kookie
/
nomicon
1
0
Fork 0
Code Issues Projects Releases 1 Activity

Merge staging-next into staging

Browse Source
wip/yesman
Frederik Rietdijk 5 years ago
parent fa9015f511 8abe5ee07e
commit f0a4305e0a
670 changed files with 16150 additions and 9838 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 13
      doc/meta.xml
  2. 14
      doc/stdenv.xml
  3. 3
      lib/systems/examples.nix
  4. 100
      maintainers/maintainer-list.nix
  5. 4
      maintainers/scripts/luarocks-packages.csv
  6. 24
      maintainers/scripts/update-luarocks-packages
  7. 86
      nixos/modules/config/malloc.nix
  8. 2
      nixos/modules/misc/ids.nix
  9. 3
      nixos/modules/module-list.nix
  10. 2
      nixos/modules/profiles/hardened.nix
  11. 19
      nixos/modules/programs/xss-lock.nix
  12. 18
      nixos/modules/programs/zmap.nix
  13. 3
      nixos/modules/rename.nix
  14. 2
      nixos/modules/security/apparmor.nix
  15. 18
      nixos/modules/security/misc.nix
  16. 38
      nixos/modules/security/rngd.nix
  17. 27
      nixos/modules/services/backup/znapzend.nix
  18. 43
      nixos/modules/services/logging/journalbeat.nix
  19. 185
      nixos/modules/services/misc/paperless.nix
  20. 19
      nixos/modules/services/monitoring/vnstat.nix
  21. 20
      nixos/modules/services/security/fprintd.nix
  22. 5
      nixos/modules/services/x11/display-managers/lightdm.nix
  23. 9
      nixos/modules/services/x11/display-managers/sddm.nix
  24. 314
      nixos/modules/system/boot/binfmt.nix
  25. 3
      nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
  26. 175
      nixos/modules/system/boot/luksroot.nix
  27. 5
      nixos/modules/system/boot/resolved.nix
  28. 13
      nixos/modules/virtualisation/docker-containers.nix
  29. 2
      nixos/modules/virtualisation/virtualbox-host.nix
  30. 1
      nixos/tests/all-tests.nix
  31. 7
      nixos/tests/docker-tools.nix
  32. 61
      nixos/tests/elk.nix
  33. 2
      nixos/tests/gitea.nix
  34. 37
      nixos/tests/hardened.nix
  35. 29
      nixos/tests/paperless.nix
  36. 42
      nixos/tests/virtualbox.nix
  37. 36
      nixos/tests/xss-lock.nix
  38. 40
      pkgs/applications/audio/freewheeling/am_path_sdl.patch
  39. 13
      pkgs/applications/audio/freewheeling/xml.patch
  40. 4
      pkgs/applications/audio/mopidy/iris.nix
  41. 8
      pkgs/applications/audio/qmmp/default.nix
  42. 5
      pkgs/applications/audio/vcv-rack/default.nix
  43. 8
      pkgs/applications/editors/android-studio/default.nix
  44. 6
      pkgs/applications/editors/howl/default.nix
  45. 8
      pkgs/applications/editors/jetbrains/default.nix
  46. 4
      pkgs/applications/editors/neovim/default.nix
  47. 15
      pkgs/applications/editors/rstudio/fix-cmake.patch
  48. 9
      pkgs/applications/graphics/digikam/default.nix
  49. 3
      pkgs/applications/graphics/gimp/wrapper.nix
  50. 4
      pkgs/applications/graphics/ipe/default.nix
  51. 25
      pkgs/applications/graphics/openscad/default.nix
  52. 4
      pkgs/applications/graphics/renderdoc/default.nix
  53. 6
      pkgs/applications/kde/kgpg.nix
  54. 7
      pkgs/applications/misc/audio/sox/default.nix
  55. 45
      pkgs/applications/misc/bemenu/default.nix
  56. 12
      pkgs/applications/misc/calcurse/default.nix
  57. 43
      pkgs/applications/misc/electrum/default.nix
  58. 21
      pkgs/applications/misc/gallery-dl/default.nix
  59. 22
      pkgs/applications/misc/gpsbabel/clang-4.patch
  60. 5
      pkgs/applications/misc/gpsbabel/default.nix
  61. 1
      pkgs/applications/misc/hello/default.nix
  62. 9
      pkgs/applications/misc/hubstaff/default.nix
  63. 5
      pkgs/applications/misc/hubstaff/revision.json
  64. 18
      pkgs/applications/misc/hubstaff/update.sh
  65. 4
      pkgs/applications/misc/josm/default.nix
  66. 23
      pkgs/applications/misc/k2pdfopt/default.nix
  67. 95
      pkgs/applications/misc/k2pdfopt/leptonica-CVE-2018-3836.patch
  68. 15
      pkgs/applications/misc/kitty/default.nix
  69. 8
      pkgs/applications/misc/moonlight-embedded/default.nix
  70. 19
      pkgs/applications/misc/octoprint/default.nix
  71. 4
      pkgs/applications/misc/playonlinux/default.nix
  72. 25
      pkgs/applications/misc/pstree/default.nix
  73. 6
      pkgs/applications/misc/taskell/default.nix
  74. 4
      pkgs/applications/misc/tilix/default.nix
  75. 4
      pkgs/applications/misc/tzupdate/default.nix
  76. 10
      pkgs/applications/misc/zathura/core/default.nix
  77. 3
      pkgs/applications/misc/zathura/default.nix
  78. 4
      pkgs/applications/misc/zathura/pdf-mupdf/default.nix
  79. 794
      pkgs/applications/networking/browsers/firefox-bin/beta_sources.nix
  80. 794
      pkgs/applications/networking/browsers/firefox-bin/release_sources.nix
  81. 77
      pkgs/applications/networking/browsers/firefox/fix-debug.patch
  82. 16
      pkgs/applications/networking/browsers/firefox/packages.nix
  83. 4
      pkgs/applications/networking/browsers/qutebrowser/default.nix
  84. 4
      pkgs/applications/networking/browsers/vivaldi/default.nix
  85. 6
      pkgs/applications/networking/cluster/minikube/default.nix
  86. 152
      pkgs/applications/networking/cluster/terraform-providers/data.nix
  87. 4
      pkgs/applications/networking/cluster/terraform/default.nix
  88. 28
      pkgs/applications/networking/instant-messengers/chatterino2/default.nix
  89. 6
      pkgs/applications/networking/instant-messengers/rambox/bare.nix
  90. 2
      pkgs/applications/networking/instant-messengers/riot/riot-desktop-package.json
  91. 4
      pkgs/applications/networking/instant-messengers/riot/riot-desktop.nix
  92. 4
      pkgs/applications/networking/instant-messengers/riot/riot-web.nix
  93. 9
      pkgs/applications/networking/instant-messengers/slack/default.nix
  94. 8
      pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix
  95. 10
      pkgs/applications/networking/mailreaders/notmuch/default.nix
  96. 4
      pkgs/applications/networking/p2p/qbittorrent/default.nix
  97. 4
      pkgs/applications/networking/p2p/tixati/default.nix
  98. 6
      pkgs/applications/networking/sniffers/wireshark/default.nix
  99. 4
      pkgs/applications/networking/syncthing/default.nix
  100. 15
      pkgs/applications/networking/vnstat/default.nix
  101. Some files were not shown because too many files have changed in this diff Show More

13
doc/meta.xml
Unescape View File

@ -150,6 +150,19 @@ hello-2.3 A program that produces a familiar, friendly greeting
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<varname>changelog</varname>
</term>
<listitem>
<para>
A link or a list of links to the location of Changelog for a package.
A link may use expansion to refer to the correct changelog version.
Example:
<literal>"https://git.savannah.gnu.org/cgit/hello.git/plain/NEWS?h=v${version}"</literal>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<varname>license</varname>

14
doc/stdenv.xml
Unescape View File

@ -2643,9 +2643,7 @@ addEnvHooks "$hostOffset" myBashFunction
At <filename>/var/lib/cntr</filename> the sandboxed filesystem is
mounted. All commands and files of the system are still accessible
within the shell. To execute commands from the sandbox use the cntr exec
subcommand. Note that <command>cntr</command> also needs to be executed
on the machine that is doing the build, which might not be the case when
remote builders are enabled. <command>cntr</command> is only supported
subcommand. <command>cntr</command> is only supported
on Linux-based platforms. To use it first add <literal>cntr</literal> to
your <literal>environment.systemPackages</literal> on NixOS or
alternatively to the root user on non-NixOS systems. Then in the package
@ -2657,6 +2655,16 @@ addEnvHooks "$hostOffset" myBashFunction
When a build failure happens there will be an instruction printed that
shows how to attach with <literal>cntr</literal> to the build sandbox.
</para>
<note>
<title>Caution with remote builds</title>
<para>
This won't work with remote builds as the build environment is on
a different machine and can't be accessed by <command>cntr</command>.
Remote builds can be turned off by setting <literal>--option builders ''</literal>
for <command>nix-build</command> or <literal>--builders ''</literal> for
<command>nix build</command>.
</para>
</note>
</listitem>
</varlistentry>
<varlistentry>

3
lib/systems/examples.nix
Unescape View File

@ -88,6 +88,9 @@ rec {
config = "aarch64-unknown-linux-musl";
};
gnu64 = { config = "x86_64-unknown-linux-gnu"; };
gnu32 = { config = "i686-unknown-linux-gnu"; };
musl64 = { config = "x86_64-unknown-linux-musl"; };
musl32 = { config = "i686-unknown-linux-musl"; };

100
maintainers/maintainer-list.nix
Unescape View File

@ -1100,6 +1100,11 @@
github = "cwoac";
name = "Oliver Matthews";
};
dalance = {
email = "dalance@gmail.com";
github = "dalance";
name = "Naoya Hatta";
};
DamienCassou = {
email = "damien@cassou.me";
github = "DamienCassou";
@ -1164,6 +1169,11 @@
github = "davorb";
name = "Davor Babic";
};
dawidsowa = {
email = "dawid_sowa@posteo.net";
github = "dawidsowa";
name = "Dawid Sowa";
};
dbohdan = {
email = "dbohdan@dbohdan.com";
github = "dbohdan";
@ -1531,6 +1541,11 @@
github = "eqyiel";
name = "Ruben Maher";
};
eraserhd = {
email = "jason.m.felice@gmail.com";
github = "eraserhd";
name = "Jason Felice";
};
ericbmerritt = {
email = "eric@afiniate.com";
github = "ericbmerritt";
@ -1732,6 +1747,11 @@
github = "freepotion";
name = "Free Potion";
};
freezeboy = {
email = "freezeboy@users.noreply.github.com";
github = "freezeboy";
name = "freezeboy";
};
Fresheyeball = {
email = "fresheyeball@gmail.com";
github = "fresheyeball";
@ -2588,6 +2608,11 @@
github = "knl";
name = "Nikola Knežević";
};
kolaente = {
email = "k@knt.li";
github = "kolaente";
name = "Konrad Langenberg";
};
konimex = {
email = "herdiansyah@netc.eu";
github = "konimex";
@ -3188,6 +3213,11 @@
github = "mimadrid";
name = "Miguel Madrid";
};
minijackson = {
email = "minijackson@riseup.net";
github = "minijackson";
name = "Rémi Nicole";
};
mirdhyn = {
email = "mirdhyn@gmail.com";
github = "mirdhyn";
@ -3318,6 +3348,11 @@
github = "fstamour";
name = "Francis St-Amour";
};
mredaelli = {
email = "massimo@typish.io";
github = "mredaelli";
name = "Massimo Redaelli";
};
mrkkrp = {
email = "markkarpov92@gmail.com";
github = "mrkkrp";
@ -4111,6 +4146,11 @@
github = "retrry";
name = "Tadas Barzdžius";
};
rexim = {
email = "reximkut@gmail.com";
github = "rexim";
name = "Alexey Kutepov";
};
rht = {
email = "rhtbot@protonmail.com";
github = "rht";
@ -4449,6 +4489,11 @@
github = "shawndellysse";
name = "Shawn Dellysse";
};
shazow = {
email = "andrey.petrov@shazow.net";
github = "shazow";
name = "Andrey Petrov";
};
sheenobu = {
email = "sheena.artrip@gmail.com";
github = "sheenobu";
@ -4469,6 +4514,11 @@
github = "shlevy";
name = "Shea Levy";
};
shmish111 = {
email = "shmish111@gmail.com";
github = "shmish111";
name = "David Smith";
};
shou = {
email = "x+g@shou.io";
github = "Shou";
@ -4634,6 +4684,11 @@
github = "srghma";
name = "Sergei Khoma";
};
srgom = {
email = "srgom@users.noreply.github.com";
github = "srgom";
name = "SRGOM";
};
srhb = {
email = "sbrofeldt@gmail.com";
github = "srhb";
@ -4858,6 +4913,11 @@
github = "terlar";
name = "Terje Larsen";
};
tesq0 = {
email = "mikolaj.galkowski@gmail.com";
github = "tesq0";
name = "Mikolaj Galkowski";
};
teto = {
email = "mcoudron@hotmail.com";
github = "teto";
@ -4907,6 +4967,11 @@
github = "ctheune";
name = "Christian Theune";
};
thiagokokada = {
email = "thiagokokada@gmail.com";
github = "thiagokokada";
name = "Thiago K. Okada";
};
ThomasMader = {
email = "thomas.mader@gmail.com";
github = "ThomasMader";
@ -5341,6 +5406,11 @@
github = "xaverdh";
name = "Dominik Xaver Hörl";
};
xbreak = {
email = "xbreak@alphaware.se";
github = "xbreak";
name = "Calle Rosenquist";
};
xeji = {
email = "xeji@cat3.de";
github = "xeji";
@ -5525,34 +5595,4 @@
github = "zzamboni";
name = "Diego Zamboni";
};
mredaelli = {
email = "massimo@typish.io";
github = "mredaelli";
name = "Massimo Redaelli";
};
shmish111 = {
email = "shmish111@gmail.com";
github = "shmish111";
name = "David Smith";
};
minijackson = {
email = "minijackson@riseup.net";
github = "minijackson";
name = "Rémi Nicole";
};
shazow = {
email = "andrey.petrov@shazow.net";
github = "shazow";
name = "Andrey Petrov";
};
freezeboy = {
email = "freezeboy@users.noreply.github.com";
github = "freezeboy";
name = "freezeboy";
};
tesq0 = {
email = "mikolaj.galkowski@gmail.com";
github = "tesq0";
name = "Mikolaj Galkowski";
};
}

4
maintainers/scripts/luarocks-packages.csv
Unescape View File

@ -2,9 +2,12 @@
ansicolors,
argparse,
basexx,
binaryheap,
dkjson
fifo
http
inspect
ldoc
lgi
lpeg_patterns
lpty
@ -22,6 +25,7 @@ luaevent,
luacheck
luaffi,,http://luarocks.org/dev,
luuid,
markdown,
penlight,
rapidjson,
say,

1 # nix name, luarocks name, server, version/additionnal args
2 ansicolors,
3 argparse,
4 basexx,
5 binaryheap,
6 dkjson
7 fifo
8 http
9 inspect
10 ldoc
11 lgi
12 lpeg_patterns
13 lpty
25 luacheck
26 luaffi,,http://luarocks.org/dev,
27 luuid,
28 markdown,
29 penlight,
30 rapidjson,
31 say,

24
maintainers/scripts/update-luarocks-packages
Unescape View File

@ -76,11 +76,7 @@ FOOTER="
function convert_pkg () {
nix_pkg_name="$1"
lua_pkg_name="$2"
server=""
if [ ! -z "$3" ]; then
server=" --server=$3"
fi
server="${3:+--server=$3}"
version="${4:-}"
echo "looking at $lua_pkg_name (version $version) from server [$server]" >&2
@ -101,15 +97,15 @@ echo "$HEADER" | tee "$TMP_FILE"
# name,server,version
while IFS=, read -r nix_pkg_name lua_pkg_name server version
do
if [ "${nix_pkg_name:0:1}" == "#" ]; then
echo "Skipping comment ${nix_pkg_name}" >&2
continue
fi
if [ -z "$lua_pkg_name" ]; then
echo "Using nix_name as lua_pkg_name" >&2
lua_pkg_name="$nix_pkg_name"
fi
convert_pkg "$nix_pkg_name" "$lua_pkg_name" "$server" "$version"
if [ "${nix_pkg_name:0:1}" == "#" ]; then
echo "Skipping comment ${nix_pkg_name}" >&2
continue
fi
if [ -z "$lua_pkg_name" ]; then
echo "Using nix_name as lua_pkg_name" >&2
lua_pkg_name="$nix_pkg_name"
fi
convert_pkg "$nix_pkg_name" "$lua_pkg_name" "$server" "$version"
done < "$CSV_FILE"
# close the set

86
nixos/modules/config/malloc.nix
Unescape View File

@ -0,0 +1,86 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.environment.memoryAllocator;
# The set of alternative malloc(3) providers.
providers = {
"graphene-hardened" = rec {
libPath = "${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc.so";
description = ''
An allocator designed to mitigate memory corruption attacks, such as
those caused by use-after-free bugs.
'';
};
"jemalloc" = {
libPath = "${pkgs.jemalloc}/lib/libjemalloc.so";
description = ''
A general purpose allocator that emphasizes fragmentation avoidance
and scalable concurrency support.
'';
};
};
providerConf = providers."${cfg.provider}";
# An output that contains only the shared library, to avoid
# needlessly bloating the system closure
mallocLib = pkgs.runCommand "malloc-provider-${cfg.provider}"
rec {
preferLocalBuild = true;
allowSubstitutes = false;
origLibPath = providerConf.libPath;
libName = baseNameOf origLibPath;
}
''
mkdir -p $out/lib
cp -L $origLibPath $out/lib/$libName
'';
# The full path to the selected provider shlib.
providerLibPath = "${mallocLib}/lib/${mallocLib.libName}";
in
{
meta = {
maintainers = [ maintainers.joachifm ];
};
options = {
environment.memoryAllocator.provider = mkOption {
type = types.enum ([ "libc" ] ++ attrNames providers);
default = "libc";
description = ''
The system-wide memory allocator.
Briefly, the system-wide memory allocator providers are:
<itemizedlist>
<listitem><para><literal>libc</literal>: the standard allocator provided by libc</para></listitem>
${toString (mapAttrsToList
(name: value: "<listitem><para><literal>${name}</literal>: ${value.description}</para></listitem>")
providers)}
</itemizedlist>
<warning>
<para>
Selecting an alternative allocator (i.e., anything other than
<literal>libc</literal>) may result in instability, data loss,
and/or service failure.
</para>
</warning>
<note>
<para>
Changing this option does not affect the current session.
</para>
</note>
'';
};
};
config = mkIf (cfg.provider != "libc") {
environment.variables.LD_PRELOAD = providerLibPath;
};
}

2
nixos/modules/misc/ids.nix
Unescape View File

@ -339,6 +339,7 @@
rss2email = 312;
cockroachdb = 313;
zoneminder = 314;
paperless = 315;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -638,6 +639,7 @@
rss2email = 312;
cockroachdb = 313;
zoneminder = 314;
paperless = 315;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

3
nixos/modules/module-list.nix
Unescape View File

@ -19,6 +19,7 @@
./config/iproute2.nix
./config/krb5/default.nix
./config/ldap.nix
./config/malloc.nix
./config/networking.nix
./config/no-x-libs.nix
./config/nsswitch.nix
@ -144,6 +145,7 @@
./programs/xonsh.nix
./programs/xss-lock.nix
./programs/yabar.nix
./programs/zmap.nix
./programs/zsh/oh-my-zsh.nix
./programs/zsh/zsh.nix
./programs/zsh/zsh-autoenv.nix
@ -435,6 +437,7 @@
./services/misc/octoprint.nix
./services/misc/osrm.nix
./services/misc/packagekit.nix
./services/misc/paperless.nix
./services/misc/parsoid.nix
./services/misc/phd.nix
./services/misc/plex.nix

2
nixos/modules/profiles/hardened.nix
Unescape View File

@ -14,6 +14,8 @@ with lib;
nix.allowedUsers = mkDefault [ "@users" ];
environment.memoryAllocator.provider = mkDefault "graphene-hardened";
security.hideProcessInformation = mkDefault true;
security.lockKernelModules = mkDefault true;

19
nixos/modules/programs/xss-lock.nix
Unescape View File

@ -8,12 +8,23 @@ in
{
options.programs.xss-lock = {
enable = mkEnableOption "xss-lock";
lockerCommand = mkOption {
default = "${pkgs.i3lock}/bin/i3lock";
example = literalExample ''''${pkgs.i3lock-fancy}/bin/i3lock-fancy'';
type = types.string;
description = "Locker to be used with xsslock";
};
extraOptions = mkOption {
default = [ ];
example = [ "--ignore-sleep" ];
type = types.listOf types.str;
description = ''
Additional command-line arguments to pass to
<command>xss-lock</command>.
'';
};
};
config = mkIf cfg.enable {
@ -21,7 +32,13 @@ in
description = "XSS Lock Daemon";
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
serviceConfig.ExecStart = "${pkgs.xss-lock}/bin/xss-lock ${cfg.lockerCommand}";
serviceConfig.ExecStart = with lib;
strings.concatStringsSep " " ([
"${pkgs.xss-lock}/bin/xss-lock"
] ++ (map escapeShellArg cfg.extraOptions) ++ [
"--"
cfg.lockerCommand
]);
};
};
}

18
nixos/modules/programs/zmap.nix
Unescape View File

@ -0,0 +1,18 @@
{ pkgs, config, lib, ... }:
with lib;
let
cfg = config.programs.zmap;
in {
options.programs.zmap = {
enable = mkEnableOption "ZMap";
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.zmap ];
environment.etc."zmap/blacklist.conf".source = "${pkgs.zmap}/etc/zmap/blacklist.conf";
environment.etc."zmap/zmap.conf".source = "${pkgs.zmap}/etc/zmap.conf";
};
}

3
nixos/modules/rename.nix
Unescape View File

@ -234,6 +234,9 @@ with lib;
(mkRenamedOptionModule [ "hardware" "ckb" "enable" ] [ "hardware" "ckb-next" "enable" ])
(mkRenamedOptionModule [ "hardware" "ckb" "package" ] [ "hardware" "ckb-next" "package" ])
# binfmt
(mkRenamedOptionModule [ "boot" "binfmtMiscRegistrations" ] [ "boot" "binfmt" "registrations" ])
] ++ (flip map [ "blackboxExporter" "collectdExporter" "fritzboxExporter"
"jsonExporter" "minioExporter" "nginxExporter" "nodeExporter"
"snmpExporter" "unifiExporter" "varnishExporter" ]

2
nixos/modules/security/apparmor.nix
Unescape View File

@ -29,6 +29,8 @@ in
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.apparmor-utils ];
boot.kernelParams = [ "apparmor=1" "security=apparmor" ];
systemd.services.apparmor = let
paths = concatMapStrings (s: " -I ${s}/etc/apparmor.d")
([ pkgs.apparmor-profiles ] ++ cfg.packages);

18
nixos/modules/security/misc.nix
Unescape View File

@ -13,23 +13,17 @@ with lib;
default = true;
description = ''
Whether to allow creation of user namespaces.
</para>
<para>
The motivation for disabling user namespaces is the potential
presence of code paths where the kernel's permission checking
logic fails to account for namespacing, instead permitting a
namespaced process to act outside the namespace with the same
privileges as it would have inside it. This is particularly
damaging in the common case of running as root within the namespace.
</para>
<para>
When user namespace creation is disallowed, attempting to create a
user namespace fails with "no space left on device" (ENOSPC).
root may re-enable user namespace creation at runtime.
</para>
<para>
'';
};
@ -48,21 +42,15 @@ with lib;
Whether to allow SMT/hyperthreading. Disabling SMT means that only
physical CPU cores will be usable at runtime, potentially at
significant performance cost.
</para>
<para>
The primary motivation for disabling SMT is to mitigate the risk of
leaking data between threads running on the same CPU core (due to
e.g., shared caches). This attack vector is unproven.
</para>
<para>
Disabling SMT is a supplement to the L1 data cache flushing mitigation
(see <xref linkend="opt-security.virtualization.flushL1DataCache"/>)
versus malicious VM guests (SMT could "bring back" previously flushed
data).
</para>
<para>
'';
};
@ -73,10 +61,8 @@ with lib;
Whether the hypervisor should flush the L1 data cache before
entering guests.
See also <xref linkend="opt-security.allowSimultaneousMultithreading"/>.
</para>
<para>
<variablelist>
<variablelist>
<varlistentry>
<term><literal>null</literal></term>
<listitem><para>uses the kernel default</para></listitem>
@ -98,7 +84,7 @@ with lib;
enters the guest. May incur significant performance cost.
</para></listitem>
</varlistentry>
</variablelist>
</variablelist>
'';
};
};

38
nixos/modules/security/rngd.nix
Unescape View File

@ -2,20 +2,30 @@
with lib;
let
cfg = config.security.rngd;
in
{
options = {
security.rngd.enable = mkOption {
type = types.bool;
default = true;
description = ''
Whether to enable the rng daemon, which adds entropy from
hardware sources of randomness to the kernel entropy pool when
available.
'';
security.rngd = {
enable = mkOption {
type = types.bool;
default = true;
description = ''
Whether to enable the rng daemon, which adds entropy from
hardware sources of randomness to the kernel entropy pool when
available.
'';
};
debug = mkOption {
type = types.bool;
default = false;
description = "Whether to enable debug output (-d).";
};
};
};
config = mkIf config.security.rngd.enable {
config = mkIf cfg.enable {
services.udev.extraRules = ''
KERNEL=="random", TAG+="systemd"
SUBSYSTEM=="cpu", ENV{MODALIAS}=="cpu:type:x86,*feature:*009E*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
@ -29,7 +39,15 @@ with lib;
description = "Hardware RNG Entropy Gatherer Daemon";
serviceConfig.ExecStart = "${pkgs.rng-tools}/sbin/rngd -f";
serviceConfig = {
ExecStart = "${pkgs.rng-tools}/sbin/rngd -f"
+ optionalString cfg.debug " -d";
NoNewPrivileges = true;
PrivateNetwork = true;
PrivateTmp = true;
ProtectSystem = "full";
ProtectHome = true;
};
};
};
}

27
nixos/modules/services/backup/znapzend.nix
Unescape View File

@ -7,28 +7,23 @@ let
planDescription = ''
The znapzend backup plan to use for the source.
</para>
<para>
The plan specifies how often to backup and for how long to keep the
backups. It consists of a series of retention periodes to interval
associations:
</para>
<para>
<literal>
retA=>intA,retB=>intB,...
</literal>
</para>
<para>
Both intervals and retention periods are expressed in standard units
of time or multiples of them. You can use both the full name or a
shortcut according to the following listing:
</para>
<para>
Both intervals and retention periods are expressed in standard units
of time or multiples of them. You can use both the full name or a
shortcut according to the following listing:
<literal>
second|sec|s, minute|min, hour|h, day|d, week|w, month|mon|m, year|y
</literal>
</para>
<para>
See <citerefentry><refentrytitle>znapzendzetup</refentrytitle><manvolnum>1</manvolnum></citerefentry> for more info.
'';
planExample = "1h=>10min,1d=>1h,1w=>1d,1m=>1w,1y=>1m";
@ -139,12 +134,10 @@ let
type = nullOr ints.u16;
description = ''
Port to use for <command>mbuffer</command>.
</para>
<para>
If this is null, it will run <command>mbuffer</command> through
ssh.
</para>
<para>
If this is not null, it will run <command>mbuffer</command>
directly through TCP, which is not encrypted but faster. In that
case the given port needs to be open on the destination host.

43
nixos/modules/services/logging/journalbeat.nix
Unescape View File

@ -5,11 +5,13 @@ with lib;
let
cfg = config.services.journalbeat;
lt6 = builtins.compareVersions cfg.package.version "6" < 0;
journalbeatYml = pkgs.writeText "journalbeat.yml" ''
name: ${cfg.name}
tags: ${builtins.toJSON cfg.tags}
journalbeat.cursor_state_file: ${cfg.stateDir}/cursor-state
${optionalString lt6 "journalbeat.cursor_state_file: /var/lib/${cfg.stateDir}/cursor-state"}
${cfg.extraConfig}
'';
@ -22,6 +24,16 @@ in
enable = mkEnableOption "journalbeat";
package = mkOption {
type = types.package;
default = pkgs.journalbeat;
defaultText = "pkgs.journalbeat";
example = literalExample "pkgs.journalbeat7";
description = ''
The journalbeat package to use
'';
};
name = mkOption {
type = types.str;
default = "journalbeat";
@ -36,13 +48,17 @@ in
stateDir = mkOption {
type = types.str;
default = "/var/lib/journalbeat";
description = "The state directory. Journalbeat's own logs and other data are stored here.";
default = "journalbeat";
description = ''
Directory below <literal>/var/lib/</literal> to store journalbeat's
own logs and other data. This directory will be created automatically
using systemd's StateDirectory mechanism.
'';
};
extraConfig = mkOption {
type = types.lines;
default = ''
default = optionalString lt6 ''
journalbeat:
seek_position: cursor
cursor_seek_fallback: tail
@ -61,7 +77,16 @@ in
config = mkIf cfg.enable {
systemd.services.journalbeat = with pkgs; {
assertions = [
{
assertion = !hasPrefix "/" cfg.stateDir;
message =
"The option services.journalbeat.stateDir shouldn't be an absolute directory." +
" It should be a directory relative to /var/lib/.";
}
];
systemd.services.journalbeat = {
description = "Journalbeat log shipper";
wantedBy = [ "multi-user.target" ];
preStart = ''
@ -69,7 +94,13 @@ in
mkdir -p ${cfg.stateDir}/logs
'';
serviceConfig = {
ExecStart = "${pkgs.journalbeat}/bin/journalbeat -c ${journalbeatYml} -path.data ${cfg.stateDir}/data -path.logs ${cfg.stateDir}/logs";
StateDirectory = cfg.stateDir;
ExecStart = ''
${cfg.package}/bin/journalbeat \
-c ${journalbeatYml} \
-path.data /var/lib/${cfg.stateDir}/data \
-path.logs /var/lib/${cfg.stateDir}/logs'';
Restart = "always";
};
};
};

185
nixos/modules/services/misc/paperless.nix
Unescape View File

@ -0,0 +1,185 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.paperless;
defaultUser = "paperless";
manage = cfg.package.withConfig {
config = {
PAPERLESS_CONSUMPTION_DIR = cfg.consumptionDir;
PAPERLESS_INLINE_DOC = "true";
PAPERLESS_DISABLE_LOGIN = "true";
} // cfg.extraConfig;
inherit (cfg) dataDir ocrLanguages;
paperlessPkg = cfg.package;
};
in
{
options.services.paperless = {
enable = mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable Paperless.
When started, the Paperless database is automatically created if it doesn't
exist and updated if the Paperless package has changed.
Both tasks are achieved by running a Django migration.
'';
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/paperless";
description = "Directory to store the Paperless data.";
};
consumptionDir = mkOption {
type = types.str;
default = "${cfg.dataDir}/consume";
defaultText = "\${dataDir}/consume";
description = "Directory from which new documents are imported.";
};
consumptionDirIsPublic = mkOption {
type = types.bool;
default = false;
description = "Whether all users can write to the consumption dir.";
};
ocrLanguages = mkOption {
type = with types; nullOr (listOf string);
default = null;
description = ''
Languages available for OCR via Tesseract, specified as
<literal>ISO 639-2/T</literal> language codes.
If unset, defaults to all available languages.
'';
example = [ "eng" "spa" "jpn" ];
};
address = mkOption {
type = types.str;
default = "localhost";
description = "Server listening address.";
};
port = mkOption {
type = types.int;
default = 28981;
description = "Server port to listen on.";
};
extraConfig = mkOption {
type = types.attrs;
default = {};
description = ''
Extra paperless config options.
The config values are evaluated as double-quoted Bash string literals.
See <literal>paperless-src/paperless.conf.example</literal> for available options.
To enable user authentication, set <literal>PAPERLESS_DISABLE_LOGIN = "false"</literal>
and run the shell command <literal>$dataDir/paperless-manage createsuperuser</literal>.
To define secret options without storing them in /nix/store, use the following pattern:
<literal>PAPERLESS_PASSPHRASE = "$(&lt; /etc/my_passphrase_file)"</literal>
'';
example = literalExample ''
{
PAPERLESS_OCR_LANGUAGE = "deu";
}
'';
};
user = mkOption {
type = types.str;
default = defaultUser;
description = "User under which Paperless runs.";
};
package = mkOption {
type = types.package;
default = pkgs.paperless;
defaultText = "pkgs.paperless";
description = "The Paperless package to use.";
};
manage = mkOption {
type = types.package;
readOnly = true;
default = manage;
description = ''
A script to manage the Paperless instance.
It wraps Django's manage.py and is also available at
<literal>$dataDir/manage-paperless</literal>
'';
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' - ${cfg.user} ${cfg.user} - -"
] ++ (optional cfg.consumptionDirIsPublic
"d '${cfg.consumptionDir}' 777 ${cfg.user} ${cfg.user} - -"
# If the consumption dir is not created here, it's automatically created by
# 'manage' with the default permissions.
);
systemd.services.paperless-consumer = {
description = "Paperless document consumer";
serviceConfig = {
User = cfg.user;
ExecStart = "${manage} document_consumer";
Restart = "always";
};
after = [ "systemd-tmpfiles-setup.service" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
if [[ $(readlink ${cfg.dataDir}/paperless-manage) != ${manage} ]]; then
ln -sf ${manage} ${cfg.dataDir}/paperless-manage
fi
${manage.setupEnv}
# Auto-migrate on first run or if the package has changed
versionFile="$PAPERLESS_DBDIR/src-version"
if [[ $(cat "$versionFile" 2>/dev/null) != ${cfg.package} ]]; then
python $paperlessSrc/manage.py migrate
echo ${cfg.package} > "$versionFile"
fi
'';
};
systemd.services.paperless-server = {
description = "Paperless document server";
serviceConfig = {
User = cfg.user;
ExecStart = "${manage} runserver --noreload ${cfg.address}:${toString cfg.port}";
Restart = "always";
};
# Bind to `paperless-consumer` so that the server never runs
# during migrations
bindsTo = [ "paperless-consumer.service" ];
after = [ "paperless-consumer.service" ];
wantedBy = [ "multi-user.target" ];
};
users = optionalAttrs (cfg.user == defaultUser) {
users = [{
name = defaultUser;
group = defaultUser;
uid = config.ids.uids.paperless;
home = cfg.dataDir;
}];
groups = [{
name = defaultUser;
gid = config.ids.gids.paperless;
}];
};
};
}

19
nixos/modules/services/monitoring/vnstat.nix
Unescape View File

@ -28,14 +28,29 @@ in {
path = [ pkgs.coreutils ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
unitConfig.documentation = "man:vnstatd(1) man:vnstat(1) man:vnstat.conf(5)";
documentation = [
"man:vnstatd(1)"
"man:vnstat(1)"
"man:vnstat.conf(5)"
];
preStart = "chmod 755 /var/lib/vnstat";
serviceConfig = {
ExecStart = "${pkgs.vnstat}/bin/vnstatd -n";
ExecReload = "${pkgs.procps}/bin/kill -HUP $MAINPID";
ProtectHome = true;
# Hardening (from upstream example service)
ProtectSystem = "strict";
StateDirectory = "vnstat";
PrivateDevices = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectKernelModules = true;
PrivateTmp = true;
MemoryDenyWriteExecute = true;
RestrictRealtime = true;
RestrictNamespaces = true;
User = "vnstatd";
};
};

20
nixos/modules/services/security/fprintd.nix
Unescape View File

@ -26,28 +26,20 @@ in
};
};
};
###### implementation
config = mkIf cfg.enable {
services.dbus.packages = [ pkgs.fprintd ];
environment.systemPackages = [ pkgs.fprintd ];
systemd.services.fprintd = {
description = "Fingerprint Authentication Daemon";
serviceConfig = {
Type = "dbus";
BusName = "net.reactivated.Fprint";
ExecStart = "${pkgs.fprintd}/libexec/fprintd";
};
};
systemd.packages = [ pkgs.fprintd ];
};
}

5
nixos/modules/services/x11/display-managers/lightdm.nix
Unescape View File

@ -189,6 +189,11 @@ in
config = mkIf cfg.enable {
assertions = [
{ assertion = xcfg.enable;
message = ''
LightDM requires services.xserver.enable to be true
'';
}
{ assertion = cfg.autoLogin.enable -> cfg.autoLogin.user != null;
message = ''
LightDM auto-login requires services.xserver.displayManager.lightdm.autoLogin.user to be set

9
nixos/modules/services/x11/display-managers/sddm.nix
Unescape View File

@ -195,6 +195,11 @@ in
config = mkIf cfg.enable {
assertions = [
{ assertion = xcfg.enable;
message = ''
SDDM requires services.xserver.enable to be true
'';
}
{ assertion = cfg.autoLogin.enable -> cfg.autoLogin.user != null;
message = ''
SDDM auto-login requires services.xserver.displayManager.sddm.autoLogin.user to be set
@ -264,8 +269,8 @@ in
};
environment.etc."sddm.conf".source = cfgFile;
environment.pathsToLink = [
"/share/sddm"
environment.pathsToLink = [
"/share/sddm"
];
users.groups.sddm.gid = config.ids.gids.sddm;

314
nixos/modules/system/boot/binfmt.nix
Unescape View File

@ -1,8 +1,8 @@
{ config, lib, ... }:
{ config, lib, pkgs, ... }:
let
inherit (lib) mkOption types optionalString;
cfg = config.boot.binfmtMiscRegistrations;
cfg = config.boot.binfmt;
makeBinfmtLine = name: { recognitionType, offset, magicOrExtension
, mask, preserveArgvZero, openBinary
@ -13,125 +13,249 @@ let
mask' = toString mask;
interpreter = "/run/binfmt/${name}";
flags = if !(matchCredentials -> openBinary)
then throw "boot.binfmtMiscRegistrations.${name}: you can't specify openBinary = false when matchCredentials = true."
then throw "boot.binfmt.registrations.${name}: you can't specify openBinary = false when matchCredentials = true."
else optionalString preserveArgvZero "P" +
optionalString (openBinary && !matchCredentials) "O" +
optionalString matchCredentials "C" +
optionalString fixBinary "F";
in ":${name}:${type}:${offset'}:${magicOrExtension}:${mask'}:${interpreter}:${flags}";
binfmtFile = builtins.toFile "binfmt_nixos.conf"
(lib.concatStringsSep "\n" (lib.mapAttrsToList makeBinfmtLine cfg));
activationSnippet = name: { interpreter, ... }:
"ln -sf ${interpreter} /run/binfmt/${name}";
activationScript = ''
mkdir -p -m 0755 /run/binfmt
${lib.concatStringsSep "\n" (lib.mapAttrsToList activationSnippet cfg)}
'';
getEmulator = system: (lib.systems.elaborate { inherit system; }).emulator pkgs;
# Mapping of systems to “magicOrExtension” and “mask”. Mostly taken from:
# - https://github.com/cleverca22/nixos-configs/blob/master/qemu.nix
# and
# - https://github.com/qemu/qemu/blob/master/scripts/qemu-binfmt-conf.sh
# TODO: maybe put these in a JSON file?
magics = {
armv6l-linux = {
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
};
armv7l-linux = {
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
};
aarch64-linux = {
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
};
aarch64_be-linux = {
magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
};
i386-linux = {
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
i486-linux = {
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
i586-linux = {
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
i686-linux = {
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
x86_64-linux = {
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
alpha-linux = {
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
sparc64-linux = {
magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
};
sparc-linux = {
magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x12'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
};
powerpc-linux = {
magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
};
powerpc64-linux = {
magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x15'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
};
powerpc64le-linux = {
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x15\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\x00'';
};
mips-linux = {
magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
};
mipsel-linux = {
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
mips64-linux = {
magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
};
mips64el-linux = {
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
riscv32-linux = {
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
riscv64-linux = {
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'';
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
};
x86_64-windows = {
magicOrExtension = ".exe";
recognitionType = "extension";
};
i686-windows = {
magicOrExtension = ".exe";
recognitionType = "extension";
};
};
in {
options = {
boot.binfmtMiscRegistrations = mkOption {
default = {};
description = ''
Extra binary formats to register with the kernel.
See https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details.
'';
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
recognitionType = mkOption {
default = "magic";
description = "Whether to recognize executables by magic number or extension.";
type = types.enum [ "magic" "extension" ];
};
boot.binfmt = {
registrations = mkOption {
default = {};
offset = mkOption {
default = null;
description = "The byte offset of the magic number used for recognition.";
type = types.nullOr types.int;
};
description = ''
Extra binary formats to register with the kernel.
See https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details.
'';
magicOrExtension = mkOption {
description = "The magic number or extension to match on.";
type = types.str;
};
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
recognitionType = mkOption {
default = "magic";
description = "Whether to recognize executables by magic number or extension.";
type = types.enum [ "magic" "extension" ];
};
mask = mkOption {
default = null;
description =
"A mask to be ANDed with the byte sequence of the file before matching";
type = types.nullOr types.str;
};
offset = mkOption {
default = null;
description = "The byte offset of the magic number used for recognition.";
type = types.nullOr types.int;
};
interpreter = mkOption {
description = ''
The interpreter to invoke to run the program.
magicOrExtension = mkOption {
description = "The magic number or extension to match on.";
type = types.str;
};
Note that the actual registration will point to
/run/binfmt/''${name}, so the kernel interpreter length
limit doesn't apply.
'';
type = types.path;
};
mask = mkOption {
default = null;
description =
"A mask to be ANDed with the byte sequence of the file before matching";
type = types.nullOr types.str;
};
preserveArgvZero = mkOption {
default = false;
description = ''
Whether to pass the original argv[0] to the interpreter.
interpreter = mkOption {
description = ''
The interpreter to invoke to run the program.
See the description of the 'P' flag in the kernel docs
for more details;
'';
type = types.bool;
};
Note that the actual registration will point to
/run/binfmt/''${name}, so the kernel interpreter length
limit doesn't apply.
'';
type = types.path;
};
openBinary = mkOption {
default = config.matchCredentials;
description = ''
Whether to pass the binary to the interpreter as an open
file descriptor, instead of a path.
'';
type = types.bool;
};
preserveArgvZero = mkOption {
default = false;
description = ''
Whether to pass the original argv[0] to the interpreter.
matchCredentials = mkOption {
default = false;
description = ''
Whether to launch with the credentials and security
token of the binary, not the interpreter (e.g. setuid
bit).
See the description of the 'P' flag in the kernel docs
for more details;
'';
type = types.bool;
};
See the description of the 'C' flag in the kernel docs
for more details.
openBinary = mkOption {
default = config.matchCredentials;
description = ''
Whether to pass the binary to the interpreter as an open
file descriptor, instead of a path.
'';
type = types.bool;
};
Implies/requires openBinary = true.
'';
type = types.bool;
};
matchCredentials = mkOption {
default = false;
description = ''
Whether to launch with the credentials and security
token of the binary, not the interpreter (e.g. setuid
bit).
fixBinary = mkOption {
default = false;
description = ''
Whether to open the interpreter file as soon as the
registration is loaded, rather than waiting for a
relevant file to be invoked.
See the description of the 'F' flag in the kernel docs
for more details.
'';
type = types.bool;
See the description of the 'C' flag in the kernel docs
for more details.
Implies/requires openBinary = true.
'';
type = types.bool;
};
fixBinary = mkOption {
default = false;
description = ''
Whether to open the interpreter file as soon as the
registration is loaded, rather than waiting for a
relevant file to be invoked.
See the description of the 'F' flag in the kernel docs
for more details.
'';
type = types.bool;
};
};
};
}));
}));
};
emulatedSystems = mkOption {
default = [];
description = ''
List of systems to emulate. Will also configure Nix to
support your new systems.
'';
type = types.listOf types.string;
};
};
};
config = lib.mkIf (cfg != {}) {
environment.etc."binfmt.d/nixos.conf".source = binfmtFile;
system.activationScripts.binfmt = activationScript;
systemd.additionalUpstreamSystemUnits =
config = {
boot.binfmt.registrations = builtins.listToAttrs (map (system: {
name = system;
value = {
interpreter = getEmulator system;
} // (magics.${system} or (throw "Cannot create binfmt registration for system ${system}"));
}) cfg.emulatedSystems);
# TODO: add a nix.extraPlatforms option to NixOS!
nix.extraOptions = lib.mkIf (cfg.emulatedSystems != []) ''
extra-platforms = ${toString (cfg.emulatedSystems ++ lib.optional pkgs.stdenv.hostPlatform.isx86_64 "i686-linux")}
'';
nix.sandboxPaths = lib.mkIf (cfg.emulatedSystems != [])
([ "/run/binfmt" ] ++ (map (system: dirOf (dirOf (getEmulator system))) cfg.emulatedSystems));
environment.etc."binfmt.d/nixos.conf".source = builtins.toFile "binfmt_nixos.conf"
(lib.concatStringsSep "\n" (lib.mapAttrsToList makeBinfmtLine config.boot.binfmt.registrations));
system.activationScripts.binfmt = ''
mkdir -p -m 0755 /run/binfmt
${lib.concatStringsSep "\n" (lib.mapAttrsToList activationSnippet config.boot.binfmt.registrations)}
'';
systemd.additionalUpstreamSystemUnits = lib.mkIf (config.boot.binfmt.registrations != {})
[ "proc-sys-fs-binfmt_misc.automount"
"proc-sys-fs-binfmt_misc.mount"
];

3
nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
Unescape View File

@ -62,8 +62,7 @@ in {
description = ''
The resolution of the console. The following values are valid:
</para>
<para>
<itemizedlist>
<listitem><para>
<literal>"0"</literal>: Standard UEFI 80x25 mode

175
nixos/modules/system/boot/luksroot.nix
Unescape View File

@ -76,6 +76,33 @@ let
fi
return 0
}
wait_gpgcard() {
local secs="''${1:-10}"
gpg --card-status > /dev/null 2> /dev/null
if [ $? != 0 ]; then
echo -n "Waiting $secs seconds for GPG Card to appear"
local success=false
for try in $(seq $secs); do
echo -n .
sleep 1
gpg --card-status > /dev/null 2> /dev/null
if [ $? == 0 ]; then
success=true
break
fi
done
if [ $success == true ]; then
echo " - success";
return 0
else
echo " - failure";
return 1
fi
fi
return 0
}
'';
preCommands = ''
@ -93,6 +120,13 @@ let
# For Yubikey salt storage
mkdir -p /crypt-storage
${optionalString luks.gpgSupport ''
export GPG_TTY=$(tty)
export GNUPGHOME=/crypt-ramfs/.gnupg
gpg-agent --daemon --scdaemon-program $out/bin/scdaemon > /dev/null 2> /dev/null
''}
# Disable all input echo for the whole stage. We could use read -s
# instead but that would ocasionally leak characters between read
# invocations.
@ -105,7 +139,7 @@ let
umount /crypt-ramfs 2>/dev/null
'';
openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, fallbackToPassword, ... }: assert name' == name;
openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, gpgCard, fallbackToPassword, ... }: assert name' == name;
let
csopen = "cryptsetup luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} ${optionalString (header != null) "--header=${header}"}";
cschange = "cryptsetup luksChangeKey ${device} ${optionalString (header != null) "--header=${header}"}";
@ -182,7 +216,7 @@ let
''}
}
${if luks.yubikeySupport && (yubikey != null) then ''
${optionalString (luks.yubikeySupport && (yubikey != null)) ''
# Yubikey
rbtohex() {
( od -An -vtx1 | tr -d ' \n' )
@ -278,7 +312,7 @@ let
umount /crypt-storage
}
open_yubikey() {
open_with_hardware() {
if wait_yubikey ${toString yubikey.gracePeriod}; then
do_open_yubikey
else
@ -286,8 +320,75 @@ let
open_normally
fi
}
''}
open_yubikey
${optionalString (luks.gpgSupport && (gpgCard != null)) ''
do_open_gpg_card() {
# Make all of these local to this function
# to prevent their values being leaked
local pin
local opened
gpg --import /gpg-keys/${device}/pubkey.asc > /dev/null 2> /dev/null
gpg --card-status > /dev/null 2> /dev/null
for try in $(seq 3); do
echo -n "PIN for GPG Card associated with device ${device}: "
pin=
while true; do
if [ -e /crypt-ramfs/passphrase ]; then
echo "reused"
pin=$(cat /crypt-ramfs/passphrase)
break
else
# and try reading it from /dev/console with a timeout
IFS= read -t 1 -r pin
if [ -n "$pin" ]; then
${if luks.reusePassphrases then ''
# remember it for the next device
echo -n "$pin" > /crypt-ramfs/passphrase
'' else ''
# Don't save it to ramfs. We are very paranoid
''}
echo
break
fi
fi
done
echo -n "Verifying passphrase for ${device}..."
echo -n "$pin" | gpg -q --batch --passphrase-fd 0 --pinentry-mode loopback -d /gpg-keys/${device}/cryptkey.gpg 2> /dev/null | ${csopen} --key-file=- > /dev/null 2> /dev/null
if [ $? == 0 ]; then
echo " - success"
${if luks.reusePassphrases then ''
# we don't rm here because we might reuse it for the next device
'' else ''
rm -f /crypt-ramfs/passphrase
''}
break
else
echo " - failure"
# ask for a different one
rm -f /crypt-ramfs/passphrase
fi
done
[ "$opened" == false ] && die "Maximum authentication errors reached"
}
open_with_hardware() {
if wait_gpgcard ${toString gpgCard.gracePeriod}; then
do_open_gpg_card
else
echo "No GPG Card found, falling back to normal open procedure"
open_normally
fi
}
''}
${if (luks.yubikeySupport && (yubikey != null)) || (luks.gpgSupport && (gpgCard != null)) then ''
open_with_hardware
'' else ''
open_normally
''}
@ -473,6 +574,36 @@ in
'';
};
gpgCard = mkOption {
default = null;
description = ''
The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard.
If null (the default), GPG-Smartcard will be disabled for this device.
'';
type = with types; nullOr (submodule {
options = {
gracePeriod = mkOption {
default = 10;
type = types.int;
description = "Time in seconds to wait for the GPG Smartcard.";
};
encryptedPass = mkOption {
default = "";
type = types.path;
description = "Path to the GPG encrypted passphrase.";
};
publicKey = mkOption {
default = "";
type = types.path;
description = "Path to the Public Key.";
};
};
});
};
yubikey = mkOption {
default = null;
description = ''
@ -554,6 +685,14 @@ in
}));
};
boot.initrd.luks.gpgSupport = mkOption {
default = false;
type = types.bool;
description = ''
Enables support for authenticating with a GPG encrypted password.
'';
};
boot.initrd.luks.yubikeySupport = mkOption {
default = false;
type = types.bool;
@ -567,6 +706,12 @@ in
config = mkIf (luks.devices != {} || luks.forceLuksSupportInInitrd) {
assertions =
[ { assertion = !(luks.gpgSupport && luks.yubikeySupport);
message = "Yubikey and GPG Card may not be used at the same time.";
}
];
# actually, sbp2 driver is the one enabling the DMA attack, but this needs to be tested
boot.blacklistedKernelModules = optionals luks.mitigateDMAAttacks
["firewire_ohci" "firewire_core" "firewire_sbp2"];
@ -603,6 +748,23 @@ in
EOF
chmod +x $out/bin/openssl-wrap
''}
${optionalString luks.gpgSupport ''
copy_bin_and_libs ${pkgs.gnupg}/bin/gpg
copy_bin_and_libs ${pkgs.gnupg}/bin/gpg-agent
copy_bin_and_libs ${pkgs.gnupg}/libexec/scdaemon
${concatMapStringsSep "\n" (x:
if x.gpgCard != null then
''
mkdir -p $out/secrets/gpg-keys/${x.device}
cp -a ${x.gpgCard.encryptedPass} $out/secrets/gpg-keys/${x.device}/cryptkey.gpg
cp -a ${x.gpgCard.publicKey} $out/secrets/gpg-keys/${x.device}/pubkey.asc
''
else ""
) (attrValues luks.devices)
}
''}
'';
boot.initrd.extraUtilsCommandsTest = ''
@ -612,6 +774,11 @@ in
$out/bin/ykinfo -V
$out/bin/openssl-wrap version
''}
${optionalString luks.gpgSupport ''
$out/bin/gpg --version
$out/bin/gpg-agent --version
$out/bin/scdaemon --version
''}
'';
boot.initrd.preFailCommands = postCommands;

5
nixos/modules/system/boot/resolved.nix
Unescape View File

@ -35,7 +35,7 @@ in
when resolving single-label host names (domain names which
contain no dot), in order to qualify them into fully-qualified
domain names (FQDNs).
</para><para>
For compatibility reasons, if this setting is not specified,
the search domains listed in
<filename>/etc/resolv.conf</filename> are used instead, if
@ -50,8 +50,9 @@ in
description = ''
Controls Link-Local Multicast Name Resolution support
(RFC 4795) on the local host.
</para><para>
If set to
<variablelist>
<varlistentry>
<term><literal>"true"</literal></term>

13
nixos/modules/virtualisation/docker-containers.nix
Unescape View File

@ -65,10 +65,9 @@ let
default = [];
description = ''
Network ports to publish from the container to the outer host.
</para>
<para>
Valid formats:
</para>
<itemizedlist>
<listitem>
<para>
@ -91,21 +90,19 @@ let
</para>
</listitem>
</itemizedlist>
<para>
Both <literal>hostPort</literal> and
<literal>containerPort</literal> can be specified as a range of
ports. When specifying ranges for both, the number of container
ports in the range must match the number of host ports in the
range. Example: <literal>1234-1236:1234-1236/tcp</literal>
</para>
<para>
When specifying a range for <literal>hostPort</literal> only, the
<literal>containerPort</literal> must <emphasis>not</emphasis> be a
range. In this case, the container port is published somewhere
within the specified <literal>hostPort</literal> range. Example:
<literal>1234-1236:1234/tcp</literal>
</para>
<para>
Refer to the
<link xlink:href="https://docs.docker.com/engine/reference/run/#expose-incoming-ports">
Docker engine documentation</link> for full details.

2
nixos/modules/virtualisation/virtualbox-host.nix
Unescape View File

@ -104,7 +104,7 @@ in
"VBoxNetNAT"
"VBoxSDL"
"VBoxVolInfo"
"VirtualBox"
"VirtualBoxVM"
]));
users.groups.vboxusers.gid = config.ids.gids.vboxusers;

1
nixos/tests/all-tests.nix
Unescape View File

@ -189,6 +189,7 @@ in
pam-oath-login = handleTest ./pam-oath-login.nix {};
pam-u2f = handleTest ./pam-u2f.nix {};
pantheon = handleTest ./pantheon.nix {};
paperless = handleTest ./paperless.nix {};
peerflix = handleTest ./peerflix.nix {};
pgjwt = handleTest ./pgjwt.nix {};
pgmanage = handleTest ./pgmanage.nix {};

7
nixos/tests/docker-tools.nix
Unescape View File

@ -67,5 +67,12 @@ import ./make-test.nix ({ pkgs, ... }: {
# Ensure building an image on top of a layered Docker images work
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.layered-on-top}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layered-on-top.imageName}");
# Ensure order of layers is correct
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.layersOrder}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layersOrder.imageName} cat /tmp/layer1 | grep -q layer1");
# This is to be sure the order of layers of the parent image is preserved
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layersOrder.imageName} cat /tmp/layer2 | grep -q layer2");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layersOrder.imageName} cat /tmp/layer3 | grep -q layer3");
'';
})

61
nixos/tests/elk.nix
Unescape View File

@ -12,6 +12,11 @@ with pkgs.lib;
let
esUrl = "http://localhost:9200";
totalHits = message :
"curl --silent --show-error '${esUrl}/_search' -H 'Content-Type: application/json' " +
''-d '{\"query\" : { \"match\" : { \"message\" : \"${message}\"}}}' '' +
"| jq .hits.total";
mkElkTest = name : elk :
let elasticsearchGe7 = builtins.compareVersions elk.elasticsearch.version "7" >= 0;
in makeTest {
@ -21,7 +26,7 @@ let
};
nodes = {
one =
{ pkgs, ... }: {
{ pkgs, lib, ... }: {
# Not giving the machine at least 2060MB results in elasticsearch failing with the following error:
#
# OpenJDK 64-Bit Server VM warning:
@ -40,6 +45,26 @@ let
environment.systemPackages = [ pkgs.jq ];
services = {
journalbeat = let lt6 = builtins.compareVersions
elk.journalbeat.version "6" < 0; in {
enable = true;
package = elk.journalbeat;
extraConfig = mkOptionDefault (''
logging:
to_syslog: true
level: warning
metrics.enabled: false
output.elasticsearch:
hosts: [ "127.0.0.1:9200" ]
${optionalString lt6 "template.enabled: false"}
'' + optionalString (!lt6) ''
journalbeat.inputs:
- paths: []
seek: cursor
'');
};
logstash = {
enable = true;
package = elk.logstash;
@ -107,14 +132,19 @@ let
testScript = ''
startAll;
# Wait until elasticsearch is listening for connections.
$one->waitForUnit("elasticsearch.service");
$one->waitForOpenPort(9200);
# Continue as long as the status is not "red". The status is probably
# "yellow" instead of "green" because we are using a single elasticsearch
# node which elasticsearch considers risky.
#
# TODO: extend this test with multiple elasticsearch nodes and see if the status turns "green".
$one->waitUntilSucceeds("curl --silent --show-error '${esUrl}/_cluster/health' | jq .status | grep -v red");
# TODO: extend this test with multiple elasticsearch nodes
# and see if the status turns "green".
$one->waitUntilSucceeds(
"curl --silent --show-error '${esUrl}/_cluster/health' " .
"| jq .status | grep -v red");
# Perform some simple logstash tests.
$one->waitForUnit("logstash.service");
@ -123,16 +153,28 @@ let
# See if kibana is healthy.
$one->waitForUnit("kibana.service");
$one->waitUntilSucceeds("curl --silent --show-error 'http://localhost:5601/api/status' | jq .status.overall.state | grep green");
$one->waitUntilSucceeds(
"curl --silent --show-error 'http://localhost:5601/api/status' " .
"| jq .status.overall.state | grep green");
# See if logstash messages arive in elasticsearch.
$one->waitUntilSucceeds("curl --silent --show-error '${esUrl}/_search' -H 'Content-Type: application/json' -d '{\"query\" : { \"match\" : { \"message\" : \"flowers\"}}}' | jq .hits.total | grep -v 0");
$one->waitUntilSucceeds("curl --silent --show-error '${esUrl}/_search' -H 'Content-Type: application/json' -d '{\"query\" : { \"match\" : { \"message\" : \"dragons\"}}}' | jq .hits.total | grep 0");
$one->waitUntilSucceeds("${totalHits "flowers"} | grep -v 0");
$one->waitUntilSucceeds("${totalHits "dragons"} | grep 0");
# Test if a message logged to the journal
# is ingested by elasticsearch via journalbeat.
$one->waitForUnit("journalbeat.service");
$one->execute("echo 'Supercalifragilisticexpialidocious' | systemd-cat");
$one->waitUntilSucceeds(
"${totalHits "Supercalifragilisticexpialidocious"} | grep -v 0");
'' + optionalString (!elasticsearchGe7) ''
# Test elasticsearch-curator.
$one->systemctl("stop logstash");
$one->systemctl("start elasticsearch-curator");
$one->waitUntilSucceeds("! curl --silent --show-error '${esUrl}/_cat/indices' | grep logstash | grep -q ^$1");
$one->waitUntilSucceeds(
"! curl --silent --show-error '${esUrl}/_cat/indices' " .
"| grep logstash | grep -q ^$1");
'';
};
in mapAttrs mkElkTest {
@ -140,6 +182,7 @@ in mapAttrs mkElkTest {
elasticsearch = pkgs.elasticsearch5;
logstash = pkgs.logstash5;
kibana = pkgs.kibana5;
journalbeat = pkgs.journalbeat5;
};
"ELK-6" =
if enableUnfree
@ -147,11 +190,13 @@ in mapAttrs mkElkTest {
elasticsearch = pkgs.elasticsearch6;
logstash = pkgs.logstash6;
kibana = pkgs.kibana6;
journalbeat = pkgs.journalbeat6;
}
else {
elasticsearch = pkgs.elasticsearch6-oss;
logstash = pkgs.logstash6-oss;
kibana = pkgs.kibana6-oss;
journalbeat = pkgs.journalbeat6;
};
"ELK-7" =
if enableUnfree
@ -159,10 +204,12 @@ in mapAttrs mkElkTest {
elasticsearch = pkgs.elasticsearch7;
logstash = pkgs.logstash7;
kibana = pkgs.kibana7;
journalbeat = pkgs.journalbeat7;
}
else {
elasticsearch = pkgs.elasticsearch7-oss;
logstash = pkgs.logstash7-oss;
kibana = pkgs.kibana7-oss;
journalbeat = pkgs.journalbeat7;
};
}

2
nixos/tests/gitea.nix
Unescape View File

@ -9,7 +9,7 @@ with pkgs.lib;
{
mysql = makeTest {
name = "gitea-mysql";
meta.maintainers = [ maintainers.aanderse ];
meta.maintainers = with maintainers; [ aanderse kolaente ];
machine =
{ config, pkgs, ... }:

37
nixos/tests/hardened.nix
Unescape View File

@ -27,9 +27,33 @@ import ./make-test.nix ({ pkgs, ...} : {
};
testScript =
let
hardened-malloc-tests = pkgs.stdenv.mkDerivation rec {
name = "hardened-malloc-tests-${pkgs.graphene-hardened-malloc.version}";
src = pkgs.graphene-hardened-malloc.src;
buildPhase = ''
cd test/simple-memory-corruption
make -j4
'';
installPhase = ''
find . -type f -executable -exec install -Dt $out/bin '{}' +
'';
};
in
''
$machine->waitForUnit("multi-user.target");
subtest "apparmor-loaded", sub {
$machine->succeed("systemctl status apparmor.service");
};
# AppArmor securityfs
subtest "apparmor-securityfs", sub {
$machine->succeed("mountpoint -q /sys/kernel/security");
$machine->succeed("cat /sys/kernel/security/apparmor/profiles");
};
# Test loading out-of-tree modules
subtest "extra-module-packages", sub {
$machine->succeed("grep -Fq wireguard /proc/modules");
@ -83,5 +107,18 @@ import ./make-test.nix ({ pkgs, ...} : {
$machine->fail("systemctl hibernate");
$machine->fail("systemctl kexec");
};
# Test hardened memory allocator
sub runMallocTestProg {
my ($progName, $errorText) = @_;
my $text = "fatal allocator error: " . $errorText;
$machine->fail("${hardened-malloc-tests}/bin/" . $progName) =~ $text;
};
subtest "hardenedmalloc", sub {
runMallocTestProg("double_free_large", "invalid free");
runMallocTestProg("unaligned_free_small", "invalid unaligned free");
runMallocTestProg("write_after_free_small", "detected write after free");
};
'';
})

29
nixos/tests/paperless.nix
Unescape View File

@ -0,0 +1,29 @@
import ./make-test.nix ({ lib, ... } : {
name = "paperless";
meta = with lib.maintainers; {
maintainers = [ earvstedt ];
};
machine = { pkgs, ... }: {
environment.systemPackages = with pkgs; [ imagemagick jq ];
services.paperless = {
enable = true;
ocrLanguages = [ "eng" ];
};
};
testScript = ''
$machine->waitForUnit("paperless-consumer.service");
# Create test doc
$machine->succeed('convert -size 400x40 xc:white -font "DejaVu-Sans" -pointsize 20 -fill black \
-annotate +5+20 "hello world 16-10-2005" /var/lib/paperless/consume/doc.png');
$machine->waitForUnit("paperless-server.service");
# Wait until server accepts connections
$machine->waitUntilSucceeds("curl -s localhost:28981");
# Wait until document is consumed
$machine->waitUntilSucceeds('(($(curl -s localhost:28981/api/documents/ | jq .count) == 1))');
$machine->succeed("curl -s localhost:28981/api/documents/ | jq '.results | .[0] | .created'")
=~ /2005-10-16/ or die;
'';
})

42
nixos/tests/virtualbox.nix
Unescape View File

@ -2,9 +2,26 @@
config ? {},
pkgs ? import ../.. { inherit system config; },
debug ? false,
enableUnfree ? false
enableUnfree ? false,
# Nested KVM virtualization (https://www.linux-kvm.org/page/Nested_Guests)
# requires a modprobe flag on the build machine: (kvm-amd for AMD CPUs)
# boot.extraModprobeConfig = "options kvm-intel nested=Y";
# Without this VirtualBox will use SW virtualization and will only be able
# to run 32-bit guests.
useKvmNestedVirt ? false,
# Whether to run 64-bit guests instead of 32-bit. Requires nested KVM.
use64bitGuest ? false,
# Whether to enable the virtual UART in VirtualBox guests, allowing to see
# the guest console. There is currently a bug in VirtualBox where this will
# cause a crash if running with SW virtualization
# (https://www.virtualbox.org/ticket/18632). If you need to debug the tests
# then enable this and nested KVM to work around the crash (see above).
enableVBoxUART ? false
}:
assert use64bitGuest -> useKvmNestedVirt;
assert enableVBoxUART -> useKvmNestedVirt; # VirtualBox bug, see above
with import ../lib/testing.nix { inherit system pkgs; };
with pkgs.lib;
@ -94,7 +111,7 @@ let
testVM = vmName: vmScript: let
cfg = (import ../lib/eval-config.nix {
system = "i686-linux";
system = if use64bitGuest then "x86_64-linux" else "i686-linux";
modules = [
../modules/profiles/minimal.nix
(testVMConfig vmName vmScript)
@ -141,13 +158,15 @@ let
sharePath = "/home/alice/vboxshare-${name}";
createFlags = mkFlags [
"--ostype Linux26"
"--ostype ${if use64bitGuest then "Linux26_64" else "Linux26"}"
"--register"
];
vmFlags = mkFlags ([
"--uart1 0x3F8 4"
"--uartmode1 client /run/virtualbox-log-${name}.sock"
vmFlags = mkFlags (
(optionals enableVBoxUART [
"--uart1 0x3F8 4"
"--uartmode1 client /run/virtualbox-log-${name}.sock"
]) ++ [
"--memory 768"
"--audio none"
] ++ (attrs.vmFlags or []));
@ -180,7 +199,7 @@ let
];
in {
machine = {
systemd.sockets."vboxtestlog-${name}" = {
systemd.sockets."vboxtestlog-${name}" = mkIf enableVBoxUART {
description = "VirtualBox Test Machine Log Socket For ${name}";
wantedBy = [ "sockets.target" ];
before = [ "multi-user.target" ];
@ -188,7 +207,7 @@ let
socketConfig.Accept = true;
};
systemd.services."vboxtestlog-${name}@" = {
systemd.services."vboxtestlog-${name}@" = mkIf enableVBoxUART {
description = "VirtualBox Test Machine Log For ${name}";
serviceConfig.StandardInput = "socket";
serviceConfig.StandardOutput = "syslog";
@ -346,6 +365,8 @@ let
vmConfigs = mapAttrsToList mkVMConf vms;
in [ ./common/user-account.nix ./common/x11.nix ] ++ vmConfigs;
virtualisation.memorySize = 2048;
virtualisation.qemu.options =
if useKvmNestedVirt then ["-cpu" "kvm64,vmx=on"] else [];
virtualisation.virtualbox.host.enable = true;
services.xserver.displayManager.auto.user = "alice";
users.users.alice.extraGroups = let
@ -412,9 +433,14 @@ in mapAttrs (mkVBoxTest false vboxVMs) {
);
$machine->sleep(5);
$machine->screenshot("gui_manager_started");
# Home to select Tools, down to move to the VM, enter to start it.
$machine->sendKeys("home");
$machine->sendKeys("down");
$machine->sendKeys("ret");
$machine->screenshot("gui_manager_sent_startup");
waitForStartup_simple (sub {
$machine->sendKeys("home");
$machine->sendKeys("down");
$machine->sendKeys("ret");
});
$machine->screenshot("gui_started");

36
nixos/tests/xss-lock.nix
Unescape View File

@ -6,19 +6,35 @@ with lib;
name = "xss-lock";
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ ma27 ];
machine = {
imports = [ ./common/x11.nix ./common/user-account.nix ];
programs.xss-lock.enable = true;
services.xserver.displayManager.auto.user = "alice";
nodes = {
simple = {
imports = [ ./common/x11.nix ./common/user-account.nix ];
programs.xss-lock.enable = true;
services.xserver.displayManager.auto.user = "alice";
};
custom_lockcmd = { pkgs, ... }: {
imports = [ ./common/x11.nix ./common/user-account.nix ];
services.xserver.displayManager.auto.user = "alice";
programs.xss-lock = {
enable = true;
extraOptions = [ "-n" "${pkgs.libnotify}/bin/notify-send 'About to sleep!'"];
lockerCommand = "${pkgs.xlockmore}/bin/xlock -mode ant";
};
};
};
testScript = ''
$machine->start;
$machine->waitForX;
$machine->waitForUnit("xss-lock.service", "alice");
startAll;
$machine->fail("pgrep xlock");
$machine->succeed("su -l alice -c 'xset dpms force standby'");
$machine->waitUntilSucceeds("pgrep i3lock");
${concatStringsSep "\n" (mapAttrsToList (name: lockCmd: ''
${"$"+name}->start;
${"$"+name}->waitForX;
${"$"+name}->waitForUnit("xss-lock.service", "alice");
${"$"+name}->fail("pgrep ${lockCmd}");
${"$"+name}->succeed("su -l alice -c 'xset dpms force standby'");
${"$"+name}->waitUntilSucceeds("pgrep ${lockCmd}");
'') { simple = "i3lock"; custom_lockcmd = "xlock"; })}
'';
})

40
pkgs/applications/audio/freewheeling/am_path_sdl.patch
Unescape View File

@ -1,40 +0,0 @@
--- code-r100/configure.ac 2014-09-25 23:44:41.059174904 +0200
+++ code-r100.new/configure.ac 2014-09-26 01:37:18.507017390 +0200
@@ -44,6 +44,8 @@
[AC_MSG_ERROR(CONFIG: You need libxml2-dev installed.
http://www.xmlsoft.org/)])
+PKG_CHECK_MODULES([libxml], [libxml-2.0])
+
AC_CHECK_LIB([m], [sqrt], , [AC_MSG_ERROR(CORE: You need libm installed)])
AC_CHECK_LIB([pthread], [pthread_self], , [AC_MSG_ERROR(CORE: You need libpthread installed)])
@@ -79,12 +81,12 @@
echo "--- Enabling USB LCD display --";
fi
-#SDL_VERSION=1.2.4
-#AM_PATH_SDL($SDL_VERSION,
-# :,
-# AC_MSG_ERROR([VIDEO: *** SDL version $SDL_VERSION not found!
-# http://www.libsdl.org/])
-#)
+SDL_VERSION=1.2.4
+AM_PATH_SDL($SDL_VERSION,
+ :,
+ AC_MSG_ERROR([VIDEO: *** SDL version $SDL_VERSION not found!
+ http://www.libsdl.org/])
+)
AC_CHECK_LIB([vorbis], [main], ,
[AC_MSG_ERROR(AUDIO: You need libvorbis-dev installed.
@@ -95,6 +97,9 @@
AC_CHECK_LIB([vorbisenc], [main], ,
[AC_MSG_ERROR(AUDIO: You need libvorbis-dev installed.
http://www.xiph.org/ogg/vorbis/)])
+AC_CHECK_LIB([ogg], [main], ,
+ [AC_MSG_ERROR(AUDIO: You need libogg-dev installed.
+ http://www.xiph.org/ogg/)])
AC_CHECK_LIB([sndfile], [main], ,
[AC_MSG_ERROR(AUDIO: you need libsndfile installed.

13
pkgs/applications/audio/freewheeling/xml.patch
Unescape View File

@ -1,13 +0,0 @@
--- code-r100/src/Makefile.am 2014-09-25 23:44:41.043174832 +0200
+++ code-r100.new/src/Makefile.am 2014-09-26 01:21:03.750015888 +0200
@@ -24,7 +24,8 @@
fweelindir = $(datadir)/fweelin
-FWEELIN_CFLAGS = -I. -g -Wall -Wno-write-strings -Wno-non-virtual-dtor -D_REENTRANT -DPTHREADS -DNDEBUG -DVERSION=\"$(VERSION)\" -DFWEELIN_DATADIR=\"$(fweelindir)\" -DADDON_DIR=\"/usr/local/lib/jack\" -I/usr/include/freetype2 -I/usr/include/libxml2 -funroll-loops -finline-functions -fomit-frame-pointer -ffast-math -fexpensive-optimizations -fstrict-aliasing -falign-loops=2 -falign-jumps=2 -falign-functions=2 -O9
+XML_CFLAGS = `xml2-config --cflags`
+FWEELIN_CFLAGS = -I. -g -Wall -Wno-write-strings -Wno-non-virtual-dtor -D_REENTRANT -DPTHREADS -DNDEBUG -DVERSION=\"$(VERSION)\" -DFWEELIN_DATADIR=\"$(fweelindir)\" -DADDON_DIR=\"/usr/local/lib/jack\" -I/usr/include/freetype2 $(XML_CFLAGS) -funroll-loops -finline-functions -fomit-frame-pointer -ffast-math -fexpensive-optimizations -fstrict-aliasing -falign-loops=2 -falign-jumps=2 -falign-functions=2 -O9
AM_CFLAGS = $(CFLAGS) $(FWEELIN_CFLAGS)
-AM_CXXFLAGS = $(CFLAGS) $(CXXFLAGS) $(FWEELIN_CFLAGS)
+AM_CXXFLAGS = $(CFLAGS) $(CXXFLAGS) $(FWEELIN_CFLAGS) ${libxml2_CFLAGS}

4
pkgs/applications/audio/mopidy/iris.nix
Unescape View File

@ -2,11 +2,11 @@
pythonPackages.buildPythonApplication rec {
pname = "Mopidy-Iris";
version = "3.37.0";
version = "3.37.1";
src = pythonPackages.fetchPypi {
inherit pname version;
sha256 = "1fy802jx3817ldrm3g5inrfjbi7s8xcx96pnglbq54nvp41lzyh5";
sha256 = "0qcg456k7av0anymmmnlcn0v4642gbgk0nhic6w9bg9v5m0nj9ll";
};
propagatedBuildInputs = [

8
pkgs/applications/audio/qmmp/default.nix
Unescape View File

@ -29,17 +29,17 @@
# handle that.
stdenv.mkDerivation rec {
name = "qmmp-1.3.1";
name = "qmmp-1.3.2";
src = fetchurl {
url = "http://qmmp.ylsoftware.com/files/${name}.tar.bz2";
sha256 = "1dmybzibpr6hpr2iv1wvrjgww842mng2x0rh1mr8gs8j191xvlhw";
sha256 = "1rh063kcyg7gs9yj2r4v5irpnq4pjaxaxsgrw30mdr21xhhc15cz";
};
nativeBuildInputs = [ cmake pkgconfig ];
buildInputs =
[ # basic requirements
cmake pkgconfig xlibsWrapper
qtbase qttools qtmultimedia qtx11extras
qtbase qttools qtmultimedia qtx11extras xlibsWrapper
# transports
curl libmms
# input plugins

5
pkgs/applications/audio/vcv-rack/default.nix
Unescape View File

@ -72,8 +72,9 @@ with stdenv.lib; stdenv.mkDerivation rec {
meta = with stdenv.lib; {
description = "Open-source virtual modular synthesizer";
homepage = http://vcvrack.com/;
# The source is BSD-3 licensed, some of the art is CC-BY-NC 4.0 or unfree
license = [ licenses.bsd3 licenses.cc-by-nc-40 licenses.unfree ];
# The source is BSD-3 licensed, some of the art is CC-BY-NC 4.0 or under a
# no-derivatives clause
license = with licenses; [ bsd3 cc-by-nc-40 unfreeRedistributable ];
maintainers = with maintainers; [ moredread ];
platforms = platforms.linux;
};

8
pkgs/applications/editors/android-studio/default.nix
Unescape View File

@ -12,11 +12,11 @@ let
build = "183.5452501";
sha256Hash = "0i8wz9v6nxzr27a07cv2330i84v94pcl13gjwvpglp55hyzd8axd";
};
betaVersion = stableVersion;
betaVersion = latestVersion;
latestVersion = { # canary & dev
version = "3.5.0.12"; # "Android Studio 3.5 Canary 13"
build = "191.5487692";
sha256Hash = "0iwd2qa551rs9b0w4rs7wmzdbh3r4j76xvs815l6i5pilk0s47gz";
version = "3.5.0.13"; # "Android Studio 3.5 Beta 1"
build = "191.5529924";
sha256Hash = "0i710n2wr0a8lvxf1mg6a5pmdh1l72wa0hwyricyixi0mylwwc6l";
};
in rec {
# Attributes are named by their corresponding release channels

6
pkgs/applications/editors/howl/default.nix
Unescape View File

@ -4,12 +4,12 @@ with stdenv.lib;
stdenv.mkDerivation rec {
name = "howl-${version}";
version = "0.5.3";
version = "0.6";
# Use the release tarball containing pre-downloaded dependencies sources
src = fetchurl {
url = "https://github.com/howl-editor/howl/releases/download/0.5.3/howl-0.5.3.tgz";
sha256 = "0gnc8vr5h8mwapbcqc1zr9la62rb633awyqgy8q7pwjpiy85a03v";
url = "https://github.com/howl-editor/howl/releases/download/${version}/howl-${version}.tgz";
sha256 = "1qc58l3rkr37cj6vhf8c7bnwbz93nscyraz7jxqwjq6k4gj0cjw3";
};
sourceRoot = "./howl-${version}/src";

8
pkgs/applications/editors/jetbrains/default.nix
Unescape View File

@ -263,12 +263,12 @@ in
datagrip = buildDataGrip rec {
name = "datagrip-${version}";
version = "2019.1.1"; /* updated by script */
version = "2019.1.2"; /* updated by script */
description = "Your Swiss Army Knife for Databases and SQL";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/datagrip/${name}.tar.gz";
sha256 = "0w6hasb8vcbxdqmb0pngwr2jg0w14prqb4v7blraa5jf1xyyiayd"; /* updated by script */
sha256 = "0157ccc94pwk4a8r1pvvjzd0g4liqqns6b0cmimfjhxsh6bnarww"; /* updated by script */
};
wmClass = "jetbrains-datagrip";
update-channel = "DataGrip RELEASE";
@ -354,12 +354,12 @@ in
rider = buildRider rec {
name = "rider-${version}";
version = "2018.3.4"; /* updated by script */
version = "2019.1.1"; /* updated by script */
description = "A cross-platform .NET IDE based on the IntelliJ platform and ReSharper";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/rider/JetBrains.Rider-${version}.tar.gz";
sha256 = "1klmg8wgj3shp4s0n2nn7n39zsk1mch6g9ifhwn5cgywpbzgam4p"; /* updated by script */
sha256 = "0441y92b3xqf7xh8k4vc0m7dfm91psnrwlv3mjzbsv09jrk1kbq7"; /* updated by script */
};
wmClass = "jetbrains-rider";
update-channel = "Rider RELEASE";

4
pkgs/applications/editors/neovim/default.nix
Unescape View File

@ -21,13 +21,13 @@ let
in
stdenv.mkDerivation rec {
name = "neovim-unwrapped-${version}";
version = "0.3.4";
version = "0.3.5";
src = fetchFromGitHub {
owner = "neovim";
repo = "neovim";
rev = "v${version}";
sha256 = "07ncvgp6xfhiwc6hd7qf7zk28n3yj47p26qj1ji29vqkwnk28y3s";
sha256 = "113lrr9gwimvvzlkwlishm4cjqcf30xq9jfxn7vh41ckgnbiwf3w";
};
patches = [

15
pkgs/applications/editors/rstudio/fix-cmake.patch
Unescape View File

@ -1,15 +0,0 @@
diff --git a/src/cpp/desktop/CMakeLists.txt b/src/cpp/desktop/CMakeLists.txt
index f5701bf735..27af4148ff 100644
--- a/src/cpp/desktop/CMakeLists.txt
+++ b/src/cpp/desktop/CMakeLists.txt
@@ -112,6 +112,7 @@ find_package(Qt5WebEngine REQUIRED)
find_package(Qt5WebEngineWidgets REQUIRED)
find_package(Qt5PrintSupport REQUIRED)
find_package(Qt5Quick REQUIRED)
+find_package(Qt5QuickWidgets REQUIRED)
find_package(Qt5Positioning REQUIRED)
find_package(Qt5Sensors REQUIRED)
find_package(Qt5Svg REQUIRED)
--
2.17.1

9
pkgs/applications/graphics/digikam/default.nix
Unescape View File

@ -8,6 +8,7 @@
, qtsvg
, qtwebengine
, akonadi-contacts
, kcalcore
, kconfigwidgets
, kcoreaddons
@ -50,14 +51,14 @@
}:
mkDerivation rec {
name = "digikam-${version}";
version = "6.0.0";
pname = "digikam";
version = "6.1.0";
src = fetchFromGitHub {
owner = "KDE";
repo = "digikam";
rev = "v${version}";
sha256 = "1ifvrn0bm7fp07d059rl4dy146qzdxafl36ipxg1fg00dkv95hh4";
sha256 = "0h0jqfgpanhxfi3r7cgip58ppypqx79z6c5jj7i7f19hp2zziip8";
};
nativeBuildInputs = [ cmake doxygen extra-cmake-modules kdoctools wrapGAppsHook ];
@ -88,6 +89,7 @@ mkDerivation rec {
qtsvg
qtwebengine
akonadi-contacts
kcalcore
kconfigwidgets
kcoreaddons
@ -112,6 +114,7 @@ mkDerivation rec {
preFixup = ''
gappsWrapperArgs+=(--prefix PATH : ${lib.makeBinPath [ gnumake hugin enblend-enfuse ]})
gappsWrapperArgs+=(--suffix DK_PLUGIN_PATH : ${placeholder "out"}/${qtbase.qtPluginPrefix}/${pname})
substituteInPlace $out/bin/digitaglinktree \
--replace "/usr/bin/perl" "${perl}/bin/perl" \
--replace "/usr/bin/sqlite3" "${sqlite}/bin/sqlite3"

3
pkgs/applications/graphics/gimp/wrapper.nix
Unescape View File

@ -1,4 +1,4 @@
{ stdenv, lib, symlinkJoin, gimp, makeWrapper, gimpPlugins, plugins ? null}:
{ stdenv, lib, symlinkJoin, gimp, makeWrapper, gimpPlugins, gnome3, plugins ? null}:
let
allPlugins = lib.filter (pkg: builtins.isAttrs pkg && pkg.type == "derivation" && !pkg.meta.broken or false) (lib.attrValues gimpPlugins);
@ -17,6 +17,7 @@ in symlinkJoin {
for each in gimp-${versionBranch} gimp-console-${versionBranch}; do
wrapProgram $out/bin/$each \
--set GIMP2_PLUGINDIR "$out/lib/gimp/2.0" \
--prefix GTK_PATH : "${gnome3.gnome-themes-extra}/lib/gtk-2.0" \
${toString extraArgs}
done
set +x

4
pkgs/applications/graphics/ipe/default.nix
Unescape View File

@ -3,11 +3,11 @@
}:
stdenv.mkDerivation rec {
name = "ipe-7.2.11";
name = "ipe-7.2.12";
src = fetchurl {
url = "https://dl.bintray.com/otfried/generic/ipe/7.2/${name}-src.tar.gz";
sha256 = "09d71fdpiz359mcnb57460w2mcfizvlnidd6g1k4c3v6rglwlbd2";
sha256 = "1qw1cmwzi3wxk4x916i9y4prhi9brnwl14i9a1cbw23x1sr7i6kw";
};
sourceRoot = "${name}/src";

25
pkgs/applications/graphics/openscad/default.nix
Unescape View File

@ -1,6 +1,6 @@
{ stdenv, fetchFromGitHub, qt5, libsForQt5
, bison, flex, eigen, boost, libGLU_combined, glew, opencsg, cgal
, mpfr, gmp, glib, pkgconfig, harfbuzz, gettext
, mpfr, gmp, glib, pkgconfig, harfbuzz, gettext, freetype, fontconfig
}:
stdenv.mkDerivation rec {
@ -18,11 +18,13 @@ stdenv.mkDerivation rec {
sha256 = "1y63yqyd0v255liik4ff5ak6mj86d8d76w436x76hs5dk6jgpmfb";
};
nativeBuildInputs = [ bison flex pkgconfig ];
buildInputs = [
bison flex eigen boost libGLU_combined glew opencsg cgal mpfr gmp glib
pkgconfig harfbuzz gettext
]
++ (with qt5; [qtbase qmake])
eigen boost glew opencsg cgal mpfr gmp glib
harfbuzz gettext freetype fontconfig
] ++ stdenv.lib.optional stdenv.isLinux libGLU_combined
++ (with qt5; [qtbase qmake] ++ stdenv.lib.optional stdenv.isDarwin qtmacextras)
++ (with libsForQt5; [qscintilla])
;
@ -33,6 +35,17 @@ stdenv.mkDerivation rec {
doCheck = false;
postInstall = stdenv.lib.optionalString stdenv.isDarwin ''
mkdir $out/Applications
mv $out/bin/*.app $out/Applications
rmdir $out/bin || true
mv --target-directory=$out/Applications/OpenSCAD.app/Contents/Resources \
$out/share/openscad/{examples,color-schemes,locale,libraries,fonts}
rmdir $out/share/openscad
'';
meta = {
description = "3D parametric model compiler";
longDescription = ''
@ -48,7 +61,7 @@ stdenv.mkDerivation rec {
'';
homepage = http://openscad.org/;
license = stdenv.lib.licenses.gpl2;
platforms = stdenv.lib.platforms.linux;
platforms = stdenv.lib.platforms.unix;
maintainers = with stdenv.lib.maintainers;
[ bjornfor raskin the-kenny ];
};

4
pkgs/applications/graphics/renderdoc/default.nix
Unescape View File

@ -12,14 +12,14 @@ let
};
in
stdenv.mkDerivation rec {
version = "1.2";
version = "1.4";
name = "renderdoc-${version}";
src = fetchFromGitHub {
owner = "baldurk";
repo = "renderdoc";
rev = "v${version}";
sha256 = "0s1q5d58x18yz3nf94pv5i1qd2hc0a4gdj4qkpcn8s6ms2x05pz4";
sha256 = "1iann73r4yzkwnm13h4zqipqrp5i5cnkv27yyap0axz6h3npw94r";
};
buildInputs = [

6
pkgs/applications/kde/kgpg.nix
Unescape View File

@ -1,7 +1,7 @@
{
mkDerivation, lib,
extra-cmake-modules, kdoctools, ki18n, makeWrapper,
akonadi-contacts, gnupg1, karchive, kcodecs, kcontacts, kcoreaddons,
akonadi-contacts, gnupg, karchive, kcodecs, kcontacts, kcoreaddons,
kcrash, kdbusaddons, kiconthemes, kjobwidgets, kio, knotifications, kservice,
ktextwidgets, kxmlgui, kwidgetsaddons, kwindowsystem, qgpgme,
}:
@ -10,12 +10,12 @@ mkDerivation {
name = "kgpg";
nativeBuildInputs = [ extra-cmake-modules kdoctools makeWrapper ];
buildInputs = [
akonadi-contacts gnupg1 karchive kcodecs kcontacts kcoreaddons kcrash
akonadi-contacts gnupg karchive kcodecs kcontacts kcoreaddons kcrash
kdbusaddons ki18n kiconthemes kjobwidgets kio knotifications kservice
ktextwidgets kxmlgui kwidgetsaddons kwindowsystem qgpgme
];
postFixup = ''
wrapProgram "$out/bin/kgpg" --prefix PATH : "${lib.makeBinPath [ gnupg1 ]}"
wrapProgram "$out/bin/kgpg" --prefix PATH : "${lib.makeBinPath [ gnupg ]}"
'';
meta = {
license = [ lib.licenses.gpl2 ];

7
pkgs/applications/misc/audio/sox/default.nix
Unescape View File

@ -1,9 +1,10 @@
{ config, lib, stdenv, fetchurl, CoreAudio
{ config, lib, stdenv, fetchurl, pkgconfig, CoreAudio
, enableAlsa ? true, alsaLib ? null
, enableLibao ? true, libao ? null
, enableLame ? config.sox.enableLame or false, lame ? null
, enableLibmad ? true, libmad ? null
, enableLibogg ? true, libogg ? null, libvorbis ? null
, enableOpusfile ? true, opusfile ? null
, enableFLAC ? true, flac ? null
, enablePNG ? true, libpng ? null
, enableLibsndfile ? true, libsndfile ? null
@ -22,12 +23,16 @@ stdenv.mkDerivation rec {
sha256 = "0v2znlxkxxcd3f48hf3dx9pq7i6fdhb62kgj7wv8xggz8f35jpxl";
};
# configure.ac uses pkg-config only to locate libopusfile
nativeBuildInputs = optional enableOpusfile pkgconfig;
buildInputs =
optional (enableAlsa && stdenv.isLinux) alsaLib ++
optional enableLibao libao ++
optional enableLame lame ++
optional enableLibmad libmad ++
optionals enableLibogg [ libogg libvorbis ] ++
optional enableOpusfile opusfile ++
optional enableFLAC flac ++
optional enablePNG libpng ++
optional enableLibsndfile libsndfile ++

45
pkgs/applications/misc/bemenu/default.nix
Unescape View File

@ -0,0 +1,45 @@
{ stdenv, fetchFromGitHub, cairo, cmake, libxkbcommon
, pango, fribidi, harfbuzz, pcre, pkgconfig
, ncursesSupport ? true, ncurses ? null
, waylandSupport ? true, wayland ? null
, x11Support ? true, xlibs ? null, xorg ? null
}:
assert ncursesSupport -> ncurses != null;
assert waylandSupport -> wayland != null;
assert x11Support -> xlibs != null && xorg != null;
stdenv.mkDerivation rec {
pname = "bemenu";
version = "0.1.0";
src = fetchFromGitHub {
owner = "Cloudef";
repo = "bemenu";
rev = "33e540a2b04ce78f5c7ab4a60b899c67f586cc32";
sha256 = "11h55m9dx6ai12pqij52ydjm36dvrcc856pa834njihrp626pl4w";
};
nativeBuildInputs = [ cmake pkgconfig pcre ];
buildInputs = with stdenv.lib; [
cairo
fribidi
harfbuzz
libxkbcommon
pango
] ++ optionals ncursesSupport [ ncurses ]
++ optionals waylandSupport [ wayland ]
++ optionals x11Support [
xlibs.libX11 xlibs.libXinerama xlibs.libXft
xorg.libXdmcp xorg.libpthreadstubs xorg.libxcb
];
meta = with stdenv.lib; {
homepage = "https://github.com/Cloudef/bemenu";
description = "Dynamic menu library and client program inspired by dmenu";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ thiagokokada ];
platforms = with platforms; linux;
};
}

12
pkgs/applications/misc/calcurse/default.nix
Unescape View File

@ -9,17 +9,13 @@ stdenv.mkDerivation rec {
sha256 = "0vw2xi6a2lrhrb8n55zq9lv4mzxhby4xdf3hmi1vlfpyrpdwkjzd";
};
buildInputs = [ ncurses gettext python3 ];
buildInputs = [ ncurses gettext python3 python3Packages.wrapPython ];
nativeBuildInputs = [ makeWrapper ];
# Build Python environment with httplib2 for calcurse-caldav
pythonEnv = python3Packages.python.buildEnv.override {
extraLibs = [ python3Packages.httplib2 ];
};
propagatedBuildInputs = [ pythonEnv ];
postInstall = ''
substituteInPlace $out/bin/calcurse-caldav --replace /usr/bin/python3 ${pythonEnv}/bin/python3
patchShebangs .
buildPythonPath ${python3Packages.httplib2}
patchPythonScript $out/bin/calcurse-caldav
'';
meta = with stdenv.lib; {

43
pkgs/applications/misc/electrum/default.nix
Unescape View File

@ -1,28 +1,36 @@
{ stdenv, fetchFromGitHub, python3, python3Packages, zbar, secp256k1 }:
{ stdenv, fetchurl, fetchFromGitHub, python3, python3Packages, zbar, secp256k1 }:
let
qdarkstyle = python3Packages.buildPythonPackage rec {
pname = "QDarkStyle";
version = "2.5.4";
src = python3Packages.fetchPypi {
inherit pname version;
sha256 = "1w715m1i5pycfqcpkrggpn0rs9cakx6cm5v8rggcxnf4p0i0kdiy";
};
doCheck = false; # no tests
version = "3.3.5";
# Not provided in official source releases, which are what upstream signs.
tests = fetchFromGitHub {
owner = "spesmilo";
repo = "electrum";
rev = version;
sha256 = "11rzzrv5xxqazcb7q1ig93d6cisqmd1x0jrgvfgzysbzvi51gg11";
extraPostFetch = ''
mv $out ./all
mv ./all/electrum/tests $out
'';
};
in
python3Packages.buildPythonApplication rec {
pname = "electrum";
version = "3.3.4";
inherit version;
src = fetchFromGitHub {
owner = "spesmilo";
repo = "electrum";
rev = version;
sha256 = "0yxdpc602jnd14xz3px85ka0b6db98zwbgfi9a3vj8p1k3mmiwaj";
src = fetchurl {
url = "https://download.electrum.org/${version}/Electrum-${version}.tar.gz";
sha256 = "1csj0n96zlajnrs39wsazfj5lmy7v7n77cdz56lr8nkmchh6k9z1";
};
postUnpack = ''
# can't symlink, tests get confused
cp -ar ${tests} $sourceRoot/electrum/tests
'';
propagatedBuildInputs = with python3Packages; [
aiorpcx
aiohttp
@ -64,7 +72,10 @@ python3Packages.buildPythonApplication rec {
rm -rf $out/${python3.sitePackages}/nix
substituteInPlace $out/share/applications/electrum.desktop \
--replace "Exec=electrum %u" "Exec=$out/bin/electrum %u"
--replace 'Exec=sh -c "PATH=\"\\$HOME/.local/bin:\\$PATH\"; electrum %u"' \
"Exec=$out/bin/electrum %u" \
--replace 'Exec=sh -c "PATH=\"\\$HOME/.local/bin:\\$PATH\"; electrum --testnet %u"' \
"Exec=$out/bin/electrum --testnet %u"
'';
checkInputs = with python3Packages; [ pytest ];

21
pkgs/applications/misc/gallery-dl/default.nix
Unescape View File

@ -0,0 +1,21 @@
{ lib, python3Packages }:
python3Packages.buildPythonApplication rec {
pname = "gallery_dl";
version = "1.8.3";
src = python3Packages.fetchPypi {
inherit pname version;
sha256 = "671ee6ff7baa3d63393d9856686313b4e0146f875dd937326942dd2fff605a72";
};
doCheck = false;
propagatedBuildInputs = with python3Packages; [ requests ];
meta = {
description = "Command-line program to download image-galleries and -collections from several image hosting sites";
homepage = https://github.com/mikf/gallery-dl;
license = lib.licenses.gpl2;
maintainers = with lib.maintainers; [ dawidsowa ];
};
}

22
pkgs/applications/misc/gpsbabel/clang-4.patch
Unescape View File

@ -1,22 +0,0 @@
diff --git a/bushnell.cc b/bushnell.cc
index 8fa844d..40707c4 100644
--- a/bushnell.cc
+++ b/bushnell.cc
@@ -135,7 +135,7 @@ bushnell_get_icon_from_name(QString name)
name = "Waypoint";
}
- for (t = bushnell_icons; t->icon > 0; t++) {
+ for (t = bushnell_icons; t->icon != 0; t++) {
if (0 == name.compare(t->icon, Qt::CaseInsensitive)) {
return t->symbol;
}
@@ -147,7 +147,7 @@ static const char*
bushnell_get_name_from_symbol(signed int s)
{
icon_mapping_t* t;
- for (t = bushnell_icons; t->icon > 0; t++) {
+ for (t = bushnell_icons; t->icon != 0; t++) {
if (s == t->symbol) {
return t->icon;
}

5
pkgs/applications/misc/gpsbabel/default.nix
Unescape View File

@ -2,17 +2,16 @@
stdenv.mkDerivation rec {
name = "gpsbabel-${version}";
version = "1.5.4";
version = "1.6.0";
src = fetchFromGitHub {
owner = "gpsbabel";
repo = "gpsbabel";
rev = "gpsbabel_${lib.replaceStrings ["."] ["_"] version}";
sha256 = "0v6wpp14zkfbarmksf9dn3wmpj1araxd7xi5xp7gpl7kafb9aiwi";
sha256 = "0q17jhmaf7z5lld2ff7h6jb3v1yz8hbwd2rmaq2dsamc53dls8iw";
};
patches = [
./clang-4.patch
(fetchpatch {
url = https://sources.debian.net/data/main/g/gpsbabel/1.5.3-2/debian/patches/use_minizip;
sha256 = "03fpsmlx1wc48d1j405zkzp8j64hcp0z72islf4mk1immql3ibcr";

1
pkgs/applications/misc/hello/default.nix
Unescape View File

@ -18,6 +18,7 @@ stdenv.mkDerivation rec {
It is fully customizable.
'';
homepage = https://www.gnu.org/software/hello/manual/;
changelog = "https://git.savannah.gnu.org/cgit/hello.git/plain/NEWS?h=v${version}";
license = licenses.gpl3Plus;
maintainers = [ maintainers.eelco ];
platforms = platforms.all;

9
pkgs/applications/misc/hubstaff/default.nix
Unescape View File

@ -5,7 +5,9 @@
let
version = "1.3.1-ff75f26";
data = builtins.fromJSON (builtins.readFile ./revision.json);
inherit (data) version url sha256;
rpath = stdenv.lib.makeLibraryPath
[ libX11 zlib libSM libICE libXext freetype libXrender fontconfig libXft
@ -17,10 +19,7 @@ in
stdenv.mkDerivation {
name = "hubstaff-${version}";
src = fetchurl {
url = "https://hubstaff-production.s3.amazonaws.com/downloads/HubstaffClient/Builds/Release/${version}/Hubstaff-${version}.sh";
sha256 = "0jm5l34r6lkfkg8vsdfqbr0axngxznhagwcl9y184lnyji91fmdl";
};
src = fetchurl { inherit sha256 url; };
nativeBuildInputs = [ unzip makeWrapper ];

5
pkgs/applications/misc/hubstaff/revision.json
Unescape View File

@ -0,0 +1,5 @@
{
"url": "https://hubstaff-production.s3.amazonaws.com/downloads/HubstaffClient/Builds/Release/1.4.5-c5b459ea/Hubstaff-1.4.5-c5b459ea.sh",
"version": "1.4.5-c5b459ea",
"sha256": "180qglbj175wln0kh8d5czhjvy7z503zxn4w6522hkz4ddz201nz"
}

18
pkgs/applications/misc/hubstaff/update.sh
Unescape View File

@ -0,0 +1,18 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p nix-prefetch-git curl
SCRIPT_DIR=$(dirname "$(readlink -f "$BASH_SOURCE")")
installation_script_url=$(curl --fail --head --location --silent --output /dev/null --write-out %{url_effective} https://app.hubstaff.com/download/linux)
version=$(echo "$installation_script_url" | sed -r 's/^https:\/\/hubstaff\-production\.s3\.amazonaws\.com\/downloads\/HubstaffClient\/Builds\/Release\/([^\/]+)\/Hubstaff.+$/\1/')
sha256=$(nix-prefetch-url "$installation_script_url")
cat <<EOT > $SCRIPT_DIR/revision.json
{
"url": "$installation_script_url",
"version": "$version",
"sha256": "$sha256"
}
EOT

4
pkgs/applications/misc/josm/default.nix
Unescape View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "josm-${version}";
version = "14945";
version = "15031";
src = fetchurl {
url = "https://josm.openstreetmap.de/download/josm-snapshot-${version}.jar";
sha256 = "0kdfdn0i7gjfkkllb93598ywf0qlllzsia5q14szc5b5assl8qpb";
sha256 = "19qw1s5v0dha329a7rfnhby0rq5d109b3f1ln2w1dfkmirbl75ir";
};
buildInputs = [ jdk11 makeWrapper ];

23
pkgs/applications/misc/k2pdfopt/default.nix
Unescape View File

@ -57,7 +57,28 @@ stdenv.mkDerivation rec {
prePatch = ''
cp ${src}/leptonica_mod/{allheaders.h,dewarp2.c,leptwin.c} src/
'';
patches = [];
patches = [
# stripped down copy of upstream commit b88c821f8d347bce0aea86d606c710303919f3d2
./leptonica-CVE-2018-3836.patch
(fetchpatch {
# CVE-2018-7186
url = "https://github.com/DanBloomberg/leptonica/commit/"
+ "ee301cb2029db8a6289c5295daa42bba7715e99a.patch";
sha256 = "0cgb7mvz2px1rg5i80wk1wxxjvzjga617d8q6j7qygkp7jm6495d";
})
(fetchpatch {
# CVE-2018-7247
url = "https://github.com/DanBloomberg/leptonica/commit/"
+ "c1079bb8e77cdd426759e466729917ca37a3ed9f.patch";
sha256 = "1z4iac5gwqggh7aa8cvyp6nl9fwd1v7wif26caxc9y5qr3jj34qf";
})
(fetchpatch {
# CVE-2018-7440
url = "https://github.com/DanBloomberg/leptonica/commit/"
+ "49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b.patch";
sha256 = "1hjmva98iaw9xj7prg7aimykyayikcwnk4hk0380007hqb35lqmy";
})
];
});
tesseract_modded = tesseract4.override {
tesseractBase = tesseract4.tesseractBase.overrideAttrs (_: {

95
pkgs/applications/misc/k2pdfopt/leptonica-CVE-2018-3836.patch
Unescape View File

@ -0,0 +1,95 @@
--- a/src/allheaders.h
+++ b/src/allheaders.h
@@ -2600,6 +2600,7 @@
LEPT_DLL extern char * stringReverse ( const char *src );
LEPT_DLL extern char * strtokSafe ( char *cstr, const char *seps, char **psaveptr );
LEPT_DLL extern l_int32 stringSplitOnToken ( char *cstr, const char *seps, char **phead, char **ptail );
+LEPT_DLL extern l_int32 stringCheckForChars ( const char *src, const char *chars, l_int32 *pfound );
LEPT_DLL extern char * stringRemoveChars ( const char *src, const char *remchars );
LEPT_DLL extern l_int32 stringFindSubstr ( const char *src, const char *sub, l_int32 *ploc );
LEPT_DLL extern char * stringReplaceSubstr ( const char *src, const char *sub1, const char *sub2, l_int32 *pfound, l_int32 *ploc );
--- a/src/gplot.c
+++ b/src/gplot.c
@@ -141,9 +141,10 @@
const char *xlabel,
const char *ylabel)
{
-char *newroot;
-char buf[L_BUF_SIZE];
-GPLOT *gplot;
+char *newroot;
+char buf[L_BUF_SIZE];
+l_int32 badchar;
+GPLOT *gplot;
PROCNAME("gplotCreate");
@@ -152,6 +153,9 @@
if (outformat != GPLOT_PNG && outformat != GPLOT_PS &&
outformat != GPLOT_EPS && outformat != GPLOT_LATEX)
return (GPLOT *)ERROR_PTR("outformat invalid", procName, NULL);
+ stringCheckForChars(rootname, "`;&|><\"?*", &badchar);
+ if (badchar) /* danger of command injection */
+ return (GPLOT *)ERROR_PTR("invalid rootname", procName, NULL);
if ((gplot = (GPLOT *)LEPT_CALLOC(1, sizeof(GPLOT))) == NULL)
return (GPLOT *)ERROR_PTR("gplot not made", procName, NULL);
--- a/src/utils2.c
+++ b/src/utils2.c
@@ -42,6 +42,7 @@
* l_int32 stringSplitOnToken()
*
* Find and replace string and array procs
+ * l_int32 stringCheckForChars()
* char *stringRemoveChars()
* l_int32 stringFindSubstr()
* char *stringReplaceSubstr()
@@ -701,6 +702,48 @@
/*--------------------------------------------------------------------*
* Find and replace procs *
*--------------------------------------------------------------------*/
+/*!
+ * \brief stringCheckForChars()
+ *
+ * \param[in] src input string; can be of zero length
+ * \param[in] chars string of chars to be searched for in %src
+ * \param[out] pfound 1 if any characters are found; 0 otherwise
+ * \return 0 if OK, 1 on error
+ *
+ * <pre>
+ * Notes:
+ * (1) This can be used to sanitize an operation by checking for
+ * special characters that don't belong in a string.
+ * </pre>
+ */
+l_int32
+stringCheckForChars(const char *src,
+ const char *chars,
+ l_int32 *pfound)
+{
+char ch;
+l_int32 i, n;
+
+ PROCNAME("stringCheckForChars");
+
+ if (!pfound)
+ return ERROR_INT("&found not defined", procName, 1);
+ *pfound = FALSE;
+ if (!src || !chars)
+ return ERROR_INT("src and chars not both defined", procName, 1);
+
+ n = strlen(src);
+ for (i = 0; i < n; i++) {
+ ch = src[i];
+ if (strchr(chars, ch)) {
+ *pfound = TRUE;
+ break;
+ }
+ }
+ return 0;
+}
+
+
/*!
* \brief stringRemoveChars()
*

15
pkgs/applications/misc/kitty/default.nix
Unescape View File

@ -2,7 +2,7 @@
harfbuzz, fontconfig, pkgconfig, ncurses, imagemagick, xsel,
libstartup_notification, libX11, libXrandr, libXinerama, libXcursor,
libxkbcommon, libXi, libXext, wayland-protocols, wayland,
which, dbus,
which, dbus, fetchpatch,
Cocoa,
CoreGraphics,
Foundation,
@ -67,6 +67,17 @@ buildPythonApplication rec {
libstartup_notification = "${libstartup_notification}/lib/libstartup-notification-1.so";
})
] ++ stdenv.lib.optionals stdenv.isDarwin [
(fetchpatch {
name = "macos-symlink-1";
url = https://github.com/kovidgoyal/kitty/commit/bdeec612667f6976109247fe1750b10dda9c24c0.patch;
sha256 = "1d18x260w059qag80kgb2cgi2h4rricvqhwpbrw79s8yxzs7jhxk";
})
(fetchpatch {
# fixup of previous patch
name = "macos-symlink-2";
url = https://github.com/kovidgoyal/kitty/commit/af2c9a49b1ad31e94242295d88598591623fbf11.patch;
sha256 = "0k3dmgbvmh66j8k3h8dw6la6ma6f20fng6jjypy982kxvracsnl5";
})
./macos-10.11.patch
./no-lto.patch
./no-werror.patch
@ -84,7 +95,7 @@ buildPythonApplication rec {
mkdir -p $out
${if stdenv.isDarwin then ''
mkdir "$out/bin"
ln -s ../Applications/kitty.app/Contents/MacOS/kitty "$out/bin/kitty"
ln -s ../Applications/kitty.app/Contents/MacOS/kitty-deref-symlink "$out/bin/kitty"
mkdir "$out/Applications"
cp -r kitty.app "$out/Applications/kitty.app"
'' else ''

8
pkgs/applications/misc/moonlight-embedded/default.nix
Unescape View File

@ -1,18 +1,18 @@
{ stdenv, fetchFromGitHub, cmake, perl
, alsaLib, libevdev, libopus, udev, SDL2
, ffmpeg, pkgconfig, xorg, libvdpau, libpulseaudio, libcec
, curl, expat, avahi, enet, libuuid
, curl, expat, avahi, enet, libuuid, libva
}:
stdenv.mkDerivation rec {
name = "moonlight-embedded-${version}";
version = "2.4.7";
version = "2.4.9";
src = fetchFromGitHub {
owner = "irtimmer";
repo = "moonlight-embedded";
rev = "v${version}";
sha256 = "0ihgb0kh4rhbgn55s25rfbs8063zqvcyqn137jn3nsc0is1595a9";
sha256 = "1mzs0dr6bg57kjyxjh48hfmlsil7fvgqf9lhjzxxj3llvpxwws86";
fetchSubmodules = true;
};
@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
buildInputs = [
alsaLib libevdev libopus udev SDL2
ffmpeg pkgconfig xorg.libxcb libvdpau libpulseaudio libcec
xorg.libpthreadstubs curl expat avahi enet libuuid
xorg.libpthreadstubs curl expat avahi enet libuuid libva
];
meta = with stdenv.lib; {

19
pkgs/applications/misc/octoprint/default.nix
Unescape View File

@ -15,13 +15,26 @@ let
packageOverrides = lib.foldr lib.composeExtensions (self: super: { }) ([
(mkOverride "flask" "0.10.1" "0wrkavjdjndknhp8ya8j850jq7a1cli4g5a93mg8nh1xz2gq50sc")
(mkOverride "flask_login" "0.2.11" "1rg3rsjs1gwi2pw6vr9jmhaqm9b3vc9c4hfcsvp4y8agbh7g3mc3")
(mkOverride "jinja2" "2.8.1" "14aqmhkc9rw5w0v311jhixdm6ym8vsm29dhyxyrjfqxljwx1yd1m")
(mkOverride "pylru" "1.0.9" "0b0pq0l7xv83dfsajsc49jcxzc99kb9jfx1a1dlx22hzcy962dvi")
(mkOverride "sarge" "0.1.4" "08s8896973bz1gg0pkr592w6g4p6v47bkfvws5i91p9xf8b35yar")
(mkOverride "tornado" "4.5.3" "02jzd23l4r6fswmwxaica9ldlyc2p6q8dk6dyff7j58fmdzf853d")
# https://github.com/NixOS/nixpkgs/pull/58179#issuecomment-478605134
(mkOverride "werkzeug" "0.14.1" "c3fd7a7d41976d9f44db327260e263132466836cef6f91512889ed60ad26557c")
# Octoprint holds back jinja2 to 2.8.1 due to breaking changes.
# This old version does not have updated test config for pytest 4,
# and pypi tarball doesn't contain tests dir anyways.
(pself: psuper: {
jinja2 = psuper.jinja2.overridePythonAttrs (oldAttrs: rec {
version = "2.8.1";
src = oldAttrs.src.override {
inherit version;
sha256 = "14aqmhkc9rw5w0v311jhixdm6ym8vsm29dhyxyrjfqxljwx1yd1m";
};
doCheck = false;
});
})
]);
};
@ -69,7 +82,7 @@ in py.pkgs.buildPythonApplication rec {
pylru pyyaml sarge feedparser netifaces click websocket_client
scandir chainmap future dateutil futures wrapt monotonic emoji
frozendict
];
] ++ lib.optionals stdenv.isDarwin [ py.pkgs.appdirs ];
checkInputs = with py.pkgs; [ nose mock ddt ];
@ -82,7 +95,7 @@ in py.pkgs.buildPythonApplication rec {
'';
checkPhase = ''
HOME=$(mktemp -d) nosetests
HOME=$(mktemp -d) nosetests ${lib.optionalString stdenv.isDarwin "--exclude=test_set_external_modification"}
'';
meta = with stdenv.lib; {

4
pkgs/applications/misc/playonlinux/default.nix
Unescape View File

@ -4,7 +4,7 @@
, cabextract
, gettext
, glxinfo
, gnupg1compat
, gnupg
, icoutils
, imagemagick
, netcat-gnu
@ -32,7 +32,7 @@ let
python2Packages.python
gettext
glxinfo
gnupg1compat
gnupg
icoutils
imagemagick
netcat-gnu

25
pkgs/applications/misc/pstree/default.nix
Unescape View File

@ -1,25 +0,0 @@
{ stdenv, fetchurl }:
stdenv.mkDerivation rec {
name = "pstree-2.39";
src = fetchurl {
urls = [
"http://www.sfr-fresh.com/unix/misc/${name}.tar.gz"
"https://distfiles.macports.org/pstree/${name}.tar.gz"
];
sha256 = "17s7v15c4gryjpi11y1xq75022nkg4ggzvjlq2dkmyg67ssc76vw";
};
unpackPhase = "unpackFile \$src; sourceRoot=.";
buildPhase = "pwd; $CC -o pstree pstree.c";
installPhase = "mkdir -p \$out/bin; cp pstree \$out/bin";
meta = {
description = "Show the set of running processes as a tree";
license = "GPL";
maintainers = [ ];
platforms = stdenv.lib.platforms.unix;
};
}

6
pkgs/applications/misc/taskell/default.nix
Unescape View File

@ -1,8 +1,8 @@
{ haskell, lib, haskellPackages, fetchFromGitHub }:
let
version = "1.3.2";
sha256 = "0cyysvkl8m1ldlprmw9mpvch3r244nl25yv74dwcykga3g5mw4aa";
version = "1.4.2";
sha256 = "1kpzjsbx2xbp43hd62nq03jcknp0dqvdlxjc9gc3fagaqfbfzny2";
in (haskellPackages.mkDerivation {
pname = "taskell";
@ -35,10 +35,12 @@ in (haskellPackages.mkDerivation {
# containers
# directory
file-embed
fold-debounce
http-conduit
http-client
http-types
lens
raw-strings-qq
# mtl
# template-haskell
# text

4
pkgs/applications/misc/tilix/default.nix
Unescape View File

@ -4,13 +4,13 @@
stdenv.mkDerivation rec {
pname = "tilix";
version = "1.9.0";
version = "1.9.3";
src = fetchFromGitHub {
owner = "gnunn1";
repo = "tilix";
rev = version;
sha256 = "1k8hqpq6bzmn06b4s8c257n37ghgp3fl7l9g6fy0giwk1x0ix735";
sha256 = "0mg9y4xd2pnv0smibg7dyy733jarvx6qpdqap3sj7fpyni0jvpph";
};
nativeBuildInputs = [

4
pkgs/applications/misc/tzupdate/default.nix
Unescape View File

@ -5,11 +5,11 @@ let
in
buildPythonApplication rec {
pname = "tzupdate";
version = "1.3.1";
version = "1.4.0";
src = fetchPypi {
inherit pname version;
sha256 = "085kp4v9ijhkfvr0r5rzn4z7nrkb2qig05j0bajb0gkgynwf8wnz";
sha256 = "1sc3z2bx2nhnxg82x0jy19pr8lw56chbr90c2lr11w495csqwhz7";
};
propagatedBuildInputs = [ requests ];

10
pkgs/applications/misc/zathura/core/default.nix
Unescape View File

@ -32,15 +32,15 @@ stdenv.mkDerivation rec {
] ++ optional synctexSupport "-Dsynctex=enabled";
nativeBuildInputs = [
meson ninja pkgconfig appstream-glib desktop-file-utils python3.pkgs.sphinx
meson ninja pkgconfig desktop-file-utils python3.pkgs.sphinx
gettext makeWrapper libxml2
];
] ++ optional stdenv.isLinux appstream-glib;
buildInputs = [
gtk girara libintl libseccomp
sqlite glib file librsvg
gtk girara libintl sqlite glib file librsvg
] ++ optional synctexSupport texlive.bin.core
++ optional stdenv.isDarwin [ gtk-mac-integration ];
++ optional stdenv.isLinux libseccomp
++ optional stdenv.isDarwin gtk-mac-integration;
meta = {
homepage = https://pwmt.org/projects/zathura/;

3
pkgs/applications/misc/zathura/default.nix
Unescape View File

@ -1,5 +1,6 @@
{ config, pkgs
, useMupdf ? config.zathura.useMupdf or true
# zathura_pdf_mupdf fails to load _opj_create_decompress at runtime on Darwin (https://github.com/NixOS/nixpkgs/pull/61295#issue-277982980)
, useMupdf ? config.zathura.useMupdf or (!pkgs.stdenv.isDarwin)
, synctexSupport ? true }:
let

4
pkgs/applications/misc/zathura/pdf-mupdf/default.nix
Unescape View File

@ -21,9 +21,7 @@ stdenv.mkDerivation rec {
buildInputs = [
zathura_core girara mupdf cairo
] ++ stdenv.lib.optional stdenv.isDarwin [
gtk-mac-integration
];
] ++ lib.optional stdenv.isDarwin gtk-mac-integration;
PKG_CONFIG_ZATHURA_PLUGINDIR= "lib/zathura";

794
pkgs/applications/networking/browsers/firefox-bin/beta_sources.nix
View File

File diff suppressed because it is too large Load Diff

794
pkgs/applications/networking/browsers/firefox-bin/release_sources.nix
View File

File diff suppressed because it is too large Load Diff

77
pkgs/applications/networking/browsers/firefox/fix-debug.patch
Unescape View File

@ -1,77 +0,0 @@
# HG changeset patch
# User Michelangelo De Simone <mdesimone@mozilla.com>
# Date 1479198095 28800
# Node ID fde6e9ccfc72fbc0fcd93af7a40436b216e7ea1a
# Parent 687eac6845a77d2cac5505da9c8912885c2a9e57
Bug 1013882 - TestInterfaceJS should be packaged only if it's available. r=glandium, a=jcristau
MozReview-Commit-ID: IEHesdoU4Sz
diff --git a/b2g/installer/package-manifest.in b/b2g/installer/package-manifest.in
--- a/b2g/installer/package-manifest.in
+++ b/b2g/installer/package-manifest.in
@@ -570,17 +570,17 @@
@RESPATH@/components/InputMethod.manifest
#ifdef MOZ_B2G
@RESPATH@/components/inputmethod.xpt
#endif
@RESPATH@/components/SystemUpdate.manifest
@RESPATH@/components/SystemUpdateManager.js
-#ifdef MOZ_DEBUG
+#if defined(ENABLE_TESTS) && defined(MOZ_DEBUG)
@RESPATH@/components/TestInterfaceJS.js
@RESPATH@/components/TestInterfaceJS.manifest
@RESPATH@/components/TestInterfaceJSMaplike.js
#endif
; Modules
@RESPATH@/modules/*
diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in
--- a/browser/installer/package-manifest.in
+++ b/browser/installer/package-manifest.in
@@ -554,17 +554,17 @@
@RESPATH@/components/PresentationControlService.js
@RESPATH@/components/PresentationDataChannelSessionTransport.js
@RESPATH@/components/PresentationDataChannelSessionTransport.manifest
; InputMethod API
@RESPATH@/components/MozKeyboard.js
@RESPATH@/components/InputMethod.manifest
-#ifdef MOZ_DEBUG
+#if defined(ENABLE_TESTS) && defined(MOZ_DEBUG)
@RESPATH@/components/TestInterfaceJS.js
@RESPATH@/components/TestInterfaceJS.manifest
@RESPATH@/components/TestInterfaceJSMaplike.js
#endif
; [Extensions]
@RESPATH@/components/extensions-toolkit.manifest
@RESPATH@/browser/components/extensions-browser.manifest
diff --git a/mobile/android/installer/package-manifest.in b/mobile/android/installer/package-manifest.in
--- a/mobile/android/installer/package-manifest.in
+++ b/mobile/android/installer/package-manifest.in
@@ -381,17 +381,17 @@
@BINPATH@/components/CaptivePortalDetectComponents.manifest
@BINPATH@/components/captivedetect.js
#ifdef MOZ_WEBSPEECH
@BINPATH@/components/dom_webspeechsynth.xpt
#endif
-#ifdef MOZ_DEBUG
+#if defined(ENABLE_TESTS) && defined(MOZ_DEBUG)
@BINPATH@/components/TestInterfaceJS.js
@BINPATH@/components/TestInterfaceJS.manifest
@BINPATH@/components/TestInterfaceJSMaplike.js
#endif
@BINPATH@/components/nsAsyncShutdown.manifest
@BINPATH@/components/nsAsyncShutdown.js

16
pkgs/applications/networking/browsers/firefox/packages.nix
Unescape View File

@ -17,10 +17,10 @@ rec {
firefox = common rec {
pname = "firefox";
ffversion = "66.0.4";
ffversion = "66.0.5";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz";
sha512 = "0mz2xrznma3hwb2b36hlv4qmnzbfcfhrxbxqhc8yyqxnc0fm4vxbbzh1pzvghp4182n98l1dignw95v11pfgi3gss7sz1zkiywz47sw";
sha512 = "18bcpbwzhc2fi6cqhxhh6jiw5akhzr7qqs6s8irjbvh7q8f3z2n046vrlvpblhbkc2kv1n0s14n49yzv432adqwa9qi8d57jnxyfqkf";
};
patches = [
@ -72,10 +72,10 @@ rec {
firefox-esr-60 = common rec {
pname = "firefox-esr";
ffversion = "60.6.2esr";
ffversion = "60.6.3esr";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz";
sha512 = "2gk11kffwmyq3m8dsjc86f7zfagl15msb8byrb4db4w4ssn335wax2p8m221xi4qnzf20fl0p1b30g5z8ivrxx2n19yknnwalazcjzd";
sha512 = "3zg75djd7mbr9alhkp7zqrky7g41apyf6ka0acv500dmpnhvn5v5i0wy9ks8v6vh7kcgw7bngf6msb7vbbps6whwdcqv3v4dqbg6yr2";
};
patches = [
@ -246,15 +246,15 @@ in rec {
tor-browser-8-0 = tbcommon rec {
ffversion = "60.6.1esr";
tbversion = "8.0.8";
tbversion = "8.0.9";
# FIXME: fetchFromGitHub is not ideal, unpacked source is >900Mb
src = fetchFromGitHub {
owner = "SLNOS";
repo = "tor-browser";
# branch "tor-browser-60.6.1esr-8.0-1-slnos"
rev = "dda14213c550afc522ef0bb0bb1643289c298736";
sha256 = "0lj79nczcix9mx6d0isbizg0f8apf6vgkp7r0q7id92691frj7fz";
# branch "tor-browser-60.6.1esr-8.0-1-r2-slnos"
rev = "d311540ce07f1f4f5e5789f9107f6e6ecc23988d";
sha256 = "0nz8vxv53vnqyk3ahakrr5xg6sgapvlmsb6s1pwwsb86fxk6pm5f";
};
patches = [

4
pkgs/applications/networking/browsers/qutebrowser/default.nix
Unescape View File

@ -21,12 +21,12 @@ let
in python3Packages.buildPythonApplication rec {
pname = "qutebrowser";
version = "1.6.1";
version = "1.6.2";
# the release tarballs are different from the git checkout!
src = fetchurl {
url = "https://github.com/qutebrowser/qutebrowser/releases/download/v${version}/${pname}-${version}.tar.gz";
sha256 = "1sckfp9l2jgg29p2p4vmd0g7yzbldimqy0a0jvf488yp47qj310p";
sha256 = "1yzwrpqpghlpy2d7pbjgcb73dbngw835l4xbimz5aa90mvqkbwg1";
};
# Needs tox

4
pkgs/applications/networking/browsers/vivaldi/default.nix
Unescape View File

@ -16,11 +16,11 @@ let
vivaldiName = if isSnapshot then "vivaldi-snapshot" else "vivaldi";
in stdenv.mkDerivation rec {
pname = "vivaldi";
version = "2.4.1488.40-1";
version = "2.5.1525.40-1";
src = fetchurl {
url = "https://downloads.vivaldi.com/${branch}/vivaldi-${branch}_${version}_amd64.deb";
sha256 = "0w084mamy72v1kkfgg8nn2q3hmfj7v216kkvqb52f1nyycqqzb37";
sha256 = "1samrhavjz21vynv1vz8qnv9bf30mcy0da0qkpa1vhbgkga5flgy";
};
unpackPhase = ''

6
pkgs/applications/networking/cluster/minikube/default.nix
Unescape View File

@ -14,9 +14,9 @@ let
in buildGoPackage rec {
pname = "minikube";
name = "${pname}-${version}";
version = "1.0.0";
version = "1.0.1";
kubernetesVersion = "1.14.0";
kubernetesVersion = "1.14.1";
goPackagePath = "k8s.io/minikube";
@ -24,7 +24,7 @@ in buildGoPackage rec {
owner = "kubernetes";
repo = "minikube";
rev = "v${version}";
sha256 = "170iy0h27gkz2hg485rnawdw069gxwgkwsjmfj5yag2kkgl7gxa3";
sha256 = "1fgyaq8789wc3h6xmn4iw6if2jxdv5my35yn6ipx3q6i4hagxl4b";
};
buildInputs = [ go-bindata makeWrapper gpgme ] ++ stdenv.lib.optional stdenv.hostPlatform.isDarwin vmnet;

152
pkgs/applications/networking/cluster/terraform-providers/data.nix
Unescape View File

@ -4,22 +4,22 @@
{
owner = "terraform-providers";
repo = "terraform-provider-acme";
version = "1.1.1";
sha256 = "0fva2kw82s94r4s4dpk38kcmssmcr71ia9jyg1rqmc00ifilfrzj";
version = "1.1.2";
sha256 = "1l77pckiwa72lwbwbqkjzy6m9xsgp13spmzc80gfl4q0gd3d46an";
};
alicloud =
{
owner = "terraform-providers";
repo = "terraform-provider-alicloud";
version = "1.39.0";
sha256 = "0m5fvqrvnb7v5iii67l743j3hq32rljrvnkgc7fcd46zrf38yl2h";
version = "1.41.0";
sha256 = "0bl24mgk0rangwwbz43ybymcivn3kjjg35rrvv7ashvhmx58qcf8";
};
archive =
{
owner = "terraform-providers";
repo = "terraform-provider-archive";
version = "1.2.1";
sha256 = "1avx3m0dkld0kmsi8ifqcla8254p1izh5wrziffr7r05s152r8qf";
version = "1.2.2";
sha256 = "1saprj2r74b63z03n80m3mfj3vhgvlm4gp2hzqzjbdgibxsz4jaw";
};
arukas =
{
@ -39,36 +39,36 @@
{
owner = "terraform-providers";
repo = "terraform-provider-aws";
version = "2.6.0";
sha256 = "0hpnyid5w33n8ypwcz3a43gazbvk6m60b57qll2qgx6bm1q75b19";
version = "2.9.0";
sha256 = "1gkw60ihc2b3qhb110m0mckfvb21lqgx4vc4x249mfxxk25i26s7";
};
azuread =
{
owner = "terraform-providers";
repo = "terraform-provider-azuread";
version = "0.2.0";
sha256 = "01aiynw905gbn6dv23971yhwv0kfcbckcqp4f65sypn1l8szqyjg";
version = "0.3.1";
sha256 = "1bs4m9hwdag58by49zsjpys3xvxg98nq8qims17mc82pbsz6mpag";
};
azurerm =
{
owner = "terraform-providers";
repo = "terraform-provider-azurerm";
version = "1.25.0";
sha256 = "1fhcljxz6cb5q1kd7aprxv1bga53x6fg65q5wkp985aaqnl42b8k";
version = "1.27.1";
sha256 = "0lxa84j9kzinblz7zp4gizizj0sy0vidkjvgnb99sr3861rak1x5";
};
azurestack =
{
owner = "terraform-providers";
repo = "terraform-provider-azurestack";
version = "0.5.0";
sha256 = "0pi8hjl6350ibkiz5pi86p58gkj8jf0a27ar04npsrn2wcz90k8z";
version = "0.6.0";
sha256 = "0lh0an3bz3kh2s6ncadikivr08fj8cvq7zm20csmjbgwgicq4gl8";
};
bigip =
{
owner = "terraform-providers";
repo = "terraform-provider-bigip";
version = "0.12.0";
sha256 = "0fmmlx757hph45ffm19zafjfkldg41qkw83vz0jjmvxicza1afbd";
version = "0.12.2";
sha256 = "0pplv5hi1kjli0jpya12crb5dkc6bkzvm8094rwhjbxb4f65ca5d";
};
bitbucket =
{
@ -81,8 +81,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-brightbox";
version = "1.1.1";
sha256 = "03fh287fmbg9jxsiniwj3sn6nsjdm46qv82b5aaqny3qmhjddjvq";
version = "1.1.2";
sha256 = "0k9qs7kpjznascads5llajzx2xkm4hdil2n4wl0fqy43s6dkvbbf";
};
chef =
{
@ -144,15 +144,15 @@
{
owner = "terraform-providers";
repo = "terraform-provider-datadog";
version = "1.8.0";
sha256 = "1pmz4gxhfynj7mjcl07n2ggz00vccw4bv6cmp7na3ssbpnjiy1wx";
version = "1.9.0";
sha256 = "0c5s9ywd6p4qjd964y33rcqcgfqz225x5rp0jlsqxbv9i2r91fb0";
};
digitalocean =
{
owner = "terraform-providers";
repo = "terraform-provider-digitalocean";
version = "1.1.0";
sha256 = "1w5xslm8939rz13bsiv9hfcl8cyvi03gr0h24c0ybwj8alxmxhb4";
version = "1.3.0";
sha256 = "1bi482s6s3v7sqknwwchscwwncwrhr4jl4gl4l25bngp1kd7cp7i";
};
dme =
{
@ -165,8 +165,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-dns";
version = "2.0.0";
sha256 = "1km0pq1wp0bdccb612z9n0kj9w7hn1yvhk7xszwp2mzs8qmd7flv";
version = "2.1.1";
sha256 = "1iyfsx1fbpvp3zjrkq8c46nr6d80z40mzkfc4axfpqyrp9xqiy8j";
};
dnsimple =
{
@ -193,8 +193,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-external";
version = "1.1.1";
sha256 = "110kqp4gsag3l8h9hwjdq98s9rz9f5w31mrs50rygdc0yd43hq8z";
version = "1.1.2";
sha256 = "12wdzm3y0fd840bdf0dczvvmdmfwpfwfwnf0j4g6n9asdcvjaqlh";
};
fastly =
{
@ -207,36 +207,36 @@
{
owner = "terraform-providers";
repo = "terraform-provider-flexibleengine";
version = "1.4.0";
sha256 = "1gj3y9xw9zzh2fs2i6q0afw591lhy1lvcn80xac4da08r5l3si6g";
version = "1.5.0";
sha256 = "17dksrqkh35wf0clqcd4v6ggmzc7xmrw8q7q0qa9n9zqyg1zibqk";
};
github =
{
owner = "terraform-providers";
repo = "terraform-provider-github";
version = "1.3.0";
sha256 = "1k7816dbpsjjbm3pa6l0qlrxw5hh8z5iwdr8mp1mp5liidhl6bqs";
version = "2.0.0";
sha256 = "1lvizak27qxgggp5xb15s8f504cjgr633889cv2jsr2rn64z4jv5";
};
gitlab =
{
owner = "terraform-providers";
repo = "terraform-provider-gitlab";
version = "1.2.0";
sha256 = "11j84kyw2lsqsn6ya070hx0k6igb3hhjl8zlnr4q3gpmv51y23qc";
version = "1.3.0";
sha256 = "0lh1v20msahcfjc22v7yf1cwinaq0zy2m8f7sl5jfn294j9nbam8";
};
google =
{
owner = "terraform-providers";
repo = "terraform-provider-google";
version = "2.4.0";
sha256 = "153pr01m7clvdq9c09xhvlivagn12nlxhykh1x9yya9ixkg0zrrv";
version = "2.6.0";
sha256 = "0y93hfwhzbk7dl7cw5lw2gwf5hdbc7rs9gh10b39vxgv9jrj4kqv";
};
google-beta =
{
owner = "terraform-providers";
repo = "terraform-provider-google-beta";
version = "2.4.0";
sha256 = "08vbj9m6x0byf7x77a5b5isg0kmlxvc9gswgilzi6djgwg0j6wwd";
version = "2.6.0";
sha256 = "1bm3nrv2pa6mf6l4vn5b0hads7bhp67bnhc5y72yingfky7kva5h";
};
grafana =
{
@ -263,8 +263,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-helm";
version = "0.9.0";
sha256 = "1psqabifb1kabg268ca1x4l79z1xga1pr2sf8x9lrd7z856v18l9";
version = "0.9.1";
sha256 = "189w8zz2fv0qfggzxmppaw8814c7kylgb11m1r9mqii3phsgnlz1";
};
heroku =
{
@ -277,8 +277,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-http";
version = "1.0.1";
sha256 = "1bnqrx4xya3lm5wp4byy6npazll6w1g6bv4rawgncswsgx08zqng";
version = "1.1.1";
sha256 = "0ah4wi9gm5m7z0wyy6vn3baz2iw2sq7ah7q0lb9srwr887aai3x0";
};
huaweicloud =
{
@ -312,8 +312,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-kubernetes";
version = "1.5.2";
sha256 = "0g1f5cbmzrd46abwd0rdyrf8wj8w9bx1251gf4s9z41adrxjy2lp";
version = "1.6.2";
sha256 = "14jql78a1rw1wl97myry29lgmqkcdn44qgmzjrfky958afnkgiig";
};
librato =
{
@ -333,8 +333,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-local";
version = "1.2.1";
sha256 = "1hi2bxa79fbdf2n6z59xdfs7bx8cg7q2l84hrxdh3cqbnb8jvsbr";
version = "1.2.2";
sha256 = "0azrw62clki002nlv7ws3kzfsbqkadm713534i4xgvix2m08d1cx";
};
logentries =
{
@ -389,8 +389,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-ns1";
version = "1.3.0";
sha256 = "1h21a4z7js2iwg0gj217lq4d7wccxhjmi5k37asfj18ch0x37c7v";
version = "1.3.1";
sha256 = "04ibq5dgxqb5lpnvqxg4xkb498w77p2sbjfyy9zj7m5i62xrwg79";
};
nsxt =
{
@ -403,22 +403,22 @@
{
owner = "terraform-providers";
repo = "terraform-provider-null";
version = "2.1.1";
sha256 = "0sw7j2cz9d5207l1v32ahqahmsk1dzzsf83zqivaa5jk3w4bfnjz";
version = "2.1.2";
sha256 = "0di1hxmd3s80sz8hl5q2i425by8fbk15f0r4jmnm6vra0cq89jw2";
};
nutanix =
{
owner = "terraform-providers";
repo = "terraform-provider-nutanix";
version = "1.0.0";
sha256 = "16nky5ryyjvv7vny18ymxvy20ivwmqw7lagnz48pq8mnwwrp5541";
version = "1.0.1";
sha256 = "1g7p6qg32g75x8fgspgxcdsa086mz3yabdgv1k68rykhw3zbri5d";
};
oci =
{
owner = "terraform-providers";
repo = "terraform-provider-oci";
version = "3.23.0-rc1";
sha256 = "11h8na7czj4iqm9z3pd8im06qqp3mng62h8ha5afvz2phv1g096h";
version = "3.24.1";
sha256 = "1yhcxwg3ivrgzasdsf5yq8v6h4j1lprnm881xfm4h1rpq465y1mj";
};
oneandone =
{
@ -431,22 +431,22 @@
{
owner = "terraform-providers";
repo = "terraform-provider-opc";
version = "1.3.3";
sha256 = "1hwbwyhjrs16cy66przs44znni0x3nwfsx18glxbikb2zx1ph93n";
version = "1.3.6";
sha256 = "1b11837j0d8s59pjkankbm3p5l87aw1s17mn2q7nvy65kgzalsra";
};
openstack =
{
owner = "terraform-providers";
repo = "terraform-provider-openstack";
version = "1.17.0";
sha256 = "1a3asmkf3w1ndy5rpyn09msp5l1sm2cdm3ca7cx5v00pjvww9f52";
version = "1.18.0";
sha256 = "05sr6vra4fsrysrz7a77vaa5zklhxf4hl8g029y9l1fln7vdpssg";
};
opentelekomcloud =
{
owner = "terraform-providers";
repo = "terraform-provider-opentelekomcloud";
version = "1.7.0";
sha256 = "15p5xvl6ryj5silpd2yrmjjh0d4qf89v8x6zbq8x7j351a1fljak";
version = "1.8.0";
sha256 = "068ap0sw17xmrfvri1yx70qdi8i5h0qhsm9bakm532xjxlgmaxpv";
};
opsgenie =
{
@ -459,8 +459,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-oraclepaas";
version = "1.5.1";
sha256 = "0xyyhr2n1aw1qn90535llv72cdgdqpni9l4gn8sj0ligpjhba7qz";
version = "1.5.2";
sha256 = "0m886wfg5ski8s1zr7g1h1m6q5ai08jk35ymipxpb6ipx781qvvk";
};
ovh =
{
@ -473,8 +473,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-packet";
version = "1.7.2";
sha256 = "103r0k626ham8wh7rwlx1hald4rik17mv2mcfjz9za65v7z139vr";
version = "2.1.0";
sha256 = "0hj8av0yry0wsi8fwgs0z9x9jxcnxz8imsanbdsrhb8lsj70n25v";
};
pagerduty =
{
@ -529,8 +529,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-random";
version = "2.1.1";
sha256 = "0ivmxacb9pzz7av2rr6jal5vwdv24689a2806nqvvzdy2s8mlzd3";
version = "2.1.2";
sha256 = "102bgd8s9yhm2ny2akv04mhwf5mphqhsxx9vxjbg7ygqnz9ka5nw";
};
rightscale =
{
@ -585,8 +585,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-spotinst";
version = "1.11.0";
sha256 = "10q1w66gbx6863797n6n15xx4llflmavrz2qk23pb8qd5pbni9bk";
version = "1.13.2";
sha256 = "1v3vgnspg3g0hvwzfplyvl37jxpc9m6hcsnmw6lkfqr57dy4dhlc";
};
statuscake =
{
@ -606,15 +606,15 @@
{
owner = "terraform-providers";
repo = "terraform-provider-template";
version = "2.1.1";
sha256 = "182kdkbmnihpawvgfpxavg8vbczizw5mlkwp828ap0baqs09ai8i";
version = "2.1.2";
sha256 = "18w1mmma81m9j7yf6q500w8v9ss28w6sw2ynssl99pyw2gwmd04q";
};
tencentcloud =
{
owner = "terraform-providers";
repo = "terraform-provider-tencentcloud";
version = "1.4.0";
sha256 = "1gqxvd5ss2cg49856nj3srirny1298l3fla506r7v8xf9ybkzpb4";
version = "1.5.0";
sha256 = "04psgirl78klbpzllcvzl510j66jcavxmi9zxnwmmmw128a3dig2";
};
terraform =
{
@ -634,8 +634,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-tls";
version = "1.2.0";
sha256 = "0hvj00j8a820j18yi90xzhd635pkffivp1116d84wyqxya5acd4p";
version = "2.0.1";
sha256 = "08fh4k5fvkijl2ds8mxdc5fxlwhs11y5s48vvxdskklvkjhygzc7";
};
triton =
{
@ -662,8 +662,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-vault";
version = "1.7.0";
sha256 = "133ximk510kchr34zicpnp4da27nxvzab2nd8dqpf4sqg2z83i0y";
version = "1.8.0";
sha256 = "1g9cw14mzslb445yhj04dzs0s4cbhi4cxycd50vc3f9yyg6sz1rr";
};
vcd =
{
@ -683,8 +683,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-yandex";
version = "0.4.1";
sha256 = "0lvj7xlzqc6wfv1xpc4qc1gnk3wvcvnifbf4mqgjglz35cf697bb";
version = "0.5.2";
sha256 = "1fa1jicirww0zxg5kw4343ndzq86x0m7gkfj8yx7l6lb6gcrkbic";
};
matchbox =
{

4
pkgs/applications/networking/cluster/terraform/default.nix
Unescape View File

@ -97,8 +97,8 @@ in rec {
terraform_0_11-full = terraform_0_11.full;
terraform_0_12 = pluggable (generic {
version = "0.12.0-beta1";
sha256 = "0djakf2agbhpfqis4x0lf2i8s1ahvrdyfkcgr6lzp0nsks652rcm";
version = "0.12.0-rc1";
sha256 = "1ap1q5bixkzshnwy8xyfh768qwg3y4pcjzaiajzn2icjf4ay5nqm";
patches = [ ./provider-path.patch ];
passthru = { inherit plugins; };
});

28
pkgs/applications/networking/instant-messengers/chatterino2/default.nix
Unescape View File

@ -0,0 +1,28 @@
{ stdenv, pkgconfig, fetchFromGitHub, qtbase, qtsvg, qtmultimedia, qmake, boost, openssl }:
stdenv.mkDerivation rec {
pname = "chatterino2";
version = "unstable-2019-05-11";
src = fetchFromGitHub {
owner = "fourtf";
repo = pname;
rev = "8c46cbf571dc8fd77287bf3186445ff52b1d1aaf";
sha256 = "0i2385hamhd9i7jdy906cfrd81cybw524j92l87c8pzrkxphignk";
fetchSubmodules = true;
};
nativeBuildInputs = [ qmake pkgconfig ];
buildInputs = [ qtbase qtsvg qtmultimedia boost openssl ];
meta = with stdenv.lib; {
description = "A chat client for Twitch chat";
longDescription = ''
Chatterino is a chat client for Twitch chat. It aims to be an
improved/extended version of the Twitch web chat. Chatterino 2 is
the second installment of the Twitch chat client series
"Chatterino".
'';
homepage = "https://github.com/fourtf/chatterino2";
license = licenses.mit;
platforms = platforms.unix;
maintainers = with maintainers; [ rexim ];
};
}

6
pkgs/applications/networking/instant-messengers/rambox/bare.nix
Unescape View File

@ -3,13 +3,13 @@
stdenv.mkDerivation rec {
name = "rambox-bare-${version}";
version = "0.6.6";
version = "0.6.7";
src = fetchFromGitHub {
owner = "ramboxapp";
repo = "community-edition";
rev = version;
sha256 = "15cy8krzl66b6sfazhff41adq4kf2857sj4h0qvzmadv85dy301v";
sha256 = "1fsp4jxiypl6zkh5wgf9amyiyx9dqv6h8rsjn5xjp9bna27s0d3b";
};
nativeBuildInputs = [ nodejs-8_x ruby sencha ];
@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
inherit src;
nodejs = nodejs-8_x;
sha256 = "0ifk0fzw4zhi4195jlmiq5k57bdmf912372r4bwa4z500wipikq3";
sha256 = "0qsgr8cq81yismal5sqr02skakqpynwwzk5s98dr5bg91y361fgy";
};
patches = [ ./isDev.patch ];

2
pkgs/applications/networking/instant-messengers/riot/riot-desktop-package.json
Unescape View File

@ -2,7 +2,7 @@
"name": "riot-web",
"productName": "Riot",
"main": "src/electron-main.js",
"version": "1.0.8",
"version": "1.1.0",
"description": "A feature-rich client for Matrix.org",
"author": "New Vector Ltd.",
"dependencies": {

4
pkgs/applications/networking/instant-messengers/riot/riot-desktop.nix
Unescape View File

@ -7,12 +7,12 @@ with (import ./yarn2nix.nix { inherit pkgs; });
let
executableName = "riot-desktop";
version = "1.0.8";
version = "1.1.0";
riot-web-src = fetchFromGitHub {
owner = "vector-im";
repo = "riot-web";
rev = "v${version}";
sha256 = "1krp608wxff1siih8zknc425n0qb6qjzf854fnp7qyjp1cnfc9sb";
sha256 = "0h1rr70jg64v824k31mvb93nfssr572xlyicc8yh91bl7hdh342x";
};
in mkYarnPackage rec {

4
pkgs/applications/networking/instant-messengers/riot/riot-web.nix
Unescape View File

@ -6,11 +6,11 @@
let configFile = writeText "riot-config.json" conf; in
stdenv.mkDerivation rec {
name= "riot-web-${version}";
version = "1.0.8";
version = "1.1.0";
src = fetchurl {
url = "https://github.com/vector-im/riot-web/releases/download/v${version}/riot-v${version}.tar.gz";
sha256 = "010m8b4lfnfi70d4v205wk3i4xhnsz7zkrdqrvw3si14xqy6192r";
sha256 = "14ap57hv1c5nh17771l39inpa5yacpyckzqcmjlbrb57illakwrd";
};
installPhase = ''

9
pkgs/applications/networking/instant-messengers/slack/default.nix
Unescape View File

@ -1,7 +1,7 @@
{ darkMode ? false, stdenv, fetchurl, dpkg, makeWrapper
, alsaLib, atk, cairo, cups, curl, dbus, expat, fontconfig, freetype, glib
, gnome2, gtk3, gdk_pixbuf, libnotify, libxcb, nspr, nss, pango
, systemd, xorg, at-spi2-atk }:
{ darkMode ? false, stdenv, fetchurl, dpkg, makeWrapper , alsaLib, atk, cairo,
cups, curl, dbus, expat, fontconfig, freetype, glib , gnome2, gtk3, gdk_pixbuf,
libappindicator-gtk3, libnotify, libxcb, nspr, nss, pango , systemd, xorg,
at-spi2-atk }:
let
@ -25,6 +25,7 @@ let
pango
libnotify
libxcb
libappindicator-gtk3
nspr
nss
stdenv.cc.cc

8
pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix
Unescape View File

@ -4,11 +4,11 @@ let
mkTelegram = args: qt5.callPackage (import ./generic.nix args) { };
stableVersion = {
stable = true;
version = "1.6.7";
sha256Hash = "1537div6pky7wz3lansz67vsx2h6b653cx91xg9sswnxfsf8nrql";
version = "1.7.0";
sha256Hash = "1plfby243hf65wjmppq1qnqmp25pgi4x3awqd4h83ly9hn8qdwfk";
# svn log svn://svn.archlinux.org/community/telegram-desktop/trunk
archPatchesRevision = "429149";
archPatchesHash = "1ylpi9kb6hk27x9wmna4ing8vzn9b7247iya91pyxxrpxrcrhpli";
archPatchesRevision = "464796";
archPatchesHash = "1bq7r69k3i9p1csdsca0w41jyz6fbyn4qriv3lg7s28j9s803kw8";
};
in {
stable = mkTelegram stableVersion;

10
pkgs/applications/networking/mailreaders/notmuch/default.nix
Unescape View File

@ -12,7 +12,7 @@
with stdenv.lib;
stdenv.mkDerivation rec {
version = "0.28.3";
version = "0.28.4"; # not really, git
name = "notmuch-${version}";
passthru = {
@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "https://notmuchmail.org/releases/${name}.tar.gz";
sha256 = "1v0ff6qqwj42p3n6qw30czzqi52nvgf3dn05vd7a03g39a5js8af";
sha256 = "1jjnhs4xs4gksvg0a9qn68rxrj41im5bh58snka2pkj20nxwmcds";
};
nativeBuildInputs = [ pkgconfig ];
@ -52,13 +52,13 @@ stdenv.mkDerivation rec {
--replace '-install_name $(libdir)' "-install_name $out/lib"
'';
configureFlags = [ "--zshcompletiondir=$(out)/share/zsh/site-functions" ];
configureFlags = [ "--zshcompletiondir=${placeholder "out"}/share/zsh/site-functions" ];
# Notmuch doesn't use autoconf and consequently doesn't tag --bindir and
# friends
setOutputFlags = false;
enableParallelBuilding = true;
makeFlags = "V=1";
makeFlags = [ "V=1" ];
preCheck = let
test-database = fetchurl {
@ -75,7 +75,7 @@ stdenv.mkDerivation rec {
gdb man
];
installTargets = "install install-man";
installTargets = [ "install" "install-man" ];
dontGzipMan = true; # already compressed

4
pkgs/applications/networking/p2p/qbittorrent/default.nix
Unescape View File

@ -10,13 +10,13 @@ with stdenv.lib;
stdenv.mkDerivation rec {
name = "qbittorrent-${version}";
version = "4.1.5";
version = "4.1.6";
src = fetchFromGitHub {
owner = "qbittorrent";
repo = "qbittorrent";
rev = "release-${version}";
sha256 = "09zcygaxfv9g6av0vsvlyzv4v65wvj766xyfx31yz5ig3xan6ak1";
sha256 = "1y9kv84sy5fg64wbl4xpm8qh0hjba7ibk045cazp0m736rjmxk8c";
};
# NOTE: 2018-05-31: CMake is working but it is not officially supported

4
pkgs/applications/networking/p2p/tixati/default.nix
Unescape View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "tixati-${version}";
version = "2.59";
version = "2.61";
src = fetchurl {
url = "https://download2.tixati.com/download/tixati-${version}-1.x86_64.manualinstall.tar.gz";
sha256 = "0vf5y9kj2g7psgdzv2r46jdh5krdps838ca4wwwxi0dd1mwa65my";
sha256 = "05f8lcsac2mr90bhk999qkj8wwd6igdl07389bqrd1ydjasacl2k";
};
installPhase = ''

6
pkgs/applications/networking/sniffers/wireshark/default.nix
Unescape View File

@ -14,7 +14,8 @@ let
variant = if withQt then "qt" else "cli";
in stdenv.mkDerivation {
name = "wireshark-${variant}-${version}";
pname = "wireshark-${variant}";
inherit version;
outputs = [ "out" "dev" ];
src = fetchurl {
@ -24,7 +25,6 @@ in stdenv.mkDerivation {
cmakeFlags = [
"-DBUILD_wireshark=${if withQt then "ON" else "OFF"}"
"-DENABLE_QT5=${if withQt then "ON" else "OFF"}"
"-DENABLE_APPLICATION_BUNDLE=${if withQt && stdenv.isDarwin then "ON" else "OFF"}"
];
@ -95,6 +95,8 @@ in stdenv.mkDerivation {
enableParallelBuilding = true;
dontFixCmake = true;
shellHook = ''
# to be able to run the resulting binary
export WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1

4
pkgs/applications/networking/syncthing/default.nix
Unescape View File

@ -3,14 +3,14 @@
let
common = { stname, target, postInstall ? "" }:
buildGoPackage rec {
version = "1.1.1";
version = "1.1.3";
name = "${stname}-${version}";
src = fetchFromGitHub {
owner = "syncthing";
repo = "syncthing";
rev = "v${version}";
sha256 = "1nkc4ivc8mg9c1njqlkhb9i5f4c1via1rdqfbhwgkj86s6cnxrg7";
sha256 = "00jshqa0nkwj06bfq16p359ss6nl6h49s31hag79wl9gwkca38va";
};
goPackagePath = "github.com/syncthing/syncthing";

15
pkgs/applications/networking/vnstat/default.nix
Unescape View File

@ -1,20 +1,25 @@
{ stdenv, fetchurl, gd, ncurses, sqlite }:
{ stdenv, fetchurl, pkgconfig, gd, ncurses, sqlite, check }:
stdenv.mkDerivation rec {
name = "vnstat-${version}";
pname = "vnstat";
version = "2.2";
src = fetchurl {
sha256 = "0b7020rlc568pz6vkiy28kl8493z88wzrn18wv9b0iq2bv1pn2n6";
url = "https://humdi.net/vnstat/${name}.tar.gz";
url = "https://humdi.net/${pname}/${pname}-${version}.tar.gz";
};
buildInputs = [ gd ncurses sqlite ];
postPatch = ''
substituteInPlace src/cfg.c --replace /usr/local $out
'';
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ gd ncurses sqlite ];
checkInputs = [ check ];
doCheck = true;
meta = with stdenv.lib; {
description = "Console-based network statistics utility for Linux";
longDescription = ''

Some files were not shown because too many files have changed in this diff Show More

Write Preview
Loading…
Cancel
Save