diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index 8a177be26d7..c38231f1840 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -12091,6 +12091,12 @@
githubId = 7512804;
name = "Martin Langlotz";
};
+ stargate01 = {
+ email = "christoph.honal@web.de";
+ github = "StarGate01";
+ githubId = 6362238;
+ name = "Christoph Honal";
+ };
steamwalker = {
email = "steamwalker@xs4all.nl";
github = "steamwalker";
diff --git a/nixos/modules/installer/tools/get-version-suffix b/nixos/modules/installer/tools/get-version-suffix
index b8972cd57d2..8d72905cdcb 100644
--- a/nixos/modules/installer/tools/get-version-suffix
+++ b/nixos/modules/installer/tools/get-version-suffix
@@ -1,14 +1,15 @@
getVersion() {
local dir="$1"
rev=
- if [ -e "$dir/.git" ]; then
+ gitDir="$dir/.git"
+ if [ -e "$gitDir" ]; then
if [ -z "$(type -P git)" ]; then
echo "warning: Git not found; cannot figure out revision of $dir" >&2
return
fi
cd "$dir"
- rev=$(git rev-parse --short HEAD)
- if git describe --always --dirty | grep -q dirty; then
+ rev=$(git --git-dir="$gitDir" rev-parse --short HEAD)
+ if git --git-dir="$gitDir" describe --always --dirty | grep -q dirty; then
rev+=M
fi
fi
diff --git a/nixos/modules/services/misc/geoipupdate.nix b/nixos/modules/services/misc/geoipupdate.nix
index 3211d4d88e4..db643c3d847 100644
--- a/nixos/modules/services/misc/geoipupdate.nix
+++ b/nixos/modules/services/misc/geoipupdate.nix
@@ -2,6 +2,7 @@
let
cfg = config.services.geoipupdate;
+ inherit (builtins) isAttrs isString isInt isList typeOf hashString;
in
{
imports = [
@@ -27,11 +28,30 @@ in
};
settings = lib.mkOption {
+ example = lib.literalExpression ''
+ {
+ AccountID = 200001;
+ DatabaseDirectory = "/var/lib/GeoIP";
+ LicenseKey = { _secret = "/run/keys/maxmind_license_key"; };
+ Proxy = "10.0.0.10:8888";
+ ProxyUserPassword = { _secret = "/run/keys/proxy_pass"; };
+ }
+ '';
description = ''
geoipupdate configuration
options. See
for a full list of available options.
+
+ Settings containing secret data should be set to an
+ attribute set containing the attribute
+ _secret - a string pointing to a file
+ containing the value the option should be set to. See the
+ example to get a better picture of this: in the resulting
+ GeoIP.conf file, the
+ ProxyUserPassword key will be set to the
+ contents of the
+ /run/keys/proxy_pass file.
'';
type = lib.types.submodule {
freeformType =
@@ -65,11 +85,18 @@ in
};
LicenseKey = lib.mkOption {
- type = lib.types.path;
+ type = with lib.types; either path (attrsOf path);
description = ''
- A file containing the MaxMind
- license key.
+ A file containing the
+ MaxMind license key.
+
+ Always handled as a secret whether the value is
+ wrapped in a { _secret = ...; }
+ attrset or not (refer to for
+ details).
'';
+ apply = x: if isAttrs x then x else { _secret = x; };
};
DatabaseDirectory = lib.mkOption {
@@ -102,6 +129,9 @@ in
systemd.services.geoipupdate-create-db-dir = {
serviceConfig.Type = "oneshot";
script = ''
+ set -o errexit -o pipefail -o nounset -o errtrace
+ shopt -s inherit_errexit
+
mkdir -p ${cfg.settings.DatabaseDirectory}
chmod 0755 ${cfg.settings.DatabaseDirectory}
'';
@@ -115,32 +145,41 @@ in
"network-online.target"
"nss-lookup.target"
];
+ path = [ pkgs.replace-secret ];
wants = [ "network-online.target" ];
startAt = cfg.interval;
serviceConfig = {
ExecStartPre =
let
+ isSecret = v: isAttrs v && v ? _secret && isString v._secret;
geoipupdateKeyValue = lib.generators.toKeyValue {
mkKeyValue = lib.flip lib.generators.mkKeyValueDefault " " rec {
- mkValueString = v: with builtins;
+ mkValueString = v:
if isInt v then toString v
else if isString v then v
else if true == v then "1"
else if false == v then "0"
else if isList v then lib.concatMapStringsSep " " mkValueString v
+ else if isSecret v then hashString "sha256" v._secret
else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}";
};
};
+ secretPaths = lib.catAttrs "_secret" (lib.collect isSecret cfg.settings);
+ mkSecretReplacement = file: ''
+ replace-secret ${lib.escapeShellArgs [ (hashString "sha256" file) file "/run/geoipupdate/GeoIP.conf" ]}
+ '';
+ secretReplacements = lib.concatMapStrings mkSecretReplacement secretPaths;
geoipupdateConf = pkgs.writeText "geoipupdate.conf" (geoipupdateKeyValue cfg.settings);
script = ''
+ set -o errexit -o pipefail -o nounset -o errtrace
+ shopt -s inherit_errexit
+
chown geoip "${cfg.settings.DatabaseDirectory}"
cp ${geoipupdateConf} /run/geoipupdate/GeoIP.conf
- ${pkgs.replace-secret}/bin/replace-secret '${cfg.settings.LicenseKey}' \
- '${cfg.settings.LicenseKey}' \
- /run/geoipupdate/GeoIP.conf
+ ${secretReplacements}
'';
in
"+${pkgs.writeShellScript "start-pre-full-privileges" script}";
diff --git a/nixos/modules/services/monitoring/parsedmarc.nix b/nixos/modules/services/monitoring/parsedmarc.nix
index ec71365ba3c..efc7f69be7d 100644
--- a/nixos/modules/services/monitoring/parsedmarc.nix
+++ b/nixos/modules/services/monitoring/parsedmarc.nix
@@ -3,7 +3,19 @@
let
cfg = config.services.parsedmarc;
opt = options.services.parsedmarc;
- ini = pkgs.formats.ini {};
+ isSecret = v: isAttrs v && v ? _secret && isString v._secret;
+ ini = pkgs.formats.ini {
+ mkKeyValue = lib.flip lib.generators.mkKeyValueDefault "=" rec {
+ mkValueString = v:
+ if isInt v then toString v
+ else if isString v then v
+ else if true == v then "True"
+ else if false == v then "False"
+ else if isSecret v then hashString "sha256" v._secret
+ else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}";
+ };
+ };
+ inherit (builtins) elem isAttrs isString isInt isList typeOf hashString;
in
{
options.services.parsedmarc = {
@@ -107,11 +119,35 @@ in
};
settings = lib.mkOption {
+ example = lib.literalExpression ''
+ {
+ imap = {
+ host = "imap.example.com";
+ user = "alice@example.com";
+ password = { _secret = "/run/keys/imap_password" };
+ watch = true;
+ };
+ splunk_hec = {
+ url = "https://splunkhec.example.com";
+ token = { _secret = "/run/keys/splunk_token" };
+ index = "email";
+ };
+ }
+ '';
description = ''
Configuration parameters to set in
parsedmarc.ini. For a full list of
available parameters, see
.
+
+ Settings containing secret data should be set to an attribute
+ set containing the attribute _secret - a
+ string pointing to a file containing the value the option
+ should be set to. See the example to get a better picture of
+ this: in the resulting parsedmarc.ini
+ file, the splunk_hec.token key will be set
+ to the contents of the
+ /run/keys/splunk_token file.
'';
type = lib.types.submodule {
@@ -170,11 +206,18 @@ in
};
password = lib.mkOption {
- type = with lib.types; nullOr path;
+ type = with lib.types; nullOr (either path (attrsOf path));
default = null;
description = ''
- The path to a file containing the IMAP server password.
+ The IMAP server password.
+
+ Always handled as a secret whether the value is
+ wrapped in a { _secret = ...; }
+ attrset or not (refer to for
+ details).
'';
+ apply = x: if isAttrs x || x == null then x else { _secret = x; };
};
watch = lib.mkOption {
@@ -228,11 +271,18 @@ in
};
password = lib.mkOption {
- type = with lib.types; nullOr path;
+ type = with lib.types; nullOr (either path (attrsOf path));
default = null;
description = ''
- The path to a file containing the SMTP server password.
+ The SMTP server password.
+
+ Always handled as a secret whether the value is
+ wrapped in a { _secret = ...; }
+ attrset or not (refer to for
+ details).
'';
+ apply = x: if isAttrs x || x == null then x else { _secret = x; };
};
from = lib.mkOption {
@@ -274,12 +324,19 @@ in
};
password = lib.mkOption {
- type = with lib.types; nullOr path;
+ type = with lib.types; nullOr (either path (attrsOf path));
default = null;
description = ''
- The path to a file containing the password to use when
- connecting to Elasticsearch, if required.
+ The password to use when connecting to Elasticsearch,
+ if required.
+
+ Always handled as a secret whether the value is
+ wrapped in a { _secret = ...; }
+ attrset or not (refer to for
+ details).
'';
+ apply = x: if isAttrs x || x == null then x else { _secret = x; };
};
ssl = lib.mkOption {
@@ -299,63 +356,6 @@ in
'';
};
};
-
- kafka = {
- hosts = lib.mkOption {
- default = [];
- type = with lib.types; listOf str;
- apply = x: if x == [] then null else lib.concatStringsSep "," x;
- description = ''
- A list of Apache Kafka hosts to publish parsed reports
- to.
- '';
- };
-
- user = lib.mkOption {
- type = with lib.types; nullOr str;
- default = null;
- description = ''
- Username to use when connecting to Kafka, if
- required.
- '';
- };
-
- password = lib.mkOption {
- type = with lib.types; nullOr path;
- default = null;
- description = ''
- The path to a file containing the password to use when
- connecting to Kafka, if required.
- '';
- };
-
- ssl = lib.mkOption {
- type = with lib.types; nullOr bool;
- default = null;
- description = ''
- Whether to use an encrypted SSL/TLS connection.
- '';
- };
-
- aggregate_topic = lib.mkOption {
- type = with lib.types; nullOr str;
- default = null;
- example = "aggregate";
- description = ''
- The Kafka topic to publish aggregate reports on.
- '';
- };
-
- forensic_topic = lib.mkOption {
- type = with lib.types; nullOr str;
- default = null;
- example = "forensic";
- description = ''
- The Kafka topic to publish forensic reports on.
- '';
- };
- };
-
};
};
@@ -404,21 +404,14 @@ in
enable = cfg.provision.grafana.datasource || cfg.provision.grafana.dashboard;
datasources =
let
- pkgVer = lib.getVersion config.services.elasticsearch.package;
- esVersion =
- if lib.versionOlder pkgVer "7" then
- "60"
- else if lib.versionOlder pkgVer "8" then
- "70"
- else
- throw "When provisioning parsedmarc grafana datasources: unknown Elasticsearch version.";
+ esVersion = lib.getVersion config.services.elasticsearch.package;
in
lib.mkIf cfg.provision.grafana.datasource [
{
name = "dmarc-ag";
type = "elasticsearch";
access = "proxy";
- url = "localhost:9200";
+ url = "http://localhost:9200";
jsonData = {
timeField = "date_range";
inherit esVersion;
@@ -428,7 +421,7 @@ in
name = "dmarc-fo";
type = "elasticsearch";
access = "proxy";
- url = "localhost:9200";
+ url = "http://localhost:9200";
jsonData = {
timeField = "date_range";
inherit esVersion;
@@ -467,12 +460,17 @@ in
# lists, empty attrsets and null. This makes it possible to
# list interesting options in `settings` without them always
# ending up in the resulting config.
- filteredConfig = lib.converge (lib.filterAttrsRecursive (_: v: ! builtins.elem v [ null [] {} ])) cfg.settings;
+ filteredConfig = lib.converge (lib.filterAttrsRecursive (_: v: ! elem v [ null [] {} ])) cfg.settings;
+
+ # Extract secrets (attributes set to an attrset with a
+ # "_secret" key) from the settings and generate the commands
+ # to run to perform the secret replacements.
+ secretPaths = lib.catAttrs "_secret" (lib.collect isSecret filteredConfig);
parsedmarcConfig = ini.generate "parsedmarc.ini" filteredConfig;
- mkSecretReplacement = file:
- lib.optionalString (file != null) ''
- replace-secret '${file}' '${file}' /run/parsedmarc/parsedmarc.ini
- '';
+ mkSecretReplacement = file: ''
+ replace-secret ${lib.escapeShellArgs [ (hashString "sha256" file) file "/run/parsedmarc/parsedmarc.ini" ]}
+ '';
+ secretReplacements = lib.concatMapStrings mkSecretReplacement secretPaths;
in
{
wantedBy = [ "multi-user.target" ];
@@ -487,10 +485,7 @@ in
umask u=rwx,g=,o=
cp ${parsedmarcConfig} /run/parsedmarc/parsedmarc.ini
chown parsedmarc:parsedmarc /run/parsedmarc/parsedmarc.ini
- ${mkSecretReplacement cfg.settings.smtp.password}
- ${mkSecretReplacement cfg.settings.imap.password}
- ${mkSecretReplacement cfg.settings.elasticsearch.password}
- ${mkSecretReplacement cfg.settings.kafka.password}
+ ${secretReplacements}
'' + lib.optionalString cfg.provision.localMail.enable ''
openssl rand -hex 64 >/run/parsedmarc/dmarc_user_passwd
replace-secret '@imap-password@' '/run/parsedmarc/dmarc_user_passwd' /run/parsedmarc/parsedmarc.ini
diff --git a/pkgs/applications/audio/noisetorch/default.nix b/pkgs/applications/audio/noisetorch/default.nix
index 1015829709e..9fcd35a9de3 100644
--- a/pkgs/applications/audio/noisetorch/default.nix
+++ b/pkgs/applications/audio/noisetorch/default.nix
@@ -16,7 +16,7 @@ buildGoModule rec {
doCheck = false;
- ldflags = [ "-X main.version=${version}" "-X main.distribution=nix" ];
+ ldflags = [ "-s" "-w" "-X main.version=${version}" "-X main.distribution=nix" ];
subPackages = [ "." ];
diff --git a/pkgs/applications/audio/reaper/default.nix b/pkgs/applications/audio/reaper/default.nix
index d186755ecce..6f94b0f531c 100644
--- a/pkgs/applications/audio/reaper/default.nix
+++ b/pkgs/applications/audio/reaper/default.nix
@@ -17,13 +17,13 @@
stdenv.mkDerivation rec {
pname = "reaper";
- version = "6.47";
+ version = "6.61";
src = fetchurl {
url = "https://www.reaper.fm/files/${lib.versions.major version}.x/reaper${builtins.replaceStrings ["."] [""] version}_linux_${stdenv.hostPlatform.qemuArch}.tar.xz";
hash = {
- x86_64-linux = "sha256-31HmIx/ohbrzu5uj8KOOZiHNCmXwng9h+fIGaJfYyqA=";
- aarch64-linux = "sha256-CMmcBpaZ6BEZJ1144aQhOJ/o2NrGD7/8aq+ObLVMXYE=";
+ x86_64-linux = "sha256-Lp2EVky1+ruc86LdMmvhZIisoYl0OxdkVnN3h/u09IQ=";
+ aarch64-linux = "sha256-sPLCMA//xAdWXjY7++R6eLWS56Zi0u+9ju7JlICGvVc=";
}.${stdenv.hostPlatform.system};
};
diff --git a/pkgs/applications/backup/pika-backup/default.nix b/pkgs/applications/backup/pika-backup/default.nix
index a8524dea91b..868241b9232 100644
--- a/pkgs/applications/backup/pika-backup/default.nix
+++ b/pkgs/applications/backup/pika-backup/default.nix
@@ -1,7 +1,6 @@
{ lib
, stdenv
, fetchFromGitLab
-, fetchpatch
, rustPlatform
, substituteAll
, desktop-file-utils
@@ -19,20 +18,20 @@
stdenv.mkDerivation rec {
pname = "pika-backup";
- version = "0.4.0";
+ version = "0.4.1";
src = fetchFromGitLab {
domain = "gitlab.gnome.org";
owner = "World";
repo = "pika-backup";
rev = "v${version}";
- hash = "sha256-vQ0hlwsrY0WOUc/ppleE+kKRGHPt/ScEChXrkukln3U=";
+ hash = "sha256-D5QkNgscvNaPEykbcR451Wx8Mvn7HTuQE/22lp95Kbo=";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
name = "${pname}-${version}";
- hash = "sha256-IKUh5gkXTpmMToDaec+CpCIQqJjwJM2ZrmGQhZeTDsg=";
+ hash = "sha256-c4nYlPyc7D1AMOfHjhoDJox+i83+H1YKfWzR3i6bmng=";
};
patches = [
@@ -40,11 +39,6 @@ stdenv.mkDerivation rec {
src = ./borg-path.patch;
borg = "${borgbackup}/bin/borg";
})
- (fetchpatch {
- name = "use-gtk4-update-icon-cache.patch";
- url = "https://gitlab.gnome.org/World/pika-backup/-/merge_requests/64.patch";
- hash = "sha256-AttGQGWealvTIvPwBl5M6FiC4Al/UD4/XckUAxM38SE=";
- })
];
postPatch = ''
diff --git a/pkgs/applications/editors/vscode/extensions/default.nix b/pkgs/applications/editors/vscode/extensions/default.nix
index d4a542bb99e..2de4575d440 100644
--- a/pkgs/applications/editors/vscode/extensions/default.nix
+++ b/pkgs/applications/editors/vscode/extensions/default.nix
@@ -739,8 +739,8 @@ let
mktplcRef = {
name = "theme-dracula";
publisher = "dracula-theme";
- version = "2.22.3";
- sha256 = "0wni9sriin54ci8rly2s68lkfx8rj1cys6mgcizvps9sam6377w6";
+ version = "2.24.2";
+ sha256 = "sha256-YNqWEIvlEI29mfPxOQVdd4db9G2qNodhz8B0MCAAWK8=";
};
meta = with lib; {
changelog = "https://marketplace.visualstudio.com/items/dracula-theme.theme-dracula/changelog";
diff --git a/pkgs/applications/networking/appgate-sdp/default.nix b/pkgs/applications/networking/appgate-sdp/default.nix
index d6f21aa0423..cac64ba7f63 100644
--- a/pkgs/applications/networking/appgate-sdp/default.nix
+++ b/pkgs/applications/networking/appgate-sdp/default.nix
@@ -87,11 +87,11 @@ let
in
stdenv.mkDerivation rec {
pname = "appgate-sdp";
- version = "5.5.4";
+ version = "5.5.5";
src = fetchurl {
url = "https://bin.appgate-sdp.com/${versions.majorMinor version}/client/appgate-sdp_${version}_amd64.deb";
- sha256 = "sha256-7qfgUYD7uPb+ZEierREVfnHoGz0/b/J+hcsX/duDFWU=";
+ sha256 = "sha256-eXcGHd3TGNFqjFQ+wSg4+1hF/6DJTPOs0ldjegFktGo=";
};
# just patch interpreter
diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json
index f661e64bac7..7d8d077e2ac 100644
--- a/pkgs/applications/networking/browsers/chromium/upstream-info.json
+++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json
@@ -19,15 +19,15 @@
}
},
"beta": {
- "version": "103.0.5060.53",
- "sha256": "00di0nw6h3kb0qp2wp3ny3zsar1ayn1lyx5zr28dl1h5cwaaxjqf",
- "sha256bin64": "01vzhhnngr6a7mm1y25ax8vhph6dl948fvkyhdhb9m4j5l4lcqj4",
+ "version": "104.0.5112.20",
+ "sha256": "0adzdk3m2l4pjlk82sqavwgxf6a5darbiwchmlrsxc58p9xxag4s",
+ "sha256bin64": "1cm5k4gpxc0dn0vdqf3qwwf36pc77va9pnci84zcpaxx0jih7l9b",
"deps": {
"gn": {
- "version": "2022-05-11",
+ "version": "2022-06-08",
"url": "https://gn.googlesource.com/gn",
- "rev": "578a7fe4c3c6b0bc2ae1fd2e37f14857d09895bf",
- "sha256": "03dqfrdpf5xxl64dby3qmbwpzdq2gsa8g7xl438py3a629rgxg63"
+ "rev": "2ecd43a10266bd091c98e6dcde507c64f6a0dad3",
+ "sha256": "1q06vsz9b4bb764wy1wy8n177z2pgpm97kq3rl1hmq185mz5fhra"
}
}
},
diff --git a/pkgs/applications/networking/instant-messengers/briar-desktop/default.nix b/pkgs/applications/networking/instant-messengers/briar-desktop/default.nix
new file mode 100644
index 00000000000..1b16786649f
--- /dev/null
+++ b/pkgs/applications/networking/instant-messengers/briar-desktop/default.nix
@@ -0,0 +1,58 @@
+{ lib
+, stdenv
+, fetchzip
+, openjdk
+, makeWrapper
+, tor
+, p7zip
+, bash
+, writeScript
+}:
+let
+
+ briar-tor = writeScript "briar-tor" ''
+ #! ${bash}/bin/bash
+ exec ${tor}/bin/tor "$@"
+ '';
+
+in
+stdenv.mkDerivation rec {
+ pname = "briar-desktop";
+ version = "0.2.1-beta";
+
+ src = fetchzip {
+ url = "https://code.briarproject.org/briar/briar-desktop/-/jobs/18424/artifacts/download?file_type=archive";
+ sha256 = "sha256-ivMbgo0+iZE4/Iffq9HUBErGIQMVLrRZUQ6R3V3X8II=";
+ extension = "zip";
+ };
+
+ nativeBuildInputs = [
+ makeWrapper
+ p7zip
+ ];
+
+ installPhase = ''
+ mkdir -p $out/{bin,lib}
+ cp ${src}/briar-desktop.jar $out/lib/
+ makeWrapper ${openjdk}/bin/java $out/bin/briar-desktop \
+ --add-flags "-jar $out/lib/briar-desktop.jar"
+ '';
+
+ fixupPhase = ''
+ # Replace the embedded Tor binary (which is in a Tar archive)
+ # with one from Nixpkgs.
+ cp ${briar-tor} ./tor
+ for arch in {aarch64,armhf,x86_64}; do
+ 7z a tor_linux-$arch.zip tor
+ 7z a $out/lib/briar-desktop.jar tor_linux-$arch.zip
+ done
+ '';
+
+ meta = with lib; {
+ description = "Decentalized and secure messnger";
+ homepage = "https://code.briarproject.org/briar/briar-desktop";
+ license = licenses.gpl3;
+ maintainers = with maintainers; [ onny ];
+ platforms = [ "x86_64-linux" "aarch64-linux" "armv7l-linux" ];
+ };
+}
diff --git a/pkgs/applications/networking/instant-messengers/chatty/default.nix b/pkgs/applications/networking/instant-messengers/chatty/default.nix
index a6e31573ae8..fc9c4c10b21 100644
--- a/pkgs/applications/networking/instant-messengers/chatty/default.nix
+++ b/pkgs/applications/networking/instant-messengers/chatty/default.nix
@@ -29,7 +29,7 @@
stdenv.mkDerivation rec {
pname = "chatty";
- version = "0.6.6";
+ version = "0.6.7";
src = fetchFromGitLab {
domain = "source.puri.sm";
@@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
repo = "chatty";
rev = "v${version}";
fetchSubmodules = true;
- hash = "sha256-vwgXfoyZOCSMnRAB6bFSrtYlSrpMa9OOcmxYTqhU+lA=";
+ hash = "sha256-W4w/00mRgjfyQmLQ81/EAN+80qk7kDkBmMPJnOU+AIc=";
};
postPatch = ''
diff --git a/pkgs/applications/networking/instant-messengers/element/element-web.nix b/pkgs/applications/networking/instant-messengers/element/element-web.nix
index 7cdfcabdce5..0049ccd6a33 100644
--- a/pkgs/applications/networking/instant-messengers/element/element-web.nix
+++ b/pkgs/applications/networking/instant-messengers/element/element-web.nix
@@ -8,6 +8,7 @@
, yarn
, fixup_yarn_lock
, nodejs
+, jitsi-meet
, conf ? { }
}:
@@ -65,6 +66,7 @@ mkYarnPackage rec {
runHook preInstall
cp -R webapp $out
+ cp ${jitsi-meet}/libs/external_api.min.js $out/jitsi_external_api.min.js
echo "${version}" > "$out/version"
jq -s '.[0] * .[1]' "config.sample.json" "${configOverrides}" > "$out/config.json"
diff --git a/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix/default.nix b/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix/default.nix
index 2dc16701222..601cb127ff1 100644
--- a/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix/default.nix
+++ b/pkgs/applications/networking/irc/weechat/scripts/weechat-matrix/default.nix
@@ -2,6 +2,7 @@
, lib
, python
, fetchFromGitHub
+, fetchpatch
, pyopenssl
, webcolors
, future
@@ -33,6 +34,11 @@ in buildPythonPackage {
hash = "sha256-o4kgneszVLENG167nWnk2FxM+PsMzi+PSyMUMIktZcc=";
};
+ patches = fetchpatch {
+ url = "https://patch-diff.githubusercontent.com/raw/poljar/weechat-matrix/pull/309.patch";
+ sha256 = "sha256-Grdht+TOFvCYRpL7uhPivqL7YzLoNVF3iQNHgbv1Te0=";
+ };
+
propagatedBuildInputs = [
pyopenssl
webcolors
diff --git a/pkgs/development/interpreters/erlang/R16B02-basho.nix b/pkgs/development/interpreters/erlang/R16B02-basho.nix
deleted file mode 100644
index 69d0ac6b7a5..00000000000
--- a/pkgs/development/interpreters/erlang/R16B02-basho.nix
+++ /dev/null
@@ -1,65 +0,0 @@
-{ pkgs, mkDerivation }:
-
-mkDerivation {
- baseName = "erlang";
- version = "16B02.basho10";
-
- src = pkgs.fetchFromGitHub {
- owner = "basho";
- repo = "otp";
- rev = "OTP_R16B02_basho10";
- sha256 = "1s2c3ag9dnp6xmcr27kh95n1w50xly97n1mp8ivc2a3gpv4blqmj";
- };
-
- preConfigure = ''
- export HOME=$PWD/../
- export LANG=C
- export ERL_TOP=$(pwd)
- sed -e s@/bin/pwd@pwd@g -i otp_build
- sed -e s@"/usr/bin/env escript"@$(pwd)/bootstrap/bin/escript@g -i lib/diameter/bin/diameterc
-
- ./otp_build autoconf
- '';
-
- enableHipe = false;
-
- # Do not install docs, instead use prebuilt versions.
- installTargets = "install";
- postInstall = let
- manpages = pkgs.fetchurl {
- url = "https://www.erlang.org/download/otp_doc_man_R16B02.tar.gz";
- sha256 = "12apxjmmd591y9g9bhr97z5jbd1jarqg7wj0y2sqhl21hc1yp75p";
- };
- in ''
- sed -e s@$(pwd)/bootstrap/bin/escript@$out/bin/escript@g -i $out/lib/erlang/lib/diameter-1.4.3/bin/diameterc
-
- tar xf "${manpages}" -C "$out/lib/erlang"
- for i in "$out"/lib/erlang/man/man[0-9]/*.[0-9]; do
- prefix="''${i%/*}"
- mkdir -p "$out/share/man/''${prefix##*/}"
- ln -s "$i" "$out/share/man/''${prefix##*/}/''${i##*/}erl"
- done
- '';
-
- meta = {
- homepage = "https://github.com/basho/otp/";
- description = "Programming language used for massively scalable soft real-time systems, Basho fork";
-
- longDescription = ''
- Erlang is a programming language used to build massively scalable
- soft real-time systems with requirements on high availability.
- Some of its uses are in telecoms, banking, e-commerce, computer
- telephony and instant messaging. Erlang's runtime system has
- built-in support for concurrency, distribution and fault
- tolerance.
- This version of Erlang is Basho's version, forked from Ericsson's
- repository.
- '';
-
- knownVulnerabilities = [ "CVE-2017-1000385" ];
-
- platforms = ["x86_64-linux" "x86_64-darwin"];
- license = pkgs.lib.licenses.asl20;
- maintainers = with pkgs.lib.maintainers; [ mdaiter ];
- };
-}
diff --git a/pkgs/development/libraries/armadillo/default.nix b/pkgs/development/libraries/armadillo/default.nix
index 6513d4be396..539288acd4c 100644
--- a/pkgs/development/libraries/armadillo/default.nix
+++ b/pkgs/development/libraries/armadillo/default.nix
@@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "armadillo";
- version = "11.1.1";
+ version = "11.2.0";
src = fetchurl {
url = "mirror://sourceforge/arma/armadillo-${version}.tar.xz";
- sha256 = "sha256-v6YVSl/v2DLSjVMKWCIf5KLP8qO729guEJveU/sp3Ns=";
+ sha256 = "sha256-31yiFZAcaMY0Z8C/7hTwjjTYdaR6sPCVCCqzLd/08kM=";
};
nativeBuildInputs = [ cmake ];
diff --git a/pkgs/development/libraries/nrf5-sdk/default.nix b/pkgs/development/libraries/nrf5-sdk/default.nix
new file mode 100644
index 00000000000..c8667287a00
--- /dev/null
+++ b/pkgs/development/libraries/nrf5-sdk/default.nix
@@ -0,0 +1,37 @@
+{ lib
+, stdenv
+, fetchzip
+}:
+
+stdenv.mkDerivation rec {
+ pname = "nrf5-sdk";
+ version = "17.1.0";
+
+ urlHash = "ddde560";
+
+ src = fetchzip {
+ url = "https://nsscprodmedia.blob.core.windows.net/prod/software-and-other-downloads/sdks/nrf5/binaries/nrf5_sdk_${version}_${urlHash}.zip";
+ sha256 = "sha256-q4WQ7X7/z/42/qcii+mOLnobqcbUy0tInkOfRH/Gwus=";
+ };
+
+ dontConfigure = true;
+ dontBuild = true;
+
+ installPhase = ''
+ runHook preInstall
+
+ mkdir -p $out/share/nRF5_SDK
+ mv * $out/share/nRF5_SDK
+ rm $out/share/nRF5_SDK/*.msi
+
+ runHook postInstall
+ '';
+
+ meta = with lib; {
+ description = "Nordic Semiconductor nRF5 Software Development Kit";
+ homepage = "https://www.nordicsemi.com/Products/Development-software/nRF5-SDK";
+ license = licenses.unfree;
+ platforms = platforms.all;
+ maintainers = with maintainers; [ stargate01 ];
+ };
+}
diff --git a/pkgs/development/python-modules/geoip2/default.nix b/pkgs/development/python-modules/geoip2/default.nix
index c5e9a01db53..65f938fd6a9 100644
--- a/pkgs/development/python-modules/geoip2/default.nix
+++ b/pkgs/development/python-modules/geoip2/default.nix
@@ -9,13 +9,13 @@
}:
buildPythonPackage rec {
- version = "4.5.0";
+ version = "4.6.0";
pname = "geoip2";
disabled = pythonOlder "3.6";
src = fetchPypi {
inherit pname version;
- sha256 = "b542252e87eb40adc3a2fc0f4e84b514c4c5e04ed46923a3a74d509f25f3103a";
+ sha256 = "sha256-8OgLzoCwa7OL0Iv0h31ahONU6TIJXmzPtNJ7tZj6T4M=";
};
patchPhase = ''
diff --git a/pkgs/development/python-modules/nodeenv/default.nix b/pkgs/development/python-modules/nodeenv/default.nix
index 1ff2d47b32d..d08fcf4699a 100644
--- a/pkgs/development/python-modules/nodeenv/default.nix
+++ b/pkgs/development/python-modules/nodeenv/default.nix
@@ -1,31 +1,55 @@
-{ lib, buildPythonPackage, fetchPypi, setuptools, python, which }:
+{ lib
+, buildPythonPackage
+, fetchFromGitHub
+, mock
+, pytestCheckHook
+, python
+, pythonOlder
+, setuptools
+, which
+}:
buildPythonPackage rec {
pname = "nodeenv";
- version = "1.6.0";
+ version = "1.7.0";
+ format = "setuptools";
- src = fetchPypi {
- inherit pname version;
- sha256 = "3ef13ff90291ba2a4a7a4ff9a979b63ffdd00a464dbe04acf0ea6471517a4c2b";
+ disabled = pythonOlder "3.7";
+
+ src = fetchFromGitHub {
+ owner = "ekalinin";
+ repo = pname;
+ rev = version;
+ hash = "sha256-X30PUiOMT/vXqmdSJKHTNNA8aLWavCUaKa7LzqkdLrk=";
};
propagatedBuildInputs = [
setuptools
];
- # Tests not included in PyPI tarball
- doCheck = false;
+ checkInputs = [
+ mock
+ pytestCheckHook
+ ];
preFixup = ''
substituteInPlace $out/${python.sitePackages}/nodeenv.py \
--replace '["which", candidate]' '["${lib.getBin which}/bin/which", candidate]'
'';
- pythonImportsCheck = [ "nodeenv" ];
+ pythonImportsCheck = [
+ "nodeenv"
+ ];
+
+ disabledTests = [
+ # Test requires coverage
+ "test_smoke"
+ ];
meta = with lib; {
description = "Node.js virtual environment builder";
homepage = "https://github.com/ekalinin/nodeenv";
license = licenses.bsd3;
+ maintainers = with maintainers; [ ];
};
}
diff --git a/pkgs/os-specific/linux/intel-ocl/default.nix b/pkgs/os-specific/linux/intel-ocl/default.nix
index 026ce80c645..b1451421d69 100644
--- a/pkgs/os-specific/linux/intel-ocl/default.nix
+++ b/pkgs/os-specific/linux/intel-ocl/default.nix
@@ -9,6 +9,7 @@ stdenv.mkDerivation rec {
urls = [
"https://registrationcenter-download.intel.com/akdlm/irc_nas/11396/SRB5.0_linux64.zip"
"http://registrationcenter-download.intel.com/akdlm/irc_nas/11396/SRB5.0_linux64.zip"
+ "https://web.archive.org/web/20190526190814/http://registrationcenter-download.intel.com/akdlm/irc_nas/11396/SRB5.0_linux64.zip"
];
sha256 = "0qbp63l74s0i80ysh9ya8x7r79xkddbbz4378nms9i7a0kprg9p2";
stripRoot = false;
@@ -69,9 +70,9 @@ stdenv.mkDerivation rec {
meta = {
description = "Official OpenCL runtime for Intel CPUs";
- homepage = "https://software.intel.com/en-us/articles/opencl-drivers";
- license = lib.licenses.unfree;
- platforms = [ "x86_64-linux" ];
+ homepage = "https://software.intel.com/en-us/articles/opencl-drivers";
+ license = lib.licenses.unfree;
+ platforms = [ "x86_64-linux" ];
maintainers = [ lib.maintainers.kierdavis ];
};
}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index eb1812ab2c8..3b9e6c0e6b4 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -4599,6 +4599,8 @@ with pkgs;
boofuzz= callPackage ../tools/security/boofuzz { };
+ briar-desktop = callPackage ../applications/networking/instant-messengers/briar-desktop { };
+
bsdbuild = callPackage ../development/tools/misc/bsdbuild { };
bsdiff = callPackage ../tools/compression/bsdiff { };
@@ -14440,7 +14442,7 @@ with pkgs;
inherit (beam.interpreters)
erlang erlangR25 erlangR24 erlangR23 erlangR22 erlangR21
- erlang_odbc erlang_javac erlang_odbc_javac erlang_basho_R16B02
+ erlang_odbc erlang_javac erlang_odbc_javac
elixir elixir_1_13 elixir_1_12 elixir_1_11 elixir_1_10 elixir_1_9
elixir_ls;
@@ -16130,6 +16132,8 @@ with pkgs;
sdk = true;
};
+ nrf5-sdk = callPackage ../development/libraries/nrf5-sdk { };
+
nrfutil = callPackage ../development/tools/misc/nrfutil { };
obelisk = callPackage ../development/tools/ocaml/obelisk { menhir = ocamlPackages.menhir; };
@@ -20920,6 +20924,23 @@ with pkgs;
sphinx = with python3Packages; toPythonApplication sphinx;
+ # A variation of sphinx that is only suitable for offline use as it excludes
+ # pyopenssl, which is broken on aarch64-darwin.
+ # https://github.com/NixOS/nixpkgs/issues/175875
+ sphinx_offline =
+ if !(stdenv.buildPlatform.isDarwin && stdenv.buildPlatform.isAarch64)
+ then sphinx
+ else
+ sphinx.override (o: {
+ requests = pkgsBuildTarget.python3Packages.requests.override (o: {
+ urllib3 = pkgsBuildTarget.python3Packages.urllib3.overrideAttrs (o: {
+ # urllib3 adds the optional pyopenssl to propagatedBuildInputs
+ # pkgs/development/python-modules/urllib3/default.nix
+ propagatedBuildInputs = [];
+ });
+ });
+ });
+
sphinx-autobuild = with python3Packages; toPythonApplication sphinx-autobuild;
sphinx-serve = with python3Packages; toPythonApplication sphinx-serve;
@@ -26981,6 +27002,8 @@ with pkgs;
# Git with SVN support, but without GUI.
gitSVN = lowPrio (git.override { svnSupport = true; });
+ git-autofixup = perlPackages.GitAutofixup;
+
git-doc = lib.addMetaAttrs {
description = "Additional documentation for Git";
longDescription = ''
diff --git a/pkgs/top-level/beam-packages.nix b/pkgs/top-level/beam-packages.nix
index e7f4b6b5250..71487377526 100644
--- a/pkgs/top-level/beam-packages.nix
+++ b/pkgs/top-level/beam-packages.nix
@@ -92,15 +92,6 @@ with beam; {
odbcSupport = true;
};
- # Basho fork, using custom builder.
- erlang_basho_R16B02 =
- lib.callErlang ../development/interpreters/erlang/R16B02-basho.nix {
- autoconf = buildPackages.autoconf269;
- inherit wxSupport;
- };
- erlang_basho_R16B02_odbc =
- erlang_basho_R16B02.override { odbcSupport = true; };
-
# Other Beam languages. These are built with `beam.interpreters.erlang`. To
# access for example elixir built with different version of Erlang, use
# `beam.packages.erlangR24.elixir`.
diff --git a/pkgs/top-level/haskell-packages.nix b/pkgs/top-level/haskell-packages.nix
index 68a32309956..54a050be73f 100644
--- a/pkgs/top-level/haskell-packages.nix
+++ b/pkgs/top-level/haskell-packages.nix
@@ -49,6 +49,8 @@ let
# Use this rather than `rec { ... }` below for sake of overlays.
inherit (pkgs.haskell) compiler packages;
+ sphinx = buildPackages.sphinx_offline;
+
in {
lib = haskellLibUncomposable;
@@ -97,7 +99,7 @@ in {
packages.ghc8102Binary
else
packages.ghc865Binary;
- inherit (buildPackages.python3Packages) sphinx;
+ inherit sphinx;
buildTargetLlvmPackages = pkgsBuildTarget.llvmPackages_7;
llvmPackages = pkgs.llvmPackages_7;
};
@@ -110,7 +112,7 @@ in {
packages.ghc8107BinaryMinimal
else
packages.ghc8107Binary;
- inherit (buildPackages.python3Packages) sphinx;
+ inherit sphinx;
# Need to use apple's patched xattr until
# https://github.com/xattr/xattr/issues/44 and
# https://github.com/xattr/xattr/issues/55 are solved.
@@ -126,7 +128,7 @@ in {
packages.ghc8107BinaryMinimal
else
packages.ghc8107Binary;
- inherit (buildPackages.python3Packages) sphinx;
+ inherit sphinx;
inherit (buildPackages.darwin) autoSignDarwinBinariesHook xattr;
buildTargetLlvmPackages = pkgsBuildTarget.llvmPackages_12;
llvmPackages = pkgs.llvmPackages_12;
@@ -138,7 +140,7 @@ in {
packages.ghc8107BinaryMinimal
else
packages.ghc8107Binary;
- inherit (buildPackages.python3Packages) sphinx;
+ inherit sphinx;
# Need to use apple's patched xattr until
# https://github.com/xattr/xattr/issues/44 and
# https://github.com/xattr/xattr/issues/55 are solved.
@@ -148,7 +150,7 @@ in {
};
ghcHEAD = callPackage ../development/compilers/ghc/head.nix {
bootPkgs = packages.ghc8107Binary;
- inherit (buildPackages.python3Packages) sphinx;
+ inherit sphinx;
# Need to use apple's patched xattr until
# https://github.com/xattr/xattr/issues/44 and
# https://github.com/xattr/xattr/issues/55 are solved.