From c1a3a2f36e352e637fc193beb88d60b0e4f71802 Mon Sep 17 00:00:00 2001 From: Enno Richter Date: Fri, 1 Nov 2024 05:58:10 +0100 Subject: [PATCH 01/29] tesseract: ensure fixupPhase is run, e.g. ensuring library codesigning on darwin --- pkgs/applications/graphics/tesseract/wrapper.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/applications/graphics/tesseract/wrapper.nix b/pkgs/applications/graphics/tesseract/wrapper.nix index 59686e3251f26..47398b88c80a2 100644 --- a/pkgs/applications/graphics/tesseract/wrapper.nix +++ b/pkgs/applications/graphics/tesseract/wrapper.nix @@ -18,7 +18,9 @@ let nativeBuildInputs = [ makeWrapper ]; - buildCommand = '' + phases = [ "buildPhase" "fixupPhase" ]; + + buildPhase = '' makeWrapper {$tesseractBase,$out}/bin/tesseract --set-default TESSDATA_PREFIX $out/share/tessdata # Recursively link include, share From 886af9cde4dbde4ccad7cad2ea6c87f666e5930a Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Tue, 3 Dec 2024 19:09:05 +0100 Subject: [PATCH 02/29] rubyPackages.rails-html-sanitizer: 1.6.0 -> 1.6.1 Fixes CVE-2024-53985, CVE-2024-53986, CVE-2024-53987, CVE-2024-53988 and CVE-2024-53989. https://discuss.rubyonrails.org/t/rails-html-sanitizer-v1-6-1-addresses-multiple-cves/88092 https://github.com/rails/rails-html-sanitizer/releases/tag/v1.6.1 --- pkgs/top-level/ruby-packages.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/top-level/ruby-packages.nix b/pkgs/top-level/ruby-packages.nix index dcaa14483eaf8..40f4e0f646cfe 100644 --- a/pkgs/top-level/ruby-packages.nix +++ b/pkgs/top-level/ruby-packages.nix @@ -2915,10 +2915,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1pm4z853nyz1bhhqr7fzl44alnx4bjachcr6rh6qjj375sfz3sc6"; + sha256 = "1w6bqm8d3afc66ff6npnsc2d8ky552n6qzwwwc1bh0wz6c8gplp3"; type = "gem"; }; - version = "1.6.0"; + version = "1.6.1"; }; railties = { dependencies = ["actionpack" "activesupport" "irb" "rackup" "rake" "thor" "zeitwerk"]; From 81301c73353ed494d1e298f5bbb5883b53f3dfe6 Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Tue, 3 Dec 2024 19:31:31 +0100 Subject: [PATCH 03/29] rubyPackages.rexml: 3.3.6 -> 3.3.9 Fixes CVE-2024-49761 (only impacts Ruby 3.1). Changes: https://github.com/ruby/rexml/releases/tag/v3.3.9 https://github.com/ruby/rexml/releases/tag/v3.3.8 https://github.com/ruby/rexml/releases/tag/v3.3.7 --- pkgs/top-level/ruby-packages.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/top-level/ruby-packages.nix b/pkgs/top-level/ruby-packages.nix index dcaa14483eaf8..4bf3a92264d2b 100644 --- a/pkgs/top-level/ruby-packages.nix +++ b/pkgs/top-level/ruby-packages.nix @@ -3148,10 +3148,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ik3in0957l9s6iwdm3nsk4za072cj27riiqgpx6zzcd22flbw3s"; + sha256 = "1j9p66pmfgxnzp76ksssyfyqqrg7281dyi3xyknl3wwraaw7a66p"; type = "gem"; }; - version = "3.3.6"; + version = "3.3.9"; }; rmagick = { dependencies = ["observer" "pkg-config"]; From ea3e2b7b833243fc9f7df7dc10b8a9f21c3ac1c7 Mon Sep 17 00:00:00 2001 From: Andrei Lapshin Date: Tue, 9 Jul 2024 21:27:47 +0200 Subject: [PATCH 04/29] beanquery: init at 0.1.0 --- .../python-modules/beanquery/default.nix | 53 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + pkgs/top-level/python-packages.nix | 2 + 3 files changed, 57 insertions(+) create mode 100644 pkgs/development/python-modules/beanquery/default.nix diff --git a/pkgs/development/python-modules/beanquery/default.nix b/pkgs/development/python-modules/beanquery/default.nix new file mode 100644 index 0000000000000..726e6e220d888 --- /dev/null +++ b/pkgs/development/python-modules/beanquery/default.nix @@ -0,0 +1,53 @@ +{ + lib, + beancount, + click, + buildPythonPackage, + fetchFromGitHub, + python-dateutil, + pytestCheckHook, + setuptools, + tatsu, +}: +buildPythonPackage rec { + pname = "beanquery"; + version = "0.1.0"; + pyproject = true; + + src = fetchFromGitHub { + owner = "beancount"; + repo = "beanquery"; + rev = "refs/tags/v${version}"; + hash = "sha256-1+KTUvnqPceRbzY1OZwOSQdK7f78K9kSwtQfI1SUIa8="; + }; + + build-system = [ setuptools ]; + + dependencies = [ + beancount + click + python-dateutil + tatsu + ]; + + pythonRelaxDeps = [ "tatsu" ]; + + nativeCheckInputs = [ pytestCheckHook ]; + + pythonImportsCheck = [ + "beancount" + "beanquery" + ]; + + meta = with lib; { + homepage = "https://github.com/beancount/beanquery"; + description = "Beancount Query Language"; + longDescription = '' + A customizable light-weight SQL query tool that works on tabular data, + including Beancount. + ''; + license = licenses.gpl2Only; + maintainers = with maintainers; [ alapshin ]; + mainProgram = "bean-query"; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index fb7d56216dbff..2668597060bcf 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -16525,6 +16525,8 @@ with pkgs; bean-add = callPackage ../applications/office/beancount/bean-add.nix { }; + beanquery = with python3.pkgs; toPythonApplication beanquery; + bench = # TODO: Erroneous references to GHC on aarch64-darwin: https://github.com/NixOS/nixpkgs/issues/318013 (if stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64 then lib.id else haskell.lib.compose.justStaticExecutables) diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index e97f3474650cb..f7121fcc9e190 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -1567,6 +1567,8 @@ self: super: with self; { beanhub-import = callPackage ../development/python-modules/beanhub-import { }; + beanquery = callPackage ../development/python-modules/beanquery { }; + beanstalkc = callPackage ../development/python-modules/beanstalkc { }; beartype = callPackage ../development/python-modules/beartype { }; From de13b1e5c820d0e7e8079395bcfc7bbcbd6ff7f1 Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Wed, 4 Dec 2024 22:10:47 +0100 Subject: [PATCH 05/29] zabbix60: 6.0.26 -> 6.0.36 Fixes CVE-2024-42327. Changes: https://www.zabbix.com/rn/rn6.0.36 https://www.zabbix.com/rn/rn6.0.35 https://www.zabbix.com/rn/rn6.0.34 https://www.zabbix.com/rn/rn6.0.33 https://www.zabbix.com/rn/rn6.0.32 https://www.zabbix.com/rn/rn6.0.31 https://www.zabbix.com/rn/rn6.0.30 https://www.zabbix.com/rn/rn6.0.29 https://www.zabbix.com/rn/rn6.0.28 https://www.zabbix.com/rn/rn6.0.27 --- pkgs/servers/monitoring/zabbix/versions.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/monitoring/zabbix/versions.nix b/pkgs/servers/monitoring/zabbix/versions.nix index 1e4d5dbc255d8..d5d5cadc59914 100644 --- a/pkgs/servers/monitoring/zabbix/versions.nix +++ b/pkgs/servers/monitoring/zabbix/versions.nix @@ -10,8 +10,8 @@ generic: { vendorHash = null; }; v60 = generic { - version = "6.0.26"; - hash = "sha256-MIOKe5hqfDecB1oWZKzbFmJCsQLuAGtp21l2WxxVG+g="; + version = "6.0.36"; + hash = "sha256-Ne0OY6NGzTYOn3sDVd+5tfawBu5VBjxNRtlxasubGCk="; vendorHash = null; }; From 5ddd7bfac0fbd96034433f25cae1219dced8dd59 Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Wed, 4 Dec 2024 22:26:20 +0100 Subject: [PATCH 06/29] zabbix64: 6.4.15 -> 6.4.20 Fixes CVE-2024-42327. Changes: https://www.zabbix.com/rn/rn6.4.20 https://www.zabbix.com/rn/rn6.4.19 https://www.zabbix.com/rn/rn6.4.18 https://www.zabbix.com/rn/rn6.4.17 https://www.zabbix.com/rn/rn6.4.16 --- pkgs/servers/monitoring/zabbix/versions.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/monitoring/zabbix/versions.nix b/pkgs/servers/monitoring/zabbix/versions.nix index d5d5cadc59914..f7a5a7f399738 100644 --- a/pkgs/servers/monitoring/zabbix/versions.nix +++ b/pkgs/servers/monitoring/zabbix/versions.nix @@ -5,8 +5,8 @@ generic: { vendorHash = null; }; v64 = generic { - version = "6.4.15"; - hash = "sha256-CtmNCuzDVchijinWcop3lGUTVGS2JbiQCbmusyXBQvY="; + version = "6.4.20"; + hash = "sha256-tFsg2Jq8Uaa5YULGUu1kXLkxyJuA3YGeSfJ4DPfOHkk="; vendorHash = null; }; v60 = generic { From 85cabb41a9dfe429efa34a6debb91795da86fe3e Mon Sep 17 00:00:00 2001 From: Riley Bruins Date: Mon, 2 Dec 2024 00:52:07 -0800 Subject: [PATCH 07/29] ts_query_ls: 1.0.1 -> 1.4.1 --- pkgs/by-name/ts/ts_query_ls/package.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/pkgs/by-name/ts/ts_query_ls/package.nix b/pkgs/by-name/ts/ts_query_ls/package.nix index e27a1aa42848d..fa0f34de34483 100644 --- a/pkgs/by-name/ts/ts_query_ls/package.nix +++ b/pkgs/by-name/ts/ts_query_ls/package.nix @@ -6,7 +6,7 @@ }: let pname = "ts_query_ls"; - version = "1.0.1"; + version = "1.4.1"; in rustPlatform.buildRustPackage { inherit pname version; @@ -15,14 +15,13 @@ rustPlatform.buildRustPackage { owner = "ribru17"; repo = "ts_query_ls"; rev = "v${version}"; - hash = "sha256-jhlFFNzGP9SNw4G2arGPQzQ7KQ4duCse/CQoK9lWaPk="; + hash = "sha256-BPPM21hRRWlCequoHiME+9FAp4JunfdEv6VF5b2gQKs="; }; nativeBuildInputs = [ cmake ]; - doCheck = false; # no tests useFetchCargoVendor = true; - cargoHash = "sha256-CgX8lPOX3ZvoSD4SuKR8MTpKvLrhIbzrXqlKrvY0xzE="; + cargoHash = "sha256-N7glMlrKotsHXvABYO2J0fNgpbxhsyU/5RWC9GVOwdA="; meta = { description = "LSP implementation for Tree-sitter's query files"; From 69c46d440cf117d6425bf3e5f8ab9795255134e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C5=82a=C5=BCej=20Sowa?= Date: Sun, 27 Oct 2024 22:02:11 +0100 Subject: [PATCH 08/29] maintainers: add bjsowa --- maintainers/maintainer-list.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 08a44f8b4ea7c..3c6b389e8c133 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -2977,6 +2977,12 @@ githubId = 133602; name = "Bjørn Forsman"; }; + bjsowa = { + email = "bsowa123@gmail.com"; + github = "bjsowa"; + githubId = 23124539; + name = "Błażej Sowa"; + }; bkchr = { email = "nixos@kchr.de"; github = "bkchr"; From 4287550e3df8794c0d579974638aeaf5e482edea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C5=82a=C5=BCej=20Sowa?= Date: Sun, 1 Dec 2024 13:13:59 +0100 Subject: [PATCH 09/29] schroot: init at 1.6.13-5 --- pkgs/by-name/sc/schroot/debian-patches.nix | 70 ++++++++++++ pkgs/by-name/sc/schroot/debian-patches.txt | 17 +++ .../sc/schroot/fix-absolute-paths.patch | 43 ++++++++ .../sc/schroot/no-default-config.patch | 33 ++++++ pkgs/by-name/sc/schroot/no-pam-service.patch | 10 ++ pkgs/by-name/sc/schroot/no-setuid.patch | 12 ++ pkgs/by-name/sc/schroot/package.nix | 104 ++++++++++++++++++ 7 files changed, 289 insertions(+) create mode 100644 pkgs/by-name/sc/schroot/debian-patches.nix create mode 100644 pkgs/by-name/sc/schroot/debian-patches.txt create mode 100644 pkgs/by-name/sc/schroot/fix-absolute-paths.patch create mode 100644 pkgs/by-name/sc/schroot/no-default-config.patch create mode 100644 pkgs/by-name/sc/schroot/no-pam-service.patch create mode 100644 pkgs/by-name/sc/schroot/no-setuid.patch create mode 100644 pkgs/by-name/sc/schroot/package.nix diff --git a/pkgs/by-name/sc/schroot/debian-patches.nix b/pkgs/by-name/sc/schroot/debian-patches.nix new file mode 100644 index 0000000000000..cb4253e7e347e --- /dev/null +++ b/pkgs/by-name/sc/schroot/debian-patches.nix @@ -0,0 +1,70 @@ +# Generated by debian-patches.sh from debian-patches.txt +let + prefix = "https://salsa.debian.org/debian/schroot/-/raw/debian/master/1.6.13-4/debian/patches"; +in +[ + { + url = "${prefix}/1539621689.revert.schroot-1.6.10-48-g2600bcab.revert-environment-preserve-empty-values.patch"; + sha256 = "0kvp47qkhq4s7bqil1pcq7c0a63hiw7xgmrxv460rfb9irvlp2wn"; + } + { + url = "${prefix}/1448890714.schroot-1.7.2-72-gbf30a928.setup-d-20copyfiles-canonicalize-destination-path.patch"; + sha256 = "09vliqpmqn4yvh3mxsa9iqlwxkfrhfjraizm945ir6v23m622i6k"; + } + { + url = "${prefix}/1453505583.schroot-1.7.2-72-g11587fd8.etc-setup-d-20copyfiles-replace-dangling-symlink-during-cp.patch"; + sha256 = "036g3br7251ykhmgq48zbjdgyy06m0rhrv1hf540zb7n6ildygkz"; + } + { + url = "${prefix}/1496783678.schroot-1.7.2-127-ga5e5d8d9.fix-bash-completion.patch"; + sha256 = "0adqpyqkw5kyg1843ygificm2hxawl4pi1lbyn2dvzw11yawvv9k"; + } + { + url = "${prefix}/1530433671.schroot-1.7.2-129-g00c0a972.cmake-use-soelim-r-option.patch"; + sha256 = "0csn6j6xsi8bd16r7bvd33albwz6v7fv7wawakkiimbj59zbinhn"; + } + { + url = "${prefix}/1487872945.schroot-1.7.2-137-g5c36362b.support-copyfiles-installation-into-non-existent-directories.patch"; + sha256 = "1iizprcdnisdjgp091y0zjsayq5qqfwh9d2d9zns1d0414jafp7b"; + } + { + url = "${prefix}/1487872999.schroot-1.7.2-138-g5a611c49.support-copyfiles-source-destination-specifications.patch"; + sha256 = "03f735zyzj4zmrrmynb2xl49i8s8580d9dyp0kxq5aq555sl7hx2"; + } + { + url = "${prefix}/1662655911.reschroot-1.6.13-2-g779349dc.replace-usage-of-egrep-and-which.patch"; + sha256 = "0f2wziwchfg3v193i8x7s60vr9yx72z3f7ddgsfkshay4m5mrprs"; + } + { + url = "${prefix}/1662656169.reschroot-1.6.13-3-ga9e100e5.clean-up-mess-created-in-the-portuguese-translations.patch"; + sha256 = "1yq05pc38rkbb0njwllfwjc8dl73i7g7z89spsa7ls3amkyccm7w"; + } + { + url = "${prefix}/1664011392.reschroot-1.6.13-4-g93017cff.update-french-translation.patch"; + sha256 = "0qhcifjxgipxh67fjf0ydclvxn9yys7hfcwxir9jnw572y9igx1k"; + } + { + url = "${prefix}/1665995770.reschroot-1.6.13-5-g81b88b45.document-a-login-shell-might-be-switched-to-a-regular-shell.patch"; + sha256 = "1lwslyqrfz1xmi28j1s80pq763k63f9g4qgx9vr3qm247gb7v55l"; + } + { + url = "${prefix}/1692468301.reschroot-1.6.13-6-g271acf6e.subject-mount-a-new-instance-of-dev-pts-in-the-chroot.patch"; + sha256 = "1j04bxcbg2bigss7sjqyg7cn8547wwmp5zj8406v3vk5g71iaijf"; + } + { + url = "${prefix}/1664222056.reschroot-1.6.13-9-g55af32cf.fix-localename-type.patch"; + sha256 = "15kjl3g6c79jfqh45mr3h3qbl5gx2pmxqc2pmsjplxdkksx9i6yn"; + } + { + url = "${prefix}/1658716738.reschroot-1.6.12-2-g2045008e.fix-variable-usage-in-copyfiles-copy-file-function.patch"; + sha256 = "02c6zsmprdvkgf3krl6z1qwvx144arng0s34ry1dq8qvwl5fd66c"; + } + { + url = "${prefix}/fix-dupes-in-buildd-configuration.patch"; + sha256 = "0s8racsl2s4mix6n7xb09dmncs5w0jmnb0vrjxpwx9c1yhz46dwl"; + } + { + url = "${prefix}/fix-example-configuration.patch"; + sha256 = "1r6kffc7a4aanksjv4658vs4xs31gmrhpa2gmpqkr21s7zk45yav"; + } +] diff --git a/pkgs/by-name/sc/schroot/debian-patches.txt b/pkgs/by-name/sc/schroot/debian-patches.txt new file mode 100644 index 0000000000000..b4f3d8461a82c --- /dev/null +++ b/pkgs/by-name/sc/schroot/debian-patches.txt @@ -0,0 +1,17 @@ +schroot/1.6.13-5 +1539621689.revert.schroot-1.6.10-48-g2600bcab.revert-environment-preserve-empty-values.patch +1448890714.schroot-1.7.2-72-gbf30a928.setup-d-20copyfiles-canonicalize-destination-path.patch +1453505583.schroot-1.7.2-72-g11587fd8.etc-setup-d-20copyfiles-replace-dangling-symlink-during-cp.patch +1496783678.schroot-1.7.2-127-ga5e5d8d9.fix-bash-completion.patch +1530433671.schroot-1.7.2-129-g00c0a972.cmake-use-soelim-r-option.patch +1487872945.schroot-1.7.2-137-g5c36362b.support-copyfiles-installation-into-non-existent-directories.patch +1487872999.schroot-1.7.2-138-g5a611c49.support-copyfiles-source-destination-specifications.patch +1662655911.reschroot-1.6.13-2-g779349dc.replace-usage-of-egrep-and-which.patch +1662656169.reschroot-1.6.13-3-ga9e100e5.clean-up-mess-created-in-the-portuguese-translations.patch +1664011392.reschroot-1.6.13-4-g93017cff.update-french-translation.patch +1665995770.reschroot-1.6.13-5-g81b88b45.document-a-login-shell-might-be-switched-to-a-regular-shell.patch +1692468301.reschroot-1.6.13-6-g271acf6e.subject-mount-a-new-instance-of-dev-pts-in-the-chroot.patch +1664222056.reschroot-1.6.13-9-g55af32cf.fix-localename-type.patch +1658716738.reschroot-1.6.12-2-g2045008e.fix-variable-usage-in-copyfiles-copy-file-function.patch +fix-dupes-in-buildd-configuration.patch +fix-example-configuration.patch diff --git a/pkgs/by-name/sc/schroot/fix-absolute-paths.patch b/pkgs/by-name/sc/schroot/fix-absolute-paths.patch new file mode 100644 index 0000000000000..e2db2fdb58fcf --- /dev/null +++ b/pkgs/by-name/sc/schroot/fix-absolute-paths.patch @@ -0,0 +1,43 @@ +diff --git a/etc/setup.d/20copyfiles b/etc/setup.d/20copyfiles +index 3247ae2a..eed9fa46 100755 +--- a/etc/setup.d/20copyfiles ++++ b/etc/setup.d/20copyfiles +@@ -39,9 +39,9 @@ copy_file() + if [ -e "$2" ]; then + + # Device and inode +- da=$(/usr/bin/stat --format="%d %i" "$1") ++ da=$(stat --format="%d %i" "$1") + # This one can fail since it might not exist yet +- db=$(/usr/bin/stat --format="%d %i" "$2" 2>/dev/null || :) ++ db=$(stat --format="%d %i" "$2" 2>/dev/null || :) + + if [ "$da" = "$db" ]; then + COPY="false" +@@ -50,8 +50,8 @@ copy_file() + : + elif [ -f "$1" ] && [ -f "$2" ]; then + # Content +- ca=$(/usr/bin/md5sum "$1" | sed -e 's/\(^[0-9a-f][0-9a-f]*\).*$/\1/') +- cb=$(/usr/bin/md5sum "$2" 2>/dev/null || :) ++ ca=$(md5sum "$1" | sed -e 's/\(^[0-9a-f][0-9a-f]*\).*$/\1/') ++ cb=$(md5sum "$2" 2>/dev/null || :) + cb=$(echo "$cb" | sed -e 's/\(^[0-9a-f][0-9a-f]*\).*$/\1/') + # Copy only if file contents differ + if [ "$ca" = "$cb" ]; then +diff --git a/etc/setup.d/20nssdatabases b/etc/setup.d/20nssdatabases +index ac7206b7..00645362 100755 +--- a/etc/setup.d/20nssdatabases ++++ b/etc/setup.d/20nssdatabases +@@ -42,9 +42,9 @@ if [ $STAGE = "setup-start" ] || [ $STAGE = "setup-recover" ]; then + fi + + # Device and inode +- dr=$(/usr/bin/stat --format="%d %i" "/etc/$db") ++ dr=$(stat --format="%d %i" "/etc/$db") + # This one can fail since it might not exist yet +- dc=$(/usr/bin/stat --format="%d %i" "${CHROOT_PATH}/etc/$db" 2>/dev/null || :) ++ dc=$(stat --format="%d %i" "${CHROOT_PATH}/etc/$db" 2>/dev/null || :) + + # If the database inside and outside the chroot is the + # same, it's very likely that dup_nss would blank the diff --git a/pkgs/by-name/sc/schroot/no-default-config.patch b/pkgs/by-name/sc/schroot/no-default-config.patch new file mode 100644 index 0000000000000..3714c49827801 --- /dev/null +++ b/pkgs/by-name/sc/schroot/no-default-config.patch @@ -0,0 +1,33 @@ +diff --git a/etc/CMakeLists.txt b/etc/CMakeLists.txt +index dd31fd3d..65521010 100644 +--- a/etc/CMakeLists.txt ++++ b/etc/CMakeLists.txt +@@ -19,20 +19,20 @@ + set(schroot_sysconf_data + schroot.conf) + +-install(FILES ${schroot_sysconf_data} +- DESTINATION ${SCHROOT_SYSCONF_DIR}) ++# install(FILES ${schroot_sysconf_data} ++# DESTINATION ${SCHROOT_SYSCONF_DIR}) + + set(files + copyfiles + fstab + nssdatabases) + +-set(profiles +- buildd +- default +- desktop +- minimal +- sbuild) ++# set(profiles ++# buildd ++# default ++# desktop ++# minimal ++# sbuild) + + set(arches + ${SBUILD_PLATFORM}) diff --git a/pkgs/by-name/sc/schroot/no-pam-service.patch b/pkgs/by-name/sc/schroot/no-pam-service.patch new file mode 100644 index 0000000000000..7cbf4c9054dac --- /dev/null +++ b/pkgs/by-name/sc/schroot/no-pam-service.patch @@ -0,0 +1,10 @@ +--- a/etc/CMakeLists.txt ++++ b/etc/CMakeLists.txt +@@ -68,6 +68,6 @@ foreach(profile ${profiles}) + endforeach(file) + endforeach(profile) + +-add_subdirectory(pam) ++# add_subdirectory(pam) + add_subdirectory(bash_completion) + add_subdirectory(setup.d) diff --git a/pkgs/by-name/sc/schroot/no-setuid.patch b/pkgs/by-name/sc/schroot/no-setuid.patch new file mode 100644 index 0000000000000..7f1382bab7fda --- /dev/null +++ b/pkgs/by-name/sc/schroot/no-setuid.patch @@ -0,0 +1,12 @@ +--- a/bin/schroot/CMakeLists.txt ++++ b/bin/schroot/CMakeLists.txt +@@ -40,8 +40,7 @@ install(TARGETS schroot RUNTIME + DESTINATION ${CMAKE_INSTALL_FULL_BINDIR} + PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE + GROUP_READ GROUP_EXECUTE +- WORLD_READ WORLD_EXECUTE +- SETUID) ++ WORLD_READ WORLD_EXECUTE) + + set(installdirs + ${SCHROOT_CONF_CHROOT_D} diff --git a/pkgs/by-name/sc/schroot/package.nix b/pkgs/by-name/sc/schroot/package.nix new file mode 100644 index 0000000000000..a0e38b446bc66 --- /dev/null +++ b/pkgs/by-name/sc/schroot/package.nix @@ -0,0 +1,104 @@ +{ + lib, + stdenv, + fetchurl, + + # Runtime script dependencies + coreutils, + getent, + gnugrep, + gnused, + gnutar, + util-linux, + + # Native build inputs + cmake, + findutils, + gettext, + mandoc, + makeWrapper, + perlPackages, + + # Build inputs + boost, +}: + +let + scripts-bin-path = lib.makeBinPath [ + coreutils + getent + gnugrep + gnused + gnutar + util-linux + ]; + upstream-version = "1.6.13"; +in +stdenv.mkDerivation { + pname = "schroot"; + version = "${upstream-version}-5"; + + src = fetchurl { + url = "https://codeberg.org/shelter/reschroot/archive/release/reschroot-${upstream-version}.tar.gz"; + hash = "sha256-wF1qG7AhDUAeZSLu4sRl4LQ8bJj3EB1nH56e+Is6zPU="; + }; + + patches = map fetchurl (import ./debian-patches.nix) ++ [ + ./no-setuid.patch + ./no-pam-service.patch + ./no-default-config.patch + ./fix-absolute-paths.patch + ]; + + nativeBuildInputs = [ + cmake + findutils + gettext + mandoc + makeWrapper + perlPackages.Po4a + ]; + + buildInputs = [ + boost + ]; + + cmakeFlags = [ + (lib.cmakeFeature "CMAKE_INSTALL_LOCALSTATEDIR" "/var") + (lib.cmakeFeature "SCHROOT_SYSCONF_DIR" "/etc/schroot") + (lib.cmakeFeature "SCHROOT_CONF_SETUP_D" "${placeholder "out"}/etc/schroot/setup.d") + ]; + + postPatch = '' + # Substitute the path to the mount binary + substituteInPlace bin/schroot-mount/schroot-mount-main.cc \ + --replace-fail "/bin/mount" "${util-linux}/bin/mount" + ''; + + postFixup = '' + # Make wrappers for all shell scripts used by schroot + # The wrapped script are put into a separate directory to not be run by schroot during setup + mkdir $out/etc/schroot/setup.d.wrapped + cd $out/etc/schroot/setup.d + find * -type f | while read -r file; do + mv "$file" $out/etc/schroot/setup.d.wrapped + makeWrapper "$out/etc/schroot/setup.d.wrapped/$file" "$file" --set PATH ${scripts-bin-path} + done + + # Get rid of stuff that's (probably) not needed + rm -vrf $out/lib $out/include + ''; + + meta = { + description = "Lightweight virtualisation tool"; + longDescription = '' + Schroot is a program that allows the user to run a command or a login shell in a chroot environment. + ''; + homepage = "https://codeberg.org/shelter/reschroot"; + changelog = "https://codeberg.org/shelter/reschroot/raw/tag/release/reschroot-${upstream-version}/NEWS"; + mainProgram = "schroot"; + maintainers = with lib.maintainers; [ bjsowa ]; + license = lib.licenses.gpl3Plus; + platforms = lib.platforms.linux; + }; +} From 3275d4e3a601f03bf51f03f0eda8c804189e41aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C5=82a=C5=BCej=20Sowa?= Date: Sun, 1 Dec 2024 13:15:36 +0100 Subject: [PATCH 10/29] nixos/schroot: init module --- .../manual/release-notes/rl-2505.section.md | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/programs/schroot.nix | 137 ++++++++++++++++++ 3 files changed, 140 insertions(+) create mode 100644 nixos/modules/programs/schroot.nix diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md index 9e4781a8640a8..fb852610ac817 100644 --- a/nixos/doc/manual/release-notes/rl-2505.section.md +++ b/nixos/doc/manual/release-notes/rl-2505.section.md @@ -26,6 +26,8 @@ - [Traccar](https://www.traccar.org/), a modern GPS Tracking Platform. Available as [services.traccar](#opt-services.traccar.enable). +- [Schroot](https://codeberg.org/shelter/reschroot), a lightweight virtualisation tool. Securely enter a chroot and run a command or login shell. Available as [programs.schroot](#opt-programs.schroot.enable). + - [crab-hole](https://github.com/LuckyTurtleDev/crab-hole), a cross platform Pi-hole clone written in Rust using hickory-dns/trust-dns. Available as [services.crab-hole](#opt-services.crab-hole.enable). - [Amazon CloudWatch Agent](https://github.com/aws/amazon-cloudwatch-agent), the official telemetry collector for AWS CloudWatch and AWS X-Ray. Available as [services.amazon-cloudwatch-agent](options.html#opt-services.amazon-cloudwatch-agent.enable). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 2f0e4fe6fbcad..33fdad0f46be0 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -283,6 +283,7 @@ ./programs/rust-motd.nix ./programs/ryzen-monitor-ng.nix ./programs/screen.nix + ./programs/schroot.nix ./programs/seahorse.nix ./programs/sedutil.nix ./programs/shadow.nix diff --git a/nixos/modules/programs/schroot.nix b/nixos/modules/programs/schroot.nix new file mode 100644 index 0000000000000..bce8e4709ddb5 --- /dev/null +++ b/nixos/modules/programs/schroot.nix @@ -0,0 +1,137 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + cfg = config.programs.schroot; + iniFmt = pkgs.formats.ini { }; +in +{ + options = { + programs.schroot = { + enable = lib.mkEnableOption "schroot, a lightweight virtualisation tool"; + package = lib.mkPackageOption pkgs "schroot" { }; + + settings = lib.mkOption { + type = iniFmt.type; + default = { }; + example = { + "noble" = { + type = "directory"; + description = "Ubuntu 24.04 Noble"; + directory = "/srv/chroot/noble"; + users = "my-user"; + root-users = "my-user"; + personality = "linux"; + preserve-environment = false; + profile = "my-profile"; + shell = "/bin/bash"; + }; + }; + description = '' + Schroot configuration settings. + For more details, see {manpage}`schroot.conf(5)`. + ''; + }; + + profiles = lib.mkOption { + type = lib.types.attrsOf ( + lib.types.submodule { + options = { + copyfiles = lib.mkOption { + type = lib.types.listOf lib.types.str; + example = [ "/etc/resolv.conf" ]; + description = "A list of files to copy into the chroot from the host system."; + }; + fstab = lib.mkOption { + type = lib.types.path; + example = lib.literalExpression '' + pkgs.writeText "my-schroot-fstab" ''' + /proc /proc none rw,bind 0 0 + /sys /sys none rw,bind 0 0 + /dev /dev none rw,bind 0 0 + /dev/pts /dev/pts none rw,bind 0 0 + /home /home none rw,rbind 0 0 + /tmp /tmp none rw,bind 0 0 + /dev/shm /dev/shm none rw,bind 0 0 + /nix /nix none ro,bind 0 0 + /run/current-system /run/current-system none rw,bind 0 0 + /run/wrappers /run/wrappers none rw,bind 0 0 + ''' + ''; + description = '' + A file in the format described in {manpage}`fstab(5)`, used to mount filesystems inside the chroot. + The mount location is relative to the root of the chroot. + ''; + }; + nssdatabases = lib.mkOption { + type = lib.types.listOf lib.types.str; + example = [ + "passwd" + "shadow" + "group" + "gshadow" + "services" + "protocols" + "networks" + "hosts" + ]; + description = '' + System databases (as described in /etc/nsswitch.conf on GNU/Linux systems) to copy into the chroot from the host. + ''; + }; + }; + } + ); + default = { }; + description = "Custom configuration profiles for schroot."; + }; + }; + }; + + config = lib.mkIf cfg.enable { + environment = { + systemPackages = [ cfg.package ]; + + etc = + { + # schroot requires this directory to exist + "schroot/chroot.d/.keep".text = ""; + + "schroot/schroot.conf".source = iniFmt.generate "schroot.conf" cfg.settings; + } + // (lib.attrsets.concatMapAttrs ( + name: + { + copyfiles, + fstab, + nssdatabases, + }: + { + "schroot/${name}/copyfiles".text = (lib.strings.concatStringsSep "\n" copyfiles) + "\n"; + "schroot/${name}/fstab".source = fstab; + "schroot/${name}/nssdatabases".text = (lib.strings.concatStringsSep "\n" nssdatabases) + "\n"; + } + ) cfg.profiles); + }; + + security.wrappers.schroot = { + source = "${cfg.package}/bin/schroot"; + owner = "root"; + group = "root"; + setuid = true; + }; + + # Schroot requires these directories to exist + systemd.tmpfiles.rules = [ + "d /var/lib/schroot/session - root root - -" + "d /var/lib/schroot/unpack - root root - -" + "d /var/lib/schroot/union - root root - -" + "d /var/lib/schroot/union/overlay - root root - -" + "d /var/lib/schroot/union/underlay - root root - -" + ]; + }; +} From 20a6873b04e893d3be4dae842cebe87ab5425740 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C5=82a=C5=BCej=20Sowa?= Date: Sat, 14 Dec 2024 14:14:34 +0100 Subject: [PATCH 11/29] schroot: fix boost includes --- .../sc/schroot/fix-boost-includes.patch | 37 +++++++++++++++++++ pkgs/by-name/sc/schroot/package.nix | 1 + 2 files changed, 38 insertions(+) create mode 100644 pkgs/by-name/sc/schroot/fix-boost-includes.patch diff --git a/pkgs/by-name/sc/schroot/fix-boost-includes.patch b/pkgs/by-name/sc/schroot/fix-boost-includes.patch new file mode 100644 index 0000000000000..f07fd0c68ed3e --- /dev/null +++ b/pkgs/by-name/sc/schroot/fix-boost-includes.patch @@ -0,0 +1,37 @@ +diff --git a/sbuild/sbuild-chroot-config.cc b/sbuild/sbuild-chroot-config.cc +index 48f8edad..388e2cac 100644 +--- a/sbuild/sbuild-chroot-config.cc ++++ b/sbuild/sbuild-chroot-config.cc +@@ -32,6 +32,7 @@ + #include + + #include ++#include + + #include + #include +diff --git a/sbuild/sbuild-run-parts.cc b/sbuild/sbuild-run-parts.cc +index 23132601..48bd9d67 100644 +--- a/sbuild/sbuild-run-parts.cc ++++ b/sbuild/sbuild-run-parts.cc +@@ -30,6 +30,7 @@ + + #include + #include ++#include + + using boost::format; + using namespace sbuild; +diff --git a/sbuild/sbuild-util.cc b/sbuild/sbuild-util.cc +index b6af7e89..dde32b49 100644 +--- a/sbuild/sbuild-util.cc ++++ b/sbuild/sbuild-util.cc +@@ -35,8 +35,6 @@ + #include + #endif + +-#include +- + using namespace sbuild; + + namespace diff --git a/pkgs/by-name/sc/schroot/package.nix b/pkgs/by-name/sc/schroot/package.nix index a0e38b446bc66..ca012cc05f255 100644 --- a/pkgs/by-name/sc/schroot/package.nix +++ b/pkgs/by-name/sc/schroot/package.nix @@ -48,6 +48,7 @@ stdenv.mkDerivation { ./no-pam-service.patch ./no-default-config.patch ./fix-absolute-paths.patch + ./fix-boost-includes.patch ]; nativeBuildInputs = [ From c2f447fe520065f940e89433345e9c559c046ccf Mon Sep 17 00:00:00 2001 From: Bobby Rong Date: Thu, 19 Dec 2024 13:35:23 +0000 Subject: [PATCH 12/29] =?UTF-8?q?aisleriot:=203.22.33=20=E2=86=92=203.22.3?= =?UTF-8?q?4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://gitlab.gnome.org/GNOME/aisleriot/-/compare/3.22.33...3.22.34 --- pkgs/by-name/ai/aisleriot/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/ai/aisleriot/package.nix b/pkgs/by-name/ai/aisleriot/package.nix index 7b94a2f7f0602..edc4e0c7d69fd 100644 --- a/pkgs/by-name/ai/aisleriot/package.nix +++ b/pkgs/by-name/ai/aisleriot/package.nix @@ -19,14 +19,14 @@ stdenv.mkDerivation (finalAttrs: { pname = "aisleriot"; - version = "3.22.33"; + version = "3.22.34"; src = fetchFromGitLab { domain = "gitlab.gnome.org"; owner = "GNOME"; repo = "aisleriot"; rev = finalAttrs.version; - hash = "sha256-HylhDBgkAJrrs/r42v3aDNR8mBJaqnJHyY7T3QW1eWg="; + hash = "sha256-XaEyh1ZXBvW/4tfuQyEFzvnE2Vv7+4lTUfeXoSCMnHM="; }; nativeBuildInputs = [ From bd5b5231e1366c3b56e02e216af96a88bfddba5e Mon Sep 17 00:00:00 2001 From: Bobby Rong Date: Thu, 19 Dec 2024 13:28:53 +0000 Subject: [PATCH 13/29] =?UTF-8?q?gnome-calculator:=2047.0=20=E2=86=92=2047?= =?UTF-8?q?.1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://gitlab.gnome.org/GNOME/gnome-calculator/-/compare/47.0...47.1 --- pkgs/by-name/gn/gnome-calculator/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/gn/gnome-calculator/package.nix b/pkgs/by-name/gn/gnome-calculator/package.nix index 157ea3b2b3bfe..e9f6d8c126c1d 100644 --- a/pkgs/by-name/gn/gnome-calculator/package.nix +++ b/pkgs/by-name/gn/gnome-calculator/package.nix @@ -26,11 +26,11 @@ stdenv.mkDerivation rec { pname = "gnome-calculator"; - version = "47.0"; + version = "47.1"; src = fetchurl { url = "mirror://gnome/sources/gnome-calculator/${lib.versions.major version}/gnome-calculator-${version}.tar.xz"; - hash = "sha256-3s2yMoO12+70CVG2nq99S4DAw4gN2wGGP58PFVT4mYs="; + hash = "sha256-vp+SJ5m35+ZclzSLm35kf/4zyDG7OlHTniwWjSrcQOA="; }; nativeBuildInputs = [ From f890fead3291fd76fa60e517cae0132449162120 Mon Sep 17 00:00:00 2001 From: Bobby Rong Date: Thu, 19 Dec 2024 13:29:18 +0000 Subject: [PATCH 14/29] =?UTF-8?q?gnome-contacts:=2047.0=20=E2=86=92=2047.1?= =?UTF-8?q?.1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://gitlab.gnome.org/GNOME/gnome-contacts/-/compare/47.0...47.1.1 --- pkgs/by-name/gn/gnome-contacts/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/gn/gnome-contacts/package.nix b/pkgs/by-name/gn/gnome-contacts/package.nix index c3d05a378f42d..5d319e2c8bc96 100644 --- a/pkgs/by-name/gn/gnome-contacts/package.nix +++ b/pkgs/by-name/gn/gnome-contacts/package.nix @@ -29,11 +29,11 @@ stdenv.mkDerivation rec { pname = "gnome-contacts"; - version = "47.0"; + version = "47.1.1"; src = fetchurl { url = "mirror://gnome/sources/gnome-contacts/${lib.versions.major version}/gnome-contacts-${version}.tar.xz"; - hash = "sha256-JePG95coGIr6XwzV0L6F3EZ9EttqLZi1SvPfDctCkNA="; + hash = "sha256-R+GuRbcEGgXV4nZJ2RLiwwAlYYisRg7cukaJnGYIpHg="; }; nativeBuildInputs = [ From 1f427b5427a7d34fb61b9e9c997bd241999da3f6 Mon Sep 17 00:00:00 2001 From: Bobby Rong Date: Thu, 19 Dec 2024 13:35:51 +0000 Subject: [PATCH 15/29] =?UTF-8?q?gnome-terminal:=203.54.1=20=E2=86=92=203.?= =?UTF-8?q?54.2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://gitlab.gnome.org/GNOME/gnome-terminal/-/compare/3.54.1...3.54.2 --- pkgs/by-name/gn/gnome-terminal/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/gn/gnome-terminal/package.nix b/pkgs/by-name/gn/gnome-terminal/package.nix index d5d0c055c0594..4290300cbd1f5 100644 --- a/pkgs/by-name/gn/gnome-terminal/package.nix +++ b/pkgs/by-name/gn/gnome-terminal/package.nix @@ -30,14 +30,14 @@ stdenv.mkDerivation (finalAttrs: { pname = "gnome-terminal"; - version = "3.54.1"; + version = "3.54.2"; src = fetchFromGitLab { domain = "gitlab.gnome.org"; owner = "GNOME"; repo = "gnome-terminal"; rev = finalAttrs.version; - hash = "sha256-1Lu/qaeMUL8QvZGIxq2iuI7lfZSB+jMjkI2Jg6qULI0="; + hash = "sha256-81dOdmIwa3OmuUTciTlearqic6bFMfiX1nvoIxJCt/M="; }; nativeBuildInputs = [ From 2ed7474c5c8f38366aa105ed3f44ff6592e7a147 Mon Sep 17 00:00:00 2001 From: Bobby Rong Date: Thu, 19 Dec 2024 21:41:57 +0800 Subject: [PATCH 16/29] =?UTF-8?q?gucharmap:=2016.0.1=20=E2=86=92=2016.0.2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://gitlab.gnome.org/GNOME/gucharmap/-/compare/16.0.1...16.0.2 * Upgraded docs to docbook 4.5. --- pkgs/by-name/gu/gucharmap/package.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/by-name/gu/gucharmap/package.nix b/pkgs/by-name/gu/gucharmap/package.nix index 38e2cd6f86b11..fc1db49d5c8ca 100644 --- a/pkgs/by-name/gu/gucharmap/package.nix +++ b/pkgs/by-name/gu/gucharmap/package.nix @@ -18,7 +18,7 @@ libxml2, yelp-tools, docbook_xsl, - docbook_xml_dtd_412, + docbook_xml_dtd_45, gsettings-desktop-schemas, unzip, unicode-character-database, @@ -47,7 +47,7 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "gucharmap"; - version = "16.0.1"; + version = "16.0.2"; outputs = [ "out" @@ -61,7 +61,7 @@ stdenv.mkDerivation (finalAttrs: { owner = "GNOME"; repo = "gucharmap"; rev = finalAttrs.version; - hash = "sha256-eQ27TIggwQ2RjDQO5ytVrUT7iNtbP5HOwMcpzweMW8A="; + hash = "sha256-UaXgQIhAoI27iYWgZuZeO7Lv6J9pj06HPp0SZs/5abM="; }; strictDeps = true; @@ -77,7 +77,7 @@ stdenv.mkDerivation (finalAttrs: { itstool gtk-doc docbook_xsl - docbook_xml_dtd_412 + docbook_xml_dtd_45 yelp-tools libxml2 desktop-file-utils From a24b92a9b3457f08feead82d138750487817accb Mon Sep 17 00:00:00 2001 From: Bobby Rong Date: Thu, 19 Dec 2024 13:32:12 +0000 Subject: [PATCH 17/29] =?UTF-8?q?localsearch:=203.8.1=20=E2=86=92=203.8.2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://gitlab.gnome.org/GNOME/localsearch/-/compare/3.8.1...3.8.2 --- pkgs/by-name/lo/localsearch/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/lo/localsearch/package.nix b/pkgs/by-name/lo/localsearch/package.nix index e00828be0865a..9533e51e006ed 100644 --- a/pkgs/by-name/lo/localsearch/package.nix +++ b/pkgs/by-name/lo/localsearch/package.nix @@ -50,11 +50,11 @@ stdenv.mkDerivation (finalAttrs: { pname = "localsearch"; - version = "3.8.1"; + version = "3.8.2"; src = fetchurl { url = "mirror://gnome/sources/localsearch/${lib.versions.majorMinor finalAttrs.version}/localsearch-${finalAttrs.version}.tar.xz"; - hash = "sha256-p7JKTweAXfdUOk3QI2hPzeXuaZygDrWwkSOgSdOuzNg="; + hash = "sha256-zaaRlfaEU1eo2RwCNnDv6SI49NE4oe96FAH0WiqEA84="; }; patches = [ From d8285f30f2174ca32e2418841f5725f4e785e49d Mon Sep 17 00:00:00 2001 From: Bobby Rong Date: Thu, 19 Dec 2024 13:32:20 +0000 Subject: [PATCH 18/29] =?UTF-8?q?nautilus:=2047.0=20=E2=86=92=2047.1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://gitlab.gnome.org/GNOME/nautilus/-/compare/47.0...47.1 --- pkgs/by-name/na/nautilus/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/na/nautilus/package.nix b/pkgs/by-name/na/nautilus/package.nix index 7052389a496fe..3a1f30dfb9099 100644 --- a/pkgs/by-name/na/nautilus/package.nix +++ b/pkgs/by-name/na/nautilus/package.nix @@ -40,7 +40,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "nautilus"; - version = "47.0"; + version = "47.1"; outputs = [ "out" @@ -50,7 +50,7 @@ stdenv.mkDerivation (finalAttrs: { src = fetchurl { url = "mirror://gnome/sources/nautilus/${lib.versions.major finalAttrs.version}/nautilus-${finalAttrs.version}.tar.xz"; - hash = "sha256-M0Jkzdntv9le57yq/kQuvtMazKPy2bkPPtow6s/QOHo="; + hash = "sha256-FUUOvHqmHtL65jEwr567uuFM5walR/WUxmu4zKck10w="; }; patches = [ From 6c2e8251ab1324b712de3c9cfdb86277cdc5d8d7 Mon Sep 17 00:00:00 2001 From: Ivan Mincik Date: Fri, 20 Dec 2024 14:12:41 +0100 Subject: [PATCH 19/29] qgis: 3.40.1 -> 3.40.2 --- pkgs/applications/gis/qgis/unwrapped.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/gis/qgis/unwrapped.nix b/pkgs/applications/gis/qgis/unwrapped.nix index 4ca9f16c819d1..50b8edba1ce1c 100644 --- a/pkgs/applications/gis/qgis/unwrapped.nix +++ b/pkgs/applications/gis/qgis/unwrapped.nix @@ -80,14 +80,14 @@ let urllib3 ]; in mkDerivation rec { - version = "3.40.1"; + version = "3.40.2"; pname = "qgis-unwrapped"; src = fetchFromGitHub { owner = "qgis"; repo = "QGIS"; rev = "final-${lib.replaceStrings [ "." ] [ "_" ] version}"; - hash = "sha256-C86RwyeIZrflC5F2VQCw1LwF9VM4/OBEsLbGPiWKeco="; + hash = "sha256-8bcCpNgw4FV++qye8G3QXA3k0QCgqByODzPUTw0VX/E="; }; passthru = { From 812e37f5ae2e475d6992223b6b087ebaa83ae5a8 Mon Sep 17 00:00:00 2001 From: Ivan Mincik Date: Fri, 20 Dec 2024 14:18:33 +0100 Subject: [PATCH 20/29] qgis-ltr: 3.34.13 -> 3.34.14 --- pkgs/applications/gis/qgis/unwrapped-ltr.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/gis/qgis/unwrapped-ltr.nix b/pkgs/applications/gis/qgis/unwrapped-ltr.nix index 38fff9745c023..d0490702c2e34 100644 --- a/pkgs/applications/gis/qgis/unwrapped-ltr.nix +++ b/pkgs/applications/gis/qgis/unwrapped-ltr.nix @@ -82,14 +82,14 @@ let ]; in mkDerivation rec { - version = "3.34.13"; + version = "3.34.14"; pname = "qgis-ltr-unwrapped"; src = fetchFromGitHub { owner = "qgis"; repo = "QGIS"; rev = "final-${lib.replaceStrings [ "." ] [ "_" ] version}"; - hash = "sha256-eNncDIRfFYFxyc5a2tZijmVpx/LNm/roak84guFvldg="; + hash = "sha256-4nptnzAvLOC8R1sqfdHJ4YYtotwcOARbu9fe4YKwIVM="; }; passthru = { From 19ce742397713d4a7c5e9b0d1b0ec1349e996233 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 20 Dec 2024 18:18:51 +0000 Subject: [PATCH 21/29] lazyjournal: 0.4.0 -> 0.5.0 --- pkgs/by-name/la/lazyjournal/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/la/lazyjournal/package.nix b/pkgs/by-name/la/lazyjournal/package.nix index 6abbef38687b8..01d1be4524297 100644 --- a/pkgs/by-name/la/lazyjournal/package.nix +++ b/pkgs/by-name/la/lazyjournal/package.nix @@ -5,7 +5,7 @@ nix-update-script, }: let - version = "0.4.0"; + version = "0.5.0"; in buildGoModule { pname = "lazyjournal"; @@ -15,7 +15,7 @@ buildGoModule { owner = "Lifailon"; repo = "lazyjournal"; tag = version; - hash = "sha256-Ce5xodkWgMMRRqsKLZNt0cNspsUFXTHQHXmQbphOS2w="; + hash = "sha256-fqlHeqK861QWpT1KhZrn2nZhXcnpAYe/THNOWyrFxcs="; }; vendorHash = "sha256-jh99+zlhr4ogig4Z2FFO6SZ2qTBkOUuiXo5iNk0VTi0="; From 792c4b5677e8ce0f3a2c15b778b5447c31012682 Mon Sep 17 00:00:00 2001 From: Tom Bereknyei Date: Fri, 20 Dec 2024 20:29:37 -0500 Subject: [PATCH 22/29] nextjs-ollama-llm-ui: add env var control over cache dir --- pkgs/by-name/ne/nextjs-ollama-llm-ui/package.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/by-name/ne/nextjs-ollama-llm-ui/package.nix b/pkgs/by-name/ne/nextjs-ollama-llm-ui/package.nix index 866f9b5babfed..b54d9c6a157b9 100644 --- a/pkgs/by-name/ne/nextjs-ollama-llm-ui/package.nix +++ b/pkgs/by-name/ne/nextjs-ollama-llm-ui/package.nix @@ -66,6 +66,9 @@ buildNpmPackage { # https://github.com/vercel/next.js/discussions/58864 ln -s /var/cache/nextjs-ollama-llm-ui $out/share/homepage/.next/cache + # also provide a environment variable to override the cache directory + substituteInPlace $out/share/homepage/node_modules/next/dist/server/image-optimizer.js \ + --replace '_path.join)(distDir,' '_path.join)(process.env["NEXT_CACHE_DIR"] || distDir,' chmod +x $out/share/homepage/server.js From c339f5b090b4e3e1a20bce0c70c8205ad1071c3e Mon Sep 17 00:00:00 2001 From: aucub <78630225+aucub@users.noreply.github.com> Date: Sat, 21 Dec 2024 21:01:57 +0800 Subject: [PATCH 23/29] limo: 1.0.9 -> 1.0.10 --- pkgs/by-name/li/limo/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/li/limo/package.nix b/pkgs/by-name/li/limo/package.nix index ffbd797009335..5d5eb7d50bf12 100644 --- a/pkgs/by-name/li/limo/package.nix +++ b/pkgs/by-name/li/limo/package.nix @@ -20,13 +20,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "limo"; - version = "1.0.9"; + version = "1.0.10"; src = fetchFromGitHub { owner = "limo-app"; repo = "limo"; - rev = "refs/tags/v${finalAttrs.version}"; - hash = "sha256-ytSlR6JhR7qYT/jCbTthHWc+YOX4AbJs9a4GRdgHj5c="; + tag = "v${finalAttrs.version}"; + hash = "sha256-NSlZRFkLq3Ks6h4imDcouyiouKYeY7AK1U6a4CXaaA0="; }; patches = lib.optionals (!withUnrar) [ From eac567d371ca82ecf849c23766bb89b9cc9a64ec Mon Sep 17 00:00:00 2001 From: Shawn8901 Date: Sat, 21 Dec 2024 18:00:18 +0100 Subject: [PATCH 24/29] linux_xanmod: 6.6.66 -> 6.6.67 --- pkgs/os-specific/linux/kernel/xanmod-kernels.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/xanmod-kernels.nix b/pkgs/os-specific/linux/kernel/xanmod-kernels.nix index ca0a21f0546d1..94536637afc63 100644 --- a/pkgs/os-specific/linux/kernel/xanmod-kernels.nix +++ b/pkgs/os-specific/linux/kernel/xanmod-kernels.nix @@ -14,8 +14,8 @@ let # kernel config in the xanmod version commit variants = { lts = { - version = "6.6.66"; - hash = "sha256-ZZrU1yzji7jAC76Eh/uoRQBcnb6cMWTqYlt9RQB8L3M="; + version = "6.6.67"; + hash = "sha256-ePZAs+TWroyDSKx+ubZeNRr/lA8zuqp3m0Cs5yE18JE="; }; main = { version = "6.12.5"; From e94db5feff365f6f24302a72c053febe5e5e430c Mon Sep 17 00:00:00 2001 From: Shawn8901 Date: Sat, 21 Dec 2024 18:03:18 +0100 Subject: [PATCH 25/29] linux_xanmod_latest: 6.12.5 -> 6.12.6 --- pkgs/os-specific/linux/kernel/xanmod-kernels.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/xanmod-kernels.nix b/pkgs/os-specific/linux/kernel/xanmod-kernels.nix index 94536637afc63..19568acab7861 100644 --- a/pkgs/os-specific/linux/kernel/xanmod-kernels.nix +++ b/pkgs/os-specific/linux/kernel/xanmod-kernels.nix @@ -18,8 +18,8 @@ let hash = "sha256-ePZAs+TWroyDSKx+ubZeNRr/lA8zuqp3m0Cs5yE18JE="; }; main = { - version = "6.12.5"; - hash = "sha256-zawR9RMN/ATCiEbqlLOII0uvlHM6lZFlJ8fGjITYLPA="; + version = "6.12.6"; + hash = "sha256-Pao4tS3SjllOkRrH+k/+9JqLIEOrNqJTFlHZ4cp2OF8="; }; }; From b80bab4b7dcf3892816966f72121dbc4db40daf4 Mon Sep 17 00:00:00 2001 From: Cole Mickens Date: Mon, 2 Sep 2024 21:44:09 -0500 Subject: [PATCH 26/29] apftool-rs: init at 0-unstable-2024-01-05 --- pkgs/by-name/ap/apftool-rs/package.nix | 28 ++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 pkgs/by-name/ap/apftool-rs/package.nix diff --git a/pkgs/by-name/ap/apftool-rs/package.nix b/pkgs/by-name/ap/apftool-rs/package.nix new file mode 100644 index 0000000000000..101b0e09ab1f5 --- /dev/null +++ b/pkgs/by-name/ap/apftool-rs/package.nix @@ -0,0 +1,28 @@ +{ + lib, + fetchFromGitHub, + rustPlatform, +}: + +rustPlatform.buildRustPackage rec { + pname = "apftool-rs"; + version = "0-unstable-2024-01-05"; + + src = fetchFromGitHub { + owner = "suyulin"; + repo = "apftool-rs"; + rev = "92d8a1b88cb79a53f9e4a70fecee481710d3565b"; + hash = "sha256-0+eKxaLKZBRLdydXxUbifFfFncAbthUn7AB8QieWaXM="; + }; + + cargoHash = "sha256-6lYokd0jwpBWCQ+AbN6ptZYXGcy41GHPbnTELUjPbyA="; + + meta = { + description = "About Tools for Rockchip image unpack tool"; + mainProgram = "apftool-rs"; + homepage = "https://github.com/suyulin/apftool-rs"; + license = lib.licenses.asl20; + maintainers = with lib.maintainers; [ colemickens ]; + platforms = lib.platforms.linux; + }; +} From 90f70a1a48ed1805967f84256d3b16ddfbfd072b Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sun, 22 Dec 2024 12:30:45 +0000 Subject: [PATCH 27/29] abracadabra: 2.7.1 -> 2.8.0 --- pkgs/by-name/ab/abracadabra/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/ab/abracadabra/package.nix b/pkgs/by-name/ab/abracadabra/package.nix index c1bc7395b4d97..c5d1d649fdb60 100644 --- a/pkgs/by-name/ab/abracadabra/package.nix +++ b/pkgs/by-name/ab/abracadabra/package.nix @@ -15,13 +15,13 @@ stdenv.mkDerivation rec { pname = "abracadabra"; - version = "2.7.1"; + version = "2.8.0"; src = fetchFromGitHub { owner = "KejPi"; repo = "AbracaDABra"; rev = "v${version}"; - hash = "sha256-d9DNgpvAZUova0ef6Ge4L/hRjLpY/UkDBawU2UAuSGI="; + hash = "sha256-bzRXGxSWoiBqvx8r2coNVPQKilOAKFoqBcB4F0uAV8g="; }; nativeBuildInputs = [ From e38f49aa84f6637bbd9928db07c2478bf61dce9e Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sun, 22 Dec 2024 23:53:51 +0000 Subject: [PATCH 28/29] redpanda-client: 24.2.13 -> 24.2.14 --- pkgs/by-name/re/redpanda-client/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/re/redpanda-client/package.nix b/pkgs/by-name/re/redpanda-client/package.nix index 232a6839bb44d..d79bc50320f3b 100644 --- a/pkgs/by-name/re/redpanda-client/package.nix +++ b/pkgs/by-name/re/redpanda-client/package.nix @@ -7,12 +7,12 @@ stdenv, }: let - version = "24.2.13"; + version = "24.2.14"; src = fetchFromGitHub { owner = "redpanda-data"; repo = "redpanda"; rev = "v${version}"; - sha256 = "sha256-kRiOzu9dQjUot7tZfZ3Qm69NrlFAlty0Ix0N9+/5k+A="; + sha256 = "sha256-FDzHREeld794HkLtkgIjMd2mNSvz1XV5mwvbx0sHz3o="; }; in buildGoModule rec { From abd256e12b2ed5ea4ae515806dd0fceda0dee8d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 11:05:01 +0000 Subject: [PATCH 29/29] build(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.4.3 to 4.5.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882...6f51ac03b9356f520e9adb1b1b7802705f340c2b) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/eval.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/eval.yml b/.github/workflows/eval.yml index 34f4d07d47cf9..06cff2b878d3e 100644 --- a/.github/workflows/eval.yml +++ b/.github/workflows/eval.yml @@ -53,7 +53,7 @@ jobs: echo "systems=$(> "$GITHUB_OUTPUT" - name: Upload the list of all attributes - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: paths path: result/* @@ -111,7 +111,7 @@ jobs: # If it uses too much memory, slightly decrease chunkSize - name: Upload the output paths and eval stats - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: intermediate-${{ matrix.system }} path: result/* @@ -145,7 +145,7 @@ jobs: -o prResult - name: Upload the combined results - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: result path: prResult/* @@ -203,7 +203,7 @@ jobs: - name: Upload the combined results if: steps.baseRunId.outputs.baseRunId - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: comparison path: comparison/*