diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 86c64f192c6d..a769a95de428 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -36,7 +36,7 @@ jobs: permission-pull-requests: write permission-workflows: write - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: ref: ${{ github.event.pull_request.head.sha }} token: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/bot.yml b/.github/workflows/bot.yml index 96fda87479d0..17ad49c55151 100644 --- a/.github/workflows/bot.yml +++ b/.github/workflows/bot.yml @@ -46,7 +46,7 @@ jobs: # https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/ FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true" steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false sparse-checkout: | diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ca662723c5d1..b5a9e5c05687 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -52,7 +52,7 @@ jobs: runs-on: ${{ matrix.runner }} timeout-minutes: 60 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false sparse-checkout: .github/actions diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index f7cb916cca51..4ca2db65c165 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -43,7 +43,7 @@ jobs: runs-on: ubuntu-slim timeout-minutes: 3 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false path: trusted @@ -95,7 +95,7 @@ jobs: runs-on: ubuntu-slim timeout-minutes: 3 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false path: trusted @@ -137,7 +137,7 @@ jobs: runs-on: ubuntu-24.04-arm timeout-minutes: 5 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false sparse-checkout: .github/actions diff --git a/.github/workflows/comment.yml b/.github/workflows/comment.yml index 9b02309b6e84..98006f23b4d0 100644 --- a/.github/workflows/comment.yml +++ b/.github/workflows/comment.yml @@ -23,7 +23,7 @@ jobs: timeout-minutes: 2 if: contains(github.event.comment.body, '@NixOS/nixpkgs-merge-bot merge') steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false sparse-checkout: | diff --git a/.github/workflows/eval.yml b/.github/workflows/eval.yml index f1f2716b66c0..dd2ea029dcd6 100644 --- a/.github/workflows/eval.yml +++ b/.github/workflows/eval.yml @@ -47,7 +47,7 @@ jobs: ciPinBumpCommit: ${{ steps.find-pinned-commit.outputs.ciPinBumpCommit }} ciPinBumpCommitShort: ${{ steps.find-pinned-commit.outputs.ciPinBumpCommitShort }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false path: trusted @@ -55,7 +55,7 @@ jobs: ci/supportedVersions.nix - name: Check out the PR at the test merge commit - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false ref: ${{ inputs.mergedSha }} @@ -171,7 +171,7 @@ jobs: sudo mkswap /swap sudo swapon /swap - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false sparse-checkout: .github/actions @@ -256,7 +256,7 @@ jobs: statuses: write # creating 'Eval Summary' commit statuses timeout-minutes: 5 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false sparse-checkout: .github/actions @@ -471,7 +471,7 @@ jobs: runs-on: ubuntu-24.04-arm timeout-minutes: 10 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false sparse-checkout: .github/actions diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 2f06dbba1108..0e0fcfc30d22 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-24.04-arm timeout-minutes: 10 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false sparse-checkout: .github/actions @@ -61,7 +61,7 @@ jobs: runs-on: ubuntu-24.04-arm timeout-minutes: 10 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false sparse-checkout: .github/actions @@ -90,7 +90,7 @@ jobs: runs-on: ubuntu-24.04-arm timeout-minutes: 10 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false sparse-checkout: .github/actions @@ -134,7 +134,7 @@ jobs: runs-on: ubuntu-slim timeout-minutes: 5 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: true # Needed to run git fetch for large PRs. path: trusted diff --git a/.github/workflows/merge-group.yml b/.github/workflows/merge-group.yml index 6fcbbe4def72..6ff67aefae60 100644 --- a/.github/workflows/merge-group.yml +++ b/.github/workflows/merge-group.yml @@ -25,7 +25,7 @@ jobs: targetSha: ${{ steps.prepare.outputs.targetSha }} systems: ${{ steps.prepare.outputs.systems }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false sparse-checkout: | diff --git a/.github/workflows/periodic-merge.yml b/.github/workflows/periodic-merge.yml index 3396816060c3..ae25a611c9fc 100644 --- a/.github/workflows/periodic-merge.yml +++ b/.github/workflows/periodic-merge.yml @@ -34,7 +34,7 @@ jobs: permission-contents: write permission-pull-requests: write - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false diff --git a/.github/workflows/pull-request-target.yml b/.github/workflows/pull-request-target.yml index bff2dc88c72f..8edde367c13b 100644 --- a/.github/workflows/pull-request-target.yml +++ b/.github/workflows/pull-request-target.yml @@ -36,7 +36,7 @@ jobs: systems: ${{ steps.prepare.outputs.systems }} touched: ${{ steps.prepare.outputs.touched }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false sparse-checkout-cone-mode: true # default, for clarity diff --git a/.github/workflows/review.yml b/.github/workflows/review.yml index c9400e770045..3d412b7fd978 100644 --- a/.github/workflows/review.yml +++ b/.github/workflows/review.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-slim timeout-minutes: 2 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false sparse-checkout: | diff --git a/.github/workflows/teams.yml b/.github/workflows/teams.yml index 4617b9df5b56..75abc601086b 100644 --- a/.github/workflows/teams.yml +++ b/.github/workflows/teams.yml @@ -30,7 +30,7 @@ jobs: permission-pull-requests: write - name: Fetch source - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false sparse-checkout: | diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2984da76fccf..2aeebf59968e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -19,7 +19,7 @@ jobs: push: ${{ steps.files.outputs.push }} targetSha: ${{ steps.prepare.outputs.targetSha }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false sparse-checkout-cone-mode: true # default, for clarity diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index f280ff071397..8beee3864c76 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -939,7 +939,7 @@ in lomiri-system-settings = runTest ./lomiri-system-settings.nix; lorri = handleTest ./lorri/default.nix { }; luks = runTest ./luks.nix; - lvm2 = handleTest ./lvm2 { }; + lvm2 = import ./lvm2 { inherit pkgs runTest; }; lxc = runTestOn [ "x86_64-linux" "aarch64-linux" ] ./lxc; lxd-image-server = runTest ./lxd-image-server.nix; lxqt = runTest ./lxqt.nix; @@ -1845,7 +1845,7 @@ in zammad = runTest ./zammad.nix; zenohd = runTest ./zenohd.nix; zeronet-conservancy = runTest ./zeronet-conservancy.nix; - zfs = handleTest ./zfs.nix { }; + zfs = import ./zfs.nix { inherit system pkgs runTest; }; zigbee2mqtt = runTest ./zigbee2mqtt.nix; zipline = runTest ./zipline.nix; zoneminder = runTest ./zoneminder.nix; diff --git a/nixos/tests/chhoto-url.nix b/nixos/tests/chhoto-url.nix index 01572b3c3216..a2f443e9b0da 100644 --- a/nixos/tests/chhoto-url.nix +++ b/nixos/tests/chhoto-url.nix @@ -38,7 +38,7 @@ resp = json.loads(machine.succeed("curl localhost:8000/api/getconfig")) assert resp["success"] is False - assert resp["reason"] == "No valid authentication was found" + assert resp["reason"] == "No valid authentication." resp = json.loads(machine.succeed("curl -H 'X-API-Key: api_key' localhost:8000/api/getconfig")) expected_version = "${config.nodes.machine.services.chhoto-url.package.version}" diff --git a/nixos/tests/initrd-luks-empty-passphrase.nix b/nixos/tests/initrd-luks-empty-passphrase.nix index 56a92a827ff4..2153e2dfab55 100644 --- a/nixos/tests/initrd-luks-empty-passphrase.nix +++ b/nixos/tests/initrd-luks-empty-passphrase.nix @@ -61,47 +61,63 @@ in }; }; - testScript = '' - # Encrypt key with empty key so boot should try keyfile and then fallback to empty passphrase + testScript = + { nodes, ... }: + let + toplevel = nodes.machine.system.build.toplevel; + boot-luks-missing-keyfile = + nodes.machine.specialisation.boot-luks-missing-keyfile.configuration.system.build.toplevel; + boot-luks-wrong-keyfile = + nodes.machine.specialisation.boot-luks-wrong-keyfile.configuration.system.build.toplevel; + in + # python + '' + # Encrypt key with empty key so boot should try keyfile and then fallback to empty passphrase - def grub_select_boot_luks_wrong_key_file(): - """ - Selects "boot-luks" from the GRUB menu - to trigger a login request. - """ - machine.send_monitor_command("sendkey down") - machine.send_monitor_command("sendkey down") - machine.send_monitor_command("sendkey ret") + def grub_select_boot_luks_wrong_key_file(): + """ + Selects "boot-luks" from the GRUB menu + to trigger a login request. + """ + machine.send_monitor_command("sendkey down") + machine.send_monitor_command("sendkey down") + machine.send_monitor_command("sendkey ret") - def grub_select_boot_luks_missing_key_file(): - """ - Selects "boot-luks" from the GRUB menu - to trigger a login request. - """ - machine.send_monitor_command("sendkey down") - machine.send_monitor_command("sendkey ret") + def grub_select_boot_luks_missing_key_file(): + """ + Selects "boot-luks" from the GRUB menu + to trigger a login request. + """ + machine.send_monitor_command("sendkey down") + machine.send_monitor_command("sendkey ret") - # Create encrypted volume - machine.wait_for_unit("multi-user.target") - machine.succeed("echo "" | cryptsetup luksFormat /dev/vdb --batch-mode") - machine.succeed("echo "" | cryptsetup luksOpen /dev/vdb cryptroot") - machine.succeed("mkfs.ext4 /dev/mapper/cryptroot") - machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks-wrong-keyfile.conf") - machine.succeed("sync") - machine.crash() + # Create encrypted volume + machine.wait_for_unit("multi-user.target") + machine.succeed("echo "" | cryptsetup luksFormat /dev/vdb --batch-mode") + machine.succeed("echo "" | cryptsetup luksOpen /dev/vdb cryptroot") + machine.succeed("mkfs.ext4 /dev/mapper/cryptroot") + machine.succeed("${boot-luks-wrong-keyfile}/bin/switch-to-configuration boot") + machine.succeed("sync") + machine.crash() - # Check if rootfs is on /dev/mapper/cryptroot - machine.wait_for_unit("multi-user.target") - assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount") + # Check if rootfs is on /dev/mapper/cryptroot + machine.wait_for_unit("multi-user.target") + assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount") - # Choose boot-luks-missing-keyfile specialisation - machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks-missing-keyfile.conf") - machine.succeed("sync") - machine.crash() + # Choose boot-luks-missing-keyfile specialisation + machine.succeed( + "mkdir -p /nix/var/nix/profiles", + "ln -sfn ${toplevel} /nix/var/nix/profiles/system-1-link", + "ln -sfn system-1-link /nix/var/nix/profiles/system", + ) - # Check if rootfs is on /dev/mapper/cryptroot - machine.wait_for_unit("multi-user.target") - assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount") - ''; + machine.succeed("${boot-luks-missing-keyfile}/bin/switch-to-configuration boot") + machine.succeed("sync") + machine.crash() + + # Check if rootfs is on /dev/mapper/cryptroot + machine.wait_for_unit("multi-user.target") + assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount") + ''; } diff --git a/nixos/tests/luks.nix b/nixos/tests/luks.nix index db2672eefdc0..08f465c006d1 100644 --- a/nixos/tests/luks.nix +++ b/nixos/tests/luks.nix @@ -1,6 +1,6 @@ # Tests LUKS specifically with scripted stage 1. Remove in 26.11. -{ lib, pkgs, ... }: +{ lib, ... }: { name = "luks"; @@ -47,41 +47,59 @@ enableOCR = true; - testScript = '' - # Create encrypted volume - machine.wait_for_unit("multi-user.target") - machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -") - machine.succeed("echo -n supersecret | cryptsetup luksOpen -q /dev/vdb cryptroot") - machine.succeed("mkfs.ext4 /dev/mapper/cryptroot") + testScript = + { nodes, ... }: + let + toplevel = nodes.machine.system.build.toplevel; + boot-luks = nodes.machine.specialisation.boot-luks.configuration.system.build.toplevel; + boot-luks-custom-keymap = + nodes.machine.specialisation.boot-luks-custom-keymap.configuration.system.build.toplevel; + in + # python + '' + # Create encrypted volume + machine.wait_for_unit("multi-user.target") + machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -") + machine.succeed("echo -n supersecret | cryptsetup luksOpen -q /dev/vdb cryptroot") + machine.succeed("mkfs.ext4 /dev/mapper/cryptroot") - machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdc -") - machine.succeed("echo -n supersecret | cryptsetup luksOpen -q /dev/vdc cryptroot2") - machine.succeed("mkfs.ext4 /dev/mapper/cryptroot2") + machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdc -") + machine.succeed("echo -n supersecret | cryptsetup luksOpen -q /dev/vdc cryptroot2") + machine.succeed("mkfs.ext4 /dev/mapper/cryptroot2") - # Boot from the encrypted disk - machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf") - machine.succeed("sync") - machine.crash() + # Boot from the encrypted disk + machine.succeed("${boot-luks}/bin/switch-to-configuration boot") + machine.succeed("sync") + machine.crash() - # Boot and decrypt the disk - machine.start() - machine.wait_for_text("Passphrase for") - machine.send_chars("supersecret\n") - machine.wait_for_unit("multi-user.target") + # Boot and decrypt the disk + machine.start() + machine.wait_for_text("Passphrase for") + machine.send_chars("supersecret\n") + machine.wait_for_unit("multi-user.target") - assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount") + assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount") - # Boot from the encrypted disk with custom keymap - machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks-custom-keymap.conf") - machine.succeed("sync") - machine.crash() + # The new root is empty, so it has no /nix/var/nix/profiles. Without a + # system profile, systemd-boot-builder finds zero generations and + # bails. So we manually create the one profile link that we need. + machine.succeed( + "mkdir -p /nix/var/nix/profiles", + "ln -sfn ${toplevel} /nix/var/nix/profiles/system-1-link", + "ln -sfn system-1-link /nix/var/nix/profiles/system", + ) - # Boot and decrypt the disk - machine.start() - machine.wait_for_text("Passphrase for") - machine.send_chars("havfkhfrkfl\n") - machine.wait_for_unit("multi-user.target") + # Boot from the encrypted disk with custom keymap + machine.succeed("${boot-luks-custom-keymap}/bin/switch-to-configuration boot") + machine.succeed("sync") + machine.crash() - assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount") - ''; + # Boot and decrypt the disk + machine.start() + machine.wait_for_text("Passphrase for") + machine.send_chars("havfkhfrkfl\n") + machine.wait_for_unit("multi-user.target") + + assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount") + ''; } diff --git a/nixos/tests/lvm2/default.nix b/nixos/tests/lvm2/default.nix index dfdd3ae6a9a2..55e12bb39aef 100644 --- a/nixos/tests/lvm2/default.nix +++ b/nixos/tests/lvm2/default.nix @@ -1,8 +1,6 @@ { - system ? builtins.currentSystem, - config ? { }, - pkgs ? import ../../.. { inherit system config; }, - lib ? pkgs.lib, + pkgs, + runTest, kernelVersionsToTest ? [ "5.10" "5.15" @@ -15,38 +13,36 @@ # For quickly running a test, the nixosTests.lvm2.lvm-thinpool-linux-latest attribute is recommended let - tests = - let - callTest = p: lib.flip (import p) { inherit system pkgs; }; - in - { - thinpool = { - test = callTest ./thinpool.nix; - kernelFilter = lib.id; - }; - # we would like to test all versions, but the kernel module currently does not compile against the other versions - vdo = { - test = callTest ./vdo.nix; - kernelFilter = lib.filter (v: v == "latest"); - }; + inherit (pkgs) lib; - # systemd in stage 1 - raid-sd-stage-1 = { - test = callTest ./systemd-stage-1.nix; - kernelFilter = lib.filter (v: v != "5.15"); - flavour = "raid"; - }; - thinpool-sd-stage-1 = { - test = callTest ./systemd-stage-1.nix; - kernelFilter = lib.id; - flavour = "thinpool"; - }; - vdo-sd-stage-1 = { - test = callTest ./systemd-stage-1.nix; - kernelFilter = lib.filter (v: v == "latest"); - flavour = "vdo"; - }; + tests = { + thinpool = { + test = ./thinpool.nix; + kernelFilter = lib.id; }; + # we would like to test all versions, but the kernel module currently does not compile against the other versions + vdo = { + test = ./vdo.nix; + kernelFilter = lib.filter (v: v == "latest"); + }; + + # systemd in stage 1 + raid-sd-stage-1 = { + test = ./systemd-stage-1.nix; + kernelFilter = lib.filter (v: v != "5.15"); + flavour = "raid"; + }; + thinpool-sd-stage-1 = { + test = ./systemd-stage-1.nix; + kernelFilter = lib.id; + flavour = "thinpool"; + }; + vdo-sd-stage-1 = { + test = ./systemd-stage-1.nix; + kernelFilter = lib.filter (v: v == "latest"); + flavour = "vdo"; + }; + }; in lib.listToAttrs ( lib.filter (x: x.value != { }) ( @@ -61,18 +57,17 @@ lib.listToAttrs ( lib.flip lib.mapAttrsToList tests ( name: t: lib.nameValuePair "lvm-${name}-linux-${v'}" ( - lib.optionalAttrs (builtins.elem version (t.kernelFilter kernelVersionsToTest)) ( - t.test ( - { - kernelPackages = pkgs."linuxPackages_${v'}"; - inherit mkXfsFlags; - } - // removeAttrs t [ - "test" - "kernelFilter" - ] - ) - ) + lib.optionalAttrs (builtins.elem version (t.kernelFilter kernelVersionsToTest)) (runTest { + imports = [ t.test ]; + _module.args = { + kernelPackages = pkgs."linuxPackages_${v'}"; + inherit mkXfsFlags; + } + // removeAttrs t [ + "test" + "kernelFilter" + ]; + }) ) ) ) diff --git a/nixos/tests/lvm2/systemd-stage-1.nix b/nixos/tests/lvm2/systemd-stage-1.nix index c6c68ae64c1c..c6aed70675e2 100644 --- a/nixos/tests/lvm2/systemd-stage-1.nix +++ b/nixos/tests/lvm2/systemd-stage-1.nix @@ -1,7 +1,9 @@ { + lib, kernelPackages ? null, flavour, mkXfsFlags ? "", + ... }: let preparationCode = @@ -66,57 +68,61 @@ let .${flavour}; in -import ../make-test-python.nix ( - { pkgs, lib, ... }: - { - name = "lvm2-${flavour}-systemd-stage-1"; - meta.maintainers = with lib.maintainers; [ - das_j - helsinki-Jo - ]; +{ + name = "lvm2-${flavour}-systemd-stage-1"; + meta.maintainers = with lib.maintainers; [ + das_j + helsinki-Jo + ]; - nodes.machine = - { pkgs, lib, ... }: - { - imports = [ extraConfig ]; - # Use systemd-boot - virtualisation = { - emptyDiskImages = [ - 8192 - 8192 - ]; - useBootLoader = true; - useEFIBoot = true; - # To boot off the LVM disk, we need to have a init script which comes from the Nix store. - mountHostNixStore = true; - }; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; + nodes.machine = + { pkgs, lib, ... }: + { + imports = [ extraConfig ]; + # Use systemd-boot + virtualisation = { + emptyDiskImages = [ + 8192 + 8192 + ]; + useBootLoader = true; + useEFIBoot = true; + # To boot off the LVM disk, we need to have a init script which comes from the Nix store. + mountHostNixStore = true; + }; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; - environment.systemPackages = with pkgs; [ xfsprogs ]; - boot = { - initrd.systemd = { - enable = true; - emergencyAccess = true; - }; - initrd.services.lvm.enable = true; - kernelPackages = lib.mkIf (kernelPackages != null) kernelPackages; - }; - - specialisation.boot-lvm.configuration.virtualisation = { - useDefaultFilesystems = false; - fileSystems = { - "/" = { - device = "/dev/test_vg/test_lv"; - fsType = "xfs"; - }; - }; - - rootDevice = "/dev/test_vg/test_lv"; + environment.systemPackages = with pkgs; [ xfsprogs ]; + boot = { + initrd.systemd = { + enable = true; + emergencyAccess = true; }; + initrd.services.lvm.enable = true; + kernelPackages = lib.mkIf (kernelPackages != null) kernelPackages; }; - testScript = '' + specialisation.boot-lvm.configuration.virtualisation = { + useDefaultFilesystems = false; + fileSystems = { + "/" = { + device = "/dev/test_vg/test_lv"; + fsType = "xfs"; + }; + }; + + rootDevice = "/dev/test_vg/test_lv"; + }; + }; + + testScript = + { nodes, ... }: + let + boot-lvm = nodes.machine.specialisation.boot-lvm.configuration.system.build.toplevel; + in + # python + '' machine.wait_for_unit("multi-user.target") # Create a VG for the root ${preparationCode} @@ -124,7 +130,7 @@ import ../make-test-python.nix ( machine.succeed("mkdir -p /mnt && mount /dev/test_vg/test_lv /mnt && echo hello > /mnt/test && umount /mnt") # Boot from LVM - machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-lvm.conf") + machine.succeed("${boot-lvm}/bin/switch-to-configuration boot") machine.succeed("sync") machine.crash() machine.wait_for_unit("multi-user.target") @@ -135,5 +141,4 @@ import ../make-test-python.nix ( assert "hello" in machine.succeed("cat /test") ${extraCheck} ''; - } -) +} diff --git a/nixos/tests/lvm2/thinpool.nix b/nixos/tests/lvm2/thinpool.nix index 8c7471d46f28..02d081f6b38c 100644 --- a/nixos/tests/lvm2/thinpool.nix +++ b/nixos/tests/lvm2/thinpool.nix @@ -1,49 +1,48 @@ { + lib, kernelPackages ? null, mkXfsFlags ? "", + ... }: -import ../make-test-python.nix ( - { pkgs, lib, ... }: - { - name = "lvm2-thinpool"; - meta.maintainers = with lib.maintainers; [ - das_j - helsinki-Jo - ]; +{ + name = "lvm2-thinpool"; + meta.maintainers = with lib.maintainers; [ + das_j + helsinki-Jo + ]; - nodes.machine = - { pkgs, lib, ... }: - { - virtualisation.emptyDiskImages = [ 4096 ]; - services.lvm = { - boot.thin.enable = true; - dmeventd.enable = true; - }; - environment.systemPackages = with pkgs; [ xfsprogs ]; - environment.etc."lvm/lvm.conf".text = '' - activation/thin_pool_autoextend_percent = 10 - activation/thin_pool_autoextend_threshold = 80 - ''; - boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; + nodes.machine = + { pkgs, lib, ... }: + { + virtualisation.emptyDiskImages = [ 4096 ]; + services.lvm = { + boot.thin.enable = true; + dmeventd.enable = true; }; - - testScript = - let - mkXfsFlags = - lib.optionalString (lib.versionOlder kernelPackages.kernel.version "5.10") " -m bigtime=0 -m inobtcount=0 " - + lib.optionalString (lib.versionOlder kernelPackages.kernel.version "5.19") " -i nrext64=0 "; - in - '' - machine.succeed("vgcreate test_vg /dev/vdb") - machine.succeed("lvcreate -L 512M -T test_vg/test_thin_pool") - machine.succeed("lvcreate -n test_lv -V 16G --thinpool test_thin_pool test_vg") - machine.succeed("mkfs.xfs ${mkXfsFlags} /dev/test_vg/test_lv") - machine.succeed("mkdir /mnt; mount /dev/test_vg/test_lv /mnt") - assert "/dev/mapper/test_vg-test_lv" == machine.succeed("findmnt -no SOURCE /mnt").strip() - machine.succeed("dd if=/dev/zero of=/mnt/empty.file bs=1M count=1024") - machine.succeed("journalctl -u dm-event.service | grep \"successfully resized\"") - machine.succeed("umount /mnt") - machine.succeed("vgchange -a n") + environment.systemPackages = with pkgs; [ xfsprogs ]; + environment.etc."lvm/lvm.conf".text = '' + activation/thin_pool_autoextend_percent = 10 + activation/thin_pool_autoextend_threshold = 80 ''; - } -) + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; + }; + + testScript = + let + mkXfsFlags = + lib.optionalString (lib.versionOlder kernelPackages.kernel.version "5.10") " -m bigtime=0 -m inobtcount=0 " + + lib.optionalString (lib.versionOlder kernelPackages.kernel.version "5.19") " -i nrext64=0 "; + in + '' + machine.succeed("vgcreate test_vg /dev/vdb") + machine.succeed("lvcreate -L 512M -T test_vg/test_thin_pool") + machine.succeed("lvcreate -n test_lv -V 16G --thinpool test_thin_pool test_vg") + machine.succeed("mkfs.xfs ${mkXfsFlags} /dev/test_vg/test_lv") + machine.succeed("mkdir /mnt; mount /dev/test_vg/test_lv /mnt") + assert "/dev/mapper/test_vg-test_lv" == machine.succeed("findmnt -no SOURCE /mnt").strip() + machine.succeed("dd if=/dev/zero of=/mnt/empty.file bs=1M count=1024") + machine.succeed("journalctl -u dm-event.service | grep \"successfully resized\"") + machine.succeed("umount /mnt") + machine.succeed("vgchange -a n") + ''; +} diff --git a/nixos/tests/lvm2/vdo.nix b/nixos/tests/lvm2/vdo.nix index ee65aa7d828f..94894f64377b 100644 --- a/nixos/tests/lvm2/vdo.nix +++ b/nixos/tests/lvm2/vdo.nix @@ -1,35 +1,34 @@ { + lib, kernelPackages ? null, mkXfsFlags ? "", + ... }: -import ../make-test-python.nix ( - { pkgs, lib, ... }: - { - name = "lvm2-vdo"; - meta.maintainers = [ ]; +{ + name = "lvm2-vdo"; + meta.maintainers = [ ]; - nodes.machine = - { pkgs, lib, ... }: - { - # Minimum required size for VDO volume: 5063921664 bytes - virtualisation.emptyDiskImages = [ 8192 ]; - services.lvm = { - boot.vdo.enable = true; - dmeventd.enable = true; - }; - environment.systemPackages = with pkgs; [ xfsprogs ]; - boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; + nodes.machine = + { pkgs, lib, ... }: + { + # Minimum required size for VDO volume: 5063921664 bytes + virtualisation.emptyDiskImages = [ 8192 ]; + services.lvm = { + boot.vdo.enable = true; + dmeventd.enable = true; }; + environment.systemPackages = with pkgs; [ xfsprogs ]; + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; + }; - testScript = '' - machine.succeed("vgcreate test_vg /dev/vdb") - machine.succeed("lvcreate --type vdo -n vdo_lv -L 6G -V 12G test_vg/vdo_pool_lv") - machine.succeed("mkfs.xfs ${mkXfsFlags} -K /dev/test_vg/vdo_lv") - machine.succeed("mkdir /mnt; mount /dev/test_vg/vdo_lv /mnt") - assert "/dev/mapper/test_vg-vdo_lv" == machine.succeed("findmnt -no SOURCE /mnt").strip() - machine.succeed("umount /mnt") - machine.succeed("vdostats") - machine.succeed("vgchange -a n") - ''; - } -) + testScript = '' + machine.succeed("vgcreate test_vg /dev/vdb") + machine.succeed("lvcreate --type vdo -n vdo_lv -L 6G -V 12G test_vg/vdo_pool_lv") + machine.succeed("mkfs.xfs ${mkXfsFlags} -K /dev/test_vg/vdo_lv") + machine.succeed("mkdir /mnt; mount /dev/test_vg/vdo_lv /mnt") + assert "/dev/mapper/test_vg-vdo_lv" == machine.succeed("findmnt -no SOURCE /mnt").strip() + machine.succeed("umount /mnt") + machine.succeed("vdostats") + machine.succeed("vgchange -a n") + ''; +} diff --git a/nixos/tests/systemd-initrd-btrfs-raid.nix b/nixos/tests/systemd-initrd-btrfs-raid.nix index 1aa21fc326cd..05caa522b0d7 100644 --- a/nixos/tests/systemd-initrd-btrfs-raid.nix +++ b/nixos/tests/systemd-initrd-btrfs-raid.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, ... }: +{ lib, ... }: { name = "systemd-initrd-btrfs-raid"; @@ -33,21 +33,27 @@ }; }; - testScript = '' - # Create RAID - machine.succeed("mkfs.btrfs -d raid0 /dev/vdb /dev/vdc") - machine.succeed("mkdir -p /mnt && mount /dev/vdb /mnt && echo hello > /mnt/test && umount /mnt") + testScript = + { nodes, ... }: + let + boot-btrfs-raid = nodes.machine.specialisation.boot-btrfs-raid.configuration.system.build.toplevel; + in + # python + '' + # Create RAID + machine.succeed("mkfs.btrfs -d raid0 /dev/vdb /dev/vdc") + machine.succeed("mkdir -p /mnt && mount /dev/vdb /mnt && echo hello > /mnt/test && umount /mnt") - # Boot from the RAID - machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-btrfs-raid.conf") - machine.succeed("sync") - machine.crash() - machine.wait_for_unit("multi-user.target") + # Boot from the RAID + machine.succeed("${boot-btrfs-raid}/bin/switch-to-configuration boot") + machine.succeed("sync") + machine.crash() + machine.wait_for_unit("multi-user.target") - # Ensure we have successfully booted from the RAID - assert "(initrd)" in machine.succeed("systemd-analyze") # booted with systemd in stage 1 - assert "/dev/vdb on / type btrfs" in machine.succeed("mount") - assert "hello" in machine.succeed("cat /test") - assert "Total devices 2" in machine.succeed("btrfs filesystem show") - ''; + # Ensure we have successfully booted from the RAID + assert "(initrd)" in machine.succeed("systemd-analyze") # booted with systemd in stage 1 + assert "/dev/vdb on / type btrfs" in machine.succeed("mount") + assert "hello" in machine.succeed("cat /test") + assert "Total devices 2" in machine.succeed("btrfs filesystem show") + ''; } diff --git a/nixos/tests/systemd-initrd-luks-fido2.nix b/nixos/tests/systemd-initrd-luks-fido2.nix index a38c97e8b0dd..783b9d7426e7 100644 --- a/nixos/tests/systemd-initrd-luks-fido2.nix +++ b/nixos/tests/systemd-initrd-luks-fido2.nix @@ -1,6 +1,5 @@ { lib, - pkgs, hostPkgs, ... }: @@ -43,19 +42,25 @@ }; }; - testScript = '' - # Create encrypted volume - machine.wait_for_unit("multi-user.target") - machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -") - machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --fido2-device=auto /dev/vdb |& systemd-cat") + testScript = + { nodes, ... }: + let + boot-luks = nodes.machine.specialisation.boot-luks.configuration.system.build.toplevel; + in + # python + '' + # Create encrypted volume + machine.wait_for_unit("multi-user.target") + machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -") + machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --fido2-device=auto /dev/vdb |& systemd-cat") - # Boot from the encrypted disk - machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf") - machine.succeed("sync") - machine.crash() + # Boot from the encrypted disk + machine.succeed("${boot-luks}/bin/switch-to-configuration boot") + machine.succeed("sync") + machine.crash() - # Boot and decrypt the disk - machine.wait_for_unit("multi-user.target") - assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount") - ''; + # Boot and decrypt the disk + machine.wait_for_unit("multi-user.target") + assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount") + ''; } diff --git a/nixos/tests/systemd-initrd-luks-keyfile.nix b/nixos/tests/systemd-initrd-luks-keyfile.nix index 8b7f28947f72..b12e504a107a 100644 --- a/nixos/tests/systemd-initrd-luks-keyfile.nix +++ b/nixos/tests/systemd-initrd-luks-keyfile.nix @@ -42,20 +42,26 @@ in }; }; - testScript = '' - # Create encrypted volume - machine.wait_for_unit("multi-user.target") - machine.succeed("cryptsetup luksFormat -q --iter-time=1 -d ${keyfile} /dev/vdb") - machine.succeed("cryptsetup luksOpen --key-file ${keyfile} /dev/vdb cryptroot") - machine.succeed("mkfs.ext4 /dev/mapper/cryptroot") + testScript = + { nodes, ... }: + let + boot-luks = nodes.machine.specialisation.boot-luks.configuration.system.build.toplevel; + in + # python + '' + # Create encrypted volume + machine.wait_for_unit("multi-user.target") + machine.succeed("cryptsetup luksFormat -q --iter-time=1 -d ${keyfile} /dev/vdb") + machine.succeed("cryptsetup luksOpen --key-file ${keyfile} /dev/vdb cryptroot") + machine.succeed("mkfs.ext4 /dev/mapper/cryptroot") - # Boot from the encrypted disk - machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf") - machine.succeed("sync") - machine.crash() + # Boot from the encrypted disk + machine.succeed("${boot-luks}/bin/switch-to-configuration boot") + machine.succeed("sync") + machine.crash() - # Boot and decrypt the disk - machine.wait_for_unit("multi-user.target") - assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount") - ''; + # Boot and decrypt the disk + machine.wait_for_unit("multi-user.target") + assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount") + ''; } diff --git a/nixos/tests/systemd-initrd-luks-password.nix b/nixos/tests/systemd-initrd-luks-password.nix index a77fe16ea453..8eeb9b178fa1 100644 --- a/nixos/tests/systemd-initrd-luks-password.nix +++ b/nixos/tests/systemd-initrd-luks-password.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, ... }: +{ lib, ... }: { name = "systemd-initrd-luks-password"; @@ -39,30 +39,36 @@ }; }; - testScript = '' - # Create encrypted volume - machine.wait_for_unit("multi-user.target") + testScript = + { nodes, ... }: + let + boot-luks = nodes.machine.specialisation.boot-luks.configuration.system.build.toplevel; + in + # python + '' + # Create encrypted volume + machine.wait_for_unit("multi-user.target") - machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -") - machine.succeed("echo -n supersecret | cryptsetup luksOpen -q /dev/vdb cryptroot") - machine.succeed("mkfs.ext4 /dev/mapper/cryptroot") + machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -") + machine.succeed("echo -n supersecret | cryptsetup luksOpen -q /dev/vdb cryptroot") + machine.succeed("mkfs.ext4 /dev/mapper/cryptroot") - machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdc -") - machine.succeed("echo -n supersecret | cryptsetup luksOpen -q /dev/vdc cryptroot2") - machine.succeed("mkfs.ext4 /dev/mapper/cryptroot2") + machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdc -") + machine.succeed("echo -n supersecret | cryptsetup luksOpen -q /dev/vdc cryptroot2") + machine.succeed("mkfs.ext4 /dev/mapper/cryptroot2") - # Boot from the encrypted disk - machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf") - machine.succeed("sync") - machine.crash() + # Boot from the encrypted disk + machine.succeed("${boot-luks}/bin/switch-to-configuration boot") + machine.succeed("sync") + machine.crash() - # Boot and decrypt the disk - machine.start() - machine.wait_for_console_text("Please enter passphrase for disk cryptroot") - machine.send_console("supersecret\n") - machine.wait_for_unit("multi-user.target") + # Boot and decrypt the disk + machine.start() + machine.wait_for_console_text("Please enter passphrase for disk cryptroot") + machine.send_console("supersecret\n") + machine.wait_for_unit("multi-user.target") - assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount"), "/dev/mapper/cryptroot do not appear in mountpoints list" - assert "/dev/mapper/cryptroot2 on /cryptroot2 type ext4" in machine.succeed("mount") - ''; + assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount"), "/dev/mapper/cryptroot do not appear in mountpoints list" + assert "/dev/mapper/cryptroot2 on /cryptroot2 type ext4" in machine.succeed("mount") + ''; } diff --git a/nixos/tests/systemd-initrd-luks-tpm2.nix b/nixos/tests/systemd-initrd-luks-tpm2.nix index 931959f05464..8628fc2b8a01 100644 --- a/nixos/tests/systemd-initrd-luks-tpm2.nix +++ b/nixos/tests/systemd-initrd-luks-tpm2.nix @@ -35,21 +35,27 @@ }; }; - testScript = '' - # Create encrypted volume - machine.wait_for_unit("multi-user.target") - machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -") - machine.succeed("echo -n supersecret | cryptsetup luksOpen -q /dev/vdb cryptroot") - machine.succeed("mkfs.ext4 /dev/mapper/cryptroot") - machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --tpm2-pcrs= --tpm2-device=auto /dev/vdb |& systemd-cat") + testScript = + { nodes, ... }: + let + boot-luks = nodes.machine.specialisation.boot-luks.configuration.system.build.toplevel; + in + # python + '' + # Create encrypted volume + machine.wait_for_unit("multi-user.target") + machine.succeed("echo -n supersecret | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -") + machine.succeed("echo -n supersecret | cryptsetup luksOpen -q /dev/vdb cryptroot") + machine.succeed("mkfs.ext4 /dev/mapper/cryptroot") + machine.succeed("PASSWORD=supersecret SYSTEMD_LOG_LEVEL=debug systemd-cryptenroll --tpm2-pcrs= --tpm2-device=auto /dev/vdb |& systemd-cat") - # Boot from the encrypted disk - machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf") - machine.succeed("sync") - machine.crash() + # Boot from the encrypted disk + machine.succeed("${boot-luks}/bin/switch-to-configuration boot") + machine.succeed("sync") + machine.crash() - # Boot and decrypt the disk - machine.wait_for_unit("multi-user.target") - assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount") - ''; + # Boot and decrypt the disk + machine.wait_for_unit("multi-user.target") + assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount") + ''; } diff --git a/nixos/tests/systemd-initrd-luks-unl0kr.nix b/nixos/tests/systemd-initrd-luks-unl0kr.nix index 6844357a729f..b48bd2d1588f 100644 --- a/nixos/tests/systemd-initrd-luks-unl0kr.nix +++ b/nixos/tests/systemd-initrd-luks-unl0kr.nix @@ -82,33 +82,39 @@ in }; }; - testScript = '' - machine.wait_for_unit("multi-user.target") + testScript = + { nodes, ... }: + let + boot-luks = nodes.machine.specialisation.boot-luks.configuration.system.build.toplevel; + in + # python + '' + machine.wait_for_unit("multi-user.target") - machine.succeed("echo -n ${passphrase} | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -") - machine.succeed("echo -n ${passphrase} | cryptsetup luksOpen -q /dev/vdb cryptroot") - machine.succeed("mkfs.ext4 /dev/mapper/cryptroot") + machine.succeed("echo -n ${passphrase} | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -") + machine.succeed("echo -n ${passphrase} | cryptsetup luksOpen -q /dev/vdb cryptroot") + machine.succeed("mkfs.ext4 /dev/mapper/cryptroot") - machine.succeed("echo -n ${passphrase} | cryptsetup luksFormat -q --iter-time=1 /dev/vdc -") - machine.succeed("echo -n ${passphrase} | cryptsetup luksOpen -q /dev/vdc cryptroot2") - machine.succeed("mkfs.ext4 /dev/mapper/cryptroot2") + machine.succeed("echo -n ${passphrase} | cryptsetup luksFormat -q --iter-time=1 /dev/vdc -") + machine.succeed("echo -n ${passphrase} | cryptsetup luksOpen -q /dev/vdc cryptroot2") + machine.succeed("mkfs.ext4 /dev/mapper/cryptroot2") - # Boot from the encrypted disk - machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf") - machine.succeed("sync") - machine.crash() + # Boot from the encrypted disk + machine.succeed("${boot-luks}/bin/switch-to-configuration boot") + machine.succeed("sync") + machine.crash() - # Boot and decrypt the disk. This part of the test is SLOW. - machine.start() - machine.wait_for_unit("unl0kr-agent.service") - machine.screenshot("prompt") - machine.send_chars("${passphrase}") - machine.screenshot("pw") - machine.send_chars("\n") - machine.switch_root() - machine.wait_for_unit("multi-user.target") + # Boot and decrypt the disk. This part of the test is SLOW. + machine.start() + machine.wait_for_unit("unl0kr-agent.service") + machine.screenshot("prompt") + machine.send_chars("${passphrase}") + machine.screenshot("pw") + machine.send_chars("\n") + machine.switch_root() + machine.wait_for_unit("multi-user.target") - assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount"), "/dev/mapper/cryptroot do not appear in mountpoints list" - assert "/dev/mapper/cryptroot2 on /cryptroot2 type ext4" in machine.succeed("mount") - ''; + assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount"), "/dev/mapper/cryptroot do not appear in mountpoints list" + assert "/dev/mapper/cryptroot2 on /cryptroot2 type ext4" in machine.succeed("mount") + ''; } diff --git a/nixos/tests/systemd-initrd-swraid.nix b/nixos/tests/systemd-initrd-swraid.nix index 997235ecfcd1..01fc9141997e 100644 --- a/nixos/tests/systemd-initrd-swraid.nix +++ b/nixos/tests/systemd-initrd-swraid.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, ... }: +{ lib, ... }: { name = "systemd-initrd-swraid"; @@ -41,30 +41,36 @@ specialisation.build-old-initrd.configuration.boot.initrd.systemd.enable = lib.mkForce false; }; - testScript = '' - # Create RAID - machine.succeed("mdadm --create --force /dev/md0 -n 2 --level=raid1 /dev/vdb /dev/vdc --metadata=0.90 --bitmap=internal") - machine.succeed("mkfs.ext4 -L testraid /dev/md0") - machine.succeed("mkdir -p /mnt && mount /dev/md0 /mnt && echo hello > /mnt/test && umount /mnt") + testScript = + { nodes, ... }: + let + boot-swraid = nodes.machine.specialisation.boot-swraid.configuration.system.build.toplevel; + in + # python + '' + # Create RAID + machine.succeed("mdadm --create --force /dev/md0 -n 2 --level=raid1 /dev/vdb /dev/vdc --metadata=0.90 --bitmap=internal") + machine.succeed("mkfs.ext4 -L testraid /dev/md0") + machine.succeed("mkdir -p /mnt && mount /dev/md0 /mnt && echo hello > /mnt/test && umount /mnt") - # Boot from the RAID - machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-swraid.conf") - machine.succeed("sync") - machine.crash() - machine.wait_for_unit("multi-user.target") + # Boot from the RAID + machine.succeed("${boot-swraid}/bin/switch-to-configuration boot") + machine.succeed("sync") + machine.crash() + machine.wait_for_unit("multi-user.target") - # Ensure we have successfully booted from the RAID - assert "(initrd)" in machine.succeed("systemd-analyze") # booted with systemd in stage 1 - assert "/dev/md0 on / type ext4" in machine.succeed("mount") - assert "hello" in machine.succeed("cat /test") - assert "md0" in machine.succeed("cat /proc/mdstat") + # Ensure we have successfully booted from the RAID + assert "(initrd)" in machine.succeed("systemd-analyze") # booted with systemd in stage 1 + assert "/dev/md0 on / type ext4" in machine.succeed("mount") + assert "hello" in machine.succeed("cat /test") + assert "md0" in machine.succeed("cat /proc/mdstat") - # Verify the RAID array was properly auto-detected and assembled - detail = machine.succeed("mdadm --detail /dev/md0") - assert "raid1" in detail, f"Expected raid1 in mdadm detail output: {detail}" - assert "/dev/vdb" in detail, f"Expected /dev/vdb in array: {detail}" - assert "/dev/vdc" in detail, f"Expected /dev/vdc in array: {detail}" + # Verify the RAID array was properly auto-detected and assembled + detail = machine.succeed("mdadm --detail /dev/md0") + assert "raid1" in detail, f"Expected raid1 in mdadm detail output: {detail}" + assert "/dev/vdb" in detail, f"Expected /dev/vdb in array: {detail}" + assert "/dev/vdc" in detail, f"Expected /dev/vdc in array: {detail}" - machine.wait_for_unit("mdmonitor.service") - ''; + machine.wait_for_unit("mdmonitor.service") + ''; } diff --git a/nixos/tests/web-apps/pixelfed/default.nix b/nixos/tests/web-apps/pixelfed/default.nix index 00a786d4eb73..bb1972c8747f 100644 --- a/nixos/tests/web-apps/pixelfed/default.nix +++ b/nixos/tests/web-apps/pixelfed/default.nix @@ -4,6 +4,7 @@ let supportedSystems = [ "x86_64-linux" + "aarch64-linux" "i686-linux" ]; in diff --git a/nixos/tests/web-apps/pixelfed/standard.nix b/nixos/tests/web-apps/pixelfed/standard.nix index 6a3776fa8403..cffedd40e2f7 100644 --- a/nixos/tests/web-apps/pixelfed/standard.nix +++ b/nixos/tests/web-apps/pixelfed/standard.nix @@ -4,7 +4,7 @@ nodes = { server = - { pkgs, ... }: + { pkgs, lib, ... }: { services.pixelfed = { enable = true; @@ -19,16 +19,25 @@ ); settings."FORCE_HTTPS_URLS" = false; }; + + # to prevent getting killed by oom + virtualisation.memorySize = 2048; + virtualisation.emptyDiskImages = [ 4096 ]; + swapDevices = [ { device = "/dev/vdb"; } ]; + + # allows running nixos test on qemu without kvm, eg. github actions on aarch64-linux + systemd.settings.Manager.DefaultDeviceTimeoutSec = lib.mkForce 1800; + boot.initrd.kernelModules = [ "virtio_console" ]; }; }; testScript = '' # Wait for Pixelfed PHP pool - server.wait_for_unit("phpfpm-pixelfed.service") + server.wait_for_unit("phpfpm-pixelfed.service", timeout=1800) # Wait for NGINX - server.wait_for_unit("nginx.service") + server.wait_for_unit("nginx.service", timeout=1800) # Wait for HTTP port - server.wait_for_open_port(80) + server.wait_for_open_port(80, timeout=1800) # Access the homepage. server.succeed("curl -H 'Host: pixelfed.local' http://localhost") # Create an account diff --git a/nixos/tests/zfs.nix b/nixos/tests/zfs.nix index 418d7aeeda9b..fc5eb975226c 100644 --- a/nixos/tests/zfs.nix +++ b/nixos/tests/zfs.nix @@ -1,12 +1,11 @@ { - system ? builtins.currentSystem, - config ? { }, - pkgs ? import ../.. { inherit system config; }, + system, + pkgs, + runTest, }: -with import ../lib/testing-python.nix { inherit system pkgs; }; - let + inherit (pkgs) lib; makeZfsTest = { @@ -15,11 +14,9 @@ let zfsPackage, extraTest ? "", }: - makeTest { + runTest { name = zfsPackage.kernelModuleAttribute; - meta = with pkgs.lib.maintainers; { - maintainers = [ elvishjerricco ]; - }; + meta.maintainers = with lib.maintainers; [ elvishjerricco ]; nodes.machine = { @@ -124,82 +121,90 @@ let }; }; - testScript = '' - machine.wait_for_unit("multi-user.target") - machine.succeed( - "zpool status", - "parted --script /dev/vdb mklabel msdos", - "parted --script /dev/vdb -- mkpart primary 1024M -1s", - "parted --script /dev/vdc mklabel msdos", - "parted --script /dev/vdc -- mkpart primary 1024M -1s", - ) + testScript = + { nodes, ... }: + let + samba = nodes.machine.specialisation.samba.configuration.system.build.toplevel; + encryption = nodes.machine.specialisation.encryption.configuration.system.build.toplevel; + forcepool = nodes.machine.specialisation.forcepool.configuration.system.build.toplevel; + in + # python + '' + machine.wait_for_unit("multi-user.target") + machine.succeed( + "zpool status", + "parted --script /dev/vdb mklabel msdos", + "parted --script /dev/vdb -- mkpart primary 1024M -1s", + "parted --script /dev/vdc mklabel msdos", + "parted --script /dev/vdc -- mkpart primary 1024M -1s", + ) - with subtest("sharesmb works"): - machine.succeed( - "zpool create rpool /dev/vdb1", - "zfs create -o mountpoint=legacy rpool/root", - # shared datasets cannot have legacy mountpoint - "zfs create rpool/shared_smb", - "bootctl set-default nixos-generation-1-specialisation-samba.conf", - "sync", - ) - machine.crash() - machine.wait_for_unit("multi-user.target") - machine.succeed("zfs set sharesmb=on rpool/shared_smb") - machine.succeed( - "smbclient -gNL localhost | grep rpool_shared_smb", - "umount /tmp/mnt", - "zpool destroy rpool", - ) + with subtest("sharesmb works"): + machine.succeed( + "zpool create rpool /dev/vdb1", + "zfs create -o mountpoint=legacy rpool/root", + # shared datasets cannot have legacy mountpoint + "zfs create rpool/shared_smb", + "${samba}/bin/switch-to-configuration boot", + "sync", + ) + machine.crash() + machine.wait_for_unit("multi-user.target") + machine.succeed("zfs set sharesmb=on rpool/shared_smb") + machine.succeed( + "smbclient -gNL localhost | grep rpool_shared_smb", + "umount /tmp/mnt", + "zpool destroy rpool", + ) - with subtest("encryption works"): - machine.succeed( - 'echo password | zpool create -O mountpoint=legacy ' - + "-O encryption=aes-256-gcm -O keyformat=passphrase automatic /dev/vdb1", - "zpool create -O mountpoint=legacy manual /dev/vdc1", - "echo otherpass | zfs create " - + "-o encryption=aes-256-gcm -o keyformat=passphrase manual/encrypted", - "zfs create -o encryption=aes-256-gcm -o keyformat=passphrase " - + "-o keylocation=http://localhost/zfskey manual/httpkey", - "bootctl set-default nixos-generation-1-specialisation-encryption.conf", - "sync", - "zpool export automatic", - "zpool export manual", - ) - machine.crash() - machine.start() - machine.wait_for_console_text("Starting password query on") - machine.send_console("password\n") - machine.wait_for_unit("multi-user.target") - machine.succeed( - "zfs get -Ho value keystatus manual/encrypted | grep -Fx unavailable", - "echo otherpass | zfs load-key manual/encrypted", - "systemctl start manual-encrypted.mount", - "zfs load-key manual/httpkey", - "systemctl start manual-httpkey.mount", - "umount /automatic /manual/encrypted /manual/httpkey /manual", - "zpool destroy automatic", - "zpool destroy manual", - ) + with subtest("encryption works"): + machine.succeed( + 'echo password | zpool create -O mountpoint=legacy ' + + "-O encryption=aes-256-gcm -O keyformat=passphrase automatic /dev/vdb1", + "zpool create -O mountpoint=legacy manual /dev/vdc1", + "echo otherpass | zfs create " + + "-o encryption=aes-256-gcm -o keyformat=passphrase manual/encrypted", + "zfs create -o encryption=aes-256-gcm -o keyformat=passphrase " + + "-o keylocation=http://localhost/zfskey manual/httpkey", + "${encryption}/bin/switch-to-configuration boot", + "sync", + "zpool export automatic", + "zpool export manual", + ) + machine.crash() + machine.start() + machine.wait_for_console_text("Starting password query on") + machine.send_console("password\n") + machine.wait_for_unit("multi-user.target") + machine.succeed( + "zfs get -Ho value keystatus manual/encrypted | grep -Fx unavailable", + "echo otherpass | zfs load-key manual/encrypted", + "systemctl start manual-encrypted.mount", + "zfs load-key manual/httpkey", + "systemctl start manual-httpkey.mount", + "umount /automatic /manual/encrypted /manual/httpkey /manual", + "zpool destroy automatic", + "zpool destroy manual", + ) - with subtest("boot.zfs.forceImportAll works"): - machine.succeed( - "rm /etc/hostid", - "zgenhostid deadcafe", - "zpool create forcepool /dev/vdb1 -O mountpoint=legacy", - "bootctl set-default nixos-generation-1-specialisation-forcepool.conf", - "rm /etc/hostid", - "sync", - ) - machine.crash() - machine.wait_for_unit("multi-user.target") - machine.fail("zpool import forcepool") - machine.succeed( - "systemctl start forcepool.mount", - "mount | grep forcepool", - ) - '' - + extraTest; + with subtest("boot.zfs.forceImportAll works"): + machine.succeed( + "rm /etc/hostid", + "zgenhostid deadcafe", + "zpool create forcepool /dev/vdb1 -O mountpoint=legacy", + "${forcepool}/bin/switch-to-configuration boot", + "rm /etc/hostid", + "sync", + ) + machine.crash() + machine.wait_for_unit("multi-user.target") + machine.fail("zpool import forcepool") + machine.succeed( + "systemctl start forcepool.mount", + "mount | grep forcepool", + ) + '' + + extraTest; }; @@ -250,7 +255,7 @@ in systemdStage1 = true; }).zfsroot; - expand-partitions = makeTest { + expand-partitions = runTest { name = "multi-disk-zfs"; nodes = { machine = diff --git a/pkgs/applications/science/molecular-dynamics/gromacs/default.nix b/pkgs/applications/science/molecular-dynamics/gromacs/default.nix index fe76b4457b0f..1a405f37b3aa 100644 --- a/pkgs/applications/science/molecular-dynamics/gromacs/default.nix +++ b/pkgs/applications/science/molecular-dynamics/gromacs/default.nix @@ -56,8 +56,8 @@ let } else { - version = "2026.1"; - hash = "sha256-2VoxP1bbfgXuOiHlD1gv3uUXbC9guQC6skYf2Vxegb4="; + version = "2026.2"; + hash = "sha256-0n5EVegkYXeVI2Z5hjGg2tny4fVnQApsuFShaNzAUN0="; }; in diff --git a/pkgs/by-name/bo/boringssl/package.nix b/pkgs/by-name/bo/boringssl/package.nix index c5647b4e37d4..3ac6ddb79621 100644 --- a/pkgs/by-name/bo/boringssl/package.nix +++ b/pkgs/by-name/bo/boringssl/package.nix @@ -13,12 +13,12 @@ # reference: https://boringssl.googlesource.com/boringssl/+/refs/tags/0.20250818.0/BUILDING.md stdenv.mkDerivation (finalAttrs: { pname = "boringssl"; - version = "0.20260508.0"; + version = "0.20260526.0"; src = fetchgit { url = "https://boringssl.googlesource.com/boringssl"; tag = finalAttrs.version; - hash = "sha256-7fW0OmOj+Hduq5YCc5xpcfICpC8qAc/05/UMgZ70jhM="; + hash = "sha256-SmyImyzGn7v2b5qGJbMmQZX5bODA9i6+8jy3uGwOawA="; }; patches = [ diff --git a/pkgs/by-name/br/brave/package.nix b/pkgs/by-name/br/brave/package.nix index 7a942dac78f0..9de02331740f 100644 --- a/pkgs/by-name/br/brave/package.nix +++ b/pkgs/by-name/br/brave/package.nix @@ -3,24 +3,24 @@ let pname = "brave"; - version = "1.90.124"; + version = "1.90.128"; allArchives = { aarch64-linux = { url = "https://github.com/brave/brave-browser/releases/download/v${version}/brave-browser_${version}_arm64.deb"; - hash = "sha256-+ZJxwwL5jPO49anc+6aBA5jlAsFw7BSHt6lXjFseJ3c="; + hash = "sha256-tRFlzHOz2pMpSrdp6vst9zuKhmpqWga3FzLWglLAgwc="; }; x86_64-linux = { url = "https://github.com/brave/brave-browser/releases/download/v${version}/brave-browser_${version}_amd64.deb"; - hash = "sha256-mcqe531FqdBVIgZrQLOVDgIi2JBPSKadD4fCLQMimwI="; + hash = "sha256-BBOpwAM7KVLCd6v47q6ndA6Lb9LsI8dQXB/evwBXV/w="; }; aarch64-darwin = { url = "https://github.com/brave/brave-browser/releases/download/v${version}/brave-v${version}-darwin-arm64.zip"; - hash = "sha256-u3KmZffPQpHzS9IxZ7UsL7D6ETGJxExil20vmD6flMo="; + hash = "sha256-pJFvRP8GKTv+b2OSaAhiabIXxSJjelZPsYROTuHw0qo="; }; x86_64-darwin = { url = "https://github.com/brave/brave-browser/releases/download/v${version}/brave-v${version}-darwin-x64.zip"; - hash = "sha256-jSWamdWVBCR9uPY/i0awwdhTG3pD/iVdJIeYBnG747k="; + hash = "sha256-DgqaYEZJ6je3N/BDwIiwXrJ+w6qrBJse6d9LtKq7Dac="; }; }; diff --git a/pkgs/by-name/ch/checkstyle/package.nix b/pkgs/by-name/ch/checkstyle/package.nix index 92a2392ddb0f..e08f9d5d1c5f 100644 --- a/pkgs/by-name/ch/checkstyle/package.nix +++ b/pkgs/by-name/ch/checkstyle/package.nix @@ -8,17 +8,17 @@ }: maven.buildMavenPackage (finalAttrs: { - version = "13.4.2"; + version = "13.5.0"; pname = "checkstyle"; src = fetchFromGitHub { owner = "checkstyle"; repo = "checkstyle"; tag = "checkstyle-${finalAttrs.version}"; - hash = "sha256-0ENLO/hP/MXVU358Ys83cH1Adl8CTbT/zcG9/tOBIC8="; + hash = "sha256-2v6ccNG4t8cXObMdztX+Y+PVuiqt4Fd5IR7j5bk5IaA="; }; - mvnHash = "sha256-eRNJOrSP9GcuF226kZi5ef3shm1PdTEsGvjpi46cfSw="; + mvnHash = "sha256-M830+mpd7fAbzZGUQiTJZUKPe64zYUKp6QRqTrSOy7w="; nativeBuildInputs = [ maven diff --git a/pkgs/by-name/ch/chhoto-url/package.nix b/pkgs/by-name/ch/chhoto-url/package.nix index 0cbef07a654c..7f3a2ec9ba89 100644 --- a/pkgs/by-name/ch/chhoto-url/package.nix +++ b/pkgs/by-name/ch/chhoto-url/package.nix @@ -8,23 +8,23 @@ rustPlatform.buildRustPackage (finalAttrs: { pname = "chhoto-url"; - version = "7.1.5"; + version = "7.2.1"; src = fetchFromGitHub { owner = "SinTan1729"; repo = "chhoto-url"; tag = finalAttrs.version; - hash = "sha256-TREBriuK7k3ZBDkdQ5gGdptWCG/5UOdhoWcOj1Ppd/8="; + hash = "sha256-B6bMuy/EEveYtQtGBO5CNeEUlPK8eQ412k+SwlRPm2M="; }; sourceRoot = "${finalAttrs.src.name}/actix"; postPatch = '' - substituteInPlace src/{main.rs,services.rs} \ + substituteInPlace src/{main.rs,services/get.rs,services/utils.rs} \ --replace-fail "./resources/" "${placeholder "out"}/share/chhoto-url/resources/" ''; - cargoHash = "sha256-S+fWxhPRB+JZPjWQkww9VYtYfc9vnXCZgUZTu+ND1So="; + cargoHash = "sha256-9EVGsOipx9ObygpM37iZYLnhYjSMHFhHTDvjHkLWLz8="; postInstall = '' mkdir -p $out/share/chhoto-url diff --git a/pkgs/by-name/dp/dprint/plugins/dprint-plugin-biome.nix b/pkgs/by-name/dp/dprint/plugins/dprint-plugin-biome.nix index 0bcf9e5f4371..50b3d16f8e1e 100644 --- a/pkgs/by-name/dp/dprint/plugins/dprint-plugin-biome.nix +++ b/pkgs/by-name/dp/dprint/plugins/dprint-plugin-biome.nix @@ -1,7 +1,7 @@ { mkDprintPlugin }: mkDprintPlugin { description = "Biome (JS/TS/JSON) wrapper plugin"; - hash = "sha256-k+o4eiLwzoCF6MPX0dEn/3modSwvFYFuzMe47cdJWo8="; + hash = "sha256-0zbtVqdL86r69ahRS61qJ2r7qUtRzfY1qO1FL+SWt+g="; initConfig = { configExcludes = [ "**/node_modules" ]; configKey = "biome"; @@ -17,6 +17,6 @@ mkDprintPlugin { }; pname = "dprint-plugin-biome"; updateUrl = "https://plugins.dprint.dev/dprint/biome/latest.json"; - url = "https://plugins.dprint.dev/biome-0.12.11.wasm"; - version = "0.12.11"; + url = "https://plugins.dprint.dev/biome-0.12.12.wasm"; + version = "0.12.12"; } diff --git a/pkgs/by-name/fe/feishin/package.nix b/pkgs/by-name/fe/feishin/package.nix index a43d25c3d323..4f2b94ec6fb8 100644 --- a/pkgs/by-name/fe/feishin/package.nix +++ b/pkgs/by-name/fe/feishin/package.nix @@ -3,29 +3,30 @@ stdenv, buildNpmPackage, fetchFromGitHub, - electron_40, + electron_41, dart-sass, mpv-unwrapped, fetchPnpmDeps, pnpmConfigHook, pnpm_10_29_2, darwin, + actool, copyDesktopItems, makeDesktopItem, nix-update-script, }: let pname = "feishin"; - version = "1.11.0"; + version = "1.13.0"; src = fetchFromGitHub { owner = "jeffvli"; repo = "feishin"; tag = "v${version}"; - hash = "sha256-TSjgjNHhPSZ4k7zZTH5e3FCkl6d7B/2w2WCt0S5OW0g="; + hash = "sha256-v6dWzEB1+IK4bHmDo8Rr5e0Xi3OWKcm+UPBmBiSfdZ0="; }; - electron = electron_40; + electron = electron_41; in buildNpmPackage { inherit pname version; @@ -43,7 +44,7 @@ buildNpmPackage { ; pnpm = pnpm_10_29_2; fetcherVersion = 3; - hash = "sha256-2fLqqCbbCIPoW/wGzsZOpZd5tnvyrLYlrVhbFWixlDM="; + hash = "sha256-zNOGJ24G0xcgsGK4DmbBm7d1PHTp7IJS+RTALGRtfDg="; }; env.ELECTRON_SKIP_BINARY_DOWNLOAD = "1"; @@ -52,17 +53,15 @@ buildNpmPackage { pnpm_10_29_2 ] ++ lib.optionals (stdenv.hostPlatform.isLinux) [ copyDesktopItems ] - ++ lib.optionals stdenv.hostPlatform.isDarwin [ darwin.autoSignDarwinBinariesHook ]; + ++ lib.optionals stdenv.hostPlatform.isDarwin [ + darwin.autoSignDarwinBinariesHook + actool + ]; postPatch = '' # release/app dependencies are installed on preConfigure substituteInPlace package.json \ --replace-fail '"postinstall": "electron-builder install-app-deps",' "" - '' - + lib.optionalString stdenv.hostPlatform.isLinux '' - # https://github.com/electron/electron/issues/31121 - substituteInPlace src/main/index.ts \ - --replace-fail "process.resourcesPath" "'$out/share/feishin/resources'" ''; preBuild = '' diff --git a/pkgs/by-name/fl/fluent-bit/package.nix b/pkgs/by-name/fl/fluent-bit/package.nix index 9d4dceb10122..416efc2f686a 100644 --- a/pkgs/by-name/fl/fluent-bit/package.nix +++ b/pkgs/by-name/fl/fluent-bit/package.nix @@ -29,13 +29,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "fluent-bit"; - version = "5.0.5"; + version = "5.0.6"; src = fetchFromGitHub { owner = "fluent"; repo = "fluent-bit"; tag = "v${finalAttrs.version}"; - hash = "sha256-IPTM0jtlu3DZJRXCD0IE13ASGbJsDygPEuDXsiQP7Ts="; + hash = "sha256-VXf1F0TZFi8d7gil8yc3WWA/0X3QyYPnbA3luE1DE98="; }; # The source build documentation covers some dependencies and CMake options. diff --git a/pkgs/by-name/gi/git/package.nix b/pkgs/by-name/gi/git/package.nix index fa7bcc7cd054..6721c2110439 100644 --- a/pkgs/by-name/gi/git/package.nix +++ b/pkgs/by-name/gi/git/package.nix @@ -212,6 +212,11 @@ stdenv.mkDerivation (finalAttrs: { libsecret ]; + # This is required for building the rust build.rs script when cross compiling + depsBuildBuild = lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [ + buildPackages.stdenv.cc + ]; + env = { # required to support pthread_cancel() NIX_LDFLAGS = diff --git a/pkgs/by-name/gr/grafana/package.nix b/pkgs/by-name/gr/grafana/package.nix index bcf26505351c..19e9c093ff56 100644 --- a/pkgs/by-name/gr/grafana/package.nix +++ b/pkgs/by-name/gr/grafana/package.nix @@ -21,7 +21,7 @@ buildGoModule (finalAttrs: { pname = "grafana"; - version = "13.0.1+security-01"; + version = "13.0.2"; subPackages = [ "pkg/cmd/grafana" @@ -33,7 +33,7 @@ buildGoModule (finalAttrs: { owner = "grafana"; repo = "grafana"; rev = "v${finalAttrs.version}"; - hash = "sha256-v/6a0Xlj11nZ0u8xtFzw5i674rB1YV21iLCuLc5af+I="; + hash = "sha256-knalINdJPFrvj6HNxWPV6wu6TSkrRvgkZjOnECOsWwU="; }; patches = [ @@ -55,12 +55,12 @@ buildGoModule (finalAttrs: { # Since this is not a dependency attribute the buildPackages has to be specified. offlineCache = buildPackages.yarn-berry_4-fetcher.fetchYarnBerryDeps { inherit (finalAttrs) src missingHashes patches; - hash = "sha256-uOl9PemVZiKwGfhLUpAAByMvt5A8JyA5qyJ6Cdl6od4="; + hash = "sha256-NXDXmed2TsMQS99breDt0Ky6X2ZyuWkJ5KyKz5Apkt8="; }; disallowedRequisites = [ finalAttrs.offlineCache ]; - vendorHash = "sha256-PEGgrkTguHvqrclzvZDQ7yk6rwTKDLXdUSjeaQFnYtU="; + vendorHash = "sha256-rFGwtplr+n0qgIulycNQ5L/lh4ZFoHCrYeIfbb+e/h4="; # Grafana seems to just set it to the latest version available # nowadays. diff --git a/pkgs/applications/science/logic/hol_light/0001-pa_j-accept-camlp5-8.05-for-OCaml-5.4.patch b/pkgs/by-name/ho/hol_light/0001-pa_j-accept-camlp5-8.05-for-OCaml-5.4.patch similarity index 100% rename from pkgs/applications/science/logic/hol_light/0001-pa_j-accept-camlp5-8.05-for-OCaml-5.4.patch rename to pkgs/by-name/ho/hol_light/0001-pa_j-accept-camlp5-8.05-for-OCaml-5.4.patch diff --git a/pkgs/applications/science/logic/hol_light/0002-link-findlib-into-ocaml-hol.patch b/pkgs/by-name/ho/hol_light/0002-link-findlib-into-ocaml-hol.patch similarity index 100% rename from pkgs/applications/science/logic/hol_light/0002-link-findlib-into-ocaml-hol.patch rename to pkgs/by-name/ho/hol_light/0002-link-findlib-into-ocaml-hol.patch diff --git a/pkgs/applications/science/logic/hol_light/default.nix b/pkgs/by-name/ho/hol_light/package.nix similarity index 95% rename from pkgs/applications/science/logic/hol_light/default.nix rename to pkgs/by-name/ho/hol_light/package.nix index 5c10c8e1a184..9cf947c92052 100644 --- a/pkgs/applications/science/logic/hol_light/default.nix +++ b/pkgs/by-name/ho/hol_light/package.nix @@ -4,17 +4,23 @@ fetchFromGitHub, makeBinaryWrapper, writeText, - ocaml, - findlib, - zarith, - camlp5, - camlp-streams, - fmt, - pcre2, + ocamlPackages, ledit, bash, }: +let + inherit (ocamlPackages) + ocaml + findlib + zarith + camlp5 + camlp-streams + fmt + pcre2 + ; +in + let ocamlPath = lib.makeSearchPath "/lib/ocaml/${ocaml.version}/site-lib" [ camlp5 diff --git a/pkgs/by-name/hy/hyfetch/package.nix b/pkgs/by-name/hy/hyfetch/package.nix index 18819ba24078..517edd60530e 100644 --- a/pkgs/by-name/hy/hyfetch/package.nix +++ b/pkgs/by-name/hy/hyfetch/package.nix @@ -12,16 +12,16 @@ rustPlatform.buildRustPackage (finalAttrs: { pname = "hyfetch"; - version = "2.0.5"; + version = "2.1.0"; src = fetchFromGitHub { owner = "hykilpikonna"; repo = "hyfetch"; tag = finalAttrs.version; - hash = "sha256-vrTmjg6CZczImueN3JxKg1vYXAaEDYHYG7UaZeupYPU="; + hash = "sha256-/aOVgl93n9IL5lDzY1REg88BXhlqtDDjrZnkD4rQ9aw="; }; - cargoHash = "sha256-SieVB0zwer9Ksio3l87gUZkVJMwb+Da/NjBi5f57tJc="; + cargoHash = "sha256-uTIzLY5H+zoCsC/YalA0ImnJ817KhU5sXHWkbvWEfVk="; nativeBuildInputs = [ installShellFiles @@ -59,7 +59,9 @@ rustPlatform.buildRustPackage (finalAttrs: { versionCheckKeepEnvironment = [ "PATH" ]; doInstallCheck = true; - passthru.updateScript = nix-update-script { }; + passthru.updateScript = nix-update-script { + extraArgs = [ "--version-regex=^(\\d+\\.\\d+\\.\\d+)$" ]; + }; meta = { description = "Neofetch with LGBTQ+ pride flags"; @@ -81,6 +83,7 @@ rustPlatform.buildRustPackage (finalAttrs: { isabelroses nullcube defelo + Misaka13514 ]; }; }) diff --git a/pkgs/by-name/ja/jackett/deps.json b/pkgs/by-name/ja/jackett/deps.json index e4ed8fa312cc..0cac57b41576 100644 --- a/pkgs/by-name/ja/jackett/deps.json +++ b/pkgs/by-name/ja/jackett/deps.json @@ -61,18 +61,18 @@ }, { "pname": "Microsoft.AspNetCore.Cryptography.Internal", - "version": "9.0.14", - "hash": "sha256-Q+hF4swlFzafwMDnVSH/GwFBdwO3e+l3VYPcD/NStYw=" + "version": "9.0.16", + "hash": "sha256-UwBbUhfCxg5B3llggin1UtoaGYdy9ifoYs1MT3WiIJw=" }, { "pname": "Microsoft.AspNetCore.DataProtection", - "version": "9.0.14", - "hash": "sha256-o854THp3eNnY+sJssLxNQtDbDrp21QX1TJurYWu04g4=" + "version": "9.0.16", + "hash": "sha256-8bK7MDVhISTXmEFdcFcnJUleDaPAZkA8fWPAHV6XFeg=" }, { "pname": "Microsoft.AspNetCore.DataProtection.Abstractions", - "version": "9.0.14", - "hash": "sha256-7muJ67Xvw4PynXKRDQZnLKwFdbGutkx/p3bJfxph2KM=" + "version": "9.0.16", + "hash": "sha256-YSVo0oww1xoG7Hef+roLwGNX6dQs7ZG10f3Ij7w6z1w=" }, { "pname": "Microsoft.AspNetCore.Http", @@ -91,13 +91,13 @@ }, { "pname": "Microsoft.AspNetCore.JsonPatch", - "version": "9.0.14", - "hash": "sha256-X7/fHaxXSbZCg5EKFLfX6tjDtOXpgiPNirF/ifaIy1E=" + "version": "9.0.16", + "hash": "sha256-+AxAcxXNHLrELpW0KZd54TGMqPwe2bYaxUwNS64F8oQ=" }, { "pname": "Microsoft.AspNetCore.Mvc.NewtonsoftJson", - "version": "9.0.14", - "hash": "sha256-kNNf6RnVm7SgT0eEBSPDE3nXRwxL3qYln6gGzIszKTc=" + "version": "9.0.16", + "hash": "sha256-ephL6fJDFR+0rrebEH92IDpoMadJLef98L7mNKHTAUo=" }, { "pname": "Microsoft.AspNetCore.WebUtilities", @@ -126,8 +126,8 @@ }, { "pname": "Microsoft.Bcl.AsyncInterfaces", - "version": "9.0.14", - "hash": "sha256-I2sbQ4JwlDU/ocYsfgq6XLd7FDTIqxqsl7Bq8k10m5U=" + "version": "9.0.16", + "hash": "sha256-kCHVu7LDlMXlvDvFo9C3zbISV2t52s+iZMpp0/JX3iw=" }, { "pname": "Microsoft.Bcl.TimeProvider", @@ -146,8 +146,8 @@ }, { "pname": "Microsoft.Extensions.Configuration", - "version": "9.0.14", - "hash": "sha256-WDOS1x9YpEsJ9z6xI4h6R+HGGck3l/5kHbQxzjMSfgk=" + "version": "9.0.16", + "hash": "sha256-wfj9Vp3innwgJGToOyGqhW2lyFe4vG3KW51vMJjGGoU=" }, { "pname": "Microsoft.Extensions.Configuration.Abstractions", @@ -156,8 +156,8 @@ }, { "pname": "Microsoft.Extensions.Configuration.Abstractions", - "version": "9.0.14", - "hash": "sha256-Ihhg9vZC4vWDQhZNSCSXF9Cdhd+IVCCy53WSVJk4Iaw=" + "version": "9.0.16", + "hash": "sha256-1968fW24KGyvpNU8gYIPEhXJVVusgCCBz4PkK9Rww0s=" }, { "pname": "Microsoft.Extensions.DependencyInjection", @@ -171,23 +171,23 @@ }, { "pname": "Microsoft.Extensions.DependencyInjection.Abstractions", - "version": "9.0.14", - "hash": "sha256-LF0CXHppSdguJ/zL14BuCxsJmOXgpC4sVcNlc+nME/A=" + "version": "9.0.16", + "hash": "sha256-jTzy4tazMmC7magGRhm86yd2a7+2vRYWrC0QoOoDMSQ=" }, { "pname": "Microsoft.Extensions.Diagnostics.Abstractions", - "version": "9.0.14", - "hash": "sha256-g8hikT/FfhWM5uzACl6n8AVb6BqVDAaSddZ/GoshUu8=" + "version": "9.0.16", + "hash": "sha256-U6ij4cMOc94qLfVxuPINg4/vqqbFcZgTuIC/c0RznTQ=" }, { "pname": "Microsoft.Extensions.FileProviders.Abstractions", - "version": "9.0.14", - "hash": "sha256-TjaYFKyoWJaf8XztRPp6pM+iAXE3tcA+EC2rdctWCH4=" + "version": "9.0.16", + "hash": "sha256-T5LCT9yTrHvMaVP/4spQqCj27hXCbchTUdPMKKGBp3E=" }, { "pname": "Microsoft.Extensions.Hosting.Abstractions", - "version": "9.0.14", - "hash": "sha256-S/InBEcgCmsWTVMFWTs6cYLYotMANuklDFD8psj8LWE=" + "version": "9.0.16", + "hash": "sha256-u62QeQqAhJ0Pa5JnxXQIyOGkuQZnYYmo3ADTB9f6L9o=" }, { "pname": "Microsoft.Extensions.Logging", @@ -201,8 +201,8 @@ }, { "pname": "Microsoft.Extensions.Logging.Abstractions", - "version": "9.0.14", - "hash": "sha256-q24UO57BWHF0AED054nTAhNj6Sk1AaCVSMlvxl+kFo0=" + "version": "9.0.16", + "hash": "sha256-B5aTywrWdDbuAC5JBaueFtsA8VQAsejdMW9PSacELMM=" }, { "pname": "Microsoft.Extensions.ObjectPool", @@ -221,8 +221,8 @@ }, { "pname": "Microsoft.Extensions.Options", - "version": "9.0.14", - "hash": "sha256-EyDTvLfZmQOhJvvl6Um4fqHsF1+IxA4MXm13tw0kqgY=" + "version": "9.0.16", + "hash": "sha256-GkwkNAO87zn4tzOX7Z0oSpBhjIgkhAx5ApnY/PP5q/0=" }, { "pname": "Microsoft.Extensions.Primitives", @@ -231,8 +231,8 @@ }, { "pname": "Microsoft.Extensions.Primitives", - "version": "9.0.14", - "hash": "sha256-FU5zzgkyZd4Js0lXUxKahID8M1u3Hty24IfN52tLT6M=" + "version": "9.0.16", + "hash": "sha256-UqBlK5n0ZV8PlvwbholkIB6OU8mkT8bLDUv74a8pq5Y=" }, { "pname": "Microsoft.Net.Http.Headers", @@ -716,8 +716,8 @@ }, { "pname": "System.Diagnostics.EventLog", - "version": "9.0.14", - "hash": "sha256-jnBBxxlKnFEC1K5oV0SIfb2xOY5tfRJg7dg+URYrYsA=" + "version": "9.0.16", + "hash": "sha256-5+BaoVjBFX0MoVDsUGqNs+Pu3oIrqksrnT9W7Eqgrww=" }, { "pname": "System.Diagnostics.Tools", @@ -786,8 +786,8 @@ }, { "pname": "System.IO.Pipelines", - "version": "9.0.14", - "hash": "sha256-GWAPzaq4LYwmebixpiTn3TntDt3SjE04/DiFzd5P0Vc=" + "version": "9.0.16", + "hash": "sha256-ySSAdeOwjapOB53Fb3EU0QwLHw1pLCoP2NZ07E8rj7Q=" }, { "pname": "System.Linq", @@ -971,8 +971,8 @@ }, { "pname": "System.Security.Cryptography.Pkcs", - "version": "9.0.14", - "hash": "sha256-jQoOzArEHhUzbJI9GrEKn/EIUYj2KNRt0waZZDC5XaU=" + "version": "9.0.16", + "hash": "sha256-4IJgqiBVvHqLXr2LEC/m2sz4Z1ugU3YECsJHN2jvXqU=" }, { "pname": "System.Security.Cryptography.Primitives", @@ -986,8 +986,8 @@ }, { "pname": "System.Security.Cryptography.ProtectedData", - "version": "9.0.14", - "hash": "sha256-oSzz/P2MujRav0fAEtJ4ahIi8Jc1i0SAXWNPMN2K1Ps=" + "version": "9.0.16", + "hash": "sha256-dzULuNU8/MMI0iZ9k1vS9pU5tgiwn6e7vvzGyxNHZHA=" }, { "pname": "System.Security.Cryptography.X509Certificates", @@ -996,8 +996,8 @@ }, { "pname": "System.Security.Cryptography.Xml", - "version": "9.0.14", - "hash": "sha256-wa2dV3WvK+Bgqk4bRTOL9q4VtGHtoMr1nBuP3qVTpxE=" + "version": "9.0.16", + "hash": "sha256-1KFc+NUWOLCVj+KzrWVcrcL9Ph1roZ5qJuCfetHvQ8Q=" }, { "pname": "System.Security.Principal.Windows", @@ -1011,8 +1011,8 @@ }, { "pname": "System.ServiceProcess.ServiceController", - "version": "9.0.14", - "hash": "sha256-QBGEjsIV+VfL51qGaYo1PlsPHKZ6b71VinvF+2yK1oM=" + "version": "9.0.16", + "hash": "sha256-s7mpGEfvvgw5PzpcQJpMtrPzezPUaeJ81vc0KBM9+/k=" }, { "pname": "System.Text.Encoding", @@ -1021,8 +1021,8 @@ }, { "pname": "System.Text.Encoding.CodePages", - "version": "9.0.14", - "hash": "sha256-N5XNml7+QGIw61HcnntmtyILGWRxGNfJOhsuDFcxL0Q=" + "version": "9.0.16", + "hash": "sha256-llRnK9hMkLkFYP1OLNAfsr7GuIRP2OmbzfrIfCz2xv8=" }, { "pname": "System.Text.Encoding.Extensions", @@ -1036,13 +1036,13 @@ }, { "pname": "System.Text.Encodings.Web", - "version": "9.0.14", - "hash": "sha256-snL0tLOiaom9pNPcbJ25xhq4Kqh66qwZH5s7Zyp32ZY=" + "version": "9.0.16", + "hash": "sha256-Vo9mC4wgTNXc2DGUjhykVuuIJO8gpPTpYQJBsY0X5Rw=" }, { "pname": "System.Text.Json", - "version": "9.0.14", - "hash": "sha256-/y4PuhczVyM4GyC5mfv6NOsUCdfOMQNzr+4Ozch/Jw0=" + "version": "9.0.16", + "hash": "sha256-GF3aOmsHlEjeWg/pkj1yFQktfd4PMNb2jKpMvUADOcQ=" }, { "pname": "System.Text.RegularExpressions", diff --git a/pkgs/by-name/ja/jackett/package.nix b/pkgs/by-name/ja/jackett/package.nix index a18132aa1c88..1c744b328b22 100644 --- a/pkgs/by-name/ja/jackett/package.nix +++ b/pkgs/by-name/ja/jackett/package.nix @@ -12,13 +12,13 @@ buildDotnetModule (finalAttrs: { pname = "jackett"; - version = "0.24.1954"; + version = "0.24.2021"; src = fetchFromGitHub { owner = "jackett"; repo = "jackett"; tag = "v${finalAttrs.version}"; - hash = "sha256-HuMK8nW0PRBmRYUYAr3h/hDkVhUGgQIj+7v60ChuKRw="; + hash = "sha256-/9NDFedtjMholM3Doqt/5hJ+Zw68DJheWNxZ0X+Kvuk="; }; projectFile = "src/Jackett.Server/Jackett.Server.csproj"; diff --git a/pkgs/by-name/lo/lockbook-desktop/package.nix b/pkgs/by-name/lo/lockbook-desktop/package.nix index dbfcaa927b4b..b5ef5e0631f5 100644 --- a/pkgs/by-name/lo/lockbook-desktop/package.nix +++ b/pkgs/by-name/lo/lockbook-desktop/package.nix @@ -18,16 +18,16 @@ let in rustPlatform.buildRustPackage (finalAttrs: { pname = "lockbook-desktop"; - version = "26.5.22"; + version = "26.6.1"; src = fetchFromGitHub { owner = "lockbook"; repo = "lockbook"; tag = finalAttrs.version; - hash = "sha256-KqqiaM0txuZsylbr1+7faTdJINy1sNttT9n/YUpqyCc="; + hash = "sha256-+r5WsaqQr6NlQNWDTQf/tvCh6P5LpFFyyLMTIZw9yis="; }; - cargoHash = "sha256-d4yKch2c1w5gFBjyrYZQT/6lscRi3p05wKiJEIaXhjA="; + cargoHash = "sha256-ybAcG7sCEwZC6FxWx2KhHd1HkhK8wwkGeeLoI/KOXKU="; nativeBuildInputs = [ pkg-config diff --git a/pkgs/by-name/lo/lockbook/package.nix b/pkgs/by-name/lo/lockbook/package.nix index a9e5bb46a7fb..84e6dec01c4d 100644 --- a/pkgs/by-name/lo/lockbook/package.nix +++ b/pkgs/by-name/lo/lockbook/package.nix @@ -12,16 +12,16 @@ let in rustPlatform.buildRustPackage (finalAttrs: { pname = "lockbook"; - version = "26.5.22"; + version = "26.6.1"; src = fetchFromGitHub { owner = "lockbook"; repo = "lockbook"; tag = finalAttrs.version; - hash = "sha256-KqqiaM0txuZsylbr1+7faTdJINy1sNttT9n/YUpqyCc="; + hash = "sha256-+r5WsaqQr6NlQNWDTQf/tvCh6P5LpFFyyLMTIZw9yis="; }; - cargoHash = "sha256-d4yKch2c1w5gFBjyrYZQT/6lscRi3p05wKiJEIaXhjA="; + cargoHash = "sha256-ybAcG7sCEwZC6FxWx2KhHd1HkhK8wwkGeeLoI/KOXKU="; doCheck = false; # there are no cli tests cargoBuildFlags = [ diff --git a/pkgs/by-name/ma/mailpit/source.nix b/pkgs/by-name/ma/mailpit/source.nix index bb8737aef7fe..d08c094b3283 100644 --- a/pkgs/by-name/ma/mailpit/source.nix +++ b/pkgs/by-name/ma/mailpit/source.nix @@ -1,6 +1,6 @@ { - version = "1.30.0"; - hash = "sha256-lUynHDFfbX9BxwTdREbgAMil7S3+vwAl05myzMEWgGQ="; - npmDepsHash = "sha256-snWhjSy9au81bJZwjh/KVvchjEaJJ05HYhyh3V8/Y5g="; - vendorHash = "sha256-LMjS0YxRTvHZ8U10BOST/5Zthqhoi5OxngWWB+2CSeQ="; + version = "1.30.1"; + hash = "sha256-Z/0Lh+2VLB3w4AHNf+imWRgHmarO1MMUmNqrcAVSQ2k="; + npmDepsHash = "sha256-eccYGPIbk98+BtNtBAq4G1z/ymj6HHwacuH6ZktuN0U="; + vendorHash = "sha256-FgwMdvND7DMrYWp9kB2IB+Gjyo1gm1LtLTeC9SfPw9U="; } diff --git a/pkgs/by-name/ol/ollama/package.nix b/pkgs/by-name/ol/ollama/package.nix index cc0520fad3f1..dc4acb7722d8 100644 --- a/pkgs/by-name/ol/ollama/package.nix +++ b/pkgs/by-name/ol/ollama/package.nix @@ -7,7 +7,6 @@ stdenv, addDriverRunpath, nix-update-script, - coreutils, cmake, gitMinimal, @@ -22,6 +21,7 @@ vulkan-tools, vulkan-headers, vulkan-loader, + spirv-headers, shaderc, ccache, @@ -108,6 +108,17 @@ let cudaPath = lib.removeSuffix "-${cudaMajorVersion}" cudaToolkit; + # Since v0.30, llama.cpp is consumed via CMake FetchContent rather than + # vendored in-tree. Pre-stage the pinned commit (read from upstream's + # `LLAMA_CPP_VERSION` file β€” currently `b9509`) so the FetchContent step + # uses our copy instead of trying to clone over the network in the sandbox. + llamaCppSrc = fetchFromGitHub { + owner = "ggml-org"; + repo = "llama.cpp"; + rev = "6f3a9f3dee3c27545371044a3a38005721ac8a8e"; # tag b9509 + hash = "sha256-bO1ucb/+vidj/EYzNCssotjte9NlVLdjC794jToNNeM="; + }; + wrapperOptions = [ # ollama embeds llama-cpp binaries which actually run the ai models # these llama-cpp binaries are unaffected by the ollama binary's DT_RUNPATH @@ -132,25 +143,25 @@ let if enableCuda then buildGoModule.override { stdenv = cudaPackages.backendStdenv; } else if enableRocm then - buildGoModule.override { stdenv = rocmPackages.stdenv; } + buildGoModule.override { inherit (rocmPackages) stdenv; } else if enableVulkan then - buildGoModule.override { stdenv = vulkan-tools.stdenv; } + buildGoModule.override { inherit (vulkan-tools) stdenv; } else buildGoModule; inherit (lib) licenses platforms maintainers; in goBuild (finalAttrs: { pname = "ollama"; - version = "0.24.0"; + version = "0.30.5"; src = fetchFromGitHub { owner = "ollama"; repo = "ollama"; tag = "v${finalAttrs.version}"; - hash = "sha256-cSZtbF0oUI7a++baTipF6OUu+w8tBpILzE0Wm1Y6wUk="; + hash = "sha256-jh/B/FkmAliCVzqc8DGCPYa5+XejE3cFZTzSuRxjPvw="; }; - vendorHash = "sha256-Lc1Ktdqtv2VhJQssk8K1UOimeEjVNvDWePE9WkamCos="; + vendorHash = "sha256-lZdGzGb9xRjTm1Rm7/wHjqM490gLznLEndmb4mNbCX0="; proxyVendor = true; env = @@ -181,6 +192,10 @@ goBuild (finalAttrs: { ] ++ lib.optionals enableVulkan [ ccache + # ggml-vulkan/CMakeLists.txt does `find_package(SPIRV-Headers REQUIRED)` + # at configure time (it builds shader code into the vulkan backend). + # Header-only β€” nativeBuildInputs is the right slot. + spirv-headers ]; buildInputs = @@ -190,39 +205,37 @@ goBuild (finalAttrs: { ++ lib.optionals enableVulkan vulkanLibs; # replace inaccurate version number with actual release version - # and replace core utils tools from their FHS location to nix store postPatch = '' substituteInPlace version/version.go \ --replace-fail 0.0.0 '${finalAttrs.version}' - substituteInPlace cmd/launch/openclaw_test.go \ - --replace-fail '/bin/mkdir' '${coreutils}/bin/mkdir' \ - --replace-fail '/bin/cat' '${coreutils}/bin/cat' \ - --replace-fail '/usr/bin/env' '${coreutils}/bin/env' \ - --replace-fail '/usr/bin/sort' '${coreutils}/bin/sort' \ - --replace-fail '/bin/chmod' '${coreutils}/bin/chmod' - substituteInPlace cmd/launch/hermes_test.go \ - --replace-fail '/bin/mkdir' '${coreutils}/bin/mkdir' \ - --replace-fail '/bin/cat' '${coreutils}/bin/cat' \ - --replace-fail '/bin/chmod' '${coreutils}/bin/chmod' - substituteInPlace cmd/launch/kimi_test.go \ - --replace-fail '/bin/mkdir' '${coreutils}/bin/mkdir' \ - --replace-fail '/bin/cat' '${coreutils}/bin/cat' \ - --replace-fail '/bin/chmod' '${coreutils}/bin/chmod' + + # cmd/launch/*_test.go are integration tests for user-facing CLI + # launchers (claude, qwen, cline, codex, kimi, droid, openclaw, hermes, + # …) that install the target binary via npm and then exec it on PATH. + # Both prerequisites are unavailable in the nix sandbox, so the launch + # subpackage's tests can't pass here. Drop them. + rm cmd/launch/*_test.go + rm -r app - '' - # disable tests that fail in sandbox due to Metal init failure - + lib.optionalString stdenv.hostPlatform.isDarwin '' - rm ml/backend/ggml/ggml_test.go - rm ml/nn/pooling/pooling_test.go - rm model/models/nemotronh/model_omni_test.go + + # Pre-stage llama.cpp for the FetchContent step and apply Ollama's + # compat patch. When FETCHCONTENT_SOURCE_DIR_LLAMA_CPP is set, neither + # `cmake/local.cmake` nor `llama/server/CMakeLists.txt` auto-applies + # the patch (the parent's ExternalProject_Add passes + # OLLAMA_LLAMA_CPP_SKIP_COMPAT_PATCH=ON to the child build) β€” the + # caller has to. The apply-patch.cmake script is idempotent so this + # is safe to re-run. + cp -r ${llamaCppSrc} $TMPDIR/llama-cpp-src + chmod -R +w $TMPDIR/llama-cpp-src + ( cd $TMPDIR/llama-cpp-src && \ + cmake -DPATCH_DIR=$NIX_BUILD_TOP/source/llama/compat \ + -P $NIX_BUILD_TOP/source/llama/compat/apply-patch.cmake ) ''; - overrideModAttrs = ( - finalAttrs: prevAttrs: { - # don't run llama.cpp build in the module fetch phase - preBuild = ""; - } - ); + overrideModAttrs = _: _: { + # don't run llama.cpp build in the module fetch phase + preBuild = ""; + }; preBuild = let @@ -236,20 +249,77 @@ goBuild (finalAttrs: { cudaArchitectures = builtins.concatStringsSep ";" (map removeSMPrefix cudaArches); rocmTargets = builtins.concatStringsSep ";" rocmGpuTargets; + # Since 0.30, Ollama splits the llama.cpp build into per-accelerator + # "runners" gated by OLLAMA_LLAMA_BACKENDS. Without setting it the + # build silently produces only the CPU runner β€” ollama-cuda would + # ship without `libggml-cuda.so` and fall back to CPU at runtime. + # The accepted values map to cmake/local.cmake's elseif chain + # (cuda_v12 / cuda_v13 / rocm_v7_1 / rocm_v7_2 / vulkan / cuda_jetpack*). + rocmMajorVersion = lib.versions.major rocmPackages.clr.version; + rocmMinorVersion = lib.versions.minor rocmPackages.clr.version; + llamaBackend = + if enableCuda then + "cuda_v${cudaMajorVersion}" + else if enableRocm then + "rocm_v${rocmMajorVersion}_${rocmMinorVersion}" + else if enableVulkan then + "vulkan" + else + ""; + cmakeFlagsCudaArchitectures = lib.optionalString enableCuda "-DCMAKE_CUDA_ARCHITECTURES='${cudaArchitectures}'"; cmakeFlagsRocmTargets = lib.optionalString enableRocm "-DAMDGPU_TARGETS='${rocmTargets}'"; + cmakeFlagsBackend = lib.optionalString ( + llamaBackend != "" + ) "-DOLLAMA_LLAMA_BACKENDS=${llamaBackend}"; in '' + ${lib.optionalString enableVulkan '' + # Ollama builds each per-accelerator llama.cpp runner via + # cmake/local.cmake's ExternalProject_Add(ollama-llama-server-vulkan …). + # Two things need to cross the parent β†’ child boundary: + # + # 1. The SPIRV-Headers cmake config β€” so `find_package(SPIRV-Headers + # REQUIRED)` at ggml-vulkan/CMakeLists.txt:14 succeeds in the + # child. CMAKE_PREFIX_PATH as a flag wouldn't propagate; as env + # var it does. + # 2. The SPIRV-Headers include directory in the compile env. The + # ggml-vulkan target's `target_link_libraries(... Vulkan::Vulkan)` + # notably does NOT link `SPIRV-Headers::SPIRV-Headers`, so the + # interface include directory the cmake config exports never + # flows into the compile commands β€” even though the find_package + # call succeeded. `#include ` then + # fails at compile time. Patching upstream's CMakeLists for + # one missing link line is fragile across llama.cpp pins; + # NIX_CFLAGS_COMPILE forces the include path globally and + # survives version bumps. + export CMAKE_PREFIX_PATH="${spirv-headers}''${CMAKE_PREFIX_PATH:+:$CMAKE_PREFIX_PATH}" + export NIX_CFLAGS_COMPILE="-isystem ${spirv-headers}/include $NIX_CFLAGS_COMPILE" + ''} cmake -B build \ -DCMAKE_SKIP_BUILD_RPATH=ON \ -DCMAKE_BUILD_WITH_INSTALL_RPATH=ON \ + -DFETCHCONTENT_SOURCE_DIR_LLAMA_CPP="$TMPDIR/llama-cpp-src" \ ${cmakeFlagsCudaArchitectures} \ ${cmakeFlagsRocmTargets} \ + ${cmakeFlagsBackend} cmake --build build -j $NIX_BUILD_CORES ''; + # The llama.cpp sub-build is driven by ExternalProject_Add and does + # not inherit the parent's CMAKE_SKIP_BUILD_RPATH setting, so its + # `.so` payloads end up with build-dir entries in RPATH. Drop them + # before the forbidden-references check. $ORIGIN is preserved + # unconditionally; only absolute /nix/store entries are kept. + # ELF-only (patchelf doesn't know Mach-O); darwin builds Mach-O dylibs + # that don't carry the build-dir RPATH problem in the first place. + preFixup = lib.optionalString stdenv.hostPlatform.isLinux '' + find $out/lib/ollama -type f \( -name '*.so' -o -name '*.so.*' \) \ + -exec patchelf --shrink-rpath --allowed-rpath-prefixes /nix/store {} + + ''; + # ollama looks for acceleration libs in ../lib/ollama/ (now also for CPU-only with arch specific optimizations) # https://github.com/ollama/ollama/blob/v0.21.1/docs/development.md#library-detection postInstall = '' diff --git a/pkgs/by-name/pi/pixelfed/package.nix b/pkgs/by-name/pi/pixelfed/package.nix index d2343eb3150a..8270d35c6b73 100644 --- a/pkgs/by-name/pi/pixelfed/package.nix +++ b/pkgs/by-name/pi/pixelfed/package.nix @@ -7,19 +7,21 @@ dataDir ? "/var/lib/pixelfed", runtimeDir ? "/run/pixelfed", }: - -php.buildComposerProject2 (finalAttrs: { +let + php' = php.withExtensions ({ enabled, all }: enabled ++ (with all; [ ffi ])); +in +php'.buildComposerProject2 (finalAttrs: { pname = "pixelfed"; - version = "0.12.6"; + version = "0.12.7"; src = fetchFromGitHub { owner = "pixelfed"; repo = "pixelfed"; tag = "v${finalAttrs.version}"; - hash = "sha256-FxJWoFNyIGQ6o9g2Q0/jaBMyeH8UnbTgha2goHAurvY="; + hash = "sha256-Ay1WJWEPwzeTtScaj+g72lsoWODeHWtjnQT5aa6epbU="; }; - vendorHash = "sha256-4x+vvkQUhqxBwm+9Lx7n6Ww6qvfLwqd8IXXCuCSAijE="; + vendorHash = "sha256-RNJzvWrKfxr2uBFtc05N1pUfBmvy01JiJHMWgtJ01pA="; postInstall = '' chmod -R u+w $out/share diff --git a/pkgs/by-name/pr/prometheus-redis-exporter/package.nix b/pkgs/by-name/pr/prometheus-redis-exporter/package.nix index 00f6faa48878..a1240e786442 100644 --- a/pkgs/by-name/pr/prometheus-redis-exporter/package.nix +++ b/pkgs/by-name/pr/prometheus-redis-exporter/package.nix @@ -10,16 +10,16 @@ buildGoModule rec { pname = "redis_exporter"; - version = "1.84.0"; + version = "1.85.0"; src = fetchFromGitHub { owner = "oliver006"; repo = "redis_exporter"; rev = "v${version}"; - sha256 = "sha256-0GxPPtZh7qJO1jQ5Q+ED8cJK0kbn/Q7DuXLihWd67gg="; + sha256 = "sha256-04LDNXHaVADvcH3CLVYnFXnLPvBPqjGIBls2KeHHdlY="; }; - vendorHash = "sha256-O2koMGh9/1UWtV5arH3S/7b6q33P4Yv+xgPthTtZsLg="; + vendorHash = "sha256-muGgriK1DDkKk4DOWf7m+W6/qquwYwqgTOzyNGbjV+U="; ldflags = [ "-X main.BuildVersion=${version}" diff --git a/pkgs/by-name/pr/proton-authenticator/package.nix b/pkgs/by-name/pr/proton-authenticator/package.nix index afadfbc8117e..55d5b45ec707 100644 --- a/pkgs/by-name/pr/proton-authenticator/package.nix +++ b/pkgs/by-name/pr/proton-authenticator/package.nix @@ -11,11 +11,11 @@ stdenvNoCC.mkDerivation (finalAttrs: { pname = "proton-authenticator"; - version = "1.1.4"; + version = "1.1.5"; src = fetchurl { url = "https://proton.me/download/authenticator/linux/ProtonAuthenticator_${finalAttrs.version}_amd64.deb"; - hash = "sha256-SoTeqnYDMgCoWLGaQZXaHiRKGreFn7FPSz5C0O88uWM="; + hash = "sha256-y6VXzytstYBXdmujDWASC8AShQPkr+tNtoynGk0l3hg="; }; dontConfigure = true; @@ -47,7 +47,10 @@ stdenvNoCC.mkDerivation (finalAttrs: { description = "Two-factor authentication manager with optional sync"; homepage = "https://proton.me/authenticator"; license = lib.licenses.unfree; # source not yet published - maintainers = with lib.maintainers; [ felschr ]; + maintainers = with lib.maintainers; [ + felschr + pbek + ]; platforms = [ "x86_64-linux" ]; sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; mainProgram = "proton-authenticator"; diff --git a/pkgs/by-name/re/reaction/nftables-aarch64-linux-compat.patch b/pkgs/by-name/re/reaction/nftables-aarch64-linux-compat.patch deleted file mode 100644 index bd25eb2122a4..000000000000 --- a/pkgs/by-name/re/reaction/nftables-aarch64-linux-compat.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 94fafae651077be5e7a6dfd29fc06327a2f218ed Mon Sep 17 00:00:00 2001 -From: ppom -Date: Thu, 28 May 2026 12:00:00 +0200 -Subject: [PATCH] nftables: fix compilation on aarch64-linux - ---- - plugins/reaction-plugin-nftables/src/nft.rs | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/plugins/reaction-plugin-nftables/src/nft.rs b/plugins/reaction-plugin-nftables/src/nft.rs -index c234f77..2ac49df 100644 ---- a/plugins/reaction-plugin-nftables/src/nft.rs -+++ b/plugins/reaction-plugin-nftables/src/nft.rs -@@ -1,5 +1,6 @@ - use std::{ - ffi::{CStr, CString}, -+ os::raw::c_char, - thread, - }; - -@@ -71,7 +72,7 @@ struct NftCommand { - ret: oneshot::Sender>, - } - --fn to_rust_string(c_ptr: *const i8) -> Option { -+fn to_rust_string(c_ptr: *const c_char) -> Option { - if c_ptr.is_null() { - None - } else { --- -GitLab - - diff --git a/pkgs/by-name/re/reaction/package.nix b/pkgs/by-name/re/reaction/package.nix index 4515bdc356dc..63a9af69be40 100644 --- a/pkgs/by-name/re/reaction/package.nix +++ b/pkgs/by-name/re/reaction/package.nix @@ -4,7 +4,6 @@ callPackage, rustPlatform, fetchFromGitLab, - fetchpatch, versionCheckHook, installShellFiles, @@ -14,22 +13,17 @@ }: rustPlatform.buildRustPackage (finalAttrs: { pname = "reaction"; - version = "2.4.0"; + version = "2.4.1"; src = fetchFromGitLab { domain = "framagit.org"; owner = "ppom"; repo = "reaction"; tag = "v${finalAttrs.version}"; - hash = "sha256-Y6scgbcwhg56SQ1DefNtdja+n89Gc5bJUHKHKn2EYwQ="; + hash = "sha256-1+kliU3TfXhAz/vRh/UamTdcv8UIXrcF1q+Qy1jsjD4="; }; - patches = [ - # nftables: fix compilation on aarch64-linux; remove in 2.4.1 - ./nftables-aarch64-linux-compat.patch - ]; - - cargoHash = "sha256-NAcMpASvphAqjBjbAPWLG5qZbSgdaFC3GvU25exCS3g="; + cargoHash = "sha256-FQCYCSKk8SLO2ddM6hklUuTvSK7+4dElaNQ3ZNnci3M="; nativeBuildInputs = [ installShellFiles ]; diff --git a/pkgs/by-name/ro/root/package.nix b/pkgs/by-name/ro/root/package.nix index f2fae91697c3..0d2aae4a19e1 100644 --- a/pkgs/by-name/ro/root/package.nix +++ b/pkgs/by-name/ro/root/package.nix @@ -51,6 +51,7 @@ patchRcPathPosix, onetbb, xrootd, + freetype, }: stdenv.mkDerivation (finalAttrs: { @@ -117,7 +118,10 @@ stdenv.mkDerivation (finalAttrs: { zlib zstd ] - ++ lib.optionals stdenv.hostPlatform.isDarwin [ apple-sdk.privateFrameworksHook ] + ++ lib.optionals stdenv.hostPlatform.isDarwin [ + apple-sdk.privateFrameworksHook + freetype + ] ++ lib.optionals (!stdenv.hostPlatform.isDarwin) [ libGLU libGL @@ -138,11 +142,6 @@ stdenv.mkDerivation (finalAttrs: { patchShebangs cmake/unix/ '' - + lib.optionalString stdenv.hostPlatform.isDarwin '' - # Eliminate impure reference to /System/Library/PrivateFrameworks - substituteInPlace core/macosx/CMakeLists.txt \ - --replace-fail "-F/System/Library/PrivateFrameworks " "" - '' + lib.optionalString (stdenv.hostPlatform.isDarwin && lib.versionAtLeast stdenv.hostPlatform.darwinMinVersion "11") diff --git a/pkgs/by-name/sc/scaleway-cli/package.nix b/pkgs/by-name/sc/scaleway-cli/package.nix index 5e34f86fd9ff..82e8cb1aca03 100644 --- a/pkgs/by-name/sc/scaleway-cli/package.nix +++ b/pkgs/by-name/sc/scaleway-cli/package.nix @@ -43,6 +43,16 @@ buildGo126Module (finalAttrs: { nativeInstallCheckInputs = [ versionCheckHook ]; nativeCheckInputs = [ writableTmpDirAsHomeHook ]; + checkFlags = [ + # This subtest hardcodes a go-humanize relative-time string ("35 years ago") + # for a fixed 1990 date instead of computing it, so it breaks once enough + # wall-clock time passes (now "36 years ago"). go-humanize truncates the + # elapsed time by a fixed 360-day year (Year = 12*Month, Month = 30*Day), so + # diff/Year rolled 35 -> 36 on 2026-05-12. Upstream keeps bumping the + # literal by hand rather than fixing it, so skip the time-dependent subtest. + "-skip=^TestMarshal/structWithMapsInSection$" + ]; + postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' $out/bin/scw autocomplete script basename=scw shell=bash >scw.bash $out/bin/scw autocomplete script basename=scw shell=fish >scw.fish diff --git a/pkgs/by-name/si/signal-desktop/dont-assert-unicode-17-emoji.patch b/pkgs/by-name/si/signal-desktop/dont-assert-unicode-17-emoji.patch new file mode 100644 index 000000000000..a39494ca8271 --- /dev/null +++ b/pkgs/by-name/si/signal-desktop/dont-assert-unicode-17-emoji.patch @@ -0,0 +1,12 @@ +diff --git a/scripts/generate-emoji-data.mjs b/scripts/generate-emoji-data.mjs +index 85fd8d484..23ca0bb72 100644 +--- a/scripts/generate-emoji-data.mjs ++++ b/scripts/generate-emoji-data.mjs +@@ -207,7 +207,6 @@ for (const emojiSrc of SRC_EMOJIS_SORTED) { + } + + const emoji = encodeUnified(emojiSrc.unified); +- assert(isEmoji(emoji), 'Unexpected invalid emoji'); + + if (isDeprecated(emoji)) { + continue; // drop deprecated emoji diff --git a/pkgs/by-name/si/signal-desktop/libsignal-node.nix b/pkgs/by-name/si/signal-desktop/libsignal-node.nix index 3fa296abd8ac..5bca80dff986 100644 --- a/pkgs/by-name/si/signal-desktop/libsignal-node.nix +++ b/pkgs/by-name/si/signal-desktop/libsignal-node.nix @@ -15,23 +15,23 @@ }: rustPlatform.buildRustPackage (finalAttrs: { pname = "libsignal-node"; - version = "0.92.2"; + version = "0.94.1"; src = fetchFromGitHub { owner = "signalapp"; repo = "libsignal"; tag = "v${finalAttrs.version}"; - hash = "sha256-7VimtFjobM2EQl0cV0K1EIPeV015e+00ljfAfM4KNJI="; + hash = "sha256-re9IAC0R2QOIjyOLUjdaJw/TgDA4JT1nhtOskE5A0FQ="; }; - cargoHash = "sha256-HBrg//iKNo5/TuVtf9NuVbAyrhul2VVXwC0an7jGEgs="; + cargoHash = "sha256-EVwIRUJ8SmajjocZj3dAHkTiR7Q78m/lf+4qls/oZAM="; npmRoot = "node"; npmDeps = fetchNpmDeps { name = "${finalAttrs.pname}-npm-deps"; inherit (finalAttrs) version src; sourceRoot = "${finalAttrs.src.name}/${finalAttrs.npmRoot}"; - hash = "sha256-BV5E898u07LLoUVMVRJCHKhp4OJJl2fc5973n16T51k="; + hash = "sha256-bEQb+36IB+kXSbIkAFDpeIXWeHoQoIIiHo9q5AbaTio="; }; nativeBuildInputs = [ diff --git a/pkgs/by-name/si/signal-desktop/package.nix b/pkgs/by-name/si/signal-desktop/package.nix index 6f3500f6e60e..d84055a39297 100644 --- a/pkgs/by-name/si/signal-desktop/package.nix +++ b/pkgs/by-name/si/signal-desktop/package.nix @@ -40,13 +40,13 @@ let webrtc = callPackage ./webrtc.nix { }; ringrtc = callPackage ./ringrtc.nix { inherit webrtc; }; - version = "8.9.1"; + version = "8.13.0"; src = fetchFromGitHub { owner = "signalapp"; repo = "Signal-Desktop"; tag = "v${version}"; - hash = "sha256-HXxIjCVGh3JFAj0UUEAvmVnm7jMZdxRqWDILRDFCGw4="; + hash = "sha256-gOYnjNCjI1eNVzcb7sx0XDXbhrAdvlgsZQaRuyBXpwI="; # Emoji font files will be added in `postFetch` if `withAppleEmojis` is enabled. They # are fetched separately below. postFetch = '' @@ -114,16 +114,10 @@ stdenv.mkDerivation (finalAttrs: { ]; patches = [ - # Custom fonts currently don't work on windows other than the main one, - # which causes some of the text to look messed up. We want to include - # this patch since we are overriding the emoji font by default. - # Upstream PR: https://github.com/signalapp/Signal-Desktop/pull/7864 - # This patch can be removed after `v8.11.0`. - (fetchpatch { - url = "https://github.com/signalapp/Signal-Desktop/commit/52ecd0d931e6071da79b016d2af1f508167b2a98.patch"; - hash = "sha256-dtc0bwv9aLz92j5Zfm/SREWtQ43ljXN9Vm2VkeDbAx8="; - }) ./force-90-days-expiration.patch + + # Drop once https://github.com/NixOS/nixpkgs/pull/520553 and https://github.com/NixOS/nixpkgs/pull/525241 land. + ./dont-assert-unicode-17-emoji.patch ] ++ lib.optional (!withAppleEmojis) ( # Signal ships the Apple emoji set without a licence and upstream @@ -180,13 +174,13 @@ stdenv.mkDerivation (finalAttrs: { ; inherit pnpm; fetcherVersion = 3; - hash = "sha256-ls7DYPI5Dq06KI7WCdEkKHPsHTMJ3kO0qJDZsHZQHBQ="; + hash = "sha256-3EEeHmtOAdcm2Q3eNUEl2RbTFRB4YBKcZLFtEmwbVOk="; }; env = { ELECTRON_SKIP_BINARY_DOWNLOAD = "1"; SIGNAL_ENV = "production"; - SOURCE_DATE_EPOCH = 1778260300; + SOURCE_DATE_EPOCH = 1780508208; } // lib.optionalAttrs stdenv.hostPlatform.isDarwin { # Disable code signing during local macOS builds. diff --git a/pkgs/by-name/si/signal-desktop/replace-apple-emoji-with-noto-emoji.patch b/pkgs/by-name/si/signal-desktop/replace-apple-emoji-with-noto-emoji.patch index 402bc4cb9b00..6cc74744b76c 100644 --- a/pkgs/by-name/si/signal-desktop/replace-apple-emoji-with-noto-emoji.patch +++ b/pkgs/by-name/si/signal-desktop/replace-apple-emoji-with-noto-emoji.patch @@ -37,7 +37,7 @@ index d9f558cd4..45a42ecd1 100644 $largeEmojiFont: 'asset:///optional-fonts/emoji-large.woff2'; diff --git a/stylesheets/components/fun/FunEmoji.scss b/stylesheets/components/fun/FunEmoji.scss -index f96218420..612538cd3 100644 +index bb1464cd6..efbeca91e 100644 --- a/stylesheets/components/fun/FunEmoji.scss +++ b/stylesheets/components/fun/FunEmoji.scss @@ -8,14 +8,12 @@ @@ -54,8 +54,8 @@ index f96218420..612538cd3 100644 - content-visibility: auto; vertical-align: top; letter-spacing: inherit; - -@@ -24,15 +22,6 @@ + font-style: normal; +@@ -25,15 +23,6 @@ color: hsl(from currentColor h s l / 100%); } @@ -71,7 +71,7 @@ index f96218420..612538cd3 100644 .FunStaticEmoji--Blot { display: inline-flex; margin-bottom: round(-0.4em + 3px, 1px); -@@ -133,7 +122,6 @@ $inline-emoji-container-name: inline-emoji; +@@ -134,7 +123,6 @@ $inline-emoji-container-name: inline-emoji; .FunInlineEmoji { z-index: 0; @@ -79,20 +79,20 @@ index f96218420..612538cd3 100644 container: $inline-emoji-container-name / inline-size; display: inline-block; flex: none; -@@ -142,8 +130,7 @@ $inline-emoji-container-name: inline-emoji; +@@ -143,8 +131,7 @@ $inline-emoji-container-name: inline-emoji; font-size: var(--fun-inline-emoji-size, round(1.4em, 1px)); line-height: var(--fun-inline-emoji-size, round(1em, 1px)); letter-spacing: inherit; - content-visibility: auto; - vertical-align: bottom; + vertical-align: text-bottom; + font-style: normal; + color: hsl(from currentColor h s l / 100%); } - - .FunInlineEmoji__Image { -@@ -170,26 +157,6 @@ $inline-emoji-container-name: inline-emoji; - @container #{$inline-emoji-container-name} (width > 64px) { - display: none; - } +@@ -169,26 +156,6 @@ $inline-emoji-container-name: inline-emoji; + // Inline-block so copying multiple emoji does not insert newlines around + // each one in the clipboard plain-text serialization. + display: inline-block; - - // Emoji font images are slightly higher than optical center - @container #{$inline-emoji-container-name} (width > 16px) { @@ -117,18 +117,18 @@ index f96218420..612538cd3 100644 .FunInlineEmoji__Jumbo { diff --git a/ts/components/fun/FunEmoji.dom.tsx b/ts/components/fun/FunEmoji.dom.tsx -index 853f8b7cd..f4589f735 100644 +index dd022bbc6..d517f3cb4 100644 --- a/ts/components/fun/FunEmoji.dom.tsx +++ b/ts/components/fun/FunEmoji.dom.tsx -@@ -31,12 +31,6 @@ function getEmojiJumboUrl( - emoji: EmojiVariantData, +@@ -21,12 +21,6 @@ function getEmojiJumboUrl( + emoji: Emoji.Variant, size: number | undefined ): string | null { - if (size != null && size < MIN_JUMBOMOJI_SIZE) { - return null; - } -- if (KNOWN_JUMBOMOJI.has(emoji.value)) { -- return `emoji://jumbo?emoji=${encodeURIComponent(emoji.value)}`; +- if (KNOWN_JUMBOMOJI.has(emoji)) { +- return `emoji://jumbo?emoji=${encodeURIComponent(emoji)}`; - } return null; } diff --git a/pkgs/by-name/si/signal-desktop/ringrtc.nix b/pkgs/by-name/si/signal-desktop/ringrtc.nix index ed31d48cbff6..a3e26f4cab83 100644 --- a/pkgs/by-name/si/signal-desktop/ringrtc.nix +++ b/pkgs/by-name/si/signal-desktop/ringrtc.nix @@ -19,16 +19,16 @@ let in rustPlatform.buildRustPackage (finalAttrs: { pname = "ringrtc"; - version = "2.67.0"; + version = "2.69.0"; src = fetchFromGitHub { owner = "signalapp"; repo = "ringrtc"; tag = "v${finalAttrs.version}"; - hash = "sha256-jwLJVq3lkb7HtVigji/1ZKnyaIxyCj+fWCsKe9CjCCM="; + hash = "sha256-KQ/zAyj9caArZvl8SwMFfRcye1IzPoChjnYA0A8GcWw="; }; - cargoHash = "sha256-X/y2923IBF+ajTyjM4SX9FvkAFiyCYSGnVRYHGKgHko="; + cargoHash = "sha256-DlRAPFluKdfU1YutDNQbAEF95aydd+duc6T2hqYWwGQ="; preConfigure = '' # Check for matching webrtc version diff --git a/pkgs/by-name/si/signal-desktop/signal-sqlcipher.nix b/pkgs/by-name/si/signal-desktop/signal-sqlcipher.nix index a55faadb62c7..4b3a7dfc07c0 100644 --- a/pkgs/by-name/si/signal-desktop/signal-sqlcipher.nix +++ b/pkgs/by-name/si/signal-desktop/signal-sqlcipher.nix @@ -15,13 +15,13 @@ }: stdenv.mkDerivation (finalAttrs: { pname = "node-sqlcipher"; - version = "3.2.1"; + version = "3.3.5"; src = fetchFromGitHub { owner = "signalapp"; repo = "node-sqlcipher"; tag = "v${finalAttrs.version}"; - hash = "sha256-lkSQXiplkY5sBpHsAhW4odWe+MCalAo100EL7h4VKbg="; + hash = "sha256-RzuyUx0WEG8j8HwV5cepVJIeqYzJpNemFNtB+9NETto="; }; pnpmDeps = fetchPnpmDeps { @@ -66,8 +66,10 @@ stdenv.mkDerivation (finalAttrs: { installPhase = '' runHook preInstall + mkdir $out cp -r dist $out cp -r prebuilds $out + cp package.json $out runHook postInstall ''; diff --git a/pkgs/by-name/si/signal-desktop/webrtc-sources.json b/pkgs/by-name/si/signal-desktop/webrtc-sources.json index a7f5706c995c..8033f49cabf0 100644 --- a/pkgs/by-name/si/signal-desktop/webrtc-sources.json +++ b/pkgs/by-name/si/signal-desktop/webrtc-sources.json @@ -1,25 +1,25 @@ { "src": { "args": { - "hash": "sha256-Q5o9fezL7E2J6rn3YxHTtrImCkMTFQL6H+T12d1QOik=", + "hash": "sha256-TsVGiR9qXq6AmvPETkCQP7BGgO21/SUwZJZrSXlj7p8=", "owner": "signalapp", "repo": "webrtc", - "tag": "7444h" + "tag": "7680g" }, "fetcher": "fetchFromGitHub" }, "src/build": { "args": { - "hash": "sha256-UHTiL6tMDu/rhSmfy89QQPwEEdU2kS0IaYBhWKKJ4Yo=", - "rev": "045565e91c7360951bddbd0618a20ea59cdd31f3", + "hash": "sha256-ZPEL0Oy07aAd/qtboCcbD7t55f4EzHiOnE3fiVkZE3Q=", + "rev": "a37e61dc22fd633ab32146e7000068a57a2864ff", "url": "https://chromium.googlesource.com/chromium/src/build" }, "fetcher": "fetchFromGitiles" }, "src/buildtools": { "args": { - "hash": "sha256-OOCCh0pSzUPpjlaceYIR2VGQ66eAqUAv8x7kgDfBD/0=", - "rev": "3e6e75d1961a90054ee0e3030ee66b6a04164c10", + "hash": "sha256-wR2qwqxiRmInKzQiVIiZ13SNKuY5k+aJ+dxKAWV1zdo=", + "rev": "6a18683f555b4ac8b05ac8395c29c84483ac9588", "url": "https://chromium.googlesource.com/chromium/src/buildtools" }, "fetcher": "fetchFromGitiles" @@ -35,40 +35,40 @@ }, "src/testing": { "args": { - "hash": "sha256-UT4DGNjd+F6liecGeXDwS5Zast4ZriOinbrXAqd96ks=", - "rev": "c030c132cbab406942fb208b7180f8846aa4abf1", + "hash": "sha256-cE8uCDkhkzFjrEJ3ccXq5H45WJ3wvmirLeeSymnR8bk=", + "rev": "b887106bc278bb2a49e21f3a0ab2019574e7e47a", "url": "https://chromium.googlesource.com/chromium/src/testing" }, "fetcher": "fetchFromGitiles" }, "src/third_party": { "args": { - "hash": "sha256-qxIivQe2O9L6N5T5RpjtdSXvEFQ4CDZtMSounS8iixw=", - "rev": "de738129ebb915bbe34cdf06520c7050ef8aa9d9", + "hash": "sha256-fSsA88V0cv/hAJEZJ7p+RnrnkceLMZCa+XaP+1awo9M=", + "rev": "e43b96b7a65dd3f45f066983061e6f8b2f3a112d", "url": "https://chromium.googlesource.com/chromium/src/third_party" }, "fetcher": "fetchFromGitiles" }, "src/third_party/boringssl/src": { "args": { - "hash": "sha256-yGBxpmWrFURe3gziO3en5ZKs9wAup8XEwHhzq+cKVu8=", - "rev": "db638238d29708a20b991af3b2488e45a8bbcf71", + "hash": "sha256-4eCoRVe47hZ6hc3gXgBS1gY64d+sPqeI08hNMh6JkUY=", + "rev": "305bcfce00b189f2297f53365b0454f96009927d", "url": "https://boringssl.googlesource.com/boringssl.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/breakpad/breakpad": { "args": { - "hash": "sha256-jGdQyM3+p3qt+Hjt44Wpg7XKiUt7kz9Lv1xRG7vp+dM=", - "rev": "a1220f673dc44632e821bd1a217089e5a159a203", + "hash": "sha256-dtuBGcYwwaqSKiW7ASFveAeJqcdnFLeU97ip8D786/Q=", + "rev": "79099fdf668ae097c9eca7052fd5c4c5de6c9098", "url": "https://chromium.googlesource.com/breakpad/breakpad.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/catapult": { "args": { - "hash": "sha256-Is8yDmTyNyseTBPIDwIlhRthqfkFPgQIvu3b6u5c0m0=", - "rev": "04c85a1d0e324464c6be4b3d193b47cb6177d03a", + "hash": "sha256-Buh+Ixx8CTqBb0vuu/Fnv6fx15lPMOatYGPAgQ0aWEI=", + "rev": "39805a224bb6c6e80e403a4ebe9a150c7ca0b4d1", "url": "https://chromium.googlesource.com/catapult.git" }, "fetcher": "fetchFromGitiles" @@ -83,8 +83,8 @@ }, "src/third_party/clang-format/script": { "args": { - "hash": "sha256-d9uweklBffiuCWEb03ti1eFLnMac2qRtvggzXY1n/RU=", - "rev": "37f6e68a107df43b7d7e044fd36a13cbae3413f2", + "hash": "sha256-f+BbQ6xIubloSzx/MhPSZ8ymCskmS+9+epDGtPjZqXc=", + "rev": "c2725e0622e1a86d55f14514f2177a39efea4a0e", "url": "https://chromium.googlesource.com/external/github.com/llvm/llvm-project/clang/tools/clang-format.git" }, "fetcher": "fetchFromGitiles" @@ -99,16 +99,16 @@ }, "src/third_party/compiler-rt/src": { "args": { - "hash": "sha256-MHamj1BEwae6pohqjrMULEp2hrh8+jGDxNgYbzqtGK0=", - "rev": "dbef1a89100395f128231024d0c07e4dcfe72140", + "hash": "sha256-7Jnb0tzi0SkS9vL7VurdTk6Igz5I8ol4H4nRqcZ2+O0=", + "rev": "d606e955eec3d4fb0bf831dea336c3b24cba2f27", "url": "https://chromium.googlesource.com/external/github.com/llvm/llvm-project/compiler-rt.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/cpuinfo/src": { "args": { - "hash": "sha256-JW83AgI1cWv4TSpXNe9sv/hNYAA7MOdUeTHY8+0lHgc=", - "rev": "877328f188a3c7d1fa855871a278eb48d530c4c0", + "hash": "sha256-eXrfeFK0ADKAYoy/vESv7nQnH0oGpeZKlX8XEqPQspo=", + "rev": "84818a41e074779dbb00521a4731d3e14160ff15", "url": "https://chromium.googlesource.com/external/github.com/pytorch/cpuinfo.git" }, "fetcher": "fetchFromGitiles" @@ -123,24 +123,24 @@ }, "src/third_party/dav1d/libdav1d": { "args": { - "hash": "sha256-dPVDZ4SyrHWsRWERUl6UKbbdUG/5dC/UTte6sItMYxg=", - "rev": "af5cf2b1e7f03d6f6de84477e1ca8eed1f3eb03d", + "hash": "sha256-E3da/LJ8HNy1osExmupovqnL8JHgVNzPUCG5F8TJKXQ=", + "rev": "b546257f770768b2c88258c533da38b91a06f737", "url": "https://chromium.googlesource.com/external/github.com/videolan/dav1d.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/depot_tools": { "args": { - "hash": "sha256-oL/WjK90HWqtyE0sJhDUp3UxlC8jr4dZfp+Q80xu3sM=", - "rev": "675a3a9ccd7cf9367bb4caa58c30f08b56d45ef5", + "hash": "sha256-RsmH8kxnmzOKsrfmDqULDeQsvRr1l+p8ZE1a4bPLVLs=", + "rev": "9fd48a305e18b9bbaf61734557ce2c46497192b3", "url": "https://chromium.googlesource.com/chromium/tools/depot_tools.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/eigen3/src": { "args": { - "hash": "sha256-ZXDzAuvTu46YhieLIQ7MSQ0os+v2RF+KBtFuKU9fCWE=", - "rev": "430e35fbd15d3c946d2d2ba19ec41c16ba217cb3", + "hash": "sha256-GpuSoq887Z1qGKsc4+Vz8X+Sx40P6UnWhaQgrmigkdQ=", + "rev": "afb43805349cf1cbec0083d94256bb8f72cbc53b", "url": "https://chromium.googlesource.com/external/gitlab.com/libeigen/eigen.git" }, "fetcher": "fetchFromGitiles" @@ -155,24 +155,24 @@ }, "src/third_party/ffmpeg": { "args": { - "hash": "sha256-ZeFzrCE9LkDcp3VTMJkm5ypX29RGZCyZkp3tEr7yFKU=", - "rev": "9e751092c9498b84bbb77e2e0689ef9f50fe608f", + "hash": "sha256-LphjwzqsrvAOzd+O+lJ/gGfaWuX4h2/UrRC694ftwSs=", + "rev": "9e588ab02e16326026aa61cc3b6515da20520cec", "url": "https://chromium.googlesource.com/chromium/third_party/ffmpeg.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/flatbuffers/src": { "args": { - "hash": "sha256-u5AVjbep3iWwGNXLrkPJUnF8SbmIXlHOYoy3NIlUl/E=", - "rev": "1c514626e83c20fffa8557e75641848e1e15cd5e", + "hash": "sha256-gV1hn1iHI7knFEXy3Oii97mLRZYJUBiBlTh6/sqOoXg=", + "rev": "a86afae9399bbe631d1ea0783f8816e780e236cc", "url": "https://chromium.googlesource.com/external/github.com/google/flatbuffers.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/fontconfig/src": { "args": { - "hash": "sha256-2h0dWn7MxAX+4o2tMZLyjRFAES+FTMaGaf8M7ySkSV8=", - "rev": "f0ed9c3f43161d3555f6f7a5234b22fe7ca60727", + "hash": "sha256-Oo4ewK86dbEkO5EXyGWvdmsPHa8Wk1BHQah784vIem0=", + "rev": "d62c2ab268d1679335daa8fb0ea6970f35224a76", "url": "https://chromium.googlesource.com/external/fontconfig.git" }, "fetcher": "fetchFromGitiles" @@ -187,16 +187,16 @@ }, "src/third_party/freetype/src": { "args": { - "hash": "sha256-b74O5i4xhHq8y0qepP8Wup2nuj9LFzBX7ahMCCVhc98=", - "rev": "d3668e00da732654b50e4e81f982544ed6e26390", + "hash": "sha256-CorCyTiS2fumIF0jhqQgw7VjGkjGXNVD8efdmfZ2wUo=", + "rev": "e3a0652b6d706ee1ce77d4dda606b6597dd8b5c4", "url": "https://chromium.googlesource.com/chromium/src/third_party/freetype2.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/fuzztest/src": { "args": { - "hash": "sha256-gMIDf/Alh9BCk0Gm0m+mmhHoKreHCiN7/WOomcMbS/k=", - "rev": "e101ca021a40733d0fa76a3bd9b49b5f76da4f8a", + "hash": "sha256-CqJJ1hj9nQkGONB+5tJgafg1xvrPgTuE3tM8RjO2RY0=", + "rev": "54dfec04d5c9ad1f22b08002ab6a5e2d0de77671", "url": "https://chromium.googlesource.com/external/github.com/google/fuzztest.git" }, "fetcher": "fetchFromGitiles" @@ -219,24 +219,24 @@ }, "src/third_party/google_benchmark/src": { "args": { - "hash": "sha256-cH8s1gP6kCcojAAfTt5iQCVqiAaSooNk4BdaILujM3w=", - "rev": "761305ec3b33abf30e08d50eb829e19a802581cc", + "hash": "sha256-GfqY2d+Nd7ovNrXxzTRm/AYWj7GuxIO6FawzUEzwOVA=", + "rev": "188e8278990a9069ffc84441cb5a024fd0bede37", "url": "https://chromium.googlesource.com/external/github.com/google/benchmark.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/googletest/src": { "args": { - "hash": "sha256-A3kDQbt9ITaxCjl/tJtwySsPUyH+NNb8erdjBzq81o8=", - "rev": "244cec869d12e53378fa0efb610cd4c32a454ec8", + "hash": "sha256-gJhv3DQQSP5BQ6GmDobq42/Gkx4AbOg/ZS80bM0WpEw=", + "rev": "4fe3307fb2d9f86d19777c7eb0e4809e9694dde7", "url": "https://chromium.googlesource.com/external/github.com/google/googletest.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/grpc/src": { "args": { - "hash": "sha256-JUws1tD5/4mfx/muCkx5FvQoh0Vb2mD5/bIacCAZVAg=", - "rev": "de6ce7f32b1bf254d2b4c04e8872b63284632fd3", + "hash": "sha256-GvzPndJkPZsVCp0LtaQ29rnORQ7xSZ76if/feEIhvkI=", + "rev": "f394c3f07b4c685b9f6948b36d65ca10a629f4fa", "url": "https://chromium.googlesource.com/external/github.com/grpc/grpc.git" }, "fetcher": "fetchFromGitiles" @@ -251,16 +251,16 @@ }, "src/third_party/harfbuzz-ng/src": { "args": { - "hash": "sha256-gUUXBd2/di6MYhUzo0QkGQvRY6KLcy7qdDlSClnmnL8=", - "rev": "7d936359a27abb2d7cb14ecc102463bb15c11843", + "hash": "sha256-pXAQYEotsqZmfaJSQFaJmZAQVzUiNrHw52z0vmbxQRQ=", + "rev": "fa2908bf16d2ccd6623f4d575455fea72a1a722b", "url": "https://chromium.googlesource.com/external/github.com/harfbuzz/harfbuzz.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/icu": { "args": { - "hash": "sha256-k3z31DhDPoqjcZdUL4vjyUMVpUiNk44+7rCMTDVPH8Q=", - "rev": "1b2e3e8a421efae36141a7b932b41e315b089af8", + "hash": "sha256-zFxeAY6lEFRGNbCOOJij0CFjp3512WkyaN1Ld0+WADs=", + "rev": "a86a32e67b8d1384b33f8fa48c83a6079b86f8cd", "url": "https://chromium.googlesource.com/chromium/deps/icu.git" }, "fetcher": "fetchFromGitiles" @@ -291,40 +291,40 @@ }, "src/third_party/libaom/source/libaom": { "args": { - "hash": "sha256-s+fFufuRRGfItmd63IbHCR6ScANkJ49y+fsIGhTdwZE=", - "rev": "dcfc0bd1934130570d04597a3b75de0824dc434d", + "hash": "sha256-SE9nevzv+e2pVvRECQM0bg3dU1l7rE/4bLPuZDHFi18=", + "rev": "557586fde2fdc09dff9c3edf6943d6d54aa8914c", "url": "https://aomedia.googlesource.com/aom.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/libc++/src": { "args": { - "hash": "sha256-IemCFOw1X+Kcna6cuj9e29FUhitqvVGn1DeMCShkbOs=", - "rev": "b77132b512d5411f8393fd3decb3abaeaf1d3ec8", + "hash": "sha256-7O/X2JW8ghkPTjmFZmT9cgG3Ui5zk3gUb436KlPww34=", + "rev": "7ab65651aed6802d2599dcb7a73b1f82d5179d05", "url": "https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxx.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/libc++abi/src": { "args": { - "hash": "sha256-7TUY05CW5OCyd1C1oq69rptr1RkvOMS+1CAJc7yKRFQ=", - "rev": "864f61dc9253d56586ada34c388278565ef513f6", + "hash": "sha256-L5CUvhpOLS+NBNGssCv0pY9rsDFuAI0LlPjXQRfy62A=", + "rev": "8f11bb1d4438d0239d0dfc1bd9456a9f31629dda", "url": "https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/libgav1/src": { "args": { - "hash": "sha256-BgTfWmbcMvJB1KewJpRcMtbOd2FVuJ+fi1zAXBXfkrg=", - "rev": "c05bf9be660cf170d7c26bd06bb42b3322180e58", + "hash": "sha256-gisU0p0HDL7Po/ZXIIZVOTnxnOuVvSE/FYo9DaEUFfo=", + "rev": "40f58ed32ff39071c3f2a51056dbc49a070af0dc", "url": "https://chromium.googlesource.com/codecs/libgav1.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/libjpeg_turbo": { "args": { - "hash": "sha256-Ig+tmprZDvlf/M72/DTar2pbxat9ZElgSqdXdoM0lPs=", - "rev": "e14cbfaa85529d47f9f55b0f104a579c1061f9ad", + "hash": "sha256-FeSS7D3NietL34KgpaDFenBf/GcvapGSpkiKwgIOOHs=", + "rev": "6bb85251a8382b5e07f635a981ac685cc5ab5053", "url": "https://chromium.googlesource.com/chromium/deps/libjpeg_turbo.git" }, "fetcher": "fetchFromGitiles" @@ -347,56 +347,56 @@ }, "src/third_party/libunwind/src": { "args": { - "hash": "sha256-veSxr/ICnBsdP+3vWjCbPxduHiEzbT0DUdwfo0xcM30=", - "rev": "322be580a5a193a921c349a15747eeeb9a716ad1", + "hash": "sha256-iRfpzVN+QEpN6okwVs5oEtZqIJYzFGxsUO/IJY1c/W8=", + "rev": "ba19d93d6d4f467fba11ff20fe2fc7c056f79345", "url": "https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/libvpx/source/libvpx": { "args": { - "hash": "sha256-44k28SJ7AbcABv1YV1tICtJ1II4AXTuvcAELSTUht6c=", - "rev": "8d00aca60b951444582b1373e4e47f0ca6e0871c", + "hash": "sha256-/FtYzbcOgOlaaWCoJfYns5oye7DoRZx1/xew3lN7tAM=", + "rev": "e83e25f791932202256479052f18bdd03a091147", "url": "https://chromium.googlesource.com/webm/libvpx.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/libyuv": { "args": { - "hash": "sha256-9Qn1v9iUrk28bjW9HGepvzEM0wrpmCiA43+a/GPc9/s=", - "rev": "5b22f31cb5d39c1309a589f148678c2a217e75db", + "hash": "sha256-2lnobd22L9u+h6JGWJoWT/0gjhI5JImDsEjn+RRYzJg=", + "rev": "917276084a49be726c90292ff0a6b0a3d571a6af", "url": "https://chromium.googlesource.com/libyuv/libyuv.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/llvm-libc/src": { "args": { - "hash": "sha256-U/ToyQwIzZlaPic6LAnR17ySrZ6eGhReJ6iKVFrIHPg=", - "rev": "0c61a55402c6a0d9d6ca2aeb3c6a2613a8bc8c55", + "hash": "sha256-ZPsVBO+5v1xR9lvzHi616unK4HEak07Sy/reMSYwiok=", + "rev": "d99c56d4b9f6663bff528c4fac5313bceb32e762", "url": "https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libc.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/lss": { "args": { - "hash": "sha256-rhp4EcZYdgSfu9cqn+zxxGx6v2IW8uX8V+iA0UfZhFY=", - "rev": "ed31caa60f20a4f6569883b2d752ef7522de51e0", + "hash": "sha256-89CdA7vBYudbko0nAIyHcpHMXqFZHC05kwRIUmeEWGo=", + "rev": "29164a80da4d41134950d76d55199ea33fbb9613", "url": "https://chromium.googlesource.com/linux-syscall-support.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/nasm": { "args": { - "hash": "sha256-TxzAcp+CoKnnM0lCGjm+L3h6M30vYHjM07vW6zUe/vY=", - "rev": "e2c93c34982b286b27ce8b56dd7159e0b90869a2", + "hash": "sha256-vH3OUzfLZbaPY4DMAvSW0jKYRJmOa7aE8EfIJtZ1/Xs=", + "rev": "af5eeeb054bebadfbb79c7bcd100a95e2ad4525f", "url": "https://chromium.googlesource.com/chromium/deps/nasm.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/neon_2_sse/src": { "args": { - "hash": "sha256-AkDAHOPO5NdXXk0hETS5D67mzw0RVXwPDDKqM0XXo5g=", - "rev": "eb8b80b28f956275e291ea04a7beb5ed8289e872", + "hash": "sha256-4OzG4wIPwnKbFD9LG+stxHt5O4qB85ZIXVeSrNqDAyM=", + "rev": "662a85912e8f86ec808f9b15ce77f8715ba53316", "url": "https://chromium.googlesource.com/external/github.com/intel/ARM_NEON_2_x86_SSE.git" }, "fetcher": "fetchFromGitiles" @@ -411,8 +411,8 @@ }, "src/third_party/perfetto": { "args": { - "hash": "sha256-FfOCX3Z7aKGkMAf8hK5itt7+8N5kBRd9NJGjOLiUjQs=", - "rev": "d5bbee7afdf259af4212929ccbff467dd5349953", + "hash": "sha256-xOFm5u6uwzktkHCLuLmy3ryiuVN8B8Fo+ltHbFmilOY=", + "rev": "2074b65d22dd04b65c2688647b9386a63338f0b9", "url": "https://chromium.googlesource.com/external/github.com/google/perfetto.git" }, "fetcher": "fetchFromGitiles" @@ -427,48 +427,48 @@ }, "src/third_party/pthreadpool/src": { "args": { - "hash": "sha256-M9uMq/ZkvrWNep+CIFzx6xLfepLkfY8tjgL7ed2vjU0=", - "rev": "f5a07eddbf4be8f23e29e60a2ccf66b78b71f119", + "hash": "sha256-Es9QNblzo5b+x4K7myQJwIiUKvqyP16QExWPhGqqDO8=", + "rev": "9003ee6c137cea3b94161bd5c614fb43be523ee1", "url": "https://chromium.googlesource.com/external/github.com/google/pthreadpool.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/re2/src": { "args": { - "hash": "sha256-e18aSNVEE42LNzCDMay/Fa3BNg36pBPeEtfNvWqlnWE=", - "rev": "6569a9a3df256f4c0c3813cb8ee2f8eef6e2c1fb", + "hash": "sha256-oEU+dz8ax1S36+f9OysjB0GnQj8mjZx1VsZ/UgckdDI=", + "rev": "972a15cedd008d846f1a39b2e88ce48d7f166cbd", "url": "https://chromium.googlesource.com/external/github.com/google/re2.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/ruy/src": { "args": { - "hash": "sha256-fV0El2ZgjxLqstKVN35SL72+diHNK0FkBmG5UwVZFrk=", - "rev": "9940fbf1e0c0863907e77e0600b99bb3e2bc2b9f", + "hash": "sha256-zJ7EYxIoZvN2uOfPscKzWycBO057g4bMnTys2sUrp2M=", + "rev": "576e020f06334118994496b45f9796ed7fda3280", "url": "https://chromium.googlesource.com/external/github.com/google/ruy.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/tflite/src": { "args": { - "hash": "sha256-9RWrxIDA2vvobr9Cg13SkwfScw+Lk/NCeaPVIXTCKmY=", - "rev": "313f58ae85278ced9ccc7f90ee630bdf8735c52f", + "hash": "sha256-pIhOSb9eLzel5oDPCpxCvI2XJ2jGLdLURCRkd1BbMkk=", + "rev": "01e030d23d3b904d98cbf908da74d63b3c186949", "url": "https://chromium.googlesource.com/external/github.com/tensorflow/tensorflow.git" }, "fetcher": "fetchFromGitiles" }, "src/third_party/xnnpack/src": { "args": { - "hash": "sha256-oxpMzIFwJ3L5cYLkwcSL7a8XS1AGHXKQjwtHoe/2mZw=", - "rev": "4d098efeac50c44a7c03e6feb1794908db4c3158", + "hash": "sha256-OdrwYAazY0E3han/fpFjlAiguY4M/xnCMJjL3KAIhvw=", + "rev": "4574c4d9b00703c15f2218634ddf101597b22b18", "url": "https://chromium.googlesource.com/external/github.com/google/XNNPACK.git" }, "fetcher": "fetchFromGitiles" }, "src/tools": { "args": { - "hash": "sha256-a3sRfYOVGgroZu25lPS+jGN5Nf/lhfKvKhMl8WiAybs=", - "rev": "3b73a00861c1cc1d6308e20786f42045b77864cd", + "hash": "sha256-QKFYNmNwVcm7aAP3aeuSrY2ScbgMPs4/odf62dI0WJg=", + "rev": "f8f65faf07b1132c9d01932ef95846e9a82b8d54", "url": "https://chromium.googlesource.com/chromium/src/tools" }, "fetcher": "fetchFromGitiles" diff --git a/pkgs/by-name/si/signal-desktop/webrtc.nix b/pkgs/by-name/si/signal-desktop/webrtc.nix index 0ea34b0dec7c..4bec7936bc87 100644 --- a/pkgs/by-name/si/signal-desktop/webrtc.nix +++ b/pkgs/by-name/si/signal-desktop/webrtc.nix @@ -1,6 +1,7 @@ { stdenv, lib, + fetchpatch, buildPackages, ninja, gn, @@ -85,6 +86,19 @@ stdenv.mkDerivation (finalAttrs: { alsa-lib ]; + patches = [ + # https://github.com/NixOS/nixpkgs/blob/8e689a91c5b4e47b57dee488dd7e319cc704eb9d/pkgs/applications/networking/browsers/chromium/common.nix#L604-L612 + # clang++: error: unknown argument: '-fsanitize-ignore-for-ubsan-feature=array-bounds' + (fetchpatch { + name = "chromium-146-revert-Update-fsanitizer=array-bounds-config.patch"; + # https://chromium-review.googlesource.com/c/chromium/src/+/7539408 + url = "https://chromium.googlesource.com/chromium/src/+/acb47d9a6b56c4889a2ed4216e9968cfc740086c^!?format=TEXT"; + decode = "base64 -d"; + revert = true; + hash = "sha256-WZsN2qm6lX121bDf7SoN75flXtCTmPPpwtHK0ayjkPc="; + }) + ]; + postPatch = '' substituteInPlace build/toolchain/linux/BUILD.gn \ --replace-fail 'toolprefix = "aarch64-linux-gnu-"' 'toolprefix = ""' diff --git a/pkgs/by-name/to/tor-browser/package.nix b/pkgs/by-name/to/tor-browser/package.nix index 009c201e13f6..8b6c03407e22 100644 --- a/pkgs/by-name/to/tor-browser/package.nix +++ b/pkgs/by-name/to/tor-browser/package.nix @@ -102,7 +102,7 @@ let ++ lib.optionals mediaSupport [ ffmpeg_7 ] ); - version = "15.0.14"; + version = "15.0.15"; sources = { x86_64-linux = fetchurl { @@ -112,7 +112,7 @@ let "https://tor.eff.org/dist/torbrowser/${version}/tor-browser-linux-x86_64-${version}.tar.xz" "https://tor.calyxinstitute.org/dist/torbrowser/${version}/tor-browser-linux-x86_64-${version}.tar.xz" ]; - hash = "sha256-kxRtNraru8w/lAwwhAD2h6Q+CqFdS2DzV2FZHnNj9Q4="; + hash = "sha256-UlKf5YPGnPCKzCiFu1dxLg6kg3bJQAcZlwOKE9rTIgQ="; }; i686-linux = fetchurl { @@ -122,7 +122,7 @@ let "https://tor.eff.org/dist/torbrowser/${version}/tor-browser-linux-i686-${version}.tar.xz" "https://tor.calyxinstitute.org/dist/torbrowser/${version}/tor-browser-linux-i686-${version}.tar.xz" ]; - hash = "sha256-GHLeAyMrnwD5lC4NnwM72nZQeRN7AjrlS/zlOqfmjtw="; + hash = "sha256-bIFw4QOIgEQBdcQqjYRKWmy/C0srG0eBBR5H5oteWlo="; }; }; diff --git a/pkgs/by-name/zs/zsh/fix-sigsuspend-probe-c23.patch b/pkgs/by-name/zs/zsh/fix-sigsuspend-probe-c23.patch deleted file mode 100644 index 46c060b235d2..000000000000 --- a/pkgs/by-name/zs/zsh/fix-sigsuspend-probe-c23.patch +++ /dev/null @@ -1,17 +0,0 @@ -Prototype the K&R handler so the probe still compiles under -std=gnu23 -(selected by autoconf 2.73). Upstream removed the probe in 8dd271fdec52, -which does not apply against 5.9 with the PCRE backports. - -https://github.com/NixOS/nixpkgs/issues/513543 ---- a/configure.ac -+++ b/configure.ac -@@ -2334,8 +2334,7 @@ if test x$signals_style = xPOSIX_SIGNALS; then - #include - #include - int child=0; --void handler(sig) -- int sig; -+void handler(int sig) - {if(sig==SIGCHLD) child=1;} - int main() { - struct sigaction act; diff --git a/pkgs/by-name/zs/zsh/package.nix b/pkgs/by-name/zs/zsh/package.nix index 1ec13496c599..d8d86ba0399f 100644 --- a/pkgs/by-name/zs/zsh/package.nix +++ b/pkgs/by-name/zs/zsh/package.nix @@ -2,7 +2,6 @@ lib, stdenv, fetchurl, - fetchpatch, autoreconfHook, yodl, perl, @@ -18,7 +17,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "zsh"; - version = "5.9"; + version = "5.9.1"; outputs = [ "out" "doc" @@ -28,52 +27,12 @@ stdenv.mkDerivation (finalAttrs: { src = fetchurl { url = "mirror://sourceforge/zsh/zsh-${finalAttrs.version}.tar.xz"; - sha256 = "sha256-m40ezt1bXoH78ZGOh2dSp92UjgXBoNuhCrhjhC1FrNU="; + sha256 = "sha256-XSC+wD+YHcTpoJ7CRedBU4j/ZB95xcXEFrUELljYKA0="; }; patches = [ # fix location of timezone data for TZ= completion ./tz_completion.patch - # Fixes configure misdetection when using clang 16, resulting in broken subshells on Darwin. - # This patch can be dropped with the next release of zsh. - (fetchpatch { - url = "https://github.com/zsh-users/zsh/commit/ab4d62eb975a4c4c51dd35822665050e2ddc6918.patch"; - hash = "sha256-nXB4w7qqjZJC7/+CDxnNy6wu9qNwmS3ezjj/xK7JfeU="; - excludes = [ "ChangeLog" ]; - }) - # Fixes compatibility with texinfo 7.1. This patch can be dropped with the next release of zsh. - (fetchpatch { - url = "https://github.com/zsh-users/zsh/commit/ecd3f9c9506c7720dc6c0833dc5d5eb00e4459c4.patch"; - hash = "sha256-oA8GC8LmuqNKGuPqGfiQVhL5nWb7ArLWGUI6wjpsIW8="; - excludes = [ "ChangeLog" ]; - }) - # PCRE 2.x support - (fetchpatch { - url = "https://github.com/zsh-users/zsh/commit/1b421e4978440234fb73117c8505dad1ccc68d46.patch"; - hash = "sha256-jqTXnz56L3X21e3kXtzrT1jKEq+K7ittFjL7GdHVq94="; - excludes = [ "ChangeLog" ]; - }) - (fetchpatch { - url = "https://github.com/zsh-users/zsh/commit/b62e911341c8ec7446378b477c47da4256053dc0.patch"; - hash = "sha256-MfyiLucaSNNfdCLutgv/kL/oi/EVoxZVUd1KjGzN9XI="; - excludes = [ "ChangeLog" ]; - }) - (fetchpatch { - url = "https://github.com/zsh-users/zsh/commit/10bdbd8b5b0b43445aff23dcd412f25cf6aa328a.patch"; - hash = "sha256-bl1PG9Zk1wK+2mfbCBhD3OEpP8HQboqEO8sLFqX8DmA="; - excludes = [ "ChangeLog" ]; - }) - # autoconf 2.73 picks -std=gnu23, breaking the K&R sigsuspend probe and - # causing $(...) hangs. Drop with the next zsh release. - ./fix-sigsuspend-probe-c23.patch - ] - ++ lib.optionals stdenv.cc.isGNU [ - # Fixes compilation with gcc >= 14. - (fetchpatch { - url = "https://github.com/zsh-users/zsh/commit/4c89849c98172c951a9def3690e8647dae76308f.patch"; - hash = "sha256-l5IHQuIXo0N6ynLlZoQA7wJd/C7KrW3G7nMzfjQINkw="; - excludes = [ "ChangeLog" ]; - }) ]; strictDeps = true; diff --git a/pkgs/development/tools/pnpm/default.nix b/pkgs/development/tools/pnpm/default.nix index fa7c4bd0e3a3..2de2451a1244 100644 --- a/pkgs/development/tools/pnpm/default.nix +++ b/pkgs/development/tools/pnpm/default.nix @@ -26,8 +26,8 @@ let hash = "sha256-jnDdxmSbGLw9iVzzqQjAKR6kw4A5rYcixH4Bja8enPw="; }; "11" = { - version = "11.4.0"; - hash = "sha256-50EGpaDrJWn0WDUEQg6tX8HCY+QXoyFsqxy+DM3LTq4="; + version = "11.5.1"; + hash = "sha256-3npcG+2DAYBRg6h5l/4XIM1crvtXvoOFNaS/xKFZaVk="; }; }; diff --git a/pkgs/servers/nextcloud/default.nix b/pkgs/servers/nextcloud/default.nix index 378af0d8b265..34a708f9ef84 100644 --- a/pkgs/servers/nextcloud/default.nix +++ b/pkgs/servers/nextcloud/default.nix @@ -53,14 +53,14 @@ let in { nextcloud32 = generic { - version = "32.0.10"; - hash = "sha256-D/zIqDOIJezowzco7gzaTvjquI6Pu80Z9IsE4t0KNXo="; + version = "32.0.11"; + hash = "sha256-vvIY5Yeczhy/0Q0gfVG1iiYPGQ1U/VcZkx7coMWdRiQ="; packages = nextcloud32Packages; }; nextcloud33 = generic { - version = "33.0.4"; - hash = "sha256-9LHNbdBSXGuoiPLMHw8fU3mdbRfLDXz2YFQuxMvNenI="; + version = "33.0.5"; + hash = "sha256-7Ua5HY2k4fAjTQGIslvulEj6LzAYh+WygBPmtUfW3Mo="; packages = nextcloud33Packages; }; diff --git a/pkgs/servers/nextcloud/packages/32.json b/pkgs/servers/nextcloud/packages/32.json index 046356a5bff2..4fba74c63f26 100644 --- a/pkgs/servers/nextcloud/packages/32.json +++ b/pkgs/servers/nextcloud/packages/32.json @@ -50,9 +50,9 @@ ] }, "cookbook": { - "hash": "sha256-oiG3oAxc5tWqQepVN5ubMqOeglDT+mpkDs6UttgzuhE=", - "url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.6/cookbook-0.11.6.tar.gz", - "version": "0.11.6", + "hash": "sha256-Xn2yvgVL7XPIN8awCaH5mznRMW9Jcr0s2E19D13Hm8I=", + "url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.7/cookbook-0.11.7.tar.gz", + "version": "0.11.7", "description": "A library for all your recipes. It uses JSON files following the schema.org recipe format. To add a recipe to the collection, you can paste in the URL of the recipe, and the provided web page will be parsed and downloaded to whichever folder you specify in the app settings.", "homepage": "https://github.com/nextcloud/cookbook/", "licenses": [ @@ -150,9 +150,9 @@ ] }, "groupfolders": { - "hash": "sha256-7G/ExoNBXdNp3XwN+O9TE9Jj+EZ00XsNrc38xtZGALA=", - "url": "https://github.com/nextcloud-releases/groupfolders/releases/download/v20.1.13/groupfolders-v20.1.13.tar.gz", - "version": "20.1.13", + "hash": "sha256-EVOIWjsgd/6j34GfrJ8YHxQP6JO84AdxvlPkqleeDyw=", + "url": "https://github.com/nextcloud-releases/groupfolders/releases/download/v20.1.14/groupfolders-v20.1.14.tar.gz", + "version": "20.1.14", "description": "Team Folders (formerly \"Group Folders\") allows administrators to create and manage shared\nfolders for selected teams within Nextcloud.\n\nAdmins can grant one or more teams access to a folder, configure permissions (such as read,\nwrite, and sharing rights), and assign storage quotas from the Team Folders section (under\nadmin settings). The app also supports advanced permissions and integration with Nextcloud’s\ntrash and versioning systems.\n\nAs of Hub 10 / Nextcloud 31, admins must be members of a team to assign that team to a Team\nFolder.", "homepage": "https://github.com/nextcloud/groupfolders", "licenses": [ @@ -210,9 +210,9 @@ ] }, "mail": { - "hash": "sha256-0IBTi0JVBBCTLEcSDiB1eMj2B31qeT4Yn9+ogY9iAs0=", - "url": "https://github.com/nextcloud-releases/mail/releases/download/v5.8.1/mail-v5.8.1.tar.gz", - "version": "5.8.1", + "hash": "sha256-SYe8BEC4v9ivl2iGVCkORHy5yn9wN4o2mrqJYGqzVRw=", + "url": "https://github.com/nextcloud-releases/mail/releases/download/v5.9.0/mail-v5.9.0.tar.gz", + "version": "5.9.0", "description": "**πŸ’Œ A mail app for Nextcloud**\n\n- **πŸš€ Integration with other Nextcloud apps!** Currently Contacts, Calendar & Files – more to come.\n- **πŸ“₯ Multiple mail accounts!** Personal and company account? No problem, and a nice unified inbox. Connect any IMAP account.\n- **πŸ”’ Send & receive encrypted mails!** Using the great [Mailvelope](https://mailvelope.com) browser extension.\n- **πŸ™ˆ We’re not reinventing the wheel!** Based on the great [Horde](https://www.horde.org) libraries.\n- **πŸ“¬ Want to host your own mail server?** We do not have to reimplement this as you could set up [Mail-in-a-Box](https://mailinabox.email)!\n\n## Ethical AI Rating\n\n### Priority Inbox\n\nPositive:\n* The software for training and inferencing of this model is open source.\n* The model is created and trained on-premises based on the user's own data.\n* The training data is accessible to the user, making it possible to check or correct for bias or optimise the performance and CO2 usage.\n\n### Thread Summaries (opt-in)\n\n**Rating:** 🟒/🟑/🟠/πŸ”΄\n\nThe rating depends on the installed text processing backend. See [the rating overview](https://docs.nextcloud.com/server/latest/admin_manual/ai/index.html) for details.\n\nLearn more about the Nextcloud Ethical AI Rating [in our blog](https://nextcloud.com/blog/nextcloud-ethical-ai-rating/).", "homepage": "https://github.com/nextcloud/mail#readme", "licenses": [ @@ -220,9 +220,9 @@ ] }, "music": { - "hash": "sha256-n1HsKmkXL8YSQywGlt3f9lqSDBYcxi3VWO8K9b0PZqY=", - "url": "https://github.com/nc-music/music/releases/download/v3.0.0/nc-music-3.0.0.tar.gz", - "version": "3.0.0", + "hash": "sha256-bQ9NBo5R/en3f68ag+mAsVWuhREjr/ajlKrfLn4Tvtg=", + "url": "https://github.com/nc-music/music/releases/download/v3.1.0/nc-music-3.1.0.tar.gz", + "version": "3.1.0", "description": "A stand-alone music player app and a \"lite\" player for the Files app\n\n- On modern browsers, supports audio types .mp3, .ogg, .m4a, .m4b, .flac, .wav, and more\n- Playlist support with import from .m3u, .m3u8, .pls, and .wpl files\n- Show lyrics from the file metadata or .lrc files\n- Browse by artists, albums, genres, or folders\n- Gapless play\n- Filter the shown content with the search function\n- Advanced search to freely use and combine dozens of search criteria\n- Play internet radio and podcast channels\n- Setup Last.fm connection to scrobble plays and/or see background information on artists, albums, and songs\n- Control with media control keys on the keyboard or OS\n- The app can handle libraries consisting of thousands of albums and tens of thousands of songs\n- Includes a server backend compatible with the Subsonic and Ampache protocols, allowing playback and browsing of your library on dozens of external apps on Android, iOS, Windows, Linux, etc.\n- Widget for the Nextcloud Dashboard", "homepage": "https://github.com/nc-music/music", "licenses": [ @@ -230,9 +230,9 @@ ] }, "news": { - "hash": "sha256-e2lledOH4LzB+/nWjL+wsCuJJTi50yNgPDnGVkl7FNk=", - "url": "https://github.com/nextcloud/news/releases/download/28.4.1/news.tar.gz", - "version": "28.4.1", + "hash": "sha256-T3UBQcNxte18J/yyIucGb/X105t3lh97KWn0joTTuDw=", + "url": "https://github.com/nextcloud/news/releases/download/28.5.1/news.tar.gz", + "version": "28.5.1", "description": "πŸ“° A RSS/Atom Feed reader App for Nextcloud\n\n- πŸ“² Synchronize your feeds with multiple mobile or desktop [clients](https://nextcloud.github.io/news/clients/)\n- πŸ”„ Automatic updates of your news feeds\n- πŸ†“ Free and open source under AGPLv3, no ads or premium functions\n\n**System Cron is currently required for this app to work**\n\nRequirements can be found [here](https://nextcloud.github.io/news/install/#dependencies)\n\nThe Changelog is available [here](https://github.com/nextcloud/news/blob/master/CHANGELOG.md)\n\nCreate a [bug report](https://github.com/nextcloud/news/issues/new/choose)\n\nCreate a [feature request](https://github.com/nextcloud/news/discussions/new)\n\nReport a [feed issue](https://github.com/nextcloud/news/discussions/new)", "homepage": "https://github.com/nextcloud/news", "licenses": [ @@ -250,9 +250,9 @@ ] }, "notes": { - "hash": "sha256-NCBDtNO6jsqws4BE8sGOnox2xUuODleYodQ5vv6jqEs=", - "url": "https://github.com/nextcloud-releases/notes/releases/download/v5.0.0/notes-v5.0.0.tar.gz", - "version": "5.0.0", + "hash": "sha256-Rdq91a2xH7JGzjBYj6D08j8EjaPndJKug7KY5Qki3UY=", + "url": "https://github.com/nextcloud-releases/notes/releases/download/v5.0.1/notes-v5.0.1.tar.gz", + "version": "5.0.1", "description": "The Notes app is a distraction free notes taking app for [Nextcloud](https://www.nextcloud.com/). It provides categories for better organization and supports formatting using [Markdown](https://en.wikipedia.org/wiki/Markdown) syntax. Notes are saved as files in your Nextcloud, so you can view and edit them with every Nextcloud client. Furthermore, a separate [REST API](https://github.com/nextcloud/notes/blob/master/docs/api/README.md) allows for an easy integration into apps ([Android](https://github.com/nextcloud/notes-android), [iOS](https://github.com/nextcloud/notes-ios), as well as [3rd-party apps](https://github.com/nextcloud/notes/wiki#3rd-party-clients) which allow convenient access to your Nextcloud notes). Further features include marking notes as favorites.", "homepage": "https://github.com/nextcloud/notes", "licenses": [ @@ -260,9 +260,9 @@ ] }, "oidc": { - "hash": "sha256-9/fXcx2WBdoJnMb6e+vfq4vPRnmowBcayWJaW3Uey/I=", - "url": "https://github.com/H2CK/oidc/releases/download/1.16.6/oidc-1.16.6.tar.gz", - "version": "1.16.6", + "hash": "sha256-CTnFegGasnG+2MPK6c0H01OjrEKSM0WALwns9nJySaA=", + "url": "https://github.com/H2CK/oidc/releases/download/1.17.0/oidc-1.17.0.tar.gz", + "version": "1.17.0", "description": "Nextcloud as OpenID Connect Identity Provider\n\nWith this app you can use Nextcloud as OpenID Connect Identity Provider. If other services\nare configured correctly, you are able to access those services with your Nextcloud login.\n\nFull documentation can be found at:\n\n- [User Documentation](https://github.com/H2CK/oidc/wiki#user-documentation)\n- [Developer Documentation](https://github.com/H2CK/oidc/wiki#developer-documentation)", "homepage": "https://github.com/H2CK/oidc", "licenses": [ @@ -370,9 +370,9 @@ ] }, "sociallogin": { - "hash": "sha256-9iWHw+8C42OZOhBKcCMQRDRzVpGbawFOb5ZVxLamHl0=", - "url": "https://github.com/zorn-v/nextcloud-social-login/releases/download/v6.5.0/release.tar.gz", - "version": "6.5.0", + "hash": "sha256-8yB+PFGi9+bUjiEEHBJxAyySMluPO/1m3sPUThe5+t0=", + "url": "https://github.com/zorn-v/nextcloud-social-login/releases/download/v6.5.2/release.tar.gz", + "version": "6.5.2", "description": "# Social Login\n\nMake it possible to create users and log in via Telegram, OAuth, or OpenID.\n\nFor OAuth, you must create an app with certain providers. Login buttons will appear on the login page if an app ID is specified. Settings are located in the \"Social login\" section of the settings page.\n\n## Installation\n\nLog in to your Nextcloud installation as an administrator. Under \"Apps\", click \"Download and enable\" next to the \"Social Login\" app.\n\nSee below for setup and configuration instructions.\n\n## Custom OAuth2/OIDC Groups\n\nYou can use groups from your custom provider. For this, specify the \"Groups claim\" in the custom OAuth2/OIDC provider settings. This claim should be returned from the provider in the `id_token` or at the user info endpoint. Multiple claims (comma separated) also supported - groups will be merged.\nThe format should be an `array` or a comma-separated string. E.g., (with a claim named `roles`):\n\n```json\n{\"roles\": [\"admin\", \"user\"]}\n```\nor\n```json\n{\"roles\": \"admin,user\"}\n```\n\nNested claims are also supported. For example, `resource_access.client-id.roles` for:\n\n```json\n\"resource_access\": {\n \"client-id\": {\n \"roles\": [\n \"client-role-1\",\n \"client-role-2\"\n ]\n }\n}\n```\n\n**DisplayName** support is also available:\n```json\n{\"roles\": [{\"gid\": 1, \"displayName\": \"admin\"}, {\"gid\": 2, \"displayName\": \"user\"}]}\n```\n\nYou can use provider groups in two ways:\n\n1. Map provider groups to existing Nextcloud groups.\n2. Create provider groups in Nextcloud and associate them with users (if the appropriate option is enabled).\n\nTo sync groups on every login, ensure the \"Update user profile every login\" setting is checked.\n\n## Examples for Groups\n\n* Configure WSO2IS to return a roles claim with OIDC [here](https://medium.com/@dewni.matheesha/claim-mapping-and-retrieving-end-user-information-in-wso2is-cffd5f3937ff).\n* [GitLab OIDC configuration to allow specific GitLab groups](https://github.com/zorn-v/nextcloud-social-login/blob/master/docs/sso/gitlab.md).\n\n## Built-in OAuth Providers\n\nCopy the link from a specific login button to get the correct \"redirect URL\" for OAuth app settings.\n\n* [Amazon](https://developer.amazon.com/loginwithamazon/console/site/lwa/overview.html)\n* [Apple](https://github.com/zorn-v/nextcloud-social-login/blob/master/docs/sso/apple.md)\n* [Codeberg](https://github.com/zorn-v/nextcloud-social-login/blob/master/docs/sso/codeberg.md)\n* [Discord](#configure-discord)\n* [Facebook](https://github.com/zorn-v/nextcloud-social-login/blob/master/docs/sso/facebook.md)\n* [GitHub](https://github.com/settings/developers)\n* [GitLab](https://github.com/zorn-v/nextcloud-social-login/blob/master/docs/sso/gitlab.md)\n* [Google](https://github.com/zorn-v/nextcloud-social-login/blob/master/docs/sso/google.md)\n* [Keycloak](https://github.com/zorn-v/nextcloud-social-login/blob/master/docs/sso/keycloak.md)\n* [Mail.ru](https://github.com/zorn-v/nextcloud-social-login/blob/master/docs/sso/mailru.md)\n* **PlexTv**: Use any title as the app ID.\n* [Telegram](https://github.com/zorn-v/nextcloud-social-login/blob/master/docs/sso/telegram.md)\n* [Twitter](https://github.com/zorn-v/nextcloud-social-login/blob/master/docs/sso/twitter.md)\n\nFor details about Google's \"Allow login only from specified domain\" setting, see [#44](https://github.com/zorn-v/nextcloud-social-login/issues/44). Use a comma-separated list for multiple domains.\n\n## Configuration\n\nAdd `'social_login_auto_redirect' => true` to `config.php` to automatically redirect unauthorized users to social login if only one provider is configured. To temporarily disable this (e.g., for local admin login), add `noredir=1` to the login URL: `https://cloud.domain.com/login?noredir=1`.\n\nConfigure HTTP client options using:\n```php\n 'social_login_http_client' => [\n 'timeout' => 45,\n 'proxy' => 'socks4://127.0.0.1:9050', // See for allowed formats\n ],\n```\nin `config.php`.\n\n### Configure a Provider via CLI\n\nUse the `occ` utility to configure providers via the command line. Replace variables and URLs with your deployment values:\n```bash\nphp occ config:app:set sociallogin custom_providers --value='{\"custom_oidc\": [{\"name\": \"gitlab_oidc\", \"title\": \"Gitlab\", \"authorizeUrl\": \"https://gitlab.my-domain.org/oauth/authorize\", \"tokenUrl\": \"https://gitlab.my-domain.org/oauth/token\", \"userInfoUrl\": \"https://gitlab.my-domain.org/oauth/userinfo\", \"logoutUrl\": \"\", \"clientId\": \"$my_application_id\", \"clientSecret\": \"$my_super_secret_secret\", \"scope\": \"openid\", \"groupsClaim\": \"groups\", \"style\": \"gitlab\", \"defaultGroup\": \"\"}]}'\n```\nFor Docker, prepend `docker exec -t -uwww-data CONTAINER_NAME` to the command or run interactively via `docker exec -it -uwww-data CONTAINER_NAME sh`.\n\nTo inspect configurations:\n```sql\nmysql -u nextcloud -p nextcloud\nPassword: \n\n> SELECT * FROM oc_appconfig WHERE appid='sociallogin';\n```\nOr run:\n```bash\ndocker exec -t -uwww-data CONTAINER_NAME php occ config:app:get sociallogin custom_providers\n```\n\n### Configure Discord\n\n1. Create a Discord application at [Discord Developer Portal](https://discord.com/developers/applications).\n2. Navigate to `Settings > OAuth2 > General`. Add a redirect URL: `https://nextcloud.mydomain.com/apps/sociallogin/oauth/discord`.\n3. Copy the `CLIENT ID` and generate a `CLIENT SECRET`.\n4. In Nextcloud, go to `Settings > Social Login`. Paste the `CLIENT ID` into \"App id\" and `CLIENT SECRET` into \"Secret\".\n5. Select a default group for new users.\n6. For group mapping, see [#395](https://github.com/zorn-v/nextcloud-social-login/pull/395).\n\n## Hint\n\n### Callback (Reply) URL\nCopy the link from a login button on the Nextcloud login page and use it as the callback URL on your provider's site. To make the button visible temporarily, fill provider settings with placeholder data and update later.\n\nIf you encounter callback URL errors despite correct settings, ensure your Nextcloud server generates HTTPS URLs by adding `'overwriteprotocol' => 'https'` to `config.php`.", "homepage": "https://github.com/zorn-v/nextcloud-social-login", "licenses": [ @@ -390,9 +390,9 @@ ] }, "tables": { - "hash": "sha256-H5FQ4eshvD8hUdJifmXxnce+t6oWUP5yzCIePyvoS1U=", - "url": "https://github.com/nextcloud-releases/tables/releases/download/v1.0.8/tables-v1.0.8.tar.gz", - "version": "1.0.8", + "hash": "sha256-SQbCET4MdP8+clGAfgat3G2kAefB75BjJnZKanN3EDI=", + "url": "https://github.com/nextcloud-releases/tables/releases/download/v1.0.9/tables-v1.0.9.tar.gz", + "version": "1.0.9", "description": "Manage data the way you need it.\n\nWith this app you are able to create your own tables with individual columns. You can start with a template or from scratch and add your wanted columns.\nYou can choose from the following column types:\n- Text line or rich text\n- Link to urls or other nextcloud resources\n- Numbers\n- Progress bar\n- Stars rating\n- Yes/No tick\n- Date and/or time\n- (Multi) selection\n- Users, groups and teams\n\nShare your tables and views with users and groups within your cloud.\n\nHave a good time and manage whatever you want.", "homepage": "https://github.com/nextcloud/tables", "licenses": [ @@ -470,9 +470,9 @@ ] }, "user_saml": { - "hash": "sha256-ZYBbvQVs53i+aDV6mNKCPTD2Qjac8DPMAJJiPs41ofw=", - "url": "https://github.com/nextcloud-releases/user_saml/releases/download/v8.0.1/user_saml-v8.0.1.tar.gz", - "version": "8.0.1", + "hash": "sha256-rEeaUUYhsTVLZDo11Xh/wGI3k97Tq5J0Jn18QY1M1Xs=", + "url": "https://github.com/nextcloud-releases/user_saml/releases/download/v8.1.2/user_saml-v8.1.2.tar.gz", + "version": "8.1.2", "description": "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\t* Authentik\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix.", "homepage": "https://github.com/nextcloud/user_saml", "licenses": [ @@ -480,9 +480,9 @@ ] }, "whiteboard": { - "hash": "sha256-1XNolzWSdWvN8sriDNyLcShbHevMEkkBnrnYBnNRJw0=", - "url": "https://github.com/nextcloud-releases/whiteboard/releases/download/v1.5.8/whiteboard-v1.5.8.tar.gz", - "version": "1.5.8", + "hash": "sha256-GV5dCxn7t+F2vSyJur/VUUrvAiSv5dDvI5ME6EBGof4=", + "url": "https://github.com/nextcloud-releases/whiteboard/releases/download/v1.5.9/whiteboard-v1.5.9.tar.gz", + "version": "1.5.9", "description": "The official whiteboard app for Nextcloud. It allows users to create and share whiteboards with other users and collaborate in real-time.\n\n**Whiteboard requires a separate collaboration server to work.** Please see the [documentation](https://github.com/nextcloud/whiteboard?tab=readme-ov-file#backend) on how to install it.\n\n- 🎨 Drawing shapes, writing text, connecting elements\n- πŸ“ Real-time collaboration\n- πŸ–ΌοΈ Add images with drag and drop\n- πŸ“Š Easily add mermaid diagrams\n- ✨ Use the Smart Picker to embed other elements from Nextcloud\n- πŸ“¦ Image export\n- πŸ’ͺ Strong foundation: We use Excalidraw as our base library", "homepage": "https://github.com/nextcloud/whiteboard", "licenses": [ diff --git a/pkgs/servers/nextcloud/packages/33.json b/pkgs/servers/nextcloud/packages/33.json index df0797f16b35..41ed0fc98d09 100644 --- a/pkgs/servers/nextcloud/packages/33.json +++ b/pkgs/servers/nextcloud/packages/33.json @@ -50,9 +50,9 @@ ] }, "cookbook": { - "hash": "sha256-oiG3oAxc5tWqQepVN5ubMqOeglDT+mpkDs6UttgzuhE=", - "url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.6/cookbook-0.11.6.tar.gz", - "version": "0.11.6", + "hash": "sha256-Xn2yvgVL7XPIN8awCaH5mznRMW9Jcr0s2E19D13Hm8I=", + "url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.7/cookbook-0.11.7.tar.gz", + "version": "0.11.7", "description": "A library for all your recipes. It uses JSON files following the schema.org recipe format. To add a recipe to the collection, you can paste in the URL of the recipe, and the provided web page will be parsed and downloaded to whichever folder you specify in the app settings.", "homepage": "https://github.com/nextcloud/cookbook/", "licenses": [ @@ -80,9 +80,9 @@ ] }, "deck": { - "hash": "sha256-5ayXPoq2E8eIQqL74p/dytqmjAN3vkAZvrgQIqxf7Zo=", - "url": "https://github.com/nextcloud-releases/deck/releases/download/v1.17.1/deck-v1.17.1.tar.gz", - "version": "1.17.1", + "hash": "sha256-e3IGes5CUIlSn1W47V4f4X0XOAbeA1y3RPpw9w++hMU=", + "url": "https://github.com/nextcloud-releases/deck/releases/download/v1.17.2/deck-v1.17.2.tar.gz", + "version": "1.17.2", "description": "Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.\n\n\n- πŸ“₯ Add your tasks to cards and put them in order\n- πŸ“„ Write down additional notes in Markdown\n- πŸ”– Assign labels for even better organization\n- πŸ‘₯ Share with your team, friends or family\n- πŸ“Ž Attach files and embed them in your Markdown description\n- πŸ’¬ Discuss with your team using comments\n- ⚑ Keep track of changes in the activity stream\n- πŸš€ Get your project organized", "homepage": "https://github.com/nextcloud/deck", "licenses": [ @@ -210,9 +210,9 @@ ] }, "mail": { - "hash": "sha256-0IBTi0JVBBCTLEcSDiB1eMj2B31qeT4Yn9+ogY9iAs0=", - "url": "https://github.com/nextcloud-releases/mail/releases/download/v5.8.1/mail-v5.8.1.tar.gz", - "version": "5.8.1", + "hash": "sha256-SYe8BEC4v9ivl2iGVCkORHy5yn9wN4o2mrqJYGqzVRw=", + "url": "https://github.com/nextcloud-releases/mail/releases/download/v5.9.0/mail-v5.9.0.tar.gz", + "version": "5.9.0", "description": "**πŸ’Œ A mail app for Nextcloud**\n\n- **πŸš€ Integration with other Nextcloud apps!** Currently Contacts, Calendar & Files – more to come.\n- **πŸ“₯ Multiple mail accounts!** Personal and company account? No problem, and a nice unified inbox. Connect any IMAP account.\n- **πŸ”’ Send & receive encrypted mails!** Using the great [Mailvelope](https://mailvelope.com) browser extension.\n- **πŸ™ˆ We’re not reinventing the wheel!** Based on the great [Horde](https://www.horde.org) libraries.\n- **πŸ“¬ Want to host your own mail server?** We do not have to reimplement this as you could set up [Mail-in-a-Box](https://mailinabox.email)!\n\n## Ethical AI Rating\n\n### Priority Inbox\n\nPositive:\n* The software for training and inferencing of this model is open source.\n* The model is created and trained on-premises based on the user's own data.\n* The training data is accessible to the user, making it possible to check or correct for bias or optimise the performance and CO2 usage.\n\n### Thread Summaries (opt-in)\n\n**Rating:** 🟒/🟑/🟠/πŸ”΄\n\nThe rating depends on the installed text processing backend. See [the rating overview](https://docs.nextcloud.com/server/latest/admin_manual/ai/index.html) for details.\n\nLearn more about the Nextcloud Ethical AI Rating [in our blog](https://nextcloud.com/blog/nextcloud-ethical-ai-rating/).", "homepage": "https://github.com/nextcloud/mail#readme", "licenses": [ @@ -220,9 +220,9 @@ ] }, "music": { - "hash": "sha256-n1HsKmkXL8YSQywGlt3f9lqSDBYcxi3VWO8K9b0PZqY=", - "url": "https://github.com/nc-music/music/releases/download/v3.0.0/nc-music-3.0.0.tar.gz", - "version": "3.0.0", + "hash": "sha256-bQ9NBo5R/en3f68ag+mAsVWuhREjr/ajlKrfLn4Tvtg=", + "url": "https://github.com/nc-music/music/releases/download/v3.1.0/nc-music-3.1.0.tar.gz", + "version": "3.1.0", "description": "A stand-alone music player app and a \"lite\" player for the Files app\n\n- On modern browsers, supports audio types .mp3, .ogg, .m4a, .m4b, .flac, .wav, and more\n- Playlist support with import from .m3u, .m3u8, .pls, and .wpl files\n- Show lyrics from the file metadata or .lrc files\n- Browse by artists, albums, genres, or folders\n- Gapless play\n- Filter the shown content with the search function\n- Advanced search to freely use and combine dozens of search criteria\n- Play internet radio and podcast channels\n- Setup Last.fm connection to scrobble plays and/or see background information on artists, albums, and songs\n- Control with media control keys on the keyboard or OS\n- The app can handle libraries consisting of thousands of albums and tens of thousands of songs\n- Includes a server backend compatible with the Subsonic and Ampache protocols, allowing playback and browsing of your library on dozens of external apps on Android, iOS, Windows, Linux, etc.\n- Widget for the Nextcloud Dashboard", "homepage": "https://github.com/nc-music/music", "licenses": [ @@ -230,9 +230,9 @@ ] }, "news": { - "hash": "sha256-e2lledOH4LzB+/nWjL+wsCuJJTi50yNgPDnGVkl7FNk=", - "url": "https://github.com/nextcloud/news/releases/download/28.4.1/news.tar.gz", - "version": "28.4.1", + "hash": "sha256-T3UBQcNxte18J/yyIucGb/X105t3lh97KWn0joTTuDw=", + "url": "https://github.com/nextcloud/news/releases/download/28.5.1/news.tar.gz", + "version": "28.5.1", "description": "πŸ“° A RSS/Atom Feed reader App for Nextcloud\n\n- πŸ“² Synchronize your feeds with multiple mobile or desktop [clients](https://nextcloud.github.io/news/clients/)\n- πŸ”„ Automatic updates of your news feeds\n- πŸ†“ Free and open source under AGPLv3, no ads or premium functions\n\n**System Cron is currently required for this app to work**\n\nRequirements can be found [here](https://nextcloud.github.io/news/install/#dependencies)\n\nThe Changelog is available [here](https://github.com/nextcloud/news/blob/master/CHANGELOG.md)\n\nCreate a [bug report](https://github.com/nextcloud/news/issues/new/choose)\n\nCreate a [feature request](https://github.com/nextcloud/news/discussions/new)\n\nReport a [feed issue](https://github.com/nextcloud/news/discussions/new)", "homepage": "https://github.com/nextcloud/news", "licenses": [ @@ -250,9 +250,9 @@ ] }, "notes": { - "hash": "sha256-NCBDtNO6jsqws4BE8sGOnox2xUuODleYodQ5vv6jqEs=", - "url": "https://github.com/nextcloud-releases/notes/releases/download/v5.0.0/notes-v5.0.0.tar.gz", - "version": "5.0.0", + "hash": "sha256-xiAXy7CenYNVxgu9KvVTH3XCJjLpRqqxXv+YUsOab90=", + "url": "https://github.com/nextcloud-releases/notes/releases/download/v6.0.0/notes-v6.0.0.tar.gz", + "version": "6.0.0", "description": "The Notes app is a distraction free notes taking app for [Nextcloud](https://www.nextcloud.com/). It provides categories for better organization and supports formatting using [Markdown](https://en.wikipedia.org/wiki/Markdown) syntax. Notes are saved as files in your Nextcloud, so you can view and edit them with every Nextcloud client. Furthermore, a separate [REST API](https://github.com/nextcloud/notes/blob/master/docs/api/README.md) allows for an easy integration into apps ([Android](https://github.com/nextcloud/notes-android), [iOS](https://github.com/nextcloud/notes-ios), as well as [3rd-party apps](https://github.com/nextcloud/notes/wiki#3rd-party-clients) which allow convenient access to your Nextcloud notes). Further features include marking notes as favorites.", "homepage": "https://github.com/nextcloud/notes", "licenses": [ @@ -260,9 +260,9 @@ ] }, "oidc": { - "hash": "sha256-9/fXcx2WBdoJnMb6e+vfq4vPRnmowBcayWJaW3Uey/I=", - "url": "https://github.com/H2CK/oidc/releases/download/1.16.6/oidc-1.16.6.tar.gz", - "version": "1.16.6", + "hash": "sha256-CTnFegGasnG+2MPK6c0H01OjrEKSM0WALwns9nJySaA=", + "url": "https://github.com/H2CK/oidc/releases/download/1.17.0/oidc-1.17.0.tar.gz", + "version": "1.17.0", "description": "Nextcloud as OpenID Connect Identity Provider\n\nWith this app you can use Nextcloud as OpenID Connect Identity Provider. If other services\nare configured correctly, you are able to access those services with your Nextcloud login.\n\nFull documentation can be found at:\n\n- [User Documentation](https://github.com/H2CK/oidc/wiki#user-documentation)\n- [Developer Documentation](https://github.com/H2CK/oidc/wiki#developer-documentation)", "homepage": "https://github.com/H2CK/oidc", "licenses": [ @@ -370,9 +370,9 @@ ] }, "sociallogin": { - "hash": "sha256-9iWHw+8C42OZOhBKcCMQRDRzVpGbawFOb5ZVxLamHl0=", - "url": "https://github.com/zorn-v/nextcloud-social-login/releases/download/v6.5.0/release.tar.gz", - "version": "6.5.0", + "hash": "sha256-8yB+PFGi9+bUjiEEHBJxAyySMluPO/1m3sPUThe5+t0=", + "url": "https://github.com/zorn-v/nextcloud-social-login/releases/download/v6.5.2/release.tar.gz", + "version": "6.5.2", "description": "# Social Login\n\nMake it possible to create users and log in via Telegram, OAuth, or OpenID.\n\nFor OAuth, you must create an app with certain providers. Login buttons will appear on the login page if an app ID is specified. Settings are located in the \"Social login\" section of the settings page.\n\n## Installation\n\nLog in to your Nextcloud installation as an administrator. Under \"Apps\", click \"Download and enable\" next to the \"Social Login\" app.\n\nSee below for setup and configuration instructions.\n\n## Custom OAuth2/OIDC Groups\n\nYou can use groups from your custom provider. For this, specify the \"Groups claim\" in the custom OAuth2/OIDC provider settings. This claim should be returned from the provider in the `id_token` or at the user info endpoint. Multiple claims (comma separated) also supported - groups will be merged.\nThe format should be an `array` or a comma-separated string. E.g., (with a claim named `roles`):\n\n```json\n{\"roles\": [\"admin\", \"user\"]}\n```\nor\n```json\n{\"roles\": \"admin,user\"}\n```\n\nNested claims are also supported. For example, `resource_access.client-id.roles` for:\n\n```json\n\"resource_access\": {\n \"client-id\": {\n \"roles\": [\n \"client-role-1\",\n \"client-role-2\"\n ]\n }\n}\n```\n\n**DisplayName** support is also available:\n```json\n{\"roles\": [{\"gid\": 1, \"displayName\": \"admin\"}, {\"gid\": 2, \"displayName\": \"user\"}]}\n```\n\nYou can use provider groups in two ways:\n\n1. Map provider groups to existing Nextcloud groups.\n2. Create provider groups in Nextcloud and associate them with users (if the appropriate option is enabled).\n\nTo sync groups on every login, ensure the \"Update user profile every login\" setting is checked.\n\n## Examples for Groups\n\n* Configure WSO2IS to return a roles claim with OIDC [here](https://medium.com/@dewni.matheesha/claim-mapping-and-retrieving-end-user-information-in-wso2is-cffd5f3937ff).\n* [GitLab OIDC configuration to allow specific GitLab groups](https://github.com/zorn-v/nextcloud-social-login/blob/master/docs/sso/gitlab.md).\n\n## Built-in OAuth Providers\n\nCopy the link from a specific login button to get the correct \"redirect URL\" for OAuth app settings.\n\n* [Amazon](https://developer.amazon.com/loginwithamazon/console/site/lwa/overview.html)\n* [Apple](https://github.com/zorn-v/nextcloud-social-login/blob/master/docs/sso/apple.md)\n* [Codeberg](https://github.com/zorn-v/nextcloud-social-login/blob/master/docs/sso/codeberg.md)\n* [Discord](#configure-discord)\n* [Facebook](https://github.com/zorn-v/nextcloud-social-login/blob/master/docs/sso/facebook.md)\n* [GitHub](https://github.com/settings/developers)\n* [GitLab](https://github.com/zorn-v/nextcloud-social-login/blob/master/docs/sso/gitlab.md)\n* [Google](https://github.com/zorn-v/nextcloud-social-login/blob/master/docs/sso/google.md)\n* [Keycloak](https://github.com/zorn-v/nextcloud-social-login/blob/master/docs/sso/keycloak.md)\n* [Mail.ru](https://github.com/zorn-v/nextcloud-social-login/blob/master/docs/sso/mailru.md)\n* **PlexTv**: Use any title as the app ID.\n* [Telegram](https://github.com/zorn-v/nextcloud-social-login/blob/master/docs/sso/telegram.md)\n* [Twitter](https://github.com/zorn-v/nextcloud-social-login/blob/master/docs/sso/twitter.md)\n\nFor details about Google's \"Allow login only from specified domain\" setting, see [#44](https://github.com/zorn-v/nextcloud-social-login/issues/44). Use a comma-separated list for multiple domains.\n\n## Configuration\n\nAdd `'social_login_auto_redirect' => true` to `config.php` to automatically redirect unauthorized users to social login if only one provider is configured. To temporarily disable this (e.g., for local admin login), add `noredir=1` to the login URL: `https://cloud.domain.com/login?noredir=1`.\n\nConfigure HTTP client options using:\n```php\n 'social_login_http_client' => [\n 'timeout' => 45,\n 'proxy' => 'socks4://127.0.0.1:9050', // See for allowed formats\n ],\n```\nin `config.php`.\n\n### Configure a Provider via CLI\n\nUse the `occ` utility to configure providers via the command line. Replace variables and URLs with your deployment values:\n```bash\nphp occ config:app:set sociallogin custom_providers --value='{\"custom_oidc\": [{\"name\": \"gitlab_oidc\", \"title\": \"Gitlab\", \"authorizeUrl\": \"https://gitlab.my-domain.org/oauth/authorize\", \"tokenUrl\": \"https://gitlab.my-domain.org/oauth/token\", \"userInfoUrl\": \"https://gitlab.my-domain.org/oauth/userinfo\", \"logoutUrl\": \"\", \"clientId\": \"$my_application_id\", \"clientSecret\": \"$my_super_secret_secret\", \"scope\": \"openid\", \"groupsClaim\": \"groups\", \"style\": \"gitlab\", \"defaultGroup\": \"\"}]}'\n```\nFor Docker, prepend `docker exec -t -uwww-data CONTAINER_NAME` to the command or run interactively via `docker exec -it -uwww-data CONTAINER_NAME sh`.\n\nTo inspect configurations:\n```sql\nmysql -u nextcloud -p nextcloud\nPassword: \n\n> SELECT * FROM oc_appconfig WHERE appid='sociallogin';\n```\nOr run:\n```bash\ndocker exec -t -uwww-data CONTAINER_NAME php occ config:app:get sociallogin custom_providers\n```\n\n### Configure Discord\n\n1. Create a Discord application at [Discord Developer Portal](https://discord.com/developers/applications).\n2. Navigate to `Settings > OAuth2 > General`. Add a redirect URL: `https://nextcloud.mydomain.com/apps/sociallogin/oauth/discord`.\n3. Copy the `CLIENT ID` and generate a `CLIENT SECRET`.\n4. In Nextcloud, go to `Settings > Social Login`. Paste the `CLIENT ID` into \"App id\" and `CLIENT SECRET` into \"Secret\".\n5. Select a default group for new users.\n6. For group mapping, see [#395](https://github.com/zorn-v/nextcloud-social-login/pull/395).\n\n## Hint\n\n### Callback (Reply) URL\nCopy the link from a login button on the Nextcloud login page and use it as the callback URL on your provider's site. To make the button visible temporarily, fill provider settings with placeholder data and update later.\n\nIf you encounter callback URL errors despite correct settings, ensure your Nextcloud server generates HTTPS URLs by adding `'overwriteprotocol' => 'https'` to `config.php`.", "homepage": "https://github.com/zorn-v/nextcloud-social-login", "licenses": [ @@ -380,9 +380,9 @@ ] }, "spreed": { - "hash": "sha256-6XSLzF9xSFISqHVObIb1wavkY2IFXmlUHU7JyFNkVbk=", - "url": "https://github.com/nextcloud-releases/spreed/releases/download/v23.0.5/spreed-v23.0.5.tar.gz", - "version": "23.0.5", + "hash": "sha256-D/S4OCkpWm9DqGZlTSfWGnVIsAWfcdlFX8mCQ6M6qjk=", + "url": "https://github.com/nextcloud-releases/spreed/releases/download/v23.0.6/spreed-v23.0.6.tar.gz", + "version": "23.0.6", "description": "Chat, video & audio-conferencing using WebRTC\n\n* πŸ’¬ **Chat** Nextcloud Talk comes with a simple text chat, allowing you to share or upload files from your Nextcloud Files app or local device and mention other participants.\n* πŸ‘₯ **Private, group, public and password protected calls!** Invite someone, a whole group or send a public link to invite to a call.\n* 🌐 **Federated chats** Chat with other Nextcloud users on their servers\n* πŸ’» **Screen sharing!** Share your screen with the participants of your call.\n* πŸš€ **Integration with other Nextcloud apps** like Files, Calendar, User status, Dashboard, Flow, Maps, Smart picker, Contacts, Deck, and many more.\n* πŸŒ‰ **Sync with other chat solutions** With [Matterbridge](https://github.com/42wim/matterbridge/) being integrated in Talk, you can easily sync a lot of other chat solutions to Nextcloud Talk and vice-versa.", "homepage": "https://github.com/nextcloud/spreed", "licenses": [ @@ -390,9 +390,9 @@ ] }, "tables": { - "hash": "sha256-Fj0pwCYBPvTm6viKxgHRFE/Y4gIWBWvY36Ocj5xokTI=", - "url": "https://github.com/nextcloud-releases/tables/releases/download/v2.1.1/tables-v2.1.1.tar.gz", - "version": "2.1.1", + "hash": "sha256-ZAvytGd4S5dMNLbWi2bURaBOZRGNk5F+vjqKmRfYSL0=", + "url": "https://github.com/nextcloud-releases/tables/releases/download/v2.2.0/tables-v2.2.0.tar.gz", + "version": "2.2.0", "description": "Manage data the way you need it.\n\nWith this app you are able to create your own tables with individual columns. You can start with a template or from scratch and add your wanted columns.\nYou can choose from the following column types:\n- Text line or rich text\n- Link to urls or other nextcloud resources\n- Numbers\n- Progress bar\n- Stars rating\n- Yes/No tick\n- Date and/or time\n- (Multi) selection\n- Users, groups and teams\n\nShare your tables and views with users and groups within your cloud.\n\nHave a good time and manage whatever you want.", "homepage": "https://github.com/nextcloud/tables", "licenses": [ @@ -470,9 +470,9 @@ ] }, "user_saml": { - "hash": "sha256-ZYBbvQVs53i+aDV6mNKCPTD2Qjac8DPMAJJiPs41ofw=", - "url": "https://github.com/nextcloud-releases/user_saml/releases/download/v8.0.1/user_saml-v8.0.1.tar.gz", - "version": "8.0.1", + "hash": "sha256-rEeaUUYhsTVLZDo11Xh/wGI3k97Tq5J0Jn18QY1M1Xs=", + "url": "https://github.com/nextcloud-releases/user_saml/releases/download/v8.1.2/user_saml-v8.1.2.tar.gz", + "version": "8.1.2", "description": "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\t* Authentik\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix.", "homepage": "https://github.com/nextcloud/user_saml", "licenses": [ @@ -480,9 +480,9 @@ ] }, "whiteboard": { - "hash": "sha256-1XNolzWSdWvN8sriDNyLcShbHevMEkkBnrnYBnNRJw0=", - "url": "https://github.com/nextcloud-releases/whiteboard/releases/download/v1.5.8/whiteboard-v1.5.8.tar.gz", - "version": "1.5.8", + "hash": "sha256-GV5dCxn7t+F2vSyJur/VUUrvAiSv5dDvI5ME6EBGof4=", + "url": "https://github.com/nextcloud-releases/whiteboard/releases/download/v1.5.9/whiteboard-v1.5.9.tar.gz", + "version": "1.5.9", "description": "The official whiteboard app for Nextcloud. It allows users to create and share whiteboards with other users and collaborate in real-time.\n\n**Whiteboard requires a separate collaboration server to work.** Please see the [documentation](https://github.com/nextcloud/whiteboard?tab=readme-ov-file#backend) on how to install it.\n\n- 🎨 Drawing shapes, writing text, connecting elements\n- πŸ“ Real-time collaboration\n- πŸ–ΌοΈ Add images with drag and drop\n- πŸ“Š Easily add mermaid diagrams\n- ✨ Use the Smart Picker to embed other elements from Nextcloud\n- πŸ“¦ Image export\n- πŸ’ͺ Strong foundation: We use Excalidraw as our base library", "homepage": "https://github.com/nextcloud/whiteboard", "licenses": [ diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1adc70e3a7b5..46c45b52ff7f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -11138,8 +11138,6 @@ with pkgs; enableUnfree = true; }; - inherit (ocamlPackages) hol_light; - isabelle-components = recurseIntoAttrs (callPackage ../by-name/is/isabelle/components { }); lean3 = lean; diff --git a/pkgs/top-level/ocaml-packages.nix b/pkgs/top-level/ocaml-packages.nix index 6416a7daf1ff..6802e6228f46 100644 --- a/pkgs/top-level/ocaml-packages.nix +++ b/pkgs/top-level/ocaml-packages.nix @@ -2336,8 +2336,6 @@ let google-drive-ocamlfuse = callPackage ../applications/networking/google-drive-ocamlfuse { }; - hol_light = callPackage ../applications/science/logic/hol_light { }; - ### End ### } @@ -2348,6 +2346,7 @@ let dune_2 = pkgs.dune_2; # Added 2025-12-08 dune_3 = pkgs.dune_3; # Added 2025-12-08 gd4o = throw "ocamlPackages.gd4o is not maintained, use ocamlPackages.gd instead"; + hol_light = pkgs.hol_light; # Added 2026-06-02 notty = throw "2026-05-05: notty is no longer maintained, use notty-community instead"; ocaml-freestanding = throw "ocamlPackages.ocaml-freestanding has been removed due to being broken for more than a year; see RFC 180"; # Added 2026-02-05 ocaml-vdom = throw "2023-10-09: ocamlPackages.ocaml-vdom was renamed to ocamlPackages.vdom";