From cc0e679aafec63a998010143d0c8b9c043f1e0f0 Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Thu, 26 Sep 2024 16:20:28 +0200 Subject: [PATCH 01/39] maintainers/team-list: add ngi team --- maintainers/team-list.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/maintainers/team-list.nix b/maintainers/team-list.nix index e75a2850f2dc..919edbd7d7b4 100644 --- a/maintainers/team-list.nix +++ b/maintainers/team-list.nix @@ -745,6 +745,16 @@ with lib.maintainers; enableFeatureFreezePing = true; }; + ngi = { + members = [ + eljamm + fricklerhandwerk + wegank + ]; + scope = "Maintain NGI-supported software."; + shortName = "NGI"; + }; + node = { members = [ winter ]; scope = "Maintain Node.js runtimes and build tooling."; From 0303ea1f2e77478a9c36935c3a5809ff2ef22a22 Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Thu, 26 Sep 2024 16:24:45 +0200 Subject: [PATCH 02/39] naja, omnom, taler-depolymerization, taler-wallet-core: update maintainers --- pkgs/by-name/na/naja/package.nix | 4 +--- pkgs/by-name/om/omnom/package.nix | 4 +--- pkgs/by-name/ta/taler-depolymerization/package.nix | 4 +--- pkgs/by-name/ta/taler-wallet-core/package.nix | 4 +--- 4 files changed, 4 insertions(+), 12 deletions(-) diff --git a/pkgs/by-name/na/naja/package.nix b/pkgs/by-name/na/naja/package.nix index a342c091f708..261de178ff20 100644 --- a/pkgs/by-name/na/naja/package.nix +++ b/pkgs/by-name/na/naja/package.nix @@ -66,9 +66,7 @@ stdenv.mkDerivation { description = "Structural Netlist API (and more) for EDA post synthesis flow development"; homepage = "https://github.com/najaeda/naja"; license = lib.licenses.asl20; - maintainers = [ - # maintained by the team working on NGI-supported software, no group for this yet - ]; + maintainers = lib.teams.ngi.members; mainProgram = "naja_edit"; platforms = lib.platforms.all; }; diff --git a/pkgs/by-name/om/omnom/package.nix b/pkgs/by-name/om/omnom/package.nix index 20660906a712..6d89e3005b4d 100644 --- a/pkgs/by-name/om/omnom/package.nix +++ b/pkgs/by-name/om/omnom/package.nix @@ -52,9 +52,7 @@ buildGoModule { description = "A webpage bookmarking and snapshotting service"; homepage = "https://github.com/asciimoo/omnom"; license = lib.licenses.agpl3Only; - maintainers = [ - # maintained by the team working on NGI-supported software, no group for this yet - ]; + maintainers = lib.teams.ngi.members; mainProgram = "omnom"; }; } diff --git a/pkgs/by-name/ta/taler-depolymerization/package.nix b/pkgs/by-name/ta/taler-depolymerization/package.nix index d61478b32583..1189a6eebcaa 100644 --- a/pkgs/by-name/ta/taler-depolymerization/package.nix +++ b/pkgs/by-name/ta/taler-depolymerization/package.nix @@ -48,8 +48,6 @@ rustPlatform.buildRustPackage { description = "Wire gateway for Bitcoin/Ethereum"; homepage = "https://git.taler.net/depolymerization.git/"; license = lib.licenses.agpl3Only; - maintainers = [ - # maintained by the team working on NGI-supported software, no group for this yet - ]; + maintainers = lib.teams.ngi.members; }; } diff --git a/pkgs/by-name/ta/taler-wallet-core/package.nix b/pkgs/by-name/ta/taler-wallet-core/package.nix index 944c0afc177e..fac494785855 100644 --- a/pkgs/by-name/ta/taler-wallet-core/package.nix +++ b/pkgs/by-name/ta/taler-wallet-core/package.nix @@ -101,9 +101,7 @@ stdenv.mkDerivation (finalAttrs: { homepage = "https://git.taler.net/wallet-core.git/"; description = "CLI wallet for GNU Taler written in TypeScript and Anastasis Web UI"; license = lib.licenses.gpl3Plus; - maintainers = [ - # maintained by the team working on NGI-supported software, no group for this yet - ]; + maintainers = lib.teams.ngi.members; platforms = lib.platforms.linux; mainProgram = "taler-wallet-cli"; }; From f0ad87bdd7adeccb8a73ebfb310d5a566ef07a8c Mon Sep 17 00:00:00 2001 From: Peder Bergebakken Sundt Date: Fri, 4 Oct 2024 15:11:13 +0200 Subject: [PATCH 03/39] nixos/resilio: add package option --- nixos/modules/services/networking/resilio.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/modules/services/networking/resilio.nix b/nixos/modules/services/networking/resilio.nix index 02773d78b132..f9c682f168b7 100644 --- a/nixos/modules/services/networking/resilio.nix +++ b/nixos/modules/services/networking/resilio.nix @@ -5,8 +5,6 @@ with lib; let cfg = config.services.resilio; - resilioSync = pkgs.resilio-sync; - sharedFoldersRecord = map (entry: { dir = entry.directory; @@ -83,6 +81,8 @@ in ''; }; + package = mkPackageOption pkgs "resilio-sync" { }; + deviceName = mkOption { type = types.str; example = "Voltron"; @@ -285,7 +285,7 @@ in RuntimeDirectory = "rslsync"; ExecStartPre = "${createConfig}/bin/create-resilio-config"; ExecStart = '' - ${resilioSync}/bin/rslsync --nodaemon --config ${runConfigPath} + ${lib.getExe cfg.package} --nodaemon --config ${runConfigPath} ''; }; }; From 42f5ecde9d8e2fd4d072b648b885087a267029cc Mon Sep 17 00:00:00 2001 From: James Atkins Date: Sun, 6 Oct 2024 16:52:42 -0500 Subject: [PATCH 04/39] nixos/networkd: support systemd-creds in WireGuard systemd 256 supports network.wireguard.* credentials (https://github.com/systemd/systemd/pull/30826). Check whether PrivateKey / PresharedKey starts with an @, if so it is a credential. --- nixos/lib/systemd-lib.nix | 5 +++++ nixos/modules/system/boot/networkd.nix | 18 ++++++++++++------ 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/nixos/lib/systemd-lib.nix b/nixos/lib/systemd-lib.nix index fedd85f09b80..886bbd301db6 100644 --- a/nixos/lib/systemd-lib.nix +++ b/nixos/lib/systemd-lib.nix @@ -17,6 +17,7 @@ let filterAttrs flatten flip + hasPrefix head isInt isFloat @@ -196,6 +197,10 @@ in rec { optional (attr ? ${name}) "Systemd ${group} field `${name}' has been removed. See ${see}"; + assertKeyIsSystemdCredential = name: group: attr: + optional (attr ? ${name} && !(hasPrefix "@" attr.${name})) + "Systemd ${group} field `${name}' is not a systemd credential"; + checkUnitConfig = group: checks: attrs: let # We're applied at the top-level type (attrsOf unitOption), so the actual # unit options might contain attributes from mkOverride and mkIf that we need to diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 94a5de7e2bd4..c56a5b3bfdfa 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -411,11 +411,14 @@ let (assertValueOneOf "Layer2SpecificHeader" [ "none" "default" ]) ]; - # NOTE The PrivateKey directive is missing on purpose here, please - # do not add it to this list. The nix store is world-readable let's - # refrain ourselves from providing a footgun. + # NOTE Check whether the key starts with an @, in which case it is + # interpreted as the name of the credential from which the actual key + # shall be read by systemd-creds. + # Do not remove this check as the nix store is world-readable. sectionWireGuard = checkUnitConfig "WireGuard" [ + (assertKeyIsSystemdCredential "PrivateKey") (assertOnlyFields [ + "PrivateKey" "PrivateKeyFile" "ListenPort" "FirewallMark" @@ -426,12 +429,15 @@ let (assertRange "FirewallMark" 1 4294967295) ]; - # NOTE The PresharedKey directive is missing on purpose here, please - # do not add it to this list. The nix store is world-readable,let's - # refrain ourselves from providing a footgun. + # NOTE Check whether the key starts with an @, in which case it is + # interpreted as the name of the credential from which the actual key + # shall be read by systemd-creds. + # Do not remove this check as the nix store is world-readable. sectionWireGuardPeer = checkUnitConfigWithLegacyKey "wireguardPeerConfig" "WireGuardPeer" [ + (assertKeyIsSystemdCredential "PresharedKey") (assertOnlyFields [ "PublicKey" + "PresharedKey" "PresharedKeyFile" "AllowedIPs" "Endpoint" From 68483a7bad84d74cb60c527cc023e52e73293f8f Mon Sep 17 00:00:00 2001 From: James Atkins Date: Sun, 6 Oct 2024 22:27:21 -0500 Subject: [PATCH 05/39] nixos/networkd: test systemd-creds in WireGuard --- nixos/tests/systemd-networkd.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/nixos/tests/systemd-networkd.nix b/nixos/tests/systemd-networkd.nix index a595fb9cba4a..34272f9b0411 100644 --- a/nixos/tests/systemd-networkd.nix +++ b/nixos/tests/systemd-networkd.nix @@ -1,4 +1,4 @@ -let generateNodeConf = { lib, pkgs, config, privk, pubk, peerId, nodeId, ...}: { +let generateNodeConf = { lib, pkgs, config, privk, pubk, systemdCreds, peerId, nodeId, ...}: { imports = [ common/user-account.nix ]; systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; networking.useNetworkd = true; @@ -6,6 +6,7 @@ let generateNodeConf = { lib, pkgs, config, privk, pubk, peerId, nodeId, ...}: { networking.firewall.enable = false; virtualisation.vlans = [ 1 ]; environment.systemPackages = with pkgs; [ wireguard-tools ]; + environment.etc."credstore/network.wireguard.private" = lib.mkIf systemdCreds { text = privk; }; systemd.network = { enable = true; config = { @@ -15,11 +16,14 @@ let generateNodeConf = { lib, pkgs, config, privk, pubk, peerId, nodeId, ...}: { "90-wg0" = { netdevConfig = { Kind = "wireguard"; Name = "wg0"; }; wireguardConfig = { + # Test storing wireguard private key using systemd credentials. + PrivateKey = lib.mkIf systemdCreds "@network.wireguard.private"; + # NOTE: we're storing the wireguard private key in the # store for this test. Do not do this in the real # world. Keep in mind the nix store is # world-readable. - PrivateKeyFile = pkgs.writeText "wg0-priv" privk; + PrivateKeyFile = lib.mkIf (!systemdCreds) (pkgs.writeText "wg0-priv" privk); ListenPort = 51820; FirewallMark = 42; }; @@ -74,6 +78,7 @@ in import ./make-test-python.nix ({pkgs, ... }: { let localConf = { privk = "GDiXWlMQKb379XthwX0haAbK6hTdjblllpjGX0heP00="; pubk = "iRxpqj42nnY0Qz8MAQbSm7bXxXP5hkPqWYIULmvW+EE="; + systemdCreds = false; nodeId = "1"; peerId = "2"; }; @@ -83,6 +88,7 @@ in import ./make-test-python.nix ({pkgs, ... }: { let localConf = { privk = "eHxSI2jwX/P4AOI0r8YppPw0+4NZnjOxfbS5mt06K2k="; pubk = "27s0OvaBBdHoJYkH9osZpjpgSOVNw+RaKfboT/Sfq0g="; + systemdCreds = true; nodeId = "2"; peerId = "1"; }; From 6290926feddb4a960614fc56ebf649c8bea1de39 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Tue, 8 Oct 2024 20:23:52 +0200 Subject: [PATCH 06/39] nixos/freshrss: fix phpfpm.pool --- nixos/modules/services/web-apps/freshrss.nix | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/nixos/modules/services/web-apps/freshrss.nix b/nixos/modules/services/web-apps/freshrss.nix index 9a6556676597..8150f20c2a47 100644 --- a/nixos/modules/services/web-apps/freshrss.nix +++ b/nixos/modules/services/web-apps/freshrss.nix @@ -4,8 +4,6 @@ with lib; let cfg = config.services.freshrss; - poolName = "freshrss"; - extension-env = pkgs.buildEnv { name = "freshrss-extensions"; paths = cfg.extensions; @@ -141,8 +139,8 @@ in }; pool = mkOption { - type = types.str; - default = poolName; + type = types.nullOr types.str; + default = "freshrss"; description = '' Name of the php-fpm pool to use and setup. If not specified, a pool will be created with default values. @@ -235,8 +233,8 @@ in }; # Set up phpfpm pool - services.phpfpm.pools = mkIf (cfg.pool == poolName) { - ${poolName} = { + services.phpfpm.pools = mkIf (cfg.pool != null) { + ${cfg.pool} = { user = "freshrss"; settings = { "listen.owner" = "nginx"; From 3b34229a4940f2457902ed884af16955044eee7b Mon Sep 17 00:00:00 2001 From: Dmitry Voronin Date: Thu, 10 Oct 2024 23:57:10 +0300 Subject: [PATCH 07/39] maintainers: add voronind --- maintainers/maintainer-list.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 5b2f39708c7e..303025f24bed 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -22608,6 +22608,13 @@ githubId = 144771550; name = "Luca Uricariu"; }; + voronind = { + email = "hi@voronind.com"; + name = "Dmitry Voronin"; + github = "voronind-com"; + githubId = 22127600; + keys = [ { fingerprint = "3241 FDAD 82A7 E22D 4279 F405 913F 3267 9278 2E1C"; } ]; + }; votava = { email = "votava@gmail.com"; github = "janvotava"; From d4ae06c73b6aa26926cb52adeda5479472f4a8c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Fri, 11 Oct 2024 13:23:36 -0700 Subject: [PATCH 08/39] nixos/headscale: assert that server_url does not contain base_domain --- nixos/modules/services/networking/headscale.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/nixos/modules/services/networking/headscale.nix b/nixos/modules/services/networking/headscale.nix index 622a13fe7b61..c2e616d30e87 100644 --- a/nixos/modules/services/networking/headscale.nix +++ b/nixos/modules/services/networking/headscale.nix @@ -500,6 +500,15 @@ in { ]; config = lib.mkIf cfg.enable { + assertions = [ + { + # This is stricter than it needs to be but is exactly what upstream does: + # https://github.com/kradalby/headscale/blob/adc084f20f843d7963c999764fa83939668d2d2c/hscontrol/types/config.go#L799 + assertion = with cfg.settings; dns.use_username_in_magic_dns or false || dns.base_domain == "" || !lib.hasInfix dns.base_domain server_url; + message = "server_url cannot contain the base_domain, this will cause the headscale server and embedded DERP to become unreachable from the Tailscale node."; + } + ]; + services.headscale.settings = lib.mkMerge [ cliConfig { From 0999280297aa4440114e0b4f61359105e01842a4 Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Sat, 12 Oct 2024 01:14:18 +0200 Subject: [PATCH 09/39] amd-blis: 4.2 -> 5.0 --- pkgs/development/libraries/science/math/amd-blis/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/science/math/amd-blis/default.nix b/pkgs/development/libraries/science/math/amd-blis/default.nix index 17838ab37390..8c71a072c895 100644 --- a/pkgs/development/libraries/science/math/amd-blis/default.nix +++ b/pkgs/development/libraries/science/math/amd-blis/default.nix @@ -21,13 +21,13 @@ let in stdenv.mkDerivation rec { pname = "amd-blis"; - version = "4.2"; + version = "5.0"; src = fetchFromGitHub { owner = "amd"; repo = "blis"; rev = version; - hash = "sha256-mLigzaA2S7qFCQT8UWC6bHWAvBjgpqvtgabPyFWBYT0="; + hash = "sha256-E6JmV4W0plFJfOAPK1Vn7qkmFalwl6OjqSpxYnhAPmw="; }; inherit blas64; From dfb0f00fc95e4f94ccab732224300d6cfe6980a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Fri, 11 Oct 2024 13:58:20 -0700 Subject: [PATCH 10/39] nixos/headscale: don't set deprecated options in config We cannot use `mkRenamedOptionModule` or `mkRemovedOptionModule` inside a freeform option. Thus we have to manually assert these deprecated options aren't used rather than aliasing them to their replacement. --- .../modules/services/networking/headscale.nix | 31 ++++++++++--------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/nixos/modules/services/networking/headscale.nix b/nixos/modules/services/networking/headscale.nix index c2e616d30e87..fd2fd8dbede9 100644 --- a/nixos/modules/services/networking/headscale.nix +++ b/nixos/modules/services/networking/headscale.nix @@ -20,6 +20,11 @@ settingsFormat = pkgs.formats.yaml {}; configFile = settingsFormat.generate "headscale.yaml" cfg.settings; cliConfigFile = settingsFormat.generate "headscale.yaml" cliConfig; + + assertRemovedOption = option: message: { + assertion = !lib.hasAttrByPath option cfg; + message = "The option `services.headscale.${lib.options.showOption option}` was removed. " + message; + }; in { options = { services.headscale = { @@ -82,21 +87,6 @@ in { type = lib.types.submodule { freeformType = settingsFormat.type; - imports = with lib; [ - (mkAliasOptionModule ["acl_policy_path"] ["policy" "path"]) - (mkAliasOptionModule ["db_host"] ["database" "postgres" "host"]) - (mkAliasOptionModule ["db_name"] ["database" "postgres" "name"]) - (mkAliasOptionModule ["db_password_file"] ["database" "postgres" "password_file"]) - (mkAliasOptionModule ["db_path"] ["database" "sqlite" "path"]) - (mkAliasOptionModule ["db_port"] ["database" "postgres" "port"]) - (mkAliasOptionModule ["db_type"] ["database" "type"]) - (mkAliasOptionModule ["db_user"] ["database" "postgres" "user"]) - (mkAliasOptionModule ["dns_config" "base_domain"] ["dns" "base_domain"]) - (mkAliasOptionModule ["dns_config" "domains"] ["dns" "search_domains"]) - (mkAliasOptionModule ["dns_config" "magic_dns"] ["dns" "magic_dns"]) - (mkAliasOptionModule ["dns_config" "nameservers"] ["dns" "nameservers" "global"]) - ]; - options = { server_url = lib.mkOption { type = lib.types.str; @@ -507,6 +497,17 @@ in { assertion = with cfg.settings; dns.use_username_in_magic_dns or false || dns.base_domain == "" || !lib.hasInfix dns.base_domain server_url; message = "server_url cannot contain the base_domain, this will cause the headscale server and embedded DERP to become unreachable from the Tailscale node."; } + (assertRemovedOption ["settings" "acl_policy_path"] "Use `policy.path` instead.") + (assertRemovedOption ["settings" "db_host"] "Use `database.postgres.host` instead.") + (assertRemovedOption ["settings" "db_name"] "Use `database.postgres.name` instead.") + (assertRemovedOption ["settings" "db_password_file"] "Use `database.postgres.password_file` instead.") + (assertRemovedOption ["settings" "db_path"] "Use `database.sqlite.path` instead.") + (assertRemovedOption ["settings" "db_port"] "Use `database.postgres.port` instead.") + (assertRemovedOption ["settings" "db_type"] "Use `database.type` instead.") + (assertRemovedOption ["settings" "db_user"] "Use `database.postgres.user` instead.") + (assertRemovedOption ["settings" "dns_config"] "Use `dns` instead.") + (assertRemovedOption ["settings" "dns_config" "domains"] "Use `dns.search_domains` instead.") + (assertRemovedOption ["settings" "dns_config" "nameservers"] "Use `dns.nameservers.global` instead.") ]; services.headscale.settings = lib.mkMerge [ From b5cb8fb063065d7c6ddaacc33f28d2cf5e0049cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Fri, 11 Oct 2024 20:10:31 -0700 Subject: [PATCH 11/39] nixos/tests/headscale: set dns.base_domain Otherwise the test fails with dns.base_domain must be set when using MagicDNS --- nixos/tests/headscale.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/tests/headscale.nix b/nixos/tests/headscale.nix index 80188b65dbfc..15f7c7be2ae5 100644 --- a/nixos/tests/headscale.nix +++ b/nixos/tests/headscale.nix @@ -38,6 +38,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: region_id = 999; stun_listen_addr = "0.0.0.0:${toString stunPort}"; }; + dns.base_domain = "tailnet"; }; }; nginx = { @@ -77,6 +78,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: # Check that they are reachable from the tailnet peer1.wait_until_succeeds("tailscale ping peer2") - peer2.wait_until_succeeds("tailscale ping peer1") + peer2.wait_until_succeeds("tailscale ping peer1.tailnet") ''; }) From 0673e982484e96fe1dbf29ff5c698ddd038dcde7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Fri, 11 Oct 2024 20:17:15 -0700 Subject: [PATCH 12/39] nixos/headscale: update option descriptions --- nixos/modules/services/networking/headscale.nix | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/networking/headscale.nix b/nixos/modules/services/networking/headscale.nix index fd2fd8dbede9..aac6d331a027 100644 --- a/nixos/modules/services/networking/headscale.nix +++ b/nixos/modules/services/networking/headscale.nix @@ -289,7 +289,6 @@ in { default = true; description = '' Whether to use [MagicDNS](https://tailscale.com/kb/1081/magicdns/). - Only works if there is at least a nameserver defined. ''; example = false; }; @@ -299,11 +298,13 @@ in { default = ""; description = '' Defines the base domain to create the hostnames for MagicDNS. - {option}`baseDomain` must be a FQDNs, without the trailing dot. - The FQDN of the hosts will be - `hostname.namespace.base_domain` (e.g. - `myhost.mynamespace.example.com`). + This domain must be different from the {option}`server_url` + domain. + {option}`base_domain` must be a FQDN, without the trailing dot. + The FQDN of the hosts will be `hostname.base_domain` (e.g. + `myhost.tailnet.example.com`). ''; + example = "tailnet.example.com"; }; nameservers = { From d85616fd4c738083a153a6d8b75f6b90f5b6698f Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Sat, 12 Oct 2024 11:21:38 +0200 Subject: [PATCH 13/39] amd-blis: apply nixfmt --- .../science/math/amd-blis/default.nix | 32 ++++++++++--------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/pkgs/development/libraries/science/math/amd-blis/default.nix b/pkgs/development/libraries/science/math/amd-blis/default.nix index 8c71a072c895..cbbdc52ce427 100644 --- a/pkgs/development/libraries/science/math/amd-blis/default.nix +++ b/pkgs/development/libraries/science/math/amd-blis/default.nix @@ -1,25 +1,28 @@ -{ lib, stdenv -, fetchFromGitHub -, perl -, python3 +{ + lib, + stdenv, + fetchFromGitHub, + perl, + python3, -# Enable BLAS interface with 64-bit integer width. -, blas64 ? false + # Enable BLAS interface with 64-bit integer width. + blas64 ? false, -# Target architecture. "amdzen" compiles kernels for all Zen -# generations. To build kernels for specific Zen generations, -# use "zen", "zen2", "zen3", or "zen4". -, withArchitecture ? "amdzen" + # Target architecture. "amdzen" compiles kernels for all Zen + # generations. To build kernels for specific Zen generations, + # use "zen", "zen2", "zen3", or "zen4". + withArchitecture ? "amdzen", -# Enable OpenMP-based threading. -, withOpenMP ? true + # Enable OpenMP-based threading. + withOpenMP ? true, }: let threadingSuffix = lib.optionalString withOpenMP "-mt"; blasIntSize = if blas64 then "64" else "32"; -in stdenv.mkDerivation rec { +in +stdenv.mkDerivation rec { pname = "amd-blis"; version = "5.0"; @@ -47,8 +50,7 @@ in stdenv.mkDerivation rec { configureFlags = [ "--enable-cblas" "--blas-int-size=${blasIntSize}" - ] ++ lib.optionals withOpenMP [ "--enable-threading=openmp" ] - ++ [ withArchitecture ]; + ] ++ lib.optionals withOpenMP [ "--enable-threading=openmp" ] ++ [ withArchitecture ]; postPatch = '' patchShebangs configure build/flatten-headers.py From cc4d29d3532c5ff5ff832aecfbc7f06fe749f2cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Sat, 12 Oct 2024 18:28:17 -0700 Subject: [PATCH 14/39] nixos/headscale: assert that dns.base_domain is set when using MagicDNS --- nixos/modules/services/networking/headscale.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nixos/modules/services/networking/headscale.nix b/nixos/modules/services/networking/headscale.nix index aac6d331a027..9261ec03c532 100644 --- a/nixos/modules/services/networking/headscale.nix +++ b/nixos/modules/services/networking/headscale.nix @@ -498,6 +498,10 @@ in { assertion = with cfg.settings; dns.use_username_in_magic_dns or false || dns.base_domain == "" || !lib.hasInfix dns.base_domain server_url; message = "server_url cannot contain the base_domain, this will cause the headscale server and embedded DERP to become unreachable from the Tailscale node."; } + { + assertion = with cfg.settings; dns.magic_dns -> dns.base_domain != ""; + message = "dns.base_domain must be set when using MagicDNS"; + } (assertRemovedOption ["settings" "acl_policy_path"] "Use `policy.path` instead.") (assertRemovedOption ["settings" "db_host"] "Use `database.postgres.host` instead.") (assertRemovedOption ["settings" "db_name"] "Use `database.postgres.name` instead.") From de810c51637adc579fdb5221bb870c69f3a22eb3 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Sun, 13 Oct 2024 23:07:46 +0200 Subject: [PATCH 15/39] nixos/freshrss: update de parameters --- nixos/modules/services/web-apps/freshrss.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/modules/services/web-apps/freshrss.nix b/nixos/modules/services/web-apps/freshrss.nix index 8150f20c2a47..9622913feca0 100644 --- a/nixos/modules/services/web-apps/freshrss.nix +++ b/nixos/modules/services/web-apps/freshrss.nix @@ -269,9 +269,9 @@ in let settingsFlags = concatStringsSep " \\\n " (mapAttrsToList (k: v: "${k} ${toString v}") { - "--default_user" = ''"${cfg.defaultUser}"''; - "--auth_type" = ''"${cfg.authType}"''; - "--base_url" = ''"${cfg.baseUrl}"''; + "--default-user" = ''"${cfg.defaultUser}"''; + "--auth-type" = ''"${cfg.authType}"''; + "--base-url" = ''"${cfg.baseUrl}"''; "--language" = ''"${cfg.language}"''; "--db-type" = ''"${cfg.database.type}"''; # The following attributes are optional depending on the type of From f60a5249b79fc36656c5c5f40bdac7d6db8acf4b Mon Sep 17 00:00:00 2001 From: Guillaume Girol Date: Mon, 14 Oct 2024 09:27:15 +0200 Subject: [PATCH 16/39] pdfarranger: 1.11.0 -> 1.11.1 Diff: https://github.com/pdfarranger/pdfarranger/compare/refs/tags/1.11.0...1.11.1 Changelog: https://github.com/pdfarranger/pdfarranger/releases/tag/1.11.1 --- pkgs/by-name/pd/pdfarranger/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/pd/pdfarranger/package.nix b/pkgs/by-name/pd/pdfarranger/package.nix index bcbad7a32dcb..8050e5af6755 100644 --- a/pkgs/by-name/pd/pdfarranger/package.nix +++ b/pkgs/by-name/pd/pdfarranger/package.nix @@ -10,14 +10,14 @@ python3Packages.buildPythonApplication rec { pname = "pdfarranger"; - version = "1.11.0"; + version = "1.11.1"; pyproject = true; src = fetchFromGitHub { owner = "pdfarranger"; repo = "pdfarranger"; rev = "refs/tags/${version}"; - hash = "sha256-bHV6EluA7xp+HyejnSWJwfRBDcTuZq5Gzz0KWIs0qhA="; + hash = "sha256-94qziqJaKW8/L/6+U1yojxdG8BmeAStn+qbfGemTrVA="; }; nativeBuildInputs = [ wrapGAppsHook3 ]; From f8f5cd0303457162b39f418c5c78ba7d3fd5a036 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 14 Oct 2024 18:24:22 +0000 Subject: [PATCH 17/39] focuswriter: 1.8.8 -> 1.8.9 --- pkgs/applications/editors/focuswriter/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/editors/focuswriter/default.nix b/pkgs/applications/editors/focuswriter/default.nix index 01b461c67219..5126c7c6725e 100644 --- a/pkgs/applications/editors/focuswriter/default.nix +++ b/pkgs/applications/editors/focuswriter/default.nix @@ -14,13 +14,13 @@ stdenv.mkDerivation rec { pname = "focuswriter"; - version = "1.8.8"; + version = "1.8.9"; src = fetchFromGitHub { owner = "gottcode"; repo = "focuswriter"; rev = "v${version}"; - hash = "sha256-6DUUY7pqhmalxTq/LnJteQkd5Z001+kyQb/cUtmuZI4="; + hash = "sha256-FFfNjjVwi0bE6oc8LYhXrCKd+nwRQrjWzK5P4DSIIgs="; }; nativeBuildInputs = [ pkg-config cmake qttools wrapQtAppsHook ]; From 4f54a95f10a250ef089c238fed5b3a68d4f747ab Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 14 Oct 2024 19:05:16 +0000 Subject: [PATCH 18/39] cargo-ndk: 3.5.6 -> 3.5.7 --- pkgs/development/tools/rust/cargo-ndk/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/rust/cargo-ndk/default.nix b/pkgs/development/tools/rust/cargo-ndk/default.nix index 1397ffc3742c..8e38d601c752 100644 --- a/pkgs/development/tools/rust/cargo-ndk/default.nix +++ b/pkgs/development/tools/rust/cargo-ndk/default.nix @@ -8,16 +8,16 @@ rustPlatform.buildRustPackage rec { pname = "cargo-ndk"; - version = "3.5.6"; + version = "3.5.7"; src = fetchFromGitHub { owner = "bbqsrc"; repo = pname; rev = "v${version}"; - sha256 = "sha256-piNKtmDssDeB+DznLl0uufT5BFiVCMmYGuRmBUr5QWQ="; + sha256 = "sha256-tzjiq1jjluWqTl+8MhzFs47VRp3jIRJ7EOLhUP8ydbM="; }; - cargoHash = "sha256-sIKan8LnGv4sGVrGOUOKSD3R4fNRu5yBFATm5MWDTSU="; + cargoHash = "sha256-UthI01fLC35BPp550LaDLoo1kjisUmQZqSud8JM/kqM="; buildInputs = lib.optionals stdenv.hostPlatform.isDarwin [ CoreGraphics From 263f880d1300938219d44327f1713e01a04a4e85 Mon Sep 17 00:00:00 2001 From: Nikolay Korotkiy Date: Mon, 14 Oct 2024 23:53:25 +0400 Subject: [PATCH 19/39] =?UTF-8?q?lagrange:=201.18.1=20=E2=86=92=201.18.3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/applications/networking/browsers/lagrange/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/browsers/lagrange/default.nix b/pkgs/applications/networking/browsers/lagrange/default.nix index 232677f9ffab..c91d9d1fe91c 100644 --- a/pkgs/applications/networking/browsers/lagrange/default.nix +++ b/pkgs/applications/networking/browsers/lagrange/default.nix @@ -22,13 +22,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "lagrange"; - version = "1.18.1"; + version = "1.18.3"; src = fetchFromGitHub { owner = "skyjake"; repo = "lagrange"; rev = "v${finalAttrs.version}"; - hash = "sha256-iIUWF93RZheW4uf3zgs1jqDjQnn0nFH7GOMaLBR0w0o="; + hash = "sha256-ewpSZD+pCr6gbzT+4lW2+6tssPNLq4rqgUx7p8IsjIY="; }; nativeBuildInputs = [ From 3ccae6e249299295f348d8dd6350a733f7f64c21 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Mon, 14 Oct 2024 16:19:36 -0400 Subject: [PATCH 20/39] boundary: 0.17.1 -> 0.18.0 --- pkgs/by-name/bo/boundary/package.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/by-name/bo/boundary/package.nix b/pkgs/by-name/bo/boundary/package.nix index 33a77d0b5788..ebc99ceddaeb 100644 --- a/pkgs/by-name/bo/boundary/package.nix +++ b/pkgs/by-name/bo/boundary/package.nix @@ -6,7 +6,7 @@ stdenv.mkDerivation rec { pname = "boundary"; - version = "0.17.1"; + version = "0.18.0"; src = let @@ -19,10 +19,10 @@ stdenv.mkDerivation rec { aarch64-darwin = "darwin_arm64"; }; hash = selectSystem { - x86_64-linux = "sha256-U7ZCmpmcZpgLkf2jwc35Q9jezxUzaKp85WX2Tqs5IFI="; - aarch64-linux = "sha256-gYbeC+f/EXfhzUtwojjvyEATri1XpHpu+JPQtj4oRb4="; - x86_64-darwin = "sha256-N6Uy5JiU9mW1/muHYF6Rf1KLX1iXYt/5ct1IHeFUgds="; - aarch64-darwin = "sha256-Oxfzy/9ggcJXS+tXiYmJXSiqbMKw4vv9RMquUuOlJ08="; + x86_64-linux = "sha256-Wp1gPFQkOv+ZCEy0D2Tw9l6aCZekdpkXYcTZNheJHEg="; + aarch64-linux = "sha256-jBYu4m3L+j/coJ4D9cPA8mSBYiLiUyVKp98x6mdrrrk="; + x86_64-darwin = "sha256-OuiF1pgutt69ghlkLkEwkWMIFjvAsY7YUZERHNiToMs="; + aarch64-darwin = "sha256-sYKA02euri/K8FM8GoY7Y/WWLE2nBSoiNoxSdUPunWA="; }; in fetchzip { From b6fa7e130b79ad795a7e4a4d5d422e75f8dd367e Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 14 Oct 2024 21:07:37 +0000 Subject: [PATCH 21/39] jq-lsp: 0.1.3 -> 0.1.4 --- pkgs/development/tools/language-servers/jq-lsp/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/language-servers/jq-lsp/default.nix b/pkgs/development/tools/language-servers/jq-lsp/default.nix index ad43af981e39..e33133c42634 100644 --- a/pkgs/development/tools/language-servers/jq-lsp/default.nix +++ b/pkgs/development/tools/language-servers/jq-lsp/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "jq-lsp"; - version = "0.1.3"; + version = "0.1.4"; src = fetchFromGitHub { owner = "wader"; repo = "jq-lsp"; rev = "refs/tags/v${version}"; - hash = "sha256-c7uK8WPM/h2PLVLFGeN66SztvzjBCgJje7L14+oErVU="; + hash = "sha256-ueSf32C4BznDKBQD0OIJKZhrwLq1xpn6WWEnsqoWkl8="; }; vendorHash = "sha256-8sZGnoP7l09ZzLJqq8TUCquTOPF0qiwZcFhojUnnEIY="; From a28796b8c053def7c3f839d43ca2df76d4d86bb1 Mon Sep 17 00:00:00 2001 From: Reno Dakota <170618376+paparodeo@users.noreply.github.com> Date: Mon, 14 Oct 2024 21:18:53 +0000 Subject: [PATCH 22/39] Revert "castxml: fix build on darwin" workaround for clang is no longer needed after change 8c9c8ade2f88a85ccdd4858cc802d7b7d6c48fe0 fixed cmake This reverts commit 94490fd53141d1be123d2ca0dfe1fdac0487a2da. --- pkgs/by-name/ca/castxml/package.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/pkgs/by-name/ca/castxml/package.nix b/pkgs/by-name/ca/castxml/package.nix index c0fe17a1d097..958f237a88c8 100644 --- a/pkgs/by-name/ca/castxml/package.nix +++ b/pkgs/by-name/ca/castxml/package.nix @@ -32,11 +32,12 @@ stdenv.mkDerivation (finalAttrs: { nativeBuildInputs = [ cmake ] ++ lib.optionals (withManual || withHTML) [ sphinx ]; buildInputs = [ + libclang libffi libxml2 llvm zlib - ] ++ lib.optionals (!stdenv.hostPlatform.isDarwin) [ libclang ]; + ]; cmakeFlags = [ @@ -46,9 +47,6 @@ stdenv.mkDerivation (finalAttrs: { (lib.cmakeBool "SPHINX_HTML" withHTML) (lib.cmakeBool "SPHINX_MAN" withManual) - ] - ++ lib.optionals stdenv.hostPlatform.isDarwin [ - (lib.cmakeOptionType "path" "Clang_DIR" "${lib.getDev libclang}/lib/cmake/clang") ]; doCheck = true; From 603bd7a5dffea0327eaa60608cf0a638e4c0ba51 Mon Sep 17 00:00:00 2001 From: Reno Dakota <170618376+paparodeo@users.noreply.github.com> Date: Mon, 14 Oct 2024 21:31:51 +0000 Subject: [PATCH 23/39] castxml: nixfmt required change to pass the CI --- pkgs/by-name/ca/castxml/package.nix | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/pkgs/by-name/ca/castxml/package.nix b/pkgs/by-name/ca/castxml/package.nix index 958f237a88c8..fc8eccd1dcca 100644 --- a/pkgs/by-name/ca/castxml/package.nix +++ b/pkgs/by-name/ca/castxml/package.nix @@ -39,15 +39,14 @@ stdenv.mkDerivation (finalAttrs: { zlib ]; - cmakeFlags = - [ - (lib.cmakeOptionType "path" "CLANG_RESOURCE_DIR" - "${lib.getLib libclang}/lib/clang/${lib.versions.major libclang.version}" - ) + cmakeFlags = [ + (lib.cmakeOptionType "path" "CLANG_RESOURCE_DIR" + "${lib.getLib libclang}/lib/clang/${lib.versions.major libclang.version}" + ) - (lib.cmakeBool "SPHINX_HTML" withHTML) - (lib.cmakeBool "SPHINX_MAN" withManual) - ]; + (lib.cmakeBool "SPHINX_HTML" withHTML) + (lib.cmakeBool "SPHINX_MAN" withManual) + ]; doCheck = true; From 49f198845dcae089fb0c7696fb9ecae75635a9c7 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 15 Oct 2024 02:36:49 +0000 Subject: [PATCH 24/39] dinit: 0.19.0 -> 0.19.1 --- pkgs/by-name/di/dinit/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/di/dinit/package.nix b/pkgs/by-name/di/dinit/package.nix index 26f1ad4c7e60..3d88f2ccfa69 100644 --- a/pkgs/by-name/di/dinit/package.nix +++ b/pkgs/by-name/di/dinit/package.nix @@ -9,13 +9,13 @@ stdenv.mkDerivation rec { pname = "dinit"; - version = "0.19.0"; + version = "0.19.1"; src = fetchFromGitHub { owner = "davmac314"; repo = "dinit"; rev = "v${version}"; - hash = "sha256-ApB0pEFSyawNASF/rqRmhT4FLofZzYmNdNmG2FGpnnk="; + hash = "sha256-z5qfC+aUwSK7UJ2RcyNHcUAUYXKbMrWmqmcn7fJVLD8="; }; postPatch = '' From 506a4499d0c756036a92a73789dafe2136c9d4f1 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 15 Oct 2024 12:28:13 +0000 Subject: [PATCH 25/39] qcad: 3.30.1.3 -> 3.31.1.2 --- pkgs/applications/misc/qcad/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/qcad/default.nix b/pkgs/applications/misc/qcad/default.nix index 6bffbda0a01b..a2b2dd027750 100644 --- a/pkgs/applications/misc/qcad/default.nix +++ b/pkgs/applications/misc/qcad/default.nix @@ -18,14 +18,14 @@ mkDerivation rec { pname = "qcad"; - version = "3.30.1.3"; + version = "3.31.1.2"; src = fetchFromGitHub { name = "qcad-${version}-src"; owner = "qcad"; repo = "qcad"; rev = "v${version}"; - hash = "sha256-bGSXFX1LuNZzs981t0GZxnMPzyJ+bddB4m/wkLMsfg0="; + hash = "sha256-lTe/XCW/qUARfIpcps1RMjubLiIR7cvYMZ0XgebaDrk="; }; patches = [ From eee9e1f686b21e6c053b94bc8c0bab53e3826cd4 Mon Sep 17 00:00:00 2001 From: Gaetan Lepage Date: Tue, 15 Oct 2024 15:04:33 +0200 Subject: [PATCH 26/39] python312Packages.qcodes: 0.48.0 -> 0.49.0 Diff: https://github.com/microsoft/Qcodes/compare/refs/tags/v0.48.0...v0.49.0 Changelog: https://github.com/QCoDeS/Qcodes/releases/tag/v0.49.0 --- pkgs/development/python-modules/qcodes/default.nix | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/pkgs/development/python-modules/qcodes/default.nix b/pkgs/development/python-modules/qcodes/default.nix index e10eb77d2816..01ae8380228c 100644 --- a/pkgs/development/python-modules/qcodes/default.nix +++ b/pkgs/development/python-modules/qcodes/default.nix @@ -6,7 +6,6 @@ # build-system setuptools, versioningit, - wheel, # dependencies broadbean, @@ -45,8 +44,6 @@ sphinx, sphinx-issues, towncrier, - opencensus, - opencensus-ext-azure, # checks deepdiff, @@ -62,20 +59,19 @@ buildPythonPackage rec { pname = "qcodes"; - version = "0.48.0"; + version = "0.49.0"; pyproject = true; src = fetchFromGitHub { owner = "microsoft"; repo = "Qcodes"; rev = "refs/tags/v${version}"; - hash = "sha256-Q1WyuK1mCbs75kGY1Aaw7S5EfFRjwqzZnhNyeSx7qc8="; + hash = "sha256-AlrQH0yKbEz+ICdvWWjMD7LQvWl36cFWlp+fegAmtL8="; }; build-system = [ setuptools versioningit - wheel ]; dependencies = [ @@ -125,10 +121,6 @@ buildPythonPackage rec { loop = [ # qcodes-loop ]; - opencensus = [ - opencensus - opencensus-ext-azure - ]; refactor = [ libcst ]; From 5535fe31c18a8d6e23eff450b8adf32ff711b212 Mon Sep 17 00:00:00 2001 From: Christian Segundo Date: Tue, 15 Oct 2024 15:25:47 +0200 Subject: [PATCH 27/39] perlPackages.SeleniumRemoteDriver: init at 1.49 --- pkgs/top-level/perl-packages.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index affe4b3634a6..dfaaf7aa8748 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -22382,6 +22382,22 @@ with self; { }; }; + SeleniumRemoteDriver = buildPerlPackage { + pname = "Selenium-Remote-Driver"; + version = "1.49"; + src = fetchurl { + url = "mirror://cpan/authors/id/T/TE/TEODESIAN/Selenium-Remote-Driver-1.49.tar.gz"; + hash = "sha256-yg7/7s6kK72vOVqI5j5EkoWKAAZAfJTRz8QY1BOX+mI="; + }; + buildInputs = [ TestDeep TestFatal TestLWPUserAgent TestMockModule ]; + propagatedBuildInputs = [ ArchiveZip Clone FileWhich HTTPMessage IOString JSON LWP Moo SubInstall TestLongString TryTiny XMLSimple namespaceclean ]; + meta = { + homepage = "https://github.com/teodesian/Selenium-Remote-Driver"; + description = "Perl Client for Selenium Remote Driver"; + license = lib.licenses.asl20; + }; + }; + SerealDecoder = buildPerlPackage { pname = "Sereal-Decoder"; version = "5.004"; From 1cce98b1f040628a92a73740f8b53b49e6d120d7 Mon Sep 17 00:00:00 2001 From: Gaetan Lepage Date: Tue, 15 Oct 2024 19:09:57 +0200 Subject: [PATCH 28/39] pylyzer: 0.0.65 -> 0.0.66 Diff: https://github.com/mtshiba/pylyzer/compare/refs/tags/v0.0.65...v0.0.66 Changelog: https://github.com/mtshiba/pylyzer/releases/tag/v0.0.66 --- pkgs/by-name/py/pylyzer/Cargo.lock | 58 +++++++++++++++-------------- pkgs/by-name/py/pylyzer/package.nix | 4 +- 2 files changed, 32 insertions(+), 30 deletions(-) diff --git a/pkgs/by-name/py/pylyzer/Cargo.lock b/pkgs/by-name/py/pylyzer/Cargo.lock index 8ca4202e4b17..9b0a4ca41724 100644 --- a/pkgs/by-name/py/pylyzer/Cargo.lock +++ b/pkgs/by-name/py/pylyzer/Cargo.lock @@ -99,9 +99,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "cc" -version = "1.1.27" +version = "1.1.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "677207f6eaec43fcfd092a718c847fc38aa261d0e19b8ef6797e0ccbe789e738" +checksum = "b16803a61b81d9eabb7eae2588776c4c1e584b738ede45fdbb4c972cec1e9945" dependencies = [ "shlex", ] @@ -145,23 +145,25 @@ checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0" [[package]] name = "els" -version = "0.1.58-nightly.4" +version = "0.1.58" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "82ca64c7e007a801f3c026026d4f7c65193ca2ccfab19018cf47b0946ed1de86" +checksum = "ab76dea4883a3e75fab38a6cd6c761346fec5909850c557fcbd683f7bd30b54e" dependencies = [ "erg_common", "erg_compiler", + "libc", "lsp-types", "molc", "serde", "serde_json", + "windows", ] [[package]] name = "erg_common" -version = "0.6.46-nightly.4" +version = "0.6.46" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c91d7308be743f27d0bcb6778d85d76bfad86fc54ae53ae5fab06b37bd54fd74" +checksum = "9cef7281a06474cd12e7eb653d164777023440b13a28c8834124770c4b8f65fa" dependencies = [ "backtrace-on-stack-overflow", "erg_proc_macros", @@ -172,9 +174,9 @@ dependencies = [ [[package]] name = "erg_compiler" -version = "0.6.46-nightly.4" +version = "0.6.46" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2ca9d5eb0b29b60d7ac8d7d639add33a4b331b35e4739775f0bd0f1e94be764" +checksum = "0bf1c1e83a364fafbcec194a27affd02bf4538740c34c1617c45d960d4a3e33c" dependencies = [ "erg_common", "erg_parser", @@ -182,9 +184,9 @@ dependencies = [ [[package]] name = "erg_parser" -version = "0.6.46-nightly.4" +version = "0.6.46" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0d0f70495239bd721afb1be7ba33c9146cbd7d4d578bd65fcb86e52561224e0" +checksum = "9c65037a0c9b890d8f810f7a827b897fba6ae950b34258b1450c9ab1e310813c" dependencies = [ "erg_common", "erg_proc_macros", @@ -193,9 +195,9 @@ dependencies = [ [[package]] name = "erg_proc_macros" -version = "0.6.46-nightly.4" +version = "0.6.46" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61073a06b84b2e9c36b3645494102780936b560ba80f8c466cf2cdc374740f3e" +checksum = "29d7235082b39bf55cdec52da8c010c2d2d9ff7d41dde051158b7815f560f321" dependencies = [ "quote", "syn 1.0.109", @@ -552,16 +554,16 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.86" +version = "1.0.87" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" +checksum = "b3e4daa0dcf6feba26f985457cdf104d4b4256fc5a09547140f3631bb076b19a" dependencies = [ "unicode-ident", ] [[package]] name = "py2erg" -version = "0.0.65" +version = "0.0.66" dependencies = [ "erg_common", "erg_compiler", @@ -571,7 +573,7 @@ dependencies = [ [[package]] name = "pylyzer" -version = "0.0.65" +version = "0.0.66" dependencies = [ "els", "erg_common", @@ -581,7 +583,7 @@ dependencies = [ [[package]] name = "pylyzer_core" -version = "0.0.65" +version = "0.0.66" dependencies = [ "erg_common", "erg_compiler", @@ -592,7 +594,7 @@ dependencies = [ [[package]] name = "pylyzer_wasm" -version = "0.0.65" +version = "0.0.66" dependencies = [ "erg_common", "erg_compiler", @@ -1005,9 +1007,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.93" +version = "0.2.95" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a82edfc16a6c469f5f44dc7b571814045d60404b55a0ee849f9bcfa2e63dd9b5" +checksum = "128d1e363af62632b8eb57219c8fd7877144af57558fb2ef0368d0087bddeb2e" dependencies = [ "cfg-if", "once_cell", @@ -1016,9 +1018,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.93" +version = "0.2.95" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9de396da306523044d3302746f1208fa71d7532227f15e347e2d93e4145dd77b" +checksum = "cb6dd4d3ca0ddffd1dd1c9c04f94b868c37ff5fac97c30b97cff2d74fce3a358" dependencies = [ "bumpalo", "log", @@ -1031,9 +1033,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.93" +version = "0.2.95" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "585c4c91a46b072c92e908d99cb1dcdf95c5218eeb6f3bf1efa991ee7a68cccf" +checksum = "e79384be7f8f5a9dd5d7167216f022090cf1f9ec128e6e6a482a2cb5c5422c56" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -1041,9 +1043,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.93" +version = "0.2.95" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836" +checksum = "26c6ab57572f7a24a4985830b120de1594465e5d500f24afe89e16b4e833ef68" dependencies = [ "proc-macro2", "quote", @@ -1054,9 +1056,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.93" +version = "0.2.95" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c62a0a307cb4a311d3a07867860911ca130c3494e8c2719593806c08bc5d0484" +checksum = "65fc09f10666a9f147042251e0dda9c18f166ff7de300607007e96bdebc1068d" [[package]] name = "windows" diff --git a/pkgs/by-name/py/pylyzer/package.nix b/pkgs/by-name/py/pylyzer/package.nix index 585907407a63..4e3b59a59c27 100644 --- a/pkgs/by-name/py/pylyzer/package.nix +++ b/pkgs/by-name/py/pylyzer/package.nix @@ -15,13 +15,13 @@ rustPlatform.buildRustPackage rec { pname = "pylyzer"; - version = "0.0.65"; + version = "0.0.66"; src = fetchFromGitHub { owner = "mtshiba"; repo = "pylyzer"; rev = "refs/tags/v${version}"; - hash = "sha256-pHFsrC5SefXEnxgIk/OkRdOOAuYZLhZYVYu41MYtxJs="; + hash = "sha256-vDeQ7IuECykBtcu4qvKKhcr/3vCXjN1JyL3/D4kwnng="; }; cargoLock = { From 221d96051a41a9bf0bad14df45a5a0bb3d09847f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= Date: Tue, 8 Oct 2024 21:28:48 +0200 Subject: [PATCH 29/39] libinput: fix eventGUISupport = true builds By adding required dependency wayland-scanner. It doesn't seem to work at runtime though; `libinput debug-gui` is static, not reacting to inputs. --- pkgs/development/libraries/libinput/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/libraries/libinput/default.nix b/pkgs/development/libraries/libinput/default.nix index 0021f08aa5e2..bc8977c70882 100644 --- a/pkgs/development/libraries/libinput/default.nix +++ b/pkgs/development/libraries/libinput/default.nix @@ -22,6 +22,7 @@ , valgrind , python3 , nixosTests +, wayland-scanner }: let @@ -86,6 +87,7 @@ stdenv.mkDerivation rec { cairo glib gtk3 + wayland-scanner ]; propagatedBuildInputs = [ From 5a5c04d1ea8319b6733e3084dcfe3dded171c662 Mon Sep 17 00:00:00 2001 From: Dmitry Voronin Date: Fri, 11 Oct 2024 00:03:21 +0300 Subject: [PATCH 30/39] nixos/zapret: init --- .../manual/release-notes/rl-2411.section.md | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/services/networking/zapret.nix | 159 ++++++++++++++++++ 3 files changed, 162 insertions(+) create mode 100644 nixos/modules/services/networking/zapret.nix diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md index e802470e7a04..41a4ceb3984c 100644 --- a/nixos/doc/manual/release-notes/rl-2411.section.md +++ b/nixos/doc/manual/release-notes/rl-2411.section.md @@ -181,6 +181,8 @@ - [Fedimint](https://github.com/fedimint/fedimint), a module based system for building federated applications (Federated E-Cash Mint). Available as [services.fedimintd](#opt-services.fedimintd). +- [Zapret](https://github.com/bol-van/zapret), a DPI bypass tool. Available as [services.zapret](option.html#opt-services.zapret). + ## Backward Incompatibilities {#sec-release-24.11-incompatibilities} - The `sound` options have been removed or renamed, as they had a lot of unintended side effects. See [below](#sec-release-24.11-migration-sound) for details. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 6910458baf40..0925a2a53b2d 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1276,6 +1276,7 @@ ./services/networking/xray.nix ./services/networking/xrdp.nix ./services/networking/yggdrasil.nix + ./services/networking/zapret.nix ./services/networking/zerobin.nix ./services/networking/zeronet.nix ./services/networking/zerotierone.nix diff --git a/nixos/modules/services/networking/zapret.nix b/nixos/modules/services/networking/zapret.nix new file mode 100644 index 000000000000..53309b046931 --- /dev/null +++ b/nixos/modules/services/networking/zapret.nix @@ -0,0 +1,159 @@ +{ + lib, + config, + pkgs, + ... +}: +let + cfg = config.services.zapret; + + whitelist = lib.optionalString ( + cfg.whitelist != null + ) "--hostlist ${pkgs.writeText "zapret-whitelist" (lib.concatStringsSep "\n" cfg.whitelist)}"; + + blacklist = + lib.optionalString (cfg.blacklist != null) + "--hostlist-exclude ${pkgs.writeText "zapret-blacklist" (lib.concatStringsSep "\n" cfg.blacklist)}"; + + ports = if cfg.httpSupport then "80,443" else "443"; +in +{ + options.services.zapret = { + enable = lib.mkEnableOption "the Zapret DPI bypass service."; + package = lib.mkPackageOption pkgs "zapret" { }; + params = lib.mkOption { + default = [ ]; + type = with lib.types; listOf str; + example = '' + [ + "--dpi-desync=fake,disorder2" + "--dpi-desync-ttl=1" + "--dpi-desync-autottl=2" + ]; + ''; + description = '' + Specify the bypass parameters for Zapret binary. + There are no universal parameters as they vary between different networks, so you'll have to find them yourself. + + This can be done by running the `blockcheck` binary from zapret package, i.e. `nix-shell -p zapret --command blockcheck`. + It'll try different params and then tell you which params are working for your network. + ''; + }; + whitelist = lib.mkOption { + default = null; + type = with lib.types; nullOr (listOf str); + example = '' + [ + "youtube.com" + "googlevideo.com" + "ytimg.com" + "youtu.be" + ] + ''; + description = '' + Specify a list of domains to bypass. All other domains will be ignored. + You can specify either whitelist or blacklist, but not both. + If neither are specified, then bypass all domains. + + It is recommended to specify the whitelist. This will make sure that other resources won't be affected by this service. + ''; + }; + blacklist = lib.mkOption { + default = null; + type = with lib.types; nullOr (listOf str); + example = '' + [ + "example.com" + ] + ''; + description = '' + Specify a list of domains NOT to bypass. All other domains will be bypassed. + You can specify either whitelist or blacklist, but not both. + If neither are specified, then bypass all domains. + ''; + }; + qnum = lib.mkOption { + default = 200; + type = lib.types.int; + description = '' + Routing queue number. + Only change this if you already use the default queue number somewhere else. + ''; + }; + configureFirewall = lib.mkOption { + default = true; + type = lib.types.bool; + description = '' + Whether to setup firewall routing so that system http(s) traffic is forwarded via this service. + Disable if you want to set it up manually. + ''; + }; + httpSupport = lib.mkOption { + default = true; + type = lib.types.bool; + description = '' + Whether to route http traffic on port 80. + Http bypass rarely works and you might want to disable it if you don't utilise http connections. + ''; + }; + }; + + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + assertions = [ + { + assertion = (cfg.whitelist == null) || (cfg.blacklist == null); + message = "Can't specify both whitelist and blacklist."; + } + { + assertion = (builtins.length cfg.params) != 0; + message = "You have to specify zapret parameters. See the params option's description."; + } + ]; + + systemd.services.zapret = { + description = "DPI bypass service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + ExecStart = "${cfg.package}/bin/nfqws --pidfile=/run/nfqws.pid ${lib.concatStringsSep " " cfg.params} ${whitelist} ${blacklist} --qnum=${toString cfg.qnum}"; + Type = "simple"; + PIDFile = "/run/nfqws.pid"; + Restart = "always"; + RuntimeMaxSec = "1h"; # This service loves to crash silently or cause network slowdowns. It also restarts instantly. In my experience restarting it hourly provided the best experience. + + # hardening + DevicePolicy = "closed"; + KeyringMode = "private"; + PrivateTmp = true; + PrivateMounts = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = "strict"; + ProtectProc = "invisible"; + RemoveIPC = true; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + }; + }; + } + + # Route system traffic via service for specified ports. + (lib.mkIf cfg.configureFirewall { + networking.firewall.extraCommands = '' + iptables -t mangle -I POSTROUTING -p tcp -m multiport --dports ${ports} -m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:6 -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num ${toString cfg.qnum} --queue-bypass + ''; + }) + ] + ); + + meta.maintainers = with lib.maintainers; [ + voronind + nishimara + ]; +} From bf63690b2ec630b89e9255a24df624a0d44c2606 Mon Sep 17 00:00:00 2001 From: Andrew Marshall Date: Tue, 15 Oct 2024 15:03:22 -0400 Subject: [PATCH 31/39] bitwarden-desktop: fix build and guard against breakage `dbus-run-session` execs, so does not carry-over shell functions. Previously, we had explicitly exported just the functions we needed. However, what is needed has recently changed due to changes in `cargoCheckHook`. Instead, export all functions so we are not so coupled to the implementation. Do this in a subshell to avoid polluting the rest of the build. --- pkgs/by-name/bi/bitwarden-desktop/package.nix | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/pkgs/by-name/bi/bitwarden-desktop/package.nix b/pkgs/by-name/bi/bitwarden-desktop/package.nix index a45712bfe801..c57f7d47d56e 100644 --- a/pkgs/by-name/bi/bitwarden-desktop/package.nix +++ b/pkgs/by-name/bi/bitwarden-desktop/package.nix @@ -146,14 +146,17 @@ in buildNpmPackage rec { checkPhase = '' runHook preCheck - pushd ${cargoRoot} - export HOME=$(mktemp -d) - export -f cargoCheckHook runHook _eval _callImplicitHook _logHook - export cargoCheckType=release - dbus-run-session \ - --config-file=${dbus}/share/dbus-1/session.conf \ - -- bash -e -c cargoCheckHook - popd + ( + cd ${cargoRoot} + export HOME=$(mktemp -d) + export cargoCheckType=release + for function in $(declare -F | awk '{print $3}'); do + export -f "$function" + done + dbus-run-session \ + --config-file=${dbus}/share/dbus-1/session.conf \ + -- bash -e -c cargoCheckHook + ) runHook postCheck ''; From d9ce15a363306688d7d088bde06a45bb9d706d18 Mon Sep 17 00:00:00 2001 From: Andrew Marshall Date: Tue, 15 Oct 2024 15:11:41 -0400 Subject: [PATCH 32/39] bitwarden-desktop: remove unneeded dbus-run-session for tests This appears to no longer be needed. Still run in a subshell to avoid polluting `HOME` to the rest of the build. --- pkgs/by-name/bi/bitwarden-desktop/package.nix | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/pkgs/by-name/bi/bitwarden-desktop/package.nix b/pkgs/by-name/bi/bitwarden-desktop/package.nix index c57f7d47d56e..6531632cc1bd 100644 --- a/pkgs/by-name/bi/bitwarden-desktop/package.nix +++ b/pkgs/by-name/bi/bitwarden-desktop/package.nix @@ -2,7 +2,6 @@ , buildNpmPackage , cargo , copyDesktopItems -, dbus , electron_32 , fetchFromGitHub , glib @@ -135,7 +134,6 @@ in buildNpmPackage rec { doCheck = true; nativeCheckInputs = [ - dbus (gnome-keyring.override { useWrappedDaemon = false; }) ]; @@ -148,14 +146,9 @@ in buildNpmPackage rec { ( cd ${cargoRoot} - export HOME=$(mktemp -d) - export cargoCheckType=release - for function in $(declare -F | awk '{print $3}'); do - export -f "$function" - done - dbus-run-session \ - --config-file=${dbus}/share/dbus-1/session.conf \ - -- bash -e -c cargoCheckHook + HOME=$(mktemp -d) + cargoCheckType=release + cargoCheckHook ) runHook postCheck From 96043dc729d5701783b17830e135b9bd0d8fd155 Mon Sep 17 00:00:00 2001 From: Anderson Torres Date: Mon, 14 Oct 2024 20:56:18 -0300 Subject: [PATCH 33/39] setconf: use the new Python packaging guidelines --- pkgs/tools/misc/setconf/default.nix | 11 +++++++---- pkgs/top-level/all-packages.nix | 2 +- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/pkgs/tools/misc/setconf/default.nix b/pkgs/tools/misc/setconf/default.nix index fd43ad6350cf..320ae683c5cb 100644 --- a/pkgs/tools/misc/setconf/default.nix +++ b/pkgs/tools/misc/setconf/default.nix @@ -1,12 +1,11 @@ { lib -, buildPythonApplication +, python3Packages , fetchFromGitHub }: -buildPythonApplication rec { +python3Packages.buildPythonApplication rec { pname = "setconf"; version = "0.7.7"; - format = "setuptools"; src = fetchFromGitHub { owner = "xyproto"; @@ -15,11 +14,15 @@ buildPythonApplication rec { hash = "sha256-HYZdDtDlGrT3zssDdMW3559hhC+cPy8qkmM8d9zEa1A="; }; + build-system = with python3Packages; [ setuptools ]; + + pyproject = true; + meta = { homepage = "https://github.com/xyproto/setconf"; description = "Small utility for changing settings in configuration textfiles"; changelog = "https://github.com/xyproto/setconf/releases/tag/${version}"; - maintainers = [ lib.maintainers.AndersonTorres ]; mainProgram = "setconf"; + maintainers = with lib.maintainers; [ AndersonTorres ]; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index cc28af8ce0c5..b9a0bbd2ef10 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -32317,7 +32317,7 @@ with pkgs; secretscanner = callPackage ../tools/security/secretscanner { }; - setconf = python3.pkgs.callPackage ../tools/misc/setconf { }; + setconf = callPackage ../tools/misc/setconf { }; semiphemeral = callPackage ../tools/misc/semiphemeral { }; From 56137a2cacefb66c8b9cd11d6a44349a100474e8 Mon Sep 17 00:00:00 2001 From: Anderson Torres Date: Mon, 14 Oct 2024 20:58:45 -0300 Subject: [PATCH 34/39] setconf: get rid of rec --- pkgs/tools/misc/setconf/default.nix | 52 ++++++++++++++++------------- 1 file changed, 28 insertions(+), 24 deletions(-) diff --git a/pkgs/tools/misc/setconf/default.nix b/pkgs/tools/misc/setconf/default.nix index 320ae683c5cb..fb6aeefd84ae 100644 --- a/pkgs/tools/misc/setconf/default.nix +++ b/pkgs/tools/misc/setconf/default.nix @@ -1,28 +1,32 @@ -{ lib -, python3Packages -, fetchFromGitHub +{ + lib, + fetchFromGitHub, + python3Packages, }: -python3Packages.buildPythonApplication rec { - pname = "setconf"; - version = "0.7.7"; +let + self = python3Packages.buildPythonApplication { + pname = "setconf"; + version = "0.7.7"; - src = fetchFromGitHub { - owner = "xyproto"; - repo = "setconf"; - rev = version; - hash = "sha256-HYZdDtDlGrT3zssDdMW3559hhC+cPy8qkmM8d9zEa1A="; + src = fetchFromGitHub { + owner = "xyproto"; + repo = "setconf"; + rev = self.version; + hash = "sha256-HYZdDtDlGrT3zssDdMW3559hhC+cPy8qkmM8d9zEa1A="; + }; + + build-system = with python3Packages; [ setuptools ]; + + pyproject = true; + + meta = { + homepage = "https://github.com/xyproto/setconf"; + description = "Small utility for changing settings in configuration textfiles"; + changelog = "https://github.com/xyproto/setconf/releases/tag/${self.src.rev}"; + mainProgram = "setconf"; + maintainers = with lib.maintainers; [ AndersonTorres ]; + }; }; - - build-system = with python3Packages; [ setuptools ]; - - pyproject = true; - - meta = { - homepage = "https://github.com/xyproto/setconf"; - description = "Small utility for changing settings in configuration textfiles"; - changelog = "https://github.com/xyproto/setconf/releases/tag/${version}"; - mainProgram = "setconf"; - maintainers = with lib.maintainers; [ AndersonTorres ]; - }; -} +in +self From ec2b16f5ac4ae58bd82c539ad6de853322c56e88 Mon Sep 17 00:00:00 2001 From: Anderson Torres Date: Mon, 14 Oct 2024 21:02:17 -0300 Subject: [PATCH 35/39] setconf: migrate to by-name --- .../misc/setconf/default.nix => by-name/se/setconf/package.nix} | 0 pkgs/top-level/all-packages.nix | 2 -- 2 files changed, 2 deletions(-) rename pkgs/{tools/misc/setconf/default.nix => by-name/se/setconf/package.nix} (100%) diff --git a/pkgs/tools/misc/setconf/default.nix b/pkgs/by-name/se/setconf/package.nix similarity index 100% rename from pkgs/tools/misc/setconf/default.nix rename to pkgs/by-name/se/setconf/package.nix diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index b9a0bbd2ef10..d60050bd692d 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -32317,8 +32317,6 @@ with pkgs; secretscanner = callPackage ../tools/security/secretscanner { }; - setconf = callPackage ../tools/misc/setconf { }; - semiphemeral = callPackage ../tools/misc/semiphemeral { }; semver = callPackage ../applications/misc/semver { }; From cfe6449dba4a90b1b99ca7c78796d5bfe6d13100 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Tue, 15 Oct 2024 21:02:24 +0100 Subject: [PATCH 36/39] gobject-introspection-unwrapped: drop conflicting patch Without the change `gobject-introspection` fails the build on `staging-next` as: applying patch /nix/store/5w1icwq865fhjs9w2s0vb6xqn5irzxv7-setuptools-74.0-compat.patch patching file giscanner/ccompiler.py Reversed (or previously applied) patch detected! Assume -R? [n] Apply anyway? [n] Skipping patch. 4 out of 4 hunks ignored -- saving rejects to file giscanner/ccompiler.py.rej patching file giscanner/msvccompiler.py Reversed (or previously applied) patch detected! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to file giscanner/msvccompiler.py.rej --- .../development/libraries/gobject-introspection/default.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/pkgs/development/libraries/gobject-introspection/default.nix b/pkgs/development/libraries/gobject-introspection/default.nix index 2d8f7104a0a0..925db88c9d01 100644 --- a/pkgs/development/libraries/gobject-introspection/default.nix +++ b/pkgs/development/libraries/gobject-introspection/default.nix @@ -1,7 +1,6 @@ { stdenv , lib , fetchurl -, fetchpatch2 , glib , flex , bison @@ -61,11 +60,6 @@ stdenv.mkDerivation (finalAttrs: { src = ./absolute_shlib_path.patch; inherit nixStoreDir; }) - (fetchpatch2 { - name = "setuptools-74.0-compat.patch"; - url = "https://github.com/GNOME/gobject-introspection/commit/a2139dba59eac283a7f543ed737f038deebddc19.patch"; - hash = "sha256-n++wpQuJhAEYtcu8LZDC4+Tx1MYuFIMysFgrvz68jWU="; - }) ] ++ lib.optionals x11Support [ # Hardcode the cairo shared library path in the Cairo gir shipped with this package. # https://github.com/NixOS/nixpkgs/issues/34080 From 0ed4d765b4452a9beee4c20c64385d7b1a090652 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 15 Oct 2024 18:54:54 +0000 Subject: [PATCH 37/39] qpwgraph: 0.7.5 -> 0.7.8 --- pkgs/applications/audio/qpwgraph/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/audio/qpwgraph/default.nix b/pkgs/applications/audio/qpwgraph/default.nix index 85df0f595f33..bf47712e32e7 100644 --- a/pkgs/applications/audio/qpwgraph/default.nix +++ b/pkgs/applications/audio/qpwgraph/default.nix @@ -13,14 +13,14 @@ stdenv.mkDerivation (finalAttrs: { pname = "qpwgraph"; - version = "0.7.5"; + version = "0.7.8"; src = fetchFromGitLab { domain = "gitlab.freedesktop.org"; owner = "rncbc"; repo = "qpwgraph"; rev = "v${finalAttrs.version}"; - sha256 = "sha256-EMBoP0gmJ1JwjkCc1UjTM4BgeYhFSFhUOD14rJRow1o="; + sha256 = "sha256-Ap2iSYalsyzUq/MvKUim3l29FFYid0FLUBKQ29FyWDg="; }; nativeBuildInputs = [ cmake pkg-config wrapQtAppsHook ]; From 42a12a0551a59ec1ad09d87d70b1dcabb323f92d Mon Sep 17 00:00:00 2001 From: Anders Kaseorg Date: Tue, 15 Oct 2024 13:57:25 -0700 Subject: [PATCH 38/39] nixos-rebuild: Fix broken -I option Commit 617a1a6e5778df81efceffa656988e38bd293b1c (#341402) broke this. Signed-off-by: Anders Kaseorg --- pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh b/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh index 698fb4192252..13bf60dfb1b7 100755 --- a/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh +++ b/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh @@ -102,11 +102,11 @@ while [ "$#" -gt 0 ]; do --use-substitutes|--substitute-on-destination|-s) copyFlags+=("-s") ;; - --builders) + -I|--builders) j="$1"; shift 1 extraBuildFlags+=("$i" "$j") ;; - --I|--max-jobs|-j|--cores|--log-format) + --max-jobs|-j|--cores|--log-format) j="$1"; shift 1 extraBuildFlags+=("$i" "$j") copyFlags+=("$i" "$j") From 2dbd40a19a9ec828792a7bdb49ab324296c6c089 Mon Sep 17 00:00:00 2001 From: Nikolay Korotkiy Date: Wed, 16 Oct 2024 02:35:26 +0400 Subject: [PATCH 39/39] qcad: use stdenv.mkDerivation Part of #180841 --- pkgs/applications/misc/qcad/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/qcad/default.nix b/pkgs/applications/misc/qcad/default.nix index a2b2dd027750..f942607525fd 100644 --- a/pkgs/applications/misc/qcad/default.nix +++ b/pkgs/applications/misc/qcad/default.nix @@ -1,6 +1,5 @@ { lib , stdenv -, mkDerivation , fetchFromGitHub , installShellFiles , pkg-config @@ -14,9 +13,10 @@ , qtsvg , qtxmlpatterns , qtmacextras +, wrapQtAppsHook }: -mkDerivation rec { +stdenv.mkDerivation rec { pname = "qcad"; version = "3.31.1.2"; @@ -47,6 +47,7 @@ mkDerivation rec { pkg-config qmake qttools + wrapQtAppsHook ]; buildInputs = [