diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index fc41ce36bc20..67fa8579a59c 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -6186,6 +6186,12 @@
github = "meutraa";
githubId = 68550871;
};
+ mephistophiles = {
+ email = "mussitantesmortem@gmail.com";
+ name = "Maxim Zhukov";
+ github = "Mephistophiles";
+ githubId = 4850908;
+ };
mfossen = {
email = "msfossen@gmail.com";
github = "mfossen";
diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml
index 9adf8acce630..916cea929727 100644
--- a/nixos/doc/manual/release-notes/rl-2105.xml
+++ b/nixos/doc/manual/release-notes/rl-2105.xml
@@ -23,6 +23,9 @@
Support is planned until the end of December 2021, handing over to 21.11.
+
+ The default Linux kernel was updated to the 5.10 LTS series, coming from the 5.4 LTS series.
+
GNOME desktop environment was upgraded to 3.38, see its release notes.
diff --git a/nixos/modules/hardware/all-firmware.nix b/nixos/modules/hardware/all-firmware.nix
index 8cf3e5633dc7..3e88a4c20adc 100644
--- a/nixos/modules/hardware/all-firmware.nix
+++ b/nixos/modules/hardware/all-firmware.nix
@@ -49,7 +49,7 @@ in {
rt5677-firmware
rtl8723bs-firmware
rtl8761b-firmware
- rtlwifi_new-firmware
+ rtw88-firmware
zd1211fw
alsa-firmware
sof-firmware
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index e9b9664f8e7b..1a1dbc16ab85 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -949,6 +949,7 @@
./services/web-servers/nginx/default.nix
./services/web-servers/nginx/gitweb.nix
./services/web-servers/phpfpm/default.nix
+ ./services/web-servers/pomerium.nix
./services/web-servers/unit/default.nix
./services/web-servers/shellinabox.nix
./services/web-servers/tomcat.nix
diff --git a/nixos/modules/services/web-servers/pomerium.nix b/nixos/modules/services/web-servers/pomerium.nix
new file mode 100644
index 000000000000..a96df1dbf6de
--- /dev/null
+++ b/nixos/modules/services/web-servers/pomerium.nix
@@ -0,0 +1,131 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ format = pkgs.formats.yaml {};
+in
+{
+ options.services.pomerium = {
+ enable = mkEnableOption "the Pomerium authenticating reverse proxy";
+
+ configFile = mkOption {
+ type = with types; nullOr path;
+ default = null;
+ description = "Path to Pomerium config YAML. If set, overrides services.pomerium.settings.";
+ };
+
+ useACMEHost = mkOption {
+ type = with types; nullOr str;
+ default = null;
+ description = ''
+ If set, use a NixOS-generated ACME certificate with the specified name.
+
+ Note that this will require you to use a non-HTTP-based challenge, or
+ disable Pomerium's in-built HTTP redirect server by setting
+ http_redirect_addr to null and use a different HTTP server for serving
+ the challenge response.
+
+ If you're using an HTTP-based challenge, you should use the
+ Pomerium-native autocert option instead.
+ '';
+ };
+
+ settings = mkOption {
+ description = ''
+ The contents of Pomerium's config.yaml, in Nix expressions.
+
+ Specifying configFile will override this in its entirety.
+
+ See the Pomerium
+ configuration reference for more information about what to put
+ here.
+ '';
+ default = {};
+ type = format.type;
+ };
+
+ secretsFile = mkOption {
+ type = with types; nullOr path;
+ default = null;
+ description = ''
+ Path to file containing secrets for Pomerium, in systemd
+ EnvironmentFile format. See the systemd.exec(5) man page.
+ '';
+ };
+ };
+
+ config = let
+ cfg = config.services.pomerium;
+ cfgFile = if cfg.configFile != null then cfg.configFile else (format.generate "pomerium.yaml" cfg.settings);
+ in mkIf cfg.enable ({
+ systemd.services.pomerium = {
+ description = "Pomerium authenticating reverse proxy";
+ wants = [ "network.target" ] ++ (optional (cfg.useACMEHost != null) "acme-finished-${cfg.useACMEHost}.target");
+ after = [ "network.target" ] ++ (optional (cfg.useACMEHost != null) "acme-finished-${cfg.useACMEHost}.target");
+ wantedBy = [ "multi-user.target" ];
+ environment = optionalAttrs (cfg.useACMEHost != null) {
+ CERTIFICATE_FILE = "fullchain.pem";
+ CERTIFICATE_KEY_FILE = "key.pem";
+ };
+ startLimitIntervalSec = 60;
+
+ serviceConfig = {
+ DynamicUser = true;
+ StateDirectory = [ "pomerium" ];
+ ExecStart = "${pkgs.pomerium}/bin/pomerium -config ${cfgFile}";
+
+ PrivateUsers = false; # breaks CAP_NET_BIND_SERVICE
+ MemoryDenyWriteExecute = false; # breaks LuaJIT
+
+ NoNewPrivileges = true;
+ PrivateTmp = true;
+ PrivateDevices = true;
+ DevicePolicy = "closed";
+ ProtectSystem = "strict";
+ ProtectHome = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ ProtectKernelTunables = true;
+ ProtectKernelLogs = true;
+ RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";
+ RestrictNamespaces = true;
+ RestrictRealtime = true;
+ RestrictSUIDSGID = true;
+ LockPersonality = true;
+ SystemCallArchitectures = "native";
+
+ EnvironmentFile = cfg.secretsFile;
+ AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
+ CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
+
+ WorkingDirectory = mkIf (cfg.useACMEHost != null) "$CREDENTIALS_DIRECTORY";
+ LoadCredential = optionals (cfg.useACMEHost != null) [
+ "fullchain.pem:/var/lib/acme/${cfg.useACMEHost}/fullchain.pem"
+ "key.pem:/var/lib/acme/${cfg.useACMEHost}/key.pem"
+ ];
+ };
+ };
+
+ # postRun hooks on cert renew can't be used to restart Nginx since renewal
+ # runs as the unprivileged acme user. sslTargets are added to wantedBy + before
+ # which allows the acme-finished-$cert.target to signify the successful updating
+ # of certs end-to-end.
+ systemd.services.pomerium-config-reload = mkIf (cfg.useACMEHost != null) {
+ # TODO(lukegb): figure out how to make config reloading work with credentials.
+
+ wantedBy = [ "acme-finished-${cfg.useACMEHost}.target" "multi-user.target" ];
+ # Before the finished targets, after the renew services.
+ before = [ "acme-finished-${cfg.useACMEHost}.target" ];
+ after = [ "acme-${cfg.useACMEHost}.service" ];
+ # Block reloading if not all certs exist yet.
+ unitConfig.ConditionPathExists = [ "${certs.${cfg.useACMEHost}.directory}/fullchain.pem" ];
+ serviceConfig = {
+ Type = "oneshot";
+ TimeoutSec = 60;
+ ExecCondition = "/run/current-system/systemd/bin/systemctl -q is-active pomerium.service";
+ ExecStart = "/run/current-system/systemd/bin/systemctl restart pomerium.service";
+ };
+ };
+ });
+}
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index f7f5841b9ac5..c851ae9cefb7 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -319,6 +319,7 @@ in
plikd = handleTest ./plikd.nix {};
plotinus = handleTest ./plotinus.nix {};
podman = handleTestOn ["x86_64-linux"] ./podman.nix {};
+ pomerium = handleTestOn ["x86_64-linux"] ./pomerium.nix {};
postfix = handleTest ./postfix.nix {};
postfix-raise-smtpd-tls-security-level = handleTest ./postfix-raise-smtpd-tls-security-level.nix {};
postgis = handleTest ./postgis.nix {};
diff --git a/nixos/tests/pomerium.nix b/nixos/tests/pomerium.nix
new file mode 100644
index 000000000000..933614bb7d8a
--- /dev/null
+++ b/nixos/tests/pomerium.nix
@@ -0,0 +1,102 @@
+import ./make-test-python.nix ({ pkgs, ... }: {
+ name = "pomerium";
+ meta = with pkgs.stdenv.lib.maintainers; {
+ maintainers = [ lukegb ];
+ };
+
+ nodes = let base = myIP: { pkgs, lib, ... }: {
+ virtualisation.vlans = [ 1 ];
+ networking = {
+ dhcpcd.enable = false;
+ firewall.allowedTCPPorts = [ 80 443 ];
+ hosts = {
+ "192.168.1.1" = [ "pomerium" "pom-auth" ];
+ "192.168.1.2" = [ "backend" "dummy-oidc" ];
+ };
+ interfaces.eth1.ipv4.addresses = pkgs.lib.mkOverride 0 [
+ { address = myIP; prefixLength = 24; }
+ ];
+ };
+ }; in {
+ pomerium = { pkgs, lib, ... }: {
+ imports = [ (base "192.168.1.1") ];
+ services.pomerium = {
+ enable = true;
+ settings = {
+ address = ":80";
+ insecure_server = true;
+ authenticate_service_url = "http://pom-auth";
+
+ idp_provider = "oidc";
+ idp_scopes = [ "oidc" ];
+ idp_client_id = "dummy";
+ idp_provider_url = "http://dummy-oidc";
+
+ policy = [{
+ from = "https://my.website";
+ to = "http://192.168.1.2";
+ allow_public_unauthenticated_access = true;
+ preserve_host_header = true;
+ } {
+ from = "https://login.required";
+ to = "http://192.168.1.2";
+ allowed_domains = [ "my.domain" ];
+ preserve_host_header = true;
+ }];
+ };
+ secretsFile = pkgs.writeText "pomerium-secrets" ''
+ # 12345678901234567890123456789012 in base64
+ COOKIE_SECRET=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=
+ IDP_CLIENT_SECRET=dummy
+ '';
+ };
+ };
+ backend = { pkgs, lib, ... }: {
+ imports = [ (base "192.168.1.2") ];
+ services.nginx.enable = true;
+ services.nginx.virtualHosts."my.website" = {
+ root = pkgs.runCommand "testdir" {} ''
+ mkdir "$out"
+ echo hello world > "$out/index.html"
+ '';
+ };
+ services.nginx.virtualHosts."dummy-oidc" = {
+ root = pkgs.runCommand "testdir" {} ''
+ mkdir -p "$out/.well-known"
+ cat <"$out/.well-known/openid-configuration"
+ {
+ "issuer": "http://dummy-oidc",
+ "authorization_endpoint": "http://dummy-oidc/auth.txt",
+ "token_endpoint": "http://dummy-oidc/token",
+ "jwks_uri": "http://dummy-oidc/jwks.json",
+ "userinfo_endpoint": "http://dummy-oidc/userinfo",
+ "id_token_signing_alg_values_supported": ["RS256"]
+ }
+ EOF
+ echo hello I am login page >"$out/auth.txt"
+ '';
+ };
+ };
+ };
+
+ testScript = { ... }: ''
+ backend.wait_for_unit("nginx")
+ backend.wait_for_open_port(80)
+
+ pomerium.wait_for_unit("pomerium")
+ pomerium.wait_for_open_port(80)
+
+ with subtest("no authentication required"):
+ pomerium.succeed(
+ "curl --resolve my.website:80:127.0.0.1 http://my.website | grep -q 'hello world'"
+ )
+
+ with subtest("login required"):
+ pomerium.succeed(
+ "curl -I --resolve login.required:80:127.0.0.1 http://login.required | grep -q pom-auth"
+ )
+ pomerium.succeed(
+ "curl -L --resolve login.required:80:127.0.0.1 http://login.required | grep -q 'hello I am login page'"
+ )
+ '';
+})
diff --git a/pkgs/applications/backup/pika-backup/default.nix b/pkgs/applications/backup/pika-backup/default.nix
index 7f7be99f9a24..f04a5a2d8bfb 100644
--- a/pkgs/applications/backup/pika-backup/default.nix
+++ b/pkgs/applications/backup/pika-backup/default.nix
@@ -19,20 +19,20 @@
stdenv.mkDerivation rec {
pname = "pika-backup";
- version = "0.2.2";
+ version = "0.2.3";
src = fetchFromGitLab {
domain = "gitlab.gnome.org";
owner = "World";
repo = "pika-backup";
rev = "v${version}";
- sha256 = "16284gv31wdwmb99056962d1gh6xz26ami6synr47nsbbp5l0s6k";
+ sha256 = "sha256-jy22eyuzM2y7vByT3TOlAUuTKtPepkB9iiHQT1YGQ88=";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
name = "${pname}-${version}";
- sha256 = "12ymjwpxx3sdna8w5j9fnwwfk8ynk9ziwl0lkpq68y0vyllln5an";
+ sha256 = "1ndcpgw18w3l5f7vv5vw8lxhgd5y1zxfarwnyfx13m7kcv8m3vyj";
};
patches = [
diff --git a/pkgs/applications/blockchains/crypto-org-wallet.nix b/pkgs/applications/blockchains/crypto-org-wallet.nix
new file mode 100644
index 000000000000..be45967018d0
--- /dev/null
+++ b/pkgs/applications/blockchains/crypto-org-wallet.nix
@@ -0,0 +1,33 @@
+{ lib, fetchurl, makeDesktopItem, appimageTools, imagemagick }:
+
+let
+ pname = "chain-desktop-wallet";
+ version = "0.1.1";
+ name = "${pname}-${version}";
+
+ src = fetchurl {
+ url = "https://github.com/crypto-com/${pname}/releases/download/v${version}/${name}-x86_64.AppImage";
+ sha256 = "12076hf8dlz0hg1pb2ixwlslrh8gi6s1iawnvhnn6vz4jmjvq356";
+ };
+
+ appimageContents = appimageTools.extractType2 { inherit name src; };
+in appimageTools.wrapType2 rec {
+ inherit name src;
+
+ extraInstallCommands = ''
+ mv $out/bin/${name} $out/bin/${pname}
+ install -m 444 -D ${appimageContents}/${pname}.desktop $out/share/applications/${pname}.desktop
+ ${imagemagick}/bin/convert ${appimageContents}/${pname}.png -resize 512x512 ${pname}_512.png
+ install -m 444 -D ${pname}_512.png $out/share/icons/hicolor/512x512/apps/${pname}.png
+ substituteInPlace $out/share/applications/${pname}.desktop \
+ --replace 'Exec=AppRun --no-sandbox %U' "Exec=$out/bin/${pname}"
+ '';
+
+ meta = with lib; {
+ description = "Crypto.org Chain desktop wallet (Beta)";
+ homepage = "https://github.com/crypto-com/chain-desktop-wallet";
+ license = licenses.asl20;
+ maintainers = with maintainers; [ th0rgal ];
+ platforms = [ "x86_64-linux" ];
+ };
+}
diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json
index 723ea6235c2f..cc99017a0972 100644
--- a/pkgs/applications/networking/browsers/chromium/upstream-info.json
+++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json
@@ -1,8 +1,8 @@
{
"stable": {
- "version": "89.0.4389.90",
- "sha256": "16i7bgk2jbcqs2p28nk5mlf0k6wah594pcsfm8b154nxbyf0iihi",
- "sha256bin64": "1hgpx7isp9krarj7jpbhs97ym4i9j9a1srywv9pdfzbhw6cid2pk",
+ "version": "89.0.4389.114",
+ "sha256": "007df9p78bbmk3iyfi8qn57mmn68qqrdhx6z8n2hl8ksd7lspw7j",
+ "sha256bin64": "06wblyvyr93032fbzwm6qpzz4jjm6adziq4i4n6kmfdix2ajif8a",
"deps": {
"gn": {
"version": "2021-01-07",
diff --git a/pkgs/applications/networking/browsers/lagrange/default.nix b/pkgs/applications/networking/browsers/lagrange/default.nix
index deea3decc294..30e154e5222c 100644
--- a/pkgs/applications/networking/browsers/lagrange/default.nix
+++ b/pkgs/applications/networking/browsers/lagrange/default.nix
@@ -14,13 +14,13 @@
stdenv.mkDerivation rec {
pname = "lagrange";
- version = "1.2.2";
+ version = "1.3.0";
src = fetchFromGitHub {
owner = "skyjake";
repo = "lagrange";
rev = "v${version}";
- sha256 = "sha256-Y+BiXKxlUSZXaLcz75l333ZBkKyII9IyTmKQwjshBkE=";
+ sha256 = "sha256-85KshJEL7ri10mSm/KgcT03WLEwRMMTGczb6mGx66Jw=";
fetchSubmodules = true;
};
diff --git a/pkgs/applications/networking/instant-messengers/slack/default.nix b/pkgs/applications/networking/instant-messengers/slack/default.nix
index 091b12cd2945..1775e45d4e6e 100644
--- a/pkgs/applications/networking/instant-messengers/slack/default.nix
+++ b/pkgs/applications/networking/instant-messengers/slack/default.nix
@@ -26,6 +26,7 @@
, libuuid
, libxcb
, libxkbcommon
+, libxshmfence
, mesa
, nspr
, nss
@@ -117,6 +118,7 @@ let
xorg.libXi
xorg.libXrandr
xorg.libXrender
+ xorg.libxshmfence
xorg.libXtst
xorg.libxkbfile
] + ":${stdenv.cc.cc.lib}/lib64";
diff --git a/pkgs/applications/window-managers/i3/auto-layout.nix b/pkgs/applications/window-managers/i3/auto-layout.nix
new file mode 100644
index 000000000000..d24715aa9804
--- /dev/null
+++ b/pkgs/applications/window-managers/i3/auto-layout.nix
@@ -0,0 +1,26 @@
+{ lib, rustPlatform, fetchFromGitHub }:
+
+rustPlatform.buildRustPackage rec {
+ pname = "i3-auto-layout";
+ version = "0.2";
+
+ src = fetchFromGitHub {
+ owner = "chmln";
+ repo = pname;
+ rev = "v${version}";
+ sha256 = "0ps08lga6qkgc8cgf5cx2lgwlqcnd2yazphh9xd2fznnzrllfxxz";
+ };
+
+ cargoSha256 = "1ch5mh515rlqmr65x96xcvrx6iaigqgjxc7sbwbznzkc5kmvwhc0";
+
+ # Currently no tests are implemented, so we avoid building the package twice
+ doCheck = false;
+
+ meta = with lib; {
+ description = "Automatic, optimal tiling for i3wm";
+ homepage = "https://github.com/chmln/i3-auto-layout";
+ license = licenses.mit;
+ maintainers = with maintainers; [ mephistophiles ];
+ platforms = platforms.linux;
+ };
+}
diff --git a/pkgs/development/libraries/qt-5/5.15/default.nix b/pkgs/development/libraries/qt-5/5.15/default.nix
index c32f4b001e9d..f969254b5952 100644
--- a/pkgs/development/libraries/qt-5/5.15/default.nix
+++ b/pkgs/development/libraries/qt-5/5.15/default.nix
@@ -203,7 +203,9 @@ let
qtvirtualkeyboard = callPackage ../modules/qtvirtualkeyboard.nix {};
qtwayland = callPackage ../modules/qtwayland.nix {};
qtwebchannel = callPackage ../modules/qtwebchannel.nix {};
- qtwebengine = callPackage ../modules/qtwebengine.nix {};
+ qtwebengine = callPackage ../modules/qtwebengine.nix {
+ inherit (srcs.qtwebengine) version;
+ };
qtwebglplugin = callPackage ../modules/qtwebglplugin.nix {};
qtwebkit = callPackage ../modules/qtwebkit.nix {};
qtwebsockets = callPackage ../modules/qtwebsockets.nix {};
diff --git a/pkgs/development/libraries/qt-5/modules/qtwebengine.nix b/pkgs/development/libraries/qt-5/modules/qtwebengine.nix
index f994c7ef6c9a..cd3fa583303d 100644
--- a/pkgs/development/libraries/qt-5/modules/qtwebengine.nix
+++ b/pkgs/development/libraries/qt-5/modules/qtwebengine.nix
@@ -17,6 +17,7 @@
, cups, darwin, openbsm, runCommand, xcbuild, writeScriptBin
, ffmpeg_3 ? null
, lib, stdenv, fetchpatch
+, version ? null
, qtCompatVersion
}:
@@ -230,6 +231,9 @@ qtModule {
[Paths]
Prefix = ..
EOF
+ '' + lib.optionalString (lib.versions.majorMinor qtCompatVersion == "5.15") ''
+ # Fix for out-of-sync QtWebEngine and Qt releases (since 5.15.3)
+ sed 's/${lib.head (lib.splitString "-" version)} /${qtCompatVersion} /' -i "$out"/lib/cmake/*/*Config.cmake
'';
meta = with lib; {
diff --git a/pkgs/development/libraries/zlib-ng/default.nix b/pkgs/development/libraries/zlib-ng/default.nix
new file mode 100644
index 000000000000..7ba07cd92407
--- /dev/null
+++ b/pkgs/development/libraries/zlib-ng/default.nix
@@ -0,0 +1,34 @@
+{ lib, stdenv, fetchFromGitHub
+, cmake, pkg-config
+, withZlibCompat ? false
+}:
+
+stdenv.mkDerivation rec {
+ pname = "zlib-ng";
+ version = "2.0.2";
+
+ src = fetchFromGitHub {
+ owner = "zlib-ng";
+ repo = "zlib-ng";
+ rev = version;
+ sha256 = "1cl6asrav2512j7p02zcpibywjljws0m7aazvb3q2r9qiyvyswji";
+ };
+
+ outputs = [ "out" "dev" "bin" ];
+
+ nativeBuildInputs = [ cmake pkg-config ];
+
+ cmakeFlags = [
+ "-DCMAKE_INSTALL_PREFIX=/"
+ "-DBUILD_SHARED_LIBS=ON"
+ "-DINSTALL_UTILS=ON"
+ ] ++ lib.optionals withZlibCompat [ "-DZLIB_COMPAT=ON" ];
+
+ meta = with lib; {
+ description = "zlib data compression library for the next generation systems";
+ homepage = "https://github.com/zlib-ng/zlib-ng";
+ license = licenses.zlib;
+ platforms = platforms.all;
+ maintainers = with maintainers; [ izorkin ];
+ };
+}
diff --git a/pkgs/development/python-modules/boto3/default.nix b/pkgs/development/python-modules/boto3/default.nix
index c287295b61d0..bf5604e6d981 100644
--- a/pkgs/development/python-modules/boto3/default.nix
+++ b/pkgs/development/python-modules/boto3/default.nix
@@ -13,11 +13,11 @@
buildPythonPackage rec {
pname = "boto3";
- version = "1.17.40"; # N.B: if you change this, change botocore and awscli to a matching version
+ version = "1.17.41"; # N.B: if you change this, change botocore and awscli to a matching version
src = fetchPypi {
inherit pname version;
- sha256 = "sha256-7pmbRrLGMOUOewUtbf4iQgOjSNg7AOFoylAAmvDydsE=";
+ sha256 = "sha256-2FsOBdfelhabACS3aykr5isB729cqFOlElBjRrgtKrs=";
};
propagatedBuildInputs = [ botocore jmespath s3transfer ] ++ lib.optionals (!isPy3k) [ futures ];
diff --git a/pkgs/development/python-modules/botocore/default.nix b/pkgs/development/python-modules/botocore/default.nix
index 039d52baa9fd..a0555d7f1ca7 100644
--- a/pkgs/development/python-modules/botocore/default.nix
+++ b/pkgs/development/python-modules/botocore/default.nix
@@ -13,11 +13,11 @@
buildPythonPackage rec {
pname = "botocore";
- version = "1.20.40"; # N.B: if you change this, change boto3 and awscli to a matching version
+ version = "1.20.41"; # N.B: if you change this, change boto3 and awscli to a matching version
src = fetchPypi {
inherit pname version;
- sha256 = "sha256-ajWpl3zb16g52UjdX549JgwZt93nTgqETJcgaITTu6A=";
+ sha256 = "sha256-Y/ZQ/Ja84UHoGUp2HmiQ/qL7puASU676Ma5p8UUBXCE=";
};
propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/sagemaker/default.nix b/pkgs/development/python-modules/sagemaker/default.nix
index c62f5ede3cad..836407524365 100644
--- a/pkgs/development/python-modules/sagemaker/default.nix
+++ b/pkgs/development/python-modules/sagemaker/default.nix
@@ -10,6 +10,7 @@
, protobuf3-to-dict
, smdebug-rulesconfig
, pandas
+, packaging
}:
buildPythonPackage rec {
@@ -32,6 +33,7 @@ buildPythonPackage rec {
google-pasta
importlib-metadata
numpy
+ packaging
protobuf
protobuf3-to-dict
smdebug-rulesconfig
diff --git a/pkgs/development/tools/heroku/default.nix b/pkgs/development/tools/heroku/default.nix
index 81c059d2939f..35fccf0e62ee 100644
--- a/pkgs/development/tools/heroku/default.nix
+++ b/pkgs/development/tools/heroku/default.nix
@@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "heroku";
- version = "7.47.11";
+ version = "7.51.0";
src = fetchurl {
url = "https://cli-assets.heroku.com/heroku-v${version}/heroku-v${version}.tar.xz";
- sha256 = "1inf2radpkd9jndap91cw0wbb2qmi71i287vyydl492372cf3cs2";
+ sha256 = "0wcqk4iy4r57k6fd6l0732yp5mclqfla1lfvx96ay45jnhh7rknx";
};
nativeBuildInputs = [ makeWrapper ];
diff --git a/pkgs/games/empty-epsilon/default.nix b/pkgs/games/empty-epsilon/default.nix
index dc761fb7d7a2..d444c50d976d 100644
--- a/pkgs/games/empty-epsilon/default.nix
+++ b/pkgs/games/empty-epsilon/default.nix
@@ -2,21 +2,23 @@
let
- major = "2020";
- minor = "11";
- patch = "23";
+ major = "2021";
+ minor = "03";
+ patch.seriousproton = "30";
+ patch.emptyepsilon = "31";
- version = "${major}.${minor}.${patch}";
+ version.seriousproton = "${major}.${minor}.${patch.seriousproton}";
+ version.emptyepsilon = "${major}.${minor}.${patch.emptyepsilon}";
serious-proton = stdenv.mkDerivation {
pname = "serious-proton";
- inherit version;
+ version = version.seriousproton;
src = fetchFromGitHub {
owner = "daid";
repo = "SeriousProton";
- rev = "EE-${version}";
- sha256 = "sha256-/gwJPlvvOCv5XIsiVgZ8Eb/7vgwG/V+s/soGVCfYrwo=";
+ rev = "EE-${version.seriousproton}";
+ sha256 = "sha256-wxb/CxJ/HKsVngeahjygZFPMMxitkHdVD0EQ3svxgIU=";
};
nativeBuildInputs = [ cmake ];
@@ -36,13 +38,13 @@ in
stdenv.mkDerivation {
pname = "empty-epsilon";
- inherit version;
+ version = version.emptyepsilon;
src = fetchFromGitHub {
owner = "daid";
repo = "EmptyEpsilon";
- rev = "EE-${version}";
- sha256 = "sha256-HbF6xThR+ogNHbAcXF03DaBhwVhNEr5BJO7jeeVZH/o=";
+ rev = "EE-${version.emptyepsilon}";
+ sha256 = "sha256-x0XJPMU0prubTb4ti/W/dH5P9abNwbjqkeUhKQpct9o=";
};
nativeBuildInputs = [ cmake ];
@@ -50,10 +52,10 @@ stdenv.mkDerivation {
cmakeFlags = [
"-DSERIOUS_PROTON_DIR=${serious-proton.src}"
- "-DCPACK_PACKAGE_VERSION=${version}"
+ "-DCPACK_PACKAGE_VERSION=${version.emptyepsilon}"
"-DCPACK_PACKAGE_VERSION_MAJOR=${major}"
"-DCPACK_PACKAGE_VERSION_MINOR=${minor}"
- "-DCPACK_PACKAGE_VERSION_PATCH=${patch}"
+ "-DCPACK_PACKAGE_VERSION_PATCH=${patch.emptyepsilon}"
];
meta = with lib; {
diff --git a/pkgs/games/steam/fhsenv.nix b/pkgs/games/steam/fhsenv.nix
index 3600b2f1442a..1a2ca5161eb7 100644
--- a/pkgs/games/steam/fhsenv.nix
+++ b/pkgs/games/steam/fhsenv.nix
@@ -106,6 +106,7 @@ in buildFHSUserEnv rec {
gst_all_1.gst-plugins-ugly
gst_all_1.gst-plugins-base
libdrm
+ libxkbcommon # paradox launcher
mono
xorg.xkeyboardconfig
xorg.libpciaccess
@@ -205,7 +206,6 @@ in buildFHSUserEnv rec {
libidn
tbb
wayland
- libxkbcommon
# Other things from runtime
flac
diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json
index a8cdaafcdfe5..a3f67106781a 100644
--- a/pkgs/os-specific/linux/kernel/hardened/patches.json
+++ b/pkgs/os-specific/linux/kernel/hardened/patches.json
@@ -13,15 +13,15 @@
},
"5.10": {
"extra": "-hardened1",
- "name": "linux-hardened-5.10.25-hardened1.patch",
- "sha256": "0d5fid229769frifr7g20ly553gxdqqvajfwyzqwjpr82jjzxlis",
- "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.25-hardened1/linux-hardened-5.10.25-hardened1.patch"
+ "name": "linux-hardened-5.10.26-hardened1.patch",
+ "sha256": "08f4yks3fjv5zi85zbxa3aqfllb6nbr58hm6kchd83l6rknnix4r",
+ "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.26-hardened1/linux-hardened-5.10.26-hardened1.patch"
},
"5.11": {
"extra": "-hardened1",
- "name": "linux-hardened-5.11.9-hardened1.patch",
- "sha256": "169jcalr81ckad08vx489h8j6k42s0rzxbpkr6knyrd7rv06ddk0",
- "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.11.9-hardened1/linux-hardened-5.11.9-hardened1.patch"
+ "name": "linux-hardened-5.11.10-hardened1.patch",
+ "sha256": "16083fvl5km751dps7mzjc2fl1qp9jqnyn7lg8jlfxc8w32bbxwv",
+ "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.11.10-hardened1/linux-hardened-5.11.10-hardened1.patch"
},
"5.4": {
"extra": "-hardened1",
diff --git a/pkgs/os-specific/linux/kernel/linux-5.11.nix b/pkgs/os-specific/linux/kernel/linux-5.11.nix
index cf9302757f6e..945c74e8dd99 100644
--- a/pkgs/os-specific/linux/kernel/linux-5.11.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.11.nix
@@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
- version = "5.11.9";
+ version = "5.11.10";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
- sha256 = "0dcqn6s85sd4zl7rv8ay88p5z12xvy2rma0dx6g6b480rg68sxal";
+ sha256 = "07fw48sy8p17jmm24x3rl99cwxiwhwjrxnmy3g542w9kzawaqwnk";
};
} // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix
index 0f017bb4b24c..cd6273d21e9e 100644
--- a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix
+++ b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix
@@ -6,7 +6,7 @@
, ... } @ args:
let
- version = "5.10.21-rt34"; # updated by ./update-rt.sh
+ version = "5.10.25-rt35"; # updated by ./update-rt.sh
branch = lib.versions.majorMinor version;
kversion = builtins.elemAt (lib.splitString "-" version) 0;
in buildLinux (args // {
@@ -18,14 +18,14 @@ in buildLinux (args // {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz";
- sha256 = "1bz2gmyvpl4vsk0r6fsnh451fzvvfbv63rw8ia75gfv52vzyczwy";
+ sha256 = "1p8s8vp5b6vjmvhj3plm0pr0d9qp5lrwm6l40a4bjr1vk9myf2lk";
};
kernelPatches = let rt-patch = {
name = "rt";
patch = fetchurl {
url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz";
- sha256 = "12c2qpifcgij7hilhd7xrnqaz04gqf41m93pmlm8cv4nxz58cy36";
+ sha256 = "0kvawcyxg0xzhx73xs9g9s0hr7bs44sy4zvfzvcg2m9hdyafry0k";
};
}; in [ rt-patch ] ++ lib.remove rt-patch kernelPatches;
diff --git a/pkgs/servers/http/envoy/default.nix b/pkgs/servers/http/envoy/default.nix
index 3a4535281513..e6ecbb868603 100644
--- a/pkgs/servers/http/envoy/default.nix
+++ b/pkgs/servers/http/envoy/default.nix
@@ -6,6 +6,7 @@
, go
, ninja
, python3
+, nixosTests
}:
let
@@ -110,6 +111,11 @@ buildBazelPackage rec {
"--cxxopt=-Wno-uninitialized"
];
+ passthru.tests = {
+ # No tests for Envoy itself (yet), but it's tested as a core component of Pomerium.
+ inherit (nixosTests) pomerium;
+ };
+
meta = with lib; {
homepage = "https://envoyproxy.io";
description = "Cloud-native edge and service proxy";
diff --git a/pkgs/servers/http/nginx/mainline.nix b/pkgs/servers/http/nginx/mainline.nix
index 0c33ab431de0..0409f6a26ea4 100644
--- a/pkgs/servers/http/nginx/mainline.nix
+++ b/pkgs/servers/http/nginx/mainline.nix
@@ -1,6 +1,6 @@
{ callPackage, ... }@args:
callPackage ./generic.nix args {
- version = "1.19.8";
- sha256 = "01cb6hsaik1sfjihbrldmwrcn54gk4plfy350sl1b4rml6qik29h";
+ version = "1.19.9";
+ sha256 = "0hfqqyfgqa6wqazmb3d434nb3r5p8szfisa0m6nfh9lqdbqdyd9f";
}
diff --git a/pkgs/servers/http/pomerium/default.nix b/pkgs/servers/http/pomerium/default.nix
new file mode 100644
index 000000000000..0605a12eca47
--- /dev/null
+++ b/pkgs/servers/http/pomerium/default.nix
@@ -0,0 +1,80 @@
+{ buildGoModule
+, fetchFromGitHub
+, lib
+, envoy
+, zip
+, nixosTests
+}:
+
+let
+ inherit (lib) concatStringsSep mapAttrsToList;
+in
+buildGoModule rec {
+ pname = "pomerium";
+ version = "0.13.3";
+ src = fetchFromGitHub {
+ owner = "pomerium";
+ repo = "pomerium";
+ rev = "v${version}";
+ hash = "sha256-g0w1aIHvf2rJANvGWHeUxdnyCDsvy/PQ9Kp8nDdT/0w=";
+ };
+
+ vendorSha256 = "sha256-grihU85OcGyf9/KKrv87xZonX5r+Z1oHQTf84Ya61fg=";
+ subPackages = [
+ "cmd/pomerium"
+ "cmd/pomerium-cli"
+ ];
+
+ buildFlagsArray = let
+ # Set a variety of useful meta variables for stamping the build with.
+ setVars = {
+ Version = "v${version}";
+ BuildMeta = "nixpkgs";
+ ProjectName = "pomerium";
+ ProjectURL = "github.com/pomerium/pomerium";
+ };
+ varFlags = concatStringsSep " " (mapAttrsToList (name: value: "-X github.com/pomerium/pomerium/internal/version.${name}=${value}") setVars);
+ in [
+ "-ldflags=${varFlags}"
+ ];
+
+ nativeBuildInputs = [
+ zip
+ ];
+
+ # Pomerium expects to have envoy append to it in a zip.
+ # We use a store-only (-0) zip, so that the Nix scanner can find any store references we had in the envoy binary.
+ postBuild = ''
+ # Append Envoy
+ pushd $NIX_BUILD_TOP
+ mkdir -p envoy
+ cd envoy
+ cp ${envoy}/bin/envoy envoy
+ zip -0 envoy.zip envoy
+ popd
+
+ mv $GOPATH/bin/pomerium $GOPATH/bin/pomerium.old
+ cat $GOPATH/bin/pomerium.old $NIX_BUILD_TOP/envoy/envoy.zip >$GOPATH/bin/pomerium
+ zip --adjust-sfx $GOPATH/bin/pomerium
+ '';
+
+ # We also need to set dontStrip to avoid having the envoy ZIP stripped off the end.
+ dontStrip = true;
+
+ installPhase = ''
+ install -Dm0755 $GOPATH/bin/pomerium $out/bin/pomerium
+ install -Dm0755 $GOPATH/bin/pomerium-cli $out/bin/pomerium-cli
+ '';
+
+ passthru.tests = {
+ inherit (nixosTests) pomerium;
+ };
+
+ meta = with lib; {
+ homepage = "https://pomerium.io";
+ description = "Authenticating reverse proxy";
+ license = licenses.asl20;
+ maintainers = with maintainers; [ lukegb ];
+ platforms = [ "x86_64-linux" ]; # Envoy derivation is x86_64-linux only.
+ };
+}
diff --git a/pkgs/shells/zsh/oh-my-zsh/default.nix b/pkgs/shells/zsh/oh-my-zsh/default.nix
index 19ab0ee44eb5..f25e71476380 100644
--- a/pkgs/shells/zsh/oh-my-zsh/default.nix
+++ b/pkgs/shells/zsh/oh-my-zsh/default.nix
@@ -5,15 +5,15 @@
, git, nix, nixfmt, jq, coreutils, gnused, curl, cacert }:
stdenv.mkDerivation rec {
- version = "2021-03-28";
+ version = "2021-03-31";
pname = "oh-my-zsh";
- rev = "69507c9518f7c7889d8f47ec8e67bfda02405817";
+ rev = "2b1d4122796fea12dcaa7545cfca59fb43e6393e";
src = fetchFromGitHub {
inherit rev;
owner = "ohmyzsh";
repo = "ohmyzsh";
- sha256 = "0p5jjynwnf6yh2n0z46avavy7kb7dlqd145hd1qakig7csaclphd";
+ sha256 = "1c1hcmvfrfwds1zn165vpfh11a19s6kb20bxy2dzpby5cs15g6bc";
};
installPhase = ''
diff --git a/pkgs/tools/admin/awscli/default.nix b/pkgs/tools/admin/awscli/default.nix
index ff244501516b..943c69e76294 100644
--- a/pkgs/tools/admin/awscli/default.nix
+++ b/pkgs/tools/admin/awscli/default.nix
@@ -21,11 +21,11 @@ let
in
with py.pkgs; buildPythonApplication rec {
pname = "awscli";
- version = "1.19.40"; # N.B: if you change this, change botocore and boto3 to a matching version too
+ version = "1.19.41"; # N.B: if you change this, change botocore and boto3 to a matching version too
src = fetchPypi {
inherit pname version;
- sha256 = "sha256-J1IuTA/DrBCDclRA3cjAU71Um4Eygjgo+rMTyvT/my4=";
+ sha256 = "sha256-DKKE2iMn6BHmcohHY6Uv7q9Om8FkbTbsk0CaxueBJHA=";
};
# https://github.com/aws/aws-cli/issues/4837
diff --git a/pkgs/tools/audio/abcmidi/default.nix b/pkgs/tools/audio/abcmidi/default.nix
index 26484b436c95..e1c2844813d4 100644
--- a/pkgs/tools/audio/abcmidi/default.nix
+++ b/pkgs/tools/audio/abcmidi/default.nix
@@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "abcMIDI";
- version = "2021.03.27";
+ version = "2021.03.30";
src = fetchzip {
url = "https://ifdo.ca/~seymour/runabc/${pname}-${version}.zip";
- sha256 = "sha256-dOUdxH1jJUr9MkU6mf0nwbjY5NYUJpHGkjUZWbRSGsw=";
+ sha256 = "sha256-eOQbvs/mtFn7AmvSezO/jRm8+cO5tF7ggcF9DwwfqVc=";
};
meta = with lib; {
diff --git a/pkgs/tools/networking/oneshot/default.nix b/pkgs/tools/networking/oneshot/default.nix
index 0f886fda03c9..48c20643580f 100644
--- a/pkgs/tools/networking/oneshot/default.nix
+++ b/pkgs/tools/networking/oneshot/default.nix
@@ -2,16 +2,16 @@
buildGoModule rec {
pname = "oneshot";
- version = "1.3.1";
+ version = "1.4.1";
src = fetchFromGitHub {
owner = "raphaelreyna";
repo = "oneshot";
rev = "v${version}";
- sha256 = "047mncv9abs4xj7bh9lhc3wan37cldjjyrpkis7pvx6zhzml74kf";
+ sha256 = "sha256-UD67xYBb1rvGMSPurte5z2Hcd7+JtXDPbgp3BVBdLuk=";
};
- vendorSha256 = "1cxr96yrrmz37r542mc5376jll9lqjqm18k8761h9jqfbzmh9rkp";
+ vendorSha256 = "sha256-d+YE618OywSDOWiiULHENFEqzRmFVUFKPuPXnL1JubM=";
doCheck = false;
diff --git a/pkgs/tools/security/prs/default.nix b/pkgs/tools/security/prs/default.nix
index 64028b3f4432..2d96c89970ec 100644
--- a/pkgs/tools/security/prs/default.nix
+++ b/pkgs/tools/security/prs/default.nix
@@ -12,16 +12,16 @@
rustPlatform.buildRustPackage rec {
pname = "prs";
- version = "0.2.6";
+ version = "0.2.7";
src = fetchFromGitLab {
owner = "timvisee";
repo = "prs";
rev = "v${version}";
- sha256 = "sha256-2fpR9XCcKby+hI7Dzpr2qi1QgOzdgJp0Um57tQmi01A=";
+ sha256 = "sha256-1Jrgf5UW6k0x3q6kQIB6Q7moOhConEnUU9r+21W5Uu8=";
};
- cargoSha256 = "sha256-0oWNGrJ24gPkPp5PR/pQ1tIYkXztQJFAdPz162V5THY=";
+ cargoSha256 = "sha256-N3pLW/OGeurrl+AlwdfbZ3T7WzEOAuyUMdIR164Xp7k=";
postPatch = ''
# The GPGME backend is recommended
diff --git a/pkgs/tools/video/play-with-mpv/default.nix b/pkgs/tools/video/play-with-mpv/default.nix
new file mode 100644
index 000000000000..d9ab0493160e
--- /dev/null
+++ b/pkgs/tools/video/play-with-mpv/default.nix
@@ -0,0 +1,35 @@
+{ lib, python3Packages, fetchFromGitHub, fetchurl, youtube-dl, git }:
+
+let
+ install_freedesktop = fetchurl {
+ url = "https://github.com/thann/install_freedesktop/tarball/2673e8da4a67bee0ffc52a0ea381a541b4becdd4";
+ sha256 = "0j8d5jdcyqbl5p6sc1ags86v3hr2sghmqqi99d1mvc064g90ckrv";
+ };
+in
+python3Packages.buildPythonApplication rec {
+ pname = "play-with-mpv";
+ version = "unstable-2020-05-18";
+
+ src = fetchFromGitHub {
+ owner = "thann";
+ repo = "play-with-mpv";
+ rev = "656448e03fe9de9e8bd21959f2a3b47c4acb8c3e";
+ sha256 = "1qma8b3lnkdhxdjsnrq7n9zgy53q62j4naaqqs07kjxbn72zb4p4";
+ };
+
+ nativeBuildInputs = [ git ];
+ propagatedBuildInputs = [ youtube-dl ];
+
+ postPatch = ''
+ substituteInPlace setup.py --replace \
+ '"https://github.com/thann/install_freedesktop/tarball/master#egg=install_freedesktop-0.2.0"' \
+ '"file://${install_freedesktop}#egg=install_freedesktop-0.2.0"'
+ '';
+
+ meta = with lib; {
+ description = "Chrome extension and python server that allows you to play videos in webpages with MPV instead";
+ homepage = "https://github.com/Thann/play-with-mpv";
+ license = licenses.mit;
+ maintainers = with maintainers; [ dawidsowa ];
+ };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 09e0fd1265a3..fae0a4958941 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -1496,6 +1496,8 @@ in
pebble = callPackage ../tools/admin/pebble { };
+ play-with-mpv = callPackage ../tools/video/play-with-mpv { };
+
reattach-to-user-namespace = callPackage ../os-specific/darwin/reattach-to-user-namespace {};
skhd = callPackage ../os-specific/darwin/skhd {
@@ -17781,6 +17783,8 @@ in
zlib = callPackage ../development/libraries/zlib { };
+ zlib-ng = callPackage ../development/libraries/zlib-ng { };
+
libdynd = callPackage ../development/libraries/libdynd { };
zlog = callPackage ../development/libraries/zlog { };
@@ -18535,6 +18539,8 @@ in
};
pflogsumm = callPackage ../servers/mail/postfix/pflogsumm.nix { };
+ pomerium = callPackage ../servers/http/pomerium { };
+
postgrey = callPackage ../servers/mail/postgrey { };
pshs = callPackage ../servers/http/pshs { };
@@ -19889,7 +19895,7 @@ in
});
# The current default kernel / kernel modules.
- linuxPackages = linuxPackages_5_4;
+ linuxPackages = linuxPackages_5_10;
linux = linuxPackages.kernel;
# Update this when adding the newest kernel major version!
@@ -23364,6 +23370,8 @@ in
xcb-util-cursor = if stdenv.isDarwin then xcb-util-cursor-HEAD else xcb-util-cursor;
};
+ i3-auto-layout = callPackage ../applications/window-managers/i3/auto-layout.nix { };
+
i3-gaps = callPackage ../applications/window-managers/i3/gaps.nix { };
i3altlayout = callPackage ../applications/window-managers/i3/altlayout.nix { };
@@ -28624,6 +28632,8 @@ in
cryptoverif = callPackage ../applications/science/logic/cryptoverif { };
+ crypto-org-wallet = callPackage ../applications/blockchains/crypto-org-wallet.nix { };
+
caprice32 = callPackage ../misc/emulators/caprice32 { };
cubicle = callPackage ../applications/science/logic/cubicle {