diff options
41 files changed, 223 insertions, 152 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2103.xml b/nixos/doc/manual/release-notes/rl-2103.xml index 24a0281310c6..f33b4ef919f0 100644 --- a/nixos/doc/manual/release-notes/rl-2103.xml +++ b/nixos/doc/manual/release-notes/rl-2103.xml @@ -479,6 +479,14 @@ self: super: <itemizedlist> <listitem> <para> + <literal>stdenv.lib</literal> has been deprecated and will break + eval in 21.11. Please use <literal>pkgs.lib</literal> instead. + See <link xlink:href="https://github.com/NixOS/nixpkgs/issues/108938">#108938</link> + for details. + </para> + </listitem> + <listitem> + <para> The Mailman NixOS module (<literal>services.mailman</literal>) has a new option <xref linkend="opt-services.mailman.enablePostfix" />, defaulting to true, that controls integration with Postfix. @@ -653,6 +661,11 @@ self: super: The <varname>platform</varname> grouping of these things never meant anything, and was just a historial/implementation artifact that was overdue removal. </para> </listitem> + <listitem> + <para> + <varname>services.restic</varname> now uses a dedicated cache directory for every backup defined in <varname>services.restic.backups</varname>. The old global cache directory, <literal>/root/.cache/restic</literal>, is now unused and can be removed to free up disk space. + </para> + </listitem> </itemizedlist> </section> </section> diff --git a/nixos/modules/hardware/video/nvidia.nix b/nixos/modules/hardware/video/nvidia.nix index 72eb9fcfaa60..97accc7b99a0 100644 --- a/nixos/modules/hardware/video/nvidia.nix +++ b/nixos/modules/hardware/video/nvidia.nix @@ -5,36 +5,17 @@ with lib; let - - drivers = config.services.xserver.videoDrivers; - - # FIXME: should introduce an option like - # ‘hardware.video.nvidia.package’ for overriding the default NVIDIA - # driver. - nvidiaForKernel = kernelPackages: - if elem "nvidia" drivers then - kernelPackages.nvidia_x11 - else if elem "nvidiaBeta" drivers then - kernelPackages.nvidia_x11_beta - else if elem "nvidiaVulkanBeta" drivers then - kernelPackages.nvidia_x11_vulkan_beta - else if elem "nvidiaLegacy304" drivers then - kernelPackages.nvidia_x11_legacy304 - else if elem "nvidiaLegacy340" drivers then - kernelPackages.nvidia_x11_legacy340 - else if elem "nvidiaLegacy390" drivers then - kernelPackages.nvidia_x11_legacy390 - else null; - - nvidia_x11 = nvidiaForKernel config.boot.kernelPackages; - nvidia_libs32 = - if versionOlder nvidia_x11.version "391" then - ((nvidiaForKernel pkgs.pkgsi686Linux.linuxPackages).override { libsOnly = true; kernel = null; }).out - else - (nvidiaForKernel config.boot.kernelPackages).lib32; + nvidia_x11 = let + drivers = config.services.xserver.videoDrivers; + isDeprecated = str: (hasPrefix "nvidia" str) && (str != "nvidia"); + hasDeprecated = drivers: any isDeprecated drivers; + in if (hasDeprecated drivers) then + throw '' + Selecting an nvidia driver has been modified for NixOS 19.03. The version is now set using `hardware.nvidia.package`. + '' + else if (elem "nvidia" drivers) then cfg.package else null; enabled = nvidia_x11 != null; - cfg = config.hardware.nvidia; pCfg = cfg.prime; @@ -170,6 +151,16 @@ in GPUs stay awake even during headless mode. ''; }; + + hardware.nvidia.package = lib.mkOption { + type = lib.types.package; + default = config.boot.kernelPackages.nvidiaPackages.stable; + defaultText = "config.boot.kernelPackages.nvidiaPackages.stable"; + description = '' + The NVIDIA X11 derivation to use. + ''; + example = "config.boot.kernelPackages.nvidiaPackages.legacy340"; + }; }; config = let @@ -271,9 +262,9 @@ in }; hardware.opengl.package = mkIf (!offloadCfg.enable) nvidia_x11.out; - hardware.opengl.package32 = mkIf (!offloadCfg.enable) nvidia_libs32; + hardware.opengl.package32 = mkIf (!offloadCfg.enable) nvidia_x11.lib32; hardware.opengl.extraPackages = optional offloadCfg.enable nvidia_x11.out; - hardware.opengl.extraPackages32 = optional offloadCfg.enable nvidia_libs32; + hardware.opengl.extraPackages32 = optional offloadCfg.enable nvidia_x11.lib32; environment.systemPackages = [ nvidia_x11.bin nvidia_x11.settings ] ++ optionals nvidiaPersistencedEnabled [ nvidia_x11.persistenced ]; diff --git a/nixos/modules/services/backup/restic.nix b/nixos/modules/services/backup/restic.nix index d869835bf07e..573f0efa9da4 100644 --- a/nixos/modules/services/backup/restic.nix +++ b/nixos/modules/services/backup/restic.nix @@ -243,9 +243,11 @@ in restartIfChanged = false; serviceConfig = { Type = "oneshot"; - ExecStart = [ "${resticCmd} backup ${concatStringsSep " " backup.extraBackupArgs} ${backupPaths}" ] ++ pruneCmd; + ExecStart = [ "${resticCmd} backup --cache-dir=%C/restic-backups-${name} ${concatStringsSep " " backup.extraBackupArgs} ${backupPaths}" ] ++ pruneCmd; User = backup.user; RuntimeDirectory = "restic-backups-${name}"; + CacheDirectory = "restic-backups-${name}"; + CacheDirectoryMode = "0700"; } // optionalAttrs (backup.s3CredentialsFile != null) { EnvironmentFile = backup.s3CredentialsFile; }; diff --git a/nixos/modules/services/x11/clight.nix b/nixos/modules/services/x11/clight.nix index 4daf6d8d9db7..873f425fb8be 100644 --- a/nixos/modules/services/x11/clight.nix +++ b/nixos/modules/services/x11/clight.nix @@ -11,14 +11,21 @@ let else if isBool v then boolToString v else if isString v then ''"${escape [''"''] v}"'' else if isList v then "[ " + concatMapStringsSep ", " toConf v + " ]" + else if isAttrs v then "\n{\n" + convertAttrs v + "\n}" else abort "clight.toConf: unexpected type (v = ${v})"; - clightConf = pkgs.writeText "clight.conf" - (concatStringsSep "\n" (mapAttrsToList - (name: value: "${toString name} = ${toConf value};") - (filterAttrs - (_: value: value != null) - cfg.settings))); + getSep = v: + if isAttrs v then ":" + else "="; + + convertAttrs = attrs: concatStringsSep "\n" (mapAttrsToList + (name: value: "${toString name} ${getSep value} ${toConf value};") + attrs); + + clightConf = pkgs.writeText "clight.conf" (convertAttrs + (filterAttrs + (_: value: value != null) + cfg.settings)); in { options.services.clight = { enable = mkOption { @@ -49,9 +56,10 @@ in { }; settings = let - validConfigTypes = with types; either int (either str (either bool float)); + validConfigTypes = with types; oneOf [ int str bool float ]; + collectionTypes = with types; oneOf [ validConfigTypes (listOf validConfigTypes) ]; in mkOption { - type = with types; attrsOf (nullOr (either validConfigTypes (listOf validConfigTypes))); + type = with types; attrsOf (nullOr (either collectionTypes (attrsOf collectionTypes))); default = {}; example = { captures = 20; gamma_long_transition = true; ac_capture_timeouts = [ 120 300 60 ]; }; description = '' @@ -69,10 +77,10 @@ in { services.upower.enable = true; services.clight.settings = { - gamma_temp = with cfg.temperature; mkDefault [ day night ]; + gamma.temp = with cfg.temperature; mkDefault [ day night ]; } // (optionalAttrs (config.location.provider == "manual") { - latitude = mkDefault config.location.latitude; - longitude = mkDefault config.location.longitude; + daytime.latitude = mkDefault config.location.latitude; + daytime.longitude = mkDefault config.location.longitude; }); services.geoclue2.appConfig.clightc = { diff --git a/nixos/modules/system/boot/kernel.nix b/nixos/modules/system/boot/kernel.nix index ed7226331d70..9287852bacfd 100644 --- a/nixos/modules/system/boot/kernel.nix +++ b/nixos/modules/system/boot/kernel.nix @@ -37,12 +37,10 @@ in boot.kernelPackages = mkOption { default = pkgs.linuxPackages; type = types.unspecified // { merge = mergeEqualOption; }; - apply = kernelPackages: kernelPackages.extend (self: super: { - kernel = super.kernel.override { - inherit randstructSeed; - kernelPatches = super.kernel.kernelPatches ++ kernelPatches; - features = lib.recursiveUpdate super.kernel.features features; - }; + apply = kernelPackages: pkgs.linuxPackagesFor (kernelPackages.kernel.override { + inherit randstructSeed; + kernelPatches = kernelPackages.kernel.kernelPatches ++ kernelPatches; + features = lib.recursiveUpdate kernelPackages.kernel.features features; }); # We don't want to evaluate all of linuxPackages for the manual # - some of it might not even evaluate correctly. diff --git a/nixos/modules/tasks/filesystems.nix b/nixos/modules/tasks/filesystems.nix index a055072f9c96..a9b5b134d889 100644 --- a/nixos/modules/tasks/filesystems.nix +++ b/nixos/modules/tasks/filesystems.nix @@ -7,8 +7,9 @@ let addCheckDesc = desc: elemType: check: types.addCheck elemType check // { description = "${elemType.description} (with check: ${desc})"; }; - nonEmptyStr = addCheckDesc "non-empty" types.str - (x: x != "" && ! (all (c: c == " " || c == "\t") (stringToCharacters x))); + + isNonEmpty = s: (builtins.match "[ \t\n]*" s) == null; + nonEmptyStr = addCheckDesc "non-empty" types.str isNonEmpty; fileSystems' = toposort fsBefore (attrValues config.fileSystems); @@ -28,10 +29,10 @@ let coreFileSystemOpts = { name, config, ... }: { options = { - mountPoint = mkOption { example = "/mnt/usb"; - type = nonEmptyStr; + type = addCheckDesc "non-empty without trailing slash" types.str + (s: isNonEmpty s && (builtins.match ".+/" s) == null); description = "Location of the mounted the file system."; }; diff --git a/pkgs/applications/blockchains/bitcoin-classic.nix b/pkgs/applications/blockchains/bitcoin-classic.nix index 796c48a7c58a..bd1c9611d561 100644 --- a/pkgs/applications/blockchains/bitcoin-classic.nix +++ b/pkgs/applications/blockchains/bitcoin-classic.nix @@ -7,13 +7,13 @@ with lib; stdenv.mkDerivation rec { name = "bitcoin" + (toString (optional (!withGui) "d")) + "-classic-" + version; - version = "1.3.8"; + version = "1.3.8uahf"; src = fetchFromGitHub { owner = "bitcoinclassic"; repo = "bitcoinclassic"; rev = "v${version}"; - sha256 = "06ij9v7zbdnhxq9429nnxiw655cp8idldj18l7fmj94gqx07n5vh"; + sha256 = "sha256-V1cOB5FLotGS5jup/aVaiDiyr/v2KJ2SLcIu/Hrjuwk="; }; nativeBuildInputs = [ pkg-config autoreconfHook ]; diff --git a/pkgs/applications/graphics/dia/CVE-2019-19451.patch b/pkgs/applications/graphics/dia/CVE-2019-19451.patch new file mode 100644 index 000000000000..28d6598330a3 --- /dev/null +++ b/pkgs/applications/graphics/dia/CVE-2019-19451.patch @@ -0,0 +1,11 @@ +diff -ru a/app/app_procs.c b/app/app_procs.c +--- a/app/app_procs.c 2021-01-30 11:09:52.000000000 -0500 ++++ b/app/app_procs.c 2021-01-30 11:11:05.000000000 -0500 +@@ -785,6 +785,7 @@ + + if (!filename) { + g_print (_("Filename conversion failed: %s\n"), filenames[i]); ++ ++i; + continue; + } + diff --git a/pkgs/applications/graphics/dia/default.nix b/pkgs/applications/graphics/dia/default.nix index 6fe8aed8f674..d9de3eb7fc12 100644 --- a/pkgs/applications/graphics/dia/default.nix +++ b/pkgs/applications/graphics/dia/default.nix @@ -13,6 +13,10 @@ stdenv.mkDerivation { sha256 = "1fyxfrzdcs6blxhkw3bcgkksaf3byrsj4cbyrqgb4869k3ynap96"; }; + patches = [ + ./CVE-2019-19451.patch + ]; + buildInputs = [ gtk2 libxml2 gettext python libxml2Python docbook5 libxslt docbook_xsl libart_lgpl ] diff --git a/pkgs/applications/version-management/git-and-tools/git-big-picture/default.nix b/pkgs/applications/version-management/git-and-tools/git-big-picture/default.nix index 5f84d4235734..35aada8b870f 100644 --- a/pkgs/applications/version-management/git-and-tools/git-big-picture/default.nix +++ b/pkgs/applications/version-management/git-and-tools/git-big-picture/default.nix @@ -1,27 +1,20 @@ -{ fetchFromGitHub, python3Packages, lib, git, graphviz }: +{ python3Packages, lib, git, graphviz }: python3Packages.buildPythonApplication rec { pname = "git-big-picture"; - version = "1.0.0"; + version = "1.1.1"; + format = "wheel"; - src = fetchFromGitHub { - owner = "git-big-picture"; - repo = pname; - rev = "v${version}"; - sha256 = "14yf71iwgk78nw8w0bpijsnnl4vg3bvxsw3vvypxmbrc1nh0bdha"; + src = python3Packages.fetchPypi { + inherit format version; + pname = "git_big_picture"; # underscores needed for working download URL + python = "py3"; # i.e. no Python 2.7 + sha256 = "a20a480057ced1585c4c38497d27a5012f12dd29697313f0bb8fa6ddbb5c17d8"; }; - buildInputs = [ git graphviz ]; - - # NOTE: Tests are disabled due to unpackaged test dependency "Scruf". - # When bumping to 1.1.0, please re-enable and use: - #checkInputs = [ cram git pytest ]; - #checkPhase = "pytest test.py"; - doCheck = false; - postFixup = '' wrapProgram $out/bin/git-big-picture \ - --prefix PATH ":" ${ lib.makeBinPath buildInputs } + --prefix PATH ":" ${ lib.makeBinPath [ git graphviz ] } ''; meta = { diff --git a/pkgs/data/misc/osinfo-db/default.nix b/pkgs/data/misc/osinfo-db/default.nix index 36fc664a83bb..70224aaa8363 100644 --- a/pkgs/data/misc/osinfo-db/default.nix +++ b/pkgs/data/misc/osinfo-db/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "osinfo-db"; - version = "20201119"; + version = "20201218"; src = fetchurl { url = "https://releases.pagure.org/libosinfo/${pname}-${version}.tar.xz"; - sha256 = "1a0c42rh3anl3wy4hpg36s8k37y8zxpi5lc67wjwnj4j6mwi7w3l"; + sha256 = "sha256-APKuXWtnpF1r/q2MXddaDeBnBigx4hwMevPwx5uNq3k="; }; nativeBuildInputs = [ osinfo-db-tools gettext libxml2 ]; diff --git a/pkgs/development/compilers/swift/default.nix b/pkgs/development/compilers/swift/default.nix index 26e9f2b87e1a..530115602673 100644 --- a/pkgs/development/compilers/swift/default.nix +++ b/pkgs/development/compilers/swift/default.nix @@ -331,6 +331,9 @@ stdenv.mkDerivation { # Swift doesn't support 32bit Linux, unknown on other platforms. platforms = platforms.linux; badPlatforms = platforms.i686; - broken = stdenv.isAarch64; # 2018-09-04, never built on Hydra + broken = true; # 2021-01-29 + knownVulnerabilities = [ + "CVE-2020-9861" + ]; }; } diff --git a/pkgs/development/libraries/hspell/default.nix b/pkgs/development/libraries/hspell/default.nix index 67e593d27f4f..2a65afad809a 100644 --- a/pkgs/development/libraries/hspell/default.nix +++ b/pkgs/development/libraries/hspell/default.nix @@ -16,15 +16,15 @@ stdenv.mkDerivation rec { }; patchPhase = "patchShebangs ."; - preBuild = stdenv.lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) '' + preBuild = lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) '' make CC=${buildPackages.stdenv.cc}/bin/cc find_sizes mv find_sizes find_sizes_build make clean substituteInPlace Makefile --replace "./find_sizes" "./find_sizes_build" - substituteInPlace Makefile --replace "ar cr" "${stdenv.lib.getBin stdenv.cc.bintools.bintools}/bin/${stdenv.cc.targetPrefix}ar cr" - substituteInPlace Makefile --replace "ranlib" "${stdenv.lib.getBin stdenv.cc.bintools.bintools}/bin/${stdenv.cc.targetPrefix}ranlib" - substituteInPlace Makefile --replace "STRIP=strip" "STRIP=${stdenv.lib.getBin stdenv.cc.bintools.bintools}/bin/${stdenv.cc.targetPrefix}strip" + substituteInPlace Makefile --replace "ar cr" "${lib.getBin stdenv.cc.bintools.bintools}/bin/${stdenv.cc.targetPrefix}ar cr" + substituteInPlace Makefile --replace "ranlib" "${lib.getBin stdenv.cc.bintools.bintools}/bin/${stdenv.cc.targetPrefix}ranlib" + substituteInPlace Makefile --replace "STRIP=strip" "STRIP=${lib.getBin stdenv.cc.bintools.bintools}/bin/${stdenv.cc.targetPrefix}strip" ''; nativeBuildInputs = [ perl zlib ]; # buildInputs = [ zlib ]; diff --git a/pkgs/development/libraries/libjpeg/default.nix b/pkgs/development/libraries/libjpeg/default.nix index f462d9824a42..65482e8e9c60 100644 --- a/pkgs/development/libraries/libjpeg/default.nix +++ b/pkgs/development/libraries/libjpeg/default.nix @@ -7,7 +7,7 @@ stdenv.mkDerivation { src = fetchurl { url = "http://www.ijg.org/files/jpegsrc.v9d.tar.gz"; - sha256 = "0clwys9lcqlxqgcw8s1gwfm5ix2zjlqpklmd3mbvqmj5ibj51jwr"; + sha256 = "1vkip9rz4hz8f31a2kl7wl7f772wg1z0fg1fbd1653wzwlxllhvc"; }; configureFlags = optional static "--enable-static --disable-shared"; diff --git a/pkgs/development/libraries/mbedtls/default.nix b/pkgs/development/libraries/mbedtls/default.nix index e3e0d2ecd78d..38a9b78b6d10 100644 --- a/pkgs/development/libraries/mbedtls/default.nix +++ b/pkgs/development/libraries/mbedtls/default.nix @@ -11,14 +11,13 @@ stdenv.mkDerivation rec { pname = "mbedtls"; - name = "mbedtls-${version}"; - version = "2.16.3"; # nixpkgs-update: no auto update + version = "2.16.9"; # nixpkgs-update: no auto update src = fetchFromGitHub { owner = "ARMmbed"; repo = "mbedtls"; rev = "${pname}-${version}"; - sha256 = "1mzh92yyz93099a1gb2wvwc76jv12d1k1wg9k3dimbgczxgrkirc"; + sha256 = "0mz7n373b8d287crwi6kq2hb8ryyi228j38h25744lqai23qj5cf"; }; nativeBuildInputs = [ cmake ninja perl python ]; diff --git a/pkgs/development/libraries/unixODBCDrivers/default.nix b/pkgs/development/libraries/unixODBCDrivers/default.nix index edbe51998c3e..faf74bcab477 100644 --- a/pkgs/development/libraries/unixODBCDrivers/default.nix +++ b/pkgs/development/libraries/unixODBCDrivers/default.nix @@ -137,12 +137,12 @@ version = "${versionMajor}.${versionMinor}.${versionAdditional}-1"; versionMajor = "17"; - versionMinor = "5"; + versionMinor = "7"; versionAdditional = "1.1"; src = fetchurl { - url = "https://packages.microsoft.com/debian/9/prod/pool/main/m/msodbcsql17/msodbcsql${versionMajor}_${version}_amd64.deb"; - sha256 = "0ysrl01z5ca72qw8n8kwwcl432cgiyw4pibfwg5nifx0kd7i7z4z"; + url = "https://packages.microsoft.com/debian/10/prod/pool/main/m/msodbcsql17/msodbcsql${versionMajor}_${version}_amd64.deb"; + sha256 = "0vwirnp56jibm3qf0kmi4jnz1w7xfhnsfr8imr0c9hg6av4sk3a6"; }; nativeBuildInputs = [ dpkg patchelf ]; diff --git a/pkgs/development/ocaml-modules/progress/default.nix b/pkgs/development/ocaml-modules/progress/default.nix new file mode 100644 index 000000000000..a3c0a5add3d2 --- /dev/null +++ b/pkgs/development/ocaml-modules/progress/default.nix @@ -0,0 +1,28 @@ +{ lib, buildDunePackage, fetchurl +, mtime, terminal_size, alcotest, astring, fmt +}: + +buildDunePackage rec { + pname = "progress"; + version = "0.1.1"; + + minimumOCamlVersion = "4.08"; + useDune2 = true; + + src = fetchurl { + url = "https://github.com/CraigFe/progress/releases/download/${version}/progress-${version}.tbz"; + sha256 = "90c6bec19d014a4c6b0b67006f08bdfcf36981d2176769bebe0ccd75d6785a32"; + }; + + propagatedBuildInputs = [ mtime terminal_size ]; + + doCheck = true; + checkInputs = [ alcotest astring fmt ]; + + meta = with lib; { + description = "Progress bar library for OCaml"; + homepage = "https://github.com/CraigFe/progress"; + license = licenses.mit; + maintainers = [ maintainers.sternenseemann ]; + }; +} diff --git a/pkgs/development/python-modules/google-cloud-vision/default.nix b/pkgs/development/python-modules/google-cloud-vision/default.nix index 12f63bd0e1c4..b69229123809 100644 --- a/pkgs/development/python-modules/google-cloud-vision/default.nix +++ b/pkgs/development/python-modules/google-cloud-vision/default.nix @@ -11,11 +11,11 @@ buildPythonPackage rec { pname = "google-cloud-vision"; - version = "2.0.0"; + version = "2.1.0"; src = fetchPypi { inherit pname version; - sha256 = "0qbwhapmn5ia853c4nfnz1qiksngvr8j0xxjasrykwhxcsd7s1ka"; + sha256 = "2bae8b4aca9aa38ad7459102cc5743c506adf9060ad2b3b15cff1e8021085017"; }; propagatedBuildInputs = [ libcst google-api-core proto-plus]; diff --git a/pkgs/development/python-modules/icecream/default.nix b/pkgs/development/python-modules/icecream/default.nix index eba5a70577f7..b75d0d5d4325 100644 --- a/pkgs/development/python-modules/icecream/default.nix +++ b/pkgs/development/python-modules/icecream/default.nix @@ -4,11 +4,11 @@ buildPythonPackage rec { pname = "icecream"; - version = "2.0.0"; + version = "2.1.0"; src = fetchPypi { inherit pname version; - sha256 = "16kpixl43nrn093cvkmxiq2dzd9xc73zwzkmwp0rs7x01nji8k |