Merge release-26.05 into staging-nixos-26.05

This commit is contained in:
nixpkgs-ci[bot] 2026-06-24 00:47:28 +00:00 committed by GitHub
commit cd4d5961b8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
53 changed files with 1656 additions and 1356 deletions

View file

@ -5,7 +5,6 @@
let
inherit (builtins) head length;
inherit (lib.trivial) mergeAttrs;
inherit (lib.strings)
concatStringsSep
concatMapStringsSep
@ -13,16 +12,18 @@ let
sanitizeDerivationName
;
inherit (lib.lists)
filter
foldr
foldl'
all
concatLists
concatMap
elemAt
all
partition
groupBy
take
filter
foldl
foldl'
foldr
groupBy
partition
reverseList
take
;
in
@ -370,7 +371,11 @@ rec {
:::
*/
concatMapAttrs = f: v: foldl' mergeAttrs { } (attrValues (mapAttrs f v));
concatMapAttrs =
f: v:
listToAttrs (
concatLists (reverseList (mapAttrsToList (name: value: attrsToList (f name value)) v))
);
/**
Update or set specific paths of an attribute set.

View file

@ -2164,6 +2164,21 @@ runTests {
};
};
testConcatMapAttrsDuplicates = {
expr =
concatMapAttrs
(name: value: {
final = value;
})
{
a = 1;
b = 2;
};
expected = {
final = 2;
};
};
testFilterAttrs = {
expr = filterAttrs (n: v: n != "a" && (v.hello or false) == true) {
a.hello = true;

View file

@ -293,6 +293,19 @@ in
'';
};
secureSuperUserByDefault = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Whether to automatically secure the root@localhost user with auth_socket authentication.
::: {.note}
When enabled (default), the module will ensure root@localhost uses socket authentication,
preventing any local user from connecting as root without proper credentials.
:::
'';
};
replication = {
role = lib.mkOption {
type = lib.types.enum [
@ -411,6 +424,10 @@ in
assertion = !cfg.galeraCluster.enable || isMariaDB;
message = "'services.mysql.galeraCluster.enable' expect services.mysql.package to be an mariadb variant";
}
{
assertion = !isMariaDB || cfg.secureSuperUserByDefault == true;
message = "'services.mysql.secureSuperUserByDefault' has no effect on MariaDB (which is already secure by default)";
}
]
# galeraCluster options checks
++ lib.optionals cfg.galeraCluster.enable [
@ -571,6 +588,7 @@ in
let
# The super user account to use on *first* run of MySQL server
superUser = if isMariaDB then cfg.user else "root";
isStateVersion2611Plus = lib.versionAtLeast config.system.stateVersion "26.11";
in
''
${lib.optionalString isMariaDB ''
@ -644,6 +662,11 @@ in
) | ${cfg.package}/bin/mysql -u ${superUser} -N
''}
# Secure root@localhost for MySQL/Percona on first initialization
${lib.optionalString (cfg.secureSuperUserByDefault && !isMariaDB) ''
echo "ALTER USER root@localhost IDENTIFIED WITH auth_socket;" | ${cfg.package}/bin/mysql -u ${superUser} -N
''}
${lib.optionalString (cfg.initialScript != null) ''
# Execute initial script
# using toString to avoid copying the file to nix store if given as path instead of string,
@ -654,6 +677,27 @@ in
rm ${cfg.dataDir}/mysql_init
fi
${lib.optionalString (cfg.secureSuperUserByDefault && !isMariaDB) ''
# We try to detect if we are in the default insecure auth mode for MySQL (all users can connect with password)
# If the configuration has been moved to the socket-peer credential authentication we do nothing
# If we are not able to connect it also means the default setup has been adjusted, so we also skip and do not do any changes
if plugin_info=$(${cfg.package}/bin/mysql -u ${superUser} --skip-column-names 2>/dev/null -e "SELECT plugin FROM mysql.user WHERE user = 'root' AND host = 'localhost';"); then
case "$plugin_info" in
*auth_socket*) ;;
*)
${lib.optionalString isStateVersion2611Plus ''
# Attempt to auto-fix to prevent local authentication without a password
echo "Securing root@localhost with auth_socket to local connection without password, see https://github.com/NixOS/nixpkgs/security/advisories/GHSA-6qxx-6rg8-c4p8" >&2
echo "ALTER USER root@localhost IDENTIFIED WITH auth_socket;" | ${cfg.package}/bin/mysql -u ${superUser} -N
''}
${lib.optionalString (!isStateVersion2611Plus) ''
echo "Security warning: root@localhost seems to have open authentication, consider adjusting your configuration. See https://github.com/NixOS/nixpkgs/security/advisories/GHSA-6qxx-6rg8-c4p8" >&2
''}
;;
esac
fi
''}
${lib.optionalString (cfg.ensureDatabases != [ ]) ''
(
${lib.concatMapStrings (database: ''

View file

@ -1043,6 +1043,7 @@ in
mysql-autobackup = handleTest ./mysql/mysql-autobackup.nix { };
mysql-backup = handleTest ./mysql/mysql-backup.nix { };
mysql-replication = handleTest ./mysql/mysql-replication.nix { };
mysql-secure-root = handleTest ./mysql/mysql-secure-root.nix { };
n8n = runTest ./n8n.nix;
nagios = runTestOn [ "x86_64-linux" "aarch64-linux" ] ./nagios.nix;
nar-serve = runTest ./nar-serve.nix;

View file

@ -0,0 +1,94 @@
{
system ? builtins.currentSystem,
config ? { },
pkgs ? import ../../.. { inherit system config; },
lib ? pkgs.lib,
}:
let
makeTest = import ./../make-test-python.nix;
inherit (import ./common.nix { inherit pkgs lib; })
mysqlPackages
;
makeSecureRootTest =
{
package,
name ? "mysql_secure_root_" + (builtins.replaceStrings [ "-" "." ] [ "_" "" ] package.pname),
}:
makeTest {
inherit name;
nodes.${name} = { pkgs, ... }: {
services.mysql = {
enable = true;
package = package;
};
};
testScript = ''
start_all()
machine = ${name}
machine.wait_for_unit("mysql")
# Verify that non-root user cannot connect as root
machine.fail("sudo -u nobody mysql -u root -e 'SELECT 1;' 2>&1")
# Verify that system root can connect as root via socket
machine.succeed("mysql -u root -e 'SELECT 1;'")
# Verify that root@localhost has auth_socket plugin
machine.succeed("[ \"$(mysql -u root -N -e \"SELECT plugin FROM mysql.user WHERE user = 'root' AND host = 'localhost';\")\" = \"auth_socket\" ]")
# Test service restart - verify it still works
machine.succeed("systemctl restart mysql")
machine.wait_for_unit("mysql")
# After restart, verify non-root user still cannot connect as root
machine.fail("sudo -u nobody mysql -u root -e 'SELECT 1;' 2>&1")
# After restart, verify system root can still connect
machine.succeed("mysql -u root -e 'SELECT 1;'")
# After restart, verify root@localhost still has auth_socket
machine.succeed("[ \"$(mysql -u root -N -e \"SELECT plugin FROM mysql.user WHERE user = 'root' AND host = 'localhost';\")\" = \"auth_socket\" ]")
'';
};
makeInsecureRootTest =
{
package,
name ? "mysql_insecure_root_" + (builtins.replaceStrings [ "-" "." ] [ "_" "" ] package.pname),
}:
makeTest {
inherit name;
nodes.${name} = { pkgs, ... }: {
services.mysql = {
enable = true;
package = package;
secureSuperUserByDefault = false;
};
};
testScript = ''
start_all()
machine = ${name}
machine.wait_for_unit("mysql")
# With secureRootByDefault = false, anyone can connect as root (default --initialize-insecure behavior)
machine.succeed("sudo -u nobody mysql -u root -e 'SELECT 1;' 2>&1")
'';
};
in
{
"secure-by-default" = lib.mapAttrs (
_: package: makeSecureRootTest { inherit package; }
) mysqlPackages;
"can-be-insecure" = lib.mapAttrs (
_: package: makeInsecureRootTest { inherit package; }
) mysqlPackages;
}

View file

@ -9,10 +9,10 @@
buildMozillaMach rec {
pname = "firefox";
version = "152.0.1";
version = "152.0.2";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "9b2595148ed977040ea2b21e7d6ece70f0e53fac9b96b3115b113bea76ead6c0422f6e94b1540283b430fed5e8e9a227771a6357bf16f56d530a7fae7dc7553a";
sha512 = "e4e54cffffcfd5751eac5817a7b74b0ef0aa43fc00ef29397cc9df9aa52572b2272b96e60373a70d712be4dc849170d8d5c1b449f3ea978b4ab28dee19056b03";
};
meta = {

View file

@ -72,9 +72,9 @@ let
buildType = "release";
# Use maintainers/scripts/update.nix to update the version and all related hashes or
# change the hashes in extpack.nix and guest-additions/default.nix as well manually.
virtualboxVersion = "7.2.8";
virtualboxVersion = "7.2.10";
virtualboxSubVersion = "";
virtualboxSha256 = "0642ed4a12b7204cd30c0abbc2c10c1cc7ad55ce1756a01e86a16d4b6b066592";
virtualboxSha256 = "203a02e3c33ed02fdd75211a58bc9e77c9a8042ad4fa91ddc2914afbd2d67125";
kvmPatchVboxVersion = "7.2.6";
kvmPatchVersion = "20260201";

View file

@ -5,7 +5,7 @@
}:
fetchurl rec {
pname = "virtualbox-extpack";
version = "7.2.8";
version = "7.2.10";
name = "Oracle_VirtualBox_Extension_Pack-${version}.vbox-extpack";
url = "https://download.virtualbox.org/virtualbox/${version}/${name}";
sha256 =
@ -13,7 +13,7 @@ fetchurl rec {
# Thus do not use `nix-prefetch-url` but instead plain old `sha256sum`.
# Checksums can also be found at https://download.virtualbox.org/virtualbox/${version}/SHA256SUMS
let
value = "d7301435ee207ff96c5ad372939dc46d39e0f9db2bcce487cf1e8f739a2e845b";
value = "87f03161e5b6b1ecfa0024f795eefdb68abc46aa9689f67bb69e7db4ef9033dd";
in
assert (builtins.stringLength value) == 64;
value;

View file

@ -5,7 +5,7 @@
}:
fetchurl {
url = "http://download.virtualbox.org/virtualbox/${virtualboxVersion}/VBoxGuestAdditions_${virtualboxVersion}.iso";
sha256 = "169acb9361ade42d32500f51b48ad366fdfdb094b5e3fb422d640c1416a6b216";
sha256 = "306b1dea6022647bde19424816b995714fa5815ff7bdf00f6a015bf8af0839e7";
meta = {
description = "Guest additions ISO for VirtualBox";
longDescription = ''

View file

@ -18,9 +18,9 @@
libx11,
}:
let
virtualboxVersion = "7.2.8";
virtualboxVersion = "7.2.10";
virtualboxSubVersion = "";
virtualboxSha256 = "0642ed4a12b7204cd30c0abbc2c10c1cc7ad55ce1756a01e86a16d4b6b066592";
virtualboxSha256 = "203a02e3c33ed02fdd75211a58bc9e77c9a8042ad4fa91ddc2914afbd2d67125";
platform =
if stdenv.hostPlatform.isAarch64 then
@ -68,8 +68,6 @@ let
pkg = libxt;
}
];
hasVboxVideo = lib.versionOlder kernel.version "7.0";
in
stdenv.mkDerivation {
pname = "VirtualBox-GuestAdditions";
@ -135,10 +133,7 @@ stdenv.mkDerivation {
# Install kernel modules.
cd src/vboxguest-${virtualboxVersion}_NixOS
INSTALL_TARGETS=(install-vboxguest install-vboxsf ${lib.optionalString hasVboxVideo "install-vboxvideo"})
make INSTALL_MOD_PATH=$out KBUILD_EXTRA_SYMBOLS=$PWD/vboxsf/Module.symvers ''${INSTALL_TARGETS[@]}
make install INSTALL_MOD_PATH=$out KBUILD_EXTRA_SYMBOLS=$PWD/vboxsf/Module.symvers
cd ../..
# Install binaries

View file

@ -8,17 +8,17 @@
}:
maven.buildMavenPackage (finalAttrs: {
version = "13.5.0";
version = "13.6.0";
pname = "checkstyle";
src = fetchFromGitHub {
owner = "checkstyle";
repo = "checkstyle";
tag = "checkstyle-${finalAttrs.version}";
hash = "sha256-2v6ccNG4t8cXObMdztX+Y+PVuiqt4Fd5IR7j5bk5IaA=";
hash = "sha256-5E3GTE4fPmJYoSm2lK4tW1Dcu+SuyQKL396JLg3J22E=";
};
mvnHash = "sha256-M830+mpd7fAbzZGUQiTJZUKPe64zYUKp6QRqTrSOy7w=";
mvnHash = "sha256-r0adD/80UguRCIznE6hGdhRifm29GxMhQRSmd2/nabc=";
nativeBuildInputs = [
maven

View file

@ -1,21 +1,21 @@
{
"version": "12.14.2",
"version": "12.15.2",
"sources": {
"aarch64-linux": {
"url": "https://github.com/Floorp-Projects/Floorp/releases/download/v12.14.2/floorp-linux-aarch64.tar.xz",
"sha256": "46ecf1316465a17d65fd654aeb2fe20cc1c63253fd6dad974f3972b20c1fc5ad"
"url": "https://github.com/Floorp-Projects/Floorp/releases/download/v12.15.2/floorp-linux-aarch64.tar.xz",
"sha256": "1dbd4002b8e3e907ecc0adf760013a4f22186f9d425ded3372eafedce53bc6df"
},
"x86_64-linux": {
"url": "https://github.com/Floorp-Projects/Floorp/releases/download/v12.14.2/floorp-linux-x86_64.tar.xz",
"sha256": "177f5d8d6c7dcde70db2b96cf5244daa1eb9bd4861504be275983c6cb8ee2e40"
"url": "https://github.com/Floorp-Projects/Floorp/releases/download/v12.15.2/floorp-linux-x86_64.tar.xz",
"sha256": "5b068379ccb6f8cbd86e8d03d20a30cb8a03816a871fa28ca6f0ce13fb227960"
},
"aarch64-darwin": {
"url": "https://github.com/Floorp-Projects/Floorp/releases/download/v12.14.2/floorp-macOS-universal.dmg",
"sha256": "55c86ab248eebbba3a500e0f76554bbf387c333fdd7c9c48845a3dae53db9b17"
"url": "https://github.com/Floorp-Projects/Floorp/releases/download/v12.15.2/floorp-macOS-universal.dmg",
"sha256": "c4e64d732cd687e6711230d84cac687e8e4d28cc056f66a665fbf03ac2861b7b"
},
"x86_64-darwin": {
"url": "https://github.com/Floorp-Projects/Floorp/releases/download/v12.14.2/floorp-macOS-universal.dmg",
"sha256": "55c86ab248eebbba3a500e0f76554bbf387c333fdd7c9c48845a3dae53db9b17"
"url": "https://github.com/Floorp-Projects/Floorp/releases/download/v12.15.2/floorp-macOS-universal.dmg",
"sha256": "c4e64d732cd687e6711230d84cac687e8e4d28cc056f66a665fbf03ac2861b7b"
}
}
}

View file

@ -55,14 +55,14 @@ let
in
buildGoModule (finalAttrs: {
pname = "forgejo-runner";
version = "12.11.1";
version = "12.12.0";
src = fetchFromGitea {
domain = "code.forgejo.org";
owner = "forgejo";
repo = "runner";
rev = "v${finalAttrs.version}";
hash = "sha256-Qc43zWDDCjL8RW9Q30H4N5VRSFT3LR4Pt8/P0NcMacU=";
hash = "sha256-6czLxFgjcrBepoFN4iYDUt8uBkhfC8qx4yqmcfQ8FAg=";
};
vendorHash = "sha256-du7fXehcxZ70Lsr5VCkz646G0Us/XwM4Sl98HXimoao=";

View file

@ -12,13 +12,13 @@
buildNpmPackage (finalAttrs: {
pname = "ghostfolio";
version = "3.10.0";
version = "3.13.0";
src = fetchFromGitHub {
owner = "ghostfolio";
repo = "ghostfolio";
tag = finalAttrs.version;
hash = "sha256-nVk4KjNOIQQRRRvyPdSodL4s3yarIb1p2t2fBNcMps4=";
hash = "sha256-tPVGMAP45x/4NTL8px9jEbW6hQyhiOYiZp0tuDdfYL8=";
# populate values that require us to use git. By doing this in postFetch we
# can delete .git afterwards and maintain better reproducibility of the src.
leaveDotGit = true;
@ -28,7 +28,7 @@ buildNpmPackage (finalAttrs: {
'';
};
npmDepsHash = "sha256-IMUbBYFiSS0AfsenPvxoC5HHHW7Lhxfd5DaysgV+vBU=";
npmDepsHash = "sha256-0/tHzfJrotlCxhiiVC6yddlj62Ef6IAeaZf/xufFiWU=";
postPatch = ''
substituteInPlace replace.build.mjs \

View file

@ -179,11 +179,11 @@ let
linux = stdenvNoCC.mkDerivation (finalAttrs: {
inherit pname meta passthru;
version = "149.0.7827.155";
version = "149.0.7827.196";
src = fetchurl {
url = "https://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_${finalAttrs.version}-1_amd64.deb";
hash = "sha256-g0PHfyCIpOQ2bw3+Tmiu+jt+eTJs0so71+tjxhHwZVY=";
hash = "sha256-B4XIuL7q/kGRd/w2vPmfkvsvFtvHevhL5IfC5u14IuY=";
};
# With strictDeps on, some shebangs were not being patched correctly
@ -289,11 +289,11 @@ let
darwin = stdenvNoCC.mkDerivation (finalAttrs: {
inherit pname meta passthru;
version = "149.0.7827.156";
version = "149.0.7827.197";
src = fetchurl {
url = "http://dl.google.com/release2/chrome/acfqxa67egsofsrqnco2a4sd4pta_149.0.7827.156/GoogleChrome-149.0.7827.156.dmg";
hash = "sha256-fd7IqNxvaMO28Yhlc4gk8M+P7Sq+ZrplRXbnrxPDcvw=";
url = "http://dl.google.com/release2/chrome/fs52wiq74uymls47lfo23m5l2q_149.0.7827.197/GoogleChrome-149.0.7827.197.dmg";
hash = "sha256-kXN4dPtx0MkTKO3VJnoyTqT8uS4JDXJ16DmojZ3zT+o=";
};
dontPatch = true;

View file

@ -1,7 +1,7 @@
{
"branch": "v0.55.3-b",
"commit_hash": "fe5fe79a29ac3adaf3e75560b2f4b7a6d58b31c9",
"branch": "v0.55.4-b",
"commit_hash": "a0136d8c04687bb36eb8a28eb9d1ff92aea99704",
"commit_message": "[gha] Nix: update inputs",
"date": "2026-06-07",
"tag": "v0.55.3"
"date": "2026-06-11",
"tag": "v0.55.4"
}

View file

@ -83,14 +83,14 @@ let
in
customStdenv.mkDerivation (finalAttrs: {
pname = "hyprland" + optionalString debug "-debug";
version = "0.55.3";
version = "0.55.4";
src = fetchFromGitHub {
owner = "hyprwm";
repo = "hyprland";
fetchSubmodules = true;
tag = "v${finalAttrs.version}";
hash = "sha256-g3kzroSoipkMXv5wJWVYQDL+gI1qRJ7UhOrUzyTk9Zs=";
hash = "sha256-IuT0HnOr/0rAw+GXr+OwWx89FjA4Og1FqP7vywEwRJM=";
};
postPatch = ''

View file

@ -10,12 +10,12 @@
kopia,
}:
let
version = "0.23.0";
version = "0.23.1";
src = fetchFromGitHub {
owner = "kopia";
repo = "kopia";
tag = "v${version}";
hash = "sha256-9xvgm+A8h2pAX3oHtiFSa2xNab5BDkEBEtXQZz3Fd5A=";
hash = "sha256-yjeLV7N/U88oVdP4iJYgSM/QJLAMREaB/2jBcbTDWkA=";
};
in
buildNpmPackage {
@ -24,7 +24,7 @@ buildNpmPackage {
sourceRoot = "${src.name}/app";
npmDepsHash = "sha256-Ctp41vNZPVbycwIzWiTh+1ej3NpCf1WJCqnJsyoyxlc=";
npmDepsHash = "sha256-yj5+qiLfy6CjAOXIzT9OMu860Pefwn+HuJNoBAizb/0=";
makeCacheWritable = true;
nativeBuildInputs = [

View file

@ -10,13 +10,13 @@
buildGoModule (finalAttrs: {
pname = "kubevirt";
version = "1.8.2";
version = "1.8.4";
src = fetchFromGitHub {
owner = "kubevirt";
repo = "kubevirt";
rev = "v${finalAttrs.version}";
hash = "sha256-YSrMJz0L0Ybw5G6p42YAMMa1D1xc9G8sBLdxjxz3axg=";
hash = "sha256-4MQtONb8opLDBLtGr+5oDrOQkkK1q4RlMXDcqyilarM=";
};
vendorHash = null;

View file

@ -24,16 +24,16 @@ let
in
phpPackage.buildComposerProject2 rec {
pname = "librenms";
version = "26.5.1";
version = "26.6.1";
src = fetchFromGitHub {
owner = "librenms";
repo = "librenms";
tag = version;
hash = "sha256-RCSM8wSe5JOajhn4ku42NxZHDqHJjril9bg5IcPhyoE=";
hash = "sha256-RuKUdOopU8NDhsvYH1TIOdKzx5WMF9lfygZ7Ox8VM0E=";
};
vendorHash = "sha256-D7aPypNn5d/pDJMOeODLsnqU80m/swfXrIsqrRiPjCY=";
vendorHash = "sha256-evJriHdnKSVD9sDZj0xWyLmUPD/LgM8X8p8U5NwXwqk=";
php = phpPackage;

View file

@ -34,11 +34,11 @@
stdenv.mkDerivation (finalAttrs: {
pname = "lighttpd";
version = "1.4.83";
version = "1.4.84";
src = fetchurl {
url = "https://download.lighttpd.net/lighttpd/releases-${lib.versions.majorMinor finalAttrs.version}.x/lighttpd-${finalAttrs.version}.tar.xz";
sha256 = "sha256-s/h4FWSAB5+Kk5A70k1FYHSg++25tNmfzWXfM7H1ZvA=";
sha256 = "sha256-B23UO+yPK6nObbfnyn6K1yJxzVKYBerSQAtW76oCb3A=";
};
separateDebugInfo = true;

View file

@ -4,7 +4,7 @@
}:
let
version = "2.1.2";
version = "2.1.3";
in
{
inherit version;
@ -13,7 +13,7 @@ in
owner = "lima-vm";
repo = "lima";
tag = "v${version}";
hash = "sha256-WN0HsSnxLh8MiA9UQoYWnfp5fJyEc6w1XJaencZCsL4=";
hash = "sha256-7hr89PApcxi/qoYZK8xPuGbhG95RfiYjkyVvZYIflyw=";
};
vendorHash = "sha256-8AksUgle1SlWuALi553TlpZ2qwO+jMA1kZQke91fimU=";

View file

@ -23,13 +23,13 @@ let
in
stdenvNoCC.mkDerivation rec {
pname = "linux-firmware";
version = "20260519";
version = "20260622";
src = fetchFromGitLab {
owner = "kernel-firmware";
repo = "linux-firmware";
tag = version;
hash = "sha256-vyrnHNnyNko7m/fZ3fXgLvvasYyJ/pzs5be/Ele+6vY=";
hash = "sha256-nSoJhgI4hAxtNmnj5M6ticzuBSt9uNAYcmc1VR/yXxE=";
};
postUnpack = ''

View file

@ -18,16 +18,16 @@ let
in
rustPlatform.buildRustPackage (finalAttrs: {
pname = "lockbook-desktop";
version = "26.6.1";
version = "26.6.16";
src = fetchFromGitHub {
owner = "lockbook";
repo = "lockbook";
tag = finalAttrs.version;
hash = "sha256-+r5WsaqQr6NlQNWDTQf/tvCh6P5LpFFyyLMTIZw9yis=";
hash = "sha256-HtmuFN7iNNwuQ0CXzqnEJN4PNh0D7weHniegtF4EuqQ=";
};
cargoHash = "sha256-ybAcG7sCEwZC6FxWx2KhHd1HkhK8wwkGeeLoI/KOXKU=";
cargoHash = "sha256-PUfXwtxuaheoyZA2fAyoc9CyD/oBAjkUsVrP6U7qvA0=";
nativeBuildInputs = [
pkg-config

View file

@ -164,11 +164,11 @@ let
in
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "microsoft-edge";
version = "149.0.4022.69";
version = "149.0.4022.80";
src = fetchurl {
url = "https://packages.microsoft.com/repos/edge/pool/main/m/microsoft-edge-stable/microsoft-edge-stable_${finalAttrs.version}-1_amd64.deb";
hash = "sha256-0Ur+0KKJQ7VTr7IMax5BIgwSf6jNhr0Aiz+So7Hj/OE=";
hash = "sha256-5rHSMX9HdxvQOQ03DnLJF7NTHY5Ybt7sSU5MrcGzRnY=";
};
# With strictDeps on, some shebangs were not being patched correctly

View file

@ -11,11 +11,11 @@
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "msedgedriver";
version = "149.0.4022.69";
version = "149.0.4022.80";
src = fetchzip {
url = "https://msedgedriver.microsoft.com/${finalAttrs.version}/edgedriver_linux64.zip";
hash = "sha256-BtyQD+zkZWv5GhnxJOg4BkVLrCdBZr7KN1bvXyvp4B8=";
hash = "sha256-rcGrJqrusAH1RSHUm2wJpyw36HtJTGjmQ8k0kD9ejj8=";
stripRoot = false;
};

View file

@ -23,6 +23,7 @@
libtirpc,
rpcsvc-proto,
curl,
nixosTests,
}:
stdenv.mkDerivation (finalAttrs: {
@ -111,6 +112,10 @@ stdenv.mkDerivation (finalAttrs: {
connector-c = finalAttrs.finalPackage;
server = finalAttrs.finalPackage;
mysqlVersion = lib.versions.majorMinor finalAttrs.version;
tests.mysql-secure-root-by-default =
nixosTests.mysql-secure-root.secure-by-default."mysql${lib.versions.major finalAttrs.version}${lib.versions.minor finalAttrs.version}";
tests.mysql-root-can-be-kept-insecure =
nixosTests.mysql-secure-root.can-be-insecure."mysql${lib.versions.major finalAttrs.version}${lib.versions.minor finalAttrs.version}";
};
meta = {

View file

@ -13,13 +13,13 @@ let
in
buildNpmPackage (finalAttrs: {
pname = "nezha-theme-user";
version = "2.2.1";
version = "2.3.1";
src = fetchFromGitHub {
owner = "hamster1963";
repo = "nezha-dash-v2";
tag = "v${finalAttrs.version}";
hash = "sha256-X7NRpDeZqLijgbUQOEdML00TPRM2D55zlJkzWB2TKfM=";
hash = "sha256-/2G0KhlXIvVM8db4nATJHiwPsvKXh8SNE+9DpllfSTs=";
};
postPatch = ''
@ -37,7 +37,7 @@ buildNpmPackage (finalAttrs: {
inherit (finalAttrs) pname version src;
inherit pnpm;
fetcherVersion = 4;
hash = "sha256-4Zfiw//9w16I2CXOEy/ocAI5frK5w4g3b8pxguGWOdA=";
hash = "sha256-k/05ccqV72kC9E9MX+os8R0wmgIhnDYIwRNmIbedL1I=";
};
npmConfigHook = pnpmConfigHook;

View file

@ -49,13 +49,13 @@ let
in
buildGoModule (finalAttrs: {
pname = "nezha";
version = "2.2.3";
version = "2.2.6";
src = fetchFromGitHub {
owner = "nezhahq";
repo = "nezha";
tag = "v${finalAttrs.version}";
hash = "sha256-Vj9vgLT38HbdF4mWQkv3Yrshdv/kQpWk51teyl9qzF0=";
hash = "sha256-HsDymQ1y4ouUMpcpSycSfbwJm+hzct7U0Wjm/ouorO0=";
};
proxyVendor = true;

View file

@ -2,7 +2,6 @@
stdenv,
fetchNpmDeps,
fetchzip,
fetchFromGitHub,
npmHooks,
tailwindcss_4,

View file

@ -12,12 +12,12 @@ let
in
python.pkgs.buildPythonPackage (finalAttrs: {
pname = "pdfding";
version = "1.8.0";
version = "1.9.0";
src = fetchFromGitHub {
owner = "mrmn2";
repo = "PdfDing";
tag = "v${finalAttrs.version}";
hash = "sha256-ITOsKABToGMJDdCiWH3+nTuuTW5ZuMXcQYv0QyMb19I=";
hash = "sha256-r3hO92iriQ/0KDl+D/0j5RoneTTCDmt8m4e7ugzyOPs=";
};
pyproject = true;
@ -132,6 +132,7 @@ python.pkgs.buildPythonPackage (finalAttrs: {
'';
pythonRelaxDeps = [
"django"
"django-allauth"
"gunicorn"
"huey"

View file

@ -45,13 +45,13 @@ let
in
stdenv.mkDerivation (finalAttrs: {
pname = "prl-tools";
version = "26.3.3-57507";
version = "26.4.0-57513";
# We download the full distribution to extract prl-tools-lin.iso from
# => ${dmg}/Parallels\ Desktop.app/Contents/Resources/Tools/prl-tools-lin.iso
src = fetchurl {
url = "https://download.parallels.com/desktop/v${lib.versions.major finalAttrs.version}/${finalAttrs.version}/ParallelsDesktop-${finalAttrs.version}.dmg";
hash = "sha256-QXrzdQ6eY3ikgwMD11/zEkYau/X0mmm2uk6O92r8w1o=";
hash = "sha256-Qkul+hZh0J7g8+D+T7RLmfrtK2i90+wlsrfm5tNaYug=";
};
hardeningDisable = [

View file

@ -1,6 +1,6 @@
{
lib,
fetchFromGitHub,
fetchFromForgejo,
rustPlatform,
pkg-config,
openssl,
@ -13,10 +13,12 @@ rustPlatform.buildRustPackage (finalAttrs: {
pname = "proxyauth";
version = "0.8.0";
src = fetchFromGitHub {
src = fetchFromForgejo {
domain = "git.proxyauth.app";
owner = "ProxyAuth";
repo = "ProxyAuth";
tag = finalAttrs.version;
rev = "13b353e4a8b34fc1736c834cfcaa9afe06e8abf8";
# Tags were not replicated from GitHub to git.proxyauth.app
hash = "sha256-cVjD91tBCGyslLsYUSP1Gy7KuMQZDVxQXU7fQkWeWyM=";
};
@ -31,6 +33,9 @@ rustPlatform.buildRustPackage (finalAttrs: {
nettle
];
__structuredAttrs = true;
strictDeps = true;
nativeInstallCheckInputs = [
versionCheckHook
];
@ -42,7 +47,7 @@ rustPlatform.buildRustPackage (finalAttrs: {
meta = {
description = "Proxy Authentication Token - Fast authentication gateway for backend APIs";
homepage = "https://github.com/ProxyAuth/ProxyAuth";
homepage = "https://git.proxyauth.app/ProxyAuth/ProxyAuth";
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [ liberodark ];
platforms = lib.platforms.linux;

View file

@ -9,13 +9,13 @@
stdenvNoCC.mkDerivation {
pname = "steam-devices-udev-rules";
version = "1.0.0.61-unstable-2026-04-16";
version = "1.0.0.61-unstable-2026-06-11";
src = fetchFromGitHub {
owner = "ValveSoftware";
repo = "steam-devices";
rev = "39e7bd00f7a322e5165fd8f416b31d23daf6d385";
hash = "sha256-QjFyzSwqwzPz06Wcj7in91tlhaxgw0DydLgsjC+i6Lo=";
rev = "bbf6cf03104aed5f73ac2798bdb09dc63ea3adf8";
hash = "sha256-22blCo0NpPE39BevFsj/Xtz2K59eyPW1xjhJMXAoR/k=";
};
nativeBuildInputs = [

View file

@ -12,16 +12,16 @@
rustPlatform.buildRustPackage (finalAttrs: {
pname = "sudo-rs";
version = "0.2.13";
version = "0.2.14";
src = fetchFromGitHub {
owner = "trifectatechfoundation";
repo = "sudo-rs";
tag = "v${finalAttrs.version}";
hash = "sha256-T9QkdpNq7YTR2df1M+lIt+iocVzrFv1yUwq0wgBRHaA=";
hash = "sha256-ym+Kc/J6ssE0j67aRguig6EjBT6W24WmGTounVJBhX0=";
};
cargoHash = "sha256-yfML0XO2/Xug0IhbzX1P7PL1YspxWR1FJYP5VtqZzRA=";
cargoHash = "sha256-wuvMo17kh3T4tFnbh557QPDyw997YKXssYspUsHFTU0=";
nativeBuildInputs = [ installShellFiles ];

View file

@ -46,11 +46,11 @@ in
stdenv.mkDerivation (finalAttrs: {
pname = "tor";
version = "0.4.9.9";
version = "0.4.9.10";
src = fetchurl {
url = "https://dist.torproject.org/tor-${finalAttrs.version}.tar.gz";
hash = "sha256-vXW6f9aPYHx4Bvz3AVajAKqSbprWml5WqOZBT1In6DM=";
hash = "sha256-3+6QTq6Pw4ouOzURVPisD8oqZkkDjxp+allGHeV9pH8=";
};
outputs = [

View file

@ -2,6 +2,7 @@
lib,
rustPlatform,
fetchFromGitHub,
versionCheckHook,
}:
rustPlatform.buildRustPackage (finalAttrs: {
@ -11,26 +12,39 @@ rustPlatform.buildRustPackage (finalAttrs: {
src = fetchFromGitHub {
owner = "sachaos";
repo = "viddy";
rev = "v${finalAttrs.version}";
tag = "v${finalAttrs.version}";
hash = "sha256-RyPG8OAg3i9N2Fq5Hij48wMvfQuTNmJFpatvB3HbXKg=";
};
cargoHash = "sha256-P+TtxV2kuHeBHr8GQeJ0VWPkjimfcAtBUFt0z79ML6A=";
env.VERGEN_BUILD_DATE = "2024-11-28"; # managed via the update script
env.VERGEN_GIT_DESCRIBE = "Nixpkgs";
__structuredAttrs = true;
passthru.updateScript.command = [ ./update.sh ];
env = {
VERGEN_BUILD_DATE = "2026-06-14"; # managed via the update script
VERGEN_GIT_DESCRIBE = "Nixpkgs";
};
doInstallCheck = true;
versionCheckProgramArg = "-V";
versionCheckKeepEnvironment = [ "VIDDY_DATA" ];
nativeInstallCheckInputs = [ versionCheckHook ];
preInstallCheck = ''
export VIDDY_DATA="$PWD";
'';
passthru.updateScript = ./update.sh;
meta = {
changelog = "https://github.com/sachaos/viddy/releases/tag/${finalAttrs.src.rev}";
description = "Modern `watch` command";
changelog = "https://github.com/sachaos/viddy/releases";
homepage = "https://github.com/sachaos/viddy";
license = lib.licenses.mit;
mainProgram = "viddy";
maintainers = with lib.maintainers; [
j-hui
phanirithvij
];
mainProgram = "viddy";
};
})

View file

@ -67,7 +67,7 @@
stdenv.mkDerivation rec {
pname = "vivaldi";
version = "8.0.4033.46";
version = "8.0.4033.50";
suffix =
{
@ -80,8 +80,8 @@ stdenv.mkDerivation rec {
url = "https://downloads.vivaldi.com/stable/vivaldi-stable_${version}-1_${suffix}.deb";
hash =
{
aarch64-linux = "sha256-Eq6dH65FY8u0OyeoqiCjx+c37Vt//CTVm245OMzxbdk=";
x86_64-linux = "sha256-1rvqwRIRHbGo5vYCIeDFYdOQVMW8K2mshoju75H46qE=";
aarch64-linux = "sha256-5n5+DY03lRDKLWX/WPX17Wg7IeTl4MDKEWOZEYHaPDE=";
x86_64-linux = "sha256-IVytlw5NzxV1TwLHeX81AgWEHHVzksVC3a0S/WuWEaA=";
}
.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
};

View file

@ -1,56 +1,88 @@
{
lib,
stdenv,
buildNpmPackage,
fetchFromGitHub,
unzip,
stdenvNoCC,
vscodium,
vscode-extensions,
nodejs-slim,
makeBinaryWrapper,
unzip,
runCommandLocal,
}:
buildNpmPackage rec {
stdenvNoCC.mkDerivation (finalAttrs: {
inherit (vscodium) version src;
pname = "vscode-langservers-extracted";
version = "4.10.0";
srcs = [
(fetchFromGitHub {
owner = "hrsh7th";
repo = "vscode-langservers-extracted";
rev = "v${version}";
hash = "sha256-3m9+HZY24xdlLcFKY/5DfvftqprwLJk0vve2ZO1aEWk=";
})
vscodium.src
sourceRoot =
if stdenvNoCC.hostPlatform.isDarwin then
"VSCodium.app/Contents/Resources/app/extensions"
else
"resources/app/extensions";
nativeBuildInputs = [
makeBinaryWrapper
]
# The Darwin release is a zip.
# stdenv unpacks the Linux tarball (tar.gz) natively.
# FIXME: update vscodium.src to use fetchTarball & fetchZip
++ lib.optionals stdenvNoCC.hostPlatform.isDarwin [
unzip
];
sourceRoot = "source";
__structuredAttrs = true;
strictDeps = true;
dontConfigure = true;
dontBuild = true;
npmDepsHash = "sha256-XGlFtmikUrnnWXsAYzTqw2K7Y2O0bUtYug0xXFIASBQ=";
installPhase = ''
runHook preInstall
nativeBuildInputs = [ unzip ];
for language in css html json; do
server="$language-language-features/server/dist/node/''${language}ServerMain.js"
install -Dm644 "$server" \
"$out/lib/extensions/$server"
makeBinaryWrapper ${lib.getExe nodejs-slim} "$out/bin/vscode-$language-language-server" \
--add-flag "$out/lib/extensions/$server"
done
buildPhase =
let
extensions =
if stdenv.hostPlatform.isDarwin then
"../VSCodium.app/Contents/Resources/app/extensions"
else
"../resources/app/extensions";
in
''
npx babel ${extensions}/css-language-features/server/dist/node \
--out-dir lib/css-language-server/node/
npx babel ${extensions}/html-language-features/server/dist/node \
--out-dir lib/html-language-server/node/
npx babel ${extensions}/json-language-features/server/dist/node \
--out-dir lib/json-language-server/node/
cp -r ${vscode-extensions.dbaeumer.vscode-eslint}/share/vscode/extensions/dbaeumer.vscode-eslint/server/out \
lib/eslint-language-server
'';
server="eslint-language-features/server/out/eslintServer.js"
install -Dm644 "${vscode-extensions.dbaeumer.vscode-eslint}/share/vscode/extensions/dbaeumer.vscode-eslint/server/out/eslintServer.js" \
"$out/lib/extensions/$server"
makeBinaryWrapper ${lib.getExe nodejs-slim} "$out/bin/vscode-eslint-language-server" \
--add-flag "$out/lib/extensions/$server"
# Use VSCodium bundled TypeScript
mkdir -p "$out/lib/extensions/node_modules"
cp -a node_modules/typescript "$out/lib/extensions/node_modules/typescript"
runHook postInstall
'';
passthru.tests.initialization =
runCommandLocal "vscode-langservers-extracted-initialization"
{
nativeBuildInputs = [ finalAttrs.finalPackage ];
}
''
request() {
init_request='{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"processId":null,"rootUri":null,"capabilities":{}}}'
content_length=''${#init_request}
printf "Content-Length: %d\r\n\r\n%s" "$content_length" "$init_request"
sleep 1
}
for language in css html json eslint; do
echo "Checking $language language server"
response=$(request | timeout 3 "vscode-$language-language-server" --stdio) || true
grep -q '"capabilities"' <<< "$response"
done
touch $out
'';
meta = {
inherit (vscodium.meta) license platforms;
description = "HTML/CSS/JSON/ESLint language servers extracted from vscode";
homepage = "https://github.com/hrsh7th/vscode-langservers-extracted";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ lord-valen ];
};
}
})

File diff suppressed because it is too large Load diff

View file

@ -23,7 +23,7 @@
let
pname = "zammad";
version = "7.0.1";
version = "7.1.0";
src = applyPatches {
src = fetchFromGitHub (lib.importJSON ./source.json);
@ -87,7 +87,7 @@ stdenvNoCC.mkDerivation {
pnpm = pnpm_10;
fetcherVersion = 3;
hash = "sha256-BhkKCo9fVkG7G2er/NVyEP17T8P1rLqCQdJlcjHsSxQ=";
hash = "sha256-JG1VhG56L1bDyrVOjP4MFB5h//dVchgnrHiqhGNIuw4=";
};
buildPhase = ''

View file

@ -1,8 +1,8 @@
{
"owner": "zammad",
"repo": "zammad",
"rev": "6a5ac49588022c610896a50516dc5876ac1f24b9",
"hash": "sha256-E2hDdl32C4dQOZqnbAOsJ12zJsC9bJ9qFPadm4rEeKA=",
"rev": "ecbb861ce33908e4b52bb2c78d816a0eef69e6a6",
"hash": "sha256-5mK120Oo8LEIA7yY9erc57WRUeCwzsIamTiAxPgePIQ=",
"fetchSubmodules": true
}

View file

@ -0,0 +1,31 @@
{
lib,
fetchurl,
buildDunePackage,
}:
buildDunePackage {
pname = "windtrap";
version = "0.1.0";
minimalOCamlVersion = "5.0";
src = fetchurl {
url = "https://github.com/invariant-hq/windtrap/releases/download/0.1.0/windtrap-0.1.0.tbz";
hash = "sha256-IkGylLJO1dVuqLg00pbm+rxdvdkkqJ9RwUsA2mbFCiU=";
};
doCheck = true;
# this force to skip "collapse_home" tests, because $HOME != getpwuid in the
# sandbox
preCheck = ''
unset HOME
'';
meta = {
description = "Unit tests, property-based tests, snapshot tests, and expect tests in a single package with one API.";
homepage = "https://ocaml.org/p/windtrap";
license = lib.licenses.isc;
maintainers = [ lib.maintainers.joblade ];
};
}

View file

@ -25,7 +25,7 @@ buildPythonPackage rec {
owner = "openstack";
repo = "osc-lib";
tag = version;
hash = "sha256-HYRm3GdgGUZqi7sqe2wmni2t0t7Ox3qJAukGABKPoyY=";
hash = "sha256-XwOJSd3k/74FvSZGveSTjH+KGLlQ2jNbk8GrTzFhbL0=";
};
patches = [

View file

@ -25,7 +25,7 @@
let
pname = "pynitrokey";
version = "0.12.2";
version = "0.12.3";
mainProgram = "nitropy";
in
@ -35,7 +35,7 @@ buildPythonPackage {
src = fetchPypi {
inherit pname version;
hash = "sha256-fDLkYUVBdMFbHlnFSCUUlyJNP9OzRKOJM3ExFdzDEkU=";
hash = "sha256-gVHa95vQH9mCxeU+hX6tXDM2WUc0vw+8iTcPs1msjbQ=";
};
nativeBuildInputs = [ installShellFiles ];

View file

@ -24,7 +24,7 @@
buildPythonPackage rec {
pname = "pypdf";
version = "6.13.2";
version = "6.14.2";
pyproject = true;
src = fetchFromGitHub {
@ -33,7 +33,7 @@ buildPythonPackage rec {
tag = version;
# fetch sample files used in tests
fetchSubmodules = true;
hash = "sha256-P/tm4roaVVnEq/bUsyk3S2ts7UWBWbDuZ1RqNKGxUS0=";
hash = "sha256-h7JuQTTUZ5tWoAhixjp+grDVA3JQ8PbHcMBzIyCMOJU=";
};
outputs = [

View file

@ -82,11 +82,6 @@ buildPythonPackage (finalAttrs: {
stestrCheckHook
];
disabledTestsRegex = [
"openstackclient.tests.unit.common.test_module.TestModuleList*"
"openstackclient.tests.unit.common.test_clientmanager.TestClientManager*"
];
pythonImportsCheck = [
"openstackclient"
"openstackclient.api"

View file

@ -26,8 +26,8 @@ let
hash = "sha256-jnDdxmSbGLw9iVzzqQjAKR6kw4A5rYcixH4Bja8enPw=";
};
"11" = {
version = "11.6.0";
hash = "sha256-oBYpSdGrGeEuizzZ8PWe8C1750oouAbPf0n7f0wH5c4=";
version = "11.8.0";
hash = "sha256-HpY6XEylFoVQugP8TujYc6dysHK3/OY7SP/yfXIOLpg=";
};
};

View file

@ -23,8 +23,8 @@ let
[ ];
in
buildNodejs {
version = "22.23.0";
sha256 = "3acfae100c7b855a4c76520ee0f95cadcace3f4254f16b7d4887f178fc95d4a0";
version = "22.23.1";
sha256 = "b27385d6845089bdb91285d94b06c2a5cf1c37f8173a3c4e10824cc1ffadeaba";
patches =
(
if (stdenv.hostPlatform.emulatorAvailable buildPackages) then

View file

@ -1,5 +1,5 @@
import ./generic.nix {
version = "1.10.3";
hash = "sha256-xf8/fHMkGGApPpKoOgpUJtttorOjf51E/S5KKguwiTM=";
cargoHash = "sha256-zu2uKtJnMi8En5btKQWgACs3mLkHnbrxA5XUkwLP+yc=";
version = "1.10.4";
hash = "sha256-+PutvVt7mqnZN+/vr0FwstB8JPuO3kJ4TSmX2Sx8WvA=";
cargoHash = "sha256-rfANfheiQnHEcbBODRW0nrPrlPdWQx3S7NmSQ50q010=";
}

View file

@ -2253,6 +2253,8 @@ let
webmachine = callPackage ../development/ocaml-modules/webmachine { };
windtrap = callPackage ../development/ocaml-modules/windtrap { };
wtf8 = callPackage ../development/ocaml-modules/wtf8 { };
### X ###