Merge master into staging-next

JohnRTitor · Dec 23, 2024 · 02d93dd · 02d93dd
2 parents c9a9b70 + 605126d
commit 02d93dd
Show file tree

Hide file tree

Showing 36 changed files with 612 additions and 50 deletions.
diff --git a/.github/workflows/eval.yml b/.github/workflows/eval.yml
@@ -53,7 +53,7 @@ jobs:
           echo "systems=$(<result/systems.json)" >> "$GITHUB_OUTPUT"
 
       - name: Upload the list of all attributes
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: paths
           path: result/*
@@ -111,7 +111,7 @@ jobs:
           # If it uses too much memory, slightly decrease chunkSize
 
       - name: Upload the output paths and eval stats
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: intermediate-${{ matrix.system }}
           path: result/*
@@ -145,7 +145,7 @@ jobs:
             -o prResult
 
       - name: Upload the combined results
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: result
           path: prResult/*
@@ -203,7 +203,7 @@ jobs:
 
       - name: Upload the combined results
         if: steps.baseRunId.outputs.baseRunId
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: comparison
           path: comparison/*

diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
@@ -2995,6 +2995,12 @@
     githubId = 133602;
     name = "Bjørn Forsman";
   };
+  bjsowa = {
+    email = "[email protected]";
+    github = "bjsowa";
+    githubId = 23124539;
+    name = "Błażej Sowa";
+  };
   bkchr = {
     email = "[email protected]";
     github = "bkchr";

diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md
@@ -47,6 +47,8 @@
 
 - [Traccar](https://www.traccar.org/), a modern GPS Tracking Platform. Available as [services.traccar](#opt-services.traccar.enable).
 
+- [Schroot](https://codeberg.org/shelter/reschroot), a lightweight virtualisation tool. Securely enter a chroot and run a command or login shell. Available as [programs.schroot](#opt-programs.schroot.enable).
+
 - [crab-hole](https://github.com/LuckyTurtleDev/crab-hole), a cross platform Pi-hole clone written in Rust using hickory-dns/trust-dns. Available as [services.crab-hole](#opt-services.crab-hole.enable).
 
 - [Amazon CloudWatch Agent](https://github.com/aws/amazon-cloudwatch-agent), the official telemetry collector for AWS CloudWatch and AWS X-Ray. Available as [services.amazon-cloudwatch-agent](options.html#opt-services.amazon-cloudwatch-agent.enable).

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
@@ -285,6 +285,7 @@
   ./programs/rust-motd.nix
   ./programs/ryzen-monitor-ng.nix
   ./programs/screen.nix
+  ./programs/schroot.nix
   ./programs/seahorse.nix
   ./programs/sedutil.nix
   ./programs/shadow.nix

diff --git a/nixos/modules/programs/schroot.nix b/nixos/modules/programs/schroot.nix
@@ -0,0 +1,137 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  cfg = config.programs.schroot;
+  iniFmt = pkgs.formats.ini { };
+in
+{
+  options = {
+    programs.schroot = {
+      enable = lib.mkEnableOption "schroot, a lightweight virtualisation tool";
+      package = lib.mkPackageOption pkgs "schroot" { };
+
+      settings = lib.mkOption {
+        type = iniFmt.type;
+        default = { };
+        example = {
+          "noble" = {
+            type = "directory";
+            description = "Ubuntu 24.04 Noble";
+            directory = "/srv/chroot/noble";
+            users = "my-user";
+            root-users = "my-user";
+            personality = "linux";
+            preserve-environment = false;
+            profile = "my-profile";
+            shell = "/bin/bash";
+          };
+        };
+        description = ''
+          Schroot configuration settings.
+          For more details, see {manpage}`schroot.conf(5)`.
+        '';
+      };
+
+      profiles = lib.mkOption {
+        type = lib.types.attrsOf (
+          lib.types.submodule {
+            options = {
+              copyfiles = lib.mkOption {
+                type = lib.types.listOf lib.types.str;
+                example = [ "/etc/resolv.conf" ];
+                description = "A list of files to copy into the chroot from the host system.";
+              };
+              fstab = lib.mkOption {
+                type = lib.types.path;
+                example = lib.literalExpression ''
+                  pkgs.writeText "my-schroot-fstab" '''
+                    /proc           /proc           none    rw,bind         0       0
+                    /sys            /sys            none    rw,bind         0       0
+                    /dev            /dev            none    rw,bind         0       0
+                    /dev/pts        /dev/pts        none    rw,bind         0       0
+                    /home           /home           none    rw,rbind        0       0
+                    /tmp            /tmp            none    rw,bind         0       0
+                    /dev/shm        /dev/shm        none    rw,bind         0       0
+                    /nix            /nix            none    ro,bind         0       0
+                    /run/current-system /run/current-system none rw,bind    0       0
+                    /run/wrappers   /run/wrappers   none    rw,bind         0       0
+                  '''
+                '';
+                description = ''
+                  A file in the format described in {manpage}`fstab(5)`, used to mount filesystems inside the chroot.
+                  The mount location is relative to the root of the chroot.
+                '';
+              };
+              nssdatabases = lib.mkOption {
+                type = lib.types.listOf lib.types.str;
+                example = [
+                  "passwd"
+                  "shadow"
+                  "group"
+                  "gshadow"
+                  "services"
+                  "protocols"
+                  "networks"
+                  "hosts"
+                ];
+                description = ''
+                  System databases (as described in /etc/nsswitch.conf on GNU/Linux systems) to copy into the chroot from the host.
+                '';
+              };
+            };
+          }
+        );
+        default = { };
+        description = "Custom configuration profiles for schroot.";
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    environment = {
+      systemPackages = [ cfg.package ];
+
+      etc =
+        {
+          # schroot requires this directory to exist
+          "schroot/chroot.d/.keep".text = "";
+
+          "schroot/schroot.conf".source = iniFmt.generate "schroot.conf" cfg.settings;
+        }
+        // (lib.attrsets.concatMapAttrs (
+          name:
+          {
+            copyfiles,
+            fstab,
+            nssdatabases,
+          }:
+          {
+            "schroot/${name}/copyfiles".text = (lib.strings.concatStringsSep "\n" copyfiles) + "\n";
+            "schroot/${name}/fstab".source = fstab;
+            "schroot/${name}/nssdatabases".text = (lib.strings.concatStringsSep "\n" nssdatabases) + "\n";
+          }
+        ) cfg.profiles);
+    };
+
+    security.wrappers.schroot = {
+      source = "${cfg.package}/bin/schroot";
+      owner = "root";
+      group = "root";
+      setuid = true;
+    };
+
+    # Schroot requires these directories to exist
+    systemd.tmpfiles.rules = [
+      "d /var/lib/schroot/session - root root - -"
+      "d /var/lib/schroot/unpack - root root - -"
+      "d /var/lib/schroot/union - root root - -"
+      "d /var/lib/schroot/union/overlay - root root - -"
+      "d /var/lib/schroot/union/underlay - root root - -"
+    ];
+  };
+}
diff --git a/pkgs/applications/gis/qgis/unwrapped-ltr.nix b/pkgs/applications/gis/qgis/unwrapped-ltr.nix
@@ -82,14 +82,14 @@ let
   ];
 in
 mkDerivation rec {
-  version = "3.34.13";
+  version = "3.34.14";
   pname = "qgis-ltr-unwrapped";
 
   src = fetchFromGitHub {
     owner = "qgis";
     repo = "QGIS";
     rev = "final-${lib.replaceStrings [ "." ] [ "_" ] version}";
-    hash = "sha256-eNncDIRfFYFxyc5a2tZijmVpx/LNm/roak84guFvldg=";
+    hash = "sha256-4nptnzAvLOC8R1sqfdHJ4YYtotwcOARbu9fe4YKwIVM=";
   };
 
   passthru = {

diff --git a/pkgs/applications/gis/qgis/unwrapped.nix b/pkgs/applications/gis/qgis/unwrapped.nix
@@ -80,14 +80,14 @@ let
     urllib3
   ];
 in mkDerivation rec {
-  version = "3.40.1";
+  version = "3.40.2";
   pname = "qgis-unwrapped";
 
   src = fetchFromGitHub {
     owner = "qgis";
     repo = "QGIS";
     rev = "final-${lib.replaceStrings [ "." ] [ "_" ] version}";
-    hash = "sha256-C86RwyeIZrflC5F2VQCw1LwF9VM4/OBEsLbGPiWKeco=";
+    hash = "sha256-8bcCpNgw4FV++qye8G3QXA3k0QCgqByODzPUTw0VX/E=";
   };
 
   passthru = {

diff --git a/pkgs/applications/graphics/tesseract/wrapper.nix b/pkgs/applications/graphics/tesseract/wrapper.nix
@@ -18,7 +18,9 @@ let
 
     nativeBuildInputs = [ makeWrapper ];
 
-    buildCommand = ''
+    phases = [ "buildPhase" "fixupPhase" ];
+
+    buildPhase = ''
       makeWrapper {$tesseractBase,$out}/bin/tesseract --set-default TESSDATA_PREFIX $out/share/tessdata
 
       # Recursively link include, share

diff --git a/pkgs/by-name/ab/abracadabra/package.nix b/pkgs/by-name/ab/abracadabra/package.nix
@@ -15,13 +15,13 @@
 
 stdenv.mkDerivation rec {
   pname = "abracadabra";
-  version = "2.7.1";
+  version = "2.8.0";
 
   src = fetchFromGitHub {
     owner = "KejPi";
     repo = "AbracaDABra";
     rev = "v${version}";
-    hash = "sha256-d9DNgpvAZUova0ef6Ge4L/hRjLpY/UkDBawU2UAuSGI=";
+    hash = "sha256-bzRXGxSWoiBqvx8r2coNVPQKilOAKFoqBcB4F0uAV8g=";
   };
 
   nativeBuildInputs = [

diff --git a/pkgs/by-name/ai/aisleriot/package.nix b/pkgs/by-name/ai/aisleriot/package.nix
@@ -19,14 +19,14 @@
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "aisleriot";
-  version = "3.22.33";
+  version = "3.22.34";
 
   src = fetchFromGitLab {
     domain = "gitlab.gnome.org";
     owner = "GNOME";
     repo = "aisleriot";
     rev = finalAttrs.version;
-    hash = "sha256-HylhDBgkAJrrs/r42v3aDNR8mBJaqnJHyY7T3QW1eWg=";
+    hash = "sha256-XaEyh1ZXBvW/4tfuQyEFzvnE2Vv7+4lTUfeXoSCMnHM=";
   };
 
   nativeBuildInputs = [

diff --git a/pkgs/by-name/ap/apftool-rs/package.nix b/pkgs/by-name/ap/apftool-rs/package.nix
@@ -0,0 +1,28 @@
+{
+  lib,
+  fetchFromGitHub,
+  rustPlatform,
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "apftool-rs";
+  version = "0-unstable-2024-01-05";
+
+  src = fetchFromGitHub {
+    owner = "suyulin";
+    repo = "apftool-rs";
+    rev = "92d8a1b88cb79a53f9e4a70fecee481710d3565b";
+    hash = "sha256-0+eKxaLKZBRLdydXxUbifFfFncAbthUn7AB8QieWaXM=";
+  };
+
+  cargoHash = "sha256-6lYokd0jwpBWCQ+AbN6ptZYXGcy41GHPbnTELUjPbyA=";
+
+  meta = {
+    description = "About Tools for Rockchip image unpack tool";
+    mainProgram = "apftool-rs";
+    homepage = "https://github.com/suyulin/apftool-rs";
+    license = lib.licenses.asl20;
+    maintainers = with lib.maintainers; [ colemickens ];
+    platforms = lib.platforms.linux;
+  };
+}
diff --git a/pkgs/by-name/gn/gnome-calculator/package.nix b/pkgs/by-name/gn/gnome-calculator/package.nix
@@ -26,11 +26,11 @@
 
 stdenv.mkDerivation rec {
   pname = "gnome-calculator";
-  version = "47.0";
+  version = "47.1";
 
   src = fetchurl {
     url = "mirror://gnome/sources/gnome-calculator/${lib.versions.major version}/gnome-calculator-${version}.tar.xz";
-    hash = "sha256-3s2yMoO12+70CVG2nq99S4DAw4gN2wGGP58PFVT4mYs=";
+    hash = "sha256-vp+SJ5m35+ZclzSLm35kf/4zyDG7OlHTniwWjSrcQOA=";
   };
 
   nativeBuildInputs = [

diff --git a/pkgs/by-name/gn/gnome-contacts/package.nix b/pkgs/by-name/gn/gnome-contacts/package.nix
@@ -29,11 +29,11 @@
 
 stdenv.mkDerivation rec {
   pname = "gnome-contacts";
-  version = "47.0";
+  version = "47.1.1";
 
   src = fetchurl {
     url = "mirror://gnome/sources/gnome-contacts/${lib.versions.major version}/gnome-contacts-${version}.tar.xz";
-    hash = "sha256-JePG95coGIr6XwzV0L6F3EZ9EttqLZi1SvPfDctCkNA=";
+    hash = "sha256-R+GuRbcEGgXV4nZJ2RLiwwAlYYisRg7cukaJnGYIpHg=";
   };
 
   nativeBuildInputs = [

diff --git a/pkgs/by-name/gn/gnome-terminal/package.nix b/pkgs/by-name/gn/gnome-terminal/package.nix
@@ -30,14 +30,14 @@
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "gnome-terminal";
-  version = "3.54.1";
+  version = "3.54.2";
 
   src = fetchFromGitLab {
     domain = "gitlab.gnome.org";
     owner = "GNOME";
     repo = "gnome-terminal";
     rev = finalAttrs.version;
-    hash = "sha256-1Lu/qaeMUL8QvZGIxq2iuI7lfZSB+jMjkI2Jg6qULI0=";
+    hash = "sha256-81dOdmIwa3OmuUTciTlearqic6bFMfiX1nvoIxJCt/M=";
   };
 
   nativeBuildInputs = [

diff --git a/pkgs/by-name/gu/gucharmap/package.nix b/pkgs/by-name/gu/gucharmap/package.nix
@@ -18,7 +18,7 @@
   libxml2,
   yelp-tools,
   docbook_xsl,
-  docbook_xml_dtd_412,
+  docbook_xml_dtd_45,
   gsettings-desktop-schemas,
   unzip,
   unicode-character-database,
@@ -47,7 +47,7 @@ let
 in
 stdenv.mkDerivation (finalAttrs: {
   pname = "gucharmap";
-  version = "16.0.1";
+  version = "16.0.2";
 
   outputs = [
     "out"
@@ -61,7 +61,7 @@ stdenv.mkDerivation (finalAttrs: {
     owner = "GNOME";
     repo = "gucharmap";
     rev = finalAttrs.version;
-    hash = "sha256-eQ27TIggwQ2RjDQO5ytVrUT7iNtbP5HOwMcpzweMW8A=";
+    hash = "sha256-UaXgQIhAoI27iYWgZuZeO7Lv6J9pj06HPp0SZs/5abM=";
   };
 
   strictDeps = true;
@@ -77,7 +77,7 @@ stdenv.mkDerivation (finalAttrs: {
       itstool
       gtk-doc
       docbook_xsl
-      docbook_xml_dtd_412
+      docbook_xml_dtd_45
       yelp-tools
       libxml2
       desktop-file-utils