.broadwell; - skylake-avx512 = lib.unique ( - [ - "skylake" - "x86-64-v4" - ] - ++ inferiors.skylake - ++ inferiors.x86-64-v4 - ); - cannonlake = [ "skylake-avx512" ] ++ inferiors.skylake-avx512; - icelake-client = [ "cannonlake" ] ++ inferiors.cannonlake; - icelake-server = [ "icelake-client" ] ++ inferiors.icelake-client; - cascadelake = [ "cannonlake" ] ++ inferiors.cannonlake; - cooperlake = [ "cascadelake" ] ++ inferiors.cascadelake; - tigerlake = [ "icelake-server" ] ++ inferiors.icelake-server; - sapphirerapids = [ "tigerlake" ] ++ inferiors.tigerlake; - emeraldrapids = [ "sapphirerapids" ] ++ inferiors.sapphirerapids; + skylake-avx512 = lib.unique ( + [ + "skylake" + "x86-64-v4" + ] + ++ inferiors.skylake + ++ inferiors.x86-64-v4 + ); + cannonlake = [ "skylake-avx512" ] ++ inferiors.skylake-avx512; + icelake-client = [ "cannonlake" ] ++ inferiors.cannonlake; + icelake-server = [ "icelake-client" ] ++ inferiors.icelake-client; + cascadelake = [ "cannonlake" ] ++ inferiors.cannonlake; + cooperlake = [ "cascadelake" ] ++ inferiors.cascadelake; + tigerlake = [ "icelake-server" ] ++ inferiors.icelake-server; + sapphirerapids = [ "tigerlake" ] ++ inferiors.tigerlake; + emeraldrapids = [ "sapphirerapids" ] ++ inferiors.sapphirerapids; - # CX16 does not exist on alderlake, while it does on nearly all other intel CPUs - alderlake = [ ]; - sierraforest = [ "alderlake" ] ++ inferiors.alderlake; + # CX16 does not exist on alderlake, while it does on nearly all other intel CPUs + alderlake = [ ]; + sierraforest = [ "alderlake" ] ++ inferiors.alderlake; - # x86_64 AMD - # TODO: fill this (need testing) - btver1 = [ ]; - btver2 = [ ]; - bdver1 = [ ]; - bdver2 = [ ]; - bdver3 = [ ]; - bdver4 = [ ]; - # Regarding `skylake` as inferior of `znver1`, there are reports of - # successful usage by Gentoo users and Phoronix benchmarking of different - # `-march` targets. - # - # The GCC documentation on extensions used and wikichip documentation - # regarding supperted extensions on znver1 and skylake was used to create - # this partial order. - # - # Note: - # - # - The successors of `skylake` (`cannonlake`, `icelake`, etc) use `avx512` - # which no current AMD Zen michroarch support. - # - `znver1` uses `ABM`, `CLZERO`, `CX16`, `MWAITX`, and `SSE4A` which no - # current Intel microarch support. - # - # https://www.phoronix.com/scan.php?page=article&item=amd-znver3-gcc11&num=1 - # https://gcc.gnu.org/onlinedocs/gcc/x86-Options.html - # https://en.wikichip.org/wiki/amd/microarchitectures/zen - # https://en.wikichip.org/wiki/intel/microarchitectures/skylake - znver1 = [ "skylake" ] ++ inferiors.skylake; # Includes haswell and x86-64-v3 - znver2 = [ "znver1" ] ++ inferiors.znver1; - znver3 = [ "znver2" ] ++ inferiors.znver2; - znver4 = lib.unique ( - [ - "znver3" - "x86-64-v4" - ] - ++ inferiors.znver3 - ++ inferiors.x86-64-v4 - ); - znver5 = [ "znver4" ] ++ inferiors.znver4; + # x86_64 AMD + # TODO: fill this (need testing) + btver1 = [ ]; + btver2 = [ ]; + bdver1 = [ ]; + bdver2 = [ ]; + bdver3 = [ ]; + bdver4 = [ ]; + # Regarding `skylake` as inferior of `znver1`, there are reports of + # successful usage by Gentoo users and Phoronix benchmarking of different + # `-march` targets. + # + # The GCC documentation on extensions used and wikichip documentation + # regarding supperted extensions on znver1 and skylake was used to create + # this partial order. + # + # Note: + # + # - The successors of `skylake` (`cannonlake`, `icelake`, etc) use `avx512` + # which no current AMD Zen michroarch support. + # - `znver1` uses `ABM`, `CLZERO`, `CX16`, `MWAITX`, and `SSE4A` which no + # current Intel microarch support. + # + # https://www.phoronix.com/scan.php?page=article&item=amd-znver3-gcc11&num=1 + # https://gcc.gnu.org/onlinedocs/gcc/x86-Options.html + # https://en.wikichip.org/wiki/amd/microarchitectures/zen + # https://en.wikichip.org/wiki/intel/microarchitectures/skylake + znver1 = [ "skylake" ] ++ inferiors.skylake; # Includes haswell and x86-64-v3 + znver2 = [ "znver1" ] ++ inferiors.znver1; + znver3 = [ "znver2" ] ++ inferiors.znver2; + znver4 = lib.unique ( + [ + "znver3" + "x86-64-v4" + ] + ++ inferiors.znver3 + ++ inferiors.x86-64-v4 + ); + znver5 = [ "znver4" ] ++ inferiors.znver4; - # ARM64 (AArch64) - armv8-a = [ ]; - "armv8.1-a" = [ "armv8-a" ]; - "armv8.2-a" = [ "armv8.1-a" ] ++ inferiors."armv8.1-a"; - "armv8.3-a" = [ "armv8.2-a" ] ++ inferiors."armv8.2-a"; - "armv8.4-a" = [ "armv8.3-a" ] ++ inferiors."armv8.3-a"; - "armv8.5-a" = [ "armv8.4-a" ] ++ inferiors."armv8.4-a"; - "armv8.6-a" = [ "armv8.5-a" ] ++ inferiors."armv8.5-a"; - "armv8.7-a" = [ "armv8.6-a" ] ++ inferiors."armv8.6-a"; - "armv8.8-a" = [ "armv8.7-a" ] ++ inferiors."armv8.7-a"; - "armv8.9-a" = [ "armv8.8-a" ] ++ inferiors."armv8.8-a"; - armv9-a = [ "armv8.5-a" ] ++ inferiors."armv8.5-a"; - "armv9.1-a" = [ - "armv9-a" - "armv8.6-a" - ] ++ inferiors."armv8.6-a"; - "armv9.2-a" = lib.unique ( - [ - "armv9.1-a" - "armv8.7-a" - ] - ++ inferiors."armv9.1-a" - ++ inferiors."armv8.7-a" - ); - "armv9.3-a" = lib.unique ( - [ - "armv9.2-a" - "armv8.8-a" - ] - ++ inferiors."armv9.2-a" - ++ inferiors."armv8.8-a" - ); - "armv9.4-a" = [ "armv9.3-a" ] ++ inferiors."armv9.3-a"; + # ARM64 (AArch64) + armv8-a = [ ]; + "armv8.1-a" = [ "armv8-a" ]; + "armv8.2-a" = [ "armv8.1-a" ] ++ inferiors."armv8.1-a"; + "armv8.3-a" = [ "armv8.2-a" ] ++ inferiors."armv8.2-a"; + "armv8.4-a" = [ "armv8.3-a" ] ++ inferiors."armv8.3-a"; + "armv8.5-a" = [ "armv8.4-a" ] ++ inferiors."armv8.4-a"; + "armv8.6-a" = [ "armv8.5-a" ] ++ inferiors."armv8.5-a"; + "armv8.7-a" = [ "armv8.6-a" ] ++ inferiors."armv8.6-a"; + "armv8.8-a" = [ "armv8.7-a" ] ++ inferiors."armv8.7-a"; + "armv8.9-a" = [ "armv8.8-a" ] ++ inferiors."armv8.8-a"; + armv9-a = [ "armv8.5-a" ] ++ inferiors."armv8.5-a"; + "armv9.1-a" = [ + "armv9-a" + "armv8.6-a" + ] ++ inferiors."armv8.6-a"; + "armv9.2-a" = lib.unique ( + [ + "armv9.1-a" + "armv8.7-a" + ] + ++ inferiors."armv9.1-a" + ++ inferiors."armv8.7-a" + ); + "armv9.3-a" = lib.unique ( + [ + "armv9.2-a" + "armv8.8-a" + ] + ++ inferiors."armv9.2-a" + ++ inferiors."armv8.8-a" + ); + "armv9.4-a" = [ "armv9.3-a" ] ++ inferiors."armv9.3-a"; - # other - armv5te = [ ]; - armv6 = [ ]; - armv7-a = [ ]; - mips32 = [ ]; - loongson2f = [ ]; - }; + # ARM + cortex-a53 = [ "armv8-a" ]; + cortex-a72 = [ "armv8-a" ]; + cortex-a55 = [ + "armv8.2-a" + "cortex-a53" + "cortex-a72" + ] ++ inferiors."armv8.2-a"; + cortex-a76 = [ + "armv8.2-a" + "cortex-a53" + "cortex-a72" + ] ++ inferiors."armv8.2-a"; + + # Ampere + ampere1 = withInferiors [ + "armv8.6-a" + "cortex-a55" + "cortex-a76" + ]; + ampere1a = [ "ampere1" ] ++ inferiors.ampere1; + ampere1b = [ "ampere1a" ] ++ inferiors.ampere1a; + + # other + armv5te = [ ]; + armv6 = [ ]; + armv7-a = [ ]; + mips32 = [ ]; + loongson2f = [ ]; + }; predicates = let From 35d5f08ad7870ba30c418cfddbb1b5713e6fe459 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 2 Apr 2025 12:30:32 +0000 Subject: [PATCH 29/58] python312Packages.types-pytz: 2025.1.0.20250318 -> 2025.2.0.20250326 --- pkgs/development/python-modules/types-pytz/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/types-pytz/default.nix b/pkgs/development/python-modules/types-pytz/default.nix index eba78ae955fa..e6771acefb51 100644 --- a/pkgs/development/python-modules/types-pytz/default.nix +++ b/pkgs/development/python-modules/types-pytz/default.nix @@ -7,13 +7,13 @@ buildPythonPackage rec { pname = "types-pytz"; - version = "2025.1.0.20250318"; + version = "2025.2.0.20250326"; pyproject = true; src = fetchPypi { pname = "types_pytz"; inherit version; - hash = "sha256-l+DjUYTG/hTjpQFFEgV/LFe7DGWC1jwc/MSAn4IYBEk="; + hash = "sha256-3toC3iT1JwZvyNahnihKs/OucWpCtK22tA515AjAjTY="; }; build-system = [ setuptools ]; From f960e38cf50c84af8653d15439423e9498f9bc10 Mon Sep 17 00:00:00 2001 From: Gaetan Lepage Date: Wed, 2 Apr 2025 14:25:25 +0200 Subject: [PATCH 30/58] cpplint: 2.0.0 -> 2.0.1 Diff: https://github.com/cpplint/cpplint/compare/refs/tags/2.0.0...2.0.1 Changelog: https://github.com/cpplint/cpplint/releases/tag/2.0.1 --- pkgs/by-name/cp/cpplint/package.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/pkgs/by-name/cp/cpplint/package.nix b/pkgs/by-name/cp/cpplint/package.nix index a46c032ec6df..de9cff77feab 100644 --- a/pkgs/by-name/cp/cpplint/package.nix +++ b/pkgs/by-name/cp/cpplint/package.nix @@ -7,20 +7,20 @@ python3Packages.buildPythonApplication rec { pname = "cpplint"; - version = "2.0.0"; + version = "2.0.1"; pyproject = true; src = fetchFromGitHub { owner = "cpplint"; repo = "cpplint"; tag = version; - hash = "sha256-076363ZwcriPb+Fn9S5jay8oL+LlBTNh+IqQRCAndRo="; + hash = "sha256-IM1XznnpdL1Piei9kKR1nCwfs7TVgLcTgMI4r+cQXLg="; }; + # We use pytest-cov-stub instead postPatch = '' - substituteInPlace setup.cfg \ - --replace-fail "pytest-cov" "" \ - --replace-fail "--cov-fail-under=90 --cov=cpplint" "" + substituteInPlace pyproject.toml \ + --replace-fail '"pytest-cov",' "" ''; build-system = with python3Packages; [ @@ -29,12 +29,13 @@ python3Packages.buildPythonApplication rec { nativeCheckInputs = with python3Packages; [ parameterized - pytestCheckHook + pytest-cov-stub pytest-timeout + pytestCheckHook testfixtures versionCheckHook ]; - versionCheckProgramArg = [ "--version" ]; + versionCheckProgramArg = "--version"; meta = { homepage = "https://github.com/cpplint/cpplint"; From 998f1652fb844bb19e7757e7492d69f6adcf4dfd Mon Sep 17 00:00:00 2001 From: Mikael Voss Date: Sun, 13 Oct 2024 12:05:45 +0200 Subject: [PATCH 31/58] lib/system/architectures: Correct Alder Lake inferiors --- lib/systems/architectures.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/systems/architectures.nix b/lib/systems/architectures.nix index 87cec7ec89e0..119b99df1bed 100644 --- a/lib/systems/architectures.nix +++ b/lib/systems/architectures.nix @@ -386,8 +386,7 @@ rec { sapphirerapids = [ "tigerlake" ] ++ inferiors.tigerlake; emeraldrapids = [ "sapphirerapids" ] ++ inferiors.sapphirerapids; - # CX16 does not exist on alderlake, while it does on nearly all other intel CPUs - alderlake = [ ]; + alderlake = [ "skylake" ] ++ inferiors.skylake; sierraforest = [ "alderlake" ] ++ inferiors.alderlake; # x86_64 AMD From 77b4dedbfc5f9e524c35d762ea052955696b18cc Mon Sep 17 00:00:00 2001 From: Mikael Voss Date: Sun, 13 Oct 2024 12:47:14 +0200 Subject: [PATCH 32/58] lib/systems/architecures: Add generic inferiors for x86-64 AMD --- lib/systems/architectures.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/systems/architectures.nix b/lib/systems/architectures.nix index 119b99df1bed..615e5f6af56f 100644 --- a/lib/systems/architectures.nix +++ b/lib/systems/architectures.nix @@ -390,13 +390,13 @@ rec { sierraforest = [ "alderlake" ] ++ inferiors.alderlake; # x86_64 AMD - # TODO: fill this (need testing) - btver1 = [ ]; - btver2 = [ ]; - bdver1 = [ ]; - bdver2 = [ ]; - bdver3 = [ ]; - bdver4 = [ ]; + # TODO: fill in specific CPU architecture inferiors + btver1 = [ "x86-64" ]; + btver2 = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; + bdver1 = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; + bdver2 = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; + bdver3 = [ "x86-64-v2" ] ++ inferiors.x86-64-v2; + bdver4 = [ "x86-64-v3" ] ++ inferiors.x86-64-v3; # Regarding `skylake` as inferior of `znver1`, there are reports of # successful usage by Gentoo users and Phoronix benchmarking of different # `-march` targets. From 7f105b127d1d0ad3fba4bd1eea3fcad18238542c Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 2 Apr 2025 12:43:22 +0000 Subject: [PATCH 33/58] vscode-extensions.visualjj.visualjj: 0.14.1 -> 0.14.2 --- .../vscode/extensions/visualjj.visualjj/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/applications/editors/vscode/extensions/visualjj.visualjj/default.nix b/pkgs/applications/editors/vscode/extensions/visualjj.visualjj/default.nix index 37adf28d916f..88221112cb7b 100644 --- a/pkgs/applications/editors/vscode/extensions/visualjj.visualjj/default.nix +++ b/pkgs/applications/editors/vscode/extensions/visualjj.visualjj/default.nix @@ -11,26 +11,26 @@ vscode-utils.buildVscodeMarketplaceExtension { sources = { "x86_64-linux" = { arch = "linux-x64"; - hash = "sha256-eeLALUmJoIJfLKbX7MWQFIexfid7eOPTK0UE1sgd5jA="; + hash = "sha256-s3peDZApzSfemXRqRjf5fYQGHVf1DAP7XG4NuOqiGcY="; }; "x86_64-darwin" = { arch = "darwin-x64"; - hash = "sha256-DftuIxJpP3zcfsoCam4FoqO2PSS/xPTmdefjhWAJqc0="; + hash = "sha256-WutwGOcXoREk6oUdFjhsKcrf64CG4GSn9JgGWiQe9l8="; }; "aarch64-linux" = { arch = "linux-arm64"; - hash = "sha256-TiZTp19fcDYPvJnx7F/i96JD8gcE+t1irZstnuagchQ="; + hash = "sha256-377T8cfY4jHX+iJjdDScMP+wX6UZCYLasl16ngwfq6U="; }; "aarch64-darwin" = { arch = "darwin-arm64"; - hash = "sha256-oXKAxgZ1IH+qiw9E/96J7rmvSHgLPwLZItLpFRjh7c0="; + hash = "sha256-fufJ9NV73skhwBFe2vCLjh5ykQagXfO0VAdHGPhfOQ4="; }; }; in { name = "visualjj"; publisher = "visualjj"; - version = "0.14.1"; + version = "0.14.2"; } // sources.${stdenvNoCC.hostPlatform.system} or (throw "Unsupported system ${stdenvNoCC.hostPlatform.system}"); From 464d1bd94a51aa2f2c52473238a0f0bd7851d68c Mon Sep 17 00:00:00 2001 From: Tristan Ross Date: Sun, 30 Mar 2025 21:37:21 -0700 Subject: [PATCH 34/58] llvmPackages_{12,13,14,15,16,17,18,19,20,git}.libclc: use final attrs instead of rec --- pkgs/development/compilers/llvm/common/libclc.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/development/compilers/llvm/common/libclc.nix b/pkgs/development/compilers/llvm/common/libclc.nix index f3828cd0b0ff..73fe3b728a72 100644 --- a/pkgs/development/compilers/llvm/common/libclc.nix +++ b/pkgs/development/compilers/llvm/common/libclc.nix @@ -26,11 +26,11 @@ let ln -s "${lib.getExe' buildLlvmTools.clang.cc "clang"}" "$out"/bin ''; in -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "libclc"; inherit version; - src = runCommand "${pname}-src-${version}" { inherit (monorepoSrc) passthru; } ( + src = runCommand "libclc-src-${version}" { inherit (monorepoSrc) passthru; } ( '' mkdir -p "$out" '' @@ -38,11 +38,11 @@ stdenv.mkDerivation rec { cp -r ${monorepoSrc}/cmake "$out" '' + '' - cp -r ${monorepoSrc}/${pname} "$out" + cp -r ${monorepoSrc}/libclc "$out" '' ); - sourceRoot = "${src.name}/${pname}"; + sourceRoot = "${finalAttrs.src.name}/libclc"; outputs = [ "out" @@ -114,4 +114,4 @@ stdenv.mkDerivation rec { license = licenses.mit; platforms = platforms.all; }; -} +}) From 3d9f74651d01b73e9c46d89bf17d5103e48ab307 Mon Sep 17 00:00:00 2001 From: Tristan Ross Date: Sun, 30 Mar 2025 21:38:45 -0700 Subject: [PATCH 35/58] llvmPackages_{12,13,14,15,16,17,18,19,20,git}.libclc: move into libclc directory --- pkgs/development/compilers/llvm/common/default.nix | 2 +- .../compilers/llvm/common/{libclc.nix => libclc/default.nix} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename pkgs/development/compilers/llvm/common/{libclc.nix => libclc/default.nix} (98%) diff --git a/pkgs/development/compilers/llvm/common/default.nix b/pkgs/development/compilers/llvm/common/default.nix index 225abc626e42..a61ad6b085ba 100644 --- a/pkgs/development/compilers/llvm/common/default.nix +++ b/pkgs/development/compilers/llvm/common/default.nix @@ -468,7 +468,7 @@ let } // lib.optionalAttrs (lib.versionAtLeast metadata.release_version "16") { mlir = callPackage ./mlir { }; - libclc = callPackage ./libclc.nix { }; + libclc = callPackage ./libclc { }; } // lib.optionalAttrs (lib.versionAtLeast metadata.release_version "19") { bolt = callPackage ./bolt { diff --git a/pkgs/development/compilers/llvm/common/libclc.nix b/pkgs/development/compilers/llvm/common/libclc/default.nix similarity index 98% rename from pkgs/development/compilers/llvm/common/libclc.nix rename to pkgs/development/compilers/llvm/common/libclc/default.nix index 73fe3b728a72..290f7487c797 100644 --- a/pkgs/development/compilers/llvm/common/libclc.nix +++ b/pkgs/development/compilers/llvm/common/libclc/default.nix @@ -50,7 +50,7 @@ stdenv.mkDerivation (finalAttrs: { ]; patches = - [ ./libclc/libclc-gnu-install-dirs.patch ] + [ ./libclc-gnu-install-dirs.patch ] # LLVM 19 changes how host tools are looked up. # Need to remove NO_DEFAULT_PATH and the PATHS arguments for find_program # so CMake can actually find the tools in nativeBuildInputs. From a4a51221708dcb22e818af3a3108228718336abc Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 2 Apr 2025 13:07:15 +0000 Subject: [PATCH 36/58] der-ascii: 0.5.0 -> 0.6.0 --- pkgs/by-name/de/der-ascii/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/de/der-ascii/package.nix b/pkgs/by-name/de/der-ascii/package.nix index ed786156a88d..90c4651363c9 100644 --- a/pkgs/by-name/de/der-ascii/package.nix +++ b/pkgs/by-name/de/der-ascii/package.nix @@ -6,13 +6,13 @@ buildGoModule rec { pname = "der-ascii"; - version = "0.5.0"; + version = "0.6.0"; src = fetchFromGitHub { owner = "google"; repo = pname; rev = "v${version}"; - sha256 = "sha256-yUHVPBUW1Csn3W5K9S2TWOq4aovzpaBK8BC0t8zkj3g="; + sha256 = "sha256-xGzxq5AHvzLUOp9VUcI9JMwrCpVIrpDvenWUOEBP6pA="; }; vendorHash = null; From 21981dd5dae818316886d4ec6b6d0a8639227fc2 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 2 Apr 2025 13:07:36 +0000 Subject: [PATCH 37/58] ttfb: 1.14.0 -> 1.15.0 --- pkgs/by-name/tt/ttfb/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/tt/ttfb/package.nix b/pkgs/by-name/tt/ttfb/package.nix index fbd89da0064c..61414492cff0 100644 --- a/pkgs/by-name/tt/ttfb/package.nix +++ b/pkgs/by-name/tt/ttfb/package.nix @@ -8,11 +8,11 @@ rustPlatform.buildRustPackage rec { pname = "ttfb"; - version = "1.14.0"; + version = "1.15.0"; src = fetchCrate { inherit pname version; - hash = "sha256-TElRWWPTwigyLikda7FdDh0tSC67XdPDg/Gu5aVQlAw="; + hash = "sha256-OOVqCWeF5cHMweEGWYIiWWWsw1QlNDFgnia05Qxo7uo="; }; buildInputs = lib.optionals stdenv.hostPlatform.isDarwin [ @@ -20,7 +20,7 @@ rustPlatform.buildRustPackage rec { ]; useFetchCargoVendor = true; - cargoHash = "sha256-NXwSqTshaC5hnyruSQFgFQRqRTmINMnMZsaisuudqvY="; + cargoHash = "sha256-4Nsg5/66enMgAfPrUQHuhOTTwG2OWyyvKMHIhPnlHko="; # The bin feature activates all dependencies of the binary. Otherwise, # only the library is build. From 84aa7f6a21f7e04adea80c5bf7ce6c3da5c46158 Mon Sep 17 00:00:00 2001 From: Mauricio Collares Date: Wed, 2 Apr 2025 10:08:20 -0300 Subject: [PATCH 38/58] sage: 10.6.rc1 -> 10.6 --- pkgs/by-name/sa/sage/sage-src.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/by-name/sa/sage/sage-src.nix b/pkgs/by-name/sa/sage/sage-src.nix index 4366dac58d19..5cab886dbc58 100644 --- a/pkgs/by-name/sa/sage/sage-src.nix +++ b/pkgs/by-name/sa/sage/sage-src.nix @@ -12,14 +12,14 @@ # all get the same sources with the same patches applied. stdenv.mkDerivation rec { - version = "10.6.rc1"; + version = "10.6"; pname = "sage-src"; src = fetchFromGitHub { owner = "sagemath"; repo = "sage"; rev = version; - hash = "sha256-fhCKe0mz3Rwz+HQJWkMj6/0gbvpVW1/ENCMNWkK5ngQ="; + hash = "sha256-ZDYFq2lJXjnADFdX6y7sskaF0rkT5EIcdN8/bs00TlQ="; }; # contains essential files (e.g., setup.cfg) generated by the bootstrap script. @@ -27,8 +27,8 @@ stdenv.mkDerivation rec { configure-src = fetchurl { # the hash below is the tagged commit's _parent_. it can also be found by looking for # the "configure" asset at https://github.com/sagemath/sage/releases/tag/${version} - url = "mirror://sageupstream/configure/configure-8dab37468c9feb4a5a1fcc22bbccc12321aaa475.tar.gz"; - hash = "sha256-WqaUbmqZ7qwrgp8hRjOO7vhTejE0tCiQeMhBcJLsqvI="; + url = "mirror://sageupstream/configure/configure-10741006a4794b7db82942db55b97033d5905431.tar.gz"; + hash = "sha256-7LqY+vwBlyukDfcRtuR99vpC3hcBo8WRUuJjiFFq9xk="; }; # Patches needed because of particularities of nix or the way this is packaged. From a3d845106efa21af90308b6024cced80fb142bc7 Mon Sep 17 00:00:00 2001 From: Gaetan Lepage Date: Wed, 2 Apr 2025 15:20:36 +0200 Subject: [PATCH 39/58] gitlint: move to by-name --- .../gitlint/default.nix => by-name/gi/gitlint/package.nix} | 0 pkgs/top-level/all-packages.nix | 2 -- 2 files changed, 2 deletions(-) rename pkgs/{applications/version-management/gitlint/default.nix => by-name/gi/gitlint/package.nix} (100%) diff --git a/pkgs/applications/version-management/gitlint/default.nix b/pkgs/by-name/gi/gitlint/package.nix similarity index 100% rename from pkgs/applications/version-management/gitlint/default.nix rename to pkgs/by-name/gi/gitlint/package.nix diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index b6f0798ba1e4..01cee5c744ab 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1385,8 +1385,6 @@ with pkgs; pythonPackages = python3Packages; }; - gitlint = python3Packages.callPackage ../applications/version-management/gitlint { }; - gitmux = callPackage ../applications/version-management/gitmux { }; gittyup = libsForQt5.callPackage ../applications/version-management/gittyup { }; From c0ae55310e0dc6b0b7d2a22838a45e63d232d632 Mon Sep 17 00:00:00 2001 From: Gaetan Lepage Date: Wed, 2 Apr 2025 15:22:54 +0200 Subject: [PATCH 40/58] gitlint: fix and cleanup --- pkgs/by-name/gi/gitlint/package.nix | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/pkgs/by-name/gi/gitlint/package.nix b/pkgs/by-name/gi/gitlint/package.nix index a23e4476d90e..a66dc6a866da 100644 --- a/pkgs/by-name/gi/gitlint/package.nix +++ b/pkgs/by-name/gi/gitlint/package.nix @@ -1,15 +1,16 @@ { lib, - buildPythonApplication, + python3Packages, fetchFromGitHub, gitMinimal, - python3, + versionCheckHook, + nix-update-script, }: -python3.pkgs.buildPythonApplication rec { +python3Packages.buildPythonApplication rec { pname = "gitlint"; version = "0.19.1"; - format = "pyproject"; + pyproject = true; src = fetchFromGitHub { owner = "jorisroovers"; @@ -22,32 +23,36 @@ python3.pkgs.buildPythonApplication rec { # simplify the dependency handling sourceRoot = "${src.name}/gitlint-core"; - nativeBuildInputs = with python3.pkgs; [ + build-system = with python3Packages; [ hatch-vcs hatchling ]; - propagatedBuildInputs = with python3.pkgs; [ + dependencies = with python3Packages; [ arrow click sh ]; - nativeCheckInputs = with python3.pkgs; [ + nativeCheckInputs = [ gitMinimal - pytestCheckHook + python3Packages.pytestCheckHook + versionCheckHook ]; + versionCheckProgramArg = "--version"; pythonImportsCheck = [ "gitlint" ]; - meta = with lib; { + passthru.updateScript = nix-update-script { }; + + meta = { description = "Linting for your git commit messages"; homepage = "https://jorisroovers.com/gitlint/"; changelog = "https://github.com/jorisroovers/gitlint/releases/tag/v${version}"; - license = licenses.mit; - maintainers = with maintainers; [ + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ ethancedwards8 fab matthiasbeyer From a8e2aa357113393de338e9ecc5039b7f364acf31 Mon Sep 17 00:00:00 2001 From: Gaetan Lepage Date: Wed, 2 Apr 2025 15:27:55 +0200 Subject: [PATCH 41/58] vectorcode: add enableLsp toggle (defaults to true) --- pkgs/by-name/ve/vectorcode/package.nix | 33 +++++++++++++++----------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/pkgs/by-name/ve/vectorcode/package.nix b/pkgs/by-name/ve/vectorcode/package.nix index 018214f14b05..1a3636d3e707 100644 --- a/pkgs/by-name/ve/vectorcode/package.nix +++ b/pkgs/by-name/ve/vectorcode/package.nix @@ -3,6 +3,8 @@ python3Packages, fetchFromGitHub, versionCheckHook, + + lspSupport ? true, }: python3Packages.buildPythonApplication rec { @@ -21,20 +23,23 @@ python3Packages.buildPythonApplication rec { pdm-backend ]; - dependencies = with python3Packages; [ - chromadb - httpx - numpy - pathspec - psutil - pygments - sentence-transformers - shtab - tabulate - transformers - tree-sitter - tree-sitter-language-pack - ]; + dependencies = + with python3Packages; + [ + chromadb + httpx + numpy + pathspec + psutil + pygments + sentence-transformers + shtab + tabulate + transformers + tree-sitter + tree-sitter-language-pack + ] + ++ lib.optionals lspSupport optional-dependencies.lsp; optional-dependencies = with python3Packages; { intel = [ From b3c9faf1f557b4ff0065e76b51ece08898f64d5f Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 2 Apr 2025 13:38:16 +0000 Subject: [PATCH 42/58] ktor-cli: 0.4.0 -> 0.5.0 --- pkgs/by-name/kt/ktor-cli/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/kt/ktor-cli/package.nix b/pkgs/by-name/kt/ktor-cli/package.nix index c96adf551c97..81fd9227d59b 100644 --- a/pkgs/by-name/kt/ktor-cli/package.nix +++ b/pkgs/by-name/kt/ktor-cli/package.nix @@ -6,18 +6,18 @@ buildGoModule rec { pname = "ktor-cli"; - version = "0.4.0"; + version = "0.5.0"; src = fetchFromGitHub { owner = "ktorio"; repo = "ktor-cli"; tag = version; - hash = "sha256-TGwkGm1Rsg82f6FJeTnhyvfS2MRMe5+DTdxTsOwwb1Q="; + hash = "sha256-DZEEaTz55vIBU8Byl51cEWgXu2Wjmctz/9XBAKX8VKY="; }; subPackages = "cmd/ktor"; - vendorHash = "sha256-ITYNSq2hs0QcOZZShkwtjZVcSyGY1uCmhgoZ0l9nPP0="; + vendorHash = "sha256-Cv/Jq4dWVzotfCCclrwufmC0I2pgPe/YHKWqcLzjt2E="; ldflags = [ "-s" From 155d1c0aa91f1e7a11693ee96e385bbea87a5a65 Mon Sep 17 00:00:00 2001 From: Dmitry Kalinkin Date: Wed, 2 Apr 2025 09:52:25 -0400 Subject: [PATCH 43/58] xercesc: enable ICU (#395024) Avoids "Could not load a local code page transcoder" on macOS --- pkgs/by-name/xe/xercesc/package.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/by-name/xe/xercesc/package.nix b/pkgs/by-name/xe/xercesc/package.nix index 7a00d50d5d5f..608072b4a3ae 100644 --- a/pkgs/by-name/xe/xercesc/package.nix +++ b/pkgs/by-name/xe/xercesc/package.nix @@ -3,6 +3,7 @@ lib, fetchurl, curl, + icu, }: stdenv.mkDerivation rec { @@ -16,12 +17,14 @@ stdenv.mkDerivation rec { buildInputs = [ curl + icu ]; configureFlags = [ # Disable SSE2 extensions on platforms for which they are not enabled by default "--disable-sse2" "--enable-netaccessor-curl" + "--enable-transcoder-icu" ]; enableParallelBuilding = true; From 33798665181975ec679ef5a7dc905a9a96424038 Mon Sep 17 00:00:00 2001 From: Sebaguardian Date: Wed, 2 Apr 2025 16:12:38 +0200 Subject: [PATCH 44/58] vimPlugins.jule-nvim: init at 2025-02-22 --- pkgs/applications/editors/vim/plugins/generated.nix | 13 +++++++++++++ .../editors/vim/plugins/vim-plugin-names | 1 + 2 files changed, 14 insertions(+) diff --git a/pkgs/applications/editors/vim/plugins/generated.nix b/pkgs/applications/editors/vim/plugins/generated.nix index 5e37857ce43a..62a95db34463 100644 --- a/pkgs/applications/editors/vim/plugins/generated.nix +++ b/pkgs/applications/editors/vim/plugins/generated.nix @@ -6427,6 +6427,19 @@ final: prev: meta.hydraPlatforms = [ ]; }; + jule-nvim = buildVimPlugin { + pname = "jule.nvim"; + version = "2025-02-22"; + src = fetchFromGitHub { + owner = "julelang"; + repo = "jule.nvim"; + rev = "11c983f900dc84dca4ae6bcb54a937a1ceba4038"; + sha256 = "0gajpcg7g3885696aljq7zky8cd0bfsjr7n2fad3d2yf0i999fif"; + }; + meta.homepage = "https://github.com/julelang/jule.nvim/"; + meta.hydraPlatforms = [ ]; + }; + julia-vim = buildVimPlugin { pname = "julia-vim"; version = "2024-05-25"; diff --git a/pkgs/applications/editors/vim/plugins/vim-plugin-names b/pkgs/applications/editors/vim/plugins/vim-plugin-names index ccf8e647afcc..7cd6d172be6a 100644 --- a/pkgs/applications/editors/vim/plugins/vim-plugin-names +++ b/pkgs/applications/editors/vim/plugins/vim-plugin-names @@ -493,6 +493,7 @@ https://github.com/vito-c/jq.vim/,, https://github.com/neoclide/jsonc.vim/,, https://github.com/Myzel394/jsonfly.nvim/,HEAD, https://github.com/julelang/jule.nvim/,HEAD, +https://github.com/julelang/jule.nvim/,HEAD, https://github.com/JuliaEditorSupport/julia-vim/,, https://github.com/GCBallesteros/jupytext.nvim/,HEAD, https://github.com/rebelot/kanagawa.nvim/,, From a149260fec0b4ae08d9ceaa20ec4fee056affbee Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 2 Apr 2025 14:51:33 +0000 Subject: [PATCH 45/58] feedbackd: 0.8.0 -> 0.8.1 --- pkgs/by-name/fe/feedbackd/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/fe/feedbackd/package.nix b/pkgs/by-name/fe/feedbackd/package.nix index 61c409dfb4b2..80df650792dc 100644 --- a/pkgs/by-name/fe/feedbackd/package.nix +++ b/pkgs/by-name/fe/feedbackd/package.nix @@ -34,7 +34,7 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "feedbackd"; - version = "0.8.0"; + version = "0.8.1"; outputs = [ "out" @@ -47,7 +47,7 @@ stdenv.mkDerivation (finalAttrs: { owner = "Librem5"; repo = "feedbackd"; rev = "v${finalAttrs.version}"; - hash = "sha256-Hn850+bRSNDe8ZgDRu52N7AR/yLNbV6zGROBYtetOZg="; + hash = "sha256-J2BNDF9TyW+srW0pGbGt4/Uw4KPVf/Ke+HJVBldmfCA="; }; depsBuildBuild = [ From 3c3f6a06da6387d9d6e0c87e3cc46ea6839d7417 Mon Sep 17 00:00:00 2001 From: emilylange Date: Wed, 2 Apr 2025 16:53:17 +0200 Subject: [PATCH 46/58] miniflux: 2.2.6 -> 2.2.7 https://miniflux.app/releases/2.2.7.html https://github.com/miniflux/v2/releases/tag/2.2.7 diff: https://github.com/miniflux/v2/compare/2.2.6...2.2.7 --- pkgs/by-name/mi/miniflux/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/mi/miniflux/package.nix b/pkgs/by-name/mi/miniflux/package.nix index 68d99d27d286..59762d4ed2bc 100644 --- a/pkgs/by-name/mi/miniflux/package.nix +++ b/pkgs/by-name/mi/miniflux/package.nix @@ -9,16 +9,16 @@ buildGoModule rec { pname = "miniflux"; - version = "2.2.6"; + version = "2.2.7"; src = fetchFromGitHub { owner = "miniflux"; repo = "v2"; tag = version; - hash = "sha256-N0WAdfxToVF93ICGpDstQig3aGz2lAzJz1nf4tSvxAY="; + hash = "sha256-1W+sFXvM5qOYxpbRBkZIvombchv2oYkcFuq7/ETGjfs="; }; - vendorHash = "sha256-AG3NNqwpaTctvgOEZ2SarsMK4SRgzWxf+j9N4wwKKB4="; + vendorHash = "sha256-bulQrLtA61RMZVhTtupTJUUTWJGWXcmpGaNUAoXEfYE="; nativeBuildInputs = [ installShellFiles ]; From 0a56370b09778e775c50a9082c0198fe88eb97d6 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 28 Mar 2025 06:23:54 +0000 Subject: [PATCH 47/58] museum: 0.9.99 -> 1.0.0 --- pkgs/by-name/mu/museum/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/mu/museum/package.nix b/pkgs/by-name/mu/museum/package.nix index b3f498918b3d..94da1e2cf330 100644 --- a/pkgs/by-name/mu/museum/package.nix +++ b/pkgs/by-name/mu/museum/package.nix @@ -9,14 +9,14 @@ buildGoModule rec { pname = "museum"; - version = "0.9.99"; + version = "1.0.0"; src = fetchFromGitHub { owner = "ente-io"; repo = "ente"; sparseCheckout = [ "server" ]; rev = "photos-v${version}"; - hash = "sha256-+EL81zSOjoBfew8LRl0awWXgc2r8KDBBCYBBtDU1s5g="; + hash = "sha256-niEySdGebd9SRRha2dYLsAary3to/9tgV5KePg2LdyE="; }; vendorHash = "sha256-px4pMqeH73Fe06va4+n6hklIUDMbPmAQNKKRIhwv6ec="; From 9d5bd6e9087b52d8ea64fb3276f491d504675d1b Mon Sep 17 00:00:00 2001 From: Yureka Date: Tue, 1 Apr 2025 00:00:20 +0200 Subject: [PATCH 48/58] ente-desktop: 1.7.10 -> 1.7.11 --- pkgs/by-name/en/ente-desktop/package.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/by-name/en/ente-desktop/package.nix b/pkgs/by-name/en/ente-desktop/package.nix index 94d99835dd02..da825fa1e6ef 100644 --- a/pkgs/by-name/en/ente-desktop/package.nix +++ b/pkgs/by-name/en/ente-desktop/package.nix @@ -4,7 +4,7 @@ fetchFromGitHub, fetchYarnDeps, nodejs, - electron_34, + electron_35, yarnConfigHook, copyDesktopItems, vips, @@ -15,12 +15,12 @@ imagemagick, }: let - electron = electron_34; + electron = electron_35; in stdenv.mkDerivation (finalAttrs: { pname = "ente-desktop"; - version = "1.7.10"; + version = "1.7.11"; src = fetchFromGitHub { owner = "ente-io"; @@ -31,7 +31,7 @@ stdenv.mkDerivation (finalAttrs: { "web" ]; tag = "photosd-v${finalAttrs.version}"; - hash = "sha256-iH9fbeUOd/8oVVQbMCSlWyruQZKgSjexNrOuS7szJ9w="; + hash = "sha256-yEfJEe+/PnRr9in7+9l54LQqCFkGqDRhqzcsNaEZmhI="; }; sourceRoot = "${finalAttrs.src.name}/desktop"; @@ -39,13 +39,13 @@ stdenv.mkDerivation (finalAttrs: { offlineCache = fetchYarnDeps { name = "ente-desktop-${finalAttrs.version}-offline-cache"; inherit (finalAttrs) src sourceRoot; - hash = "sha256-kiL2XQPPN9VkDa3rzO1rLwUZVTbwEz0zeqpgpWOSy7Y="; + hash = "sha256-Cq/4OOgGp6qg2ge5NK5jcYCvS/uF5l9nLLWIslpGRDc="; }; webOfflineCache = fetchYarnDeps { name = "ente-desktop-${finalAttrs.version}-web-offline-cache"; inherit (finalAttrs) src; sourceRoot = "${finalAttrs.src.name}/web"; - hash = "sha256-7epwOEWi5lZNo6Z7Rf+QZtGvVCZxk5bXU2aN+9KDYCc="; + hash = "sha256-yoCOU4cxxHiWu1+/vGwM9VWRroymr6JTbRHomKRJhU4="; }; nativeBuildInputs = [ From 21a9964557bfacf5817355a04e3f665f8a0072b0 Mon Sep 17 00:00:00 2001 From: Yureka Date: Tue, 1 Apr 2025 00:00:29 +0200 Subject: [PATCH 49/58] ente-web: 0.9.99 -> 1.0.0 --- pkgs/by-name/en/ente-web/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/en/ente-web/package.nix b/pkgs/by-name/en/ente-web/package.nix index f84373144a36..ccbc8503386a 100644 --- a/pkgs/by-name/en/ente-web/package.nix +++ b/pkgs/by-name/en/ente-web/package.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "ente-web"; - version = "0.9.99"; + version = "1.0.0"; src = fetchFromGitHub { owner = "ente-io"; @@ -20,13 +20,13 @@ stdenv.mkDerivation (finalAttrs: { sparseCheckout = [ "web" ]; tag = "photos-v${finalAttrs.version}"; fetchSubmodules = true; - hash = "sha256-/dWnaVll/kaKHTJ5gH18BR6JG5E6pF7/j+SgvE66b7M="; + hash = "sha256-hK5CO4FTjh2MNT8pztV/GO7ifOGv1hw32flXrmcUAfk="; }; sourceRoot = "${finalAttrs.src.name}/web"; offlineCache = fetchYarnDeps { yarnLock = "${finalAttrs.src}/web/yarn.lock"; - hash = "sha256-Wu0/YHqkqzrmA5hpVk0CX/W1wJUh8uZSjABuc+DPxMA="; + hash = "sha256-n/+HETnwtnpFlfDLA0znCzro5YhNsISweR820QXJFUQ="; }; nativeBuildInputs = [ From 177b8efa4c3c7a49bdb4381dabd64f49c540fb58 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Wed, 2 Apr 2025 17:04:01 +0200 Subject: [PATCH 50/58] element-call: 0.7.1 -> 0.9.0 https://github.com/element-hq/element-call/releases/tag/v0.7.2 https://github.com/element-hq/element-call/releases/tag/v0.8.0 https://github.com/element-hq/element-call/releases/tag/v0.9.0 --- pkgs/by-name/el/element-call/package.nix | 23 +++++------------------ 1 file changed, 5 insertions(+), 18 deletions(-) diff --git a/pkgs/by-name/el/element-call/package.nix b/pkgs/by-name/el/element-call/package.nix index 6a15c2169b2b..d2da74943ee1 100644 --- a/pkgs/by-name/el/element-call/package.nix +++ b/pkgs/by-name/el/element-call/package.nix @@ -5,36 +5,23 @@ fetchYarnDeps, yarnConfigHook, yarnBuildHook, - yarnInstallHook, nodejs, }: -let - inherit (stdenv.hostPlatform) system; - throwSystem = throw "Unsupported system: ${system}"; - offlineCacheHash = - { - x86_64-linux = "sha256-bjWPoci9j3LZnOfDgmRVqQp1L2tXBwHQOryn+p5B1Mc="; - aarch64-linux = "sha256-bjWPoci9j3LZnOfDgmRVqQp1L2tXBwHQOryn+p5B1Mc="; - x86_64-darwin = "sha256-bjWPoci9j3LZnOfDgmRVqQp1L2tXBwHQOryn+p5B1Mc="; - aarch64-darwin = "sha256-bjWPoci9j3LZnOfDgmRVqQp1L2tXBwHQOryn+p5B1Mc="; - } - .${system} or throwSystem; -in stdenv.mkDerivation (finalAttrs: { pname = "element-call"; - version = "0.7.1"; + version = "0.9.0"; src = fetchFromGitHub { owner = "element-hq"; repo = "element-call"; - rev = "v${finalAttrs.version}"; - hash = "sha256-HmkFr2DroN1uNNH2pnRwE7vsJsEPLYU6yhroiuR/E6Q="; + tag = "v${finalAttrs.version}"; + hash = "sha256-BugR5aXDxIQ9WOhaqXEoo0FdZHnYSvoqDoRJLDd4PUk="; }; offlineCache = fetchYarnDeps { yarnLock = "${finalAttrs.src}/yarn.lock"; - hash = offlineCacheHash; + hash = "sha256-7dUSt1k/5N6BaYrT272J6xxDGgloAsDw1dCFh327Itc="; }; nativeBuildInputs = [ @@ -53,10 +40,10 @@ stdenv.mkDerivation (finalAttrs: { ''; meta = with lib; { + changelog = "https://github.com/element-hq/element-call/releases/tag/${finalAttrs.src.tag}"; homepage = "https://github.com/element-hq/element-call"; description = "Group calls powered by Matrix"; license = licenses.asl20; maintainers = with maintainers; [ kilimnik ]; - mainProgram = "element-call"; }; }) From 88b2709b781be6235e99af08702d357c7ab58be3 Mon Sep 17 00:00:00 2001 From: Tristan Ross Date: Sun, 30 Mar 2025 20:17:27 -0700 Subject: [PATCH 51/58] llvmPackages_git: 21.0.0-unstable-2025-03-23 -> 21.0.0-unstable-2025-03-30 --- pkgs/development/compilers/llvm/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/compilers/llvm/default.nix b/pkgs/development/compilers/llvm/default.nix index 8aa6891e0f83..9acf01f2f60d 100644 --- a/pkgs/development/compilers/llvm/default.nix +++ b/pkgs/development/compilers/llvm/default.nix @@ -33,9 +33,9 @@ let "19.1.7".officialRelease.sha256 = "sha256-cZAB5vZjeTsXt9QHbP5xluWNQnAHByHtHnAhVDV0E6I="; "20.1.1".officialRelease.sha256 = "sha256-hDFYi5wAUDQ8xfjvbGFi05KdawrN9lwrrSC8AcTpCEE="; "21.0.0-git".gitRelease = { - rev = "b32cf756994cbab83e50b9d84df03d5ee03f31f8"; - rev-version = "21.0.0-unstable-2025-03-23"; - sha256 = "sha256-6PuKOT8TozoOcN1muWt08jHGLMQTogtMOQIFa8TTQoY="; + rev = "65734de9b93bef5b3211298b4fcc5dc79d18d31e"; + rev-version = "21.0.0-unstable-2025-03-30"; + sha256 = "sha256-v7/Goj8lc+8AUX/nJeqRcaudZAQoAwBZ9FtrDYX87ns="; }; } // llvmVersions; From 415f5645e2d92091e9a6b37a8871fe48600df482 Mon Sep 17 00:00:00 2001 From: Felix Zieger <67903933+felixzieger@users.noreply.github.com> Date: Fri, 21 Feb 2025 11:54:42 +0100 Subject: [PATCH 52/58] haven: init at 1.0.5 --- pkgs/by-name/ha/haven/package.nix | 34 +++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 pkgs/by-name/ha/haven/package.nix diff --git a/pkgs/by-name/ha/haven/package.nix b/pkgs/by-name/ha/haven/package.nix new file mode 100644 index 000000000000..94576cfe985d --- /dev/null +++ b/pkgs/by-name/ha/haven/package.nix @@ -0,0 +1,34 @@ +{ + lib, + buildGoModule, + fetchFromGitHub, +}: + +buildGoModule rec { + pname = "haven"; + version = "1.0.5"; + + src = fetchFromGitHub { + owner = "bitvora"; + repo = "haven"; + tag = "v${version}"; + hash = "sha256-rSycrHW53TgqbsfgaRn3492EWtpu440GtbegozqnzMQ="; + }; + + vendorHash = "sha256-5d6C2sNG8aCaC+z+hyLgOiEPWP/NmAcRRbRVC4KuCEw="; + + postInstall = '' + mkdir -p $out/share/haven + cp -r $src/templates $out/share/haven/ + cp $src/.env.example $out/share/haven/.env.example + ''; + + meta = { + description = "High Availability Vault for Events on Nostr"; + homepage = "https://github.com/bitvora/haven"; + changelog = "https://github.com/bitvora/haven/releases/tag/v${version}"; + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ felixzieger ]; + mainProgram = "haven"; + }; +} From 1bf74aee3ce2be0be2b7e5d6c95c794b42fd0e6e Mon Sep 17 00:00:00 2001 From: Felix Zieger <67903933+felixzieger@users.noreply.github.com> Date: Wed, 2 Apr 2025 17:30:18 +0200 Subject: [PATCH 53/58] nixos/haven: init --- .../manual/release-notes/rl-2505.section.md | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/services/web-apps/haven.nix | 137 ++++++++++++++++++ 3 files changed, 140 insertions(+) create mode 100644 nixos/modules/services/web-apps/haven.nix diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md index 4ba61c8baadb..f531ff61af86 100644 --- a/nixos/doc/manual/release-notes/rl-2505.section.md +++ b/nixos/doc/manual/release-notes/rl-2505.section.md @@ -140,6 +140,8 @@ - [nostr-rs-relay](https://git.sr.ht/~gheartsfield/nostr-rs-relay/), This is a nostr relay, written in Rust. Available as [services.nostr-rs-relay](options.html#opt-services.nostr-rs-relay.enable). +- [haven](https://github.com/bitvora/haven), is a high availability vault for events on nostr. Available as [services.haven](options.html#opt-services.haven.enable). + - [strfry](https://github.com/hoytech/strfry), a relay for the nostr protocol. Available as [services.strfry](options.html#opt-services.strfry.enable). - [Prometheus Node Cert Exporter](https://github.com/amimof/node-cert-exporter), a prometheus exporter to check for SSL cert expiry. Available under [services.prometheus.exporters.node-cert](#opt-services.prometheus.exporters.node-cert.enable). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 2bcd9b90c178..6a3be1eb100f 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1537,6 +1537,7 @@ ./services/web-apps/guacamole-client.nix ./services/web-apps/guacamole-server.nix ./services/web-apps/hatsu.nix + ./services/web-apps/haven.nix ./services/web-apps/healthchecks.nix ./services/web-apps/hedgedoc.nix ./services/web-apps/hledger-web.nix diff --git a/nixos/modules/services/web-apps/haven.nix b/nixos/modules/services/web-apps/haven.nix new file mode 100644 index 000000000000..b5417ffb3c06 --- /dev/null +++ b/nixos/modules/services/web-apps/haven.nix @@ -0,0 +1,137 @@ +{ + config, + pkgs, + lib, + ... +}: +let + # Load default values from package. See https://github.com/bitvora/haven/blob/master/.env.example + defaultSettings = builtins.fromTOML (builtins.readFile "${cfg.package}/share/haven/.env.example"); + + import_relays_file = "${pkgs.writeText "import_relays.json" (builtins.toJSON cfg.importRelays)}"; + blastr_relays_file = "${pkgs.writeText "blastr_relays.json" (builtins.toJSON cfg.blastrRelays)}"; + + mergedSettings = cfg.settings // { + IMPORT_SEED_RELAYS_FILE = import_relays_file; + BLASTR_RELAYS_FILE = blastr_relays_file; + }; + + cfg = config.services.haven; +in +{ + options.services.haven = { + enable = lib.mkEnableOption "haven"; + + package = lib.mkPackageOption pkgs "haven" { }; + + blastrRelays = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + description = "List of relay configurations for blastr"; + example = lib.literalExpression '' + [ + "relay.example.com" + ] + ''; + }; + + importRelays = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + description = "List of relay configurations for importing historical events"; + example = lib.literalExpression '' + [ + "relay.example.com" + ] + ''; + }; + + settings = lib.mkOption { + default = defaultSettings; + defaultText = "See https://github.com/bitvora/haven/blob/master/.env.example"; + apply = lib.recursiveUpdate defaultSettings; + description = "See https://github.com/bitvora/haven for documentation."; + example = lib.literalExpression '' + { + RELAY_URL = "relay.example.com"; + OWNER_NPUB = "npub1..."; + } + ''; + }; + + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = '' + Path to a file containing sensitive environment variables. See https://github.com/bitvora/haven for documentation. + The file should contain environment-variable assignments like: + S3_SECRET_KEY=mysecretkey + S3_ACCESS_KEY_ID=myaccesskey + ''; + example = "/var/lib/haven/secrets.env"; + }; + }; + + config = lib.mkIf cfg.enable { + users.users.haven = { + description = "Haven daemon user"; + group = "haven"; + isSystemUser = true; + }; + + users.groups.haven = { }; + + systemd.services.haven = { + description = "haven"; + wants = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + environment = lib.attrsets.mapAttrs ( + name: value: if builtins.isBool value then if value then "true" else "false" else toString value + ) mergedSettings; + + serviceConfig = { + ExecStart = "${cfg.package}/bin/haven"; + EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile; + User = "haven"; + Group = "haven"; + Restart = "on-failure"; + + RuntimeDirectory = "haven"; + StateDirectory = "haven"; + WorkingDirectory = "/var/lib/haven"; + + # Create symlink to templates in the working directory + ExecStartPre = "+${pkgs.coreutils}/bin/ln -sfT ${cfg.package}/share/haven/templates /var/lib/haven/templates"; + + PrivateTmp = true; + PrivateUsers = true; + PrivateDevices = true; + ProtectSystem = "strict"; + ProtectHome = true; + NoNewPrivileges = true; + MemoryDenyWriteExecute = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectClock = true; + ProtectProc = "invisible"; + ProcSubset = "pid"; + ProtectControlGroups = true; + LockPersonality = true; + RestrictSUIDSGID = true; + RemoveIPC = true; + RestrictRealtime = true; + ProtectHostname = true; + CapabilityBoundingSet = ""; + SystemCallFilter = [ + "@system-service" + ]; + SystemCallArchitectures = "native"; + }; + }; + }; + + meta.maintainers = with lib.maintainers; [ + felixzieger + ]; +} From ee467ba36174e0d925eb142a12ac804ecd096e36 Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Wed, 26 Mar 2025 20:19:44 +0100 Subject: [PATCH 54/58] unicode-idna: init at 16.0.0 --- pkgs/by-name/un/unicode-idna/package.nix | 34 ++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 pkgs/by-name/un/unicode-idna/package.nix diff --git a/pkgs/by-name/un/unicode-idna/package.nix b/pkgs/by-name/un/unicode-idna/package.nix new file mode 100644 index 000000000000..07fe5ca5e945 --- /dev/null +++ b/pkgs/by-name/un/unicode-idna/package.nix @@ -0,0 +1,34 @@ +{ + lib, + stdenvNoCC, + fetchurl, +}: + +stdenvNoCC.mkDerivation (finalAttrs: { + pname = "unicode-idna"; + version = "16.0.0"; + + src = fetchurl { + url = "https://www.unicode.org/Public/idna/${finalAttrs.version}/IdnaMappingTable.txt"; + hash = "sha256-bbLvTtNfOz3nTrwuAEBKlgf3bUmfV2uNQEPPFPHtF1w="; + }; + + dontUnpack = true; + + installPhase = '' + runHook preInstall + + mkdir -p $out/share/unicode/idna + cp -r $src $out/share/unicode/idna/IdnaMappingTable.txt + + runHook postInstall + ''; + + meta = { + description = "unicode IDNA compatible processing data"; + homepage = "http://www.unicode.org/reports/tr46/"; + license = lib.licenses.unicode-dfs-2016; + maintainers = with lib.maintainers; [ jopejoe1 ]; + platforms = lib.platforms.all; + }; +}) From 79a8a723b9d3a67e93b804c225660b484331e1d8 Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Wed, 26 Mar 2025 19:48:48 +0100 Subject: [PATCH 55/58] ladybird: use packaged versions of depends --- pkgs/by-name/la/ladybird/package.nix | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/pkgs/by-name/la/ladybird/package.nix b/pkgs/by-name/la/ladybird/package.nix index 682818a1c696..cf9ad9f9d33b 100644 --- a/pkgs/by-name/la/ladybird/package.nix +++ b/pkgs/by-name/la/ladybird/package.nix @@ -6,6 +6,8 @@ cacert, unicode-emoji, unicode-character-database, + unicode-idna, + publicsuffix-list, cmake, ninja, pkg-config, @@ -30,20 +32,11 @@ }: let - unicode-idna = fetchurl { - url = "https://www.unicode.org/Public/idna/${unicode-character-database.version}/IdnaMappingTable.txt"; - hash = "sha256-QCy9KF8flS/NCDS2NUHVT2nT2PG4+Fmb9xoaFJNfgsQ="; - }; adobe-icc-profiles = fetchurl { url = "https://download.adobe.com/pub/adobe/iccprofiles/win/AdobeICCProfilesCS4Win_end-user.zip"; hash = "sha256-kgQ7fDyloloPaXXQzcV9tgpn3Lnr37FbFiZzEb61j5Q="; name = "adobe-icc-profiles.zip"; }; - public_suffix_commit = "9094af5c6cb260e69137c043c01be18fee01a540"; - public-suffix-list = fetchurl { - url = "https://raw.githubusercontent.com/publicsuffix/list/${public_suffix_commit}/public_suffix_list.dat"; - hash = "sha256-0szHUz1T0MXOQ9tcXoKY2F/bI3s7hsYCjURqywZsf1w="; - }; # Note: The cacert version is synthetic and must match the version in the package's CMake cacert_version = "2023-12-12"; in @@ -80,7 +73,7 @@ stdenv.mkDerivation (finalAttrs: { cp -r ${unicode-character-database}/share/unicode build/Caches/UCD chmod +w build/Caches/UCD cp ${unicode-emoji}/share/unicode/emoji/emoji-test.txt build/Caches/UCD - cp ${unicode-idna} build/Caches/UCD/IdnaMappingTable.txt + cp ${unicode-idna}/share/unicode/idna/IdnaMappingTable.txt build/Caches/UCD echo -n ${unicode-character-database.version} > build/Caches/UCD/version.txt chmod -w build/Caches/UCD @@ -89,7 +82,7 @@ stdenv.mkDerivation (finalAttrs: { echo -n ${cacert_version} > build/Caches/CACERT/version.txt mkdir build/Caches/PublicSuffix - cp ${public-suffix-list} build/Caches/PublicSuffix/public_suffix_list.dat + cp ${publicsuffix-list}/share/publicsuffix/public_suffix_list.dat build/Caches/PublicSuffix mkdir build/Caches/AdobeICCProfiles cp ${adobe-icc-profiles} build/Caches/AdobeICCProfiles/adobe-icc-profiles.zip From 9bd4f27ade3a58558f604ffc1b51d4edf87857c5 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Wed, 2 Apr 2025 17:55:16 +0200 Subject: [PATCH 56/58] lk-jwt-service: 0.2.1 -> 0.2.2 https://github.com/element-hq/lk-jwt-service/compare/refs/tags/v0.2.1...v0.2.2 --- pkgs/by-name/lk/lk-jwt-service/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/lk/lk-jwt-service/package.nix b/pkgs/by-name/lk/lk-jwt-service/package.nix index 17d81b99859b..d47d274ba713 100644 --- a/pkgs/by-name/lk/lk-jwt-service/package.nix +++ b/pkgs/by-name/lk/lk-jwt-service/package.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "lk-jwt-service"; - version = "0.2.1"; + version = "0.2.2"; src = fetchFromGitHub { owner = "element-hq"; repo = "lk-jwt-service"; tag = "v${version}"; - hash = "sha256-R4YqmHp0i+RpJJkENJPZJDNCVg+O+70JMoCR8ZlesyM="; + hash = "sha256-ONL2qKBXL2FtTv5Eao61qPKWP2h9t3KyoHlS5nAHMGA="; }; - vendorHash = "sha256-evzltyQZCBQ4/k641sQrmUvw6yIBWFEic/WUa/WX5xE="; + vendorHash = "sha256-47eJO1Ai78RuhlEPn/J1cd+YSqvmfUD8cuPZIqsdxvI="; meta = with lib; { description = "Minimal service to issue LiveKit JWTs for MatrixRTC"; From 6eed59502a2a72681cb44736314552f841361b9a Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Wed, 2 Apr 2025 17:57:19 +0200 Subject: [PATCH 57/58] lk-jwt-service: use finalAttrs pattern, configure changelog --- pkgs/by-name/lk/lk-jwt-service/package.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/lk/lk-jwt-service/package.nix b/pkgs/by-name/lk/lk-jwt-service/package.nix index d47d274ba713..9f43932bec96 100644 --- a/pkgs/by-name/lk/lk-jwt-service/package.nix +++ b/pkgs/by-name/lk/lk-jwt-service/package.nix @@ -4,24 +4,25 @@ fetchFromGitHub, }: -buildGoModule rec { +buildGoModule (finalAttrs: { pname = "lk-jwt-service"; version = "0.2.2"; src = fetchFromGitHub { owner = "element-hq"; repo = "lk-jwt-service"; - tag = "v${version}"; + tag = "v${finalAttrs.version}"; hash = "sha256-ONL2qKBXL2FtTv5Eao61qPKWP2h9t3KyoHlS5nAHMGA="; }; vendorHash = "sha256-47eJO1Ai78RuhlEPn/J1cd+YSqvmfUD8cuPZIqsdxvI="; meta = with lib; { + changelog = "https://github.com/element-hq/lk-jwt-service/releases/tag/${finalAttrs.src.tag}"; description = "Minimal service to issue LiveKit JWTs for MatrixRTC"; homepage = "https://github.com/element-hq/lk-jwt-service"; license = licenses.agpl3Plus; maintainers = with maintainers; [ kilimnik ]; mainProgram = "lk-jwt-service"; }; -} +}) From 50bfb2f2f8aadf0c32e892cd6e9a66eb16351bdf Mon Sep 17 00:00:00 2001 From: Tristan Ross Date: Wed, 2 Apr 2025 07:57:13 -0700 Subject: [PATCH 58/58] llvmPackages_20: 20.1.1 -> 20.1.2 --- pkgs/development/compilers/llvm/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/compilers/llvm/default.nix b/pkgs/development/compilers/llvm/default.nix index 9acf01f2f60d..d256295f2f2a 100644 --- a/pkgs/development/compilers/llvm/default.nix +++ b/pkgs/development/compilers/llvm/default.nix @@ -31,7 +31,7 @@ let "17.0.6".officialRelease.sha256 = "sha256-8MEDLLhocshmxoEBRSKlJ/GzJ8nfuzQ8qn0X/vLA+ag="; "18.1.8".officialRelease.sha256 = "sha256-iiZKMRo/WxJaBXct9GdAcAT3cz9d9pnAcO1mmR6oPNE="; "19.1.7".officialRelease.sha256 = "sha256-cZAB5vZjeTsXt9QHbP5xluWNQnAHByHtHnAhVDV0E6I="; - "20.1.1".officialRelease.sha256 = "sha256-hDFYi5wAUDQ8xfjvbGFi05KdawrN9lwrrSC8AcTpCEE="; + "20.1.2".officialRelease.sha256 = "sha256-t30Jh8ckp5qD6XDxtvnSaYiAWbEi6L6hAWh6tN8JjtY="; "21.0.0-git".gitRelease = { rev = "65734de9b93bef5b3211298b4fcc5dc79d18d31e"; rev-version = "21.0.0-unstable-2025-03-30";