From 1009d6e79e7f4ef92d7db27214c55a36f5e22c6f Mon Sep 17 00:00:00 2001 From: Konrad Borowski Date: Thu, 27 Jan 2022 08:12:00 +0100 Subject: [PATCH 01/24] nixos/wrappers: create a new assert macro that always asserts C's assert macro only works when NDEBUG is undefined. Previously NDEBUG was undefined incorrectly which meant that the assert macros in wrapper.c did not work. --- nixos/modules/security/wrappers/wrapper.c | 37 ++++++++++++----------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/nixos/modules/security/wrappers/wrapper.c b/nixos/modules/security/wrappers/wrapper.c index 529669facda..49fc6c0ad53 100644 --- a/nixos/modules/security/wrappers/wrapper.c +++ b/nixos/modules/security/wrappers/wrapper.c @@ -2,12 +2,12 @@ #include #include #include +#include #include #include #include #include #include -#include #include #include #include @@ -16,10 +16,7 @@ #include #include -// Make sure assertions are not compiled out, we use them to codify -// invariants about this program and we want it to fail fast and -// loudly if they are violated. -#undef NDEBUG +#define ASSERT(expr) ((expr) ? (void) 0 : assert_failure(#expr)) extern char **environ; @@ -38,6 +35,12 @@ static char *wrapper_debug = "WRAPPER_DEBUG"; #define LE32_TO_H(x) (x) #endif +static noreturn void assert_failure(const char *assertion) { + fprintf(stderr, "Assertion `%s` in NixOS's wrapper.c failed.\n", assertion); + fflush(stderr); + abort(); +} + int get_last_cap(unsigned *last_cap) { FILE* file = fopen("/proc/sys/kernel/cap_last_cap", "r"); if (file == NULL) { @@ -181,36 +184,36 @@ int main(int argc, char **argv) { int len = strlen(wrapper_dir); if (len > 0 && '/' == wrapper_dir[len - 1]) --len; - assert(!strncmp(self_path, wrapper_dir, len)); - assert('/' == wrapper_dir[0]); - assert('/' == self_path[len]); + ASSERT(!strncmp(self_path, wrapper_dir, len)); + ASSERT('/' == wrapper_dir[0]); + ASSERT('/' == self_path[len]); // Make *really* *really* sure that we were executed as // `self_path', and not, say, as some other setuid program. That // is, our effective uid/gid should match the uid/gid of // `self_path'. struct stat st; - assert(lstat(self_path, &st) != -1); + ASSERT(lstat(self_path, &st) != -1); - assert(!(st.st_mode & S_ISUID) || (st.st_uid == geteuid())); - assert(!(st.st_mode & S_ISGID) || (st.st_gid == getegid())); + ASSERT(!(st.st_mode & S_ISUID) || (st.st_uid == geteuid())); + ASSERT(!(st.st_mode & S_ISGID) || (st.st_gid == getegid())); // And, of course, we shouldn't be writable. - assert(!(st.st_mode & (S_IWGRP | S_IWOTH))); + ASSERT(!(st.st_mode & (S_IWGRP | S_IWOTH))); // Read the path of the real (wrapped) program from .real. char real_fn[PATH_MAX + 10]; int real_fn_size = snprintf(real_fn, sizeof(real_fn), "%s.real", self_path); - assert(real_fn_size < sizeof(real_fn)); + ASSERT(real_fn_size < sizeof(real_fn)); int fd_self = open(real_fn, O_RDONLY); - assert(fd_self != -1); + ASSERT(fd_self != -1); char source_prog[PATH_MAX]; len = read(fd_self, source_prog, PATH_MAX); - assert(len != -1); - assert(len < sizeof(source_prog)); - assert(len > 0); + ASSERT(len != -1); + ASSERT(len < sizeof(source_prog)); + ASSERT(len > 0); source_prog[len] = 0; close(fd_self); From 2a6a3d2c47626782f604a1fb4ec506c834efb47a Mon Sep 17 00:00:00 2001 From: Konrad Borowski Date: Thu, 27 Jan 2022 08:14:53 +0100 Subject: [PATCH 02/24] nixos/wrappers: require argc to be at least one setuid applications were exploited in the past with an empty argv, such as pkexec using CVE-2021-4034. --- nixos/modules/security/wrappers/wrapper.c | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/security/wrappers/wrapper.c b/nixos/modules/security/wrappers/wrapper.c index 49fc6c0ad53..a21ec500208 100644 --- a/nixos/modules/security/wrappers/wrapper.c +++ b/nixos/modules/security/wrappers/wrapper.c @@ -170,6 +170,7 @@ int readlink_malloc(const char *p, char **ret) { } int main(int argc, char **argv) { + ASSERT(argc >= 1); char *self_path = NULL; int self_path_size = readlink_malloc("/proc/self/exe", &self_path); if (self_path_size < 0) { From 368e6d00f8fa611682acae6c17ec2268d9239795 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 16 Mar 2022 10:31:41 +0000 Subject: [PATCH 03/24] libdigidocpp: 3.14.7 -> 3.14.8 --- pkgs/development/libraries/libdigidocpp/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libdigidocpp/default.nix b/pkgs/development/libraries/libdigidocpp/default.nix index 4f80709652d..171f830032d 100644 --- a/pkgs/development/libraries/libdigidocpp/default.nix +++ b/pkgs/development/libraries/libdigidocpp/default.nix @@ -2,12 +2,12 @@ , xercesc, xml-security-c, pkg-config, xsd, zlib, xalanc, xxd }: stdenv.mkDerivation rec { - version = "3.14.7"; + version = "3.14.8"; pname = "libdigidocpp"; src = fetchurl { url = "https://github.com/open-eid/libdigidocpp/releases/download/v${version}/libdigidocpp-${version}.tar.gz"; - sha256 = "sha256-QdctW2+T8kPNUJv30pXZ/qfnw1Uhq6gScSjUI+bZMfY="; + sha256 = "sha256-U5i5IAyJF4359q6M6mQemEuG7+inPYIXqLy8GHv4dkg="; }; nativeBuildInputs = [ cmake pkg-config xxd ]; From 7b3ac385e53101e229122d687fd0021a637407aa Mon Sep 17 00:00:00 2001 From: Tom Wieczorek Date: Thu, 17 Mar 2022 13:25:58 +0100 Subject: [PATCH 04/24] k0sctl: 0.11.4 -> 0.12.6 Also add shell completions. --- .../networking/cluster/k0sctl/default.nix | 24 ++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/cluster/k0sctl/default.nix b/pkgs/applications/networking/cluster/k0sctl/default.nix index 256d7e64225..b30a7174902 100644 --- a/pkgs/applications/networking/cluster/k0sctl/default.nix +++ b/pkgs/applications/networking/cluster/k0sctl/default.nix @@ -1,20 +1,29 @@ { lib , buildGoModule , fetchFromGitHub +, fetchpatch +, installShellFiles }: buildGoModule rec { pname = "k0sctl"; - version = "0.11.4"; + version = "0.12.6"; src = fetchFromGitHub { owner = "k0sproject"; repo = pname; rev = "v${version}"; - sha256 = "sha256-Fk1aYSa3LqzxiHtlzH5pcNtodOprjfnCFh4UMqCa6Rc="; + sha256 = "sha256-TkkMO6xBHY5t5Rpd0ieSDXMrnQ+Xdq+65Rk93ZkYcUs="; }; - vendorSha256 = "sha256-21C6wZ8lKQnbUg3aD0ZFVOgopblXyWk4WP/ubZVk3Yk="; + vendorSha256 = "sha256-nTAuvHcsJiW0XYX5GM1SL8cnOhwdrj6iw8tuAkEWNzQ="; + + patches = [ + (fetchpatch { + url = "https://github.com/k0sproject/${pname}/commit/22c694ab0335a1e6146d0d3f939ef79d2c005a3d.patch"; + sha256 = "sha256-Ftq/vbQd5ArdHboDt6NdyuqpFalHVnsQBdpmyDG/t5Q="; + }) + ]; ldflags = [ "-s" @@ -23,6 +32,15 @@ buildGoModule rec { "-X github.com/k0sproject/k0sctl/version.Version=${version}" ]; + nativeBuildInputs = [ installShellFiles ]; + + postInstall = '' + for shell in bash zsh fish; do + installShellCompletion --cmd ${pname} \ + --$shell <($out/bin/${pname} completion --shell $shell) + done + ''; + meta = with lib; { description = "A bootstrapping and management tool for k0s clusters."; homepage = "https://k0sproject.io/"; From 7bec3e60efb9203c444bfaf8f35cfb1252ece170 Mon Sep 17 00:00:00 2001 From: Klemens Nanni Date: Wed, 27 Apr 2022 05:42:16 +0200 Subject: [PATCH 05/24] lib/types: Drop misleading plural from type descriptions #170561 Probably being the most prominent document demonstrating the problem, configuration.nix(5) describes various types in plural, e.g. - ` Type: list of strings` - ` Type: list of systemd options` However, there are other cases where appending "s" to the inner type effectively changes the type, e.g. - ``` Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)s ``` This should've read "list of string[s]..." but instead changes the regular expression. Simply drop the best-effort plural in favour of correctness and simplicity rather than adding more grammar related logic/trying to fix this. --- lib/types.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/types.nix b/lib/types.nix index 91b040d2455..e4b3f358d1c 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -397,7 +397,7 @@ rec { listOf = elemType: mkOptionType rec { name = "listOf"; - description = "list of ${elemType.description}s"; + description = "list of ${elemType.description}"; check = isList; merge = loc: defs: map (x: x.value) (filter (x: x ? value) (concatLists (imap1 (n: def: @@ -426,7 +426,7 @@ rec { attrsOf = elemType: mkOptionType rec { name = "attrsOf"; - description = "attribute set of ${elemType.description}s"; + description = "attribute set of ${elemType.description}"; check = isAttrs; merge = loc: defs: mapAttrs (n: v: v.value) (filterAttrs (n: v: v ? value) (zipAttrsWith (name: defs: @@ -449,7 +449,7 @@ rec { # error that it's not defined. Use only if conditional definitions don't make sense. lazyAttrsOf = elemType: mkOptionType rec { name = "lazyAttrsOf"; - description = "lazy attribute set of ${elemType.description}s"; + description = "lazy attribute set of ${elemType.description}"; check = isAttrs; merge = loc: defs: zipAttrsWith (name: defs: From 9252a7daa80bf81e76bf826caef8cb6dd08b1325 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Mon, 2 May 2022 10:41:47 +0200 Subject: [PATCH 06/24] lib/tests/modules.sh: Fix for singular type descriptions --- lib/tests/modules.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/tests/modules.sh b/lib/tests/modules.sh index cc13a8d38e3..82d3dd96e88 100755 --- a/lib/tests/modules.sh +++ b/lib/tests/modules.sh @@ -313,7 +313,7 @@ checkConfigOutput "bar" config.priorities ./raw.nix ## Option collision checkConfigError \ - 'The option .set. in module .*/declare-set.nix. would be a parent of the following options, but its type .attribute set of signed integers. does not support nested options.\n\s*- option[(]s[)] with prefix .set.enable. in module .*/declare-enable-nested.nix.' \ + 'The option .set. in module .*/declare-set.nix. would be a parent of the following options, but its type .attribute set of signed integer. does not support nested options.\n\s*- option[(]s[)] with prefix .set.enable. in module .*/declare-enable-nested.nix.' \ config.set \ ./declare-set.nix ./declare-enable-nested.nix From b2b2282f5d41da0db87d5bcf87aa95b9727260e9 Mon Sep 17 00:00:00 2001 From: Artturin Date: Mon, 16 May 2022 04:55:39 +0300 Subject: [PATCH 07/24] python39Packages.sanic: fix build on darwin OSError: [Errno 24] Too many open files https://hydra.nixos.org/build/176212923 --- pkgs/development/python-modules/sanic/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/development/python-modules/sanic/default.nix b/pkgs/development/python-modules/sanic/default.nix index 228bf2a5624..ff76e2c5631 100644 --- a/pkgs/development/python-modules/sanic/default.nix +++ b/pkgs/development/python-modules/sanic/default.nix @@ -82,6 +82,9 @@ buildPythonPackage rec { # needed for relative paths for some packages cd tests + '' + lib.optionalString stdenv.isDarwin '' + # OSError: [Errno 24] Too many open files + ulimit -n 1024 ''; # uvloop usage is buggy From 0c6396c7041e27a47469008965347011b0c88914 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Mon, 16 May 2022 08:45:11 +0200 Subject: [PATCH 08/24] python310Packages.pyskyqhub: 0.1.8 -> 0.1.9 --- pkgs/development/python-modules/pyskyqhub/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pyskyqhub/default.nix b/pkgs/development/python-modules/pyskyqhub/default.nix index b0d1f8010fb..6f60fec79f2 100644 --- a/pkgs/development/python-modules/pyskyqhub/default.nix +++ b/pkgs/development/python-modules/pyskyqhub/default.nix @@ -7,7 +7,7 @@ buildPythonPackage rec { pname = "pyskyqhub"; - version = "0.1.8"; + version = "0.1.9"; format = "setuptools"; disabled = pythonOlder "3.8"; @@ -16,7 +16,7 @@ buildPythonPackage rec { owner = "RogerSelwyn"; repo = "skyq_hub"; rev = version; - sha256 = "sha256-1KNgF3d5w+aNKNkOZVkdD3VVLz/F8NyQ5MxO1UaWrFk="; + sha256 = "sha256-yXqtABbsCh1yb96lsEA0gquikVenGLCo6J93AeXAC8k="; }; propagatedBuildInputs = [ From 16fc84cd4be51376b7517f48d37811eb6ec27471 Mon Sep 17 00:00:00 2001 From: Linus Heckemann Date: Fri, 13 May 2022 12:33:40 +0200 Subject: [PATCH 09/24] clamav: 0.103.6 -> 0.105.0 --- pkgs/tools/security/clamav/default.nix | 40 +++++-------------- .../clamav/remove-freshclam-test.patch | 20 ++++++++++ 2 files changed, 30 insertions(+), 30 deletions(-) create mode 100644 pkgs/tools/security/clamav/remove-freshclam-test.patch diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix index 4a72c900ca4..25351625259 100644 --- a/pkgs/tools/security/clamav/default.nix +++ b/pkgs/tools/security/clamav/default.nix @@ -1,52 +1,32 @@ -{ lib, stdenv, fetchurl, pkg-config +{ lib, stdenv, fetchurl, pkg-config, cmake , zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl, libmilter, pcre2 , libmspack, systemd, Foundation, json_c, check +, rustc, rust-bindgen, rustfmt, cargo, python3 }: stdenv.mkDerivation rec { pname = "clamav"; - version = "0.103.6"; + version = "0.105.0"; src = fetchurl { url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz"; - sha256 = "sha256-qqEuPcGfHTI7HFDXoQ+or1V+Q5AUnoZNWb3jm2rZujM="; + sha256 = "sha256-JwIDpUxFgEnbVPzZNoP/Wy2xkVHzY8SOgs7O/d4rNdQ="; }; - # don't install sample config files into the absolute sysconfdir folder - postPatch = '' - substituteInPlace Makefile.in --replace ' etc ' ' ' - ''; + # Flaky test, remove this when https://github.com/Cisco-Talos/clamav/issues/343 is fixed + patches = [ ./remove-freshclam-test.patch ]; enableParallelBuilding = true; - nativeBuildInputs = [ pkg-config ]; + nativeBuildInputs = [ cmake pkg-config rustc rust-bindgen rustfmt cargo python3 ]; buildInputs = [ zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre2 libmspack json_c check ] ++ lib.optional stdenv.isLinux systemd ++ lib.optional stdenv.isDarwin Foundation; - configureFlags = [ - "--libdir=$(out)/lib" - "--sysconfdir=/etc/clamav" - "--disable-llvm" # enabling breaks the build at the moment - "--with-zlib=${zlib.dev}" - "--with-xml=${libxml2.dev}" - "--with-openssl=${openssl.dev}" - "--with-libcurl=${curl.dev}" - "--with-libjson=${json_c.dev}" - "--with-system-libmspack" - "--enable-milter" - "--disable-unrar" # disable unrar because it's non-free and requires some extra patching to work properly - "--enable-check" - ] ++ lib.optional stdenv.isLinux - "--with-systemdsystemunitdir=$(out)/lib/systemd"; + cmakeFlags = [ + "-DSYSTEMD_UNIT_DIR=${placeholder "out"}/lib/systemd" + ]; - postInstall = '' - mkdir $out/etc - cp etc/*.sample $out/etc - ''; - - # Only required for the unit tests - hardeningDisable = [ "format" ]; doCheck = true; meta = with lib; { diff --git a/pkgs/tools/security/clamav/remove-freshclam-test.patch b/pkgs/tools/security/clamav/remove-freshclam-test.patch new file mode 100644 index 00000000000..93078b52aaa --- /dev/null +++ b/pkgs/tools/security/clamav/remove-freshclam-test.patch @@ -0,0 +1,20 @@ +diff --git a/unit_tests/CMakeLists.txt b/unit_tests/CMakeLists.txt +index 1460357ba..1194abc9d 100644 +--- a/unit_tests/CMakeLists.txt ++++ b/unit_tests/CMakeLists.txt +@@ -371,15 +371,6 @@ if(ENABLE_APP) + set_property(TEST clamd_valgrind PROPERTY ENVIRONMENT ${ENVIRONMENT} VALGRIND=${Valgrind_EXECUTABLE}) + endif() + +- add_test(NAME freshclam COMMAND ${PythonTest_COMMAND};freshclam_test.py +- WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) +- set_property(TEST freshclam PROPERTY ENVIRONMENT ${ENVIRONMENT}) +- if(Valgrind_FOUND) +- add_test(NAME freshclam_valgrind COMMAND ${PythonTest_COMMAND};freshclam_test.py +- WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) +- set_property(TEST freshclam_valgrind PROPERTY ENVIRONMENT ${ENVIRONMENT} VALGRIND=${Valgrind_EXECUTABLE}) +- endif() +- + add_test(NAME sigtool COMMAND ${PythonTest_COMMAND};sigtool_test.py + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) + set_property(TEST sigtool PROPERTY ENVIRONMENT ${ENVIRONMENT}) From 20581e0cc9350b2bddb2b99543094372f9079ddf Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 15 May 2022 22:35:37 +0300 Subject: [PATCH 10/24] python*Packages.pymdown-extensions: 9.1 -> 9.4 --- .../pymdown-extensions/default.nix | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/pkgs/development/python-modules/pymdown-extensions/default.nix b/pkgs/development/python-modules/pymdown-extensions/default.nix index 94a73fd8211..068c3196952 100644 --- a/pkgs/development/python-modules/pymdown-extensions/default.nix +++ b/pkgs/development/python-modules/pymdown-extensions/default.nix @@ -1,7 +1,7 @@ { lib , buildPythonPackage , fetchFromGitHub -, fetchpatch +, hatchling , pytestCheckHook , markdown , pyyaml @@ -38,26 +38,17 @@ let in buildPythonPackage rec { pname = "pymdown-extensions"; - version = "9.1"; + version = "9.4"; format = "pyproject"; src = fetchFromGitHub { owner = "facelessuser"; repo = "pymdown-extensions"; rev = version; - sha256 = "sha256-II8Po8144h3wPFrzMbOB/qiCm2HseYrcZkyIZFGT+ek="; + sha256 = "sha256-9oYLDerz6ZcE4QyLO4mFPuHws8oZoXX8LcSV209MFec="; }; - patches = [ - # this patch is needed to allow tests to pass for later versions of the - # markdown dependency - # - # it can be removed after the next pymdown-extensions release - (fetchpatch { - url = "https://github.com/facelessuser/pymdown-extensions/commit/8ee5b5caec8f9373e025f50064585fb9d9b71f86.patch"; - sha256 = "sha256-jTHNcsV0zL0EkSTSj8zCGXXtpUaLnNPldmL+krZj3Gk="; - }) - ]; + nativeBuildInputs = [ hatchling ]; propagatedBuildInputs = [ markdown pygments ]; From 36c7b97ebf49d371f87851cff81a960e40df3373 Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 15 May 2022 23:11:40 +0300 Subject: [PATCH 11/24] python*Packages.mkdocs-material: 8.2.11 -> 8.2.15 --- pkgs/development/python-modules/mkdocs-material/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/mkdocs-material/default.nix b/pkgs/development/python-modules/mkdocs-material/default.nix index a0df1000892..feed177a9af 100644 --- a/pkgs/development/python-modules/mkdocs-material/default.nix +++ b/pkgs/development/python-modules/mkdocs-material/default.nix @@ -13,7 +13,7 @@ buildPythonApplication rec { pname = "mkdocs-material"; - version = "8.2.11"; + version = "8.2.15"; format = "setuptools"; disabled = pythonOlder "3.6"; @@ -22,7 +22,7 @@ buildPythonApplication rec { owner = "squidfunk"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-YAXdIA36QWwdQxTux6Sy/F0j8lprSO+5/VezFcsGQYg="; + hash = "sha256-6x3ENFPGmtRDMV6YRGlTLCYusmX49LrGBDwicg8sDB0="; }; propagatedBuildInputs = [ From 681f4c49e9ca1b71e3580db619c891c07973fcaa Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 15 May 2022 23:20:48 +0300 Subject: [PATCH 12/24] apache-airflow: mark broken It doesn't build and probably won't any time soon, as it still depends on pre-2.0 Flask. --- pkgs/development/python-modules/apache-airflow/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/python-modules/apache-airflow/default.nix b/pkgs/development/python-modules/apache-airflow/default.nix index 948fae7893b..c753458fb7e 100644 --- a/pkgs/development/python-modules/apache-airflow/default.nix +++ b/pkgs/development/python-modules/apache-airflow/default.nix @@ -243,5 +243,7 @@ buildPythonPackage rec { homepage = "https://airflow.apache.org/"; license = licenses.asl20; maintainers = with maintainers; [ bhipple costrouc ingenieroariel ]; + # requires extremely outdated versions of multiple dependencies + broken = true; }; } From b50d94a3f27ce81ba39068c2450084460c627886 Mon Sep 17 00:00:00 2001 From: K900 Date: Mon, 16 May 2022 00:41:07 +0300 Subject: [PATCH 13/24] python*Packages.djangorestframework: add missing dependency --- .../python-modules/djangorestframework/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/djangorestframework/default.nix b/pkgs/development/python-modules/djangorestframework/default.nix index 131be8781b3..f8de884a24f 100644 --- a/pkgs/development/python-modules/djangorestframework/default.nix +++ b/pkgs/development/python-modules/djangorestframework/default.nix @@ -1,4 +1,4 @@ -{ lib, buildPythonPackage, fetchFromGitHub, django, isPy27 }: +{ lib, buildPythonPackage, fetchFromGitHub, django, pytz, isPy27 }: buildPythonPackage rec { version = "3.12.4"; @@ -15,7 +15,7 @@ buildPythonPackage rec { # Test settings are missing doCheck = false; - propagatedBuildInputs = [ django ]; + propagatedBuildInputs = [ django pytz ]; meta = with lib; { description = "Web APIs for Django, made easy"; From a4c0d2b344721ad37667776ba5388271ca756e01 Mon Sep 17 00:00:00 2001 From: K900 Date: Mon, 16 May 2022 00:41:07 +0300 Subject: [PATCH 14/24] netbox: fix build, drop overrides, update Django --- pkgs/servers/web-apps/netbox/default.nix | 33 ++---------------------- 1 file changed, 2 insertions(+), 31 deletions(-) diff --git a/pkgs/servers/web-apps/netbox/default.nix b/pkgs/servers/web-apps/netbox/default.nix index 988076947bc..ee868397ee7 100644 --- a/pkgs/servers/web-apps/netbox/default.nix +++ b/pkgs/servers/web-apps/netbox/default.nix @@ -9,36 +9,7 @@ let py = python3.override { packageOverrides = self: super: { - django = super.django_3; - jsonschema = super.jsonschema.overridePythonAttrs (old: rec { - version = "3.2.0"; - src = self.fetchPypi { - pname = old.pname; - inherit version; - sha256 = "c8a85b28d377cc7737e46e2d9f2b4f44ee3c0e1deac6bf46ddefc7187d30797a"; - }; - }); - lxml = super.lxml.overridePythonAttrs (old: rec { - version = "4.6.5"; - src = self.fetchPypi { - pname = old.pname; - inherit version; - sha256 = "6e84edecc3a82f90d44ddee2ee2a2630d4994b8471816e226d2b771cda7ac4ca"; - }; - }); - werkzeug = super.werkzeug.overridePythonAttrs (old: rec { - version = "2.0.3"; - src = self.fetchPypi { - pname = "Werkzeug"; - inherit version; - sha256 = "sha256-uGP4/wV8UiFktgZ8niiwQRYbS+W6TQ2s7qpQoWOCLTw="; - }; - }); - sentry-sdk = super.sentry-sdk.overridePythonAttrs (old: rec { - disabledTestPaths = old.disabledTestPaths ++ [ - "tests/integrations/flask/test_flask.py" - ]; - }); + django = super.django_4; }; }; @@ -64,7 +35,7 @@ py.pkgs.buildPythonApplication rec { ]; propagatedBuildInputs = with py.pkgs; [ - django_3 + django_4 django-cors-headers django-debug-toolbar django-filter From 016facb869ed894692bee9963d580d77b45d146b Mon Sep 17 00:00:00 2001 From: K900 Date: Mon, 16 May 2022 11:40:25 +0300 Subject: [PATCH 15/24] hyperkitty: backport patch fixing Python 3.10 support --- pkgs/servers/mail/mailman/hyperkitty.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/servers/mail/mailman/hyperkitty.nix b/pkgs/servers/mail/mailman/hyperkitty.nix index d1e4581789e..b84e78e323d 100644 --- a/pkgs/servers/mail/mailman/hyperkitty.nix +++ b/pkgs/servers/mail/mailman/hyperkitty.nix @@ -1,5 +1,6 @@ { lib , buildPythonPackage +, fetchpatch , fetchPypi , pythonOlder @@ -40,6 +41,15 @@ buildPythonPackage rec { sha256 = "sha256-gmkiK8pIHfubbbxNdm/D6L2o722FptxYgINYdIUOn4Y="; }; + patches = [ + # FIXME: backport Python 3.10 support fix, remove for next release + (fetchpatch { + url = "https://gitlab.com/mailman/hyperkitty/-/commit/551a44a76e46931fc5c1bcb341235d8f579820be.patch"; + sha256 = "sha256-5XCrvyrDEqH3JryPMoOXSlVVDLQ+PdYBqwGYxkExdvk="; + includes = [ "hyperkitty/*" ]; + }) + ]; + postPatch = '' # isort is a development dependency sed -i '/isort/d' setup.py From f6cede3f93211d64e63848ca06d805006d86da6a Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 16 May 2022 11:26:04 +0000 Subject: [PATCH 16/24] python310Packages.pycep-parser: 0.3.4 -> 0.3.5 --- pkgs/development/python-modules/pycep-parser/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/pycep-parser/default.nix b/pkgs/development/python-modules/pycep-parser/default.nix index 3e8104ea33b..7a5178cb228 100644 --- a/pkgs/development/python-modules/pycep-parser/default.nix +++ b/pkgs/development/python-modules/pycep-parser/default.nix @@ -12,7 +12,7 @@ buildPythonPackage rec { pname = "pycep-parser"; - version = "0.3.4"; + version = "0.3.5"; format = "pyproject"; disabled = pythonOlder "3.7"; @@ -20,8 +20,8 @@ buildPythonPackage rec { src = fetchFromGitHub { owner = "gruebel"; repo = "pycep"; - rev = version; - hash = "sha256-o2sYPvZVevDqZV8EtKWTL2zHHzX2kmTZ4iVHsUhFv7M="; + rev = "refs/tags/${version}"; + hash = "sha256-Nj/drNRSIBh8DaE+vzQRijQg8NVUK5qBClwU3aWiA48="; }; nativeBuildInputs = [ From 29bccd95f778fae365a6af72c326187f0a79e6f8 Mon Sep 17 00:00:00 2001 From: Ulrik Strid Date: Mon, 16 May 2022 14:53:27 +0200 Subject: [PATCH 17/24] tilt: 0.26.3 -> 0.30.0 (#173252) --- pkgs/applications/networking/cluster/tilt/default.nix | 4 ++-- pkgs/top-level/all-packages.nix | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/cluster/tilt/default.nix b/pkgs/applications/networking/cluster/tilt/default.nix index c13c08c44a4..5532c644c2c 100644 --- a/pkgs/applications/networking/cluster/tilt/default.nix +++ b/pkgs/applications/networking/cluster/tilt/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { /* Do not use "dev" as a version. If you do, Tilt will consider itself running in development environment and try to serve assets from the source tree, which is not there once build completes. */ - version = "0.26.3"; + version = "0.30.0"; src = fetchFromGitHub { owner = "tilt-dev"; repo = pname; rev = "v${version}"; - sha256 = "sha256-jrVf6vNlEkTgALS93o3kIiticvsyFHm5oA2Fh1edAGY="; + sha256 = "sha256-bZYm9T3NRNNtT8RDGwnXcXC7Rb/GuIxI/U06By4gR/w="; }; vendorSha256 = null; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index c233d4b0703..03b807a0686 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -34704,7 +34704,9 @@ with pkgs; tgswitch = callPackage ../applications/networking/cluster/tgswitch {}; - tilt = callPackage ../applications/networking/cluster/tilt { }; + tilt = callPackage ../applications/networking/cluster/tilt { + buildGoModule = buildGo118Module; + }; timeular = callPackage ../applications/office/timeular {}; From 3e789af26cb39c8e25678616c184579532562058 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 25 Apr 2022 03:04:38 +0000 Subject: [PATCH 18/24] bullet: 3.22b -> 3.23 --- pkgs/development/libraries/bullet/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/bullet/default.nix b/pkgs/development/libraries/bullet/default.nix index e37da386cd6..9a882fd7418 100644 --- a/pkgs/development/libraries/bullet/default.nix +++ b/pkgs/development/libraries/bullet/default.nix @@ -11,13 +11,13 @@ stdenv.mkDerivation rec { pname = "bullet"; - version = "3.22b"; + version = "3.23"; src = fetchFromGitHub { owner = "bulletphysics"; repo = "bullet3"; rev = version; - sha256 = "sha256-hf2b7enh9mziPKFcdU8NwLdhcxhV7Ididf9Bwwa+5/M="; + sha256 = "sha256-XZpwCVfSJD3W93BJrGefy3dGrevNzChU+TrKalMpY4Q="; }; nativeBuildInputs = [ cmake ]; From d1e5ca2014084a50807ccc1003711b6be0fb5928 Mon Sep 17 00:00:00 2001 From: zendo Date: Mon, 16 May 2022 23:11:26 +0800 Subject: [PATCH 19/24] mpc-qt: 2019-06-09 -> 22.02 --- pkgs/applications/video/mpc-qt/default.nix | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/pkgs/applications/video/mpc-qt/default.nix b/pkgs/applications/video/mpc-qt/default.nix index 7c4126bb37c..9f91cc0c3c0 100644 --- a/pkgs/applications/video/mpc-qt/default.nix +++ b/pkgs/applications/video/mpc-qt/default.nix @@ -1,23 +1,16 @@ -{ lib, stdenv, mkDerivation, fetchFromGitLab, fetchpatch, pkg-config, qmake, qtx11extras, qttools, mpv }: +{ lib, stdenv, mkDerivation, fetchFromGitHub, pkg-config, qmake, qtx11extras, qttools, mpv }: mkDerivation rec { pname = "mpc-qt"; - version = "2019-06-09"; + version = "22.02"; - src = fetchFromGitLab { + src = fetchFromGitHub { owner = "mpc-qt"; repo = "mpc-qt"; - rev = "2abe6e7fc643068d50522468fe75d614861555ad"; - sha256 = "1cis8dl9pm91mpnp696zvwsfp96gkwr8jgs45anbwd7ldw78w4x5"; + rev = "v${version}"; + sha256 = "sha256-DRbNDrWnaTT4A0dRFAv9MX/MDwV/rXIw+R8fQJmVN+g="; }; - patches = [ - (fetchpatch { - url = "https://gitlab.com/mpc-qt/mpc-qt/-/commit/02f2bc7a22e863a89ba322b9acb61cf1aef23ba0.diff"; - sha256 = "0khld55i194zgi18d0wch5459lfzzkbfdbl1im8akvq8ks5xijis"; - }) - ]; - nativeBuildInputs = [ pkg-config qmake qttools ]; buildInputs = [ mpv qtx11extras ]; @@ -26,7 +19,7 @@ mkDerivation rec { meta = with lib; { description = "Media Player Classic Qute Theater"; - homepage = "https://gitlab.com/mpc-qt/mpc-qt"; + homepage = "https://mpc-qt.github.io"; license = licenses.gpl2; platforms = platforms.unix; broken = stdenv.isDarwin; From 0f42a04eb04fbcfd6df50930a739bb1e67effd2a Mon Sep 17 00:00:00 2001 From: Ian Kerins Date: Sun, 15 May 2022 16:41:01 -0400 Subject: [PATCH 20/24] nitter: compile markdown This currently compiles about.html, served at /about. This step was added upstream in 8c2e0c66e271673a9dfe0bad22b523e4d2799049. --- pkgs/servers/nitter/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/servers/nitter/default.nix b/pkgs/servers/nitter/default.nix index a0115440b6e..96547b87b36 100644 --- a/pkgs/servers/nitter/default.nix +++ b/pkgs/servers/nitter/default.nix @@ -29,6 +29,7 @@ nimPackages.buildNimPackage rec { postBuild = '' nim c --hint[Processing]:off -r tools/gencss + nim c --hint[Processing]:off -r tools/rendermd ''; postInstall = '' From 8ef6c2bbf8e22216610cd6e935f424ccea759db4 Mon Sep 17 00:00:00 2001 From: Ian Kerins Date: Sun, 15 May 2022 17:51:18 -0400 Subject: [PATCH 21/24] nitter: unstable-2022-03-21 -> unstable-2022-05-13 Bump dependencies to match upstream. Closes #169525. --- pkgs/development/nim-packages/jsony/default.nix | 4 ++-- pkgs/development/nim-packages/supersnappy/default.nix | 4 ++-- pkgs/servers/nitter/default.nix | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pkgs/development/nim-packages/jsony/default.nix b/pkgs/development/nim-packages/jsony/default.nix index 9a4808e3636..bf8cf5d5c7f 100644 --- a/pkgs/development/nim-packages/jsony/default.nix +++ b/pkgs/development/nim-packages/jsony/default.nix @@ -2,13 +2,13 @@ buildNimPackage rec { pname = "jsony"; - version = "1.1.3"; + version = "d0e69bddf83874e15b5c2f52f8b1386ac080b443"; src = fetchFromGitHub { owner = "treeform"; repo = pname; rev = version; - hash = "sha256-jtUCoqwCmE536Kpv/vZxGgqiHyReZf1WOiBdUzmMhM4="; + sha256 = "1p250wb97nzz2g0vvq6mn521fx7sn1jpk1ralbzqh5q8clh4g7wr"; }; doCheck = true; diff --git a/pkgs/development/nim-packages/supersnappy/default.nix b/pkgs/development/nim-packages/supersnappy/default.nix index 471543eca41..f2f8205d828 100644 --- a/pkgs/development/nim-packages/supersnappy/default.nix +++ b/pkgs/development/nim-packages/supersnappy/default.nix @@ -3,6 +3,6 @@ fetchFromGitHub { owner = "guzba"; repo = "supersnappy"; - rev = "1.1.5"; - sha256 = "1y26sgnszvdf5sn7j0jx2dpd4i03mvbk9i9ni9kbyrs798bjwi6z"; + rev = "2.1.1"; + sha256 = "03df1qgrbp84swhqy12ansyn951lkaw0kf1arbnki4fkgdnqdamf"; } diff --git a/pkgs/servers/nitter/default.nix b/pkgs/servers/nitter/default.nix index 96547b87b36..3931f5b3281 100644 --- a/pkgs/servers/nitter/default.nix +++ b/pkgs/servers/nitter/default.nix @@ -2,14 +2,14 @@ nimPackages.buildNimPackage rec { pname = "nitter"; - version = "unstable-2022-03-21"; + version = "unstable-2022-05-13"; nimBinOnly = true; src = fetchFromGitHub { owner = "zedeus"; repo = "nitter"; - rev = "6884f05041a9b8619ec709afacdfdd6482a120a0"; - sha256 = "1mnc6jqljpqp9lgcrxxvf3aiswssr34v139cxfbwlmj45swmsazh"; + rev = "683c052036b268028f0ecae020a1519bc586516d"; + sha256 = "179z66jlwbdarrgvpdh8aqy2ihkiakd22wqydrfgpsgr59ma8fgl"; }; buildInputs = with nimPackages; [ From 560ca02280cea47c8ad70dd0aeadd667bc55a5c2 Mon Sep 17 00:00:00 2001 From: Ian Kerins Date: Sun, 15 May 2022 13:09:53 -0400 Subject: [PATCH 22/24] nixos/nitter: update example configuration file URL It was moved. --- nixos/modules/services/misc/nitter.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/misc/nitter.nix b/nixos/modules/services/misc/nitter.nix index 97005c9d914..5bf0e6bc008 100644 --- a/nixos/modules/services/misc/nitter.nix +++ b/nixos/modules/services/misc/nitter.nix @@ -277,7 +277,7 @@ in Add settings here to override NixOS module generated settings. Check the official repository for the available settings: - https://github.com/zedeus/nitter/blob/master/nitter.conf + https://github.com/zedeus/nitter/blob/master/nitter.example.conf ''; }; From 4c0c8ac7fe0caca8655e2e75807bac1a4cf0fbe6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 16 May 2022 18:27:11 +0200 Subject: [PATCH 23/24] rc: fixup build There was a race between update (db93a10d817) and adding strictDeps = true; (ea79263e608). --- pkgs/shells/rc/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/shells/rc/default.nix b/pkgs/shells/rc/default.nix index b0caea99875..5783607751a 100644 --- a/pkgs/shells/rc/default.nix +++ b/pkgs/shells/rc/default.nix @@ -14,10 +14,10 @@ stdenv.mkDerivation rec { }; strictDeps = true; - nativeBuildInputs = [ autoreconfHook ]; + nativeBuildInputs = [ autoreconfHook byacc ]; # acinclude.m4 wants headers for tgetent(). - buildInputs = [ byacc ncurses ] + buildInputs = [ ncurses ] ++ lib.optionals readlineSupport [ readline ]; configureFlags = [ From 0659e76d17ec294b07bd78e6f071ef360b89b73d Mon Sep 17 00:00:00 2001 From: Vincent Laporte Date: Mon, 9 May 2022 16:34:48 +0200 Subject: [PATCH 24/24] =?UTF-8?q?ocamlPackages.merlin:=204.4=20=E2=86=92?= =?UTF-8?q?=204.5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/development/tools/ocaml/merlin/4.x.nix | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/pkgs/development/tools/ocaml/merlin/4.x.nix b/pkgs/development/tools/ocaml/merlin/4.x.nix index 635273bcfd2..b5100afee98 100644 --- a/pkgs/development/tools/ocaml/merlin/4.x.nix +++ b/pkgs/development/tools/ocaml/merlin/4.x.nix @@ -15,12 +15,13 @@ }: let - merlinVersion = "4.4"; + merlinVersion = "4.5"; hashes = { - "4.4-411" = "sha256:0chx28098mmnjbnaz5wgzsn82rh1w9dhzqmsykb412cq13msl1q4"; - "4.4-412" = "sha256:18xjpsiz7xbgjdnsxfc52l7yfh22harj0birlph4xm42d14pkn0n"; - "4.4-413" = "sha256:1ilmh2gqpwgr51w2ba8r0s5zkj75h00wkw4az61ssvivn9jxr7k0"; + "4.5-411" = "sha256:05nz6y7r91rh0lj8b6xdv3s3yknmvjc7y60v17kszgqnr887bvpn"; + "4.5-412" = "sha256:0i5c3rfzinmwdjya7gv94zyknsm32qx9dlg472xpfqivwvnnhf1z"; + "4.5-413" = "sha256:1sphq9anfg1qzrvj7hdcqflj6cmc1qiyfkljhng9fxnnr0i7550s"; + "4.5-414" = "sha256:13h588kwih05zd9p3p7q528q4zc0d1l983kkvbmkxgay5d17nn1i"; }; ocamlVersionShorthand = lib.concatStrings @@ -55,8 +56,6 @@ buildDunePackage { ./test.patch ; - useDune2 = true; - strictDeps = true; nativeBuildInputs = [