talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Merge staging-next into staging

Browse Source
This commit is contained in:
nixpkgs-ci[bot] 2025-06-20 18:06:24 +00:00 committed by GitHub
commit 824e6df728
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
114 changed files with 831 additions and 1450 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nixos/modules/profiles/minimal.nix
View File

@ -27,6 +27,7 @@ in
# The lessopen package pulls in Perl.
less.lessopen = mkDefault null;
command-not-found.enable = mkDefault false;
fish.generateCompletions = mkDefault false;
};
# This pulls in nixos-containers which depends on Perl.

40
nixos/modules/programs/fish.nix
View File

@ -72,6 +72,11 @@ in
'';
};
generateCompletions = lib.mkEnableOption "generating completion files from man pages" // {
default = true;
example = false;
};
vendor.config.enable = lib.mkOption {
type = lib.types.bool;
default = true;
@ -247,7 +252,7 @@ in
'';
}
{
(lib.mkIf cfg.generateCompletions {
etc."fish/generated_completions".source =
let
patchedGenerator = pkgs.stdenv.mkDerivation {
@ -297,7 +302,7 @@ in
ignoreCollisions = true;
paths = builtins.map generateCompletions config.environment.systemPackages;
};
}
})
# include programs that bring their own completions
{
@ -318,20 +323,23 @@ in
}
];
programs.fish.interactiveShellInit = ''
# add completions generated by NixOS to $fish_complete_path
begin
# joins with null byte to accommodate all characters in paths, then respectively gets all paths before (exclusive) / after (inclusive) the first one including "generated_completions",
# splits by null byte, and then removes all empty lines produced by using 'string'
set -l prev (string join0 $fish_complete_path | string match --regex "^.*?(?=\x00[^\x00]*generated_completions.*)" | string split0 | string match -er ".")
set -l post (string join0 $fish_complete_path | string match --regex "[^\x00]*generated_completions.*" | string split0 | string match -er ".")
set fish_complete_path $prev "/etc/fish/generated_completions" $post
end
# prevent fish from generating completions on first run
if not test -d $__fish_user_data_dir/generated_completions
${pkgs.coreutils}/bin/mkdir $__fish_user_data_dir/generated_completions
end
'';
programs.fish.interactiveShellInit =
lib.optionalString cfg.generateCompletions ''
# add completions generated by NixOS to $fish_complete_path
begin
# joins with null byte to accommodate all characters in paths, then respectively gets all paths before (exclusive) / after (inclusive) the first one including "generated_completions",
# splits by null byte, and then removes all empty lines produced by using 'string'
set -l prev (string join0 $fish_complete_path | string match --regex "^.*?(?=\x00[^\x00]*generated_completions.*)" | string split0 | string match -er ".")
set -l post (string join0 $fish_complete_path | string match --regex "[^\x00]*generated_completions.*" | string split0 | string match -er ".")
set fish_complete_path $prev "/etc/fish/generated_completions" $post
end
''
+ ''
# prevent fish from generating completions on first run
if not test -d $__fish_user_data_dir/generated_completions
${pkgs.coreutils}/bin/mkdir $__fish_user_data_dir/generated_completions
end
'';
};
meta.maintainers = with lib.maintainers; [ sigmasquadron ];

2
nixos/modules/services/databases/mongodb.nix
View File

@ -199,7 +199,7 @@ in
postStart = ''
if test -e "${cfg.dbpath}/.first_startup"; then
${lib.optionalString (cfg.initialScript != null) ''
initialRootPassword=$(<${cfg.initialRootPasswordFile})
${lib.optionalString (cfg.enableAuth) "initialRootPassword=$(<${cfg.initialRootPasswordFile})"}
${mongoshExe} ${lib.optionalString (cfg.enableAuth) "-u root -p $initialRootPassword"} admin "${cfg.initialScript}"
''}
rm -f "${cfg.dbpath}/.first_startup"

2
nixos/modules/services/web-apps/mastodon.nix
View File

@ -973,7 +973,7 @@ in
'';
path = [
cfg.package
config.services.postgresql.package
(if databaseActuallyCreateLocally then config.services.postgresql.package else pkgs.postgresql)
];
environment =
env

10
nixos/tests/matrix/synapse.nix
View File

@ -187,8 +187,6 @@ in
networksStyle = "subnet";
enableSubmission = true;
tlsTrustedAuthorities = "${mailerCerts.ca.cert}";
sslCert = "${mailerCerts.${mailerDomain}.cert}";
sslKey = "${mailerCerts.${mailerDomain}.key}";
# blackhole transport
transport = "example.com discard:silently";
@ -205,6 +203,14 @@ in
smtp_tls_protocols = "TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
smtpd_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
smtp_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
smtp_tls_chain_files = [
"${mailerCerts.${mailerDomain}.key}"
"${mailerCerts.${mailerDomain}.cert}"
];
smtpd_tls_chain_files = [
"${mailerCerts.${mailerDomain}.key}"
"${mailerCerts.${mailerDomain}.cert}"
];
};
};
};

1
nixos/tests/tlsrpt.nix
View File

@ -31,6 +31,7 @@
machine.wait_for_file("/run/tlsrpt/collectd.sock")
machine.wait_until_succeeds("journalctl -o cat -u tlsrpt-collectd | grep -Pq 'Database .* setup finished'")
machine.wait_until_succeeds("journalctl -o cat -u tlsrpt-reportd | grep -Pq 'Database .* setup finished'")
machine.wait_until_succeeds("journalctl -o cat -u tlsrpt-reportd | grep -Pq 'Fetcher .* finished'")
# Enabling postfix should put sendmail as the sendmail setting
machine.succeed("grep -q sendmail_script=sendmail /etc/tlsrpt/reportd.cfg")

6
pkgs/applications/misc/prusa-slicer/default.nix
View File

@ -27,7 +27,7 @@
opencascade-occt_7_6_1,
openvdb,
qhull,
tbb_2021_11,
tbb_2021,
wxGTK32,
xorg,
libbgcode,
@ -54,7 +54,7 @@ let
hash = "sha256-WNdAYu66ggpSYJ8Kt57yEA4mSTv+Rvzj9Rm1q765HpY=";
};
});
openvdb_tbb_2021_8 = openvdb.override { tbb = tbb_2021_11; };
openvdb_tbb_2021_8 = openvdb.override { tbb = tbb_2021; };
wxGTK-override' = if wxGTK-override == null then wxGTK32 else wxGTK-override;
opencascade-override' =
if opencascade-override == null then opencascade-occt_7_6_1 else opencascade-override;
@ -125,7 +125,7 @@ stdenv.mkDerivation (finalAttrs: {
opencascade-override'
openvdb_tbb_2021_8
qhull
tbb_2021_11
tbb_2021
wxGTK-override'
xorg.libX11
libbgcode

4
pkgs/applications/networking/sync/rclone/default.nix
View File

@ -17,7 +17,7 @@
buildGoModule rec {
pname = "rclone";
version = "1.70.0";
version = "1.70.1";
outputs = [
"out"
@ -28,7 +28,7 @@ buildGoModule rec {
owner = "rclone";
repo = "rclone";
tag = "v${version}";
hash = "sha256-HBH3cOJzp3lNI9U2PWChjWmOurmq7clOPFvwnqOg1xA=";
hash = "sha256-lfBwVRYqMjmSQBq3D20G8TfxnTUTspPM3x88UAqReVE=";
};
vendorHash = "sha256-9yEWEM96cRUzp1mRXEzxvOaBZQsf7Zifoe163OtJCPw=";

6
pkgs/applications/virtualization/singularity/packages.nix
View File

@ -46,19 +46,19 @@ let
callPackage
(import ./generic.nix rec {
pname = "singularity-ce";
version = "4.3.1";
version = "4.3.2";
projectName = "singularity";
src = fetchFromGitHub {
owner = "sylabs";
repo = "singularity";
tag = "v${version}";
hash = "sha256-hkUM9K0AweRpLa+LZ7XOI/oDk72EKWzVN5h4Kz2w2B0=";
hash = "sha256-lYYY449agINk1cwRl06gstGhkwQKaeZdLnwT6bW6HY4=";
};
# Override vendorHash with overrideAttrs.
# See https://nixos.org/manual/nixpkgs/unstable/#buildGoModule-vendorHash
vendorHash = "sha256-hAVynmVXPmQPo+Kd2ajBSU+UqBpvJ5TokOJXZwySr+w=";
vendorHash = "sha256-3CEkaG8k6W1/8v8tsVLXdSV68QHUgn5/BEd8qjkW7ik=";
extraConfigureFlags = [
# Do not build squashfuse from the Git submodule sources, use Nixpkgs provided version

2
pkgs/by-name/ac/actual-server/package.nix
View File

@ -108,7 +108,7 @@ stdenv.mkDerivation (finalAttrs: {
'';
passthru = {
inherit (finalAttrs) offlineCache webUi;
inherit (finalAttrs) offlineCache;
tests = nixosTests.actual;
};

2
pkgs/by-name/an/anubis/update.sh
View File

@ -3,6 +3,6 @@
set -euo pipefail
nix-update anubis --src-only
nix-update anubis --src-only --version-regex='^v(\d+\.\d+\.\d+)$'
nix-update anubis.xess --version=skip
nix-update anubis --version=skip

7
pkgs/by-name/ap/aprutil/package.nix
View File

@ -22,12 +22,12 @@ assert sslSupport -> openssl != null;
assert bdbSupport -> db != null;
assert ldapSupport -> openldap != null;
stdenv.mkDerivation (finalAttrs: {
stdenv.mkDerivation rec {
pname = "apr-util";
version = "1.6.3";
src = fetchurl {
url = "mirror://apache/apr/apr-util-${finalAttrs.version}.tar.bz2";
url = "mirror://apache/apr/${pname}-${version}.tar.bz2";
sha256 = "sha256-pBB243EHRjJsOUUEKZStmk/KwM4Cd92P6gdv7DyXcrU=";
};
@ -44,7 +44,6 @@ stdenv.mkDerivation (finalAttrs: {
"dev"
];
outputBin = "dev";
passthru.bin = finalAttrs.finalPackage.${finalAttrs.outputBin}; # fixes lib.getExe
nativeBuildInputs = [
makeWrapper
@ -122,4 +121,4 @@ stdenv.mkDerivation (finalAttrs: {
platforms = platforms.unix;
license = licenses.asl20;
};
})
}

4
pkgs/by-name/au/autotier/package.nix
View File

@ -8,7 +8,7 @@
boost,
fuse3,
lib45d,
tbb_2021_11,
tbb_2021,
liburing,
installShellFiles,
}:
@ -46,7 +46,7 @@ stdenv.mkDerivation (finalAttrs: {
boost
fuse3
lib45d
tbb_2021_11
tbb_2021
liburing
];

4
pkgs/by-name/ba/bambu-studio/package.nix
View File

@ -34,7 +34,7 @@
opencv,
pcre,
systemd,
tbb_2021_11,
tbb_2021,
webkitgtk_4_0,
wxGTK31,
xorg,
@ -102,7 +102,7 @@ stdenv.mkDerivation rec {
opencascade-occt_7_6
openvdb
pcre
tbb_2021_11
tbb_2021
webkitgtk_4_0
wxGTK'
xorg.libX11

4
pkgs/by-name/ca/cabinpkg/package.nix
View File

@ -2,7 +2,7 @@
lib,
stdenv,
fetchFromGitHub,
tbb_2021_11,
tbb_2021,
libgit2,
curl,
fmt,
@ -39,7 +39,7 @@ stdenv.mkDerivation rec {
buildInputs = [
libgit2
fmt
tbb_2021_11
tbb_2021
nlohmann_json
curl
];

1
pkgs/by-name/ca/cairo/package.nix
View File

@ -49,7 +49,6 @@ stdenv.mkDerivation (
"devdoc"
];
outputBin = "dev"; # very small
passthru.bin = finalAttrs.finalPackage.${finalAttrs.outputBin}; # fixes lib.getExe
separateDebugInfo = true;
nativeBuildInputs = [

8
pkgs/by-name/cl/claude-code/package-lock.json generated
View File

@ -6,13 +6,13 @@
"packages": {
"": {
"dependencies": {
"@anthropic-ai/claude-code": "^1.0.29"
"@anthropic-ai/claude-code": "^1.0.30"
}
},
"node_modules/@anthropic-ai/claude-code": {
"version": "1.0.29",
"resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-1.0.29.tgz",
"integrity": "sha512-ZHw84ZJTxtG/jTLioTkF2ck+whQEKQvCrYvjP+nZnVFirOPV0QwpJyhKsdHFUufnbO4lqACs4dNNnhy0IlKTzQ==",
"version": "1.0.30",
"resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-1.0.30.tgz",
"integrity": "sha512-qIs92Cq3hFwn9/lZBta+wWJfGoQsrbFuiVm0bkurwGKxaJV69Ibr6hYfSU/lIKLcbvSygkZ/tWRxFQt44gnFhQ==",
"hasInstallScript": true,
"license": "SEE LICENSE IN README.md",
"bin": {

6
pkgs/by-name/cl/claude-code/package.nix
View File

@ -7,16 +7,16 @@
buildNpmPackage rec {
pname = "claude-code";
version = "1.0.29";
version = "1.0.30";
nodejs = nodejs_20; # required for sandboxed Nix builds on Darwin
src = fetchzip {
url = "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-${version}.tgz";
hash = "sha256-IQnDrtHeK1F7+yKtPXvfhb6iZq6IKQsn8p7WY8s3jgg=";
hash = "sha256-DwzSXpDrNV8FhfqrRQ3OK/LjmiXd+VHEW91jnyds2P4=";
};
npmDepsHash = "sha256-Lhzl/Wgvn42ODu18jd0CIuCXziSX25C9ec7yNxdPi2w=";
npmDepsHash = "sha256-M6H6A4i4JBqcFTG/ZkmxpINa4lw8sO5+iu2YcBqmvi4=";
postPatch = ''
cp ${./package-lock.json} package-lock.json

7
pkgs/by-name/db/dbus-glib/package.nix
View File

@ -11,12 +11,12 @@
glib,
}:
stdenv.mkDerivation (finalAttrs: {
stdenv.mkDerivation rec {
pname = "dbus-glib";
version = "0.114";
src = fetchurl {
url = "${finalAttrs.meta.homepage}/releases/dbus-glib/dbus-glib-${finalAttrs.version}.tar.gz";
url = "${meta.homepage}/releases/dbus-glib/dbus-glib-${version}.tar.gz";
sha256 = "sha256-wJxcCFsqDjkbjufXg6HWP+RE6WcXzBgU1htej8KCenw=";
};
@ -26,7 +26,6 @@ stdenv.mkDerivation (finalAttrs: {
"devdoc"
];
outputBin = "dev";
passthru.bin = finalAttrs.finalPackage.${finalAttrs.outputBin}; # fixes lib.getExe
nativeBuildInputs = [
pkg-config
@ -65,4 +64,4 @@ stdenv.mkDerivation (finalAttrs: {
maintainers = [ ];
platforms = lib.platforms.unix;
};
})
}

1
pkgs/by-name/ex/expat/package.nix
View File

@ -40,7 +40,6 @@ stdenv.mkDerivation (finalAttrs: {
"dev"
]; # TODO: fix referrers
outputBin = "dev";
passthru.bin = finalAttrs.finalPackage.${finalAttrs.outputBin}; # fixes lib.getExe
enableParallelBuilding = true;

6
pkgs/by-name/ez/eza/package.nix
View File

@ -15,17 +15,17 @@
rustPlatform.buildRustPackage (finalAttrs: {
pname = "eza";
version = "0.21.4";
version = "0.21.5";
src = fetchFromGitHub {
owner = "eza-community";
repo = "eza";
tag = "v${finalAttrs.version}";
hash = "sha256-lwCZj4EHzgZSAQTnJZizonh4FmKoX3dkYKbIcn1WBHs=";
hash = "sha256-Mnd4Hzuzq8aawwDn7qtjbAyM/JLlhtoATF/OUzqQkHc=";
};
useFetchCargoVendor = true;
cargoHash = "sha256-8XkkClXyTT2+py57rSTMNpnuesTujNgHTz6K2gmDHYM=";
cargoHash = "sha256-3BNyoKWPmq2CHiBeliUGWpChtSmfJUEmf4JZoYVVpb8=";
nativeBuildInputs = [
cmake

4
pkgs/by-name/fa/fastfetch/package.nix
View File

@ -59,13 +59,13 @@
}:
stdenv.mkDerivation (finalAttrs: {
pname = "fastfetch";
version = "2.45.0";
version = "2.46.0";
src = fetchFromGitHub {
owner = "fastfetch-cli";
repo = "fastfetch";
tag = finalAttrs.version;
hash = "sha256-HDr4goUvAKeMk2UGmF2ON72ETQQipNwLfsvyB+f74LE=";
hash = "sha256-gRDG3lbUcApUushUPCpTkzc6FOB/CHrsVZwdRn6IEL8=";
};
outputs = [

4
pkgs/by-name/fh/fheroes2/package.nix
View File

@ -18,13 +18,13 @@
stdenv.mkDerivation rec {
pname = "fheroes2";
version = "1.1.8";
version = "1.1.9";
src = fetchFromGitHub {
owner = "ihhub";
repo = "fheroes2";
rev = version;
hash = "sha256-Z6pepW2hHaDNkkMVxuekoNNibsuicyGLmA8Y9isy8Mo=";
hash = "sha256-REZBez5R10kifIAnuoTxoyFlcfv5JufjX3mkItD6US4=";
};
nativeBuildInputs = [ imagemagick ];

8
pkgs/by-name/gn/gnucash/package.nix
View File

@ -3,6 +3,7 @@
stdenv,
fetchFromGitHub,
fetchurl,
fetchpatch2,
aqbanking,
boost,
cmake,
@ -89,6 +90,12 @@ stdenv.mkDerivation rec {
./0004-exec-fq-wrapper.patch
# this patch adds in env vars to the Python lib that makes it able to find required resource files
./0005-python-env.patch
# this patch backports a fix to remove unused includes causing build failures
(fetchpatch2 {
url = "https://github.com/Gnucash/gnucash/commit/940085a0172216240232551022686cea4da86096.patch?full_index=1";
name = "0006-remove-unused-includes.patch";
hash = "sha256-4CpBtKDkcT1HlOAHsbASxPiHKVpZ9ETWS3fXEupOl0Q=";
})
];
postPatch = ''
@ -188,7 +195,6 @@ stdenv.mkDerivation rec {
'';
license = licenses.gpl2Plus;
maintainers = with maintainers; [
rski
nevivurn
];
platforms = platforms.unix;

1
pkgs/by-name/go/go-containerregistry/package.nix
View File

@ -68,6 +68,7 @@ buildGoModule rec {
description = "Tools for interacting with remote images and registries including crane and gcrane";
homepage = "https://github.com/google/go-containerregistry";
license = licenses.asl20;
mainProgram = "crane";
maintainers = with maintainers; [ yurrriq ];
};
}

6
pkgs/by-name/go/gopher64/package.nix
View File

@ -19,13 +19,13 @@
rustPlatform.buildRustPackage (finalAttrs: {
pname = "gopher64";
version = "1.0.16";
version = "1.0.17";
src = fetchFromGitHub {
owner = "gopher64";
repo = "gopher64";
tag = "v${finalAttrs.version}";
hash = "sha256-TduOmKK4OAmhP2VUT0eeoKHQHmsM8kptrxfgCdDFTRU=";
hash = "sha256-DDFtPISV17jQMECBIqYbbGhZpjYXuNnOq7EiEVtSzgc=";
fetchSubmodules = true;
leaveDotGit = true;
postFetch = ''
@ -51,7 +51,7 @@ rustPlatform.buildRustPackage (finalAttrs: {
'';
useFetchCargoVendor = true;
cargoHash = "sha256-9fZ7zFTqt1VNnmCqFzWrZFD1PQZ7paz7r2Mb+9+C9Rs=";
cargoHash = "sha256-31kEYwlDA6iYcwPZyQU4gM/VLfPNeYcDKhhBqzNp/QE=";
env.ZSTD_SYS_USE_PKG_CONFIG = true;

26
pkgs/by-name/go/gopher64/use-sdl3-via-pkg-config.patch
View File

@ -1,8 +1,8 @@
diff --git a/Cargo.lock b/Cargo.lock
index 89bc1d0..72b65cd 100644
index 81c7e20..6ae0a17 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -626,15 +626,6 @@ dependencies = [
@@ -611,15 +611,6 @@ dependencies = [
"error-code",
]
@ -18,7 +18,7 @@ index 89bc1d0..72b65cd 100644
[[package]]
name = "cobs"
version = "0.2.3"
@@ -3245,12 +3236,6 @@ dependencies = [
@@ -3243,12 +3234,6 @@ dependencies = [
"windows-sys 0.52.0",
]
@ -31,21 +31,21 @@ index 89bc1d0..72b65cd 100644
[[package]]
name = "rustc-demangle"
version = "0.1.24"
@@ -3380,21 +3365,13 @@ version = "1.2.0"
@@ -3370,21 +3355,13 @@ version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
-[[package]]
-name = "sdl3-src"
-version = "3.2.10"
-version = "3.2.16"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e677fa126db179fb8f03c982163321496ddf57a6d8a1e41eeef4600f956038b1"
-checksum = "c5b5d192485408fa251477ea1dfb4778d864efaec72f730ce3a753deaffb27bb"
-
[[package]]
name = "sdl3-sys"
version = "0.4.7+SDL3-3.2.10"
version = "0.5.2+SDL3-3.2.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f0d16a8a3623a4cb39a3661c81d9d4c5fd77ada27fc056e320b3651bf7bde1b1"
checksum = "f0a31799d7cbd36f2b187c32a56975fbdd371c200a91b01d4ed0faf0012bcf9c"
dependencies = [
- "cmake",
- "rpkg-config",
@ -55,20 +55,20 @@ index 89bc1d0..72b65cd 100644
[[package]]
diff --git a/Cargo.toml b/Cargo.toml
index 1f41e04..9d9ea33 100644
index 82d8e99..8b15aad 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -18,7 +18,7 @@ serde-big-array = "0.5"
eframe = { version = "0.31", default-features = false, features = ["wayland", "x11", "glow"] }
sha2 = "0.10"
ab_glyph = "0.2"
-sdl3-sys = { version = "0.4", features = ["build-from-source-static"] }
+sdl3-sys = { version = "0.4", features = ["use-pkg-config"] }
-sdl3-sys = { version = "0.5", features = ["build-from-source-static"] }
+sdl3-sys = { version = "0.5", features = ["use-pkg-config"] }
rfd = { version = "0.15", default-features = false, features = ["xdg-portal", "tokio"] }
tokio = {version = "1.43", features = ["rt-multi-thread", "macros"] }
tokio = {version = "1.45", features = ["rt-multi-thread", "macros"] }
spin_sleep = "1.3"
diff --git a/build.rs b/build.rs
index 67a6e8d..6c9f63b 100644
index f0c6d21..fa28e25 100644
--- a/build.rs
+++ b/build.rs
@@ -52,10 +52,7 @@ fn main() {

9
pkgs/by-name/gs/gspell/package.nix
View File

@ -17,7 +17,7 @@
gnome,
}:
stdenv.mkDerivation (finalAttrs: {
stdenv.mkDerivation rec {
pname = "gspell";
version = "1.14.0";
@ -28,10 +28,9 @@ stdenv.mkDerivation (finalAttrs: {
];
outputBin = "dev";
passthru.bin = finalAttrs.finalPackage.${finalAttrs.outputBin}; # fixes lib.getExe
src = fetchurl {
url = "mirror://gnome/sources/gspell/${lib.versions.majorMinor finalAttrs.version}/gspell-${finalAttrs.version}.tar.xz";
url = "mirror://gnome/sources/${pname}/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
sha256 = "ZOodjp7cHCW0WpIOgNr2dVnRhm/81/hDL+z+ptD+iJc=";
};
@ -62,7 +61,7 @@ stdenv.mkDerivation (finalAttrs: {
passthru = {
updateScript = gnome.updateScript {
packageName = "gspell";
packageName = pname;
versionPolicy = "none";
};
};
@ -75,4 +74,4 @@ stdenv.mkDerivation (finalAttrs: {
teams = [ teams.gnome ];
platforms = platforms.unix;
};
})
}

5
pkgs/by-name/gt/gtk-layer-shell/package.nix
View File

@ -17,7 +17,7 @@
stdenv.mkDerivation (finalAttrs: {
pname = "gtk-layer-shell";
version = "0.9.1";
version = "0.9.2";
outputs = [
"out"
@ -25,13 +25,12 @@ stdenv.mkDerivation (finalAttrs: {
"devdoc"
];
outputBin = "devdoc"; # for demo
passthru.bin = finalAttrs.finalPackage.${finalAttrs.outputBin}; # fixes lib.getExe
src = fetchFromGitHub {
owner = "wmww";
repo = "gtk-layer-shell";
rev = "v${finalAttrs.version}";
hash = "sha256-TObAo/YgS6ObYrNLitxMwneGzLxwnnBIOhBVAeAzbt4=";
hash = "sha256-+vJouQEauTe/dp2WdOJcc2Byv1+Hb0iaUgwBPnV9g48=";
};
strictDeps = true;

1
pkgs/by-name/gt/gtk4-layer-shell/package.nix
View File

@ -27,7 +27,6 @@ stdenv.mkDerivation (finalAttrs: {
"devdoc"
];
outputBin = "devdoc";
passthru.bin = finalAttrs.finalPackage.${finalAttrs.outputBin}; # fixes lib.getExe
src = fetchFromGitHub {
owner = "wmww";

13
pkgs/by-name/ha/hardinfo2/default-no-theme.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/shell/shell.c b/shell/shell.c
index 76523e9a..dbfe2d16 100644
--- a/shell/shell.c
+++ b/shell/shell.c
@@ -620,7 +620,7 @@ static void create_window(void)
gchar *conf_path = g_build_filename(g_get_user_config_dir(), "hardinfo2","settings.ini", NULL);
g_key_file_load_from_file(key_file, conf_path, G_KEY_FILE_KEEP_COMMENTS | G_KEY_FILE_KEEP_TRANSLATIONS, NULL);
params.theme = g_key_file_get_integer(key_file, "Theme", "ThemeNumber", NULL);
- if(params.theme==0) params.theme=1;
+ if(params.theme==0) params.theme=-1; //default to no theme
if(params.theme<-1) params.theme=-1;
if(params.theme>6) params.theme=-1;

103
pkgs/by-name/ha/hardinfo2/package.nix
View File

@ -4,14 +4,18 @@
fetchFromGitHub,
cmake,
glslang,
pkg-config,
libsForQt5,
makeWrapper,
wrapGAppsHook4,
cups,
gtk3,
json-glib,
lerc,
libdatrie,
libdecor,
libepoxy,
libnghttp2,
libpsl,
@ -21,46 +25,69 @@
libsysprof-capture,
libthai,
libxkbcommon,
libXdmcp,
libXtst,
pcre2,
sqlite,
util-linux,
libXdmcp,
libXtst,
mesa-demos,
makeWrapper,
vulkan-headers,
wayland,
# runtime
dmidecode,
gawk,
iperf,
mesa-demos,
sysbench,
udisks,
vulkan-tools,
xdg-utils,
xrandr,
nix-update-script,
printingSupport ? true,
}:
stdenv.mkDerivation (finalAtrs: {
stdenv.mkDerivation (finalAttrs: {
pname = "hardinfo2";
version = "2.2.10";
version = "2.2.13";
src = fetchFromGitHub {
owner = "hardinfo2";
repo = "hardinfo2";
tag = "release-${finalAtrs.version}";
hash = "sha256-Ea1uhzAQEn8oDvWslGzrqoI2yzVDGxwTqbthfKEkYyQ=";
tag = "release-${finalAttrs.version}";
hash = "sha256-HRP8xjiwhlNHjW4D8y74Pshpn7bksmN5j4jhfF6KOYo=";
};
patches = [
./remove-update.patch
./default-no-theme.patch
];
# fix absolute path for xdg-open
postPatch = ''
substituteInPlace deps/sysobj_early/gui/uri_handler.c \
--replace-fail /usr/bin/xdg-open "${lib.getExe' xdg-utils "xdg-open"}"
'';
nativeBuildInputs = [
cmake
pkg-config
glslang
wrapGAppsHook4
libsForQt5.wrapQtAppsHook
makeWrapper
];
preFixup = ''
makeWrapperArgs+=("''${qtWrapperArgs[@]}")
'';
dontWrapQtApps = true;
buildInputs = [
gtk3
json-glib
lerc
libdatrie
libdecor
libepoxy
libnghttp2
libpsl
@ -75,6 +102,8 @@ stdenv.mkDerivation (finalAtrs: {
util-linux
libXdmcp
libXtst
vulkan-headers
wayland
];
hardeningDisable = [ "fortify" ];
@ -84,20 +113,56 @@ stdenv.mkDerivation (finalAtrs: {
(lib.cmakeFeature "CMAKE_INSTALL_SERVICEDIR" "${placeholder "out"}/lib")
];
postFixup = ''
wrapProgram $out/bin/hardinfo2 \
--prefix PATH : "${dmidecode}/bin:${mesa-demos}/bin"
dontWrapQtApps = true;
preFixup = ''
makeWrapperArgs+=("''${qtWrapperArgs[@]}")
'';
runtimeDeps = [
# system stats
dmidecode
mesa-demos # glxinfo + vkgears for benchmark
# display info
vulkan-tools # vulkaninfo
xrandr
# additional tooling for benchmarks
# https://github.com/hardinfo2/hardinfo2/blob/release-2.2.13/shell/shell.c#L641-L652
gawk
iperf
sysbench
udisks
];
runtimeLibs = lib.optionals printingSupport [ cups ];
postFixup = ''
wrapProgram $out/bin/hardinfo2 \
--prefix PATH : ${lib.makeBinPath finalAttrs.runtimeDeps} \
--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath finalAttrs.runtimeLibs}
substituteInPlace $out/lib/systemd/system/hardinfo2.service \
--replace-fail "ExecStart=/usr/bin/hwinfo2_fetch_sysdata" "ExecStart=$out/hwinfo2_fetch_sysdata"
'';
# account for tags having a release- prefix
passthru.updateScript = nix-update-script { extraArgs = [ "--version-regex=release-(.*)" ]; };
meta = {
homepage = "http://www.hardinfo2.org";
description = "System information and benchmarks for Linux systems";
homepage = "http://www.hardinfo2.org/";
downloadPage = "https://github.com/hardinfo2/hardinfo2/";
changelog = "https://github.com/hardinfo2/hardinfo2/releases/tag/release-${finalAttrs.version}";
license = with lib.licenses; [
gpl2Plus
gpl3Plus
lgpl2Plus
];
maintainers = with lib.maintainers; [ sigmanificient ];
maintainers = with lib.maintainers; [
sigmanificient
jk
];
platforms = lib.platforms.linux;
mainProgram = "hardinfo2";
};

58
pkgs/by-name/ha/hardinfo2/remove-update.patch Normal file
View File

@ -0,0 +1,58 @@
diff --git a/includes/uidefs.h b/includes/uidefs.h
index 552fd3cb..4998f677 100644
--- a/includes/uidefs.h
+++ b/includes/uidefs.h
@@ -36,7 +36,6 @@ char *uidefs_str =
" <menu name=\"HelpMenu\" action=\"HelpMenuAction\">"
" <menuitem name=\"WebPage\" action=\"HomePageAction\" always-show-image=\"true\"/>"
" <menuitem name=\"HelpPage\" action=\"HelpPageAction\" always-show-image=\"true\"/>"
- " <menuitem name=\"UpdatesPage\" action=\"UpdatesPageAction\" always-show-image=\"true\"/>"
" <menuitem name=\"ReportBug\" action=\"ReportBugAction\" always-show-image=\"true\"/>"
" <menuitem name=\"About\" action=\"AboutAction\" always-show-image=\"true\"/>"
" </menu>"
@@ -48,8 +47,6 @@ char *uidefs_str =
/* " <toolitem name=\"Copy\" action=\"CopyAction\"/>"*/
" <separator/>"
" <toolitem name=\"SyncManager\" action=\"SyncManagerAction\" always-show-image=\"true\"/>"
- " <separator/>"
- " <toolitem name=\"Update\" action=\"UpdateAction\" always-show-image=\"true\"/>"
" </toolbar>"
"</ui>";
diff --git a/shell/menu.c b/shell/menu.c
index 5ffd4410..04398b1d 100644
--- a/shell/menu.c
+++ b/shell/menu.c
@@ -52,11 +52,6 @@ static GtkActionEntry entries[] = {
N_("Send benchmark results and receive updated data from the network"),
G_CALLBACK(cb_sync_manager)},
- {"UpdateAction", HI_STOCK_UPDATES,
- N_("Update Available"), "",
- N_("Update Available"),
- G_CALLBACK(cb_update)},
-
//does not work correctly and value low
/*{"CopyAction", HI_STOCK_CLIPBOARD,
N_("_Copy to Clipboard"), "<control>C",
@@ -78,11 +73,6 @@ static GtkActionEntry entries[] = {
NULL,
G_CALLBACK(cb_open_help_page)},
- {"UpdatesPageAction", NULL,
- N_("_Update HardInfo2"), "",
- NULL,
- G_CALLBACK(cb_open_updates_page)},
-
{"ReportBugAction", NULL,
N_("_Report bug"), NULL,
NULL,
@@ -237,8 +227,6 @@ void menu_init(Shell * shell)
gtk_image_menu_item_set_image(t,icon_cache_get_image_at_size("home.svg",size,size));
t=GTK_IMAGE_MENU_ITEM(gtk_ui_manager_get_widget(shell->ui_manager, "/MainMenu/HelpMenu/HelpPage"));
gtk_image_menu_item_set_image(t,icon_cache_get_image_at_size("help.svg",size,size));
- t=GTK_IMAGE_MENU_ITEM(gtk_ui_manager_get_widget(shell->ui_manager, "/MainMenu/HelpMenu/UpdatesPage"));
- gtk_image_menu_item_set_image(t,icon_cache_get_image_at_size("updates.svg",size,size));
t=GTK_IMAGE_MENU_ITEM(gtk_ui_manager_get_widget(shell->ui_manager, "/MainMenu/HelpMenu/ReportBug"));
gtk_image_menu_item_set_image(t,icon_cache_get_image_at_size("report-bug.svg",size,size));
t=GTK_IMAGE_MENU_ITEM(gtk_ui_manager_get_widget(shell->ui_manager, "/MainMenu/HelpMenu/About"));

4
pkgs/by-name/ka/kaminpar/package.nix
View File

@ -7,7 +7,7 @@
numactl,
mpi,
sparsehash,
tbb_2022_0,
tbb_2022,
gtest,
mpiCheckPhaseHook,
}:
@ -56,7 +56,7 @@ stdenv.mkDerivation (finalAttrs: {
propagatedBuildInputs = [
mpi
sparsehash
tbb_2022_0
tbb_2022
];
cmakeFlags = [

7
pkgs/by-name/ka/kanidm/1_4.nix
View File

@ -1,7 +0,0 @@
import ./generic.nix {
version = "1.4.6";
hash = "sha256-pjJyq52wO5p34LN2Jmt0npgWBDcWin8gIX4skZ7Ff8E=";
cargoHash = "sha256-33HRoH/vWPe/wOZJtQLWV9eBocbj0iR/XUu4zMehu8M=";
patchDir = ./patches/1_4;
unsupported = true;
}

1
pkgs/by-name/ka/kanidm/1_5.nix
View File

@ -3,4 +3,5 @@ import ./generic.nix {
hash = "sha256-swrqyjA7Wgq17vd+753LDFcXrSFixVNLhTvj1bhG3DU=";
cargoHash = "sha256-72IwS8Nk1y6xDH9y8JW2LpbhFWaq0tpORx7JQSCF5/M=";
patchDir = ./patches/1_5;
unsupported = true;
}

12
pkgs/by-name/ka/kanidm/README.md
View File

@ -21,12 +21,7 @@ For example, when upgrading from 1.4 -> 1.5
1. Update `all-packages.nix` to add `kanidm_1_5` and `kanidmWithSecretProvisioning_1_5`, leave default
1. Create commit, `kanidm_1_5: init at 1.5.0` - this is the only commit that will be backported
### Mark previous version deprecated
1. Update `pkgs/by-name/ka/kanidm/1_4.nix` by adding `deprecated = true;`
1. Create commit `kanidm_1_4: update default to 1.5.0, deprecate 1.4.0`
### Update default and mark deprecation
### Update default
1. `sed -i 's/1_4/1_5/' pkgs/by-name/ka/kanidm/package.nix`
1. Update `all-packages.nix` and set `kanidmWithSecretProvisioning = kanidmWithSecretProvisioning_1_5;`
@ -41,9 +36,10 @@ For example, when upgrading from 1.4 -> 1.5
Kanidm versions are supported for 30 days after the release of new versions. Following the example above, 1.5.x superseding 1.4.x in 30 days, do the following near the end of the 30 day window
1. Update `pkgs/by-name/ka/kanidm/1_4.nix` by adding `unsupported = true;`
1. Update `pkgs/top-level/release.nix` and add `kanidm_1_4-1.4.6` to `permittedInsecurePackages`
1. Update `pkgs/top-level/release.nix` and add `kanidm_1_4-1.4.6` and `kanidmWithSecretProvisioning_1_4-1.4.6` to `permittedInsecurePackages`
1. Create commit `kanidm_1_4: mark EOL`, this commit alone should be backported
1. Remove the third oldest release from `all-packages.nix`, e.g. 1.3.x continuing the example. Remove `kanidm_1_3` and `kanidmWithSecretProvisioning_1_3`
1. Update `pkgs/top-level/release.nix` and remove `kanidm_1_3-1.3.3` from `permittedInsecurePackages`
1. Update `pkgs/top-level/release.nix` and remove `kanidm_1_3*` from `permittedInsecurePackages`
1. Update `pkgs/top-level/aliases.nix` and add `kanidm_1_4` and `kanidmWithSecretProvisioning_1_4-1.4.6`
1. Remove `pkgs/by-name/ka/kanidm/1_3.nix`

303
pkgs/by-name/ka/kanidm/patches/1_3/oauth2-basic-secret-modify.patch
View File

@ -1,303 +0,0 @@
From 44dfbc2b9dccce86c7d7e7b54db4c989344b8c56 Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Mon, 12 Aug 2024 23:17:25 +0200
Subject: [PATCH 1/2] oauth2 basic secret modify
---
server/core/src/actors/v1_write.rs | 42 ++++++++++++++++++++++++++++++
server/core/src/https/v1.rs | 6 ++++-
server/core/src/https/v1_oauth2.rs | 29 +++++++++++++++++++++
server/lib/src/constants/acp.rs | 6 +++++
4 files changed, 82 insertions(+), 1 deletion(-)
diff --git a/server/core/src/actors/v1_write.rs b/server/core/src/actors/v1_write.rs
index e00a969fb..1cacc67b8 100644
--- a/server/core/src/actors/v1_write.rs
+++ b/server/core/src/actors/v1_write.rs
@@ -315,20 +315,62 @@ impl QueryServerWriteV1 {
};
trace!(?del, "Begin delete event");
idms_prox_write
.qs_write
.delete(&del)
.and_then(|_| idms_prox_write.commit().map(|_| ()))
}
+ #[instrument(
+ level = "info",
+ skip_all,
+ fields(uuid = ?eventid)
+ )]
+ pub async fn handle_oauth2_basic_secret_write(
+ &self,
+ client_auth_info: ClientAuthInfo,
+ filter: Filter<FilterInvalid>,
+ new_secret: String,
+ eventid: Uuid,
+ ) -> Result<(), OperationError> {
+ // Given a protoEntry, turn this into a modification set.
+ let ct = duration_from_epoch_now();
+ let mut idms_prox_write = self.idms.proxy_write(ct).await;
+ let ident = idms_prox_write
+ .validate_client_auth_info_to_ident(client_auth_info, ct)
+ .map_err(|e| {
+ admin_error!(err = ?e, "Invalid identity");
+ e
+ })?;
+
+ let modlist = ModifyList::new_purge_and_set(
+ Attribute::OAuth2RsBasicSecret,
+ Value::SecretValue(new_secret),
+ );
+
+ let mdf =
+ ModifyEvent::from_internal_parts(ident, &modlist, &filter, &idms_prox_write.qs_write)
+ .map_err(|e| {
+ admin_error!(err = ?e, "Failed to begin modify during handle_oauth2_basic_secret_write");
+ e
+ })?;
+
+ trace!(?mdf, "Begin modify event");
+
+ idms_prox_write
+ .qs_write
+ .modify(&mdf)
+ .and_then(|_| idms_prox_write.commit())
+ }
+
#[instrument(
level = "info",
skip_all,
fields(uuid = ?eventid)
)]
pub async fn handle_reviverecycled(
&self,
client_auth_info: ClientAuthInfo,
filter: Filter<FilterInvalid>,
eventid: Uuid,
diff --git a/server/core/src/https/v1.rs b/server/core/src/https/v1.rs
index 8aba83bb2..f1f815026 100644
--- a/server/core/src/https/v1.rs
+++ b/server/core/src/https/v1.rs
@@ -1,17 +1,17 @@
//! The V1 API things!
use axum::extract::{Path, State};
use axum::http::{HeaderMap, HeaderValue};
use axum::middleware::from_fn;
use axum::response::{IntoResponse, Response};
-use axum::routing::{delete, get, post, put};
+use axum::routing::{delete, get, post, put, patch};
use axum::{Extension, Json, Router};
use axum_extra::extract::cookie::{Cookie, CookieJar, SameSite};
use compact_jwt::{Jwk, Jws, JwsSigner};
use kanidm_proto::constants::uri::V1_AUTH_VALID;
use std::net::IpAddr;
use uuid::Uuid;
use kanidm_proto::internal::{
ApiToken, AppLink, CUIntentToken, CURequest, CUSessionToken, CUStatus, CreateRequest,
CredentialStatus, DeleteRequest, IdentifyUserRequest, IdentifyUserResponse, ModifyRequest,
@@ -3119,20 +3119,24 @@ pub(crate) fn route_setup(state: ServerState) -> Router<ServerState> {
)
.route(
"/v1/oauth2/:rs_name/_image",
post(super::v1_oauth2::oauth2_id_image_post)
.delete(super::v1_oauth2::oauth2_id_image_delete),
)
.route(
"/v1/oauth2/:rs_name/_basic_secret",
get(super::v1_oauth2::oauth2_id_get_basic_secret),
)
+ .route(
+ "/v1/oauth2/:rs_name/_basic_secret",
+ patch(super::v1_oauth2::oauth2_id_patch_basic_secret),
+ )
.route(
"/v1/oauth2/:rs_name/_scopemap/:group",
post(super::v1_oauth2::oauth2_id_scopemap_post)
.delete(super::v1_oauth2::oauth2_id_scopemap_delete),
)
.route(
"/v1/oauth2/:rs_name/_sup_scopemap/:group",
post(super::v1_oauth2::oauth2_id_sup_scopemap_post)
.delete(super::v1_oauth2::oauth2_id_sup_scopemap_delete),
)
diff --git a/server/core/src/https/v1_oauth2.rs b/server/core/src/https/v1_oauth2.rs
index 5e481afab..a771aed04 100644
--- a/server/core/src/https/v1_oauth2.rs
+++ b/server/core/src/https/v1_oauth2.rs
@@ -144,20 +144,49 @@ pub(crate) async fn oauth2_id_get_basic_secret(
) -> Result<Json<Option<String>>, WebError> {
let filter = oauth2_id(&rs_name);
state
.qe_r_ref
.handle_oauth2_basic_secret_read(client_auth_info, filter, kopid.eventid)
.await
.map(Json::from)
.map_err(WebError::from)
}
+#[utoipa::path(
+ patch,
+ path = "/v1/oauth2/{rs_name}/_basic_secret",
+ request_body=ProtoEntry,
+ responses(
+ DefaultApiResponse,
+ ),
+ security(("token_jwt" = [])),
+ tag = "v1/oauth2",
+ operation_id = "oauth2_id_patch_basic_secret"
+)]
+/// Overwrite the basic secret for a given OAuth2 Resource Server.
+#[instrument(level = "info", skip(state, new_secret))]
+pub(crate) async fn oauth2_id_patch_basic_secret(
+ State(state): State<ServerState>,
+ Extension(kopid): Extension<KOpId>,
+ VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
+ Path(rs_name): Path<String>,
+ Json(new_secret): Json<String>,
+) -> Result<Json<()>, WebError> {
+ let filter = oauth2_id(&rs_name);
+ state
+ .qe_w_ref
+ .handle_oauth2_basic_secret_write(client_auth_info, filter, new_secret, kopid.eventid)
+ .await
+ .map(Json::from)
+ .map_err(WebError::from)
+}
+
#[utoipa::path(
patch,
path = "/v1/oauth2/{rs_name}",
request_body=ProtoEntry,
responses(
DefaultApiResponse,
),
security(("token_jwt" = [])),
tag = "v1/oauth2",
operation_id = "oauth2_id_patch"
diff --git a/server/lib/src/constants/acp.rs b/server/lib/src/constants/acp.rs
index f3409649d..42e407b7d 100644
--- a/server/lib/src/constants/acp.rs
+++ b/server/lib/src/constants/acp.rs
@@ -645,34 +645,36 @@ lazy_static! {
Attribute::Image,
],
modify_present_attrs: vec![
Attribute::Description,
Attribute::DisplayName,
Attribute::OAuth2RsName,
Attribute::OAuth2RsOrigin,
Attribute::OAuth2RsOriginLanding,
Attribute::OAuth2RsSupScopeMap,
Attribute::OAuth2RsScopeMap,
+ Attribute::OAuth2RsBasicSecret,
Attribute::OAuth2AllowInsecureClientDisablePkce,
Attribute::OAuth2JwtLegacyCryptoEnable,
Attribute::OAuth2PreferShortUsername,
Attribute::Image,
],
create_attrs: vec![
Attribute::Class,
Attribute::Description,
Attribute::DisplayName,
Attribute::OAuth2RsName,
Attribute::OAuth2RsOrigin,
Attribute::OAuth2RsOriginLanding,
Attribute::OAuth2RsSupScopeMap,
Attribute::OAuth2RsScopeMap,
+ Attribute::OAuth2RsBasicSecret,
Attribute::OAuth2AllowInsecureClientDisablePkce,
Attribute::OAuth2JwtLegacyCryptoEnable,
Attribute::OAuth2PreferShortUsername,
Attribute::Image,
],
create_classes: vec![
EntryClass::Object,
EntryClass::OAuth2ResourceServer,
EntryClass::OAuth2ResourceServerBasic,
EntryClass::OAuth2ResourceServerPublic,
@@ -739,36 +741,38 @@ lazy_static! {
Attribute::Image,
],
modify_present_attrs: vec![
Attribute::Description,
Attribute::DisplayName,
Attribute::OAuth2RsName,
Attribute::OAuth2RsOrigin,
Attribute::OAuth2RsOriginLanding,
Attribute::OAuth2RsSupScopeMap,
Attribute::OAuth2RsScopeMap,
+ Attribute::OAuth2RsBasicSecret,
Attribute::OAuth2AllowInsecureClientDisablePkce,
Attribute::OAuth2JwtLegacyCryptoEnable,
Attribute::OAuth2PreferShortUsername,
Attribute::OAuth2AllowLocalhostRedirect,
Attribute::OAuth2RsClaimMap,
Attribute::Image,
],
create_attrs: vec![
Attribute::Class,
Attribute::Description,
Attribute::DisplayName,
Attribute::OAuth2RsName,
Attribute::OAuth2RsOrigin,
Attribute::OAuth2RsOriginLanding,
Attribute::OAuth2RsSupScopeMap,
Attribute::OAuth2RsScopeMap,
+ Attribute::OAuth2RsBasicSecret,
Attribute::OAuth2AllowInsecureClientDisablePkce,
Attribute::OAuth2JwtLegacyCryptoEnable,
Attribute::OAuth2PreferShortUsername,
Attribute::OAuth2AllowLocalhostRedirect,
Attribute::OAuth2RsClaimMap,
Attribute::Image,
],
create_classes: vec![
EntryClass::Object,
EntryClass::OAuth2ResourceServer,
@@ -840,36 +844,38 @@ lazy_static! {
Attribute::Image,
],
modify_present_attrs: vec![
Attribute::Description,
Attribute::DisplayName,
Attribute::Name,
Attribute::OAuth2RsOrigin,
Attribute::OAuth2RsOriginLanding,
Attribute::OAuth2RsSupScopeMap,
Attribute::OAuth2RsScopeMap,
+ Attribute::OAuth2RsBasicSecret,
Attribute::OAuth2AllowInsecureClientDisablePkce,
Attribute::OAuth2JwtLegacyCryptoEnable,
Attribute::OAuth2PreferShortUsername,
Attribute::OAuth2AllowLocalhostRedirect,
Attribute::OAuth2RsClaimMap,
Attribute::Image,
],
create_attrs: vec![
Attribute::Class,
Attribute::Description,
Attribute::Name,
Attribute::OAuth2RsName,
Attribute::OAuth2RsOrigin,
Attribute::OAuth2RsOriginLanding,
Attribute::OAuth2RsSupScopeMap,
Attribute::OAuth2RsScopeMap,
+ Attribute::OAuth2RsBasicSecret,
Attribute::OAuth2AllowInsecureClientDisablePkce,
Attribute::OAuth2JwtLegacyCryptoEnable,
Attribute::OAuth2PreferShortUsername,
Attribute::OAuth2AllowLocalhostRedirect,
Attribute::OAuth2RsClaimMap,
Attribute::Image,
],
create_classes: vec![
EntryClass::Object,
EntryClass::Account,
--
2.45.2

174
pkgs/by-name/ka/kanidm/patches/1_3/recover-account.patch
View File

@ -1,174 +0,0 @@
From cc8269489b56755714f07eee4671f8aa2659c014 Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Mon, 12 Aug 2024 23:17:42 +0200
Subject: [PATCH 2/2] recover account
---
server/core/src/actors/internal.rs | 3 ++-
server/core/src/admin.rs | 6 +++---
server/daemon/src/main.rs | 14 +++++++++++++-
server/daemon/src/opt.rs | 4 ++++
4 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/server/core/src/actors/internal.rs b/server/core/src/actors/internal.rs
index 40c18777f..40d553b40 100644
--- a/server/core/src/actors/internal.rs
+++ b/server/core/src/actors/internal.rs
@@ -153,25 +153,26 @@ impl QueryServerWriteV1 {
}
#[instrument(
level = "info",
- skip(self, eventid),
+ skip(self, password, eventid),
fields(uuid = ?eventid)
)]
pub(crate) async fn handle_admin_recover_account(
&self,
name: String,
+ password: Option<String>,
eventid: Uuid,
) -> Result<String, OperationError> {
let ct = duration_from_epoch_now();
let mut idms_prox_write = self.idms.proxy_write(ct).await;
- let pw = idms_prox_write.recover_account(name.as_str(), None)?;
+ let pw = idms_prox_write.recover_account(name.as_str(), password.as_deref())?;
idms_prox_write.commit().map(|()| pw)
}
#[instrument(
level = "info",
skip_all,
fields(uuid = ?eventid)
)]
pub(crate) async fn handle_domain_raise(&self, eventid: Uuid) -> Result<u32, OperationError> {
diff --git a/server/core/src/admin.rs b/server/core/src/admin.rs
index 90ccb1927..85e31ddef 100644
--- a/server/core/src/admin.rs
+++ b/server/core/src/admin.rs
@@ -17,21 +17,21 @@ use tokio_util::codec::{Decoder, Encoder, Framed};
use tracing::{span, Instrument, Level};
use uuid::Uuid;
pub use kanidm_proto::internal::{
DomainInfo as ProtoDomainInfo, DomainUpgradeCheckReport as ProtoDomainUpgradeCheckReport,
DomainUpgradeCheckStatus as ProtoDomainUpgradeCheckStatus,
};
#[derive(Serialize, Deserialize, Debug)]
pub enum AdminTaskRequest {
- RecoverAccount { name: String },
+ RecoverAccount { name: String, password: Option<String> },
ShowReplicationCertificate,
RenewReplicationCertificate,
RefreshReplicationConsumer,
DomainShow,
DomainUpgradeCheck,
DomainRaise,
DomainRemigrate { level: Option<u32> },
}
#[derive(Serialize, Deserialize, Debug)]
@@ -302,22 +302,22 @@ async fn handle_client(
let mut reqs = Framed::new(sock, ServerCodec);
trace!("Waiting for requests ...");
while let Some(Ok(req)) = reqs.next().await {
// Setup the logging span
let eventid = Uuid::new_v4();
let nspan = span!(Level::INFO, "handle_admin_client_request", uuid = ?eventid);
let resp = async {
match req {
- AdminTaskRequest::RecoverAccount { name } => {
- match server_rw.handle_admin_recover_account(name, eventid).await {
+ AdminTaskRequest::RecoverAccount { name, password } => {
+ match server_rw.handle_admin_recover_account(name, password, eventid).await {
Ok(password) => AdminTaskResponse::RecoverAccount { password },
Err(e) => {
error!(err = ?e, "error during recover-account");
AdminTaskResponse::Error
}
}
}
AdminTaskRequest::ShowReplicationCertificate => match repl_ctrl_tx.as_mut() {
Some(ctrl_tx) => show_replication_certificate(ctrl_tx).await,
None => {
diff --git a/server/daemon/src/main.rs b/server/daemon/src/main.rs
index 577995615..a967928c9 100644
--- a/server/daemon/src/main.rs
+++ b/server/daemon/src/main.rs
@@ -894,27 +894,39 @@ async fn kanidm_main(
} else {
let output_mode: ConsoleOutputMode = commonopts.output_mode.to_owned().into();
submit_admin_req(
config.adminbindpath.as_str(),
AdminTaskRequest::RefreshReplicationConsumer,
output_mode,
)
.await;
}
}
- KanidmdOpt::RecoverAccount { name, commonopts } => {
+ KanidmdOpt::RecoverAccount { name, from_environment, commonopts } => {
info!("Running account recovery ...");
let output_mode: ConsoleOutputMode = commonopts.output_mode.to_owned().into();
+ let password = if *from_environment {
+ match std::env::var("KANIDM_RECOVER_ACCOUNT_PASSWORD") {
+ Ok(val) => Some(val),
+ _ => {
+ error!("Environment variable KANIDM_RECOVER_ACCOUNT_PASSWORD not set");
+ return ExitCode::FAILURE;
+ }
+ }
+ } else {
+ None
+ };
submit_admin_req(
config.adminbindpath.as_str(),
AdminTaskRequest::RecoverAccount {
name: name.to_owned(),
+ password,
},
output_mode,
)
.await;
}
KanidmdOpt::Database {
commands: DbCommands::Reindex(_copt),
} => {
info!("Running in reindex mode ...");
reindex_server_core(&config).await;
diff --git a/server/daemon/src/opt.rs b/server/daemon/src/opt.rs
index f1b45a5b3..9c013e32e 100644
--- a/server/daemon/src/opt.rs
+++ b/server/daemon/src/opt.rs
@@ -229,20 +229,24 @@ enum KanidmdOpt {
/// Create a self-signed ca and tls certificate in the locations listed from the
/// configuration. These certificates should *not* be used in production, they
/// are for testing and evaluation only!
CertGenerate(CommonOpt),
#[clap(name = "recover-account")]
/// Recover an account's password
RecoverAccount {
#[clap(value_parser)]
/// The account name to recover credentials for.
name: String,
+ /// Use the password given in the environment variable
+ /// `KANIDM_RECOVER_ACCOUNT_PASSWORD` instead of generating one.
+ #[clap(long = "from-environment")]
+ from_environment: bool,
#[clap(flatten)]
commonopts: CommonOpt,
},
/// Display this server's replication certificate
ShowReplicationCertificate {
#[clap(flatten)]
commonopts: CommonOpt,
},
/// Renew this server's replication certificate
RenewReplicationCertificate {
--
2.45.2

308
pkgs/by-name/ka/kanidm/patches/1_4/oauth2-basic-secret-modify.patch
View File

@ -1,308 +0,0 @@
From e9dfca73e6fb80faf6fc106e7aee6b93c0908525 Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Fri, 1 Nov 2024 12:26:17 +0100
Subject: [PATCH 1/2] oauth2 basic secret modify
---
server/core/src/actors/v1_write.rs | 42 ++++++++++++++++++++++++++++++
server/core/src/https/v1.rs | 6 ++++-
server/core/src/https/v1_oauth2.rs | 29 +++++++++++++++++++++
server/lib/src/constants/acp.rs | 6 +++++
4 files changed, 82 insertions(+), 1 deletion(-)
diff --git a/server/core/src/actors/v1_write.rs b/server/core/src/actors/v1_write.rs
index 732e826c8..0fe66503f 100644
--- a/server/core/src/actors/v1_write.rs
+++ b/server/core/src/actors/v1_write.rs
@@ -317,20 +317,62 @@ impl QueryServerWriteV1 {
};
trace!(?del, "Begin delete event");
idms_prox_write
.qs_write
.delete(&del)
.and_then(|_| idms_prox_write.commit().map(|_| ()))
}
+ #[instrument(
+ level = "info",
+ skip_all,
+ fields(uuid = ?eventid)
+ )]
+ pub async fn handle_oauth2_basic_secret_write(
+ &self,
+ client_auth_info: ClientAuthInfo,
+ filter: Filter<FilterInvalid>,
+ new_secret: String,
+ eventid: Uuid,
+ ) -> Result<(), OperationError> {
+ // Given a protoEntry, turn this into a modification set.
+ let ct = duration_from_epoch_now();
+ let mut idms_prox_write = self.idms.proxy_write(ct).await?;
+ let ident = idms_prox_write
+ .validate_client_auth_info_to_ident(client_auth_info, ct)
+ .map_err(|e| {
+ admin_error!(err = ?e, "Invalid identity");
+ e
+ })?;
+
+ let modlist = ModifyList::new_purge_and_set(
+ Attribute::OAuth2RsBasicSecret,
+ Value::SecretValue(new_secret),
+ );
+
+ let mdf =
+ ModifyEvent::from_internal_parts(ident, &modlist, &filter, &idms_prox_write.qs_write)
+ .map_err(|e| {
+ admin_error!(err = ?e, "Failed to begin modify during handle_oauth2_basic_secret_write");
+ e
+ })?;
+
+ trace!(?mdf, "Begin modify event");
+
+ idms_prox_write
+ .qs_write
+ .modify(&mdf)
+ .and_then(|_| idms_prox_write.commit())
+ }
+
#[instrument(
level = "info",
skip_all,
fields(uuid = ?eventid)
)]
pub async fn handle_reviverecycled(
&self,
client_auth_info: ClientAuthInfo,
filter: Filter<FilterInvalid>,
eventid: Uuid,
diff --git a/server/core/src/https/v1.rs b/server/core/src/https/v1.rs
index c410a4b5d..cc67cac6c 100644
--- a/server/core/src/https/v1.rs
+++ b/server/core/src/https/v1.rs
@@ -1,17 +1,17 @@
//! The V1 API things!
use axum::extract::{Path, State};
use axum::http::{HeaderMap, HeaderValue};
use axum::middleware::from_fn;
use axum::response::{IntoResponse, Response};
-use axum::routing::{delete, get, post, put};
+use axum::routing::{delete, get, post, put, patch};
use axum::{Extension, Json, Router};
use axum_extra::extract::cookie::{Cookie, CookieJar, SameSite};
use compact_jwt::{Jwk, Jws, JwsSigner};
use kanidm_proto::constants::uri::V1_AUTH_VALID;
use std::net::IpAddr;
use uuid::Uuid;
use kanidm_proto::internal::{
ApiToken, AppLink, CUIntentToken, CURequest, CUSessionToken, CUStatus, CreateRequest,
CredentialStatus, DeleteRequest, IdentifyUserRequest, IdentifyUserResponse, ModifyRequest,
@@ -3120,20 +3120,24 @@ pub(crate) fn route_setup(state: ServerState) -> Router<ServerState> {
)
.route(
"/v1/oauth2/:rs_name/_image",
post(super::v1_oauth2::oauth2_id_image_post)
.delete(super::v1_oauth2::oauth2_id_image_delete),
)
.route(
"/v1/oauth2/:rs_name/_basic_secret",
get(super::v1_oauth2::oauth2_id_get_basic_secret),
)
+ .route(
+ "/v1/oauth2/:rs_name/_basic_secret",
+ patch(super::v1_oauth2::oauth2_id_patch_basic_secret),
+ )
.route(
"/v1/oauth2/:rs_name/_scopemap/:group",
post(super::v1_oauth2::oauth2_id_scopemap_post)
.delete(super::v1_oauth2::oauth2_id_scopemap_delete),
)
.route(
"/v1/oauth2/:rs_name/_sup_scopemap/:group",
post(super::v1_oauth2::oauth2_id_sup_scopemap_post)
.delete(super::v1_oauth2::oauth2_id_sup_scopemap_delete),
)
diff --git a/server/core/src/https/v1_oauth2.rs b/server/core/src/https/v1_oauth2.rs
index d3966a7ad..f89c02c69 100644
--- a/server/core/src/https/v1_oauth2.rs
+++ b/server/core/src/https/v1_oauth2.rs
@@ -144,20 +144,49 @@ pub(crate) async fn oauth2_id_get_basic_secret(
) -> Result<Json<Option<String>>, WebError> {
let filter = oauth2_id(&rs_name);
state
.qe_r_ref
.handle_oauth2_basic_secret_read(client_auth_info, filter, kopid.eventid)
.await
.map(Json::from)
.map_err(WebError::from)
}
+#[utoipa::path(
+ patch,
+ path = "/v1/oauth2/{rs_name}/_basic_secret",
+ request_body=ProtoEntry,
+ responses(
+ DefaultApiResponse,
+ ),
+ security(("token_jwt" = [])),
+ tag = "v1/oauth2",
+ operation_id = "oauth2_id_patch_basic_secret"
+)]
+/// Overwrite the basic secret for a given OAuth2 Resource Server.
+#[instrument(level = "info", skip(state, new_secret))]
+pub(crate) async fn oauth2_id_patch_basic_secret(
+ State(state): State<ServerState>,
+ Extension(kopid): Extension<KOpId>,
+ VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
+ Path(rs_name): Path<String>,
+ Json(new_secret): Json<String>,
+) -> Result<Json<()>, WebError> {
+ let filter = oauth2_id(&rs_name);
+ state
+ .qe_w_ref
+ .handle_oauth2_basic_secret_write(client_auth_info, filter, new_secret, kopid.eventid)
+ .await
+ .map(Json::from)
+ .map_err(WebError::from)
+}
+
#[utoipa::path(
patch,
path = "/v1/oauth2/{rs_name}",
request_body=ProtoEntry,
responses(
DefaultApiResponse,
),
security(("token_jwt" = [])),
tag = "v1/oauth2",
operation_id = "oauth2_id_patch"
diff --git a/server/lib/src/constants/acp.rs b/server/lib/src/constants/acp.rs
index be1836345..ebf4445be 100644
--- a/server/lib/src/constants/acp.rs
+++ b/server/lib/src/constants/acp.rs
@@ -658,36 +658,38 @@ lazy_static! {
Attribute::Image,
],
modify_present_attrs: vec![
Attribute::Description,
Attribute::DisplayName,
Attribute::OAuth2RsName,
Attribute::OAuth2RsOrigin,
Attribute::OAuth2RsOriginLanding,
Attribute::OAuth2RsSupScopeMap,
Attribute::OAuth2RsScopeMap,
+ Attribute::OAuth2RsBasicSecret,
Attribute::OAuth2AllowInsecureClientDisablePkce,
Attribute::OAuth2JwtLegacyCryptoEnable,
Attribute::OAuth2PreferShortUsername,
Attribute::OAuth2AllowLocalhostRedirect,
Attribute::OAuth2RsClaimMap,
Attribute::Image,
],
create_attrs: vec![
Attribute::Class,
Attribute::Description,
Attribute::DisplayName,
Attribute::OAuth2RsName,
Attribute::OAuth2RsOrigin,
Attribute::OAuth2RsOriginLanding,
Attribute::OAuth2RsSupScopeMap,
Attribute::OAuth2RsScopeMap,
+ Attribute::OAuth2RsBasicSecret,
Attribute::OAuth2AllowInsecureClientDisablePkce,
Attribute::OAuth2JwtLegacyCryptoEnable,
Attribute::OAuth2PreferShortUsername,
Attribute::OAuth2AllowLocalhostRedirect,
Attribute::OAuth2RsClaimMap,
Attribute::Image,
],
create_classes: vec![
EntryClass::Object,
EntryClass::OAuth2ResourceServer,
@@ -759,37 +761,39 @@ lazy_static! {
Attribute::Image,
],
modify_present_attrs: vec![
Attribute::Description,
Attribute::DisplayName,
Attribute::Name,
Attribute::OAuth2RsOrigin,
Attribute::OAuth2RsOriginLanding,
Attribute::OAuth2RsSupScopeMap,
Attribute::OAuth2RsScopeMap,
+ Attribute::OAuth2RsBasicSecret,
Attribute::OAuth2AllowInsecureClientDisablePkce,
Attribute::OAuth2JwtLegacyCryptoEnable,
Attribute::OAuth2PreferShortUsername,
Attribute::OAuth2AllowLocalhostRedirect,
Attribute::OAuth2RsClaimMap,
Attribute::Image,
],
create_attrs: vec![
Attribute::Class,
Attribute::Description,
Attribute::Name,
Attribute::DisplayName,
Attribute::OAuth2RsName,
Attribute::OAuth2RsOrigin,
Attribute::OAuth2RsOriginLanding,
Attribute::OAuth2RsSupScopeMap,
Attribute::OAuth2RsScopeMap,
+ Attribute::OAuth2RsBasicSecret,
Attribute::OAuth2AllowInsecureClientDisablePkce,
Attribute::OAuth2JwtLegacyCryptoEnable,
Attribute::OAuth2PreferShortUsername,
Attribute::OAuth2AllowLocalhostRedirect,
Attribute::OAuth2RsClaimMap,
Attribute::Image,
],
create_classes: vec![
EntryClass::Object,
EntryClass::Account,
@@ -864,38 +868,40 @@ lazy_static! {
Attribute::OAuth2StrictRedirectUri,
],
modify_present_attrs: vec![
Attribute::Description,
Attribute::DisplayName,
Attribute::Name,
Attribute::OAuth2RsOrigin,
Attribute::OAuth2RsOriginLanding,
Attribute::OAuth2RsSupScopeMap,
Attribute::OAuth2RsScopeMap,
+ Attribute::OAuth2RsBasicSecret,
Attribute::OAuth2AllowInsecureClientDisablePkce,
Attribute::OAuth2JwtLegacyCryptoEnable,
Attribute::OAuth2PreferShortUsername,
Attribute::OAuth2AllowLocalhostRedirect,
Attribute::OAuth2RsClaimMap,
Attribute::Image,
Attribute::OAuth2StrictRedirectUri,
],
create_attrs: vec![
Attribute::Class,
Attribute::Description,
Attribute::Name,
Attribute::DisplayName,
Attribute::OAuth2RsName,
Attribute::OAuth2RsOrigin,
Attribute::OAuth2RsOriginLanding,
Attribute::OAuth2RsSupScopeMap,
Attribute::OAuth2RsScopeMap,
+ Attribute::OAuth2RsBasicSecret,
Attribute::OAuth2AllowInsecureClientDisablePkce,
Attribute::OAuth2JwtLegacyCryptoEnable,
Attribute::OAuth2PreferShortUsername,
Attribute::OAuth2AllowLocalhostRedirect,
Attribute::OAuth2RsClaimMap,
Attribute::Image,
Attribute::OAuth2StrictRedirectUri,
],
create_classes: vec![
EntryClass::Object,
--
2.46.1

174
pkgs/by-name/ka/kanidm/patches/1_4/recover-account.patch
View File

@ -1,174 +0,0 @@
From c8ed69efe3f702b19834c2659be1dd3ec2d41c17 Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Fri, 1 Nov 2024 12:27:43 +0100
Subject: [PATCH 2/2] recover account
---
server/core/src/actors/internal.rs | 3 ++-
server/core/src/admin.rs | 6 +++---
server/daemon/src/main.rs | 14 +++++++++++++-
server/daemon/src/opt.rs | 4 ++++
4 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/server/core/src/actors/internal.rs b/server/core/src/actors/internal.rs
index 420e72c6c..5c4353116 100644
--- a/server/core/src/actors/internal.rs
+++ b/server/core/src/actors/internal.rs
@@ -171,25 +171,26 @@ impl QueryServerWriteV1 {
}
#[instrument(
level = "info",
- skip(self, eventid),
+ skip(self, password, eventid),
fields(uuid = ?eventid)
)]
pub(crate) async fn handle_admin_recover_account(
&self,
name: String,
+ password: Option<String>,
eventid: Uuid,
) -> Result<String, OperationError> {
let ct = duration_from_epoch_now();
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
- let pw = idms_prox_write.recover_account(name.as_str(), None)?;
+ let pw = idms_prox_write.recover_account(name.as_str(), password.as_deref())?;
idms_prox_write.commit().map(|()| pw)
}
#[instrument(
level = "info",
skip_all,
fields(uuid = ?eventid)
)]
pub(crate) async fn handle_domain_raise(&self, eventid: Uuid) -> Result<u32, OperationError> {
diff --git a/server/core/src/admin.rs b/server/core/src/admin.rs
index 90ccb1927..85e31ddef 100644
--- a/server/core/src/admin.rs
+++ b/server/core/src/admin.rs
@@ -17,21 +17,21 @@ use tokio_util::codec::{Decoder, Encoder, Framed};
use tracing::{span, Instrument, Level};
use uuid::Uuid;
pub use kanidm_proto::internal::{
DomainInfo as ProtoDomainInfo, DomainUpgradeCheckReport as ProtoDomainUpgradeCheckReport,
DomainUpgradeCheckStatus as ProtoDomainUpgradeCheckStatus,
};
#[derive(Serialize, Deserialize, Debug)]
pub enum AdminTaskRequest {
- RecoverAccount { name: String },
+ RecoverAccount { name: String, password: Option<String> },
ShowReplicationCertificate,
RenewReplicationCertificate,
RefreshReplicationConsumer,
DomainShow,
DomainUpgradeCheck,
DomainRaise,
DomainRemigrate { level: Option<u32> },
}
#[derive(Serialize, Deserialize, Debug)]
@@ -302,22 +302,22 @@ async fn handle_client(
let mut reqs = Framed::new(sock, ServerCodec);
trace!("Waiting for requests ...");
while let Some(Ok(req)) = reqs.next().await {
// Setup the logging span
let eventid = Uuid::new_v4();
let nspan = span!(Level::INFO, "handle_admin_client_request", uuid = ?eventid);
let resp = async {
match req {
- AdminTaskRequest::RecoverAccount { name } => {
- match server_rw.handle_admin_recover_account(name, eventid).await {
+ AdminTaskRequest::RecoverAccount { name, password } => {
+ match server_rw.handle_admin_recover_account(name, password, eventid).await {
Ok(password) => AdminTaskResponse::RecoverAccount { password },
Err(e) => {
error!(err = ?e, "error during recover-account");
AdminTaskResponse::Error
}
}
}
AdminTaskRequest::ShowReplicationCertificate => match repl_ctrl_tx.as_mut() {
Some(ctrl_tx) => show_replication_certificate(ctrl_tx).await,
None => {
diff --git a/server/daemon/src/main.rs b/server/daemon/src/main.rs
index 7486d34a8..784106352 100644
--- a/server/daemon/src/main.rs
+++ b/server/daemon/src/main.rs
@@ -903,27 +903,39 @@ async fn kanidm_main(
} else {
let output_mode: ConsoleOutputMode = commonopts.output_mode.to_owned().into();
submit_admin_req(
config.adminbindpath.as_str(),
AdminTaskRequest::RefreshReplicationConsumer,
output_mode,
)
.await;
}
}
- KanidmdOpt::RecoverAccount { name, commonopts } => {
+ KanidmdOpt::RecoverAccount { name, from_environment, commonopts } => {
info!("Running account recovery ...");
let output_mode: ConsoleOutputMode = commonopts.output_mode.to_owned().into();
+ let password = if *from_environment {
+ match std::env::var("KANIDM_RECOVER_ACCOUNT_PASSWORD") {
+ Ok(val) => Some(val),
+ _ => {
+ error!("Environment variable KANIDM_RECOVER_ACCOUNT_PASSWORD not set");
+ return ExitCode::FAILURE;
+ }
+ }
+ } else {
+ None
+ };
submit_admin_req(
config.adminbindpath.as_str(),
AdminTaskRequest::RecoverAccount {
name: name.to_owned(),
+ password,
},
output_mode,
)
.await;
}
KanidmdOpt::Database {
commands: DbCommands::Reindex(_copt),
} => {
info!("Running in reindex mode ...");
reindex_server_core(&config).await;
diff --git a/server/daemon/src/opt.rs b/server/daemon/src/opt.rs
index f1b45a5b3..9c013e32e 100644
--- a/server/daemon/src/opt.rs
+++ b/server/daemon/src/opt.rs
@@ -229,20 +229,24 @@ enum KanidmdOpt {
/// Create a self-signed ca and tls certificate in the locations listed from the
/// configuration. These certificates should *not* be used in production, they
/// are for testing and evaluation only!
CertGenerate(CommonOpt),
#[clap(name = "recover-account")]
/// Recover an account's password
RecoverAccount {
#[clap(value_parser)]
/// The account name to recover credentials for.
name: String,
+ /// Use the password given in the environment variable
+ /// `KANIDM_RECOVER_ACCOUNT_PASSWORD` instead of generating one.
+ #[clap(long = "from-environment")]
+ from_environment: bool,
#[clap(flatten)]
commonopts: CommonOpt,
},
/// Display this server's replication certificate
ShowReplicationCertificate {
#[clap(flatten)]
commonopts: CommonOpt,
},
/// Renew this server's replication certificate
RenewReplicationCertificate {
--
2.46.1

1
pkgs/by-name/li/libadwaita/package.nix
View File

@ -31,7 +31,6 @@ stdenv.mkDerivation (finalAttrs: {
"devdoc"
];
outputBin = "devdoc"; # demo app
passthru.bin = finalAttrs.finalPackage.${finalAttrs.outputBin}; # fixes lib.getExe
src = fetchFromGitLab {
domain = "gitlab.gnome.org";

9
pkgs/by-name/li/libassuan/package.nix
View File

@ -9,12 +9,12 @@
gitUpdater,
}:
stdenv.mkDerivation (finalAttrs: {
stdenv.mkDerivation rec {
pname = "libassuan";
version = "3.0.2";
src = fetchurl {
url = "mirror://gnupg/libassuan/libassuan-${finalAttrs.version}.tar.bz2";
url = "mirror://gnupg/libassuan/libassuan-${version}.tar.bz2";
hash = "sha256-0pMc2tJm5jNRD5lw4aLzRgVeNRuxn5t4kSR1uAdMNvY=";
};
@ -24,7 +24,6 @@ stdenv.mkDerivation (finalAttrs: {
"info"
];
outputBin = "dev"; # libassuan-config
passthru.bin = finalAttrs.finalPackage.${finalAttrs.outputBin}; # fixes lib.getExe
depsBuildBuild = [ buildPackages.stdenv.cc ];
buildInputs = [
@ -60,9 +59,9 @@ stdenv.mkDerivation (finalAttrs: {
provided.
'';
homepage = "https://gnupg.org/software/libassuan/";
changelog = "https://dev.gnupg.org/source/libassuan/browse/master/NEWS;libassuan-${finalAttrs.version}";
changelog = "https://dev.gnupg.org/source/libassuan/browse/master/NEWS;libassuan-${version}";
license = lib.licenses.lgpl2Plus;
platforms = lib.platforms.all;
maintainers = [ ];
};
})
}

4
pkgs/by-name/li/libblake3/package.nix
View File

@ -4,7 +4,7 @@
cmake,
fetchFromGitHub,
fetchpatch,
tbb_2021_11,
tbb_2021,
useTBB ? true,
}:
@ -41,7 +41,7 @@ stdenv.mkDerivation (finalAttrs: {
propagatedBuildInputs = lib.optionals useTBB [
# 2022.0 crashes on macOS at the moment
tbb_2021_11
tbb_2021
];
cmakeFlags = [

9
pkgs/by-name/li/libdazzle/package.nix
View File

@ -19,7 +19,7 @@
gnome,
}:
stdenv.mkDerivation (finalAttrs: {
stdenv.mkDerivation rec {
pname = "libdazzle";
version = "3.44.0";
@ -29,10 +29,9 @@ stdenv.mkDerivation (finalAttrs: {
"devdoc"
];
outputBin = "dev";
passthru.bin = finalAttrs.finalPackage.${finalAttrs.outputBin}; # fixes lib.getExe
src = fetchurl {
url = "mirror://gnome/sources/libdazzle/${lib.versions.majorMinor finalAttrs.version}/libdazzle-${finalAttrs.version}.tar.xz";
url = "mirror://gnome/sources/libdazzle/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
sha256 = "PNPkXrbiaAywXVLh6A3Y+dWdR2UhLw4o945sF4PRjq4=";
};
@ -76,7 +75,7 @@ stdenv.mkDerivation (finalAttrs: {
passthru = {
updateScript = gnome.updateScript {
packageName = "libdazzle";
packageName = pname;
};
};
@ -95,4 +94,4 @@ stdenv.mkDerivation (finalAttrs: {
teams = [ teams.gnome ];
platforms = platforms.unix;
};
})
}

7
pkgs/by-name/li/libevent/package.nix
View File

@ -12,12 +12,12 @@
static ? stdenv.hostPlatform.isStatic,
}:
stdenv.mkDerivation (finalAttrs: {
stdenv.mkDerivation rec {
pname = "libevent";
version = "2.1.12";
src = fetchurl {
url = "https://github.com/libevent/libevent/releases/download/release-${finalAttrs.version}-stable/libevent-${finalAttrs.version}-stable.tar.gz";
url = "https://github.com/libevent/libevent/releases/download/release-${version}-stable/libevent-${version}-stable.tar.gz";
sha256 = "1fq30imk8zd26x8066di3kpc5zyfc5z6frr3zll685zcx4dxxrlj";
};
@ -48,7 +48,6 @@ stdenv.mkDerivation (finalAttrs: {
"dev"
] ++ lib.optional sslSupport "openssl";
outputBin = "dev";
passthru.bin = finalAttrs.finalPackage.${finalAttrs.outputBin}; # fixes lib.getExe
propagatedBuildOutputs = [ "out" ] ++ lib.optional sslSupport "openssl";
nativeBuildInputs = [
@ -88,4 +87,4 @@ stdenv.mkDerivation (finalAttrs: {
license = licenses.bsd3;
platforms = platforms.all;
};
})
}

8
pkgs/by-name/li/libgpg-error/package.nix
View File

@ -23,13 +23,12 @@ let
};
in
stdenv.mkDerivation (
finalAttrs:
{
rec {
pname = "libgpg-error";
version = "1.51";
src = fetchurl {
url = "mirror://gnupg/libgpg-error/libgpg-error-${finalAttrs.version}.tar.bz2";
url = "mirror://gnupg/${pname}/${pname}-${version}.tar.bz2";
hash = "sha256-vg8bLba5Pu1VNpzfefGfcnUMjHw5/CC1d+ckVFQn5rI=";
};
@ -50,7 +49,6 @@ stdenv.mkDerivation (
"info"
];
outputBin = "dev"; # deps want just the lib, most likely
passthru.bin = finalAttrs.finalPackage.${finalAttrs.outputBin}; # fixes lib.getExe
# If architecture-dependent MO files aren't available, they're generated
# during build, so we need gettext for cross-builds.
@ -80,7 +78,7 @@ stdenv.mkDerivation (
homepage = "https://www.gnupg.org/software/libgpg-error/index.html";
changelog = "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=blob;f=NEWS;hb=refs/tags/libgpg-error-${version}";
description = "Small library that defines common error values for all GnuPG components";
mainProgram = if genPosixLockObjOnly then "gen-posix-lock-obj" else "gpg-error";
mainProgram = "gen-posix-lock-obj";
longDescription = ''
Libgpg-error is a small library that defines common error values

4
pkgs/by-name/li/libloot/package.nix
View File

@ -18,7 +18,7 @@
gtest,
icu,
spdlog,
tbb_2021_11,
tbb_2021,
yaml-cpp,
}:
@ -70,7 +70,7 @@ stdenv.mkDerivation (finalAttrs: {
gtest
icu
(spdlog.override { fmt = fmt_11; })
tbb_2021_11
tbb_2021
finalAttrs.passthru.yaml-cpp # has merge-key support
finalAttrs.passthru.libloadorder

7
pkgs/by-name/li/liboil/package.nix
View File

@ -5,12 +5,12 @@
pkg-config,
}:
stdenv.mkDerivation (finalAttrs: {
stdenv.mkDerivation rec {
pname = "liboil";
version = "0.3.17";
src = fetchurl {
url = "${finalAttrs.meta.homepage}/download/liboil-${finalAttrs.version}.tar.gz";
url = "${meta.homepage}/download/liboil-${version}.tar.gz";
sha256 = "0sgwic99hxlb1av8cm0albzh8myb7r3lpcwxfm606l0bkc3h4pqh";
};
@ -22,7 +22,6 @@ stdenv.mkDerivation (finalAttrs: {
"devdoc"
];
outputBin = "dev"; # oil-bugreport
passthru.bin = finalAttrs.finalPackage.${finalAttrs.outputBin}; # fixes lib.getExe
nativeBuildInputs = [ pkg-config ];
@ -43,4 +42,4 @@ stdenv.mkDerivation (finalAttrs: {
maintainers = with maintainers; [ lovek323 ];
platforms = platforms.all;
};
})
}

1
pkgs/by-name/li/libpanel/package.nix
View File

@ -25,7 +25,6 @@ stdenv.mkDerivation (finalAttrs: {
];
outputBin = "dev";
passthru.bin = finalAttrs.finalPackage.${finalAttrs.outputBin}; # fixes lib.getExe
src = fetchurl {
url = "mirror://gnome/sources/libpanel/${lib.versions.majorMinor finalAttrs.version}/libpanel-${finalAttrs.version}.tar.xz";

6
pkgs/by-name/li/librashader/package.nix
View File

@ -24,11 +24,9 @@ rustPlatform.buildRustPackage (finalAttrs: {
useFetchCargoVendor = true;
cargoHash = "sha256-fKYpRvH8zt7GeiaBf1oZHBY4WSCVQzZ0Ca7Q3ek6QE0=";
RUSTC_BOOTSTRAP = 1;
buildPhase = ''
runHook preBuild
cargo run -p librashader-build-script -- --profile optimized
cargo run -p librashader-build-script -- --profile optimized --stable
runHook postBuild
'';
@ -54,7 +52,7 @@ rustPlatform.buildRustPackage (finalAttrs: {
''
)
+ ''
install -m644 librashader.h -t $out/include/librashader
install -m644 ../../include/librashader.h -t $out/include/librashader
install -m644 ../../include/librashader_ld.h -t $out/include/librashader
runHook postInstall
'';

1
pkgs/by-name/li/libshumate/package.nix
View File

@ -31,7 +31,6 @@ stdenv.mkDerivation (finalAttrs: {
"devdoc"
];
outputBin = "devdoc"; # demo app
passthru.bin = finalAttrs.finalPackage.${finalAttrs.outputBin}; # fixes lib.getExe
src = fetchurl {
url = "mirror://gnome/sources/libshumate/${lib.versions.majorMinor finalAttrs.version}/libshumate-${finalAttrs.version}.tar.xz";

4
pkgs/by-name/li/liburing/package.nix
View File

@ -6,13 +6,13 @@
stdenv.mkDerivation rec {
pname = "liburing";
version = "2.10";
version = "2.11";
src = fetchFromGitHub {
owner = "axboe";
repo = "liburing";
tag = "liburing-${version}";
hash = "sha256-yw21Krg/xsBGCbwwQDIbrq/7q+LNCwC3cXyGPANjkEA=";
hash = "sha256-V73QP89WMrL2fkPRbo/TSkfO7GeDsCudlw2Ut5baDzA=";
};
separateDebugInfo = true;

17
pkgs/by-name/li/libvncserver/package.nix
View File

@ -10,11 +10,14 @@
libpng,
withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd,
systemd,
enableShared ? !stdenv.hostPlatform.isStatic,
buildExamples ? false,
}:
stdenv.mkDerivation rec {
stdenv.mkDerivation (finalAttrs: {
pname = "libvncserver";
version = "0.9.14";
version = "0.9.15";
outputs = [
"out"
@ -24,8 +27,8 @@ stdenv.mkDerivation rec {
src = fetchFromGitHub {
owner = "LibVNC";
repo = "libvncserver";
rev = "LibVNCServer-${version}";
sha256 = "sha256-kqVZeCTp+Z6BtB6nzkwmtkJ4wtmjlSQBg05lD02cVvQ=";
tag = "LibVNCServer-${finalAttrs.version}";
hash = "sha256-a3acEjJM+ZA9jaB6qZ/czjIfx/L3j71VjJ6mtlqYcSw=";
};
patches = [
@ -38,7 +41,9 @@ stdenv.mkDerivation rec {
];
cmakeFlags = [
"-DWITH_SYSTEMD=${if withSystemd then "ON" else "OFF"}"
(lib.cmakeBool "WITH_SYSTEMD" withSystemd)
(lib.cmakeBool "BUILD_SHARED_LIBS" enableShared)
(lib.cmakeBool "WITH_EXAMPLES" buildExamples)
];
buildInputs =
@ -63,4 +68,4 @@ stdenv.mkDerivation rec {
maintainers = with maintainers; [ raskin ];
platforms = platforms.unix;
};
}
})

12
pkgs/by-name/li/libvncserver/pkgconfig.patch
View File

@ -1,7 +1,7 @@
diff --git a/libvncclient.pc.cmakein b/libvncclient.pc.cmakein
diff --git a/src/libvncclient/libvncclient.pc.cmakein b/src/libvncclient/libvncclient.pc.cmakein
index ceeda39d..2516e643 100644
--- a/libvncclient.pc.cmakein
+++ b/libvncclient.pc.cmakein
--- a/src/libvncclient/libvncclient.pc.cmakein
+++ b/src/libvncclient/libvncclient.pc.cmakein
@@ -1,7 +1,7 @@
prefix=@CMAKE_INSTALL_PREFIX@
exec_prefix=@CMAKE_INSTALL_PREFIX@
@ -12,10 +12,10 @@ index ceeda39d..2516e643 100644
Name: LibVNCClient
Description: A library for easy implementation of a VNC client.
diff --git a/libvncserver.pc.cmakein b/libvncserver.pc.cmakein
diff --git a/src/libvncserver/libvncserver.pc.cmakein b/src/libvncserver/libvncserver.pc.cmakein
index 33ec6685..57244742 100644
--- a/libvncserver.pc.cmakein
+++ b/libvncserver.pc.cmakein
--- a/src/libvncserver/libvncserver.pc.cmakein
+++ b/src/libvncserver/libvncserver.pc.cmakein
@@ -1,7 +1,7 @@
prefix=@CMAKE_INSTALL_PREFIX@
exec_prefix=@CMAKE_INSTALL_PREFIX@

6
pkgs/by-name/ma/manifold/package.nix
View File

@ -6,7 +6,7 @@
clipper2,
gtest,
glm,
tbb_2021_11,
tbb_2021,
}:
stdenv.mkDerivation (finalAttrs: {
@ -25,7 +25,7 @@ stdenv.mkDerivation (finalAttrs: {
buildInputs = [
gtest
glm
tbb_2021_11
tbb_2021
clipper2
];
@ -38,7 +38,7 @@ stdenv.mkDerivation (finalAttrs: {
doCheck = true;
checkPhase = ''
test/manifold_test
test/manifold_test --gtest_filter=-CrossSection.RoundOffset
'';
meta = {

14
pkgs/by-name/ma/matrix-synapse-unwrapped/package.nix
View File

@ -2,6 +2,7 @@
lib,
stdenv,
fetchFromGitHub,
fetchpatch,
python3,
openssl,
libiconv,
@ -17,16 +18,25 @@ let
in
python3.pkgs.buildPythonApplication rec {
pname = "matrix-synapse";
version = "1.131.0";
version = "1.132.0";
format = "pyproject";
src = fetchFromGitHub {
owner = "element-hq";
repo = "synapse";
rev = "v${version}";
hash = "sha256-nXDVkuV5GCk0Lp4LfyiModKdO30PJ40B5mXdm5tMHQo=";
hash = "sha256-yKoBYwd2djHAawBJRcbdrJH16+MHpYQnU7h39SvWqYE=";
};
patches = [
# Skip broken HTML preview test case with libxml >= 2.14
# https://github.com/element-hq/synapse/pull/18413
(fetchpatch {
url = "https://github.com/element-hq/synapse/commit/8aad32965888476b4660bf8228d2d2aa9ccc848b.patch";
hash = "sha256-EUEbF442nOAybMI8EL6Ee0ib3JqSlQQ04f5Az3quKko=";
})
];
cargoDeps = rustPlatform.fetchCargoVendor {
inherit pname version src;
hash = "sha256-9VJnn8aPkShqK2wYGFr+S5koIjma7VOr+LkLXwStL1E=";

6
pkgs/by-name/ma/mautrix-whatsapp/package.nix
View File

@ -14,19 +14,19 @@
buildGoModule rec {
pname = "mautrix-whatsapp";
version = "0.12.1";
version = "0.12.2";
src = fetchFromGitHub {
owner = "mautrix";
repo = "whatsapp";
rev = "v${version}";
hash = "sha256-WZPmSIkRSCrI1krIWJ2abVw1t81vjcqewTdx0W2aD+Q=";
hash = "sha256-Es6RWUo/e25wYGIz6feVNXIQbMCDPl1iZoKT3x8vHtA=";
};
buildInputs = lib.optional (!withGoolm) olm;
tags = lib.optional withGoolm "goolm";
vendorHash = "sha256-jgwi0ENJ064gWJWyvlSlaEicC+NAtn0Tdbnu6mzmLoE=";
vendorHash = "sha256-/R6MI6egGV1E1YzKcxBSOb2z97kA1HCK5GdMgfR1vSM=";
doCheck = false;

4
pkgs/by-name/mo/mold/package.nix
View File

@ -7,7 +7,7 @@
cmake,
mimalloc,
ninja,
tbb_2022_0,
tbb_2022,
zlib,
zstd,
@ -42,7 +42,7 @@ stdenv.mkDerivation (finalAttrs: {
buildInputs =
[
tbb_2022_0
tbb_2022
zlib
zstd
]

4
pkgs/by-name/na/naja/package.nix
View File

@ -10,7 +10,7 @@
flex,
pkg-config,
python3,
tbb_2021_11,
tbb_2021,
buildPackages,
nix-update-script,
}:
@ -63,7 +63,7 @@ stdenv.mkDerivation (finalAttrs: {
boost
capnproto # cmake modules
flex # include dir
tbb_2021_11
tbb_2021
python3
];

14
pkgs/by-name/ne/nexus/package.nix
View File

@ -60,11 +60,15 @@ stdenv.mkDerivation rec {
sourceProvenance = with lib.sourceTypes; [ binaryBytecode ];
license = lib.licenses.epl10;
platforms = lib.platforms.all;
maintainers = with lib.maintainers; [
aespinosa
ironpinguin
luftmensch-luftmensch
zaninime
knownVulnerabilities = [
"Nexus 3.77 + 3.78 fixed a bunch of security issues: https://help.sonatype.com/en/sonatype-nexus-repository-3-78-0-release-notes.html"
"CVE-2024-47554"
"CVE-2024-5764"
"Sonatype-2015-0286"
"Sonatype-2022-6438"
"CVE-2023-6378"
"CVE-2023-4218"
];
maintainers = with lib.maintainers; [ ];
};
}

63
pkgs/by-name/ni/nixos-rebuild-ng/src/nixos_rebuild/__init__.py
View File

@ -5,11 +5,12 @@ import os
import sys
from pathlib import Path
from subprocess import CalledProcessError, run
from textwrap import dedent
from typing import Final, assert_never
from . import nix, tmpdir
from .constants import EXECUTABLE, WITH_NIX_2_18, WITH_REEXEC, WITH_SHELL_FILES
from .models import Action, BuildAttr, Flake, ImageVariants, NRError, Profile
from .models import Action, BuildAttr, Flake, ImageVariants, NixOSRebuildError, Profile
from .process import Remote, cleanup_ssh
from .utils import Args, LogFormatter, tabulate
@ -99,7 +100,7 @@ def get_parser() -> tuple[argparse.ArgumentParser, dict[str, argparse.ArgumentPa
"--attr",
"-A",
help="Enable and build the NixOS system from nix file and use the "
+ "specified attribute path from file specified by the --file option",
"specified attribute path from file specified by the --file option",
)
main_parser.add_argument(
"--flake",
@ -117,7 +118,7 @@ def get_parser() -> tuple[argparse.ArgumentParser, dict[str, argparse.ArgumentPa
"--install-bootloader",
action="store_true",
help="Causes the boot loader to be (re)installed on the device specified "
+ "by the relevant configuration options",
"by the relevant configuration options",
)
main_parser.add_argument(
"--install-grub",
@ -142,7 +143,7 @@ def get_parser() -> tuple[argparse.ArgumentParser, dict[str, argparse.ArgumentPa
"--upgrade",
action="store_true",
help="Update the root user's channel named 'nixos' before rebuilding "
+ "the system and channels which have a file named '.update-on-nixos-rebuild'",
"the system and channels which have a file named '.update-on-nixos-rebuild'",
)
main_parser.add_argument(
"--upgrade-all",
@ -186,7 +187,7 @@ def get_parser() -> tuple[argparse.ArgumentParser, dict[str, argparse.ArgumentPa
main_parser.add_argument(
"--image-variant",
help="Selects an image variant to build from the "
+ "config.system.build.images attribute of the given configuration",
"config.system.build.images attribute of the given configuration",
)
main_parser.add_argument("action", choices=Action.values(), nargs="?")
@ -321,7 +322,7 @@ def reexec(
# - Exec format error (e.g.: another OS/CPU arch)
logger.warning(
"could not re-exec in a newer version of nixos-rebuild, "
+ "using current version",
"using current version",
exc_info=logger.isEnabledFor(logging.DEBUG),
)
# We already run clean-up, let's re-exec in the current version
@ -329,6 +330,37 @@ def reexec(
os.execve(current, argv, os.environ | {"_NIXOS_REBUILD_REEXEC": "1"})
def validate_image_variant(image_variant: str, variants: ImageVariants) -> None:
if image_variant not in variants:
raise NixOSRebuildError(
"please specify one of the following supported image variants via "
"--image-variant:\n" + "\n".join(f"- {v}" for v in variants)
)
def validate_nixos_config(path_to_config: Path) -> None:
if not (path_to_config / "nixos-version").exists() and not os.environ.get(
"NIXOS_REBUILD_I_UNDERSTAND_THE_CONSEQUENCES_PLEASE_BREAK_MY_SYSTEM"
):
msg = dedent(
# the lowercase for the first letter below is proposital
f"""
your NixOS configuration path seems to be missing essential files.
To avoid corrupting your current NixOS installation, the activation will abort.
This could be caused by Nix bug: https://github.com/NixOS/nix/issues/13367.
This is the evaluated NixOS configuration path: {path_to_config}.
Change the directory to somewhere else (e.g., `cd $HOME`) before trying again.
If you think this is a mistake, you can set the environment variable
NIXOS_REBUILD_I_UNDERSTAND_THE_CONSEQUENCES_PLEASE_BREAK_MY_SYSTEM to 1
and re-run the command to continue.
Please open an issue if this is the case.
"""
).strip()
raise NixOSRebuildError(msg)
def execute(argv: list[str]) -> None:
args, args_groups = parse_args(argv)
@ -393,28 +425,20 @@ def execute(argv: list[str]) -> None:
no_link = action in (Action.SWITCH, Action.BOOT)
rollback = bool(args.rollback)
def validate_image_variant(variants: ImageVariants) -> None:
if args.image_variant not in variants:
raise NRError(
"please specify one of the following "
+ "supported image variants via --image-variant:\n"
+ "\n".join(f"- {v}" for v in variants)
)
match action:
case Action.BUILD_IMAGE if flake:
variants = nix.get_build_image_variants_flake(
flake,
eval_flags=flake_common_flags,
)
validate_image_variant(variants)
validate_image_variant(args.image_variant, variants)
attr = f"config.system.build.images.{args.image_variant}"
case Action.BUILD_IMAGE:
variants = nix.get_build_image_variants(
build_attr,
instantiate_flags=common_flags,
)
validate_image_variant(variants)
validate_image_variant(args.image_variant, variants)
attr = f"config.system.build.images.{args.image_variant}"
case Action.BUILD_VM:
attr = "config.system.build.vm"
@ -435,9 +459,11 @@ def execute(argv: list[str]) -> None:
if maybe_path_to_config: # kinda silly but this makes mypy happy
path_to_config = maybe_path_to_config
else:
raise NRError("could not find previous generation")
raise NixOSRebuildError("could not find previous generation")
case (_, True, _, _):
raise NRError(f"--rollback is incompatible with '{action}'")
raise NixOSRebuildError(
f"--rollback is incompatible with '{action}'"
)
case (_, False, Remote(_), Flake(_)):
path_to_config = nix.build_remote_flake(
attr,
@ -488,6 +514,7 @@ def execute(argv: list[str]) -> None:
copy_flags=copy_flags,
)
if action in (Action.SWITCH, Action.BOOT):
validate_nixos_config(path_to_config)
nix.set_profile(
profile,
path_to_config,

47
pkgs/by-name/ni/nixos-rebuild-ng/src/nixos_rebuild/models.py
View File

@ -4,14 +4,14 @@ import subprocess
from dataclasses import dataclass
from enum import Enum
from pathlib import Path
from typing import Any, Callable, ClassVar, Self, TypedDict, override
from typing import Any, ClassVar, Self, TypedDict, override
from .process import Remote, run_wrapper
type ImageVariants = list[str]
class NRError(Exception):
class NixOSRebuildError(Exception):
"nixos-rebuild general error."
def __init__(self, message: str) -> None:
@ -100,6 +100,20 @@ def discover_closest_flake(location: Path) -> Path | None:
return None
def get_hostname(target_host: Remote | None) -> str | None:
if target_host:
try:
return run_wrapper(
["uname", "-n"],
capture_output=True,
remote=target_host,
).stdout.strip()
except (AttributeError, subprocess.CalledProcessError):
return None
else:
return platform.node()
@dataclass(frozen=True)
class Flake:
path: Path | str
@ -114,15 +128,13 @@ class Flake:
return f"{self.path}#{self.attr}"
@classmethod
def parse(
cls,
flake_str: str,
hostname_fn: Callable[[], str | None] = lambda: None,
) -> Self:
def parse(cls, flake_str: str, target_host: Remote | None = None) -> Self:
m = cls._re.match(flake_str)
assert m is not None, f"got no matches for {flake_str}"
attr = m.group("attr")
nixos_attr = f'nixosConfigurations."{attr or hostname_fn() or "default"}"'
nixos_attr = (
f'nixosConfigurations."{attr or get_hostname(target_host) or "default"}"'
)
path_str = m.group("path")
if ":" in path_str:
return cls(path_str, nixos_attr)
@ -143,24 +155,11 @@ class Flake:
@classmethod
def from_arg(cls, flake_arg: Any, target_host: Remote | None) -> Self | None:
def get_hostname() -> str | None:
if target_host:
try:
return run_wrapper(
["uname", "-n"],
stdout=subprocess.PIPE,
remote=target_host,
).stdout.strip()
except (AttributeError, subprocess.CalledProcessError):
return None
else:
return platform.node()
match flake_arg:
case str(s):
return cls.parse(s, get_hostname)
return cls.parse(s, target_host)
case True:
return cls.parse(".", get_hostname)
return cls.parse(".", target_host)
case False:
return None
case _:
@ -169,7 +168,7 @@ class Flake:
if default_path.exists():
# It can be a symlink to the actual flake.
default_path = default_path.resolve()
return cls.parse(str(default_path.parent), get_hostname)
return cls.parse(str(default_path.parent), target_host)
else:
return None

16
pkgs/by-name/ni/nixos-rebuild-ng/src/nixos_rebuild/nix.py
View File

@ -20,7 +20,7 @@ from .models import (
Generation,
GenerationJson,
ImageVariants,
NRError,
NixOSRebuildError,
Profile,
Remote,
)
@ -256,7 +256,7 @@ def edit(flake: Flake | None, flake_flags: Args | None = None) -> None:
)
else:
if flake_flags:
raise NRError("'edit' does not support extra Nix flags")
raise NixOSRebuildError("'edit' does not support extra Nix flags")
nixos_config = Path(
os.getenv("NIXOS_CONFIG") or find_file("nixos-config") or "/etc/nixos"
)
@ -266,7 +266,7 @@ def edit(flake: Flake | None, flake_flags: Args | None = None) -> None:
if nixos_config.exists():
run_wrapper([os.getenv("EDITOR", "nano"), nixos_config], check=False)
else:
raise NRError("cannot find NixOS config file")
raise NixOSRebuildError("cannot find NixOS config file")
def find_file(file: str, nix_flags: Args | None = None) -> Path | None:
@ -424,7 +424,7 @@ def get_generations(profile: Profile) -> list[Generation]:
and if this is the current active profile or not.
"""
if not profile.path.exists():
raise NRError(f"no profile '{profile.name}' found")
raise NixOSRebuildError(f"no profile '{profile.name}' found")
def parse_path(path: Path, profile: Profile) -> Generation:
entry_id = path.name.split("-")[1]
@ -456,7 +456,7 @@ def get_generations_from_nix_env(
and if this is the current active profile or not.
"""
if not profile.path.exists():
raise NRError(f"no profile '{profile.name}' found")
raise NixOSRebuildError(f"no profile '{profile.name}' found")
# Using `nix-env --list-generations` needs root to lock the profile
r = run_wrapper(
@ -635,13 +635,13 @@ def switch_to_configuration(
"""
if specialisation:
if action not in (Action.SWITCH, Action.TEST):
raise NRError(
raise NixOSRebuildError(
"'--specialisation' can only be used with 'switch' and 'test'"
)
path_to_config = path_to_config / f"specialisation/{specialisation}"
if not path_to_config.exists():
raise NRError(f"specialisation not found: {specialisation}")
raise NixOSRebuildError(f"specialisation not found: {specialisation}")
r = run_wrapper(
["test", "-d", "/run/systemd/system"],
@ -652,7 +652,7 @@ def switch_to_configuration(
if r.returncode:
logger.debug(
"skipping systemd-run to switch configuration since systemd is "
+ "not working in target host"
"not working in target host"
)
cmd = []

6
pkgs/by-name/ni/nixos-rebuild-ng/src/nixos_rebuild/process.py
View File

@ -55,12 +55,12 @@ class Remote:
if o in ["-t", "-tt", "RequestTTY=yes", "RequestTTY=force"]:
logger.warning(
f"detected option '{o}' in NIX_SSHOPTS. SSH's TTY may "
+ "cause issues, it is recommended to remove this option"
"cause issues, it is recommended to remove this option"
)
if not ask_sudo_password:
logger.warning(
"if you want to prompt for sudo password use "
+ "'--ask-sudo-password' option instead"
"'--ask-sudo-password' option instead"
)
@ -161,7 +161,7 @@ def run_wrapper(
if sudo and remote and remote.sudo_password is None:
logger.error(
"while running command with remote sudo, did you forget to use "
+ "--ask-sudo-password?"
"--ask-sudo-password?"
)
raise

19
pkgs/by-name/ni/nixos-rebuild-ng/src/pyproject.toml
View File

@ -39,37 +39,38 @@ ignore_missing_imports = true
[tool.ruff.lint]
extend-select = [
# Enforce type annotations
# enforce type annotations
"ANN",
# don't shadow built-in names
"A",
# Better list/set/dict comprehensions
# better list/set/dict comprehensions
"C4",
# Check for debugger statements
# check for debugger statements
"T10",
# ensure imports are sorted
"I",
# Automatically upgrade syntax for newer versions
# automatically upgrade syntax for newer versions
"UP",
# detect common sources of bugs
"B",
# Ruff specific rules
# ruff specific rules
"RUF",
# require `check` argument for `subprocess.run`
"PLW1510",
# check for needless exception names in raise statements
"TRY201",
# Pythonic naming conventions
# pythonic naming conventions
"N",
# string concatenation rules
"ISC001",
"ISC002",
"ISC003",
]
ignore = [
# allow Any type
"ANN401"
]
[tool.ruff.lint.per-file-ignores]
"tests/" = ["FA102"]
[tool.pytest.ini_options]
pythonpath = ["."]
addopts = "--import-mode=importlib"

50
pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_main.py
View File

@ -213,7 +213,11 @@ def test_reexec_flake(
)
@patch.dict(os.environ, {}, clear=True)
@patch.dict(
os.environ,
{"NIXOS_REBUILD_I_UNDERSTAND_THE_CONSEQUENCES_PLEASE_BREAK_MY_SYSTEM": "1"},
clear=True,
)
@patch("subprocess.run", autospec=True)
def test_execute_nix_boot(mock_run: Mock, tmp_path: Path) -> None:
nixpkgs_path = tmp_path / "nixpkgs"
@ -291,7 +295,15 @@ def test_execute_nix_boot(mock_run: Mock, tmp_path: Path) -> None:
"boot",
],
check=True,
**(DEFAULT_RUN_KWARGS | {"env": {"NIXOS_INSTALL_BOOTLOADER": "0"}}),
**(
DEFAULT_RUN_KWARGS
| {
"env": {
"NIXOS_INSTALL_BOOTLOADER": "0",
"NIXOS_REBUILD_I_UNDERSTAND_THE_CONSEQUENCES_PLEASE_BREAK_MY_SYSTEM": "1",
}
}
),
),
]
)
@ -421,7 +433,11 @@ def test_execute_nix_build_image_flake(mock_run: Mock, tmp_path: Path) -> None:
)
@patch.dict(os.environ, {}, clear=True)
@patch.dict(
os.environ,
{"NIXOS_REBUILD_I_UNDERSTAND_THE_CONSEQUENCES_PLEASE_BREAK_MY_SYSTEM": "1"},
clear=True,
)
@patch("subprocess.run", autospec=True)
def test_execute_nix_switch_flake(mock_run: Mock, tmp_path: Path) -> None:
config_path = tmp_path / "test"
@ -498,13 +514,25 @@ def test_execute_nix_switch_flake(mock_run: Mock, tmp_path: Path) -> None:
"switch",
],
check=True,
**(DEFAULT_RUN_KWARGS | {"env": {"NIXOS_INSTALL_BOOTLOADER": "1"}}),
**(
DEFAULT_RUN_KWARGS
| {
"env": {
"NIXOS_INSTALL_BOOTLOADER": "1",
"NIXOS_REBUILD_I_UNDERSTAND_THE_CONSEQUENCES_PLEASE_BREAK_MY_SYSTEM": "1",
}
}
),
),
]
)
@patch.dict(os.environ, {}, clear=True)
@patch.dict(
os.environ,
{"NIXOS_REBUILD_I_UNDERSTAND_THE_CONSEQUENCES_PLEASE_BREAK_MY_SYSTEM": "1"},
clear=True,
)
@patch("subprocess.run", autospec=True)
@patch("uuid.uuid4", autospec=True)
@patch(get_qualified_name(nr.cleanup_ssh), autospec=True)
@ -714,7 +742,11 @@ def test_execute_nix_switch_build_target_host(
)
@patch.dict(os.environ, {}, clear=True)
@patch.dict(
os.environ,
{"NIXOS_REBUILD_I_UNDERSTAND_THE_CONSEQUENCES_PLEASE_BREAK_MY_SYSTEM": "1"},
clear=True,
)
@patch("subprocess.run", autospec=True)
@patch(get_qualified_name(nr.cleanup_ssh), autospec=True)
def test_execute_nix_switch_flake_target_host(
@ -817,7 +849,11 @@ def test_execute_nix_switch_flake_target_host(
)
@patch.dict(os.environ, {}, clear=True)
@patch.dict(
os.environ,
{"NIXOS_REBUILD_I_UNDERSTAND_THE_CONSEQUENCES_PLEASE_BREAK_MY_SYSTEM": "1"},
clear=True,
)
@patch("subprocess.run", autospec=True)
@patch(get_qualified_name(nr.cleanup_ssh), autospec=True)
def test_execute_nix_switch_flake_build_host(

25
pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_models.py
View File

@ -30,16 +30,23 @@ def test_build_attr_to_attr() -> None:
)
def test_flake_parse(tmpdir: Path, monkeypatch: MonkeyPatch) -> None:
@patch("platform.node", autospec=True, return_value="hostname")
def test_flake_parse(mock_node: Mock, tmpdir: Path, monkeypatch: MonkeyPatch) -> None:
assert m.Flake.parse("/path/to/flake#attr") == m.Flake(
Path("/path/to/flake"), 'nixosConfigurations."attr"'
)
assert m.Flake.parse("/path/ to /flake", lambda: "hostname") == m.Flake(
assert m.Flake.parse("/path/ to /flake") == m.Flake(
Path("/path/ to /flake"), 'nixosConfigurations."hostname"'
)
assert m.Flake.parse("/path/to/flake", lambda: "hostname") == m.Flake(
Path("/path/to/flake"), 'nixosConfigurations."hostname"'
)
with patch(
get_qualified_name(m.run_wrapper, m),
autospec=True,
return_value=subprocess.CompletedProcess([], 0, stdout="remote\n"),
):
target_host = m.Remote("target@remote", [], None)
assert m.Flake.parse("/path/to/flake", target_host) == m.Flake(
Path("/path/to/flake"), 'nixosConfigurations."remote"'
)
# change directory to tmpdir
with monkeypatch.context() as patch_context:
patch_context.chdir(tmpdir)
@ -49,10 +56,16 @@ def test_flake_parse(tmpdir: Path, monkeypatch: MonkeyPatch) -> None:
assert m.Flake.parse("#attr") == m.Flake(
Path("."), 'nixosConfigurations."attr"'
)
assert m.Flake.parse(".") == m.Flake(Path("."), 'nixosConfigurations."default"')
assert m.Flake.parse(".") == m.Flake(
Path("."), 'nixosConfigurations."hostname"'
)
assert m.Flake.parse("path:/to/flake#attr") == m.Flake(
"path:/to/flake", 'nixosConfigurations."attr"'
)
# from here on we should return "default"
mock_node.return_value = None
assert m.Flake.parse("github:user/repo/branch") == m.Flake(
"github:user/repo/branch", 'nixosConfigurations."default"'
)

2
pkgs/by-name/ni/nixos-rebuild-ng/src/tests/test_nix.py
View File

@ -714,7 +714,7 @@ def test_switch_to_configuration_without_systemd_run(
remote=None,
)
with pytest.raises(m.NRError) as e:
with pytest.raises(m.NixOSRebuildError) as e:
n.switch_to_configuration(
config_path,
m.Action.BOOT,

7
pkgs/by-name/on/oniguruma/package.nix
View File

@ -5,13 +5,13 @@
autoreconfHook,
}:
stdenv.mkDerivation (finalAttrs: {
stdenv.mkDerivation rec {
pname = "oniguruma";
version = "6.9.10";
# Note: do not use fetchpatch or fetchFromGitHub to keep this package available in __bootPackages
src = fetchurl {
url = "https://github.com/kkos/oniguruma/releases/download/v${finalAttrs.version}/onig-${finalAttrs.version}.tar.gz";
url = "https://github.com/kkos/oniguruma/releases/download/v${version}/onig-${version}.tar.gz";
sha256 = "sha256-Klz8WuJZ5Ol/hraN//wVLNr/6U4gYLdwy4JyONdp/AU=";
};
@ -21,7 +21,6 @@ stdenv.mkDerivation (finalAttrs: {
"out"
];
outputBin = "dev"; # onig-config
passthru.bin = finalAttrs.finalPackage.${finalAttrs.outputBin}; # fixes lib.getExe
nativeBuildInputs = [ autoreconfHook ];
configureFlags = [ "--enable-posix-api=yes" ];
@ -34,4 +33,4 @@ stdenv.mkDerivation (finalAttrs: {
maintainers = with maintainers; [ artturin ];
platforms = platforms.unix;
};
})
}

4
pkgs/by-name/op/openscad-unstable/package.nix
View File

@ -34,7 +34,7 @@
mesa,
mpfr,
python3,
tbb_2022_0,
tbb_2022,
wayland,
wayland-protocols,
wrapGAppsHook3,
@ -79,7 +79,7 @@ clangStdenv.mkDerivation rec {
[
clipper2
glm
tbb_2022_0
tbb_2022
mimalloc
boost
cairo

4
pkgs/by-name/op/openvino/package.nix
View File

@ -28,7 +28,7 @@
protobuf,
pugixml,
snappy,
tbb_2022_0,
tbb_2022,
cudaPackages,
}:
@ -158,7 +158,7 @@ stdenv.mkDerivation rec {
opencv
pugixml
snappy
tbb_2022_0
tbb_2022
]
++ lib.optionals cudaSupport [
cudaPackages.cuda_cudart

4
pkgs/by-name/or/orca-slicer/package.nix
View File

@ -34,7 +34,7 @@
opencv,
pcre,
systemd,
tbb_2021_11,
tbb_2021,
webkitgtk_4_0,
wxGTK31,
xorg,
@ -112,7 +112,7 @@ stdenv.mkDerivation (finalAttrs: {
opencascade-occt_7_6
openvdb
pcre
tbb_2021_11
tbb_2021
webkitgtk_4_0
wxGTK'
xorg.libX11

4
pkgs/by-name/os/osrm-backend/package.nix
View File

@ -10,13 +10,13 @@
boost,
lua,
luabind,
tbb_2022_0,
tbb_2022,
expat,
nixosTests,
}:
let
tbb = tbb_2022_0;
tbb = tbb_2022;
in
stdenv.mkDerivation rec {
pname = "osrm-backend";

6
pkgs/by-name/pa/papilo/package.nix
View File

@ -4,7 +4,7 @@
fetchFromGitHub,
cmake,
boost,
tbb_2022_0,
tbb_2022,
}:
stdenv.mkDerivation (finalAttrs: {
@ -39,10 +39,10 @@ stdenv.mkDerivation (finalAttrs: {
buildInputs = [
boost
cmake
tbb_2022_0
tbb_2022
];
propagatedBuildInputs = [ tbb_2022_0 ];
propagatedBuildInputs = [ tbb_2022 ];
strictDeps = true;

4
pkgs/by-name/pa/parabolic/package.nix
View File

@ -34,13 +34,13 @@ assert lib.assertOneOf "uiPlatform" uiPlatform [
stdenv.mkDerivation (finalAttrs: {
pname = "parabolic";
version = "2025.5.5";
version = "2025.6.0";
src = fetchFromGitHub {
owner = "NickvisionApps";
repo = "Parabolic";
tag = finalAttrs.version;
hash = "sha256-OcWpOC4QZUAGSsK6YXAO+24pY1d8a1AK3BzQKBu/obc=";
hash = "sha256-Osfj/GaD4t85ZYnlFDqgHhLJLA8VvgqtHEJN8bn0SxI=";
};
# Patches desktop file/dbus service bypassing wrapped executable

4
pkgs/by-name/pd/pdf4qt/package.nix
View File

@ -8,7 +8,7 @@
qt6,
wrapGAppsHook3,
openjpeg,
tbb_2021_11,
tbb_2021,
blend2d,
}:
@ -46,7 +46,7 @@ stdenv.mkDerivation (finalAttrs: {
qt6.qtspeech
lcms
openjpeg
tbb_2021_11
tbb_2021
blend2d
];

6
pkgs/by-name/pi/pixi/package.nix
View File

@ -14,17 +14,17 @@
rustPlatform.buildRustPackage (finalAttrs: {
pname = "pixi";
version = "0.48.0";
version = "0.48.2";
src = fetchFromGitHub {
owner = "prefix-dev";
repo = "pixi";
tag = "v${finalAttrs.version}";
hash = "sha256-GCmjR5js8Ewds9Eur7i6vrfsQbcJ2AoWA+MNczu4os0=";
hash = "sha256-v6t3o6/GPgIh8bJ1EQ2KRYoBRpFFejRIG805EbLRjz8=";
};
useFetchCargoVendor = true;
cargoHash = "sha256-AMXSqEoMpm5+fm/mMD/JFMAaj2leaNQhJA5Cj9XQVrU=";
cargoHash = "sha256-8aYYGySZAGcgPFPeCZ5Zx2UMkgJGKQEgCSTQ8HIh9G4=";
nativeBuildInputs = [
pkg-config

4
pkgs/by-name/pr/primecount/package.nix
View File

@ -9,13 +9,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "primecount";
version = "7.18";
version = "7.19";
src = fetchFromGitHub {
owner = "kimwalisch";
repo = "primecount";
rev = "v${finalAttrs.version}";
hash = "sha256-iVRkgVeNO0AxwfyM9Dw5B0GoAf4GlrTtC+1npKlaV3E=";
hash = "sha256-prPNAmMSiZD1EbMyPSD6OmjFn/NQ7ULVxBM1AjCYWPo=";
};
outputs = [

11
pkgs/by-name/ri/ristate/package.nix
View File

@ -2,21 +2,24 @@
lib,
rustPlatform,
fetchFromGitLab,
nix-update-script,
}:
rustPlatform.buildRustPackage {
pname = "ristate";
version = "unstable-2021-09-10";
version = "0-unstable-2023-07-23";
src = fetchFromGitLab {
owner = "snakedye";
repo = "ristate";
rev = "34dfd0a0bab5b36df118d8da3956fd938c625b15";
hash = "sha256-CH9DZ/7Bhbe6qKg1Nbj1rA9SzIsqVlBJg51XxAh0XnY=";
rev = "92e989f26cadac69af1208163733e73b4cf447da";
hash = "sha256-6slH7R6kbSXQBd7q38oBEbngaCbFv0Tyq34VB1PAfhM=";
};
useFetchCargoVendor = true;
cargoHash = "sha256-kzy0U2ZdmEr/F1edQDM3S30ETXaVUXrSoUA+8v486O0=";
cargoHash = "sha256-6uvIc69x/yHkAC3GJUuYGcCbpVyX/mb/pXLf+BQC+48=";
passthru.updateScript = nix-update-script { extraArgs = [ "--version=branch" ]; };
meta = with lib; {
description = "River-status client written in Rust";

4
pkgs/by-name/sa/salmon/package.nix
View File

@ -13,7 +13,7 @@
libiconv,
libstaden-read,
pkg-config,
tbb_2021_11,
tbb_2021,
xz,
zlib,
}:
@ -55,7 +55,7 @@ stdenv.mkDerivation (finalAttrs: {
jemalloc
libgff
libstaden-read
tbb_2021_11
tbb_2021
xz
zlib
] ++ lib.optionals stdenv.hostPlatform.isDarwin [ libiconv ];

4
pkgs/by-name/sc/scipopt-papilo/package.nix
View File

@ -6,7 +6,7 @@
boost,
blas,
gmp,
tbb_2021_11,
tbb_2021,
gfortran,
}:
@ -31,7 +31,7 @@ stdenv.mkDerivation rec {
gmp
gfortran
boost
tbb_2021_11
tbb_2021
];
cmakeFlags = [

4
pkgs/by-name/sc/scipopt-scip/package.nix
View File

@ -11,7 +11,7 @@
scipopt-papilo,
scipopt-zimpl,
ipopt,
tbb_2021_11,
tbb_2021,
boost,
gfortran,
criterion,
@ -39,7 +39,7 @@ stdenv.mkDerivation rec {
gmp
readline
zlib
tbb_2021_11
tbb_2021
boost
gfortran
criterion

3
pkgs/by-name/sd/sdl2-compat/package.nix
View File

@ -79,8 +79,6 @@ stdenv.mkDerivation (finalAttrs: {
'';
passthru = {
bin = finalAttrs.finalPackage.${finalAttrs.outputBin}; # fixes lib.getExe
tests =
{
pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage;
@ -113,7 +111,6 @@ stdenv.mkDerivation (finalAttrs: {
homepage = "https://libsdl.org";
changelog = "https://github.com/libsdl-org/sdl2-compat/releases/tag/${finalAttrs.src.tag}";
license = lib.licenses.zlib;
mainProgram = "sdl2-config";
maintainers = with lib.maintainers; [
nadiaholmquist
];

16
pkgs/by-name/sf/sfwbar/package.nix
View File

@ -16,18 +16,16 @@
docutils,
wayland-scanner,
}:
let
version = "1.0_beta16";
in
stdenv.mkDerivation {
stdenv.mkDerivation (finalAttrs: {
pname = "sfwbar";
inherit version;
version = "1.0_beta16.1";
src = fetchFromGitHub {
owner = "LBCrion";
repo = "sfwbar";
rev = "v${version}";
hash = "sha256-jMEbw3Xla2cod/oKFQ4bD3sTHi7DZ0deG0H0Yt0Y7ck=";
tag = "v${finalAttrs.version}";
hash = "sha256-WA9BXX+0VR8eSdHOYLs+DoazBqVwMllQSxkubq4SkWo=";
};
buildInputs = [
@ -57,7 +55,7 @@ stdenv.mkDerivation {
meta = {
homepage = "https://github.com/LBCrion/sfwbar";
description = "Flexible taskbar application for wayland compositors, designed with a stacking layout in mind";
changelog = "https://github.com/LBCrion/sfwbar/releases/tag/v${version}";
changelog = "https://github.com/LBCrion/sfwbar/releases/tag/v${finalAttrs.version}";
mainProgram = "sfwbar";
platforms = lib.platforms.linux;
maintainers = with lib.maintainers; [
@ -66,4 +64,4 @@ stdenv.mkDerivation {
];
license = lib.licenses.gpl3Only;
};
}
})

68
pkgs/by-name/sp/spire/package.nix
View File

@ -4,7 +4,7 @@
fetchFromGitHub,
}:
buildGoModule rec {
buildGoModule (finalAttrs: {
pname = "spire";
version = "1.12.3";
@ -17,17 +17,50 @@ buildGoModule rec {
src = fetchFromGitHub {
owner = "spiffe";
repo = "spire";
rev = "v${version}";
tag = "v${finalAttrs.version}";
sha256 = "sha256-ZtSJ5/Qg4r2dkFGM/WiDWwQc2OtkX45kGXTdXU35Cng=";
};
vendorHash = "sha256-1ngjcqGwUNMyR/wBCo0MYguD1gGH8rbI2j9BB+tGL9k=";
ldflags = [
"-s"
"-w"
"-X github.com/spiffe/spire/pkg/common/version.gittag=${finalAttrs.version}"
];
subPackages = [
"cmd/spire-agent"
"cmd/spire-server"
];
excludedPackages = [
# ensure these files aren't evaluated, see preCheck
"test/tmpsimulator"
"pkg/agent/plugin/nodeattestor/tpmdevid"
];
__darwinAllowLocalNetworking = true;
checkFlags =
let
skippedTests = [
# wants to reach remote TUF mirror
"TestDockerConfig"
"TestPlugin"
];
in
[ "-skip=^${builtins.concatStringsSep "$|^" skippedTests}$" ];
preCheck = ''
# remove test files which reference github.com/google/go-tpm-tools/simulator
# since it requires cgo and some missing header files
rm -rf test/tpmsimulator pkg/server/plugin/nodeattestor/tpmdevid/devid_test.go
# unset to run all tests
unset subPackages
'';
# Usually either the agent or server is needed for a given use case, but not both
postInstall = ''
mkdir -vp $agent/bin $server/bin
@ -38,11 +71,34 @@ buildGoModule rec {
ln -vs $server/bin/spire-server $out/bin/spire-server
'';
doInstallCheck = true;
installCheckPhase = ''
runHook preInstallCheck
$out/bin/spire-agent -h
if [ "$($out/bin/spire-agent --version 2>&1)" != "${finalAttrs.version}" ]; then
echo "spire-agent version does not match"
exit 1
fi
$out/bin/spire-server -h
if [ "$($out/bin/spire-server --version 2>&1)" != "${finalAttrs.version}" ]; then
echo "spire-server version does not match"
exit 1
fi
runHook postInstallCheck
'';
meta = {
description = "SPIFFE Runtime Environment";
homepage = "https://github.com/spiffe/spire";
changelog = "https://github.com/spiffe/spire/releases/tag/v${version}";
homepage = "https://spiffe.io/";
downloadPage = "https://github.com/spiffe/spire";
changelog = "https://github.com/spiffe/spire/releases/tag/v${finalAttrs.version}";
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [ fkautz ];
maintainers = with lib.maintainers; [
fkautz
jk
];
};
}
})

4
pkgs/by-name/su/supercell-wx/package.nix
View File

@ -24,7 +24,7 @@
gtest,
glm,
qt6,
tbb_2021_11,
tbb_2021,
tracy,
replaceVars,
python3,
@ -130,7 +130,7 @@ stdenv.mkDerivation (finalAttrs: {
aws-sdk-cpp
howard-hinnant-date
boost
tbb_2021_11
tbb_2021
glew
geos
spdlog

60
pkgs/development/libraries/tbb/2020_3.nix → pkgs/by-name/tb/tbb_2020/package.nix
View File

@ -7,9 +7,9 @@
fixDarwinDylibNames,
}:
stdenv.mkDerivation rec {
stdenv.mkDerivation (finalAttrs: {
pname = "tbb";
version = "2020.3";
version = "2020.3.3";
outputs = [
"out"
@ -19,8 +19,8 @@ stdenv.mkDerivation rec {
src = fetchFromGitHub {
owner = "oneapi-src";
repo = "oneTBB";
rev = "v${version}";
sha256 = "prO2O5hd+Wz5iA0vfrqmyHFr0Ptzk64so5KpSpvuKmU=";
tag = "v${finalAttrs.version}";
hash = "sha256-pCZpQ+t7dDzuS4vhlfSVLwieI0iSQHukXb8Nk5kMMBo=";
};
patches = [
@ -36,14 +36,6 @@ stdenv.mkDerivation rec {
hash = "sha256-xp8J/il855VTFIKCN/bFtf+vif6HzcVl4t4/L9nW/xk=";
})
# Fixes build with upcoming gcc-13:
# https://github.com/oneapi-src/oneTBB/pull/833
(fetchpatch {
name = "gcc-13.patch";
url = "https://github.com/oneapi-src/oneTBB/pull/833/commits/c18342ba667d1f33f5e9a773aa86b091a9694b97.patch";
hash = "sha256-LWgf7Rm6Zp4TJdvMqnAkoAebbVS+WV2kB+4iY6jRka4=";
})
# Fixes build for aarch64-darwin
(fetchpatch {
name = "aarch64-darwin.patch";
@ -91,29 +83,27 @@ stdenv.mkDerivation rec {
runHook postInstall
'';
postInstall =
let
pcTemplate = fetchurl {
url = "https://github.com/oneapi-src/oneTBB/raw/478de5b1887c928e52f029d706af6ea640a877be/integration/pkg-config/tbb.pc.in";
sha256 = "2pCad9txSpNbzac0vp/VY3x7HNySaYkbH3Rx8LK53pI=";
};
in
''
# Generate pkg-config file based on upstream template.
# It should not be necessary with tbb after 2021.2.
mkdir -p "$out/lib/pkgconfig"
substitute "${pcTemplate}" "$out/lib/pkgconfig/tbb.pc" \
--subst-var-by CMAKE_INSTALL_PREFIX "$out" \
--subst-var-by CMAKE_INSTALL_LIBDIR "lib" \
--subst-var-by CMAKE_INSTALL_INCLUDEDIR "include" \
--subst-var-by TBB_VERSION "${version}" \
--subst-var-by TBB_LIB_NAME "tbb"
'';
pcTemplate = fetchurl {
url = "https://github.com/oneapi-src/oneTBB/raw/478de5b1887c928e52f029d706af6ea640a877be/integration/pkg-config/tbb.pc.in";
hash = "sha256-2pCad9txSpNbzac0vp/VY3x7HNySaYkbH3Rx8LK53pI=";
};
meta = with lib; {
postInstall = ''
# Generate pkg-config file based on upstream template.
# It should not be necessary with tbb after 2021.2.
mkdir -p "$out/lib/pkgconfig"
substitute "${finalAttrs.pcTemplate}" "$out/lib/pkgconfig/tbb.pc" \
--subst-var-by CMAKE_INSTALL_PREFIX "$out" \
--subst-var-by CMAKE_INSTALL_LIBDIR "lib" \
--subst-var-by CMAKE_INSTALL_INCLUDEDIR "include" \
--subst-var-by TBB_VERSION "${finalAttrs.version}" \
--subst-var-by TBB_LIB_NAME "tbb"
'';
meta = {
description = "Intel Thread Building Blocks C++ Library";
homepage = "http://threadingbuildingblocks.org/";
license = licenses.asl20;
license = lib.licenses.asl20;
longDescription = ''
Intel Threading Building Blocks offers a rich and complete approach to
expressing parallelism in a C++ program. It is a library that helps you
@ -122,11 +112,11 @@ stdenv.mkDerivation rec {
represents a higher-level, task-based parallelism that abstracts platform
details and threading mechanisms for scalability and performance.
'';
platforms = platforms.unix;
maintainers = with maintainers; [
platforms = lib.platforms.unix;
maintainers = with lib.maintainers; [
silvanshade
thoughtpolice
tmarkus
];
};
}
})

35
pkgs/development/libraries/tbb/default.nix → pkgs/by-name/tb/tbb_2021/package.nix
View File

@ -7,9 +7,9 @@
ninja,
}:
stdenv.mkDerivation rec {
stdenv.mkDerivation (finalAttrs: {
pname = "tbb";
version = "2021.11.0";
version = "2021.13.0";
outputs = [
"out"
@ -19,8 +19,8 @@ stdenv.mkDerivation rec {
src = fetchFromGitHub {
owner = "oneapi-src";
repo = "oneTBB";
rev = "v${version}";
hash = "sha256-zGZHMtAUVzBKFbCshpepm3ce3tW6wQ+F30kYYXAQ/TE=";
tag = "v${finalAttrs.version}";
hash = "sha256-ZoUzY71SweVQ8/1k09MNSXiEqab6Ae+QTbxORnar9JU=";
};
nativeBuildInputs = [
@ -34,29 +34,12 @@ stdenv.mkDerivation rec {
url = "https://patch-diff.githubusercontent.com/raw/oneapi-src/oneTBB/pull/899.patch";
hash = "sha256-kU6RRX+sde0NrQMKlNtW3jXav6J4QiVIUmD50asmBPU=";
})
(fetchpatch {
name = "fix-tbb-mingw-compile.patch";
url = "https://patch-diff.githubusercontent.com/raw/oneapi-src/oneTBB/pull/1361.patch";
hash = "sha256-jVa4HQetZv0vImdv549MyTy6/8t9dy8m6YAmjPGNQ18=";
})
(fetchpatch {
name = "fix-tbb-mingw-link.patch";
url = "https://patch-diff.githubusercontent.com/raw/oneapi-src/oneTBB/pull/1193.patch";
hash = "sha256-ZQbwUmuIZoGVBof8QNR3V8vU385e2X7EvU3+Fbj4+M8=";
})
# Fix tests on FreeBSD and Windows
(fetchpatch {
name = "fix-tbb-freebsd-and-windows-tests.patch";
url = "https://patch-diff.githubusercontent.com/raw/uxlfoundation/oneTBB/pull/1696.patch";
hash = "sha256-yjX2FkOK8bz29a/XSA7qXgQw9lxzx8VIgEBREW32NN4=";
})
# Fix Threads::Threads target for static from https://github.com/oneapi-src/oneTBB/pull/1248
# This is a conflict-resolved cherry-pick of the above PR to due to formatting differences.
(fetchpatch {
name = "fix-cmake-threads-threads-target-for-static.patch";
url = "https://patch-diff.githubusercontent.com/raw/uxlfoundation/oneTBB/pull/1248.patch";
hash = "sha256-3WKzxU93vxuy7NgW+ap+ocZz5Q5utZ/pK7+FQExzLLA=";
})
];
patchFlags = [
@ -93,10 +76,10 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true;
meta = with lib; {
meta = {
description = "Intel Thread Building Blocks C++ Library";
homepage = "http://threadingbuildingblocks.org/";
license = licenses.asl20;
license = lib.licenses.asl20;
longDescription = ''
Intel Threading Building Blocks offers a rich and complete approach to
expressing parallelism in a C++ program. It is a library that helps you
@ -105,11 +88,11 @@ stdenv.mkDerivation rec {
represents a higher-level, task-based parallelism that abstracts platform
details and threading mechanisms for scalability and performance.
'';
platforms = platforms.unix ++ platforms.windows;
maintainers = with maintainers; [
platforms = lib.platforms.all;
maintainers = with lib.maintainers; [
silvanshade
thoughtpolice
tmarkus
];
};
}
})

18
pkgs/development/libraries/tbb/2022_0.nix → pkgs/by-name/tb/tbb_2022/package.nix
View File

@ -7,9 +7,9 @@
ninja,
}:
stdenv.mkDerivation rec {
stdenv.mkDerivation (finalAttrs: {
pname = "tbb";
version = "2022.0.0";
version = "2022.1.0";
outputs = [
"out"
@ -19,8 +19,8 @@ stdenv.mkDerivation rec {
src = fetchFromGitHub {
owner = "oneapi-src";
repo = "oneTBB";
tag = "v${version}";
hash = "sha256-XOlC1+rf65oEGKDba9N561NuFo1YJhn3Q1CTGtvkn7A=";
tag = "v${finalAttrs.version}";
hash = "sha256-DqJkNlC94cPJSXnhyFcEqWYGCQPunMfIfb05UcFGynw=";
};
nativeBuildInputs = [
@ -71,10 +71,10 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true;
meta = with lib; {
meta = {
description = "Intel Thread Building Blocks C++ Library";
homepage = "http://threadingbuildingblocks.org/";
license = licenses.asl20;
license = lib.licenses.asl20;
longDescription = ''
Intel Threading Building Blocks offers a rich and complete approach to
expressing parallelism in a C++ program. It is a library that helps you
@ -83,11 +83,11 @@ stdenv.mkDerivation rec {
represents a higher-level, task-based parallelism that abstracts platform
details and threading mechanisms for scalability and performance.
'';
platforms = platforms.unix ++ platforms.windows;
maintainers = with maintainers; [
platforms = lib.platforms.all;
maintainers = with lib.maintainers; [
silvanshade
thoughtpolice
tmarkus
];
};
}
})

5
pkgs/by-name/te/tempo/package.nix
View File

@ -7,14 +7,14 @@
buildGoModule rec {
pname = "tempo";
version = "2.7.2";
version = "2.8.1";
src = fetchFromGitHub {
owner = "grafana";
repo = "tempo";
rev = "v${version}";
fetchSubmodules = true;
hash = "sha256-JBbECknhqYKzFlxAOVinuUCf/2xuUdh2ryK9c35YZ9o=";
hash = "sha256-RzDOx2ZyA0ZntFD1ryfipsgPsxVmsdOusZ37RCnQQnM=";
};
vendorHash = null;
@ -22,7 +22,6 @@ buildGoModule rec {
subPackages = [
"cmd/tempo-cli"
"cmd/tempo-query"
"cmd/tempo-serverless"
"cmd/tempo-vulture"
"cmd/tempo"
];

4
pkgs/by-name/ti/tiledb/package.nix
View File

@ -8,7 +8,7 @@
bzip2,
zstd,
spdlog,
tbb_2022_0,
tbb_2022,
openssl,
boost,
libpqxx,
@ -32,7 +32,7 @@ let
cp -r ${rapidcheck.dev}/* $out
'';
catch2 = catch2_3;
tbb = tbb_2022_0;
tbb = tbb_2022;
in
stdenv.mkDerivation rec {
pname = "tiledb";

9
pkgs/by-name/tl/tlsrpt-reporter/package.nix
View File

@ -5,6 +5,7 @@
installShellFiles,
python3,
fetchFromGitHub,
fetchpatch,
nixosTests,
}:
@ -25,6 +26,14 @@ python3.pkgs.buildPythonApplication rec {
hash = "sha256-IH8hJX9l+YonqOuszcMome4mjdIaedgGNIptxTyH1ng=";
};
patches = [
(fetchpatch {
# https://github.com/sys4/tlsrpt-reporter/issues/43
url = "https://github.com/sys4/tlsrpt-reporter/commit/32d00c13508dd7f9695b77e253e88c88dc838fbd.patch";
hash = "sha256-RUNF86RkTu6DLv6/7eaY//fFB8kGzmZxQ70kdNpLxj8=";
})
];
nativeBuildInputs = [
asciidoctor
automake

4
pkgs/by-name/ue/ueberzugpp/package.nix
View File

@ -7,7 +7,7 @@
openssl,
zeromq,
cppzmq,
tbb_2021_11,
tbb_2021,
spdlog,
libsodium,
fmt,
@ -57,7 +57,7 @@ stdenv.mkDerivation rec {
openssl
zeromq
cppzmq
tbb_2021_11
tbb_2021
spdlog
libsodium
fmt

14
pkgs/by-name/vl/vlang/package.nix
View File

@ -13,7 +13,7 @@
}:
let
version = "0.4.8";
version = "0.4.11";
ptraceSubstitution = ''
#include <sys/types.h>
#include <sys/ptrace.h>
@ -22,12 +22,12 @@ let
# So we fix its rev to correspond to the V version.
vc = stdenv.mkDerivation {
pname = "v.c";
version = "0.4.8";
version = "0.4.11";
src = fetchFromGitHub {
owner = "vlang";
repo = "vc";
rev = "54beb1f416b404a06b894e6883a0e2368d80bc3e";
hash = "sha256-hofganRnWPRCjjsItwF2BKam4dCqzMCrjgWSjZLSrlo=";
rev = "a17f1105aa18b604ed8dac8fa5ca9424362c6e15";
hash = "sha256-DAsVr1wtRfGbKO74Vfq7ejci+zQabSWeir8njbHYV3o=";
};
# patch the ptrace reference for darwin
@ -45,8 +45,8 @@ let
markdown = fetchFromGitHub {
owner = "vlang";
repo = "markdown";
rev = "0c280130cb7ec410b7d21810d1247956c15b72fc";
hash = "sha256-Fmhkrg9DBiWxInostNp+WfA3V5GgEIs5+KIYrqZosqY=";
rev = "5a1c9d82669e765493abe19488eaef0252c97dac";
hash = "sha256-d/HGVYbbMv7cmF3I4LzD6N0gXSd8CJlPp0la3nPe1dw=";
};
boehmgcStatic = boehmgc.override {
enableStatic = true;
@ -60,7 +60,7 @@ stdenv.mkDerivation {
owner = "vlang";
repo = "v";
rev = version;
hash = "sha256-V4f14TcuKW8unzlo6i/tE6MzSb3HAll478OU2LxiTPQ=";
hash = "sha256-K5B/fjdCYLE14LPg3ccS+sGC8CS7jZiuuxYkHvljGFA=";
};
propagatedBuildInputs = [

18
pkgs/by-name/wo/wofi-power-menu/package.nix
View File

@ -6,23 +6,31 @@
wofi,
versionCheckHook,
nix-update-script,
yq,
}:
rustPlatform.buildRustPackage (finalAttrs: {
pname = "wofi-power-menu";
version = "0.2.6";
version = "0.2.7";
src = fetchFromGitHub {
owner = "szaffarano";
repo = "wofi-power-menu";
tag = "v${finalAttrs.version}";
hash = "sha256-UDDDtI6wnx64KG+1/S6bYTc1xi1vOFuZOmRCLK2Yzew=";
hash = "sha256-WPTK9izFU8xZ5YVFuEGO5EoOzgpXWXQnGgeNYjnb/zA=";
};
useFetchCargoVendor = true;
cargoHash = "sha256-rlEjktBGBrOqG82PA7LSiXo0iyEPpeWgLix/sVd/dTM=";
postPatch = ''
tomlq -ti '.package.version = "0.2.7"' Cargo.toml
'';
nativeBuildInputs = [ makeWrapper ];
useFetchCargoVendor = true;
cargoHash = "sha256-oJd2ymNkNSGUD3cQ+bEHooAJQNeSarkIHWvGNXezwrM=";
nativeBuildInputs = [
makeWrapper
yq # for `tomlq`
];
postInstall = ''
wrapProgram $out/bin/wofi-power-menu \

6
pkgs/by-name/ze/zed-editor/package.nix
View File

@ -99,7 +99,7 @@ let
in
rustPlatform.buildRustPackage (finalAttrs: {
pname = "zed-editor";
version = "0.191.5";
version = "0.191.6";
outputs =
[ "out" ]
@ -111,7 +111,7 @@ rustPlatform.buildRustPackage (finalAttrs: {
owner = "zed-industries";
repo = "zed";
tag = "v${finalAttrs.version}";
hash = "sha256-RPUNWnkJfuI97z8IzBZ5L8Vjjk9mwzPd2ZgMZwgp3FU=";
hash = "sha256-GQzAXjOvtjbkBgBkX9Xp6mn3uP5wXStpsaC6rQMwTvs=";
};
patches = [
@ -138,7 +138,7 @@ rustPlatform.buildRustPackage (finalAttrs: {
'';
useFetchCargoVendor = true;
cargoHash = "sha256-vl/6WE7XdkkcddrBxPF5tZJibPGGq6g6gTTXiFloKEw=";
cargoHash = "sha256-ZDL9arQpYsMzQrIHNejkBcsBNlKeSPOU+Ev0nsa9yIE=";
nativeBuildInputs =
[

48
pkgs/desktops/xfce/applications/xfburn/default.nix
View File

@ -1,7 +1,14 @@
{
mkXfceDerivation,
stdenv,
lib,
fetchFromGitLab,
docbook_xsl,
glib,
libxslt,
meson,
ninja,
pkg-config,
wrapGAppsHook3,
exo,
gst_all_1,
gtk3,
@ -9,24 +16,37 @@
libgudev,
libisofs,
libxfce4ui,
libxslt,
libxfce4util,
gitUpdater,
}:
mkXfceDerivation {
category = "apps";
stdenv.mkDerivation (finalAttrs: {
pname = "xfburn";
version = "0.7.2";
odd-unstable = false;
version = "0.8.0";
sha256 = "sha256-eJ+MxNdJiDTLW4GhrwgQIyFuOSTWsF34Oet9HJAtIqI=";
src = fetchFromGitLab {
domain = "gitlab.xfce.org";
owner = "apps";
repo = "xfburn";
tag = "xfburn-${finalAttrs.version}";
hash = "sha256-10MjUxy1Ul6CVLdEWFnjppgsI4fAUWqkT2azJBzp0/Q=";
};
strictDeps = true;
nativeBuildInputs = [
libxslt
docbook_xsl
glib # glib-genmarshal
libxslt # xsltproc
meson
ninja
pkg-config
wrapGAppsHook3
];
buildInputs = [
exo
glib
gst_all_1.gstreamer
gst_all_1.gst-plugins-base
gtk3
@ -34,11 +54,17 @@ mkXfceDerivation {
libgudev
libisofs
libxfce4ui
libxfce4util
];
meta = with lib; {
passthru.updateScript = gitUpdater { rev-prefix = "xfburn-"; };
meta = {
description = "Disc burner and project creator for Xfce";
homepage = "https://gitlab.xfce.org/apps/xfburn";
license = lib.licenses.gpl2Plus;
mainProgram = "xfburn";
teams = [ teams.xfce ];
teams = [ lib.teams.xfce ];
platforms = lib.platforms.linux;
};
}
})

7
pkgs/development/libraries/apr/default.nix
View File

@ -6,12 +6,12 @@
autoreconfHook,
}:
stdenv.mkDerivation (finalAttrs: {
stdenv.mkDerivation rec {
pname = "apr";
version = "1.7.6";
src = fetchurl {
url = "mirror://apache/apr/apr-${finalAttrs.version}.tar.bz2";
url = "mirror://apache/apr/${pname}-${version}.tar.bz2";
hash = "sha256-SQMNktJXXac1eRtJbcMi885c/5SUd5uozCjH9Gxd6zI=";
};
@ -29,7 +29,6 @@ stdenv.mkDerivation (finalAttrs: {
"dev"
];
outputBin = "dev";
passthru.bin = finalAttrs.finalPackage.${finalAttrs.outputBin}; # fixes lib.getExe
preConfigure = ''
configureFlagsArray+=("--with-installbuilddir=$dev/share/build")
@ -83,4 +82,4 @@ stdenv.mkDerivation (finalAttrs: {
license = licenses.asl20;
maintainers = [ ];
};
})
}

8
pkgs/development/libraries/embree/2.x.nix
View File

@ -5,7 +5,7 @@
cmake,
pkg-config,
ispc,
tbb_2020_3,
tbb_2020,
glfw,
openimageio_2,
libjpeg,
@ -35,8 +35,8 @@ stdenv.mkDerivation (finalAttrs: {
];
buildInputs = [
ispc
# tbb_2021_0 is not backward compatible
tbb_2020_3
# tbb_2021 is not backward compatible
tbb_2020
glfw
openimageio_2
libjpeg
@ -52,7 +52,7 @@ stdenv.mkDerivation (finalAttrs: {
"v(2.*)"
];
};
tbb = tbb_2020_3;
tbb = tbb_2020;
tests = {
inherit (python3Packages) embreex;
};

Some files were not shown because too many files have changed in this diff Show More