Merge master into staging-next

This commit is contained in:
nixpkgs-ci[bot] 2026-07-01 07:31:55 +00:00 committed by GitHub
commit b53cb02803
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
47 changed files with 783 additions and 265 deletions

View file

@ -6,7 +6,6 @@ let
isString
mapAttrs
removeAttrs
throwIfNot
;
showMaybeAttrPosPre =
@ -108,18 +107,18 @@ in
# attrset spine returned by lazyDerivation does not depend on it.
# Instead, the individual derivation attributes do depend on it.
checked =
throwIfNot (derivation.type or null == "derivation") "lazyDerivation: input must be a derivation."
throwIfNot
# NOTE: Technically we could require our outputs to be a subset of the
# actual ones, or even leave them unchecked and fail on a lazy basis.
# However, consider the case where an output is added in the underlying
# derivation, such as dev. lazyDerivation would remove it and cause it
# to fail as a buildInputs item, without any indication as to what
# happened. Hence the more stringent condition. We could consider
# adding a flag to control this behavior if there's a valid case for it,
# but the documentation must have a note like this.
(derivation.outputs == outputs)
''
if derivation.type or null != "derivation" then
throw "lazyDerivation: input must be a derivation."
# NOTE: Technically we could require our outputs to be a subset of the
# actual ones, or even leave them unchecked and fail on a lazy basis.
# However, consider the case where an output is added in the underlying
# derivation, such as dev. lazyDerivation would remove it and cause it
# to fail as a buildInputs item, without any indication as to what
# happened. Hence the more stringent condition. We could consider
# adding a flag to control this behavior if there's a valid case for it,
# but the documentation must have a note like this.
else if derivation.outputs != outputs then
throw ''
lib.lazyDerivation: The derivation ${derivation.name or "<unknown>"} has outputs that don't match the assumed outputs.
Assumed outputs passed to lazyDerivation${showMaybeAttrPosPre ",\n at " "outputs" args}:
@ -142,6 +141,7 @@ in
If none of the above works for you, replace the lib.lazyDerivation call by the
expression in the derivation argument.
''
else
derivation;
in
{

View file

@ -22,7 +22,6 @@ let
concatMapStringsSep
head
length
throwIf
;
inherit (lib.attrsets)
attrsToList
@ -130,7 +129,7 @@ rec {
hashesAsNVPairs = attrsToList (intersectAttrs hashSet args);
in
if hashesAsNVPairs == [ ] then
throwIf required "fetcher called without `hash`" null
if required then throw "fetcher called without `hash`" else null
else if length hashesAsNVPairs != 1 then
throw "fetcher called with mutually-incompatible arguments: ${
concatMapStringsSep ", " (a: a.name) hashesAsNVPairs

View file

@ -24,7 +24,6 @@ let
inherit (lib)
addErrorContext
any
assertMsg
attrNames
attrValues
concatLists
@ -64,7 +63,6 @@ let
reverseList
splitString
tail
toList
;
inherit (lib.strings)
@ -849,7 +847,7 @@ rec {
_type == "lua-inline";
generatedBindings =
assert assertMsg (badVarNames == [ ]) "Bad Lua var names: ${toPretty { } badVarNames}";
assert badVarNames == [ ] || throw "Bad Lua var names: ${toPretty { } badVarNames}";
concatStrings (mapAttrsToList (key: value: "${indent}${key} = ${toLua innerArgs value}\n") v);
# https://en.wikibooks.org/wiki/Lua_Programming/variable#Variable_names

View file

@ -191,10 +191,15 @@ rec {
mkArray =
elems:
let
vs = map mkValue (lib.throwIf (elems == [ ]) "Please create empty array with mkEmptyArray." elems);
elemType = lib.throwIfNot (lib.all (t: (head vs).type == t) (
map (v: v.type) vs
)) "Elements in a list should have same type." (head vs).type;
vs = map mkValue (
if elems == [ ] then throw "Please create empty array with mkEmptyArray." else elems
);
firstType = (head vs).type;
elemType =
if lib.any (v: v.type != firstType) vs then
throw "Elements in a list should have same type."
else
firstType;
in
mkPrimitive (type.arrayOf elemType) vs
// {

View file

@ -1848,7 +1848,7 @@ rec {
*/
last =
list:
assert lib.assertMsg (list != [ ]) "lists.last: list must not be empty!";
assert list != [ ] || throw "lists.last: list must not be empty!";
elemAt list (length list - 1);
/**
@ -1881,7 +1881,7 @@ rec {
*/
init =
list:
assert lib.assertMsg (list != [ ]) "lists.init: list must not be empty!";
assert list != [ ] || throw "lists.init: list must not be empty!";
genList (elemAt list) (length list - 1);
/**
@ -2157,7 +2157,8 @@ rec {
*/
replaceElemAt =
list: idx: newElem:
assert lib.assertMsg (idx >= 0 && idx < length list)
"'lists.replaceElemAt' called with index ${toString idx} on a list of size ${toString (length list)}";
assert
idx >= 0 && idx < length list
|| throw "'lists.replaceElemAt' called with index ${toString idx} on a list of size ${toString (length list)}";
genList (i: if i == idx then newElem else elemAt list i) (length list);
}

View file

@ -12,7 +12,6 @@ let
all
isDerivation
getBin
assertMsg
;
inherit (lib.attrsets) mapAttrs' filterAttrs;
inherit (builtins)
@ -571,12 +570,15 @@ rec {
*/
getExe' =
x: y:
assert assertMsg (isDerivation x)
"lib.meta.getExe': The first argument is of type ${typeOf x}, but it should be a derivation instead.";
assert assertMsg (isString y)
"lib.meta.getExe': The second argument is of type ${typeOf y}, but it should be a string instead.";
assert assertMsg (match ".*/.*" y == null)
"lib.meta.getExe': The second argument \"${y}\" is a nested path with a \"/\" character, but it should just be the name of the executable instead.";
assert
isDerivation x
|| throw "lib.meta.getExe': The first argument is of type ${typeOf x}, but it should be a derivation instead.";
assert
isString y
|| throw "lib.meta.getExe': The second argument is of type ${typeOf y}, but it should be a string instead.";
assert
match ".*/.*" y == null
|| throw "lib.meta.getExe': The second argument \"${y}\" is a nested path with a \"/\" character, but it should just be the name of the executable instead.";
"${getBin x}/bin/${y}";
/**

View file

@ -46,7 +46,6 @@ let
setAttrByPath
substring
take
throwIfNot
trace
typeOf
types
@ -680,8 +679,11 @@ let
config = addFreeformType (addMeta (m.config or { }));
}
else
# shorthand syntax
throwIfNot (isAttrs m) "module ${file} (${key}) does not look like a module." {
# shorthand syntax
if !isAttrs m then
throw "module ${file} (${key}) does not look like a module."
else
{
_file = toString m._file or file;
_class = m._class or null;
key = toString m.key or key;

View file

@ -104,9 +104,9 @@ let
*/
parseExpandedIpv6 =
addr:
assert lib.assertMsg (
assert
length addr == ipv6Pieces
) "parseExpandedIpv6: expected list of integers with ${ipv6Pieces} elements";
|| throw "parseExpandedIpv6: expected list of integers with ${ipv6Pieces} elements";
let
u16FromHexStr =
hex:

View file

@ -32,10 +32,6 @@ let
substring
;
inherit (lib.asserts)
assertMsg
;
inherit (lib.path.subpath)
isValid
;
@ -238,11 +234,14 @@ in
path:
# The subpath string to append
subpath:
assert assertMsg (isPath path)
"lib.path.append: The first argument is of type ${builtins.typeOf path}, but a path was expected";
assert assertMsg (isValid subpath) ''
lib.path.append: Second argument is not a valid subpath string:
${subpathInvalidReason subpath}'';
assert
isPath path
|| throw "lib.path.append: The first argument is of type ${builtins.typeOf path}, but a path was expected";
assert
isValid subpath
|| throw ''
lib.path.append: Second argument is not a valid subpath string:
${subpathInvalidReason subpath}'';
path + ("/" + subpath);
/**
@ -285,21 +284,25 @@ in
*/
hasPrefix =
path1:
assert assertMsg (isPath path1)
"lib.path.hasPrefix: First argument is of type ${typeOf path1}, but a path was expected";
assert
isPath path1
|| throw "lib.path.hasPrefix: First argument is of type ${typeOf path1}, but a path was expected";
let
path1Deconstructed = deconstructPath path1;
in
path2:
assert assertMsg (isPath path2)
"lib.path.hasPrefix: Second argument is of type ${typeOf path2}, but a path was expected";
assert
isPath path2
|| throw "lib.path.hasPrefix: Second argument is of type ${typeOf path2}, but a path was expected";
let
path2Deconstructed = deconstructPath path2;
in
assert assertMsg (path1Deconstructed.root == path2Deconstructed.root) ''
lib.path.hasPrefix: Filesystem roots must be the same for both paths, but paths with different roots were given:
first argument: "${toString path1}" with root "${toString path1Deconstructed.root}"
second argument: "${toString path2}" with root "${toString path2Deconstructed.root}"'';
assert
path1Deconstructed.root == path2Deconstructed.root
|| throw ''
lib.path.hasPrefix: Filesystem roots must be the same for both paths, but paths with different roots were given:
first argument: "${toString path1}" with root "${toString path1Deconstructed.root}"
second argument: "${toString path2}" with root "${toString path2Deconstructed.root}"'';
take (length path1Deconstructed.components) path2Deconstructed.components
== path1Deconstructed.components;
@ -344,15 +347,17 @@ in
*/
removePrefix =
path1:
assert assertMsg (isPath path1)
"lib.path.removePrefix: First argument is of type ${typeOf path1}, but a path was expected.";
assert
isPath path1
|| throw "lib.path.removePrefix: First argument is of type ${typeOf path1}, but a path was expected.";
let
path1Deconstructed = deconstructPath path1;
path1Length = length path1Deconstructed.components;
in
path2:
assert assertMsg (isPath path2)
"lib.path.removePrefix: Second argument is of type ${typeOf path2}, but a path was expected.";
assert
isPath path2
|| throw "lib.path.removePrefix: Second argument is of type ${typeOf path2}, but a path was expected.";
let
path2Deconstructed = deconstructPath path2;
success = take path1Length path2Deconstructed.components == path1Deconstructed.components;
@ -362,10 +367,12 @@ in
else
throw ''lib.path.removePrefix: The first path argument "${toString path1}" is not a component-wise prefix of the second path argument "${toString path2}".'';
in
assert assertMsg (path1Deconstructed.root == path2Deconstructed.root) ''
lib.path.removePrefix: Filesystem roots must be the same for both paths, but paths with different roots were given:
first argument: "${toString path1}" with root "${toString path1Deconstructed.root}"
second argument: "${toString path2}" with root "${toString path2Deconstructed.root}"'';
assert
path1Deconstructed.root == path2Deconstructed.root
|| throw ''
lib.path.removePrefix: Filesystem roots must be the same for both paths, but paths with different roots were given:
first argument: "${toString path1}" with root "${toString path1Deconstructed.root}"
second argument: "${toString path2}" with root "${toString path2Deconstructed.root}"'';
joinRelPath components;
/**
@ -422,8 +429,9 @@ in
splitRoot =
# The path to split the root off of
path:
assert assertMsg (isPath path)
"lib.path.splitRoot: Argument is of type ${typeOf path}, but a path was expected";
assert
isPath path
|| throw "lib.path.splitRoot: Argument is of type ${typeOf path}, but a path was expected";
let
deconstructed = deconstructPath path;
in
@ -494,14 +502,15 @@ in
let
deconstructed = deconstructPath path;
in
assert assertMsg (isPath path)
"lib.path.hasStorePathPrefix: Argument is of type ${typeOf path}, but a path was expected";
assert assertMsg
assert
isPath path
|| throw "lib.path.hasStorePathPrefix: Argument is of type ${typeOf path}, but a path was expected";
assert
# This function likely breaks or needs adjustment if used with other filesystem roots, if they ever get implemented.
# Let's try to error nicely in such a case, though it's unclear how an implementation would work even and whether this could be detected.
# See also https://github.com/NixOS/nix/pull/6530#discussion_r1422843117
(deconstructed.root == /. && toString deconstructed.root == "/")
"lib.path.hasStorePathPrefix: Argument has a filesystem root (${toString deconstructed.root}) that's not /, which is currently not supported.";
deconstructed.root == /. && toString deconstructed.root == "/"
|| throw "lib.path.hasStorePathPrefix: Argument has a filesystem root (${toString deconstructed.root}) that's not /, which is currently not supported.";
componentsHaveStorePathPrefix deconstructed.components;
/**
@ -702,9 +711,11 @@ in
subpath.components =
# The subpath string to split into components
subpath:
assert assertMsg (isValid subpath) ''
lib.path.subpath.components: Argument is not a valid subpath string:
${subpathInvalidReason subpath}'';
assert
isValid subpath
|| throw ''
lib.path.subpath.components: Argument is not a valid subpath string:
${subpathInvalidReason subpath}'';
splitRelPath subpath;
/**
@ -799,9 +810,11 @@ in
subpath.normalise =
# The subpath string to normalise
subpath:
assert assertMsg (isValid subpath) ''
lib.path.subpath.normalise: Argument is not a valid subpath string:
${subpathInvalidReason subpath}'';
assert
isValid subpath
|| throw ''
lib.path.subpath.normalise: Argument is not a valid subpath string:
${subpathInvalidReason subpath}'';
joinRelPath (splitRelPath subpath);
}

View file

@ -1589,15 +1589,14 @@ rec {
*/
toSentenceCase =
str:
lib.throwIfNot (isString str)
"toSentenceCase does only accepts string values, but got ${typeOf str}"
(
let
firstChar = substring 0 1 str;
rest = substring 1 (-1) str; # -1 takes till the end of the string
in
toUpper firstChar + toLower rest
);
if !isString str then
throw "toSentenceCase does only accepts string values, but got ${typeOf str}"
else
let
firstChar = substring 0 1 str;
rest = substring 1 (-1) str; # -1 takes till the end of the string
in
toUpper firstChar + toLower rest;
/**
Converts a string to camelCase. Handles snake_case, PascalCase,
@ -1633,7 +1632,9 @@ rec {
*/
toCamelCase =
str:
lib.throwIfNot (isString str) "toCamelCase does only accepts string values, but got ${typeOf str}" (
if !isString str then
throw "toCamelCase does only accepts string values, but got ${typeOf str}"
else
let
separators = splitStringBy (
prev: curr:
@ -1653,8 +1654,7 @@ rec {
first = if length parts > 0 then toLower (head parts) else "";
rest = if length parts > 1 then map toSentenceCase (tail parts) else [ ];
in
concatStrings ([ first ] ++ rest)
);
concatStrings ([ first ] ++ rest);
/**
Appends string context from string like object `src` to `target`.
@ -2532,8 +2532,9 @@ rec {
strw = lib.stringLength str;
reqWidth = width - (lib.stringLength filler);
in
assert lib.assertMsg (strw <= width)
"fixedWidthString: requested string length (${toString width}) must not be shorter than actual length (${toString strw})";
assert
strw <= width
|| throw "fixedWidthString: requested string length (${toString width}) must not be shorter than actual length (${toString strw})";
if strw == width then str else filler + fixedWidthString reqWidth filler str;
/**

View file

@ -21,7 +21,6 @@ let
isString
substring
sort
throwIf
toDerivation
toList
types
@ -408,7 +407,7 @@ rec {
betweenDesc = lowest: highest: "${toString lowest} and ${toString highest} (both inclusive)";
between =
lowest: highest:
assert lib.assertMsg (lowest <= highest) "ints.between: lowest must be smaller than highest";
assert lowest <= highest || throw "ints.between: lowest must be smaller than highest";
addCheck int (x: x >= lowest && x <= highest)
// {
name = "intBetween";
@ -495,7 +494,7 @@ rec {
{
between =
lowest: highest:
assert lib.assertMsg (lowest <= highest) "numbers.between: lowest must be smaller than highest";
assert lowest <= highest || throw "numbers.between: lowest must be smaller than highest";
addCheck number (x: x >= lowest && x <= highest)
// {
name = "numberBetween";
@ -660,10 +659,10 @@ rec {
inStore ? null,
absolute ? null,
}:
throwIf (inStore != null && absolute != null && inStore && !absolute)
"In pathWith, inStore means the path must be absolute"
mkOptionType
{
if inStore != null && absolute != null && inStore && !absolute then
throw "In pathWith, inStore means the path must be absolute"
else
mkOptionType {
name = "path";
description = (
(if absolute == null then "" else (if absolute then "absolute " else "relative "))
@ -1079,8 +1078,8 @@ rec {
builtins.addErrorContext
"while checking that attrTag tag ${lib.strings.escapeNixIdentifier n} is an option with a type${inAttrPosSuffix tags_ n}"
(
throwIf (opt._type or null != "option")
"In attrTag, each tag value must be an option, but tag ${lib.strings.escapeNixIdentifier n} ${
if opt._type or null != "option" then
throw "In attrTag, each tag value must be an option, but tag ${lib.strings.escapeNixIdentifier n} ${
if opt ? _type then
if opt._type == "option-type" then
"was a bare type, not wrapped in mkOption."
@ -1089,23 +1088,24 @@ rec {
else
"was not."
}"
else
opt
// {
declarations =
opt.declarations or (
let
pos = builtins.unsafeGetAttrPos n tags_;
in
if pos == null then [ ] else [ pos.file ]
);
declarationPositions =
opt.declarationPositions or (
let
pos = builtins.unsafeGetAttrPos n tags_;
in
if pos == null then [ ] else [ pos ]
);
}
// {
declarations =
opt.declarations or (
let
pos = builtins.unsafeGetAttrPos n tags_;
in
if pos == null then [ ] else [ pos.file ]
);
declarationPositions =
opt.declarationPositions or (
let
pos = builtins.unsafeGetAttrPos n tags_;
in
if pos == null then [ ] else [ pos ]
);
}
)
) tags_;
choicesStr = concatMapStringsSep ", " lib.strings.escapeNixIdentifier (attrNames tags);
@ -1728,9 +1728,9 @@ rec {
# converted to `finalType` using `coerceFunc`.
coercedTo =
coercedType: coerceFunc: finalType:
assert lib.assertMsg (
assert
coercedType.getSubModules == null
) "coercedTo: coercedType must not have submodules (its a ${coercedType.description})";
|| throw "coercedTo: coercedType must not have submodules (its a ${coercedType.description})";
mkOptionType rec {
name = "coercedTo";
description = "${optionDescriptionPhrase (class: class == "noun") finalType} or ${

View file

@ -625,6 +625,7 @@ in
flannel = runTestOn [ "x86_64-linux" ] ./flannel.nix;
flap-alerted = runTest ./flap-alerted.nix;
flaresolverr = runTest ./flaresolverr.nix;
flarum = runTest ./flarum.nix;
flood = runTest ./flood.nix;
fluent-bit = runTest ./fluent-bit.nix;
fluentd = runTest ./fluentd.nix;

52
nixos/tests/flarum.nix Normal file
View file

@ -0,0 +1,52 @@
{ lib, ... }:
{
name = "flarum";
meta = {
maintainers = with lib.maintainers; [
fsagbuya
jasonodoom
];
};
nodes.machine =
{ ... }:
{
# Flarum installs and migrates the database on first boot and runs a
# MariaDB server alongside PHP-FPM and nginx, so give the VM some headroom.
virtualisation.memorySize = 2048;
services.flarum = {
enable = true;
forumTitle = "NixOS Flarum Test Forum";
domain = "localhost";
baseUrl = "http://localhost";
# Run `flarum install` against the locally provisioned MariaDB. Safe here
# because the VM always starts from a fresh, empty database.
createDatabaseLocally = true;
adminUser = "admin";
adminEmail = "admin@example.com";
# Flarum rejects admin passwords shorter than 8 characters.
initialAdminPassword = "flarum-admin-password";
};
};
testScript = ''
start_all()
# PHP-FPM is ordered after the oneshot installer (Type=oneshot, no
# RemainAfterExit), so waiting on it implies the install/migrate finished.
machine.wait_for_unit("phpfpm-flarum.service")
machine.wait_for_unit("nginx.service")
machine.wait_for_open_port(80)
# The forum front page is server-rendered and embeds the configured title.
machine.wait_until_succeeds("curl -sf http://localhost/ -o /dev/null")
machine.succeed("curl -sf http://localhost/ | grep -F 'NixOS Flarum Test Forum'")
# The admin API endpoint should respond, confirming the app booted cleanly.
machine.succeed("curl -sf http://localhost/api -o /dev/null")
'';
}

View file

@ -29,8 +29,8 @@ in
];
};
nodes = {
victoriametrics =
containers = {
vmserver =
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.jq ];
@ -55,14 +55,14 @@ in
node.wait_for_unit("prometheus-node-exporter")
node.wait_for_open_port(${toString nodeExporterPort})
victoriametrics.wait_for_unit("victoriametrics")
victoriametrics.wait_for_open_port(8428)
vmserver.wait_for_unit("victoriametrics")
vmserver.wait_for_open_port(8428)
promscrape_config = victoriametrics.succeed("journalctl -u victoriametrics -o cat | grep 'promscrape.config'")
promscrape_config = vmserver.succeed("journalctl -u victoriametrics -o cat | grep 'promscrape.config'")
assert '${toString promscrapeConfigYaml}' in promscrape_config
victoriametrics.wait_until_succeeds(
vmserver.wait_until_succeeds(
"curl -sf 'http://localhost:8428/api/v1/query?query=node_exporter_build_info\{instance=\"node:9100\"\}' | "
+ "jq '.data.result[0].value[1]' | grep '\"1\"'"
)

View file

@ -14,8 +14,8 @@ in
];
};
nodes = {
victoriametrics =
containers = {
vmserver =
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.jq ];
@ -34,7 +34,7 @@ in
services.vmagent = {
enable = true;
remoteWrite = {
url = "http://victoriametrics:8428/api/v1/write";
url = "http://vmserver:8428/api/v1/write";
basicAuthUsername = username;
basicAuthPasswordFile = toString passwordFile;
};
@ -71,13 +71,13 @@ in
node.wait_for_unit("prometheus-node-exporter")
node.wait_for_open_port(9100)
victoriametrics.wait_for_unit("victoriametrics")
victoriametrics.wait_for_open_port(8428)
vmserver.wait_for_unit("victoriametrics")
vmserver.wait_for_open_port(8428)
vmagent.wait_for_unit("vmagent")
# check remote write
victoriametrics.wait_until_succeeds(
vmserver.wait_until_succeeds(
"curl --user '${username}:${password}' -sf 'http://localhost:8428/api/v1/query?query=node_exporter_build_info\{instance=\"node:9100\"\}' | "
+ "jq '.data.result[0].value[1]' | grep '\"1\"'"
)

View file

@ -9,8 +9,8 @@
];
};
nodes = {
victoriametrics =
containers = {
vmserver =
{ config, pkgs, ... }:
{
environment.systemPackages = [ pkgs.jq ];
@ -27,7 +27,7 @@
static_configs = [
{
targets = [
"alertmanager:${toString config.services.prometheus.alertmanager.port}"
"alert:${toString config.services.prometheus.alertmanager.port}"
];
}
];
@ -51,7 +51,7 @@
settings = {
"datasource.url" = "http://localhost:8428"; # victoriametrics' api
"notifier.url" = [
"http://alertmanager:${toString config.services.prometheus.alertmanager.port}"
"http://alert:${toString config.services.prometheus.alertmanager.port}"
]; # alertmanager's api
rule = [
(pkgs.writeText "instance-down.yml" ''
@ -71,7 +71,7 @@
};
};
alertmanager = {
alert = {
services.prometheus.alertmanager = {
enable = true;
openFirewall = true;
@ -115,33 +115,33 @@
};
testScript = ''
alertmanager.wait_for_unit("alertmanager")
alertmanager.wait_for_open_port(9093)
alertmanager.wait_until_succeeds("curl -s http://127.0.0.1:9093/-/ready")
alert.wait_for_unit("alertmanager")
alert.wait_for_open_port(9093)
alert.wait_until_succeeds("curl -s http://127.0.0.1:9093/-/ready")
logger.wait_for_unit("alertmanager-webhook-logger")
logger.wait_for_open_port(6725)
victoriametrics.wait_for_unit("victoriametrics")
victoriametrics.wait_for_unit("vmalert")
victoriametrics.wait_for_open_port(8428)
vmserver.wait_for_unit("victoriametrics")
vmserver.wait_for_unit("vmalert")
vmserver.wait_for_open_port(8428)
victoriametrics.wait_until_succeeds(
vmserver.wait_until_succeeds(
"curl -sf 'http://127.0.0.1:8428/api/v1/query?query=count(up\{job=\"alertmanager\"\}==1)' | "
+ "jq '.data.result[0].value[1]' | grep '\"1\"'"
)
victoriametrics.wait_until_succeeds(
vmserver.wait_until_succeeds(
"curl -sf 'http://127.0.0.1:8428/api/v1/query?query=sum(alertmanager_build_info)%20by%20(version)' | "
+ "jq '.data.result[0].metric.version' | grep '\"${pkgs.prometheus-alertmanager.version}\"'"
)
victoriametrics.wait_until_succeeds(
vmserver.wait_until_succeeds(
"curl -sf 'http://127.0.0.1:8428/api/v1/query?query=count(up\{job=\"node\"\}!=1)' | "
+ "jq '.data.result[0].value[1]' | grep '\"1\"'"
)
victoriametrics.wait_until_succeeds(
vmserver.wait_until_succeeds(
"curl -sf 'http://127.0.0.1:8428/api/v1/query?query=alertmanager_notifications_total\{integration=\"webhook\"\}' | "
+ "jq '.data.result[0].value[1]' | grep -v '\"0\"'"
)
@ -152,6 +152,6 @@
logger.log(logger.succeed("systemd-analyze security alertmanager-webhook-logger.service | grep -v ''"))
alertmanager.log(alertmanager.succeed("systemd-analyze security alertmanager.service | grep -v ''"))
alert.log(alert.succeed("systemd-analyze security alertmanager.service | grep -v ''"))
'';
}

View file

@ -355,11 +355,11 @@
"vendorHash": null
},
"dopplerhq_doppler": {
"hash": "sha256-vYLNRSk8U9Ez5+LrC9cr6Ux32p7n93WOJaM4lY7ghE0=",
"hash": "sha256-SS2S4JGG1Xu0p4k6lVlTr173Xanwc6hZ0A3osEWGdEg=",
"homepage": "https://registry.terraform.io/providers/DopplerHQ/doppler",
"owner": "DopplerHQ",
"repo": "terraform-provider-doppler",
"rev": "v1.21.3",
"rev": "v1.21.4",
"spdx": "Apache-2.0",
"vendorHash": "sha256-B8mYLd4VdADWoQLWiCM85VQrBfDdlYQ0wkCp9eUBQ4U="
},
@ -968,13 +968,13 @@
"vendorHash": "sha256-OAd8SeTqTrH0kMoM2LsK3vM2PI23b3gl57FaJYM9hM0="
},
"newrelic_newrelic": {
"hash": "sha256-sUawDMMhwCo2xqnPNiaRMGKo3rRxNGjLEl2NYwfVuMk=",
"hash": "sha256-/y3BdJAwmmR9FHzbYh+2EBAae+WQp5+wubPEh6Tw98s=",
"homepage": "https://registry.terraform.io/providers/newrelic/newrelic",
"owner": "newrelic",
"repo": "terraform-provider-newrelic",
"rev": "v3.93.2",
"rev": "v3.94.0",
"spdx": "MPL-2.0",
"vendorHash": "sha256-fCdwTWYbwuJUh+9WeVN5WmpPxdop49oHZ2cUm3K5w6w="
"vendorHash": "sha256-gbkuHyFBc1WUbtDFXnyzUlYdIvyFPwBHd+gg7VPenb4="
},
"ns1-terraform_ns1": {
"hash": "sha256-6w0r6QXm16h4I4PFj80dJhTDbF4FPMjJalO0TfXGBEA=",

View file

@ -1,21 +1,21 @@
{
"version": "1.3.20-stable",
"version": "1.3.21-stable",
"sources": {
"aarch64-darwin": {
"url": "https://acli.atlassian.com/darwin/1.3.20-stable/acli_1.3.20-stable_darwin_arm64.tar.gz",
"sha256": "5fca5f021b8202f77f60ecc0ded293fb4af67afdb462ed20dce990cfedc49517"
"url": "https://acli.atlassian.com/darwin/1.3.21-stable/acli_1.3.21-stable_darwin_arm64.tar.gz",
"sha256": "39687d1c18054736f7264d76d33ceb89e8ebf480fbbba9541d9fefdda94ded66"
},
"aarch64-linux": {
"url": "https://acli.atlassian.com/linux/1.3.20-stable/acli_1.3.20-stable_linux_arm64.tar.gz",
"sha256": "2209f6ab1f7fb4c16247e30115d0ff7c1511161aeae4d166e0e79ec81125a4b1"
"url": "https://acli.atlassian.com/linux/1.3.21-stable/acli_1.3.21-stable_linux_arm64.tar.gz",
"sha256": "b6104cd1737613fe4b24c20619965bb59b7b9bc09e39fb95f41a671b2b320ab8"
},
"x86_64-darwin": {
"url": "https://acli.atlassian.com/darwin/1.3.20-stable/acli_1.3.20-stable_darwin_amd64.tar.gz",
"sha256": "4b9c4faa0d635b6e9194b101d4826b26cd6a15c46313f6a5f9436e20e8a48b78"
"url": "https://acli.atlassian.com/darwin/1.3.21-stable/acli_1.3.21-stable_darwin_amd64.tar.gz",
"sha256": "75f08d45886f770117405bb5b053bfa4c8e98045afe3dfa965905fabd8825f5c"
},
"x86_64-linux": {
"url": "https://acli.atlassian.com/linux/1.3.20-stable/acli_1.3.20-stable_linux_amd64.tar.gz",
"sha256": "4e0190233a58276001a3cdff23e4be5e30844f98c639c49cfdeb581b9eb147aa"
"url": "https://acli.atlassian.com/linux/1.3.21-stable/acli_1.3.21-stable_linux_amd64.tar.gz",
"sha256": "f158f6e8f6ae7e279d1ced8ce85a93647aa70c42c29f0d5ad303ebd3c727f956"
}
}
}

View file

@ -7,7 +7,7 @@
python3Packages.buildPythonApplication (finalAttrs: {
pname = "adscan";
version = "9.1.1";
version = "9.2.0";
pyproject = true;
__structuredAttrs = true;
@ -16,7 +16,7 @@ python3Packages.buildPythonApplication (finalAttrs: {
owner = "ADScanPro";
repo = "adscan";
tag = "v${finalAttrs.version}";
hash = "sha256-lVoDPRw2NQBQJo37uKT807HXN28cDFxiWwedTiYhojc=";
hash = "sha256-28v36+sbgt/xaE8N7w4o0WTMYd95QsW190VPhOgL3+8=";
};
pythonRelaxDeps = [ "credsweeper" ];

View file

@ -6,14 +6,14 @@
python3.pkgs.buildPythonApplication (finalAttrs: {
pname = "embedxpl";
version = "3.8.1";
version = "3.8.8";
pyproject = true;
src = fetchFromGitHub {
owner = "mrhenrike";
repo = "EmbedXPL-Forge";
tag = "v${finalAttrs.version}";
hash = "sha256-y3Ftmqb5RnY1U2uqrq4Olyr0I0ZVJo/pgMY7RpbZqlU=";
hash = "sha256-L3gY2wna1V7nF/vGwr1hzq8WeQxTTsvgKMAatVUKZ9E=";
};
__structuredAttrs = true;

View file

@ -2,6 +2,7 @@
lib,
php,
fetchFromGitHub,
nixosTests,
}:
php.buildComposerProject2 (finalAttrs: {
@ -19,6 +20,8 @@ php.buildComposerProject2 (finalAttrs: {
composerStrictValidation = false;
vendorHash = "sha256-EHl+Mr6y5A51EpLPAWUGtiPkLOky6KvsSY4JWHeyO28=";
passthru.tests.module = nixosTests.flarum;
meta = {
changelog = "https://github.com/flarum/framework/blob/main/CHANGELOG.md";
description = "Delightfully simple discussion platform for your website";

View file

@ -16,14 +16,14 @@
}:
python3Packages.buildPythonApplication (finalAttrs: {
pname = "handheld-daemon";
version = "4.1.9";
version = "4.1.10";
pyproject = true;
src = fetchFromGitHub {
owner = "hhd-dev";
repo = "hhd";
tag = "v${finalAttrs.version}";
hash = "sha256-pzcMIXLZUkSqJuZTujAoKjfPuZgtit4u08wHZPPz8Ss=";
hash = "sha256-+POL5d9kn5oCGeu79gWxK0b0UHn//j/QjHq9wLZw6h8=";
};
# Handheld-daemon runs some selinux-related utils which are not in nixpkgs.

View file

@ -13,13 +13,13 @@
let
# Use unstable because it has improvements for finding python
version = "0.12-unstable-2026-05-28";
version = "0.12-unstable-2026-06-29";
src = fetchFromGitHub {
owner = "FPGAwars";
repo = "icestudio";
rev = "cfa40bd83ada8d7f3594c2cd60e39d2d63ff14d0";
hash = "sha256-vp4cLDK2mfheLw+0ysNjKW5bbrm806Y6sHkSpEgWo4U=";
rev = "8607f7ef538c4b447362b2ab90aece2fbb7d1b75";
hash = "sha256-8KYwlOKKmTQza71cVpssOGJJNwIUvMHMYcokhK/LhEo=";
};
collection = fetchurl {

View file

@ -20,14 +20,14 @@ let
in
stdenv.mkDerivation (finalAttrs: {
pname = "incus-ui-canonical";
version = "0.21.2";
version = "0.21.3";
src = fetchFromGitHub {
owner = "zabbly";
repo = "incus-ui-canonical";
# only use tags prefixed by incus- they are the tested fork versions
tag = "incus-${finalAttrs.version}";
hash = "sha256-nCussrzWjFbZ6its3X74KBktv/dZO76OJGwG7upjkMw=";
hash = "sha256-fyeh7KX2Cvo2YmUNnmzeWkTGgGrJHhjbq39AmnwhgAs=";
};
offlineCache = fetchYarnDeps {

View file

@ -146,9 +146,8 @@ flutter338.buildFlutterApplication {
ln -s ${buttplug} ../buttplug
'';
# without this, only the splash screen will be shown and the logs will contain the
# line `Failed to load dynamic library 'lib/libintiface_engine_flutter_bridge.so'`
extraWrapProgramArgs = "--chdir $out/app/intiface-central";
# without this, only the splash screen will be shown
extraWrapProgramArgs = "--set FRB_DART_LOAD_EXTERNAL_LIBRARY_NATIVE_LIB_DIR $out/app/intiface-central/lib";
postInstall = ''
install -Dm644 $out/app/intiface-central/data/flutter_assets/assets/icons/intiface_central_icon.png $out/share/icons/hicolor/512x512/apps/intiface-central.png

View file

@ -27,6 +27,10 @@ libfprint.overrideAttrs (
hash = "sha256-xkywuFbt8EFJOlIsSN2hhZfMUhywdgJ/uT17uiO3YV4=";
};
# Different source than libfprint, so override any patches, because they
# would only apply to the original source tree
patches = [ ];
mesonFlags = [
# Include virtual drivers for fprintd tests
"-Ddrivers=all"

View file

@ -2,6 +2,7 @@
lib,
stdenv,
fetchFromGitLab,
fetchpatch,
pkg-config,
meson,
python3,
@ -35,6 +36,35 @@ stdenv.mkDerivation (finalAttrs: {
hash = "sha256-aNBUIKY3PP5A07UNg3N0qq+2cwb6Fk67oKQcXgr2G/4=";
};
patches = [
# New hardware support since 1.94.10, just new USB Product IDs
(fetchpatch {
name = "realtek-3274-9003.patch";
url = "https://gitlab.freedesktop.org/libfprint/libfprint/-/commit/a25f71cf97820c51edc4c32f84686fcdc608d9d1.patch";
sha256 = "sha256-T9rvT53Ij+5gtiVOp+xfzQwiVkyF0m6lZAUCXWmaugg=";
})
(fetchpatch {
name = "elan-0c58.patch";
url = "https://gitlab.freedesktop.org/libfprint/libfprint/-/commit/4610f2285e6373c2fe4ead0dff4ebf8dabe4e532.patch";
sha256 = "sha256-VR96V+7FvSa8sE6JpcCx/slZ0MaK9HLuNuAay2P9C6M=";
})
(fetchpatch {
name = "elan-04F3-0C9C.patch";
url = "https://gitlab.freedesktop.org/libfprint/libfprint/-/commit/2bdc2b7ca6d8bedc675054934fbc8f8b6a21deac.patch";
sha256 = "sha256-LFMip9Mq55uDRgHkW+XeI+j0mILOb7DIHscHjyKe4yE=";
})
(fetchpatch {
name = "focal-077a-079a.patch";
url = "https://gitlab.freedesktop.org/libfprint/libfprint/-/commit/2c7842c905147a2d127c1b168b2e9d432b8c91a4.patch";
sha256 = "sha256-PuISGITn0/6AWY0WVUfViZtdcQFh+0s+4OLIszqdLUs=";
})
(fetchpatch {
name = "focal-a97a.patch";
url = "https://gitlab.freedesktop.org/libfprint/libfprint/-/commit/0dc384b90ed8cd78b3e8d7c0d30a953bd088b98c.patch";
sha256 = "sha256-X/wl4MpxfQ7sLlFTkkiDQGyRFQ6lC9pdcy3XPrSeOZw=";
})
];
postPatch = ''
patchShebangs \
tests/test-runner.sh \

View file

@ -1,6 +1,6 @@
{
version = "1.30.2";
hash = "sha256-37nJRJL1mxvUdD7L9/yO/Lzyjvn09Tu9xHTEt4pxu2s=";
npmDepsHash = "sha256-AApRrIIYC4NtKIFyGQ3lnKIOk7LZNDK8wvUUbSczTrA=";
vendorHash = "sha256-em0317Q1u5sl8gws4/qqM8e9H5F4vfBiM7tLCyufgEk=";
version = "1.30.3";
hash = "sha256-6Vt1GpGWHfaYaORBFa/cB+AxYQxAdkGtGTsrvL08dsA=";
npmDepsHash = "sha256-vXAXuvKqLWbwCjSLNS8mLDA9AmaGSRsB67iKQMi+/No=";
vendorHash = "sha256-A/kef2PgrA0Jpb/o+f1nUeiwSibOgsnyYLOzJ/HB1Fo=";
}

View file

@ -28,13 +28,13 @@ stdenv.mkDerivation (finalAttrs: {
__structuredAttrs = true;
pname = "musescore-evolution";
version = "3.7.0-unstable-2026-06-10";
version = "3.7.0-unstable-2026-06-30";
src = fetchFromGitHub {
owner = "Jojo-Schmitz";
repo = "MuseScore";
rev = "ec719c0152fbb0fb57758a14a3754ad08d31dfc7";
hash = "sha256-yXVKjaY/utXA3617ik4misxeOVFp+0oo0RSU3yPUA00=";
rev = "8b07f250f0a657582609a870f27ea4794ec81ff2";
hash = "sha256-XclDbyopuP4+3tfgsCThxr7QYdKmoaBSfWd+3h8A+6w=";
};
patches = [

View file

@ -11,16 +11,16 @@
rustPlatform.buildRustPackage (finalAttrs: {
pname = "netavark";
version = "2.0.0";
version = "1.17.2";
src = fetchFromGitHub {
owner = "containers";
repo = "netavark";
rev = "v${finalAttrs.version}";
hash = "sha256-hMtYAG1OnnK1xECp8yiGEtgrWWnVfywLokOw6fzKEjw=";
hash = "sha256-FdJNcHYK6Jc1dNqcUr5Ne8dv1dzlHRhcjoldiihrov8=";
};
cargoHash = "sha256-oVIOS0bzvT6FW43TJ/p0PZO/cjskzljhyxqeM0aSCCo=";
cargoHash = "sha256-wp/1lWc3OfNQt74m8DtpuFO/Mf07+M7numq2FMEkeGo=";
nativeBuildInputs = [
installShellFiles

View file

@ -0,0 +1,26 @@
diff --git a/cmake/onnxruntime_providers_cuda.cmake b/cmake/onnxruntime_providers_cuda.cmake
index 624057dd43..64de9a0860 100644
--- a/cmake/onnxruntime_providers_cuda.cmake
+++ b/cmake/onnxruntime_providers_cuda.cmake
@@ -310,7 +310,7 @@
message( WARNING "To compile with NHWC ops enabled please compile against cuDNN 9 or newer." )
endif()
endif()
- target_link_libraries(${target} PRIVATE CUDA::cublasLt CUDA::cublas CUDNN::cudnn_all cudnn_frontend CUDA::curand CUDA::cufft CUDA::cudart
+ target_link_libraries(${target} PRIVATE CUDA::cublasLt CUDA::cublas CUDNN::cudnn_all cudnn_frontend CUDA::curand CUDA::cufft CUDA::cudart CUDA::nvrtc CUDA::cuda_driver
${ABSEIL_LIBS} ${ONNXRUNTIME_PROVIDERS_SHARED} Boost::mp11 safeint_interface)
endif()
diff --git a/cmake/onnxruntime_providers_cuda_plugin.cmake b/cmake/onnxruntime_providers_cuda_plugin.cmake
index e345c944dc..82742df359 100644
--- a/cmake/onnxruntime_providers_cuda_plugin.cmake
+++ b/cmake/onnxruntime_providers_cuda_plugin.cmake
@@ -250,6 +250,8 @@ target_link_libraries(onnxruntime_providers_cuda_plugin PRIVATE
CUDA::cublas
CUDA::cublasLt
CUDA::cufft
+ CUDA::nvrtc
+ CUDA::cuda_driver
CUDNN::cudnn_all
cudnn_frontend
Boost::mp11

View file

@ -134,6 +134,12 @@ effectiveStdenv.mkDerivation (finalAttrs: {
# https://github.com/microsoft/onnxruntime/issues/9155
# Patch adapted from https://gitlab.alpinelinux.org/alpine/aports/-/raw/462dfe0eb4b66948fe48de44545cc22bb64fdf9f/community/onnxruntime/0001-Remove-MATH_NO_EXCEPT-macro.patch
./remove-MATH_NO_EXCEPT-macro.patch
]
# Include additional target_link_libraries needed for cudnn-frontend >= 2.19
# See: https://github.com/microsoft/onnxruntime/pull/28849
# These changes are included in 548ab6e and fc7a9f0 upstream
++ lib.optionals cudaSupport [
./nvrtc-link.patch
];
postPatch = ''

View file

@ -9,13 +9,13 @@
}:
buildDartApplication rec {
pname = "pana";
version = "0.23.12";
version = "0.23.13";
src = fetchFromGitHub {
owner = "dart-lang";
repo = "pana";
tag = version;
hash = "sha256-y72E2ojoAJF38QLb+5iKiAjF7c8AqglmY0qI53MohX4=";
hash = "sha256-LPTcmAb0eZKhxzz/LzV4GnHfw/RAKCItoC7Vn9vvOuw=";
};
dartEntryPoints = {

View file

@ -4,21 +4,21 @@
"dependency": "transitive",
"description": {
"name": "_fe_analyzer_shared",
"sha256": "1dd467c7e56541bea70bbd35d537e3aa12dfba81f39e2a75bb6a61fc5595985b",
"sha256": "1b0e6a07425a3e460666e88bf1c949ccc7bb0116ad562ce94a1eca60fe820725",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "97.0.0"
"version": "103.0.0"
},
"analyzer": {
"dependency": "direct main",
"description": {
"name": "analyzer",
"sha256": "041602214e3ec5a02ba85c08fe8e381aa25ac5367db17d03fbb6d22d851d4bba",
"sha256": "61c04d0c1bfed555c681ea079519933f071a5a026578ff73c4ff0df2d3462e5e",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "11.0.0"
"version": "13.3.0"
},
"args": {
"dependency": "direct main",
@ -54,11 +54,11 @@
"dependency": "direct dev",
"description": {
"name": "build",
"sha256": "aadd943f4f8cc946882c954c187e6115a84c98c81ad1d9c6cbf0895a8c85da9c",
"sha256": "a156715e7cd728130c592f30552575908aae5b100005fbc1f0fb16b3c03a3d10",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "4.0.5"
"version": "4.0.6"
},
"build_config": {
"dependency": "direct dev",
@ -84,11 +84,11 @@
"dependency": "direct dev",
"description": {
"name": "build_runner",
"sha256": "521daf8d189deb79ba474e43a696b41c49fb3987818dbacf3308f1e03673a75e",
"sha256": "1523ce62448ebac2c15a8ba5fbad8acac169788658a7dd2a1c2d9c2a9318b9a6",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.13.1"
"version": "2.15.0"
},
"build_verify": {
"dependency": "direct dev",
@ -124,11 +124,11 @@
"dependency": "transitive",
"description": {
"name": "built_value",
"sha256": "0730c18c770d05636a8f945c32a4d7d81cb6e0f0148c8db4ad12e7748f7e49af",
"sha256": "34e4067d30ce212937df995f03b69992eea683539ceeac7f679a1f1eba055b56",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "8.12.5"
"version": "8.12.6"
},
"checked_yaml": {
"dependency": "transitive",
@ -154,21 +154,11 @@
"dependency": "direct main",
"description": {
"name": "cli_util",
"sha256": "ff6785f7e9e3c38ac98b2fb035701789de90154024a75b6cb926445e83197d1c",
"sha256": "5909d2c6b66817222779e1eedc19e0e28b76d1df7bd9856a4792ccb9881df358",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.4.2"
},
"code_builder": {
"dependency": "transitive",
"description": {
"name": "code_builder",
"sha256": "6a6cab2ba4680d6423f34a9b972a4c9a94ebe1b62ecec4e1a1f2cba91fd1319d",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "4.11.1"
"version": "0.5.1"
},
"collection": {
"dependency": "direct main",
@ -194,11 +184,11 @@
"dependency": "transitive",
"description": {
"name": "coverage",
"sha256": "5da775aa218eaf2151c721b16c01c7676fbfdd99cebba2bf64e8b807a28ff94d",
"sha256": "956a3de0725ca232ad353565a8290d3357592bf4250f6f298a185e2d949c5d3d",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "1.15.0"
"version": "1.15.1"
},
"crypto": {
"dependency": "direct main",
@ -234,11 +224,21 @@
"dependency": "transitive",
"description": {
"name": "dart_style",
"sha256": "29f7ecc274a86d32920b1d9cfc7502fa87220da41ec60b55f329559d5732e2b2",
"sha256": "59d53ef8eaed9d288ed9767618e2b31c4fa0383a127db59d5eb2e737a7638a60",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "3.1.7"
"version": "3.1.9"
},
"ffi": {
"dependency": "transitive",
"description": {
"name": "ffi",
"sha256": "6d7fd89431262d8f3125e81b50d3847a091d846eafcd4fdb88dd06f36d705a45",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "2.2.0"
},
"file": {
"dependency": "transitive",
@ -344,21 +344,21 @@
"dependency": "direct main",
"description": {
"name": "json_annotation",
"sha256": "cb09e7dac6210041fad964ed7fbee004f14258b4eca4040f72d1234062ace4c8",
"sha256": "2a743920d81b7910627f68ee2c9ac1fc0bfee32b9fc3403587d7c6791ca12f80",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "4.11.0"
"version": "4.12.0"
},
"json_serializable": {
"dependency": "direct dev",
"description": {
"name": "json_serializable",
"sha256": "fbcf404b03520e6e795f6b9b39badb2b788407dfc0a50cf39158a6ae1ca78925",
"sha256": "ffcd10cde35a93b2abbbcc26bd9971f4ca93763e8abe78d855e3c4177797e501",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "6.13.1"
"version": "6.14.0"
},
"lints": {
"dependency": "direct main",
@ -394,21 +394,21 @@
"dependency": "transitive",
"description": {
"name": "matcher",
"sha256": "dc0b7dc7651697ea4ff3e69ef44b0407ea32c487a39fff6a4004fa585e901861",
"sha256": "31bd099b47c10cd1aeb55146a2d46ce0277630ecef3f7dae54ad7873f36696cd",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.12.19"
"version": "0.12.20"
},
"meta": {
"dependency": "direct main",
"description": {
"name": "meta",
"sha256": "df0c643f44ad098eb37988027a8e2b2b5a031fd3977f06bbfd3a76637e8df739",
"sha256": "c82594181e3312f3d0695fc95aaaf7758d75b8d4ae2bbecf223b9fd5109a059d",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "1.18.2"
"version": "1.18.3"
},
"mime": {
"dependency": "transitive",
@ -544,21 +544,21 @@
"dependency": "direct dev",
"description": {
"name": "source_gen",
"sha256": "732792cfd197d2161a65bb029606a46e0a18ff30ef9e141a7a82172b05ea8ecd",
"sha256": "ec37cc0e6694374cbef59ed79685572c870a54ede6fa30a3e420feb3adffea02",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "4.2.2"
"version": "4.2.3"
},
"source_helper": {
"dependency": "transitive",
"description": {
"name": "source_helper",
"sha256": "1d3b229b2934034fb2e691fbb3d53e0f75a4af7b1407f88425ed8f209bcb1b8f",
"sha256": "4227d54ceefd0bb8ca4c8fcb96e1719dc53f1ee1b6e2ca9d7a6069da160e4eae",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "1.3.11"
"version": "1.3.12"
},
"source_map_stack_trace": {
"dependency": "transitive",
@ -654,31 +654,31 @@
"dependency": "direct main",
"description": {
"name": "test",
"sha256": "8d9ceddbab833f180fbefed08afa76d7c03513dfdba87ffcec2718b02bbcbf20",
"sha256": "0d5ba5602ec3baa28c8ce365e1efc5575969c765f45c554a3e167dc7945b9c30",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "1.31.0"
"version": "1.31.2"
},
"test_api": {
"dependency": "transitive",
"description": {
"name": "test_api",
"sha256": "949a932224383300f01be9221c39180316445ecb8e7547f70a41a35bf421fb9e",
"sha256": "475610b2aa23c19687cce2961e44b0cc57cafe220f67c2b80201231b2a07fbe7",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.7.11"
"version": "0.7.13"
},
"test_core": {
"dependency": "transitive",
"description": {
"name": "test_core",
"sha256": "1991d4cfe85d5043241acac92962c3977c8d2f2add1ee73130c7b286417d1d34",
"sha256": "a39c204a4fc7a7ccb04a2b985e359fda3cc37e45e0b8ac61c3fb1a05aa832132",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "0.6.17"
"version": "0.6.19"
},
"test_descriptor": {
"dependency": "direct dev",
@ -714,11 +714,11 @@
"dependency": "transitive",
"description": {
"name": "vm_service",
"sha256": "45caa6c5917fa127b5dbcfbd1fa60b14e583afdc08bfc96dda38886ca252eb60",
"sha256": "0016aef94fc66495ac78af5859181e3f3bf2026bd8eecc72b9565601e19ab360",
"url": "https://pub.dev"
},
"source": "hosted",
"version": "15.0.2"
"version": "15.2.0"
},
"watcher": {
"dependency": "transitive",
@ -782,6 +782,6 @@
}
},
"sdks": {
"dart": ">=3.10.0 <4.0.0"
"dart": ">=3.11.0 <4.0.0"
}
}

View file

@ -9,13 +9,13 @@
stdenv.mkDerivation (finalAttrs: {
pname = "phpstan";
version = "2.2.2";
version = "2.2.3";
src = fetchFromGitHub {
owner = "phpstan";
repo = "phpstan";
tag = finalAttrs.version;
hash = "sha256-4C3d8ae9TGpyLNspClSS+Eor6epjG1BTS/Nzy4K5zZE=";
hash = "sha256-P0LmURcau2DGHJI5NZd9nZ56rWvO1EDYXoK1++ZcG6A=";
};
nativeBuildInputs = [

View file

@ -35,6 +35,8 @@ tcl.mkTclDerivation rec {
zlib
];
addTclConfigureFlags = false;
configureFlags = [
"BINDIR=$(out)/bin"
"SHAREDIR=$(out)/share"

View file

@ -0,0 +1,364 @@
From 2435727f0c6b02d56e254a5ba1d8e041c7c33c86 Mon Sep 17 00:00:00 2001
From: DanielZhangQD <36026334+DanielZhangQD@users.noreply.github.com>
Date: Mon, 29 Jun 2026 14:59:48 +0800
Subject: [PATCH] [Core] Mark non-security MD5/SHA1 hashes with
usedforsecurity=False (#9972)
* [Core] Mark non-security MD5/SHA1 hashes with usedforsecurity=False
These hashlib.md5/sha1 calls derive identifiers, cache keys, and resource
names from non-secret inputs (usernames, paths, region/subscription ids,
cluster/host names, wheel/catalog contents). None protects a secret or
makes an authentication decision -- passwords use bcrypt via crypt_ctx and
auth is enforced by oauth2-proxy / SSO. Pass usedforsecurity=False so
weak-hash scanners (CWE-328) stop flagging them. The flag does not change
any digest value, so all derived ids, cache keys and names are unchanged.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* [Core] Address review: avoid split hexdigest() call in oauth2_proxy
Compute the digest first, then slice, instead of splitting the empty
hexdigest() parentheses across lines. yapf-stable and more readable.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
sky/backends/backend_utils.py | 3 ++-
sky/backends/wheel_utils.py | 3 ++-
sky/batch/io_formats.py | 3 ++-
sky/catalog/aws_catalog.py | 6 ++++--
sky/catalog/common.py | 4 +++-
sky/clouds/aws.py | 2 +-
sky/clouds/nebius.py | 3 ++-
sky/data/mounting_utils.py | 3 ++-
sky/data/storage.py | 6 ++++--
sky/provision/azure/config.py | 2 +-
sky/provision/kubernetes/utils.py | 3 ++-
sky/provision/scp/instance.py | 2 +-
sky/server/auth/oauth2_proxy.py | 7 +++++--
sky/server/server.py | 5 ++++-
sky/users/permission.py | 6 ++++--
sky/users/server.py | 13 ++++++++++---
sky/utils/command_runner.py | 7 ++++---
sky/utils/common_utils.py | 13 ++++++++++---
sky/utils/kubernetes/gpu_labeler.py | 3 ++-
19 files changed, 65 insertions(+), 29 deletions(-)
diff --git a/sky/backends/backend_utils.py b/sky/backends/backend_utils.py
index ff4662b4160..ec0b4bf74fb 100644
--- a/sky/backends/backend_utils.py
+++ b/sky/backends/backend_utils.py
@@ -707,7 +707,8 @@ def get_expirable_clouds(
def _get_volume_name(path: str, cluster_name_on_cloud: str) -> str:
- path_hash = hashlib.md5(path.encode()).hexdigest()[:6]
+ path_hash = hashlib.md5(path.encode(),
+ usedforsecurity=False).hexdigest()[:6]
return f'{cluster_name_on_cloud}-{path_hash}'
diff --git a/sky/backends/wheel_utils.py b/sky/backends/wheel_utils.py
index 4cfd4c485a5..f142011bfe1 100644
--- a/sky/backends/wheel_utils.py
+++ b/sky/backends/wheel_utils.py
@@ -210,7 +210,8 @@ def _build_sky_wheel() -> pathlib.Path:
# wheel content hash doesn't change.
with open(wheel_path, 'rb') as f:
contents = f.read()
- hash_of_latest_wheel = hashlib.md5(contents).hexdigest()
+ hash_of_latest_wheel = hashlib.md5(contents,
+ usedforsecurity=False).hexdigest()
wheel_dir = WHEEL_DIR / hash_of_latest_wheel
wheel_dir.mkdir(parents=True, exist_ok=True)
diff --git a/sky/catalog/aws_catalog.py b/sky/catalog/aws_catalog.py
index c2480965708..e842068beaa 100644
--- a/sky/catalog/aws_catalog.py
+++ b/sky/catalog/aws_catalog.py
@@ -113,7 +113,8 @@ def _get_az_mappings(aws_user_hash: str) -> Optional['pd.DataFrame']:
# Write md5 of the az_mapping file to a file so we can check it for
# any changes when uploading to the controller
with open(az_mapping_path, 'r', encoding='utf-8') as f:
- az_mapping_hash = hashlib.md5(f.read().encode()).hexdigest()
+ az_mapping_hash = hashlib.md5(f.read().encode(),
+ usedforsecurity=False).hexdigest()
with open(az_mapping_md5_path, 'w', encoding='utf-8') as f:
f.write(az_mapping_hash)
else:
@@ -147,7 +148,8 @@ def _fetch_and_apply_az_mapping(df: common.LazyDataFrame) -> 'pd.DataFrame':
user_identity_list = aws.AWS.get_active_user_identity()
assert user_identity_list, user_identity_list
user_identity = user_identity_list[0]
- aws_user_hash = hashlib.md5(user_identity.encode()).hexdigest()[:8]
+ aws_user_hash = hashlib.md5(user_identity.encode(),
+ usedforsecurity=False).hexdigest()[:8]
except (exceptions.CloudUserIdentityError, ImportError):
# If failed to get user identity, or import aws dependencies, we use the
# latest mapping file or the default mapping file.
diff --git a/sky/catalog/common.py b/sky/catalog/common.py
index 00829871e53..a0397e6301f 100644
--- a/sky/catalog/common.py
+++ b/sky/catalog/common.py
@@ -291,7 +291,9 @@ def _update_catalog():
tmp_path = f.name
os.rename(tmp_path, catalog_path)
with open(meta_path + '.md5', 'w', encoding='utf-8') as f:
- f.write(hashlib.md5(r.text.encode()).hexdigest())
+ f.write(
+ hashlib.md5(r.text.encode(),
+ usedforsecurity=False).hexdigest())
logger.debug(f'Updated {cloud} catalog {filename}.')
return True
diff --git a/sky/clouds/aws.py b/sky/clouds/aws.py
index af4ca56e911..06607e0d802 100644
--- a/sky/clouds/aws.py
+++ b/sky/clouds/aws.py
@@ -1347,7 +1347,7 @@ def get_user_identities(cls) -> Optional[List[List[str]]]:
# - aws credentials are not set, proceed anyway to get unified error
# message for users
return cls._sts_get_caller_identity()
- config_hash = hashlib.md5(stdout).hexdigest()[:8]
+ config_hash = hashlib.md5(stdout, usedforsecurity=False).hexdigest()[:8]
# Getting aws identity cost ~1s, so we cache the result with the output of
# `aws configure list` as cache key. Different `aws configure list` output
# can have same aws identity, our assumption is the output would be stable
diff --git a/sky/data/mounting_utils.py b/sky/data/mounting_utils.py
index f49a8db097f..6b97b2d6ef0 100644
--- a/sky/data/mounting_utils.py
+++ b/sky/data/mounting_utils.py
@@ -714,7 +714,8 @@ def get_mount_cached_cmd(
# This is because the full path may be longer than
# the filename length limit.
# The hash is a non-negative integer in string form.
- hashed_mount_path = hashlib.md5(mount_path.encode()).hexdigest()
+ hashed_mount_path = hashlib.md5(mount_path.encode(),
+ usedforsecurity=False).hexdigest()
log_file_path = os.path.join(constants.RCLONE_MOUNT_CACHED_LOG_DIR,
f'{hashed_mount_path}.log')
create_log_cmd = (f'mkdir -p {constants.RCLONE_MOUNT_CACHED_LOG_DIR} && '
diff --git a/sky/data/storage.py b/sky/data/storage.py
index 022fc471f41..13e068c5be5 100644
--- a/sky/data/storage.py
+++ b/sky/data/storage.py
@@ -3367,10 +3367,12 @@ def get_default_storage_account_name(region: Optional[str]) -> str:
"""
assert region is not None
subscription_id = azure.get_subscription_id()
- subscription_hash_obj = hashlib.md5(subscription_id.encode('utf-8'))
+ subscription_hash_obj = hashlib.md5(subscription_id.encode('utf-8'),
+ usedforsecurity=False)
subscription_hash = subscription_hash_obj.hexdigest(
)[:AzureBlobStore._SUBSCRIPTION_HASH_LENGTH]
- region_hash_obj = hashlib.md5(region.encode('utf-8'))
+ region_hash_obj = hashlib.md5(region.encode('utf-8'),
+ usedforsecurity=False)
region_hash = region_hash_obj.hexdigest()[:AzureBlobStore.
_REGION_HASH_LENGTH]
diff --git a/sky/provision/azure/config.py b/sky/provision/azure/config.py
index 2dbf115807f..074bc801c3e 100644
--- a/sky/provision/azure/config.py
+++ b/sky/provision/azure/config.py
@@ -44,7 +44,7 @@ def get_azure_sdk_function(client: Any, function_name: str) -> Callable:
def get_cluster_id_and_nsg_name(resource_group: str,
cluster_name_on_cloud: str) -> Tuple[str, str]:
- hasher = hashlib.md5(resource_group.encode('utf-8'))
+ hasher = hashlib.md5(resource_group.encode('utf-8'), usedforsecurity=False)
unique_id = hasher.hexdigest()[:UNIQUE_ID_LEN]
# We use the cluster name + resource group hash as the
# unique ID for the cluster, as we need to make sure that
diff --git a/sky/provision/kubernetes/utils.py b/sky/provision/kubernetes/utils.py
index 1ec32ffb095..e3478c45608 100644
--- a/sky/provision/kubernetes/utils.py
+++ b/sky/provision/kubernetes/utils.py
@@ -5085,7 +5085,8 @@ def format_kubeconfig_exec_auth_with_cache(kubeconfig_path: str) -> str:
with open(kubeconfig_path, 'r', encoding='utf-8') as file:
config = yaml_utils.safe_load(file)
normalized = yaml.dump(config, sort_keys=True)
- hashed = hashlib.sha1(normalized.encode('utf-8')).hexdigest()
+ hashed = hashlib.sha1(normalized.encode('utf-8'),
+ usedforsecurity=False).hexdigest()
path = os.path.expanduser(
f'{kubernetes_constants.SKY_K8S_EXEC_AUTH_KUBECONFIG_CACHE}/{hashed}.yaml'
)
diff --git a/sky/provision/scp/instance.py b/sky/provision/scp/instance.py
index 9aae05c9196..5a03c308e3f 100644
--- a/sky/provision/scp/instance.py
+++ b/sky/provision/scp/instance.py
@@ -223,7 +223,7 @@ def _worker(cluster_name_on_cloud: str):
def _suffix(name: str, n: int = 5):
- return hashlib.sha1(name.encode()).hexdigest()[:n]
+ return hashlib.sha1(name.encode(), usedforsecurity=False).hexdigest()[:n]
def _get_instance_id(instance_name, cluster_name_on_cloud):
diff --git a/sky/server/auth/oauth2_proxy.py b/sky/server/auth/oauth2_proxy.py
index dece4792fa9..7d117642cf7 100644
--- a/sky/server/auth/oauth2_proxy.py
+++ b/sky/server/auth/oauth2_proxy.py
@@ -204,8 +204,11 @@ def get_auth_user(
"""Extract user info from OAuth2 proxy response headers."""
email_header = response.headers.get('X-Auth-Request-Email')
if email_header:
- user_hash = hashlib.md5(email_header.encode()).hexdigest(
- )[:common_utils.USER_HASH_LENGTH]
+ # MD5 only derives a stable user id from the (non-secret) SSO
+ # email; auth itself is done by oauth2-proxy. Not a security use.
+ email_hash = hashlib.md5(email_header.encode(),
+ usedforsecurity=False).hexdigest()
+ user_hash = email_hash[:common_utils.USER_HASH_LENGTH]
return models.User(id=user_hash,
name=email_header,
user_type=models.UserType.SSO.value)
diff --git a/sky/server/server.py b/sky/server/server.py
index 4ec8ce1a86d..995ef89764c 100644
--- a/sky/server/server.py
+++ b/sky/server/server.py
@@ -282,8 +282,11 @@ def _extract_user_from_header(
if not user_name:
return None
+ # MD5 only derives a stable user id from the (non-secret) user name;
+ # not a security use.
user_hash = hashlib.md5(
- user_name.encode()).hexdigest()[:common_utils.USER_HASH_LENGTH]
+ user_name.encode(),
+ usedforsecurity=False).hexdigest()[:common_utils.USER_HASH_LENGTH]
if proxy_config.enabled:
return models.User(id=user_hash,
name=user_name,
diff --git a/sky/users/permission.py b/sky/users/permission.py
index 82fb2877e50..a07be1c9b05 100644
--- a/sky/users/permission.py
+++ b/sky/users/permission.py
@@ -182,8 +182,10 @@ def _maybe_initialize_basic_auth_user(self) -> None:
return
username, password = basic_auth.split(':', 1)
if username and password:
- user_hash = hashlib.md5(
- username.encode()).hexdigest()[:common_utils.USER_HASH_LENGTH]
+ # MD5 only derives a stable user id from the (non-secret)
+ # username; the password is checked separately. Not a security use.
+ user_hash = hashlib.md5(username.encode(), usedforsecurity=False
+ ).hexdigest()[:common_utils.USER_HASH_LENGTH]
user_info = global_user_state.get_user(user_hash)
if user_info:
logger.debug(f'Basic auth user {username} already exists')
diff --git a/sky/users/server.py b/sky/users/server.py
index 7cd42ee1726..8258702a2ff 100644
--- a/sky/users/server.py
+++ b/sky/users/server.py
@@ -287,8 +287,12 @@ def user_create(user_create_body: payloads.UserCreateBody) -> None:
# Create user
password_hash = server_common.crypt_ctx.hash(password)
+ # MD5 here only derives a stable user identifier from the (non-secret)
+ # username; it is not used for any security purpose (passwords use bcrypt
+ # via crypt_ctx).
user_hash = hashlib.md5(
- username.encode()).hexdigest()[:common_utils.USER_HASH_LENGTH]
+ username.encode(),
+ usedforsecurity=False).hexdigest()[:common_utils.USER_HASH_LENGTH]
with _user_lock(user_hash):
# Check if user already exists
if global_user_state.get_user_by_name(username):
@@ -627,8 +631,11 @@ def user_import(user_import_body: payloads.UserImportBody) -> Dict[str, Any]:
# Password is plain text, hash it
password_hash = server_common.crypt_ctx.hash(password)
- user_hash = hashlib.md5(
- username.encode()).hexdigest()[:common_utils.USER_HASH_LENGTH]
+ # MD5 only derives a stable user identifier from the (non-secret)
+ # username; not a security use (passwords use bcrypt via crypt_ctx).
+ user_hash = hashlib.md5(username.encode(),
+ usedforsecurity=False).hexdigest()
+ user_hash = user_hash[:common_utils.USER_HASH_LENGTH]
with _user_lock(user_hash):
global_user_state.add_or_update_user(
diff --git a/sky/utils/command_runner.py b/sky/utils/command_runner.py
index 344a65eb789..44f981ac520 100644
--- a/sky/utils/command_runner.py
+++ b/sky/utils/command_runner.py
@@ -875,8 +875,8 @@ def git_clone(
raise exceptions.CommandError(1, '', error_msg, None)
# Remote script path (use a unique name to avoid conflicts)
- script_hash = hashlib.md5(
- f'{self.node_id}_{target_dir}'.encode()).hexdigest()[:8]
+ script_hash = hashlib.md5(f'{self.node_id}_{target_dir}'.encode(),
+ usedforsecurity=False).hexdigest()[:8]
remote_script_path = f'/tmp/sky_git_clone_{script_hash}.sh'
# Step 1: Transfer the script to remote machine using rsync
@@ -992,7 +992,8 @@ def __init__(
self.ssh_private_key = ssh_private_key
self.ssh_control_name = (
None if ssh_control_name is None else hashlib.md5(
- ssh_control_name.encode()).hexdigest()[:_HASH_MAX_LENGTH])
+ ssh_control_name.encode(),
+ usedforsecurity=False).hexdigest()[:_HASH_MAX_LENGTH])
self._ssh_proxy_command = ssh_proxy_command
self._ssh_proxy_jump = ssh_proxy_jump
self.disable_control_master = (
diff --git a/sky/utils/common_utils.py b/sky/utils/common_utils.py
index 027a59d5bca..71e7034f6a7 100644
--- a/sky/utils/common_utils.py
+++ b/sky/utils/common_utils.py
@@ -91,7 +91,10 @@ def is_valid_user_hash(user_hash: Optional[str]) -> bool:
def generate_user_hash() -> str:
"""Generates a unique user-machine specific hash."""
hash_str = user_and_hostname_hash()
- user_hash = hashlib.md5(hash_str.encode()).hexdigest()[:USER_HASH_LENGTH]
+ # MD5 only derives a stable machine-specific identifier, not a security
+ # use.
+ user_hash = hashlib.md5(
+ hash_str.encode(), usedforsecurity=False).hexdigest()[:USER_HASH_LENGTH]
if not is_valid_user_hash(user_hash):
# A fallback in case the hash is invalid.
user_hash = uuid.uuid4().hex[:USER_HASH_LENGTH]
@@ -297,7 +300,9 @@ def make_cluster_name_on_cloud(display_name: str,
if truncate_cluster_name.endswith('-'):
truncate_cluster_name = truncate_cluster_name.rstrip('-')
assert truncate_cluster_name_length > 0, (cluster_name_on_cloud, max_length)
- display_name_hash = hashlib.md5(display_name.encode()).hexdigest()
+ # MD5 only derives a short suffix for the cluster name, not a security use.
+ display_name_hash = hashlib.md5(display_name.encode(),
+ usedforsecurity=False).hexdigest()
# Use base36 to reduce the length of the hash.
display_name_hash = base36_encode(display_name_hash)
return (f'{truncate_cluster_name}'
@@ -650,7 +655,9 @@ def user_and_hostname_hash() -> str:
The reason is AWS security group names are derived from this string, and
thus changing the SG name makes these clusters unrecognizable.
"""
- hostname_hash = hashlib.md5(socket.gethostname().encode()).hexdigest()[-4:]
+ # MD5 only derives a short hostname suffix, not a security use.
+ hostname_hash = hashlib.md5(socket.gethostname().encode(),
+ usedforsecurity=False).hexdigest()[-4:]
return f'{getpass.getuser()}-{hostname_hash}'
diff --git a/sky/utils/kubernetes/gpu_labeler.py b/sky/utils/kubernetes/gpu_labeler.py
index 227847cd50c..5de797139f9 100644
--- a/sky/utils/kubernetes/gpu_labeler.py
+++ b/sky/utils/kubernetes/gpu_labeler.py
@@ -71,7 +71,8 @@ def cleanup(context: Optional[str] = None) -> Tuple[bool, str]:
def get_node_hash(node_name: str):
# Generates a 32 character md5 hash from a string
- md5_hash = hashlib.md5(node_name.encode()).hexdigest()
+ md5_hash = hashlib.md5(node_name.encode(),
+ usedforsecurity=False).hexdigest()
return md5_hash[:32]

View file

@ -38,6 +38,8 @@ python3Packages.buildPythonApplication (finalAttrs: {
patches = [
./0001-Fix-docker-flag-default-for-Click-8.2-compatibility.patch
./0002-Fix-websocket-proxy-call-script-directly-as-executable.patch
# https://github.com/skypilot-org/skypilot/pull/9972
./CVE-2026-13482.patch
];
nativeBuildInputs = [

View file

@ -67,7 +67,7 @@
stdenv.mkDerivation rec {
pname = "vivaldi";
version = "8.0.4033.50";
version = "8.0.4033.54";
suffix =
{
@ -80,8 +80,8 @@ stdenv.mkDerivation rec {
url = "https://downloads.vivaldi.com/stable/vivaldi-stable_${version}-1_${suffix}.deb";
hash =
{
aarch64-linux = "sha256-5n5+DY03lRDKLWX/WPX17Wg7IeTl4MDKEWOZEYHaPDE=";
x86_64-linux = "sha256-IVytlw5NzxV1TwLHeX81AgWEHHVzksVC3a0S/WuWEaA=";
aarch64-linux = "sha256-i2FAMp3MFsnXTjQoF4Y/BuB6j+x3ugfsu0ePGI/h5Po=";
x86_64-linux = "sha256-a4ZLX/DpygZgPPjt4BQxTuRbFoPmNuRgdZFiI6UclQI=";
}
.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
};

View file

@ -13,6 +13,16 @@ appimageTools.wrapType2 rec {
hash = "sha256-kTJD2xeclNApeSo1ALNI/XAwDY8tsBO0eMMQurtRF/M=";
};
appimageContents = appimageTools.extract { inherit pname version src; };
extraInstallCommands = ''
install -m 444 -D ${appimageContents}/xlights.desktop $out/share/applications/xlights.desktop
install -m 444 -D ${appimageContents}/usr/share/icons/hicolor/256x256/apps/xlights.png \
$out/share/icons/hicolor/256x256/apps/xlights.png
substituteInPlace $out/share/applications/xlights.desktop \
--replace-fail 'Exec=xLights' 'Exec=xlights'
'';
meta = {
description = "Sequencer for lights with USB and E1.31 drivers";
homepage = "https://xlights.org";

View file

@ -10,14 +10,14 @@
buildPythonPackage rec {
pname = "free-proxy";
version = "1.1.3";
version = "1.2.1";
pyproject = true;
src = fetchFromGitHub {
owner = "jundymek";
repo = "free-proxy";
tag = "v${version}";
hash = "sha256-8SxKGGifQTU0CUrtUQUtrmeq+Do4GIqNUWAdCt++eUA=";
hash = "sha256-Q8102tnssVnIYEP9fBOBFSSsZqTGGulalyAkvnlp3UY=";
};
build-system = [ setuptools ];

View file

@ -12,14 +12,14 @@
buildPythonPackage rec {
pname = "pyanglianwater";
version = "3.2.2";
version = "3.2.3";
pyproject = true;
src = fetchFromGitHub {
owner = "pantherale0";
repo = "pyanglianwater";
tag = version;
hash = "sha256-u1s/XsNN6AuTzj0jLE7us1Mmoe8r+VuCl0khS5BRxkQ=";
hash = "sha256-hXHkRiKnv59TW1Wr2aJcMvW65SQbkfSokGjh9AvmN3s=";
};
build-system = [ setuptools ];

View file

@ -12,14 +12,14 @@
buildPythonPackage (finalAttrs: {
pname = "reolink-aio";
version = "0.21.1";
version = "0.21.3";
pyproject = true;
src = fetchFromGitHub {
owner = "starkillerOG";
repo = "reolink_aio";
tag = finalAttrs.version;
hash = "sha256-Rq+fciIG3W0X+2zHSsI23pHbkr+A3flu3E6VbTEeKnI=";
hash = "sha256-XL6Z+1dr35XgMczUcxp4v3ejBcdgWkhUOISFA4lpjU4=";
};
build-system = [ setuptools ];

View file

@ -1,33 +1,31 @@
{
lib,
buildPythonPackage,
docutils,
fetchFromGitHub,
pygments,
pytestCheckHook,
rich,
setuptools-scm,
setuptools,
}:
buildPythonPackage (finalAttrs: {
pname = "rich-rst";
version = "2.0.1";
version = "2.0.2";
pyproject = true;
src = fetchFromGitHub {
owner = "wasi-master";
repo = "rich-rst";
tag = "v${finalAttrs.version}";
hash = "sha256-7nniBu9UnXA0pogv0TDkANTeOcsVYbyDxEr6/r7MxcY=";
hash = "sha256-M4ngZNYPasEqqfRay8aGHDII+LkwLhBp5kF9ryJ5LwQ=";
};
build-system = [
setuptools
setuptools-scm
];
dependencies = [
docutils
pygments
rich
];

View file

@ -18,21 +18,21 @@
websockets,
}:
buildPythonPackage rec {
buildPythonPackage (finalAttrs: {
pname = "simplisafe-python";
version = "2024.01.0";
version = "2026.06.0";
pyproject = true;
src = fetchFromGitHub {
owner = "bachya";
repo = "simplisafe-python";
tag = version;
hash = "sha256-ewbR2FI0t2F8HF0ZL5omsclB9OPAjHygGLPtSkVlvgM=";
tag = finalAttrs.version;
hash = "sha256-e59h4zX0AuzNlR1sovw4QJ6zXxksElY5emEM9eTfjwI=";
};
nativeBuildInputs = [ poetry-core ];
build-system = [ poetry-core ];
propagatedBuildInputs = [
dependencies = [
aiohttp
backoff
beautifulsoup4
@ -69,10 +69,10 @@ buildPythonPackage rec {
__darwinAllowLocalNetworking = true;
meta = {
changelog = "https://github.com/bachya/simplisafe-python/releases/tag/${version}";
description = "Python library the SimpliSafe API";
homepage = "https://simplisafe-python.readthedocs.io/";
license = with lib.licenses; [ mit ];
changelog = "https://github.com/bachya/simplisafe-python/releases/tag/${finalAttrs.src.tag}";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ fab ];
};
}
})

View file

@ -1,14 +1,14 @@
{
version = "2026.1";
version = "2026.2";
# To get these, run:
#
# ```
# for tool in alfred batctl batman-adv; do nix-prefetch-url https://downloads.open-mesh.org/batman/releases/batman-adv-2026.1/$tool-2026.1.tar.gz --type sha256 | xargs nix --extra-experimental-features nix-command hash convert --hash-algo sha256 --to sri; done
# for tool in alfred batctl batman-adv; do nix-prefetch-url https://downloads.open-mesh.org/batman/releases/batman-adv-2026.2/$tool-2026.2.tar.gz --type sha256 | xargs nix --extra-experimental-features nix-command hash convert --hash-algo sha256 --to sri; done
# ```
sha256 = {
alfred = "sha256-Rd+8uKfLuq7j4SYHpGYB3YbOUiUHJTXptJ2kC78CtIk=";
batctl = "sha256-hEQWhsHUTtV6Vg8qC+n4brksMQ8iqqSgCTPrbIk2CHo=";
batman-adv = "sha256-ZIfdO0rQ+FUQ3tu6M1/nexuHfQ53OTxR3coHp0Ubj0U=";
alfred = "sha256-2ZV0i+X2KkIJFSXMwQLfWsZCGG6bkBRpipVaRGm2m5Y=";
batctl = "sha256-wdWAr7Bm0xZcI5tnQwuUxpkyYZwGqQsSlegoy1CBsSI=";
batman-adv = "sha256-Thf87SyAlF4iYJvodTRIFzP/G10XBQ3k5PMjwXFBgTU=";
};
}

View file

@ -13,13 +13,13 @@
buildHomeAssistantComponent rec {
owner = "luuquangvu";
domain = "blueprints_updater";
version = "2.9.0";
version = "2.9.1";
src = fetchFromGitHub {
inherit owner;
repo = "blueprints-updater";
tag = version;
hash = "sha256-zIkK7ZhUC8fPycWJqXP706XbOdhVlNAOwZBTYTII3dE=";
hash = "sha256-OGQ6lE14w84C88QJv5w+mNBGg7gbCtqb9nde47FkL6A=";
};
patches = [