diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
index 7f5da547805..c0f36fcfd35 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@@ -2514,6 +2514,16 @@ cp /var/lib/redis/dump.rdb "/var/lib/redis-mastodon/dump.rdb"
enabled.
+
+
+ The Nextcloud module now allows setting the value of the
+ max-age directive of the
+ Strict-Transport-Security HTTP header,
+ which is now controlled by the
+ services.nextcloud.https option, rather
+ than services.nginx.recommendedHttpHeaders.
+
+
The spark3 package has been updated from
diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md
index acead412048..5902957a535 100644
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@@ -892,6 +892,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- The Nextcloud module now supports to create a Mysql database automatically
with `services.nextcloud.database.createLocally` enabled.
+- The Nextcloud module now allows setting the value of the `max-age` directive of the `Strict-Transport-Security` HTTP header, which is now controlled by the `services.nextcloud.https` option, rather than `services.nginx.recommendedHttpHeaders`.
+
- The `spark3` package has been updated from 3.1.2 to 3.2.1 ([#160075](https://github.com/NixOS/nixpkgs/pull/160075)):
- Testing has been enabled for `aarch64-linux` in addition to `x86_64-linux`.
diff --git a/nixos/modules/misc/locate.nix b/nixos/modules/misc/locate.nix
index 192c9ec413c..50495eebe4c 100644
--- a/nixos/modules/misc/locate.nix
+++ b/nixos/modules/misc/locate.nix
@@ -250,7 +250,7 @@ in
};
warnings = optional (isMorPLocate && cfg.localuser != null)
- "mlocate does not support the services.locate.localuser option; updatedb will run as root. (Silence with services.locate.localuser = null.)"
+ "mlocate and plocate do not support the services.locate.localuser option. updatedb will run as root. Silence this warning by setting services.locate.localuser = null."
++ optional (isFindutils && cfg.pruneNames != [ ])
"findutils locate does not support pruning by directory component"
++ optional (isFindutils && cfg.pruneBindMounts)
diff --git a/nixos/modules/services/monitoring/prometheus/default.nix b/nixos/modules/services/monitoring/prometheus/default.nix
index ceb2db1faef..41848c1c6d3 100644
--- a/nixos/modules/services/monitoring/prometheus/default.nix
+++ b/nixos/modules/services/monitoring/prometheus/default.nix
@@ -5,6 +5,9 @@ with lib;
let
json = pkgs.formats.json { };
cfg = config.services.prometheus;
+ checkConfigEnabled =
+ (lib.isBool cfg.checkConfig && cfg.checkConfig)
+ || cfg.checkConfig == "syntax-only";
workingDir = "/var/lib/" + cfg.stateDir;
@@ -27,7 +30,7 @@ let
# a wrapper that verifies that the configuration is valid
promtoolCheck = what: name: file:
- if cfg.checkConfig then
+ if checkConfigEnabled then
pkgs.runCommandLocal
"${name}-${replaceStrings [" "] [""] what}-checked"
{ buildInputs = [ cfg.package ]; } ''
@@ -58,7 +61,7 @@ let
pkgs.writeText "prometheus.yml" cfg.configText
else generatedPrometheusYml;
in
- promtoolCheck "check config" "prometheus.yml" yml;
+ promtoolCheck "check config ${lib.optionalString (cfg.checkConfig == "syntax-only") "--syntax-only"}" "prometheus.yml" yml;
cmdlineArgs = cfg.extraFlags ++ [
"--storage.tsdb.path=${workingDir}/data/"
@@ -1726,16 +1729,20 @@ in
};
checkConfig = mkOption {
- type = types.bool;
+ type = with types; either bool (enum [ "syntax-only" ]);
default = true;
+ example = "syntax-only";
description = ''
Check configuration with promtool
check. The call to promtool is
- subject to sandboxing by Nix. When credentials are stored in
- external files (password_file,
- bearer_token_file, etc), they will not be
- visible to promtool and it will report
- errors, despite a correct configuration.
+ subject to sandboxing by Nix.
+
+ If you use credentials stored in external files
+ (password_file, bearer_token_file, etc),
+ they will not be visible to promtool
+ and it will report errors, despite a correct configuration.
+ To resolve this, you may set this option to "syntax-only"
+ in order to only syntax check the Prometheus configuration.
'';
};
diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix
index a4b886821eb..87270776f5a 100644
--- a/nixos/modules/services/web-apps/nextcloud.nix
+++ b/nixos/modules/services/web-apps/nextcloud.nix
@@ -546,10 +546,23 @@ in {
'';
};
- nginx.recommendedHttpHeaders = mkOption {
- type = types.bool;
- default = true;
- description = "Enable additional recommended HTTP response headers";
+ nginx = {
+ recommendedHttpHeaders = mkOption {
+ type = types.bool;
+ default = true;
+ description = "Enable additional recommended HTTP response headers";
+ };
+ hstsMaxAge = mkOption {
+ type = types.ints.positive;
+ default = 15552000;
+ description = ''
+ Value for the max-age
directive of the HTTP
+ Strict-Transport-Security
header.
+
+ See section 6.1.1 of IETF RFC 6797 for detailed information on this
+ directive and header.
+ '';
+ };
};
};
@@ -702,7 +715,7 @@ in {
'skeletondirectory' => '${cfg.skeletonDirectory}',
${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"}
'log_type' => 'syslog',
- 'log_level' => '${builtins.toString cfg.logLevel}',
+ 'loglevel' => '${builtins.toString cfg.logLevel}',
${optionalString (c.overwriteProtocol != null) "'overwriteprotocol' => '${c.overwriteProtocol}',"}
${optionalString (c.dbname != null) "'dbname' => '${c.dbname}',"}
${optionalString (c.dbhost != null) "'dbhost' => '${c.dbhost}',"}
@@ -983,7 +996,9 @@ in {
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options sameorigin;
add_header Referrer-Policy no-referrer;
- add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
+ ''}
+ ${optionalString (cfg.https) ''
+ add_header Strict-Transport-Security "max-age=${toString cfg.nginx.hstsMaxAge}; includeSubDomains" always;
''}
client_max_body_size ${cfg.maxUploadSize};
fastcgi_buffers 64 4K;
diff --git a/pkgs/applications/blockchains/wasabiwallet/default.nix b/pkgs/applications/blockchains/wasabiwallet/default.nix
index f8e20f1a05d..e3cea78629f 100644
--- a/pkgs/applications/blockchains/wasabiwallet/default.nix
+++ b/pkgs/applications/blockchains/wasabiwallet/default.nix
@@ -25,11 +25,11 @@ let
in
stdenv.mkDerivation rec {
pname = "wasabiwallet";
- version = "1.1.12.9";
+ version = "1.1.13.1";
src = fetchurl {
url = "https://github.com/zkSNACKs/WalletWasabi/releases/download/v${version}/Wasabi-${version}.tar.gz";
- sha256 = "sha256-DtoLQbRXyR4xGm+M0xg9uj8wcbh1dOBJUG430OS8AS4=";
+ sha256 = "sha256-AtsNbUqEBQx0DPWR2LjNl7pdviYmvkv3bYKNBoeJHbw=";
};
dontBuild = true;
diff --git a/pkgs/applications/graphics/ImageMagick/7.0.nix b/pkgs/applications/graphics/ImageMagick/7.0.nix
index 44d54014976..66248ff5365 100644
--- a/pkgs/applications/graphics/ImageMagick/7.0.nix
+++ b/pkgs/applications/graphics/ImageMagick/7.0.nix
@@ -45,13 +45,13 @@ in
stdenv.mkDerivation rec {
pname = "imagemagick";
- version = "7.1.0-33";
+ version = "7.1.0-34";
src = fetchFromGitHub {
owner = "ImageMagick";
repo = "ImageMagick";
rev = version;
- hash = "sha256-qiXTSQcc48IIzz7RUcyOH2w8JUOTdU1zg43gJhoELXo=";
+ hash = "sha256-eASmIOTYupK5di3lggJ/8O5pkG88ZpFuvaYK23AWsq4=";
};
outputs = [ "out" "dev" "doc" ]; # bin/ isn't really big
diff --git a/pkgs/applications/networking/cluster/terraform-providers/providers.json b/pkgs/applications/networking/cluster/terraform-providers/providers.json
index 94fcafcb48c..db7ca3cf386 100644
--- a/pkgs/applications/networking/cluster/terraform-providers/providers.json
+++ b/pkgs/applications/networking/cluster/terraform-providers/providers.json
@@ -420,10 +420,10 @@
"owner": "integrations",
"provider-source-address": "registry.terraform.io/integrations/github",
"repo": "terraform-provider-github",
- "rev": "v4.25.0-alpha",
- "sha256": "sha256-9BE19VywtNIeDfjBKzle5nGFPmpS8lHV60w0h2xTztU=",
+ "rev": "v4.24.1",
+ "sha256": "sha256-1fwHMN2HIVl+8ZL7OtP1U5ORc41e7Tm3qEpMqIgWL20=",
"vendorSha256": null,
- "version": "4.25.0-alpha"
+ "version": "4.24.1"
},
"gitlab": {
"owner": "gitlabhq",
@@ -719,10 +719,10 @@
"owner": "equinix",
"provider-source-address": "registry.terraform.io/equinix/metal",
"repo": "terraform-provider-metal",
- "rev": "v3.3.0-alpha.3",
- "sha256": "sha256-wuZp0Be8a84y7JqpCGnBDPXgNG8JJcNWsIICP3ZjSVk=",
- "vendorSha256": "sha256-Ln9EyycPduVuj+JefH9f+Q5KlNGvbcwcEDgaqH2M0So=",
- "version": "3.3.0-alpha.3"
+ "rev": "v3.2.2",
+ "sha256": "193897farpyb3zxz6p79mfaf04ccin7xdirbkclqb3x3c56jy0xi",
+ "vendorSha256": null,
+ "version": "3.2.2"
},
"minio": {
"owner": "aminueza",
diff --git a/pkgs/applications/networking/cluster/terraform-providers/update-provider b/pkgs/applications/networking/cluster/terraform-providers/update-provider
index 4310fcdcc27..fb506cefbe0 100755
--- a/pkgs/applications/networking/cluster/terraform-providers/update-provider
+++ b/pkgs/applications/networking/cluster/terraform-providers/update-provider
@@ -128,9 +128,12 @@ version="$(jq -r '.version' <<<"${registry_response}")"
if [[ ${old_version} == "${version}" && ${force} != 1 && -z ${vendorSha256} && ${old_vendor_sha256} != "${vendorSha256}" ]]; then
echo_provider "already at version ${version}"
exit
-else
- echo_provider "updating from ${old_version} to ${version}"
fi
+if [[ ${version} =~ (alpha|beta|pre) && ${force} != 1 ]]; then
+ echo_provider "not updating to unstable version ${version}"
+ exit
+fi
+echo_provider "updating from ${old_version} to ${version}"
update_attr version "${version}"
provider_source_url="$(jq -r '.source' <<<"${registry_response}")"
diff --git a/pkgs/applications/science/biology/EZminc/default.nix b/pkgs/applications/science/biology/EZminc/default.nix
index a2ba038c059..6c140b03ee4 100644
--- a/pkgs/applications/science/biology/EZminc/default.nix
+++ b/pkgs/applications/science/biology/EZminc/default.nix
@@ -25,5 +25,6 @@ stdenv.mkDerivation rec {
maintainers = with maintainers; [ bcdarwin ];
platforms = platforms.unix;
license = licenses.free;
+ broken = true; # ITK5 compatibility issue (https://github.com/BIC-MNI/EZminc/issues/15)
};
}
diff --git a/pkgs/development/compilers/vlang/default.nix b/pkgs/development/compilers/vlang/default.nix
index 0601022df61..64ccb2fc16e 100644
--- a/pkgs/development/compilers/vlang/default.nix
+++ b/pkgs/development/compilers/vlang/default.nix
@@ -2,21 +2,21 @@
stdenv.mkDerivation rec {
pname = "vlang";
- version = "weekly.2022.19";
+ version = "weekly.2022.20";
src = fetchFromGitHub {
owner = "vlang";
repo = "v";
rev = version;
- sha256 = "1bl91j3ip3i84jq3wg03sflllxv38sv4dc072r302rl2g9f4dbg6";
+ sha256 = "1isbyfs98bdbm2qjf7q4bqbpsmdiqlavn3gznwr12bkvhnsf4j3x";
};
# Required for bootstrap.
vc = fetchFromGitHub {
owner = "vlang";
repo = "vc";
- rev = "a298ad7069f6333ef8ab59a616654fc74e04c847";
- sha256 = "168cgq6451hcgsxzyd8vq11g01642bs5kkwxqh6rz3rnc86ajic0";
+ rev = "167f262866090493650f58832d62d910999dd5a4";
+ sha256 = "1xax8355qkrccjcmx24gcab88xnrqj15mhqy0bgp3v2rb1hw1n3a";
};
# Required for vdoc.
@@ -27,11 +27,6 @@ stdenv.mkDerivation rec {
sha256 = "0cawzizr3rjz81blpvxvxrcvcdai1adj66885ss390444qq1fnv7";
};
- # vcreate_test.v requires git, so we must disable it.
- patches = [
- ./disable_vcreate_test.patch
- ];
-
propagatedBuildInputs = [ glfw freetype openssl ]
++ lib.optional stdenv.hostPlatform.isUnix upx;
@@ -42,9 +37,16 @@ stdenv.mkDerivation rec {
"VC=${vc}"
];
- prePatch = ''
+ preBuild = ''
export HOME=$(mktemp -d)
- cp cmd/tools/vcreate_test.v $HOME/vcreate_test.v
+ '';
+
+ # vcreate_test.v requires git, so we must remove it when building the tools.
+ # vtest.v fails on Darwin, so let's just disable it for now.
+ preInstall = ''
+ mv cmd/tools/vcreate_test.v $HOME/vcreate_test.v
+ '' + lib.optionalString stdenv.isDarwin ''
+ mv cmd/tools/vtest.v $HOME/vtest.v
'';
installPhase = ''
@@ -64,12 +66,16 @@ stdenv.mkDerivation rec {
$out/lib/v -v $out/lib/cmd/tools/vast
$out/lib/v -v $out/lib/cmd/tools/vvet
- # Return the pre-patch vcreate_test.v now that we no longer need the alteration.
- cp $HOME/vcreate_test.v $out/lib/cmd/tools/vcreate_test.v
-
runHook postInstall
'';
+ # Return vcreate_test.v and vtest.v, so the user can use it.
+ postInstall = ''
+ cp $HOME/vcreate_test.v $out/lib/cmd/tools/vcreate_test.v
+ '' + lib.optionalString stdenv.isDarwin ''
+ cp $HOME/vtest.v $out/lib/cmd/tools/vtest.v
+ '';
+
meta = with lib; {
homepage = "https://vlang.io/";
description = "Simple, fast, safe, compiled language for developing maintainable software";
diff --git a/pkgs/development/compilers/vlang/disable_vcreate_test.patch b/pkgs/development/compilers/vlang/disable_vcreate_test.patch
deleted file mode 100644
index 85ed867c83e..00000000000
--- a/pkgs/development/compilers/vlang/disable_vcreate_test.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-diff --git a/cmd/tools/vcreate_test.v b/cmd/tools/vcreate_test.v
-index 3d07f4773..de8a202df 100644
---- a/cmd/tools/vcreate_test.v
-+++ b/cmd/tools/vcreate_test.v
-@@ -2,127 +2,6 @@ import os
-
- const test_path = 'vcreate_test'
-
--fn init_and_check() ? {
-- os.execute_or_exit('${os.quoted_path(@VEXE)} init')
--
-- assert os.read_file('vcreate_test.v') ? == [
-- 'module main\n',
-- 'fn main() {',
-- " println('Hello World!')",
-- '}',
-- '',
-- ].join_lines()
--
-- assert os.read_file('v.mod') ? == [
-- 'Module {',
-- " name: 'vcreate_test'",
-- " description: ''",
-- " version: ''",
-- " license: ''",
-- ' dependencies: []',
-- '}',
-- '',
-- ].join_lines()
--
-- assert os.read_file('.gitignore') ? == [
-- '# Binaries for programs and plugins',
-- 'main',
-- 'vcreate_test',
-- '*.exe',
-- '*.exe~',
-- '*.so',
-- '*.dylib',
-- '*.dll',
-- 'vls.log',
-- '',
-- ].join_lines()
--
-- assert os.read_file('.gitattributes') ? == [
-- '*.v linguist-language=V text=auto eol=lf',
-- '*.vv linguist-language=V text=auto eol=lf',
-- '*.vsh linguist-language=V text=auto eol=lf',
-- '**/v.mod linguist-language=V text=auto eol=lf',
-- '',
-- ].join_lines()
--
-- assert os.read_file('.editorconfig') ? == [
-- '[*]',
-- 'charset = utf-8',
-- 'end_of_line = lf',
-- 'insert_final_newline = true',
-- 'trim_trailing_whitespace = true',
-- '',
-- '[*.v]',
-- 'indent_style = tab',
-- 'indent_size = 4',
-- '',
-- ].join_lines()
--}
--
- fn test_v_init() ? {
-- dir := os.join_path(os.temp_dir(), test_path)
-- os.rmdir_all(dir) or {}
-- os.mkdir(dir) or {}
-- defer {
-- os.rmdir_all(dir) or {}
-- }
-- os.chdir(dir) ?
--
-- init_and_check() ?
--}
--
--fn test_v_init_in_git_dir() ? {
-- dir := os.join_path(os.temp_dir(), test_path)
-- os.rmdir_all(dir) or {}
-- os.mkdir(dir) or {}
-- defer {
-- os.rmdir_all(dir) or {}
-- }
-- os.chdir(dir) ?
-- os.execute_or_exit('git init .')
-- init_and_check() ?
--}
--
--fn test_v_init_no_overwrite_gitignore() ? {
-- dir := os.join_path(os.temp_dir(), test_path)
-- os.rmdir_all(dir) or {}
-- os.mkdir(dir) or {}
-- os.write_file('$dir/.gitignore', 'blah') ?
-- defer {
-- os.rmdir_all(dir) or {}
-- }
-- os.chdir(dir) ?
--
-- os.execute_or_exit('${os.quoted_path(@VEXE)} init')
--
-- assert os.read_file('.gitignore') ? == 'blah'
--}
--
--fn test_v_init_no_overwrite_gitattributes_and_editorconfig() ? {
-- git_attributes_content := '*.v linguist-language=V text=auto eol=lf'
-- editor_config_content := '[*]
--charset = utf-8
--end_of_line = lf
--insert_final_newline = true
--trim_trailing_whitespace = true
--
--[*.v]
--indent_style = tab
--indent_size = 4
--'
--
-- dir := os.join_path(os.temp_dir(), test_path)
-- os.rmdir_all(dir) or {}
-- os.mkdir(dir) or {}
-- os.write_file('$dir/.gitattributes', git_attributes_content) ?
-- os.write_file('$dir/.editorconfig', editor_config_content) ?
-- defer {
-- os.rmdir_all(dir) or {}
-- }
-- os.chdir(dir) ?
--
-- os.execute_or_exit('${os.quoted_path(@VEXE)} init')
--
-- assert os.read_file('.gitattributes') ? == git_attributes_content
-- assert os.read_file('.editorconfig') ? == editor_config_content
-+ println('vcreate_test disabled')
- }
diff --git a/pkgs/development/libraries/libnih/default.nix b/pkgs/development/libraries/libnih/default.nix
deleted file mode 100644
index fbe01bf4062..00000000000
--- a/pkgs/development/libraries/libnih/default.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ lib, stdenv, fetchurl, pkg-config, dbus, expat }:
-
-let version = "1.0.3"; in
-
-stdenv.mkDerivation {
- pname = "libnih";
- inherit version;
-
- src = fetchurl {
- url = "https://code.launchpad.net/libnih/1.0/${version}/+download/libnih-${version}.tar.gz";
- sha256 = "01glc6y7z1g726zwpvp2zm79pyb37ki729jkh45akh35fpgp4xc9";
- };
-
- nativeBuildInputs = [ pkg-config ];
- buildInputs = [ dbus expat ];
-
- doCheck = false; # fails 1 of 17 test
-
- meta = {
- description = "A small library for C application development";
- homepage = "https://launchpad.net/libnih";
- license = lib.licenses.gpl2;
- platforms = lib.platforms.linux;
- };
-}
diff --git a/pkgs/development/libraries/podofo/default.nix b/pkgs/development/libraries/podofo/default.nix
index ee99ab5de6f..c4aab614915 100644
--- a/pkgs/development/libraries/podofo/default.nix
+++ b/pkgs/development/libraries/podofo/default.nix
@@ -3,12 +3,12 @@
}:
stdenv.mkDerivation rec {
- version = "0.9.7";
+ version = "0.9.8";
pname = "podofo";
src = fetchurl {
url = "mirror://sourceforge/podofo/${pname}-${version}.tar.gz";
- sha256 = "1f0yvkx6nf99fp741w2y706d8bs9824x1z2gqm3rdy5fv8bfgwkw";
+ sha256 = "sha256-XeYH4V8ZK4rZBzgwB1nYjeoPXM3OO/AASKDJMrxkUVQ=";
};
outputs = [ "out" "dev" "lib" ];
diff --git a/pkgs/development/libraries/science/math/lrs/default.nix b/pkgs/development/libraries/science/math/lrs/default.nix
index 063fead1165..ae5beb0f09e 100644
--- a/pkgs/development/libraries/science/math/lrs/default.nix
+++ b/pkgs/development/libraries/science/math/lrs/default.nix
@@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "lrs";
- version = "7.0";
+ version = "7.2";
src = fetchurl {
- url = "http://cgm.cs.mcgill.ca/~avis/C/lrslib/archive/lrslib-070.tar.gz";
- sha256 = "1zjdmkjracz695k73c2pvipc0skpyn1wzagkhilsvcw9pqljpwg9";
+ url = "http://cgm.cs.mcgill.ca/~avis/C/lrslib/archive/lrslib-072.tar.gz";
+ sha256 = "1w1jsnfgny8cihndr5gfm99pvwp48qsvxkqfsi2q87gd3m57aj7w";
};
buildInputs = [ gmp ];
diff --git a/pkgs/development/python-modules/bc-python-hcl2/default.nix b/pkgs/development/python-modules/bc-python-hcl2/default.nix
index 8d5c2d7d4c2..56773e372b4 100644
--- a/pkgs/development/python-modules/bc-python-hcl2/default.nix
+++ b/pkgs/development/python-modules/bc-python-hcl2/default.nix
@@ -8,14 +8,14 @@
buildPythonPackage rec {
pname = "bc-python-hcl2";
- version = "0.3.39";
+ version = "0.3.40";
format = "setuptools";
disabled = pythonOlder "3.6";
src = fetchPypi {
inherit pname version;
- hash = "sha256-JMQ2sLgAnMJ1/0nR8LgKbpPB43gVKtCtrZKr/T4p0O8=";
+ hash = "sha256-4we2Txk7kJ1SrCa82eQJ9OsqyTkFzocNi+GG7cV+OAc=";
};
# Nose is required during build process, so can not use `checkInputs`.
diff --git a/pkgs/development/python-modules/cvxpy/default.nix b/pkgs/development/python-modules/cvxpy/default.nix
index 73609966ba8..033af1fb5d9 100644
--- a/pkgs/development/python-modules/cvxpy/default.nix
+++ b/pkgs/development/python-modules/cvxpy/default.nix
@@ -16,14 +16,14 @@
buildPythonPackage rec {
pname = "cvxpy";
- version = "1.2.0";
+ version = "1.2.1";
format = "pyproject";
disabled = pythonOlder "3.5";
src = fetchPypi {
inherit pname version;
- sha256 = "sha256-QURm/ehJovqr/ZRE7ILKLnvxQsAdcjdSTPlzCt60IBw=";
+ sha256 = "sha256-bWdkJkPR3bLyr1m0Zrh9QsSi42eDGte0PDO1nu+ltQ4=";
};
propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/ipympl/default.nix b/pkgs/development/python-modules/ipympl/default.nix
index 226fea5b621..d17a4a85c3b 100644
--- a/pkgs/development/python-modules/ipympl/default.nix
+++ b/pkgs/development/python-modules/ipympl/default.nix
@@ -8,12 +8,12 @@
buildPythonPackage rec {
pname = "ipympl";
- version = "0.9.0";
+ version = "0.9.1";
format = "wheel";
src = fetchPypi {
inherit pname version format;
- sha256 = "sha256-HpO3T/zRbimxd1+nUkbSmclj7nPsMYuSUK0VJItZQs4=";
+ sha256 = "sha256-NQW0ctQSF4/RFeJVdk0efnYy1sgunebWKyVDijU3RoA=";
};
diff --git a/pkgs/development/python-modules/pg8000/default.nix b/pkgs/development/python-modules/pg8000/default.nix
index 9179448227f..b3ac256e0bb 100644
--- a/pkgs/development/python-modules/pg8000/default.nix
+++ b/pkgs/development/python-modules/pg8000/default.nix
@@ -8,14 +8,14 @@
buildPythonPackage rec {
pname = "pg8000";
- version = "1.27.1";
+ version = "1.28.0";
format = "setuptools";
disabled = pythonOlder "3.6";
src = fetchPypi {
inherit pname version;
- sha256 = "sha256-1qWDg0hZM0TyDrNa2kcqdy0yFFgm8u/ljb4bZeqZ6JA=";
+ sha256 = "sha256-Q1E949TjeOc6xEKpOQa6qdNWJFqmeqf2FgXFbjmn9ZE=";
};
propagatedBuildInputs = [
diff --git a/pkgs/development/tools/analysis/checkov/default.nix b/pkgs/development/tools/analysis/checkov/default.nix
index eadeec8acce..743405be6a7 100644
--- a/pkgs/development/tools/analysis/checkov/default.nix
+++ b/pkgs/development/tools/analysis/checkov/default.nix
@@ -32,13 +32,13 @@ with py.pkgs;
buildPythonApplication rec {
pname = "checkov";
- version = "2.0.1140";
+ version = "2.0.1143";
src = fetchFromGitHub {
owner = "bridgecrewio";
repo = pname;
rev = version;
- hash = "sha256-aGO5mjBsUwpLIv73pZH1la6tyGByznTrjkW9dojkXwg=";
+ hash = "sha256-Kl9/wbjiQ46ysmnE24iQveTEzSTsVF5FHRqG3WWz3DQ=";
};
nativeBuildInputs = with py.pkgs; [
@@ -94,6 +94,7 @@ buildPythonApplication rec {
postPatch = ''
substituteInPlace setup.py \
+ --replace "bc-python-hcl2==0.3.39" "bc-python-hcl2>=0.3.39" \
--replace "cyclonedx-python-lib>=0.11.0,<1.0.0" "cyclonedx-python-lib>=0.11.0" \
--replace "prettytable>=3.0.0" "prettytable" \
--replace "pycep-parser==0.3.4" "pycep-parser"
diff --git a/pkgs/development/tools/dump_syms/default.nix b/pkgs/development/tools/dump_syms/default.nix
index a8c6821f27f..08788878cc9 100644
--- a/pkgs/development/tools/dump_syms/default.nix
+++ b/pkgs/development/tools/dump_syms/default.nix
@@ -1,8 +1,12 @@
{ lib
+, stdenv
, rustPlatform
, fetchFromGitHub
, pkg-config
, openssl
+
+# darwin
+, Security
}:
let
@@ -27,6 +31,8 @@ rustPlatform.buildRustPackage {
buildInputs = [
openssl
+ ] ++ lib.optionals (stdenv.isDarwin) [
+ Security
];
checkFlags = [
diff --git a/pkgs/development/tools/ocaml/dune/3.nix b/pkgs/development/tools/ocaml/dune/3.nix
index de661948b9c..009c3cb6fe2 100644
--- a/pkgs/development/tools/ocaml/dune/3.nix
+++ b/pkgs/development/tools/ocaml/dune/3.nix
@@ -6,11 +6,11 @@ else
stdenv.mkDerivation rec {
pname = "dune";
- version = "3.1.1";
+ version = "3.2.0";
src = fetchurl {
- url = "https://github.com/ocaml/dune/releases/download/${version}/fiber-${version}.tbz";
- sha256 = "sha256-AkhEVKsbmYhAx4c1CexrIwHrkmYsEy749fT1abNaa2A=";
+ url = "https://github.com/ocaml/dune/releases/download/${version}/chrome-trace-${version}.tbz";
+ sha256 = "sha256-vR+85q557R6yb6ibsuLiOXivzrP1P1V4zxvasIoa1bw=";
};
nativeBuildInputs = [ ocaml findlib ];
diff --git a/pkgs/servers/icingaweb2/ipl.nix b/pkgs/servers/icingaweb2/ipl.nix
index e9075d7d043..9d21951a299 100644
--- a/pkgs/servers/icingaweb2/ipl.nix
+++ b/pkgs/servers/icingaweb2/ipl.nix
@@ -2,13 +2,13 @@
stdenvNoCC.mkDerivation rec {
pname = "icingaweb2-ipl";
- version = "0.8.0";
+ version = "0.8.1";
src = fetchFromGitHub {
owner = "Icinga";
repo = "icinga-php-library";
rev = "v${version}";
- sha256 = "sha256:05k0qcd5c5xb124dpp6lvfdh4dzf6bkd34v4sy7aj776p4hrlqx2";
+ sha256 = "sha256:0ndd4gd26rglbz85izfvqc4ghcfa7wpq6ghrhggbzg819phndg5a";
};
installPhase = ''
diff --git a/pkgs/servers/invidious/lsquic.nix b/pkgs/servers/invidious/lsquic.nix
index 9c3bc68615c..ca04c97c128 100644
--- a/pkgs/servers/invidious/lsquic.nix
+++ b/pkgs/servers/invidious/lsquic.nix
@@ -1,11 +1,19 @@
-{ lib, boringssl, stdenv, fetchgit, fetchFromGitHub, cmake, zlib, perl, libevent, gcc10Stdenv, buildGoModule }:
+{ lib, boringssl, stdenv, fetchgit, fetchFromGitHub, fetchurl, cmake, zlib, perl, libevent }:
let
versions = builtins.fromJSON (builtins.readFile ./versions.json);
- buildGoModuleGcc10 = buildGoModule.override { stdenv = gcc10Stdenv; };
+ fetchGitilesPatch = { name, url, sha256 }:
+ fetchurl {
+ url = "${url}%5E%21?format=TEXT";
+ inherit name sha256;
+ downloadToTemp = true;
+ postFetch = ''
+ base64 -d < $downloadedFile > $out
+ '';
+ };
# lsquic requires a specific boringssl version (noted in its README)
- boringssl' = (boringssl.overrideAttrs (old: {
+ boringssl' = boringssl.overrideAttrs ({ preBuild, ... }: {
version = versions.boringssl.rev;
src = fetchgit {
url = "https://boringssl.googlesource.com/boringssl";
@@ -15,10 +23,43 @@ let
patches = [
# Use /etc/ssl/certs/ca-certificates.crt instead of /etc/ssl/cert.pem
./use-etc-ssl-certs.patch
+
+ # because lsquic requires that specific boringssl version and that
+ # version does not yet include fixes for gcc11 build errors, they
+ # must be backported
+ (fetchGitilesPatch {
+ name = "fix-mismatch-between-header-and-implementation-of-bn_sqr_comba8.patch";
+ url = "https://boringssl.googlesource.com/boringssl/+/139adff9b27eaf0bdaac664ec4c9a7db2fe3f920";
+ sha256 = "05sp602dvh50v46jkzmh4sf4wqnq5bwy553596g2rhxg75bailjj";
+ })
+ (fetchGitilesPatch {
+ name = "use-an-unsized-helper-for-truncated-SHA-512-variants.patch";
+ url = "https://boringssl.googlesource.com/boringssl/+/a24ab549e6ae246b391155d7bed3790ac0e07de2";
+ sha256 = "0483jkpg4g64v23ln2blb74xnmzdjcn3r7w4zk7nfg8j3q5f9lxm";
+ })
+/*
+ # the following patch is too complex, so we will modify the build flags
+ # of crypto/fipsmodule/CMakeFiles/fipsmodule.dir/bcm.c.o in preBuild
+ # and turn off -Werror=stringop-overflow
+ (fetchGitilesPatch {
+ name = "make-md32_common.h-single-included-and-use-an-unsized-helper-for-SHA-256.patch";
+ url = "https://boringssl.googlesource.com/boringssl/+/597ffef971dd980b7de5e97a0c9b7ca26eec94bc";
+ sha256 = "1y0bkkdf1ccd6crx326agp01q22clm4ai4p982y7r6dkmxmh52qr";
+ })
+*/
+ (fetchGitilesPatch {
+ name = "fix-array-parameter-warnings.patch";
+ url = "https://boringssl.googlesource.com/boringssl/+/92c6fbfc4c44dc8462d260d836020d2b793e7804";
+ sha256 = "0h4sl95i8b0dj0na4ngf50wg54raxyjxl1zzwdc810abglp10vnv";
+ })
];
- })).override {
- buildGoModule = buildGoModuleGcc10;
- };
+
+ preBuild = ''
+ ${preBuild}
+ sed -e '/^build crypto\/fipsmodule\/CMakeFiles\/fipsmodule\.dir\/bcm\.c\.o:/,/^ *FLAGS =/ s/^ *FLAGS = -Werror/& -Wno-error=stringop-overflow/' \
+ -i build.ninja
+ '';
+ });
in
stdenv.mkDerivation rec {
pname = "lsquic";
diff --git a/pkgs/servers/invidious/shards.nix b/pkgs/servers/invidious/shards.nix
index 582a4083e7d..e5f297d902c 100644
--- a/pkgs/servers/invidious/shards.nix
+++ b/pkgs/servers/invidious/shards.nix
@@ -20,14 +20,14 @@
exception_page = {
owner = "crystal-loot";
repo = "exception_page";
- rev = "v0.2.0";
- sha256 = "0nlgnh5iykbr1v2132342k2mz6s2laws6nkgqsqlwhhcr4gb4jcx";
+ rev = "v0.2.2";
+ sha256 = "1c8askb9b7621jjz5pjj6b8pdbhw3r1l3dym6swg1saspf5j3jwi";
};
kemal = {
owner = "kemalcr";
repo = "kemal";
- rev = "v1.1.0";
- sha256 = "07vlvddy4mba9li2bvskzqzywwq55cyvlgkz13q6dsl4zfgc96ca";
+ rev = "v1.1.2";
+ sha256 = "1149q4qw0zrws5asqqr4snrdi67xsmisdcq58zcrbgqgsxgly9d0";
};
kilt = {
owner = "jeromegn";
diff --git a/pkgs/servers/invidious/update.sh b/pkgs/servers/invidious/update.sh
index 580d6136388..bf43fbb4b36 100755
--- a/pkgs/servers/invidious/update.sh
+++ b/pkgs/servers/invidious/update.sh
@@ -41,7 +41,7 @@ git -C "$git_dir" fetch origin "$git_branch"
# because there might still be commits coming
# use the day of the latest commit we picked as version
new_rev=$(git -C "$git_dir" log -n 1 --format='format:%H' --before="${today}T00:00:00Z" "origin/$git_branch")
-new_version="unstable-$(git -C "$git_dir" log -n 1 --format='format:%cs' "$new_rev")"
+new_version="unstable-$(TZ=UTC git -C "$git_dir" log -n 1 --date='format-local:%Y-%m-%d' --format='%cd' "$new_rev")"
info "latest commit before $today: $new_rev"
if [ "$new_rev" = "$old_rev" ]; then
diff --git a/pkgs/servers/invidious/versions.json b/pkgs/servers/invidious/versions.json
index cec068a09bf..40f8bb04182 100644
--- a/pkgs/servers/invidious/versions.json
+++ b/pkgs/servers/invidious/versions.json
@@ -4,15 +4,15 @@
"sha256": "sha256-EU6T9yQCdOLx98Io8o01rEsgxDFF/Xoy42LgPopD2/A="
},
"invidious": {
- "rev": "ed265cfdcd131b9df5398d899cc5d7036a5b7846",
- "sha256": "0hhnq4s0slwbgxra7gxapl7dcz60a7k71cndi4crqcikmazzac3b",
- "version": "unstable-2022-03-16"
+ "rev": "ca27e096f3249533cc7a9b123a8a8378f3312bb7",
+ "sha256": "0xjdzxnw6b5lk8pr82sjj60wfzxqkyamh0gpf2wxby52jvlbdcka",
+ "version": "unstable-2022-05-11"
},
"lsquic": {
"sha256": "sha256-hG8cUvhbCNeMOsKkaJlgGpzUrIx47E/WhmPIdI5F3qM=",
"version": "2.18.1"
},
"videojs": {
- "sha256": "0b4vxd29kpvy60yhqm376r1872gds17s6wljqw0zlr16j762k50r"
+ "sha256": "0m09pc9acpzhfwwvc9dayl60nn28skmmglgvmlp48dlkqgfbgc27"
}
}
diff --git a/pkgs/servers/monitoring/icinga2/default.nix b/pkgs/servers/monitoring/icinga2/default.nix
index a674aca2a37..643e505d794 100644
--- a/pkgs/servers/monitoring/icinga2/default.nix
+++ b/pkgs/servers/monitoring/icinga2/default.nix
@@ -9,13 +9,13 @@
stdenv.mkDerivation rec {
pname = "icinga2${nameSuffix}";
- version = "2.13.2";
+ version = "2.13.3";
src = fetchFromGitHub {
owner = "icinga";
repo = "icinga2";
rev = "v${version}";
- sha256 = "sha256:1ijvav2ymgq1i8jycrqbp2y4r54y0dkwjnwxc20bmcixxh877zdn";
+ sha256 = "sha256:1z8wzhlhl8vb7m8axvayfyqgf86lz67gaa02n3r17049vwswdgmb";
};
patches = [
diff --git a/pkgs/tools/admin/syft/default.nix b/pkgs/tools/admin/syft/default.nix
index 0f7d3806182..4a74b851b34 100644
--- a/pkgs/tools/admin/syft/default.nix
+++ b/pkgs/tools/admin/syft/default.nix
@@ -2,13 +2,13 @@
buildGoModule rec {
pname = "syft";
- version = "0.45.1";
+ version = "0.46.1";
src = fetchFromGitHub {
owner = "anchore";
repo = pname;
rev = "v${version}";
- sha256 = "sha256-oexsu52x9rAqwTVxTVHzKPuaIfvg5lvvuBmKcnb2Yew=";
+ sha256 = "sha256-ojjudnS0yJZ6YoHmq4m0YKyCqq9Ge+AFU7ejlPop71w=";
# populate values that require us to use git. By doing this in postFetch we
# can delete .git afterwards and maintain better reproducibility of the src.
leaveDotGit = true;
@@ -20,11 +20,11 @@ buildGoModule rec {
find "$out" -name .git -print0 | xargs -0 rm -rf
'';
};
- vendorSha256 = "sha256-d6ZBWX4/lgh610fBLTE1EUqZmpctLfxi2PSRifH+1jg=";
+ vendorSha256 = "sha256-nb7QcdmwAfYDTzCFNjs7uKwK/gng2iMD36ANaFSsftk=";
nativeBuildInputs = [ installShellFiles ];
- subPackages = [ "." ];
+ subPackages = [ "cmd/syft" ];
ldflags = [
"-s"
@@ -52,6 +52,17 @@ buildGoModule rec {
--zsh <($out/bin/syft completion zsh)
'';
+ doInstallCheck = true;
+ installCheckPhase = ''
+ runHook preInstallCheck
+
+ export SYFT_CHECK_FOR_APP_UPDATE=false
+ $out/bin/syft --help
+ $out/bin/syft version | grep "${version}"
+
+ runHook postInstallCheck
+ '';
+
meta = with lib; {
homepage = "https://github.com/anchore/syft";
changelog = "https://github.com/anchore/syft/releases/tag/v${version}";
diff --git a/pkgs/tools/misc/fontforge/default.nix b/pkgs/tools/misc/fontforge/default.nix
index 3de016bf6d6..aa3d16a5fa5 100644
--- a/pkgs/tools/misc/fontforge/default.nix
+++ b/pkgs/tools/misc/fontforge/default.nix
@@ -63,7 +63,6 @@ stdenv.mkDerivation rec {
++ lib.optional (!withGTK) "-DENABLE_X11=ON"
++ lib.optional withExtras "-DENABLE_FONTFORGE_EXTRAS=ON";
- # work-around: git isn't really used, but configuration fails without it
preConfigure = ''
# The way $version propagates to $version of .pe-scripts (https://github.com/dejavu-fonts/dejavu-fonts/blob/358190f/scripts/generate.pe#L19)
export SOURCE_DATE_EPOCH=$(date -d ${version} +%s)
diff --git a/pkgs/tools/nix/npins/default.nix b/pkgs/tools/nix/npins/default.nix
new file mode 100644
index 00000000000..8324a2d8900
--- /dev/null
+++ b/pkgs/tools/nix/npins/default.nix
@@ -0,0 +1,44 @@
+{ lib
+, rustPlatform
+, fetchFromGitHub
+, nix-gitignore
+, makeWrapper
+, stdenv
+, darwin
+, callPackage
+
+ # runtime dependencies
+, nix # for nix-prefetch-url
+, nix-prefetch-git
+, git # for git ls-remote
+}:
+
+let
+ runtimePath = lib.makeBinPath [ nix nix-prefetch-git git ];
+ sources = (builtins.fromJSON (builtins.readFile ./sources.json)).pins;
+in rustPlatform.buildRustPackage rec {
+ pname = "npins";
+ version = src.version;
+ src = passthru.mkSource sources.npins;
+
+ cargoSha256 = "0rwnzkmx91cwcz9yw0rbbqv73ba6ggim9f4qgz5pgy6h696ld2k8";
+
+ buildInputs = lib.optional stdenv.isDarwin (with darwin.apple_sdk.frameworks; [ Security ]);
+ nativeBuildInputs = [ makeWrapper ];
+
+ # (Almost) all tests require internet
+ doCheck = false;
+
+ postFixup = ''
+ wrapProgram $out/bin/npins --prefix PATH : "${runtimePath}"
+ '';
+
+ meta = with lib; {
+ description = "Simple and convenient dependency pinning for Nix";
+ homepage = "https://github.com/andir/npins";
+ license = licenses.eupl12;
+ maintainers = with maintainers; [ piegames ];
+ };
+
+ passthru.mkSource = callPackage ./source.nix {};
+}
diff --git a/pkgs/tools/nix/npins/source.nix b/pkgs/tools/nix/npins/source.nix
new file mode 100644
index 00000000000..8c9e47204af
--- /dev/null
+++ b/pkgs/tools/nix/npins/source.nix
@@ -0,0 +1,57 @@
+# Not part of the public API – for use within nixpkgs only
+#
+# Usage:
+# ```nix
+# let
+# sources = builtins.fromJSON (builtins.readFile ./sources.json);
+# in mkMyDerivation rec {
+# version = src.version; # This obviously only works for releases
+# src = pkgs.npins.mkSource sources.mySource;
+# }
+# ```
+
+{ fetchgit
+, fetchzip
+, fetchurl
+}:
+let
+ mkSource = spec:
+ assert spec ? type; let
+ path =
+ if spec.type == "Git" then mkGitSource spec
+ else if spec.type == "GitRelease" then mkGitSource spec
+ else if spec.type == "PyPi" then mkPyPiSource spec
+ else if spec.type == "Channel" then mkChannelSource spec
+ else throw "Unknown source type ${spec.type}";
+ in
+ spec // { outPath = path; };
+
+ mkGitSource = { repository, revision, url ? null, hash, ... }:
+ assert repository ? type;
+ # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
+ # In the latter case, there we will always be an url to the tarball
+ if url != null then
+ (fetchzip {
+ inherit url;
+ sha256 = hash;
+ extension = "tar";
+ })
+ else assert repository.type == "Git"; fetchgit {
+ url = repository.url;
+ rev = revision;
+ };
+
+ mkPyPiSource = { url, hash, ... }:
+ fetchurl {
+ inherit url;
+ sha256 = hash;
+ };
+
+ mkChannelSource = { url, hash, ... }:
+ fetchzip {
+ inherit url;
+ sha256 = hash;
+ extension = "tar";
+ };
+in
+ mkSource
diff --git a/pkgs/tools/nix/npins/sources.json b/pkgs/tools/nix/npins/sources.json
new file mode 100644
index 00000000000..0481abe3f97
--- /dev/null
+++ b/pkgs/tools/nix/npins/sources.json
@@ -0,0 +1,19 @@
+{
+ "pins": {
+ "npins": {
+ "type": "GitRelease",
+ "repository": {
+ "type": "GitHub",
+ "owner": "andir",
+ "repo": "npins"
+ },
+ "pre_releases": false,
+ "version_upper_bound": null,
+ "version": "0.1.0",
+ "revision": "5c9253ff6010f435ab73fbe1e50ae0fdca0ec07b",
+ "url": "https://api.github.com/repos/andir/npins/tarball/0.1.0",
+ "hash": "019fr9xsirld8kap75k18in3krkikqhjn4mglpy3lyhbhc5n1kh6"
+ }
+ },
+ "version": 2
+}
diff --git a/pkgs/tools/security/witness/default.nix b/pkgs/tools/security/witness/default.nix
index 921d524be6a..f443d765b57 100644
--- a/pkgs/tools/security/witness/default.nix
+++ b/pkgs/tools/security/witness/default.nix
@@ -2,15 +2,15 @@
buildGoModule rec {
pname = "witness";
- version = "0.1.7";
+ version = "0.1.8";
src = fetchFromGitHub {
owner = "testifysec";
repo = pname;
rev = "v${version}";
- sha256 = "sha256-fkY3/UmHzggmysrae8VCY3NMBxC/LcWoQcXBELEzJlM=";
+ sha256 = "sha256-i76sw5ysWDZwuNt7CYtpVy9mEV643i4YaMxksglyPWw=";
};
- vendorSha256 = "sha256-ajWIjQXLvFQB1AVYyGjyWMrWIyue/d1uU5HHNf4/UcU=";
+ vendorSha256 = "sha256-A3fnAWEJ7SeUnDfIIOkbHIhUBRB8INcqMleOLL3LHF0=";
nativeBuildInputs = [ installShellFiles ];
diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
index b93ba9744ca..7c660e81d18 100644
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@@ -679,6 +679,7 @@ mapAliases ({
liblastfm = libsForQt5.liblastfm; # Added 2020-06-14
liblrdf = throw "'liblrdf' has been renamed to/replaced by 'lrdf'"; # Converted to throw 2022-02-22
libmsgpack = throw "'libmsgpack' has been renamed to/replaced by 'msgpack'"; # Converted to throw 2022-02-22
+ libnih = throw "'libnih' has been removed"; # Converted to throw 2022-05-17
libosmpbf = throw "libosmpbf was removed because it is no longer required by osrm-backend";
libpng_apng = throw "libpng_apng has been removed, because it is equivalent to libpng"; # Added 2021-03-21
libpulseaudio-vanilla = libpulseaudio; # Added 2022-04-20
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 53c335dc5a9..f647eb86a16 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -4015,6 +4015,8 @@ with pkgs;
notify = callPackage ../tools/misc/notify { };
+ npins = callPackage ../tools/nix/npins { };
+
nrsc5 = callPackage ../applications/misc/nrsc5 { };
nsync = callPackage ../development/libraries/nsync { };
@@ -5309,7 +5311,9 @@ with pkgs;
autoreconfHook = buildPackages.autoreconfHook269;
};
- dump_syms = callPackage ../development/tools/dump_syms { };
+ dump_syms = callPackage ../development/tools/dump_syms {
+ inherit (darwin.apple_sdk.frameworks) Security;
+ };
dumptorrent = callPackage ../tools/misc/dumptorrent { };
@@ -19009,8 +19013,6 @@ with pkgs;
libnftnl = callPackage ../development/libraries/libnftnl { };
- libnih = callPackage ../development/libraries/libnih { };
-
libnova = callPackage ../development/libraries/science/astronomy/libnova { };
libnxml = callPackage ../development/libraries/libnxml { };
@@ -23246,6 +23248,8 @@ with pkgs;
linux_5_10_hardened = linuxKernel.kernels.linux_5_10_hardened;
linuxPackages_5_15_hardened = linuxKernel.packages.linux_5_15_hardened;
linux_5_15_hardened = linuxKernel.kernels.linux_5_15_hardened;
+ linuxPackages_5_17_hardened = linuxKernel.packages.linux_5_17_hardened;
+ linux_5_17_hardened = linuxKernel.kernels.linux_5_17_hardened;
# Hardkernel (Odroid) kernels.
linuxPackages_hardkernel_latest = linuxKernel.packageAliases.linux_hardkernel_latest;
diff --git a/pkgs/top-level/linux-kernels.nix b/pkgs/top-level/linux-kernels.nix
index 7c892035e7f..8196811a7b2 100644
--- a/pkgs/top-level/linux-kernels.nix
+++ b/pkgs/top-level/linux-kernels.nix
@@ -236,6 +236,7 @@ in {
linux_5_4_hardened = hardenedKernelFor kernels.linux_5_4 { };
linux_5_10_hardened = hardenedKernelFor kernels.linux_5_10 { };
linux_5_15_hardened = hardenedKernelFor kernels.linux_5_15 { };
+ linux_5_17_hardened = hardenedKernelFor kernels.linux_5_17 { };
}));
/* Linux kernel modules are inherently tied to a specific kernel. So