Browse Source

Merge branch 'master' into staging-next

Fixes eval on darwin after #69072

Resolved conflict in pkgs/tools/security/thc-hydra/default.nix
Basically had to revert a1c0e10564 which
adapts #69210 to master that doesn't yet have
329a88efa7

Tested using maintainers/scripts/eval-release.sh before and after to see
that the fix works
trojita
Dmitry Kalinkin 3 years ago
parent
commit
c455adcc42
No known key found for this signature in database
GPG Key ID: 5157B3EC8B2CA333
  1. 16
      maintainers/maintainer-list.nix
  2. 13
      maintainers/scripts/nix-generate-from-cpan.pl
  3. 37
      nixos/doc/manual/installation/installing-nspawn-container.xml
  4. 3
      nixos/doc/manual/installation/installing.xml
  5. 29
      nixos/doc/manual/release-notes/rl-1909.xml
  6. 3
      nixos/modules/installer/tools/nixos-install.sh
  7. 1
      nixos/modules/module-list.nix
  8. 2
      nixos/modules/rename.nix
  9. 10
      nixos/modules/services/amqp/rabbitmq.nix
  10. 46
      nixos/modules/services/hardware/fancontrol.nix
  11. 10
      nixos/modules/services/misc/gitlab.nix
  12. 1
      nixos/modules/services/misc/home-assistant.nix
  13. 39
      nixos/modules/services/misc/pykms.nix
  14. 1
      nixos/modules/services/monitoring/zabbix-server.nix
  15. 7
      nixos/modules/system/activation/activation-script.nix
  16. 2
      nixos/modules/tasks/network-interfaces-systemd.nix
  17. 2
      nixos/modules/virtualisation/container-config.nix
  18. 1
      nixos/tests/all-tests.nix
  19. 52
      nixos/tests/systemd-machinectl.nix
  20. 13
      pkgs/applications/audio/paulstretch/default.nix
  21. 4
      pkgs/applications/audio/picard/default.nix
  22. 4
      pkgs/applications/editors/jetbrains/default.nix
  23. 64
      pkgs/applications/graphics/djview/default.nix
  24. 4
      pkgs/applications/misc/dbeaver/default.nix
  25. 87
      pkgs/applications/misc/ipmiview/default.nix
  26. 25
      pkgs/applications/misc/pastel/default.nix
  27. 4
      pkgs/applications/networking/browsers/vivaldi/default.nix
  28. 6
      pkgs/applications/networking/cluster/kops/default.nix
  29. 2
      pkgs/applications/networking/instant-messengers/gajim/default.nix
  30. 8
      pkgs/applications/networking/instant-messengers/teamspeak/client.nix
  31. 35
      pkgs/applications/networking/mailreaders/trojita/default.nix
  32. 2
      pkgs/applications/science/logic/tamarin-prover/default.nix
  33. 23
      pkgs/applications/video/shotcut/default.nix
  34. 3
      pkgs/applications/virtualization/virtualbox/default.nix
  35. 21
      pkgs/applications/virtualization/virtualbox/guest-additions/default.nix
  36. 72
      pkgs/applications/virtualization/virtualbox/kernel-5.3-fix.patch
  37. 123
      pkgs/data/fonts/iosevka/default.nix
  38. 6
      pkgs/data/fonts/iosevka/generate.sh
  39. 4257
      pkgs/data/fonts/iosevka/node-packages-generated.nix
  40. 20
      pkgs/data/fonts/iosevka/node-packages.json
  41. 17
      pkgs/data/fonts/iosevka/node-packages.nix
  42. 26
      pkgs/data/fonts/iosevka/package.json
  43. 2
      pkgs/development/androidndk-pkgs/androidndk-pkgs.nix
  44. 6
      pkgs/development/compilers/manticore/default.nix
  45. 2
      pkgs/development/compilers/terra/default.nix
  46. 1
      pkgs/development/haskell-modules/configuration-common.nix
  47. 3
      pkgs/development/haskell-modules/configuration-ghc-8.6.x.nix
  48. 63
      pkgs/development/haskell-modules/configuration-ghc-8.8.x.nix
  49. 52
      pkgs/development/haskell-modules/configuration-hackage2nix.yaml
  50. 4
      pkgs/development/haskell-modules/configuration-nix.nix
  51. 1513
      pkgs/development/haskell-modules/hackage-packages.nix
  52. 2
      pkgs/development/idris-modules/default.nix
  53. 25
      pkgs/development/idris-modules/heyting-algebra.nix
  54. 2
      pkgs/development/libraries/gmp/6.x.nix
  55. 8
      pkgs/development/libraries/vtk/default.nix
  56. 1
      pkgs/development/node-packages/node-packages-v10.json
  57. 803
      pkgs/development/node-packages/node-packages-v10.nix
  58. 54
      pkgs/development/ocaml-modules/containers/default.nix
  59. 16
      pkgs/development/ocaml-modules/iter/default.nix
  60. 14
      pkgs/development/ocaml-modules/mdx/default.nix
  61. 10
      pkgs/development/ocaml-modules/printbox/default.nix
  62. 3
      pkgs/development/python-modules/astropy/default.nix
  63. 13
      pkgs/development/python-modules/cairosvg/default.nix
  64. 20
      pkgs/development/python-modules/dict2xml/default.nix
  65. 59
      pkgs/development/python-modules/dotnetcore2/default.nix
  66. 19
      pkgs/development/python-modules/dotnetcore2/runtime.patch
  67. 24
      pkgs/development/python-modules/impacket/default.nix
  68. 4
      pkgs/development/python-modules/pycountry/default.nix
  69. 14
      pkgs/development/python-modules/pycurl2/default.nix
  70. 2
      pkgs/development/python-modules/qiskit/default.nix
  71. 12
      pkgs/development/python-modules/weasyprint/default.nix
  72. 15
      pkgs/development/python-modules/xml2rfc/default.nix
  73. 4
      pkgs/development/tools/build-managers/apache-maven/default.nix
  74. 8
      pkgs/development/tools/continuous-integration/gitlab-runner/default.nix
  75. 6
      pkgs/development/tools/ocaml/camlp5/default.nix
  76. 22
      pkgs/development/tools/ocaml/ocamlformat/default.nix
  77. 8
      pkgs/games/dxx-rebirth/default.nix
  78. 6
      pkgs/misc/gnuk/default.nix
  79. 11
      pkgs/misc/vim-plugins/generated.nix
  80. 1
      pkgs/misc/vim-plugins/vim-plugin-names
  81. 37
      pkgs/os-specific/linux/hyperv-daemons/default.nix
  82. 4
      pkgs/os-specific/linux/jool/source.nix
  83. 4
      pkgs/os-specific/linux/ply/default.nix
  84. 4
      pkgs/os-specific/linux/r8168/default.nix
  85. 4
      pkgs/servers/dns/knot-dns/default.nix
  86. 37
      pkgs/servers/home-assistant/component-packages.nix
  87. 2
      pkgs/servers/home-assistant/default.nix
  88. 4
      pkgs/servers/home-assistant/parse-requirements.py
  89. 22
      pkgs/servers/monitoring/plugins/openvpn.nix
  90. 77
      pkgs/servers/monitoring/plugins/wmiplus/default.nix
  91. 40
      pkgs/servers/monitoring/plugins/wmiplus/wmiplus_fix_manpage.patch
  92. 6
      pkgs/servers/monitoring/prometheus/wireguard-exporter.nix
  93. 1
      pkgs/tools/filesystems/xtreemfs/default.nix
  94. 6
      pkgs/tools/misc/goaccess/default.nix
  95. 4
      pkgs/tools/misc/graylog/default.nix
  96. 4
      pkgs/tools/misc/graylog/plugins.nix
  97. 8
      pkgs/tools/networking/grpcui/default.nix
  98. 25
      pkgs/tools/networking/py-wmi-client/default.nix
  99. 54
      pkgs/tools/networking/pykms/default.nix
  100. 6
      pkgs/tools/package-management/home-manager/default.nix
  101. Some files were not shown because too many files have changed in this diff Show More

16
maintainers/maintainer-list.nix

@ -1480,6 +1480,16 @@
github = "davidrusu";
name = "David Rusu";
};
davidtwco = {
email = "nix@david.davidtw.co";
github = "davidtwco";
githubId = 1295100;
name = "David Wood";
keys = [{
longkeyid = "rsa4096/0x01760B4F9F53F154";
fingerprint = "5B08 313C 6853 E5BF FA91 A817 0176 0B4F 9F53 F154";
}];
};
davorb = {
email = "davor@davor.se";
github = "davorb";
@ -5370,6 +5380,12 @@
github = "rickynils";
name = "Rickard Nilsson";
};
rileyinman = {
email = "rileyminman@gmail.com";
github = "rileyinman";
githubId = 37246692;
name = "Riley Inman";
};
ris = {
email = "code@humanleg.org.uk";
github = "risicle";

13
maintainers/scripts/nix-generate-from-cpan.pl

@ -226,7 +226,7 @@ sub pkg_to_attr {
sub get_pkg_name {
my ($module) = @_;
return $module->package_name . '-' . $module->package_version;
return ( $module->package_name, $module->package_version =~ s/^v(\d)/$1/r );
}
sub read_meta {
@ -375,13 +375,13 @@ die "module $module_name not found\n" if scalar @modules == 0;
die "multiple packages that match module $module_name\n" if scalar @modules > 1;
my $module = $modules[0];
my $pkg_name = get_pkg_name $module;
my ($pkg_name, $pkg_version) = get_pkg_name $module;
my $attr_name = pkg_to_attr $module;
INFO( "attribute name: ", $attr_name );
INFO( "module: ", $module->module );
INFO( "version: ", $module->version );
INFO( "package: ", $module->package, " (", $pkg_name, ", ", $attr_name, ")" );
INFO( "package: ", $module->package, " (", "$pkg_name-$pkg_version", ", ", $attr_name, ")" );
INFO( "path: ", $module->path );
my $tar_path = $module->fetch();
@ -436,10 +436,11 @@ my $build_fun = -e "$pkg_path/Build.PL"
print STDERR "===\n";
print <<EOF;
${\(is_reserved($attr_name) ? "\"$attr_name\"" : $attr_name)} = $build_fun rec {
name = "$pkg_name";
${\(is_reserved($attr_name) ? "\"$attr_name\"" : $attr_name)} = $build_fun {
pname = "$pkg_name";
version = "$pkg_version";
src = fetchurl {
url = "mirror://cpan/${\$module->path}/\${name}.${\$module->package_extension}";
url = "mirror://cpan/${\$module->path}/${\$module->package}";
sha256 = "${\$module->status->checksum_value}";
};
EOF

37
nixos/doc/manual/installation/installing-nspawn-container.xml

@ -0,0 +1,37 @@
<section xmlns="http://docbook.org/ns/docbook"
version="5.0"
xml:id="sec-installing-nspawn-container">
<title>Installing into a nspawn container</title>
<para>
For installing a NixOS into a systemd nspawn container the NixOS installation tools are needed.
If you run another distribution than NixOS on your host,
please follow <xref linkend="sec-installing-from-other-distro"/> steps 1, 2, and 3.
</para>
<para>
Create a NixOS configuration file <filename>/var/lib/machines/my-container/etc/nixos/configuration.nix</filename>.
It is important that the container root file system is under <filename>/var/lib/machines</filename>.
This is the standard location where <command>machinectl</command> will look for containers.
If you choose place the root into another location you need to start the container directly with <command>systemd-nspawn</command>.
The file needs to have at least following options enabled:
<programlisting>
<xref linkend="opt-boot.isContainer"/> = true;
<xref linkend="opt-boot.loader.initScript.enable"/> = true;
</programlisting>
If your host uses <command>systemd-networkd</command> to configure the network,
you can also enable <xref linkend="opt-networking.useNetworkd"/> to use networkd default network configuration for your host and container.
</para>
<para>
Install the container by running following command:
<screen>nixos-install --root /var/lib/machines/my-container \
--no-channel-copy --no-root-passwd --no-bootloader</screen>
</para>
<para>
Start the container by running following command:
<screen>machinectl start my-container</screen>
</para>
</section>

3
nixos/doc/manual/installation/installing.xml

@ -563,5 +563,8 @@ Retype new UNIX password: ***</screen>
<xi:include href="installing-from-other-distro.xml" />
<xi:include href="installing-behind-a-proxy.xml" />
<xi:include href="installing-nspawn-container.xml" />
</section>
</chapter>

29
nixos/doc/manual/release-notes/rl-1909.xml

@ -484,6 +484,35 @@
(<literal>citrix_workspace</literal>).
</para>
</listitem>
<listitem>
<para>
The <literal>services.gitlab</literal> module has had its literal secret options (<option>services.gitlab.smtp.password</option>,
<option>services.gitlab.databasePassword</option>,
<option>services.gitlab.initialRootPassword</option>,
<option>services.gitlab.secrets.secret</option>,
<option>services.gitlab.secrets.db</option>,
<option>services.gitlab.secrets.otp</option> and
<option>services.gitlab.secrets.jws</option>) replaced by file-based versions (<option>services.gitlab.smtp.passwordFile</option>,
<option>services.gitlab.databasePasswordFile</option>,
<option>services.gitlab.initialRootPasswordFile</option>,
<option>services.gitlab.secrets.secretFile</option>,
<option>services.gitlab.secrets.dbFile</option>,
<option>services.gitlab.secrets.otpFile</option> and
<option>services.gitlab.secrets.jwsFile</option>). This was done so that secrets aren't stored
in the world-readable nix store, but means that for each option you'll have to create a file with
the same exact string, add "File" to the end of the option name, and change the definition to a
string pointing to the corresponding file; e.g. <literal>services.gitlab.databasePassword = "supersecurepassword"</literal>
becomes <literal>services.gitlab.databasePasswordFile = "/path/to/secret_file"</literal> where the
file <literal>secret_file</literal> contains the string <literal>supersecurepassword</literal>.
</para>
<para>
The state path (<option>services.gitlab.statePath</option>) now has the following restriction:
no parent directory can be owned by any other user than <literal>root</literal> or the user
specified in <option>services.gitlab.user</option>; i.e. if <option>services.gitlab.statePath</option>
is set to <literal>/var/lib/gitlab/state</literal>, <literal>gitlab</literal> and all parent directories
must be owned by either <literal>root</literal> or the user specified in <option>services.gitlab.user</option>.
</para>
</listitem>
</itemizedlist>
</section>

3
nixos/modules/installer/tools/nixos-install.sh

@ -132,8 +132,9 @@ if [[ -z $noBootLoader ]]; then
echo "installing the boot loader..."
# Grub needs an mtab.
ln -sfn /proc/mounts $mountPoint/etc/mtab
NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "$mountPoint" -- /run/current-system/bin/switch-to-configuration boot
export NIXOS_INSTALL_BOOTLOADER=1
fi
nixos-enter --root "$mountPoint" -- /run/current-system/bin/switch-to-configuration boot
# Ask the user to set a root password, but only if the passwd command
# exists (i.e. when mutable user accounts are enabled).

1
nixos/modules/module-list.nix

@ -328,6 +328,7 @@
./services/hardware/bluetooth.nix
./services/hardware/bolt.nix
./services/hardware/brltty.nix
./services/hardware/fancontrol.nix
./services/hardware/freefall.nix
./services/hardware/fwupd.nix
./services/hardware/illum.nix

2
nixos/modules/rename.nix

@ -66,6 +66,8 @@ with lib;
(mkRenamedOptionModule [ "services" "clamav" "updater" "config" ] [ "services" "clamav" "updater" "extraConfig" ])
(mkRemovedOptionModule [ "services" "pykms" "verbose" ] "Use services.pykms.logLevel instead")
(mkRemovedOptionModule [ "security" "setuidOwners" ] "Use security.wrappers instead")
(mkRemovedOptionModule [ "security" "setuidPrograms" ] "Use security.wrappers instead")

10
nixos/modules/services/amqp/rabbitmq.nix

@ -80,12 +80,10 @@ in {
configItems = mkOption {
default = {};
type = types.attrsOf types.str;
example = ''
{
"auth_backends.1.authn" = "rabbit_auth_backend_ldap";
"auth_backends.1.authz" = "rabbit_auth_backend_internal";
}
'';
example = {
"auth_backends.1.authn" = "rabbit_auth_backend_ldap";
"auth_backends.1.authz" = "rabbit_auth_backend_internal";
};
description = ''
Configuration options in RabbitMQ's new config file format,
which is a simple key-value format that can not express nested

46
nixos/modules/services/hardware/fancontrol.nix

@ -0,0 +1,46 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.hardware.fancontrol;
configFile = pkgs.writeText "fan.conf" cfg.config;
in {
options.hardware.fancontrol = {
enable = mkEnableOption "fancontrol (requires fancontrol.config)";
config = mkOption {
type = types.lines;
default = null;
example = ''
# Configuration file generated by pwmconfig
INTERVAL=1
DEVPATH=hwmon0=devices/platform/nct6775.656 hwmon1=devices/pci0000:00/0000:00:18.3
DEVNAME=hwmon0=nct6779 hwmon1=k10temp
FCTEMPS=hwmon0/pwm2=hwmon1/temp1_input
FCFANS=hwmon0/pwm2=hwmon0/fan2_input
MINTEMP=hwmon0/pwm2=25
MAXTEMP=hwmon0/pwm2=60
MINSTART=hwmon0/pwm2=25
MINSTOP=hwmon0/pwm2=10
MINPWM=hwmon0/pwm2=0
MAXPWM=hwmon0/pwm2=255
'';
description = "Contents for configuration file. See <citerefentry><refentrytitle>pwmconfig</refentrytitle><manvolnum>8</manvolnum></citerefentry>.";
};
};
config = mkIf cfg.enable {
systemd.services.fancontrol = {
description = "Fan speed control from lm_sensors";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.lm_sensors}/bin/fancontrol ${configFile}";
};
};
};
}

10
nixos/modules/services/misc/gitlab.nix

@ -223,7 +223,15 @@ in {
statePath = mkOption {
type = types.str;
default = "/var/gitlab/state";
description = "Gitlab state directory, logs are stored here.";
description = ''
Gitlab state directory. Configuration, repositories and
logs, among other things, are stored here.
The directory will be created automatically if it doesn't
exist already. Its parent directories must be owned by
either <literal>root</literal> or the user set in
<option>services.gitlab.user</option>.
'';
};
backupPath = mkOption {

1
nixos/modules/services/misc/home-assistant.nix

@ -224,6 +224,7 @@ in {
KillSignal = "SIGINT";
PrivateTmp = true;
RemoveIPC = true;
AmbientCapabilities = "cap_net_raw,cap_net_admin+eip";
};
path = [
"/run/wrappers" # needed for ping

39
nixos/modules/services/misc/pykms.nix

@ -4,6 +4,7 @@ with lib;
let
cfg = config.services.pykms;
libDir = "/var/lib/pykms";
in {
meta.maintainers = with lib.maintainers; [ peterhoeg ];
@ -28,12 +29,6 @@ in {
description = "The port on which to listen.";
};
verbose = mkOption {
type = types.bool;
default = false;
description = "Show verbose output.";
};
openFirewallPort = mkOption {
type = types.bool;
default = false;
@ -45,30 +40,44 @@ in {
default = "64M";
description = "How much memory to use at most.";
};
logLevel = mkOption {
type = types.enum [ "CRITICAL" "ERROR" "WARNING" "INFO" "DEBUG" "MINI" ];
default = "INFO";
description = "How much to log";
};
extraArgs = mkOption {
type = types.listOf types.str;
default = [];
description = "Additional arguments";
};
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewallPort [ cfg.port ];
systemd.services.pykms = let
home = "/var/lib/pykms";
in {
systemd.services.pykms = {
description = "Python KMS";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
# python programs with DynamicUser = true require HOME to be set
environment.HOME = home;
environment.HOME = libDir;
serviceConfig = with pkgs; {
DynamicUser = true;
StateDirectory = baseNameOf home;
ExecStartPre = "${getBin pykms}/bin/create_pykms_db.sh ${home}/clients.db";
StateDirectory = baseNameOf libDir;
ExecStartPre = "${getBin pykms}/libexec/create_pykms_db.sh ${libDir}/clients.db";
ExecStart = lib.concatStringsSep " " ([
"${getBin pykms}/bin/server.py"
"${getBin pykms}/bin/server"
"--logfile STDOUT"
"--loglevel ${cfg.logLevel}"
] ++ cfg.extraArgs ++ [
cfg.listenAddress
(toString cfg.port)
] ++ lib.optional cfg.verbose "--verbose");
WorkingDirectory = home;
]);
ProtectHome = "tmpfs";
WorkingDirectory = libDir;
Restart = "on-failure";
MemoryLimit = cfg.memoryLimit;
};

1
nixos/modules/services/monitoring/zabbix-server.nix

@ -30,6 +30,7 @@ let
DBUser = ${cfg.database.user}
${optionalString (cfg.database.passwordFile != null) "Include ${passwordFile}"}
${optionalString (mysqlLocal && cfg.database.socket != null) "DBSocket = ${cfg.database.socket}"}
PidFile = ${runtimeDir}/zabbix_server.pid
SocketDir = ${runtimeDir}
FpingLocation = /run/wrappers/bin/fping
${optionalString (cfg.modules != {}) "LoadModulePath = ${moduleEnv}/lib"}

7
nixos/modules/system/activation/activation-script.nix

@ -184,7 +184,14 @@ in
find /var/empty -mindepth 1 -delete
chmod 0555 /var/empty
chown root:root /var/empty
${ # reasons for not setting immutable flag:
# 1. flag is not changeable inside a container
# 2. systemd-nspawn can not perform chown in case of --private-users-chown
# then the owner is nobody and ssh will not start
optionalString (!config.boot.isContainer) ''
${pkgs.e2fsprogs}/bin/chattr -f +i /var/empty || true
''}
'';
system.activationScripts.usrbinenv = if config.environment.usrbinenv != null

2
nixos/modules/tasks/network-interfaces-systemd.nix

@ -12,7 +12,7 @@ let
i.ipv4.addresses
++ optionals cfg.enableIPv6 i.ipv6.addresses;
dhcpStr = useDHCP: if useDHCP == true || useDHCP == null then "both" else "no";
dhcpStr = useDHCP: if useDHCP == true || useDHCP == null then "yes" else "no";
slaves =
concatLists (map (bond: bond.interfaces) (attrValues cfg.bonds))

2
nixos/modules/virtualisation/container-config.nix

@ -10,7 +10,7 @@ with lib;
services.udisks2.enable = mkDefault false;
powerManagement.enable = mkDefault false;
networking.useHostResolvConf = mkDefault true;
networking.useHostResolvConf = mkDefault (!config.services.resolved.enable);
# Containers should be light-weight, so start sshd on demand.
services.openssh.startWhenNeeded = mkDefault true;

1
nixos/tests/all-tests.nix

@ -262,6 +262,7 @@ in
syncthing-relay = handleTest ./syncthing-relay.nix {};
systemd = handleTest ./systemd.nix {};
systemd-confinement = handleTest ./systemd-confinement.nix {};
systemd-machinectl = handleTest ./systemd-machinectl.nix {};
systemd-timesyncd = handleTest ./systemd-timesyncd.nix {};
systemd-networkd-wireguard = handleTest ./systemd-networkd-wireguard.nix {};
pdns-recursor = handleTest ./pdns-recursor.nix {};

52
nixos/tests/systemd-machinectl.nix

@ -0,0 +1,52 @@
import ./make-test.nix (let
container = { ... }: {
boot.isContainer = true;
# use networkd to obtain systemd network setup
networking.useNetworkd = true;
# systemd-nspawn expects /sbin/init
boot.loader.initScript.enable = true;
imports = [ ../modules/profiles/minimal.nix ];
};
containerSystem = (import ../lib/eval-config.nix {
modules = [ container ];
}).config.system.build.toplevel;
containerName = "container";
containerRoot = "/var/lib/machines/${containerName}";
in {
name = "systemd-machinectl";
machine = { lib, ... }: {
# use networkd to obtain systemd network setup
networking.useNetworkd = true;
# open DHCP server on interface to container
networking.firewall.trustedInterfaces = [ "ve-+" ];
# do not try to access cache.nixos.org
nix.binaryCaches = lib.mkForce [];
virtualisation.pathsInNixDB = [ containerSystem ];
};
testScript = ''
startAll;
$machine->waitForUnit("default.target");
$machine->succeed("mkdir -p ${containerRoot}");
$machine->succeed("nixos-install --root ${containerRoot} --system ${containerSystem} --no-channel-copy --no-root-passwd --no-bootloader");
$machine->succeed("machinectl start ${containerName}");
$machine->waitUntilSucceeds("systemctl -M ${containerName} is-active default.target");
$machine->succeed("ping -n -c 1 ${containerName}");
$machine->succeed("test `stat ${containerRoot}/var/empty -c %u%g` != 00");
$machine->succeed("machinectl stop ${containerName}");
'';
})

13
pkgs/applications/audio/paulstretch/default.nix

@ -1,5 +1,7 @@
{ stdenv, fetchFromGitHub, audiofile, libvorbis, fltk, fftw, fftwFloat,
minixml, pkgconfig, libmad, libjack2, portaudio, libsamplerate }:
{ stdenv, fetchFromGitHub, fetchpatch
, audiofile, libvorbis, fltk, fftw, fftwFloat
, minixml, pkgconfig, libmad, libjack2, portaudio, libsamplerate
}:
stdenv.mkDerivation {
pname = "paulstretch";
@ -27,6 +29,13 @@ stdenv.mkDerivation {
libsamplerate
];
patches = [
(fetchpatch {
url = "https://github.com/paulnasca/paulstretch_cpp/pull/12.patch";
sha256 = "0lx1rfrs53afkiz1drp456asqgj5yv6hx3lkc01165cv1jsbw6q4";
})
];
buildPhase = ''
bash compile_linux_fftw_jack.sh
'';

4
pkgs/applications/audio/picard/default.nix

@ -4,13 +4,13 @@ let
pythonPackages = python3Packages;
in pythonPackages.buildPythonApplication rec {
pname = "picard";
version = "2.1.3";
version = "2.2.1";
src = fetchFromGitHub {
owner = "metabrainz";
repo = pname;
rev = "release-${version}";
sha256 = "1armg8vpvnbpk7rrfk9q7nj5gm56rza00ni9qwdyqpxp1xaz6apj";
sha256 = "1g7pbicf65hswbqmhrwlba9jm4r2vnggy7vy75z4256y7qcpwdfd";
};
nativeBuildInputs = [ gettext qt5.wrapQtAppsHook qt5.qtbase ];

4
pkgs/applications/editors/jetbrains/default.nix

@ -201,11 +201,11 @@ let
platforms = platforms.linux;
};
}) (attrs: {
patchPhase = attrs.patchPhase + ''
patchPhase = lib.optionalString (!stdenv.isDarwin) (attrs.patchPhase + ''
# Patch built-in mono for ReSharperHost to start successfully
interpreter=$(echo ${stdenv.glibc.out}/lib/ld-linux*.so.2)
patchelf --set-interpreter "$interpreter" lib/ReSharperHost/linux-x64/mono/bin/mono-sgen
'';
'');
});
buildRubyMine = { name, version, src, license, description, wmClass, ... }:

64
pkgs/applications/graphics/djview/default.nix

@ -1,8 +1,16 @@
{ stdenv, fetchurl, pkgconfig
, djvulibre, qt4, xorg, libtiff
, darwin }:
{ stdenv
, mkDerivation
, fetchurl
, pkgconfig
, djvulibre
, qtbase
, qttools
, xorg
, libtiff
, darwin
}:
stdenv.mkDerivation rec {
mkDerivation rec {
pname = "djview";
version = "4.10.6";
@ -11,20 +19,56 @@ stdenv.mkDerivation rec {
sha256 = "08bwv8ppdzhryfcnifgzgdilb12jcnivl4ig6hd44f12d76z6il4";
};
nativeBuildInputs = [ pkgconfig ];
nativeBuildInputs = [
pkgconfig
qttools
];
buildInputs = [ djvulibre qt4 xorg.libXt libtiff ]
++ stdenv.lib.optionals stdenv.isDarwin [ darwin.apple_sdk.frameworks.AGL ];
buildInputs = [
djvulibre
qtbase
xorg.libXt
libtiff
] ++ stdenv.lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.AGL;
configureFlags = [
"--disable-silent-rules"
"--disable-dependency-tracking"
"--with-x"
"--with-tiff"
# NOTE: 2019-09-19: experimental "--enable-npdjvu" fails
] ++ stdenv.lib.optional stdenv.isDarwin "--enable-mac";
passthru = {
mozillaPlugin = "/lib/mozilla/plugins";
};
meta = with stdenv.lib; {
homepage = http://djvu.sourceforge.net/djview4.html;
description = "A portable DjVu viewer and browser plugin";
description = "A portable DjVu viewer (Qt5) and browser (nsdejavu) plugin";
homepage = "http://djvu.sourceforge.net/djview4.html";
license = licenses.gpl2;
platforms = platforms.unix;
maintainers = [ ];
maintainers = with maintainers; [ Anton-Latukha ];
longDescription = ''
The portable DjVu viewer (Qt5) and browser (nsdejavu) plugin.
Djview highlights:
- entirely based on the public DjVulibre api.
- entirely written in portable Qt5.
- works natively under Unix/X11, MS Windows, and macOS X.
- continuous scrolling of pages
- side-by-side display of pages
- ability to specify a url to the djview command
- all plugin and cgi options available from the command line
- all silly annotations implemented
- display thumbnails as a grid
- display outlines
- page names supported (see djvused command set-page-title)
- metadata dialog (see djvused command set-meta)
- implemented as reusable Qt widgets
nsdejavu: browser plugin for DjVu. It internally uses djview.
Has CGI-style arguments to configure the view of document (see man).
'';
};
}

4
pkgs/applications/misc/dbeaver/default.nix

@ -7,7 +7,7 @@
stdenv.mkDerivation rec {
pname = "dbeaver-ce";
version = "6.1.5";
version = "6.2.1";
desktopItem = makeDesktopItem {
name = "dbeaver";
@ -30,7 +30,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "https://dbeaver.io/files/${version}/dbeaver-ce-${version}-linux.gtk.x86_64.tar.gz";
sha256 = "0lkycm1152wd56i1hjq7q3sd05h51fyz99qr2n65lwi33vz2qk9m";
sha256 = "1ix6isahpk7zk741wdx5cf4i13wc5gp0j1gj4ja80bzfswbc38na";
};
installPhase = ''

87
pkgs/applications/misc/ipmiview/default.nix

@ -1,33 +1,72 @@
{ stdenv, fetchurl, patchelf, makeWrapper, xorg, gcc, gcc-unwrapped }:
{ stdenv
, fetchurl
, makeDesktopItem
, makeWrapper
, patchelf
, fontconfig
, freetype
, gcc
, gcc-unwrapped
, iputils
, psmisc
, xorg }:
stdenv.mkDerivation rec {
pname = "IPMIView";
version = "2.14.0";
buildVersion = "180213";
pname = "IPMIView";
version = "2.16.0";
buildVersion = "190815";
src = fetchurl {
url = "ftp://ftp.supermicro.com/utility/IPMIView/Linux/IPMIView_${version}_build.${buildVersion}_bundleJRE_Linux_x64.tar.gz";
sha256 = "1wp22wm7smlsb25x0cck4p660cycfczxj381930crd1qrf68mw4h";
src = fetchurl {
url = "https://www.supermicro.com/wftp/utility/IPMIView/Linux/IPMIView_${version}_build.${buildVersion}_bundleJRE_Linux_x64.tar.gz";
sha256 = "0qw9zfnj0cyvab7ndamlw2y0gpczjhh1jkz8340kl42r2xmhkvpl";
};
nativeBuildInputs = [ patchelf makeWrapper ];
nativeBuildInputs = [ patchelf makeWrapper ];
buildPhase = with xorg;
let
stunnelBinary = if stdenv.hostPlatform.system == "x86_64-linux" then "linux/stunnel64"
else if stdenv.hostPlatform.system == "i686-linux" then "linux/stunnel32"
else throw "IPMIView is not supported on this platform";
in
''
patchelf --set-rpath "${stdenv.lib.makeLibraryPath [ libX11 libXext libXrender libXtst libXi ]}" ./jre/lib/amd64/libawt_xawt.so
patchelf --set-rpath "${stdenv.lib.makeLibraryPath [ freetype ]}" ./jre/lib/amd64/libfontmanager.so
patchelf --set-rpath "${gcc-unwrapped.lib}/lib" ./libiKVM64.so
patchelf --set-rpath "${gcc.cc}/lib:$out/jre/lib/amd64/jli" --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" ./jre/bin/java
patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" ./BMCSecurity/${stunnelBinary}
'';
buildPhase = with xorg; ''
patchelf --set-rpath "${stdenv.lib.makeLibraryPath [ libX11 libXext libXrender libXtst libXi ]}" ./jre/lib/amd64/xawt/libmawt.so
patchelf --set-rpath "${gcc-unwrapped.lib}/lib" ./libiKVM64.so
patchelf --set-rpath "${stdenv.lib.makeLibraryPath [ libXcursor libX11 libXext libXrender libXtst libXi ]}" --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" ./jre/bin/javaws
patchelf --set-rpath "${gcc.cc}/lib:$out/jre/lib/amd64/jli" --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" ./jre/bin/java
'';
desktopItem = makeDesktopItem rec {
name = "IPMIView";
exec = "IPMIView";
desktopName = name;
genericName = "Supermicro BMC manager";
categories = "Network;Configuration";
};
installPhase = ''
mkdir -p $out/bin
cp -R . $out/
installPhase = ''
mkdir -p $out/bin
cp -R . $out/
makeWrapper $out/jre/bin/java $out/bin/IPMIView \
--prefix PATH : "$out/jre/bin" \
--add-flags "-jar $out/IPMIView20.jar"
'';
ln -s ${desktopItem}/share $out/share
meta = with stdenv.lib; {
# LD_LIBRARY_PATH: fontconfig is used from java code
# PATH: iputils is used for ping, and psmisc is for killall
# WORK_DIR: unfortunately the ikvm related binaries are loaded from
# and user configuration is written to files in the CWD
makeWrapper $out/jre/bin/java $out/bin/IPMIView \
--set LD_LIBRARY_PATH "${stdenv.lib.makeLibraryPath [ fontconfig ]}" \
--prefix PATH : "$out/jre/bin:${iputils}/bin:${psmisc}/bin" \
--add-flags "-jar $out/IPMIView20.jar" \
--run 'WORK_DIR=''${XDG_DATA_HOME:-~/.local/share}/ipmiview
mkdir -p $WORK_DIR
ln -snf '$out'/iKVM.jar '$out'/libiKVM* '$out'/libSharedLibrary* $WORK_DIR
cd $WORK_DIR'
'';
meta = with stdenv.lib; {
license = licenses.unfree;
};
}
maintainers = with maintainers; [ vlaci ];
platforms = [ "x86_64-linux" "i686-linux" ];
};
}

25
pkgs/applications/misc/pastel/default.nix

@ -0,0 +1,25 @@
{ stdenv, fetchFromGitHub, rustPlatform, Security }:
rustPlatform.buildRustPackage rec {
pname = "pastel";
version = "0.5.3";
src = fetchFromGitHub {
owner = "sharkdp";
repo = pname;
rev = "v${version}";
sha256 = "0f54p3pzfp7xrwlqn61l7j41vmgcfph3bhq2khxh5apfwwdx9nng";
};
cargoSha256 = "05yvlm7z3zfn8qd8nb9zpch9xsfzidrpyrgg2vij3h3q095mdm66";
buildInputs = stdenv.lib.optional stdenv.isDarwin Security;
meta = with stdenv.lib; {
description = "A command-line tool to generate, analyze, convert and manipulate colors";
homepage = https://github.com/sharkdp/pastel;
license = with licenses; [ asl20 /* or */ mit ];
maintainers = with maintainers; [ davidtwco ];
platforms = platforms.all;
};
}

4
pkgs/applications/networking/browsers/vivaldi/default.nix

@ -17,11 +17,11 @@ let
vivaldiName = if isSnapshot then "vivaldi-snapshot" else "vivaldi";
in stdenv.mkDerivation rec {
pname = "vivaldi";
version = "2.8.1664.35-1";
version = "2.8.1664.38-1";
src = fetchurl {
url = "https://downloads.vivaldi.com/${branch}/vivaldi-${branch}_${version}_amd64.deb";
sha256 = "0wrpn2figljvq9xldpqb1wf81fpwj91ppi2lzvcg5ycpl2a90x7j";
sha256 = "1znhlwwgq4k0fplr4l8ixgn6g5k26ns77j2dm0pjg3a2jgjq6rdr";
};
unpackPhase = ''

6
pkgs/applications/networking/cluster/kops/default.nix

@ -43,7 +43,7 @@ let
description = "Easiest way to get a production Kubernetes up and running";
homepage = https://github.com/kubernetes/kops;
license = licenses.asl20;
maintainers = with maintainers; [offline zimbatm];
maintainers = with maintainers; [offline zimbatm kampka];
platforms = platforms.unix;
};
} // attrs';
@ -57,7 +57,7 @@ in rec {
};
kops_1_13 = mkKops {
version = "1.13.0";
sha256 = "04kbbg3gqzwzzzq1lmnpw2gqky3pfwfk7pc0laxv2yssk9wac5k1";
version = "1.13.1";
sha256 = "0knypbrpipxplgdg6r0r6ycsj7w46virmzwn5s4sdim0y8d2ppyb";
};
}

2
pkgs/applications/networking/instant-messengers/gajim/default.nix

@ -44,7 +44,7 @@ python3.pkgs.buildPythonApplication rec {
];
propagatedBuildInputs = with python3.pkgs; [
nbxmpp pyasn1 pygobject3 dbus-python pillow cssutils precis-i18n keyring
nbxmpp pyasn1 pygobject3 dbus-python pillow cssutils precis-i18n keyring setuptools
] ++ lib.optionals enableE2E [ pycrypto python-gnupg ]
++ lib.optional enableRST docutils
++ lib.optionals enableOmemoPluginDependencies [ python-axolotl qrcode ]

8
pkgs/applications/networking/instant-messengers/teamspeak/client.nix

@ -1,6 +1,6 @@
{ stdenv, fetchurl, makeWrapper, makeDesktopItem, zlib, glib, libpng, freetype, openssl
, xorg, fontconfig, qtbase, qtwebengine, qtwebchannel, qtsvg, xkeyboard_config, alsaLib
, libpulseaudio ? null, libredirect, quazip, less, which, unzip, llvmPackages
, libpulseaudio ? null, libredirect, quazip, which, unzip, llvmPackages, writeShellScriptBin
}:
let
@ -26,6 +26,8 @@ let
categories = "Network";
};
fakeLess = writeShellScriptBin "less" "cat";
in
stdenv.mkDerivation rec {
@ -46,11 +48,11 @@ stdenv.mkDerivation rec {
sha256 = "1bywmdj54glzd0kffvr27r84n4dsd0pskkbmh59mllbxvj0qwy7f";
};
buildInputs = [ makeWrapper less which unzip ];
nativeBuildInputs = [ makeWrapper fakeLess which unzip ];
unpackPhase =
''
echo -e 'q\ny' | sh -xe $src
echo -e '\ny' | sh -xe $src
cd TeamSpeak*
'';

35
pkgs/applications/networking/mailreaders/trojita/default.nix

@ -1,37 +1,50 @@
{ mkDerivation
, lib
, fetchurl
{ akonadi-contacts
, cmake
, fetchgit
, gpgme
, kcontacts
, lib
, mimetic
, mkDerivation
, pkgconfig
, qgpgme
, qtbase
, qtwebkit
, qtkeychain
, qttools
, qtwebkit
}:
mkDerivation rec {
pname = "trojita";
version = "0.7";
version = "0.7.20190618";
src = fetchurl {
url = "mirror://sourceforge/trojita/trojita/${pname}-${version}.tar.xz";
sha256 = "1n9n07md23ny6asyw0xpih37vlwzp7vawbkprl7a1bqwfa0si3g0";
src = fetchgit {
url = "https://anongit.kde.org/trojita.git";
rev = "90b417b131853553c94ff93aef62abaf301aa8f1";
sha256 = "0xpxq5bzqaa68lkz90wima5q2m0mdcn0rvnigb66lylb4n20mnql";
};
buildInputs = [
akonadi-contacts
gpgme
kcontacts
mimetic
qgpgme
qtbase
qtkeychain
qtwebkit
];
nativeBuildInputs = [
cmake
pkgconfig
qttools
];
meta = with lib; {
description = "A Qt IMAP e-mail client";
homepage = http://trojita.flaska.net/;
homepage = "http://trojita.flaska.net/";
license = with licenses; [ gpl2 gpl3 ];
platforms = platforms.linux;
};
}

2
pkgs/applications/science/logic/tamarin-prover/default.nix

@ -104,4 +104,6 @@ mkDerivation (common "tamarin-prover" src // {
tamarin-prover-term
tamarin-prover-theory
];
broken = true;
})

23
pkgs/applications/video/shotcut/default.nix

@ -1,10 +1,23 @@
{ stdenv, fetchFromGitHub, SDL2, frei0r, gettext, mlt, jack1, mkDerivation
, pkgconfig, qtbase, qtmultimedia, qtwebkit, qtx11extras, qtwebsockets
, qtquickcontrols, qtgraphicaleffects, libmlt, qmake, qttools }:
{ stdenv, fetchFromGitHub, fetchpatch, mkDerivation, SDL2, frei0r, gettext, mlt
, jack1, pkgconfig, qtbase, qtmultimedia, qtwebkit, qtx11extras, qtwebsockets
, qtquickcontrols, qtgraphicaleffects, libmlt, qmake, qttools
}:
assert stdenv.lib.versionAtLeast libmlt.version "6.8.0";
assert stdenv.lib.versionAtLeast mlt.version "6.8.0";
let
# https://github.com/mltframework/shotcut/issues/771
fixVaapiRendering1 = fetchpatch {
url = "https://github.com/peti/shotcut/commit/038f6839298fc1e9e80ddf84fe168a78118bc625.patch";
sha256 = "153z1g6criszd6gdkw4f5zk0gmh0jar6l2g8fzwjhhcvkdz30vbp";
};
fixVaapiRendering2 = fetchpatch {
url = "https://github.com/peti/shotcut/commit/653c485f92d2847fdac517e3f797c9254826ffab.patch";
sha256 = "1qd0zgyahda72xh3avlg7lg0jq94wq5847154qlrgzj8b4n7vizw";
};
in
mkDerivation rec {
pname = "shotcut";
version = "19.09.14";
@ -16,6 +29,8 @@ mkDerivation rec {
sha256 = "1cl8ba1n0h450r4n5mfqmyjaxvczs3m19blwxslqskvmxy5my3cn";
};
patches = [ fixVaapiRendering1 fixVaapiRendering2 ];
enableParallelBuilding = true;
nativeBuildInputs = [ pkgconfig qmake ];
buildInputs = [
@ -33,8 +48,6 @@ mkDerivation rec {
sed 's_qApp->applicationDirPath(), "ffmpeg"_"${mlt.ffmpeg}/bin/ffmpeg"_' -i src/docks/encodedock.cpp
NICE=$(type -P nice)
sed "s_/usr/bin/nice_''${NICE}_" -i src/jobs/meltjob.cpp src/jobs/ffmpegjob.cpp
# Fix VAAPI auto-config: https://github.com/mltframework/shotcut/issues/771
sed 's#"-vaapi_device" << ":0"#"-vaapi_device" << "/dev/dri/renderD128"#' -i src/docks/encodedock.cpp
'';
qtWrapperArgs = [

3
pkgs/applications/virtualization/virtualbox/default.nix

@ -92,6 +92,9 @@ in stdenv.mkDerivation {
})
++ [
./qtx11extras.patch
# Kernel 5.3 fix, should be fixed with VirtualBox 6.0.14
# https://www.virtualbox.org/ticket/18911
./kernel-5.3-fix.patch
];
postPatch = ''

21
pkgs/applications/virtualization/virtualbox/guest-additions/default.nix

@ -12,9 +12,16 @@ let
# It's likely to work again in some future update.
xserverABI = let abi = xserverVListFunc 0 + xserverVListFunc 1;
in if abi == "119" || abi == "120" then "118" else abi;
in
stdenv.mkDerivation {
# Specifies how to patch binaries to make sure that libraries loaded using
# dlopen are found. We grep binaries for specific library names and patch
# RUNPATH in matching binaries to contain the needed library paths.
dlopenLibs = [
{ name = "libdbus-1.so"; pkg = dbus; }
{ name = "libXfixes.so"; pkg = xorg.libXfixes; }
];
in stdenv.mkDerivation {
name = "VirtualBox-GuestAdditions-${version}-${kernel.version}";
src = fetchurl {
@ -134,13 +141,13 @@ stdenv.mkDerivation {
# Stripping breaks these binaries for some reason.
dontStrip = true;
# Some code dlopen() libdbus, patch RUNPATH in fixupPhase so it isn't stripped.
postFixup = ''
for i in $(grep -F libdbus-1.so -l -r $out/{lib,bin}); do
# Patch RUNPATH according to dlopenLibs (see the comment there).
postFixup = lib.concatMapStrings (library: ''
for i in $(grep -F ${lib.escapeShellArg library.name} -l -r $out/{lib,bin}); do
origRpath=$(patchelf --print-rpath "$i")
patchelf --set-rpath "$origRpath:${lib.makeLibraryPath [ dbus ]}" "$i"
patchelf --set-rpath "$origRpath:${lib.makeLibraryPath [ library.pkg ]}" "$i"
done
'';
'') dlopenLibs;
meta = {
description = "Guest additions for VirtualBox";

72
pkgs/applications/virtualization/virtualbox/kernel-5.3-fix.patch

@ -0,0 +1,72 @@
--- a/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c
+++ b/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c
@@ -2123,7 +2123,9 @@
#endif
if (in_dev != NULL)
{
- for_ifa(in_dev) {
+ struct in_ifaddr *ifa;
+
+ for (ifa = in_dev->ifa_list; ifa; ifa = ifa->ifa_next) {
if (VBOX_IPV4_IS_LOOPBACK(ifa->ifa_address))
return NOTIFY_OK;
@@ -2137,7 +2139,7 @@
pThis->pSwitchPort->pfnNotifyHostAddress(pThis->pSwitchPort,
/* :fAdded */ true, kIntNetAddrType_IPv4, &ifa->ifa_address);
- } endfor_ifa(in_dev);
+ }
}
/*
--- a/src/VBox/Runtime/r0drv/linux/mp-r0drv-linux.c
+++ a/src/VBox/Runtime/r0drv/linux/mp-r0drv-linux.c
@@ -283,12 +283,15 @@
if (RTCpuSetCount(&OnlineSet) > 1)
{
/* Fire the function on all other CPUs without waiting for completion. */
-# if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 27)
+# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 3, 0)
+ smp_call_function(rtmpLinuxAllWrapper, &Args, 0 /* wait */);
+# elif LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 27)
int rc = smp_call_function(rtmpLinuxAllWrapper, &Args, 0 /* wait */);
+ Assert(!rc); NOREF(rc);
# else
int rc = smp_call_function(rtmpLinuxAllWrapper, &Args, 0 /* retry */, 0 /* wait */);
-# endif
Assert(!rc); NOREF(r