diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2020-12-03 00:36:28 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-03 00:36:28 +0000 |
commit | 58274c4f8d1deda9891c370273735987584c1615 (patch) | |
tree | 12da3a2773afb1e878cdda421139d82317c66394 | |
parent | d3f56086246776bbf812b09c0e58b080244bd4f4 (diff) | |
parent | 535c1daca6705026c6858a5aca1229064ed537d0 (diff) |
Merge master into staging-next
45 files changed, 248 insertions, 106 deletions
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 889b2f7e2442..54a97f2b7a3a 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -4823,6 +4823,12 @@ githubId = 2422454; name = "Kai Wohlfahrt"; }; + kyleondy = { + email = "kyle@ondy.org"; + github = "kyleondy"; + githubId = 1640900; + name = "Kyle Ondy"; + }; kylesferrazza = { name = "Kyle Sferrazza"; email = "kyle.sferrazza@gmail.com"; diff --git a/pkgs/applications/audio/littlegptracker/default.nix b/pkgs/applications/audio/littlegptracker/default.nix index 9b1a1869c283..2fb453cf19c5 100644 --- a/pkgs/applications/audio/littlegptracker/default.nix +++ b/pkgs/applications/audio/littlegptracker/default.nix @@ -1,5 +1,6 @@ { stdenv , fetchFromGitHub +, unstableGitUpdater , SDL , jack2 , Foundation @@ -42,6 +43,8 @@ stdenv.mkDerivation rec { installPhase = let extension = if stdenv.isDarwin then "app" else "deb-exe"; in "install -Dm555 lgpt.${extension} $out/bin/lgpt"; + passthru.updateScript = unstableGitUpdater { }; + meta = with stdenv.lib; { description = "A music tracker similar to lsdj optimised to run on portable game consoles"; longDescription = '' diff --git a/pkgs/applications/audio/openmpt123/default.nix b/pkgs/applications/audio/openmpt123/default.nix index 91bf47dddd6b..4d1387bf6331 100644 --- a/pkgs/applications/audio/openmpt123/default.nix +++ b/pkgs/applications/audio/openmpt123/default.nix @@ -2,14 +2,14 @@ , usePulseAudio ? config.pulseaudio or false, libpulseaudio }: let - version = "0.5.3"; + version = "0.5.4"; in stdenv.mkDerivation { pname = "openmpt123"; inherit version; src = fetchurl { url = "https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-${version}+release.autotools.tar.gz"; - sha256 = "1f155yf5v57dwhzb7z0kh67lckr3yq4x8040dm54qgbxw582la77"; + sha256 = "0h7gpjx1221jwsq3k91p8zhf1h77qaxyasakc88s3g57vawhckgk"; }; enableParallelBuilding = true; diff --git a/pkgs/applications/editors/nano/default.nix b/pkgs/applications/editors/nano/default.nix index 04bd6c7b4b8b..bd8ad4b3d20d 100644 --- a/pkgs/applications/editors/nano/default.nix +++ b/pkgs/applications/editors/nano/default.nix @@ -16,11 +16,11 @@ let in stdenv.mkDerivation rec { pname = "nano"; - version = "5.3"; + version = "5.4"; src = fetchurl { url = "mirror://gnu/nano/${pname}-${version}.tar.xz"; - sha256 = "0lj3fcfzprmv9raydx8yq25lw81bs6g40rhd0fv9d6idcb7wphf5"; + sha256 = "1sc6xl9935k9s9clkv83hapijka4qknfnj6f15c3b1i2n84396gy"; }; nativeBuildInputs = [ texinfo ] ++ optional enableNls gettext; diff --git a/pkgs/applications/graphics/imgp/default.nix b/pkgs/applications/graphics/imgp/default.nix index 80420202c053..1f6e20f465a2 100644 --- a/pkgs/applications/graphics/imgp/default.nix +++ b/pkgs/applications/graphics/imgp/default.nix @@ -2,13 +2,13 @@ buildPythonApplication rec { pname = "imgp"; - version = "2.7"; + version = "2.8"; src = fetchFromGitHub { owner = "jarun"; repo = pname; rev = "v${version}"; - sha256 = "13r4fn3dd0nyidfhrr7zzpls5ifbyqdwxhyvpkqr8ahchws7wfc6"; + sha256 = "1miabaxd5pwxn0va4drzj1d4ppxvyqsrrd4xw1j6qr52yci0lms8"; }; propagatedBuildInputs = [ pillow ]; diff --git a/pkgs/applications/graphics/meme/default.nix b/pkgs/applications/graphics/meme/default.nix index 5f8a0bb6eed3..8cbc776132e6 100644 --- a/pkgs/applications/graphics/meme/default.nix +++ b/pkgs/applications/graphics/meme/default.nix @@ -1,8 +1,12 @@ -{ stdenv, buildGoPackage, fetchFromGitHub }: +{ stdenv +, buildGoPackage +, unstableGitUpdater +, fetchFromGitHub +}: buildGoPackage rec { - pname = "meme-unstable"; - version = "2017-09-10"; + pname = "meme"; + version = "unstable-2017-09-10"; owner = "nomad-software"; repo = "meme"; @@ -14,6 +18,8 @@ buildGoPackage rec { sha256 = "1gbsv1d58ck6mj89q31s5b0ppw51ab76yqgz39jgwqnkidvzdfly"; }; + passthru.updateScript = unstableGitUpdater { }; + meta = with stdenv.lib; { description = "A command line utility for creating image macro style memes"; homepage = "https://github.com/nomad-software/meme"; diff --git a/pkgs/applications/networking/instant-messengers/zulip/default.nix b/pkgs/applications/networking/instant-messengers/zulip/default.nix index dbf6cf46e92b..a177499154ee 100644 --- a/pkgs/applications/networking/instant-messengers/zulip/default.nix +++ b/pkgs/applications/networking/instant-messengers/zulip/default.nix @@ -5,12 +5,12 @@ let pname = "zulip"; - version = "5.4.3"; + version = "5.5.0"; name = "${pname}-${version}"; src = fetchurl { url = "https://github.com/zulip/zulip-desktop/releases/download/v${version}/Zulip-${version}-x86_64.AppImage"; - sha256 = "0yd4g87kcwiy1arx3y2nyb7lq1nlh4cn87762k2sd8n4s9i52c7r"; + sha256 = "059zfcvaq8wnsz2lfd4gdb17b6nngqk3vgisy2kb29ifqf3lpzqi"; name="${pname}-${version}.AppImage"; }; @@ -32,7 +32,7 @@ in appimageTools.wrapType2 { meta = with lib; { description = "Desktop client for Zulip Chat"; - homepage = "https://zulipchat.com"; + homepage = "https://zulip.com"; license = licenses.asl20; maintainers = with maintainers; [ jonafato ]; platforms = [ "x86_64-linux" ]; diff --git a/pkgs/applications/science/math/gretl/default.nix b/pkgs/applications/science/math/gretl/default.nix index e1cf5a0f08d8..7d77453cbab0 100644 --- a/pkgs/applications/science/math/gretl/default.nix +++ b/pkgs/applications/science/math/gretl/default.nix @@ -3,11 +3,11 @@ stdenv.mkDerivation rec { pname = "gretl"; - version = "2020b"; + version = "2020e"; src = fetchurl { url = "mirror://sourceforge/gretl/${pname}-${version}.tar.xz"; - sha256 = "0mpb8gc0mcfql8lzwknpkf1sg7mj9ikzd8r1x5xniabd9mmdhplm"; + sha256 = "105y5hkzgyvad6wc3y7nn327bvrsch6jp03ckkn0w0hpnhiywzx7"; }; buildInputs = [ diff --git a/pkgs/applications/version-management/git-and-tools/git-secret/default.nix b/pkgs/applications/version-management/git-and-tools/git-secret/default.nix index 140c2647be22..fe67aca55d14 100644 --- a/pkgs/applications/version-management/git-and-tools/git-secret/default.nix +++ b/pkgs/applications/version-management/git-and-tools/git-secret/default.nix @@ -1,7 +1,7 @@ { stdenv, lib, fetchFromGitHub, makeWrapper, git, gnupg, gawk }: let - version = "0.3.2"; + version = "0.3.3"; repo = "git-secret"; in stdenv.mkDerivation { @@ -11,7 +11,7 @@ in stdenv.mkDerivation { inherit repo; owner = "sobolevn"; rev = "v${version}"; - sha256 = "0n268xlsd9p5f083sqwzpvsqg99fdk876mf8gihkydakrismc45b"; + sha256 = "0hc7yavcp8jmn6b7wngjqhy8kl7f4191sfpik8ycvqghkvvimxj4"; }; buildInputs = [ makeWrapper ]; diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix index 163a87d7072f..5d4b891ad5de 100644 --- a/pkgs/applications/virtualization/qemu/default.nix +++ b/pkgs/applications/virtualization/qemu/default.nix @@ -83,6 +83,12 @@ stdenv.mkDerivation rec { ./fix-qemu-ga.patch ./9p-ignore-noatime.patch ./CVE-2020-27617.patch + (fetchpatch { + # e1000e: infinite loop scenario in case of null packet descriptor, remove for QEMU >= 5.2.0-rc3 + name = "CVE-2020-28916.patch"; + url = "https://git.qemu.org/?p=qemu.git;a=patch;h=c2cb511634012344e3d0fe49a037a33b12d8a98a"; + sha256 = "1kvm6wl4vry0npiisxsn76h8nf1iv5fmqsyjvb46203f1yyg5pis"; + }) ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch ++ optionals stdenv.hostPlatform.isMusl [ (fetchpatch { diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index db1062e1b5d8..b30ac5c77655 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -1,4 +1,5 @@ { + bashInteractive, buildPackages, cacert, callPackage, @@ -29,6 +30,7 @@ writeReferencesToFile, writeScript, writeText, + writeTextDir, writePython3, system, # Note: This is the cross system we're compiling for }: @@ -70,7 +72,7 @@ in rec { examples = callPackage ./examples.nix { - inherit buildImage pullImage shadowSetup buildImageWithNixDb; + inherit buildImage buildLayeredImage fakeNss pullImage shadowSetup buildImageWithNixDb; }; pullImage = let @@ -684,6 +686,33 @@ rec { in result; + # Provide a /etc/passwd and /etc/group that contain root and nobody. + # Useful when packaging binaries that insist on using nss to look up + # username/groups (like nginx). + # /bin/sh is fine to not exist, and provided by another shim. + fakeNss = symlinkJoin { + name = "fake-nss"; + paths = [ + (writeTextDir "etc/passwd" '' + root:x:0:0:root user:/var/empty:/bin/sh + nobody:x:65534:65534:nobody:/var/empty:/bin/sh + '') + (writeTextDir "etc/group" '' + root:x:0: + nobody:x:65534: + '') + (runCommand "var-empty" {} '' + mkdir -p $out/var/empty + '') + ]; + }; + + # This provides /bin/sh, pointing to bashInteractive. + binSh = runCommand "bin-sh" {} '' + mkdir -p $out/bin + ln -s ${bashInteractive}/bin/bash $out/bin/sh + ''; + # Build an image and populate its nix database with the provided # contents. The main purpose is to be able to use nix commands in # the container. diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix index 3f30f1a2adb4..85ddeb257405 100644 --- a/pkgs/build-support/docker/examples.nix +++ b/pkgs/build-support/docker/examples.nix @@ -7,7 +7,7 @@ # $ nix-build '<nixpkgs>' -A dockerTools.examples.redis # $ docker load < result -{ pkgs, buildImage, pullImage, shadowSetup, buildImageWithNixDb, pkgsCross }: +{ pkgs, buildImage, buildLayeredImage, fakeNss, pullImage, shadowSetup, buildImageWithNixDb, pkgsCross }: rec { # 1. basic example @@ -44,7 +44,7 @@ rec { nginx = let nginxPort = "80"; nginxConf = pkgs.writeText "nginx.conf" '' - user nginx nginx; + user nobody nobody; daemon off; error_log /dev/stdout info; pid /dev/null; @@ -64,10 +64,13 @@ rec { <html><body><h1>Hello from NGINX</h1></body></html> ''; in - buildImage { + buildLayeredImage { name = "nginx-container"; tag = "latest"; - contents = pkgs.nginx; + contents = [ + fakeNss + pkgs.nginx + ]; extraCommands = '' # nginx still tries to read this directory even if error_log @@ -75,12 +78,6 @@ rec { mkdir -p var/log/nginx mkdir -p var/cache/nginx ''; - runAsRoot = '' - #!${pkgs.stdenv.shell} - ${shadowSetup} - groupadd --system nginx - useradd --system --gid nginx nginx - ''; config = { Cmd = [ "nginx" "-c" nginxConf ]; diff --git a/pkgs/development/compilers/lobster/default.nix b/pkgs/development/compilers/lobster/default.nix index 62867f296d72..b87bec7ea2d9 100644 --- a/pkgs/development/compilers/lobster/default.nix +++ b/pkgs/development/compilers/lobster/default.nix @@ -1,5 +1,6 @@ { stdenv , fetchFromGitHub +, unstableGitUpdater , cmake , callPackage @@ -46,8 +47,9 @@ stdenv.mkDerivation rec { preConfigure = "cd dev"; enableParallelBuilding = true; - passthru.tests = { - can-run-hello-world = callPackage ./test-can-run-hello-world.nix {}; + passthru = { + tests.can-run-hello-world = callPackage ./test-can-run-hello-world.nix {}; + updateScript = unstableGitUpdater { }; }; meta = with stdenv.lib; { @@ -63,4 +65,3 @@ stdenv.mkDerivation rec { platforms = platforms.all; }; } - diff --git a/pkgs/development/compilers/qbe/default.nix b/pkgs/development/compilers/qbe/default.nix index 871707496561..436b03e499c3 100644 --- a/pkgs/development/compilers/qbe/default.nix +++ b/pkgs/development/compilers/qbe/default.nix @@ -25,4 +25,3 @@ stdenv.mkDerivation rec { platforms = platforms.all; }; } - diff --git a/pkgs/development/libraries/libfprint/default.nix b/pkgs/development/libraries/libfprint/default.nix index cc4e7dfefeef..469633afb10c 100644 --- a/pkgs/development/libraries/libfprint/default.nix +++ b/pkgs/development/libraries/libfprint/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { pname = "libfprint"; - version = "1.90.3"; + version = "1.90.4"; outputs = [ "out" "devdoc" ]; src = fetchFromGitLab { @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { owner = "libfprint"; repo = pname; rev = "v${version}"; - sha256 = "1fs0qrfrqnvc6kcsg81l5p89n8jnsx9dr1pzxpb8ghwas8c9v52i"; + sha256 = "0grhck0h29i7hm7npvby7pn7wdc446kv0r4mkpbssp46lqbjb96b"; }; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/libimobiledevice/default.nix b/pkgs/development/libraries/libimobiledevice/default.nix index 47408f8cb6f4..dcbb71c7c3ae 100644 --- a/pkgs/development/libraries/libimobiledevice/default.nix +++ b/pkgs/development/libraries/libimobiledevice/default.nix @@ -52,7 +52,7 @@ stdenv.mkDerivation rec { devices to the Linux Desktop. ''; license = licenses.lgpl21Plus; - platforms = platforms.linux; + platforms = platforms.linux ++ platforms.darwin; maintainers = with maintainers; [ infinisil ]; }; } diff --git a/pkgs/development/libraries/libirecovery/default.nix b/pkgs/development/libraries/libirecovery/default.nix index 59f09c8d2538..5b0b60b16b35 100644 --- a/pkgs/development/libraries/libirecovery/default.nix +++ b/pkgs/development/libraries/libirecovery/default.nix @@ -48,7 +48,7 @@ stdenv.mkDerivation rec { ''; license = licenses.lgpl21; # Upstream description says it works on more platforms, but packager hasn't tried that yet - platforms = platforms.linux; + platforms = platforms.linux ++ platforms.darwin; maintainers = with maintainers; [ nh2 ]; }; } diff --git a/pkgs/development/libraries/libmanette/default.nix b/pkgs/development/libraries/libmanette/default.nix index 83ee19075de5..0cb233ad271c 100644 --- a/pkgs/development/libraries/libmanette/default.nix +++ b/pkgs/development/libraries/libmanette/default.nix @@ -5,6 +5,9 @@ , pkgconfig , vala , gobject-introspection +, gtk-doc +, docbook-xsl-nons +, docbook_xml_dtd_43 , glib , libgudev , libevdev @@ -13,13 +16,13 @@ stdenv.mkDerivation rec { pname = "libmanette"; - version = "0.2.5"; + version = "0.2.6"; - outputs = [ "out" "dev" ]; + outputs = [ "out" "dev" "devdoc" ]; src = fetchurl { url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "gAbghIDAy9T3SewVWCfRAER88jkD+tgkCnxMMhqgmis="; + sha256 = "1b3bcdkk5xd5asq797cch9id8692grsjxrc1ss87vv11m1ck4rb3"; }; nativeBuildInputs = [ @@ -28,6 +31,9 @@ stdenv.mkDerivation rec { pkgconfig vala gobject-introspection + gtk-doc + docbook-xsl-nons + docbook_xml_dtd_43 ]; buildInputs = [ @@ -36,6 +42,10 @@ stdenv.mkDerivation rec { libevdev ]; + mesonFlags = [ + "-Ddoc=true" + ]; + doCheck = true; passthru = { @@ -46,7 +56,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "A simple GObject game controller library"; - homepage = "https://gitlab.gnome.org/aplazas/libmanette"; + homepage = "https://gnome.pages.gitlab.gnome.org/libmanette/"; license = licenses.lgpl21Plus; maintainers = teams.gnome.members; platforms = platforms.unix; diff --git a/pkgs/development/libraries/libplist/default.nix b/pkgs/development/libraries/libplist/default.nix index 6608ccd1abc5..a626e7a5377b 100644 --- a/pkgs/development/libraries/libplist/default.nix +++ b/pkgs/development/libraries/libplist/default.nix @@ -36,6 +36,6 @@ stdenv.mkDerivation rec { homepage = "https://github.com/libimobiledevice/libplist"; license = licenses.lgpl21Plus; maintainers = with maintainers; [ infinisil ]; - platforms = platforms.linux; + platforms = platforms.linux ++ platforms.darwin; }; } diff --git a/pkgs/development/libraries/libusbmuxd/default.nix b/pkgs/development/libraries/libusbmuxd/default.nix index f4c4dbfcf710..9d81c5d0fbeb 100644 --- a/pkgs/development/libraries/libusbmuxd/default.nix +++ b/pkgs/development/libraries/libusbmuxd/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { description = "A client library to multiplex connections from and to iOS devices"; homepage = "https://github.com/libimobiledevice/libusbmuxd"; license = licenses.lgpl21Plus; - platforms = platforms.linux; + platforms = platforms.linux ++ platforms.darwin; maintainers = with maintainers; [ infinisil ]; }; } diff --git a/pkgs/development/libraries/tdlib/default.nix b/pkgs/development/libraries/tdlib/default.nix index 165506f96472..1a36a68a33bd 100644 --- a/pkgs/development/libraries/tdlib/default.nix +++ b/pkgs/development/libraries/tdlib/default.nix @@ -1,20 +1,16 @@ { fetchFromGitHub, gperf, openssl, readline, zlib, cmake, stdenv }: stdenv.mkDerivation rec { - version = "unstable-2020-10-25"; + version = "1.7.0"; pname = "tdlib"; src = fetchFromGitHub { owner = "tdlib"; repo = "td"; - # At version 1.6.0, this line was `rev = "v${version}". Version 1.6.9 (here called `unstable-2020-10-25`) uses an - # explicit revision because 1.6.9 is not a tdlib GitHub release, and is therefore not hosted at - # `https://github.com/tdlib/td/releases/tag/v1.6.9`. Please return to the `rev = "v${version}"` style on the next - # version bump if you can, since that will allow `nixpkgs-update` to update the package automatically. - rev = "32f2338bd199dd06a1b4b5f1ad14f2d4f2868f01"; + rev = "v${version}"; - sha256 = "0wv03hlgzrsc04kcwnwz6dsmkdzvhb0i1wjs08gzivwxw06pkq4n"; + sha256 = "sha256-sZzp9k7KDnqftcSGSgXkIy0siCksGPBmRckySU/J0TU="; }; buildInputs = [ gperf openssl readline zlib ]; diff --git a/pkgs/development/python-modules/goobook/default.nix b/pkgs/development/python-modules/goobook/default.nix index eb6aecfecd15..a3d327275157 100644 --- a/pkgs/development/python-modules/goobook/default.nix +++ b/pkgs/development/python-modules/goobook/default.nix @@ -23,6 +23,10 @@ buildPythonPackage rec { installManPage goobook.1 ''; + doCheck = false; + + pythonImportsCheck = [ "goobook" ]; + meta = with stdenv.lib; { description = "Access your Google contacts from the command line"; longDescription = '' diff --git a/pkgs/development/tools/ocaml/obelisk/default.nix b/pkgs/development/tools/ocaml/obelisk/default.nix index e7528d4f7728..483e9c45df01 100644 --- a/pkgs/development/tools/ocaml/obelisk/default.nix +++ b/pkgs/development/tools/ocaml/obelisk/default.nix @@ -1,24 +1,20 @@ -{ stdenv, fetchFromGitHub, ocamlPackages }: +{ lib, fetchurl, ocamlPackages }: -stdenv.mkDerivation rec { +ocamlPackages.buildDunePackage rec { pname = "obelisk"; - version = "0.4.0"; - src = fetchFromGitHub { - owner = "lelio-brun"; - repo = "obelisk"; - rev = "v${version}"; - sha256 = "0rw85knbwqj2rys1hh5qy8sfdqb4mb1wsriy38n7zcpbwim47vb8"; + version = "0.5.2"; + useDune2 = true; + src = fetchurl { + url = "https://github.com/Lelio-Brun/Obelisk/releases/download/v${version}/obelisk-v${version}.tbz"; + sha256 = "0s86gkypyrkrp83xnay258ijri3yjwj3marsjnjf8mz58z0zd9g6"; }; - buildInputs = with ocamlPackages; [ ocaml findlib ocamlbuild menhir ]; - - installFlags = [ "BINDIR=$(out)/bin" ]; + buildInputs = with ocamlPackages; [ menhir re ]; meta = { description = "A simple tool which produces pretty-printed output from a Menhir parser file (.mly)"; - license = stdenv.lib.licenses.mit; - maintainers = [ stdenv.lib.maintainers.vbgl ]; - inherit (src.meta) homepage; - inherit (ocamlPackages.ocaml.meta) platforms; + license = lib.licenses.mit; + maintainers = [ lib.maintainers.vbgl ]; + homepage = "https://github.com/Lelio-Brun/Obelisk"; }; } diff --git a/pkgs/games/mindustry/default.nix b/pkgs/games/mindustry/default.nix index d87a1ca |