Merge staging-next into staging
This commit is contained in:
commit
6935cd110f
@ -15,6 +15,10 @@ stdenv.mkDerivation rec {
|
||||
cp makefiles/makefile.defs.linux.pulse makefile.defs
|
||||
'';
|
||||
|
||||
makeFlags = [
|
||||
"AR=${stdenv.cc.targetPrefix}ar"
|
||||
];
|
||||
|
||||
installPhase = ''
|
||||
install -Dt $out/bin praat
|
||||
'';
|
||||
|
@ -8,13 +8,13 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "pt2-clone";
|
||||
version = "1.46";
|
||||
version = "1.49";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "8bitbubsy";
|
||||
repo = "pt2-clone";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-xRq37hjuMiGxsWRnZ/ryXYLvQpjbfQEjQkMjjuqL7r8=";
|
||||
sha256 = "sha256-mE7mcaQCJlMzFTec9/faTyIZ7aoA4ygn60wS5QgVF7k=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake ];
|
||||
|
@ -2,13 +2,13 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "clifm";
|
||||
version = "1.4";
|
||||
version = "1.5.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "leo-arch";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-62WxvJsXkzvDqFGFpid9VDB1mARgllkKnb6mFC5pdl8=";
|
||||
sha256 = "sha256-JdVRi5xHKpYjP8h7df4WdizSU1dy+CtPfOiPEK+MEOE=";
|
||||
};
|
||||
|
||||
buildInputs = [ libcap acl file readline ];
|
||||
|
@ -1,22 +1,16 @@
|
||||
{ lib, stdenv, fetchurl
|
||||
, unzip
|
||||
{ lib, stdenv, fetchzip
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "widevine";
|
||||
version = "4.10.2449.0";
|
||||
|
||||
src = fetchurl {
|
||||
src = fetchzip {
|
||||
url = "https://dl.google.com/widevine-cdm/${version}-linux-x64.zip";
|
||||
sha256 = "sha256-XZuXK3NCfqbaQ1tuMOXj/U4yJC18futqo1WjuMqMrRA=";
|
||||
sha256 = "sha256-f2kAkP+s3fB+krEZsiujEoI4oznkzSyaIB/CRJZWlXE=";
|
||||
stripRoot = false;
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ unzip ];
|
||||
|
||||
unpackPhase = ''
|
||||
unzip $src
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
install -vD manifest.json $out/share/google/chrome/WidevineCdm/manifest.json
|
||||
install -vD LICENSE.txt $out/share/google/chrome/WidevineCdm/LICENSE.txt
|
||||
|
@ -46,7 +46,7 @@ let
|
||||
version = {
|
||||
aarch64-darwin = "5.10.4.6592";
|
||||
x86_64-darwin = "5.10.4.6592";
|
||||
x86_64-linux = "5.10.4.2845";
|
||||
x86_64-linux = "5.10.6.3192";
|
||||
}.${system} or throwSystem;
|
||||
|
||||
srcs = {
|
||||
@ -60,7 +60,7 @@ let
|
||||
};
|
||||
x86_64-linux = fetchurl {
|
||||
url = "https://zoom.us/client/${version}/zoom_x86_64.pkg.tar.xz";
|
||||
sha256 = "9gspydrGaEjzAM0nK1u0XNm07HTupJ2wnPxCFWy+Nts=";
|
||||
sha256 = "8QIkF5+875VFoGK6T0CROsqML6bJDG934c1gkuz8Klk=";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -6,7 +6,7 @@
|
||||
|
||||
mkDerivation rec {
|
||||
pname = "qgroundcontrol";
|
||||
version = "4.2.0";
|
||||
version = "4.2.1";
|
||||
|
||||
qtInputs = [
|
||||
qtbase qtcharts qtlocation qtserialport qtsvg qtquickcontrols2
|
||||
@ -64,7 +64,7 @@ mkDerivation rec {
|
||||
owner = "mavlink";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-TBnJQKO9cwxP9q+bIB1CaGnm9npymJ3iEAD9kPJi9JA=";
|
||||
sha256 = "sha256-7POrc6RUm3GVx3KuPUBNbKRUvUmA2UkEL7ezQVQt/yo=";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
|
@ -2,16 +2,16 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "gh";
|
||||
version = "2.10.1";
|
||||
version = "2.11.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "cli";
|
||||
repo = "cli";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-2lIHEO4+oW9+C7VSulmVwZJ1l6RYBbV6wlKMvdOGqi8=";
|
||||
sha256 = "sha256-VWbkthOaq34tAiBkPlCXmz32RrJfO6dfVS+LLls39jA=";
|
||||
};
|
||||
|
||||
vendorSha256 = "sha256-EFJfd6sUK5iquFW0kXaiH6tLiNqbZNe9awpIqmqhp7I=";
|
||||
vendorSha256 = "sha256-soNQXtpQ217scP606UA05+r9WIrUAMOCDBsfLKrVD+Q=";
|
||||
|
||||
nativeBuildInputs = [ installShellFiles ];
|
||||
|
||||
|
@ -2,10 +2,10 @@
|
||||
, ncurses
|
||||
, libX11, xorgproto, buildEnv
|
||||
, fetchpatch
|
||||
, useX11 ? stdenv.hostPlatform.isx86
|
||||
}:
|
||||
|
||||
let
|
||||
useX11 = stdenv.hostPlatform.isx86;
|
||||
x11deps = [ libX11 xorgproto ];
|
||||
inherit (lib) optionals;
|
||||
|
||||
|
@ -6,11 +6,11 @@ rubyVersion = callPackage ../ruby/ruby-version.nix {} "2" "5" "7" "";
|
||||
jruby = stdenv.mkDerivation rec {
|
||||
pname = "jruby";
|
||||
|
||||
version = "9.3.3.0";
|
||||
version = "9.3.4.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://s3.amazonaws.com/jruby.org/downloads/${version}/jruby-bin-${version}.tar.gz";
|
||||
sha256 = "sha256-Pagoy+KH1UaFB/HCxCvvbPNLxTYbzWpdmcIHshuf3Fw=";
|
||||
sha256 = "sha256-UxVE0yeocVXYyATxU6LfPPBPAYJWHLLdLJNy9IYFtlw=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
buildDunePackage rec {
|
||||
pname = "linenoise";
|
||||
version = "1.3.0";
|
||||
version = "1.3.1";
|
||||
|
||||
useDune2 = true;
|
||||
|
||||
@ -12,7 +12,7 @@ buildDunePackage rec {
|
||||
owner = "fxfactorial";
|
||||
repo = "ocaml-${pname}";
|
||||
rev = "v${version}";
|
||||
sha256 = "0m9mm1arsawi5w5aqm57z41sy1wfxvhfgbdiw7hzy631i391144g";
|
||||
sha256 = "sha256-5DlF56reh52Tvbi3wGK8ZrPBAYK0ZTBV3jz8qUsyKGk=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [ result ];
|
||||
|
@ -1,7 +1,13 @@
|
||||
{ lib, buildPythonPackage, fetchPypi
|
||||
, django-environ, mock, django
|
||||
, pytest, pytest-runner, pytest-django
|
||||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchPypi
|
||||
, django-environ
|
||||
, mock
|
||||
, django
|
||||
, pytestCheckHook
|
||||
, pytest-django
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "django-guardian";
|
||||
version = "2.4.0";
|
||||
@ -11,12 +17,21 @@ buildPythonPackage rec {
|
||||
sha256 = "c58a68ae76922d33e6bdc0e69af1892097838de56e93e78a8361090bcd9f89a0";
|
||||
};
|
||||
|
||||
checkInputs = [ pytest pytest-runner pytest-django django-environ mock ];
|
||||
propagatedBuildInputs = [ django ];
|
||||
|
||||
checkInputs = [
|
||||
django-environ
|
||||
mock
|
||||
pytestCheckHook
|
||||
pytest-django
|
||||
];
|
||||
|
||||
pythonImportsCheck = [ "guardian" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Per object permissions for Django";
|
||||
homepage = "https://github.com/django-guardian/django-guardian";
|
||||
license = [ licenses.mit licenses.bsd2 ];
|
||||
license = with licenses; [ mit bsd2 ];
|
||||
maintainers = with maintainers; [ SuperSandro2000 ];
|
||||
};
|
||||
}
|
@ -1,26 +1,52 @@
|
||||
{ lib, buildPythonPackage, fetchFromGitHub, django, pytz, isPy27 }:
|
||||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, coreapi
|
||||
, django
|
||||
, django-guardian
|
||||
, pythonOlder
|
||||
, pytest-django
|
||||
, pytestCheckHook
|
||||
, pytz
|
||||
, pyyaml
|
||||
, uritemplate
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
version = "3.12.4";
|
||||
pname = "djangorestframework";
|
||||
disabled = isPy27;
|
||||
version = "3.13.1";
|
||||
disabled = pythonOlder "3.6";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "encode";
|
||||
repo = "django-rest-framework";
|
||||
rev = version;
|
||||
sha256 = "sha256-FjMRfVyLmm5J9uOUTLZpO3Pvge3RoYnqIRvzMng7wZo=";
|
||||
sha256 = "sha256-XmX6DZBZYzVCe72GERplAWt5jIjV/cYercZGb0pYjoc=";
|
||||
};
|
||||
|
||||
# Test settings are missing
|
||||
doCheck = false;
|
||||
|
||||
propagatedBuildInputs = [ django pytz ];
|
||||
propagatedBuildInputs = [
|
||||
django
|
||||
pytz
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
pytest-django
|
||||
pytestCheckHook
|
||||
|
||||
# optional tests
|
||||
coreapi
|
||||
django-guardian
|
||||
pyyaml
|
||||
uritemplate
|
||||
];
|
||||
|
||||
pythonImportsCheck = [ "rest_framework" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Web APIs for Django, made easy";
|
||||
homepage = "https://www.django-rest-framework.org/";
|
||||
maintainers = with maintainers; [ desiderius ];
|
||||
maintainers = with maintainers; [ desiderius SuperSandro2000 ];
|
||||
license = licenses.bsd2;
|
||||
};
|
||||
}
|
||||
|
@ -3,14 +3,14 @@
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "probe-run";
|
||||
version = "0.3.2";
|
||||
version = "0.3.3";
|
||||
|
||||
src = fetchCrate {
|
||||
inherit pname version;
|
||||
sha256 = "sha256-SXA77LXM1SuBJ8BH+ahwJl/3gWsCbdLXBiHZdJySWq0=";
|
||||
sha256 = "sha256-7o0aRiCxWoDoMysXIPyiBqH/8TtFo87im6Y0OFL0cTA=";
|
||||
};
|
||||
|
||||
cargoSha256 = "sha256-e9POSuA/I7IUKUOxMTfCWxNn0AicojpGQpxamzmHa7g=";
|
||||
cargoSha256 = "sha256-vREz3FTZXMrc18LXIycJXX6SgW6IKGIgL/+79dMfNjk=";
|
||||
|
||||
nativeBuildInputs = [ pkg-config ];
|
||||
buildInputs = [ libusb1 ]
|
||||
|
@ -6,7 +6,7 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "black-hole-solver";
|
||||
version = "1.10.1";
|
||||
version = "1.12.0";
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/";
|
||||
@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://fc-solve.shlomifish.org/downloads/fc-solve/${pname}-${version}.tar.xz";
|
||||
sha256 = "1qhihmk4fwz6n16c7bnxnh3v7jhbb7xhkc9wk9484bp0k4x9bq9n";
|
||||
sha256 = "sha256-0y8yU291cykliPQbsNha5C1WE3bCGNxKtrrf5JBKN6c=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake perl pkg-config python3 ];
|
||||
|
@ -1,15 +1,26 @@
|
||||
{ lib, stdenv, fetchurl, qmake, qttools, qtsvg, mkDerivation }:
|
||||
{ lib
|
||||
, stdenv
|
||||
, fetchurl
|
||||
, cmake
|
||||
, qttools
|
||||
, wrapQtAppsHook
|
||||
, qtsvg
|
||||
}:
|
||||
|
||||
mkDerivation rec {
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "cutemaze";
|
||||
version = "1.3.0";
|
||||
version = "1.3.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://gottcode.org/cutemaze/${pname}-${version}-src.tar.bz2";
|
||||
sha256 = "sha256-h7+H2E37ZVSnlPa6ID+lNEvFtU5PfdMSlBjqBumojoU=";
|
||||
sha256 = "6944931cd39e9ef202c11483b7b2b7409a068c52fa5fd4419ff938b1158c72ab";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ qmake qttools ];
|
||||
nativeBuildInputs = [
|
||||
cmake
|
||||
qttools
|
||||
wrapQtAppsHook
|
||||
];
|
||||
|
||||
buildInputs = [ qtsvg ];
|
||||
|
||||
|
84
pkgs/os-specific/linux/kernel/htmldocs.nix
Normal file
84
pkgs/os-specific/linux/kernel/htmldocs.nix
Normal file
@ -0,0 +1,84 @@
|
||||
{ lib
|
||||
, stdenv
|
||||
, graphviz
|
||||
, imagemagick
|
||||
, linux_latest
|
||||
, makeFontsConf
|
||||
, perl
|
||||
, python3
|
||||
, sphinx
|
||||
, which
|
||||
}:
|
||||
|
||||
let
|
||||
py = python3.override {
|
||||
packageOverrides = final: prev: rec {
|
||||
docutils_old = prev.docutils.overridePythonAttrs (oldAttrs: rec {
|
||||
version = "0.16";
|
||||
src = oldAttrs.src.override {
|
||||
inherit version;
|
||||
sha256 = "sha256-wt46YOnn0Hvia38rAMoDCcIH4GwQD5zCqUkx/HWkePw=";
|
||||
};
|
||||
});
|
||||
|
||||
sphinx = (prev.sphinx.override rec {
|
||||
alabaster = prev.alabaster.override { inherit pygments; };
|
||||
docutils = docutils_old;
|
||||
pygments = prev.pygments.override { docutils = docutils_old; };
|
||||
}).overridePythonAttrs {
|
||||
# fails due to duplicated packages
|
||||
doCheck = false;
|
||||
};
|
||||
|
||||
sphinx_rtd_theme = prev.sphinx_rtd_theme.override {
|
||||
inherit sphinx;
|
||||
docutils = docutils_old;
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
|
||||
stdenv.mkDerivation {
|
||||
pname = "linux-kernel-latest-htmldocs";
|
||||
|
||||
inherit (linux_latest) version src;
|
||||
|
||||
postPatch = ''
|
||||
patchShebangs \
|
||||
Documentation/sphinx/parse-headers.pl \
|
||||
scripts/{get_abi.pl,get_feat.pl,kernel-doc,sphinx-pre-install}
|
||||
'';
|
||||
|
||||
FONTCONFIG_FILE = makeFontsConf {
|
||||
fontDirectories = [ ];
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
graphviz
|
||||
imagemagick
|
||||
perl
|
||||
py.pkgs.sphinx
|
||||
py.pkgs.sphinx_rtd_theme
|
||||
which
|
||||
];
|
||||
|
||||
preBuild = ''
|
||||
export XDG_CACHE_HOME="$(mktemp -d)"
|
||||
'';
|
||||
|
||||
makeFlags = [ "htmldocs" ];
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/share/doc
|
||||
mv Documentation/output $out/share/doc/linux-doc
|
||||
cp -r Documentation/* $out/share/doc/linux-doc/
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Linux kernel html documentation";
|
||||
homepage = "https://www.kernel.org/doc/htmldocs/";
|
||||
platforms = platforms.linux;
|
||||
inherit (linux_latest.meta) license;
|
||||
maintainers = with maintainers; [ SuperSandro2000 ];
|
||||
};
|
||||
}
|
25
pkgs/servers/http/go-camo/default.nix
Normal file
25
pkgs/servers/http/go-camo/default.nix
Normal file
@ -0,0 +1,25 @@
|
||||
{ lib, buildGoModule, fetchFromGitHub }:
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "go-camo";
|
||||
version = "2.4.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "cactus";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "1Wzy5EHFJAPnxusUBvNoJnXyVAx/LiiTgIQZE9r01Lw=";
|
||||
};
|
||||
|
||||
vendorSha256 = "31B6LXCutIdPwxqMFTMUfxAaCuYW14py8Vu1EycBydE=";
|
||||
|
||||
ldflags = [ "-s" "-w" "-X=main.ServerVersion=${version}" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "A camo server is a special type of image proxy that proxies non-secure images over SSL/TLS";
|
||||
homepage = "https://github.com/cactus/go-camo";
|
||||
changelog = "https://github.com/cactus/go-camo/releases/tag/v${version}";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ viraptor ];
|
||||
};
|
||||
}
|
@ -2,7 +2,7 @@ outer@{ lib, stdenv, fetchurl, fetchpatch, openssl, zlib, pcre, libxml2, libxslt
|
||||
, nginx-doc
|
||||
|
||||
, nixosTests
|
||||
, substituteAll, gd, geoip, perl
|
||||
, substituteAll, removeReferencesTo, gd, geoip, perl
|
||||
, withDebug ? false
|
||||
, withKTLS ? false
|
||||
, withStream ? true
|
||||
@ -22,7 +22,7 @@ outer@{ lib, stdenv, fetchurl, fetchpatch, openssl, zlib, pcre, libxml2, libxslt
|
||||
, extraPatches ? []
|
||||
, fixPatch ? p: p
|
||||
, preConfigure ? ""
|
||||
, postInstall ? null
|
||||
, postInstall ? ""
|
||||
, meta ? null
|
||||
, nginx-doc ? outer.nginx-doc
|
||||
, passthru ? { tests = {}; }
|
||||
@ -158,9 +158,14 @@ stdenv.mkDerivation {
|
||||
cp -r ${nginx-doc}/* $doc
|
||||
'';
|
||||
|
||||
postInstall = if postInstall != null then postInstall else ''
|
||||
mv $out/sbin $out/bin
|
||||
'';
|
||||
nativeBuildInputs = [ removeReferencesTo ];
|
||||
|
||||
disallowedReferences = map (m: m.src) modules;
|
||||
|
||||
postInstall =
|
||||
let
|
||||
noSourceRefs = lib.concatMapStrings (m: "remove-references-to -t ${m.src} $out/sbin/nginx\n") modules;
|
||||
in noSourceRefs + postInstall;
|
||||
|
||||
passthru = {
|
||||
modules = modules;
|
||||
|
@ -2,8 +2,6 @@
|
||||
, stdenv
|
||||
, buildGoModule
|
||||
, fetchFromGitHub
|
||||
, CoreFoundation
|
||||
, Security
|
||||
}:
|
||||
|
||||
buildGoModule rec {
|
||||
@ -20,16 +18,13 @@ buildGoModule rec {
|
||||
|
||||
excludedPackages = "misc";
|
||||
|
||||
buildInputs = lib.optionals (stdenv.isDarwin && stdenv.isx86_64)
|
||||
[ CoreFoundation Security ];
|
||||
|
||||
ldflags = [
|
||||
"-s"
|
||||
"-w"
|
||||
"-X main.version=v${version}"
|
||||
];
|
||||
|
||||
# Tests requires network access
|
||||
# Tests require network access
|
||||
doCheck = false;
|
||||
|
||||
doInstallCheck = true;
|
||||
@ -54,5 +49,8 @@ buildGoModule rec {
|
||||
'';
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ jk ];
|
||||
# Need updated macOS SDK
|
||||
# https://github.com/NixOS/nixpkgs/issues/101229
|
||||
broken = (stdenv.isDarwin && stdenv.isx86_64);
|
||||
};
|
||||
}
|
||||
|
@ -2,16 +2,23 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "cni-plugin-flannel";
|
||||
version = "1.0.0";
|
||||
version = "1.1.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "flannel-io";
|
||||
repo = "cni-plugin";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-zWxw4LZIlkT88yGTnxdupq7cUSacNRxPzzp01O9USDw=";
|
||||
sha256 = "sha256-Rq1hVZazeF39YGiuuWC8adff3AhPsSLnnfVpGCaMqgc=";
|
||||
};
|
||||
|
||||
vendorSha256 = "sha256-zteMlrvRTVxOFlBy+z/qfiSii8+c8PMapwIsdbN+Aig=";
|
||||
vendorSha256 = "sha256-ddwNJZzdyO/wEdy0C7Z8IoOWXY4jggcgIHxmRUGGf9s=";
|
||||
|
||||
ldflags = [
|
||||
"-s" "-w"
|
||||
"-X main.Version=${version}"
|
||||
"-X main.Commit=${version}"
|
||||
"-X main.Program=flannel"
|
||||
];
|
||||
|
||||
postInstall = ''
|
||||
mv $out/bin/cni-plugin $out/bin/flannel
|
||||
@ -22,7 +29,7 @@ buildGoModule rec {
|
||||
|
||||
installCheckPhase = ''
|
||||
runHook preInstallCheck
|
||||
$out/bin/flannel 2>&1 | fgrep -q v$version
|
||||
$out/bin/flannel 2>&1 | fgrep -q $version
|
||||
runHook postInstallCheck
|
||||
'';
|
||||
|
||||
|
@ -1,6 +1,7 @@
|
||||
{ stdenv
|
||||
, lib
|
||||
, fetchFromGitHub
|
||||
, fetchpatch
|
||||
, asciidoc
|
||||
, cmake
|
||||
, docbook_xsl
|
||||
@ -23,6 +24,16 @@ stdenv.mkDerivation rec {
|
||||
sha256 = "168jg8kjbylfgalhicn0llbykd7kdc9id2989gg0nxlgmnvzl58a";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# Pull fix pending upstream inclusion for -fno-common toolchains:
|
||||
# https://github.com/lastpass/lastpass-cli/pull/576
|
||||
(fetchpatch {
|
||||
name = "fno-common.patch";
|
||||
url = "https://github.com/lastpass/lastpass-cli/commit/e3311cebdb29a3267843cf656a32f01c5062897e.patch";
|
||||
sha256 = "1yjx2p98nb3n8ywc9lhf2zal5fswawb5i6lgnicdin23zngff5l8";
|
||||
})
|
||||
];
|
||||
|
||||
nativeBuildInputs = [ asciidoc cmake docbook_xsl pkg-config ];
|
||||
|
||||
buildInputs = [
|
||||
|
13
pkgs/tools/security/tracee/bpf-core-clang-bpf.patch
Normal file
13
pkgs/tools/security/tracee/bpf-core-clang-bpf.patch
Normal file
@ -0,0 +1,13 @@
|
||||
diff --git a/Makefile b/Makefile
|
||||
index d5cd754..db1c1d3 100644
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -411,7 +411,7 @@ $(OUTPUT_DIR)/tracee.bpf.core.o: \
|
||||
$(TRACEE_EBPF_OBJ_CORE_HEADERS)
|
||||
#
|
||||
$(MAKE) $(OUTPUT_DIR)/tracee.bpf
|
||||
- $(CMD_CLANG) \
|
||||
+ $(CMD_CLANG_BPF) \
|
||||
-D__TARGET_ARCH_$(LINUX_ARCH) \
|
||||
-D__BPF_TRACING__ \
|
||||
-DCORE \
|
113
pkgs/tools/security/tracee/default.nix
Normal file
113
pkgs/tools/security/tracee/default.nix
Normal file
@ -0,0 +1,113 @@
|
||||
{ lib
|
||||
, buildGoModule
|
||||
, fetchFromGitHub
|
||||
|
||||
, llvmPackages_13
|
||||
, pkg-config
|
||||
|
||||
, zlib
|
||||
, libelf
|
||||
}:
|
||||
|
||||
let
|
||||
inherit (llvmPackages_13) clang;
|
||||
clang-with-bpf =
|
||||
(clang.overrideAttrs (o: { pname = o.pname + "-with-bpf"; })).override (o: {
|
||||
extraBuildCommands = o.extraBuildCommands + ''
|
||||
# make a separate wrapped clang we can target at bpf
|
||||
cp $out/bin/clang $out/bin/clang-bpf
|
||||
# extra flags to append after the cc-cflags
|
||||
echo '-target bpf -fno-stack-protector' > $out/nix-support/cc-cflags-bpf
|
||||
# use sed to attach the cc-cflags-bpf after cc-cflags
|
||||
sed -i -E "s@^(extraAfter=\(\\$\NIX_CFLAGS_COMPILE_.*)(\))\$@\1 $(cat $out/nix-support/cc-cflags-bpf)\2@" $out/bin/clang-bpf
|
||||
'';
|
||||
});
|
||||
in
|
||||
buildGoModule rec {
|
||||
pname = "tracee";
|
||||
version = "0.7.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "aquasecurity";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-Y++FWxADnj1W5S3VrAlJAnotFYb6biCPJ6dpQ0Nin8o=";
|
||||
# Once libbpf hits 1.0 we will migrate to the nixpkgs libbpf rather than the
|
||||
# pinned copy in submodules
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
vendorSha256 = "sha256-C2RExp67qax8+zJIgyMJ18sBtn/xEYj4tAvGCCpBssQ=";
|
||||
|
||||
patches = [
|
||||
# bpf-core can't be compiled with wrapped clang since it forces the target
|
||||
# we need to be able to replace it with another wrapped clang that has
|
||||
# it's target as bpf
|
||||
./bpf-core-clang-bpf.patch
|
||||
# add -s to ldflags for smaller binaries
|
||||
./disable-go-symbol-table.patch
|
||||
];
|
||||
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
strictDeps = true;
|
||||
nativeBuildInputs = [ pkg-config clang-with-bpf ];
|
||||
buildInputs = [ zlib libelf ];
|
||||
|
||||
makeFlags = [
|
||||
"VERSION=v${version}"
|
||||
"CMD_CLANG_BPF=clang-bpf"
|
||||
# don't actually need git but the Makefile checks for it
|
||||
"CMD_GIT=echo"
|
||||
];
|
||||
|
||||
buildPhase = ''
|
||||
runHook preBuild
|
||||
make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES -l$NIX_BUILD_CORES}
|
||||
runHook postBuild
|
||||
'';
|
||||
|
||||
doCheck = false;
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out/{bin,share/tracee}
|
||||
|
||||
cp ./dist/tracee-ebpf $out/bin
|
||||
cp ./dist/tracee-rules $out/bin
|
||||
|
||||
cp -r ./dist/rules $out/share/tracee/
|
||||
cp -r ./cmd/tracee-rules/templates $out/share/tracee/
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
doInstallCheck = true;
|
||||
installCheckPhase = ''
|
||||
runHook preInstallCheck
|
||||
|
||||
$out/bin/tracee-ebpf --help
|
||||
$out/bin/tracee-ebpf --version | grep "v${version}"
|
||||
|
||||
$out/bin/tracee-rules --help
|
||||
|
||||
runHook postInstallCheck
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://aquasecurity.github.io/tracee/latest/";
|
||||
changelog = "https://github.com/aquasecurity/tracee/releases/tag/v${version}";
|
||||
description = "Linux Runtime Security and Forensics using eBPF";
|
||||
longDescription = ''
|
||||
Tracee is a Runtime Security and forensics tool for Linux. It is using
|
||||
Linux eBPF technology to trace your system and applications at runtime,
|
||||
and analyze collected events to detect suspicious behavioral patterns. It
|
||||
is delivered as a Docker image that monitors the OS and detects suspicious
|
||||
behavior based on a pre-defined set of behavioral patterns.
|
||||
'';
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ jk ];
|
||||
platforms = [ "x86_64-linux" ];
|
||||
};
|
||||
}
|
22
pkgs/tools/security/tracee/disable-go-symbol-table.patch
Normal file
22
pkgs/tools/security/tracee/disable-go-symbol-table.patch
Normal file
@ -0,0 +1,22 @@
|
||||
diff --git a/Makefile b/Makefile
|
||||
index d5cd754..0b74a79 100644
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -471,7 +471,7 @@ ifeq ($(BTFHUB), 1)
|
||||
endif
|
||||
$(GO_ENV_EBPF) $(CMD_GO) build \
|
||||
-tags $(GO_TAGS_EBPF) \
|
||||
- -ldflags="-w \
|
||||
+ -ldflags="-s -w \
|
||||
-extldflags \"$(CGO_EXT_LDFLAGS_EBPF)\" \
|
||||
-X main.version=\"$(VERSION)\" \
|
||||
" \
|
||||
@@ -552,7 +552,7 @@ $(OUTPUT_DIR)/tracee-rules: \
|
||||
#
|
||||
$(GO_ENV_RULES) $(CMD_GO) build \
|
||||
-tags $(GO_TAGS_RULES) \
|
||||
- -ldflags="-w \
|
||||
+ -ldflags="-s -w \
|
||||
-extldflags \"$(CGO_EXT_LDFLAGS_RULES)\" \
|
||||
" \
|
||||
-v -o $@ \
|
12
pkgs/tools/security/tracee/skip-init-test.patch
Normal file
12
pkgs/tools/security/tracee/skip-init-test.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go
|
||||
index 8601eb9..57088d2 100644
|
||||
--- a/tests/integration/integration_test.go
|
||||
+++ b/tests/integration/integration_test.go
|
||||
@@ -149,6 +149,7 @@ func checkUidzero(t *testing.T, gotOutput *bytes.Buffer) {
|
||||
|
||||
// only capture pids of 1
|
||||
func checkPidOne(t *testing.T, gotOutput *bytes.Buffer) {
|
||||
+ t.Skip("Not compatible with systemd init")
|
||||
_, _ = exec.Command("init", "q").CombinedOutput()
|
||||
|
||||
waitForTraceeOutput(gotOutput, time.Now())
|
12
pkgs/tools/security/tracee/skip-magic_write-test.patch
Normal file
12
pkgs/tools/security/tracee/skip-magic_write-test.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go
|
||||
index 8601eb9..a8a3eed 100644
|
||||
--- a/tests/integration/integration_test.go
|
||||
+++ b/tests/integration/integration_test.go
|
||||
@@ -75,6 +75,7 @@ func waitForTraceeOutput(gotOutput *bytes.Buffer, now time.Time) {
|
||||
|
||||
// small set of actions to trigger a magic write event
|
||||
func checkMagicwrite(t *testing.T, gotOutput *bytes.Buffer) {
|
||||
+ t.Skip()
|
||||
// create a temp dir for testing
|
||||
d, err := ioutil.TempDir("", "Test_MagicWrite-dir-*")
|
||||
require.NoError(t, err)
|
41
pkgs/tools/security/tracee/test.nix
Normal file
41
pkgs/tools/security/tracee/test.nix
Normal file
@ -0,0 +1,41 @@
|
||||
{ pkgs ? import ../../../../. { } }:
|
||||
|
||||
# manually run `nix-build ./pkgs/tools/security/tracee/test.nix` to test
|
||||
pkgs.nixosTest ({
|
||||
name = "tracee-test";
|
||||
nodes = {
|
||||
machine = { config, pkgs, ... }: {
|
||||
environment.systemPackages = [
|
||||
pkgs.tracee
|
||||
# build the go integration tests as a binary
|
||||
(pkgs.tracee.overrideAttrs (oa: {
|
||||
pname = oa.pname + "-integration";
|
||||
patches = oa.patches or [] ++ [
|
||||
# skip test that runs `init -q` which is incompatible with systemd init
|
||||
./skip-init-test.patch
|
||||
# skip magic_write test that currently fails
|
||||
./skip-magic_write-test.patch
|
||||
];
|
||||
# just build the static lib we need for the go test binary
|
||||
makeFlags = oa.makeFlags ++ [ "./dist/libbpf/libbpf.a" ];
|
||||
postBuild = ''
|
||||
# by default the tests are disabled and this is intended to be commented out
|
||||
sed -i '/t.Skip("This test requires root privileges")/d' ./tests/integration/integration_test.go
|
||||
CGO_CFLAGS="-I$PWD/dist/libbpf" CGO_LDFLAGS="-lelf -lz $PWD/dist/libbpf/libbpf.a" go test -tags ebpf,integration -c -o $GOPATH/tracee-integration ./tests/integration
|
||||
'';
|
||||
doCheck = false;
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
cp $GOPATH/tracee-integration $out/bin
|
||||
'';
|
||||
doInstallCheck = false;
|
||||
}))
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
with subtest("run integration tests"):
|
||||
print(machine.succeed('TRC_BIN="$(which tracee-ebpf)" tracee-integration -test.v -test.run "Test_Events"'))
|
||||
'';
|
||||
})
|
39
pkgs/tools/system/systeroid/default.nix
Normal file
39
pkgs/tools/system/systeroid/default.nix
Normal file
@ -0,0 +1,39 @@
|
||||
{ lib
|
||||
, rustPlatform
|
||||
, fetchFromGitHub
|
||||
, linux-doc
|
||||
, xorg
|
||||
}:
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "systeroid";
|
||||
version = "0.1.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "orhun";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "0xf81wyp5qg67r0vyqg0209pcabx70vvxx4nrg2y7qa0mhvf6p94";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace systeroid-core/src/parsers.rs \
|
||||
--replace '"/usr/share/doc/kernel-doc-*/Documentation/*",' '"${linux-doc}/share/doc/linux-doc/*",'
|
||||
'';
|
||||
|
||||
cargoSha256 = "sha256-D/sSeMR1Zg3OH1fdSVKdxdIcoP4OLp3T8mwQ28O8rfk=";
|
||||
|
||||
buildInputs = [
|
||||
xorg.libxcb
|
||||
];
|
||||
|
||||
# tries to access /sys/
|
||||
doCheck = false;
|
||||
|
||||
meta = with lib; {
|
||||
description = "More powerful alternative to sysctl(8) with a terminal user interface";
|
||||
homepage = "https://github.com/orhun/systeroid";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ SuperSandro2000 ];
|
||||
};
|
||||
}
|
@ -1176,6 +1176,8 @@ with pkgs;
|
||||
|
||||
sx-go = callPackage ../tools/security/sx-go { };
|
||||
|
||||
systeroid = callPackage ../tools/system/systeroid { };
|
||||
|
||||
tauon = callPackage ../applications/audio/tauon { };
|
||||
|
||||
termusic = callPackage ../applications/audio/termusic { };
|
||||
@ -5456,7 +5458,6 @@ with pkgs;
|
||||
|
||||
trivy = callPackage ../tools/admin/trivy {
|
||||
buildGoModule = buildGo118Module;
|
||||
inherit (darwin.apple_sdk.frameworks) CoreFoundation Security;
|
||||
};
|
||||
|
||||
trompeloeil = callPackage ../development/libraries/trompeloeil { };
|
||||
@ -11014,6 +11015,8 @@ with pkgs;
|
||||
|
||||
tracebox = callPackage ../tools/networking/tracebox { };
|
||||
|
||||
tracee = callPackage ../tools/security/tracee { };
|
||||
|
||||
tracefilegen = callPackage ../development/tools/analysis/garcosim/tracefilegen { };
|
||||
|
||||
tracefilesim = callPackage ../development/tools/analysis/garcosim/tracefilesim { };
|
||||
@ -21742,6 +21745,8 @@ with pkgs;
|
||||
|
||||
nats-server = callPackage ../servers/nats-server { };
|
||||
|
||||
go-camo = callPackage ../servers/http/go-camo { };
|
||||
|
||||
gofish = callPackage ../servers/gopher/gofish { };
|
||||
|
||||
grafana = callPackage ../servers/monitoring/grafana { };
|
||||
@ -23262,6 +23267,8 @@ with pkgs;
|
||||
linuxPackages_xanmod_latest = linuxKernel.packages.linux_xanmod_latest;
|
||||
linux_xanmod_latest = linuxKernel.kernels.linux_xanmod_latest;
|
||||
|
||||
linux-doc = callPackage ../os-specific/linux/kernel/htmldocs.nix { };
|
||||
|
||||
cryptodev = linuxKernel.packages.linux_4_9.cryptodev;
|
||||
|
||||
dpdk = callPackage ../os-specific/linux/dpdk {
|
||||
@ -31552,7 +31559,7 @@ with pkgs;
|
||||
curseofwar = callPackage ../games/curseofwar { SDL = null; };
|
||||
curseofwar-sdl = callPackage ../games/curseofwar { ncurses = null; };
|
||||
|
||||
cutemaze = libsForQt5.callPackage ../games/cutemaze { };
|
||||
cutemaze = qt6Packages.callPackage ../games/cutemaze { };
|
||||
|
||||
cuyo = callPackage ../games/cuyo { };
|
||||
|
||||
|
@ -58,6 +58,7 @@ mapAliases ({
|
||||
django_appconf = django-appconf; # added 2022-03-03
|
||||
django_environ = django-environ; # added 2021-12-25
|
||||
django_extensions = django-extensions; # added 2022-01-09
|
||||
django_guardian = django-guardian; # added 2022-05-19
|
||||
django_modelcluster = django-modelcluster; # added 2022-04-02
|
||||
django_redis = django-redis; # added 2021-10-11
|
||||
django_taggit = django-taggit; # added 2021-10-11
|
||||
|
@ -2329,7 +2329,7 @@ in {
|
||||
|
||||
django-gravatar2 = callPackage ../development/python-modules/django-gravatar2 { };
|
||||
|
||||
django_guardian = callPackage ../development/python-modules/django_guardian { };
|
||||
django-guardian = callPackage ../development/python-modules/django-guardian { };
|
||||
|
||||
django-haystack = callPackage ../development/python-modules/django-haystack { };
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user