diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 73242f22b0dc208..1bdeb126fc36e08 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -160,6 +160,7 @@ ./programs/darling.nix ./programs/dconf.nix ./programs/digitalbitbox/default.nix + ./programs/direnv.nix ./programs/dmrconfig.nix ./programs/droidcam.nix ./programs/environment.nix diff --git a/nixos/modules/programs/direnv.nix b/nixos/modules/programs/direnv.nix new file mode 100644 index 000000000000000..53717fae11a02fc --- /dev/null +++ b/nixos/modules/programs/direnv.nix @@ -0,0 +1,147 @@ +{ + lib, + config, + pkgs, + ... +}: let + cfg = config.programs.direnv; +in { + options.programs.direnv = { + + enable = lib.mkEnableOption (lib.mdDoc '' + direnv integration. Takes care of both installation and + setting up the sourcing of the shell. Additionally enables nix-direnv + integration. Note that you need to logout and login for this change to apply. + ''); + + package = lib.mkPackageOptionMD pkgs "direnv" {}; + + direnvrcExtra = lib.mkOption { + type = lib.types.lines; + default = ""; + example = '' + export FOO="foo" + echo "loaded direnv!" + ''; + description = lib.mdDoc '' + Extra lines to append to the sourced direnvrc + ''; + }; + + silent = lib.mkEnableOption (lib.mdDoc '' + the hiding of direnv logging + ''); + + persistDerivations = + (lib.mkEnableOption (lib.mdDoc '' + setting keep-derivations and keep-outputs to true + to prevent shells from getting garbage collected + '')) + // { + default = true; + }; + + loadInNixShell = + lib.mkEnableOption (lib.mdDoc '' + loading direnv in `nix-shell` `nix shell` or `nix develop` + '') + // { + default = true; + }; + + nix-direnv = { + enable = + (lib.mkEnableOption (lib.mdDoc '' + a faster, persistent implementation of use_nix and use_flake, to replace the built-in one + '')) + // { + default = true; + }; + + package = lib.mkPackageOptionMD pkgs "nix-direnv" {}; + }; + }; + + config = lib.mkIf cfg.enable { + + programs = { + zsh.interactiveShellInit = '' + if ${lib.boolToString cfg.loadInNixShell} || printenv PATH | grep -vqc '/nix/store'; then + eval "$(${lib.getExe cfg.package} hook zsh)" + fi + ''; + + #$NIX_GCROOT for "nix develop" https://github.com/NixOS/nix/blob/6db66ebfc55769edd0c6bc70fcbd76246d4d26e0/src/nix/develop.cc#L530 + #$IN_NIX_SHELL for "nix-shell" + bash.interactiveShellInit = '' + if ${lib.boolToString cfg.loadInNixShell} || [ -z "$IN_NIX_SHELL$NIX_GCROOT$(printenv PATH | grep '/nix/store')" ] ; then + eval "$(${lib.getExe cfg.package} hook bash)" + fi + ''; + + fish.interactiveShellInit = '' + if ${lib.boolToString cfg.loadInNixShell}; + or printenv PATH | grep -vqc '/nix/store'; + ${lib.getExe cfg.package} hook fish | source + end + ''; + }; + + nix.settings = lib.mkIf cfg.persistDerivations { + keep-outputs = true; + keep-derivations = true; + }; + + environment = { + systemPackages = + if cfg.loadInNixShell then [cfg.package] + else [ + #direnv has a fish library which sources direnv for some reason + (cfg.package.overrideAttrs (old: { + installPhase = + (old.installPhase or "") + + '' + rm -rf $out/share/fish + ''; + })) + ]; + + variables = { + DIRENV_CONFIG = "/etc/direnv"; + DIRENV_LOG_FORMAT = lib.mkIf cfg.silent ""; + }; + + etc = { + "direnv/direnvrc".text = '' + ${lib.optionalString cfg.nix-direnv.enable '' + #Load nix-direnv + source ${cfg.nix-direnv.package}/share/nix-direnv/direnvrc + ''} + + #Load direnvrcExtra + ${cfg.direnvrcExtra} + + #Load user-configuration if present (~/.direnvrc or ~/.config/direnv/direnvrc) + direnv_config_dir_home="''${DIRENV_CONFIG_HOME:-''${XDG_CONFIG_HOME:-$HOME/.config}/direnv}" + if [[ -f $direnv_config_dir_home/direnvrc ]]; then + source "$direnv_config_dir_home/direnvrc" >&2 + elif [[ -f $HOME/.direnvrc ]]; then + source "$HOME/.direnvrc" >&2 + fi + + unset direnv_config_dir_home + ''; + + "direnv/lib/zz-user.sh".text = '' + direnv_config_dir_home="''${DIRENV_CONFIG_HOME:-''${XDG_CONFIG_HOME:-$HOME/.config}/direnv}" + + for lib in "$direnv_config_dir_home/lib/"*.sh; do + source "$lib" + done + + unset direnv_config_dir_home + ''; + }; + }; + }; +} diff --git a/nixos/modules/services/misc/nitter.nix b/nixos/modules/services/misc/nitter.nix index 9336dbe38f34832..77f5459d117cc5c 100644 --- a/nixos/modules/services/misc/nitter.nix +++ b/nixos/modules/services/misc/nitter.nix @@ -334,7 +334,8 @@ in systemd.services.nitter = { description = "Nitter (An alternative Twitter front-end)"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; serviceConfig = { DynamicUser = true; StateDirectory = "nitter"; diff --git a/nixos/modules/services/security/usbguard.nix b/nixos/modules/services/security/usbguard.nix index 651f5255ac8342a..9b158bb9d18c0ae 100644 --- a/nixos/modules/services/security/usbguard.nix +++ b/nixos/modules/services/security/usbguard.nix @@ -15,7 +15,7 @@ let daemonConf = '' # generated by nixos/modules/services/security/usbguard.nix RuleFile=${ruleFile} - ImplicitPolicyTarget=${cfg.implictPolicyTarget} + ImplicitPolicyTarget=${cfg.implicitPolicyTarget} PresentDevicePolicy=${cfg.presentDevicePolicy} PresentControllerPolicy=${cfg.presentControllerPolicy} InsertedDevicePolicy=${cfg.insertedDevicePolicy} @@ -73,7 +73,7 @@ in ''; }; - implictPolicyTarget = mkOption { + implicitPolicyTarget = mkOption { type = policy; default = "block"; description = lib.mdDoc '' @@ -251,5 +251,6 @@ in (mkRemovedOptionModule [ "services" "usbguard" "ruleFile" ] "The usbguard module now uses ${defaultRuleFile} as ruleFile. Alternatively, use services.usbguard.rules to configure rules.") (mkRemovedOptionModule [ "services" "usbguard" "IPCAccessControlFiles" ] "The usbguard module now hardcodes IPCAccessControlFiles to /var/lib/usbguard/IPCAccessControl.d.") (mkRemovedOptionModule [ "services" "usbguard" "auditFilePath" ] "Removed usbguard module audit log files. Audit logs can be found in the systemd journal.") + (mkRenamedOptionModule [ "services" "usbguard" "implictPolicyTarget" ] [ "services" "usbguard" "implicitPolicyTarget" ]) ]; } diff --git a/pkgs/applications/audio/mympd/default.nix b/pkgs/applications/audio/mympd/default.nix index 06d241988864dde..5d2030b6385bcc7 100644 --- a/pkgs/applications/audio/mympd/default.nix +++ b/pkgs/applications/audio/mympd/default.nix @@ -51,8 +51,12 @@ stdenv.mkDerivation rec { # similarly here "-DCMAKE_INSTALL_LOCALSTATEDIR=/var/lib/mympd" ]; - # See https://github.com/jcorporation/myMPD/issues/315 - hardeningDisable = [ "strictoverflow" ]; + hardeningDisable = [ + # See https://github.com/jcorporation/myMPD/issues/315 + "strictoverflow" + # causes redefinition of _FORTIFY_SOURCE + "fortify3" + ]; meta = { homepage = "https://jcorporation.github.io/myMPD"; diff --git a/pkgs/applications/audio/open-stage-control/default.nix b/pkgs/applications/audio/open-stage-control/default.nix index 8906d40b3c83461..5524c9a536090f8 100644 --- a/pkgs/applications/audio/open-stage-control/default.nix +++ b/pkgs/applications/audio/open-stage-control/default.nix @@ -2,13 +2,13 @@ buildNpmPackage rec { pname = "open-stage-control"; - version = "1.25.1"; + version = "1.25.2"; src = fetchFromGitHub { owner = "jean-emmanuel"; repo = "open-stage-control"; rev = "v${version}"; - hash = "sha256-mbd+fknSzokFt5dPlZrZIpDox/NzMbvyFp2fNPelv3c="; + hash = "sha256-7D3C1W2Y7FJnLxbXKXFFPDf+EXhLgPEj0APc2ZFYUlM="; }; # Remove some Electron stuff from package.json diff --git a/pkgs/applications/editors/jetbrains/update_ides.py b/pkgs/applications/editors/jetbrains/update_ides.py index fe57f75c72e138a..82ba7986f9a8c71 100755 --- a/pkgs/applications/editors/jetbrains/update_ides.py +++ b/pkgs/applications/editors/jetbrains/update_ides.py @@ -4,12 +4,14 @@ import pathlib import logging import requests +import subprocess import sys import xmltodict from packaging import version updates_url = "https://www.jetbrains.com/updates/updates.xml" -versions_file_path = pathlib.Path(__file__).parent.joinpath("versions.json").resolve() +current_path = pathlib.Path(__file__).parent +versions_file_path = current_path.joinpath("versions.json").resolve() logging.basicConfig(stream=sys.stdout, level=logging.DEBUG) @@ -98,3 +100,7 @@ def update_products(products): with open(versions_file_path, "w") as versions_file: json.dump(versions, versions_file, indent=2) versions_file.write("\n") + +logging.info("#### Updating plugins ####") +plugin_script = current_path.joinpath("plugins/update_plugins.py").resolve() +subprocess.call(plugin_script) diff --git a/pkgs/applications/emulators/duckstation/default.nix b/pkgs/applications/emulators/duckstation/default.nix index e2ee1f9089fba07..87470f5614132c9 100644 --- a/pkgs/applications/emulators/duckstation/default.nix +++ b/pkgs/applications/emulators/duckstation/default.nix @@ -107,6 +107,7 @@ stdenv.mkDerivation { homepage = "https://github.com/stenzek/duckstation"; description = "Fast PlayStation 1 emulator for x86-64/AArch32/AArch64"; license = licenses.gpl3Only; + mainProgram = "duckstation-qt"; maintainers = with maintainers; [ guibou AndersonTorres ]; platforms = platforms.linux; }; diff --git a/pkgs/applications/misc/klayout/default.nix b/pkgs/applications/misc/klayout/default.nix index a3166862f27dcf4..9a535dfa8b52543 100644 --- a/pkgs/applications/misc/klayout/default.nix +++ b/pkgs/applications/misc/klayout/default.nix @@ -5,13 +5,13 @@ mkDerivation rec { pname = "klayout"; - version = "0.28.9-2"; + version = "0.28.10"; src = fetchFromGitHub { owner = "KLayout"; repo = "klayout"; rev = "v${version}"; - hash = "sha256-yBBzJceYHuqYhYvZHpL22uFsOz1TKZFwdzuUQOC4wQw="; + hash = "sha256-CDaLKBDm4slUMZ8OWm/wNub4P8LY26P8G8oIxwzJyXY="; }; postPatch = '' diff --git a/pkgs/applications/misc/upwork/default.nix b/pkgs/applications/misc/upwork/default.nix index 012285064d2dac3..2c36b3411cdda83 100644 --- a/pkgs/applications/misc/upwork/default.nix +++ b/pkgs/applications/misc/upwork/default.nix @@ -6,12 +6,12 @@ stdenv.mkDerivation rec { pname = "upwork"; - version = "5.8.0.24"; + version = "5.8.0.31"; src = requireFile { name = "${pname}_${version}_amd64.deb"; url = "https://www.upwork.com/ab/downloads/os/linux/"; - sha256 = "sha256-9X1U/ImI8GfCiYLpLD+jICYAYsAr1NJLlOMvecXK7hc="; + sha256 = "sha256-tQV6v0U6xxqBl7nQaBhXSrc9iv+7SPHfABTiJJQDnPI="; }; nativeBuildInputs = [ @@ -31,8 +31,6 @@ stdenv.mkDerivation rec { libPath = lib.makeLibraryPath buildInputs; dontWrapGApps = true; - dontBuild = true; - dontConfigure = true; unpackPhase = '' dpkg-deb -x ${src} ./ diff --git a/pkgs/applications/networking/cluster/kluctl/default.nix b/pkgs/applications/networking/cluster/kluctl/default.nix index cf053a62621ba90..0dff89cad4b0539 100644 --- a/pkgs/applications/networking/cluster/kluctl/default.nix +++ b/pkgs/applications/networking/cluster/kluctl/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "kluctl"; - version = "2.20.7"; + version = "2.20.8"; src = fetchFromGitHub { owner = "kluctl"; repo = "kluctl"; rev = "v${version}"; - hash = "sha256-NcvPo+6f2EYhitzOl2VPz8MtFIsYBuOA7EJnD4TJdmI="; + hash = "sha256-F4vEHzN44+d0EtfJukEq5WVm8aLVWqmT5Xcpa/DBPng="; }; vendorHash = "sha256-x5Zy8H7DzxU+uBCUL6edv8x2LwiIjXl5UrRUMDtUEk8="; diff --git a/pkgs/applications/networking/instant-messengers/viber/default.nix b/pkgs/applications/networking/instant-messengers/viber/default.nix index 521e24360083b34..884bd0942db1ab5 100644 --- a/pkgs/applications/networking/instant-messengers/viber/default.nix +++ b/pkgs/applications/networking/instant-messengers/viber/default.nix @@ -80,6 +80,7 @@ stdenv.mkDerivation { # qt.conf is not working, so override everything using environment variables wrapProgram $out/opt/viber/Viber \ + --set QT_QPA_PLATFORM "xcb" \ --set QT_PLUGIN_PATH "$out/opt/viber/plugins" \ --set QT_XKB_CONFIG_ROOT "${xorg.xkeyboardconfig}/share/X11/xkb" \ --set QTCOMPOSE "${xorg.libX11.out}/share/X11/locale" \ diff --git a/pkgs/applications/networking/nextcloud-client/default.nix b/pkgs/applications/networking/nextcloud-client/default.nix index 322f97f48031f29..820bfa8b4efe94d 100644 --- a/pkgs/applications/networking/nextcloud-client/default.nix +++ b/pkgs/applications/networking/nextcloud-client/default.nix @@ -87,6 +87,9 @@ mkDerivation rec { "-DNO_SHIBBOLETH=1" # allows to compile without qtwebkit ]; + # causes redefinition of _FORTIFY_SOURCE + hardeningDisable = [ "fortify3" ]; + postBuild = '' make doc-man ''; diff --git a/pkgs/applications/networking/p2p/rqbit/default.nix b/pkgs/applications/networking/p2p/rqbit/default.nix index f8b151ac339ad6a..a60b3e9ddf79c7f 100644 --- a/pkgs/applications/networking/p2p/rqbit/default.nix +++ b/pkgs/applications/networking/p2p/rqbit/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "rqbit"; - version = "2.2.0"; + version = "2.2.1"; src = fetchFromGitHub { owner = "ikatson"; repo = "rqbit"; rev = "v${version}"; - hash = "sha256-RF/3eICbqYXSuOWTvRBImiLPWIh4Oip37S5gqoSmDzE="; + hash = "sha256-7n+T+y60RjmZC7bE96Ljg0xVg4bSzV/LFgezTld4zfI="; }; - cargoHash = "sha256-wawlqnPYCLEkR9XpTQRZqG+wsqN/Nd5Q1IXpE6ikmY4="; + cargoHash = "sha256-hcuZ4hqGJT/O7vFefKPGZlkqhdsAl5LGAcSRQAEopnM="; nativeBuildInputs = lib.optionals stdenv.isLinux [ pkg-config ]; diff --git a/pkgs/applications/office/libreoffice/darwin/default.nix b/pkgs/applications/office/libreoffice/darwin/default.nix index eb5097a1b0e3e64..815eb78144d5712 100644 --- a/pkgs/applications/office/libreoffice/darwin/default.nix +++ b/pkgs/applications/office/libreoffice/darwin/default.nix @@ -9,21 +9,21 @@ let appName = "LibreOffice.app"; scriptName = "soffice"; - version = "7.4.3"; + version = "7.4.7"; dist = { aarch64-darwin = rec { arch = "aarch64"; archSuffix = arch; url = "https://download.documentfoundation.org/libreoffice/stable/${version}/mac/${arch}/LibreOffice_${version}_MacOS_${archSuffix}.dmg"; - sha256 = "cf95f9ecd4451d27e8304cea3ba116675267bdf75f08fbb60e0d8917f86edc04"; + sha256 = "d02513c6a58f35cb0da6880f76be3f4b3a620daaa9ce5c244d6efc40ed26a273"; }; x86_64-darwin = rec { arch = "x86_64"; archSuffix = "x86-64"; url = "https://download.documentfoundation.org/libreoffice/stable/${version}/mac/${arch}/LibreOffice_${version}_MacOS_${archSuffix}.dmg"; - sha256 = "fe569ba23bb74eb3e86974537dd80e504debe5fd8526a00edbad6be4da18986a"; + sha256 = "c8ae0cbaa043b30718a4ac0ca93369e887fe6a46bb3618cea054bffaafd8b8e2"; }; }; in diff --git a/pkgs/applications/office/qpdfview/default.nix b/pkgs/applications/office/qpdfview/default.nix index 6cc26c95a05b54f..dd966433acfb52e 100644 --- a/pkgs/applications/office/qpdfview/default.nix +++ b/pkgs/applications/office/qpdfview/default.nix @@ -52,6 +52,11 @@ mkDerivation rec { "APPDATA_INSTALL_PATH=${placeholder "out"}/share/appdata" ]; + env = { + # Fix build due to missing `std::option`. + NIX_CFLAGS_COMPILE = "-std=c++17"; + }; + meta = with lib; { description = "A tabbed document viewer"; license = licenses.gpl2Plus; diff --git a/pkgs/applications/science/misc/root/5.nix b/pkgs/applications/science/misc/root/5.nix index ef7037eea3adca8..4a8411cd34f9855 100644 --- a/pkgs/applications/science/misc/root/5.nix +++ b/pkgs/applications/science/misc/root/5.nix @@ -66,6 +66,9 @@ stdenv.mkDerivation rec { }) ]; + # https://github.com/root-project/root/issues/13216 + hardeningDisable = [ "fortify3" ]; + preConfigure = '' # binutils 2.37 fixes fixupList=( diff --git a/pkgs/applications/virtualization/singularity/generic.nix b/pkgs/applications/virtualization/singularity/generic.nix index ab9f1d1ce710ae5..8da3610ac065b2b 100644 --- a/pkgs/applications/virtualization/singularity/generic.nix +++ b/pkgs/applications/virtualization/singularity/generic.nix @@ -149,6 +149,9 @@ in ++ extraConfigureFlags ; + # causes redefinition of _FORTIFY_SOURCE + hardeningDisable = [ "fortify3" ]; + # Packages to prefix to the Apptainer/Singularity container runtime default PATH # Use overrideAttrs to override defaultPathInputs = [ diff --git a/pkgs/applications/window-managers/hyprwm/hyprland/default.nix b/pkgs/applications/window-managers/hyprwm/hyprland/default.nix index cb3934e823abf20..b6af6a34151cacd 100644 --- a/pkgs/applications/window-managers/hyprwm/hyprland/default.nix +++ b/pkgs/applications/window-managers/hyprwm/hyprland/default.nix @@ -38,18 +38,20 @@ in assert assertXWayland; stdenv.mkDerivation (finalAttrs: { pname = "hyprland" + lib.optionalString debug "-debug"; - version = "0.26.0"; + version = "0.27.0"; src = fetchFromGitHub { owner = "hyprwm"; repo = finalAttrs.pname; rev = "v${finalAttrs.version}"; - hash = "sha256-LPih0Q//p8IurXG9kGRVGAqV4AUKVYj9xkk3sYYAj6I="; + hash = "sha256-mEKF6Wcx+wSF/eos/91A7LxhFLDYhSnQnLpwZF13ntg="; }; patches = [ # make meson use the provided dependencies instead of the git submodules "${finalAttrs.src}/nix/meson-build.patch" + # look into $XDG_DESKTOP_PORTAL_DIR instead of /usr; runtime checks for conflicting portals + "${finalAttrs.src}/nix/portals.patch" ]; postPatch = '' diff --git a/pkgs/applications/window-managers/hyprwm/hyprland/wlroots.nix b/pkgs/applications/window-managers/hyprwm/hyprland/wlroots.nix index 75502800dd71c92..e1d6bfc7e516ffa 100644 --- a/pkgs/applications/window-managers/hyprwm/hyprland/wlroots.nix +++ b/pkgs/applications/window-managers/hyprwm/hyprland/wlroots.nix @@ -49,8 +49,8 @@ assert (lib.assertMsg (hidpiXWayland -> enableXWayland) '' domain = "gitlab.freedesktop.org"; owner = "wlroots"; repo = "wlroots"; - rev = "6830bfc17fd94709e2cdd4da0af989f102a26e59"; - hash = "sha256-GGEjkQO9m7YLYIXIXM76HWdhjg4Ye+oafOtyaFAYKI4="; + rev = "7e7633abf09b362d0bad9e3fc650fd692369291d"; + hash = "sha256-KovjVFwcuoUO0eu/UiWrnD3+m/K+SHSAVIz4xF9K1XA="; }; pname = diff --git a/pkgs/development/compilers/erg/default.nix b/pkgs/development/compilers/erg/default.nix index 4385de7e10fcf9a..4b6b1423100e780 100644 --- a/pkgs/development/compilers/erg/default.nix +++ b/pkgs/development/compilers/erg/default.nix @@ -4,20 +4,21 @@ , makeWrapper , python3 , which +, stdenv }: rustPlatform.buildRustPackage rec { pname = "erg"; - version = "0.6.15"; + version = "0.6.16"; src = fetchFromGitHub { owner = "erg-lang"; repo = "erg"; rev = "v${version}"; - hash = "sha256-nADppxyIwvugnMR4d99NhK5wrhuShdKYgBu49dRPxtQ="; + hash = "sha256-HBi9QDSrAkBORswoNXDGZaABQYFDQGC8WKdzhk4KKhw="; }; - cargoHash = "sha256-El90KhNf+UrEIE3xlJwTRgCWsXiDIrBHHnPWdvWvoG8="; + cargoHash = "sha256-YQYyH+iypORcAEyVhHqYw0aHi1QtCgNuwyg/SnmGVIE="; nativeBuildInputs = [ makeWrapper @@ -29,6 +30,7 @@ rustPlatform.buildRustPackage rec { env = { BUILD_DATE = "1970/01/01 00:00:00"; + CASE_SENSITIVE = lib.boolToString (!stdenv.isDarwin); GIT_HASH_SHORT = src.rev; }; diff --git a/pkgs/development/compilers/intel-graphics-compiler/default.nix b/pkgs/development/compilers/intel-graphics-compiler/default.nix index b5a5f0671ab8609..d2093ccb6c68e17 100644 --- a/pkgs/development/compilers/intel-graphics-compiler/default.nix +++ b/pkgs/development/compilers/intel-graphics-compiler/default.nix @@ -86,6 +86,9 @@ stdenv.mkDerivation rec { "-DIGC_PREFERRED_LLVM_VERSION=${lib.getVersion llvm}" ]; + # causes redefinition of _FORTIFY_SOURCE + hardeningDisable = [ "fortify3" ]; + meta = with lib; { homepage = "https://github.com/intel/intel-graphics-compiler"; description = "LLVM-based compiler for OpenCL targeting Intel Gen graphics hardware"; diff --git a/pkgs/development/compilers/jasmin-compiler/default.nix b/pkgs/development/compilers/jasmin-compiler/default.nix index 913b927834fa866..9f539f6981824a8 100644 --- a/pkgs/development/compilers/jasmin-compiler/default.nix +++ b/pkgs/development/compilers/jasmin-compiler/default.nix @@ -11,6 +11,12 @@ stdenv.mkDerivation rec { sourceRoot = "jasmin-compiler-v${version}/compiler"; + # Released tarball contains extraneous `dune` files + # See https://github.com/jasmin-lang/jasmin/pull/495 + preBuild = '' + rm -rf tests + ''; + nativeBuildInputs = with ocamlPackages; [ ocaml findlib dune_3 menhir camlidl cmdliner ]; buildInputs = [ @@ -18,21 +24,23 @@ stdenv.mkDerivation rec { ppl ] ++ (with ocamlPackages; [ apron + yojson + ]); + + propagatedBuildInputs = with ocamlPackages; [ batteries menhirLib - yojson zarith - ]); + ]; + + outputs = [ "bin" "lib" "out" ]; installPhase = '' runHook preInstall - mkdir -p $out/bin - for p in jasminc jazz2tex - do - cp _build/default/entry/$p.exe $out/bin/$p - done - mkdir -p $out/lib/jasmin/easycrypt - cp ../eclib/*.ec $out/lib/jasmin/easycrypt + dune build @install + dune install --prefix=$bin --libdir=$out/lib/ocaml/${ocamlPackages.ocaml.version}/site-lib + mkdir -p $lib/lib/jasmin/easycrypt + cp ../eclib/*.ec $lib/lib/jasmin/easycrypt runHook postInstall ''; diff --git a/pkgs/development/compilers/osl/default.nix b/pkgs/development/compilers/osl/default.nix index dd993f1cfd57c44..090cedb424b9914 100644 --- a/pkgs/development/compilers/osl/default.nix +++ b/pkgs/development/compilers/osl/default.nix @@ -4,6 +4,7 @@ , cmake , clang , libclang +, libxml2 , zlib , openexr , openimageio @@ -67,6 +68,8 @@ in stdenv.mkDerivation rec { python3.pkgs.pybind11 util-linux # needed just for hexdump zlib + ] ++ lib.optionals stdenv.isDarwin [ + libxml2 ]; postFixup = '' @@ -79,6 +82,6 @@ in stdenv.mkDerivation rec { homepage = "https://opensource.imageworks.com/osl.html"; maintainers = with maintainers; [ hodapp ]; license = licenses.bsd3; - platforms = platforms.linux; + platforms = platforms.unix; }; } diff --git a/pkgs/development/interpreters/ruby/rubygems/default.nix b/pkgs/development/interpreters/ruby/rubygems/default.nix index 35a09019d2b1efc..54293b376883f40 100644 --- a/pkgs/development/interpreters/ruby/rubygems/default.nix +++ b/pkgs/development/interpreters/ruby/rubygems/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "rubygems"; - version = "3.4.15"; + version = "3.4.16"; src = fetchurl { url = "https://rubygems.org/rubygems/rubygems-${version}.tgz"; - hash = "sha256-OCjoZbz3En8ERq41T+bykHeoKkOGvMVVDX21kKYypKw="; + hash = "sha256-T58wDLMOCPPwoPuXdZvpXeF7yERXvW1lPxVqe8zFs6M="; }; patches = [ diff --git a/pkgs/development/libraries/gvm-libs/default.nix b/pkgs/development/libraries/gvm-libs/default.nix index 6d09784427028cb..5d676de5c4817f4 100644 --- a/pkgs/development/libraries/gvm-libs/default.nix +++ b/pkgs/development/libraries/gvm-libs/default.nix @@ -60,6 +60,9 @@ stdenv.mkDerivation rec { "-DGVM_RUN_DIR=${placeholder "out"}/run/gvm" ]; + # causes redefinition of _FORTIFY_SOURCE + hardeningDisable = [ "fortify3" ]; + meta = with lib; { description = "Libraries module for the Greenbone Vulnerability Management Solution"; homepage = "https://github.com/greenbone/gvm-libs"; diff --git a/pkgs/development/libraries/libei/default.nix b/pkgs/development/libraries/libei/default.nix index 0aa4cc544a5d834..4aa512e3eabdfbf 100644 --- a/pkgs/development/libraries/libei/default.nix +++ b/pkgs/development/libraries/libei/default.nix @@ -24,14 +24,14 @@ let in stdenv.mkDerivation rec { pname = "libei"; - version = "0.99.2"; + version = "1.0.0"; src = fetchFromGitLab { domain = "gitlab.freedesktop.org"; owner = "libinput"; repo = "libei"; rev = version; - hash = "sha256-hxWWOvqenHHnzrvRwSwNT1GFVx9NR+Mm1XK9nisF8fA="; + hash = "sha256-Xt4mhZMAohdQWsqfZCaP3+Tsauxv3GhlceiqgxdfNWo="; }; buildInputs = [ diff --git a/pkgs/development/libraries/linbox/default.nix b/pkgs/development/libraries/linbox/default.nix index 0f650e7474ff4c5..6367b93b1a213fb 100644 --- a/pkgs/development/libraries/linbox/default.nix +++ b/pkgs/development/libraries/linbox/default.nix @@ -52,6 +52,9 @@ stdenv.mkDerivation rec { "--enable-sage" ]; + # https://github.com/linbox-team/linbox/issues/304 + hardeningDisable = [ "fortify3" ]; + doCheck = true; enableParallelBuilding = true; diff --git a/pkgs/development/php-packages/datadog_trace/default.nix b/pkgs/development/php-packages/datadog_trace/default.nix index c7f39424008ac4d..98280a8dab31632 100644 --- a/pkgs/development/php-packages/datadog_trace/default.nix +++ b/pkgs/development/php-packages/datadog_trace/default.nix @@ -35,11 +35,18 @@ buildPecl rec { nativeBuildInputs = [ cargo rustc + ] ++ lib.optionals stdenv.isLinux [ + rustPlatform.bindgenHook + rustPlatform.cargoSetupHook + ] ++ lib.optionals stdenv.isDarwin [ darwin.apple_sdk_11_0.rustPlatform.bindgenHook darwin.apple_sdk_11_0.rustPlatform.cargoSetupHook ]; - buildInputs = [ curl pcre2 ] ++ lib.optionals stdenv.isDarwin [ + buildInputs = [ + curl + pcre2 + ] ++ lib.optionals stdenv.isDarwin [ darwin.apple_sdk_11_0.frameworks.CoreFoundation darwin.apple_sdk_11_0.frameworks.Security darwin.apple_sdk_11_0.Libsystem diff --git a/pkgs/development/python-modules/django-stubs-ext/default.nix b/pkgs/development/python-modules/django-stubs-ext/default.nix index c5ea30c14560838..a3bbfd91b0d8c00 100644 --- a/pkgs/development/python-modules/django-stubs-ext/default.nix +++ b/pkgs/development/python-modules/django-stubs-ext/default.nix @@ -9,14 +9,14 @@ buildPythonPackage rec { pname = "django-stubs-ext"; - version = "4.2.1"; + version = "4.2.2"; format = "setuptools"; disabled = pythonOlder "3.8"; src = fetchPypi { inherit pname version; - hash = "sha256-JpbW99hTg0GwYM/6lWXHLqeX6GZofgQLhtKcrYeZ5f4="; + hash = "sha256-xp0cxG8cTDt4lLaFpQIsKbKjbHz7UuI3YurzV+v8LJg="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/libretranslate/default.nix b/pkgs/development/python-modules/libretranslate/default.nix index 61dab6b8e730801..12e33f45895f6ac 100644 --- a/pkgs/development/python-modules/libretranslate/default.nix +++ b/pkgs/development/python-modules/libretranslate/default.nix @@ -21,6 +21,7 @@ , redis , prometheus-client , polib +, python }: buildPythonPackage rec { @@ -69,7 +70,7 @@ buildPythonPackage rec { postInstall = '' # expose static files to be able to serve them via web-server mkdir -p $out/share/libretranslate - ln -s $out/lib/python*/site-packages/libretranslate/static $out/share/libretranslate/static + ln -s $out/${python.sitePackages}/libretranslate/static $out/share/libretranslate/static ''; doCheck = false; # needs network access diff --git a/pkgs/development/python-modules/mf2py/default.nix b/pkgs/development/python-modules/mf2py/default.nix index 7990ee73086855d..b39989bf322e940 100644 --- a/pkgs/development/python-modules/mf2py/default.nix +++ b/pkgs/development/python-modules/mf2py/default.nix @@ -11,13 +11,13 @@ buildPythonPackage rec { pname = "mf2py"; - version = "1.1.2"; + version = "1.1.3"; src = fetchFromGitHub { owner = "microformats"; repo = "mf2py"; - rev = version; - hash = "sha256-9pAD/eCmc/l7LGmKixDhZy3hhj1jCmcyo9wbqgtz/wI="; + rev = "refs/tags/v${version}"; + hash = "sha256-Ya8DND1Dqbygbf1hjIGMlPwyc/MYIWIj+KnWB6Bqu1k="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/pytibber/default.nix b/pkgs/development/python-modules/pytibber/default.nix index 33a61c2582eeccb..6f782ae2139c11f 100644 --- a/pkgs/development/python-modules/pytibber/default.nix +++ b/pkgs/development/python-modules/pytibber/default.nix @@ -14,7 +14,7 @@ buildPythonPackage rec { pname = "pytibber"; - version = "0.27.2"; + version = "0.28.0"; format = "setuptools"; disabled = pythonOlder "3.9"; @@ -23,7 +23,7 @@ buildPythonPackage rec { owner = "Danielhiversen"; repo = "pyTibber"; rev = "refs/tags/${version}"; - hash = "sha256-8JeQvvCxKAmFy8kiXVD+l1EBv5mO1rWYoAg+iLjapRw="; + hash = "sha256-S/arFxM+9VZECqUzPijTxclBQ6oeiOxdRXQLb+uhkfM="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/shap/default.nix b/pkgs/development/python-modules/shap/default.nix index 96c9c1f952acd45..9284d645215b4ad 100644 --- a/pkgs/development/python-modules/shap/default.nix +++ b/pkgs/development/python-modules/shap/default.nix @@ -1,51 +1,68 @@ { lib , buildPythonPackage , fetchFromGitHub -, writeText -, isPy27 +, fetchpatch , pytestCheckHook -, pytest-mpl +, pythonOlder +, writeText +, catboost +, cloudpickle +, ipython +, lightgbm +, lime +, matplotlib +, nose +, numba , numpy -, scipy -, scikit-learn -, pandas -, transformers , opencv4 -, lightgbm -, catboost +, pandas , pyspark +, pytest-mpl +, scikit-learn +, scipy , sentencepiece -, tqdm +, setuptools , slicer -, numba -, matplotlib -, nose -, lime -, cloudpickle -, ipython +, tqdm +, transformers +, xgboost }: buildPythonPackage rec { pname = "shap"; - version = "0.41.0"; - disabled = isPy27; + version = "0.42.0"; + format = "pyproject"; + + disabled = pythonOlder "3.7"; src = fetchFromGitHub { owner = "slundberg"; - repo = pname; + repo = "shap"; rev = "refs/tags/v${version}"; - hash = "sha256-rYVWQ3VRvIObSQPwDRsxhTOGOKNkYkLtiHzVwoB3iJ0="; + hash = "sha256-VGlswr9ywHk4oKSmmAzEC7+E0V2XEFlg19zXVktUdhc="; }; + patches = [ + (fetchpatch { + name = "fix-circular-import-error.patch"; + url = "https://github.com/slundberg/shap/commit/ce118526b19b4a206cf8b496c2cd2b215ef7a91b.patch"; + hash = "sha256-n2yFjFgc2VSFKb4ZJx775HblULWfnQSEnqjfPa8AOt0="; + }) + ]; + + nativeBuildInputs = [ + setuptools + ]; + propagatedBuildInputs = [ + cloudpickle + numba numpy - scipy - scikit-learn pandas - tqdm + scikit-learn + scipy slicer - numba - cloudpickle + tqdm ]; passthru.optional-dependencies = { @@ -58,7 +75,7 @@ buildPythonPackage rec { # tests that try to access the network will raise, get caught, be marked as skipped and tagged as xfailed. conftestSkipNetworkErrors = writeText "conftest.py" '' from _pytest.runner import pytest_runtest_makereport as orig_pytest_runtest_makereport - import urllib, requests + import urllib, requests, transformers class NetworkAccessDeniedError(RuntimeError): pass def deny_network_access(*a, **kw): @@ -68,6 +85,7 @@ buildPythonPackage rec { requests.get = deny_network_access urllib.request.urlopen = deny_network_access urllib.request.Request = deny_network_access + transformers.AutoTokenizer.from_pretrained = deny_network_access def pytest_runtest_makereport(item, call): tr = orig_pytest_runtest_makereport(item, call) @@ -81,55 +99,41 @@ buildPythonPackage rec { # when importing the local copy the extension is not found rm -r shap - # coverage testing is a waste considering how much we have to skip - substituteInPlace pytest.ini \ - --replace "--cov=shap --cov-report=term-missing" "" - # Add pytest hook skipping tests that access network. # These tests are marked as "Expected fail" (xfail) cat ${conftestSkipNetworkErrors} >> tests/conftest.py ''; + nativeCheckInputs = [ - pytestCheckHook - pytest-mpl + ipython matplotlib nose - ipython + pytest-mpl + pytestCheckHook # optional dependencies, which only serve to enable more tests: - opencv4 - #pytorch # we already skip all its tests due to slowness, adding it does nothing - transformers - #xgboost # numerically unstable? xgboost tests randomly fails pending on nixpkgs revision - lightgbm catboost + lightgbm + opencv4 pyspark sentencepiece + #torch # we already skip all its tests due to slowness, adding it does nothing + transformers + xgboost ]; + disabledTestPaths = [ - # takes forever without GPU acceleration - "tests/explainers/test_deep.py" - "tests/explainers/test_gradient.py" - # requires GPU. We skip here instead of having pytest repeatedly check for GPU - "tests/explainers/test_gpu_tree.py" # The resulting plots look sane, but does not match pixel-perfectly with the baseline. # Likely due to a matplotlib version mismatch, different backend, or due to missing fonts. "tests/plots/test_summary.py" # FIXME: enable - # 100% of the tests in these paths require network - "tests/explainers/test_explainer.py" - "tests/explainers/test_exact.py" - "tests/explainers/test_partition.py" - "tests/maskers/test_fixed_composite.py" - "tests/maskers/test_text.py" - "tests/models/test_teacher_forcing_logits.py" - "tests/models/test_text_generation.py" ]; + disabledTests = [ - # unstable. A xgboost-enabled test. possibly related: https://github.com/slundberg/shap/issues/2480 - "test_provided_background_tree_path_dependent" + # The same reason as above test_summary.py + "test_simple_bar_with_cohorts_dict" + "test_random_summary_violin_with_data2" + "test_random_summary_layered_violin_with_data2" ]; - #pytestFlagsArray = ["-x" "-W" "ignore"]; # uncomment this to debug - pythonImportsCheck = [ "shap" "shap.explainers" @@ -149,9 +153,5 @@ buildPythonPackage rec { changelog = "https://github.com/slundberg/shap/releases/tag/v${version}"; license = licenses.mit; maintainers = with maintainers; [ evax ]; - platforms = platforms.unix; - # No support for scikit-learn > 1.2 - # https://github.com/slundberg/shap/issues/2866 - broken = true; }; } diff --git a/pkgs/development/python-modules/slicer/default.nix b/pkgs/development/python-modules/slicer/default.nix index 7228c7914619ccf..f678dfb2eaa2022 100644 --- a/pkgs/development/python-modules/slicer/default.nix +++ b/pkgs/development/python-modules/slicer/default.nix @@ -1,8 +1,10 @@ { lib , buildPythonPackage +, dos2unix +, fetchpatch , fetchPypi -, isPy27 , pytestCheckHook +, pythonOlder , pandas , torch , scipy @@ -11,13 +13,38 @@ buildPythonPackage rec { pname = "slicer"; version = "0.0.7"; - disabled = isPy27; + format = "setuptools"; + disabled = pythonOlder "3.6"; src = fetchPypi { inherit pname version; - sha256 = "f5d5f7b45f98d155b9c0ba6554fa9770c6b26d5793a3e77a1030fb56910ebeec"; + hash = "sha256-9dX3tF+Y0VW5wLplVPqXcMaybVeTo+d6EDD7VpEOvuw="; }; + prePatch = '' + dos2unix slicer/* + ''; + + patches = [ + # these patches add support for numpy>=1.24 + (fetchpatch { + url = "https://github.com/interpretml/slicer/commit/028e09e639c4a3c99abe1d537cce30af2eebb081.patch"; + hash = "sha256-jh/cbz7cx2ks6jMNh1gI1n5RS/OHBtSIDZRxUGyrl/I="; + }) + (fetchpatch { + url = "https://github.com/interpretml/slicer/commit/d4bb09f136d7e1f64711633c16a37e7bee738696.patch"; + hash = "sha256-9rh99s4JWF4iKClZ19jvqSeRulL32xB5Use8PGkh/SA="; + }) + (fetchpatch { + url = "https://github.com/interpretml/slicer/commit/74b3683a5a7bd982f9eaaf8d8d665dfdaf2c6604.patch"; + hash = "sha256-R3zsC3udYPFUT93eRhb6wyc9S5n2wceiOunWJ8K+648="; + }) + ]; + + nativeBuildInputs = [ + dos2unix + ]; + nativeCheckInputs = [ pytestCheckHook pandas torch scipy ]; disabledTests = [ diff --git a/pkgs/development/ruby-modules/bundler/default.nix b/pkgs/development/ruby-modules/bundler/default.nix index ca31227f34a6dff..bcfd2ff6c49d530 100644 --- a/pkgs/development/ruby-modules/bundler/default.nix +++ b/pkgs/development/ruby-modules/bundler/default.nix @@ -4,8 +4,8 @@ buildRubyGem rec { inherit ruby; name = "${gemName}-${version}"; gemName = "bundler"; - version = "2.4.15"; - source.sha256 = "sha256-FM2eQJyQy1UxmHj++zvlqLz8dDOxQRXehSOytfc0rqo="; + version = "2.4.16"; + source.sha256 = "sha256-FjRuBn1YnZUgCoDzPFEbMLii6JASiFJbLTKS4hdenWk="; dontPatchShebangs = true; postFixup = '' diff --git a/pkgs/development/tools/click/default.nix b/pkgs/development/tools/click/default.nix index 4adaf11088b82bb..f8d73eec2580f6d 100644 --- a/pkgs/development/tools/click/default.nix +++ b/pkgs/development/tools/click/default.nix @@ -28,6 +28,12 @@ buildPythonApplication { sha256 = "sha256-pNu995/w3tbz15QQVdVYBnWnAoZmqWj1DN/5PZZ0iZw="; }; + postPatch = '' + # These should be proper Requires, using the header needs their headers + substituteInPlace lib/click/click-*.pc.in \ + --replace 'Requires.private' 'Requires' + ''; + configureFlags = [ "--with-systemdsystemunitdir=${placeholder "out"}/lib/systemd/system" "--with-systemduserunitdir=${placeholder "out"}/lib/systemd/user" diff --git a/pkgs/development/tools/conftest/default.nix b/pkgs/development/tools/conftest/default.nix index 306fca4684e995d..898c1d8bb5545b0 100644 --- a/pkgs/development/tools/conftest/default.nix +++ b/pkgs/development/tools/conftest/default.nix @@ -6,15 +6,15 @@ buildGoModule rec { pname = "conftest"; - version = "0.43.1"; + version = "0.44.0"; src = fetchFromGitHub { owner = "open-policy-agent"; repo = "conftest"; rev = "refs/tags/v${version}"; - hash = "sha256-5eMl6dvEW5CCSIgz/o3T7iwk1EuKMuGMifX8ECHf9Oc="; + hash = "sha256-tYF9zMDSzGSscsqHTA26FoAGNl7E9AV/8LMTzYcDOI4="; }; - vendorHash = "sha256-pP9Rv23ra3Cv5ZzL8E4/B/T2FQd2vRqIjKmWrINwUjc="; + vendorHash = "sha256-Q0bV6ePjQiIzYXB7sEiAYZ9kIbErPsoAXQqdMt8Xd10="; ldflags = [ "-s" diff --git a/pkgs/development/tools/datree/default.nix b/pkgs/development/tools/datree/default.nix index 1db2dfc5514b458..56bcb8fa461e3a1 100644 --- a/pkgs/development/tools/datree/default.nix +++ b/pkgs/development/tools/datree/default.nix @@ -8,13 +8,13 @@ buildGoModule rec { pname = "datree"; - version = "1.9.9"; + version = "1.9.10"; src = fetchFromGitHub { owner = "datreeio"; repo = "datree"; rev = "refs/tags/${version}"; - hash = "sha256-GNZvrn0aTunzpd5XUXjgEzpXAW2h6TNdqlI/Sso+lxs="; + hash = "sha256-A5l5ZCKkDqVHy7DWd2Tb75g21t+WnLMiJuUxAYVTTUM="; }; vendorHash = "sha256-ECVKofvmLuFAFvncq63hYUaYW8/2+F4gZr8wIGQyrdU="; diff --git a/pkgs/development/tools/devbox/default.nix b/pkgs/development/tools/devbox/default.nix index c74e2c2aad780c1..03f4d3c918beee8 100644 --- a/pkgs/development/tools/devbox/default.nix +++ b/pkgs/development/tools/devbox/default.nix @@ -5,13 +5,13 @@ }: buildGoModule rec { pname = "devbox"; - version = "0.5.5"; + version = "0.5.6"; src = fetchFromGitHub { owner = "jetpack-io"; repo = pname; rev = version; - hash = "sha256-PR3JRA2Dme/KbU59QV0G3VzmTByynnDL9y33wHsX3PI="; + hash = "sha256-GDOp6gmkRXwUJ0x+o1VzwCR0PZ6nmG0/FGstBhwU8OY="; }; ldflags = [ @@ -23,7 +23,7 @@ buildGoModule rec { # integration tests want file system access doCheck = false; - vendorHash = "sha256-UEMFHRP9XKxg1wa3JYJ522yuyrPTDhyVCdQdSpDi6Cg="; + vendorHash = "sha256-HgGqCCcIv/sE51GnUTsOpblZZAfp31BpU+u4JFfYiLU="; nativeBuildInputs = [ installShellFiles ]; diff --git a/pkgs/development/tools/haskell/vaultenv/default.nix b/pkgs/development/tools/haskell/vaultenv/default.nix index bde2dce30eeb33c..e3adef87524568b 100644 --- a/pkgs/development/tools/haskell/vaultenv/default.nix +++ b/pkgs/development/tools/haskell/vaultenv/default.nix @@ -29,13 +29,13 @@ }: mkDerivation rec { pname = "vaultenv"; - version = "0.15.1"; + version = "0.16.0"; src = fetchFromGitHub { owner = "channable"; repo = "vaultenv"; rev = "v${version}"; - sha256 = "sha256-yoYkAypH+HQSVTvd/qKNFkL5krbB5mZw3ec9ojvy+Pw="; + sha256 = "sha256-EPu4unzXIg8naFUEZwbJ2VJXD/TeCiKzPHCXnRkdyBE="; }; buildTools = [ hpack ]; diff --git a/pkgs/misc/beep/default.nix b/pkgs/misc/beep/default.nix index fe04d28aa9de0f2..31fbb82cc3573e0 100644 --- a/pkgs/misc/beep/default.nix +++ b/pkgs/misc/beep/default.nix @@ -16,6 +16,9 @@ stdenv.mkDerivation rec { makeFlags = [ "prefix=${placeholder "out"}"]; + # causes redefinition of _FORTIFY_SOURCE + hardeningDisable = [ "fortify3" ]; + meta = with lib; { description = "The advanced PC speaker beeper"; homepage = "https://github.com/spkr-beep/beep"; diff --git a/pkgs/os-specific/linux/conky/default.nix b/pkgs/os-specific/linux/conky/default.nix index 68b174dba5b3e35..2c2f21022a7726e 100644 --- a/pkgs/os-specific/linux/conky/default.nix +++ b/pkgs/os-specific/linux/conky/default.nix @@ -67,16 +67,15 @@ with lib; stdenv.mkDerivation rec { pname = "conky"; - version = "1.18.0"; + version = "1.19.2"; src = fetchFromGitHub { owner = "brndnmtthws"; repo = "conky"; rev = "v${version}"; - sha256 = "sha256-a0RGgX325NztDcQwg9+ibxOstU0MSS3eSTaljgt9qPQ="; + hash = "sha256-AKU2kHYwhSmNrqZQWLmY82U+WQiuYiZKCJC5c0jG3KQ="; }; - postPatch = '' sed -i -e '/include.*CheckIncludeFile)/i include(CheckIncludeFiles)' \ cmake/ConkyPlatformChecks.cmake @@ -139,7 +138,8 @@ stdenv.mkDerivation rec { doCheck = true; meta = with lib; { - homepage = "https://conky.sourceforge.net/"; + homepage = "https://conky.cc"; + changelog = "https://github.com/brndnmtthws/conky/releases/tag/v${version}"; description = "Advanced, highly configurable system monitor based on torsmo"; maintainers = [ maintainers.guibert ]; license = licenses.gpl3Plus; diff --git a/pkgs/os-specific/linux/libevdevc/default.nix b/pkgs/os-specific/linux/libevdevc/default.nix index 4998ee3e6b57aff..5e6b7cd47815aa5 100644 --- a/pkgs/os-specific/linux/libevdevc/default.nix +++ b/pkgs/os-specific/linux/libevdevc/default.nix @@ -19,6 +19,9 @@ stdenv.mkDerivation rec { makeFlags = [ "DESTDIR=$(out)" "LIBDIR=/lib" ]; + # causes redefinition of _FORTIFY_SOURCE + hardeningDisable = [ "fortify3" ]; + meta = with lib; { description = "ChromiumOS libevdev. Renamed to avoid conflicts with the standard libevdev found in Linux distros"; license = licenses.bsd3; diff --git a/pkgs/os-specific/linux/tuxedo-keyboard/default.nix b/pkgs/os-specific/linux/tuxedo-keyboard/default.nix index e6eccaa51d7e6ee..4a2ae8554a277a0 100644 --- a/pkgs/os-specific/linux/tuxedo-keyboard/default.nix +++ b/pkgs/os-specific/linux/tuxedo-keyboard/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "tuxedo-keyboard-${kernel.version}"; - version = "3.2.5"; + version = "3.2.7"; src = fetchFromGitHub { owner = "tuxedocomputers"; repo = "tuxedo-keyboard"; rev = "v${version}"; - hash = "sha256-pSGshUyim06Sqkp5QFzhUjeIz/N3aORvVt6DEyzQLaU="; + hash = "sha256-Q0wnejeLGLSDS0GPxQuYUKCAdzbYA66KT0DuWsEKIRs="; }; buildInputs = [ diff --git a/pkgs/servers/dgraph/default.nix b/pkgs/servers/dgraph/default.nix index 00b85ddb859fe48..eb3072c0c872d5e 100644 --- a/pkgs/servers/dgraph/default.nix +++ b/pkgs/servers/dgraph/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "dgraph"; - version = "22.0.1"; + version = "23.0.1"; src = fetchFromGitHub { owner = "dgraph-io"; repo = "dgraph"; rev = "v${version}"; - sha256 = "sha256-c4gNkT1N1yPotDhRjZvuVvO5TTaL2bqR5I+Z2PcvW10="; + sha256 = "sha256-FB+bgrv6KojbuXDB4FKKe7eW4d9lcm9x4gA6Ceop734="; }; - vendorSha256 = "sha256-K2Q2QBP6fJ3E2LEmZO2U/0DiQifrJVG0lcs4pO5yqrY="; + vendorHash = "sha256-HoZpxY+xT1gRHgEpkscPXogVq2eDKGlKE6KTMIQ+mMI="; doCheck = false; diff --git a/pkgs/servers/mail/mailpit/default.nix b/pkgs/servers/mail/mailpit/default.nix index aa7a21371180c69..9c8b683373c3162 100644 --- a/pkgs/servers/mail/mailpit/default.nix +++ b/pkgs/servers/mail/mailpit/default.nix @@ -1,4 +1,5 @@ { lib +, stdenv , buildGoModule , nodejs , python3 @@ -8,8 +9,8 @@ , fetchNpmDeps }: -buildGoModule rec { - pname = "mailpit"; +let + version = "1.7.1"; src = fetchFromGitHub { @@ -19,23 +20,45 @@ buildGoModule rec { hash = "sha256-jT9QE0ikp9cJlT8qtfPPjKOUuqWyQk94D3UbkyaGXa8="; }; - vendorHash = "sha256-XBYIO7fdo5EahJB7EcAuY9SGKZb8dsvoJHp/D5LO5Qo="; + # Separate derivation, because if we mix this in buildGoModule, the separate + # go-modules build inherits specific attributes and fails. Getting that to + # work is hackier than just splitting the build. + ui = stdenv.mkDerivation { + pname = "mailpit-ui"; + inherit src version; + + npmDeps = fetchNpmDeps { + inherit src; + hash = "sha256-6VCs8125fTJkZW+eZgK56j7ccK8tcGhIXiq2HkYp4XM="; + }; - npmDeps = fetchNpmDeps { - inherit src; - hash = "sha256-6VCs8125fTJkZW+eZgK56j7ccK8tcGhIXiq2HkYp4XM="; + nativeBuildInputs = [ nodejs python3 libtool npmHooks.npmConfigHook ]; + + buildPhase = '' + npm run package + ''; + + installPhase = '' + mv server/ui/dist $out + ''; }; - nativeBuildInputs = [ nodejs python3 libtool npmHooks.npmConfigHook ]; +in - preBuild = '' - npm run package - ''; +buildGoModule { + pname = "mailpit"; + inherit src version; + + vendorHash = "sha256-XBYIO7fdo5EahJB7EcAuY9SGKZb8dsvoJHp/D5LO5Qo="; CGO_ENABLED = 0; ldflags = [ "-s" "-w" "-X github.com/axllent/mailpit/config.Version=${version}" ]; + preBuild = '' + cp -r ${ui} server/ui/dist + ''; + meta = with lib; { description = "An email and SMTP testing tool with API for developers"; homepage = "https://github.com/axllent/mailpit"; diff --git a/pkgs/servers/mqtt/nanomq/default.nix b/pkgs/servers/mqtt/nanomq/default.nix index 06fec792f32a9cb..902b5369df07c0d 100644 --- a/pkgs/servers/mqtt/nanomq/default.nix +++ b/pkgs/servers/mqtt/nanomq/default.nix @@ -35,6 +35,9 @@ let }; nativeBuildInputs = [ cmake ninja flex bison ]; + + # https://github.com/nanomq/idl-serial/issues/36 + hardeningDisable = [ "fortify3" ]; }; in stdenv.mkDerivation (finalAttrs: { diff --git a/pkgs/tools/admin/drawterm/default.nix b/pkgs/tools/admin/drawterm/default.nix index 4955fc8f6613d70..8451d8b687ffba5 100644 --- a/pkgs/tools/admin/drawterm/default.nix +++ b/pkgs/tools/admin/drawterm/default.nix @@ -15,7 +15,7 @@ , config }: -stdenv.mkDerivation rec { +stdenv.mkDerivation { pname = "drawterm"; version = "unstable-2023-06-27"; @@ -25,6 +25,8 @@ stdenv.mkDerivation rec { sha256 = "ebqw1jqeRC0FWeUIO/HaEovuwzU6+B48TjZbVJXByvA="; }; + enableParallelBuilding = true; + strictDeps = true; nativeBuildInputs = [ installShellFiles ] ++ { linux = [ pkg-config wayland-scanner ]; unix = [ makeWrapper ]; @@ -47,12 +49,11 @@ stdenv.mkDerivation rec { mv drawterm drawterm.bin install -Dm755 -t $out/bin/ drawterm.bin makeWrapper ${pulseaudio}/bin/padsp $out/bin/drawterm --add-flags $out/bin/drawterm.bin - ''; - }."${config}" or (throw "unsupported CONF") + '' - installManPage drawterm.1 + ''; + }."${config}" or (throw "unsupported CONF") + '' + installManPage drawterm.1 ''; - meta = with lib; { description = "Connect to Plan 9 CPU servers from other operating systems."; homepage = "https://drawterm.9front.org/"; diff --git a/pkgs/tools/admin/pulumi-packages/pulumi-language-go.nix b/pkgs/tools/admin/pulumi-packages/pulumi-language-go.nix index b43fdbe67270ab6..7ef597201b98288 100644 --- a/pkgs/tools/admin/pulumi-packages/pulumi-language-go.nix +++ b/pkgs/tools/admin/pulumi-packages/pulumi-language-go.nix @@ -6,19 +6,19 @@ buildGoModule rec { pname = "pulumi-language-go"; inherit (pulumi) version src; - sourceRoot = "${src.name}/sdk"; + sourceRoot = "${src.name}/sdk/go/pulumi-language-go"; - vendorHash = pulumi.sdkVendorHash; - - subPackages = [ - "go/pulumi-language-go" - ]; + vendorHash = "sha256-6/umLzw7HMplP/cJknBsWmiwAnc+YM4tIz4Zl2QMTOQ="; ldflags = [ "-s" "-w" "-X github.com/pulumi/pulumi/sdk/v3/go/common/version.Version=${version}" ]; + + # go: inconsistent vendoring in ... + doCheck = false; + meta = with lib; { description = "Golang language host plugin for Pulumi"; homepage = "https://github.com/pulumi/pulumi/tree/master/sdk/go"; diff --git a/pkgs/tools/admin/pulumi-packages/pulumi-language-nodejs.nix b/pkgs/tools/admin/pulumi-packages/pulumi-language-nodejs.nix index c5cad8f202a0c7a..02bb86d0e8e53bc 100644 --- a/pkgs/tools/admin/pulumi-packages/pulumi-language-nodejs.nix +++ b/pkgs/tools/admin/pulumi-packages/pulumi-language-nodejs.nix @@ -1,5 +1,4 @@ -{ lib -, buildGoModule +{ buildGoModule , pulumi , nodejs }: @@ -8,13 +7,9 @@ buildGoModule rec { pname = "pulumi-language-nodejs"; - sourceRoot = "${src.name}/sdk"; + sourceRoot = "${src.name}/sdk/nodejs/cmd/pulumi-language-nodejs"; - vendorHash = sdkVendorHash; - - subPackages = [ - "nodejs/cmd/pulumi-language-nodejs" - ]; + vendorHash = "sha256-3kDWb+1aebV2D+Nm5bkhKrJZMe/lD0ltFQ7p+Bfk644="; ldflags = [ "-s" @@ -25,9 +20,4 @@ buildGoModule rec { nativeCheckInputs = [ nodejs ]; - - postInstall = '' - cp nodejs/dist/pulumi-resource-pulumi-nodejs $out/bin - cp nodejs/dist/pulumi-analyzer-policy $out/bin - ''; } diff --git a/pkgs/tools/audio/unflac/default.nix b/pkgs/tools/audio/unflac/default.nix index 2e22b81cc5995bf..aa12246813d3255 100644 --- a/pkgs/tools/audio/unflac/default.nix +++ b/pkgs/tools/audio/unflac/default.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "unflac"; - version = "1.0"; + version = "1.1"; src = fetchFromSourcehut { owner = "~ft"; repo = pname; rev = version; - sha256 = "1vlwlm895mcvmxaxcid3vfji1zi9wjchz7divm096na4whj35cc4"; + sha256 = "sha256-gDgmEEOvsudSYdLUodTuE50+2hZpMqlnaVGanv/rg+U="; }; - vendorSha256 = "sha256-QqLjz1X4uVpxhYXb/xIBwuLUhRaqwz2GDUPjBTS4ut0="; + vendorSha256 = "sha256-X3cMhzaf1t+x7D8BVBfQy00rAACDEPmIOezIhKzqOZ8="; nativeBuildInputs = [ makeWrapper ]; postFixup = '' diff --git a/pkgs/tools/misc/dialog/default.nix b/pkgs/tools/misc/dialog/default.nix index 0abc2206b01c4af..fc494445e82f0f6 100644 --- a/pkgs/tools/misc/dialog/default.nix +++ b/pkgs/tools/misc/dialog/default.nix @@ -3,27 +3,30 @@ , fetchurl , libtool , ncurses -, withLibrary ? false -, unicodeSupport ? true , enableShared ? !stdenv.isDarwin +, unicodeSupport ? true +, withLibrary ? false }: -assert withLibrary -> libtool != null; -assert unicodeSupport -> ncurses != null && ncurses.unicodeSupport; +assert unicodeSupport -> ncurses.unicodeSupport; stdenv.mkDerivation (finalAttrs: { pname = "dialog"; - version = "1.3-20220728"; + version = "1.3-20230209"; src = fetchurl { - url = "ftp://ftp.invisible-island.net/dialog/dialog-${finalAttrs.version}.tgz"; - hash = "sha256-VEGJc9VZpGGwBpX6/mjfYvK8c9UGtDaCHXfKPfRUGQs="; + url = "https://invisible-island.net/archives/dialog/dialog-${finalAttrs.version}.tgz"; + hash = "sha256-DCYoIwUmS+IhfzNfN5j0ix3OPPEsWgdr8jHK33em1qg="; }; + nativeBuildInputs = lib.optional withLibrary libtool; + buildInputs = [ ncurses ]; + strictDeps = true; + configureFlags = [ "--disable-rpath-hacks" "--${if withLibrary then "with" else "without"}-libtool" @@ -35,11 +38,11 @@ stdenv.mkDerivation (finalAttrs: { "install${lib.optionalString withLibrary "-full"}" ]; - meta = with lib; { + meta = { homepage = "https://invisible-island.net/dialog/dialog.html"; description = "Display dialog boxes from shell"; - license = licenses.lgpl21Plus; - maintainers = with maintainers; [ AndersonTorres spacefrogg ]; + license = lib.licenses.lgpl21Plus; + maintainers = with lib.maintainers; [ AndersonTorres spacefrogg ]; inherit (ncurses.meta) platforms; }; }) diff --git a/pkgs/tools/misc/gh-dash/default.nix b/pkgs/tools/misc/gh-dash/default.nix index 99d9a2c1dc420f1..95999d79c9e5ff5 100644 --- a/pkgs/tools/misc/gh-dash/default.nix +++ b/pkgs/tools/misc/gh-dash/default.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "gh-dash"; - version = "3.7.9"; + version = "3.9.0"; src = fetchFromGitHub { owner = "dlvhdr"; repo = "gh-dash"; rev = "v${version}"; - hash = "sha256-loAtRXns7plBeVOM+d/euyRS86MG+NRhGB4WpHT7KlM="; + hash = "sha256-QaKrn/22wrRCMJLzCVRnxBRxAhnUBjkESSRg4YQCHoc="; }; - vendorHash = "sha256-0ySTcQDM7Dole6ojnhr7vwUWOM4p6kFN69VqMP0jAY0="; + vendorHash = "sha256-lOIONv+7cUUC0mGCwYkOkDn3zHreYpFeqmTbp2Ob3yM="; ldflags = [ "-s" diff --git a/pkgs/tools/networking/gping/default.nix b/pkgs/tools/networking/gping/default.nix index e97bf6ec86b3e19..59d3d6b314b0aa5 100644 --- a/pkgs/tools/networking/gping/default.nix +++ b/pkgs/tools/networking/gping/default.nix @@ -9,16 +9,16 @@ rustPlatform.buildRustPackage rec { pname = "gping"; - version = "1.12.0"; + version = "1.13.1"; src = fetchFromGitHub { owner = "orf"; repo = "gping"; rev = "gping-v${version}"; - hash = "sha256-0+qSBnWewWg+PE5y9tTLLaB/uxUy+9uQkR1dnsk7MIY="; + hash = "sha256-EkoOHyHYcbyqtT1zCq0kmXND1eSADE7QD3QQ01RJtvM="; }; - cargoHash = "sha256-N2V6Wwb2YB2YlBjyHZrh73RujTAmgsFOBLiN/SILP1k="; + cargoHash = "sha256-iDB3ZIlSLEBf+nSxLeQcE93nqMjH29w+z7kwCNksuSk="; buildInputs = lib.optionals stdenv.isDarwin [ libiconv Security ]; diff --git a/pkgs/tools/security/hash_extender/default.nix b/pkgs/tools/security/hash_extender/default.nix index 9ddc16c9b27ea24..b90dff6cd17cb45 100644 --- a/pkgs/tools/security/hash_extender/default.nix +++ b/pkgs/tools/security/hash_extender/default.nix @@ -16,6 +16,9 @@ stdenv.mkDerivation { doCheck = true; checkPhase = "./hash_extender --test"; + # https://github.com/iagox86/hash_extender/issues/26 + hardeningDisable = [ "fortify3" ]; + env.NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations"; installPhase = '' diff --git a/pkgs/tools/security/yubihsm-shell/default.nix b/pkgs/tools/security/yubihsm-shell/default.nix index 77b6b86ffd6e1ff..650224dd03b1a0e 100644 --- a/pkgs/tools/security/yubihsm-shell/default.nix +++ b/pkgs/tools/security/yubihsm-shell/default.nix @@ -58,6 +58,9 @@ stdenv.mkDerivation rec { "-DDISABLE_LTO=ON" ]; + # causes redefinition of _FORTIFY_SOURCE + hardeningDisable = [ "fortify3" ]; + meta = with lib; { description = "yubihsm-shell and libyubihsm"; homepage = "https://github.com/Yubico/yubihsm-shell"; diff --git a/pkgs/tools/system/minijail/default.nix b/pkgs/tools/system/minijail/default.nix index 73f8cad580a5c6f..ab237dd307279b6 100644 --- a/pkgs/tools/system/minijail/default.nix +++ b/pkgs/tools/system/minijail/default.nix @@ -19,6 +19,9 @@ stdenv.mkDerivation rec { patchShebangs platform2_preinstall.sh ''; + # causes redefinition of _FORTIFY_SOURCE + hardeningDisable = [ "fortify3" ]; + installPhase = '' ./platform2_preinstall.sh ${version} $out/include/chromeos diff --git a/pkgs/tools/virtualization/jumppad/default.nix b/pkgs/tools/virtualization/jumppad/default.nix index 85cfab585746e82..342938eed094352 100644 --- a/pkgs/tools/virtualization/jumppad/default.nix +++ b/pkgs/tools/virtualization/jumppad/default.nix @@ -2,15 +2,15 @@ buildGoModule rec { pname = "jumppad"; - version = "0.5.28"; + version = "0.5.31"; src = fetchFromGitHub { owner = "jumppad-labs"; repo = pname; rev = "v${version}"; - hash = "sha256-j1m95RiT4cymSK9PuJuNc+ixia4DNj+8lZ0KloB+kWo="; + hash = "sha256-2BdhJ11Mwd2w8VZfGcGJc6GuaKrVKjCqXLDggiiwyt0="; }; - vendorHash = "sha256-OtixGeQY1wPqs3WU6gKvrzEgxnMORxr4BWCpn/VYxRc="; + vendorHash = "sha256-LneL4SzvcThfqqWdKpAU3mFAW1FVRTU9/T3l+yKBSME="; ldflags = [ "-s" "-w" "-X main.version=${version}"