Merge staging-next into staging

maintainers/maintainer-list.nix

@@ -5553,6 +5553,12 @@
     matrix = "@chris:netsoj.nl";
     name = "Chris Josten";
   };
+  henkery = {
+    email = "jim@reupload.nl";
+    github = "henkery";
+    githubId = 1923309;
+    name = "Jim van Abkoude";
+  };
   henrikolsson = {
     email = "henrik@fixme.se";
     github = "henrikolsson";

nixos/modules/programs/firefox.nix

@@ -42,7 +42,7 @@ in
       description = mdDoc ''
         Group policies to install.
 
-        See [Mozilla's documentation](https://github.com/mozilla/policy-templates/blob/master/README.md")
+        See [Mozilla's documentation](https://github.com/mozilla/policy-templates/blob/master/README.md)
         for a list of available options.
 
         This can be used to install extensions declaratively! Check out the
@@ -79,6 +79,114 @@ in
       '';
     };
 
+    languagePacks = mkOption {
+      # Available languages can be found in https://releases.mozilla.org/pub/firefox/releases/${cfg.package.version}/linux-x86_64/xpi/
+      type = types.listOf (types.enum ([
+        "ach"
+        "af"
+        "an"
+        "ar"
+        "ast"
+        "az"
+        "be"
+        "bg"
+        "bn"
+        "br"
+        "bs"
+        "ca-valencia"
+        "ca"
+        "cak"
+        "cs"
+        "cy"
+        "da"
+        "de"
+        "dsb"
+        "el"
+        "en-CA"
+        "en-GB"
+        "en-US"
+        "eo"
+        "es-AR"
+        "es-CL"
+        "es-ES"
+        "es-MX"
+        "et"
+        "eu"
+        "fa"
+        "ff"
+        "fi"
+        "fr"
+        "fy-NL"
+        "ga-IE"
+        "gd"
+        "gl"
+        "gn"
+        "gu-IN"
+        "he"
+        "hi-IN"
+        "hr"
+        "hsb"
+        "hu"
+        "hy-AM"
+        "ia"
+        "id"
+        "is"
+        "it"
+        "ja"
+        "ka"
+        "kab"
+        "kk"
+        "km"
+        "kn"
+        "ko"
+        "lij"
+        "lt"
+        "lv"
+        "mk"
+        "mr"
+        "ms"
+        "my"
+        "nb-NO"
+        "ne-NP"
+        "nl"
+        "nn-NO"
+        "oc"
+        "pa-IN"
+        "pl"
+        "pt-BR"
+        "pt-PT"
+        "rm"
+        "ro"
+        "ru"
+        "sco"
+        "si"
+        "sk"
+        "sl"
+        "son"
+        "sq"
+        "sr"
+        "sv-SE"
+        "szl"
+        "ta"
+        "te"
+        "th"
+        "tl"
+        "tr"
+        "trs"
+        "uk"
+        "ur"
+        "uz"
+        "vi"
+        "xh"
+        "zh-CN"
+        "zh-TW"
+      ]));
+      default = [ ];
+      description = mdDoc ''
+        The language packs to install.
+      '';
+    };
+
     autoConfig = mkOption {
       type = types.lines;
       default = "";
@@ -136,10 +244,19 @@ in
       };
 
     # Preferences are converted into a policy
-    programs.firefox.policies = mkIf (cfg.preferences != { }) {
+    programs.firefox.policies = {
       Preferences = (mapAttrs
         (_: value: { Value = value; Status = cfg.preferencesStatus; })
         cfg.preferences);
+      ExtensionSettings = listToAttrs (map
+        (lang: nameValuePair
+          "langpack-${lang}@firefox.mozilla.org"
+          {
+            installation_mode = "normal_installed";
+            install_url = "https://releases.mozilla.org/pub/firefox/releases/${cfg.package.version}/linux-x86_64/xpi/${lang}.xpi";
+          }
+        )
+        cfg.languagePacks);
     };
   };
 

nixos/tests/sourcehut.nix

@@ -35,7 +35,7 @@ let
           };
 
           security.sudo.wheelNeedsPassword = false;
-          nix.trustedUsers = [ "root" "build" ];
+          nix.settings.trusted-users = [ "root" "build" ];
           documentation.nixos.enable = false;
 
           # builds.sr.ht-image-specific network settings

pkgs/applications/audio/tuner/default.nix

@@ -0,0 +1,68 @@
+{ stdenv
+, lib
+, fetchFromGitHub
+, pkg-config
+, meson
+, ninja
+, vala
+, glib
+, itstool
+, wrapGAppsHook
+, desktop-file-utils
+, libsoup
+, json-glib
+, geoclue2
+, geocode-glib
+, libgee
+, gtk3
+, pantheon
+, gst_all_1
+}:
+
+stdenv.mkDerivation rec {
+  pname = "tuner";
+  version = "1.5.1";
+
+  src = fetchFromGitHub {
+    owner = "louis77";
+    repo = pname;
+    rev = version;
+    sha256 = "sha256-tG1AMEqHcp4jHNgWDy9fS2FtlxFTlpMD5MVbepIY+GY=";
+  };
+
+  nativeBuildInputs = [
+    pkg-config
+    meson
+    ninja
+    vala
+    glib
+    itstool
+    wrapGAppsHook
+    desktop-file-utils
+  ];
+
+  buildInputs = [
+    libsoup
+    json-glib
+    geoclue2
+    geocode-glib
+    libgee
+    glib
+    gtk3
+    pantheon.granite
+    gst_all_1.gstreamer
+    gst_all_1.gst-plugins-base
+    gst_all_1.gst-plugins-bad
+    gst_all_1.gst-plugins-good
+    gst_all_1.gst-plugins-ugly
+  ];
+
+  meta = with lib; {
+    homepage = "https://github.com/louis77/tuner";
+    description = "An app to discover and play internet radio stations";
+    license = licenses.gpl3Plus;
+    platforms = platforms.linux;
+    mainProgram = "com.github.louis77.tuner";
+    maintainers = [ maintainers.abbe ];
+  };
+}

pkgs/applications/audio/vcv-rack/default.nix

@@ -115,7 +115,7 @@ let
 in
 stdenv.mkDerivation rec {
   pname = "VCV-Rack";
-  version = "2.2.0";
+  version = "2.2.1";
 
   desktopItems = [
     (makeDesktopItem {
@@ -135,7 +135,7 @@ stdenv.mkDerivation rec {
     owner = "VCVRack";
     repo = "Rack";
     rev = "v${version}";
-    sha256 = "1ag1syjxdzxx13pdcfga9ksc6a5hw9bcdfhbry8qd2pxs9lmv2q6";
+    sha256 = "079alr6y0101k92v5lrnycljcbifh0hsvklbf4w5ax2zrxnyplq8";
   };
 
   patches = [
@@ -203,11 +203,9 @@ stdenv.mkDerivation rec {
     zstd
   ];
 
-  makeFlags = [
-    ( if stdenv.hostPlatform.system == "aarch64-linux"
-      then "MACHINE=arm64-linux"
-      else "MACHINE=${stdenv.hostPlatform.config}"
-    )
+  makeFlags = lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [
+    "CROSS_COMPILE=${stdenv.cc.targetPrefix}"
+  ] ++ [
     "all"
     "plugins"
   ];

pkgs/applications/audio/vcv-rack/rack-minimize-vendoring.patch

@@ -1,5 +1,5 @@
 diff --git a/Makefile b/Makefile
-index e1be07d1..309b3b0b 100644
+index fc7c3af1..c3672c6a 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -34,7 +34,7 @@ ifdef ARCH_LIN

pkgs/applications/blockchains/btcpayserver/default.nix

@@ -6,13 +6,13 @@
 
 buildDotnetModule rec {
   pname = "btcpayserver";
-  version = "1.7.1";
+  version = "1.7.2";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-6E8TJ1NgWlLTegDQ4UcCQpAAQibbefg5x7qhSrSKAgc=";
+    sha256 = "sha256-EZ8gfpTBmTB/lGtexZYbD9x1F7rFXIEaEhhwS6gOEV4=";
   };
 
   projectFile = "BTCPayServer/BTCPayServer.csproj";

pkgs/applications/blockchains/btcpayserver/deps.nix

@@ -31,48 +31,58 @@
   })
   (fetchNuGet {
     pname = "BTCPayServer.Lightning.All";
-    version = "1.4.9";
-    sha256 = "0r9ssz00d0zbbszs1ypc9jvbwg5myh9jmw46wvzk0jhp5xfz5mip";
+    version = "1.4.12";
+    sha256 = "1n7yv6q8fbk02d334a19zyicvlammjhfrg9rf18jyb3szj8g36k7";
   })
   (fetchNuGet {
     pname = "BTCPayServer.Lightning.Charge";
-    version = "1.3.14";
-    sha256 = "1frhj5jmncsdcb1x5jy733l40bqifdwirmq6mjdn3596fmgjvh9b";
+    version = "1.3.16";
+    sha256 = "050wh5gw3hgql8191z0yv7sj06wg5da6kvkbcg9hq3ildj0fdj67";
   })
   (fetchNuGet {
     pname = "BTCPayServer.Lightning.CLightning";
+    version = "1.3.19";
+    sha256 = "1jx9233apry0kb54df7k0p7vrsp3hp27f5d0j2802gry04sihrl7";
+  })
+  (fetchNuGet {
+    pname = "BTCPayServer.Lightning.Common";
     version = "1.3.16";
-    sha256 = "0nh1fcjpkl6l2par60p0w7nwc45za28iagmdsq6czz68kpvfx83c";
+    sha256 = "1g37736b4k0ncpyy2qycbk4l85fqvgwac3k98nbdj0dvhfghp1dn";
   })
   (fetchNuGet {
     pname = "BTCPayServer.Lightning.Common";
-    version = "1.3.15";
-    sha256 = "1axmdn6qdzxljdvidw8s68sfgy5ykmxv0nkzcdsgdmhisahaz2pa";
-  })
-  (fetchNuGet {
-    pname = "BTCPayServer.Lightning.Common";
-    version = "1.3.7";
-    sha256 = "1hsn51zx34fswjph1dgplwj92045d4ymallryjxbm5gl1wgnvqvz";
+    version = "1.3.17";
+    sha256 = "1bb8q57lnqnp3wijw41vvbwgz8rgg4g9pw8qhd4iiqi1w94q1bkz";
   })
   (fetchNuGet {
     pname = "BTCPayServer.Lightning.Eclair";
-    version = "1.3.14";
-    sha256 = "1ld5diahj75jbnqmvvsc0h65sbd4i73k7sik325yw4gvz4jmw2ih";
+    version = "1.3.16";
+    sha256 = "1q109kmzj99axk35l68z3gi29ww1xd62zaxj1f39myvlcv9ncb41";
   })
   (fetchNuGet {
     pname = "BTCPayServer.Lightning.LNBank";
-    version = "1.3.16";
-    sha256 = "0nq36jg0qfj93djk5b9i42v8gm2zqkf8a2ddb69z52gsg8ixvcm6";
+    version = "1.3.18";
+    sha256 = "166v6mhmy47fgny55c4mzqb2x7anqyxnd0g409vfgyg5fq4gc15v";
   })
   (fetchNuGet {
     pname = "BTCPayServer.Lightning.LND";
-    version = "1.4.7";
-    sha256 = "144wlnlvkmn1hrl7kwsqfvlla3lknd599rmp6zf1nv0n4jsj15l4";
+    version = "1.4.9";
+    sha256 = "0ya365w3i3sjv7wafm6wmasf9mpfsh0fcbhawsv5br7m7lpppwhh";
   })
   (fetchNuGet {
     pname = "BTCPayServer.Lightning.LNDhub";
-    version = "1.0.10";
-    sha256 = "12c5gmd62vik0ar786jlhzf0gid4smi5ysl12mxpx1i0dndgapbh";
+    version = "1.0.12";
+    sha256 = "1gb61a5mdmyigy7ps2c8n4iig6i32rdsif9kwn35yxx25zbnmbk2";
+  })
+  (fetchNuGet {
+    pname = "BTCPayServer.NETCore.Plugins.Mvc";
+    version = "1.4.4";
+    sha256 = "1kmmj5m7s41wc1akpqw1b1j7pp4c0vn6sqxb487980ibpj6hyisl";
+  })
+  (fetchNuGet {
+    pname = "BTCPayServer.NETCore.Plugins";
+    version = "1.4.4";
+    sha256 = "0rk0prmb0539ji5fd33cqy3yvw51i5i8m5hb43admr5z8960dd6l";
   })
   (fetchNuGet {
     pname = "CsvHelper";
@@ -171,24 +181,14 @@
   })
   (fetchNuGet {
     pname = "LNURL";
-    version = "0.0.26";
-    sha256 = "0gb6n5zvf3mnmychbv3hmzbfllxamq26y1c18ql6y02wy2asrwff";
+    version = "0.0.27";
+    sha256 = "126rhls5yxxw4i419w59762cq3zmjccjd8x42qmb4nhqmbgybkzm";
   })
   (fetchNuGet {
     pname = "MailKit";
     version = "3.3.0";
     sha256 = "18l0jkrc4d553kiw4vdjzzpafpvsgjs1n19kjbi8isnhzidmsl4j";
   })
-  (fetchNuGet {
-    pname = "McMaster.NETCore.Plugins.Mvc";
-    version = "1.4.0";
-    sha256 = "07i0p6236hyh1c3cb5v6zkayq5807rd6msc341v2jh6yd5radasy";
-  })
-  (fetchNuGet {
-    pname = "McMaster.NETCore.Plugins";
-    version = "1.4.0";
-    sha256 = "1k2qz0qnf2b1kfwbzcynivy93jm7dcwl866d0fl7qlgq5vql7niy";
-  })
   (fetchNuGet {
     pname = "Microsoft.AspNet.SignalR.Client";
     version = "2.4.3";
@@ -364,11 +364,6 @@
     version = "2.0.4";
     sha256 = "1fdzln4im9hb55agzwchbfgm3vmngigmbpci5j89b0gqcxixmv8j";
   })
-  (fetchNuGet {
-    pname = "Microsoft.DotNet.PlatformAbstractions";
-    version = "3.1.6";
-    sha256 = "0b9myd7gqbpaw9pkd2bx45jhik9mwj0f1ss57sk2cxmag2lkdws5";
-  })
   (fetchNuGet {
     pname = "Microsoft.EntityFrameworkCore.Abstractions";
     version = "6.0.7";
@@ -554,11 +549,6 @@
     version = "2.0.4";
     sha256 = "041i1vlcibpzgalxxzdk81g5pgmqvmz2g61k0rqa2sky0wpvijx9";
   })
-  (fetchNuGet {
-    pname = "Microsoft.Extensions.DependencyModel";
-    version = "5.0.0";
-    sha256 = "1mma1zxi0b40972cwfvkj9y0w9r7vjbi74784jzcb22pric00k5x";
-  })
   (fetchNuGet {
     pname = "Microsoft.Extensions.DependencyModel";
     version = "6.0.0";
@@ -816,8 +806,13 @@
   })
   (fetchNuGet {
     pname = "NBitcoin";
-    version = "7.0.14";
-    sha256 = "18nxx13fz3i7kmigijnynvrbx2i5cb3v4m89nvnxl38vcw7w5jys";
+    version = "7.0.18";
+    sha256 = "02kkgymdb80cidibrs6qpy1zjwcfbkwv9zqz9s0swf5zp7qvcakn";
+  })
+  (fetchNuGet {
+    pname = "NBitcoin";
+    version = "7.0.20";
+    sha256 = "0gl39v1mvnhdrqn8dmmslsyj4w4yc4l447zp62bfnwm5ppcwda9z";
   })
   (fetchNuGet {
     pname = "NBitpayClient";
@@ -826,8 +821,8 @@
   })
   (fetchNuGet {
     pname = "NBXplorer.Client";
-    version = "4.2.1";
-    sha256 = "0sizhzz6ry40fphd3lqqj8r9ik103jzrq1ql57rl1zfh1490zq5y";
+    version = "4.2.2";
+    sha256 = "0a8zy9iasgmr7mqhjrbxa2shnygpp97pbg5qnk7ix50y01k9blyw";
   })
   (fetchNuGet {
     pname = "NETStandard.Library";
@@ -1036,8 +1031,8 @@
   })
   (fetchNuGet {
     pname = "Selenium.WebDriver.ChromeDriver";
-    version = "105.0.5195.5200";
-    sha256 = "0vna0mnd2zay6gpgjkd0c4haf2ga8l6grbbhjb6ffzhglyz14993";
+    version = "108.0.5359.7100";
+    sha256 = "13yy6j8vccwv0cd6idhb0hf4asbx9fypag9fj0ldx2rir02a5vxj";
   })
   (fetchNuGet {
     pname = "Selenium.WebDriver";

pkgs/applications/blockchains/nbxplorer/default.nix

@@ -6,13 +6,13 @@
 
 buildDotnetModule rec {
   pname = "nbxplorer";
-  version = "2.3.49";
+  version = "2.3.54";
 
   src = fetchFromGitHub {
     owner = "dgarage";
     repo = "NBXplorer";
     rev = "v${version}";
-    sha256 = "sha256-ErAdFY65EYY988+xqSd6v57NbFeOE3Yt5mvn6C0TuRE=";
+    sha256 = "sha256-WINanMGAlZioD6XP0xK6H+KTlF/NRMAmhylmRV6y2uI=";
   };
 
   projectFile = "NBXplorer/NBXplorer.csproj";

pkgs/applications/blockchains/nbxplorer/deps.nix

@@ -191,18 +191,13 @@
   })
   (fetchNuGet {
     pname = "NBitcoin.TestFramework";
-    version = "3.0.15";
-    sha256 = "1bhm9hrm33nx4sn5i25az19nrmkfg074m52zpz0yf02ccdvk5x5w";
+    version = "3.0.19";
+    sha256 = "0wi5bpbab2lgsqhi4v52ycvpv5x64qkgf0if9v011hhk5xjn1x4m";
   })
   (fetchNuGet {
     pname = "NBitcoin";
-    version = "7.0.14";
-    sha256 = "18nxx13fz3i7kmigijnynvrbx2i5cb3v4m89nvnxl38vcw7w5jys";
-  })
-  (fetchNuGet {
-    pname = "NBitcoin";
-    version = "7.0.18";
-    sha256 = "02kkgymdb80cidibrs6qpy1zjwcfbkwv9zqz9s0swf5zp7qvcakn";
+    version = "7.0.22";
+    sha256 = "1911mwz23qm9qnlfsm2j6qdkj1l43gjym4di8r50zikfnyd654sx";
   })
   (fetchNuGet {
     pname = "NETStandard.Library";

pkgs/applications/misc/mob/default.nix

@@ -9,13 +9,13 @@
 
 buildGoModule rec {
   pname = "mob";
-  version = "4.0.0";
+  version = "4.1.1";
 
   src = fetchFromGitHub {
     owner = "remotemobprogramming";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-c6Feex0FGxxOWBEHxe0GqPHv65EwMMdxIeehZUGbl0Q=";
+    sha256 = "sha256-P3OxqJNhzO/aPC4Nj3vvBy5cxaahQv0IsjlIKya0p1w=";
   };
 
   vendorSha256 = null;

pkgs/applications/networking/instant-messengers/pidgin-plugins/sipe/default.nix

@@ -25,6 +25,7 @@ stdenv.mkDerivation rec {
 
   nativeBuildInputs = [ intltool ];
   buildInputs = [ pidgin gmime libxml2 nss ];
+  configureFlags = [ "--without-dbus" ];
   enableParallelBuilding = true;
 
   postInstall = "ln -s \$out/lib/purple-2 \$out/share/pidgin-sipe";

pkgs/applications/networking/instant-messengers/signal-desktop/generic.nix

@@ -47,6 +47,7 @@
 , libdbusmenu
 , libpulseaudio
 , xdg-utils
+, wayland
 }:
 
 stdenv.mkDerivation rec {
@@ -112,6 +113,7 @@ stdenv.mkDerivation rec {
     libnotify
     libdbusmenu
     xdg-utils
+    wayland
   ];
 
   unpackPhase = "dpkg-deb -x $src .";

pkgs/applications/radio/dump1090/default.nix

@@ -11,13 +11,13 @@
 
 stdenv.mkDerivation rec {
   pname = "dump1090";
-  version = "7.1";
+  version = "8.2";
 
   src = fetchFromGitHub {
     owner = "flightaware";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-1fD8ZMkTS/r+p1rrOfJhH2sz3sJCapQcvk8f8crGApw=";
+    sha256 = "sha256-SUvK9XTXIDimEMEnORnp/Af/F030TZTxLI43Jzz31Js=";
   };
 
   nativeBuildInputs = [ pkg-config ];

pkgs/applications/radio/qradiolink/default.nix

@@ -14,6 +14,7 @@
 , libsndfile
 , libftdi
 , limesuite
+, soapysdr-with-plugins
 , protobuf
 , speex
 , speexdsp
@@ -23,13 +24,13 @@
 
 gnuradio3_8.pkgs.mkDerivation rec {
   pname = "qradiolink";
-  version = "0.8.7-1";
+  version = "0.8.8-1";
 
   src = fetchFromGitHub {
     owner = "qradiolink";
     repo = "qradiolink";
     rev = version;
-    sha256 = "sha256-4WkAEJvWu1+ZYDeipRl1oJWn5IR1nTXJ8We0trhbkQE=";
+    sha256 = "sha256-2M5TSTNbbH188GiKqjP+IfBqks379Fw0fiGLBNiaxEg=";
   };
 
   preBuild = ''
@@ -58,6 +59,7 @@ gnuradio3_8.pkgs.mkDerivation rec {
     libopus
     libjpeg
     limesuite
+    soapysdr-with-plugins
     speex
     speexdsp
     gnuradio3_8.qt.qtbase

pkgs/development/libraries/gdal/default.nix

@@ -1,7 +1,6 @@
 { lib
 , stdenv
 , fetchFromGitHub
-, fetchpatch
 , bison
 , cmake
 , doxygen
@@ -62,24 +61,15 @@
 
 stdenv.mkDerivation rec {
   pname = "gdal";
-  version = "3.6.0.1";
+  version = "3.6.1";
 
   src = fetchFromGitHub {
     owner = "OSGeo";
     repo = "gdal";
     rev = "v${version}";
-    hash = "sha256-Yx7tmj2Y26FE5rzN+w1gg/7yRckNo6gLudrAPRoCro4=";
+    hash = "sha256-hWuV73b7czmbxpnd82V2FHM+ak9JviDHVodVXAHh/pc=";
   };
 
-  patches = [
-    # https://github.com/OSGeo/gdal/pull/6754
-    (fetchpatch {
-      name = "skip-test-failing-on-macos.patch";
-      url = "https://github.com/OSGeo/gdal/commit/65b2b12fa6638653f54d3ca0f8066225597832b9.patch";
-      hash = "sha256-zpj4jMp01Oz+Zk1b59qdoVxhkwWmTN9bwoKwbau2ADY=";
-    })
-  ];
-
   nativeBuildInputs = [
     bison
     cmake

pkgs/development/libraries/mitama-cpp-result/default.nix

@@ -0,0 +1,36 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, cmake
+}:
+
+stdenv.mkDerivation (finalAttrs: {
+  pname = "mitama-cpp-result";
+  version = "9.3.0";
+
+  src = fetchFromGitHub {
+    owner = "LoliGothick";
+    repo = "mitama-cpp-result";
+    rev = "v${finalAttrs.version}";
+    hash = "sha256-CWYVPpmPIZZTsqXKh+Ft3SlQ4C9yjUof1mJ8Acn5kmM=";
+  };
+
+  nativeBuildInputs = [
+    cmake
+  ];
+
+  meta = with lib; {
+    homepage = "https://github.com/LoliGothick/mitama-cpp-result";
+    description = "A Library that provides `result<T, E>` and `maybe<T>` and monadic functions for them";
+    longDescription = ''
+      mitama-cpp-result is the C++17 libraries for error handling without exceptions.
+
+      mitama-cpp-result provides `result<T, E>`, `maybe<T>`, and associated monadic functions
+      (like Result and Option in Programming Language Rust).
+    '';
+    license = licenses.mit;
+    maintainers = with maintainers; [ ken-matsui ];
+    platforms = platforms.unix;
+  };
+})
+# TODO [ ken-matsui ]: tests

pkgs/development/libraries/mygui/default.nix

@@ -1,9 +1,24 @@
-{  lib, stdenv, fetchFromGitHub, libX11, cmake, ois, freetype, libuuid,
-   boost, pkg-config, withOgre ? false, ogre ? null, libGL, libGLU ? null } :
+{ lib
+, stdenv
+, fetchFromGitHub
+, cmake
+, pkg-config
+, boost
+, freetype
+, libuuid
+, ois
+, withOgre ? false
+, ogre
+, libGL
+, libGLU
+, libX11
+, Cocoa
+}:
 
 let
   renderSystem = if withOgre then "3" else "4";
-in stdenv.mkDerivation rec {
+in
+stdenv.mkDerivation rec {
   pname = "mygui";
   version = "3.4.0";
 
@@ -14,17 +29,42 @@ in stdenv.mkDerivation rec {
     sha256 = "0a4zi8w18pjj813n7kmxldl1d9r1jp0iyhkw7pbqgl8f7qaq994w";
   };
 
-  nativeBuildInputs = [ cmake pkg-config ];
-  buildInputs = [ libX11 ois freetype libuuid boost ]
-    ++ (if withOgre then [ ogre ] else [ libGL libGLU ]);
+  patches = [
+    ./disable-framework.patch
+  ];
+
+  nativeBuildInputs = [
+    cmake
+    pkg-config
+  ];
+
+  buildInputs = [
+    boost
+    freetype
+    libuuid
+    ois
+  ] ++ lib.optionals withOgre [
+    ogre
+  ] ++ lib.optionals (!withOgre && stdenv.isLinux) [
+    libGL
+    libGLU
+  ] ++ lib.optionals stdenv.isLinux [
+    libX11
+  ] ++ lib.optionals stdenv.isDarwin [
+    Cocoa
+  ];
 
   # Tools are disabled due to compilation failures.
-  cmakeFlags = [ "-DMYGUI_BUILD_TOOLS=OFF" "-DMYGUI_BUILD_DEMOS=OFF" "-DMYGUI_RENDERSYSTEM=${renderSystem}" ];
+  cmakeFlags = [
+    "-DMYGUI_BUILD_TOOLS=OFF"
+    "-DMYGUI_BUILD_DEMOS=OFF"
+    "-DMYGUI_RENDERSYSTEM=${renderSystem}"
+  ];
 
   meta = with lib; {
     homepage = "http://mygui.info/";
     description = "Library for creating GUIs for games and 3D applications";
     license = licenses.lgpl3Plus;
-    platforms = platforms.linux;
+    platforms = platforms.unix;
   };
 }

pkgs/development/libraries/mygui/disable-framework.patch

@@ -0,0 +1,19 @@
+diff --git a/CMake/Utils/MyGUIConfigTargets.cmake b/CMake/Utils/MyGUIConfigTargets.cmake
+index bba3f91..8f4f351 100644
+--- a/CMake/Utils/MyGUIConfigTargets.cmake
++++ b/CMake/Utils/MyGUIConfigTargets.cmake
+@@ -477,14 +477,6 @@ function(mygui_config_lib PROJECTNAME)
+ 		if (CMAKE_COMPILER_IS_GNUCXX OR CMAKE_CXX_COMPILER_ID MATCHES "Clang" OR CMAKE_CXX_COMPILER_ID MATCHES "Intel")
+ 			# add GCC visibility flags to shared library build
+ 			set_target_properties(${PROJECTNAME} PROPERTIES COMPILE_FLAGS "${MYGUI_GCC_VISIBILITY_FLAGS}")
+-			if (APPLE)
+-				# deal with Mac OS X's framework system
+-				set_target_properties(${PROJECTNAME} PROPERTIES FRAMEWORK TRUE)
+-				set_target_properties(${PROJECTNAME} PROPERTIES PUBLIC_HEADER "${${PROJECTNAME}_HEADERS}")
+-				set_target_properties(${PROJECTNAME} PROPERTIES OUTPUT_NAME ${PROJECTNAME})
+-				set_target_properties(${PROJECTNAME} PROPERTIES BUILD_WITH_INSTALL_RPATH TRUE)
+-				set_target_properties(${PROJECTNAME} PROPERTIES INSTALL_NAME_DIR "@executable_path/../Frameworks")
+-			endif (APPLE)
+ 		endif ()
+ 	endif (MYGUI_STATIC)
+ 	mygui_install_target(${PROJECTNAME} "")

pkgs/development/libraries/pdal/default.nix

@@ -11,6 +11,7 @@
 , enableE57 ? lib.meta.availableOn stdenv.hostPlatform libe57format
 , libe57format
 , libgeotiff
+, libtiff
 , libxml2
 , postgresql
 , tiledb
@@ -21,13 +22,13 @@
 
 stdenv.mkDerivation rec {
   pname = "pdal";
-  version = "2.4.0";
+  version = "2.4.3";
 
   src = fetchFromGitHub {
     owner = "PDAL";
     repo = "PDAL";
     rev = version;
-    sha256 = "sha256-w9Fu4Op6OdaxdvOUM+glpJUEZq//EwRD2lqzYrMXk8w=";
+    sha256 = "sha256-9TQlhuGSTnHsTlJos9Hwnyl1CxI0tXLZdqsaGdp6WIE=";
   };
 
   nativeBuildInputs = [
@@ -42,6 +43,7 @@ stdenv.mkDerivation rec {
     hdf5-cpp
     LASzip
     libgeotiff
+    libtiff
     libxml2
     postgresql
     tiledb

pkgs/development/misc/resholve/default.nix

@@ -16,13 +16,11 @@ let
     self = python27';
     pkgsBuildHost = pkgsBuildHost // { python27 = python27'; };
     # strip down that python version as much as possible
-    openssl = null;
     bzip2 = null;
     readline = null;
     ncurses = null;
     gdbm = null;
     sqlite = null;
-    libffi = null;
     rebuildBytecode = false;
     stripBytecode = true;
     strip2to3 = true;

pkgs/development/python-modules/appthreat-vulnerability-db/default.nix

@@ -3,19 +3,19 @@
 , buildPythonPackage
 , cvss
 , fetchFromGitHub
+, httpx
 , msgpack
 , orjson
 , packageurl-python
 , pytestCheckHook
 , pythonOlder
-, requests
 , semver
 , tabulate
 }:
 
 buildPythonPackage rec {
   pname = "appthreat-vulnerability-db";
-  version = "4.1.12";
+  version = "4.2.0";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
@@ -24,16 +24,16 @@ buildPythonPackage rec {
     owner = "AppThreat";
     repo = "vulnerability-db";
     rev = "refs/tags/v${version}";
-    hash = "sha256-DHjB8hT9rP1yyeo9I5D8JGIXq+17RYX+e6H7BBuWTw4=";
+    hash = "sha256-uZkPQYuF8EbX5+Qyj7CjxJhpT+DywCSwbORKXqaY0z8=";
   };
 
   propagatedBuildInputs = [
     appdirs
     cvss
+    httpx
     msgpack
     orjson
     packageurl-python
-    requests
     semver
     tabulate
   ];

pkgs/development/python-modules/google-cloud-access-context-manager/default.nix

@@ -7,14 +7,14 @@
 
 buildPythonPackage rec {
   pname = "google-cloud-access-context-manager";
-  version = "0.1.14";
+  version = "0.1.15";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-GFS9VvdXHxP1KvJzQkgjmYXO3qpMXl8yICGZEr18O8M=";
+    hash = "sha256-W6Nb+H2CaULQ7Hp1hYxtnF9ITYa++Usc7XVoPkQPnVk=";
   };
 
   propagatedBuildInputs = [
@@ -31,6 +31,7 @@ buildPythonPackage rec {
   meta = with lib; {
     description = "Protobufs for Google Access Context Manager";
     homepage = "https://github.com/googleapis/python-access-context-manager";
+    changelog = "https://github.com/googleapis/python-access-context-manager/blob/v${version}/CHANGELOG.md";
     license = licenses.asl20;
     maintainers = with maintainers; [ austinbutler SuperSandro2000 ];
   };

pkgs/development/python-modules/hstspreload/default.nix

@@ -6,7 +6,7 @@
 
 buildPythonPackage rec {
   pname = "hstspreload";
-  version = "2022.11.1";
+  version = "2022.12.1";
   format = "setuptools";
 
   disabled = pythonOlder "3.6";
@@ -15,7 +15,7 @@ buildPythonPackage rec {
     owner = "sethmlarson";
     repo = pname;
     rev = version;
-    sha256 = "sha256-4GirKCe84sYV+28ODPipixV3cl7wIV/NOd+iM0Cec4I=";
+    sha256 = "sha256-W1WJWG5R7Sucdw6TzsGFs5mH6BoUfA8URTgWlnRXa14=";
   };
 
   # Tests require network connection

pkgs/development/python-modules/immutabledict/default.nix

@@ -8,7 +8,7 @@
 
 buildPythonPackage rec {
   pname = "immutabledict";
-  version = "2.2.2";
+  version = "2.2.3";
   format = "pyproject";
 
   disabled = pythonOlder "3.7";
@@ -17,7 +17,7 @@ buildPythonPackage rec {
     owner = "corenting";
     repo = "immutabledict";
     rev = "v${version}";
-    hash = "sha256-YqUxkpFl2G/LFLtFWqocXbFvgVhqqiquoWNIIO9c/6o=";
+    hash = "sha256-GeQ1BEBt+66YhohyaXt7rIVNpEk6mINwsC3JrmYNjRI=";
   };
 
   nativeBuildInputs = [
@@ -35,6 +35,7 @@ buildPythonPackage rec {
   meta = with lib; {
     description = "A fork of frozendict, an immutable wrapper around dictionaries";
     homepage = "https://github.com/corenting/immutabledict";
+    changelog = "https://github.com/corenting/immutabledict/blob/v${version}/CHANGELOG.md";
     license = licenses.mit;
     maintainers = with maintainers; [ hexa ];
   };

pkgs/development/python-modules/ldapdomaindump/default.nix

@@ -1,23 +1,41 @@
-{ lib, buildPythonPackage, fetchPypi, dnspython, future, ldap3 }:
+{ lib
+, buildPythonPackage
+, fetchPypi
+, dnspython
+, future
+, ldap3
+, pythonOlder
+}:
 
 buildPythonPackage rec {
   pname = "ldapdomaindump";
-  version = "0.9.3";
+  version = "0.9.4";
+  format = "setuptools";
+
+  disabled = pythonOlder "3.7";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "10cis8cllpa9qi5qil9k7521ag3921mxwg2wj9nyn0lk41rkjagc";
+    hash = "sha256-mdzaFwUKllSZZuU7yJ5x2mcAlNU9lUKzsNAZfQNeb1I=";
   };
 
-  propagatedBuildInputs = [ dnspython future ldap3 ];
+  propagatedBuildInputs = [
+    dnspython
+    future
+    ldap3
+  ];
 
   # requires ldap server
   doCheck = false;
-  pythonImportsCheck = [ "ldapdomaindump" ];
+
+  pythonImportsCheck = [
+    "ldapdomaindump"
+  ];
 
   meta = with lib; {
     description = "Active Directory information dumper via LDAP";
     homepage = "https://github.com/dirkjanm/ldapdomaindump/";
+    changelog = "https://github.com/dirkjanm/ldapdomaindump/releases/tag/v${version}";
     license = licenses.mit;
     maintainers = with maintainers; [ SuperSandro2000 ];
   };

pkgs/development/python-modules/mathlibtools/default.nix

@@ -15,14 +15,14 @@
 
 buildPythonPackage rec {
   pname = "mathlibtools";
-  version = "1.3.1";
+  version = "1.3.2";
   format = "setuptools";
 
   disabled = pythonOlder "3.6";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-HwtmrDGInCI5Hl+qhl+7hOBJ3Ux0g8IjoAVa4iAccl8=";
+    hash = "sha256-mkn0y3NV/acnkqVzi8xd+Sex4QLvxxmt++FtsZmgrGs=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/pg8000/default.nix

@@ -11,14 +11,14 @@
 
 buildPythonPackage rec {
   pname = "pg8000";
-  version = "1.29.3";
+  version = "1.29.4";
   format = "pyproject";
 
   disabled = pythonOlder "3.7";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-yMlU08htf79ZG8g7ANbs4on64XbIM1oYKnVwaZ2iv9w=";
+    hash = "sha256-dtKqF1ejC8ceAwfa4Yw3TjNqaRI+awRuIGqWYR+iozA=";
   };
 
   nativeBuildInputs = [
@@ -47,6 +47,7 @@ buildPythonPackage rec {
   meta = with lib; {
     description = "Python driver for PostgreSQL";
     homepage = "https://github.com/tlocke/pg8000";
+    changelog = "https://github.com/tlocke/pg8000#release-notes";
     license = with licenses; [ bsd3 ];
     maintainers = with maintainers; [ domenkozar ];
     platforms = platforms.unix;

pkgs/development/python-modules/plaid-python/default.nix

@@ -9,14 +9,14 @@
 
 buildPythonPackage rec {
   pname = "plaid-python";
-  version = "11.2.0";
+  version = "11.3.0";
   format = "setuptools";
 
   disabled = pythonOlder "3.6";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-hybWKNy1qicBcTiEc46iwJ/JhNVxqz9ZSSkR4Zm9m6I=";
+    hash = "sha256-zZGnKFLsT29IX8EK1Tv5I1Ser+9tREzkJcYY6+Fid6o=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/rpy2/default.nix

@@ -24,13 +24,13 @@
 }:
 
 buildPythonPackage rec {
-    version = "3.5.5";
+    version = "3.5.6";
     pname = "rpy2";
 
     disabled = isPyPy;
     src = fetchPypi {
       inherit version pname;
-      sha256 = "sha256-olLEDiHPTyOsbhO//cuCtZALScMEPtj9MdpcYftY0Dc=";
+      sha256 = "sha256-NATxAx0tj/ihACZWq445S4rBbdNMpDr2je7RAvOW53E=";
     };
 
     patches = [

pkgs/development/python-modules/types-pyyaml/default.nix

@@ -5,13 +5,13 @@
 
 buildPythonPackage rec {
   pname = "types-pyyaml";
-  version = "6.0.12.1";
+  version = "6.0.12.2";
   format = "setuptools";
 
   src = fetchPypi {
     pname = "types-PyYAML";
     inherit version;
-    sha256 = "sha256-cMyq/PP7QE1Xv/wVKf3YahPotPLPn8PugaZAjOCtWdI=";
+    sha256 = "sha256-aECBmHHJLe6+aiBn+4AMEbigY2MutOPnVZFOerNgToM=";
   };
 
   # Module doesn't have tests

pkgs/development/tools/appthreat-depscan/default.nix

@@ -5,13 +5,13 @@
 
 python3.pkgs.buildPythonApplication rec {
   pname = "appthreat-depscan";
-  version = "3.4.0";
+  version = "3.5.0";
 
   src = fetchFromGitHub {
     owner = "AppThreat";
     repo = "dep-scan";
     rev = "refs/tags/v${version}";
-    hash = "sha256-Gp0JXjtU8TZl/k6HHWvMvdggIgyn4zqLyyBqiPtlkA8=";
+    hash = "sha256-kwur74jaAjGch4Jruq6OX1lWqX8b3NZYvxxNsp+n/TI=";
   };
 
   propagatedBuildInputs = with python3.pkgs; [

pkgs/development/tools/norminette/default.nix

@@ -0,0 +1,31 @@
+{ lib
+, python3Packages
+, fetchFromGitHub
+}:
+
+python3Packages.buildPythonApplication rec {
+  pname = "norminette";
+  version = "3.3.51";
+
+  src = fetchFromGitHub {
+    owner = "42School";
+    repo = pname;
+    rev = version;
+    hash = "sha256-JpWziUKZPOD+AwiYeHR7e0B9l3XKNNp+XQkZEvynKGY=";
+  };
+
+  checkInputs = with python3Packages; [
+    pytestCheckHook
+  ];
+
+  preCheck = ''
+    export PYTHONPATH=norminette:$PYTHONPATH
+  '';
+
+  meta = with lib; {
+    description = "Open source norminette to apply 42's norme to C files";
+    homepage = "https://github.com/42School/norminette";
+    license = licenses.mit;
+    maintainers = with maintainers; [ wegank ];
+  };
+}

pkgs/development/tools/ruff/default.nix

@@ -7,16 +7,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "ruff";
-  version = "0.0.185";
+  version = "0.0.186";
 
   src = fetchFromGitHub {
     owner = "charliermarsh";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-L2NaBvSFy+x8mLxy7r0EQUKT4FE5JHaDkVjGiJ7HzTw=";
+    sha256 = "sha256-mCX/s4DsnGoQgeP1oZmR8motTdKz7Gj2FWrvBkgM7WA=";
   };
 
-  cargoSha256 = "sha256-/L9xgSG9ydGbjth6tBkqnuIAu7UqP+0IAX8izW1ZAkg=";
+  cargoSha256 = "sha256-lvttZWSdqff8eRXEe6/GPelE1ZJheozN2dEBURapY9w=";
 
   buildInputs = lib.optionals stdenv.isDarwin [
     darwin.apple_sdk.frameworks.CoreServices

pkgs/development/tools/rust/cargo-llvm-lines/default.nix

@@ -2,16 +2,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "cargo-llvm-lines";
-  version = "0.4.22";
+  version = "0.4.23";
 
   src = fetchFromGitHub {
     owner = "dtolnay";
     repo = pname;
     rev = version;
-    sha256 = "sha256-fQhYcY5b/KxDEbZws6IPq0EvVynWpQ8d1TJ2isTSwYQ=";
+    sha256 = "sha256-u3MvDiagCGD7WjagbVF+TtZ0ATe8WBT3xeyduxrXPi4=";
   };
 
-  cargoSha256 = "sha256-aU+B/QrpKVtY/u53zS0q7/iNM0Z6xRMH3BPNmHd8Yps=";
+  cargoSha256 = "sha256-9oBnETZqJV35FEw6NImy6cqfVOVE5EHPNVGajE2UT10=";
 
   meta = with lib; {
     description = "Count the number of lines of LLVM IR across all instantiations of a generic function";

pkgs/development/tools/yarn2nix-moretea/yarn2nix/.prettierignore

@@ -0,0 +1 @@
+node_modules

pkgs/development/tools/yarn2nix-moretea/yarn2nix/bin/yarn2nix.js

@@ -1,14 +1,14 @@
 #!/usr/bin/env node
 
-const fs = require('fs')
-const lockfile = require('@yarnpkg/lockfile')
-const { docopt } = require('docopt')
-const deepEqual = require('deep-equal')
-const R = require('ramda')
+const fs = require("fs");
+const lockfile = require("@yarnpkg/lockfile");
+const { docopt } = require("docopt");
+const deepEqual = require("deep-equal");
+const R = require("ramda");
 
-const fixPkgAddMissingSha1 = require('../lib/fixPkgAddMissingSha1')
-const mapObjIndexedReturnArray = require('../lib/mapObjIndexedReturnArray')
-const generateNix = require('../lib/generateNix')
+const fixPkgAddMissingSha1 = require("../lib/fixPkgAddMissingSha1");
+const mapObjIndexedReturnArray = require("../lib/mapObjIndexedReturnArray");
+const generateNix = require("../lib/generateNix");
 
 const USAGE = `
 Usage: yarn2nix [options]
@@ -19,11 +19,11 @@ Options:
   --no-patch          Don't patch the lockfile if hashes are missing
   --lockfile=FILE     Specify path to the lockfile [default: ./yarn.lock].
   --builtin-fetchgit  Use builtin fetchGit for git dependencies to support on-the-fly generation of yarn.nix without an internet connection
-`
+`;
 
-const options = docopt(USAGE)
+const options = docopt(USAGE);
 
-const data = fs.readFileSync(options['--lockfile'], 'utf8')
+const data = fs.readFileSync(options["--lockfile"], "utf8");
 
 // json example:
 
@@ -45,10 +45,10 @@ const data = fs.readFileSync(options['--lockfile'], 'utf8')
 //   }
 // }
 
-const json = lockfile.parse(data)
+const json = lockfile.parse(data);
 
-if (json.type !== 'success') {
-  throw new Error('yarn.lock parse error')
+if (json.type !== "success") {
+  throw new Error("yarn.lock parse error");
 }
 
 // Check for missing hashes in the yarn.lock and patch if necessary
@@ -56,35 +56,35 @@ if (json.type !== 'success') {
 let pkgs = R.pipe(
   mapObjIndexedReturnArray((value, key) => ({
     ...value,
-    nameWithVersion: key,
+    nameWithVersion: key
   })),
-  R.uniqBy(R.prop('resolved')),
-)(json.object)
+  R.uniqBy(R.prop("resolved"))
+)(json.object);
 
-;(async () => {
-  if (!options['--no-patch']) {
-    pkgs = await Promise.all(R.map(fixPkgAddMissingSha1, pkgs))
+(async () => {
+  if (!options["--no-patch"]) {
+    pkgs = await Promise.all(R.map(fixPkgAddMissingSha1, pkgs));
   }
 
-  const origJson = lockfile.parse(data)
+  const origJson = lockfile.parse(data);
 
   if (!deepEqual(origJson, json)) {
-    console.error('found changes in the lockfile', options['--lockfile'])
+    console.error("found changes in the lockfile", options["--lockfile"]);
 
-    if (options['--no-patch']) {
-      console.error('...aborting')
-      process.exit(1)
+    if (options["--no-patch"]) {
+      console.error("...aborting");
+      process.exit(1);
     }
 
-    fs.writeFileSync(options['--lockfile'], lockfile.stringify(json.object))
+    fs.writeFileSync(options["--lockfile"], lockfile.stringify(json.object));
   }
 
-  if (!options['--no-nix']) {
+  if (!options["--no-nix"]) {
     // print to stdout
-    console.log(generateNix(pkgs, options['--builtin-fetchgit']))
+    console.log(generateNix(pkgs, options["--builtin-fetchgit"]));
   }
 })().catch(error => {
-  console.error(error)
+  console.error(error);
 
-  process.exit(1)
-})
+  process.exit(1);
+});

pkgs/development/tools/yarn2nix-moretea/yarn2nix/internal/fixup_bin.js

@@ -4,50 +4,50 @@
  * node fixup_bin.js <bin_dir> <modules_dir> [<bin_pkg_1>, <bin_pkg_2> ... ]
  */
 
-const fs = require('fs')
-const path = require('path')
+const fs = require("fs");
+const path = require("path");
 
-const derivationBinPath = process.argv[2]
-const nodeModules = process.argv[3]
-const packagesToPublishBin = process.argv.slice(4)
+const derivationBinPath = process.argv[2];
+const nodeModules = process.argv[3];
+const packagesToPublishBin = process.argv.slice(4);
 
 function processPackage(name) {
-  console.log('fixup_bin: Processing ', name)
+  console.log("fixup_bin: Processing ", name);
 
-  const packagePath = `${nodeModules}/${name}`
-  const packageJsonPath = `${packagePath}/package.json`
-  const packageJson = JSON.parse(fs.readFileSync(packageJsonPath))
+  const packagePath = `${nodeModules}/${name}`;
+  const packageJsonPath = `${packagePath}/package.json`;
+  const packageJson = JSON.parse(fs.readFileSync(packageJsonPath));
 
   if (!packageJson.bin) {
-    console.log('fixup_bin: No binaries provided')
-    return
+    console.log("fixup_bin: No binaries provided");
+    return;
   }
 
   // There are two alternative syntaxes for `bin`
   // a) just a plain string, in which case the name of the package is the name of the binary.
   // b) an object, where key is the name of the eventual binary, and the value the path to that binary.
-  if (typeof packageJson.bin === 'string') {
-    const binName = packageJson.bin
-    packageJson.bin = {}
-    packageJson.bin[packageJson.name] = binName
+  if (typeof packageJson.bin === "string") {
+    const binName = packageJson.bin;
+    packageJson.bin = {};
+    packageJson.bin[packageJson.name] = binName;
   }
 
   // eslint-disable-next-line no-restricted-syntax, guard-for-in
   for (const binName in packageJson.bin) {
-    const binPath = packageJson.bin[binName]
-    const normalizedBinName = binName.replace('@', '').replace('/', '-')
+    const binPath = packageJson.bin[binName];
+    const normalizedBinName = binName.replace("@", "").replace("/", "-");
 
-    const targetPath = path.normalize(`${packagePath}/${binPath}`)
-    const createdPath = `${derivationBinPath}/${normalizedBinName}`
+    const targetPath = path.normalize(`${packagePath}/${binPath}`);
+    const createdPath = `${derivationBinPath}/${normalizedBinName}`;
 
     console.log(
-      `fixup_bin: creating link ${createdPath} that points to ${targetPath}`,
-    )
+      `fixup_bin: creating link ${createdPath} that points to ${targetPath}`
+    );
 
-    fs.symlinkSync(targetPath, createdPath)
+    fs.symlinkSync(targetPath, createdPath);
   }
 }
 
 packagesToPublishBin.forEach(pkg => {
-  processPackage(pkg)
-})
+  processPackage(pkg);
+});

pkgs/development/tools/yarn2nix-moretea/yarn2nix/internal/fixup_yarn_lock.js

@@ -4,46 +4,46 @@
  * node fixup_yarn_lock.js yarn.lock
  */
 
-const fs = require('fs')
-const readline = require('readline')
+const fs = require("fs");
+const readline = require("readline");
 
-const urlToName = require('../lib/urlToName')
+const urlToName = require("../lib/urlToName");
 
-const yarnLockPath = process.argv[2]
+const yarnLockPath = process.argv[2];
 
 const readFile = readline.createInterface({
-  input: fs.createReadStream(yarnLockPath, { encoding: 'utf8' }),
+  input: fs.createReadStream(yarnLockPath, { encoding: "utf8" }),
 
   // Note: we use the crlfDelay option to recognize all instances of CR LF
   // ('\r\n') in input.txt as a single line break.
   crlfDelay: Infinity,
 
-  terminal: false, // input and output should be treated like a TTY
-})
+  terminal: false // input and output should be treated like a TTY
+});
 
-const result = []
+const result = [];
 
 readFile
-  .on('line', line => {
-    const arr = line.match(/^ {2}resolved "([^#]+)(#[^"]+)?"$/)
+  .on("line", line => {
+    const arr = line.match(/^ {2}resolved "([^#]+)(#[^"]+)?"$/);
 
     if (arr !== null) {
-      const [_, url, shaOrRev] = arr
+      const [_, url, shaOrRev] = arr;
 
-      const fileName = urlToName(url)
+      const fileName = urlToName(url);
 
-      result.push(`  resolved "${fileName}${shaOrRev ?? ''}"`)
+      result.push(`  resolved "${fileName}${shaOrRev ?? ""}"`);
     } else {
-      result.push(line)
+      result.push(line);
     }
   })
-  .on('close', () => {
-    fs.writeFile(yarnLockPath, result.join('\n'), 'utf8', err => {
+  .on("close", () => {
+    fs.writeFile(yarnLockPath, result.join("\n"), "utf8", err => {
       if (err) {
         console.error(
-          'fixup_yarn_lock: fatal error when trying to write to yarn.lock',
-          err,
-        )
+          "fixup_yarn_lock: fatal error when trying to write to yarn.lock",
+          err
+        );
       }
-    })
-  })
+    });
+  });

pkgs/development/tools/yarn2nix-moretea/yarn2nix/lib/fixPkgAddMissingSha1.js

@@ -1,5 +1,5 @@
-const https = require('https')
-const crypto = require('crypto')
+const https = require("https");
+const crypto = require("crypto");
 
 // TODO:
 // make test case where getSha1 function is used, i.e. the case when resolved is without sha1?
@@ -8,29 +8,29 @@ const crypto = require('crypto')
 function getSha1(url) {
   return new Promise((resolve, reject) => {
     https.get(url, res => {
-      const { statusCode } = res
-      const hash = crypto.createHash('sha1')
+      const { statusCode } = res;
+      const hash = crypto.createHash("sha1");
 
       if (statusCode !== 200) {
-        const err = new Error(`Request Failed.\nStatus Code: ${statusCode}`)
+        const err = new Error(`Request Failed.\nStatus Code: ${statusCode}`);
 
         // consume response data to free up memory
-        res.resume()
+        res.resume();
 
-        reject(err)
+        reject(err);
       }
 
-      res.on('data', chunk => {
-        hash.update(chunk)
-      })
+      res.on("data", chunk => {
+        hash.update(chunk);
+      });
 
-      res.on('end', () => {
-        resolve(hash.digest('hex'))
-      })
+      res.on("end", () => {
+        resolve(hash.digest("hex"));
+      });
 
-      res.on('error', reject)
-    })
-  })
+      res.on("error", reject);
+    });
+  });
 }
 
 // Object -> Object
@@ -39,28 +39,26 @@ async function fixPkgAddMissingSha1(pkg) {
 
   if (!pkg.resolved) {
     console.error(
-      `yarn2nix: can't find "resolved" field for package ${
-        pkg.nameWithVersion
-      }, you probably required it using "file:...", this feature is not supported, ignoring`,
-    )
-    return pkg
+      `yarn2nix: can't find "resolved" field for package ${pkg.nameWithVersion}, you probably required it using "file:...", this feature is not supported, ignoring`
+    );
+    return pkg;
   }
 
-  const [url, sha1] = pkg.resolved.split('#', 2)
+  const [url, sha1] = pkg.resolved.split("#", 2);
 
-  if (sha1 || url.startsWith('https://codeload.github.com')) {
-    return pkg
+  if (sha1 || url.startsWith("https://codeload.github.com")) {
+    return pkg;
   }
 
   // if there is no sha1 in resolved url
   // (this could happen if yarn.lock was generated by older version of yarn)
   // - request it from registry by https and add it to pkg
-  const newSha1 = await getSha1(url)
+  const newSha1 = await getSha1(url);
 
   return {
     ...pkg,
-    resolved: `${url}#${newSha1}`,
-  }
+    resolved: `${url}#${newSha1}`
+  };
 }
 
-module.exports = fixPkgAddMissingSha1
+module.exports = fixPkgAddMissingSha1;

pkgs/development/tools/yarn2nix-moretea/yarn2nix/lib/generateNix.js

@@ -1,7 +1,8 @@
-const R = require('ramda')
+const R = require("ramda");
+const ssri = require("ssri");
 
-const urlToName = require('./urlToName')
-const { execFileSync } = require('child_process')
+const urlToName = require("./urlToName");
+const { execFileSync } = require("child_process");
 
 // fetchgit transforms
 //
@@ -33,77 +34,115 @@ const { execFileSync } = require('child_process')
 
 function prefetchgit(url, rev) {
   return JSON.parse(
-    execFileSync("nix-prefetch-git", ["--rev", rev, url, "--fetch-submodules"], {
-      stdio: [ "ignore", "pipe", "ignore" ],
-      timeout: 60000,
-    })
-  ).sha256
+    execFileSync(
+      "nix-prefetch-git",
+      ["--rev", rev, url, "--fetch-submodules"],
+      {
+        stdio: ["ignore", "pipe", "ignore"],
+        timeout: 60000
+      }
+    )
+  ).sha256;
 }
 
 function fetchgit(fileName, url, rev, branch, builtinFetchGit) {
+  const repo = builtinFetchGit
+    ? `builtins.fetchGit ({
+         url = "${url}";
+         ref = "${branch}";
+         rev = "${rev}";
+       } // (if builtins.compareVersions "2.4pre" builtins.nixVersion < 0 then {
+         # workaround for https://github.com/NixOS/nix/issues/5128
+         allRefs = true;
+       } else {}))`
+    : `fetchgit {
+         url = "${url}";
+         rev = "${rev}";
+         sha256 = "${prefetchgit(url, rev)}";
+       }`;
+
   return `    {
     name = "${fileName}";
     path =
-      let${builtinFetchGit ? `
-        repo = builtins.fetchGit ({
-          url = "${url}";
-          ref = "${branch}";
-          rev = "${rev}";
-        } // (if builtins.compareVersions "2.4pre" builtins.nixVersion < 0 then {
-          # workaround for https://github.com/NixOS/nix/issues/5128
-          allRefs = true;
-        } else {}));
-      ` : `
-        repo = fetchgit {
-          url = "${url}";
-          rev = "${rev}";
-          sha256 = "${prefetchgit(url, rev)}";
-        };
-      `}in
-        runCommand "${fileName}" { buildInputs = [gnutar]; } ''
-          # Set u+w because tar-fs can't unpack archives with read-only dirs
-          # https://github.com/mafintosh/tar-fs/issues/79
-          tar cf $out --mode u+w -C \${repo} .
-        '';
-  }`
+      let repo = ${repo};
+      in runCommand "${fileName}" { buildInputs = [gnutar]; } ''
+        # Set u+w because tar-fs can't unpack archives with read-only dirs
+        # https://github.com/mafintosh/tar-fs/issues/79
+        tar cf $out --mode u+w -C \${repo} .
+      '';
+  }`;
+}
+
+/**
+ * Parse an integrity hash out of an SSRI string.
+ *
+ * Provides a default and uses the "best" supported algorithm if there are multiple.
+ */
+function parseIntegrity(maybeIntegrity, fallbackHash) {
+  if (!maybeIntegrity && fallbackHash) {
+    return { algo: "sha1", hash: fallbackHash };
+  }
+
+  const integrities = ssri.parse(maybeIntegrity);
+  for (const key in integrities) {
+    if (!/^sha(1|256|512)$/.test(key)) {
+      delete integrities[key];
+    }
+  }
+
+  algo = integrities.pickAlgorithm();
+  hash = integrities[algo][0].digest;
+  return { algo, hash };
 }
 
 function fetchLockedDep(builtinFetchGit) {
-  return function (pkg) {
-    const { integrity, nameWithVersion, resolved } = pkg
+  return function(pkg) {
+    const { integrity, nameWithVersion, resolved } = pkg;
 
     if (!resolved) {
       console.error(
-        `yarn2nix: can't find "resolved" field for package ${nameWithVersion}, you probably required it using "file:...", this feature is not supported, ignoring`,
-      )
-      return ''
+        `yarn2nix: can't find "resolved" field for package ${nameWithVersion}, you probably required it using "file:...", this feature is not supported, ignoring`
+      );
+      return "";
     }
 
-    const [url, sha1OrRev] = resolved.split('#')
+    const [url, sha1OrRev] = resolved.split("#");
 
-    const fileName = urlToName(url)
+    const fileName = urlToName(url);
 
-    if (resolved.startsWith('https://codeload.github.com/')) {
-      const s = resolved.split('/')
-      const githubUrl = `https://github.com/${s[3]}/${s[4]}.git`
-      const githubRev = s[6]
+    if (resolved.startsWith("https://codeload.github.com/")) {
+      const s = resolved.split("/");
+      const githubUrl = `https://github.com/${s[3]}/${s[4]}.git`;
+      const githubRev = s[6];
 
-      const [_, branch] = nameWithVersion.split('#')
+      const [_, branch] = nameWithVersion.split("#");
 
-      return fetchgit(fileName, githubUrl, githubRev, branch || 'master', builtinFetchGit)
+      return fetchgit(
+        fileName,
+        githubUrl,
+        githubRev,
+        branch || "master",
+        builtinFetchGit
+      );
     }
 
-    if (url.startsWith('git+') || url.startsWith("git:")) {
-      const rev = sha1OrRev
+    if (url.startsWith("git+") || url.startsWith("git:")) {
+      const rev = sha1OrRev;
 
-      const [_, branch] = nameWithVersion.split('#')
+      const [_, branch] = nameWithVersion.split("#");
 
-      const urlForGit = url.replace(/^git\+/, '')
+      const urlForGit = url.replace(/^git\+/, "");
 
-      return fetchgit(fileName, urlForGit, rev, branch || 'master', builtinFetchGit)
+      return fetchgit(
+        fileName,
+        urlForGit,
+        rev,
+        branch || "master",
+        builtinFetchGit
+      );
     }
 
-    const [algo, hash] = integrity ? integrity.split('-') : ['sha1', sha1OrRev]
+    const { algo, hash } = parseIntegrity(integrity, sha1OrRev);
 
     return `    {
       name = "${fileName}";
@@ -112,26 +151,29 @@ function fetchLockedDep(builtinFetchGit) {
         url  = "${url}";
         ${algo} = "${hash}";
       };
-    }`
-  }
+    }`;
+  };
 }
 
 const HEAD = `
 { fetchurl, fetchgit, linkFarm, runCommand, gnutar }: rec {
   offline_cache = linkFarm "offline" packages;
   packages = [
-`.trim()
+`.trim();
 
 // Object -> String
 function generateNix(pkgs, builtinFetchGit) {
-  const nameWithVersionAndPackageNix = R.map(fetchLockedDep(builtinFetchGit), pkgs)
+  const nameWithVersionAndPackageNix = R.map(
+    fetchLockedDep(builtinFetchGit),
+    pkgs
+  );
 
   const packagesDefinition = R.join(
-    '\n',
-    R.values(nameWithVersionAndPackageNix),
-  )
+    "\n",
+    R.values(nameWithVersionAndPackageNix)
+  );
 
-  return R.join('\n', [HEAD, packagesDefinition, '  ];', '}'])
+  return R.join("\n", [HEAD, packagesDefinition, "  ];", "}"]);
 }
 
-module.exports = generateNix
+module.exports = generateNix;

pkgs/development/tools/yarn2nix-moretea/yarn2nix/lib/mapObjIndexedReturnArray.js

@@ -1,6 +1,6 @@
-const _curry2 = require('ramda/src/internal/_curry2')
-const _map = require('ramda/src/internal/_map')
-const keys = require('ramda/src/keys')
+const _curry2 = require("ramda/src/internal/_curry2");
+const _map = require("ramda/src/internal/_map");
+const keys = require("ramda/src/keys");
 
 // mapObjIndexed: ((v, k, {k: v}) → v') → {k: v} → {k: v'}
 // mapObjIndexedReturnArray: ((v, k, {k: v}) → v') → {k: v} → [v']
@@ -15,7 +15,7 @@ const keys = require('ramda/src/keys')
  */
 
 const mapObjIndexedReturnArray = _curry2((fn, obj) =>
-  _map(key => fn(obj[key], key, obj), keys(obj)),
-)
+  _map(key => fn(obj[key], key, obj), keys(obj))
+);
 
-module.exports = mapObjIndexedReturnArray
+module.exports = mapObjIndexedReturnArray;

pkgs/development/tools/yarn2nix-moretea/yarn2nix/lib/urlToName.js

@@ -1,4 +1,4 @@
-const path = require('path')
+const path = require("path");
 
 // String -> String
 
@@ -10,20 +10,19 @@ const path = require('path')
 // - https://codeload.github.com/Gargron/emoji-mart/tar.gz/934f314fd8322276765066e8a2a6be5bac61b1cf
 
 function urlToName(url) {
-
   // Yarn generates `codeload.github.com` tarball URLs, where the final
   // path component (file name) is the git hash. See #111.
   // See also https://github.com/yarnpkg/yarn/blob/989a7406/src/resolvers/exotics/github-resolver.js#L24-L26
   let isCodeloadGitTarballUrl =
-    url.startsWith('https://codeload.github.com/') && url.includes('/tar.gz/')
+    url.startsWith("https://codeload.github.com/") && url.includes("/tar.gz/");
 
-  if (url.startsWith('git+') || isCodeloadGitTarballUrl) {
-    return path.basename(url)
+  if (url.startsWith("git+") || isCodeloadGitTarballUrl) {
+    return path.basename(url);
   }
 
   return url
-    .replace(/https:\/\/(.)*(.com)\//g, '') // prevents having long directory names
-    .replace(/[@/%:-]/g, '_') // replace @ and : and - and % characters with underscore
+    .replace(/https:\/\/(.)*(.com)\//g, "") // prevents having long directory names
+    .replace(/[@/%:-]/g, "_"); // replace @ and : and - and % characters with underscore
 }
 
-module.exports = urlToName
+module.exports = urlToName;

pkgs/development/tools/yarn2nix-moretea/yarn2nix/package.json

@@ -14,14 +14,15 @@
   "bin": {
     "yarn2nix": "bin/yarn2nix.js"
   },
-  "engines" : {
-    "node" : ">=8.0.0"
+  "engines": {
+    "node": ">=8.0.0"
   },
   "dependencies": {
     "@yarnpkg/lockfile": "^1.1.0",
     "deep-equal": "^1.0.1",
     "docopt": "^0.6.2",
-    "ramda": "^0.26.1"
+    "ramda": "^0.26.1",
+    "ssri": "^10.0.0"
   },
   "devDependencies": {
     "babel-eslint": "^10.0.1",

pkgs/development/tools/yarn2nix-moretea/yarn2nix/yarn.lock

@@ -2228,6 +2228,13 @@ minimist@^1.2.0, minimist@^1.2.5:
   resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602"
   integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==
 
+minipass@^3.1.1:
+  version "3.3.4"
+  resolved "https://registry.yarnpkg.com/minipass/-/minipass-3.3.4.tgz#ca99f95dd77c43c7a76bf51e6d200025eee0ffae"
+  integrity sha512-I9WPbWHCGu8W+6k1ZiGpPu0GkoKBeorkfKNuAFBNS1HNFJvke82sxvI5bzcCNpWPorkOO5QQ+zomzzwRxejXiw==
+  dependencies:
+    yallist "^4.0.0"
+
 mixin-deep@^1.2.0:
   version "1.3.2"
   resolved "https://registry.yarnpkg.com/mixin-deep/-/mixin-deep-1.3.2.tgz#1120b43dc359a785dce65b55b82e257ccf479566"
@@ -3136,6 +3143,13 @@ sprintf-js@~1.0.2:
   resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c"
   integrity sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=
 
+ssri@^10.0.0:
+  version "10.0.0"
+  resolved "https://registry.yarnpkg.com/ssri/-/ssri-10.0.0.tgz#1e34554cbbc4728f5290674264e21b64aaf27ca7"
+  integrity sha512-64ghGOpqW0k+jh7m5jndBGdVEoPikWwGQmBNN5ks6jyUSMymzHDTlnNHOvzp+6MmHOljr2MokUzvRksnTwG0Iw==
+  dependencies:
+    minipass "^3.1.1"
+
 staged-git-files@1.1.2:
   version "1.1.2"
   resolved "https://registry.yarnpkg.com/staged-git-files/-/staged-git-files-1.1.2.tgz#4326d33886dc9ecfa29a6193bf511ba90a46454b"
@@ -3545,6 +3559,11 @@ yallist@^2.1.2:
   resolved "https://registry.yarnpkg.com/yallist/-/yallist-2.1.2.tgz#1c11f9218f076089a47dd512f93c6699a6a81d52"
   integrity sha1-HBH5IY8HYImkfdUS+TxmmaaoHVI=
 
+yallist@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/yallist/-/yallist-4.0.0.tgz#9bb92790d9c0effec63be73519e11a35019a3a72"
+  integrity sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==
+
 yargs-parser@^8.0.0:
   version "8.1.0"
   resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-8.1.0.tgz#f1376a33b6629a5d063782944da732631e966950"

pkgs/misc/uboot/default.nix

@@ -211,6 +211,47 @@ in {
     '';
   };
 
+  # Flashing instructions:
+  # dd if=u-boot.gxl.sd.bin of=<sdcard> conv=fsync,notrunc bs=512 skip=1 seek=1
+  # dd if=u-boot.gxl.sd.bin of=<sdcard> conv=fsync,notrunc bs=1 count=444
+  ubootLibreTechCC = let
+    firmwareImagePkg = fetchFromGitHub {
+      owner = "LibreELEC";
+      repo = "amlogic-boot-fip";
+      rev = "4369a138ca24c5ab932b8cbd1af4504570b709df";
+      sha256 = "sha256-mGRUwdh3nW4gBwWIYHJGjzkezHxABwcwk/1gVRis7Tc=";
+      meta.license = lib.licenses.unfreeRedistributableFirmware;
+    };
+  in
+  assert stdenv.buildPlatform.system == "x86_64-linux"; # aml_encrypt_gxl is a x86_64 binary
+  buildUBoot {
+    defconfig = "libretech-cc_defconfig";
+    extraMeta.platforms = ["aarch64-linux"];
+    filesToInstall = ["u-boot.bin"];
+    postBuild = ''
+      # Copy binary files & tools from LibreELEC/amlogic-boot-fip, and u-boot build to working dir
+      mkdir $out tmp
+      cp ${firmwareImagePkg}/lepotato/{acs.bin,bl2.bin,bl21.bin,bl30.bin,bl301.bin,bl31.img} \
+         ${firmwareImagePkg}/lepotato/{acs_tool.py,aml_encrypt_gxl,blx_fix.sh} \
+         u-boot.bin tmp/
+      cd tmp
+      python3 acs_tool.py bl2.bin bl2_acs.bin acs.bin 0
+
+      bash -e blx_fix.sh bl2_acs.bin zero bl2_zero.bin bl21.bin bl21_zero.bin bl2_new.bin bl2
+      [ -f zero ] && rm zero
+
+      bash -e blx_fix.sh bl30.bin zero bl30_zero.bin bl301.bin bl301_zero.bin bl30_new.bin bl30
+      [ -f zero ] && rm zero
+
+      ./aml_encrypt_gxl --bl2sig --input bl2_new.bin --output bl2.n.bin.sig
+      ./aml_encrypt_gxl --bl3enc --input bl30_new.bin --output bl30_new.bin.enc
+      ./aml_encrypt_gxl --bl3enc --input bl31.img --output bl31.img.enc
+      ./aml_encrypt_gxl --bl3enc --input u-boot.bin --output bl33.bin.enc
+      ./aml_encrypt_gxl --bootmk --output $out/u-boot.gxl \
+        --bl2 bl2.n.bin.sig --bl30 bl30_new.bin.enc --bl31 bl31.img.enc --bl33 bl33.bin.enc
+    '';
+  };
+
   ubootNanoPCT4 = buildUBoot rec {
     rkbin = fetchFromGitHub {
       owner = "armbian";

pkgs/os-specific/linux/firmware/sof-firmware/default.nix

@@ -1,38 +1,34 @@
 { lib
+, fetchurl
 , stdenvNoCC
-, fetchFromGitHub
 }:
 
 stdenvNoCC.mkDerivation rec {
   pname = "sof-firmware";
-  version = "2.2.2";
+  version = "2.2.3";
 
-  src = fetchFromGitHub {
-    owner = "thesofproject";
-    repo = "sof-bin";
-    rev = "v${version}";
-    sha256 = "sha256-ztewE/8Mc0bbKbxmbJ2sBn3TysuM9hoaSgqrboy77oI=";
+  src = fetchurl {
+    url = "https://github.com/thesofproject/sof-bin/releases/download/v${version}/sof-bin-v${version}.tar.gz";
+    sha256 = "sha256-WR/9ZvHisycDjJHt88hQK0FywdyFDP5EBQ6t+OT620I=";
   };
 
   dontFixup = true; # binaries must not be stripped or patchelfed
 
-  # There is no proper structure in the upstream repo.
-  # This needs to be adapted by hand for every new release.
   installPhase = ''
     runHook preInstall
-    cd "v2.2.x"
-    mkdir -p $out/lib/firmware/intel/sof{,-tplg}
-    cp -a sof-v2.2/* $out/lib/firmware/intel/sof
-    cp -a sof-v2.2.2/* $out/lib/firmware/intel/sof
-    cp -a sof-tplg-v2.2.1/* $out/lib/firmware/intel/sof-tplg
+    mkdir -p $out/lib/firmware/intel
+    cp -av sof-v${version} $out/lib/firmware/intel/sof
+    cp -av sof-tplg-v${version} $out/lib/firmware/intel/sof-tplg
     runHook postInstall
   '';
 
   meta = with lib; {
+    changelog = "https://github.com/thesofproject/sof-bin/releases/tag/v${version}";
     description = "Sound Open Firmware";
     homepage = "https://www.sofproject.org/";
     license = with licenses; [ bsd3 isc ];
     maintainers = with maintainers; [ lblasc evenbrenden hmenke ];
     platforms = with platforms; linux;
+    sourceProvenance = with sourceTypes; [ binaryNativeCode ];
   };
 }

pkgs/servers/code-server/build-vscode-nogit.patch

@@ -0,0 +1,26 @@
+--- ./ci/build/build-vscode.sh
++++ ./ci/build/build-vscode.sh
+@@ -45,14 +45,12 @@
+   # Set the commit Code will embed into the product.json.  We need to do this
+   # since Code tries to get the commit from the `.git` directory which will fail
+   # as it is a submodule.
+-  export VSCODE_DISTRO_COMMIT
+-  VSCODE_DISTRO_COMMIT=$(git rev-parse HEAD)
++  export VSCODE_DISTRO_COMMIT=none
+ 
+   # Add the date, our name, links, and enable telemetry (this just makes
+   # telemetry available; telemetry can still be disabled by flag or setting).
+   # This needs to be done before building as Code will read this file and embed
+   # it into the client-side code.
+-  git checkout product.json             # Reset in case the script exited early.
+   cp product.json product.original.json # Since jq has no inline edit.
+   jq --slurp '.[0] * .[1]' product.original.json <(
+     cat << EOF
+@@ -99,7 +97,6 @@
+   # Reset so if you develop after building you will not be stuck with the wrong
+   # commit (the dev client will use `oss-dev` but the dev server will still use
+   # product.json which will have `stable-$commit`).
+-  git checkout product.json
+ 
+   popd
+ 

pkgs/servers/code-server/default.nix

@@ -1,15 +1,15 @@
 { lib, stdenv, fetchFromGitHub, buildGoModule, makeWrapper, runCommand
 , cacert, moreutils, jq, git, rsync, pkg-config, yarn, python3
-, esbuild, nodejs-14_x, node-gyp, libsecret, xorg, ripgrep
-, AppKit, Cocoa, CoreServices, Security, cctools, xcbuild }:
+, esbuild, nodejs-16_x, node-gyp, libsecret, xorg, ripgrep
+, AppKit, Cocoa, CoreServices, Security, cctools, xcbuild, quilt }:
 
 let
   system = stdenv.hostPlatform.system;
 
-  nodejs = nodejs-14_x;
+  nodejs = nodejs-16_x;
   python = python3;
   yarn' = yarn.override { inherit nodejs; };
-  defaultYarnOpts = [ "frozen-lockfile" "non-interactive" "no-progress"];
+  defaultYarnOpts = [ ];
 
   # replaces esbuild's download script with a binary from nixpkgs
   patchEsbuild = path : version : ''
@@ -21,28 +21,28 @@ let
 
 in stdenv.mkDerivation rec {
   pname = "code-server";
-  version = "4.0.1";
-  commit = "7fe23daf009e5234eaa54a1ea5ff26df384c47ac";
+  version = "4.8.3";
 
   src = fetchFromGitHub {
-    owner = "cdr";
+    owner = "coder";
     repo = "code-server";
     rev = "v${version}";
-    sha256 = "1s3dcmzlkyh7qfs3ai1p7dlp45iys0ax1fbxxz17p395pw9anrrl";
+    fetchSubmodules = true;
+    sha256 = "1h5ng60wf3gpsydfkv20x30xsw1f5zcvv77l1mzrqz1mhcw93lvz";
   };
 
   cloudAgent = buildGoModule rec {
     pname = "cloud-agent";
-    version = "0.2.3";
+    version = "0.2.6";
 
     src = fetchFromGitHub {
-      owner = "cdr";
+      owner = "coder";
       repo = "cloud-agent";
       rev = "v${version}";
-      sha256 = "14i1qq273f0yn5v52ryiqwj7izkd1yd212di4gh4bqypmmzhw3jj";
+      sha256 = "1s3jpgvzizc9skc27c3x35sya2p4ywhvdi3l73927z3j47wszy7f";
     };
 
-    vendorSha256 = "0k9v10wkzx53r5syf6bmm81gr4s5dalyaa07y9zvx6vv5r2h0661";
+    vendorSha256 = "14xzlbmki8fk8mbcci62q8sklyd0nyga07ww1ap0vdrv7d1g31hn";
 
     postPatch = ''
       # the cloud-agent release tag has an empty version string, so add it back in
@@ -66,16 +66,20 @@ in stdenv.mkDerivation rec {
         xargs -I {} yarn --cwd {} \
           --frozen-lockfile --ignore-scripts --ignore-platform \
           --ignore-engines --no-progress --non-interactive
+
+      find ./lib/vscode -name "yarn.lock" -printf "%h\n" | \
+        xargs -I {} yarn --cwd {} \
+          --ignore-scripts --ignore-engines
     '';
     outputHashMode = "recursive";
     outputHashAlgo = "sha256";
 
     # to get hash values use nix-build -A code-server.prefetchYarnCache
-    outputHash = "0qmfsirld1qfl2s26rxbpmvxsyj2pvzkgk8w89zlrgbhgc5fj8p9";
+    outputHash = "0jzzbmmgv1nfq975mi9ii9l6c4f1wy10fyy117xgm4s6vxana7qn";
   };
 
   nativeBuildInputs = [
-    nodejs yarn' python pkg-config makeWrapper git rsync jq moreutils
+    nodejs yarn' python pkg-config makeWrapper git rsync jq moreutils quilt
   ];
   buildInputs = lib.optionals (!stdenv.isDarwin) [ libsecret ]
     ++ (with xorg; [ libX11 libxkbfile ])
@@ -86,6 +90,8 @@ in stdenv.mkDerivation rec {
   patches = [
     # remove download of coder-cloud agent
     ./remove-cloud-agent-download.patch
+    # remove git calls from vscode build script
+    ./build-vscode-nogit.patch
   ];
 
   postPatch = ''
@@ -133,79 +139,68 @@ in stdenv.mkDerivation rec {
     # install code-server dependencies
     yarn --offline --ignore-scripts
 
+    # apply patches
+    quilt push -a
+
     # patch shebangs of everything to allow binary packages to build
     patchShebangs .
 
-    # Skip shellcheck download
-    jq "del(.scripts.preinstall)" node_modules/shellcheck/package.json | sponge node_modules/shellcheck/package.json
+    export PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1
+    export SKIP_SUBMODULE_DEPS=1
+    export NODE_OPTIONS=--openssl-legacy-provider
 
     # rebuild binary packages now that scripts have been patched
-    npm rebuild
+    echo "----- NPM rebuild"
+    npm rebuild --prefer-offline
 
     # Replicate ci/dev/postinstall.sh
     echo "----- Replicate ci/dev/postinstall.sh"
     yarn --cwd "./vendor" install --modules-folder modules --offline --ignore-scripts --frozen-lockfile
 
-    # Replicate vendor/postinstall.sh
-    echo " ----- Replicate vendor/postinstall.sh"
-    yarn --cwd "./vendor/modules/code-oss-dev" --offline --frozen-lockfile --ignore-scripts install
-
     # remove all built-in extensions, as these are 3rd party extensions that
     # get downloaded from vscode marketplace
-    jq --slurp '.[0] * .[1]' "vendor/modules/code-oss-dev/product.json" <(
+    jq --slurp '.[0] * .[1]' "./lib/vscode/product.json" <(
       cat << EOF
     {
       "builtInExtensions": []
     }
     EOF
-    ) | sponge vendor/modules/code-oss-dev/product.json
+    ) | sponge ./lib/vscode/product.json
 
     # disable automatic updates
     sed -i '/update.mode/,/\}/{s/default:.*/default: "none",/g}' \
-      vendor/modules/code-oss-dev/src/vs/platform/update/common/update.config.contribution.ts
-
-    # put ripgrep binary into bin, so postinstall does not try to download it
-    find -name vscode-ripgrep -type d \
-      -execdir mkdir -p {}/bin \; \
-      -execdir ln -s ${ripgrep}/bin/rg {}/bin/rg \;
-
-    # Playwright is only needed for tests, we can disable it for builds.
-    # There's an environment variable to disable downloads, but the package makes a breaking call to
-    # sw_vers before that variable is checked.
-    patch -p1 -i ${./playwright.patch}
+      lib/vscode/src/vs/platform/update/common/update.config.contribution.ts
 
     # Patch out remote download of nodejs from build script
     patch -p1 -i ${./remove-node-download.patch}
 
-    # Replicate install vscode dependencies without running script for all vscode packages
-    # that require patching for postinstall scripts to succeed
-    find ./vendor/modules/code-oss-dev -path "*node_modules" -prune -o \
-      -path "./*/*/*/*/*" -name "yarn.lock" -printf "%h\n" | \
+    # Fetch packages for vscode
+    find ./lib/vscode -name "yarn.lock" -printf "%h\n" | \
         xargs -I {} yarn --cwd {} \
-          --frozen-lockfile --offline --ignore-scripts --ignore-engines
-
+          --frozen-lockfile --ignore-scripts --ignore-engines
 
     # patch shebangs of everything to allow binary packages to build
     patchShebangs .
 
-    ${patchEsbuild "./vendor/modules/code-oss-dev/build" "0.12.6"}
-    ${patchEsbuild "./vendor/modules/code-oss-dev/extensions" "0.11.23"}
-  '' + lib.optionalString stdenv.isDarwin ''
+    ${patchEsbuild "./lib/vscode/build" "0.12.6"}
+    ${patchEsbuild "./lib/vscode/extensions" "0.11.23"}
+    '' + lib.optionalString stdenv.isDarwin ''
     # use prebuilt binary for @parcel/watcher, which requires macOS SDK 10.13+
     # (see issue #101229)
-    pushd ./vendor/modules/code-oss-dev/remote/node_modules/@parcel/watcher
+    pushd ./lib/vscode/remote/node_modules/@parcel/watcher
     mkdir -p ./build/Release
     mv ./prebuilds/darwin-x64/node.napi.glibc.node ./build/Release/watcher.node
     jq "del(.scripts) | .gypfile = false" ./package.json | sponge ./package.json
     popd
   '' + ''
-    # rebuild binaries, we use npm here, as yarn does not provide an alternative
-    # that would not attempt to try to reinstall everything and break our
-    # patching attempts
-    npm rebuild --prefix vendor/modules/code-oss-dev --update-binary
+
+    # put ripgrep binary into bin, so postinstall does not try to download it
+    find -name ripgrep -type d \
+      -execdir mkdir -p {}/bin \; \
+      -execdir ln -s ${ripgrep}/bin/rg {}/bin/rg \;
 
     # run postinstall scripts after patching
-    find ./vendor/modules/code-oss-dev -path "*node_modules" -prune -o \
+    find ./lib/vscode -path "*node_modules" -prune -o \
       -path "./*/*/*/*/*" -name "yarn.lock" -printf "%h\n" | \
         xargs -I {} sh -c 'jq -e ".scripts.postinstall" {}/package.json >/dev/null && yarn --cwd {} postinstall --frozen-lockfile --offline || true'
 
@@ -233,7 +228,7 @@ in stdenv.mkDerivation rec {
     ln -s "${cloudAgent}/bin/cloud-agent" $out/libexec/code-server/lib/coder-cloud-agent
 
     # create wrapper
-    makeWrapper "${nodejs-14_x}/bin/node" "$out/bin/code-server" \
+    makeWrapper "${nodejs-16_x}/bin/node" "$out/bin/code-server" \
       --add-flags "$out/libexec/code-server/out/node/entry.js"
   '';
 
@@ -249,9 +244,9 @@ in stdenv.mkDerivation rec {
       code-server is VS Code running on a remote server, accessible through the
       browser.
     '';
-    homepage = "https://github.com/cdr/code-server";
+    homepage = "https://github.com/coder/code-server";
     license = licenses.mit;
-    maintainers = with maintainers; [ offline ];
+    maintainers = with maintainers; [ offline henkery ];
     platforms = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" ];
   };
 }

pkgs/servers/code-server/remove-cloud-agent-download.patch

@@ -1,17 +1,17 @@
 --- ./ci/build/npm-postinstall.sh
 +++ ./ci/build/npm-postinstall.sh
-@@ -58,14 +58,6 @@
-
-   OS="$(uname | tr '[:upper:]' '[:lower:]')"
+@@ -102,14 +102,6 @@
+     ;;
+   esac
  
 -  mkdir -p ./lib
 -
--  if curl -fsSL "https://github.com/cdr/cloud-agent/releases/latest/download/cloud-agent-$OS-$ARCH" -o ./lib/coder-cloud-agent; then
+-  if curl -fsSL "https://github.com/coder/cloud-agent/releases/latest/download/cloud-agent-$OS-$ARCH" -o ./lib/coder-cloud-agent; then
 -    chmod +x ./lib/coder-cloud-agent
 -  else
 -    echo "Failed to download cloud agent; --link will not work"
 -  fi
 -
-   if ! vscode_yarn; then
+   if ! vscode_install; then
      echo "You may not have the required dependencies to build the native modules."
-     echo "Please see https://github.com/cdr/code-server/blob/master/docs/npm.md"
+     echo "Please see https://github.com/coder/code-server/blob/main/docs/npm.md"

pkgs/servers/code-server/remove-node-download.patch

@@ -1,15 +1,16 @@
---- ./vendor/modules/code-oss-dev/build/gulpfile.reh.js
-+++ ./vendor/modules/code-oss-dev/build/gulpfile.reh.js
-@@ -277,8 +277,6 @@
+--- ./lib/vscode/build/gulpfile.reh.js
++++ ./lib/vscode/build/gulpfile.reh.js
+@@ -268,9 +268,6 @@
  			.pipe(util.stripSourceMappingURL())
  			.pipe(jsFilter.restore);
  
--		const nodePath = `.build/node/v${nodeVersion}/${platform}-${platform === 'darwin' ? 'x64' : arch}`;
+-		const nodePath = `.build/node/v${nodeVersion}/${platform}-${arch}`;
 -		const node = gulp.src(`${nodePath}/**`, { base: nodePath, dot: true });
- 
+-
  		let web = [];
  		if (type === 'reh-web') {
-@@ -296,7 +294,6 @@
+ 			web = [
+@@ -287,7 +284,6 @@
  			license,
  			sources,
  			deps,
@@ -17,11 +18,11 @@
  			...web
  		);
  
-@@ -376,7 +373,6 @@
+@@ -385,7 +381,6 @@
  			const destinationFolderName = `vscode-${type}${dashed(platform)}${dashed(arch)}`;
  
  			const serverTaskCI = task.define(`vscode-${type}${dashed(platform)}${dashed(arch)}${dashed(minified)}-ci`, task.series(
--				gulp.task(`node-${platform}-${platform === 'darwin' ? 'x64' : arch}`),
+-				gulp.task(`node-${platform}-${arch}`),
  				util.rimraf(path.join(BUILD_ROOT, destinationFolderName)),
  				packageTask(type, platform, arch, sourceFolderName, destinationFolderName)
  			));

pkgs/tools/admin/salt/default.nix

@@ -1,4 +1,5 @@
 { lib
+, stdenv
 , python3
 , openssl
 , fetchpatch
@@ -35,7 +36,7 @@ python3.pkgs.buildPythonApplication rec {
 
   postPatch = ''
     substituteInPlace "salt/utils/rsax931.py" \
-      --subst-var-by "libcrypto" "${lib.getLib openssl}/lib/libcrypto.so"
+      --subst-var-by "libcrypto" "${lib.getLib openssl}/lib/libcrypto${stdenv.hostPlatform.extensions.sharedLibrary}"
     substituteInPlace requirements/base.txt \
       --replace contextvars ""
 

pkgs/tools/misc/faketty/default.nix

@@ -2,14 +2,14 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "faketty";
-  version = "1.0.11";
+  version = "1.0.12";
 
   src = fetchCrate {
     inherit pname version;
-    sha256 = "sha256-HMeJNUF4VT2WdGwAW21GvCp33Bg2HB8NCHv0+3cf74U=";
+    sha256 = "sha256-1q1TOwKC2Tse/Ct/6Nw7YiOviJyBZAsOBEp3sT4N0ss=";
   };
 
-  cargoSha256 = "sha256-jhSleyhBquU0PxmVPGo1CkuwrzLG7WG5ANPmZ14/ui0=";
+  cargoSha256 = "sha256-x8+7sZJnA+kEwKAu8DBF8z7JhWjJ6ZFiLaQP8kFOt08=";
 
   postPatch = ''
     patchShebangs tests/test.sh

pkgs/tools/networking/lxi-tools/default.nix

@@ -10,13 +10,13 @@
 
 stdenv.mkDerivation rec {
   pname = "lxi-tools";
-  version = "2.3";
+  version = "2.4";
 
   src = fetchFromGitHub {
     owner = "lxi-tools";
     repo = "lxi-tools";
     rev = "v${version}";
-    sha256 = "sha256-c53Jn/9xKsxQDsRWU2LKtNWs28AuG4t5OwYOAMxpcPA=";
+    sha256 = "sha256-1CuE/OuClVqw8bG1N8DFNqqQGmXyGyk1LICrcHyuVxw=";
   };
 
   nativeBuildInputs = [

pkgs/top-level/all-packages.nix

@@ -14975,6 +14975,8 @@ with pkgs;
 
   mint = callPackage ../development/compilers/mint { };
 
+  mitama-cpp-result = callPackage ../development/libraries/mitama-cpp-result { };
+
   mitscheme = callPackage ../development/compilers/mit-scheme
     { stdenv = gcc10StdenvCompat; texLive = texlive.combine { inherit (texlive) scheme-small epsf texinfo; }; };
 
@@ -17711,6 +17713,8 @@ with pkgs;
 
   nmrpflash = callPackage ../development/embedded/nmrpflash { };
 
+  norminette = callPackage ../development/tools/norminette { };
+
   nwjs = callPackage ../development/tools/nwjs { };
 
   nwjs-sdk = callPackage ../development/tools/nwjs {
@@ -21705,6 +21709,7 @@ with pkgs;
   mygpoclient = with python3.pkgs; toPythonApplication mygpoclient;
 
   mygui = callPackage ../development/libraries/mygui {
+    inherit (darwin.apple_sdk.frameworks) Cocoa;
     ogre = ogre1_9;
   };
 
@@ -26138,6 +26143,7 @@ with pkgs;
     ubootCubieboard2
     ubootGuruplug
     ubootJetsonTK1
+    ubootLibreTechCC
     ubootNanoPCT4
     ubootNovena
     ubootOdroidC2
@@ -38246,4 +38252,6 @@ with pkgs;
   widevine-cdm = callPackage ../applications/networking/browsers/misc/widevine-cdm.nix { };
 
   alsa-scarlett-gui = callPackage ../applications/audio/alsa-scarlett-gui { };
+
+  tuner = callPackage ../applications/audio/tuner { };
 }