diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md
index 90d22643701..24fbc537dca 100644
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@@ -135,6 +135,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [nifi](https://nifi.apache.org), an easy to use, powerful, and reliable system to process and distribute data. Available as [services.nifi](options.html#opt-services.nifi.enable).
+- [kanidm](https://kanidm.github.io/kanidm/stable/), an identity management server written in Rust.
+
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 9d9f2e9057c..0ccf97234ff 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -975,6 +975,7 @@
./services/security/hockeypuck.nix
./services/security/hologram-server.nix
./services/security/hologram-agent.nix
+ ./services/security/kanidm.nix
./services/security/munge.nix
./services/security/nginx-sso.nix
./services/security/oauth2_proxy.nix
diff --git a/nixos/modules/services/security/kanidm.nix b/nixos/modules/services/security/kanidm.nix
new file mode 100644
index 00000000000..a7c51b9a877
--- /dev/null
+++ b/nixos/modules/services/security/kanidm.nix
@@ -0,0 +1,345 @@
+{ config, lib, options, pkgs, ... }:
+let
+ cfg = config.services.kanidm;
+ settingsFormat = pkgs.formats.toml { };
+ # Remove null values, so we can document optional values that don't end up in the generated TOML file.
+ filterConfig = lib.converge (lib.filterAttrsRecursive (_: v: v != null));
+ serverConfigFile = settingsFormat.generate "server.toml" (filterConfig cfg.serverSettings);
+ clientConfigFile = settingsFormat.generate "kanidm-config.toml" (filterConfig cfg.clientSettings);
+ unixConfigFile = settingsFormat.generate "kanidm-unixd.toml" (filterConfig cfg.unixSettings);
+
+ defaultServiceConfig = {
+ BindReadOnlyPaths = [
+ "/nix/store"
+ "-/etc/resolv.conf"
+ "-/etc/nsswitch.conf"
+ "-/etc/hosts"
+ "-/etc/localtime"
+ ];
+ CapabilityBoundingSet = "";
+ # ProtectClock= adds DeviceAllow=char-rtc r
+ DeviceAllow = "";
+ # Implies ProtectSystem=strict, which re-mounts all paths
+ # DynamicUser = true;
+ LockPersonality = true;
+ MemoryDenyWriteExecute = true;
+ NoNewPrivileges = true;
+ PrivateDevices = true;
+ PrivateMounts = true;
+ PrivateNetwork = true;
+ PrivateTmp = true;
+ PrivateUsers = true;
+ ProcSubset = "pid";
+ ProtectClock = true;
+ ProtectHome = true;
+ ProtectHostname = true;
+ # Would re-mount paths ignored by temporary root
+ #ProtectSystem = "strict";
+ ProtectControlGroups = true;
+ ProtectKernelLogs = true;
+ ProtectKernelModules = true;
+ ProtectKernelTunables = true;
+ ProtectProc = "invisible";
+ RestrictAddressFamilies = [ ];
+ RestrictNamespaces = true;
+ RestrictRealtime = true;
+ RestrictSUIDSGID = true;
+ SystemCallArchitectures = "native";
+ SystemCallFilter = [ "@system-service" "~@privileged @resources @setuid @keyring" ];
+ # Does not work well with the temporary root
+ #UMask = "0066";
+ };
+
+in
+{
+ options.services.kanidm = {
+ enableClient = lib.mkEnableOption "the Kanidm client";
+ enableServer = lib.mkEnableOption "the Kanidm server";
+ enablePam = lib.mkEnableOption "the Kanidm PAM and NSS integration.";
+
+ serverSettings = lib.mkOption {
+ type = lib.types.submodule {
+ freeformType = settingsFormat.type;
+
+ options = {
+ bindaddress = lib.mkOption {
+ description = "Address/port combination the webserver binds to.";
+ example = "[::1]:8443";
+ type = lib.types.str;
+ };
+ # Should be optional but toml does not accept null
+ ldapbindaddress = lib.mkOption {
+ description = ''
+ Address and port the LDAP server is bound to. Setting this to null disables the LDAP interface.
+ '';
+ example = "[::1]:636";
+ default = null;
+ type = lib.types.nullOr lib.types.str;
+ };
+ origin = lib.mkOption {
+ description = "The origin of your Kanidm instance. Must have https as protocol.";
+ example = "https://idm.example.org";
+ type = lib.types.strMatching "^https://.*";
+ };
+ domain = lib.mkOption {
+ description = ''
+ The domain that Kanidm manages. Must be below or equal to the domain
+ specified in serverSettings.origin.
+ This can be left at null, only if your instance has the role ReadOnlyReplica.
+ While it is possible to change the domain later on, it requires extra steps!
+ Please consider the warnings and execute the steps described
+ in the documentation.
+ '';
+ example = "example.org";
+ default = null;
+ type = lib.types.nullOr lib.types.str;
+ };
+ db_path = lib.mkOption {
+ description = "Path to Kanidm database.";
+ default = "/var/lib/kanidm/kanidm.db";
+ readOnly = true;
+ type = lib.types.path;
+ };
+ log_level = lib.mkOption {
+ description = "Log level of the server.";
+ default = "default";
+ type = lib.types.enum [ "default" "verbose" "perfbasic" "perffull" ];
+ };
+ role = lib.mkOption {
+ description = "The role of this server. This affects the replication relationship and thereby available features.";
+ default = "WriteReplica";
+ type = lib.types.enum [ "WriteReplica" "WriteReplicaNoUI" "ReadOnlyReplica" ];
+ };
+ };
+ };
+ default = { };
+ description = ''
+ Settings for Kanidm, see
+ the documentation
+ and example configuration
+ for possible values.
+ '';
+ };
+
+ clientSettings = lib.mkOption {
+ type = lib.types.submodule {
+ freeformType = settingsFormat.type;
+
+ options.uri = lib.mkOption {
+ description = "Address of the Kanidm server.";
+ example = "http://127.0.0.1:8080";
+ type = lib.types.str;
+ };
+ };
+ description = ''
+ Configure Kanidm clients, needed for the PAM daemon. See
+ the documentation
+ and example configuration
+ for possible values.
+ '';
+ };
+
+ unixSettings = lib.mkOption {
+ type = lib.types.submodule {
+ freeformType = settingsFormat.type;
+
+ options.pam_allowed_login_groups = lib.mkOption {
+ description = "Kanidm groups that are allowed to login using PAM.";
+ example = "my_pam_group";
+ type = lib.types.listOf lib.types.str;
+ };
+ };
+ description = ''
+ Configure Kanidm unix daemon.
+ See the documentation
+ and example configuration
+ for possible values.
+ '';
+ };
+ };
+
+ config = lib.mkIf (cfg.enableClient || cfg.enableServer || cfg.enablePam) {
+ assertions =
+ [
+ {
+ assertion = !cfg.enableServer || ((cfg.serverSettings.tls_chain or null) == null) || (!lib.isStorePath cfg.serverSettings.tls_chain);
+ message = ''
+ points to
+ a file in the Nix store. You should use a quoted absolute path to
+ prevent this.
+ '';
+ }
+ {
+ assertion = !cfg.enableServer || ((cfg.serverSettings.tls_key or null) == null) || (!lib.isStorePath cfg.serverSettings.tls_key);
+ message = ''
+ points to
+ a file in the Nix store. You should use a quoted absolute path to
+ prevent this.
+ '';
+ }
+ {
+ assertion = !cfg.enableClient || options.services.kanidm.clientSettings.isDefined;
+ message = ''
+ needs to be configured
+ if the client is enabled.
+ '';
+ }
+ {
+ assertion = !cfg.enablePam || options.services.kanidm.clientSettings.isDefined;
+ message = ''
+ needs to be configured
+ for the PAM daemon to connect to the Kanidm server.
+ '';
+ }
+ {
+ assertion = !cfg.enableServer || (cfg.serverSettings.domain == null
+ -> cfg.serverSettings.role == "WriteReplica" || cfg.serverSettings.role == "WriteReplicaNoUI");
+ message = ''
+ can only be set if this instance
+ is not a ReadOnlyReplica. Otherwise the db would inherit it from
+ the instance it follows.
+ '';
+ }
+ ];
+
+ environment.systemPackages = lib.mkIf cfg.enableClient [ pkgs.kanidm ];
+
+ systemd.services.kanidm = lib.mkIf cfg.enableServer {
+ description = "kanidm identity management daemon";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+ serviceConfig = defaultServiceConfig // {
+ StateDirectory = "kanidm";
+ StateDirectoryMode = "0700";
+ ExecStart = "${pkgs.kanidm}/bin/kanidmd server -c ${serverConfigFile}";
+ User = "kanidm";
+ Group = "kanidm";
+
+ AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
+ CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
+ # This would otherwise override the CAP_NET_BIND_SERVICE capability.
+ PrivateUsers = false;
+ # Port needs to be exposed to the host network
+ PrivateNetwork = false;
+ RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
+ TemporaryFileSystem = "/:ro";
+ };
+ environment.RUST_LOG = "info";
+ };
+
+ systemd.services.kanidm-unixd = lib.mkIf cfg.enablePam {
+ description = "Kanidm PAM daemon";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+ restartTriggers = [ unixConfigFile clientConfigFile ];
+ serviceConfig = defaultServiceConfig // {
+ CacheDirectory = "kanidm-unixd";
+ CacheDirectoryMode = "0700";
+ RuntimeDirectory = "kanidm-unixd";
+ ExecStart = "${pkgs.kanidm}/bin/kanidm_unixd";
+ User = "kanidm-unixd";
+ Group = "kanidm-unixd";
+
+ BindReadOnlyPaths = [
+ "/nix/store"
+ "-/etc/resolv.conf"
+ "-/etc/nsswitch.conf"
+ "-/etc/hosts"
+ "-/etc/localtime"
+ "-/etc/kanidm"
+ "-/etc/static/kanidm"
+ ];
+ BindPaths = [
+ # To create the socket
+ "/run/kanidm-unixd:/var/run/kanidm-unixd"
+ ];
+ # Needs to connect to kanidmd
+ PrivateNetwork = false;
+ RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
+ TemporaryFileSystem = "/:ro";
+ };
+ environment.RUST_LOG = "info";
+ };
+
+ systemd.services.kanidm-unixd-tasks = lib.mkIf cfg.enablePam {
+ description = "Kanidm PAM home management daemon";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" "kanidm-unixd.service" ];
+ partOf = [ "kanidm-unixd.service" ];
+ restartTriggers = [ unixConfigFile clientConfigFile ];
+ serviceConfig = {
+ ExecStart = "${pkgs.kanidm}/bin/kanidm_unixd_tasks";
+
+ BindReadOnlyPaths = [
+ "/nix/store"
+ "-/etc/resolv.conf"
+ "-/etc/nsswitch.conf"
+ "-/etc/hosts"
+ "-/etc/localtime"
+ "-/etc/kanidm"
+ "-/etc/static/kanidm"
+ ];
+ BindPaths = [
+ # To manage home directories
+ "/home"
+ # To connect to kanidm-unixd
+ "/run/kanidm-unixd:/var/run/kanidm-unixd"
+ ];
+ # CAP_DAC_OVERRIDE is needed to ignore ownership of unixd socket
+ CapabilityBoundingSet = [ "CAP_CHOWN" "CAP_FOWNER" "CAP_DAC_OVERRIDE" "CAP_DAC_READ_SEARCH" ];
+ IPAddressDeny = "any";
+ # Need access to users
+ PrivateUsers = false;
+ # Need access to home directories
+ ProtectHome = false;
+ RestrictAddressFamilies = [ "AF_UNIX" ];
+ TemporaryFileSystem = "/:ro";
+ };
+ environment.RUST_LOG = "info";
+ };
+
+ # These paths are hardcoded
+ environment.etc = lib.mkMerge [
+ (lib.mkIf options.services.kanidm.clientSettings.isDefined {
+ "kanidm/config".source = clientConfigFile;
+ })
+ (lib.mkIf cfg.enablePam {
+ "kanidm/unixd".source = unixConfigFile;
+ })
+ ];
+
+ system.nssModules = lib.mkIf cfg.enablePam [ pkgs.kanidm ];
+
+ system.nssDatabases.group = lib.optional cfg.enablePam "kanidm";
+ system.nssDatabases.passwd = lib.optional cfg.enablePam "kanidm";
+
+ users.groups = lib.mkMerge [
+ (lib.mkIf cfg.enableServer {
+ kanidm = { };
+ })
+ (lib.mkIf cfg.enablePam {
+ kanidm-unixd = { };
+ })
+ ];
+ users.users = lib.mkMerge [
+ (lib.mkIf cfg.enableServer {
+ kanidm = {
+ description = "Kanidm server";
+ isSystemUser = true;
+ group = "kanidm";
+ packages = with pkgs; [ kanidm ];
+ };
+ })
+ (lib.mkIf cfg.enablePam {
+ kanidm-unixd = {
+ description = "Kanidm PAM daemon";
+ isSystemUser = true;
+ group = "kanidm-unixd";
+ };
+ })
+ ];
+ };
+
+ meta.maintainers = with lib.maintainers; [ erictapen Flakebi ];
+ meta.buildDocsInSandbox = false;
+}
diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix
index 5eca68798d5..c8bbfe9769b 100644
--- a/nixos/modules/tasks/filesystems/zfs.nix
+++ b/nixos/modules/tasks/filesystems/zfs.nix
@@ -58,6 +58,13 @@ let
# latter case it makes one last attempt at importing, allowing the system to
# (eventually) boot even with a degraded pool.
importLib = {zpoolCmd, awkCmd, cfgZfs}: ''
+ for o in $(cat /proc/cmdline); do
+ case $o in
+ zfs_force|zfs_force=1|zfs_force=y)
+ ZFS_FORCE="-f"
+ ;;
+ esac
+ done
poolReady() {
pool="$1"
state="$("${zpoolCmd}" import 2>/dev/null | "${awkCmd}" "/pool: $pool/ { found = 1 }; /state:/ { if (found == 1) { print \$2; exit } }; END { if (found == 0) { print \"MISSING\" } }")"
@@ -78,6 +85,95 @@ let
}
'';
+ getPoolFilesystems = pool:
+ filter (x: x.fsType == "zfs" && (fsToPool x) == pool) config.system.build.fileSystems;
+
+ getPoolMounts = prefix: pool:
+ let
+ # Remove the "/" suffix because even though most mountpoints
+ # won't have it, the "/" mountpoint will, and we can't have the
+ # trailing slash in "/sysroot/" in stage 1.
+ mountPoint = fs: escapeSystemdPath (prefix + (lib.removeSuffix "/" fs.mountPoint));
+ in
+ map (x: "${mountPoint x}.mount") (getPoolFilesystems pool);
+
+ getKeyLocations = pool:
+ if isBool cfgZfs.requestEncryptionCredentials
+ then "${cfgZfs.package}/sbin/zfs list -rHo name,keylocation,keystatus ${pool}"
+ else "${cfgZfs.package}/sbin/zfs list -Ho name,keylocation,keystatus ${toString (filter (x: datasetToPool x == pool) cfgZfs.requestEncryptionCredentials)}";
+
+ createImportService = { pool, systemd, force, prefix ? "" }:
+ nameValuePair "zfs-import-${pool}" {
+ description = "Import ZFS pool \"${pool}\"";
+ # we need systemd-udev-settle to ensure devices are available
+ # In the future, hopefully someone will complete this:
+ # https://github.com/zfsonlinux/zfs/pull/4943
+ requires = [ "systemd-udev-settle.service" ];
+ after = [
+ "systemd-udev-settle.service"
+ "systemd-modules-load.service"
+ "systemd-ask-password-console.service"
+ ];
+ wantedBy = (getPoolMounts prefix pool) ++ [ "local-fs.target" ];
+ before = (getPoolMounts prefix pool) ++ [ "local-fs.target" ];
+ unitConfig = {
+ DefaultDependencies = "no";
+ };
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = true;
+ };
+ environment.ZFS_FORCE = optionalString force "-f";
+ script = (importLib {
+ # See comments at importLib definition.
+ zpoolCmd = "${cfgZfs.package}/sbin/zpool";
+ awkCmd = "${pkgs.gawk}/bin/awk";
+ inherit cfgZfs;
+ }) + ''
+ poolImported "${pool}" && exit
+ echo -n "importing ZFS pool \"${pool}\"..."
+ # Loop across the import until it succeeds, because the devices needed may not be discovered yet.
+ for trial in `seq 1 60`; do
+ poolReady "${pool}" && poolImport "${pool}" && break
+ sleep 1
+ done
+ poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool.
+ if poolImported "${pool}"; then
+ ${optionalString (if isBool cfgZfs.requestEncryptionCredentials
+ then cfgZfs.requestEncryptionCredentials
+ else cfgZfs.requestEncryptionCredentials != []) ''
+ ${getKeyLocations pool} | while IFS=$'\t' read ds kl ks; do
+ {
+ if [[ "$ks" != unavailable ]]; then
+ continue
+ fi
+ case "$kl" in
+ none )
+ ;;
+ prompt )
+ tries=3
+ success=false
+ while [[ $success != true ]] && [[ $tries -gt 0 ]]; do
+ ${systemd}/bin/systemd-ask-password "Enter key for $ds:" | ${cfgZfs.package}/sbin/zfs load-key "$ds" \
+ && success=true \
+ || tries=$((tries - 1))
+ done
+ [[ $success = true ]]
+ ;;
+ * )
+ ${cfgZfs.package}/sbin/zfs load-key "$ds"
+ ;;
+ esac
+ } < /dev/null # To protect while read ds kl in case anything reads stdin
+ done
+ ''}
+ echo "Successfully imported ${pool}"
+ else
+ exit 1
+ fi
+ '';
+ };
+
zedConf = generators.toKeyValue {
mkKeyValue = generators.mkKeyValueDefault {
mkValueString = v:
@@ -428,14 +524,6 @@ in
'';
postDeviceCommands = concatStringsSep "\n" ([''
ZFS_FORCE="${optionalString cfgZfs.forceImportRoot "-f"}"
-
- for o in $(cat /proc/cmdline); do
- case $o in
- zfs_force|zfs_force=1)
- ZFS_FORCE="-f"
- ;;
- esac
- done
''] ++ [(importLib {
# See comments at importLib definition.
zpoolCmd = "zpool";
@@ -464,6 +552,21 @@ in
zfs load-key ${fs}
'') cfgZfs.requestEncryptionCredentials}
'') rootPools));
+
+ # Systemd in stage 1
+ systemd = {
+ packages = [cfgZfs.package];
+ services = listToAttrs (map (pool: createImportService {
+ inherit pool;
+ systemd = config.boot.initrd.systemd.package;
+ force = cfgZfs.forceImportRoot;
+ prefix = "/sysroot";
+ }) rootPools);
+ extraBin = {
+ # zpool and zfs are already in thanks to fsPackages
+ awk = "${pkgs.gawk}/bin/awk";
+ };
+ };
};
systemd.shutdownRamfs.contents."/etc/systemd/system-shutdown/zpool".source = pkgs.writeShellScript "zpool-sync-shutdown" ''
@@ -521,79 +624,11 @@ in
systemd.packages = [ cfgZfs.package ];
systemd.services = let
- getPoolFilesystems = pool:
- filter (x: x.fsType == "zfs" && (fsToPool x) == pool) config.system.build.fileSystems;
-
- getPoolMounts = pool:
- let
- mountPoint = fs: escapeSystemdPath fs.mountPoint;
- in
- map (x: "${mountPoint x}.mount") (getPoolFilesystems pool);
-
- createImportService = pool:
- nameValuePair "zfs-import-${pool}" {
- description = "Import ZFS pool \"${pool}\"";
- # we need systemd-udev-settle until https://github.com/zfsonlinux/zfs/pull/4943 is merged
- requires = [ "systemd-udev-settle.service" ];
- after = [
- "systemd-udev-settle.service"
- "systemd-modules-load.service"
- "systemd-ask-password-console.service"
- ];
- wantedBy = (getPoolMounts pool) ++ [ "local-fs.target" ];
- before = (getPoolMounts pool) ++ [ "local-fs.target" ];
- unitConfig = {
- DefaultDependencies = "no";
- };
- serviceConfig = {
- Type = "oneshot";
- RemainAfterExit = true;
- };
- environment.ZFS_FORCE = optionalString cfgZfs.forceImportAll "-f";
- script = (importLib {
- # See comments at importLib definition.
- zpoolCmd = "${cfgZfs.package}/sbin/zpool";
- awkCmd = "${pkgs.gawk}/bin/awk";
- inherit cfgZfs;
- }) + ''
- poolImported "${pool}" && exit
- echo -n "importing ZFS pool \"${pool}\"..."
- # Loop across the import until it succeeds, because the devices needed may not be discovered yet.
- for trial in `seq 1 60`; do
- poolReady "${pool}" && poolImport "${pool}" && break
- sleep 1
- done
- poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool.
- if poolImported "${pool}"; then
- ${optionalString (if isBool cfgZfs.requestEncryptionCredentials
- then cfgZfs.requestEncryptionCredentials
- else cfgZfs.requestEncryptionCredentials != []) ''
- ${cfgZfs.package}/sbin/zfs list -rHo name,keylocation ${pool} | while IFS=$'\t' read ds kl; do
- {
- ${optionalString (!isBool cfgZfs.requestEncryptionCredentials) ''
- if ! echo '${concatStringsSep "\n" cfgZfs.requestEncryptionCredentials}' | grep -qFx "$ds"; then
- continue
- fi
- ''}
- case "$kl" in
- none )
- ;;
- prompt )
- ${config.systemd.package}/bin/systemd-ask-password "Enter key for $ds:" | ${cfgZfs.package}/sbin/zfs load-key "$ds"
- ;;
- * )
- ${cfgZfs.package}/sbin/zfs load-key "$ds"
- ;;
- esac
- } < /dev/null # To protect while read ds kl in case anything reads stdin
- done
- ''}
- echo "Successfully imported ${pool}"
- else
- exit 1
- fi
- '';
- };
+ createImportService' = pool: createImportService {
+ inherit pool;
+ systemd = config.systemd.package;
+ force = cfgZfs.forceImportAll;
+ };
# This forces a sync of any ZFS pools prior to poweroff, even if they're set
# to sync=disabled.
@@ -619,7 +654,7 @@ in
wantedBy = [ "zfs.target" ];
};
- in listToAttrs (map createImportService dataPools ++
+ in listToAttrs (map createImportService' dataPools ++
map createSyncService allPools ++
map createZfsService [ "zfs-mount" "zfs-share" "zfs-zed" ]);
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index dda1c41f969..0c085b64efa 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -253,6 +253,7 @@ in
k3s-single-node = handleTest ./k3s-single-node.nix {};
k3s-single-node-docker = handleTest ./k3s-single-node-docker.nix {};
kafka = handleTest ./kafka.nix {};
+ kanidm = handleTest ./kanidm.nix {};
kbd-setfont-decompress = handleTest ./kbd-setfont-decompress.nix {};
kbd-update-search-paths-patch = handleTest ./kbd-update-search-paths-patch.nix {};
kea = handleTest ./kea.nix {};
diff --git a/nixos/tests/installed-tests/default.nix b/nixos/tests/installed-tests/default.nix
index fd16b481168..c6fb37cfe58 100644
--- a/nixos/tests/installed-tests/default.nix
+++ b/nixos/tests/installed-tests/default.nix
@@ -106,6 +106,5 @@ in
malcontent = callInstalledTest ./malcontent.nix {};
ostree = callInstalledTest ./ostree.nix {};
pipewire = callInstalledTest ./pipewire.nix {};
- power-profiles-daemon = callInstalledTest ./power-profiles-daemon.nix {};
xdg-desktop-portal = callInstalledTest ./xdg-desktop-portal.nix {};
}
diff --git a/nixos/tests/installed-tests/power-profiles-daemon.nix b/nixos/tests/installed-tests/power-profiles-daemon.nix
deleted file mode 100644
index 43629a0155d..00000000000
--- a/nixos/tests/installed-tests/power-profiles-daemon.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ pkgs, lib, makeInstalledTest, ... }:
-
-makeInstalledTest {
- tested = pkgs.power-profiles-daemon;
-
- testConfig = {
- services.power-profiles-daemon.enable = true;
- };
-}
diff --git a/nixos/tests/installer-systemd-stage-1.nix b/nixos/tests/installer-systemd-stage-1.nix
index a8b418626e6..d02387ee80e 100644
--- a/nixos/tests/installer-systemd-stage-1.nix
+++ b/nixos/tests/installer-systemd-stage-1.nix
@@ -27,7 +27,7 @@
simpleUefiGrubSpecialisation
simpleUefiSystemdBoot
# swraid
- # zfsroot
+ zfsroot
;
}
diff --git a/nixos/tests/kanidm.nix b/nixos/tests/kanidm.nix
new file mode 100644
index 00000000000..d34f680f522
--- /dev/null
+++ b/nixos/tests/kanidm.nix
@@ -0,0 +1,75 @@
+import ./make-test-python.nix ({ pkgs, ... }:
+ let
+ certs = import ./common/acme/server/snakeoil-certs.nix;
+ serverDomain = certs.domain;
+ in
+ {
+ name = "kanidm";
+ meta.maintainers = with pkgs.lib.maintainers; [ erictapen Flakebi ];
+
+ nodes.server = { config, pkgs, lib, ... }: {
+ services.kanidm = {
+ enableServer = true;
+ serverSettings = {
+ origin = "https://${serverDomain}";
+ domain = serverDomain;
+ bindaddress = "[::1]:8443";
+ ldapbindaddress = "[::1]:636";
+ };
+ };
+
+ services.nginx = {
+ enable = true;
+ recommendedProxySettings = true;
+ virtualHosts."${serverDomain}" = {
+ forceSSL = true;
+ sslCertificate = certs."${serverDomain}".cert;
+ sslCertificateKey = certs."${serverDomain}".key;
+ locations."/".proxyPass = "http://[::1]:8443";
+ };
+ };
+
+ security.pki.certificateFiles = [ certs.ca.cert ];
+
+ networking.hosts."::1" = [ serverDomain ];
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+ users.users.kanidm.shell = pkgs.bashInteractive;
+
+ environment.systemPackages = with pkgs; [ kanidm openldap ripgrep ];
+ };
+
+ nodes.client = { pkgs, nodes, ... }: {
+ services.kanidm = {
+ enableClient = true;
+ clientSettings = {
+ uri = "https://${serverDomain}";
+ };
+ };
+
+ networking.hosts."${nodes.server.config.networking.primaryIPAddress}" = [ serverDomain ];
+
+ security.pki.certificateFiles = [ certs.ca.cert ];
+ };
+
+ testScript = { nodes, ... }:
+ let
+ ldapBaseDN = builtins.concatStringsSep "," (map (s: "dc=" + s) (pkgs.lib.splitString "." serverDomain));
+
+ # We need access to the config file in the test script.
+ filteredConfig = pkgs.lib.converge
+ (pkgs.lib.filterAttrsRecursive (_: v: v != null))
+ nodes.server.config.services.kanidm.serverSettings;
+ serverConfigFile = (pkgs.formats.toml { }).generate "server.toml" filteredConfig;
+
+ in
+ ''
+ start_all()
+ server.wait_for_unit("kanidm.service")
+ server.wait_until_succeeds("curl -sf https://${serverDomain} | grep Kanidm")
+ server.wait_until_succeeds("ldapsearch -H ldap://[::1]:636 -b '${ldapBaseDN}' -x '(name=test)'")
+ client.wait_until_succeeds("kanidm login -D anonymous && kanidm self whoami | grep anonymous@${serverDomain}")
+ (rv, result) = server.execute("kanidmd recover_account -d quiet -c ${serverConfigFile} -n admin 2>&1 | rg -o '[A-Za-z0-9]{48}'")
+ assert rv == 0
+ '';
+ })
diff --git a/pkgs/applications/networking/browsers/firefox/librewolf/src.json b/pkgs/applications/networking/browsers/firefox/librewolf/src.json
index f46736d0672..8f36d68e7f2 100644
--- a/pkgs/applications/networking/browsers/firefox/librewolf/src.json
+++ b/pkgs/applications/networking/browsers/firefox/librewolf/src.json
@@ -1,8 +1,8 @@
{
- "packageVersion": "100.0-1",
+ "packageVersion": "100.0-2",
"source": {
- "rev": "100.0-1",
- "sha256": "1xczvsd39g821bh5n12vnn7sgi0x5dqj6vfizkavxj0a05jb4fla"
+ "rev": "100.0-2",
+ "sha256": "0pr7fb91zw5qlnfvaavzksd3c2xzgn1344mmfnz9yx2g42vcyi7d"
},
"firefox": {
"version": "100.0",
diff --git a/pkgs/applications/networking/instant-messengers/psi-plus/default.nix b/pkgs/applications/networking/instant-messengers/psi-plus/default.nix
index aeb20d6779e..fe3f90346f1 100644
--- a/pkgs/applications/networking/instant-messengers/psi-plus/default.nix
+++ b/pkgs/applications/networking/instant-messengers/psi-plus/default.nix
@@ -43,13 +43,13 @@ assert enablePsiMedia -> enablePlugins;
mkDerivation rec {
pname = "psi-plus";
- version = "1.5.1615";
+ version = "1.5.1618";
src = fetchFromGitHub {
owner = "psi-plus";
repo = "psi-plus-snapshots";
rev = version;
- sha256 = "sha256-aD+JVGmBWHUav2bH9rXGtgqI+/5lJTMrYLRP7E65JxI=";
+ sha256 = "sha256-ueZYFOZFCPQrg9etZCrY5ZTn7PZMkcuwbXVPPbW9S/A=";
};
cmakeFlags = [
diff --git a/pkgs/applications/networking/irc/weechat/scripts/weechat-otr/default.nix b/pkgs/applications/networking/irc/weechat/scripts/weechat-otr/default.nix
index 987271e4ffa..fd5f376ad26 100644
--- a/pkgs/applications/networking/irc/weechat/scripts/weechat-otr/default.nix
+++ b/pkgs/applications/networking/irc/weechat/scripts/weechat-otr/default.nix
@@ -24,6 +24,9 @@ let
buildInputs = [ gmp ];
+ # Tests are relying on old Python 2 modules.
+ doCheck = false;
+
preConfigure = ''
sed -i 's,/usr/include,/no-such-dir,' configure
sed -i "s!,'/usr/include/'!!" setup.py
@@ -66,5 +69,9 @@ in stdenv.mkDerivation rec {
license = licenses.gpl3;
maintainers = with maintainers; [ oxzi ];
description = "WeeChat script for Off-the-Record messaging";
+ knownVulnerabilities = [
+ "There is no upstream release since 2018-03."
+ "Utilizes deprecated and vulnerable pycrypto library with Debian patches from 2020-04."
+ ];
};
}
diff --git a/pkgs/applications/office/portfolio/default.nix b/pkgs/applications/office/portfolio/default.nix
index 5e154510940..653e72a163e 100644
--- a/pkgs/applications/office/portfolio/default.nix
+++ b/pkgs/applications/office/portfolio/default.nix
@@ -25,11 +25,11 @@ let
in
stdenv.mkDerivation rec {
pname = "PortfolioPerformance";
- version = "0.57.1";
+ version = "0.57.2";
src = fetchurl {
url = "https://github.com/buchen/portfolio/releases/download/${version}/PortfolioPerformance-${version}-linux.gtk.x86_64.tar.gz";
- sha256 = "sha256-uEEFkHyApf+TObcu+Yo5vBOs2Erq0IXGhbjzlEe8NmI=";
+ sha256 = "sha256-ftLKlNzr46iL/V+P3J1wtoUByGHHl7wrh4xctU4JYkM=";
};
nativeBuildInputs = [
diff --git a/pkgs/applications/office/timeular/default.nix b/pkgs/applications/office/timeular/default.nix
index 477ae48b5f4..50298247d5a 100644
--- a/pkgs/applications/office/timeular/default.nix
+++ b/pkgs/applications/office/timeular/default.nix
@@ -7,13 +7,13 @@
}:
let
- version = "3.9.1";
+ version = "4.7.1";
pname = "timeular";
name = "${pname}-${version}";
src = fetchurl {
url = "https://s3.amazonaws.com/timeular-desktop-packages/linux/production/Timeular-${version}.AppImage";
- sha256 = "103hy443p697jdkz6li8s1n6kg1r55jmiw2vbjz12kskf7njg4y4";
+ sha256 = "sha256:0k8ywbdb41imq10ya9y27zks67a6drjb1h0hn8ycd7a6z6703rjz";
};
appimageContents = appimageTools.extractType2 {
@@ -35,7 +35,7 @@ in appimageTools.wrapType2 rec {
install -m 444 -D ${appimageContents}/timeular.desktop $out/share/applications/timeular.desktop
install -m 444 -D ${appimageContents}/timeular.png $out/share/icons/hicolor/512x512/apps/timeular.png
substituteInPlace $out/share/applications/timeular.desktop \
- --replace 'Exec=AppRun' 'Exec=${pname}'
+ --replace "Exec=AppRun --no-sandbox %U" "Exec=$out/bin/${pname}"
'';
meta = with lib; {
diff --git a/pkgs/applications/version-management/got/default.nix b/pkgs/applications/version-management/got/default.nix
index 9e444fb3b39..f38bb042c43 100644
--- a/pkgs/applications/version-management/got/default.nix
+++ b/pkgs/applications/version-management/got/default.nix
@@ -1,17 +1,17 @@
-{ lib, stdenv, fetchurl, pkg-config, openssl, libuuid, libmd, zlib, ncurses }:
+{ lib, stdenv, fetchurl, pkg-config, openssl, libbsd, libuuid, libmd, zlib, ncurses }:
stdenv.mkDerivation rec {
pname = "got";
- version = "0.68.1";
+ version = "0.69";
src = fetchurl {
url = "https://gameoftrees.org/releases/portable/got-portable-${version}.tar.gz";
- sha256 = "122wignzrhsw00mfnh7mxcxvjyp9rk73yxzfyvmg7f5kmb0hng35";
+ sha256 = "1cnl0yk866wzjwgas587kvb08njq7db71b5xqsdrwd1varp010vm";
};
nativeBuildInputs = [ pkg-config ];
- buildInputs = [ openssl libuuid libmd zlib ncurses ];
+ buildInputs = [ openssl libbsd libuuid libmd zlib ncurses ];
doInstallCheck = true;
diff --git a/pkgs/applications/version-management/p4v/default.nix b/pkgs/applications/version-management/p4v/default.nix
index 476df99d232..2e0e01e5c98 100644
--- a/pkgs/applications/version-management/p4v/default.nix
+++ b/pkgs/applications/version-management/p4v/default.nix
@@ -1,12 +1,38 @@
-{ stdenv, fetchurl, lib, qtbase, qtmultimedia, qtscript, qtsensors, qtwebengine, qtwebkit, openssl, xkeyboard_config, patchelfUnstable, wrapQtAppsHook }:
+{ stdenv
+, fetchurl
+, lib
+, qtbase
+, qtwebengine
+, qtdeclarative
+, qtwebchannel
+, syntax-highlighting
+, openssl
+, xkeyboard_config
+, patchelfUnstable
+, wrapQtAppsHook
+, writeText
+}:
+let
+ # This abomination exists because p4v calls CRYPTO_set_mem_functions and
+ # expects it to succeed. The function will fail if CRYPTO_malloc has already
+ # been called, which happens at init time via qtwebengine -> ... -> libssh. I
+ # suspect it was meant to work with a version of Qt where openssl is
+ # statically linked or some other library is used.
+ crypto-hack = writeText "crypto-hack.c" ''
+ #include
+ int CRYPTO_set_mem_functions(
+ void *(*m)(size_t, const char *, int),
+ void *(*r)(void *, size_t, const char *, int),
+ void (*f)(void *, const char *, int)) { return 1; }
+ '';
-stdenv.mkDerivation rec {
+in stdenv.mkDerivation rec {
pname = "p4v";
- version = "2020.1.1966006";
+ version = "2021.3.2186916";
src = fetchurl {
- url = "https://cdist2.perforce.com/perforce/r20.1/bin.linux26x86_64/p4v.tgz";
- sha256 = "0zc70d7jgdrd2jli338n1h05hgb7jmmv8hvq205wh78vvllrlv10";
+ url = "http://web.archive.org/web/20211118024745/https://cdist2.perforce.com/perforce/r21.3/bin.linux26x86_64/p4v.tgz";
+ sha256 = "1zldg21xq4srww9pcfbv3p8320ghjnh333pz5r70z1gwbq4vf3jq";
};
dontBuild = true;
@@ -15,11 +41,10 @@ stdenv.mkDerivation rec {
ldLibraryPath = lib.makeLibraryPath [
stdenv.cc.cc.lib
qtbase
- qtmultimedia
- qtscript
- qtsensors
qtwebengine
- qtwebkit
+ qtdeclarative
+ qtwebchannel
+ syntax-highlighting
openssl
];
@@ -29,14 +54,17 @@ stdenv.mkDerivation rec {
cp -r bin $out
mkdir -p $out/lib
cp -r lib/P4VResources $out/lib
+ $CC -fPIC -shared -o $out/lib/libcrypto-hack.so ${crypto-hack}
for f in $out/bin/*.bin ; do
patchelf --set-rpath $ldLibraryPath --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $f
# combining this with above breaks rpath (patchelf bug?)
- patchelf --add-needed libstdc++.so $f \
+ patchelf --add-needed libstdc++.so \
+ --add-needed $out/lib/libcrypto-hack.so \
--clear-symbol-version _ZNSt20bad_array_new_lengthD1Ev \
--clear-symbol-version _ZTVSt20bad_array_new_length \
--clear-symbol-version _ZTISt20bad_array_new_length \
+ --clear-symbol-version _ZdlPvm \
$f
wrapQtApp $f \
--suffix QT_XKB_CONFIG_ROOT : ${xkeyboard_config}/share/X11/xkb
diff --git a/pkgs/development/libraries/umockdev/default.nix b/pkgs/development/libraries/umockdev/default.nix
index fbf5a71bb4b..a389d204a83 100644
--- a/pkgs/development/libraries/umockdev/default.nix
+++ b/pkgs/development/libraries/umockdev/default.nix
@@ -19,15 +19,21 @@
stdenv.mkDerivation rec {
pname = "umockdev";
- version = "0.17.8";
+ version = "0.17.9";
outputs = [ "bin" "out" "dev" "devdoc" ];
src = fetchurl {
url = "https://github.com/martinpitt/umockdev/releases/download/${version}/${pname}-${version}.tar.xz";
- sha256 = "sha256-s3zeWJxw5ohUtsv4NZGKcdP8khEYzIXycbBrAzdnVoU=";
+ sha256 = "sha256-FEmWjJVmKKckC30zULGI/mZ3VNtirnweZq2gKh/Y5VE=";
};
+ patches = [
+ # Hardcode absolute paths to libraries so that consumers
+ # do not need to set LD_LIBRARY_PATH themselves.
+ ./hardcode-paths.patch
+ ];
+
nativeBuildInputs = [
docbook-xsl-nons
gobject-introspection
@@ -57,6 +63,21 @@ stdenv.mkDerivation rec {
doCheck = true;
+ postPatch = ''
+ # Substitute the path to this derivation in the patch we apply.
+ substituteInPlace src/umockdev-wrapper \
+ --subst-var-by 'LIBDIR' "''${!outputLib}/lib"
+ '';
+
+ preCheck = ''
+ # Our patch makes the path to the `LD_PRELOAD`ed library absolute.
+ # When running tests, the library is not yet installed, though,
+ # so we need to replace the absolute path with a local one during build.
+ # We are using a symlink that will be overridden during installation.
+ mkdir -p "$out/lib"
+ ln -s "$PWD/libumockdev-preload.so.0" "$out/lib/libumockdev-preload.so.0"
+ '';
+
meta = with lib; {
description = "Mock hardware devices for creating unit tests";
license = licenses.lgpl21Plus;
diff --git a/pkgs/development/libraries/umockdev/hardcode-paths.patch b/pkgs/development/libraries/umockdev/hardcode-paths.patch
new file mode 100644
index 00000000000..91f1e928ec6
--- /dev/null
+++ b/pkgs/development/libraries/umockdev/hardcode-paths.patch
@@ -0,0 +1,69 @@
+diff --git a/meson.build b/meson.build
+index 2ed9027..1f6bbf2 100644
+--- a/meson.build
++++ b/meson.build
+@@ -38,6 +38,7 @@ g_ir_compiler = find_program('g-ir-compiler', required: false)
+
+ conf.set('PACKAGE_NAME', meson.project_name())
+ conf.set_quoted('VERSION', meson.project_version())
++conf.set_quoted('LIBDIR', get_option('prefix') / get_option('libdir'))
+
+ # glibc versions somewhere between 2.28 and 2.34
+ if cc.has_function('__fxstatat', prefix: '#include ')
+@@ -148,7 +149,7 @@ hacked_gir = custom_target('UMockdev-1.0 hacked gir',
+
+ if g_ir_compiler.found()
+ umockdev_typelib = custom_target('UMockdev-1.0 typelib',
+- command: [g_ir_compiler, '--output', '@OUTPUT@', '-l', 'libumockdev.so.0', '@INPUT@'],
++ command: [g_ir_compiler, '--output', '@OUTPUT@', '-l', get_option('prefix') / get_option('libdir') / 'libumockdev.so.0', '@INPUT@'],
+ input: hacked_gir,
+ output: 'UMockdev-1.0.typelib',
+ install: true,
+diff --git a/src/config.vapi b/src/config.vapi
+index 5269dd0..a2ec46d 100644
+--- a/src/config.vapi
++++ b/src/config.vapi
+@@ -2,5 +2,6 @@
+ namespace Config {
+ public const string PACKAGE_NAME;
+ public const string VERSION;
++ public const string LIBDIR;
+ }
+
+diff --git a/src/umockdev-record.vala b/src/umockdev-record.vala
+index 8434d32..68c7f8e 100644
+--- a/src/umockdev-record.vala
++++ b/src/umockdev-record.vala
+@@ -435,7 +435,7 @@ main (string[] args)
+ preload = "";
+ else
+ preload = preload + ":";
+- Environment.set_variable("LD_PRELOAD", preload + "libumockdev-preload.so.0", true);
++ Environment.set_variable("LD_PRELOAD", preload + Config.LIBDIR + "/libumockdev-preload.so.0", true);
+
+ try {
+ root_dir = DirUtils.make_tmp("umockdev.XXXXXX");
+diff --git a/src/umockdev-run.vala b/src/umockdev-run.vala
+index 9a1ba10..6df2522 100644
+--- a/src/umockdev-run.vala
++++ b/src/umockdev-run.vala
+@@ -95,7 +95,7 @@ main (string[] args)
+ preload = "";
+ else
+ preload = preload + ":";
+- Environment.set_variable ("LD_PRELOAD", preload + "libumockdev-preload.so.0", true);
++ Environment.set_variable ("LD_PRELOAD", preload + Config.LIBDIR + "/libumockdev-preload.so.0", true);
+
+ var testbed = new UMockdev.Testbed ();
+
+diff --git a/src/umockdev-wrapper b/src/umockdev-wrapper
+index 6ce4dcd..706c49a 100755
+--- a/src/umockdev-wrapper
++++ b/src/umockdev-wrapper
+@@ -1,5 +1,5 @@
+ #!/bin/sh
+ # Wrapper program to preload the libumockdev library, so that test programs can
+ # set $UMOCKDEV_DIR for redirecting sysfs and other queries to a test bed.
+-exec env LD_PRELOAD=libumockdev-preload.so.0:$LD_PRELOAD "$@"
++exec env LD_PRELOAD=@LIBDIR@/libumockdev-preload.so.0:$LD_PRELOAD "$@"
+
diff --git a/pkgs/development/python-modules/aiolimiter/default.nix b/pkgs/development/python-modules/aiolimiter/default.nix
new file mode 100644
index 00000000000..9f8f81e2fca
--- /dev/null
+++ b/pkgs/development/python-modules/aiolimiter/default.nix
@@ -0,0 +1,65 @@
+{ lib
+, buildPythonPackage
+, fetchFromGitHub
+, fetchpatch
+, poetry-core
+, importlib-metadata
+, pytest-asyncio
+, pytestCheckHook
+, pythonOlder
+, toml
+}:
+
+buildPythonPackage rec {
+ pname = "aiolimiter";
+ version = "1.0.0";
+ format = "pyproject";
+
+ disabled = pythonOlder "3.7";
+
+ src = fetchFromGitHub {
+ owner = "mjpieters";
+ repo = pname;
+ rev = "v${version}";
+ sha256 = "sha256-4wByVZoOLhrXFx9oK19GBmRcjGoJolQ3Gwx9vQV/n8s=";
+ };
+
+ nativeBuildInputs = [
+ poetry-core
+ ];
+
+ propagatedBuildInputs = lib.optionals (pythonOlder "3.8") [
+ importlib-metadata
+ ];
+
+ checkInputs = [
+ pytest-asyncio
+ pytestCheckHook
+ toml
+ ];
+
+ patches = [
+ # Switch to poetry-core, https://github.com/mjpieters/aiolimiter/pull/77
+ (fetchpatch {
+ name = "switch-to-peotry-core.patch";
+ url = "https://github.com/mjpieters/aiolimiter/commit/84a85eff42621b0daff8fcf6bb485db313faae0b.patch";
+ sha256 = "sha256-xUfJwLvMF2Xt/V1bKBFn/fjn1uyw7bGNo9RpWxtyr50=";
+ })
+ ];
+
+ postPatch = ''
+ substituteInPlace tox.ini \
+ --replace " --cov=aiolimiter --cov-config=tox.ini --cov-report term-missing" ""
+ '';
+
+ pythonImportsCheck = [
+ "aiolimiter"
+ ];
+
+ meta = with lib; {
+ description = "Implementation of a rate limiter for asyncio";
+ homepage = "https://github.com/mjpieters/aiolimiter";
+ license = with licenses; [ mit ];
+ maintainers = with maintainers; [ fab ];
+ };
+}
diff --git a/pkgs/development/python-modules/azure-mgmt-msi/default.nix b/pkgs/development/python-modules/azure-mgmt-msi/default.nix
index 1f1a2dde376..985c9828974 100644
--- a/pkgs/development/python-modules/azure-mgmt-msi/default.nix
+++ b/pkgs/development/python-modules/azure-mgmt-msi/default.nix
@@ -1,16 +1,20 @@
{ lib
, buildPythonPackage
+, pythonOlder
, fetchPypi
, msrest
-, msrestazure
, azure-common
-, azure-mgmt-nspkg
+, azure-mgmt-core
}:
buildPythonPackage rec {
pname = "azure-mgmt-msi";
version = "6.0.0";
+ disabled = pythonOlder "3.6";
+
+ format = "setuptools";
+
src = fetchPypi {
inherit pname version;
extension = "zip";
@@ -19,9 +23,8 @@ buildPythonPackage rec {
propagatedBuildInputs = [
msrest
- msrestazure
azure-common
- azure-mgmt-nspkg
+ azure-mgmt-core
];
pythonNamespaces = [ "azure.mgmt" ];
@@ -29,9 +32,11 @@ buildPythonPackage rec {
# has no tests
doCheck = false;
+ pythonImportsCheck = [ "azure.mgmt.msi" ];
+
meta = with lib; {
description = "This is the Microsoft Azure MSI Management Client Library";
- homepage = "https://github.com/Azure/azure-sdk-for-python";
+ homepage = "https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/resources/azure-mgmt-msi";
license = licenses.mit;
maintainers = with maintainers; [ maxwilson ];
};
diff --git a/pkgs/development/python-modules/azure-mgmt-resource/default.nix b/pkgs/development/python-modules/azure-mgmt-resource/default.nix
index 761472b631f..8ac4330b45a 100644
--- a/pkgs/development/python-modules/azure-mgmt-resource/default.nix
+++ b/pkgs/development/python-modules/azure-mgmt-resource/default.nix
@@ -8,14 +8,14 @@
buildPythonPackage rec {
- version = "21.0.0";
+ version = "21.1.0";
pname = "azure-mgmt-resource";
disabled = !isPy3k;
src = fetchPypi {
inherit pname version;
extension = "zip";
- sha256 = "sha256-y9J/UhxwtA/YO/Y88XsStbwD5ecNwrbnpxtevYuQDQM=";
+ sha256 = "sha256-UpZa3jHNBZ/qKxUT1l/mFgRuQz3g5YPc9cnJvr8+vWk=";
};
propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/backports-zoneinfo/default.nix b/pkgs/development/python-modules/backports-zoneinfo/default.nix
index d2b6d06c4cd..5fa4c632316 100644
--- a/pkgs/development/python-modules/backports-zoneinfo/default.nix
+++ b/pkgs/development/python-modules/backports-zoneinfo/default.nix
@@ -7,6 +7,7 @@
, tzdata
, hypothesis
, pytestCheckHook
+, fetchpatch
}:
buildPythonPackage rec {
@@ -22,7 +23,25 @@ buildPythonPackage rec {
sha256 = "sha256-00xdDOVdDanfsjQTd3yjMN2RFGel4cWRrAA3CvSnl24=";
};
+ # Make sure test data update patch applies
+ prePatch = ''
+ substituteInPlace tests/data/zoneinfo_data.json --replace \"2020a\" \"2021a\"
+ '';
+
patches = [
+ # Update test suite's test data to zoneinfo 2022a
+ # https://github.com/pganssle/zoneinfo/pull/115
+ (fetchpatch {
+ name = "backports-zoneinfo-2022a-update-test-data1.patch";
+ url = "https://github.com/pganssle/zoneinfo/pull/115/commits/837e2a0f9f1a1332e4233f83e3648fa564a9ec9e.patch";
+ sha256 = "196knwa212mr0b7zsh8papzr3f5mii87gcjjjx1r9zzvmk3g3ri0";
+ })
+ (fetchpatch {
+ name = "backports-zoneinfo-2022a-update-test-data2.patch";
+ url = "https://github.com/pganssle/zoneinfo/pull/115/commits/9fd330265b177916d6182249439bb40d5691eb58.patch";
+ sha256 = "1zxa5bkwi8hbnh4c0qv72wv6vdp5jlxqizfjsc05ymzvwa99cf75";
+ })
+
(substituteAll {
name = "zoneinfo-path";
src = ./zoneinfo.patch;
diff --git a/pkgs/development/python-modules/databricks-connect/default.nix b/pkgs/development/python-modules/databricks-connect/default.nix
index 3475001a58b..1782598efd8 100644
--- a/pkgs/development/python-modules/databricks-connect/default.nix
+++ b/pkgs/development/python-modules/databricks-connect/default.nix
@@ -9,14 +9,14 @@
buildPythonPackage rec {
pname = "databricks-connect";
- version = "9.1.14";
+ version = "9.1.15";
format = "setuptools";
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
- sha256 = "sha256-l+mTqiQPuPJfGbEVSILpCTlxAka0GeCgIXjMG4Vs82o=";
+ sha256 = "sha256-qXS/hgF2qKUtTfo9UZ5KBa9N0PHJqKA8SC/vgE46LmA=";
};
sourceRoot = ".";
diff --git a/pkgs/development/python-modules/globus-sdk/default.nix b/pkgs/development/python-modules/globus-sdk/default.nix
index 88a2c49e052..68209275426 100644
--- a/pkgs/development/python-modules/globus-sdk/default.nix
+++ b/pkgs/development/python-modules/globus-sdk/default.nix
@@ -13,7 +13,7 @@
buildPythonPackage rec {
pname = "globus-sdk";
- version = "3.7.0";
+ version = "3.8.0";
format = "setuptools";
disabled = pythonOlder "3.6";
@@ -22,7 +22,7 @@ buildPythonPackage rec {
owner = "globus";
repo = "globus-sdk-python";
rev = "refs/tags/${version}";
- hash = "sha256-Us3SCkrBPL3v9YCOQ7ceF3neCUZkJTrchYsvCRSX84Y=";
+ hash = "sha256-JaAiAAf0zIJDXXl3zb4UE9XpmjZ8KQiEcZJm1ps+efA=";
};
propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/impacket/default.nix b/pkgs/development/python-modules/impacket/default.nix
index 6b6f7e452b2..cc957ac156a 100644
--- a/pkgs/development/python-modules/impacket/default.nix
+++ b/pkgs/development/python-modules/impacket/default.nix
@@ -14,14 +14,14 @@
buildPythonPackage rec {
pname = "impacket";
- version = "0.9.24";
+ version = "0.10.0";
format = "setuptools";
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
- hash = "sha256-GNVX04f0kU+vpzmBO5FyvD+L2cA26Tv1iajg67cwS7o=";
+ hash = "sha256-uOsCCiy7RxRmac/jHGS7Ln1kmdBJxJPWQYuXFvXHRYM=";
};
propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/meater-python/default.nix b/pkgs/development/python-modules/meater-python/default.nix
new file mode 100644
index 00000000000..219af570dfe
--- /dev/null
+++ b/pkgs/development/python-modules/meater-python/default.nix
@@ -0,0 +1,37 @@
+{ lib
+, aiohttp
+, buildPythonPackage
+, fetchPypi
+, pythonOlder
+}:
+
+buildPythonPackage rec {
+ pname = "meater-python";
+ version = "0.0.8";
+ format = "setuptools";
+
+ disabled = pythonOlder "3.7";
+
+ src = fetchPypi {
+ inherit pname version;
+ hash = "sha256-86XJmKOc2MCyU9v0UAZsPCUL/kAXywOlQOIHaykNF1o=";
+ };
+
+ propagatedBuildInputs = [
+ aiohttp
+ ];
+
+ # Module has no tests
+ doCheck = false;
+
+ pythonImportsCheck = [
+ "meater"
+ ];
+
+ meta = with lib; {
+ description = "Library for the Apption Labs Meater cooking probe";
+ homepage = "https://github.com/Sotolotl/meater-python";
+ license = licenses.asl20;
+ maintainers = with maintainers; [ fab ];
+ };
+}
diff --git a/pkgs/development/python-modules/pyrainbird/default.nix b/pkgs/development/python-modules/pyrainbird/default.nix
new file mode 100644
index 00000000000..74f0ed630a2
--- /dev/null
+++ b/pkgs/development/python-modules/pyrainbird/default.nix
@@ -0,0 +1,58 @@
+{ lib
+, buildPythonPackage
+, fetchFromGitHub
+, parameterized
+, pycryptodome
+, pytestCheckHook
+, pythonOlder
+, pyyaml
+, requests
+, responses
+, setuptools
+}:
+
+buildPythonPackage rec {
+ pname = "pyrainbird";
+ version = "0.4.3";
+ format = "setuptools";
+
+ disabled = pythonOlder "3.7";
+
+ src = fetchFromGitHub {
+ owner = "jbarrancos";
+ repo = pname;
+ rev = version;
+ hash = "sha256-uRHknWvoPKPu3B5MbSEUlWqBKwAbNMwsgXuf6PZxhkU=";
+ };
+
+ propagatedBuildInputs = [
+ pycryptodome
+ pyyaml
+ requests
+ setuptools
+ ];
+
+ checkInputs = [
+ pytestCheckHook
+ parameterized
+ responses
+ ];
+
+ postPatch = ''
+ substituteInPlace requirements.txt \
+ --replace "datetime" ""
+ substituteInPlace pytest.ini \
+ --replace "--cov=pyrainbird --cov-report=term-missing --pep8 --flakes --mccabe" ""
+ '';
+
+ pythonImportsCheck = [
+ "pyrainbird"
+ ];
+
+ meta = with lib; {
+ description = "Module to interact with Rainbird controllers";
+ homepage = "https://github.com/jbarrancos/pyrainbird/";
+ license = with licenses; [ mit ];
+ maintainers = with maintainers; [ fab ];
+ };
+}
diff --git a/pkgs/development/python-modules/raincloudy/default.nix b/pkgs/development/python-modules/raincloudy/default.nix
new file mode 100644
index 00000000000..860f9461e44
--- /dev/null
+++ b/pkgs/development/python-modules/raincloudy/default.nix
@@ -0,0 +1,61 @@
+{ lib
+, beautifulsoup4
+, buildPythonPackage
+, fetchFromGitHub
+, html5lib
+, pytestCheckHook
+, pythonOlder
+, requests
+, requests-mock
+, urllib3
+}:
+
+buildPythonPackage rec {
+ pname = "raincloudy";
+ version = "1.1.1";
+ format = "setuptools";
+
+ disabled = pythonOlder "3.7";
+
+ src = fetchFromGitHub {
+ owner = "vanstinator";
+ repo = pname;
+ rev = version;
+ hash = "sha256-c6tux0DZY56a4BpuiMXtaqm8+JKNDiyMxrFUju3cp2Y=";
+ };
+
+ propagatedBuildInputs = [
+ requests
+ beautifulsoup4
+ urllib3
+ html5lib
+ ];
+
+ checkInputs = [
+ pytestCheckHook
+ requests-mock
+ ];
+
+ postPatch = ''
+ # https://github.com/vanstinator/raincloudy/pull/60
+ substituteInPlace setup.py \
+ --replace "bs4" "beautifulsoup4" \
+ --replace "html5lib==1.0.1" "html5lib"
+ '';
+
+ pythonImportsCheck = [
+ "raincloudy"
+ ];
+
+ disabledTests = [
+ # Test requires network access
+ "test_attributes"
+ ];
+
+ meta = with lib; {
+ description = "Module to interact with Melnor RainCloud Smart Garden Watering Irrigation Timer";
+ homepage = "https://github.com/vanstinator/raincloudy";
+ license = with licenses; [ asl20 ];
+ maintainers = with maintainers; [ fab ];
+ };
+}
diff --git a/pkgs/development/python-modules/sqlite-utils/default.nix b/pkgs/development/python-modules/sqlite-utils/default.nix
index b3621802a09..d7f07eea073 100644
--- a/pkgs/development/python-modules/sqlite-utils/default.nix
+++ b/pkgs/development/python-modules/sqlite-utils/default.nix
@@ -14,16 +14,21 @@
buildPythonPackage rec {
pname = "sqlite-utils";
- version = "3.26";
+ version = "3.26.1";
format = "setuptools";
disabled = pythonOlder "3.6";
src = fetchPypi {
inherit pname version;
- hash = "sha256-G2Fy9PEYtq0dIWhsgV4HZa5y+wLxcI3CYSgDL6ijkdo=";
+ hash = "sha256-GK/036zijOSi9IWZSFifXrexY8dyo6cfwWyaF06x82c=";
};
+ postPatch = ''
+ substituteInPlace setup.py \
+ --replace "click-default-group-wheel" "click-default-group"
+ '';
+
propagatedBuildInputs = [
click
click-default-group
@@ -45,6 +50,6 @@ buildPythonPackage rec {
description = "Python CLI utility and library for manipulating SQLite databases";
homepage = "https://github.com/simonw/sqlite-utils";
license = licenses.asl20;
- maintainers = with maintainers; [ meatcar ];
+ maintainers = with maintainers; [ meatcar techknowlogick ];
};
}
diff --git a/pkgs/development/tools/flip-link/default.nix b/pkgs/development/tools/flip-link/default.nix
index 6e752379a73..d42e282289a 100644
--- a/pkgs/development/tools/flip-link/default.nix
+++ b/pkgs/development/tools/flip-link/default.nix
@@ -2,23 +2,31 @@
rustPlatform.buildRustPackage rec {
pname = "flip-link";
- version = "0.1.4";
+ version = "0.1.6";
src = fetchFromGitHub {
owner = "knurling-rs";
repo = pname;
rev = "v${version}";
- sha256 = "sha256-LE0cWS6sOb9/VvGloezNnePHGldnpfNTdCFUv3F/nwE=";
+ sha256 = "sha256-Sf2HlAfPlg8Er2g17AnRmUkvRhTw5AVPuL2B92hFvpA=";
};
- cargoSha256 = "sha256-8WBMF5stMB4JXvYwa5yHVFV+3utDuMFJNTZ4fZFDftw=";
+ cargoSha256 = "sha256-2VgsO2hUIvSPNQhR13+bGTxXa6xZXcK0amfiWv2EIxk=";
buildInputs = lib.optional stdenv.isDarwin libiconv;
+ checkFlags = [
+ # requires embedded toolchains
+ "--skip should_link_example_firmware::case_1_normal"
+ "--skip should_link_example_firmware::case_2_custom_linkerscript"
+ "--skip should_verify_memory_layout"
+ ];
+
meta = with lib; {
description = "Adds zero-cost stack overflow protection to your embedded programs";
homepage = "https://github.com/knurling-rs/flip-link";
- license = with licenses; [ asl20 mit ];
- maintainers = [ maintainers.FlorianFranzen ];
+ changelog = "https://github.com/knurling-rs/flip-link/blob/v${version}/CHANGELOG.md";
+ license = with licenses; [ asl20 /* or */ mit ];
+ maintainers = with maintainers; [ FlorianFranzen newam ];
};
}
diff --git a/pkgs/development/tools/protoc-gen-twirp_php/default.nix b/pkgs/development/tools/protoc-gen-twirp_php/default.nix
index df5afac2dbb..a54c860f295 100644
--- a/pkgs/development/tools/protoc-gen-twirp_php/default.nix
+++ b/pkgs/development/tools/protoc-gen-twirp_php/default.nix
@@ -2,19 +2,23 @@
buildGoModule rec {
pname = "protoc-gen-twirp_php";
- version = "0.8.0";
+ version = "0.8.1";
# fetchFromGitHub currently not possible, because go.mod and go.sum are export-ignored
src = fetchgit {
url = "https://github.com/twirphp/twirp.git";
rev = "v${version}";
- sha256 = "sha256-TaHfyYoWsA/g5xZFxIMNwE1w6Dd9Cq5bp1gpQudYLs0=";
+ sha256 = "sha256-5PACgKqc8rWqaA6Syj5NyxHm3827yd67tm0mwVSMnWQ=";
};
vendorSha256 = "sha256-qQFlBviRISEnPBt0q5391RqUrPTI/QDxg3MNfwWE8MI=";
subPackages = [ "protoc-gen-twirp_php" ];
+ ldflags = [
+ "-X main.version=${version}"
+ ];
+
meta = with lib; {
description = "PHP port of Twitch's Twirp RPC framework";
homepage = "https://github.com/twirphp/twirp";
diff --git a/pkgs/os-specific/linux/bolt/default.nix b/pkgs/os-specific/linux/bolt/default.nix
index dd9436d9b0e..d424f89fdfb 100644
--- a/pkgs/os-specific/linux/bolt/default.nix
+++ b/pkgs/os-specific/linux/bolt/default.nix
@@ -13,7 +13,7 @@
, libxml2
, libxslt
, docbook_xml_dtd_45
-, docbook_xsl
+, docbook-xsl-nons
, glib
, systemd
, polkit
@@ -21,39 +21,33 @@
stdenv.mkDerivation rec {
pname = "bolt";
- version = "0.9.1";
+ version = "0.9.2";
src = fetchFromGitLab {
domain = "gitlab.freedesktop.org";
owner = "bolt";
repo = "bolt";
rev = version;
- sha256 = "1phgp8fs0dlj74kbkqlvfniwc32daz47b3pvsxlfxqzyrp77xrfm";
+ sha256 = "eXjj7oD5HOW/AG2uxDa0tSleKmbouFd2fwlL2HHFiMA=";
};
patches = [
# meson install tries to create /var/lib/boltd
./0001-skip-mkdir.patch
- # https://github.com/NixOS/nixpkgs/issues/104429
+ # Test does not work on ZFS with atime disabled.
# Upstream issue: https://gitlab.freedesktop.org/bolt/bolt/-/issues/167
(fetchpatch {
- name = "disable-atime-tests.diff";
- url = "https://gitlab.freedesktop.org/roberth/bolt/-/commit/1f672a7de2ebc4dd51590bb90f3b873a8ac0f4e6.diff";
- sha256 = "134f5s6kjqs6612pwq5pm1miy58crn1kxbyyqhzjnzmf9m57fnc8";
- })
-
- # Fix tests with newer umockdev
- (fetchpatch {
- url = "https://gitlab.freedesktop.org/bolt/bolt/-/commit/130e09d1c7ff02c09e4ad1c9c36e9940b68e58d8.patch";
- sha256 = "HycuM7z4VvtBuZZLU68tBxGT1YjaqJRS4sKyoTGHZEk=";
+ url = "https://gitlab.freedesktop.org/bolt/bolt/-/commit/c2f1d5c40ad71b20507e02faa11037b395fac2f8.diff";
+ revert = true;
+ sha256 = "6w7ll65W/CydrWAVi/qgzhrQeDv1PWWShulLxoglF+I=";
})
];
nativeBuildInputs = [
asciidoc
docbook_xml_dtd_45
- docbook_xsl
+ docbook-xsl-nons
libxml2
libxslt
meson
diff --git a/pkgs/os-specific/linux/iwd/default.nix b/pkgs/os-specific/linux/iwd/default.nix
index bc5811942a5..424a1d1a50e 100644
--- a/pkgs/os-specific/linux/iwd/default.nix
+++ b/pkgs/os-specific/linux/iwd/default.nix
@@ -12,12 +12,12 @@
stdenv.mkDerivation rec {
pname = "iwd";
- version = "1.26";
+ version = "1.27";
src = fetchgit {
url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git";
rev = version;
- sha256 = "sha256-+BciYfb9++u9Ux4AdvPFFIFVq8j+TVoTLKqxzmn5p3o=";
+ sha256 = "sha256-gN9+9Cc6zjZBXDhcHBH5wyucO5/vL7bKSLWM5laFqaA=";
};
outputs = [ "out" "man" "doc" ]
diff --git a/pkgs/os-specific/linux/power-profiles-daemon/default.nix b/pkgs/os-specific/linux/power-profiles-daemon/default.nix
index 9f96eb2576d..253c3caf6aa 100644
--- a/pkgs/os-specific/linux/power-profiles-daemon/default.nix
+++ b/pkgs/os-specific/linux/power-profiles-daemon/default.nix
@@ -8,6 +8,7 @@
, libgudev
, glib
, polkit
+, dbus
, gobject-introspection
, gettext
, gtk-doc
@@ -29,34 +30,21 @@ let
dbus-python
python-dbusmock
];
- testTypelibPath = lib.makeSearchPathOutput "lib" "lib/girepository-1.0" [ umockdev ];
in
stdenv.mkDerivation rec {
pname = "power-profiles-daemon";
- version = "0.10.1";
+ version = "0.11.1";
- outputs = [ "out" "devdoc" "installedTests" ];
+ outputs = [ "out" "devdoc" ];
src = fetchFromGitLab {
domain = "gitlab.freedesktop.org";
owner = "hadess";
repo = "power-profiles-daemon";
rev = version;
- sha256 = "sha256-sQWiCHc0kEELdmPq9Qdk7OKDUgbM5R44639feC7gjJc=";
+ sha256 = "sha256-qU9A9U2R3UioC7bo8Pc0IIsHIjghb6gsG4pTAg6tp9E=";
};
- patches = [
- # Enable installed tests.
- # https://gitlab.freedesktop.org/hadess/power-profiles-daemon/-/merge_requests/92
- (fetchpatch {
- url = "https://gitlab.freedesktop.org/hadess/power-profiles-daemon/-/commit/3c64d9e1732eb6425e33013c452f1c4aa7a26f7e.patch";
- sha256 = "din5VuZZwARNDInHtl44yJK8pLmlxr5eoD4iMT4a8HA=";
- })
-
- # Install installed tests to separate output.
- ./installed-tests-path.patch
- ];
-
nativeBuildInputs = [
pkg-config
meson
@@ -70,9 +58,6 @@ stdenv.mkDerivation rec {
gobject-introspection
wrapGAppsNoGuiHook
python3.pkgs.wrapPython
-
- # For finding tests.
- (python3.withPackages testPythonPkgs)
];
buildInputs = [
@@ -91,31 +76,28 @@ stdenv.mkDerivation rec {
python3.pkgs.pygobject3
];
+ checkInputs = [
+ umockdev
+ dbus
+ (python3.withPackages testPythonPkgs)
+ ];
+
mesonFlags = [
- "-Dinstalled_test_prefix=${placeholder "installedTests"}"
"-Dsystemdsystemunitdir=${placeholder "out"}/lib/systemd/system"
"-Dgtk_doc=true"
];
+ doCheck = true;
+
PKG_CONFIG_POLKIT_GOBJECT_1_POLICYDIR = "${placeholder "out"}/share/polkit-1/actions";
# Avoid double wrapping
dontWrapGApps = true;
postPatch = ''
- patchShebangs tests/unittest_inspector.py
- '';
-
- preConfigure = ''
- # For finding tests.
- GI_TYPELIB_PATH_original=$GI_TYPELIB_PATH
- addToSearchPath GI_TYPELIB_PATH "${testTypelibPath}"
- '';
-
- postConfigure = ''
- # Restore the original value to prevent the program from depending on umockdev.
- export GI_TYPELIB_PATH=$GI_TYPELIB_PATH_original
- unset GI_TYPELIB_PATH_original
+ patchShebangs --build \
+ tests/integration-test.py \
+ tests/unittest_inspector.py
'';
preInstall = ''
@@ -128,33 +110,22 @@ stdenv.mkDerivation rec {
export PKEXEC_UID=-1
'';
+ postCheck = ''
+ # Do not contaminate the wrapper with test dependencies.
+ unset GI_TYPELIB_PATH
+ unset XDG_DATA_DIRS
+ '';
+
postFixup = ''
# Avoid double wrapping
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
# Make Python libraries available
wrapPythonProgramsIn "$out/bin" "$pythonPath"
-
- # Make Python libraries available for installed tests
- makeWrapperArgs+=(
- --prefix GI_TYPELIB_PATH : "${testTypelibPath}"
- --prefix PATH : "${lib.makeBinPath [ umockdev ]}"
- # Vala does not use absolute paths in typelibs
- # https://github.com/NixOS/nixpkgs/issues/47226
- # Also umockdev binaries use relative paths for LD_PRELOAD.
- --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ umockdev ]}"
- # dbusmock calls its templates using exec so our regular patching of Python scripts
- # to add package directories to site will not carry over.
- # https://github.com/martinpitt/python-dbusmock/blob/2254e69279a02fb3027b500ed7288b77c7a80f2a/dbusmock/mockobject.py#L51
- # https://github.com/martinpitt/python-dbusmock/blob/2254e69279a02fb3027b500ed7288b77c7a80f2a/dbusmock/__main__.py#L60-L62
- --prefix PYTHONPATH : "${lib.makeSearchPath python3.sitePackages (testPythonPkgs python3.pkgs)}"
- )
- wrapPythonProgramsIn "$installedTests/libexec/installed-tests" "$pythonPath ${lib.concatStringsSep " " (testPythonPkgs python3.pkgs)}"
'';
passthru = {
tests = {
nixos = nixosTests.power-profiles-daemon;
- installed-tests = nixosTests.installed-tests.power-profiles-daemon;
};
};
diff --git a/pkgs/os-specific/linux/power-profiles-daemon/installed-tests-path.patch b/pkgs/os-specific/linux/power-profiles-daemon/installed-tests-path.patch
deleted file mode 100644
index 63059f3ac73..00000000000
--- a/pkgs/os-specific/linux/power-profiles-daemon/installed-tests-path.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-diff --git a/meson_options.txt b/meson_options.txt
-index 7e89619..76497db 100644
---- a/meson_options.txt
-+++ b/meson_options.txt
-@@ -1,3 +1,4 @@
-+option('installed_test_prefix', type: 'string', description: 'Prefix for installed tests')
- option('systemdsystemunitdir',
- description: 'systemd unit directory',
- type: 'string',
-diff --git a/tests/meson.build b/tests/meson.build
-index b306a7f..7670e1b 100644
---- a/tests/meson.build
-+++ b/tests/meson.build
-@@ -2,8 +2,8 @@ envs = environment()
- envs.set ('top_builddir', meson.build_root())
- envs.set ('top_srcdir', meson.source_root())
-
--installed_test_bindir = libexecdir / 'installed-tests' / meson.project_name()
--installed_test_datadir = datadir / 'installed-tests' / meson.project_name()
-+installed_test_bindir = get_option('installed_test_prefix') / 'libexec' / 'installed-tests' / meson.project_name()
-+installed_test_datadir = get_option('installed_test_prefix') / 'share' / 'installed-tests' / meson.project_name()
-
- python3 = find_program('python3')
- unittest_inspector = find_program('unittest_inspector.py')
-diff --git a/tests/integration-test.py b/tests/integration-test.py
-index 22dc42c..0f92b76 100755
---- a/tests/integration-test.py
-+++ b/tests/integration-test.py
-@@ -67,7 +67,7 @@ class Tests(dbusmock.DBusTestCase):
- print('Testing binaries from JHBuild (%s)' % cls.daemon_path)
- else:
- cls.daemon_path = None
-- with open('/usr/lib/systemd/system/power-profiles-daemon.service') as f:
-+ with open('/run/current-system/sw/lib/systemd/system/power-profiles-daemon.service') as f:
- for line in f:
- if line.startswith('ExecStart='):
- cls.daemon_path = line.split('=', 1)[1].strip()
diff --git a/pkgs/servers/home-assistant/component-packages.nix b/pkgs/servers/home-assistant/component-packages.nix
index 707740cd4a4..3ffb7594cd0 100644
--- a/pkgs/servers/home-assistant/component-packages.nix
+++ b/pkgs/servers/home-assistant/component-packages.nix
@@ -1516,7 +1516,8 @@
pymazda
];
"meater" = ps: with ps; [
- ]; # missing inputs: meater-python
+ meater-python
+ ];
"media_extractor" = ps: with ps; [
aiohttp-cors
youtube-dl-light
@@ -2121,9 +2122,11 @@
radiotherm
];
"rainbird" = ps: with ps; [
- ]; # missing inputs: pyrainbird
+ pyrainbird
+ ];
"raincloud" = ps: with ps; [
- ]; # missing inputs: raincloudy
+ raincloudy
+ ];
"rainforest_eagle" = ps: with ps; [
aioeagle
ueagle
@@ -3451,6 +3454,7 @@
"manual_mqtt"
"maxcube"
"mazda"
+ "meater"
"media_player"
"media_source"
"melcloud"
diff --git a/pkgs/servers/kanidm/default.nix b/pkgs/servers/kanidm/default.nix
new file mode 100644
index 00000000000..f160886fb64
--- /dev/null
+++ b/pkgs/servers/kanidm/default.nix
@@ -0,0 +1,89 @@
+{ stdenv
+, lib
+, formats
+, nixosTests
+, rustPlatform
+, fetchFromGitHub
+, installShellFiles
+, pkg-config
+, udev
+, openssl
+, sqlite
+, pam
+}:
+
+let
+ arch = if stdenv.isx86_64 then "x86_64" else "generic";
+in
+rustPlatform.buildRustPackage rec {
+ pname = "kanidm";
+ version = "1.1.0-alpha.8";
+
+ src = fetchFromGitHub {
+ owner = pname;
+ repo = pname;
+ rev = "v${version}";
+ sha256 = "sha256-zMtbE6Y9wXFPBqhmiTMJ3m6bLVZl+c6lRY39DWDlJNo=";
+ };
+
+ cargoSha256 = "sha256:1l7xqp457zfd9gfjp6f4lzgadfp6112jbip4irazw4084qwj0z6x";
+
+ KANIDM_BUILD_PROFILE = "release_nixos_${arch}";
+
+ postPatch =
+ let
+ format = (formats.toml { }).generate "${KANIDM_BUILD_PROFILE}.toml";
+ profile = {
+ web_ui_pkg_path = "@web_ui_pkg_path@";
+ cpu_flags = if stdenv.isx86_64 then "x86_64_v1" else "none";
+ };
+ in
+ ''
+ cp ${format profile} profiles/${KANIDM_BUILD_PROFILE}.toml
+ substituteInPlace profiles/${KANIDM_BUILD_PROFILE}.toml \
+ --replace '@web_ui_pkg_path@' "$out/ui"
+ '';
+
+ nativeBuildInputs = [
+ pkg-config
+ installShellFiles
+ ];
+
+ buildInputs = [
+ udev
+ openssl
+ sqlite
+ pam
+ ];
+
+ # Failing tests, probably due to network issues
+ checkFlags = [
+ "--skip default_entries"
+ "--skip oauth2_openid_basic_flow"
+ "--skip test_server"
+ "--skip test_cache"
+ ];
+
+ preFixup = ''
+ installShellCompletion --bash $releaseDir/build/completions/*.bash
+ installShellCompletion --zsh $releaseDir/build/completions/_*
+
+ # PAM and NSS need fix library names
+ mv $out/lib/libnss_kanidm.so $out/lib/libnss_kanidm.so.2
+ mv $out/lib/libpam_kanidm.so $out/lib/pam_kanidm.so
+
+ # We don't compile the wasm-part form source, as there isn't a rustc for
+ # wasm32-unknown-unknown in nixpkgs yet.
+ cp -r kanidmd_web_ui/pkg $out/ui
+ '';
+
+ passthru.tests = { inherit (nixosTests) kanidm; };
+
+ meta = with lib; {
+ description = "A simple, secure and fast identity management platform";
+ homepage = "https://github.com/kanidm/kanidm";
+ license = licenses.mpl20;
+ platforms = platforms.linux;
+ maintainers = with maintainers; [ erictapen Flakebi ];
+ };
+}
diff --git a/pkgs/tools/admin/azure-cli/python-packages.nix b/pkgs/tools/admin/azure-cli/python-packages.nix
index f746941a953..b65b4a8fbbb 100644
--- a/pkgs/tools/admin/azure-cli/python-packages.nix
+++ b/pkgs/tools/admin/azure-cli/python-packages.nix
@@ -226,8 +226,19 @@ let
azure-mgmt-media = overrideAzureMgmtPackage super.azure-mgmt-media "7.0.0" "zip"
"sha256-tF6CpZTtkc1ap6XNXQHwOLesPPEiM+e6K+qqNHeQDo4=";
- azure-mgmt-msi = overrideAzureMgmtPackage super.azure-mgmt-msi "0.2.0" "zip"
- "0rvik03njz940x2hvqg6iiq8k0d88gyygsr86w8s0sa12sdbq8l6";
+ azure-mgmt-msi = super.azure-mgmt-msi.overridePythonAttrs (old: rec {
+ version = "0.2.0";
+ src = old.src.override {
+ inherit version;
+ sha256 = "0rvik03njz940x2hvqg6iiq8k0d88gyygsr86w8s0sa12sdbq8l6";
+ };
+ propagatedBuildInputs = with self; [
+ msrest
+ msrestazure
+ azure-common
+ azure-mgmt-nspkg
+ ];
+ });
azure-mgmt-privatedns = overrideAzureMgmtPackage super.azure-mgmt-privatedns "1.0.0" "zip"
"b60f16e43f7b291582c5f57bae1b083096d8303e9d9958e2c29227a55cc27c45";
diff --git a/pkgs/tools/inputmethods/input-remapper/default.nix b/pkgs/tools/inputmethods/input-remapper/default.nix
index 1ac061034d7..0a1ce3108f2 100644
--- a/pkgs/tools/inputmethods/input-remapper/default.nix
+++ b/pkgs/tools/inputmethods/input-remapper/default.nix
@@ -34,9 +34,9 @@
# https://discourse.nixos.org/t/avoid-rec-expresions-in-nixpkgs/8293/7
# The names are prefixed with input_remapper to avoid potential
# collisions with package names
-, input_remapper_version ? "unstable-2022-02-09"
-, input_remapper_src_rev ? "55227e0b5a28d21d7333c6c8ea1c691e56fd35c4"
-, input_remapper_src_hash ? "sha256-kzGlEaYN/JfAgbI0aMLr5mwObYOL43X7QU/ihDEBQFg="
+, input_remapper_version ? "1.4.2"
+, input_remapper_src_rev ? "af20f87a1298153e765b840a2164ba63b9ef937a"
+, input_remapper_src_hash ? "sha256-eG4Fx1z74Bq1HrfmzOuULQLziGdWnHLax8y2dymjWsI="
}:
let
diff --git a/pkgs/tools/misc/bsp-layout/default.nix b/pkgs/tools/misc/bsp-layout/default.nix
index 065c21e3f78..bad5b4d9a89 100644
--- a/pkgs/tools/misc/bsp-layout/default.nix
+++ b/pkgs/tools/misc/bsp-layout/default.nix
@@ -1,4 +1,11 @@
-{ stdenv, fetchFromGitHub, lib, bspwm, makeWrapper, git, bc }:
+{ lib
+, stdenv
+, fetchFromGitHub
+, makeWrapper
+, git
+, bc
+, bspwm
+}:
stdenv.mkDerivation rec {
pname = "bsp-layout";
@@ -17,14 +24,22 @@ stdenv.mkDerivation rec {
makeFlags = [ "PREFIX=$(out)" ];
postInstall = ''
- substituteInPlace $out/bin/bsp-layout --replace 'bc ' '${bc}/bin/bc '
+ substituteInPlace $out/lib/bsp-layout/layout.sh --replace 'bc ' '${bc}/bin/bc '
+ for layout in tall rtall wide rwide
+ do
+ substituteInPlace "$out/lib/bsp-layout/layouts/$layout.sh" --replace 'bc ' '${bc}/bin/bc '
+ done
'';
meta = with lib; {
description = "Manage layouts in bspwm";
+ longDescription = ''
+ bsp-layout is a dynamic layout manager for bspwm, written in bash.
+ It provides layout options to fit most workflows.
+ '';
homepage = "https://github.com/phenax/bsp-layout";
license = licenses.mit;
- maintainers = with maintainers; [ devins2518 ];
+ maintainers = with maintainers; [ devins2518 totoroot ];
platforms = platforms.linux;
};
}
diff --git a/pkgs/tools/security/ecdsautils/default.nix b/pkgs/tools/security/ecdsautils/default.nix
index 6bdac96811a..0a43260eb83 100644
--- a/pkgs/tools/security/ecdsautils/default.nix
+++ b/pkgs/tools/security/ecdsautils/default.nix
@@ -1,14 +1,17 @@
{ lib, stdenv, pkgs }:
-stdenv.mkDerivation {
- version = "0.4.0";
+let
pname = "ecdsautils";
+ version = "0.4.1";
+in
+stdenv.mkDerivation {
+ inherit pname version;
src = pkgs.fetchFromGitHub {
owner = "freifunk-gluon";
- repo = "ecdsautils";
- rev = "07538893fb6c2a9539678c45f9dbbf1e4f222b46";
- sha256 = "18sr8x3qiw8s9l5pfi7r9i3ayplz4jqdml75ga9y933vj7vs0k4d";
+ repo = pname;
+ rev = "v${version}";
+ sha256 = "sha256-dv0guQTmot5UO1GkMgzvD6uJFyum5kV89LI3xWS1DZA=";
};
nativeBuildInputs = with pkgs; [ cmake pkg-config doxygen ];
@@ -16,7 +19,7 @@ stdenv.mkDerivation {
meta = with lib; {
description = "Tiny collection of programs used for ECDSA (keygen, sign, verify)";
- homepage = "https://github.com/tcatm/ecdsautils/";
+ homepage = "https://github.com/freifunk-gluon/ecdsautils/";
license = with licenses; [ mit bsd2 ];
maintainers = with maintainers; [ ];
platforms = platforms.unix;
diff --git a/pkgs/tools/text/sift/default.nix b/pkgs/tools/text/sift/default.nix
index dc025f17a78..f282c28f8fe 100644
--- a/pkgs/tools/text/sift/default.nix
+++ b/pkgs/tools/text/sift/default.nix
@@ -1,4 +1,4 @@
-{ lib, buildGoPackage, fetchFromGitHub }:
+{ lib, buildGoPackage, fetchFromGitHub, installShellFiles }:
buildGoPackage rec {
pname = "sift";
@@ -7,6 +7,8 @@ buildGoPackage rec {
goPackagePath = "github.com/svent/sift";
+ nativeBuildInputs = [ installShellFiles ];
+
src = fetchFromGitHub {
inherit rev;
owner = "svent";
@@ -14,12 +16,16 @@ buildGoPackage rec {
sha256 = "0bgy0jf84z1c3msvb60ffj4axayfchdkf0xjnsbx9kad1v10g7i1";
};
+ postInstall = ''
+ installShellCompletion --cmd sift --bash go/src/github.com/svent/sift/sift-completion.bash
+ '';
+
goDeps = ./deps.nix;
meta = with lib; {
description = "A fast and powerful alternative to grep";
homepage = "https://sift-tool.org";
- maintainers = [ maintainers.carlsverre ];
+ maintainers = with maintainers; [ carlsverre viraptor ];
license = licenses.gpl3;
};
}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 941f3fa0eed..1a73cb813e5 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -21852,6 +21852,8 @@ with pkgs;
jitsi-videobridge = callPackage ../servers/jitsi-videobridge { };
+ kanidm = callPackage ../servers/kanidm { };
+
kapowbang = callPackage ../servers/kapowbang { };
keycloak = callPackage ../servers/keycloak { };
@@ -28380,8 +28382,7 @@ with pkgs;
ostinato = libsForQt5.callPackage ../applications/networking/ostinato { };
p4 = callPackage ../applications/version-management/p4 { };
- # Broken with Qt5.15 because qtwebkit is broken with it
- p4v = libsForQt514.callPackage ../applications/version-management/p4v { };
+ p4v = libsForQt515.callPackage ../applications/version-management/p4v { };
partio = callPackage ../development/libraries/partio {};
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index c39aabeda4d..7356a8b69af 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -345,6 +345,8 @@ in {
aiolifx-effects = callPackage ../development/python-modules/aiolifx-effects { };
+ aiolimiter = callPackage ../development/python-modules/aiolimiter { };
+
aiolip = callPackage ../development/python-modules/aiolip { };
aiolyric = callPackage ../development/python-modules/aiolyric { };
@@ -5168,6 +5170,8 @@ in {
measurement = callPackage ../development/python-modules/measurement { };
+ meater-python = callPackage ../development/python-modules/meater-python { };
+
mecab-python3 = callPackage ../development/python-modules/mecab-python3 { };
mechanicalsoup = callPackage ../development/python-modules/mechanicalsoup { };
@@ -7702,6 +7706,8 @@ in {
py-radix = callPackage ../development/python-modules/py-radix { };
+ pyrainbird = callPackage ../development/python-modules/pyrainbird { };
+
pyramid_beaker = callPackage ../development/python-modules/pyramid_beaker { };
pyramid = callPackage ../development/python-modules/pyramid { };
@@ -8822,6 +8828,8 @@ in {
rainbowstream = callPackage ../development/python-modules/rainbowstream { };
+ raincloudy = callPackage ../development/python-modules/raincloudy { };
+
ramlfications = callPackage ../development/python-modules/ramlfications { };
random2 = callPackage ../development/python-modules/random2 { };