diff options
-rw-r--r-- | nixos/modules/services/networking/mosquitto.nix | 10 | ||||
-rw-r--r-- | pkgs/applications/editors/jetbrains/default.nix | 36 | ||||
-rw-r--r-- | pkgs/applications/networking/browsers/ephemeral/default.nix | 4 | ||||
-rw-r--r-- | pkgs/applications/networking/browsers/google-chrome/default.nix | 4 | ||||
-rw-r--r-- | pkgs/applications/networking/datovka/default.nix | 4 | ||||
-rw-r--r-- | pkgs/applications/networking/mailreaders/neomutt/default.nix | 4 | ||||
-rw-r--r-- | pkgs/applications/science/logic/z3/default.nix | 2 | ||||
-rw-r--r-- | pkgs/desktops/enlightenment/evisum/default.nix | 4 | ||||
-rw-r--r-- | pkgs/development/libraries/cimg/default.nix | 4 | ||||
-rw-r--r-- | pkgs/development/tools/ammonite/default.nix | 8 | ||||
-rw-r--r-- | pkgs/os-specific/linux/autofs/default.nix | 7 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 2 | ||||
-rw-r--r-- | pkgs/servers/http/nginx/mainline.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/typesetting/tex/nix/run-latex.sh | 25 |
14 files changed, 65 insertions, 53 deletions
diff --git a/nixos/modules/services/networking/mosquitto.nix b/nixos/modules/services/networking/mosquitto.nix index 4a85b3956dae..10b49d9b2206 100644 --- a/nixos/modules/services/networking/mosquitto.nix +++ b/nixos/modules/services/networking/mosquitto.nix @@ -232,6 +232,16 @@ in Restart = "on-failure"; ExecStart = "${pkgs.mosquitto}/bin/mosquitto -c ${mosquittoConf}"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + + ProtectSystem = "strict"; + ProtectHome = true; + PrivateDevices = true; + PrivateTmp = true; + ReadWritePaths = "${cfg.dataDir}"; + ProtectControlGroups = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + NoNewPrivileges = true; }; preStart = '' rm -f ${cfg.dataDir}/passwd diff --git a/pkgs/applications/editors/jetbrains/default.nix b/pkgs/applications/editors/jetbrains/default.nix index 9fbab346907d..80528617d64d 100644 --- a/pkgs/applications/editors/jetbrains/default.nix +++ b/pkgs/applications/editors/jetbrains/default.nix @@ -268,12 +268,12 @@ in clion = buildClion rec { name = "clion-${version}"; - version = "2020.2.4"; /* updated by script */ + version = "2020.2.5"; /* updated by script */ description = "C/C++ IDE. New. Intelligent. Cross-platform"; license = stdenv.lib.licenses.unfree; src = fetchurl { url = "https://download.jetbrains.com/cpp/CLion-${version}.tar.gz"; - sha256 = "0xkra8l3ga8qsmzbvfisn99lxm5wxa8c4d4jzljjwn8855bs20a3"; /* updated by script */ + sha256 = "0j7gxh8wqshn2i1f22bl9099sx8a4092qwkp4fwny4649rbkfyrz"; /* updated by script */ }; wmClass = "jetbrains-clion"; update-channel = "CLion RELEASE"; # channel's id as in http://www.jetbrains.com/updates/updates.xml @@ -281,12 +281,12 @@ in datagrip = buildDataGrip rec { name = "datagrip-${version}"; - version = "2020.2.3"; /* updated by script */ + version = "2020.3"; /* updated by script */ description = "Your Swiss Army Knife for Databases and SQL"; license = stdenv.lib.licenses.unfree; src = fetchurl { url = "https://download.jetbrains.com/datagrip/${name}.tar.gz"; - sha256 = "0iv1zmdpbqk8f4cjd6dhgj9mrvxli4dg83jzkhv566sy8wrrx7kb"; /* updated by script */ + sha256 = "1j0mlsiqh80mspi2x9mi0h5hxhg5gw6395hyl9w33q8dxm95mx2d"; /* updated by script */ }; wmClass = "jetbrains-datagrip"; update-channel = "DataGrip RELEASE"; @@ -307,12 +307,12 @@ in idea-community = buildIdea rec { name = "idea-community-${version}"; - version = "2020.2.3"; /* updated by script */ + version = "2020.2.4"; /* updated by script */ description = "Integrated Development Environment (IDE) by Jetbrains, community edition"; license = stdenv.lib.licenses.asl20; src = fetchurl { url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; - sha256 = "092swkz7l1p3asrna6fxj6j324sh7pdbgzrlapdwka8kq9y40ajz"; /* updated by script */ + sha256 = "1rlw01aq6ci46xv4d4877k30309jjws29kwhriy98xf804msyzyb"; /* updated by script */ }; wmClass = "jetbrains-idea-ce"; update-channel = "IntelliJ IDEA RELEASE"; @@ -320,12 +320,12 @@ in idea-ultimate = buildIdea rec { name = "idea-ultimate-${version}"; - version = "2020.2.3"; /* updated by script */ + version = "2020.2.4"; /* updated by script */ description = "Integrated Development Environment (IDE) by Jetbrains, requires paid license"; license = stdenv.lib.licenses.unfree; src = fetchurl { url = "https://download.jetbrains.com/idea/ideaIU-${version}-no-jbr.tar.gz"; - sha256 = "1416ikna169d2hx77yd0bb8hpxkpnf27jgyq5yrgla1w6h1fp1p0"; /* updated by script */ + sha256 = "05qr8jiasqxmkgi9v52g7hgpdf7pkkjcp42bbkh1f4zgvq81p5py"; /* updated by script */ }; wmClass = "jetbrains-idea"; update-channel = "IntelliJ IDEA RELEASE"; @@ -346,12 +346,12 @@ in phpstorm = buildPhpStorm rec { name = "phpstorm-${version}"; - version = "2020.2.3"; /* updated by script */ + version = "2020.2.4"; /* updated by script */ description = "Professional IDE for Web and PHP developers"; license = stdenv.lib.licenses.unfree; src = fetchurl { url = "https://download.jetbrains.com/webide/PhpStorm-${version}.tar.gz"; - sha256 = "0bdxmxml6337cdpb2amhdqlvxicng50cgzlnmiw0wqnmwj5ihpih"; /* updated by script */ + sha256 = "111dr1a6695msh13cd484yk671jnh2ps6q1k2dl0kmryk9dqnvhd"; /* updated by script */ }; wmClass = "jetbrains-phpstorm"; update-channel = "PhpStorm RELEASE"; @@ -359,12 +359,12 @@ in pycharm-community = buildPycharm rec { name = "pycharm-community-${version}"; - version = "2020.2.3"; /* updated by script */ + version = "2020.2.4"; /* updated by script */ description = "PyCharm Community Edition"; license = stdenv.lib.licenses.asl20; src = fetchurl { url = "https://download.jetbrains.com/python/${name}.tar.gz"; - sha256 = "0wqhcag32fxqxg6aml2a3d0rpds0d48rgbcl7cp0ah8xj6x72047"; /* updated by script */ + sha256 = "196hhb4n52a50w50awx01ksyl5dkrbdmnz8sb9di5ihni7043p97"; /* updated by script */ }; wmClass = "jetbrains-pycharm-ce"; update-channel = "PyCharm RELEASE"; @@ -372,12 +372,12 @@ in pycharm-professional = buildPycharm rec { name = "pycharm-professional-${version}"; - version = "2020.2.3"; /* updated by script */ + version = "2020.2.4"; /* updated by script */ description = "PyCharm Professional Edition"; license = stdenv.lib.licenses.unfree; src = fetchurl { url = "https://download.jetbrains.com/python/${name}.tar.gz"; - sha256 = "0g7bki4bzi3a1w3rlwik2w0ma10xb4g450qxm4fr4fp8dy2xaysc"; /* updated by script */ + sha256 = "0dwd9gvi8n3igza95pil3mf7azxn131830rvfzdvnvrzj9yb2q8l"; /* updated by script */ }; wmClass = "jetbrains-pycharm"; update-channel = "PyCharm RELEASE"; @@ -398,12 +398,12 @@ in ruby-mine = buildRubyMine rec { name = "ruby-mine-${version}"; - version = "2020.2.3"; /* updated by script */ + version = "2020.2.4"; /* updated by script */ description = "The Most Intelligent Ruby and Rails IDE"; license = stdenv.lib.licenses.unfree; src = fetchurl { url = "https://download.jetbrains.com/ruby/RubyMine-${version}.tar.gz"; - sha256 = "03f1z7xhz90j9l8xp3il115yvb15kda0i6ba5ndhby7nf52vnphk"; /* updated by script */ + sha256 = "0bpkl8phc16yjm7qjfbg42rm7sbfwbrjva7w0qiwiw9ibwvs90id"; /* updated by script */ }; wmClass = "jetbrains-rubymine"; update-channel = "RubyMine RELEASE"; @@ -411,12 +411,12 @@ in webstorm = buildWebStorm rec { name = "webstorm-${version}"; - version = "2020.2.3"; /* updated by script */ + version = "2020.2.4"; /* updated by script */ description = "Professional IDE for Web and JavaScript development"; license = stdenv.lib.licenses.unfree; src = fetchurl { url = "https://download.jetbrains.com/webstorm/WebStorm-${version}.tar.gz"; - sha256 = "1c60k38ai63s4779fs55vaiswfc6bi7ki6p96hrmmkrnpzgsipg5"; /* updated by script */ + sha256 = "0l97nk9psb8g0sxm148fcz0x2v9mwqblffigrz2rmac3gd275s7f"; /* updated by script */ }; wmClass = "jetbrains-webstorm"; update-channel = "WebStorm RELEASE"; diff --git a/pkgs/applications/networking/browsers/ephemeral/default.nix b/pkgs/applications/networking/browsers/ephemeral/default.nix index 550076787788..6d8aa3649a90 100644 --- a/pkgs/applications/networking/browsers/ephemeral/default.nix +++ b/pkgs/applications/networking/browsers/ephemeral/default.nix @@ -20,13 +20,13 @@ stdenv.mkDerivation rec { pname = "ephemeral"; - version = "6.4.1"; + version = "7.0.4"; src = fetchFromGitHub { owner = "cassidyjames"; repo = "ephemeral"; rev = version; - sha256 = "1lzcwaczh601kwbx7fzg32nrzlg67asby7p86qy10qz86xf4g608"; + sha256 = "18chvfdmka21zvjgqfpinm3nrj0ba09szxhhm39anpvpbj92ra8j"; }; nativeBuildInputs = [ diff --git a/pkgs/applications/networking/browsers/google-chrome/default.nix b/pkgs/applications/networking/browsers/google-chrome/default.nix index f2e10f323305..543d59255472 100644 --- a/pkgs/applications/networking/browsers/google-chrome/default.nix +++ b/pkgs/applications/networking/browsers/google-chrome/default.nix @@ -150,10 +150,10 @@ in stdenv.mkDerivation { description = "A freeware web browser developed by Google"; homepage = "https://www.google.com/chrome/browser/"; license = licenses.unfree; - maintainers = with maintainers; [ primeos msteen ]; + maintainers = with maintainers; [ primeos ]; # Note from primeos: By updating Chromium I also update Google Chrome and # will try to merge PRs and respond to issues but I'm not actually using - # Google Chrome. msteen is the actual user/maintainer. + # Google Chrome. platforms = [ "x86_64-linux" ]; }; } diff --git a/pkgs/applications/networking/datovka/default.nix b/pkgs/applications/networking/datovka/default.nix index 2e598b1a7639..22bf982ec4cc 100644 --- a/pkgs/applications/networking/datovka/default.nix +++ b/pkgs/applications/networking/datovka/default.nix @@ -11,11 +11,11 @@ mkDerivation rec { pname = "datovka"; - version = "4.15.5"; + version = "4.15.6"; src = fetchurl { url = "https://secure.nic.cz/files/datove_schranky/${version}/${pname}-${version}.tar.xz"; - sha256 = "1mnw1m3wjkw8rfh6fwwrhfmkna6j19pza9cs7kyp8qj1fzzqi8my"; + sha256 = "1qs1yd9qqsf56jm9w6sffkqb2l8s3i9qgi2q8vd59ss19ym6yky2"; }; buildInputs = [ libisds qmake qtbase qtsvg libxml2 ]; diff --git a/pkgs/applications/networking/mailreaders/neomutt/default.nix b/pkgs/applications/networking/mailreaders/neomutt/default.nix index c068357a0f65..cf78da9a5048 100644 --- a/pkgs/applications/networking/mailreaders/neomutt/default.nix +++ b/pkgs/applications/networking/mailreaders/neomutt/default.nix @@ -6,14 +6,14 @@ }: stdenv.mkDerivation rec { - version = "20201120"; + version = "20201127"; pname = "neomutt"; src = fetchFromGitHub { owner = "neomutt"; repo = "neomutt"; rev = version; - sha256 = "0z6xavgd0zv9pqvfsdyvhhi1q3y7zxhgg24isbnn9r6mldafqwna"; + sha256 = "sha256-BkDGKZmpwahDw1vD67CyWfxD93H83kcpv5JBGVL5F/o="; }; buildInputs = [ diff --git a/pkgs/applications/science/logic/z3/default.nix b/pkgs/applications/science/logic/z3/default.nix index dd71cf2cb1a8..48512eff5300 100644 --- a/pkgs/applications/science/logic/z3/default.nix +++ b/pkgs/applications/science/logic/z3/default.nix @@ -60,7 +60,7 @@ stdenv.mkDerivation rec { description = "A high-performance theorem prover and SMT solver"; homepage = "https://github.com/Z3Prover/z3"; license = stdenv.lib.licenses.mit; - platforms = stdenv.lib.platforms.x86_64; + platforms = stdenv.lib.platforms.unix; maintainers = with stdenv.lib.maintainers; [ thoughtpolice ttuegel ]; }; } diff --git a/pkgs/desktops/enlightenment/evisum/default.nix b/pkgs/desktops/enlightenment/evisum/default.nix index fef15ce79fe5..f89ff2cee305 100644 --- a/pkgs/desktops/enlightenment/evisum/default.nix +++ b/pkgs/desktops/enlightenment/evisum/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "evisum"; - version = "0.5.7"; + version = "0.5.8"; src = fetchurl { url = "https://download.enlightenment.org/rel/apps/${pname}/${pname}-${version}.tar.xz"; - sha256 = "0pm63n3rls8vkjv3awq0f3zlqk33ddql3g0rl2bc46n48g2mcmbd"; + sha256 = "0cg4vqd069h89k3wrvl550p29y3yzbdnvii58gwc8rghwym621jx"; }; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/cimg/default.nix b/pkgs/development/libraries/cimg/default.nix index 400326f6fcaf..61d3996a4f5b 100644 --- a/pkgs/development/libraries/cimg/default.nix +++ b/pkgs/development/libraries/cimg/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "cimg"; - version = "2.9.3"; + version = "2.9.4"; src = fetchFromGitHub { owner = "dtschump"; repo = "CImg"; rev = "v.${version}"; - sha256 = "1pkjbwpi0047lbc55cva99rj6p70gbw09l14vrym0igwipnxxx0z"; + sha256 = "1sb0z5ryh34y80ghlr2agsl64gayjmxpl96l9fjaylf5k2m3fg2b"; }; installPhase = '' diff --git a/pkgs/development/tools/ammonite/default.nix b/pkgs/development/tools/ammonite/default.nix index c3a578f18b8c..20b26437e75f 100644 --- a/pkgs/development/tools/ammonite/default.nix +++ b/pkgs/development/tools/ammonite/default.nix @@ -9,7 +9,7 @@ let common = { scalaVersion, sha256 }: stdenv.mkDerivation rec { pname = "ammonite"; - version = "2.2.0"; + version = "2.3.8"; src = fetchurl { url = @@ -23,7 +23,7 @@ let install -Dm755 $src $out/bin/amm sed -i '0,/java/{s|java|${jre}/bin/java|}' $out/bin/amm '' + optionalString (disableRemoteLogging) '' - sed -i '0,/ammonite.Main/{s|ammonite.Main|ammonite.Main --no-remote-logging|}' $out/bin/amm + sed -i "0,/ammonite.Main/{s|ammonite.Main'|ammonite.Main' --no-remote-logging|}" $out/bin/amm sed -i '1i #!/bin/sh' $out/bin/amm ''; @@ -75,10 +75,10 @@ let in { ammonite_2_12 = common { scalaVersion = "2.12"; - sha256 = "9xe4GT5YpVCtDPaZvi9PZwFW/wcNhg+QCdbJ4Tl2lFk="; + sha256 = "1kzk0437h2wd9jhwkvjkiaj6mscz4bh85iv266x9zz4zssb355hs"; }; ammonite_2_13 = common { scalaVersion = "2.13"; - sha256 = "KRwh2YOcHpXLA9BlBKzkc9oswdOQbcm3WVqgYaGyi4A="; + sha256 = "0js84m6yqjd7d77md38z6nk3qzlm1ms8brzczaw05zq2c90pdbz7"; }; } diff --git a/pkgs/os-specific/linux/autofs/default.nix b/pkgs/os-specific/linux/autofs/default.nix index baf3cc6ad55e..ab78c590017f 100644 --- a/pkgs/os-specific/linux/autofs/default.nix +++ b/pkgs/os-specific/linux/autofs/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, flex, bison, linuxHeaders, libtirpc, mount, umount, nfs-utils, e2fsprogs -, libxml2, kerberos, kmod, openldap, sssd, cyrus_sasl, openssl }: +, libxml2, kerberos, kmod, openldap, sssd, cyrus_sasl, openssl, rpcsvc-proto }: let version = "5.1.6"; @@ -28,13 +28,16 @@ in stdenv.mkDerivation { unset STRIP # Makefile.rules defines a usable STRIP only without the env var. ''; + # configure script is not finding the right path + NIX_CFLAGS_COMPILE = [ "-I${libtirpc.dev}/include/tirpc" ]; + installPhase = '' make install SUBDIRS="lib daemon modules man" # all but samples #make install SUBDIRS="samples" # impure! ''; buildInputs = [ linuxHeaders libtirpc libxml2 kerberos kmod openldap sssd - openssl cyrus_sasl ]; + openssl cyrus_sasl rpcsvc-proto ]; nativeBuildInputs = [ flex bison ]; diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 94558b890de1..47e49dbe01d7 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -775,6 +775,8 @@ let X86_CHECK_BIOS_CORRUPTION = yes; X86_MCE = yes; + RAS = yes; # Needed for EDAC support + # Our initrd init uses shebang scripts, so can't be modular. BINFMT_SCRIPT = yes; # For systemd-binfmt diff --git a/pkgs/servers/http/nginx/mainline.nix b/pkgs/servers/http/nginx/mainline.nix index 7b7de1a00f4a..edb87258d6b7 100644 --- a/pkgs/servers/http/nginx/mainline.nix +++ b/pkgs/servers/http/nginx/mainline.nix @@ -1,6 +1,6 @@ { callPackage, ... }@args: callPackage ./generic.nix args { - version = "1.19.4"; - sha256 = "03h0hhrbfy3asla9gki2cp97zjn7idxbp5lk9xi0snlh4xlm9pv1"; + version = "1.19.5"; + sha256 = "173rv8gacd9bakb0r9jmkr4pqgjw9mzpdh3f7x2d8ln4ssplc2jw"; } diff --git a/pkgs/tools/typesetting/tex/nix/run-latex.sh b/pkgs/tools/typesetting/tex/nix/run-latex.sh index 7a5767f9c063..3f8a16580ea5 100644 --- a/pkgs/tools/typesetting/tex/nix/run-latex.sh +++ b/pkgs/tools/typesetting/tex/nix/run-latex.sh @@ -41,7 +41,11 @@ showError() { exit 1 } +pass=0 + runLaTeX() { + ((pass=pass+1)) + echo "PASS $pass..." if ! $latex $latexFlags $rootName >$tmpFile 2>&1; then showError; fi runNeeded= if fgrep -q \ @@ -51,6 +55,7 @@ runLaTeX() { "$tmpFile"; then runNeeded=1 fi + echo } echo @@ -61,10 +66,7 @@ if test -n "$copySources"; then fi -echo "PASS 1..." runLaTeX -echo - for auxFile in $(find . -name "*.aux"); do # Run bibtex to process all bibliographies. There may be several @@ -89,11 +91,8 @@ for auxFile in $(find . -name "*.aux"); do fi done - if test "$runNeeded"; then - echo "PASS 2..." runLaTeX - echo fi @@ -105,20 +104,18 @@ if test -f $rootNameBase.idx; then makeindex $makeindexFlags $rootNameBase.idx runNeeded=1 echo -fi - +fi -if test "$runNeeded"; then - echo "PASS 3..." +# We check that pass is less than 2 to catch situations where the document is +# simple enough (no bibtex, etc.) so that it would otherwise require only one +# pass but also contains a ToC. +# In essence this check ensures that we do at least two passes on all documents. +if test "$runNeeded" = 1 -o "$pass" -lt 2 ; then runLaTeX - echo fi - if test "$runNeeded"; then - echo "PASS 4..." runLaTeX - echo fi |