Merge master into staging-next
This commit is contained in:
commit
c804f22a81
@ -68,15 +68,16 @@
|
|||||||
|
|
||||||
Security fixes are submitted in the same way as other changes and thus the same guidelines apply.
|
Security fixes are submitted in the same way as other changes and thus the same guidelines apply.
|
||||||
|
|
||||||
If the security fix comes in the form of a patch and a CVE is available, then the name of the patch should be the CVE identifier, so e.g. `CVE-2019-13636.patch` in the case of a patch that is included in the Nixpkgs tree. If a patch is fetched the name needs to be set as well, e.g.:
|
- If a new version fixing the vulnerability has been released, update the package;
|
||||||
|
- If the security fix comes in the form of a patch and a CVE is available, then add the patch to the Nixpkgs tree, and apply it to the package.
|
||||||
```nix
|
The name of the patch should be the CVE identifier, so e.g. `CVE-2019-13636.patch`; If a patch is fetched the name needs to be set as well, e.g.:
|
||||||
(fetchpatch {
|
```nix
|
||||||
name = "CVE-2019-11068.patch";
|
(fetchpatch {
|
||||||
url = "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch";
|
name = "CVE-2019-11068.patch";
|
||||||
sha256 = "0pkpb4837km15zgg6h57bncp66d5lwrlvkr73h0lanywq7zrwhj8";
|
url = "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch";
|
||||||
})
|
sha256 = "0pkpb4837km15zgg6h57bncp66d5lwrlvkr73h0lanywq7zrwhj8";
|
||||||
```
|
})
|
||||||
|
```
|
||||||
|
|
||||||
If a security fix applies to both master and a stable release then, similar to regular changes, they are preferably delivered via master first and cherry-picked to the release branch.
|
If a security fix applies to both master and a stable release then, similar to regular changes, they are preferably delivered via master first and cherry-picked to the release branch.
|
||||||
|
|
||||||
|
45
doc/contributing/vulnerability-roundup.chapter.md
Normal file
45
doc/contributing/vulnerability-roundup.chapter.md
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
# Vulnerability Roundup {#chap-vulnerability-roundup}
|
||||||
|
|
||||||
|
## Issues {#vulnerability-roundup-issues}
|
||||||
|
|
||||||
|
Vulnerable packages in Nixpkgs are managed using issues.
|
||||||
|
Currently opened ones can be found using the following:
|
||||||
|
|
||||||
|
[github.com/NixOS/nixpkgs/issues?q=is:issue+is:open+"Vulnerability+roundup"](https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+%22Vulnerability+roundup%22)
|
||||||
|
|
||||||
|
Each issue correspond to a vulnerable version of a package; As a consequence:
|
||||||
|
|
||||||
|
- One issue can contain several CVEs;
|
||||||
|
- One CVE can be shared across several issues;
|
||||||
|
- A single package can be concerned by several issues.
|
||||||
|
|
||||||
|
|
||||||
|
A "Vulnerability roundup" issue usually respects the following format:
|
||||||
|
|
||||||
|
```txt
|
||||||
|
<link to relevant package search on search.nix.gsc.io>, <link to relevant files in Nixpkgs on GitHub>
|
||||||
|
|
||||||
|
<list of related CVEs, their CVSS score, and the impacted NixOS version>
|
||||||
|
|
||||||
|
<list of the scanned Nixpkgs versions>
|
||||||
|
|
||||||
|
<list of relevant contributors>
|
||||||
|
```
|
||||||
|
|
||||||
|
Note that there can be an extra comment containing links to previously reported (and still open) issues for the same package.
|
||||||
|
|
||||||
|
|
||||||
|
## Triaging and Fixing {#vulnerability-roundup-triaging-and-fixing}
|
||||||
|
|
||||||
|
**Note**: An issue can be a "false positive" (i.e. automatically opened, but without the package it refers to being actually vulnerable).
|
||||||
|
If you find such a "false positive", comment on the issue an explanation of why it falls into this category, linking as much information as the necessary to help maintainers double check.
|
||||||
|
|
||||||
|
If you are investigating a "true positive":
|
||||||
|
|
||||||
|
- Find the earliest patched version or a code patch in the CVE details;
|
||||||
|
- Is the issue already patched (version up-to-date or patch applied manually) in Nixpkgs's `master` branch?
|
||||||
|
- **No**:
|
||||||
|
- [Submit a security fix](#submitting-changes-submitting-security-fixes);
|
||||||
|
- Once the fix is merged into `master`, [submit the change to the vulnerable release branch(es)](https://nixos.org/manual/nixpkgs/stable/#submitting-changes-stable-release-branches);
|
||||||
|
- **Yes**: [Backport the change to the vulnerable release branch(es)](https://nixos.org/manual/nixpkgs/stable/#submitting-changes-stable-release-branches).
|
||||||
|
- When the patch has made it into all the relevant branches (`master`, and the vulnerable releases), close the relevant issue(s).
|
@ -35,6 +35,7 @@
|
|||||||
<xi:include href="contributing/quick-start.xml" />
|
<xi:include href="contributing/quick-start.xml" />
|
||||||
<xi:include href="contributing/coding-conventions.xml" />
|
<xi:include href="contributing/coding-conventions.xml" />
|
||||||
<xi:include href="contributing/submitting-changes.chapter.xml" />
|
<xi:include href="contributing/submitting-changes.chapter.xml" />
|
||||||
|
<xi:include href="contributing/vulnerability-roundup.chapter.xml" />
|
||||||
<xi:include href="contributing/reviewing-contributions.xml" />
|
<xi:include href="contributing/reviewing-contributions.xml" />
|
||||||
<xi:include href="contributing/contributing-to-documentation.xml" />
|
<xi:include href="contributing/contributing-to-documentation.xml" />
|
||||||
</part>
|
</part>
|
||||||
|
@ -155,6 +155,7 @@
|
|||||||
./programs/nm-applet.nix
|
./programs/nm-applet.nix
|
||||||
./programs/npm.nix
|
./programs/npm.nix
|
||||||
./programs/oblogout.nix
|
./programs/oblogout.nix
|
||||||
|
./programs/partition-manager.nix
|
||||||
./programs/plotinus.nix
|
./programs/plotinus.nix
|
||||||
./programs/proxychains.nix
|
./programs/proxychains.nix
|
||||||
./programs/qt5ct.nix
|
./programs/qt5ct.nix
|
||||||
|
19
nixos/modules/programs/partition-manager.nix
Normal file
19
nixos/modules/programs/partition-manager.nix
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
{
|
||||||
|
meta.maintainers = [ maintainers.oxalica ];
|
||||||
|
|
||||||
|
###### interface
|
||||||
|
options = {
|
||||||
|
programs.partition-manager.enable = mkEnableOption "KDE Partition Manager";
|
||||||
|
};
|
||||||
|
|
||||||
|
###### implementation
|
||||||
|
config = mkIf config.programs.partition-manager.enable {
|
||||||
|
services.dbus.packages = [ pkgs.libsForQt5.kpmcore ];
|
||||||
|
# `kpmcore` need to be installed to pull in polkit actions.
|
||||||
|
environment.systemPackages = [ pkgs.libsForQt5.kpmcore pkgs.partition-manager ];
|
||||||
|
};
|
||||||
|
}
|
@ -182,18 +182,7 @@ in rec {
|
|||||||
# upstream unit.
|
# upstream unit.
|
||||||
for i in ${toString (mapAttrsToList (n: v: v.unit) units)}; do
|
for i in ${toString (mapAttrsToList (n: v: v.unit) units)}; do
|
||||||
fn=$(basename $i/*)
|
fn=$(basename $i/*)
|
||||||
|
if [ -e $out/$fn ]; then
|
||||||
case $fn in
|
|
||||||
# if file name is a template specialization, use the template's name
|
|
||||||
*@?*.service)
|
|
||||||
# remove @foo.service and replace it with @.service
|
|
||||||
ofn="''${fn%@*.service}@.service"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
ofn="$fn"
|
|
||||||
esac
|
|
||||||
|
|
||||||
if [ -e $out/$ofn ]; then
|
|
||||||
if [ "$(readlink -f $i/$fn)" = /dev/null ]; then
|
if [ "$(readlink -f $i/$fn)" = /dev/null ]; then
|
||||||
ln -sfn /dev/null $out/$fn
|
ln -sfn /dev/null $out/$fn
|
||||||
else
|
else
|
||||||
|
@ -1,41 +0,0 @@
|
|||||||
import ./make-test-python.nix {
|
|
||||||
name = "systemd-template-override";
|
|
||||||
|
|
||||||
machine = { pkgs, lib, ... }: let
|
|
||||||
touchTmp = pkgs.writeTextFile {
|
|
||||||
name = "touch-tmp@.service";
|
|
||||||
text = ''
|
|
||||||
[Service]
|
|
||||||
Type=oneshot
|
|
||||||
ExecStart=${pkgs.coreutils}/bin/touch /tmp/%I
|
|
||||||
'';
|
|
||||||
destination = "/etc/systemd/system/touch-tmp@.service";
|
|
||||||
};
|
|
||||||
in {
|
|
||||||
systemd.packages = [ touchTmp ];
|
|
||||||
|
|
||||||
systemd.services."touch-tmp@forbidden" = {
|
|
||||||
serviceConfig.ExecStart = [ "" ''
|
|
||||||
${pkgs.coreutils}/bin/true
|
|
||||||
''];
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services."touch-tmp@intercept" = {
|
|
||||||
serviceConfig.ExecStart = [ "" ''
|
|
||||||
${pkgs.coreutils}/bin/touch /tmp/renamed
|
|
||||||
''];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
testScript = ''
|
|
||||||
machine.wait_for_unit("default.target")
|
|
||||||
|
|
||||||
machine.succeed("systemctl start touch-tmp@normal")
|
|
||||||
machine.succeed("systemctl start touch-tmp@forbbidden")
|
|
||||||
machine.succeed("systemctl start touch-tmp@intercept")
|
|
||||||
|
|
||||||
machine.succeed("[ -e /tmp/normal ]")
|
|
||||||
machine.succeed("[ ! -e /tmp/forbidden ]")
|
|
||||||
machine.succeed("[ -e /tmp/renamed ]")
|
|
||||||
'';
|
|
||||||
}
|
|
@ -5,11 +5,11 @@
|
|||||||
|
|
||||||
mkDerivation rec {
|
mkDerivation rec {
|
||||||
pname = "samplv1";
|
pname = "samplv1";
|
||||||
version = "0.9.18";
|
version = "0.9.20";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "mirror://sourceforge/samplv1/${pname}-${version}.tar.gz";
|
url = "mirror://sourceforge/samplv1/${pname}-${version}.tar.gz";
|
||||||
sha256 = "ePhM9OTLJp1Wa2D9Y1Dqq/69WlEhEp3ih9yNUIJU5Y4=";
|
sha256 = "sha256-9tm72lV9i/155TVweNwO2jpPsCJkh6r82g7Z1wCI1ho=";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ qttools pkg-config ];
|
nativeBuildInputs = [ qttools pkg-config ];
|
||||||
|
@ -31,15 +31,15 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
"dev": {
|
"dev": {
|
||||||
"version": "91.0.4442.4",
|
"version": "91.0.4449.6",
|
||||||
"sha256": "0cmm2pimkghb6s956bkqf2k77lj69dz51nlydgkqbvw0sc8n784k",
|
"sha256": "1y6z7p64fi4dxyrxrnlmg0wwczgw58cinrsywhnrpl2wp2y3v6m3",
|
||||||
"sha256bin64": "1hbfx8n51p7dwwz1vbp94jdmlb96vvxrbql2af4kmvx1bmzr2ism",
|
"sha256bin64": "1baxra0hg981awinyyvm1x46rlskjmhs2m1h0zf72l11y1jyj5vc",
|
||||||
"deps": {
|
"deps": {
|
||||||
"gn": {
|
"gn": {
|
||||||
"version": "2021-02-09",
|
"version": "2021-03-12",
|
||||||
"url": "https://gn.googlesource.com/gn",
|
"url": "https://gn.googlesource.com/gn",
|
||||||
"rev": "dfcbc6fed0a8352696f92d67ccad54048ad182b3",
|
"rev": "64b3b9401c1c3ed5f3c43c1cac00b91f83597ab8",
|
||||||
"sha256": "1941bzg37c4dpsk3sh6ga3696gpq6vjzpcw9rsnf6kdr9mcgdxvn"
|
"sha256": "14whk4gyx21cqxy1560xm8p1mc1581dh9g7xy120g8vvcylknjlm"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -2,12 +2,12 @@
|
|||||||
|
|
||||||
let
|
let
|
||||||
pname = "deltachat-electron";
|
pname = "deltachat-electron";
|
||||||
version = "1.15.2";
|
version = "1.15.3";
|
||||||
name = "${pname}-${version}";
|
name = "${pname}-${version}";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://download.delta.chat/desktop/v${version}/DeltaChat-${version}.AppImage";
|
url = "https://download.delta.chat/desktop/v${version}/DeltaChat-${version}.AppImage";
|
||||||
sha256 = "sha256-iw2tU8qqXWbtEdLGlW8HNBHx8F2CgnCGCBUWpM407us=";
|
sha256 = "sha256-cYb0uruuWpNr1jF5WZ48quBZRIVXiHr99mLPLKMOX5M=";
|
||||||
};
|
};
|
||||||
|
|
||||||
appimageContents = appimageTools.extract { inherit name src; };
|
appimageContents = appimageTools.extract { inherit name src; };
|
||||||
|
@ -2,13 +2,13 @@
|
|||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "pidgin-carbons";
|
pname = "pidgin-carbons";
|
||||||
version = "0.2.2";
|
version = "0.2.3";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "gkdr";
|
owner = "gkdr";
|
||||||
repo = "carbons";
|
repo = "carbons";
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "1aq9bwgpmbwrigq6ywf0pjkngqcm0qxncygaj1fi57npjhcjs6ln";
|
sha256 = "sha256-qiyIvmJbRmCrAi/93UxDVtO76nSdtzUVfT/sZGxxAh8=";
|
||||||
};
|
};
|
||||||
|
|
||||||
makeFlags = [ "PURPLE_PLUGIN_DIR=$(out)/lib/pidgin" ];
|
makeFlags = [ "PURPLE_PLUGIN_DIR=$(out)/lib/pidgin" ];
|
||||||
|
@ -2,11 +2,11 @@
|
|||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "gtkwave";
|
pname = "gtkwave";
|
||||||
version = "3.3.107";
|
version = "3.3.108";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "mirror://sourceforge/gtkwave/${pname}-gtk3-${version}.tar.gz";
|
url = "mirror://sourceforge/gtkwave/${pname}-gtk3-${version}.tar.gz";
|
||||||
sha256 = "0ma30jyc94iid3v3m8aw4i2lyiqfxkpsdvdmmaibynk400cbzivl";
|
sha256 = "sha256-LtlexZKih+Si/pH3oQpWdpzfZ6j+41Otgfx7nLMfFSQ=";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ pkg-config wrapGAppsHook ];
|
nativeBuildInputs = [ pkg-config wrapGAppsHook ];
|
||||||
|
@ -5,10 +5,10 @@
|
|||||||
|
|
||||||
mkDerivation rec {
|
mkDerivation rec {
|
||||||
pname = "clipgrab";
|
pname = "clipgrab";
|
||||||
version = "3.9.5";
|
version = "3.9.6";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
sha256 = "1p8pqa5s70basdm2zpmahc54shsxrr0fr7chvv425n5a9sqba4dh";
|
sha256 = "sha256-1rQu2Gh9PKSbC0tuQxLwFhzy280z4obpa+eXvDBzDW0=";
|
||||||
# The .tar.bz2 "Download" link is a binary blob, the source is the .tar.gz!
|
# The .tar.bz2 "Download" link is a binary blob, the source is the .tar.gz!
|
||||||
url = "https://download.clipgrab.org/${pname}-${version}.tar.gz";
|
url = "https://download.clipgrab.org/${pname}-${version}.tar.gz";
|
||||||
};
|
};
|
||||||
|
@ -4,13 +4,13 @@
|
|||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "cutelyst";
|
pname = "cutelyst";
|
||||||
version = "2.14.0";
|
version = "2.14.2";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "cutelyst";
|
owner = "cutelyst";
|
||||||
repo = "cutelyst";
|
repo = "cutelyst";
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "sha256-RidUZqDnzRrgW/7LVF+BF01zNcf1cJ/kS7OF/t1Q65c=";
|
sha256 = "sha256-JUffOeUTeaZvEssP5hfSGipeRuQ7FzLF4bOizCFhe5o=";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ cmake pkg-config wrapQtAppsHook ];
|
nativeBuildInputs = [ cmake pkg-config wrapQtAppsHook ];
|
||||||
|
@ -1,25 +1,38 @@
|
|||||||
{ stdenv, lib, fetchurl, extra-cmake-modules
|
{ stdenv, lib, fetchurl, fetchpatch, extra-cmake-modules
|
||||||
, qtbase, kio
|
, qca-qt5, kauth, kio, polkit-qt, qtbase
|
||||||
, libatasmart, parted
|
, util-linux
|
||||||
, util-linux }:
|
}:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "kpmcore";
|
pname = "kpmcore";
|
||||||
version = "3.3.0";
|
# NOTE: When changing this version, also change the version of `partition-manager`.
|
||||||
|
version = "4.2.0";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "mirror://kde/stable/${pname}/${version}/src/${pname}-${version}.tar.xz";
|
url = "mirror://kde/stable/${pname}/${version}/src/${pname}-${version}.tar.xz";
|
||||||
sha256 = "0s6v0jfrhjg31ri5p6h9n4w29jvasf5dj954j3vfpzl91lygmmmq";
|
hash = "sha256-MvW0CqvFZtzcJlya6DIpzorPbKJai6fxt7nKsKpJn54=";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
patches = [
|
||||||
|
# Fix build with `kcoreaddons` >= 5.77.0
|
||||||
|
(fetchpatch {
|
||||||
|
url = "https://github.com/KDE/kpmcore/commit/07e5a3ac2858e6d38cc698e0f740e7a693e9f302.patch";
|
||||||
|
sha256 = "sha256-LYzea888euo2HXM+acWaylSw28iwzOdZBvPBt/gjP1s=";
|
||||||
|
})
|
||||||
|
# Fix crash when `fstab` omits mount options.
|
||||||
|
(fetchpatch {
|
||||||
|
url = "https://github.com/KDE/kpmcore/commit/eea84fb60525803a789e55bb168afb968464c130.patch";
|
||||||
|
sha256 = "sha256-NJ3PvyRC6SKNSOlhJPrDDjepuw7IlAoufPgvml3fap0=";
|
||||||
|
})
|
||||||
|
];
|
||||||
|
|
||||||
buildInputs = [
|
buildInputs = [
|
||||||
qtbase
|
qca-qt5
|
||||||
libatasmart
|
kauth
|
||||||
parted # we only need the library
|
|
||||||
|
|
||||||
kio
|
kio
|
||||||
|
polkit-qt
|
||||||
|
|
||||||
util-linux # needs blkid (note that this is not provided by util-linux-compat)
|
util-linux # Needs blkid in configure script (note that this is not provided by util-linux-compat)
|
||||||
];
|
];
|
||||||
|
|
||||||
nativeBuildInputs = [ extra-cmake-modules ];
|
nativeBuildInputs = [ extra-cmake-modules ];
|
||||||
@ -27,8 +40,11 @@ stdenv.mkDerivation rec {
|
|||||||
dontWrapQtApps = true;
|
dontWrapQtApps = true;
|
||||||
|
|
||||||
meta = with lib; {
|
meta = with lib; {
|
||||||
maintainers = with lib.maintainers; [ peterhoeg ];
|
description = "KDE Partition Manager core library";
|
||||||
|
homepage = "https://invent.kde.org/system/kpmcore";
|
||||||
|
license = with licenses; [ cc-by-40 cc0 gpl3Plus mit ];
|
||||||
|
maintainers = with maintainers; [ peterhoeg oxalica ];
|
||||||
# The build requires at least Qt 5.14:
|
# The build requires at least Qt 5.14:
|
||||||
broken = lib.versionOlder qtbase.version "5.14";
|
broken = versionOlder qtbase.version "5.14";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
buildDunePackage rec {
|
buildDunePackage rec {
|
||||||
pname = "bitstring";
|
pname = "bitstring";
|
||||||
version = "4.0.1";
|
version = "4.1.0";
|
||||||
|
|
||||||
useDune2 = true;
|
useDune2 = true;
|
||||||
|
|
||||||
@ -10,7 +10,7 @@ buildDunePackage rec {
|
|||||||
owner = "xguerin";
|
owner = "xguerin";
|
||||||
repo = pname;
|
repo = pname;
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "1z7jmgljvp52lvn3ml2cp6gssxqp4sikwyjf6ym97cycbcw0fjjm";
|
sha256 = "0mghsl8b2zd2676mh1r9142hymhvzy9cw8kgkjmirxkn56wbf56b";
|
||||||
};
|
};
|
||||||
|
|
||||||
propagatedBuildInputs = [ stdlib-shims ];
|
propagatedBuildInputs = [ stdlib-shims ];
|
||||||
|
@ -3,6 +3,10 @@
|
|||||||
, ounit
|
, ounit
|
||||||
}:
|
}:
|
||||||
|
|
||||||
|
if !lib.versionAtLeast ppxlib.version "0.18.0"
|
||||||
|
then throw "ppx_bitstring is not available with ppxlib-${ppxlib.version}"
|
||||||
|
else
|
||||||
|
|
||||||
buildDunePackage rec {
|
buildDunePackage rec {
|
||||||
pname = "ppx_bitstring";
|
pname = "ppx_bitstring";
|
||||||
inherit (bitstring) version useDune2 src;
|
inherit (bitstring) version useDune2 src;
|
||||||
|
@ -1,27 +1,28 @@
|
|||||||
{ lib, fetchurl, buildDunePackage, ocaml
|
{ lib, fetchurl, buildDunePackage
|
||||||
, ounit, ppx_deriving, ppx_tools_versioned
|
, ppx_tools_versioned
|
||||||
, ppxlib, ocaml-migrate-parsetree
|
, ocaml-migrate-parsetree
|
||||||
|
, ounit, ppx_deriving, ppxlib
|
||||||
}:
|
}:
|
||||||
|
|
||||||
buildDunePackage rec {
|
buildDunePackage rec {
|
||||||
pname = "ppx_import";
|
pname = "ppx_import";
|
||||||
version = "1.7.1";
|
version = "1.8.0";
|
||||||
|
|
||||||
useDune2 = true;
|
useDune2 = true;
|
||||||
|
|
||||||
minimumOCamlVersion = "4.04";
|
minimumOCamlVersion = "4.04";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://github.com/ocaml-ppx/ppx_import/releases/download/v${version}/ppx_import-v${version}.tbz";
|
url = "https://github.com/ocaml-ppx/ppx_import/releases/download/v${version}/ppx_import-${version}.tbz";
|
||||||
sha256 = "16dyxfb7syz659rqa7yq36ny5vzl7gkqd7f4m6qm2zkjc1gc8j4v";
|
sha256 = "0zqcj70yyp4ik4jc6jz3qs2xhb94vxc6yq9ij0d5cyak28klc3gv";
|
||||||
};
|
};
|
||||||
|
|
||||||
propagatedBuildInputs = [
|
propagatedBuildInputs = [
|
||||||
ppxlib ppx_tools_versioned ocaml-migrate-parsetree
|
ppx_tools_versioned ocaml-migrate-parsetree
|
||||||
];
|
];
|
||||||
|
|
||||||
doCheck = true;
|
doCheck = true;
|
||||||
checkInputs = [ ounit ppx_deriving ];
|
checkInputs = [ ounit ppx_deriving ppxlib ];
|
||||||
|
|
||||||
meta = {
|
meta = {
|
||||||
description = "A syntax extension that allows to pull in types or signatures from other compiled interface files";
|
description = "A syntax extension that allows to pull in types or signatures from other compiled interface files";
|
||||||
|
@ -9,11 +9,11 @@
|
|||||||
|
|
||||||
buildPythonPackage rec {
|
buildPythonPackage rec {
|
||||||
pname = "databricks-cli";
|
pname = "databricks-cli";
|
||||||
version = "0.14.2";
|
version = "0.14.3";
|
||||||
|
|
||||||
src = fetchPypi {
|
src = fetchPypi {
|
||||||
inherit pname version;
|
inherit pname version;
|
||||||
sha256 = "9e956f0efb7aad100d9963f223db986392cf2dc3e9922f2f83e55d372e84ef16";
|
sha256 = "bdf89a3917a3f8f8b99163e38d40e66dc478c7408954747f145cd09816b05e2c";
|
||||||
};
|
};
|
||||||
|
|
||||||
checkInputs = [
|
checkInputs = [
|
||||||
|
@ -7,11 +7,11 @@
|
|||||||
|
|
||||||
buildPythonPackage rec {
|
buildPythonPackage rec {
|
||||||
pname = "gradient";
|
pname = "gradient";
|
||||||
version = "1.4.2";
|
version = "1.4.3";
|
||||||
|
|
||||||
src = fetchPypi {
|
src = fetchPypi {
|
||||||
inherit pname version;
|
inherit pname version;
|
||||||
sha256 = "2ed10db306d4c8632b7d04d71d44a04331a6e80e5ebab7296a98e67e8a50fb71";
|
sha256 = "a8fa91669c97440049132119019e90d0a9cf09e96352cf43c7c6ca244894bd4e";
|
||||||
};
|
};
|
||||||
|
|
||||||
postPatch = ''
|
postPatch = ''
|
||||||
|
@ -10,11 +10,11 @@
|
|||||||
|
|
||||||
buildPythonPackage rec {
|
buildPythonPackage rec {
|
||||||
pname = "jenkins-job-builder";
|
pname = "jenkins-job-builder";
|
||||||
version = "3.8.0";
|
version = "3.9.0";
|
||||||
|
|
||||||
src = fetchPypi {
|
src = fetchPypi {
|
||||||
inherit pname version;
|
inherit pname version;
|
||||||
sha256 = "sha256-uRyeRP1y3GS7tXb0kHLBi7+trJRme/Ke3xgOY+LqZ6k=";
|
sha256 = "4a53e146843d567c375c2e61e70a840d75a412402fd78c1dd3da5642a6aaa375";
|
||||||
};
|
};
|
||||||
|
|
||||||
postPatch = ''
|
postPatch = ''
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "cproto";
|
pname = "cproto";
|
||||||
version = "4.7q";
|
version = "4.7r";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
urls = [
|
urls = [
|
||||||
@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
|
|||||||
# No version listings and apparently no versioned tarball over http(s).
|
# No version listings and apparently no versioned tarball over http(s).
|
||||||
"ftp://ftp.invisible-island.net/cproto/cproto-${version}.tgz"
|
"ftp://ftp.invisible-island.net/cproto/cproto-${version}.tgz"
|
||||||
];
|
];
|
||||||
sha256 = "138n5j6lkanbbdcs63irzxny4nfgp0zk66z621xjbnybf920svpk";
|
sha256 = "sha256-bgRg2yVZXHobUz8AUaV4ZKBkp2KjP+2oXbDXmPTUX8U=";
|
||||||
};
|
};
|
||||||
|
|
||||||
# patch made by Joe Khoobyar copied from gentoo bugs
|
# patch made by Joe Khoobyar copied from gentoo bugs
|
||||||
|
@ -1,14 +1,14 @@
|
|||||||
{ stdenv, lib, fetchFromGitLab, ncurses, pkg-config, nix-update-script }:
|
{ stdenv, lib, fetchFromGitLab, ncurses, pkg-config, nix-update-script }:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
version = "1.0.1";
|
version = "1.0.4";
|
||||||
pname = "cbonsai";
|
pname = "cbonsai";
|
||||||
|
|
||||||
src = fetchFromGitLab {
|
src = fetchFromGitLab {
|
||||||
owner = "jallbrit";
|
owner = "jallbrit";
|
||||||
repo = pname;
|
repo = pname;
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "sha256-UTjbc0kGHOQse4sZF94p4LAwMk9vsZg1QHq8iuDcTDk=";
|
sha256 = "sha256-5yyvisExf4Minyr1ApJQ2SoctfjhdU6kEbgBGgHDtCg=";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ pkg-config ];
|
nativeBuildInputs = [ pkg-config ];
|
||||||
|
@ -2,11 +2,11 @@
|
|||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "pax-utils";
|
pname = "pax-utils";
|
||||||
version = "1.2.6";
|
version = "1.2.8";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "http://distfiles.gentoo.org/distfiles/${pname}-${version}.tar.xz";
|
url = "http://distfiles.gentoo.org/distfiles/${pname}-${version}.tar.xz";
|
||||||
sha256 = "08bzvgv1z3371sqf7zlm9i0b1y3wdymj2dqdvzvf192k3nix4hlp";
|
sha256 = "sha256-urTIhG4dLMNmnPqSMdIdszWEHX1Y+eGc0Jn+bOYmsVc=";
|
||||||
};
|
};
|
||||||
|
|
||||||
makeFlags = [ "PREFIX=$(out)" ];
|
makeFlags = [ "PREFIX=$(out)" ];
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
buildGoModule rec {
|
buildGoModule rec {
|
||||||
pname = "matterbridge";
|
pname = "matterbridge";
|
||||||
version = "1.21.0";
|
version = "1.22.0";
|
||||||
|
|
||||||
vendorSha256 = null;
|
vendorSha256 = null;
|
||||||
|
|
||||||
@ -10,7 +10,7 @@ buildGoModule rec {
|
|||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://github.com/42wim/matterbridge/archive/v${version}.tar.gz";
|
url = "https://github.com/42wim/matterbridge/archive/v${version}.tar.gz";
|
||||||
sha256 = "sha256-ehn6KdPpDpfdyWCVfLuZLq2dDmZXc6InlnovqNsdG6Y=";
|
sha256 = "sha256-jwatqxQh4t4tgNiOEjS9vxIM+9XtnH8QNch887+xDnI=";
|
||||||
};
|
};
|
||||||
|
|
||||||
meta = with lib; {
|
meta = with lib; {
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
{ lib, stdenv, fetchurl, fetchFromGitHub, buildGoPackage, buildEnv }:
|
{ lib, stdenv, fetchurl, fetchFromGitHub, buildGoPackage, buildEnv }:
|
||||||
|
|
||||||
let
|
let
|
||||||
version = "5.25.3";
|
version = "5.32.1";
|
||||||
|
|
||||||
mattermost-server = buildGoPackage rec {
|
mattermost-server = buildGoPackage rec {
|
||||||
pname = "mattermost-server";
|
pname = "mattermost-server";
|
||||||
@ -11,7 +11,7 @@ let
|
|||||||
owner = "mattermost";
|
owner = "mattermost";
|
||||||
repo = "mattermost-server";
|
repo = "mattermost-server";
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "03xcwlbb9ff5whsdn2m3kqskxpwpfciikjjndbhksc8k8963z07j";
|
sha256 = "BssrTfkIxUbXYXIfz9i+5b4rEYSzBim+/riK78m8Bxo=";
|
||||||
};
|
};
|
||||||
|
|
||||||
goPackagePath = "github.com/mattermost/mattermost-server";
|
goPackagePath = "github.com/mattermost/mattermost-server";
|
||||||
@ -29,7 +29,7 @@ let
|
|||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://releases.mattermost.com/${version}/mattermost-${version}-linux-amd64.tar.gz";
|
url = "https://releases.mattermost.com/${version}/mattermost-${version}-linux-amd64.tar.gz";
|
||||||
sha256 = "1p1qxzrd6rj1i43vj18ysknrw2v02s7llx94nrdd5lk10ayzmg63";
|
sha256 = "kRerl3fYRTrotj86AIFSor3GpjhABkCmego1ms9HmkQ=";
|
||||||
};
|
};
|
||||||
|
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
buildGoModule rec {
|
buildGoModule rec {
|
||||||
pname = "grafana";
|
pname = "grafana";
|
||||||
version = "7.4.3";
|
version = "7.4.5";
|
||||||
|
|
||||||
excludedPackages = [ "release_publisher" ];
|
excludedPackages = [ "release_publisher" ];
|
||||||
|
|
||||||
@ -10,15 +10,15 @@ buildGoModule rec {
|
|||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
owner = "grafana";
|
owner = "grafana";
|
||||||
repo = "grafana";
|
repo = "grafana";
|
||||||
sha256 = "sha256-FPQa6q1ks9Lpod5sI29YBnGZvVRU12hTiw6GR85/mEs=";
|
sha256 = "10pnwd4d19ry7w2x46acc3j8gjn73b45fzc579gz1hc8hx2b3s0s";
|
||||||
};
|
};
|
||||||
|
|
||||||
srcStatic = fetchurl {
|
srcStatic = fetchurl {
|
||||||
url = "https://dl.grafana.com/oss/release/grafana-${version}.linux-amd64.tar.gz";
|
url = "https://dl.grafana.com/oss/release/grafana-${version}.linux-amd64.tar.gz";
|
||||||
sha256 = "sha256-idbG+K9NVnNhEB0f7DfP7iaEnHMf59ieQtYnmT6CvVM=";
|
sha256 = "1x9jx3ww37cn6r6cn6gqlavmllxydks23vm8w4934bv8zppj1zwz";
|
||||||
};
|
};
|
||||||
|
|
||||||
vendorSha256 = "sha256-LL+EkDZbbaNo/fPMGlPsB8jgBYHoe6SdkBbQoW5y4EU=";
|
vendorSha256 = "0ig0f9pa3l0nj2fs8yz8h42y1j07xi9imk7kzmla6vav6s889grc";
|
||||||
|
|
||||||
postPatch = ''
|
postPatch = ''
|
||||||
substituteInPlace pkg/cmd/grafana-server/main.go \
|
substituteInPlace pkg/cmd/grafana-server/main.go \
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
{ lib, stdenv
|
{ lib, stdenv
|
||||||
, go
|
, go
|
||||||
, fetchurl
|
, fetchurl
|
||||||
|
, redo-apenwarr
|
||||||
, curl
|
, curl
|
||||||
, perl
|
, perl
|
||||||
, genericUpdater
|
, genericUpdater
|
||||||
@ -9,24 +10,33 @@
|
|||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "nncp";
|
pname = "nncp";
|
||||||
version = "5.3.3";
|
version = "6.2.0";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "http://www.nncpgo.org/download/${pname}-${version}.tar.xz";
|
url = "http://www.nncpgo.org/download/${pname}-${version}.tar.xz";
|
||||||
sha256 = "1l35ndzrvpfim29jn1p0bwmc8w892z44nsrdnay28k229r9dhz3h";
|
sha256 = "1zj0v82zqigcxhpc50mvafvi1ihs92ck35vjfrwb7wzzd7nysb17";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ go ];
|
nativeBuildInputs = [ go redo-apenwarr ];
|
||||||
|
|
||||||
preConfigure = ''
|
buildPhase = ''
|
||||||
|
runHook preBuild
|
||||||
export GOCACHE=$PWD/.cache
|
export GOCACHE=$PWD/.cache
|
||||||
|
export CFGPATH=/etc/nncp.hjson
|
||||||
|
export SENDMAIL=sendmail # default value for generated config file
|
||||||
|
redo ''${enableParallelBuilding:+-j''${NIX_BUILD_CORES}}
|
||||||
|
runHook postBuild
|
||||||
'';
|
'';
|
||||||
|
|
||||||
makeFlags = [
|
installPhase = ''
|
||||||
"PREFIX=${placeholder "out"}"
|
runHook preInstall
|
||||||
"CFGPATH=/etc/nncp.hjson"
|
export PREFIX=$out
|
||||||
"SENDMAIL=/run/wrappers/bin/sendmail"
|
rm -f INSTALL # work around case insensitivity
|
||||||
];
|
redo install
|
||||||
|
runHook postInstall
|
||||||
|
'';
|
||||||
|
|
||||||
|
enableParallelBuilding = true;
|
||||||
|
|
||||||
passthru.updateScript = genericUpdater {
|
passthru.updateScript = genericUpdater {
|
||||||
inherit pname version;
|
inherit pname version;
|
||||||
@ -54,7 +64,7 @@ stdenv.mkDerivation rec {
|
|||||||
transmission exists.
|
transmission exists.
|
||||||
'';
|
'';
|
||||||
homepage = "http://www.nncpgo.org/";
|
homepage = "http://www.nncpgo.org/";
|
||||||
license = licenses.gpl3;
|
license = licenses.gpl3Only;
|
||||||
platforms = platforms.all;
|
platforms = platforms.all;
|
||||||
maintainers = [ maintainers.woffs ];
|
maintainers = [ maintainers.woffs ];
|
||||||
};
|
};
|
||||||
|
@ -1,30 +1,66 @@
|
|||||||
{ mkDerivation, fetchurl, lib
|
{ mkDerivation, fetchurl, lib, makeWrapper
|
||||||
, extra-cmake-modules, kdoctools, wrapGAppsHook, wrapQtAppsHook
|
, extra-cmake-modules, kdoctools, wrapGAppsHook, wrapQtAppsHook
|
||||||
, kconfig, kcrash, kinit, kpmcore
|
, kconfig, kcrash, kinit, kpmcore
|
||||||
, eject, libatasmart , util-linux, qtbase
|
, cryptsetup, lvm2, mdadm, smartmontools, systemdMinimal, util-linux
|
||||||
|
, btrfs-progs, dosfstools, e2fsprogs, exfat, f2fs-tools, fatresize, hfsprogs
|
||||||
|
, jfsutils, nilfs-utils, ntfs3g, reiser4progs, reiserfsprogs, udftools, xfsprogs, zfs
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
pname = "partitionmanager";
|
# External programs are resolved by `partition-manager` and then
|
||||||
|
# invoked by `kpmcore_externalcommand` from `kpmcore` as root.
|
||||||
|
# So these packages should be in PATH of `partition-manager`.
|
||||||
|
# https://github.com/KDE/kpmcore/blob/06f15334ecfbe871730a90dbe2b694ba060ee998/src/util/externalcommand_whitelist.h
|
||||||
|
runtimeDeps = lib.makeBinPath [
|
||||||
|
cryptsetup
|
||||||
|
lvm2
|
||||||
|
mdadm
|
||||||
|
smartmontools
|
||||||
|
systemdMinimal
|
||||||
|
util-linux
|
||||||
|
|
||||||
|
btrfs-progs
|
||||||
|
dosfstools
|
||||||
|
e2fsprogs
|
||||||
|
exfat
|
||||||
|
f2fs-tools
|
||||||
|
fatresize
|
||||||
|
hfsprogs
|
||||||
|
jfsutils
|
||||||
|
nilfs-utils
|
||||||
|
ntfs3g
|
||||||
|
reiser4progs
|
||||||
|
reiserfsprogs
|
||||||
|
udftools
|
||||||
|
xfsprogs
|
||||||
|
zfs
|
||||||
|
|
||||||
|
# FIXME: Missing command: tune.exfat hfsck hformat fsck.nilfs2 {fsck,mkfs,debugfs,tunefs}.ocfs2
|
||||||
|
];
|
||||||
|
|
||||||
in mkDerivation rec {
|
in mkDerivation rec {
|
||||||
name = "${pname}-${version}";
|
pname = "partitionmanager";
|
||||||
version = "3.3.1";
|
# NOTE: When changing this version, also change the version of `kpmcore`.
|
||||||
|
version = "4.2.0";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "mirror://kde/stable/${pname}/${version}/src/${name}.tar.xz";
|
url = "mirror://kde/stable/${pname}/${version}/src/${pname}-${version}.tar.xz";
|
||||||
sha256 = "0jhggb4xksb0k0mj752n6pz0xmccnbzlp984xydqbz3hkigra1si";
|
hash = "sha256-6Qlt1c47Eek6TkWWBzTyBZYJ1jfhtwsC9X5q5h6IhPg=";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ extra-cmake-modules kdoctools wrapGAppsHook wrapQtAppsHook ];
|
nativeBuildInputs = [ extra-cmake-modules kdoctools wrapGAppsHook wrapQtAppsHook makeWrapper ];
|
||||||
|
|
||||||
# refer to kpmcore for the use of eject
|
|
||||||
buildInputs = [ eject libatasmart util-linux ];
|
|
||||||
propagatedBuildInputs = [ kconfig kcrash kinit kpmcore ];
|
propagatedBuildInputs = [ kconfig kcrash kinit kpmcore ];
|
||||||
|
|
||||||
|
postFixup = ''
|
||||||
|
wrapProgram $out/bin/partitionmanager \
|
||||||
|
--prefix PATH : "${runtimeDeps}"
|
||||||
|
'';
|
||||||
|
|
||||||
meta = with lib; {
|
meta = with lib; {
|
||||||
description = "KDE Partition Manager";
|
description = "KDE Partition Manager";
|
||||||
license = licenses.gpl2;
|
license = with licenses; [ cc-by-40 cc0 gpl3Plus lgpl3Plus mit ];
|
||||||
homepage = "https://www.kde.org/applications/system/kdepartitionmanager/";
|
homepage = "https://www.kde.org/applications/system/kdepartitionmanager/";
|
||||||
maintainers = with maintainers; [ peterhoeg ];
|
maintainers = with maintainers; [ peterhoeg oxalica ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -929,7 +929,9 @@ let
|
|||||||
|
|
||||||
ppx_bap = callPackage ../development/ocaml-modules/ppx_bap { };
|
ppx_bap = callPackage ../development/ocaml-modules/ppx_bap { };
|
||||||
|
|
||||||
ppx_bitstring = callPackage ../development/ocaml-modules/bitstring/ppx.nix { };
|
ppx_bitstring = callPackage ../development/ocaml-modules/bitstring/ppx.nix {
|
||||||
|
ppxlib = ppxlib.override { version = "0.22.0"; };
|
||||||
|
};
|
||||||
|
|
||||||
ppxfind = callPackage ../development/ocaml-modules/ppxfind { };
|
ppxfind = callPackage ../development/ocaml-modules/ppxfind { };
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user