From 816afcf9c04d52a979449e34f7d1c4179b3080a6 Mon Sep 17 00:00:00 2001 From: Jason Yundt Date: Thu, 3 Jul 2025 07:37:23 -0400 Subject: [PATCH 01/50] nixos/syncthing: get systemd units from cfg.package MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Before this change, the syncthing module used two potentially different packages for Syncthing. Sometimes, it would use cfg.package and sometimes it would use pkgs.syncthing. This change makes the syncthing module more consistent by making it always use cfg.package. The reference to pkgs.syncthing was added in 1026bebee61a1664605cf58136164e47478bc2f3. I looked through that commit message and the thread for the pull request that it came from [1], and I couldn’t find anything that explained why pkgs.syncthing was used over cfg.package. I’m guessing that using pkgs.syncthing over cfg.package was a mistake, but I’m not sure. [1]: --- nixos/modules/services/networking/syncthing.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/networking/syncthing.nix b/nixos/modules/services/networking/syncthing.nix index 70a96e4740d6..7beda8ba5e19 100644 --- a/nixos/modules/services/networking/syncthing.nix +++ b/nixos/modules/services/networking/syncthing.nix @@ -847,7 +847,7 @@ in ]; }; - systemd.packages = [ pkgs.syncthing ]; + systemd.packages = [ cfg.package ]; users.users = mkIf (cfg.systemService && cfg.user == defaultUser) { ${defaultUser} = { From de0be57ef745e7fb7fa67141e0a97f578f5c1cfe Mon Sep 17 00:00:00 2001 From: Jason Yundt Date: Thu, 3 Jul 2025 08:02:31 -0400 Subject: [PATCH 02/50] nixos/syncthing: install syncthing command and man page MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Before this change, setting services.syncthing.enable to true would enable Syncthing, but it wouldn’t add Syncthing’s man page to your system. This change ensures that the man page is available. I tested this change using this Nix expression: let nixpkgsRepo = /path/to/nixpkgs/repo; pkgs = import nixpkgsRepo { }; in pkgs.testers.runNixOSTest { name = "syncthing-man-page-test"; nodes.machine = { services.syncthing.enable = true; }; testScript = '' start_all() machine.succeed("man syncthing > log.txt") machine.copy_from_vm("log.txt", ".") ''; } --- nixos/modules/services/networking/syncthing.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/services/networking/syncthing.nix b/nixos/modules/services/networking/syncthing.nix index 7beda8ba5e19..81c415da6bfa 100644 --- a/nixos/modules/services/networking/syncthing.nix +++ b/nixos/modules/services/networking/syncthing.nix @@ -847,6 +847,7 @@ in ]; }; + environment.systemPackages = [ cfg.package ]; systemd.packages = [ cfg.package ]; users.users = mkIf (cfg.systemService && cfg.user == defaultUser) { From 1a5d1358b7b36f28a6f1dc939315d08a9c6fda1a Mon Sep 17 00:00:00 2001 From: Jared Baur Date: Tue, 13 Jun 2023 11:26:55 -0700 Subject: [PATCH 03/50] optee-client: init at 4.6.0 OP-TEE client provides libraries, headers, and a userspace supplicant for interacting with OP-TEE OS, a trusted execution environment for ARM. --- pkgs/by-name/op/optee-client/package.nix | 72 ++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 pkgs/by-name/op/optee-client/package.nix diff --git a/pkgs/by-name/op/optee-client/package.nix b/pkgs/by-name/op/optee-client/package.nix new file mode 100644 index 000000000000..dbe59890d452 --- /dev/null +++ b/pkgs/by-name/op/optee-client/package.nix @@ -0,0 +1,72 @@ +{ + fetchFromGitHub, + isNixOS ? true, + lib, + libuuid, + pkg-config, + stdenv, + which, +}: + +stdenv.mkDerivation (finalAttrs: { + pname = "optee-client"; + version = "4.6.0"; + + src = fetchFromGitHub { + owner = "OP-TEE"; + repo = "optee_client"; + rev = finalAttrs.version; + hash = "sha256-hHEIn0WU4XfqwZbOdg9kwSDxDcvK7Tvxtelamfc3IRM="; + }; + + outputs = [ + "out" + "lib" + "dev" + ]; + + strictDeps = true; + + enableParallelBuilding = true; + + nativeBuildInputs = [ + which + pkg-config + ]; + buildInputs = [ libuuid ]; + + makeFlags = + [ + "CROSS_COMPILE=${stdenv.cc.targetPrefix}" + "DESTDIR=$(out)" + "SBINDIR=/bin" + "INCLUDEDIR=/include" + "LIBDIR=/lib" + ] + ++ + # If we are building for NixOS, change default optee config to use paths + # that will work well with NixOS. + lib.optionals isNixOS [ + "CFG_TEE_CLIENT_LOAD_PATH=/run/current-system/sw/lib" + "CFG_TEE_PLUGIN_LOAD_PATH=/run/current-system/sw/lib/tee-supplicant/plugins" + "CFG_TEE_FS_PARENT_PATH=/var/lib/tee" + ]; + + preFixup = '' + mkdir -p "$lib" "$dev" + mv "$out/lib" "$lib" + mv "$out/include" "$dev" + ''; + + meta = { + description = "Normal world client for OPTEE OS"; + homepage = "https://github.com/OP-TEE/optee_client"; + changelog = "https://github.com/OP-TEE/optee_client/releases/tag/${finalAttrs.version}"; + license = lib.licenses.bsd2; + maintainers = [ lib.maintainers.jmbaur ]; + platforms = [ + "aarch64-linux" + "armv7l-linux" + ]; + }; +}) From 309fe7f571393c1a0cb352e76ca3815316999e15 Mon Sep 17 00:00:00 2001 From: Jared Baur Date: Tue, 13 Jun 2023 11:30:45 -0700 Subject: [PATCH 04/50] optee-os: init at 4.6.0 This change adds two builds of OP-TEE OS (qemu armv7 & qemu aarch64) as well as a function that can be used for building OP-TEE OS for any board. This follows the pattern similar to buildUBoot and buildArmTrustedFirmware. --- pkgs/misc/optee-os/default.nix | 127 ++++++++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 6 ++ 2 files changed, 133 insertions(+) create mode 100644 pkgs/misc/optee-os/default.nix diff --git a/pkgs/misc/optee-os/default.nix b/pkgs/misc/optee-os/default.nix new file mode 100644 index 000000000000..6b6d5ae692af --- /dev/null +++ b/pkgs/misc/optee-os/default.nix @@ -0,0 +1,127 @@ +{ + dtc, + fetchFromGitHub, + lib, + pkgsBuildBuild, + stdenv, +}: + +let + defaultVersion = "4.6.0"; + + defaultSrc = fetchFromGitHub { + owner = "OP-TEE"; + repo = "optee_os"; + rev = defaultVersion; + hash = "sha256-4z706DNfZE+CAPOa362CNSFhAN1KaNyKcI9C7+MRccs="; + }; + + buildOptee = lib.makeOverridable ( + { + version ? null, + src ? null, + platform, + extraMakeFlags ? [ ], + extraMeta ? { }, + ... + }@args: + + let + inherit (stdenv.hostPlatform) is32bit is64bit; + + taTarget = + { + "arm" = "ta_arm32"; + "arm64" = "ta_arm64"; + } + .${stdenv.hostPlatform.linuxArch}; + in + stdenv.mkDerivation ( + { + pname = "optee-os-${platform}"; + + version = if src == null then defaultVersion else version; + + src = if src == null then defaultSrc else src; + + postPatch = '' + patchShebangs $(find -type d -name scripts -printf '%p ') + ''; + + outputs = [ + "out" + "devkit" + ]; + + strictDeps = true; + + enableParallelBuilding = true; + + depsBuildBuild = [ pkgsBuildBuild.stdenv.cc ]; + + nativeBuildInputs = [ + dtc + (pkgsBuildBuild.python3.withPackages ( + p: with p; [ + pyelftools + cryptography + ] + )) + ]; + + makeFlags = + [ + "O=out" + "PLATFORM=${platform}" + "CFG_USER_TA_TARGETS=${taTarget}" + ] + ++ (lib.optionals (is32bit) [ + "CFG_ARM32_core=y" + "CROSS_COMPILE32=${stdenv.cc.targetPrefix}" + ]) + ++ (lib.optionals (is64bit) [ + "CFG_ARM64_core=y" + "CROSS_COMPILE64=${stdenv.cc.targetPrefix}" + ]) + ++ extraMakeFlags; + + installPhase = '' + runHook preInstall + + mkdir -p $out + cp out/core/{tee.elf,tee-pageable_v2.bin,tee.bin,tee-header_v2.bin,tee-pager_v2.bin,tee-raw.bin} $out + cp -r out/export-${taTarget} $devkit + + runHook postInstall + ''; + + meta = + with lib; + { + description = "A Trusted Execution Environment for ARM"; + homepage = "https://github.com/OP-TEE/optee_os"; + changelog = "https://github.com/OP-TEE/optee_os/blob/${defaultVersion}/CHANGELOG.md"; + license = licenses.bsd2; + maintainers = [ maintainers.jmbaur ]; + } + // extraMeta; + } + // removeAttrs args [ "extraMeta" ] + ) + ); +in +{ + inherit buildOptee; + + opteeQemuArm = buildOptee { + platform = "vexpress"; + extraMakeFlags = [ "PLATFORM_FLAVOR=qemu_virt" ]; + extraMeta.platforms = [ "armv7l-linux" ]; + }; + + opteeQemuAarch64 = buildOptee { + platform = "vexpress"; + extraMakeFlags = [ "PLATFORM_FLAVOR=qemu_armv8a" ]; + extraMeta.platforms = [ "aarch64-linux" ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 80a1ad392d14..81b03808bf68 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7441,6 +7441,12 @@ with pkgs; libiberty_static = libiberty.override { staticBuild = true; }; }; + inherit (callPackage ../misc/optee-os { }) + buildOptee + opteeQemuArm + opteeQemuAarch64 + ; + patchelf = callPackage ../development/tools/misc/patchelf { }; patchelfUnstable = lowPrio (callPackage ../development/tools/misc/patchelf/unstable.nix { }); From 9a0134309c49ea2ca315df9c6cedaaa317698c9c Mon Sep 17 00:00:00 2001 From: Jared Baur Date: Tue, 13 Jun 2023 11:36:13 -0700 Subject: [PATCH 05/50] arm-trusted-firmware: make buildArmTrustedFirmware result overridable This allows for overriding function arguments to buildArmTrustedFirmware. --- pkgs/misc/arm-trusted-firmware/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/misc/arm-trusted-firmware/default.nix b/pkgs/misc/arm-trusted-firmware/default.nix index 743e429c0051..b76b601046ba 100644 --- a/pkgs/misc/arm-trusted-firmware/default.nix +++ b/pkgs/misc/arm-trusted-firmware/default.nix @@ -18,7 +18,7 @@ }: let - buildArmTrustedFirmware = + buildArmTrustedFirmware = lib.makeOverridable ( { filesToInstall, installDir ? "$out", @@ -109,7 +109,8 @@ let // extraMeta; } // builtins.removeAttrs args [ "extraMeta" ] - ); + ) + ); in { From 516e9fae60f7d212aa52602279f74d5fd4d75d13 Mon Sep 17 00:00:00 2001 From: Jared Baur Date: Tue, 13 Jun 2023 11:37:30 -0700 Subject: [PATCH 06/50] arm-trusted-firmware: add openssl to nativeBuildInputs This allows for the `fiptool` make target for arm-trusted-firmware to be built. --- pkgs/misc/arm-trusted-firmware/default.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkgs/misc/arm-trusted-firmware/default.nix b/pkgs/misc/arm-trusted-firmware/default.nix index b76b601046ba..54553365a779 100644 --- a/pkgs/misc/arm-trusted-firmware/default.nix +++ b/pkgs/misc/arm-trusted-firmware/default.nix @@ -59,8 +59,11 @@ let depsBuildBuild = [ buildPackages.stdenv.cc ]; - # For Cortex-M0 firmware in RK3399 - nativeBuildInputs = [ pkgsCross.arm-embedded.stdenv.cc ]; + nativeBuildInputs = [ + pkgsCross.arm-embedded.stdenv.cc # For Cortex-M0 firmware in RK3399 + openssl # For fiptool + ]; + # Make the new toolchain guessing (from 2.11+) happy # https://github.com/ARM-software/arm-trusted-firmware/blob/4ec2948fe3f65dba2f19e691e702f7de2949179c/make_helpers/toolchains/rk3399-m0.mk#L21-L22 rk3399-m0-oc = "${pkgsCross.arm-embedded.stdenv.cc.targetPrefix}objcopy"; From b8937303cef45a9552be9eb3518038bb06c41128 Mon Sep 17 00:00:00 2001 From: Jared Baur Date: Tue, 13 Jun 2023 11:38:28 -0700 Subject: [PATCH 07/50] nixos/tee-supplicant: add tee-supplicant module The tee-supplicant is a program that interacts with OP-TEE OS and allows loading trusted applications at runtime (among other things). There is an `optee` test included that uses the pkcs11 trusted application (in upstream OP-TEE OS), loads it during system startup via tee-supplicant, and uses `pkcs11-tool` to list available token slots. --- .../manual/release-notes/rl-2505.section.md | 2 + nixos/modules/module-list.nix | 1 + .../services/misc/tee-supplicant/default.nix | 95 +++++++++++++++++++ nixos/tests/all-tests.nix | 1 + nixos/tests/optee.nix | 72 ++++++++++++++ 5 files changed, 171 insertions(+) create mode 100644 nixos/modules/services/misc/tee-supplicant/default.nix create mode 100644 nixos/tests/optee.nix diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md index 44e8e6b84364..694c8caadb2c 100644 --- a/nixos/doc/manual/release-notes/rl-2505.section.md +++ b/nixos/doc/manual/release-notes/rl-2505.section.md @@ -222,6 +222,8 @@ Alongside many enhancements to NixOS modules and general system improvements, th - [Limine](https://github.com/limine-bootloader/limine) a modern, advanced, portable, multiprotocol bootloader and boot manager. Available as [boot.loader.limine](#opt-boot.loader.limine.enable). +- [tee-supplicant](https://github.com/OP-TEE/optee_client), a userspace supplicant for OP-TEE OS. Available as [services.tee-supplicant](#opt-services.tee-supplicant.enable). + - [Orthanc](https://orthanc.uclouvain.be/) a lightweight, RESTful DICOM server for healthcare and medical research. Available as [services.orthanc](#opt-services.orthanc.enable). - [Docling Serve](https://github.com/docling-project/docling-serve) running [Docling](https://github.com/docling-project/docling) as an API service. Available as [services.docling-serve](#opt-services.docling-serve.enable). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index a297dfc96d5d..6d4c9672f822 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -930,6 +930,7 @@ ./services/misc/taskchampion-sync-server.nix ./services/misc/taskserver ./services/misc/tautulli.nix + ./services/misc/tee-supplicant ./services/misc/tiddlywiki.nix ./services/misc/tp-auto-kbbl.nix ./services/misc/transfer-sh.nix diff --git a/nixos/modules/services/misc/tee-supplicant/default.nix b/nixos/modules/services/misc/tee-supplicant/default.nix new file mode 100644 index 000000000000..185253e2c44d --- /dev/null +++ b/nixos/modules/services/misc/tee-supplicant/default.nix @@ -0,0 +1,95 @@ +{ + config, + pkgs, + lib, + ... +}: +let + inherit (lib) + getExe' + mkEnableOption + mkIf + mkOption + mkPackageOption + types + ; + + cfg = config.services.tee-supplicant; + + taDir = "optee_armtz"; + + trustedApplications = pkgs.linkFarm "runtime-trusted-applications" ( + map ( + ta: + let + # This is safe since we are using it as the path value, so the context + # will still ensure that this nix store path exists on the running + # system. + taFile = builtins.baseNameOf (builtins.unsafeDiscardStringContext ta); + in + { + name = "lib/${taDir}/${taFile}"; + path = ta; + } + ) cfg.trustedApplications + ); +in +{ + options.services.tee-supplicant = { + enable = mkEnableOption "OP-TEE userspace supplicant"; + + package = mkPackageOption pkgs "optee-client" { }; + + trustedApplications = mkOption { + type = types.listOf types.path; + default = [ ]; + description = '' + A list of full paths to trusted applications that will be loaded at + runtime by tee-supplicant. + ''; + }; + + pluginPath = mkOption { + type = types.path; + default = "/run/current-system/sw/lib/tee-supplicant/plugins"; + description = '' + The directory where plugins will be loaded from on startup. + ''; + }; + + reeFsParentPath = mkOption { + type = types.path; + default = "/var/lib/tee"; + description = '' + The directory where the secure filesystem will be stored in the rich + execution environment (REE FS). + ''; + }; + }; + + config = mkIf cfg.enable { + environment = mkIf (cfg.trustedApplications != [ ]) { + systemPackages = [ trustedApplications ]; + pathsToLink = [ "/lib/${taDir}" ]; + }; + + systemd.services.tee-supplicant = { + description = "Userspace supplicant for OPTEE-OS"; + + serviceConfig = { + ExecStart = toString [ + (getExe' cfg.package "tee-supplicant") + "--ta-dir ${taDir}" + "--fs-parent-path ${cfg.reeFsParentPath}" + "--plugin-path ${cfg.pluginPath}" + ]; + Restart = "always"; + }; + + after = [ "modprobe@optee.service" ]; + wants = [ "modprobe@optee.service" ]; + + wantedBy = [ "multi-user.target" ]; + }; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 11d6afa5478e..441dbec25a0c 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -1064,6 +1064,7 @@ in openvscode-server = runTest ./openvscode-server.nix; open-webui = runTest ./open-webui.nix; openvswitch = runTest ./openvswitch.nix; + optee = handleTestOn [ "aarch64-linux" ] ./optee.nix { }; orangefs = runTest ./orangefs.nix; os-prober = handleTestOn [ "x86_64-linux" ] ./os-prober.nix { }; osquery = handleTestOn [ "x86_64-linux" ] ./osquery.nix { }; diff --git a/nixos/tests/optee.nix b/nixos/tests/optee.nix new file mode 100644 index 000000000000..ac049b30378c --- /dev/null +++ b/nixos/tests/optee.nix @@ -0,0 +1,72 @@ +import ./make-test-python.nix ( + { pkgs, lib, ... }: + { + name = "optee"; + + meta = with pkgs.lib.maintainers; { + maintainers = [ jmbaur ]; + }; + + nodes.machine = + { config, pkgs, ... }: + let + inherit (pkgs) armTrustedFirmwareQemu opteeQemuAarch64 ubootQemuAarch64; + + # Default environment for qemu-arm64 uboot does not work well with + # large nixos kernel/initrds. + uboot = ubootQemuAarch64.overrideAttrs (old: { + postPatch = + (old.postPatch or "") + + '' + substituteInPlace board/emulation/qemu-arm/qemu-arm.env \ + --replace-fail "ramdisk_addr_r=0x44000000" "ramdisk_addr_r=0x46000000" + ''; + }); + + bios = armTrustedFirmwareQemu.override { + extraMakeFlags = [ + "SPD=opteed" + "BL32=${opteeQemuAarch64}/tee-header_v2.bin" + "BL32_EXTRA1=${opteeQemuAarch64}/tee-pager_v2.bin" + "BL32_EXTRA2=${opteeQemuAarch64}/tee-pageable_v2.bin" + "BL33=${uboot}/u-boot.bin" + "all" + "fip" + ]; + filesToInstall = [ + "build/qemu/release/bl1.bin" + "build/qemu/release/fip.bin" + ]; + postInstall = '' + dd if=$out/bl1.bin of=$out/bios.bin bs=4096 conv=notrunc + dd if=$out/fip.bin of=$out/bios.bin seek=64 bs=4096 conv=notrunc + ''; + }; + in + { + virtualisation = { + inherit bios; + cores = 2; + qemu.options = [ + "-machine virt,secure=on,accel=tcg,gic-version=2" + "-cpu cortex-a57" + ]; + }; + + # VM boots up via qfw + boot.loader.grub.enable = false; + + services.tee-supplicant = { + enable = true; + # pkcs11 trusted application + trustedApplications = [ "${opteeQemuAarch64.devkit}/ta/fd02c9da-306c-48c7-a49c-bbd827ae86ee.ta" ]; + }; + }; + testScript = '' + machine.wait_for_unit("tee-supplicant.service") + out = machine.succeed("${pkgs.opensc}/bin/pkcs11-tool --module ${lib.getLib pkgs.optee-client}/lib/libckteec.so --list-token-slots") + if out.find("OP-TEE PKCS11 TA") < 0: + raise Exception("optee pkcs11 token not found") + ''; + } +) From 8e628a544a65f54a1b29e12b15e03f9cd4cd1205 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 5 Jul 2025 08:39:57 +0000 Subject: [PATCH 08/50] aws-lc: 1.53.1 -> 1.55.0 --- pkgs/by-name/aw/aws-lc/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/aw/aws-lc/package.nix b/pkgs/by-name/aw/aws-lc/package.nix index de89ba8f5897..61f3a8497df2 100644 --- a/pkgs/by-name/aw/aws-lc/package.nix +++ b/pkgs/by-name/aw/aws-lc/package.nix @@ -10,13 +10,13 @@ }: stdenv.mkDerivation (finalAttrs: { pname = "aws-lc"; - version = "1.53.1"; + version = "1.55.0"; src = fetchFromGitHub { owner = "aws"; repo = "aws-lc"; rev = "v${finalAttrs.version}"; - hash = "sha256-1liZ1xellboNNsL7D6vqYk9sHFpWN5c0o8B1S9B5Gnc="; + hash = "sha256-Ul+PoOItv7FU7v7NkpaCrZrr/ULnI9FSv6T8ePzTMCs="; }; outputs = [ From 3e9bcbbaa0b614e4f05fc53bf358e33f1c30950f Mon Sep 17 00:00:00 2001 From: Defelo Date: Sat, 5 Jul 2025 11:18:35 +0000 Subject: [PATCH 09/50] clorinde: 0.16.0 -> 1.0.0 Changelog: https://github.com/halcyonnouveau/clorinde/blob/clorinde-v1.0.0/CHANGELOG.md Diff: https://github.com/halcyonnouveau/clorinde/compare/clorinde-v0.16.0...clorinde-v1.0.0 --- pkgs/by-name/cl/clorinde/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/cl/clorinde/package.nix b/pkgs/by-name/cl/clorinde/package.nix index 3eed4fed07e1..9b1fa27376b4 100644 --- a/pkgs/by-name/cl/clorinde/package.nix +++ b/pkgs/by-name/cl/clorinde/package.nix @@ -8,17 +8,17 @@ rustPlatform.buildRustPackage (finalAttrs: { pname = "clorinde"; - version = "0.16.0"; + version = "1.0.0"; src = fetchFromGitHub { owner = "halcyonnouveau"; repo = "clorinde"; tag = "clorinde-v${finalAttrs.version}"; - hash = "sha256-ze/PEML1buh3HlVgz6ifMPWfZnr6eT3VpIXf7jR68jw="; + hash = "sha256-AYoSs3rDZ5j8Xt6E4X7RmgccM3bng3rgWzVLFjhmfR0="; }; useFetchCargoVendor = true; - cargoHash = "sha256-dp5m/PLVG8xUM6LCq48NKK0P8di44keB/YZ9ocfL0Bg="; + cargoHash = "sha256-hxOVocfQvBlaYh227SVLYncfVZ80bDxIvoMtthaqQqc="; cargoBuildFlags = [ "--package=clorinde" ]; From 95b143fd2f4679f993745e1b4d932b42b28317db Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 5 Jul 2025 20:20:07 +0000 Subject: [PATCH 10/50] byedpi: 0.17 -> 0.17.1 --- pkgs/by-name/by/byedpi/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/by/byedpi/package.nix b/pkgs/by-name/by/byedpi/package.nix index d80429cea8fe..5358b379ef88 100644 --- a/pkgs/by-name/by/byedpi/package.nix +++ b/pkgs/by-name/by/byedpi/package.nix @@ -6,13 +6,13 @@ }: stdenv.mkDerivation (finalAttrs: { pname = "byedpi"; - version = "0.17"; + version = "0.17.1"; src = fetchFromGitHub { owner = "hufrea"; repo = "byedpi"; tag = "v${finalAttrs.version}"; - hash = "sha256-JedtEgkj21pDnNM19Oq6asI7iMIHZqf3ZolDlUDhHg8="; + hash = "sha256-an0UmsAZw5DJMuM4WpAWBVVN0ZVBpXhn0cbZ0ZbfBjo="; }; installPhase = '' From ee79aea58ae712fcc1b62b21104f11338f0ffe07 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sun, 6 Jul 2025 23:10:05 +0000 Subject: [PATCH 11/50] fantomas: 7.0.2 -> 7.0.3 --- pkgs/by-name/fa/fantomas/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/fa/fantomas/package.nix b/pkgs/by-name/fa/fantomas/package.nix index 8c61867c601f..f9c254cf6440 100644 --- a/pkgs/by-name/fa/fantomas/package.nix +++ b/pkgs/by-name/fa/fantomas/package.nix @@ -2,9 +2,9 @@ buildDotnetGlobalTool { pname = "fantomas"; - version = "7.0.2"; + version = "7.0.3"; - nugetHash = "sha256-BAaENIm/ksTiXrUImRgKoIXTGIlgsX7ch6ayoFjhJXA="; + nugetHash = "sha256-0XlfV7SxXPDnk/CjkUesJSaH0cxlNHJ+Jj86zNUhkNA="; meta = with lib; { description = "F# source code formatter"; From cf57cdeb3b8be7d8ab2efc0c93eefd84d39f1f95 Mon Sep 17 00:00:00 2001 From: emaryn Date: Tue, 8 Jul 2025 01:44:15 +0800 Subject: [PATCH 12/50] pub2nix.generators.linkPackageConfig: set languageVersion for root package --- .../dart/build-dart-application/default.nix | 1 + .../build-dart-application/generators.nix | 27 ++++++++++++++----- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/pkgs/build-support/dart/build-dart-application/default.nix b/pkgs/build-support/dart/build-dart-application/default.nix index 444930985f8e..5ff4d0a3ef23 100644 --- a/pkgs/build-support/dart/build-dart-application/default.nix +++ b/pkgs/build-support/dart/build-dart-application/default.nix @@ -101,6 +101,7 @@ let } // sdkSourceBuilders; }; packageConfig = generators.linkPackageConfig { + inherit pubspecLock; packageConfig = pub2nix.generatePackageConfig { pname = if args.pname != null then "${args.pname}-${args.version}" else null; diff --git a/pkgs/build-support/dart/build-dart-application/generators.nix b/pkgs/build-support/dart/build-dart-application/generators.nix index 0d6095dc3fc0..409de4cb5d4f 100644 --- a/pkgs/build-support/dart/build-dart-application/generators.nix +++ b/pkgs/build-support/dart/build-dart-application/generators.nix @@ -49,6 +49,7 @@ let # Adds the root package to a dependency package_config.json file from pub2nix. linkPackageConfig = { + pubspecLock, packageConfig, extraSetupCommands ? "", }: @@ -67,15 +68,27 @@ let dontBuild = true; - installPhase = '' - runHook preInstall + installPhase = + let + m = builtins.match "^[[:space:]]*(\\^|>=|>)?[[:space:]]*([0-9]+\\.[0-9]+)\\.[0-9]+.*$" pubspecLock.sdks.dart; + languageVersion = + if m != null then + (builtins.elemAt m 1) + else if pubspecLock.sdks.dart == "any" then + "null" + else + # https://github.com/dart-lang/pub/blob/15b96589066884300a30bdc356566f3398794857/lib/src/language_version.dart#L109 + "2.7"; + in + '' + runHook preInstall - packageName="$(yq --raw-output .name pubspec.yaml)" - jq --arg name "$packageName" '.packages |= . + [{ name: $name, rootUri: "../", packageUri: "lib/" }]' '${packageConfig}' > "$out" - ${extraSetupCommands} + packageName="$(yq --raw-output .name pubspec.yaml)" + jq --arg name "$packageName" --arg languageVersion ${languageVersion} '.packages |= . + [{ name: $name, rootUri: "../", packageUri: "lib/", languageVersion: (if $languageVersion == "null" then null else $languageVersion end) }]' '${packageConfig}' > "$out" + ${extraSetupCommands} - runHook postInstall - ''; + runHook postInstall + ''; } ); in From c9b8e444d872f0b3d5d6a55424bd76ee6d0b9c27 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 7 Jul 2025 19:32:01 +0000 Subject: [PATCH 13/50] llama-cpp: 5760 -> 5836 --- pkgs/by-name/ll/llama-cpp/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/ll/llama-cpp/package.nix b/pkgs/by-name/ll/llama-cpp/package.nix index f6a5e873433b..89ad298ecbe8 100644 --- a/pkgs/by-name/ll/llama-cpp/package.nix +++ b/pkgs/by-name/ll/llama-cpp/package.nix @@ -72,13 +72,13 @@ let in effectiveStdenv.mkDerivation (finalAttrs: { pname = "llama-cpp"; - version = "5760"; + version = "5836"; src = fetchFromGitHub { owner = "ggml-org"; repo = "llama.cpp"; tag = "b${finalAttrs.version}"; - hash = "sha256-sl1lhj40c546YRuCTn6BlmS60Rd2TBKNx4TaQ0I6110="; + hash = "sha256-fo6wnwN3a4xZamwm68EVLNVfQkk+vSxgEoORQKLzdH8="; leaveDotGit = true; postFetch = '' git -C "$out" rev-parse --short HEAD > $out/COMMIT From 17c3c40b23c5b4a204586c7a37af7ec2001c771b Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 8 Jul 2025 15:39:59 +0000 Subject: [PATCH 14/50] upbound-main: 0.39.0-87.g20595f83 -> 0.39.0-115.gbdd4b5af --- pkgs/by-name/up/upbound/sources-main.json | 34 +++++++++++------------ 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/pkgs/by-name/up/upbound/sources-main.json b/pkgs/by-name/up/upbound/sources-main.json index 9d0d2cd9ba00..af98b2112da7 100644 --- a/pkgs/by-name/up/upbound/sources-main.json +++ b/pkgs/by-name/up/upbound/sources-main.json @@ -8,38 +8,38 @@ "fetchurlAttrSet": { "docker-credential-up": { "aarch64-darwin": { - "hash": "sha256-ByiFy8k6qwKXTp7iLoojUNNKhhZnbqc6ms6g+r4f9u0=", - "url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/docker-credential-up/darwin_arm64.tar.gz" + "hash": "sha256-9X6D0WI9Vru/M3oQ/yK0AJjth6MTGfxeEf5Axx2rAlc=", + "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/docker-credential-up/darwin_arm64.tar.gz" }, "aarch64-linux": { - "hash": "sha256-qis91nt43HGEfuqcCH5ri/s4QiHiMrRMTinSUjQeI3o=", - "url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/docker-credential-up/linux_arm64.tar.gz" + "hash": "sha256-g7AzAp4cdJIsZ3mtkYF2MzlLHgwauFORaIkQ6mdwkuI=", + "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/docker-credential-up/linux_arm64.tar.gz" }, "x86_64-darwin": { - "hash": "sha256-s2ORdd3G87Vo9I5zSZXGisjSMr0x86sCu6WOxOZBWTk=", - "url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/docker-credential-up/darwin_amd64.tar.gz" + "hash": "sha256-8F7r3o3e3Mo+GDicS+5Hg6qNz5B+Tt8OHcosHzpZUQM=", + "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/docker-credential-up/darwin_amd64.tar.gz" }, "x86_64-linux": { - "hash": "sha256-5q/XactXioaOqUYwrojg5xgZg+pKjqnxR9tB8ILaaHg=", - "url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/docker-credential-up/linux_amd64.tar.gz" + "hash": "sha256-3TduM86fAb3cIFhb8SNrAFisu9RjQ7H0gtd7csJfSb0=", + "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/docker-credential-up/linux_amd64.tar.gz" } }, "up": { "aarch64-darwin": { - "hash": "sha256-Rud8CPSlxl08cRjChFsZFG6Mfro8BiRWN7f2+DRwUsE=", - "url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/up/darwin_arm64.tar.gz" + "hash": "sha256-xLIdYSR+ILRY2qf5lPMroxZDvDEfDYxrz3cX4ZI0+h0=", + "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/up/darwin_arm64.tar.gz" }, "aarch64-linux": { - "hash": "sha256-KN84vzXue9Tc8O9Ci/4emI7GOX8pETcVc/hpFuBJmy4=", - "url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/up/linux_arm64.tar.gz" + "hash": "sha256-nUOTdWTUJe8eyHTIF4b/00Q9J0Qb4QaAIdAz90h4yHo=", + "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/up/linux_arm64.tar.gz" }, "x86_64-darwin": { - "hash": "sha256-qHN7PSqU5nK5Dh8k4HEjwTmjN/yIoJh7VBoQ/dJS3/s=", - "url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/up/darwin_amd64.tar.gz" + "hash": "sha256-qn2cfprwaLP7chMcWN+zw8+G/tHGNlJtPMX6iB9XjCY=", + "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/up/darwin_amd64.tar.gz" }, "x86_64-linux": { - "hash": "sha256-mw80qJ+9CRQFFKF7bhWiEYcW1P7Jm4dqkXTN+F8erPM=", - "url": "https://cli.upbound.io/main/v0.39.0-87.g20595f83/bundle/up/linux_amd64.tar.gz" + "hash": "sha256-AAmdDWW0MmLYP5viRJ0BpXIVpmU7R6iSN5hwGm6HIuc=", + "url": "https://cli.upbound.io/main/v0.39.0-115.gbdd4b5af/bundle/up/linux_amd64.tar.gz" } } }, @@ -49,5 +49,5 @@ "x86_64-darwin", "x86_64-linux" ], - "version": "0.39.0-87.g20595f83" + "version": "0.39.0-115.gbdd4b5af" } From 71721eab3454d293a18968e60522f2d1878a266a Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 8 Jul 2025 23:15:44 +0000 Subject: [PATCH 15/50] pimsync: 0.4.2 -> 0.4.3 --- pkgs/by-name/pi/pimsync/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/pi/pimsync/package.nix b/pkgs/by-name/pi/pimsync/package.nix index c895512503de..8738263b6dd2 100644 --- a/pkgs/by-name/pi/pimsync/package.nix +++ b/pkgs/by-name/pi/pimsync/package.nix @@ -12,17 +12,17 @@ rustPlatform.buildRustPackage (finalAttrs: { pname = "pimsync"; - version = "0.4.2"; + version = "0.4.3"; src = fetchFromSourcehut { owner = "~whynothugo"; repo = "pimsync"; rev = "v${finalAttrs.version}"; - hash = "sha256-6oV9E6Q6FmCh24xT9+lsQ47GVs70sSujsn54dX6CPgY="; + hash = "sha256-VPrEY3aJKhn96oaehJ8MrrUj0XoSOMWC7APbnw6OrsQ="; }; useFetchCargoVendor = true; - cargoHash = "sha256-vnBk0uojWDM9PS8v5Qda2UflmIFZ09Qp9l25qTTWGMc="; + cargoHash = "sha256-m5tg50C6DMFuBrCW9sxYfeRRZv6Sncp8X40fzaKEsi0="; PIMSYNC_VERSION = finalAttrs.version; From 1889fc8f2f33420db9fb5434efc06fbe3d603987 Mon Sep 17 00:00:00 2001 From: Sizhe Zhao Date: Wed, 9 Jul 2025 10:29:57 +0800 Subject: [PATCH 16/50] nixosTests.ydotool.{customGroup,headless,wayland,x11}: handleTest -> runTest --- nixos/tests/all-tests.nix | 5 +- nixos/tests/ydotool.nix | 278 ++++++++++++++++++++------------------ 2 files changed, 149 insertions(+), 134 deletions(-) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 4fd1c64693ac..1eb13f26a134 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -1555,7 +1555,10 @@ in xterm = runTest ./xterm.nix; xxh = runTest ./xxh.nix; yarr = runTest ./yarr.nix; - ydotool = handleTest ./ydotool.nix { }; + ydotool = import ./ydotool.nix { + inherit (pkgs) lib; + inherit runTest; + }; yggdrasil = runTest ./yggdrasil.nix; your_spotify = runTest ./your_spotify.nix; zammad = runTest ./zammad.nix; diff --git a/nixos/tests/ydotool.nix b/nixos/tests/ydotool.nix index 7a739392aa56..72d3ffb1f536 100644 --- a/nixos/tests/ydotool.nix +++ b/nixos/tests/ydotool.nix @@ -1,16 +1,12 @@ -{ - system ? builtins.currentSystem, - config ? { }, - pkgs ? import ../.. { inherit system config; }, - lib ? pkgs.lib, -}: +{ runTest, lib }: let - makeTest = import ./make-test-python.nix; textInput = "This works."; inputBoxText = "Enter input"; - inputBox = pkgs.writeShellScript "zenity-input" '' - ${lib.getExe pkgs.zenity} --entry --text '${inputBoxText}:' > /tmp/output & - ''; + inputBox = + pkgs: + pkgs.writeShellScript "zenity-input" '' + ${lib.getExe pkgs.zenity} --entry --text '${inputBoxText}:' > /tmp/output & + ''; asUser = '' def as_user(cmd: str): """ @@ -20,124 +16,137 @@ let ''; in { - headless = makeTest { - name = "headless"; + headless = runTest ( + { lib, ... }: + { + name = "headless"; - enableOCR = true; + enableOCR = true; - nodes.machine = { - imports = [ ./common/user-account.nix ]; + nodes.machine = { + imports = [ ./common/user-account.nix ]; - users.users.alice.extraGroups = [ "ydotool" ]; + users.users.alice.extraGroups = [ "ydotool" ]; - programs.ydotool.enable = true; + programs.ydotool.enable = true; - services.getty.autologinUser = "alice"; - }; + services.getty.autologinUser = "alice"; + }; - testScript = - asUser - + '' - start_all() + testScript = + asUser + + '' + start_all() - machine.wait_for_unit("multi-user.target") - machine.wait_for_text("alice") - machine.succeed(as_user("ydotool type 'echo ${textInput} > /tmp/output'")) # text input - machine.succeed(as_user("ydotool key 28:1 28:0")) # text input - machine.screenshot("headless_input") - machine.wait_for_file("/tmp/output") - machine.wait_until_succeeds("grep '${textInput}' /tmp/output") # text input - ''; + machine.wait_for_unit("multi-user.target") + machine.wait_for_text("alice") + machine.succeed(as_user("ydotool type 'echo ${textInput} > /tmp/output'")) # text input + machine.succeed(as_user("ydotool key 28:1 28:0")) # text input + machine.screenshot("headless_input") + machine.wait_for_file("/tmp/output") + machine.wait_until_succeeds("grep '${textInput}' /tmp/output") # text input + ''; - meta.maintainers = with lib.maintainers; [ - OPNA2608 - quantenzitrone - ]; - }; - - x11 = makeTest { - name = "x11"; - - enableOCR = true; - - nodes.machine = { - imports = [ - ./common/user-account.nix - ./common/auto.nix - ./common/x11.nix + meta.maintainers = with lib.maintainers; [ + OPNA2608 + quantenzitrone ]; + } + ); - users.users.alice.extraGroups = [ "ydotool" ]; + x11 = runTest ( + { config, lib, ... }: + { + name = "x11"; - programs.ydotool.enable = true; + enableOCR = true; - test-support.displayManager.auto = { - enable = true; - user = "alice"; - }; + nodes.machine = + { lib, ... }: + { + imports = [ + ./common/user-account.nix + ./common/auto.nix + ./common/x11.nix + ]; - services.xserver.windowManager.dwm.enable = true; - services.displayManager.defaultSession = lib.mkForce "none+dwm"; - }; + users.users.alice.extraGroups = [ "ydotool" ]; - testScript = - asUser - + '' + programs.ydotool.enable = true; + + test-support.displayManager.auto = { + enable = true; + user = "alice"; + }; + + services.xserver.windowManager.dwm.enable = true; + services.displayManager.defaultSession = lib.mkForce "none+dwm"; + }; + + testScript = + asUser + + '' + start_all() + + machine.wait_for_x() + machine.execute(as_user("${inputBox config.node.pkgs}")) + machine.wait_for_text("${inputBoxText}") + machine.succeed(as_user("ydotool type '${textInput}'")) # text input + machine.screenshot("x11_input") + machine.succeed(as_user("ydotool mousemove -a 400 110")) # mouse input + machine.succeed(as_user("ydotool click 0xC0")) # mouse input + machine.wait_for_file("/tmp/output") + machine.wait_until_succeeds("grep '${textInput}' /tmp/output") # text input + ''; + + meta.maintainers = with lib.maintainers; [ + OPNA2608 + quantenzitrone + ]; + } + ); + + wayland = runTest ( + { lib, ... }: + { + name = "wayland"; + + enableOCR = true; + + nodes.machine = + { pkgs, ... }: + { + imports = [ ./common/user-account.nix ]; + + services.cage = { + enable = true; + user = "alice"; + }; + + programs.ydotool.enable = true; + + services.cage.program = inputBox pkgs; + }; + + testScript = '' start_all() - machine.wait_for_x() - machine.execute(as_user("${inputBox}")) + machine.wait_for_unit("graphical.target") machine.wait_for_text("${inputBoxText}") - machine.succeed(as_user("ydotool type '${textInput}'")) # text input - machine.screenshot("x11_input") - machine.succeed(as_user("ydotool mousemove -a 400 110")) # mouse input - machine.succeed(as_user("ydotool click 0xC0")) # mouse input + machine.succeed("ydotool type '${textInput}'") # text input + machine.screenshot("wayland_input") + machine.succeed("ydotool mousemove -a 100 100") # mouse input + machine.succeed("ydotool click 0xC0") # mouse input machine.wait_for_file("/tmp/output") machine.wait_until_succeeds("grep '${textInput}' /tmp/output") # text input ''; - meta.maintainers = with lib.maintainers; [ - OPNA2608 - quantenzitrone - ]; - }; - - wayland = makeTest { - name = "wayland"; - - enableOCR = true; - - nodes.machine = { - imports = [ ./common/user-account.nix ]; - - services.cage = { - enable = true; - user = "alice"; - }; - - programs.ydotool.enable = true; - - services.cage.program = inputBox; - }; - - testScript = '' - start_all() - - machine.wait_for_unit("graphical.target") - machine.wait_for_text("${inputBoxText}") - machine.succeed("ydotool type '${textInput}'") # text input - machine.screenshot("wayland_input") - machine.succeed("ydotool mousemove -a 100 100") # mouse input - machine.succeed("ydotool click 0xC0") # mouse input - machine.wait_for_file("/tmp/output") - machine.wait_until_succeeds("grep '${textInput}' /tmp/output") # text input - ''; - - meta.maintainers = with lib.maintainers; [ - OPNA2608 - quantenzitrone - ]; - }; + meta.maintainers = with lib.maintainers; [ + OPNA2608 + quantenzitrone + ]; + } + ); customGroup = let @@ -147,38 +156,41 @@ in outsideGroupUsername = "other-user"; groupName = "custom-group"; in - makeTest { - inherit name; + runTest ( + { lib, ... }: + { + inherit name; - nodes."${nodeName}" = { - programs.ydotool = { - enable = true; - group = groupName; - }; - - users.users = { - "${insideGroupUsername}" = { - isNormalUser = true; - extraGroups = [ groupName ]; + nodes."${nodeName}" = { + programs.ydotool = { + enable = true; + group = groupName; + }; + + users.users = { + "${insideGroupUsername}" = { + isNormalUser = true; + extraGroups = [ groupName ]; + }; + "${outsideGroupUsername}".isNormalUser = true; }; - "${outsideGroupUsername}".isNormalUser = true; }; - }; - testScript = '' - start_all() + testScript = '' + start_all() - # Wait for service to start - ${nodeName}.wait_for_unit("multi-user.target") - ${nodeName}.wait_for_unit("ydotoold.service") + # Wait for service to start + ${nodeName}.wait_for_unit("multi-user.target") + ${nodeName}.wait_for_unit("ydotoold.service") - # Verify that user with the configured group can use the service - ${nodeName}.succeed("sudo --login --user=${insideGroupUsername} ydotool type 'Hello, World!'") + # Verify that user with the configured group can use the service + ${nodeName}.succeed("sudo --login --user=${insideGroupUsername} ydotool type 'Hello, World!'") - # Verify that user without the configured group can't use the service - ${nodeName}.fail("sudo --login --user=${outsideGroupUsername} ydotool type 'Hello, World!'") - ''; + # Verify that user without the configured group can't use the service + ${nodeName}.fail("sudo --login --user=${outsideGroupUsername} ydotool type 'Hello, World!'") + ''; - meta.maintainers = with lib.maintainers; [ l0b0 ]; - }; + meta.maintainers = with lib.maintainers; [ l0b0 ]; + } + ); } From 2522b5207f7fea2a7b5c36c5f339d85ad26a5b7e Mon Sep 17 00:00:00 2001 From: Sizhe Zhao Date: Wed, 9 Jul 2025 12:48:05 +0800 Subject: [PATCH 17/50] nixosTests.hbase{2,_2_4,_2_5,3}: handleTest -> runTest --- nixos/tests/all-tests.nix | 20 +++++++++--- nixos/tests/hbase.nix | 66 ++++++++++++++++++--------------------- 2 files changed, 46 insertions(+), 40 deletions(-) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 4fd1c64693ac..b85e78e8cb51 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -649,10 +649,22 @@ in harmonia = runTest ./harmonia.nix; headscale = runTest ./headscale.nix; healthchecks = runTest ./web-apps/healthchecks.nix; - hbase2 = handleTest ./hbase.nix { package = pkgs.hbase2; }; - hbase_2_5 = handleTest ./hbase.nix { package = pkgs.hbase_2_5; }; - hbase_2_4 = handleTest ./hbase.nix { package = pkgs.hbase_2_4; }; - hbase3 = handleTest ./hbase.nix { package = pkgs.hbase3; }; + hbase2 = runTest { + imports = [ ./hbase.nix ]; + _module.args.getPackage = pkgs: pkgs.hbase2; + }; + hbase_2_5 = runTest { + imports = [ ./hbase.nix ]; + _module.args.getPackage = pkgs: pkgs.hbase_2_5; + }; + hbase_2_4 = runTest { + imports = [ ./hbase.nix ]; + _module.args.getPackage = pkgs: pkgs.hbase_2_4; + }; + hbase3 = runTest { + imports = [ ./hbase.nix ]; + _module.args.getPackage = pkgs: pkgs.hbase3; + }; hedgedoc = runTest ./hedgedoc.nix; herbstluftwm = runTest ./herbstluftwm.nix; homebox = runTest ./homebox.nix; diff --git a/nixos/tests/hbase.nix b/nixos/tests/hbase.nix index 12afa3a2d221..25af5e495a4a 100644 --- a/nixos/tests/hbase.nix +++ b/nixos/tests/hbase.nix @@ -1,39 +1,33 @@ -import ./make-test-python.nix ( - { - pkgs, - lib, - package ? pkgs.hbase, - ... - }: - { - name = "hbase-standalone"; +{ getPackage, lib, ... }: +{ + name = "hbase-standalone"; - meta = with lib.maintainers; { - maintainers = [ illustris ]; + meta = with lib.maintainers; { + maintainers = [ illustris ]; + }; + + nodes.hbase = + { pkgs, ... }: + let + package = getPackage pkgs; + in + { + services.hbase-standalone = { + enable = true; + inherit package; + # Needed for standalone mode in hbase 2+ + # This setting and standalone mode are not suitable for production + settings."hbase.unsafe.stream.capability.enforce" = "false"; + }; + environment.systemPackages = [ + package + ]; }; - nodes = { - hbase = - { pkgs, ... }: - { - services.hbase-standalone = { - enable = true; - inherit package; - # Needed for standalone mode in hbase 2+ - # This setting and standalone mode are not suitable for production - settings."hbase.unsafe.stream.capability.enforce" = "false"; - }; - environment.systemPackages = with pkgs; [ - package - ]; - }; - }; - - testScript = '' - start_all() - hbase.wait_for_unit("hbase.service") - hbase.wait_until_succeeds("echo \"create 't1','f1'\" | sudo -u hbase hbase shell -n") - assert "NAME => 'f1'" in hbase.succeed("echo \"describe 't1'\" | sudo -u hbase hbase shell -n") - ''; - } -) + testScript = '' + start_all() + hbase.wait_for_unit("hbase.service") + hbase.wait_until_succeeds("echo \"create 't1','f1'\" | sudo -u hbase hbase shell -n") + assert "NAME => 'f1'" in hbase.succeed("echo \"describe 't1'\" | sudo -u hbase hbase shell -n") + ''; +} From ffbaf47a7284c485d44c0a5ff8245eeb9521d39f Mon Sep 17 00:00:00 2001 From: Sizhe Zhao Date: Wed, 9 Jul 2025 12:37:43 +0800 Subject: [PATCH 18/50] nixosTests.go-camo: handleTest -> runTest --- nixos/tests/all-tests.nix | 2 +- nixos/tests/go-camo.nix | 52 ++++++++++++++++----------------------- 2 files changed, 22 insertions(+), 32 deletions(-) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 4fd1c64693ac..a6c84fe08ba6 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -605,7 +605,7 @@ in gns3-server = runTest ./gns3-server.nix; gnupg = runTest ./gnupg.nix; goatcounter = runTest ./goatcounter.nix; - go-camo = handleTest ./go-camo.nix { }; + go-camo = runTest ./go-camo.nix; go-neb = runTest ./go-neb.nix; gobgpd = runTest ./gobgpd.nix; gocd-agent = runTest ./gocd-agent.nix; diff --git a/nixos/tests/go-camo.nix b/nixos/tests/go-camo.nix index f53d5417ce74..d68bbde537b5 100644 --- a/nixos/tests/go-camo.nix +++ b/nixos/tests/go-camo.nix @@ -1,36 +1,26 @@ +{ lib, ... }: +let + key_val = "12345678"; +in { - system ? builtins.currentSystem, - config ? { }, - pkgs ? import ../.. { inherit system config; }, -}: + name = "go-camo-file-key"; + meta = { + maintainers = [ lib.maintainers.viraptor ]; + }; -with import ../lib/testing-python.nix { inherit system pkgs; }; - -{ - gocamo_file_key = - let - key_val = "12345678"; - in - makeTest { - name = "go-camo-file-key"; - meta = { - maintainers = [ pkgs.lib.maintainers.viraptor ]; + nodes.machine = + { pkgs, ... }: + { + services.go-camo = { + enable = true; + keyFile = pkgs.writeText "foo" key_val; }; - - nodes.machine = - { config, pkgs, ... }: - { - services.go-camo = { - enable = true; - keyFile = pkgs.writeText "foo" key_val; - }; - }; - - # go-camo responds to http requests - testScript = '' - machine.wait_for_unit("go-camo.service") - machine.wait_for_open_port(8080) - machine.succeed("curl http://localhost:8080") - ''; }; + + # go-camo responds to http requests + testScript = '' + machine.wait_for_unit("go-camo.service") + machine.wait_for_open_port(8080) + machine.succeed("curl http://localhost:8080") + ''; } From d0f4edd7806fa418fec1622051df81a283a990dd Mon Sep 17 00:00:00 2001 From: Sizhe Zhao Date: Wed, 9 Jul 2025 22:13:38 +0800 Subject: [PATCH 19/50] go-camo: link nixos test --- pkgs/by-name/go/go-camo/package.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/by-name/go/go-camo/package.nix b/pkgs/by-name/go/go-camo/package.nix index e32a442178df..6ae59c258fa1 100644 --- a/pkgs/by-name/go/go-camo/package.nix +++ b/pkgs/by-name/go/go-camo/package.nix @@ -3,6 +3,7 @@ buildGo124Module, fetchFromGitHub, installShellFiles, + nixosTests, scdoc, }: @@ -43,6 +44,10 @@ buildGo124Module rec { rm pkg/camo/proxy_{,filter_}test.go ''; + passthru.tests = { + inherit (nixosTests) go-camo; + }; + meta = { description = "Camo server is a special type of image proxy that proxies non-secure images over SSL/TLS"; homepage = "https://github.com/cactus/go-camo"; From 5cd09e28ae7de52f6cf5c2a3756f969effe35288 Mon Sep 17 00:00:00 2001 From: Ivan Mincik Date: Wed, 18 Jun 2025 14:47:41 +0200 Subject: [PATCH 20/50] nixos/modules: add nominatim module and test --- nixos/modules/module-list.nix | 1 + nixos/modules/services/search/nominatim.nix | 324 ++++++++++++++++++++ nixos/tests/all-tests.nix | 1 + nixos/tests/nominatim.nix | 187 +++++++++++ 4 files changed, 513 insertions(+) create mode 100644 nixos/modules/services/search/nominatim.nix create mode 100644 nixos/tests/nominatim.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index d0831c02e6d7..2bb58bdc01eb 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1413,6 +1413,7 @@ ./services/search/hound.nix ./services/search/manticore.nix ./services/search/meilisearch.nix + ./services/search/nominatim.nix ./services/search/opensearch.nix ./services/search/qdrant.nix ./services/search/quickwit.nix diff --git a/nixos/modules/services/search/nominatim.nix b/nixos/modules/services/search/nominatim.nix new file mode 100644 index 000000000000..5701fcc18650 --- /dev/null +++ b/nixos/modules/services/search/nominatim.nix @@ -0,0 +1,324 @@ +{ + lib, + config, + pkgs, + ... +}: + +let + cfg = config.services.nominatim; + + localDb = cfg.database.host == "localhost"; + uiPackage = cfg.ui.package.override { customConfig = cfg.ui.config; }; +in +{ + options.services.nominatim = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Whether to enable nominatim. + + Also enables nginx virtual host management. Further nginx configuration + can be done by adapting `services.nginx.virtualHosts.`. + See [](#opt-services.nginx.virtualHosts). + ''; + }; + + package = lib.mkPackageOption pkgs.python3Packages "nominatim-api" { }; + + hostName = lib.mkOption { + type = lib.types.str; + description = "Hostname to use for the nginx vhost."; + example = "nominatim.example.com"; + }; + + settings = lib.mkOption { + default = { }; + type = lib.types.attrsOf lib.types.str; + example = lib.literalExpression '' + { + NOMINATIM_REPLICATION_URL = "https://planet.openstreetmap.org/replication/minute"; + NOMINATIM_REPLICATION_MAX_DIFF = "100"; + } + ''; + description = '' + Nominatim configuration settings. + For the list of available configuration options see + . + ''; + }; + + ui = { + package = lib.mkPackageOption pkgs "nominatim-ui" { }; + + config = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = '' + Nominatim UI configuration placed to theme/config.theme.js file. + + For the list of available configuration options see + . + ''; + example = '' + Nominatim_Config.Page_Title='My Nominatim instance'; + Nominatim_Config.Nominatim_API_Endpoint='https://localhost/'; + ''; + }; + }; + + database = { + host = lib.mkOption { + type = lib.types.str; + default = "localhost"; + description = '' + Host of the postgresql server. If not set to `localhost`, Nominatim + database and postgresql superuser with appropriate permissions must + exist on target host. + ''; + }; + + port = lib.mkOption { + type = lib.types.port; + default = 5432; + description = "Port of the postgresql database."; + }; + + dbname = lib.mkOption { + type = lib.types.str; + default = "nominatim"; + description = "Name of the postgresql database."; + }; + + superUser = lib.mkOption { + type = lib.types.str; + default = "nominatim"; + description = '' + Postgresql database superuser used to create Nominatim database and + import data. If `database.host` is set to `localhost`, a unix user and + group of the same name will be automatically created. + ''; + }; + + apiUser = lib.mkOption { + type = lib.types.str; + default = "nominatim-api"; + description = '' + Postgresql database user with read-only permissions used for Nominatim + web API service. + ''; + }; + + passwordFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = '' + Password file used for Nominatim database connection. + Must be readable only for the Nominatim web API user. + + The file must be a valid `.pgpass` file as described in: + + + In most cases, the following will be enough: + ``` + *:*:*:*: + ``` + ''; + }; + + extraConnectionParams = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = '' + Extra Nominatim database connection parameters. + + Format: + =;= + + See . + ''; + }; + }; + }; + + config = + let + nominatimSuperUserDsn = + "pgsql:dbname=${cfg.database.dbname};" + + "user=${cfg.database.superUser}" + + lib.optionalString (cfg.database.extraConnectionParams != null) ( + ";" + cfg.database.extraConnectionParams + ); + + nominatimApiDsn = + "pgsql:dbname=${cfg.database.dbname}" + + lib.optionalString (!localDb) ( + ";host=${cfg.database.host};" + + "port=${toString cfg.database.port};" + + "user=${cfg.database.apiUser}" + ) + + lib.optionalString (cfg.database.extraConnectionParams != null) ( + ";" + cfg.database.extraConnectionParams + ); + in + lib.mkIf cfg.enable { + # CLI package + environment.systemPackages = [ pkgs.nominatim ]; + + # Database + users.users.${cfg.database.superUser} = lib.mkIf localDb { + group = cfg.database.superUser; + isSystemUser = true; + createHome = false; + }; + users.groups.${cfg.database.superUser} = lib.mkIf localDb { }; + + services.postgresql = lib.mkIf localDb { + enable = true; + extensions = ps: with ps; [ postgis ]; + ensureUsers = [ + { + name = cfg.database.superUser; + ensureClauses.superuser = true; + } + { + name = cfg.database.apiUser; + } + ]; + }; + + # TODO: add nominatim-update service + + systemd.services.nominatim-init = lib.mkIf localDb { + after = [ "postgresql-setup.service" ]; + requires = [ "postgresql-setup.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + User = cfg.database.superUser; + RemainAfterExit = true; + PrivateTmp = true; + }; + script = '' + sql="SELECT COUNT(*) FROM pg_database WHERE datname='${cfg.database.dbname}'" + db_exists=$(${pkgs.postgresql}/bin/psql --dbname postgres -tAc "$sql") + + if [ "$db_exists" == "0" ]; then + ${lib.getExe pkgs.nominatim} import --prepare-database + else + echo "Database ${cfg.database.dbname} already exists. Skipping ..." + fi + ''; + path = [ + pkgs.postgresql + ]; + environment = { + NOMINATIM_DATABASE_DSN = nominatimSuperUserDsn; + NOMINATIM_DATABASE_WEBUSER = cfg.database.apiUser; + } // cfg.settings; + }; + + # Web API service + users.users.${cfg.database.apiUser} = { + group = cfg.database.apiUser; + isSystemUser = true; + createHome = false; + }; + users.groups.${cfg.database.apiUser} = { }; + + systemd.services.nominatim = { + after = [ "network.target" ] ++ lib.optionals localDb [ "nominatim-init.service" ]; + requires = lib.optionals localDb [ "nominatim-init.service" ]; + bindsTo = lib.optionals localDb [ "postgresql.service" ]; + wantedBy = [ "multi-user.target" ]; + wants = [ "network.target" ]; + serviceConfig = { + Type = "simple"; + User = cfg.database.apiUser; + ExecStart = '' + ${pkgs.python3Packages.gunicorn}/bin/gunicorn \ + --bind unix:/run/nominatim.sock \ + --workers 4 \ + --worker-class uvicorn.workers.UvicornWorker "nominatim_api.server.falcon.server:run_wsgi()" + ''; + Environment = lib.optional ( + cfg.database.passwordFile != null + ) "PGPASSFILE=${cfg.database.passwordFile}"; + ExecReload = "${pkgs.procps}/bin/kill -s HUP $MAINPID"; + KillMode = "mixed"; + TimeoutStopSec = 5; + }; + environment = { + PYTHONPATH = + with pkgs.python3Packages; + pkgs.python3Packages.makePythonPath [ + cfg.package + falcon + uvicorn + ]; + NOMINATIM_DATABASE_DSN = nominatimApiDsn; + NOMINATIM_DATABASE_WEBUSER = cfg.database.apiUser; + } // cfg.settings; + }; + + systemd.sockets.nominatim = { + before = [ "nominatim.service" ]; + wantedBy = [ "sockets.target" ]; + socketConfig = { + ListenStream = "/run/nominatim.sock"; + SocketUser = cfg.database.apiUser; + SocketGroup = config.services.nginx.group; + }; + }; + + services.nginx = { + enable = true; + appendHttpConfig = '' + map $args $format { + default default; + ~(^|&)format=html(&|$) html; + } + + map $uri/$format $forward_to_ui { + default 0; # No forwarding by default. + + # Redirect to HTML UI if explicitly requested. + ~/reverse.*/html 1; + ~/search.*/html 1; + ~/lookup.*/html 1; + ~/details.*/html 1; + } + ''; + upstreams.nominatim = { + servers = { + "unix:/run/nominatim.sock" = { }; + }; + }; + virtualHosts = { + ${cfg.hostName} = { + forceSSL = lib.mkDefault true; + enableACME = lib.mkDefault true; + locations = { + "= /" = { + extraConfig = '' + return 301 $scheme://$http_host/ui/search.html; + ''; + }; + "/" = { + proxyPass = "http://nominatim"; + extraConfig = '' + if ($forward_to_ui) { + rewrite ^(/[^/.]*) /ui$1.html redirect; + } + ''; + }; + "/ui/" = { + alias = "${uiPackage}/"; + }; + }; + }; + }; + }; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index d370a4180286..c4c8c38c1fd4 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -1012,6 +1012,7 @@ in nixseparatedebuginfod = runTest ./nixseparatedebuginfod.nix; node-red = runTest ./node-red.nix; nomad = runTest ./nomad.nix; + nominatim = runTest ./nominatim.nix; non-default-filesystems = handleTest ./non-default-filesystems.nix { }; non-switchable-system = runTest ./non-switchable-system.nix; noto-fonts = runTest ./noto-fonts.nix; diff --git a/nixos/tests/nominatim.nix b/nixos/tests/nominatim.nix new file mode 100644 index 000000000000..3919f245abd1 --- /dev/null +++ b/nixos/tests/nominatim.nix @@ -0,0 +1,187 @@ +{ pkgs, lib, ... }: + +let + # Andorra - the smallest dataset in Europe (3.1 MB) + osmData = pkgs.fetchurl { + url = "https://web.archive.org/web/20250430211212/https://download.geofabrik.de/europe/andorra-latest.osm.pbf"; + hash = "sha256-Ey+ipTOFUm80rxBteirPW5N4KxmUsg/pCE58E/2rcyE="; + }; +in +{ + name = "nominatim"; + meta = { + maintainers = with lib.teams; [ + geospatial + ngi + ]; + }; + + nodes = { + # nominatim - self contained host + nominatim = + { config, pkgs, ... }: + { + # Nominatim + services.nominatim = { + enable = true; + hostName = "nominatim"; + settings = { + NOMINATIM_IMPORT_STYLE = "admin"; + }; + ui = { + config = '' + Nominatim_Config.Page_Title='Test Nominatim instance'; + Nominatim_Config.Nominatim_API_Endpoint='https://localhost/'; + ''; + }; + }; + + # Disable SSL + services.nginx.virtualHosts.nominatim = { + forceSSL = false; + enableACME = false; + }; + + # Database + services.postgresql = { + enableTCPIP = true; + authentication = lib.mkForce '' + local all all trust + host all all 0.0.0.0/0 md5 + host all all ::0/0 md5 + ''; + }; + systemd.services.postgresql-setup.postStart = '' + psql --command "ALTER ROLE \"nominatim-api\" WITH PASSWORD 'password';" + ''; + networking.firewall.allowedTCPPorts = [ config.services.postgresql.settings.port ]; + }; + + # api - web API only + api = + { config, pkgs, ... }: + { + # Database password + system.activationScripts = { + passwordFile.text = with config.services.nominatim.database; '' + mkdir -p /run/secrets + echo "${host}:${toString port}:${dbname}:${apiUser}:password" \ + > /run/secrets/pgpass + chown nominatim-api:nominatim-api /run/secrets/pgpass + chmod 0600 /run/secrets/pgpass + ''; + }; + + # Nominatim + services.nominatim = { + enable = true; + hostName = "nominatim"; + settings = { + NOMINATIM_LOG_DB = "yes"; + }; + database = { + host = "nominatim"; + passwordFile = "/run/secrets/pgpass"; + extraConnectionParams = "application_name=nominatim;connect_timeout=2"; + }; + }; + + # Disable SSL + services.nginx.virtualHosts.nominatim = { + forceSSL = false; + enableACME = false; + }; + }; + }; + + testScript = '' + # Test nominatim host + nominatim.start() + nominatim.wait_for_unit("nominatim.service") + + # Import OSM data + nominatim.succeed(""" + cd /tmp + sudo -u nominatim \ + NOMINATIM_DATABASE_WEBUSER=nominatim-api \ + NOMINATIM_IMPORT_STYLE=admin \ + nominatim import --continue import-from-file --osm-file ${osmData} + """) + nominatim.succeed("systemctl restart nominatim.service") + + # Test CLI + nominatim.succeed("sudo -u nominatim-api nominatim search --query Andorra") + + # Test web API + nominatim.succeed("curl 'http://localhost/status' | grep OK") + + nominatim.succeed(""" + curl "http://localhost/search?q=Andorra&format=geojson" | grep "Andorra" + curl "http://localhost/reverse?lat=42.5407167&lon=1.5732033&format=geojson" + """) + + # Test UI + nominatim.succeed(""" + curl "http://localhost/ui/search.html" \ + | grep "Nominatim Demo" + """) + + + # Test api host + api.start() + api.wait_for_unit("nominatim.service") + + # Test web API + api.succeed(""" + curl "http://localhost/search?q=Andorra&format=geojson" | grep "Andorra" + curl "http://localhost/reverse?lat=42.5407167&lon=1.5732033&format=geojson" + """) + + + # Test format rewrites + # Redirect / to search + nominatim.succeed(""" + curl --verbose "http://localhost" 2>&1 \ + | grep "Location: http://localhost/ui/search.html" + """) + + # Return text by default + nominatim.succeed(""" + curl --verbose "http://localhost/status" 2>&1 \ + | grep "Content-Type: text/plain" + """) + + # Return JSON by default + nominatim.succeed(""" + curl --verbose "http://localhost/search?q=Andorra" 2>&1 \ + | grep "Content-Type: application/json" + """) + + # Return XML by default + nominatim.succeed(""" + curl --verbose "http://localhost/lookup" 2>&1 \ + | grep "Content-Type: text/xml" + + curl --verbose "http://localhost/reverse?lat=0&lon=0" 2>&1 \ + | grep "Content-Type: text/xml" + """) + + # Redirect explicitly requested HTML format + nominatim.succeed(""" + curl --verbose "http://localhost/search?format=html" 2>&1 \ + | grep "Location: http://localhost/ui/search.html" + + curl --verbose "http://localhost/reverse?format=html" 2>&1 \ + | grep "Location: http://localhost/ui/reverse.html" + """) + + # Return explicitly requested JSON format + nominatim.succeed(""" + curl --verbose "http://localhost/search?format=json" 2>&1 \ + | grep "Content-Type: application/json" + + curl --verbose "http://localhost/reverse?format=json" 2>&1 \ + | grep "Content-Type: application/json" + """) + ''; +} From 0c97d620be7bf43272914edf9c83974d4dc68aa3 Mon Sep 17 00:00:00 2001 From: Ivan Mincik Date: Wed, 2 Jul 2025 15:52:34 +0200 Subject: [PATCH 21/50] nominatim: add nixos test --- pkgs/by-name/no/nominatim/package.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/no/nominatim/package.nix b/pkgs/by-name/no/nominatim/package.nix index add1001d86ef..d6c272e0f2a9 100644 --- a/pkgs/by-name/no/nominatim/package.nix +++ b/pkgs/by-name/no/nominatim/package.nix @@ -7,6 +7,7 @@ python3Packages, nominatim, # required for testVersion + nixosTests, testers, }: @@ -64,8 +65,9 @@ python3Packages.buildPythonApplication rec { pythonImportsCheck = [ "nominatim_db" ]; - passthru = { - tests.version = testers.testVersion { package = nominatim; }; + passthru.tests = { + version = testers.testVersion { package = nominatim; }; + inherit (nixosTests) nominatim; }; meta = { From 96943417e73870620d6fff8b9d3613a641adb6dc Mon Sep 17 00:00:00 2001 From: Ivan Mincik Date: Tue, 8 Jul 2025 11:00:30 +0200 Subject: [PATCH 22/50] nominatim-ui: add nixos test --- pkgs/by-name/no/nominatim-ui/package.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pkgs/by-name/no/nominatim-ui/package.nix b/pkgs/by-name/no/nominatim-ui/package.nix index 323be48ae2cc..2efa4b66b1e8 100644 --- a/pkgs/by-name/no/nominatim-ui/package.nix +++ b/pkgs/by-name/no/nominatim-ui/package.nix @@ -3,6 +3,7 @@ stdenv, fetchFromGitHub, fetchYarnDeps, + nixosTests, writableTmpDirAsHomeHook, writeText, @@ -10,7 +11,7 @@ nodejs, yarn, - # Custom application configuration placed to theme/config.theme.js file + # Custom application configuration placed to theme/config.theme.js file. # For the list of available configuration options see # https://github.com/osm-search/nominatim-ui/blob/master/dist/config.defaults.js customConfig ? null, @@ -83,6 +84,10 @@ stdenv.mkDerivation (finalAttrs: { runHook postInstall ''; + passthru.tests = { + inherit (nixosTests) nominatim; + }; + meta = { description = "Debugging user interface for Nominatim geocoder"; homepage = "https://github.com/osm-search/nominatim-ui"; From 2c471cd46ef3716fc1aac48965323ed59c51c072 Mon Sep 17 00:00:00 2001 From: Jessie Slight Date: Wed, 9 Jul 2025 12:34:52 -0700 Subject: [PATCH 23/50] gitlab: 18.1.1 -> 18.1.2 --- pkgs/by-name/gi/gitaly/package.nix | 4 ++-- .../by-name/gi/gitlab-container-registry/package.nix | 6 +++--- pkgs/by-name/gi/gitlab-pages/package.nix | 4 ++-- pkgs/by-name/gi/gitlab/data.json | 12 ++++++------ pkgs/by-name/gi/gitlab/gitlab-workhorse/default.nix | 2 +- pkgs/by-name/gi/gitlab/rubyEnv/Gemfile | 4 +++- pkgs/by-name/gi/gitlab/rubyEnv/Gemfile.lock | 8 ++++---- pkgs/by-name/gi/gitlab/rubyEnv/gemset.nix | 4 ++-- 8 files changed, 23 insertions(+), 21 deletions(-) diff --git a/pkgs/by-name/gi/gitaly/package.nix b/pkgs/by-name/gi/gitaly/package.nix index c44d42860fd1..f27132f57d2a 100644 --- a/pkgs/by-name/gi/gitaly/package.nix +++ b/pkgs/by-name/gi/gitaly/package.nix @@ -7,7 +7,7 @@ }: let - version = "18.1.1"; + version = "18.1.2"; package_version = "v${lib.versions.major version}"; gitaly_package = "gitlab.com/gitlab-org/gitaly/${package_version}"; @@ -21,7 +21,7 @@ let owner = "gitlab-org"; repo = "gitaly"; rev = "v${version}"; - hash = "sha256-R79UV6QIEO/B7xQ3ds4scm7twHmalziksKBJ97tYVJM="; + hash = "sha256-ErA04W6rWsjSay02bst0ur1mztrdo8SW/mpGtln4unI="; }; vendorHash = "sha256-BTpcnaHNyLgdAA9KqqA+mBo18fmQ0+OwLGNOPHRJ/IE="; diff --git a/pkgs/by-name/gi/gitlab-container-registry/package.nix b/pkgs/by-name/gi/gitlab-container-registry/package.nix index 73f1209fbad9..d5013e8d13d6 100644 --- a/pkgs/by-name/gi/gitlab-container-registry/package.nix +++ b/pkgs/by-name/gi/gitlab-container-registry/package.nix @@ -6,7 +6,7 @@ buildGoModule rec { pname = "gitlab-container-registry"; - version = "4.23.1"; + version = "4.24.0"; rev = "v${version}-gitlab"; # nixpkgs-update: no auto update @@ -14,10 +14,10 @@ buildGoModule rec { owner = "gitlab-org"; repo = "container-registry"; inherit rev; - hash = "sha256-eCuSuQXtzd2jLJf9G8DO1KGXdT8bYGe9tcKw6BZNiiI="; + hash = "sha256-GNL7L6DKIKEgDEZQkeHNOn4R5SnWnHvNoUIs2YLjoR8="; }; - vendorHash = "sha256-OrdlQp+USRf+Yc7UDjIncDpbuRu5ui6TUoYY2MMc8Ro="; + vendorHash = "sha256-zisadCxyfItD/n7VGbtbvhl8MRHiqdw0Kkrg6ebgS/8="; checkFlags = let diff --git a/pkgs/by-name/gi/gitlab-pages/package.nix b/pkgs/by-name/gi/gitlab-pages/package.nix index 3981ac06c106..d21dba50c838 100644 --- a/pkgs/by-name/gi/gitlab-pages/package.nix +++ b/pkgs/by-name/gi/gitlab-pages/package.nix @@ -6,14 +6,14 @@ buildGoModule rec { pname = "gitlab-pages"; - version = "18.1.1"; + version = "18.1.2"; # nixpkgs-update: no auto update src = fetchFromGitLab { owner = "gitlab-org"; repo = "gitlab-pages"; rev = "v${version}"; - hash = "sha256-tqT+ARebnBhBHzOenkL/o7/tf4/urxKFAOFMwCQSzeA="; + hash = "sha256-XY/WK19nujQPdsicGDHS5gEZf3uJZdW41R4xK9hDML0="; }; vendorHash = "sha256-6ZHKwPhC3N813kiw1NnPOMVc2CBSIClwc4MunDi0gCk="; diff --git a/pkgs/by-name/gi/gitlab/data.json b/pkgs/by-name/gi/gitlab/data.json index fd510ddfea1e..7e6ef7cd5e0f 100644 --- a/pkgs/by-name/gi/gitlab/data.json +++ b/pkgs/by-name/gi/gitlab/data.json @@ -1,15 +1,15 @@ { - "version": "18.1.1", - "repo_hash": "1agw51d1qvvx6yyzz71sz4mkx04ic8hmql8lggz3x5scnhglnzjq", + "version": "18.1.2", + "repo_hash": "072ib6rc7mw9pdzql8514k4z76i1ahssyj5kypgyvf9qj4naym0b", "yarn_hash": "0c5pp3dpvw0q0nfl6w1lpdmk7dvkfinwb7z7a3vq22wgzca23x2m", "owner": "gitlab-org", "repo": "gitlab", - "rev": "v18.1.1-ee", + "rev": "v18.1.2-ee", "passthru": { - "GITALY_SERVER_VERSION": "18.1.1", - "GITLAB_PAGES_VERSION": "18.1.1", + "GITALY_SERVER_VERSION": "18.1.2", + "GITLAB_PAGES_VERSION": "18.1.2", "GITLAB_SHELL_VERSION": "14.42.0", "GITLAB_ELASTICSEARCH_INDEXER_VERSION": "5.6.0", - "GITLAB_WORKHORSE_VERSION": "18.1.1" + "GITLAB_WORKHORSE_VERSION": "18.1.2" } } diff --git a/pkgs/by-name/gi/gitlab/gitlab-workhorse/default.nix b/pkgs/by-name/gi/gitlab/gitlab-workhorse/default.nix index 3c9a7bfe0e3b..d32d1530b2ce 100644 --- a/pkgs/by-name/gi/gitlab/gitlab-workhorse/default.nix +++ b/pkgs/by-name/gi/gitlab/gitlab-workhorse/default.nix @@ -10,7 +10,7 @@ in buildGoModule rec { pname = "gitlab-workhorse"; - version = "18.1.1"; + version = "18.1.2"; # nixpkgs-update: no auto update src = fetchFromGitLab { diff --git a/pkgs/by-name/gi/gitlab/rubyEnv/Gemfile b/pkgs/by-name/gi/gitlab/rubyEnv/Gemfile index 8913861030c1..b8cd3db40e42 100644 --- a/pkgs/by-name/gi/gitlab/rubyEnv/Gemfile +++ b/pkgs/by-name/gi/gitlab/rubyEnv/Gemfile @@ -648,7 +648,9 @@ gem 'gitaly', '~> 18.1.0.pre.rc1', feature_category: :gitaly # KAS GRPC protocol definitions gem 'gitlab-kas-grpc', '~> 17.11.0', feature_category: :deployment_management -gem 'grpc', '~> 1.72.0', feature_category: :shared +# Lock until 1.74.0 is available +# https://gitlab.com/gitlab-com/gl-infra/production/-/issues/20067 +gem 'grpc', '= 1.63.0', feature_category: :shared gem 'google-protobuf', '~> 3.25', '>= 3.25.3', feature_category: :shared diff --git a/pkgs/by-name/gi/gitlab/rubyEnv/Gemfile.lock b/pkgs/by-name/gi/gitlab/rubyEnv/Gemfile.lock index 637c16927096..e5a452a4d519 100644 --- a/pkgs/by-name/gi/gitlab/rubyEnv/Gemfile.lock +++ b/pkgs/by-name/gi/gitlab/rubyEnv/Gemfile.lock @@ -48,7 +48,7 @@ PATH google-cloud-storage_transfer (~> 1.2.0) google-protobuf (~> 3.25, >= 3.25.3) googleauth (~> 1.8.1) - grpc (~> 1.72.0) + grpc (= 1.63.0) json (~> 2.7) jwt (~> 2.5) logger (~> 1.5) @@ -956,8 +956,8 @@ GEM graphql (~> 2.0) html-pipeline (~> 2.14, >= 2.14.3) sass-embedded (~> 1.58) - grpc (1.72.0) - google-protobuf (>= 3.25, < 5.0) + grpc (1.63.0) + google-protobuf (~> 3.25) googleapis-common-protos-types (~> 1.0) grpc-google-iam-v1 (1.5.0) google-protobuf (~> 3.18) @@ -2210,7 +2210,7 @@ DEPENDENCIES graphlyte (~> 1.0.0) graphql (= 2.4.13) graphql-docs (~> 5.0.0) - grpc (~> 1.72.0) + grpc (= 1.63.0) gssapi (~> 1.3.1) guard-rspec haml_lint (~> 0.58) diff --git a/pkgs/by-name/gi/gitlab/rubyEnv/gemset.nix b/pkgs/by-name/gi/gitlab/rubyEnv/gemset.nix index 33afdf2cb5d1..4edeca120f33 100644 --- a/pkgs/by-name/gi/gitlab/rubyEnv/gemset.nix +++ b/pkgs/by-name/gi/gitlab/rubyEnv/gemset.nix @@ -3886,10 +3886,10 @@ src: { platforms = [ ]; source = { remotes = [ "https://rubygems.org" ]; - sha256 = "02gakdhvpl777b41i8cgkrj7gk0jlq4fza9hjksp2r7ryji0vyjn"; + sha256 = "11ink0ayf14qgs3msn5a7dpg49vm3ck2415r64nfk1i8xv286hsz"; type = "gem"; }; - version = "1.72.0"; + version = "1.63.0"; }; grpc-google-iam-v1 = { dependencies = [ From 49ec48c3dbd4b8fca343918d87684e8a25d9c1c4 Mon Sep 17 00:00:00 2001 From: Yueh-Shun Li Date: Thu, 10 Jul 2025 03:36:26 +0800 Subject: [PATCH 24/50] fetchhg: fix hash assertion; make overridable when sha256 set Fix commit ef2f8315bf53 ("fetchhg: make argument hash overridable") --- pkgs/build-support/fetchhg/default.nix | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/pkgs/build-support/fetchhg/default.nix b/pkgs/build-support/fetchhg/default.nix index 1e5e76ec4ca0..45319bad3f68 100644 --- a/pkgs/build-support/fetchhg/default.nix +++ b/pkgs/build-support/fetchhg/default.nix @@ -30,16 +30,14 @@ lib.extendMkDerivation { outputHashAlgo = if finalAttrs.hash != null && finalAttrs.hash != "" then null else "sha256"; outputHashMode = "recursive"; - outputHash = - lib.throwIf (finalAttrs.hash != null && sha256 != null) "Only one of sha256 or hash can be set" - ( - if finalAttrs.hash != null then - finalAttrs.hash - else if sha256 != null then - sha256 - else - "" - ); + outputHash = lib.throwIf (hash != null && sha256 != null) "Only one of sha256 or hash can be set" ( + if finalAttrs.hash != null then + finalAttrs.hash + else if sha256 != null then + sha256 + else + "" + ); inherit url rev hash; inherit preferLocalBuild; From 5320b897a0c83e79b82455b9808ae7879e545396 Mon Sep 17 00:00:00 2001 From: PopeRigby Date: Sun, 6 Jul 2025 11:47:33 -0700 Subject: [PATCH 25/50] rustical: init at 0.4.11 --- pkgs/by-name/ru/rustical/package.nix | 35 ++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 pkgs/by-name/ru/rustical/package.nix diff --git a/pkgs/by-name/ru/rustical/package.nix b/pkgs/by-name/ru/rustical/package.nix new file mode 100644 index 000000000000..8c492caf2331 --- /dev/null +++ b/pkgs/by-name/ru/rustical/package.nix @@ -0,0 +1,35 @@ +{ + lib, + rustPlatform, + fetchFromGitHub, + pkg-config, + openssl, +}: + +rustPlatform.buildRustPackage (finalAttrs: { + pname = "rustical"; + version = "0.4.11"; + + src = fetchFromGitHub { + owner = "lennart-k"; + repo = "rustical"; + tag = "v${finalAttrs.version}"; + hash = "sha256-QWuJKEc6hBA2rdbaqdhrah+WyRwVd91Y8/BIOaKlW28="; + }; + + cargoHash = "sha256-dQF+6my+TxZ6niFO5OnLXcPt0LGEymaXE9NqZWU5HJk="; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ openssl ]; + + env.OPENSSL_NO_VENDOR = true; + + meta = { + description = "Yet another calendar server aiming to be simple, fast and passwordless"; + homepage = "https://github.com/lennart-k/rustical"; + changelog = "https://github.com/lennart-k/rustical/releases/tag/v${finalAttrs.version}"; + license = lib.licenses.agpl3Plus; + maintainers = with lib.maintainers; [ PopeRigby ]; + mainProgram = "rustical"; + }; +}) From 73b4810ff3a5a2124e3a0145ffc1060fdf27d732 Mon Sep 17 00:00:00 2001 From: Jared Baur Date: Wed, 9 Jul 2025 18:38:56 -0700 Subject: [PATCH 26/50] nixos/nvidia-container-toolkit: add extraArgs option --- .../nvidia-container-toolkit/cdi-generate.nix | 14 +++----------- .../hardware/nvidia-container-toolkit/default.nix | 9 +++++++++ 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/nixos/modules/services/hardware/nvidia-container-toolkit/cdi-generate.nix b/nixos/modules/services/hardware/nvidia-container-toolkit/cdi-generate.nix index 13595c320833..69b1c52a533e 100644 --- a/nixos/modules/services/hardware/nvidia-container-toolkit/cdi-generate.nix +++ b/nixos/modules/services/hardware/nvidia-container-toolkit/cdi-generate.nix @@ -10,18 +10,9 @@ nvidia-driver, runtimeShell, writeScriptBin, + extraArgs, }: let - mkMount = - { - hostPath, - containerPath, - mountOptions, - }: - { - inherit hostPath containerPath; - options = mountOptions; - }; mountToCommand = mount: "additionalMount \"${mount.hostPath}\" \"${mount.containerPath}\" '${builtins.toJSON mount.mountOptions}'"; @@ -48,7 +39,8 @@ writeScriptBin "nvidia-cdi-generator" '' --device-name-strategy ${device-name-strategy} \ --ldconfig-path ${lib.getExe' glibc "ldconfig"} \ --library-search-path ${lib.getLib nvidia-driver}/lib \ - --nvidia-cdi-hook-path ${lib.getExe' nvidia-container-toolkit.tools "nvidia-cdi-hook"} + --nvidia-cdi-hook-path ${lib.getExe' nvidia-container-toolkit.tools "nvidia-cdi-hook"} \ + ${lib.escapeShellArgs extraArgs} } function additionalMount { diff --git a/nixos/modules/services/hardware/nvidia-container-toolkit/default.nix b/nixos/modules/services/hardware/nvidia-container-toolkit/default.nix index d9596f754c6b..3e1648017a7c 100644 --- a/nixos/modules/services/hardware/nvidia-container-toolkit/default.nix +++ b/nixos/modules/services/hardware/nvidia-container-toolkit/default.nix @@ -120,6 +120,14 @@ }; package = lib.mkPackageOption pkgs "nvidia-container-toolkit" { }; + + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + description = '' + Extra arguments to be passed to nvidia-ctk. + ''; + }; }; }; @@ -241,6 +249,7 @@ device-name-strategy discovery-mode mounts + extraArgs ; nvidia-container-toolkit = config.hardware.nvidia-container-toolkit.package; nvidia-driver = config.hardware.nvidia.package; From fc7818ff161d4d48e3113cf16e390fc6d2de2eec Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 10 Jul 2025 07:38:22 +0000 Subject: [PATCH 27/50] wireless-regdb: 2025.02.20 -> 2025.07.10 --- pkgs/by-name/wi/wireless-regdb/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/wi/wireless-regdb/package.nix b/pkgs/by-name/wi/wireless-regdb/package.nix index 9141651290f7..2664ed9a23e8 100644 --- a/pkgs/by-name/wi/wireless-regdb/package.nix +++ b/pkgs/by-name/wi/wireless-regdb/package.nix @@ -7,11 +7,11 @@ stdenvNoCC.mkDerivation rec { pname = "wireless-regdb"; - version = "2025.02.20"; + version = "2025.07.10"; src = fetchurl { url = "https://www.kernel.org/pub/software/network/${pname}/${pname}-${version}.tar.xz"; - hash = "sha256-V/jnchz1qIDBOuDCAu27IQkqBg1F+enFm80qgnK/pFY="; + hash = "sha256-qDQLzc0bXbbHkUmHnRIrFw87sHU4FxjU9Cmtgxpvoo0="; }; dontBuild = true; From f94f29f1c767c966a47b4b03f5d8d7fe7011a217 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 10 Jul 2025 08:32:08 +0000 Subject: [PATCH 28/50] bibiman: 0.12.4 -> 0.13.1 --- pkgs/by-name/bi/bibiman/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/bi/bibiman/package.nix b/pkgs/by-name/bi/bibiman/package.nix index afd2f9aebf34..6f8c56d59ef0 100644 --- a/pkgs/by-name/bi/bibiman/package.nix +++ b/pkgs/by-name/bi/bibiman/package.nix @@ -8,18 +8,18 @@ rustPlatform.buildRustPackage rec { pname = "bibiman"; - version = "0.12.4"; + version = "0.13.1"; src = fetchFromGitea { domain = "codeberg.org"; owner = "lukeflo"; repo = "bibiman"; tag = "v${version}"; - hash = "sha256-6duqLBPm6GlBHm3Kr4foHF1MKodYOYKKDITk/BiX6mA="; + hash = "sha256-MdUabJQ5x3/n7dfbIjAqK9hDQ+lLNOtXknY4fTSW67Q="; }; useFetchCargoVendor = true; - cargoHash = "sha256-tbgzjTsK88+G4Wxex4Tl0K5Ii99tPNud3UEDzAHaI0M="; + cargoHash = "sha256-FARk/BCssI35aS4yxUnfGoV6C3i4/a/LQcEMIKD29Ac="; nativeInstallCheckInputs = [ versionCheckHook From c3bd3e291f7cbb6d31085cebe2ea0ceb0c0fddab Mon Sep 17 00:00:00 2001 From: Gaetan Lepage Date: Thu, 10 Jul 2025 10:43:08 +0200 Subject: [PATCH 29/50] python3Packages.orbax-checkpoint: 0.11.18 -> 0.11.19 Diff: https://github.com/google/orbax/compare/refs/tags/v0.11.18...refs/tags/v0.11.19 Changelog: https://github.com/google/orbax/blob/v0.11.19/checkpoint/CHANGELOG.md --- pkgs/development/python-modules/orbax-checkpoint/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/orbax-checkpoint/default.nix b/pkgs/development/python-modules/orbax-checkpoint/default.nix index 68c88de3c4ae..3176db485bec 100644 --- a/pkgs/development/python-modules/orbax-checkpoint/default.nix +++ b/pkgs/development/python-modules/orbax-checkpoint/default.nix @@ -35,14 +35,14 @@ buildPythonPackage rec { pname = "orbax-checkpoint"; - version = "0.11.18"; + version = "0.11.19"; pyproject = true; src = fetchFromGitHub { owner = "google"; repo = "orbax"; tag = "v${version}"; - hash = "sha256-Uosd2TfC3KJMp46SnNnodPBc+G1nNdqFOwPQA+aVyrQ="; + hash = "sha256-j15E4jGvxIjEdWG6Lwr9mvPXr9WifrD1zFF6Vj+7wik="; }; sourceRoot = "${src.name}/checkpoint"; From 306c312fc14fbec6bc4854da10b533082590475f Mon Sep 17 00:00:00 2001 From: Thiago Kenji Okada Date: Thu, 10 Jul 2025 10:07:42 +0100 Subject: [PATCH 30/50] nixos-rebuild-ng: fix tests in darwin Closes #423988. --- .../by-name/ni/nixos-rebuild-ng/src/tests/test_models.py | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_models.py b/pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_models.py index 90c3060e9ce4..c2abc9501bb9 100644 --- a/pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_models.py +++ b/pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_models.py @@ -108,9 +108,9 @@ def test_flake_from_arg( return_value=True, ), patch( - "pathlib.Path.is_symlink", + "pathlib.Path.resolve", autospec=True, - return_value=False, + return_value=Path("/etc/nixos/flake.nix"), ), ): assert m.Flake.from_arg(None, None) == m.Flake( @@ -123,11 +123,6 @@ def test_flake_from_arg( autospec=True, return_value=True, ), - patch( - "pathlib.Path.is_symlink", - autospec=True, - return_value=True, - ), patch( "pathlib.Path.resolve", autospec=True, From 9ee0c07819f3ca08444c1145dd45db2f1206f09b Mon Sep 17 00:00:00 2001 From: Gaetan Lepage Date: Thu, 10 Jul 2025 11:17:48 +0200 Subject: [PATCH 31/50] python3Packages.arviz: 0.21.0 -> 0.22.0 Diff: https://github.com/arviz-devs/arviz/compare/refs/tags/v0.21.0...refs/tags/v0.22.0 Changelog: https://github.com/arviz-devs/arviz/blob/v0.22.0/CHANGELOG.md --- pkgs/development/python-modules/arviz/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/arviz/default.nix b/pkgs/development/python-modules/arviz/default.nix index 642973dd8c30..997d9921c5bd 100644 --- a/pkgs/development/python-modules/arviz/default.nix +++ b/pkgs/development/python-modules/arviz/default.nix @@ -39,14 +39,14 @@ buildPythonPackage rec { pname = "arviz"; - version = "0.21.0"; + version = "0.22.0"; pyproject = true; src = fetchFromGitHub { owner = "arviz-devs"; repo = "arviz"; tag = "v${version}"; - hash = "sha256-rrOvdyZE0wo3iiiQ2hHklAtLU38mXs3hLsb+Fwy9eAk="; + hash = "sha256-ZzZZKEtpVy44119H+upU36VLriZjjwPz3gqgKrL+gRI="; }; build-system = [ From 56c34758244e6b759df9b604b35ce1c985ca3c8b Mon Sep 17 00:00:00 2001 From: Gaetan Lepage Date: Thu, 10 Jul 2025 10:42:56 +0200 Subject: [PATCH 32/50] python3Packages.mmengine: explicitly add distutils dep instead of patching --- pkgs/development/python-modules/mmengine/default.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/pkgs/development/python-modules/mmengine/default.nix b/pkgs/development/python-modules/mmengine/default.nix index da6d56052843..a5debed6a138 100644 --- a/pkgs/development/python-modules/mmengine/default.nix +++ b/pkgs/development/python-modules/mmengine/default.nix @@ -9,6 +9,7 @@ # dependencies addict, + distutils, matplotlib, numpy, opencv4, @@ -67,17 +68,13 @@ buildPythonPackage rec { + '' substituteInPlace tests/test_config/test_lazy.py \ --replace-fail "import numpy.compat" "" - - substituteInPlace mmengine/utils/dl_utils/collect_env.py \ - --replace-fail \ - "from distutils" \ - "from setuptools._distutils" ''; build-system = [ setuptools ]; dependencies = [ addict + distutils matplotlib numpy opencv4 From 15c719bc1edb1e1e49a2d16b0a7f0cc38f26caa4 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 10 Jul 2025 12:56:28 +0000 Subject: [PATCH 33/50] janus-gateway: 1.3.1 -> 1.3.2 --- pkgs/by-name/ja/janus-gateway/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/ja/janus-gateway/package.nix b/pkgs/by-name/ja/janus-gateway/package.nix index 5d9190b8a95b..66c75bf6734d 100644 --- a/pkgs/by-name/ja/janus-gateway/package.nix +++ b/pkgs/by-name/ja/janus-gateway/package.nix @@ -34,13 +34,13 @@ in stdenv.mkDerivation rec { pname = "janus-gateway"; - version = "1.3.1"; + version = "1.3.2"; src = fetchFromGitHub { owner = "meetecho"; repo = "janus-gateway"; rev = "v${version}"; - sha256 = "sha256-Y4MdbB706aziKPxM9y/3uCKpc60dMDlV0xgugDjfa7A="; + sha256 = "sha256-FvTNe2lpDBchhVLTD+fKtwTcuqsuSEeNWcRAbLibLbc="; }; nativeBuildInputs = [ From c49b710acc86baa15ab0b48f7739fdccf20e4749 Mon Sep 17 00:00:00 2001 From: Sizhe Zhao Date: Thu, 10 Jul 2025 22:53:22 +0800 Subject: [PATCH 34/50] nixosTests.stunnel: handleTest -> runTest --- nixos/tests/all-tests.nix | 2 +- nixos/tests/stunnel.nix | 29 +++++++++++++---------------- 2 files changed, 14 insertions(+), 17 deletions(-) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 5beb6b265e4d..e8efb0e8e077 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -1319,7 +1319,7 @@ in stratis = handleTest ./stratis { }; strongswan-swanctl = runTest ./strongswan-swanctl.nix; stub-ld = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./stub-ld.nix { }; - stunnel = handleTest ./stunnel.nix { }; + stunnel = import ./stunnel.nix { inherit runTest; }; sudo = runTest ./sudo.nix; sudo-rs = runTest ./sudo-rs.nix; sunshine = runTest ./sunshine.nix; diff --git a/nixos/tests/stunnel.nix b/nixos/tests/stunnel.nix index 0d817ccf7fb5..4bc3c7aff908 100644 --- a/nixos/tests/stunnel.nix +++ b/nixos/tests/stunnel.nix @@ -1,11 +1,4 @@ -{ - system ? builtins.currentSystem, - config ? { }, - pkgs ? import ../.. { inherit system config; }, -}: - -with import ../lib/testing-python.nix { inherit system pkgs; }; -with pkgs.lib; +{ runTest }: let stunnelCommon = { @@ -20,7 +13,12 @@ let }; }; makeCert = - { config, pkgs, ... }: + { + config, + lib, + pkgs, + ... + }: { systemd.services.create-test-cert = { wantedBy = [ "sysinit.target" ]; @@ -32,14 +30,14 @@ let unitConfig.DefaultDependencies = false; serviceConfig.Type = "oneshot"; script = '' - ${pkgs.openssl}/bin/openssl req -batch -x509 -newkey rsa -nodes -out /test-cert.pem -keyout /test-key.pem -subj /CN=${config.networking.hostName} + ${lib.getExe pkgs.openssl} req -batch -x509 -newkey rsa -nodes -out /test-cert.pem -keyout /test-key.pem -subj /CN=${config.networking.hostName} ( umask 077; cat /test-key.pem /test-cert.pem > /test-key-and-cert.pem ) chown stunnel /test-key.pem /test-key-and-cert.pem ''; }; }; serverCommon = - { pkgs, ... }: + { lib, pkgs, ... }: { networking.firewall.allowedTCPPorts = [ 443 ]; services.stunnel.servers.https = { @@ -51,7 +49,7 @@ let wantedBy = [ "multi-user.target" ]; script = '' cd /etc/webroot - ${pkgs.python3}/bin/python -m http.server 80 + ${lib.getExe' pkgs.python3 "python"} -m http.server 80 ''; }; }; @@ -61,10 +59,9 @@ let server_cert = ${src}.succeed("cat /test-cert.pem") ${dest}.succeed("echo %s > ${filename}" % quote(server_cert)) ''; - in { - basicServer = makeTest { + basicServer = runTest { name = "basicServer"; nodes = { @@ -92,7 +89,7 @@ in ''; }; - serverAndClient = makeTest { + serverAndClient = runTest { name = "serverAndClient"; nodes = { @@ -150,7 +147,7 @@ in ''; }; - mutualAuth = makeTest { + mutualAuth = runTest { name = "mutualAuth"; nodes = rec { From dde4a38d696dae1b2a9f14bfcd590ec555427286 Mon Sep 17 00:00:00 2001 From: Sizhe Zhao Date: Thu, 10 Jul 2025 23:06:54 +0800 Subject: [PATCH 35/50] nixosTests.systemd-initrd-networkd: handleTest -> runTest --- nixos/tests/all-tests.nix | 2 +- nixos/tests/systemd-initrd-networkd.nix | 150 ++++++++++++------------ 2 files changed, 76 insertions(+), 76 deletions(-) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 5beb6b265e4d..c09e6c6cf8d6 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -1364,7 +1364,7 @@ in systemd-initrd-luks-tpm2 = runTest ./systemd-initrd-luks-tpm2.nix; systemd-initrd-luks-unl0kr = runTest ./systemd-initrd-luks-unl0kr.nix; systemd-initrd-modprobe = runTest ./systemd-initrd-modprobe.nix; - systemd-initrd-networkd = handleTest ./systemd-initrd-networkd.nix { }; + systemd-initrd-networkd = import ./systemd-initrd-networkd.nix { inherit runTest; }; systemd-initrd-networkd-ssh = runTest ./systemd-initrd-networkd-ssh.nix; systemd-initrd-networkd-openvpn = handleTestOn [ "x86_64-linux" diff --git a/nixos/tests/systemd-initrd-networkd.nix b/nixos/tests/systemd-initrd-networkd.nix index 86accd21d935..ddc5966725db 100644 --- a/nixos/tests/systemd-initrd-networkd.nix +++ b/nixos/tests/systemd-initrd-networkd.nix @@ -1,61 +1,80 @@ -{ - system ? builtins.currentSystem, - config ? { }, - pkgs ? import ../.. { inherit system config; }, - lib ? pkgs.lib, -}: - -with import ../lib/testing-python.nix { inherit system pkgs; }; +{ runTest }: let - inherit (lib.maintainers) elvishjerricco; - - common = { - boot.initrd.systemd = { - enable = true; - network.wait-online.timeout = 10; - network.wait-online.anyInterface = true; - targets.network-online.requiredBy = [ "initrd.target" ]; - services.systemd-networkd-wait-online.requiredBy = [ "network-online.target" ]; - initrdBin = [ - pkgs.iproute2 - pkgs.iputils - pkgs.gnugrep - ]; + common = + { pkgs, ... }: + { + boot.initrd.systemd = { + enable = true; + network.wait-online.timeout = 10; + network.wait-online.anyInterface = true; + targets.network-online.requiredBy = [ "initrd.target" ]; + services.systemd-networkd-wait-online.requiredBy = [ "network-online.target" ]; + initrdBin = [ + pkgs.iproute2 + pkgs.iputils + pkgs.gnugrep + ]; + }; + testing.initrdBackdoor = true; + boot.initrd.network.enable = true; }; - testing.initrdBackdoor = true; - boot.initrd.network.enable = true; - }; mkFlushTest = flush: script: - makeTest { - name = "systemd-initrd-network-${lib.optionalString (!flush) "no-"}flush"; - meta.maintainers = [ elvishjerricco ]; + runTest ( + { lib, ... }: + { + name = "systemd-initrd-network-${lib.optionalString (!flush) "no-"}flush"; + meta.maintainers = with lib.maintainers; [ elvishjerricco ]; - nodes.machine = { - imports = [ common ]; + nodes.machine = + { pkgs, ... }: + { + imports = [ common ]; - boot.initrd.network.flushBeforeStage2 = flush; - systemd.services.check-flush = { - requiredBy = [ "multi-user.target" ]; - before = [ - "network-pre.target" - "multi-user.target" - "shutdown.target" - ]; - conflicts = [ "shutdown.target" ]; - wants = [ "network-pre.target" ]; - unitConfig.DefaultDependencies = false; - serviceConfig.Type = "oneshot"; - path = [ - pkgs.iproute2 - pkgs.iputils - pkgs.gnugrep - ]; - inherit script; - }; - }; + boot.initrd.network.flushBeforeStage2 = flush; + systemd.services.check-flush = { + requiredBy = [ "multi-user.target" ]; + before = [ + "network-pre.target" + "multi-user.target" + "shutdown.target" + ]; + conflicts = [ "shutdown.target" ]; + wants = [ "network-pre.target" ]; + unitConfig.DefaultDependencies = false; + serviceConfig.Type = "oneshot"; + path = [ + pkgs.iproute2 + pkgs.iputils + pkgs.gnugrep + ]; + inherit script; + }; + }; + + testScript = '' + machine.wait_for_unit("network-online.target") + machine.succeed( + "ip addr | grep 10.0.2.15", + "ping -c1 10.0.2.2", + ) + machine.switch_root() + + machine.wait_for_unit("multi-user.target") + ''; + } + ); +in +{ + basic = runTest ( + { lib, ... }: + { + name = "systemd-initrd-network"; + meta.maintainers = with lib.maintainers; [ elvishjerricco ]; + + nodes.machine = common; testScript = '' machine.wait_for_unit("network-online.target") @@ -65,33 +84,14 @@ let ) machine.switch_root() + # Make sure the systemd-network user was set correctly in initrd machine.wait_for_unit("multi-user.target") + machine.succeed("[ $(stat -c '%U,%G' /run/systemd/netif/links) = systemd-network,systemd-network ]") + machine.succeed("ip addr show >&2") + machine.succeed("ip route show >&2") ''; - }; - -in -{ - basic = makeTest { - name = "systemd-initrd-network"; - meta.maintainers = [ elvishjerricco ]; - - nodes.machine = common; - - testScript = '' - machine.wait_for_unit("network-online.target") - machine.succeed( - "ip addr | grep 10.0.2.15", - "ping -c1 10.0.2.2", - ) - machine.switch_root() - - # Make sure the systemd-network user was set correctly in initrd - machine.wait_for_unit("multi-user.target") - machine.succeed("[ $(stat -c '%U,%G' /run/systemd/netif/links) = systemd-network,systemd-network ]") - machine.succeed("ip addr show >&2") - machine.succeed("ip route show >&2") - ''; - }; + } + ); doFlush = mkFlushTest true '' if ip addr | grep 10.0.2.15; then From e9c1e2efe0cc911efedee6bca954b79e1af00188 Mon Sep 17 00:00:00 2001 From: Sizhe Zhao Date: Thu, 10 Jul 2025 23:15:09 +0800 Subject: [PATCH 36/50] nixosTests.systemd-networkd-dhcpserver-static-leases: handleTest -> runTest --- nixos/tests/all-tests.nix | 4 +- ...temd-networkd-dhcpserver-static-leases.nix | 166 +++++++++--------- 2 files changed, 83 insertions(+), 87 deletions(-) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 5beb6b265e4d..e9e3e49608ae 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -1386,9 +1386,7 @@ in systemd-networkd = runTest ./systemd-networkd.nix; systemd-networkd-bridge = runTest ./systemd-networkd-bridge.nix; systemd-networkd-dhcpserver = runTest ./systemd-networkd-dhcpserver.nix; - systemd-networkd-dhcpserver-static-leases = - handleTest ./systemd-networkd-dhcpserver-static-leases.nix - { }; + systemd-networkd-dhcpserver-static-leases = runTest ./systemd-networkd-dhcpserver-static-leases.nix; systemd-networkd-ipv6-prefix-delegation = handleTest ./systemd-networkd-ipv6-prefix-delegation.nix { }; diff --git a/nixos/tests/systemd-networkd-dhcpserver-static-leases.nix b/nixos/tests/systemd-networkd-dhcpserver-static-leases.nix index 512925eb9f5b..81c2e35d334d 100644 --- a/nixos/tests/systemd-networkd-dhcpserver-static-leases.nix +++ b/nixos/tests/systemd-networkd-dhcpserver-static-leases.nix @@ -1,96 +1,94 @@ # In contrast to systemd-networkd-dhcpserver, this test configures # the router with a static DHCP lease for the client's MAC address. -import ./make-test-python.nix ( - { lib, ... }: - { - name = "systemd-networkd-dhcpserver-static-leases"; - meta = with lib.maintainers; { - maintainers = [ veehaitch ]; - }; - nodes = { - router = { - virtualisation.vlans = [ 1 ]; - systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; - networking = { - useNetworkd = true; - useDHCP = false; - firewall.enable = false; - }; - systemd.network = { - networks = { - # systemd-networkd will load the first network unit file - # that matches, ordered lexiographically by filename. - # /etc/systemd/network/{40-eth1,99-main}.network already - # exists. This network unit must be loaded for the test, - # however, hence why this network is named such. - "01-eth1" = { - name = "eth1"; - networkConfig = { - DHCPServer = true; - Address = "10.0.0.1/24"; - }; - dhcpServerStaticLeases = [ - { - MACAddress = "02:de:ad:be:ef:01"; - Address = "10.0.0.10"; - } - ]; - }; - }; - }; +{ lib, ... }: +{ + name = "systemd-networkd-dhcpserver-static-leases"; + meta = with lib.maintainers; { + maintainers = [ veehaitch ]; + }; + nodes = { + router = { + virtualisation.vlans = [ 1 ]; + systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; + networking = { + useNetworkd = true; + useDHCP = false; + firewall.enable = false; }; - - client = { - virtualisation.vlans = [ 1 ]; - systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; - systemd.network = { - enable = true; - links."10-eth1" = { - matchConfig.OriginalName = "eth1"; - linkConfig.MACAddress = "02:de:ad:be:ef:01"; - }; - networks."40-eth1" = { - matchConfig.Name = "eth1"; + systemd.network = { + networks = { + # systemd-networkd will load the first network unit file + # that matches, ordered lexiographically by filename. + # /etc/systemd/network/{40-eth1,99-main}.network already + # exists. This network unit must be loaded for the test, + # however, hence why this network is named such. + "01-eth1" = { + name = "eth1"; networkConfig = { - DHCP = "ipv4"; - IPv6AcceptRA = false; + DHCPServer = true; + Address = "10.0.0.1/24"; }; - # This setting is important to have the router assign the - # configured lease based on the client's MAC address. Also see: - # https://github.com/systemd/systemd/issues/21368#issuecomment-982193546 - dhcpV4Config.ClientIdentifier = "mac"; - linkConfig.RequiredForOnline = "routable"; + dhcpServerStaticLeases = [ + { + MACAddress = "02:de:ad:be:ef:01"; + Address = "10.0.0.10"; + } + ]; }; }; - networking = { - useDHCP = false; - firewall.enable = false; - interfaces.eth1 = lib.mkForce { }; - }; }; }; - testScript = '' - start_all() - with subtest("check router network configuration"): - router.systemctl("start systemd-networkd-wait-online.service") - router.wait_for_unit("systemd-networkd-wait-online.service") - eth1_status = router.succeed("networkctl status eth1") - assert "Network File: /etc/systemd/network/01-eth1.network" in eth1_status, \ - "The router interface eth1 is not using the expected network file" - assert "10.0.0.1" in eth1_status, "Did not find expected router IPv4" + client = { + virtualisation.vlans = [ 1 ]; + systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; + systemd.network = { + enable = true; + links."10-eth1" = { + matchConfig.OriginalName = "eth1"; + linkConfig.MACAddress = "02:de:ad:be:ef:01"; + }; + networks."40-eth1" = { + matchConfig.Name = "eth1"; + networkConfig = { + DHCP = "ipv4"; + IPv6AcceptRA = false; + }; + # This setting is important to have the router assign the + # configured lease based on the client's MAC address. Also see: + # https://github.com/systemd/systemd/issues/21368#issuecomment-982193546 + dhcpV4Config.ClientIdentifier = "mac"; + linkConfig.RequiredForOnline = "routable"; + }; + }; + networking = { + useDHCP = false; + firewall.enable = false; + interfaces.eth1 = lib.mkForce { }; + }; + }; + }; + testScript = '' + start_all() - with subtest("check client network configuration"): - client.systemctl("start systemd-networkd-wait-online.service") - client.wait_for_unit("systemd-networkd-wait-online.service") - eth1_status = client.succeed("networkctl status eth1") - assert "Network File: /etc/systemd/network/40-eth1.network" in eth1_status, \ - "The client interface eth1 is not using the expected network file" - assert "10.0.0.10" in eth1_status, "Did not find expected client IPv4" + with subtest("check router network configuration"): + router.systemctl("start systemd-networkd-wait-online.service") + router.wait_for_unit("systemd-networkd-wait-online.service") + eth1_status = router.succeed("networkctl status eth1") + assert "Network File: /etc/systemd/network/01-eth1.network" in eth1_status, \ + "The router interface eth1 is not using the expected network file" + assert "10.0.0.1" in eth1_status, "Did not find expected router IPv4" - with subtest("router and client can reach each other"): - client.wait_until_succeeds("ping -c 5 10.0.0.1") - router.wait_until_succeeds("ping -c 5 10.0.0.10") - ''; - } -) + with subtest("check client network configuration"): + client.systemctl("start systemd-networkd-wait-online.service") + client.wait_for_unit("systemd-networkd-wait-online.service") + eth1_status = client.succeed("networkctl status eth1") + assert "Network File: /etc/systemd/network/40-eth1.network" in eth1_status, \ + "The client interface eth1 is not using the expected network file" + assert "10.0.0.10" in eth1_status, "Did not find expected client IPv4" + + with subtest("router and client can reach each other"): + client.wait_until_succeeds("ping -c 5 10.0.0.1") + router.wait_until_succeeds("ping -c 5 10.0.0.10") + ''; +} From 5c62836620d0943e366575e5e32f1915aeabea2e Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 10 Jul 2025 17:34:07 +0000 Subject: [PATCH 37/50] go-musicfox: 4.6.2 -> 4.6.3 --- pkgs/by-name/go/go-musicfox/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/go/go-musicfox/package.nix b/pkgs/by-name/go/go-musicfox/package.nix index 81178025bb2d..8fc71f8323fe 100644 --- a/pkgs/by-name/go/go-musicfox/package.nix +++ b/pkgs/by-name/go/go-musicfox/package.nix @@ -11,13 +11,13 @@ buildGoModule rec { pname = "go-musicfox"; - version = "4.6.2"; + version = "4.6.3"; src = fetchFromGitHub { owner = "go-musicfox"; repo = "go-musicfox"; rev = "v${version}"; - hash = "sha256-GpzbHShQvsgPNnUjk52PSDhvmxEuJVXNXI7z8ESv6QQ="; + hash = "sha256-TxBd+Q7tEyJpcUwOWAl2U1gmdNRYrBkGCtT961/8K1E="; }; deleteVendor = true; From 026bf166d95cf8a68845b0eed0b1eaddfbc98d01 Mon Sep 17 00:00:00 2001 From: Sarah Clark Date: Thu, 26 Jun 2025 13:40:55 -0700 Subject: [PATCH 38/50] python3Packages.sqlite-vec: init at 0.1.6 --- .../python-modules/sqlite-vec/default.nix | 85 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 4 + 2 files changed, 89 insertions(+) create mode 100644 pkgs/development/python-modules/sqlite-vec/default.nix diff --git a/pkgs/development/python-modules/sqlite-vec/default.nix b/pkgs/development/python-modules/sqlite-vec/default.nix new file mode 100644 index 000000000000..09fcf06304af --- /dev/null +++ b/pkgs/development/python-modules/sqlite-vec/default.nix @@ -0,0 +1,85 @@ +{ + lib, + buildPythonPackage, + fetchpatch, + + # build-system + setuptools, + setuptools-scm, + + # dependencies + sqlite-vec-c, # alias for pkgs.sqlite-vec + + # optional dependencies + numpy, + + # check inputs + openai, + pytestCheckHook, +}: + +buildPythonPackage rec { + inherit (sqlite-vec-c) pname version src; + pyproject = true; + + # The actual source root is bindings/python but the patches + # apply to the bindings directory. + # This is a known issue, see https://discourse.nixos.org/t/how-to-apply-patches-with-sourceroot/59727 + sourceRoot = "${src.name}/bindings"; + + patches = [ + (fetchpatch { + # https://github.com/asg017/sqlite-vec/pull/233 + name = "add-python-build-files.patch"; + url = "https://github.com/asg017/sqlite-vec/commit/c1917deb11aa79dcac32440679345b93e13b1b86.patch"; + hash = "sha256-4/9QLKuM/1AbD8AQHwJ14rhWVYVc+MILvK6+tWwWQlw="; + stripLen = 1; + }) + (fetchpatch { + # https://github.com/asg017/sqlite-vec/pull/233 + name = "add-python-test.patch"; + url = "https://github.com/asg017/sqlite-vec/commit/608972c9dcbfc7f4583e99fd8de6e5e16da11081.patch"; + hash = "sha256-8dfw7zs7z2FYh8DoAxurMYCDMOheg8Zl1XGcPw1A1BM="; + stripLen = 1; + }) + ]; + + # Change into the proper directory for building, move `extra_init.py` into its proper location, + # and supply the path to the library. + postPatch = '' + cd python + mv extra_init.py sqlite_vec/ + substituteInPlace sqlite_vec/__init__.py \ + --replace-fail "@libpath@" "${lib.getLib sqlite-vec-c}/lib/" + ''; + + build-system = [ + setuptools + setuptools-scm + ]; + + dependencies = [ + sqlite-vec-c + ]; + + optional-dependencies = { + numpy = [ + numpy + ]; + }; + + nativeCheckInputs = [ + numpy + openai + pytestCheckHook + sqlite-vec-c + ]; + + pythonImportsCheck = [ "sqlite_vec" ]; + + meta = sqlite-vec-c.meta // { + description = "Python bindings for sqlite-vec"; + maintainers = [ lib.maintainers.sarahec ]; + badPlatforms = [ "x86_64-darwin" ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 263a5fcd1ab3..c3b0a3daf68e 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -17009,6 +17009,10 @@ self: super: with self; { sqlite-utils = callPackage ../development/python-modules/sqlite-utils { }; + sqlite-vec = callPackage ../development/python-modules/sqlite-vec { + sqlite-vec-c = pkgs.sqlite-vec; + }; + sqlitedict = callPackage ../development/python-modules/sqlitedict { }; sqliteschema = callPackage ../development/python-modules/sqliteschema { }; From 435d2c036e3300bc9e60836b5a4df9715d93384b Mon Sep 17 00:00:00 2001 From: emilylange Date: Thu, 10 Jul 2025 20:33:44 +0200 Subject: [PATCH 39/50] ungoogled-chromium: 138.0.7204.96-1 -> 138.0.7204.100-1 https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop.html --- .../networking/browsers/chromium/info.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/info.json b/pkgs/applications/networking/browsers/chromium/info.json index 9efb34dec8fd..41e0be5b3cc3 100644 --- a/pkgs/applications/networking/browsers/chromium/info.json +++ b/pkgs/applications/networking/browsers/chromium/info.json @@ -802,7 +802,7 @@ } }, "ungoogled-chromium": { - "version": "138.0.7204.96", + "version": "138.0.7204.100", "deps": { "depot_tools": { "rev": "a8900cc0f023d6a662eb66b317e8ddceeb113490", @@ -813,16 +813,16 @@ "hash": "sha256-UB9a7Fr1W0yYld6WbXyRR8dFqWsj/zx4KumDZ5JQKSM=" }, "ungoogled-patches": { - "rev": "138.0.7204.96-1", - "hash": "sha256-tOQSvdwK3lMN/7l23rbw7txJ/ovRguSXe9oMeol63Cs=" + "rev": "138.0.7204.100-1", + "hash": "sha256-zIBOQlW8UAE7n8x6R5LLjiNUquLOiTPvyxx4sM9r85Y=" }, "npmHash": "sha256-8d5VTHutv51libabhxv7SqPRcHfhVmGDSOvTSv013rE=" }, "DEPS": { "src": { "url": "https://chromium.googlesource.com/chromium/src.git", - "rev": "f01343ee86bdb55cc999f82381f038cdbf20db62", - "hash": "sha256-9Ryxv2DvnIKVk4ZvjXegubFDUNzJ3YXGPuYHlntC3RU=", + "rev": "5f45b4744e3d5ba82c2ca6d942f1e7a516110752", + "hash": "sha256-bI75IXPl6YeauK2oTnUURh1ch1H7KKw/QzKYZ/q6htI=", "recompress": true }, "src/third_party/clang-format/script": { @@ -1047,8 +1047,8 @@ }, "src/third_party/devtools-frontend/src": { "url": "https://chromium.googlesource.com/devtools/devtools-frontend", - "rev": "f8dfe8b36e516cef8a5a169e88d16480d8abdc68", - "hash": "sha256-7ygnGBAeiLxwbTx5s7LRs9+ZOe06tr8VFcSY5cVHnS4=" + "rev": "a6dbe06dafbad00ef4b0ea139ece1a94a5e2e6d8", + "hash": "sha256-XkyJFRxo3ZTBGfKdTwSIo14SLNPQAKQvY4lEX03j6LM=" }, "src/third_party/dom_distiller_js/dist": { "url": "https://chromium.googlesource.com/chromium/dom-distiller/dist.git", From c22cd4b0493165919891fe7ae21ae79c127abd21 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 10 Jul 2025 18:55:56 +0000 Subject: [PATCH 40/50] cargo-mobile2: 0.20.1 -> 0.20.2 --- pkgs/by-name/ca/cargo-mobile2/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/ca/cargo-mobile2/package.nix b/pkgs/by-name/ca/cargo-mobile2/package.nix index 5ec4c9e830ea..28bd1afe832d 100644 --- a/pkgs/by-name/ca/cargo-mobile2/package.nix +++ b/pkgs/by-name/ca/cargo-mobile2/package.nix @@ -10,7 +10,7 @@ let pname = "cargo-mobile2"; - version = "0.20.1"; + version = "0.20.2"; in rustPlatform.buildRustPackage { inherit pname version; @@ -18,7 +18,7 @@ rustPlatform.buildRustPackage { owner = "tauri-apps"; repo = "cargo-mobile2"; rev = "cargo-mobile2-v${version}"; - hash = "sha256-gKqGmd34nNKMc3fl5lMH09oOGnmRaMDBwsbHhAeUMBc="; + hash = "sha256-mXedzfAN40IG8ivcSa/tf/Ys/rKcwkCmxU7/ja9ec2U="; }; # Manually specify the sourceRoot since this crate depends on other crates in the workspace. Relevant info at @@ -26,7 +26,7 @@ rustPlatform.buildRustPackage { # sourceRoot = "${src.name}/tooling/cli"; useFetchCargoVendor = true; - cargoHash = "sha256-QEZe+7/i0XygXxs7pwdS9WtYbE2pfrUuRQC0dm+WqTo="; + cargoHash = "sha256-Y1ykz7QU48AJVKBcYdrWEuNcahontkaJyFmrrh4eQs0="; preBuild = '' mkdir -p $out/share/ From 47a2c37fdd286f625c08ddc61a46b76a4d18a6a3 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 10 Jul 2025 19:01:09 +0000 Subject: [PATCH 41/50] bruno: 2.6.1 -> 2.7.0 --- pkgs/by-name/br/bruno/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/br/bruno/package.nix b/pkgs/by-name/br/bruno/package.nix index a9e3b9577ba7..4eb4e5175505 100644 --- a/pkgs/by-name/br/bruno/package.nix +++ b/pkgs/by-name/br/bruno/package.nix @@ -19,20 +19,20 @@ buildNpmPackage rec { pname = "bruno"; - version = "2.6.1"; + version = "2.7.0"; src = fetchFromGitHub { owner = "usebruno"; repo = "bruno"; tag = "v${version}"; - hash = "sha256-GR/TmBuZbt/8cB9gtRPgzSVnzdrB1BKhYjahfJ3ErgQ="; + hash = "sha256-qNZCLd4FixJ+I5xaIIQ9EIKfCXnPOZFGbXHkgagBbFE="; postFetch = '' ${lib.getExe npm-lockfile-fix} $out/package-lock.json ''; }; - npmDepsHash = "sha256-/u7xyd1+RXNN7khVOglzYGMCI+fPjyiuSF2BSZAqEtI="; + npmDepsHash = "sha256-osdjtn9jn6T1YizQM7I9cfiHvIkrZ8HRDNjsR+FS/DE="; npmFlags = [ "--legacy-peer-deps" ]; nativeBuildInputs = From 9f59c3509790d97927db3158a5d57db640a1ffbd Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Fri, 11 Jul 2025 05:03:26 +1000 Subject: [PATCH 42/50] home-assistant-custom-lovelace-modules.hourly-weather: 6.6.1 -> 6.7.0 (#424120) https://github.com/decompil3d/lovelace-hourly-weather/releases/tag/6.7.0 --- .../custom-lovelace-modules/hourly-weather/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/servers/home-assistant/custom-lovelace-modules/hourly-weather/package.nix b/pkgs/servers/home-assistant/custom-lovelace-modules/hourly-weather/package.nix index f046c21aecca..73ef72840313 100644 --- a/pkgs/servers/home-assistant/custom-lovelace-modules/hourly-weather/package.nix +++ b/pkgs/servers/home-assistant/custom-lovelace-modules/hourly-weather/package.nix @@ -6,16 +6,16 @@ buildNpmPackage rec { pname = "hourly-weather"; - version = "6.6.1"; + version = "6.7.0"; src = fetchFromGitHub { owner = "decompil3d"; repo = "lovelace-hourly-weather"; rev = version; - hash = "sha256-D2kCUcUgLyMVeba3xc02q/5PrEzXrBVCX+75F58j8y0="; + hash = "sha256-VrHgFup2hAnoxqJQGw23ZiPFpAwfgSLC97U+KHV3PKQ="; }; - npmDepsHash = "sha256-gpyqQd4pRF4xKgfT9gRAVnXLSFThjfJV2yu4zOCvVpg="; + npmDepsHash = "sha256-wXL1wLdBp8gkAfY29AS1fM/ZpCCoP1u9PTxDIahy1cg="; env.CYPRESS_INSTALL_BINARY = "0"; From a3ed1c0e1e1f04a9e4ebd6b9ae84b30af5a45a0f Mon Sep 17 00:00:00 2001 From: Vincent Laporte Date: Thu, 3 Jul 2025 22:05:18 +0200 Subject: [PATCH 43/50] =?UTF-8?q?flow:=200.238.3=20=E2=86=92=200.274.2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/development/tools/analysis/flow/default.nix | 14 +++++--------- pkgs/top-level/all-packages.nix | 4 +--- 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/pkgs/development/tools/analysis/flow/default.nix b/pkgs/development/tools/analysis/flow/default.nix index d11ea977b5af..07732200ee8a 100644 --- a/pkgs/development/tools/analysis/flow/default.nix +++ b/pkgs/development/tools/analysis/flow/default.nix @@ -7,19 +7,15 @@ stdenv.mkDerivation rec { pname = "flow"; - version = "0.238.3"; + version = "0.274.2"; src = fetchFromGitHub { owner = "facebook"; repo = "flow"; - rev = "v${version}"; - hash = "sha256-WlHta/wXTULehopXeIUdNAQb12Lf0SJnm1HIVHTDshA="; + tag = "v${version}"; + hash = "sha256-ZktRFFgPvIfbsAY3C6g3s3zqX3wES+QShu811m183cA="; }; - postPatch = '' - substituteInPlace src/services/inference/check_cache.ml --replace 'Core_kernel' 'Core' - ''; - makeFlags = [ "FLOW_RELEASE=1" ]; installPhase = '' @@ -39,12 +35,12 @@ stdenv.mkDerivation rec { buildInputs = ( with ocamlPackages; [ - core_kernel + camlp-streams dtoa fileutils lwt_log lwt_ppx - ocaml_lwt + lwt ppx_deriving ppx_gen_rec ppx_let diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 16a3b83a96c0..1106bcc38e36 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7232,9 +7232,7 @@ with pkgs; haskellPackages.callPackage ../tools/misc/fffuu { } ); - flow = callPackage ../development/tools/analysis/flow { - ocamlPackages = ocaml-ng.ocamlPackages_4_14; - }; + flow = callPackage ../development/tools/analysis/flow { }; framac = callPackage ../by-name/fr/framac/package.nix { ocamlPackages = ocaml-ng.ocamlPackages_5_2; From 3d13f8e03c1e76dadbb14d1aac01b68c15b7a545 Mon Sep 17 00:00:00 2001 From: Markus Hauck Date: Thu, 10 Jul 2025 20:21:33 +0200 Subject: [PATCH 44/50] claude-code: 1.0.44 -> 1.0.48 --- pkgs/by-name/cl/claude-code/package-lock.json | 8 ++++---- pkgs/by-name/cl/claude-code/package.nix | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pkgs/by-name/cl/claude-code/package-lock.json b/pkgs/by-name/cl/claude-code/package-lock.json index 028cc53b3dac..0ef129331cb8 100644 --- a/pkgs/by-name/cl/claude-code/package-lock.json +++ b/pkgs/by-name/cl/claude-code/package-lock.json @@ -6,13 +6,13 @@ "packages": { "": { "dependencies": { - "@anthropic-ai/claude-code": "^1.0.44" + "@anthropic-ai/claude-code": "^1.0.48" } }, "node_modules/@anthropic-ai/claude-code": { - "version": "1.0.44", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-1.0.44.tgz", - "integrity": "sha512-GCX0KeMcyhLlfs/dLWlMiHShAMmjt8d7xcVUS53z7VnV6s3cIIrRPsKQ/xX/Q9rFm5dSVmRnzU88Ku28fb3QKQ==", + "version": "1.0.48", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-1.0.48.tgz", + "integrity": "sha512-h63VBAZZ6Pl/DlYW2PjbfUeicZ4r9VSl8dymD3d+1lZEHwCPgfMpu3g+30+FDMs79Xqc7qSDm6CRnMApxhbjqw==", "hasInstallScript": true, "license": "SEE LICENSE IN README.md", "bin": { diff --git a/pkgs/by-name/cl/claude-code/package.nix b/pkgs/by-name/cl/claude-code/package.nix index b81187ca9982..015b0e958c29 100644 --- a/pkgs/by-name/cl/claude-code/package.nix +++ b/pkgs/by-name/cl/claude-code/package.nix @@ -7,16 +7,16 @@ buildNpmPackage rec { pname = "claude-code"; - version = "1.0.44"; + version = "1.0.48"; nodejs = nodejs_20; # required for sandboxed Nix builds on Darwin src = fetchzip { url = "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-${version}.tgz"; - hash = "sha256-Dnooy0KNfhirTu7hv6DfwL7SHwf++CKtG8VHptNhcxU="; + hash = "sha256-nl7NGiREuFpbr0if273FfbSpjD/BG8a/uMXfYtiZgbE="; }; - npmDepsHash = "sha256-Q3m4q0g/H5ZWmnMXSipRt3FUFu+SgDAJutVelQsv9ls="; + npmDepsHash = "sha256-ppsyT+VXXaIP1ncuJx1I8M6eLTk7zP1KStf5nnWSwSo="; postPatch = '' cp ${./package-lock.json} package-lock.json From 62c87f36bb5901a6700483a2c1ddd5b79f6128d4 Mon Sep 17 00:00:00 2001 From: Gaetan Lepage Date: Thu, 10 Jul 2025 21:57:27 +0200 Subject: [PATCH 45/50] python3Packages.timm: 1.0.16 -> 1.0.17 Diff: https://github.com/huggingface/pytorch-image-models/compare/refs/tags/v1.0.16...refs/tags/v1.0.17 Changelog: https://github.com/huggingface/pytorch-image-models/blob/v1.0.17/README.md#whats-new --- pkgs/development/python-modules/timm/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/timm/default.nix b/pkgs/development/python-modules/timm/default.nix index c41f4ce8d41a..b93e00cbf64f 100644 --- a/pkgs/development/python-modules/timm/default.nix +++ b/pkgs/development/python-modules/timm/default.nix @@ -22,14 +22,14 @@ buildPythonPackage rec { pname = "timm"; - version = "1.0.16"; + version = "1.0.17"; pyproject = true; src = fetchFromGitHub { owner = "huggingface"; repo = "pytorch-image-models"; tag = "v${version}"; - hash = "sha256-8z23KQvb+wAlM/IXDC9j6OV8ioZE1dx0xhITSzdHoeY="; + hash = "sha256-NWWKDWcwRrQ2lrNSbkA2xepAoPP7+0G7g7eIjGLZSCw="; }; build-system = [ pdm-backend ]; From 53765af0b5d1774a57f42db63df2d20be2824eda Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 10 Jul 2025 20:03:59 +0000 Subject: [PATCH 46/50] signal-export: 3.5.1 -> 3.6.0 --- pkgs/by-name/si/signal-export/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/si/signal-export/package.nix b/pkgs/by-name/si/signal-export/package.nix index fe39aff53eee..83b12f5c6350 100644 --- a/pkgs/by-name/si/signal-export/package.nix +++ b/pkgs/by-name/si/signal-export/package.nix @@ -7,13 +7,13 @@ python3.pkgs.buildPythonApplication rec { pname = "signal-export"; - version = "3.5.1"; + version = "3.6.0"; pyproject = true; src = fetchPypi { inherit version; pname = "signal_export"; - hash = "sha256-UhLWSYdJEDhZ1zI3nxhJoqeH8JfR4s9Hdp6fJ4UNROQ="; + hash = "sha256-lflRY6EC9fqgdYwQ9Incc2PJ22okZC9Juu6X7pxGJ8w="; }; build-system = with python3.pkgs; [ From b6d31139b57383910dbcc107d23c31d89e910732 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 10 Jul 2025 20:23:17 +0000 Subject: [PATCH 47/50] act: 0.2.78 -> 0.2.79 --- pkgs/by-name/ac/act/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/ac/act/package.nix b/pkgs/by-name/ac/act/package.nix index 2e181bf370f6..663b7ba6eabc 100644 --- a/pkgs/by-name/ac/act/package.nix +++ b/pkgs/by-name/ac/act/package.nix @@ -8,7 +8,7 @@ }: let - version = "0.2.78"; + version = "0.2.79"; in buildGoModule { pname = "act"; @@ -18,10 +18,10 @@ buildGoModule { owner = "nektos"; repo = "act"; tag = "v${version}"; - hash = "sha256-S4Ev7MszuvlsUstnjOltYnZTuhzeqP/GDqMEWsFLe5Y="; + hash = "sha256-tIp9iG8SCppg+tX/KdvAON5fKAHAlU01GSJEgvm2JSg="; }; - vendorHash = "sha256-YH5SIZ73VYqg7+sSJpvqkIlBUy1rs3uNEWiEBDRdkQw="; + vendorHash = "sha256-wMtRpFUOMia7ZbuKUUkkcr2Gi88fiZydqFSVSAdiKdo="; doCheck = false; From d29355f82e5fdff26ed0e98a5969b608b7a86688 Mon Sep 17 00:00:00 2001 From: Sarah Clark Date: Wed, 9 Jul 2025 15:44:15 -0700 Subject: [PATCH 48/50] python3Packages.txtai: use pkgs.sqlite-vec via sqlite-vec-c --- pkgs/development/python-modules/sqlite-vec/default.nix | 5 ++++- pkgs/development/python-modules/txtai/default.nix | 4 ++-- pkgs/top-level/python-packages.nix | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/pkgs/development/python-modules/sqlite-vec/default.nix b/pkgs/development/python-modules/sqlite-vec/default.nix index 09fcf06304af..7a389f10d40f 100644 --- a/pkgs/development/python-modules/sqlite-vec/default.nix +++ b/pkgs/development/python-modules/sqlite-vec/default.nix @@ -80,6 +80,9 @@ buildPythonPackage rec { meta = sqlite-vec-c.meta // { description = "Python bindings for sqlite-vec"; maintainers = [ lib.maintainers.sarahec ]; - badPlatforms = [ "x86_64-darwin" ]; + badPlatforms = [ + # segfaults during test + "x86_64-darwin" + ]; }; } diff --git a/pkgs/development/python-modules/txtai/default.nix b/pkgs/development/python-modules/txtai/default.nix index c2e51878a79a..888124f28ecb 100644 --- a/pkgs/development/python-modules/txtai/default.nix +++ b/pkgs/development/python-modules/txtai/default.nix @@ -24,7 +24,7 @@ hnswlib, pgvector, sqlalchemy, - sqlite-vec, + sqlite-vec-c, # api aiohttp, fastapi, @@ -103,7 +103,7 @@ let hnswlib pgvector sqlalchemy - sqlite-vec + sqlite-vec-c ]; api = [ aiohttp diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index c3b0a3daf68e..1f6bf1ba40d4 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -18312,7 +18312,7 @@ self: super: with self; { txrequests = callPackage ../development/python-modules/txrequests { }; - txtai = callPackage ../development/python-modules/txtai { }; + txtai = callPackage ../development/python-modules/txtai { sqlite-vec-c = pkgs.sqlite-vec; }; txtorcon = callPackage ../development/python-modules/txtorcon { }; From b06f79b368695ee2b6ed21bd4dd0b3ad68c1399a Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 10 Jul 2025 16:06:51 +0000 Subject: [PATCH 49/50] limine: 9.3.4 -> 9.4.0 --- pkgs/by-name/li/limine/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/li/limine/package.nix b/pkgs/by-name/li/limine/package.nix index 9d7125cfd481..b93ccaebffc7 100644 --- a/pkgs/by-name/li/limine/package.nix +++ b/pkgs/by-name/li/limine/package.nix @@ -42,14 +42,14 @@ in # as bootloader for various platforms and corresponding binary and helper files. stdenv.mkDerivation (finalAttrs: { pname = "limine"; - version = "9.3.4"; + version = "9.4.0"; # We don't use the Git source but the release tarball, as the source has a # `./bootstrap` script performing network access to download resources. # Packaging that in Nix is very cumbersome. src = fetchurl { url = "https://github.com/limine-bootloader/limine/releases/download/v${finalAttrs.version}/limine-${finalAttrs.version}.tar.gz"; - hash = "sha256-GXArMxm7vDyUShTIM1O8/4M8h/ol/b8YcsXdodxJqeM="; + hash = "sha256-ddQB0wKMhKSnPrJflgsDfyWCzOiFehf/2CijPiVk65U="; }; enableParallelBuilding = true; From 4a81a5e55686ca1360ad67daddb559865af713b5 Mon Sep 17 00:00:00 2001 From: Rebecca Turner Date: Tue, 13 May 2025 15:15:22 -0700 Subject: [PATCH 50/50] lib.packagesFromDirectoryRecursive: Allow non-"path" `directory` MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As initially designed, `lib.packagesFromDirectoryRecursive` allowed passing a string for the `directory` argument. This is necessary for several reasons: - `outPath` on derivations and Flake inputs is not a path. - Derivations can be coerced to their `outPath` in string interpolation, but that produces strings, not paths. - `builtins.path`, bizarrely, returns a string instead of a path (not that the documentation makes this clear). If a path is used instead of a string here, then Nix will dutifully copy the entire directory into a new path in the Nix store (ignored as WONTFIX by Eelco in https://github.com/NixOS/nix/issues/9428). For industrial use cases, this can result in an extra 10-15 seconds on every single eval just to copy files from one spot in the Nix store to another spot in the Nix store. In #361424, this was changed so that `directory` must be a path, breaking these use-cases. I'm not really sure what happened here -- #361424 has very little justification for why it exists, only a reference to a previous version of the PR (#359941), which itself had very little justification given. The description on #359941 explained that it would "Shrink the function's code by ~2/3rd 🎉", but 60% of the reduction in size was just deleting comments (!) and bindings like `directoryEntryIsPackage` that helped clarify the intent of the implementation. As a result, the new implementation is (to my eyes) more challenging to read and understand. I think the whole thing was in service of #392800, which adds a `newScope` argument in order "to create nested scopes for each (sub)directory (not just the top-level one) when `newScope` is given." Nobody noticed this regression until after the commit was merged. After @phanirithvij pointed out the regression, @nbraud said they would "shortly prepare a PR to fix this" [1] but did not. Later, they would explain that they were "quite ill the last month(s)" [2], which explains why this got forgotten about. @nbraud also requested a review from @Gabriella439 [3], as she had reviewed the original PR adding `lib.packagesFromDirectoryRecursive`, but not from me, the original author of that PR. @Gabriella439 did not review the "refactor" PR, and no attempt to contact her or myself was made after that initial request. This behavior is admittedly rather subtle, so I'm not sure either Gabriella or myself would have noticed the change (especially since the relevant PR restructures the entire implementation). While I find this a bit frustrating, I should have added a test for this use-case in my original PR; if there was a test that relied on passing paths in as a string, perhaps the authors modifying this code would have noticed that the implementation was not an accident. [1]: https://github.com/NixOS/nixpkgs/pull/361424#discussion_r1912407693 [2]: https://github.com/NixOS/nixpkgs/pull/359984#issuecomment-2775768808 [3]: https://github.com/NixOS/nixpkgs/pull/361424#issuecomment-2521308983 --- lib/filesystem.nix | 5 ++--- lib/tests/misc.nix | 28 ++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 3 deletions(-) diff --git a/lib/filesystem.nix b/lib/filesystem.nix index 1014c274041f..a950720602a7 100644 --- a/lib/filesystem.nix +++ b/lib/filesystem.nix @@ -385,7 +385,6 @@ in recurseIntoAttrs removeSuffix ; - inherit (lib.path) append; # Generate an attrset corresponding to a given directory. # This function is outside `packagesFromDirectoryRecursive`'s lambda expression, @@ -396,7 +395,7 @@ in name: type: # for each directory entry let - path = append directory name; + path = directory + "/${name}"; in if type == "directory" then { @@ -429,7 +428,7 @@ in directory, }@args: let - defaultPath = append directory "package.nix"; + defaultPath = directory + "/package.nix"; in if pathExists defaultPath then # if `${directory}/package.nix` exists, call it directly diff --git a/lib/tests/misc.nix b/lib/tests/misc.nix index a723d198cb88..d9a72b29f2f4 100644 --- a/lib/tests/misc.nix +++ b/lib/tests/misc.nix @@ -4158,6 +4158,34 @@ runTests { }; }; + # Make sure that passing a string for the `directory` works. + # + # See: https://github.com/NixOS/nixpkgs/pull/361424#discussion_r1934813568 + # See: https://github.com/NixOS/nix/issues/9428 + testPackagesFromDirectoryRecursiveStringDirectory = { + expr = packagesFromDirectoryRecursive { + callPackage = path: overrides: import path overrides; + # Do NOT remove the `builtins.toString` call here!!! + directory = builtins.toString ./packages-from-directory/plain; + }; + expected = { + a = "a"; + b = "b"; + # Note: Other files/directories in `./test-data/c/` are ignored and can be + # used by `package.nix`. + c = "c"; + my-namespace = { + d = "d"; + e = "e"; + f = "f"; + my-sub-namespace = { + g = "g"; + h = "h"; + }; + }; + }; + }; + # Check that `packagesFromDirectoryRecursive` can process a directory with a # top-level `package.nix` file into a single package. testPackagesFromDirectoryRecursiveTopLevelPackageNix = {