chn/nixpkgs
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixpkgs.git synced 2026-01-12 19:00:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: chn:next
Branches Tags
chn:nixos-25.05 chn:nixos-25.11 chn:enhance-slurm chn:fix-bintools-wrapper chn:fix-wrapper chn:fix-slurm-2 chn:fix-slurm chn:fix-tailscale chn:nixos-unstable-2505 chn:nixos-unstable chn:fix-ctranslate2 chn:nixos-23.11 chn:update-httplib chn:fix-boost chn:nvidia chn:update-gitlfs chn:update-phonopy chn:nixos-24.11 chn:update-ovito chn:fix-hackage chn:fix-libvirt chn:next chn:fix-architecture chn:fix-phonopy chn:add-gitlfstransfer chn:fix-legion chn:nixos-24.05 chn:fix-utterly-theme chn:utterly-backup chn:utterly-debug chn:fix-nomacs chn:nixos-23.11-desktop chn:xrdp chn:nixos-23.11-old chn:nixos-23.05 chn:nixos-unstable-23.05 chn:nixos-unstable-next chn:nixos-23.05-next chn:diff chn:master chn:new-machine chn:add-more-arch chn:nixos-22.05 chn:staging-22.11 chn:staging-next-22.11 chn:haskell-updates chn:staging chn:staging-next chn:nixos-unstable-small chn:nixpkgs-unstable chn:nixos-22.11-small chn:nixpkgs-22.11-darwin chn:release-22.11 chn:nixos-22.11 chn:lanzaboote chn:upgrade/pixelfed chn:backport-231556-to-release-22.11 chn:kde-gear-23.04.1 chn:python-test-refactoring chn:backport-231190-to-release-22.11 chn:backport-206688-to-release-22.11 chn:backport-230427-to-release-22.11 chn:netboot-tests chn:backport-230037-to-release-22.11 chn:backport-229688-to-release-22.11 chn:backport-229507-to-release-22.11 chn:pr/yoda_1_9_8 chn:even-more-vulkan-updates chn:backport-229141-to-release-22.11 chn:qemu-vm/tpm chn:qemu-vm/read-efi-var chn:partition-table-qemu chn:backport-228461-to-release-22.11 chn:backport-228489-to-release-22.11 chn:nixos-22.05-aarch64 chn:nixos-22.05-small chn:nixpkgs-22.05-darwin chn:release-22.05 chn:make-disk-image/no-nix-store chn:angelfish-fix chn:backport-227646-to-release-22.11 chn:backport-227331-to-release-22.11 chn:backport-227448-to-release-22.11 chn:revert-227360-paperwm-bump chn:pr/texlive_texinfo_fix_hash chn:backport-216987-to-release-22.11 chn:backport-224094-to-release-22.11 chn:backport-225322-to-release-22.11 chn:pr/hepmc3_3_2_6 chn:backport-223455-to-release-22.11 chn:bump-llvm-latest chn:revert-215109-gnupg-libgcrypt-lts chn:revert-224746-asciify-message chn:kf5-5.105 chn:r-updates chn:backport-224069-to-staging-22.11 chn:backport-205134-to-release-22.11 chn:jtojnar/deps-nd-fix chn:pr/pymoo_0_6_0_1 chn:pr/root_6_28_00 chn:rustc chn:backport-217366-to-release-22.11 chn:bye-dpi chn:ory-hydra chn:sniproxy-update chn:diffoscope-unfree chn:python-updates chn:release-21.11 chn:llvm16 chn:backport-217341-to-release-22.11 chn:backport-206105-to-release-22.11 chn:backport-217578-to-release-22.11 chn:gokrazy-rsync chn:hass-onboarding chn:sudo-by-default chn:backport-216643-to-release-22.11 chn:balsoft/add-gnss-share chn:system chn:balsoft/add-qmlkonsole chn:pr/libredirect_system_test chn:backport-216167-to-release-22.11 chn:backport-215928-to-release-22.11 chn:isAarchDarwin chn:samuela/apache-beam chn:upd/openssh-92 chn:backport-213424-to-release-22.11 chn:backport-208549-to-release-22.11 chn:backport-213196-to-release-22.11 chn:backport-212206-to-release-22.11 chn:llvm15-wip chn:plasma-5.27 chn:backport-209550-to-release-22.11 chn:uri-canva-patch-1 chn:backport-209919-to-release-22.11 chn:pr/dask-awkward chn:qt-5.15.8 chn:backport-209022-to-release-22.11 chn:staging-22.05 chn:staging-next-22.05 chn:garage-multiple-versions chn:domenkozar-patch-1 chn:backport-199069-to-release-22.11 chn:auto-update/python3.10-autofaiss chn:pixelfed-module chn:simplified-qemu-boot-disks chn:backport-205765-to-release-22.11 chn:qemu-smm chn:backport-206912-to-release-22.11 chn:backport-205900-to-release-22.11 chn:backport-201949-to-release-22.11 chn:backport-203874-to-release-22.11 chn:backport-201203-to-release-22.11 chn:backport-140890-to-release-22.11 chn:upvote-convention chn:backport-189935-to-release-22.11 chn:backport-202314-to-release-22.11 chn:backport-202767-to-release-22.11 chn:backport-201875-to-release-22.11 chn:ibus-no-force-gtk-im chn:wip/jtojnar/account-service-util-nogui chn:pr/xrootd_rpath chn:clipboard-inspector chn:upd8n chn:kpackage-fix chn:balsoft/nuitka-update-1.1.5 chn:python-test-refactoring-baseline chn:direnv-module chn:emacs-manual-remove-absolute-paths chn:staging-python chn:nixos-21.05 chn:nixos-21.05-aarch64 chn:nixos-21.05-small chn:nixpkgs-21.05-darwin chn:release-21.05 chn:nixos-21.11 chn:nixos-21.11-aarch64 chn:nixos-21.11-small chn:nixpkgs-21.11-darwin chn:staging-21.11 chn:staging-next-21.11 chn:nixos-test-staging chn:nixos-test-staging-baseline chn:miniaudicle-gcc-10 chn:mkcue-gcc10 chn:staging-21.05 chn:staging-next-21.05 chn:release-19.03 chn:release-19.09 chn:release-20.03 chn:nixos-20.09-small chn:nixpkgs-20.09-darwin chn:release-20.09 chn:grahamc-patch-3 chn:rpi-cm4-support chn:grahamc-patch-2 chn:ghcHEAD-update chn:default-parameters chn:init-ueforth chn:mmahut/prometheus-nginx-exporter chn:nixos-20.09 chn:staging-20.09 chn:nixos-20.09-aarch64 chn:grahamc-patch-1 chn:structured-attrs chn:nixos-20.03 chn:nixos-20.03-small chn:nixpkgs-20.03-darwin chn:staging-20.03 chn:systemd-lib-reintroduce chn:nixos-19.09 chn:nixos-19.09-small chn:nixpkgs-19.09-darwin chn:gnome-20.03 chn:staging-patchelf chn:staging-19.09 chn:release-18.03 chn:release-18.09 chn:nixos-19.03 chn:nixos-19.03-small chn:nixpkgs-19.03-darwin chn:staging-19.03 chn:nixpkgs-18.09-darwin chn:kevincox-openarena-server chn:nixos-18.09 chn:nixos-18.09-small chn:staging-18.09 chn:release-17.09 chn:release-18.09-firefox64 chn:staging-18.03 chn:docs-all-packages chn:unstable-aarch64 chn:release-17.03 chn:release-16.09 chn:release-15.09 chn:release-16.03 chn:nixpart chn:release-14.12 chn:release-14.04 chn:release-13.10 chn:staging.patchShebangs chn:0.5-stable
chn:22.11 chn:23.05-pre chn:22.11-beta chn:22.05 chn:22.05-beta chn:21.11 chn:22.05-pre chn:21.11-beta chn:21.05 chn:21.11-pre chn:21.05-beta chn:20.09 chn:20.09-beta chn:20.09-alpha chn:20.03 chn:20.03-beta chn:19.09 chn:19.09-beta chn:19.03 chn:19.03-beta chn:18.09 chn:18.09-beta chn:18.03 chn:18.03-beta chn:17.09 chn:17.09-beta chn:17.03 chn:17.03-beta chn:16.09 chn:16.09-beta chn:black@2016-09-01 chn:black@2016-08-31 chn:black@2016-06-02 chn:black@2016-05-13 chn:release-16.03-start chn:16.03 chn:16.03-beta chn:v208 chn:v206 chn:15.09-beta chn:15.09 chn:v192 chn:last-glibc-2.13 chn:binary chn:0.14 chn:backups/stdenv-updates@34093 chn:backups/kmod-no-lib-modules@34172 chn:backups/glib-2.30-take2@33502 chn:backups/kmod-MODULE_DIR@33576 chn:backups/stdenv-updates@32824 chn:backups/libpng15@32782 chn:backups/glib-2.30@32938 chn:backups/darwin-without-xcode@34172 chn:backups/drop-kde4.5@30929 chn:backups/multiple-outputs-sandbox@34172 chn:backups/pure-python@34174 chn:backups/darwin-updates@34176 chn:backups/udev-173@28837 chn:backups/kde-4.7@34170 chn:backups/stdenv-ada@26758 chn:backups/modular-python@26697 chn:backups/x-updates@26704 chn:backups/cve-2010-3856@34170 chn:backups/stdenv-bootstrap-20100825@23426 chn:backups/parallel-building-merger@34171 chn:backups/x-updates@22736 chn:backups/multitask-builds@34175 chn:backups/mass-update-01@31456 chn:backups/stdenv-updates@19858 chn:0.13 chn:backups/kernel-config@19023 chn:backups/x86_64-darwin@34171 chn:backups/stdenv-updates2@18282 chn:backups/stdenv-updates2@18273 chn:backups/stdenv-updates@18281 chn:backups/xorg-7.5@18179 chn:backups/armv5tel-linux@18007 chn:backups/stdenv-updates@15332 chn:backups/0.12-release@15293 chn:0.12 chn:backups/stdenv-updates@12144 chn:backups/stdenv-updates-merge@10849 chn:backups/master@10848 chn:backups/stdenv-updates@10965 chn:backups/0.11-release@9315 chn:0.11 chn:0.10 chn:backups/0.10-release@6725 chn:backups/usability@34170 chn:0.9 chn:backups/0.9-release@4651 chn:0.8 chn:backups/0.8-release@2530 chn:0.7 chn:backups/0.7-release@2398 chn:backups/one-click@2549 chn:backups/nixos-pkgs@34170 chn:backups/0.6-release@1775 chn:0.6 chn:backups/martin2@34171 chn:backups/0.5.1-release@996 chn:0.5.1 chn:backups/0.5-stable@34171 chn:0.5 chn:backups/0.5-release@989 chn:backups/martin@828 chn:0.4 chn:backups/logistics@34171 chn:0.3 chn:0.2 chn:backups/freebsd-losser@34171 chn:0.1 chn:backups/master@59
..
compare: chn:add-gitlfstransfer
Branches Tags
chn:nixos-25.11 chn:enhance-slurm chn:fix-bintools-wrapper chn:fix-wrapper chn:fix-slurm-2 chn:fix-slurm chn:fix-tailscale chn:nixos-unstable-2505 chn:nixos-unstable chn:fix-ctranslate2 chn:nixos-23.11 chn:nixos-25.05 chn:update-httplib chn:fix-boost chn:nvidia chn:update-gitlfs chn:update-phonopy chn:nixos-24.11 chn:update-ovito chn:fix-hackage chn:fix-libvirt chn:next chn:fix-architecture chn:fix-phonopy chn:add-gitlfstransfer chn:fix-legion chn:nixos-24.05 chn:fix-utterly-theme chn:utterly-backup chn:utterly-debug chn:fix-nomacs chn:nixos-23.11-desktop chn:xrdp chn:nixos-23.11-old chn:nixos-23.05 chn:nixos-unstable-23.05 chn:nixos-unstable-next chn:nixos-23.05-next chn:diff chn:master chn:new-machine chn:add-more-arch chn:nixos-22.05 chn:staging-22.11 chn:staging-next-22.11 chn:haskell-updates chn:staging chn:staging-next chn:nixos-unstable-small chn:nixpkgs-unstable chn:nixos-22.11-small chn:nixpkgs-22.11-darwin chn:release-22.11 chn:nixos-22.11 chn:lanzaboote chn:upgrade/pixelfed chn:backport-231556-to-release-22.11 chn:kde-gear-23.04.1 chn:python-test-refactoring chn:backport-231190-to-release-22.11 chn:backport-206688-to-release-22.11 chn:backport-230427-to-release-22.11 chn:netboot-tests chn:backport-230037-to-release-22.11 chn:backport-229688-to-release-22.11 chn:backport-229507-to-release-22.11 chn:pr/yoda_1_9_8 chn:even-more-vulkan-updates chn:backport-229141-to-release-22.11 chn:qemu-vm/tpm chn:qemu-vm/read-efi-var chn:partition-table-qemu chn:backport-228461-to-release-22.11 chn:backport-228489-to-release-22.11 chn:nixos-22.05-aarch64 chn:nixos-22.05-small chn:nixpkgs-22.05-darwin chn:release-22.05 chn:make-disk-image/no-nix-store chn:angelfish-fix chn:backport-227646-to-release-22.11 chn:backport-227331-to-release-22.11 chn:backport-227448-to-release-22.11 chn:revert-227360-paperwm-bump chn:pr/texlive_texinfo_fix_hash chn:backport-216987-to-release-22.11 chn:backport-224094-to-release-22.11 chn:backport-225322-to-release-22.11 chn:pr/hepmc3_3_2_6 chn:backport-223455-to-release-22.11 chn:bump-llvm-latest chn:revert-215109-gnupg-libgcrypt-lts chn:revert-224746-asciify-message chn:kf5-5.105 chn:r-updates chn:backport-224069-to-staging-22.11 chn:backport-205134-to-release-22.11 chn:jtojnar/deps-nd-fix chn:pr/pymoo_0_6_0_1 chn:pr/root_6_28_00 chn:rustc chn:backport-217366-to-release-22.11 chn:bye-dpi chn:ory-hydra chn:sniproxy-update chn:diffoscope-unfree chn:python-updates chn:release-21.11 chn:llvm16 chn:backport-217341-to-release-22.11 chn:backport-206105-to-release-22.11 chn:backport-217578-to-release-22.11 chn:gokrazy-rsync chn:hass-onboarding chn:sudo-by-default chn:backport-216643-to-release-22.11 chn:balsoft/add-gnss-share chn:system chn:balsoft/add-qmlkonsole chn:pr/libredirect_system_test chn:backport-216167-to-release-22.11 chn:backport-215928-to-release-22.11 chn:isAarchDarwin chn:samuela/apache-beam chn:upd/openssh-92 chn:backport-213424-to-release-22.11 chn:backport-208549-to-release-22.11 chn:backport-213196-to-release-22.11 chn:backport-212206-to-release-22.11 chn:llvm15-wip chn:plasma-5.27 chn:backport-209550-to-release-22.11 chn:uri-canva-patch-1 chn:backport-209919-to-release-22.11 chn:pr/dask-awkward chn:qt-5.15.8 chn:backport-209022-to-release-22.11 chn:staging-22.05 chn:staging-next-22.05 chn:garage-multiple-versions chn:domenkozar-patch-1 chn:backport-199069-to-release-22.11 chn:auto-update/python3.10-autofaiss chn:pixelfed-module chn:simplified-qemu-boot-disks chn:backport-205765-to-release-22.11 chn:qemu-smm chn:backport-206912-to-release-22.11 chn:backport-205900-to-release-22.11 chn:backport-201949-to-release-22.11 chn:backport-203874-to-release-22.11 chn:backport-201203-to-release-22.11 chn:backport-140890-to-release-22.11 chn:upvote-convention chn:backport-189935-to-release-22.11 chn:backport-202314-to-release-22.11 chn:backport-202767-to-release-22.11 chn:backport-201875-to-release-22.11 chn:ibus-no-force-gtk-im chn:wip/jtojnar/account-service-util-nogui chn:pr/xrootd_rpath chn:clipboard-inspector chn:upd8n chn:kpackage-fix chn:balsoft/nuitka-update-1.1.5 chn:python-test-refactoring-baseline chn:direnv-module chn:emacs-manual-remove-absolute-paths chn:staging-python chn:nixos-21.05 chn:nixos-21.05-aarch64 chn:nixos-21.05-small chn:nixpkgs-21.05-darwin chn:release-21.05 chn:nixos-21.11 chn:nixos-21.11-aarch64 chn:nixos-21.11-small chn:nixpkgs-21.11-darwin chn:staging-21.11 chn:staging-next-21.11 chn:nixos-test-staging chn:nixos-test-staging-baseline chn:miniaudicle-gcc-10 chn:mkcue-gcc10 chn:staging-21.05 chn:staging-next-21.05 chn:release-19.03 chn:release-19.09 chn:release-20.03 chn:nixos-20.09-small chn:nixpkgs-20.09-darwin chn:release-20.09 chn:grahamc-patch-3 chn:rpi-cm4-support chn:grahamc-patch-2 chn:ghcHEAD-update chn:default-parameters chn:init-ueforth chn:mmahut/prometheus-nginx-exporter chn:nixos-20.09 chn:staging-20.09 chn:nixos-20.09-aarch64 chn:grahamc-patch-1 chn:structured-attrs chn:nixos-20.03 chn:nixos-20.03-small chn:nixpkgs-20.03-darwin chn:staging-20.03 chn:systemd-lib-reintroduce chn:nixos-19.09 chn:nixos-19.09-small chn:nixpkgs-19.09-darwin chn:gnome-20.03 chn:staging-patchelf chn:staging-19.09 chn:release-18.03 chn:release-18.09 chn:nixos-19.03 chn:nixos-19.03-small chn:nixpkgs-19.03-darwin chn:staging-19.03 chn:nixpkgs-18.09-darwin chn:kevincox-openarena-server chn:nixos-18.09 chn:nixos-18.09-small chn:staging-18.09 chn:release-17.09 chn:release-18.09-firefox64 chn:staging-18.03 chn:docs-all-packages chn:unstable-aarch64 chn:release-17.03 chn:release-16.09 chn:release-15.09 chn:release-16.03 chn:nixpart chn:release-14.12 chn:release-14.04 chn:release-13.10 chn:staging.patchShebangs chn:0.5-stable
chn:22.11 chn:23.05-pre chn:22.11-beta chn:22.05 chn:22.05-beta chn:21.11 chn:22.05-pre chn:21.11-beta chn:21.05 chn:21.11-pre chn:21.05-beta chn:20.09 chn:20.09-beta chn:20.09-alpha chn:20.03 chn:20.03-beta chn:19.09 chn:19.09-beta chn:19.03 chn:19.03-beta chn:18.09 chn:18.09-beta chn:18.03 chn:18.03-beta chn:17.09 chn:17.09-beta chn:17.03 chn:17.03-beta chn:16.09 chn:16.09-beta chn:black@2016-09-01 chn:black@2016-08-31 chn:black@2016-06-02 chn:black@2016-05-13 chn:release-16.03-start chn:16.03 chn:16.03-beta chn:v208 chn:v206 chn:15.09-beta chn:15.09 chn:v192 chn:last-glibc-2.13 chn:binary chn:0.14 chn:backups/stdenv-updates@34093 chn:backups/kmod-no-lib-modules@34172 chn:backups/glib-2.30-take2@33502 chn:backups/kmod-MODULE_DIR@33576 chn:backups/stdenv-updates@32824 chn:backups/libpng15@32782 chn:backups/glib-2.30@32938 chn:backups/darwin-without-xcode@34172 chn:backups/drop-kde4.5@30929 chn:backups/multiple-outputs-sandbox@34172 chn:backups/pure-python@34174 chn:backups/darwin-updates@34176 chn:backups/udev-173@28837 chn:backups/kde-4.7@34170 chn:backups/stdenv-ada@26758 chn:backups/modular-python@26697 chn:backups/x-updates@26704 chn:backups/cve-2010-3856@34170 chn:backups/stdenv-bootstrap-20100825@23426 chn:backups/parallel-building-merger@34171 chn:backups/x-updates@22736 chn:backups/multitask-builds@34175 chn:backups/mass-update-01@31456 chn:backups/stdenv-updates@19858 chn:0.13 chn:backups/kernel-config@19023 chn:backups/x86_64-darwin@34171 chn:backups/stdenv-updates2@18282 chn:backups/stdenv-updates2@18273 chn:backups/stdenv-updates@18281 chn:backups/xorg-7.5@18179 chn:backups/armv5tel-linux@18007 chn:backups/stdenv-updates@15332 chn:backups/0.12-release@15293 chn:0.12 chn:backups/stdenv-updates@12144 chn:backups/stdenv-updates-merge@10849 chn:backups/master@10848 chn:backups/stdenv-updates@10965 chn:backups/0.11-release@9315 chn:0.11 chn:0.10 chn:backups/0.10-release@6725 chn:backups/usability@34170 chn:0.9 chn:backups/0.9-release@4651 chn:0.8 chn:backups/0.8-release@2530 chn:0.7 chn:backups/0.7-release@2398 chn:backups/one-click@2549 chn:backups/nixos-pkgs@34170 chn:backups/0.6-release@1775 chn:0.6 chn:backups/martin2@34171 chn:backups/0.5.1-release@996 chn:0.5.1 chn:backups/0.5-stable@34171 chn:0.5 chn:backups/0.5-release@989 chn:backups/martin@828 chn:0.4 chn:backups/logistics@34171 chn:0.3 chn:0.2 chn:backups/freebsd-losser@34171 chn:0.1 chn:backups/master@59

2 Commits
next ... add-gitlfs

Author SHA1 Message Date
chn
2d3658130b nixos/git: add lsf.enablePureSSHTransfer 2024-11-03 12:39:02 +08:00
chn
539e4e2733 git-lfs-transfer: init at unstable-2024-10-07 
Co-authored-by: Loïc Reynier <88983487+loicreynier@users.noreply.github.com>
Co-authored-by: Arne Keller <2012gdwu+github@posteo.de>
Co-authored-by: Aleksana <alexander.huang.y@gmail.com>
 2024-11-03 12:38:53 +08:00
19172 changed files with 387099 additions and 446842 deletions
Expand all files Collapse all files

17
.git-blame-ignore-revs
View File

@@ -40,9 +40,6 @@ d1c1a0c656ccd8bd3b25d3c4287f2d075faf3cf3
# fix indentation in meteor default.nix
a37a6de881ec4c6708e6b88fd16256bbc7f26bbd
# pkgs/stdenv/make-derivation: Reindent
b4cc2a2479a7ab0f6440b2e1319221920ef72699
# treewide: automatically md-convert option descriptions
2e751c0772b9d48ff6923569adfa661b030ab6a2
@@ -192,17 +189,3 @@ ce21e97a1f20dee15da85c084f9d1148d84f853b
# percona: apply nixfmt
8d14fa2886fec877690c6d28cfcdba4503dbbcea
# nixos/virtualisation: format image-related files
# Original formatting commit that was reverted
04fadac429ca7d6b92025188652376c230205730
# Revert commit
4cec81a9959ce612b653860dcca53101a36f328a
# Final commit that does the formatting
88b285c01d84de82c0b2b052fd28eaf6709c2d26
# sqlc: format with nixfmt
2bdec131b2bb2c8563f4556d741d34ccb77409e2
# treewide: migrate packages to pkgs/by-name, take 1
571c71e6f73af34a229414f51585738894211408

4
.github/CODEOWNERS vendored Normal file
View File

@@ -0,0 +1,4 @@
# Use ci/OWNERS instead
#
# This file would be for the native code owner feature of GitHub,
# but is not being used because of its problems, see ci/OWNERS

2
.github/ISSUE_TEMPLATE.md vendored
View File

@@ -8,4 +8,4 @@
## Technical details
<!-- Please insert the output of running `nix-shell -p nix-info --run "nix-info -m"` below this line -->
Please run `nix-shell -p nix-info --run "nix-info -m"` and paste the result.

38
.github/ISSUE_TEMPLATE/bug_report.md vendored
View File

@@ -7,44 +7,38 @@ assignees: ''
---
## Describe the bug
<!-- A clear and concise description of what the bug is. -->
## Steps To Reproduce
### Describe the bug
A clear and concise description of what the bug is.
### Steps To Reproduce
Steps to reproduce the behavior:
1. ...
2. ...
3. ...
## Expected behavior
### Expected behavior
A clear and concise description of what you expected to happen.
<!-- A clear and concise description of what you expected to happen. -->
### Screenshots
If applicable, add screenshots to help explain your problem.
## Screenshots
### Additional context
Add any other context about the problem here.
<!-- If applicable, add screenshots to help explain your problem: -->
## Additional context
<!-- Add any other context about the problem here. -->
## Metadata
<!-- Please insert the output of running `nix-shell -p nix-info --run "nix-info -m"` below this line -->
## Notify maintainers
### Notify maintainers
<!--
Please @ people who are in the `meta.maintainers` list of the offending package or module.
If in doubt, check `git blame` for whoever last touched something.
-->
---
### Metadata
Please run `nix-shell -p nix-info --run "nix-info -m"` and paste the result.
Note for maintainers: Please tag this issue in your PR.
```console
[user@system:~]$ nix-shell -p nix-info --run "nix-info -m"
output here
```
---

33
.github/ISSUE_TEMPLATE/build_failure.md vendored
View File

@@ -7,43 +7,36 @@ assignees: ''
---
## Steps To Reproduce
### Steps To Reproduce
Steps to reproduce the behavior:
1. build *X*
## Build log
<!-- insert build log in code block in collapsable section -->
<details>
<summary>Build Log</summary>
### Build log
```
log here if short otherwise a link to a gist
```
</details>
### Additional context
## Additional context
Add any other context about the problem here.
<!-- Add any other context about the problem here. -->
## Metadata
<!-- Please insert the output of running `nix-shell -p nix-info --run "nix-info -m"` below this line -->
## Notify maintainers
### Notify maintainers
<!--
Please @ people who are in the `meta.maintainers` list of the offending package or module.
If in doubt, check `git blame` for whoever last touched something.
-->
---
### Metadata
Note for maintainers: Please tag this issue in your PR.
Please run `nix-shell -p nix-info --run "nix-info -m"` and paste the result.
```console
[user@system:~]$ nix-shell -p nix-info --run "nix-info -m"
output here
```
---

15
.github/ISSUE_TEMPLATE/missing_documentation.md vendored
View File

@@ -23,9 +23,12 @@ assignees: ''
- [ ] checked [open documentation issues] for possible duplicates
- [ ] checked [open documentation pull requests] for possible solutions
---
Note for maintainers: Please tag this issue in your PR.
[latest Nixpkgs manual]: https://nixos.org/manual/nixpkgs/unstable/
[latest NixOS manual]: https://nixos.org/manual/nixos/unstable/
[nixpkgs-source]: https://github.com/NixOS/nixpkgs/tree/master/doc
[nixos-source]: https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual
[open documentation issues]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+label%3A%229.needs%3A+documentation%22
[open documentation pull requests]: https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+is%3Apr+label%3A%228.has%3A+documentation%22%2C%226.topic%3A+documentation%22
---
@@ -33,9 +36,3 @@ Add a :+1: [reaction] to [issues you find important].
[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/
[issues you find important]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc
[latest Nixpkgs manual]: https://nixos.org/manual/nixpkgs/unstable/
[latest NixOS manual]: https://nixos.org/manual/nixos/unstable/
[nixpkgs-source]: https://github.com/NixOS/nixpkgs/tree/master/doc
[nixos-source]: https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual
[open documentation issues]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+label%3A%229.needs%3A+documentation%22
[open documentation pull requests]: https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+is%3Apr+label%3A%228.has%3A+documentation%22%2C%226.topic%3A+documentation%22

27
.github/ISSUE_TEMPLATE/module_request.md vendored
View File

@@ -1,27 +0,0 @@
---
name: Module requests
about: For NixOS modules that you would like to see
title: 'Module request: MODULENAME'
labels: '9.needs: module (new)'
assignees: ''
---
## Description
<!-- Describe what the module should accomplish: -->
## Notify maintainers
<!-- If applicable, tag the maintainers of the package that corresponds to the module. If the search.nixos.org result shows no maintainers, tag the person that last updated the package. -->
-----
Note for maintainers: Please tag this issue in your PR.
---
Add a :+1: [reaction] to [issues you find important].
[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/
[issues you find important]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc

13
.github/ISSUE_TEMPLATE/out_of_date_package_report.md vendored
View File

@@ -7,30 +7,23 @@ assignees: ''
---
## Package Information
<!-- Search for the package here: https://search.nixos.org/packages?channel=unstable -->
- Package name:
- Latest released version:
<!-- Search your package here: https://search.nixos.org/packages?channel=unstable -->
- Current version on the unstable channel:
- Current version on the stable/release channel:
## Checklist
<!--
Type the name of your package and try to find an open pull request for the package
If you find an open pull request, you can review it!
There's a high chance that you'll have the new version right away while helping the community!
-->
- [ ] Checked the [nixpkgs pull requests](https://github.com/NixOS/nixpkgs/pulls)
## Notify maintainers
**Notify maintainers**
<!-- If the search.nixos.org result shows no maintainers, tag the person that last updated the package. -->
---
-----
Note for maintainers: Please tag this issue in your PR.

8
.github/ISSUE_TEMPLATE/packaging_request.md vendored
View File

@@ -7,11 +7,11 @@ assignees: ''
---
## Project description
**Project description**
<!-- Describe the project a little: -->
## Metadata
**Metadata**
* homepage URL:
* source URL:
@@ -20,10 +20,6 @@ assignees: ''
---
Note for maintainers: Please tag this issue in your PR.
---
Add a :+1: [reaction] to [issues you find important].
[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/

24
.github/ISSUE_TEMPLATE/unreproducible_package.md vendored
View File

@@ -31,12 +31,12 @@ Fixing bit-by-bit reproducibility also has additional advantages, such as
avoiding hard-to-reproduce bugs, making content-addressed storage more effective
and reducing rebuilds in such systems.
## Steps To Reproduce
### Steps To Reproduce
In the following steps, replace `<package>` with the canonical name of the
package.
### 1. Build the package
#### 1. Build the package
This step will build the package. Specific arguments are passed to the command
to keep the build artifacts so we can compare them in case of differences.
@@ -53,7 +53,7 @@ Or using the new command line style:
nix build nixpkgs#<package> && nix build nixpkgs#<package> --rebuild --keep-failed
```
### 2. Compare the build artifacts
#### 2. Compare the build artifacts
If the previous command completes successfully, no differences were found and
there's nothing to do, builds are reproducible.
@@ -67,7 +67,7 @@ metadata (*e.g. timestamp*) differences.
nix run nixpkgs#diffoscopeMinimal -- --exclude-directory-metadata recursive <Y> <Z>
```
### 3. Examine the build log
#### 3. Examine the build log
To examine the build log, use:
@@ -81,20 +81,10 @@ Or with the new command line style:
nix log $(nix path-info --derivation nixpkgs#<package>)
```
## Additional context
### Additional context
(please share the relevant fragment of the diffoscope output here, and any additional analysis you may have done)
## Notify maintainers
<!--
Please @ people who are in the `meta.maintainers` list of the offending package or module.
If in doubt, check `git blame` for whoever last touched something.
-->
---
Note for maintainers: Please tag this issue in your PR.
(please share the relevant fragment of the diffoscope output here, and any
additional analysis you may have done)
---

142
.github/labeler.yml vendored
View File

@@ -1,4 +1,3 @@
# NOTE: bsd, darwin and cross-compilation labels are handled by ofborg
"6.topic: agda":
- any:
- changed-files:
@@ -22,47 +21,6 @@
- pkgs/by-name/ne/nemo/**/*
- pkgs/by-name/ne/nemo-*/**/*
"6.topic: continuous integration":
- any:
- changed-files:
- any-glob-to-any-file:
- .github/**/*
- ci/**/*
"6.topic: coq":
- any:
- changed-files:
- any-glob-to-any-file:
- pkgs/applications/science/logic/coq/**/*
- pkgs/development/coq-modules/**/*
- pkgs/top-level/coq-packages.nix
"6.topic: crystal":
- any:
- changed-files:
- any-glob-to-any-file:
- pkgs/development/compilers/crystal/**/*
"6.topic: cuda":
- any:
- changed-files:
- any-glob-to-any-file:
- pkgs/development/cuda-modules/**/*
- pkgs/top-level/cuda-packages.nix
"6.topic: deepin":
- any:
- changed-files:
- any-glob-to-any-file:
- nixos/modules/services/desktops/deepin/**/*
- pkgs/desktops/deepin/**/*
"6.topic: docker tools":
- any:
- changed-files:
- any-glob-to-any-file:
- pkgs/applications/virtualization/docker/**/*
"6.topic: dotnet":
- any:
- changed-files:
@@ -128,12 +86,6 @@
- pkgs/build-support/flutter/*.nix
- pkgs/development/compilers/flutter/**/*.nix
"6.topic: games":
- any:
- changed-files:
- any-glob-to-any-file:
- pkgs/games/**/*
"6.topic: GNOME":
- any:
- changed-files:
@@ -153,12 +105,6 @@
- pkgs/build-support/go/**/*
- pkgs/development/compilers/go/**/*
"6.topic: hardware":
- any:
- changed-files:
- any-glob-to-any-file:
- nixos/modules/hardware/**/*
"6.topic: haskell":
- any:
- changed-files:
@@ -172,28 +118,6 @@
- pkgs/top-level/haskell-packages.nix
- pkgs/top-level/release-haskell.nix
"6.topic: java":
- any:
- changed-files:
- any-glob-to-any-file:
- nixos/modules/programs/java.nix
- pkgs/development/compilers/graalvm/**/*
- pkgs/development/compilers/openjdk/**/*
- pkgs/development/compilers/temurin-bin/**/*
- pkgs/development/compilers/zulu/**/*
- pkgs/development/java-modules/**/*
- pkgs/top-level/java-packages.nix
"6.topic: jitsi":
- any:
- changed-files:
- any-glob-to-any-file:
- nixos/modules/services/networking/jitsi-videobridge.nix
- nixos/modules/services/web-apps/jitsi-meet.nix
- pkgs/servers/web-apps/jitsi-meet/**/*
- pkgs/servers/jitsi-videobridge/**/*
- pkgs/applications/networking/instant-messengers/jitsi/**/*
"6.topic: julia":
- any:
- changed-files:
@@ -281,35 +205,21 @@
- lib/tests/modules.sh
- lib/tests/modules/**
"6.topic: musl":
- any:
- changed-files:
- any-glob-to-any-file:
- pkgs/os-specific/linux/musl/**/*
"6.topic: nixos":
- any:
- changed-files:
- any-glob-to-any-file:
- nixos/**/*
- pkgs/by-name/sw/switch-to-configuration-ng/**/*
- pkgs/os-specific/linux/nixos-rebuild/**/*
"6.topic: nixos-container":
- any:
- changed-files:
- any-glob-to-any-file:
- nixos/modules/virtualisation/nixos-containers.nix
- pkgs/tools/virtualization/nixos-container/**/*
"6.topic: nim":
- any:
- changed-files:
- any-glob-to-any-file:
- doc/languages-frameworks/nim.section.md
- pkgs/build-support/build-nim-package.nix
- pkgs/by-name/ni/nim*
- pkgs/top-level/nim-overrides.nix
- pkgs/development/compilers/nim/*
- pkgs/development/nim-packages/**/*
- pkgs/top-level/nim-packages.nix
"6.topic: nodejs":
- any:
@@ -323,15 +233,6 @@
- pkgs/development/tools/pnpm/**/*
- pkgs/development/web/nodejs/*
"6.topic: nvidia":
- any:
- changed-files:
- any-glob-to-any-file:
- nixos/modules/hardware/video/nvidia.nix
- nixos/modules/services/hardware/nvidia-container-toolkit/**/*
- nixos/modules/services/hardware/nvidia-optimus.nix
- pkgs/os-specific/linux/nvidia-x11/**/*
"6.topic: ocaml":
- any:
- changed-files:
@@ -358,9 +259,8 @@
- changed-files:
- any-glob-to-any-file:
- doc/languages-frameworks/php.section.md
- nixos/tests/php/**/*
- pkgs/build-support/php/**/*
- pkgs/development/interpreters/php/**/*
- pkgs/development/interpreters/php/*
- pkgs/development/php-packages/**/*
- pkgs/test/php/default.nix
- pkgs/top-level/php-packages.nix
@@ -405,19 +305,6 @@
- pkgs/development/libraries/kde-frameworks/**/*
- pkgs/development/libraries/qt-5/**/*
"6.topic: R":
- any:
- changed-files:
- any-glob-to-any-file:
- pkgs/applications/science/math/R/**/*
- pkgs/development/r-modules/**/*
"6.topic: rocm":
- any:
- changed-files:
- any-glob-to-any-file:
- pkgs/development/rocm-modules/**/*
"6.topic: ruby":
- any:
- changed-files:
@@ -453,15 +340,6 @@
- pkgs/os-specific/linux/systemd/**/*
- nixos/modules/system/boot/systemd*/**/*
"6.topic: tcl":
- any:
- changed-files:
- any-glob-to-any-file:
- doc/languages-frameworks/tcl.section.md
- pkgs/development/interpreters/tcl/*
- pkgs/development/tcl-modules/**/*
- pkgs/top-level/tcl-packages.nix
"6.topic: TeX":
- any:
- changed-files:
@@ -486,12 +364,6 @@
- nixos/tests/make-test-python.nix # legacy
# lib/debug.nix has a test framework (runTests) but it's not the main focus
"6.topic: updaters":
- any:
- changed-files:
- any-glob-to-any-file:
- pkgs/common-updater/**/*
"6.topic: vim":
- any:
- changed-files:
@@ -508,12 +380,6 @@
- any-glob-to-any-file:
- pkgs/applications/editors/vscode/**/*
"6.topic: windows":
- any:
- changed-files:
- any-glob-to-any-file:
- pkgs/os-specific/windows/**/*
"6.topic: xen-project":
- any:
- changed-files:

17
.github/workflows/backport.yml vendored
View File

@@ -8,31 +8,26 @@ on:
# the GitHub repository. This means that it should not evaluate user input in a
# way that allows code injection.
permissions: {}
permissions:
contents: read
jobs:
backport:
permissions:
contents: write # for korthout/backport-action to create branch
pull-requests: write # for korthout/backport-action to create PR to backport
name: Backport Pull Request
if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name))
runs-on: ubuntu-latest
steps:
# Use a GitHub App to create the PR so that CI gets triggered
# The App is scoped to Repository > Contents and Pull Requests: write for Nixpkgs
- uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
id: app-token
with:
app-id: ${{ vars.BACKPORT_APP_ID }}
private-key: ${{ secrets.BACKPORT_PRIVATE_KEY }}
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
ref: ${{ github.event.pull_request.head.sha }}
token: ${{ steps.app-token.outputs.token }}
- name: Create backport PRs
uses: korthout/backport-action@bd410d37cdcae80be6d969823ff5a225fe5c833f # v3.0.2
with:
# Config README: https://github.com/korthout/backport-action#backport-action
copy_labels_pattern: 'severity:\ssecurity'
github_token: ${{ steps.app-token.outputs.token }}
pull_description: |-
Bot-based backport to `${target_branch}`, triggered by a label in #${pull_number}.

3
.github/workflows/basic-eval.yml vendored
View File

@@ -19,13 +19,12 @@ jobs:
runs-on: ubuntu-latest
# we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
with:
# This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
name: nixpkgs-ci
signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
- run: nix --experimental-features 'nix-command flakes' flake check --all-systems --no-build
# explicit list of supportedSystems is needed until aarch64-darwin becomes part of the trunk jobset
- run: nix-build pkgs/top-level/release.nix -A release-checks --arg supportedSystems '[ "aarch64-darwin" "aarch64-linux" "x86_64-linux" "x86_64-darwin" ]'

2
.github/workflows/check-cherry-picks.yml vendored
View File

@@ -14,7 +14,7 @@ jobs:
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0
filter: blob:none

2
.github/workflows/check-maintainers-sorted.yaml vendored
View File

@@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge

3
.github/workflows/check-nix-format.yml vendored
View File

@@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest
if: "!contains(github.event.pull_request.title, '[skip treewide]')"
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
@@ -85,7 +85,6 @@ jobs:
echo "Some new/changed Nix files are not properly formatted"
echo "Please go to the Nixpkgs root directory, run \`nix-shell\`, then:"
echo "nixfmt ${unformattedFiles[*]@Q}"
echo "Make sure your branch is up to date with master, rebase if not."
echo "If you're having trouble, please ping @NixOS/nix-formatting"
exit 1
fi

2
.github/workflows/check-nixf-tidy.yml vendored
View File

@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
if: "!contains(github.event.pull_request.title, '[skip treewide]')"
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge

4
.github/workflows/check-shell.yml vendored
View File

@@ -10,7 +10,7 @@ jobs:
name: shell-check-x86_64-linux
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
@@ -22,7 +22,7 @@ jobs:
name: shell-check-aarch64-darwin
runs-on: macos-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge

104
.github/workflows/codeowners-v2.yml vendored
View File

@@ -1,104 +0,0 @@
name: Codeowners v2
# This workflow depends on two GitHub Apps with the following permissions:
# - For checking code owners:
# - Permissions:
# - Repository > Administration: read-only
# - Organization > Members: read-only
# - Install App on this repository, setting these variables:
# - OWNER_RO_APP_ID (variable)
# - OWNER_RO_APP_PRIVATE_KEY (secret)
# - For requesting code owners:
# - Permissions:
# - Repository > Administration: read-only
# - Organization > Members: read-only
# - Repository > Pull Requests: read-write
# - Install App on this repository, setting these variables:
# - OWNER_APP_ID (variable)
# - OWNER_APP_PRIVATE_KEY (secret)
#
# This split is done because checking code owners requires handling untrusted PR input,
# while requesting code owners requires PR write access, and those shouldn't be mixed.
on:
pull_request_target:
types: [opened, ready_for_review, synchronize, reopened, edited]
# We don't need any default GitHub token
permissions: {}
env:
OWNERS_FILE: ci/OWNERS
# Don't do anything on draft PRs
DRY_MODE: ${{ github.event.pull_request.draft && '1' || '' }}
jobs:
# Check that code owners is valid
check:
name: Check
runs-on: ubuntu-latest
steps:
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
if: github.repository_owner == 'NixOS'
with:
# This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
name: nixpkgs-ci
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
# Important: Because we use pull_request_target, this checks out the base branch of the PR, not the PR itself.
# We later build and run code from the base branch with access to secrets,
# so it's important this is not the PRs code.
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
path: base
- name: Build codeowners validator
run: nix-build base/ci -A codeownersValidator
- uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
id: app-token
with:
app-id: ${{ vars.OWNER_RO_APP_ID }}
private-key: ${{ secrets.OWNER_RO_APP_PRIVATE_KEY }}
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: refs/pull/${{ github.event.number }}/merge
path: pr
- name: Validate codeowners
run: result/bin/codeowners-validator
env:
OWNERS_FILE: pr/${{ env.OWNERS_FILE }}
GITHUB_ACCESS_TOKEN: ${{ steps.app-token.outputs.token }}
REPOSITORY_PATH: pr
OWNER_CHECKER_REPOSITORY: ${{ github.repository }}
# Set this to "notowned,avoid-shadowing" to check that all files are owned by somebody
EXPERIMENTAL_CHECKS: "avoid-shadowing"
# Request reviews from code owners
request:
name: Request
runs-on: ubuntu-latest
steps:
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
# Important: Because we use pull_request_target, this checks out the base branch of the PR, not the PR head.
# This is intentional, because we need to request the review of owners as declared in the base branch.
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
id: app-token
with:
app-id: ${{ vars.OWNER_APP_ID }}
private-key: ${{ secrets.OWNER_APP_PRIVATE_KEY }}
- name: Build review request package
run: nix-build ci -A requestReviews
- name: Request reviews
run: result/bin/request-reviews.sh ${{ github.repository }} ${{ github.event.number }} "$OWNERS_FILE"
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}

89
.github/workflows/codeowners.yml vendored Normal file
View File

@@ -0,0 +1,89 @@
name: Codeowners
# This workflow depends on a GitHub App with the following permissions:
# - Repository > Administration: read-only
# - Organization > Members: read-only
# - Repository > Pull Requests: read-write
# The App needs to be installed on this repository
# the OWNER_APP_ID repository variable needs to be set
# the OWNER_APP_PRIVATE_KEY repository secret needs to be set
on:
pull_request_target:
types: [opened, ready_for_review, synchronize, reopened, edited]
env:
OWNERS_FILE: ci/OWNERS
# Don't do anything on draft PRs
DRY_MODE: ${{ github.event.pull_request.draft && '1' || '' }}
jobs:
# Check that code owners is valid
check:
name: Check
runs-on: ubuntu-latest
steps:
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
if: github.repository_owner == 'NixOS'
with:
# This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
name: nixpkgs-ci
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
# Important: Because we use pull_request_target, this checks out the base branch of the PR, not the PR itself.
# We later build and run code from the base branch with access to secrets,
# so it's important this is not the PRs code.
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
path: base
- name: Build codeowners validator
run: nix-build base/ci -A codeownersValidator
- uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
id: app-token
with:
app-id: ${{ vars.OWNER_APP_ID }}
private-key: ${{ secrets.OWNER_APP_PRIVATE_KEY }}
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
ref: refs/pull/${{ github.event.number }}/merge
path: pr
- name: Validate codeowners
run: result/bin/codeowners-validator
env:
OWNERS_FILE: pr/${{ env.OWNERS_FILE }}
GITHUB_ACCESS_TOKEN: ${{ steps.app-token.outputs.token }}
REPOSITORY_PATH: pr
OWNER_CHECKER_REPOSITORY: ${{ github.repository }}
# Set this to "notowned,avoid-shadowing" to check that all files are owned by somebody
EXPERIMENTAL_CHECKS: "avoid-shadowing"
# Request reviews from code owners
request:
name: Request
runs-on: ubuntu-latest
steps:
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
# Important: Because we use pull_request_target, this checks out the base branch of the PR, not the PR head.
# This is intentional, because we need to request the review of owners as declared in the base branch.
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
id: app-token
with:
app-id: ${{ vars.OWNER_APP_ID }}
private-key: ${{ secrets.OWNER_APP_PRIVATE_KEY }}
- name: Build review request package
run: nix-build ci -A requestReviews
- name: Request reviews
run: result/bin/request-reviews.sh ${{ github.repository }} ${{ github.event.number }} "$OWNERS_FILE"
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}

44
.github/workflows/editorconfig-v2.yml vendored
View File

@@ -1,44 +0,0 @@
name: "Checking EditorConfig v2"
permissions:
pull-requests: read
contents: read
on:
# avoids approving first time contributors
pull_request_target:
branches-ignore:
- 'release-**'
jobs:
tests:
name: editorconfig-check
runs-on: ubuntu-latest
if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
steps:
- name: Get list of changed files from PR
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh api \
repos/NixOS/nixpkgs/pulls/${{github.event.number}}/files --paginate \
| jq '.[] | select(.status != "removed") | .filename' \
> "$HOME/changed_files"
- name: print list of changed files
run: |
cat "$HOME/changed_files"
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:
# nixpkgs commit is pinned so that it doesn't break
# editorconfig-checker 2.4.0
nix_path: nixpkgs=https://github.com/NixOS/nixpkgs/archive/c473cc8714710179df205b153f4e9fa007107ff9.tar.gz
- name: Checking EditorConfig
run: |
cat "$HOME/changed_files" | nix-shell -p editorconfig-checker --run 'xargs -r editorconfig-checker -disable-indent-size'
- if: ${{ failure() }}
run: |
echo "::error :: Hey! It looks like your changes don't follow our editorconfig settings. Read https://editorconfig.org/#download to configure your editor so you never see this error again."

42
.github/workflows/editorconfig.yml vendored Normal file
View File

@@ -0,0 +1,42 @@
name: "Checking EditorConfig"
permissions: read-all
on:
# avoids approving first time contributors
pull_request_target:
branches-ignore:
- 'release-**'
jobs:
tests:
name: editorconfig-check
runs-on: ubuntu-latest
if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
steps:
- name: Get list of changed files from PR
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh api \
repos/NixOS/nixpkgs/pulls/${{github.event.number}}/files --paginate \
| jq '.[] | select(.status != "removed") | .filename' \
> "$HOME/changed_files"
- name: print list of changed files
run: |
cat "$HOME/changed_files"
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:
# nixpkgs commit is pinned so that it doesn't break
# editorconfig-checker 2.4.0
nix_path: nixpkgs=https://github.com/NixOS/nixpkgs/archive/c473cc8714710179df205b153f4e9fa007107ff9.tar.gz
- name: Checking EditorConfig
run: |
cat "$HOME/changed_files" | nix-shell -p editorconfig-checker --run 'xargs -r editorconfig-checker -disable-indent-size'
- if: ${{ failure() }}
run: |
echo "::error :: Hey! It looks like your changes don't follow our editorconfig settings. Read https://editorconfig.org/#download to configure your editor so you never see this error again."

30
.github/workflows/eval-lib-tests.yml vendored
View File

@@ -1,30 +0,0 @@
name: "Building Nixpkgs lib-tests"
permissions:
contents: read
on:
pull_request_target:
paths:
- 'lib/**'
jobs:
get-merge-commit:
uses: ./.github/workflows/get-merge-commit.yml
nixpkgs-lib-tests:
name: nixpkgs-lib-tests
runs-on: ubuntu-latest
needs: get-merge-commit
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
if: needs.get-merge-commit.outputs.mergedSha
with:
# pull_request_target checks out the base branch by default
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:
# explicitly enable sandbox
extra_nix_config: sandbox = true
- name: Building Nixpkgs lib-tests
run: |
nix-build --arg pkgs "(import ./ci/. {}).pkgs" ./lib/tests/release.nix

284
.github/workflows/eval.yml vendored
View File

@@ -1,284 +0,0 @@
name: Eval
on:
pull_request_target:
push:
# Keep this synced with ci/request-reviews/dev-branches.txt
branches:
- master
- staging
- release-*
- staging-*
- haskell-updates
- python-updates
permissions:
contents: read
jobs:
get-merge-commit:
uses: ./.github/workflows/get-merge-commit.yml
attrs:
name: Attributes
runs-on: ubuntu-latest
needs: get-merge-commit
outputs:
mergedSha: ${{ needs.get-merge-commit.outputs.mergedSha }}
baseSha: ${{ steps.baseSha.outputs.baseSha }}
systems: ${{ steps.systems.outputs.systems }}
steps:
- name: Check out the PR at the test merge commit
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
# Add this to _all_ subsequent steps to skip them
if: needs.get-merge-commit.outputs.mergedSha
with:
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
fetch-depth: 2
path: nixpkgs
- name: Determine base commit
if: github.event_name == 'pull_request_target' && needs.get-merge-commit.outputs.mergedSha
id: baseSha
run: |
baseSha=$(git -C nixpkgs rev-parse HEAD^1)
echo "baseSha=$baseSha" >> "$GITHUB_OUTPUT"
- name: Install Nix
uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
if: needs.get-merge-commit.outputs.mergedSha
- name: Evaluate the list of all attributes and get the systems matrix
id: systems
if: needs.get-merge-commit.outputs.mergedSha
run: |
nix-build nixpkgs/ci -A eval.attrpathsSuperset
echo "systems=$(<result/systems.json)" >> "$GITHUB_OUTPUT"
- name: Upload the list of all attributes
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if: needs.get-merge-commit.outputs.mergedSha
with:
name: paths
path: result/*
eval-aliases:
name: Eval nixpkgs with aliases enabled
runs-on: ubuntu-latest
needs: attrs
steps:
- name: Check out the PR at the test merge commit
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.attrs.outputs.mergedSha }}
path: nixpkgs
- name: Install Nix
uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- name: Query nixpkgs with aliases enabled to check for basic syntax errors
run: |
time nix-env -I ./nixpkgs -f ./nixpkgs -qa '*' --option restrict-eval true --option allow-import-from-derivation false >/dev/null
outpaths:
name: Outpaths
runs-on: ubuntu-latest
needs: attrs
# Skip this and future steps if the PR can't be merged
if: needs.attrs.outputs.mergedSha
strategy:
matrix:
system: ${{ fromJSON(needs.attrs.outputs.systems) }}
steps:
- name: Download the list of all attributes
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: paths
path: paths
- name: Check out the PR at the test merge commit
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.attrs.outputs.mergedSha }}
path: nixpkgs
- name: Install Nix
uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- name: Evaluate the ${{ matrix.system }} output paths for all derivation attributes
env:
MATRIX_SYSTEM: ${{ matrix.system }}
run: |
nix-build nixpkgs/ci -A eval.singleSystem \
--argstr evalSystem "$MATRIX_SYSTEM" \
--arg attrpathFile ./paths/paths.json \
--arg chunkSize 10000
# If it uses too much memory, slightly decrease chunkSize
- name: Upload the output paths and eval stats
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if: needs.attrs.outputs.mergedSha
with:
name: intermediate-${{ matrix.system }}
path: result/*
process:
name: Process
runs-on: ubuntu-latest
needs: [ outpaths, attrs ]
outputs:
baseRunId: ${{ steps.baseRunId.outputs.baseRunId }}
steps:
- name: Download output paths and eval stats for all systems
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
pattern: intermediate-*
path: intermediate
- name: Check out the PR at the test merge commit
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.attrs.outputs.mergedSha }}
path: nixpkgs
- name: Install Nix
uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
- name: Combine all output paths and eval stats
run: |
nix-build nixpkgs/ci -A eval.combine \
--arg resultsDir ./intermediate \
-o prResult
- name: Upload the combined results
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: result
path: prResult/*
- name: Get base run id
if: needs.attrs.outputs.baseSha
id: baseRunId
run: |
# Get the latest eval.yml workflow run for the PR's base commit
if ! run=$(gh api --method GET /repos/"$REPOSITORY"/actions/workflows/eval.yml/runs \
-f head_sha="$BASE_SHA" -f event=push \
--jq '.workflow_runs | sort_by(.run_started_at) | .[-1]') \
|| [[ -z "$run" ]]; then
echo "Could not find an eval.yml workflow run for $BASE_SHA, cannot make comparison"
exit 0
fi
echo "Comparing against $(jq .html_url <<< "$run")"
runId=$(jq .id <<< "$run")
conclusion=$(jq -r .conclusion <<< "$run")
while [[ "$conclusion" == null ]]; do
echo "Workflow not done, waiting 10 seconds before checking again"
sleep 10
conclusion=$(gh api /repos/"$REPOSITORY"/actions/runs/"$runId" --jq '.conclusion')
done
if [[ "$conclusion" != "success" ]]; then
echo "Workflow was not successful, cannot make comparison"
exit 0
fi
echo "baseRunId=$runId" >> "$GITHUB_OUTPUT"
env:
REPOSITORY: ${{ github.repository }}
BASE_SHA: ${{ needs.attrs.outputs.baseSha }}
GH_TOKEN: ${{ github.token }}
- uses: actions/download-artifact@v4
if: steps.baseRunId.outputs.baseRunId
with:
name: result
path: baseResult
github-token: ${{ github.token }}
run-id: ${{ steps.baseRunId.outputs.baseRunId }}
- name: Compare against the base branch
if: steps.baseRunId.outputs.baseRunId
run: |
nix-build nixpkgs/ci -A eval.compare \
--arg beforeResultDir ./baseResult \
--arg afterResultDir ./prResult \
-o comparison
cat comparison/step-summary.md >> "$GITHUB_STEP_SUMMARY"
# TODO: Request reviews from maintainers for packages whose files are modified in the PR
- name: Upload the combined results
if: steps.baseRunId.outputs.baseRunId
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: comparison
path: comparison/*
# Separate job to have a very tightly scoped PR write token
tag:
name: Tag
runs-on: ubuntu-latest
needs: process
if: needs.process.outputs.baseRunId
permissions:
pull-requests: write
statuses: write
steps:
- name: Download process result
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: comparison
path: comparison
- name: Tagging pull request
run: |
# Get all currently set rebuild labels
gh api \
/repos/"$REPOSITORY"/issues/"$NUMBER"/labels \
--jq '.[].name | select(startswith("10.rebuild"))' \
| sort > before
# And the labels that should be there
jq -r '.labels[]' comparison/changed-paths.json \
| sort > after
# Remove the ones not needed anymore
while read -r toRemove; do
echo "Removing label $toRemove"
gh api \
--method DELETE \
/repos/"$REPOSITORY"/issues/"$NUMBER"/labels/"$toRemove"
done < <(comm -23 before after)
# And add the ones that aren't set already
while read -r toAdd; do
echo "Adding label $toAdd"
gh api \
--method POST \
/repos/"$REPOSITORY"/issues/"$NUMBER"/labels \
-f "labels[]=$toAdd"
done < <(comm -13 before after)
env:
GH_TOKEN: ${{ github.token }}
REPOSITORY: ${{ github.repository }}
NUMBER: ${{ github.event.number }}
- name: Add eval summary to commit statuses
if: ${{ github.event_name == 'pull_request_target' }}
run: |
description=$(jq -r '
"Package: added " + (.attrdiff.added | length | tostring) +
", removed " + (.attrdiff.removed | length | tostring) +
", changed " + (.attrdiff.changed | length | tostring) +
", Rebuild: linux " + (.rebuildCountByKernel.linux | tostring) +
", darwin " + (.rebuildCountByKernel.darwin | tostring)
' <comparison/changed-paths.json)
target_url="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID?pr=$NUMBER"
gh api --method POST \
-H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" \
"/repos/$GITHUB_REPOSITORY/statuses/$PR_HEAD_SHA" \
-f "context=Eval / Summary" -f "state=success" -f "description=$description" -f "target_url=$target_url"
env:
GH_TOKEN: ${{ github.token }}
PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
NUMBER: ${{ github.event.number }}

43
.github/workflows/get-merge-commit.yml vendored
View File

@@ -1,43 +0,0 @@
name: Get merge commit
on:
workflow_call:
outputs:
mergedSha:
description: "The merge commit SHA"
value: ${{ jobs.resolve-merge-commit.outputs.mergedSha }}
# We need a token to query the API, but it doesn't need any special permissions
permissions: {}
jobs:
resolve-merge-commit:
runs-on: ubuntu-latest
outputs:
mergedSha: ${{ steps.merged.outputs.mergedSha }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
path: base
sparse-checkout: ci
- name: Check if the PR can be merged and get the test merge commit
id: merged
env:
GH_TOKEN: ${{ github.token }}
GH_EVENT: ${{ github.event_name }}
run: |
case "$GH_EVENT" in
push)
echo "mergedSha=${{ github.sha }}" >> "$GITHUB_OUTPUT"
;;
pull_request_target)
if mergedSha=$(base/ci/get-merge-commit.sh ${{ github.repository }} ${{ github.event.number }}); then
echo "Checking the merge commit $mergedSha"
echo "mergedSha=$mergedSha" >> "$GITHUB_OUTPUT"
else
# Skipping so that no notifications are sent
echo "Skipping the rest..."
fi
;;
esac
rm -rf base

33
.github/workflows/manual-nixos-v2.yml vendored
View File

@@ -1,33 +0,0 @@
name: "Build NixOS manual v2"
permissions:
contents: read
on:
pull_request_target:
branches:
- master
paths:
- 'nixos/**'
jobs:
nixos:
name: nixos-manual-build
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:
# explicitly enable sandbox
extra_nix_config: sandbox = true
- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
with:
# This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
name: nixpkgs-ci
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Building NixOS manual
run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true nixos/release.nix -A manual.x86_64-linux

32
.github/workflows/manual-nixos.yml vendored Normal file
View File

@@ -0,0 +1,32 @@
name: "Build NixOS manual"
permissions: read-all
on:
pull_request_target:
branches:
- master
paths:
- 'nixos/**'
jobs:
nixos:
name: nixos-manual-build
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:
# explicitly enable sandbox
extra_nix_config: sandbox = true
- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
with:
# This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
name: nixpkgs-ci
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Building NixOS manual
run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true nixos/release.nix -A manual.x86_64-linux

35
.github/workflows/manual-nixpkgs-v2.yml vendored
View File

@@ -1,35 +0,0 @@
name: "Build Nixpkgs manual v2"
permissions:
contents: read
on:
pull_request_target:
branches:
- master
paths:
- 'doc/**'
- 'lib/**'
- 'pkgs/tools/nix/nixdoc/**'
jobs:
nixpkgs:
name: nixpkgs-manual-build
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:
# explicitly enable sandbox
extra_nix_config: sandbox = true
- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
with:
# This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
name: nixpkgs-ci
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Building Nixpkgs manual
run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true pkgs/top-level/release.nix -A manual -A manual.tests

34
.github/workflows/manual-nixpkgs.yml vendored Normal file
View File

@@ -0,0 +1,34 @@
name: "Build Nixpkgs manual"
permissions: read-all
on:
pull_request_target:
branches:
- master
paths:
- 'doc/**'
- 'lib/**'
- 'pkgs/tools/nix/nixdoc/**'
jobs:
nixpkgs:
name: nixpkgs-manual-build
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:
# explicitly enable sandbox
extra_nix_config: sandbox = true
- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
with:
# This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
name: nixpkgs-ci
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Building Nixpkgs manual
run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true pkgs/top-level/release.nix -A manual -A manual.tests

45
.github/workflows/nix-parse-v2.yml vendored
View File

@@ -1,45 +0,0 @@
name: "Check whether nix files are parseable v2"
permissions:
pull-requests: read
contents: read
on:
# avoids approving first time contributors
pull_request_target:
branches-ignore:
- 'release-**'
jobs:
tests:
name: nix-files-parseable-check
runs-on: ubuntu-latest
if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
steps:
- name: Get list of changed files from PR
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh api \
repos/NixOS/nixpkgs/pulls/${{github.event.number}}/files --paginate \
| jq --raw-output '.[] | select(.status != "removed" and (.filename | endswith(".nix"))) | .filename' \
> "$HOME/changed_files"
if [[ -s "$HOME/changed_files" ]]; then
echo "CHANGED_FILES=$HOME/changed_files" > "$GITHUB_ENV"
fi
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }}
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:
nix_path: nixpkgs=channel:nixpkgs-unstable
- name: Parse all changed or added nix files
run: |
ret=0
while IFS= read -r file; do
out="$(nix-instantiate --parse "$file")" || { echo "$out" && ret=1; }
done < "$HOME/changed_files"
exit "$ret"
if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }}

43
.github/workflows/nix-parse.yml vendored Normal file
View File

@@ -0,0 +1,43 @@
name: "Check whether nix files are parseable"
permissions: read-all
on:
# avoids approving first time contributors
pull_request_target:
branches-ignore:
- 'release-**'
jobs:
tests:
name: nix-files-parseable-check
runs-on: ubuntu-latest
if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
steps:
- name: Get list of changed files from PR
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh api \
repos/NixOS/nixpkgs/pulls/${{github.event.number}}/files --paginate \
| jq --raw-output '.[] | select(.status != "removed" and (.filename | endswith(".nix"))) | .filename' \
> "$HOME/changed_files"
if [[ -s "$HOME/changed_files" ]]; then
echo "CHANGED_FILES=$HOME/changed_files" > "$GITHUB_ENV"
fi
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }}
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:
nix_path: nixpkgs=channel:nixpkgs-unstable
- name: Parse all changed or added nix files
run: |
ret=0
while IFS= read -r file; do
out="$(nix-instantiate --parse "$file")" || { echo "$out" && ret=1; }
done < "$HOME/changed_files"
exit "$ret"
if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }}

34
.github/workflows/nixpkgs-vet.yml vendored
View File

@@ -19,34 +19,46 @@ permissions: {}
# There is a feature request for suppressing notifications on concurrency-canceled runs: https://github.com/orgs/community/discussions/13015
jobs:
get-merge-commit:
uses: ./.github/workflows/get-merge-commit.yml
check:
name: nixpkgs-vet
# This needs to be x86_64-linux, because we depend on the tooling being pre-built in the GitHub releases.
runs-on: ubuntu-latest
# This should take 1 minute at most, but let's be generous. The default of 6 hours is definitely too long.
timeout-minutes: 10
needs: get-merge-commit
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
if: needs.get-merge-commit.outputs.mergedSha
# This checks out the base branch because of pull_request_target
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
path: base
sparse-checkout: ci
- name: Resolving the merge commit
env:
GH_TOKEN: ${{ github.token }}
run: |
if mergedSha=$(base/ci/get-merge-commit.sh ${{ github.repository }} ${{ github.event.number }}); then
echo "Checking the merge commit $mergedSha"
echo "mergedSha=$mergedSha" >> "$GITHUB_ENV"
else
echo "Skipping the rest..."
fi
rm -rf base
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
if: env.mergedSha
with:
# pull_request_target checks out the base branch by default
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
ref: ${{ env.mergedSha }}
# Fetches the merge commit and its parents
fetch-depth: 2
- name: Checking out base branch
if: needs.get-merge-commit.outputs.mergedSha
if: env.mergedSha
run: |
base=$(mktemp -d)
git worktree add "$base" "$(git rev-parse HEAD^1)"
echo "base=$base" >> "$GITHUB_ENV"
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
if: needs.get-merge-commit.outputs.mergedSha
if: env.mergedSha
- name: Fetching the pinned tool
if: needs.get-merge-commit.outputs.mergedSha
if: env.mergedSha
# Update the pinned version using ci/nixpkgs-vet/update-pinned-tool.sh
run: |
# The pinned version of the tooling to use.
@@ -59,7 +71,7 @@ jobs:
# Adds a result symlink as a GC root.
nix-store --realise "$toolPath" --add-root result
- name: Running nixpkgs-vet
if: needs.get-merge-commit.outputs.mergedSha
if: env.mergedSha
env:
# Force terminal colors to be enabled. The library that `nixpkgs-vet` uses respects https://bixense.com/clicolors/
CLICOLOR_FORCE: 1

2
.github/workflows/periodic-merge-24h.yml vendored
View File

@@ -41,7 +41,7 @@ jobs:
into: staging-24.05
name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
uses: devmasx/merge-branch@854d3ac71ed1e9deb668e0074781b81fdd6e771f # 1.4.0

2
.github/workflows/periodic-merge-6h.yml vendored
View File

@@ -39,7 +39,7 @@ jobs:
into: staging
name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
uses: devmasx/merge-branch@854d3ac71ed1e9deb668e0074781b81fdd6e771f # 1.4.0

2
.mailmap
View File

@@ -6,8 +6,6 @@ Christina Sørensen <christina@cafkafk.com> <christinaafk@gmail.com>
Christina Sørensen <christina@cafkafk.com> <89321978+cafkafk@users.noreply.github.com>
Daniel Løvbrøtte Olsen <me@dandellion.xyz> <daniel.olsen99@gmail.com>
Fabian Affolter <mail@fabian-affolter.ch> <fabian@affolter-engineering.ch>
Fiona Behrens <me@kloenk.dev>
Fiona Behrens <me@kloenk.dev> <me@kloenk.de>
goatastronaut0212 <goatastronaut0212@outlook.com> <goatastronaut0212@proton.me>
Janne Heß <janne@hess.ooo> <dasJ@users.noreply.github.com>
Jörg Thalheim <joerg@thalheim.io> <Mic92@users.noreply.github.com>

36
CONTRIBUTING.md
View File

@@ -313,7 +313,6 @@ Container system, boot system and library changes are some examples of the pull
To streamline automated updates, leverage the nixpkgs-merge-bot by simply commenting `@NixOS/nixpkgs-merge-bot merge`. The bot will verify if the following conditions are met, refusing to merge otherwise:
- the PR author should be @r-ryantm;
- the commenter that issued the command should be among the package maintainers;
- the package should reside in `pkgs/by-name`.
@@ -393,10 +392,14 @@ Here is a Git history diagram showing the flow of commits between the three bran
} }%%
gitGraph
commit id:" "
branch staging
commit id:" "
branch staging-next
branch staging
checkout master
checkout staging
checkout master
commit id:" "
checkout staging-next
merge master id:"automatic"
checkout staging
merge staging-next id:"automatic "
@@ -656,11 +659,9 @@ This goes hand in hand with [Writing good commit messages](#writing-good-commit-
For the code quality assessment, you cannot do anything yourself as only the committer can do this and they already have your code to look at.
In order to minimise the need for back and forth though, do take a look over your code changes yourself and try to put yourself into the shoes of someone who didn't just write that code.
Would you immediately know what the code does or why it is needed by glancing at it?
Would you immediately know what the code does by glancing at it?
If not, reviewers will notice this and will ask you to clarify the code by refactoring it and/or adding a few explanations in code comments.
Doing this preemptively can save you and the committer a lot of time.
To better convey the "story" of your change, consider dividing your change into multiple atomic commits.
There is a balance to strike however: over-fragmentation causes friction.
The code artefacts are the hardest for committers to assess because PRs touch all sorts of components: applications, libraries, NixOS modules, editor plugins and many many other things.
Any individual committer can only really assess components that they themselves know how to use however and yet they must still be convinced somehow.
@@ -688,9 +689,7 @@ Ask them nicely whether they still intend to review your PR and find yourself an
### How can I get a committer to look at my PR?
- Improve skimmability: use a simple descriptive PR title (details go in commit titles) outlining _what_ is done and _why_.
- Improve discoverability: apply all relevant labels, tick all relevant PR body checkboxes.
- Wait. Reviewers frequently browse open PRs and may happen to run across yours and take a look.
- Simply wait. Reviewers frequently browse open PRs and may happen to run across yours and take a look.
- Get non-committers to review/approve. Many committers filter open PRs for low-hanging fruit that are already been reviewed.
- [@-mention](https://github.blog/news-insights/mention-somebody-they-re-notified/) someone and ask them nicely
- Post in one of the channels made for this purpose if there has been no activity for at least one week
@@ -711,7 +710,7 @@ Don't worry about it.
If there is a build failure however and it happened due to a package related to your change, you need to investigate it of course.
If ofBorg reveals the build to be broken on some platform and you don't have access to that platform, you should set your package's `meta.broken` accordingly.
When in any doubt, please ask via a comment in your PR or through one of the help channels.
When in any doubt, please simply ask via a comment in your PR or through one of the help channels.
## I received a review on my PR, how do I get it over the finish line?
@@ -731,13 +730,6 @@ There may be constraints you had to work with which they're not aware of or qual
There are some further pitfalls and realities which this section intends to make you aware of.
### Aim to reduce cycles
Please be prepared for it to take a while before the reviewer gets back to you after you respond.
This is simply the reality of community projects at the scale of Nixpkgs.
As such, make sure to respond to _all_ feedback, either by applying suggested changes or argue in favor of something else or no change.
It wastes everyone time waiting for a couple of days just for the reviewer to remind you to address something they asked for.
### A reviewer requested a bunch of insubstantial changes on my PR
The people involved in Nixpkgs care about code quality because, once in Nixpkgs, it needs to be maintained for many years to come.
@@ -750,11 +742,11 @@ It is convention to mark review comments that are not critical to the PR as nitp
As the PR author, you should still take a look at these as they will often reveal best practices and unwritten rules that usually have good reasons behind them and you may want to incorporate them into your modus operandi.
Please keep in mind that reviewers almost always mean well here.
Their intent is not to denounce your code, they want your code to be as good as it can be.
Their intent is not to denounce your code, they simply want your code to be as good as it can be.
Through their experience, they may also take notice of a seemingly insignificant issues that have caused significant burden before.
Sometimes however, they can also get a bit carried away and become too perfectionistic.
If you feel some of the requests are unreasonable, out of scope, or merely a matter of personal preference, try to nicely remind the reviewers that you may not intend this code to be 100% perfect or that you have different taste in some regards and press them on whether they think that these requests are *critical* to the PR's success.
If you feel some of the requests are unreasonable or merely a matter of personal preference, try to nicely remind the reviewers that you may not intend this code to be 100% perfect or that you have different taste in some regards and press them on whether they think that these requests are *critical* to the PR's success.
While we do have a set of [official standards for the Nix community](https://github.com/NixOS/rfcs/), we don't have standards for everything and there are often multiple valid ways to achieve the same goal.
Unless there are standards forbidding the patterns used in your code or there are serious technical, maintainability or readability issues with your code, you can insist to keep the code the way you made it and disregard the requests.
@@ -776,11 +768,9 @@ If someone left an approving review on your PR and didn't merge a few days later
Please see it as your responsibility to actively remind reviewers of your open PRs.
The easiest way to do so is to cause them a Github notification.
Github notifies people involved in the PR whenever you add a comment to your PR, push your PR or re-request their review.
The easiest way to do so is to simply cause them a Github notification.
Github notifies people involved in the PR when you add a comment to your PR, push your PR or re-request their review.
Doing any of that will get you people's attention again.
Everyone deserves proper attention, and yes that includes you!
However please be mindful that committers can sadly not always give everyone the attention they deserve.
It may very well be the case that you have to do this every time you need the committer to follow up upon your PR.
Again, this is a community project so please be mindful of people's circumstances here; be nice when requesting reviews again.

8
README.md
View File

@@ -9,7 +9,7 @@
</p>
<p align="center">
<a href="CONTRIBUTING.md"><img src="https://img.shields.io/github/contributors-anon/NixOS/nixpkgs" alt="Contributors badge" /></a>
<a href="https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md"><img src="https://img.shields.io/github/contributors-anon/NixOS/nixpkgs" alt="Contributors badge" /></a>
<a href="https://opencollective.com/nixos"><img src="https://opencollective.com/nixos/tiers/supporter/badge.svg?label=supporters&color=brightgreen" alt="Open Collective supporters" /></a>
</p>
@@ -52,9 +52,9 @@ Nixpkgs and NixOS are built and tested by our continuous integration
system, [Hydra](https://hydra.nixos.org/).
* [Continuous package builds for unstable/master](https://hydra.nixos.org/jobset/nixos/trunk-combined)
* [Continuous package builds for the NixOS 24.11 release](https://hydra.nixos.org/jobset/nixos/release-24.11)
* [Continuous package builds for the NixOS 24.05 release](https://hydra.nixos.org/jobset/nixos/release-24.05)
* [Tests for unstable/master](https://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
* [Tests for the NixOS 24.11 release](https://hydra.nixos.org/job/nixos/release-24.11/tested#tabs-constituents)
* [Tests for the NixOS 24.05 release](https://hydra.nixos.org/job/nixos/release-24.05/tested#tabs-constituents)
Artifacts successfully built with Hydra are published to cache at
https://cache.nixos.org/. When successful build and test criteria are
@@ -74,7 +74,7 @@ Community contributions are always welcome through GitHub Issues and
Pull Requests.
For more information about contributing to the project, please visit
the [contributing page](CONTRIBUTING.md).
the [contributing page](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md).
# Donations

95
ci/OWNERS
View File

@@ -11,15 +11,15 @@
# - There is no need for user/team listed here to have write access.
# - No reviews will be requested for PRs that target the wrong base branch.
#
# Processing of this file is implemented in workflows/codeowners-v2.yml
# Processing of this file is implemented in workflows/codeowners.yml
# CI
/.github/workflows @NixOS/Security @Mic92 @zowoq @infinisil
/.github/workflows @NixOS/Security @Mic92 @zowoq
/.github/workflows/check-nix-format.yml @infinisil
/.github/workflows/nixpkgs-vet.yml @infinisil @philiptaron
/.github/workflows/codeowners-v2.yml @infinisil
/.github/workflows/codeowners.yml @infinisil
/ci/OWNERS @infinisil
/ci @infinisil @philiptaron @NixOS/Security
/ci/OWNERS @infinisil @philiptaron
# Development support
/.editorconfig @Mic92 @zowoq
@@ -27,7 +27,7 @@
# Libraries
/lib @infinisil
/lib/systems @alyssais @ericson2314 @NixOS/stdenv
/lib/systems @alyssais @ericson2314
/lib/generators.nix @infinisil @Profpatsch
/lib/cli.nix @infinisil @Profpatsch
/lib/debug.nix @infinisil @Profpatsch
@@ -49,16 +49,16 @@
/pkgs/top-level/splice.nix @Ericson2314
/pkgs/top-level/release-cross.nix @Ericson2314
/pkgs/top-level/by-name-overlay.nix @infinisil @philiptaron
/pkgs/stdenv @philiptaron @NixOS/stdenv
/pkgs/stdenv/generic @Ericson2314 @NixOS/stdenv
/pkgs/stdenv/generic/check-meta.nix @Ericson2314 @NixOS/stdenv
/pkgs/stdenv/cross @Ericson2314 @NixOS/stdenv
/pkgs/stdenv @philiptaron
/pkgs/stdenv/generic @Ericson2314
/pkgs/stdenv/generic/check-meta.nix @Ericson2314
/pkgs/stdenv/cross @Ericson2314
/pkgs/build-support @philiptaron
/pkgs/build-support/cc-wrapper @Ericson2314
/pkgs/build-support/bintools-wrapper @Ericson2314
/pkgs/build-support/setup-hooks @Ericson2314
/pkgs/build-support/setup-hooks/auto-patchelf.sh @layus
/pkgs/by-name/au/auto-patchelf @layus
/pkgs/build-support/setup-hooks/auto-patchelf.py @layus
/pkgs/pkgs-lib @infinisil
## Format generators/serializers
/pkgs/pkgs-lib/formats/libconfig @h7x4
@@ -149,8 +149,8 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @NixOS/nix-team @raitobeza
# Python-related code and docs
/doc/languages-frameworks/python.section.md @mweinelt @natsukium
/maintainers/scripts/update-python-libraries @mweinelt @natsukium
/pkgs/development/interpreters/python @mweinelt @natsukium
/maintainers/scripts/update-python-libraries @natsukium
/pkgs/development/interpreters/python @natsukium
/pkgs/top-level/python-packages.nix @natsukium
/pkgs/top-level/release-python.nix @natsukium
@@ -173,20 +173,13 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @NixOS/nix-team @raitobeza
/pkgs/development/r-modules @jbedo
# Rust
/pkgs/development/compilers/rust @alyssais @Mic92 @zowoq @winterqt @figsoda
/pkgs/development/compilers/rust @Mic92 @zowoq @winterqt @figsoda
/pkgs/build-support/rust @zowoq @winterqt @figsoda
/doc/languages-frameworks/rust.section.md @zowoq @winterqt @figsoda
# Tcl
/pkgs/development/interpreters/tcl @fgaz
/pkgs/development/libraries/tk @fgaz
/pkgs/top-level/tcl-packages.nix @fgaz
/pkgs/development/tcl-modules @fgaz
/doc/languages-frameworks/tcl.section.md @fgaz
# C compilers
/pkgs/development/compilers/gcc
/pkgs/development/compilers/llvm @alyssais @RossComputerGuy @NixOS/llvm
/pkgs/development/compilers/llvm @alyssais @RossComputerGuy
/pkgs/development/compilers/emscripten @raitobezarius
/doc/languages-frameworks/emscripten.section.md @raitobezarius
@@ -198,20 +191,14 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @NixOS/nix-team @raitobeza
# Browsers
/pkgs/applications/networking/browsers/firefox @mweinelt
/pkgs/applications/networking/browsers/chromium @emilylange @networkException
/nixos/tests/chromium.nix @emilylange @networkException
/pkgs/applications/networking/browsers/chromium @emilylange
/nixos/tests/chromium.nix @emilylange
# Certificate Authorities
pkgs/data/misc/cacert/ @ajs124 @lukegb @mweinelt
pkgs/development/libraries/nss/ @ajs124 @lukegb @mweinelt
pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
# Java
/doc/languages-frameworks/java.section.md @NixOS/java
/doc/languages-frameworks/gradle.section.md @NixOS/java
/doc/languages-frameworks/maven.section.md @NixOS/java
/pkgs/top-level/java-packages.nix @NixOS/java
# Jetbrains
/pkgs/applications/editors/jetbrains @edwtjo
@@ -232,17 +219,17 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
/maintainers/scripts/kde @K900 @NickCao @SuperSandro2000 @ttuegel
# PostgreSQL and related stuff
/pkgs/servers/sql/postgresql @NixOS/postgres
/nixos/modules/services/databases/postgresql.md @NixOS/postgres
/nixos/modules/services/databases/postgresql.nix @NixOS/postgres
/nixos/tests/postgresql @NixOS/postgres
/pkgs/servers/sql/postgresql @thoughtpolice
/nixos/modules/services/databases/postgresql.md @thoughtpolice
/nixos/modules/services/databases/postgresql.nix @thoughtpolice
/nixos/tests/postgresql.nix @thoughtpolice
# Hardened profile & related modules
/nixos/modules/profiles/hardened.nix @joachifm
/nixos/modules/security/lock-kernel-modules.nix @joachifm
/nixos/modules/security/misc.nix @joachifm
/nixos/tests/hardened.nix @joachifm
/pkgs/os-specific/linux/kernel/hardened/ @fabianhjr @joachifm
/nixos/modules/profiles/hardened.nix @joachifm
/nixos/modules/security/lock-kernel-modules.nix @joachifm
/nixos/modules/security/misc.nix @joachifm
/nixos/tests/hardened.nix @joachifm
/pkgs/os-specific/linux/kernel/hardened/config.nix @joachifm
# Home Automation
/nixos/modules/services/home-automation/home-assistant.nix @mweinelt
@@ -254,13 +241,13 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
# Network Time Daemons
/pkgs/by-name/ch/chrony @thoughtpolice
/pkgs/by-name/nt/ntp @thoughtpolice
/pkgs/by-name/op/openntpd @thoughtpolice
/pkgs/tools/networking/ntp @thoughtpolice
/pkgs/tools/networking/openntpd @thoughtpolice
/nixos/modules/services/networking/ntp @thoughtpolice
# Network
/pkgs/by-name/ke/kea @mweinelt
/pkgs/by-name/ba/babeld @mweinelt
/pkgs/tools/networking/kea/default.nix @mweinelt
/pkgs/tools/networking/babeld/default.nix @mweinelt
/nixos/modules/services/networking/babeld.nix @mweinelt
/nixos/modules/services/networking/kea.nix @mweinelt
/nixos/modules/services/networking/knot.nix @mweinelt
@@ -302,10 +289,10 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
/pkgs/applications/editors/kakoune @philiptaron
# Neovim
/pkgs/applications/editors/neovim @NixOS/neovim
/pkgs/applications/editors/neovim @figsoda @teto
# VimPlugins
/pkgs/applications/editors/vim/plugins @NixOS/neovim
/pkgs/applications/editors/vim/plugins @figsoda
# VsCode Extensions
/pkgs/applications/editors/vscode/extensions
@@ -344,13 +331,8 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
/pkgs/by-name/ne/nemo @mkg20001
/pkgs/by-name/ne/nemo-* @mkg20001
# Xfce
/doc/hooks/xfce4-dev-tools.section.md @NixOS/xfce
# nim
/doc/languages-frameworks/nim.section.md @ehmry
/pkgs/build-support/build-nim-package.nix @ehmry
/pkgs/top-level/nim-overrides.nix @ehmry
/pkgs/development/compilers/nim @ehmry
# terraform providers
/pkgs/applications/networking/cluster/terraform-providers @zowoq
@@ -413,19 +395,14 @@ pkgs/by-name/lx/lxc* @adamcstephens
# GNU Tar & Zip
/pkgs/tools/archivers/gnutar @RossComputerGuy
/pkgs/by-name/zi/zip @RossComputerGuy
/pkgs/tools/archivers/zip @RossComputerGuy
# SELinux
/pkgs/by-name/ch/checkpolicy @RossComputerGuy
/pkgs/by-name/li/libselinux @RossComputerGuy
/pkgs/by-name/li/libsepol @RossComputerGuy
/pkgs/os-specific/linux/checkpolicy @RossComputerGuy
/pkgs/os-specific/linux/libselinux @RossComputerGuy
/pkgs/os-specific/linux/libsepol @RossComputerGuy
# installShellFiles
/pkgs/by-name/in/installShellFiles/* @Ericson2314
/pkgs/test/install-shell-files/* @Ericson2314
/doc/hooks/installShellFiles.section.md @Ericson2314
# Darwin
/pkgs/by-name/ap/apple-sdk @NixOS/darwin-core
/pkgs/os-specific/darwin/apple-source-releases @NixOS/darwin-core
/pkgs/stdenv/darwin @NixOS/darwin-core

29
ci/README.md
View File

@@ -58,7 +58,7 @@ Exit codes:
### Usage
This script is implemented as a reusable GitHub Actions workflow, and can be used as follows:
This script can be used in GitHub Actions workflows as follows:
```yaml
on: pull_request_target
@@ -67,19 +67,32 @@ on: pull_request_target
permissions: {}
jobs:
get-merge-commit:
# use the relative path of the get-merge-commit workflow yaml here
uses: ./.github/workflows/get-merge-commit.yml
build:
name: Build
runs-on: ubuntu-latest
needs: get-merge-commit
steps:
# Important: Because of `pull_request_target`, this doesn't check out the PR,
# but rather the base branch of the PR, which is needed so we don't run untrusted code
- uses: actions/checkout@<VERSION>
with:
path: base
sparse-checkout: ci
- name: Resolving the merge commit
env:
GH_TOKEN: ${{ github.token }}
run: |
if mergedSha=$(base/ci/get-merge-commit.sh ${{ github.repository }} ${{ github.event.number }}); then
echo "Checking the merge commit $mergedSha"
echo "mergedSha=$mergedSha" >> "$GITHUB_ENV"
else
# Skipping so that no notifications are sent
echo "Skipping the rest..."
fi
rm -rf base
- uses: actions/checkout@<VERSION>
# Add this to _all_ subsequent steps to skip them
if: needs.get-merge-commit.outputs.mergedSha
if: env.mergedSha
with:
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
ref: ${{ env.mergedSha }}
- ...
```

1
ci/default.nix
View File

@@ -26,5 +26,4 @@ in
inherit pkgs;
requestReviews = pkgs.callPackage ./request-reviews { };
codeownersValidator = pkgs.callPackage ./codeowners-validator { };
eval = pkgs.callPackage ./eval { };
}

19
ci/eval/README.md
View File

@@ -1,19 +0,0 @@
# Nixpkgs CI evaluation
The code in this directory is used by the [eval.yml](../../.github/workflows/eval.yml) GitHub Actions workflow to evaluate the majority of Nixpkgs for all PRs, effectively making sure that when the development branches are processed by Hydra, no evaluation failures are encountered.
Furthermore it also allows local evaluation using
```
nix-build ci -A eval.full \
--max-jobs 4
--cores 2
--arg chunkSize 10000
```
- `--max-jobs`: The maximum number of derivations to run at the same time. Only each [supported system](../supportedSystems.nix) gets a separate derivation, so it doesn't make sense to set this higher than that number.
- `--cores`: The number of cores to use for each job. Recommended to set this to the amount of cores on your system divided by `--max-jobs`.
- `chunkSize`: The number of attributes that are evaluated simultaneously on a single core. Lowering this decreases memory usage at the cost of increased evaluation time. If this is too high, there won't be enough chunks to process them in parallel, and will also increase evaluation time.
A good default is to set `chunkSize` to 10000, which leads to about 3.6GB max memory usage per core, so suitable for fully utilising machines with 4 cores and 16GB memory, 8 cores and 32GB memory or 16 cores and 64GB memory.
Note that 16GB memory is the recommended minimum, while with less than 8GB memory evaluation time suffers greatly.

164
ci/eval/compare.jq
View File

@@ -1,164 +0,0 @@
# Turns
#
# {
# "hello.aarch64-linux": "a",
# "hello.x86_64-linux": "b",
# "hello.aarch64-darwin": "c",
# "hello.x86_64-darwin": "d"
# }
#
# into
#
# {
# "hello": {
# "linux": {
# "aarch64": "a",
# "x86_64": "b"
# },
# "darwin": {
# "aarch64": "c",
# "x86_64": "d"
# }
# }
# }
#
# while filtering out any attribute paths that don't match this pattern
def expand_system:
to_entries
| map(
.key |= split(".")
| select(.key | length > 1)
| .double = (.key[-1] | split("-"))
| select(.double | length == 2)
)
| group_by(.key[0:-1])
| map(
{
key: .[0].key[0:-1] | join("."),
value:
group_by(.double[1])
| map(
{
key: .[0].double[1],
value: map(.key = .double[0]) | from_entries
}
)
| from_entries
})
| from_entries
;
# Transposes
#
# {
# "a": [ "x", "y" ],
# "b": [ "x" ],
# }
#
# into
#
# {
# "x": [ "a", "b" ],
# "y": [ "a" ]
# }
def transpose:
[
to_entries[]
| {
key: .key,
value: .value[]
}
]
| group_by(.value)
| map({
key: .[0].value,
value: map(.key)
})
| from_entries
;
# Computes the key difference for two objects:
# {
# added: [ <keys only in the second object> ],
# removed: [ <keys only in the first object> ],
# changed: [ <keys with different values between the two objects> ],
# }
#
def diff($before; $after):
{
added: $after | delpaths($before | keys | map([.])) | keys,
removed: $before | delpaths($after | keys | map([.])) | keys,
changed:
$before
| to_entries
| map(
$after."\(.key)" as $after2
| select(
# Filter out attributes that don't exist anymore
($after2 != null)
and
# Filter out attributes that are the same as the new value
(.value != $after2)
)
| .key
)
}
;
($before[0] | expand_system) as $before
| ($after[0] | expand_system) as $after
| .attrdiff = diff($before; $after)
| .rebuildsByKernel = (
[
(
.attrdiff.changed[]
| {
key: .,
value: diff($before."\(.)"; $after."\(.)").changed
}
)
,
(
.attrdiff.added[]
| {
key: .,
value: ($after."\(.)" | keys)
}
)
]
| from_entries
| transpose
)
| .rebuildCountByKernel = (
.rebuildsByKernel
| with_entries(.value |= length)
| pick(.linux, .darwin)
| {
linux: (.linux // 0),
darwin: (.darwin // 0),
}
)
| .labels = (
.rebuildCountByKernel
| to_entries
| map(
"10.rebuild-\(.key): " +
if .value == 0 then
"0"
elif .value <= 10 then
"1-10"
elif .value <= 100 then
"11-100"
elif .value <= 500 then
"101-500"
elif .value <= 1000 then
"501-1000"
elif .value <= 2500 then
"1001-2500"
elif .value <= 5000 then
"2501-5000"
else
"5001+"
end
)
)

303
ci/eval/default.nix
View File

@@ -1,303 +0,0 @@
{
lib,
runCommand,
writeShellScript,
linkFarm,
time,
procps,
nixVersions,
jq,
sta,
}:
let
nixpkgs =
with lib.fileset;
toSource {
root = ../..;
fileset = unions (
map (lib.path.append ../..) [
"default.nix"
"doc"
"lib"
"maintainers"
"nixos"
"pkgs"
".version"
"ci/supportedSystems.nix"
]
);
};
nix = nixVersions.nix_2_24;
supportedSystems = import ../supportedSystems.nix;
attrpathsSuperset =
runCommand "attrpaths-superset.json"
{
src = nixpkgs;
nativeBuildInputs = [
nix
time
];
env.supportedSystems = builtins.toJSON supportedSystems;
passAsFile = [ "supportedSystems" ];
}
''
export NIX_STATE_DIR=$(mktemp -d)
mkdir $out
export GC_INITIAL_HEAP_SIZE=4g
command time -v \
nix-instantiate --eval --strict --json --show-trace \
"$src/pkgs/top-level/release-attrpaths-superset.nix" \
-A paths \
-I "$src" \
--option restrict-eval true \
--option allow-import-from-derivation false \
--arg enableWarnings false > $out/paths.json
mv "$supportedSystemsPath" $out/systems.json
'';
singleSystem =
{
# The system to evaluate.
# Note that this is intentionally not called `system`,
# because `--argstr system` would only be passed to the ci/default.nix file!
evalSystem,
# The path to the `paths.json` file from `attrpathsSuperset`
attrpathFile,
# The number of attributes per chunk, see ./README.md for more info.
chunkSize,
checkMeta ? true,
includeBroken ? true,
# Whether to just evaluate a single chunk for quick testing
quickTest ? false,
}:
let
singleChunk = writeShellScript "single-chunk" ''
set -euo pipefail
chunkSize=$1
myChunk=$2
system=$3
outputDir=$4
export NIX_SHOW_STATS=1
export NIX_SHOW_STATS_PATH="$outputDir/stats/$myChunk"
echo "Chunk $myChunk on $system start"
set +e
command time -f "Chunk $myChunk on $system done [%MKB max resident, %Es elapsed] %C" \
nix-env -f "${nixpkgs}/pkgs/top-level/release-attrpaths-parallel.nix" \
--option restrict-eval true \
--option allow-import-from-derivation false \
--query --available \
--no-name --attr-path --out-path \
--show-trace \
--arg chunkSize "$chunkSize" \
--arg myChunk "$myChunk" \
--arg attrpathFile "${attrpathFile}" \
--arg systems "[ \"$system\" ]" \
--arg checkMeta ${lib.boolToString checkMeta} \
--arg includeBroken ${lib.boolToString includeBroken} \
-I ${nixpkgs} \
-I ${attrpathFile} \
> "$outputDir/result/$myChunk"
exitCode=$?
set -e
if (( exitCode != 0 )); then
echo "Evaluation failed with exit code $exitCode"
# This immediately halts all xargs processes
kill $PPID
fi
'';
in
runCommand "nixpkgs-eval-${evalSystem}"
{
nativeBuildInputs = [
nix
time
procps
jq
];
env = {
inherit evalSystem chunkSize;
};
}
''
export NIX_STATE_DIR=$(mktemp -d)
nix-store --init
echo "System: $evalSystem"
cores=$NIX_BUILD_CORES
echo "Cores: $cores"
attrCount=$(jq length "${attrpathFile}")
echo "Attribute count: $attrCount"
echo "Chunk size: $chunkSize"
# Same as `attrCount / chunkSize` but rounded up
chunkCount=$(( (attrCount - 1) / chunkSize + 1 ))
echo "Chunk count: $chunkCount"
mkdir $out
# Record and print stats on free memory and swap in the background
(
while true; do
availMemory=$(free -b | grep Mem | awk '{print $7}')
freeSwap=$(free -b | grep Swap | awk '{print $4}')
echo "Available memory: $(( availMemory / 1024 / 1024 )) MiB, free swap: $(( freeSwap / 1024 / 1024 )) MiB"
if [[ ! -f "$out/min-avail-memory" ]] || (( availMemory < $(<$out/min-avail-memory) )); then
echo "$availMemory" > $out/min-avail-memory
fi
if [[ ! -f $out/min-free-swap ]] || (( availMemory < $(<$out/min-free-swap) )); then
echo "$freeSwap" > $out/min-free-swap
fi
sleep 4
done
) &
seq_end=$(( chunkCount - 1 ))
${lib.optionalString quickTest ''
seq_end=0
''}
chunkOutputDir=$(mktemp -d)
mkdir "$chunkOutputDir"/{result,stats}
seq -w 0 "$seq_end" |
command time -f "%e" -o "$out/total-time" \
xargs -I{} -P"$cores" \
${singleChunk} "$chunkSize" {} "$evalSystem" "$chunkOutputDir"
if (( chunkSize * chunkCount != attrCount )); then
# A final incomplete chunk would mess up the stats, don't include it
rm "$chunkOutputDir"/stats/"$seq_end"
fi
# Make sure the glob doesn't break when there's no files
shopt -s nullglob
cat "$chunkOutputDir"/result/* > $out/paths
cat "$chunkOutputDir"/stats/* > $out/stats.jsonstream
'';
combine =
{
resultsDir,
}:
runCommand "combined-result"
{
nativeBuildInputs = [
jq
sta
];
}
''
mkdir -p $out
# Transform output paths to JSON
cat ${resultsDir}/*/paths |
jq --sort-keys --raw-input --slurp '
split("\n") |
map(select(. != "") | split(" ") | map(select(. != ""))) |
map(
{
key: .[0],
value: .[1] | split(";") | map(split("=") |
if length == 1 then
{ key: "out", value: .[0] }
else
{ key: .[0], value: .[1] }
end) | from_entries}
) | from_entries
' > $out/outpaths.json
# Computes min, mean, error, etc. for a list of values and outputs a JSON from that
statistics() {
local stat=$1
sta --transpose |
jq --raw-input --argjson stat "$stat" -n '
[
inputs |
split("\t") |
{ key: .[0], value: (.[1] | fromjson) }
] |
from_entries |
{
key: ($stat | join(".")),
value: .
}'
}
# Gets all available number stats (without .sizes because those are constant and not interesting)
readarray -t stats < <(jq -cs '.[0] | del(.sizes) | paths(type == "number")' ${resultsDir}/*/stats.jsonstream)
# Combines the statistics from all evaluations
{
echo "{ \"key\": \"minAvailMemory\", \"value\": $(cat ${resultsDir}/*/min-avail-memory | sta --brief --min) }"
echo "{ \"key\": \"minFreeSwap\", \"value\": $(cat ${resultsDir}/*/min-free-swap | sta --brief --min) }"
cat ${resultsDir}/*/total-time | statistics '["totalTime"]'
for stat in "''${stats[@]}"; do
cat ${resultsDir}/*/stats.jsonstream |
jq --argjson stat "$stat" 'getpath($stat)' |
statistics "$stat"
done
} |
jq -s from_entries > $out/stats.json
'';
compare =
{ beforeResultDir, afterResultDir }:
runCommand "compare"
{
nativeBuildInputs = [
jq
];
}
''
mkdir $out
jq -n -f ${./compare.jq} \
--slurpfile before ${beforeResultDir}/outpaths.json \
--slurpfile after ${afterResultDir}/outpaths.json \
> $out/changed-paths.json
jq -r -f ${./generate-step-summary.jq} < $out/changed-paths.json > $out/step-summary.md
# TODO: Compare eval stats
'';
full =
{
# Whether to evaluate just a single system, by default all are evaluated
evalSystem ? if quickTest then "x86_64-linux" else null,
# The number of attributes per chunk, see ./README.md for more info.
chunkSize,
quickTest ? false,
}:
let
systems = if evalSystem == null then supportedSystems else [ evalSystem ];
results = linkFarm "results" (
map (evalSystem: {
name = evalSystem;
path = singleSystem {
inherit quickTest evalSystem chunkSize;
attrpathFile = attrpathsSuperset + "/paths.json";
};
}) systems
);
in
combine {
resultsDir = results;
};
in
{
inherit
attrpathsSuperset
singleSystem
combine
compare
# The above three are used by separate VMs in a GitHub workflow,
# while the below is intended for testing on a single local machine
full
;
}

15
ci/eval/generate-step-summary.jq
View File

@@ -1,15 +0,0 @@
def truncate(xs; n):
if xs | length > n then xs[:n] + ["..."]
else xs
end;
def itemize_packages(xs):
# we truncate the list to stay below the GitHub limit of 1MB per step summary.
truncate(xs; 3000) | map("- [\(.)](https://search.nixos.org/packages?channel=unstable&show=\(.)&from=0&size=50&sort=relevance&type=packages&query=\(.))") | join("\n");
def section(title; xs):
"<details> <summary>" + title + " (" + (xs | length | tostring) + ")</summary>\n\n" + itemize_packages(xs) + "</details>";
section("Added packages"; .attrdiff.added) + "\n\n" +
section("Removed packages"; .attrdiff.removed) + "\n\n" +
section("Changed packages"; .attrdiff.changed)

4
ci/pinned-nixpkgs.json
View File

@@ -1,4 +1,4 @@
{
"rev": "929116e316068c7318c54eb4d827f7d9756d5e9c",
"sha256": "1am61kcakn9j47435k4cgsarvypb8klv4avszxza0jn362hp3ck8"
"rev": "4de4818c1ffa76d57787af936e8a23648bda6be4",
"sha256": "0l3b9jr5ydzqgvd10j12imc9jqb6jv5v2bdi1gyy5cwkwplfay67"
}

1
ci/request-reviews/dev-branches.txt
View File

@@ -1,6 +1,5 @@
# Trusted development branches:
# These generally require PRs to update and are built by Hydra.
# Keep this synced with the branches in .github/workflows/eval.yml
master
staging
release-*

6
ci/supportedSystems.nix
View File

@@ -1,6 +0,0 @@
[
"aarch64-linux"
"aarch64-darwin"
"x86_64-linux"
"x86_64-darwin"
]

75
doc/build-helpers/fetchers.chapter.md
View File

@@ -755,66 +755,25 @@ Used with Subversion. Expects `url` to a Subversion directory, `rev`, and `hash`
Used with Git. Expects `url` to a Git repo, `rev`, and `hash`. `rev` in this case can be full the git commit id (SHA1 hash) or a tag name like `refs/tags/v1.0`.
If you want to fetch a tag you should pass the `tag` parameter instead of `rev` which has the same effect as setting `rev = "refs/tags"/${version}"`.
This is safer than just setting `rev = version` w.r.t. possible branch and tag name conflicts.
Additionally, the following optional arguments can be given: `fetchSubmodules = true` makes `fetchgit` also fetch the submodules of a repository. If `deepClone` is set to true, the entire repository is cloned as opposing to just creating a shallow clone. `deepClone = true` also implies `leaveDotGit = true` which means that the `.git` directory of the clone won't be removed after checkout.
Additionally, the following optional arguments can be given:
If only parts of the repository are needed, `sparseCheckout` can be used. This will prevent git from fetching unnecessary blobs from server, see [git sparse-checkout](https://git-scm.com/docs/git-sparse-checkout) for more information:
*`fetchSubmodules`* (Boolean)
```nix
{ stdenv, fetchgit }:
: Whether to also fetch the submodules of a repository.
*`fetchLFS`* (Boolean)
: Whether to fetch LFS objects.
*`postFetch`* (String)
: Shell code executed after the file has been fetched successfully.
This can do things like check or transform the file.
*`leaveDotGit`* (Boolean)
: Whether the `.git` directory of the clone should *not* be removed after checkout.
Be warned though that the git repository format is not stable and this flag is therefore not suitable for actual use by itself.
Only use this for testing purposes or in conjunction with removing the `.git` directory in `postFetch`.
*`deepClone`* (Boolean)
: Clone the entire repository as opposing to just creating a shallow clone.
This implies `leaveDotGit`.
*`sparseCheckout`* (List of String)
: Prevent git from fetching unnecessary blobs from server.
This is useful if only parts of the repository are needed.
::: {.example #ex-fetchgit-sparseCheckout}
# Use `sparseCheckout` to only include some directories:
```nix
{ stdenv, fetchgit }:
stdenv.mkDerivation {
name = "hello";
src = fetchgit {
url = "https://...";
sparseCheckout = [
"directory/to/be/included"
"another/directory"
];
hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
};
}
```
:::
See [git sparse-checkout](https://git-scm.com/docs/git-sparse-checkout) for more information.
Some additional parameters for niche use-cases can be found listed in the function parameters in the declaration of `fetchgit`: `pkgs/build-support/fetchgit/default.nix`.
Future parameters additions might also happen without immediately being documented here.
stdenv.mkDerivation {
name = "hello";
src = fetchgit {
url = "https://...";
sparseCheckout = [
"directory/to/be/included"
"another/directory"
];
hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
};
}
```
## `fetchfossil` {#fetchfossil}
@@ -836,7 +795,7 @@ A number of fetcher functions wrap part of `fetchurl` and `fetchzip`. They are m
## `fetchFromGitHub` {#fetchfromgithub}
`fetchFromGitHub` expects four arguments. `owner` is a string corresponding to the GitHub user or organization that controls this repository. `repo` corresponds to the name of the software repository. These are located at the top of every GitHub HTML page as `owner`/`repo`. `rev` corresponds to the Git commit hash or tag (e.g `v1.0`) that will be downloaded from Git. If you need to fetch a tag however, you should prefer to use the `tag` parameter which achieves this in a safer way with less boilerplate. Finally, `hash` corresponds to the hash of the extracted directory. Again, other hash algorithms are also available, but `hash` is currently preferred.
`fetchFromGitHub` expects four arguments. `owner` is a string corresponding to the GitHub user or organization that controls this repository. `repo` corresponds to the name of the software repository. These are located at the top of every GitHub HTML page as `owner`/`repo`. `rev` corresponds to the Git commit hash or tag (e.g `v1.0`) that will be downloaded from Git. Finally, `hash` corresponds to the hash of the extracted directory. Again, other hash algorithms are also available, but `hash` is currently preferred.
To use a different GitHub instance, use `githubBase` (defaults to `"github.com"`).

4
doc/build-helpers/images/appimagetools.section.md
View File

@@ -117,7 +117,7 @@ in appimageTools.wrapType2 {
install -m 444 -D ${appimageContents}/usr/share/icons/hicolor/512x512/apps/irccloud.png \
$out/share/icons/hicolor/512x512/apps/irccloud.png
substituteInPlace $out/share/applications/irccloud.desktop \
--replace-fail 'Exec=AppRun' 'Exec=${pname}'
--replace 'Exec=AppRun' 'Exec=${pname}'
'';
}
```
@@ -147,7 +147,7 @@ let
appimageContents = appimageTools.extract {
inherit pname version src;
postExtract = ''
substituteInPlace $out/irccloud.desktop --replace-fail 'Exec=AppRun' 'Exec=${pname}'
substituteInPlace $out/irccloud.desktop --replace 'Exec=AppRun' 'Exec=${pname}'
'';
};
in appimageTools.wrapType2 {

2
doc/build-helpers/special/vm-tools.section.md
View File

@@ -125,8 +125,6 @@ A set of functions that build a predefined set of minimal Linux distributions im
* `debian10x86_64`
* `debian11i386`
* `debian11x86_64`
* `debian12i386`
* `debian12x86_64`
### Attributes {#vm-tools-diskImageFuns-attributes}

2
doc/build-helpers/testers.chapter.md
View File

@@ -364,7 +364,7 @@ including `nativeBuildInputs` to specify dependencies available to the `script`.
```nix
testers.runCommand {
name = "access-the-internet";
script = ''
command = ''
curl -o /dev/null https://example.com
touch $out
'';

6
doc/build-helpers/trivial-build-helpers.chapter.md
View File

@@ -732,7 +732,7 @@ writeShellApplication {
## `symlinkJoin` {#trivial-builder-symlinkJoin}
This can be used to put many derivations into the same directory structure. It works by creating a new derivation and adding symlinks to each of the paths listed. It expects two arguments, `name`, and `paths`. `name` (or alternatively `pname` and `version`) is the name used in the Nix store path for the created derivation. `paths` is a list of paths that will be symlinked. These paths can be to Nix store derivations or any other subdirectory contained within.
This can be used to put many derivations into the same directory structure. It works by creating a new derivation and adding symlinks to each of the paths listed. It expects two arguments, `name`, and `paths`. `name` is the name used in the Nix store path for the created derivation. `paths` is a list of paths that will be symlinked. These paths can be to Nix store derivations or any other subdirectory contained within.
Here is an example:
```nix
# adds symlinks of hello and stack to current build and prints "links added"
@@ -754,6 +754,10 @@ This creates a derivation with a directory structure like the following:
...
```
## `writeReferencesToFile` {#trivial-builder-writeReferencesToFile}
Deprecated. Use [`writeClosure`](#trivial-builder-writeClosure) instead.
## `writeClosure` {#trivial-builder-writeClosure}
Given a list of [store paths](https://nixos.org/manual/nix/stable/glossary#gloss-store-path) (or string-like expressions coercible to store paths), write their collective [closure](https://nixos.org/manual/nix/stable/glossary#gloss-closure) to a text file.

2
doc/doc-support/lib-function-docs.nix
View File

@@ -74,7 +74,7 @@
}
{
name = "customisation";
description = "Functions to customise (derivation-related) functions, derivations, or attribute sets";
description = "Functions to customise (derivation-related) functions, derivatons, or attribute sets";
}
{
name = "meta";

14
doc/doc-support/package.nix
View File

@@ -5,8 +5,6 @@
lib,
stdenvNoCC,
callPackage,
devmode,
mkShellNoCC,
documentation-highlighter,
nixos-render-docs,
nixpkgs ? { },
@@ -97,14 +95,10 @@ stdenvNoCC.mkDerivation (
pythonInterpreterTable = callPackage ./python-interpreter-table.nix { };
shell =
let
devmode' = devmode.override {
buildArgs = "./.";
open = "/share/doc/nixpkgs/manual.html";
};
in
mkShellNoCC { packages = [ devmode' ]; };
shell = callPackage ../../pkgs/tools/nix/web-devmode.nix {
buildArgs = "./.";
open = "/share/doc/nixpkgs/manual.html";
};
tests.manpage-urls = callPackage ../tests/manpage-urls.nix { };
};

4
doc/hooks/aws-c-common.section.md
View File

@@ -1,4 +0,0 @@
# `aws-c-common` {#aws-c-common}
This hook exposes its own [CMake](#cmake) modules by setting [`CMAKE_MODULE_PATH`](https://cmake.org/cmake/help/latest/variable/CMAKE_MODULE_PATH.html) through [the `cmakeFlags` variable](#cmake-flags)
to the nonstandard `$out/lib/cmake` directory, as a workaround for [an upstream bug](https://github.com/awslabs/aws-c-common/issues/844).

34
doc/hooks/cmake.section.md
View File

@@ -1,35 +1,3 @@
# cmake {#cmake}
Overrides the default configure phase to run the CMake command.
By default, we use the Make generator of CMake.
But when Ninja is also available as a `nativeBuildInput`, this setup hook will detect that and use the ninja generator.
Dependencies are added automatically to `CMAKE_PREFIX_PATH` so that packages are correctly detected by CMake.
Some additional flags are passed in to give similar behavior to configure-based packages.
By default, parallel building is enabled as CMake supports parallel building almost everywhere.
You can disable this hooks behavior by setting `configurePhase` to a custom value, or by setting `dontUseCmakeConfigure`.
## Variables controlling CMake {#cmake-variables-controlling}
### CMake Exclusive Variables {#cmake-exclusive-variables}
#### `cmakeFlags` {#cmake-flags}
Controls the flags passed to `cmake setup` during configure phase.
#### `cmakeBuildDir` {#cmake-build-dir}
Directory where CMake will put intermediate files.
Setting this can be useful for debugging multiple CMake builds while in the same source directory, for example, when building for different platforms.
Different values for each build will prevent build artefacts from interefering with each other.
This setting has no tangible effect when running the build in a sandboxed derivation.
The default value is `build`.
#### `dontUseCmakeConfigure` {#dont-use-cmake-configure}
When set to true, don't use the predefined `cmakeConfigurePhase`.
Overrides the default configure phase to run the CMake command. By default, we use the Make generator of CMake. In addition, dependencies are added automatically to `CMAKE_PREFIX_PATH` so that packages are correctly detected by CMake. Some additional flags are passed in to give similar behavior to configure-based packages. You can disable this hooks behavior by setting `configurePhase` to a custom value, or by setting `dontUseCmakeConfigure`. `cmakeFlags` controls flags passed only to CMake. By default, parallel building is enabled as CMake supports parallel building almost everywhere. When Ninja is also in use, CMake will detect that and use the ninja generator.

2
doc/hooks/index.md
View File

@@ -8,7 +8,6 @@ The stdenv built-in hooks are documented in [](#ssec-setup-hooks).
autoconf.section.md
automake.section.md
autopatchelf.section.md
aws-c-common.section.md
bmake.section.md
breakpoint.section.md
cernlib.section.md
@@ -40,5 +39,4 @@ versionCheckHook.section.md
waf.section.md
zig.section.md
xcbuild.section.md
xfce4-dev-tools.section.md
```

2
doc/hooks/just.section.md
View File

@@ -6,7 +6,7 @@ This setup hook attempts to use [the `just` command runner](https://just.systems
## `buildPhase` {#just-hook-buildPhase}
This phase attempts to invoke `just` with [the default recipe](https://just.systems/man/en/the-default-recipe.html).
This phase attempts to invoke `just` with [the default recipe](https://just.systems/man/en/chapter_23.html).
[]{#just-hook-dontUseJustBuild} This behavior can be disabled by setting `dontUseJustBuild` to `true`.

10
doc/hooks/meson.section.md
View File

@@ -18,16 +18,6 @@ setup hook registering ninja-based build and install phases.
Controls the flags passed to `meson setup` during configure phase.
#### `mesonBuildDir` {#meson-build-dir}
Directory where Meson will put intermediate files.
Setting this can be useful for debugging multiple Meson builds while in the same source directory, for example, when building for different platforms.
Different values for each build will prevent build artefacts from interefering with each other.
This setting has no tangible effect when running the build in a sandboxed derivation.
The default value is `build`.
#### `mesonWrapMode` {#meson-wrap-mode}
Which value is passed as

24
doc/hooks/tauri.section.md
View File

@@ -14,13 +14,15 @@ In Nixpkgs, `cargo-tauri.hook` overrides the default build and install phases.
rustPlatform,
fetchNpmDeps,
cargo-tauri,
darwin,
glib-networking,
libsoup,
nodejs,
npmHooks,
openssl,
pkg-config,
webkitgtk_4_1,
wrapGAppsHook4,
webkitgtk,
wrapGAppsHook3,
}:
rustPlatform.buildRustPackage rec {
@@ -45,15 +47,25 @@ rustPlatform.buildRustPackage rec {
# Make sure we can find our libraries
pkg-config
wrapGAppsHook4
wrapGAppsHook3
];
buildInputs =
[ openssl ]
++ lib.optionals stdenv.hostPlatform.isLinux [
++ lib.optionals stdenv.isLinux [
glib-networking # Most Tauri apps need networking
webkitgtk_4_1
];
libsoup
webkitgtk
]
++ lib.optionals stdenv.isDarwin (
with darwin.apple_sdk.frameworks;
[
AppKit
CoreServices
Security
WebKit
]
);
# Set our Tauri source directory
cargoRoot = "src-tauri";

5
doc/hooks/xfce4-dev-tools.section.md
View File

@@ -1,5 +0,0 @@
# `xfce.xfce4-dev-tools` {#xfce4-dev-tools}
This setup hook attempts to run `xdt-autogen` in `xdtAutogenPhase`, which is part of `preConfigurePhases`.
[]{#dontUseXdtAutogenPhase} This behavior can be disabled by setting `dontUseXdtAutogenPhase` to `true`.

2
doc/languages-frameworks/cuda.section.md
View File

@@ -150,7 +150,7 @@ All new projects should use the CUDA redistributables available in [`cudaPackage
In the scenario you are unable to run the resulting binary: this is arguably the most complicated as it could be any combination of the previous reasons. This type of failure typically occurs when a library attempts to load or open a library it depends on that it does not declare in its `DT_NEEDED` section. As a first step, ensure that dependencies are patched with [`autoAddDriverRunpath`](https://search.nixos.org/packages?channel=unstable&type=packages&query=autoAddDriverRunpath). Failing that, try running the application with [`nixGL`](https://github.com/guibou/nixGL) or a similar wrapper tool. If that works, it likely means that the application is attempting to load a library that is not in the `RPATH` or `RUNPATH` of the binary.
## Running Docker or Podman containers with CUDA support {#cuda-docker-podman}
## Running Docker or Podman containers with CUDA support {#running-docker-or-podman-containers-with-cuda-support}
It is possible to run Docker or Podman containers with CUDA support. The recommended mechanism to perform this task is to use the [NVIDIA Container Toolkit](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/index.html).

42
doc/languages-frameworks/dotnet.section.md
View File

@@ -27,48 +27,42 @@ mkShell {
name = "dotnet-env";
packages = [
(with dotnetCorePackages; combinePackages [
sdk_8_0
sdk_9_0
sdk_6_0
sdk_7_0
])
];
}
```
This will produce a dotnet installation that has the dotnet 8.0 9.0 sdk. The first sdk listed will have it's cli utility present in the resulting environment. Example info output:
This will produce a dotnet installation that has the dotnet 6.0 7.0 sdk. The first sdk listed will have it's cli utility present in the resulting environment. Example info output:
```ShellSession
$ dotnet --info
.NET SDK:
Version: 9.0.100
Commit: 59db016f11
Workload version: 9.0.100-manifests.3068a692
MSBuild version: 17.12.7+5b8665660
Version: 7.0.202
Commit: 6c74320bc3
Runtime Environment:
Środowisko uruchomieniowe:
OS Name: nixos
OS Version: 25.05
OS Version: 23.05
OS Platform: Linux
RID: linux-x64
Base Path: /nix/store/a03c70i7x6rjdr6vikczsp5ck3v6rixh-dotnet-sdk-9.0.100/share/dotnet/sdk/9.0.100/
.NET workloads installed:
There are no installed workloads to display.
Configured to use loose manifests when installing new manifests.
Base Path: /nix/store/n2pm44xq20hz7ybsasgmd7p3yh31gnh4-dotnet-sdk-7.0.202/sdk/7.0.202/
Host:
Version: 9.0.0
Version: 7.0.4
Architecture: x64
Commit: 9d5a6a9aa4
Commit: 0a396acafe
.NET SDKs installed:
8.0.404 [/nix/store/6wlrjiy10wg766490dcmp6x64zb1vc8j-dotnet-core-combined/share/dotnet/sdk]
9.0.100 [/nix/store/6wlrjiy10wg766490dcmp6x64zb1vc8j-dotnet-core-combined/share/dotnet/sdk]
6.0.407 [/nix/store/3b19303vwrhv0xxz1hg355c7f2hgxxgd-dotnet-core-combined/sdk]
7.0.202 [/nix/store/3b19303vwrhv0xxz1hg355c7f2hgxxgd-dotnet-core-combined/sdk]
.NET runtimes installed:
Microsoft.AspNetCore.App 8.0.11 [/nix/store/6wlrjiy10wg766490dcmp6x64zb1vc8j-dotnet-core-combined/share/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 9.0.0 [/nix/store/6wlrjiy10wg766490dcmp6x64zb1vc8j-dotnet-core-combined/share/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 8.0.11 [/nix/store/6wlrjiy10wg766490dcmp6x64zb1vc8j-dotnet-core-combined/share/dotnet/shared/Microsoft.NETCore.App]
Microsoft.NETCore.App 9.0.0 [/nix/store/6wlrjiy10wg766490dcmp6x64zb1vc8j-dotnet-core-combined/share/dotnet/shared/Microsoft.NETCore.App]
Microsoft.AspNetCore.App 6.0.15 [/nix/store/3b19303vwrhv0xxz1hg355c7f2hgxxgd-dotnet-core-combined/shared/Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 7.0.4 [/nix/store/3b19303vwrhv0xxz1hg355c7f2hgxxgd-dotnet-core-combined/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 6.0.15 [/nix/store/3b19303vwrhv0xxz1hg355c7f2hgxxgd-dotnet-core-combined/shared/Microsoft.NETCore.App]
Microsoft.NETCore.App 7.0.4 [/nix/store/3b19303vwrhv0xxz1hg355c7f2hgxxgd-dotnet-core-combined/shared/Microsoft.NETCore.App]
Other architectures found:
None
@@ -152,8 +146,8 @@ in buildDotnetModule rec {
buildInputs = [ referencedProject ]; # `referencedProject` must contain `nupkg` in the folder structure.
dotnet-sdk = dotnetCorePackages.sdk_8_0;
dotnet-runtime = dotnetCorePackages.runtime_8_0;
dotnet-sdk = dotnetCorePackages.sdk_6_0;
dotnet-runtime = dotnetCorePackages.runtime_6_0;
executables = [ "foo" ]; # This wraps "$out/lib/$pname/foo" to `$out/bin/foo`.
executables = []; # Don't install any executables.

2
doc/languages-frameworks/gnome.section.md
View File

@@ -64,7 +64,7 @@ To avoid costly file system access when locating icons, GTK, [as well as Qt](htt
### Packaging icon themes {#ssec-icon-theme-packaging}
Icon themes may inherit from other icon themes. The inheritance is specified using the `Inherits` key in the `index.theme` file distributed with the icon theme. According to the [icon theme specification](https://specifications.freedesktop.org/icon-theme-spec/latest), icons not provided by the theme are looked for in its parent icon themes. Therefore the parent themes should be installed as dependencies for a more complete experience regarding the icon sets used.
Icon themes may inherit from other icon themes. The inheritance is specified using the `Inherits` key in the `index.theme` file distributed with the icon theme. According to the [icon theme specification](https://specifications.freedesktop.org/icon-theme-spec/icon-theme-spec-latest.html), icons not provided by the theme are looked for in its parent icon themes. Therefore the parent themes should be installed as dependencies for a more complete experience regarding the icon sets used.
The package `hicolor-icon-theme` provides a setup hook which makes symbolic links for the parent themes into the directory `share/icons` of the current theme directory in the nix store, making sure they can be found at runtime. For that to work the packages providing parent icon themes should be listed as propagated build dependencies, together with `hicolor-icon-theme`.

10
doc/languages-frameworks/haskell.section.md
View File

@@ -57,8 +57,8 @@ Available compilers are collected under `haskell.compiler`.
Each of those compiler versions has a corresponding attribute set `packages` built with
it. However, the non-standard package sets are not tested regularly and, as a
result, contain fewer working packages. The corresponding package set for GHC
9.4.5 is `haskell.packages.ghc945`. In fact `haskellPackages` (at the time of writing) is just an alias
for `haskell.packages.ghc966`:
9.4.5 is `haskell.packages.ghc945`. In fact `haskellPackages` is just an alias
for `haskell.packages.ghc964`:
Every package set also re-exposes the GHC used to build its packages as `haskell.packages.*.ghc`.
@@ -191,10 +191,6 @@ and `version` from Hackage.
`sha256`
: Hash to use for the default case of `src`.
`sourceRoot`, `setSourceRoot`
: Passed to `stdenv.mkDerivation`; see [“Variables controlling the unpack
phase”](#variables-controlling-the-unpack-phase).
`revision`
: Revision number of the updated cabal file to fetch from Hackage.
If `null` (which is the default value), the one included in `src` is used.
@@ -764,7 +760,7 @@ that depend on that library, you may want to use:
```nix
haskellPackages.haskell-ci.overrideScope (self: super: {
Cabal = self.Cabal_3_14_0_0;
Cabal = self.Cabal_3_6_2_0;
})
```

1
doc/languages-frameworks/index.md
View File

@@ -93,7 +93,6 @@ ruby.section.md
rust.section.md
scheme.section.md
swift.section.md
tcl.section.md
texlive.section.md
titanium.section.md
vim.section.md

3
doc/languages-frameworks/java.section.md
View File

@@ -33,7 +33,8 @@ stdenv.mkDerivation {
```
Note that `jdk` is an alias for the OpenJDK (self-built where available,
or pre-built via Zulu).
or pre-built via Zulu). Platforms with OpenJDK not (yet) in Nixpkgs
(`Aarch32`, `Aarch64`) point to the (unfree) `oraclejdk`.
Also note that not using `stripJavaArchivesHook` will likely cause the
generated `.jar` files to be non-deterministic, which is not optimal.

31
doc/languages-frameworks/javascript.section.md
View File

@@ -428,26 +428,7 @@ NOTE: It is highly recommended to use a pinned version of pnpm (i.e. `pnpm_8` or
In case you are patching `package.json` or `pnpm-lock.yaml`, make sure to pass `finalAttrs.patches` to the function as well (i.e. `inherit (finalAttrs) patches`.
`pnpm.configHook` supports adding additional `pnpm install` flags via `pnpmInstallFlags` which can be set to a Nix string array:
```nix
{
pnpm,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "foo";
version = "0-unstable-1980-01-01";
src = ...;
pnpmInstallFlags = [ "--shamefully-hoist" ];
pnpmDeps = pnpm.fetchDeps {
inherit (finalAttrs) pnpmInstallFlags;
};
})
```
`pnpm.configHook` supports adding additional `pnpm install` flags via `pnpmInstallFlags` which can be set to a Nix string array.
#### Dealing with `sourceRoot` {#javascript-pnpm-sourceRoot}
@@ -478,16 +459,16 @@ Assuming the following directory structure, we can define `sourceRoot` and `pnpm
#### PNPM Workspaces {#javascript-pnpm-workspaces}
If you need to use a PNPM workspace for your project, then set `pnpmWorkspaces = [ "<workspace project name 1>" "<workspace project name 2>" ]`, etc, in your `pnpm.fetchDeps` call,
which will make PNPM only install dependencies for those workspace packages.
If you need to use a PNPM workspace for your project, then set `pnpmWorkspace = "<workspace project name>"` in your `pnpm.fetchDeps` call,
which will make PNPM only install dependencies for that workspace package.
For example:
```nix
...
pnpmWorkspaces = [ "@astrojs/language-server" ];
pnpmWorkspace = "@astrojs/language-server";
pnpmDeps = pnpm.fetchDeps {
inherit (finalAttrs) pnpmWorkspaces;
inherit (finalAttrs) pnpmWorkspace;
...
}
```
@@ -495,7 +476,7 @@ pnpmDeps = pnpm.fetchDeps {
The above would make `pnpm.fetchDeps` call only install dependencies for the `@astrojs/language-server` workspace package.
Note that you do not need to set `sourceRoot` to make this work.
Usually in such cases, you'd want to use `pnpm --filter=<pnpm workspace name> build` to build your project, as `npmHooks.npmBuildHook` probably won't work. A `buildPhase` based on the following example will probably fit most workspace projects:
Usually in such cases, you'd want to use `pnpm --filter=$pnpmWorkspace build` to build your project, as `npmHooks.npmBuildHook` probably won't work. A `buildPhase` based on the following example will probably fit most workspace projects:
```nix
buildPhase = ''

1
doc/languages-frameworks/python.section.md
View File

@@ -55,7 +55,6 @@ sets are
* `pkgs.python311Packages`
* `pkgs.python312Packages`
* `pkgs.python313Packages`
* `pkgs.python314Packages`
* `pkgs.pypy27Packages`
* `pkgs.pypy39Packages`
* `pkgs.pypy310Packages`

8
doc/languages-frameworks/qt.section.md
View File

@@ -25,14 +25,12 @@ stdenv.mkDerivation {
The same goes for Qt 5 where libraries and tools are under `libsForQt5`.
Any Qt package should include `wrapQtAppsHook` or `wrapQtAppsNoGuiHook` in `nativeBuildInputs`, or explicitly set `dontWrapQtApps` to bypass generating the wrappers.
Any Qt package should include `wrapQtAppsHook` in `nativeBuildInputs`, or explicitly set `dontWrapQtApps` to bypass generating the wrappers.
::: {.note}
Qt 6 graphical applications should also include `qtwayland` in `buildInputs` on Linux (but not on platforms e.g. Darwin, where `qtwayland` is not available), to ensure the Wayland platform plugin is available.
`wrapQtAppsHook` propagates plugins and QML components from `qtwayland` on platforms that support it, to allow applications to act as native Wayland clients. It should be used for all graphical applications.
`wrapQtAppsNoGuiHook` does not propagate `qtwayland` to reduce closure size for purely command-line applications.
This may become default in the future, see [NixOS/nixpkgs#269674](https://github.com/NixOS/nixpkgs/pull/269674).
:::
## Packages supporting multiple Qt versions {#qt-versions}

36
doc/languages-frameworks/rust.section.md
View File

@@ -64,18 +64,10 @@ hash using `nix-hash --to-sri --type sha256 "<original sha256>"`.
```
Exception: If the application has cargo `git` dependencies, the `cargoHash`
approach will not work by default. In this case, you can set `useFetchCargoVendor = true`
to use an improved fetcher that supports handling `git` dependencies.
approach will not work, and you will need to copy the `Cargo.lock` file of the application
to nixpkgs and continue with the next section for specifying the options of the `cargoLock`
section.
```nix
{
useFetchCargoVendor = true;
cargoHash = "sha256-RqPVFovDaD2rW31HyETJfQ0qVwFxoGEvqkIgag3H6KU=";
}
```
If this method still does not work, you can resort to copying the `Cargo.lock` file into nixpkgs
and importing it as described in the [next section](#importing-a-cargo.lock-file).
Both types of hashes are permitted when contributing to nixpkgs. The
Cargo hash is obtained by inserting a fake checksum into the
@@ -170,10 +162,9 @@ rustPlatform.buildRustPackage {
}
```
If the upstream source repository lacks a `Cargo.lock` file, you must add one
to `src`, as it is essential for building a Rust package. Setting
`cargoLock.lockFile` or `cargoLock.lockFileContents` will not automatically add
a `Cargo.lock` file to `src`. A straightforward solution is to use:
Note that setting `cargoLock.lockFile` or `cargoLock.lockFileContents`
doesn't add a `Cargo.lock` to your `src`, and a `Cargo.lock` is still
required to build a rust package. A simple fix is to use:
```nix
{
@@ -470,17 +461,6 @@ also be used:
the `Cargo.lock`/`Cargo.toml` files need to be patched before
vendoring.
In case the lockfile contains cargo `git` dependencies, you can use
`fetchCargoVendor` instead.
```nix
{
cargoDeps = rustPlatform.fetchCargoVendor {
inherit src;
hash = "sha256-RqPVFovDaD2rW31HyETJfQ0qVwFxoGEvqkIgag3H6KU=";
};
}
```
If a `Cargo.lock` file is available, you can alternatively use the
`importCargoLock` function. In contrast to `fetchCargoTarball`, this
function does not require a hash (unless git dependencies are used)
@@ -698,7 +678,7 @@ Some projects, especially GNOME applications, are built with the Meson Build Sys
, blueprint-compiler
, libadwaita
, libsecret
, tinysparql
, tracker
}:
stdenv.mkDerivation rec {
@@ -732,7 +712,7 @@ stdenv.mkDerivation rec {
buildInputs = [
libadwaita
libsecret
tinysparql
tracker
];
# ...

54
doc/languages-frameworks/tcl.section.md
View File

@@ -1,54 +0,0 @@
# Tcl {#sec-language-tcl}
## User guide {#sec-language-tcl-user-guide}
Tcl interpreters are available under the `tcl` and `tcl-X_Y` attributes, where `X_Y` is the Tcl version.
Tcl libraries are available in the `tclPackages` attribute set.
They are only guaranteed to work with the default Tcl version, but will probably also work with others thanks to the [stubs mechanism](https://wiki.tcl-lang.org/page/Stubs).
## Packaging guide {#sec-language-tcl-packaging}
Tcl packages are typically built with `tclPackages.mkTclDerivation`.
Tcl dependencies go in `buildInputs`/`nativeBuildInputs`/... like other packages.
For more complex package definitions, such as packages with mixed languages, use `tcl.tclPackageHook`.
Where possible, make sure to enable stubs for maximum compatibility, usually with the `--enable-stubs` configure flag.
Here is a simple package example to be called with `tclPackages.callPackage`.
```
{ lib, fetchzip, mkTclDerivation, openssl }:
mkTclDerivation rec {
pname = "tcltls";
version = "1.7.22";
src = fetchzip {
url = "https://core.tcl-lang.org/tcltls/uv/tcltls-${version}.tar.gz";
hash = "sha256-TOouWcQc3MNyJtaAGUGbaQoaCWVe6g3BPERct/V65vk=";
};
buildInputs = [ openssl ];
configureFlags = [
"--with-ssl-dir=${openssl.dev}"
"--enable-stubs"
];
meta = {
homepage = "https://core.tcl-lang.org/tcltls/index";
description = "OpenSSL / RSA-bsafe Tcl extension";
maintainers = [ lib.maintainers.agbrooks ];
license = lib.licenses.tcltk;
platforms = lib.platforms.unix;
};
}
```
All Tcl libraries are declared in `pkgs/top-level/tcl-packages.nix` and are defined in `pkgs/development/tcl-modules/`.
If possible, prefer the by-name hierarchy in `pkgs/development/tcl-modules/by-name/`.
Its use is documented in `pkgs/development/tcl-modules/by-name/README.md`.
All Tcl applications reside elsewhere.
In case a package is used as both a library and an application (for example `expect`), it should be defined in `tcl-packages.nix`, with an alias elsewhere.

2
doc/languages-frameworks/texlive.section.md
View File

@@ -1,6 +1,6 @@
# TeX Live {#sec-language-texlive}
There is a TeX Live packaging that lives entirely under attribute `texlive`.
Since release 15.09 there is a new TeX Live packaging that lives entirely under attribute `texlive`.
## User's guide (experimental new interface) {#sec-language-texlive-user-guide-experimental}

13
doc/languages-frameworks/vim.section.md
View File

@@ -232,19 +232,6 @@ To add a new plugin, run `nix-shell -p vimPluginsUpdater --run 'vim-plugins-upda
Finally, there are some plugins that are also packaged in nodePackages because they have Javascript-related build steps, such as running webpack. Those plugins are not listed in `vim-plugin-names` or managed by `vimPluginsUpdater` at all, and are included separately in `overrides.nix`. Currently, all these plugins are related to the `coc.nvim` ecosystem of the Language Server Protocol integration with Vim/Neovim.
### Testing Neovim plugins {#testing-neovim-plugins}
`nvimRequireCheck=MODULE` is a simple test which checks if Neovim can requires the lua module `MODULE` without errors. This is often enough to catch missing dependencies.
This can be manually added through plugin definition overrides in the [overrides.nix](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/overrides.nix).
```nix
gitsigns-nvim = super.gitsigns-nvim.overrideAttrs {
dependencies = [ self.plenary-nvim ];
nvimRequireCheck = "gitsigns";
};
```
### Plugin optional configuration {#vim-plugin-required-snippet}
Some plugins require specific configuration to work. We choose not to

2
doc/packages/nginx.section.md
View File

@@ -8,4 +8,4 @@ HTTP has a couple of different mechanisms for caching to prevent clients from ha
Fortunately, HTTP supports an alternative (and more effective) caching mechanism: the [`ETag`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag) response header. The value of the `ETag` header specifies some identifier for the particular content that the server is sending (e.g., a hash). When a client makes a second request for the same resource, it sends that value back in an `If-None-Match` header. If the ETag value is unchanged, then the server does not need to resend the content.
The nginx package in Nixpkgs is patched such that when nginx serves a file out of `/nix/store`, the hash in the store path is used as the `ETag` header in the HTTP response, thus providing proper caching functionality. With NixOS 24.05 and later, the `ETag` additionally includes the response content length, to ensure files served with static compression do not share `ETag`s with their uncompressed version. This `ETag` functionality is enabled automatically; you do not need to do modify any configuration to get this behavior.
As of NixOS 19.09, the nginx package in Nixpkgs is patched such that when nginx serves a file out of `/nix/store`, the hash in the store path is used as the `ETag` header in the HTTP response, thus providing proper caching functionality. With NixOS 24.05 and later, the `ETag` additionally includes the response content length, to ensure files served with static compression do not share `ETag`s with their uncompressed version. This `ETag` functionality is enabled automatically; you do not need to do modify any configuration to get this behavior.

1
doc/packages/steam.section.md
View File

@@ -31,6 +31,7 @@ Use `programs.steam.enable = true;` if you want to add steam to `systemPackages`
- **Using the FOSS Radeon or nouveau (nvidia) drivers**
- The `newStdcpp` parameter was removed since NixOS 17.09 and should not be needed anymore.
- Steam ships statically linked with a version of `libcrypto` that conflicts with the one dynamically loaded by radeonsi_dri.so. If you get the error:
```

335
doc/stdenv/platform-notes.chapter.md
View File

@@ -2,301 +2,66 @@
## Darwin (macOS) {#sec-darwin}
The Darwin `stdenv` differs from most other ones in Nixpkgs in a few key ways.
These differences reflect the default assumptions for building software on that platform.
In many cases, you can ignore these differences because the software you are packaging is already written with them in mind.
When you do that, write your derivation as normal. You dont have to include any Darwin-specific special cases.
The easiest way to know whether your derivation requires special handling for Darwin is to write it as if it doesnt and see if it works.
If it does, youre done; skip the rest of this.
Some common issues when packaging software for Darwin:
- Darwin uses Clang by default instead of GCC. Packages that refer to `$CC` or `cc` should just work in most cases.
Some packages may hardcode `gcc` or `g++`. You can usually fix that by setting `makeFlags = [ "CC=cc" "CXX=C++" ]`.
If that does not work, you will have to patch the build scripts yourself to use the correct compiler for Darwin.
- Darwin needs an SDK to build software.
The SDK provides a default set of frameworks and libraries to build software, most of which are specific to Darwin.
There are multiple versions of the SDK packages in Nixpkgs, but one is included by default in the `stdenv`.
Usually, you dont have to change or pick a different SDK. When in doubt, use the default.
- The SDK used by your build can be found using the `DEVELOPER_DIR` environment variable.
There are also versions of this variable available when cross-compiling depending on the SDKs role.
The `SDKROOT` variable is also set with the path to the SDKs libraries and frameworks.
`SDKROOT` is always a sub-folder of `DEVELOPER_DIR`.
- Darwin includes a platform-specific tool called `xcrun` to help builds locate binaries they need.
A version of `xcrun` is part of the `stdenv` on Darwin.
If your package invokes `xcrun` via an absolute path (such as `/usr/bin/xcrun`), you will need to patch the build scripts to use `xcrun` instead.
- The Darwin `stdenv` uses clang instead of gcc. When referring to the compiler `$CC` or `cc` will work in both cases. Some builds hardcode gcc/g++ in their build scripts, that can usually be fixed with using something like `makeFlags = [ "CC=cc" ];` or by patching the build scripts.
To reiterate: you usually dont have to worry about this stuff.
Start with writing your derivation as if everything is already set up for you (because in most cases it already is).
If you run into issues or failures, continue reading below for how to deal with the most common issues you may encounter.
### Darwin Issue Troubleshooting {#sec-darwin-troubleshooting}
#### Package requires a non-default SDK or fails to build due to missing frameworks or symbols {#sec-darwin-troubleshooting-using-sdks}
In some cases, you may have to use a non-default SDK.
This can happen when a package requires APIs that are not present in the default SDK.
For example, Metal Performance Shaders were added in macOS 12.
If the default SDK is 11.3, then a package that requires Metal Performance Shaders will fail to build due to missing frameworks and symbols.
To use a non-default SDK, add it to your derivations `buildInputs`.
It is not necessary to override the SDK in the `stdenv` nor is it necessary to override the SDK used by your dependencies.
If your derivation needs a non-default SDK at build time (e.g., for a `depsBuildBuild` compiler), see the cross-compilation documentation for which input you should use.
When determining whether to use a non-default SDK, consider the following:
- Try building your derivation with the default SDK. If it works, youre done.
- If the package specifies a specific version, use that. See below for how to map Xcode version to SDK version.
- If the packages documentation indicates it supports optional features on newer SDKs, consider using the SDK that enables those features.
If youre not sure, use the default SDK.
Note: It is possible to have multiple, different SDK versions in your inputs.
When that happens, the one with the highest version is always used.
```nix
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
buildInputs = [ apple-sdk_14 ];
}
```
#### What is a “deployment target” (or minimum version)? {#sec-darwin-troubleshooting-using-deployment-targets}
The “deployment target” refers to the minimum version of macOS that is expected to run an application.
In most cases, the default is fine, and you dont have to do anything else.
If youre not sure, dont do anything, and that will probably be fine.
Some packages require setting a non-default deployment target (or minimum version) to gain access to certain APIs.
You do that using the `darwinMinVersionHook`, which takes the deployment target version as a parameter.
There are primarily two ways to determine the deployment target.
- The upstream documentation will specify a deployment target or minimum version. Use that.
- The build will fail because an API requires a certain version. Use that.
- In all other cases, you probably dont need to specify a minimum version. The default is usually good enough.
```nix
stdenv.mkDerivation {
name = "libfoo-1.2.3"; # Upstream specifies the minimum supported version as 12.5.
buildInputs = [ (darwinMinVersionHook "12.5") ];
}
```
Note: It is possible to have multiple, different instances of `darwinMinVerisonHook` in your inputs.
When that happens, the one with the highest version is always used.
#### Picking an SDK version {#sec-darwin-troubleshooting-picking-sdk-version}
The following is a list of Xcode versions, the SDK version in Nixpkgs, and the attribute to use to add it.
Check your packages documentation (platform support or installation instructions) to find which Xcode or SDK version to use.
Generally, only the last SDK release for a major version is packaged (each _x_ in 10._x_ until 10.15 is considered a major version).
| Xcode version | SDK version | Nixpkgs attribute |
|--------------------|---------------------------------------------------|-------------------|
| Varies by platform | 10.12.2 (x86_64-darwin)<br/>11.3 (aarch64-darwin) | `apple-sdk` |
| 8.08.3.3 | 10.12.2 | `apple-sdk_10_12` |
| 9.09.4.1 | 10.13.2 | `apple-sdk_10_13` |
| 10.010.3 | 10.14.6 | `apple-sdk_10_14` |
| 11.011.7 | 10.15.6 | `apple-sdk_10_15` |
| 12.012.5.1 | 11.3 | `apple-sdk_11` |
| 13.013.4.1 | 12.3 | `apple-sdk_12` |
| 14.014.3.1 | 13.3 | `apple-sdk_13` |
| 15.015.4 | 14.4 | `apple-sdk_14` |
| 16.0 | 15.0 | `apple-sdk_15` |
#### Darwin Default SDK versions {#sec-darwin-troubleshooting-darwin-defaults}
The current default versions of the deployment target (minimum version) and SDK are indicated by Darwin-specific attributes on the platform. Because of the ways that minimum version and SDK can be changed that are not visible to Nix, they should be treated as lower bounds.
If you need to parameterize over a specific version, create a function that takes the version as a parameter instead of relying on these attributes.
- `darwinMinVersion` defaults to 10.12 on x86_64-darwin and 11.0 on aarch64-darwin.
It sets the default deployment target.
- `darwinSdkVersion` defaults to 10.12 on x86-64-darwin and 11.0 on aarch64-darwin.
Only the major version determines the SDK version, resulting in the 10.12.2 and 11.3 SDKs being used on these platforms respectively.
#### `xcrun` cannot find a binary {#sec-darwin-troubleshooting-xcrun}
`xcrun` searches `PATH` and the SDKs toolchain for binaries to run.
If it cannot find a required binary, it will fail. When that happens, add the package for that binary to your derivations `nativeBuildInputs` (or `nativeCheckInputs` if the failure is happening when running tests).
```nix
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
nativeBuildInputs = [ bison ];
buildCommand = ''
xcrun bison foo.y # produces foo.tab.c
```nix
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
'';
}
```
buildPhase = ''
$CC -o hello hello.c
'';
}
```
#### Package requires `xcodebuild` {#sec-darwin-troubleshooting-xcodebuild}
- On Darwin, libraries are linked using absolute paths, libraries are resolved by their `install_name` at link time. Sometimes packages wont set this correctly causing the library lookups to fail at runtime. This can be fixed by adding extra linker flags or by running `install_name_tool -id` during the `fixupPhase`.
The xcbuild package provides an `xcodebuild` command for packages that really depend on Xcode.
This replacement is not 100% compatible and may run into some issues, but it is able to build many packages.
To use `xcodebuild`, add `xcbuildHook` to your packages `nativeBuildInputs`.
It will provide a `buildPhase` for your derivation.
You can use `xcbuildFlags` to specify flags to `xcodebuild` such as the required schema.
If a schema has spaces in its name, you must set `__structuredAttrs` to `true`.
See MoltenVK for an example of setting up xcbuild.
```nix
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
makeFlags = lib.optional stdenv.hostPlatform.isDarwin "LDFLAGS=-Wl,-install_name,$(out)/lib/libfoo.dylib";
}
```
```nix
stdenv.mkDerivation {
name = "libfoo-1.2.3";
xcbuildFlags = [
"-configuration"
"Release"
"-project"
"libfoo-project.xcodeproj"
"-scheme"
"libfoo Package (macOS only)"
];
__structuredAttrs = true;
}
```
- Even if the libraries are linked using absolute paths and resolved via their `install_name` correctly, tests can sometimes fail to run binaries. This happens because the `checkPhase` runs before the libraries are installed.
##### Fixing absolute paths to `xcodebuild`, `xcrun`, and `PlistBuddy` {#sec-darwin-troubleshooting-xcodebuild-absolute-paths}
This can usually be solved by running the tests after the `installPhase` or alternatively by using `DYLD_LIBRARY_PATH`. More information about this variable can be found in the *dyld(1)* manpage.
Many build systems hardcode the absolute paths to `xcodebuild`, `xcrun`, and `PlistBuddy` as `/usr/bin/xcodebuild`, `/usr/bin/xcrun`, and `/usr/libexec/PlistBuddy` respectively.
These paths will need to be replaced with relative paths and the xcbuild package if `xcodebuild` or `PListBuddy` are used.
```
dyld: Library not loaded: /nix/store/7hnmbscpayxzxrixrgxvvlifzlxdsdir-jq-1.5-lib/lib/libjq.1.dylib
Referenced from: /private/tmp/nix-build-jq-1.5.drv-0/jq-1.5/tests/../jq
Reason: image not found
./tests/jqtest: line 5: 75779 Abort trap: 6
```
```nix
stdenv.mkDerivation {
name = "libfoo-1.2.3";
postPatch = ''
substituteInPlace Makefile \
--replace-fail '/usr/bin/xcodebuild' 'xcodebuild' \
--replace-fail '/usr/bin/xcrun' 'xcrun' \
--replace-fail '/usr/bin/PListBuddy' 'PListBuddy'
'';
}
```
```nix
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
doInstallCheck = true;
installCheckTarget = "check";
}
```
#### How to use libiconv on Darwin {#sec-darwin-troubleshooting-libiconv}
- Some packages assume xcode is available and use `xcrun` to resolve build tools like `clang`, etc. This causes errors like `xcode-select: error: no developer tools were found at '/Applications/Xcode.app'` while the build doesnt actually depend on xcode.
The libiconv package is included in the SDK by default along with libresolv and libsbuf.
You do not need to do anything to use these packages. They are available automatically.
If your derivation needs the `iconv` binary, add the `libiconv` package to your `nativeBuildInputs` (or `nativeCheckInputs` for tests).
```nix
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
prePatch = ''
substituteInPlace Makefile \
--replace-fail '/usr/bin/xcrun clang' clang
'';
}
```
#### Library install name issues {#sec-darwin-troubleshooting-install-name}
The package `xcbuild` can be used to build projects that really depend on Xcode. However, this replacement is not 100% compatible with Xcode and can occasionally cause issues.
Libraries on Darwin are usually linked with absolute paths.
This is determined by something called an “install name”, which is resolved at link time.
Sometimes packages will not set this correctly, causing binaries linking to it not to find their libraries at runtime.
This can be fixed by adding extra linker flags or by using `install_name_tool` to set it in `fixupPhase`.
##### Setting the install name via linker flags {#sec-darwin-troubleshooting-install-name-linker-flags}
```nix
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
makeFlags = lib.optional stdenv.hostPlatform.isDarwin "LDFLAGS=-Wl,-install_name,$(out)/lib/libfoo.dylib";
}
```
##### Setting the install name using `install_name_tool` {#sec-darwin-troubleshooting-install-name-install_name_tool}
```nix
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
postFixup = ''
# `-id <install_name>` takes the install name. The last parameter is the path to the library.
${stdenv.cc.targetPrefix}install_name_tool -id "$out/lib/libfoo.dylib" "$out/lib/libfoo.dylib"
'';
}
```
Even if libraries are linked using absolute paths and resolved via their install name correctly, tests in `checkPhase` can sometimes fail to run binaries because they are linked against libraries that have not yet been installed.
This can usually be solved by running the tests after the `installPhase` or by using `DYLD_LIBRARY_PATH` (see {manpage}`dyld(1)` for more on setting `DYLD_LIBRARY_PATH`).
##### Setting the install name using `fixDarwinDylibNames` hook {#sec-darwin-troubleshooting-install-name-fixDarwinDylibNames}
If your package has numerous dylibs needing fixed, while it is preferable to fix the issue in the packages build, you can update them all by adding the `fixDarwinDylibNames` hook to your `nativeBuildInputs`.
This hook will scan your packages outputs for dylibs and correct their install names.
Note that if any binaries in your outputs linked those dylibs, you may need to use `install_name_tool` to replace references to them with the correct paths.
#### Propagating an SDK (advanced, compilers-only) {#sec-darwin-troubleshooting-propagating-sdks}
The SDK is a package, and it can be propagated.
`darwinMinVersionHook` with a version specified can also be propagated.
However, most packages should *not* do this.
The exception is compilers.
When you propagate an SDK, it becomes part of your derivations public API, and changing the SDK or removing it can be a breaking change.
That is why propagating it is only recommended for compilers.
When authoring a compiler derivation, propagate the SDK only for the ways you expect users to use your compiler.
Depending on your expected use cases, you may have to do one or all of these.
- Put it in `depsTargetTargetPropagated` when your compiler is expected to be added to `nativeBuildInputs`.
That will ensure the SDK is effectively part of the target derivations `buildInputs`.
- If your compiler uses a hook, put it in the hooks `depsTargetTargetPropagated` instead.
The effect should be the same as the above.
- If your package uses the builder pattern, update your builder to add the SDK to the derivations `buildInputs`.
If youre not sure whether to propagate an SDK, dont.
If your package is a compiler or language, and youre not sure, ask @NixOS/darwin-maintainers for help deciding.
### Dealing with `darwin.apple_sdk.frameworks` {#sec-darwin-legacy-frameworks}
You may see references to `darwin.apple_sdk.frameworks`.
This is the legacy SDK pattern, and it is being phased out.
All packages in `darwin.apple_sdk`, `darwin.apple_sdk_11_0`, and `darwin.apple_sdk_12_3` are stubs that do nothing.
If your derivation references them, you can delete them. The default SDK should be enough to build your package.
Note: the new SDK pattern uses the name `apple-sdk` to better align with Nixpkgs naming conventions.
The legacy SDK pattern uses `apple_sdk`.
You always know you are using the old SDK pattern if the name is `apple_sdk`.
Some derivations may depend on the location of frameworks in those old packages.
To update your derivation to find them in the new SDK, use `$SDKROOT` instead in `preConfigure`.
For example, if you substitute `${darwin.apple_sdk.frameworks.OpenGL}/Library/Frameworks/OpenGL.framework` in `postPatch`, replace it with `$SDKROOT/System/Library/Frameworks/OpenGL.framework` in `preConfigure`.
Note that if your derivation is changing a system path (such as `/System/Library/Frameworks/OpenGL.framework`), you may be able to remove the path.
Compilers and binutils targeting Darwin look for system paths in the SDK sysroot.
Some of them (such as Zig or `bindgen` for Rust) depend on it.
#### Updating legacy SDK overrides {#sec-darwin-legacy-frameworks-overrides}
The legacy SDK provided two ways of overriding the default SDK.
These are both being phased out along with the legacy SDKs.
They have been updated to set up the new SDK for you, but you should replace them with doing that directly.
- `pkgs.darwin.apple_sdk_11_0.callPackage` - this pattern was used to provide frameworks from the 11.0 SDK.
It now adds the `apple-sdk_11` package to your derivations build inputs.
- `overrideSDK` - this stdenv adapter would try to replace the frameworks used by your derivation and its transitive dependencies.
It now adds the `apple-sdk_11` package for `11.0` or the `apple-sdk_12` package for `12.3`.
If `darwinMinVersion` is specified, it will add `darwinMinVersionHook` with the specified minimum version.
No other SDK versions are supported.
### Darwin Cross-Compilation {#sec-darwin-legacy-cross-compilation}
Darwin supports cross-compilation between Darwin platforms.
Cross-compilation from Linux is not currently supported but may be supported in the future.
To cross-compile to Darwin, you can set `crossSystem` or use one of the Darwin systems in `pkgsCross`.
The `darwinMinVersionHook` and the SDKs support cross-compilation.
If you need to specify a different SDK version for a `depsBuildBuild` compiler, add it to your `nativeBuildInputs`.
```nix
stdenv.mkDerivation {
name = "libfoo-1.2.3";
# ...
depsBuildBuild = [ buildPackages.stdenv.cc ];
nativeBuildInputs = [ apple-sdk_12 ];
buildInputs = [ apple-sdk_13 ];
depsTargetTargetPropagated = [ apple-sdk_14 ];
}
# The build-build `clang` will use the 12.3 SDK while the package build itself will use the 13.3 SDK.
# Derivations that add this package as an input will have the 14.4 SDK propagated to them.
```
The different target SDK and hooks are mangled based on role:
- `DEVELOPER_DIR_FOR_BUILD` and `MACOSX_DEPLOYMENT_TARGET_FOR_BUILD` for the build platform;
- `DEVELOPER_DIR` and `MACOSX_DEPLOYMENT_TARGET` for the host platform; and
- `DEVELOPER_DIR_FOR_TARGET` and `MACOSX_DEPLOYMENT_TARGET_FOR_TARGET` for the build platform.
In static compilation situations, it is possible for the build and host platform to be the same platform but have different SDKs with the same version (one dynamic and one static).
cc-wrapper and bintools-wrapper take care of handling this distinction.
- x86_64-darwin uses the 10.12 SDK by default, but some software is not compatible with that version of the SDK. In that case,
the 11.0 SDK used by aarch64-darwin is available for use on x86_64-darwin. To use it, reference `apple_sdk_11_0` instead of
`apple_sdk` in your derivation and use `pkgs.darwin.apple_sdk_11_0.callPackage` instead of `pkgs.callPackage`. On Linux, this will
have the same effect as `pkgs.callPackage`, so you can use `pkgs.darwin.apple_sdk_11_0.callPackage` regardless of platform.

6
doc/using/configuration.chapter.md
View File

@@ -154,13 +154,11 @@ There are several ways to tweak how Nix handles a package which has been marked
The `allowInsecurePredicate` option is a function which accepts a package and returns a boolean, much like `allowUnfreePredicate`.
The following configuration example allows any version of the `ovftool` package:
The following configuration example only allows insecure packages with very short names:
```nix
{
allowInsecurePredicate = pkg: builtins.elem (lib.getName pkg) [
"ovftool"
];
allowInsecurePredicate = pkg: builtins.stringLength (lib.getName pkg) <= 5;
}
```

31
flake.nix
View File

@@ -80,17 +80,8 @@
checks = forAllSystems (system: {
tarball = jobs.${system}.tarball;
} // lib.optionalAttrs
(
self.legacyPackages.${system}.stdenv.hostPlatform.isLinux
# Exclude power64 due to "libressl is not available on the requested hostPlatform" with hostPlatform being power64
&& !self.legacyPackages.${system}.targetPlatform.isPower64
# Exclude armv6l-linux due to "cannot bootstrap GHC on this platform ('armv6l-linux' with libc 'defaultLibc')"
&& system != "armv6l-linux"
# Exclude riscv64-linux due to "cannot bootstrap GHC on this platform ('riscv64-linux' with libc 'defaultLibc')"
&& system != "riscv64-linux"
)
{
# Exclude power64 due to "libressl is not available on the requested hostPlatform" with hostPlatform being power64
} // lib.optionalAttrs (self.legacyPackages.${system}.stdenv.hostPlatform.isLinux && !self.legacyPackages.${system}.targetPlatform.isPower64) {
# Test that ensures that the nixosSystem function can accept a lib argument
# Note: prefer not to extend or modify `lib`, especially if you want to share reusable modules
# alternatives include: `import` a file, or put a custom library in an option or in `_module.args.<libname>`
@@ -120,20 +111,10 @@
}).nixos.manual;
};
devShells = forAllSystems (system:
{ } // lib.optionalAttrs
(
# Exclude armv6l-linux because "Package ghc-9.6.6 in .../pkgs/development/compilers/ghc/common-hadrian.nix:579 is not available on the requested hostPlatform"
system != "armv6l-linux"
# Exclude riscv64-linux because "Package ghc-9.6.6 in .../pkgs/development/compilers/ghc/common-hadrian.nix:579 is not available on the requested hostPlatform"
&& system != "riscv64-linux"
# Exclude FreeBSD because "Package ghc-9.6.6 in .../pkgs/development/compilers/ghc/common-hadrian.nix:579 is not available on the requested hostPlatform"
&& !self.legacyPackages.${system}.stdenv.hostPlatform.isFreeBSD
)
{
/** A shell to get tooling for Nixpkgs development. See nixpkgs/shell.nix. */
default = import ./shell.nix { inherit system; };
});
devShells = forAllSystems (system: {
/** A shell to get tooling for Nixpkgs development. See nixpkgs/shell.nix. */
default = import ./shell.nix { inherit system; };
});
/**
A nested structure of [packages](https://nix.dev/manual/nix/latest/glossary#package-attribute-set) and other values.

5
lib/attrsets.nix
View File

@@ -7,7 +7,7 @@ let
inherit (builtins) head length;
inherit (lib.trivial) oldestSupportedReleaseIsAtLeast mergeAttrs warn warnIf;
inherit (lib.strings) concatStringsSep concatMapStringsSep escapeNixIdentifier sanitizeDerivationName;
inherit (lib.lists) filter foldr foldl' concatMap elemAt all partition groupBy take foldl;
inherit (lib.lists) foldr foldl' concatMap elemAt all partition groupBy take foldl;
in
rec {
@@ -644,7 +644,8 @@ rec {
filterAttrs =
pred:
set:
removeAttrs set (filter (name: ! pred name set.${name}) (attrNames set));
listToAttrs (concatMap (name: let v = set.${name}; in if pred name v then [(nameValuePair name v)] else []) (attrNames set));
/**
Filter an attribute set recursively by removing all attributes for

2
lib/default.nix
View File

@@ -152,7 +152,7 @@ let
scrubOptionValue literalExpression literalExample
showOption showOptionWithDefLocs showFiles
unknownModule mkOption mkPackageOption mkPackageOptionMD
literalMD;
mdDoc literalMD;
inherit (self.types) isType setType defaultTypeMerge defaultFunctor
isOptionType mkOptionType;
inherit (self.asserts)

24
lib/fixed-points.nix
View File

@@ -160,9 +160,7 @@ rec {
A fixed-point function returning an attribute set has the form
```nix
final: {
# attributes
}
final: { # attributes }
```
where `final` refers to the lazily evaluated attribute set returned by the fixed-point function.
@@ -170,9 +168,7 @@ rec {
An overlay to such a fixed-point function has the form
```nix
final: prev: {
# attributes
}
final: prev: { # attributes }
```
where `prev` refers to the result of the original function to `final`, and `final` is the result of the composition of the overlay and the original function.
@@ -181,12 +177,8 @@ rec {
```nix
let
f = final: {
# attributes
};
overlay = final: prev: {
# attributes
};
f = final: { # attributes };
overlay = final: prev: { # attributes };
in extends overlay f;
```
@@ -194,12 +186,8 @@ rec {
```nix
let
f = final: {
# attributes
};
overlay = final: prev: {
# attributes
};
f = final: { # attributes };
overlay = final: prev: { # attributes };
g = extends overlay f;
in fix g
```

29
lib/licenses.nix
View File

@@ -213,11 +213,6 @@ lib.mapAttrs mkLicense ({
fullName = "BSD 3-Clause Clear License";
};
bsd3Lbnl = {
spdxId = "BSD-3-Clause-LBNL";
fullName = "Lawrence Berkeley National Labs BSD variant license";
};
bsdOriginal = {
spdxId = "BSD-4-Clause";
fullName = ''BSD 4-clause "Original" or "Old" License'';
@@ -895,11 +890,6 @@ lib.mapAttrs mkLicense ({
fullName = "MIT License";
};
mit-cmu = {
spdxId = "MIT-CMU";
fullName = "CMU License";
};
mit-feh = {
spdxId = "MIT-feh";
fullName = "feh License";
@@ -952,11 +942,6 @@ lib.mapAttrs mkLicense ({
url = "https://license.coscl.org.cn/MulanPSL2";
};
naist-2003 = {
spdxId = "NAIST-2003";
fullName = "Nara Institute of Science and Technology License (2003)";
};
nasa13 = {
spdxId = "NASA-1.3";
fullName = "NASA Open Source Agreement 1.3";
@@ -1222,11 +1207,6 @@ lib.mapAttrs mkLicense ({
fullName = "TCL/TK License";
};
tost = {
fullName = "Tomorrow Open Source Technology License 1.0";
url = "https://github.com/PixarAnimationStudios/OpenUSD/blob/release/LICENSE.txt";
};
ucd = {
fullName = "Unicode Character Database License";
url = "https://fedoraproject.org/wiki/Licensing:UCD";
@@ -1305,15 +1285,6 @@ lib.mapAttrs mkLicense ({
watcom = {
spdxId = "Watcom-1.0";
fullName = "Sybase Open Watcom Public License 1.0";
# Despite being OSIapproved, this licence is not considered FOSS
# by Debian, Fedora, or the FSF, due to an onerous restriction that
# requires publication of even privatelydeployed modifications.
# This violates the FSFs freedom 3 and Debians “desert island
# test” and “dissident test”.
#
# See: <https://en.wikipedia.org/wiki/Sybase_Open_Watcom_Public_License>
free = false;
redistributable = true;
};
w3c = {

2
lib/minver.nix
View File

@@ -1,2 +1,2 @@
# Expose the minimum required version for evaluating Nixpkgs
"2.3.17"
"2.3"

7
lib/options.nix
View File

@@ -399,6 +399,13 @@ rec {
literalExample = lib.warn "lib.literalExample is deprecated, use lib.literalExpression instead, or use lib.literalMD for a non-Nix description." literalExpression;
/* Transition marker for documentation that's already migrated to markdown
syntax. Has been a no-op for some while and been removed from nixpkgs.
Kept here to alert downstream users who may not be aware of the migration's
completion that it should be removed from modules.
*/
mdDoc = lib.warn "lib.mdDoc will be removed from nixpkgs in 24.11. Option descriptions are now in Markdown by default; you can remove any remaining uses of lib.mdDoc.";
/* For use in the `defaultText` and `example` option attributes. Causes the
given MD text to be inserted verbatim in the documentation, for when
a `literalExpression` would be too hard to read.

13
lib/systems/architectures.nix
View File

@@ -11,13 +11,12 @@ rec {
x86-64-v3 = [ "sse3" "ssse3" "sse4_1" "sse4_2" "avx" "avx2" "fma" ];
x86-64-v4 = [ "sse3" "ssse3" "sse4_1" "sse4_2" "avx" "avx2" "avx512" "fma" ];
# x86_64 Intel
nehalem = [ "sse3" "ssse3" "sse4_1" "sse4_2" ];
westmere = [ "sse3" "ssse3" "sse4_1" "sse4_2" ];
silvermont = [ "sse3" "ssse3" "sse4_1" "sse4_2" ];
sandybridge = [ "sse3" "ssse3" "sse4_1" "sse4_2" "avx" ];
ivybridge = [ "sse3" "ssse3" "sse4_1" "sse4_2" "avx" ];
haswell = [ "sse3" "ssse3" "sse4_1" "sse4_2" "avx" "avx2" "fma" ];
broadwell = [ "sse3" "ssse3" "sse4_1" "sse4_2" "avx" "avx2" "fma" ];
nehalem = [ "sse3" "ssse3" "sse4_1" "sse4_2" "aes" ];
westmere = [ "sse3" "ssse3" "sse4_1" "sse4_2" "aes" ];
sandybridge = [ "sse3" "ssse3" "sse4_1" "sse4_2" "aes" "avx" ];
ivybridge = [ "sse3" "ssse3" "sse4_1" "sse4_2" "aes" "avx" ];
haswell = [ "sse3" "ssse3" "sse4_1" "sse4_2" "aes" "avx" "avx2" "fma" ];
broadwell = [ "sse3" "ssse3" "sse4_1" "sse4_2" "aes" "avx" "avx2" "fma" ];
skylake = [ "sse3" "ssse3" "sse4_1" "sse4_2" "aes" "avx" "avx2" "fma" ];
skylake-avx512 = [ "sse3" "ssse3" "sse4_1" "sse4_2" "aes" "avx" "avx2" "avx512" "fma" ];
cannonlake = [ "sse3" "ssse3" "sse4_1" "sse4_2" "aes" "avx" "avx2" "avx512" "fma" ];

2
lib/systems/doubles.nix
View File

@@ -55,7 +55,7 @@ let
"wasm64-wasi" "wasm32-wasi"
# Windows
"aarch64-windows" "x86_64-windows" "i686-windows"
"x86_64-windows" "i686-windows"
];
allParsed = map parse.mkSystemFromString all;

10
lib/systems/examples.nix
View File

@@ -320,21 +320,11 @@ rec {
libc = "msvcrt"; # This distinguishes the mingw (non posix) toolchain
};
mingwW64Static = mingwW64 // { isStatic = true; };
ucrt64 = {
config = "x86_64-w64-mingw32";
libc = "ucrt"; # This distinguishes the mingw (non posix) toolchain
};
# LLVM-based mingw-w64 for ARM
ucrtAarch64 = {
config = "aarch64-w64-mingw32";
libc = "ucrt";
rust.rustcTarget = "aarch64-pc-windows-gnullvm";
useLLVM = true;
};
# BSDs
x86_64-freebsd = {

20
lib/tests/misc.nix
View File

@@ -47,7 +47,6 @@ let
evalModules
extends
filter
filterAttrs
fix
fold
foldAttrs
@@ -1103,25 +1102,6 @@ runTests {
};
};
testFilterAttrs = {
expr = filterAttrs (n: v: n != "a" && (v.hello or false) == true) {
a.hello = true;
b.hello = true;
c = {
hello = true;
world = false;
};
d.hello = false;
};
expected = {
b.hello = true;
c = {
hello = true;
world = false;
};
};
};
# code from example
testFoldlAttrs = {
expr = {

16
lib/tests/release.nix
View File

@@ -14,5 +14,19 @@ let
in
pkgs.symlinkJoin {
name = "nixpkgs-lib-tests";
paths = map testWithNix nixVersions;
paths = map testWithNix nixVersions ++
#
# TEMPORARY MIGRATION MECHANISM
#
# This comment and the expression which follows it should be
# removed as part of resolving this issue:
#
# https://github.com/NixOS/nixpkgs/issues/272591
#
[(import ../../pkgs/test/release {
inherit pkgs lib nix;
})]
;
}

2
lib/tests/systems.nix
View File

@@ -60,7 +60,7 @@ lib.runTests (
testlinux = mseteq linux [ "aarch64-linux" "armv5tel-linux" "armv6l-linux" "armv7a-linux" "armv7l-linux" "i686-linux" "loongarch64-linux" "m68k-linux" "microblaze-linux" "microblazeel-linux" "mips-linux" "mips64-linux" "mips64el-linux" "mipsel-linux" "powerpc64-linux" "powerpc64le-linux" "riscv32-linux" "riscv64-linux" "s390-linux" "s390x-linux" "x86_64-linux" ];
testnetbsd = mseteq netbsd [ "aarch64-netbsd" "armv6l-netbsd" "armv7a-netbsd" "armv7l-netbsd" "i686-netbsd" "m68k-netbsd" "mipsel-netbsd" "powerpc-netbsd" "riscv32-netbsd" "riscv64-netbsd" "x86_64-netbsd" ];
testopenbsd = mseteq openbsd [ "i686-openbsd" "x86_64-openbsd" ];
testwindows = mseteq windows [ "i686-cygwin" "x86_64-cygwin" "aarch64-windows" "i686-windows" "x86_64-windows" ];
testwindows = mseteq windows [ "i686-cygwin" "x86_64-cygwin" "i686-windows" "x86_64-windows" ];
testunix = mseteq unix (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos ++ cygwin ++ redox);
})

54
maintainers/README.md
View File

@@ -172,57 +172,3 @@ to the team without an approval by at least one existing member.
Various utility scripts, which are mainly useful for nixpkgs maintainers,
are available under `./scripts/`. See its [README](./scripts/README.md)
for further information.
# nixpkgs-merge-bot
To streamline autoupdates, leverage the nixpkgs-merge-bot by commenting `@NixOS/nixpkgs-merge-bot merge` if the package resides in pkgs-by-name and the commenter is among the package maintainers. The bot ensures that all ofborg checks, except for darwin, are successfully completed before merging the pull request. Should the checks still be underway, the bot patiently waits for ofborg to finish before attempting the merge again.
# Guidelines for Committers
When merging pull requests, care must be taken to reduce impact to the `master`
branch. If a commit breaks evaluation, it will affect Ofborg evaluation results
in other pull requests and block Hydra CI, thus introducing chaos to our
workflow.
One approach to avoid merging such problematic changes is to wait for
successful Ofborg evaluation. Additionally, using tools like
[nixpkgs-review](https://github.com/Mic92/nixpkgs-review) can help spot issues
early, before Ofborg finishes evaluation.
## Breaking changes
In general breaking changes to `master` and `staging` branches are permitted,
as long as they are documented in the release notes. Though restrictions might
apply towards the end of a NixOS release cycle, due to our feature freeze
mechanism. This is to avoid large-scale breakages shortly before and during
a Zero Hydra Failures (ZHF) campaign. These restrictions also intend to
decrease the likelihood of a delayed NixOS release. The feature freeze period
is documented in the announcement of each release schedule.
> These are some example changes and if they are considered a breaking change
> during a freeze period:
>
> - `foo: 1.2.3 -> 1.2.4` - Assuming this package follows semantic versioning
> and none of its dependent packages fail to build because of this change, it
> can be safely merged. Otherwise, if it can be confirmed that there is no
> major change in its functionality or API, but only adding new features or
> fixing bugs, it
> can also be merged.
> - `unmaintained-software: drop` - If this PR removes a leaf package or the
> removal doesn't otherwise break other packages, it can be merged.
> - `cool-tool: rename from fancy-tool` - As long as this PR replaces all
> references to the old attribute name with the new name and adds an alias,
> it can be merged.
> - `libpopular: 4.3.2 -> 5.0.0` - If this PR would trigger many rebuilds
> and/or target `staging`, it should probably be delayed until after the
> freeze-period is over. Alternatively, if this PR is for a popular package
> and doesn't cause many rebuilds, it should also be delayed to reduce risk
> of breakage. If a PR includes important changes, such as security fixes, it
> should be brought up to
> release managers.
> - `nixos/transmission: refactor` - If this PR adjusts the type, default value
> or effect of options in the NixOS module, so that users must rewrite their
> configuration to keep the current behavior unchanged, it should not be
> merged, as we don't have enough time to collect user feedback and avoid
> possible breakage. However, it should be accepted if the current behavior
> is
> considered broken and is fixed by the PR.

718
maintainers/maintainer-list.nix
View File

File diff suppressed because it is too large Load Diff

22
maintainers/scripts/luarocks-packages.csv
View File

@@ -1,16 +1,16 @@
name,rockspec,ref,server,version,luaversion,maintainers
alt-getopt,,,,,,arobyn
ansicolors,,,,,,Freed-Wu
bit32,,,,5.3.0-1,5.1,lblasc
argparse,,,,,,
basexx,,,,,,
binaryheap,,,,,,vcunat
bit32,,,,5.3.0-1,5.1,lblasc
busted,,,,,,
busted-htest,,,,,,mrcjkb
cassowary,,,,,,alerque
cldr,,,,,,alerque
commons.nvim,,,,,,mrcjkb
compat53,,,,,,vcunat
commons.nvim,,,,,,mrcjkb
cosmo,,,,,,
coxpcall,,,,1.17.0-1,,
cqueues,,,,,,vcunat
@@ -50,7 +50,6 @@ lua-cjson,,,,,,
lua-cmsgpack,,,,,,
lua-curl,,,,,,
lua-ffi-zlib,,,,,,
lua-iconv,,,,7.0.0,,
lua-lsp,,,,,,
lua-messagepack,,,,,,
lua-protobuf,,,,,,lockejan
@@ -63,8 +62,6 @@ lua-rtoml,https://raw.githubusercontent.com/lblasc/lua-rtoml/main/lua-rtoml-0.2-
lua-subprocess,https://raw.githubusercontent.com/0x0ade/lua-subprocess/master/subprocess-scm-1.rockspec,,,,5.1,scoder12
lua-term,,,,,,
lua-toml,,,,,,
lua-utils.nvim,,,,,,mrcjkb
lua-yajl,,,,,,pstn
lua-zlib,,,,,,koral
lua_cliargs,,,,,,
luabitop,https://raw.githubusercontent.com/teto/luabitop/master/luabitop-1.0.2-3.rockspec,,,,,
@@ -100,9 +97,12 @@ luaunbound,,,,,,
luaunit,,,,,,lockejan
luautf8,,,,,,pstn
luazip,,,,,,
lush.nvim,,,https://luarocks.org/dev,,,teto
lua-utils.nvim,,,,,,mrcjkb
lua-yajl,,,,,,pstn
lua-iconv,,,,7.0.0,,
luuid,,,,20120509-2,,
luv,,,,1.48.0-2,,
lush.nvim,,,https://luarocks.org/dev,,,teto
lyaml,,,,,,lblasc
lz.n,,,,,,mrcjkb
lze,,,,,,birdee
@@ -112,8 +112,8 @@ markdown,,,,,,
mediator_lua,,,,,,
middleclass,,,,,,
mimetypes,,,,,,
moonscript,https://raw.githubusercontent.com/leafo/moonscript/master/moonscript-dev-1.rockspec,,,,,arobyn
mpack,,,,,,
moonscript,https://raw.githubusercontent.com/leafo/moonscript/master/moonscript-dev-1.rockspec,,,,,arobyn
neorg,,,,,,GaetanLepage
neotest,,,,,,mrcjkb
nlua,,,,,,teto
@@ -126,10 +126,10 @@ plenary.nvim,https://raw.githubusercontent.com/nvim-lua/plenary.nvim/master/plen
psl,,,,0.3,,
rapidjson,,,,,,
rest.nvim,,,,,5.1,teto
rocks.nvim,,,,,,mrcjkb
rocks-git.nvim,,,,,,mrcjkb
rocks-config.nvim,,,,,,mrcjkb
rocks-dev.nvim,,,,,,mrcjkb
rocks-git.nvim,,,,,,mrcjkb
rocks.nvim,,,,,,mrcjkb
rtp.nvim,,,,,,mrcjkb
rustaceanvim,,,,,,mrcjkb
say,,,,,,
@@ -139,10 +139,10 @@ std._debug,,,,,,
std.normalize,,,,,,
stdlib,,,,41.2.2,,vyp
teal-language-server,,,http://luarocks.org/dev,,,
telescope-manix,,,,,,
telescope.nvim,,,,,5.1,
telescope-manix,,,,,,
tiktoken_core,,,,,,natsukium
tl,,,,0.15.3-1,,mephistophiles
tl,,,,,,mephistophiles
toml-edit,,,,,5.1,mrcjkb
tree-sitter-norg,,,,,5.1,mrcjkb
vstruct,,,,,,
1 name rockspec ref server version luaversion maintainers
2 alt-getopt arobyn
3 ansicolors Freed-Wu
4 bit32 5.3.0-1 5.1 lblasc
5 argparse
6 basexx
7 binaryheap vcunat
bit32 5.3.0-1 5.1 lblasc
8 busted
9 busted-htest mrcjkb
10 cassowary alerque
11 cldr alerque
commons.nvim mrcjkb
12 compat53 vcunat
13 commons.nvim mrcjkb
14 cosmo
15 coxpcall 1.17.0-1
16 cqueues vcunat
50 lua-cmsgpack
51 lua-curl
52 lua-ffi-zlib
lua-iconv 7.0.0
53 lua-lsp
54 lua-messagepack
55 lua-protobuf lockejan
62 lua-subprocess https://raw.githubusercontent.com/0x0ade/lua-subprocess/master/subprocess-scm-1.rockspec 5.1 scoder12
63 lua-term
64 lua-toml
lua-utils.nvim mrcjkb
lua-yajl pstn
65 lua-zlib koral
66 lua_cliargs
67 luabitop https://raw.githubusercontent.com/teto/luabitop/master/luabitop-1.0.2-3.rockspec
97 luaunit lockejan
98 luautf8 pstn
99 luazip
100 lush.nvim lua-utils.nvim https://luarocks.org/dev teto mrcjkb
101 lua-yajl pstn
102 lua-iconv 7.0.0
103 luuid 20120509-2
104 luv 1.48.0-2
105 lush.nvim https://luarocks.org/dev teto
106 lyaml lblasc
107 lz.n mrcjkb
108 lze birdee
112 mediator_lua
113 middleclass
114 mimetypes
moonscript https://raw.githubusercontent.com/leafo/moonscript/master/moonscript-dev-1.rockspec arobyn
115 mpack
116 moonscript https://raw.githubusercontent.com/leafo/moonscript/master/moonscript-dev-1.rockspec arobyn
117 neorg GaetanLepage
118 neotest mrcjkb
119 nlua teto
126 psl 0.3
127 rapidjson
128 rest.nvim 5.1 teto
129 rocks.nvim mrcjkb
130 rocks-git.nvim mrcjkb
131 rocks-config.nvim mrcjkb
132 rocks-dev.nvim mrcjkb
rocks-git.nvim mrcjkb
rocks.nvim mrcjkb
133 rtp.nvim mrcjkb
134 rustaceanvim mrcjkb
135 say
139 std.normalize
140 stdlib 41.2.2 vyp
141 teal-language-server http://luarocks.org/dev
telescope-manix
142 telescope.nvim 5.1
143 telescope-manix
144 tiktoken_core natsukium
145 tl 0.15.3-1 mephistophiles
146 toml-edit 5.1 mrcjkb
147 tree-sitter-norg 5.1 mrcjkb
148 vstruct

101
maintainers/scripts/pluginupdate-py/pluginupdate.py
View File

@@ -4,7 +4,7 @@
# - pkgs/development/lua-modules/updater/updater.py
# format:
# $ nix run nixpkgs#ruff maintainers/scripts/pluginupdate.py
# $ nix run nixpkgs#black maintainers/scripts/pluginupdate.py
# type-check:
# $ nix run nixpkgs#python3.pkgs.mypy maintainers/scripts/pluginupdate.py
# linted:
@@ -142,7 +142,7 @@ class Repo:
return loaded
def prefetch(self, ref: Optional[str]) -> str:
log.info("Prefetching %s", self.uri)
print("Prefetching %s", self.uri)
loaded = self._prefetch(ref)
return loaded["sha256"]
@@ -195,7 +195,7 @@ class RepoGitHub(Repo):
xml = req.read()
# Filter out illegal XML characters
illegal_xml_regex = re.compile(b"[\x00-\x08\x0b-\x0c\x0e-\x1f\x7f]")
illegal_xml_regex = re.compile(b"[\x00-\x08\x0B-\x0C\x0E-\x1F\x7F]")
xml = illegal_xml_regex.sub(b"", xml)
root = ET.fromstring(xml)
@@ -256,7 +256,13 @@ class PluginDesc:
@property
def name(self):
return self.alias or self.repo.name
if self.alias is None:
return self.repo.name
else:
return self.alias
def __lt__(self, other):
return self.repo.name < other.repo.name
@staticmethod
def load_from_csv(config: FetchConfig, row: Dict[str, str]) -> "PluginDesc":
@@ -264,12 +270,7 @@ class PluginDesc:
branch = row["branch"]
repo = make_repo(row["repo"], branch.strip())
repo.token = config.github_token
return PluginDesc(
repo,
branch.strip(),
# alias is usually an empty string
row["alias"] if row["alias"] else None,
)
return PluginDesc(repo, branch.strip(), row["alias"])
@staticmethod
def load_from_string(config: FetchConfig, line: str) -> "PluginDesc":
@@ -327,11 +328,12 @@ def load_plugins_from_csv(
return plugins
def run_nix_expr(expr, nixpkgs: str, **args):
"""
'''
:param expr nix expression to fetch current plugins
:param nixpkgs Path towards a nixpkgs checkout
"""
'''
with CleanEnvironment(nixpkgs) as nix_path:
cmd = [
"nix",
@@ -380,14 +382,16 @@ class Editor:
fetch_config = FetchConfig(args.proc, args.github_token)
editor = self
for plugin_line in args.add_plugins:
log.debug("using plugin_line %s", plugin_line)
log.debug("using plugin_line", plugin_line)
pdesc = PluginDesc.load_from_string(fetch_config, plugin_line)
log.debug("loaded as pdesc %s", pdesc)
log.debug("loaded as pdesc", pdesc)
append = [pdesc]
editor.rewrite_input(
fetch_config, args.input_file, editor.deprecated, append=append
)
plugin, _ = prefetch_plugin(pdesc)
plugin, _ = prefetch_plugin(
pdesc,
)
autocommit = not args.no_commit
if autocommit:
commit(
@@ -402,9 +406,9 @@ class Editor:
# Expects arguments generated by 'update' subparser
def update(self, args):
"""CSV spec"""
print("the update member function should be overridden in subclasses")
print("the update member function should be overriden in subclasses")
def get_current_plugins(self, nixpkgs: str) -> List[Plugin]:
def get_current_plugins(self, nixpkgs) -> List[Plugin]:
"""To fill the cache"""
data = run_nix_expr(self.get_plugins, nixpkgs)
plugins = []
@@ -436,7 +440,6 @@ class Editor:
plugins, redirects = check_results(results)
plugins = sorted(plugins, key=lambda v: v[1].normalized_name)
self.generate_nix(plugins, outfile)
return redirects
@@ -556,7 +559,6 @@ class Editor:
parser = self.create_parser()
args = parser.parse_args()
command = args.command or "update"
logging.basicConfig()
log.setLevel(LOG_LEVELS[args.debug])
log.info("Chose to run command: %s", command)
self.nixpkgs = args.nixpkgs
@@ -589,24 +591,25 @@ def prefetch_plugin(
p: PluginDesc,
cache: "Optional[Cache]" = None,
) -> Tuple[Plugin, Optional[Repo]]:
repo, branch, alias = p.repo, p.branch, p.alias
name = alias or p.repo.name
commit = None
log.info(f"Fetching last commit for plugin {p.name} from {p.repo.uri}@{p.branch}")
commit, date = p.repo.latest_commit()
log.info(f"Fetching last commit for plugin {name} from {repo.uri}@{branch}")
commit, date = repo.latest_commit()
cached_plugin = cache[commit] if cache else None
if cached_plugin is not None:
log.debug(f"Cache hit for {p.name}!")
cached_plugin.name = p.name
log.debug("Cache hit !")
cached_plugin.name = name
cached_plugin.date = date
return cached_plugin, p.repo.redirect
return cached_plugin, repo.redirect
has_submodules = p.repo.has_submodules()
log.debug(f"prefetch {p.name}")
sha256 = p.repo.prefetch(commit)
has_submodules = repo.has_submodules()
log.debug(f"prefetch {name}")
sha256 = repo.prefetch(commit)
return (
Plugin(p.name, commit, has_submodules, sha256, date=date),
p.repo.redirect,
Plugin(name, commit, has_submodules, sha256, date=date),
repo.redirect,
)
@@ -621,7 +624,7 @@ def print_download_error(plugin: PluginDesc, ex: Exception):
def check_results(
results: List[Tuple[PluginDesc, Union[Exception, Plugin], Optional[Repo]]],
results: List[Tuple[PluginDesc, Union[Exception, Plugin], Optional[Repo]]]
) -> Tuple[List[Tuple[PluginDesc, Plugin]], Redirects]:
""" """
failures: List[Tuple[PluginDesc, Exception]] = []
@@ -639,9 +642,10 @@ def check_results(
print(f"{len(results) - len(failures)} plugins were checked", end="")
if len(failures) == 0:
print()
return plugins, redirects
else:
log.error(f", {len(failures)} plugin(s) could not be downloaded:\n")
print(f", {len(failures)} plugin(s) could not be downloaded:\n")
for plugin, exception in failures:
print_download_error(plugin, exception)
@@ -734,7 +738,10 @@ def rewrite_input(
append: List[PluginDesc] = [],
):
log.info("Rewriting input file %s", input_file)
plugins = load_plugins_from_csv(config, input_file)
plugins = load_plugins_from_csv(
config,
input_file,
)
plugins.extend(append)
@@ -746,25 +753,15 @@ def rewrite_input(
deprecations = json.load(f)
# TODO parallelize this step
for pdesc, new_repo in redirects.items():
log.info("Resolving deprecated plugin %s -> %s", pdesc.name, new_repo.name)
log.info("Rewriting input file %s", input_file)
new_pdesc = PluginDesc(new_repo, pdesc.branch, pdesc.alias)
old_plugin, _ = prefetch_plugin(pdesc)
new_plugin, _ = prefetch_plugin(new_pdesc)
if old_plugin.normalized_name != new_plugin.normalized_name:
deprecations[old_plugin.normalized_name] = {
"new": new_plugin.normalized_name,
"date": cur_date_iso,
}
# remove plugin from index file, so we won't add it to deprecations again
for i, plugin in enumerate(plugins):
if plugin.name == pdesc.name:
plugins.pop(i)
break
plugins.append(new_pdesc)
with open(deprecated, "w") as f:
json.dump(deprecations, f, indent=4, sort_keys=True)
f.write("\n")
@@ -775,7 +772,7 @@ def rewrite_input(
fieldnames = ["repo", "branch", "alias"]
writer = csv.DictWriter(f, fieldnames, dialect="unix", quoting=csv.QUOTE_NONE)
writer.writeheader()
for plugin in sorted(plugins, key=lambda x: x.name):
for plugin in sorted(plugins):
writer.writerow(asdict(plugin))
@@ -795,11 +792,9 @@ def update_plugins(editor: Editor, args):
log.info("Start updating plugins")
if args.proc > 1 and args.github_token == None:
log.warning(
"You have enabled parallel updates but haven't set a github token.\n"
"You may be hit with `HTTP Error 429: too many requests` as a consequence."
"Either set --proc=1 or --github-token=YOUR_TOKEN. "
)
log.warning("You have enabled parallel updates but haven't set a github token.\n"
"You may be hit with `HTTP Error 429: too many requests` as a consequence."
"Either set --proc=1 or --github-token=YOUR_TOKEN. ")
fetch_config = FetchConfig(args.proc, args.github_token)
update = editor.get_update(args.input_file, args.outfile, fetch_config)
@@ -815,9 +810,11 @@ def update_plugins(editor: Editor, args):
if autocommit:
try:
repo = git.Repo(os.getcwd())
updated = datetime.now(tz=UTC).strftime("%Y-%m-%d")
updated = datetime.now(tz=UTC).strftime('%Y-%m-%d')
print(args.outfile)
commit(repo, f"{editor.attr_path}: update on {updated}", [args.outfile])
commit(repo,
f"{editor.attr_path}: update on {updated}", [args.outfile]
)
except git.InvalidGitRepositoryError as e:
print(f"Not in a git repository: {e}", file=sys.stderr)
sys.exit(1)

6
maintainers/scripts/rebuild-amount.sh
View File

@@ -81,13 +81,11 @@ newPkgs() {
# could eat too much memory for a standard 4GiB machine.
local -a list
for i in 1 2; do
local l
l="$($MKTEMP)"
local l="$($MKTEMP)"
list[$i]="$l"
toRemove+=("$l")
local expr
expr="$($MKTEMP)"
local expr="$($MKTEMP)"
toRemove+=("$expr")
nixexpr "${!i}" > "$expr"

75
maintainers/scripts/update-dotnet-lockfiles.nix
View File

@@ -8,12 +8,69 @@
to 'fetch-deps', 'nuget-to-nix', or other changes to the dotnet build
infrastructure. Regular updates should be done through the individual packages
update scripts.
*/
{ ... }@args:
import ./update.nix (
{
predicate = _: _: true;
get-script = pkg: pkg.fetch-deps or null;
}
// args
)
*/
{ startWith ? null }:
let
pkgs = import ../.. { config.allowAliases = false; };
inherit (pkgs) lib;
packagesWith = cond: pkgs:
let
packagesWithInner = attrs:
lib.concatLists (
lib.mapAttrsToList (name: elem:
let
result = builtins.tryEval elem;
in
if result.success then
let
value = result.value;
in
if lib.isDerivation value then
lib.optional (cond value) value
else
if lib.isAttrs value && (value.recurseForDerivations or false || value.recurseForRelease or false) then
packagesWithInner value
else []
else []) attrs);
in
packagesWithInner pkgs;
packages = lib.unique
(lib.filter (p:
(builtins.tryEval p.outPath).success ||
builtins.trace "warning: skipping ${p.name} because it failed to evaluate" false)
((pkgs: (lib.drop (lib.lists.findFirstIndex (p: p.name == startWith) 0 pkgs) pkgs))
(packagesWith (p: p ? fetch-deps) pkgs)));
helpText = ''
Please run:
% nix-shell maintainers/scripts/update-dotnet-lockfiles.nix
'';
fetchScripts = map (p: p.fetch-deps) packages;
in pkgs.stdenv.mkDerivation {
name = "nixpkgs-update-dotnet-lockfiles";
buildCommand = ''
echo ""
echo "----------------------------------------------------------------"
echo ""
echo "Not possible to update packages using \`nix-build\`"
echo ""
echo "${helpText}"
echo "----------------------------------------------------------------"
exit 1
'';
shellHook = ''
unset shellHook # do not contaminate nested shells
set -e
for x in $fetchScripts; do
$x
done
exit
'';
inherit fetchScripts;
}

22
maintainers/scripts/update.nix
View File

@@ -8,7 +8,6 @@
{ package ? null
, maintainer ? null
, predicate ? null
, get-script ? pkg: pkg.updateScript or null
, path ? null
, max-workers ? null
, include-overlays ? false
@@ -18,13 +17,13 @@
}:
let
pkgs = import ./../../default.nix ((
pkgs = import ./../../default.nix (
if include-overlays == false then
{ overlays = []; }
else if include-overlays == true then
{ } # Let Nixpkgs include overlays impurely.
else { overlays = include-overlays; }
) // { config.allowAliases = false; });
);
inherit (pkgs) lib;
@@ -57,7 +56,7 @@ let
somewhatUniqueRepresentant =
{ package, attrPath }: {
updateScript = (get-script package);
inherit (package) updateScript;
# Some updaters use the same `updateScript` value for all packages.
# Also compare `meta.description`.
position = package.meta.position or null;
@@ -90,7 +89,7 @@ let
/* Recursively find all packages in `pkgs` with updateScript matching given predicate.
*/
packagesWithUpdateScriptMatchingPredicate = cond:
packagesWith (path: pkg: (get-script pkg != null) && cond path pkg);
packagesWith (path: pkg: builtins.hasAttr "updateScript" pkg && cond path pkg);
/* Recursively find all packages in `pkgs` with updateScript by given maintainer.
*/
@@ -122,7 +121,7 @@ let
if pathContent == null then
builtins.throw "Attribute path `${path}` does not exist."
else
packagesWithPath prefix (path: pkg: (get-script pkg != null))
packagesWithPath prefix (path: pkg: builtins.hasAttr "updateScript" pkg)
pathContent;
/* Find a package under `path` in `pkgs` and require that it has an updateScript.
@@ -133,7 +132,7 @@ let
in
if package == null then
builtins.throw "Package with an attribute name `${path}` does not exist."
else if get-script package == null then
else if ! builtins.hasAttr "updateScript" package then
builtins.throw "Package with an attribute name `${path}` does not have a `passthru.updateScript` attribute defined."
else
{ attrPath = path; inherit package; };
@@ -194,13 +193,13 @@ let
/* Transform a matched package into an object for update.py.
*/
packageData = { package, attrPath }: let updateScript = get-script package; in {
packageData = { package, attrPath }: {
name = package.name;
pname = lib.getName package;
oldVersion = lib.getVersion package;
updateScript = map builtins.toString (lib.toList (updateScript.command or updateScript));
supportedFeatures = updateScript.supportedFeatures or [];
attrPath = updateScript.attrPath or attrPath;
updateScript = map builtins.toString (lib.toList (package.updateScript.command or package.updateScript));
supportedFeatures = package.updateScript.supportedFeatures or [];
attrPath = package.updateScript.attrPath or attrPath;
};
/* JSON file with data for update.py.
@@ -231,5 +230,4 @@ in pkgs.stdenv.mkDerivation {
unset shellHook # do not contaminate nested shells
exec ${pkgs.python3.interpreter} ${./update.py} ${builtins.concatStringsSep " " args}
'';
nativeBuildInputs = [ pkgs.git pkgs.nix pkgs.cacert ];
}

48
maintainers/team-list.nix
View File

@@ -194,13 +194,9 @@ with lib.maintainers;
};
darwin = {
members = [
emily
reckenrode
toonn
];
githubTeams = [ "darwin-core" ];
scope = "Maintain core platform support and packages for macOS and other Apple platforms.";
members = [ toonn ];
githubTeams = [ "darwin-maintainers" ];
scope = "Maintain Darwin compatibility of packages and Darwin-only packages.";
shortName = "Darwin";
enableFeatureFreezePing = true;
};
@@ -449,6 +445,7 @@ with lib.maintainers;
haskell = {
members = [
cdepillabout
expipiplus1
maralorn
ncfavier
sternenseemann
@@ -464,7 +461,6 @@ with lib.maintainers;
members = [
das_j
conni2461
helsinki-Jo
];
scope = "Group registration for packages maintained by Helsinki Systems";
shortName = "Helsinki Systems employees";
@@ -497,19 +493,6 @@ with lib.maintainers;
shortName = "Input-Output Global employees";
};
java = {
githubTeams = [ "java" ];
members = [
chayleaf
fliegendewurst
infinidoge
tomodachi94
];
shortName = "Java";
scope = "Maintainers of the Nixpkgs Java ecosystem (JDK, JVM, Java, Gradle, Maven, Ant, and adjacent projects)";
enableFeatureFreezePing = true;
};
jitsi = {
members = [
cleeyv
@@ -858,14 +841,9 @@ with lib.maintainers;
};
postgres = {
members = [
thoughtpolice
ma27
wolfgangwalther
];
members = [ thoughtpolice ];
scope = "Maintain the PostgreSQL package and plugins along with the NixOS module.";
shortName = "PostgreSQL";
enableFeatureFreezePing = true;
};
python = {
@@ -985,21 +963,6 @@ with lib.maintainers;
shortName = "Serokell employees";
};
stdenv = {
members = [
artturin
emily
ericson2314
philiptaron
reckenrode
RossComputerGuy
];
scope = "Maintain the standard environment and its surrounding logic.";
shortName = "stdenv";
enableFeatureFreezePing = true;
githubTeams = [ "stdenv" ];
};
steam = {
members = [
atemu
@@ -1076,6 +1039,7 @@ with lib.maintainers;
members = [
hehongbo
lach
rane
sigmasquadron
];
scope = "Maintain the Xen Project Hypervisor and the related tooling ecosystem.";

22
nixos/doc/manual/configuration/adding-custom-packages.section.md
View File

@@ -90,30 +90,16 @@ Hello, world!
Most pre-built executables will not work on NixOS. There are two notable
exceptions: flatpaks and AppImages. For flatpaks see the [dedicated
section](#module-services-flatpak). AppImages can run "as-is" on NixOS.
First you need to enable AppImage support: add to `/etc/nixos/configuration.nix`
section](#module-services-flatpak). AppImages will not run "as-is" on NixOS.
First you need to install `appimage-run`: add to `/etc/nixos/configuration.nix`
```nix
{
programs.appimage.enable = true;
programs.appimage.binfmt = true;
environment.systemPackages = [ pkgs.appimage-run ];
}
```
Then you can run the AppImage "as-is" or with `appimage-run foo.appimage`.
If there are shared libraries missing add them with
```nix
{
programs.appimage.package = pkgs.appimage-run.override {
extraPkgs = pkgs: [
# missing libraries here, e.g.: `pkgs.libepoxy`
];
}
}
```
Then instead of running the AppImage "as-is", run `appimage-run foo.appimage`.
To make other pre-built executables work on NixOS, you need to package them
with Nix and special helpers like `autoPatchelfHook` or `buildFHSEnv`. See

Some files were not shown because too many files have changed in this diff Show More