diff options
| author | nixpkgs-ci[bot] <190413589+nixpkgs-ci[bot]@users.noreply.github.com> | 2026-05-21 07:18:55 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2026-05-21 07:18:55 +0000 |
| commit | e79630333ee3d1ce926db88cc404d0961c5b9829 (patch) | |
| tree | 78909e8decabf47748db677528126605c5245c41 | |
| parent | 18524bc0e112194e6b1b2cb65a2e07f4fd945341 (diff) | |
| parent | a3c4cf99ba3f2b054c5f387446ee13b49a66be85 (diff) | |
Merge master into staging-nextstaging-next
31 files changed, 415 insertions, 230 deletions
diff --git a/lib/customisation.nix b/lib/customisation.nix index e9e88aff7cb5..d025b0bcea46 100644 --- a/lib/customisation.nix +++ b/lib/customisation.nix @@ -30,7 +30,6 @@ let flatten deepSeq extends - toFunction id ; inherit (lib.strings) levenshtein levenshteinAtMost; @@ -842,14 +841,6 @@ rec { ::: */ extendMkDerivation = - let - extendsWithExclusion = - excludedNames: g: f: final: - let - previous = f final; - in - removeAttrs previous excludedNames // g final previous; - in { constructDrv, excludeDrvArgNames ? [ ], @@ -858,24 +849,27 @@ rec { inheritFunctionArgs ? true, transformDrv ? id, }: - setFunctionArgs + { # Adds the fixed-point style support - ( - fpargs: + __functor = + self: fpargs: transformDrv ( - constructDrv (extendsWithExclusion excludeDrvArgNames extendDrvArgs (toFunction fpargs)) - ) - ) - # Add __functionArgs - ( - removeAttrs ( - # Inherit the __functionArgs from the base build helper - optionalAttrs inheritFunctionArgs (removeAttrs (functionArgs constructDrv) excludeDrvArgNames) - # Recover the __functionArgs from the derived build helper - // functionArgs (extendDrvArgs { }) - ) excludeFunctionArgNames - ) - // { + constructDrv ( + final: + let + previous = if isFunction fpargs then fpargs final else fpargs; + in + removeAttrs previous excludeDrvArgNames // extendDrvArgs final previous + ) + ); + + __functionArgs = removeAttrs ( + # Inherit the __functionArgs from the base build helper + optionalAttrs inheritFunctionArgs (removeAttrs (functionArgs constructDrv) excludeDrvArgNames) + # Recover the __functionArgs from the derived build helper + // functionArgs (extendDrvArgs { }) + ) excludeFunctionArgNames; + inherit # Expose to the result build helper. constructDrv diff --git a/lib/fetchers.nix b/lib/fetchers.nix index 402c18ab1fc4..0f4192cc6822 100644 --- a/lib/fetchers.nix +++ b/lib/fetchers.nix @@ -1,16 +1,38 @@ # snippets that can be shared by multiple fetchers (pkgs/build-support) { lib }: let - commonH = hashTypes: rec { - hashNames = [ "hash" ] ++ hashTypes; - hashSet = lib.genAttrs hashNames (lib.const { }); - }; + commonH = + let + defaultHashNames = [ "hash" ]; + in + hashTypes: rec { + hashNames = defaultHashNames ++ hashTypes; + hashSet = genAttrs hashNames (const { }); + }; fakeH = { hash = lib.fakeHash; sha256 = lib.fakeSha256; sha512 = lib.fakeSha512; }; + + defaultHashTypes = [ "sha256" ]; + + inherit (lib) + concatMapStringsSep + head + length + throwIf + ; + inherit (lib.attrsets) + attrsToList + intersectAttrs + genAttrs + removeAttrs + optionalAttrs + ; + + inherit (lib.trivial) const functionArgs setFunctionArgs; in rec { @@ -90,27 +112,14 @@ rec { */ normalizeHash = { - hashTypes ? [ "sha256" ], + hashTypes ? defaultHashTypes, required ? true, }: let - inherit (lib) - concatMapStringsSep - head - tail - throwIf - ; - inherit (lib.attrsets) - attrsToList - intersectAttrs - removeAttrs - optionalAttrs - ; - inherit (commonH hashTypes) hashNames hashSet; in args: - if args ? "outputHash" then + if args ? outputHash then args else let @@ -122,7 +131,7 @@ rec { in if hashesAsNVPairs == [ ] then throwIf required "fetcher called without `hash`" null - else if tail hashesAsNVPairs != [ ] then + else if length hashesAsNVPairs != 1 then throw "fetcher called with mutually-incompatible arguments: ${ concatMapStringsSep ", " (a: a.name) hashesAsNVPairs }" @@ -190,15 +199,20 @@ rec { and is implemented somewhat more efficiently. */ withNormalizedHash = + let + removedAttributes = [ + "outputHash" + "outputHashAlgo" + ]; + in { - hashTypes ? [ "sha256" ], + hashTypes ? defaultHashTypes, }: - fetcher: let - inherit (lib.attrsets) intersectAttrs removeAttrs; - inherit (lib.trivial) functionArgs setFunctionArgs; - inherit (commonH hashTypes) hashSet; + in + fetcher: + let fArgs = functionArgs fetcher; normalize = normalizeHash { @@ -211,10 +225,7 @@ rec { assert intersectAttrs fArgs hashSet == { }; setFunctionArgs (args: fetcher (normalize args)) ( - removeAttrs fArgs [ - "outputHash" - "outputHashAlgo" - ] + removeAttrs fArgs removedAttributes // { hash = fArgs.outputHash; } diff --git a/lib/licenses/helpers.nix b/lib/licenses/helpers.nix index b234515284f8..37721489f77a 100644 --- a/lib/licenses/helpers.nix +++ b/lib/licenses/helpers.nix @@ -1,4 +1,23 @@ { lib }: + +let + inherit (lib) all any elem; + handleComplexProperty = + evaluateSubProperty: AND: OR: license: + if license.licenseType == "compound" then + if license.operator == "OR" then + OR evaluateSubProperty license.licenses + else if license.operator == "AND" then + AND evaluateSubProperty license.licenses + else + throw "Unknown license operator" + else if license.licenseType == "exception" then + evaluateSubProperty license.license && evaluateSubProperty license.exception + else if license.licenseType == "plus" then + evaluateSubProperty license.license + else + throw "Unknown license type or legacy license"; +in rec { /** Evaluate a license expression for a given predicate. @@ -21,29 +40,45 @@ rec { - [license] license expression to check */ evaluateProperty = - predicate: permissive: license: + predicate: permissive: let - OR = if permissive then lib.any else lib.all; - AND = if permissive then lib.all else lib.any; + OR = if permissive then any else all; + AND = if permissive then all else any; + evaluateComplexProperty = handleComplexProperty (evaluateProperty predicate permissive) AND OR; in - if license.licenseType == "simple" then - predicate license - else if license.licenseType == "compound" then - if license.operator == "OR" then - OR (x: evaluateProperty predicate permissive x) license.licenses - else if license.operator == "AND" then - AND (x: evaluateProperty predicate permissive x) license.licenses - else - throw "Unknown license operator" - else if license.licenseType == "exception" then - AND (x: evaluateProperty predicate permissive x) [ - license.license - license.exception - ] - else if license.licenseType == "plus" then - evaluateProperty predicate permissive license.license - else - throw "Unknown license type or legacy license"; + license: + if license.licenseType == "simple" then predicate license else evaluateComplexProperty license; + + /** + Evaluate a license expression for a given property name. The property must + be defined as a boolean attribute of all licenses passed. + + # Example + + ```nix + evaluateNamedProperty "deprecated" true (with lib.licenses; AND [ ncsa (WITH asl20 llvm-exception) ]) + ``` + # Type + + ``` + evaluateProperty :: String -> Bool -> AttrSet -> Bool + ``` + + # Arguments + + - [name] name of the attribute to check + - [permissive] whether to apply checks permissive or reciprocal + - [license] license expression to check + */ + evaluateNamedProperty = + name: permissive: + let + OR = if permissive then any else all; + AND = if permissive then all else any; + evaluateComplexProperty = handleComplexProperty (evaluateNamedProperty name permissive) AND OR; + in + license: + if license.licenseType == "simple" then license.${name} else evaluateComplexProperty license; /** Check whether a license expression is free. @@ -65,7 +100,7 @@ rec { - [license] License expression to check if free */ - isFree = evaluateProperty (x: x.free) true; + isFree = evaluateNamedProperty "free" true; /** Check whether a license expression is redistributable. @@ -87,7 +122,7 @@ rec { - [license] License expression to check if redistributable */ - isRedistributable = evaluateProperty (x: x.redistributable) true; + isRedistributable = evaluateNamedProperty "redistributable" true; /** Check whether any of the given licenses is required in the license expression. @@ -110,7 +145,7 @@ rec { - [licenses] List of licenses to look - [license] License expression to check */ - containsLicenses = licenses: evaluateProperty (x: lib.lists.elem x licenses) false; + containsLicenses = licenses: evaluateProperty (x: elem x licenses) false; /** Convert a license expression to an SPDX license expression string. diff --git a/pkgs/applications/editors/vscode/extensions/anthropic.claude-code/default.nix b/pkgs/applications/editors/vscode/extensions/anthropic.claude-code/default.nix index c288d54edfb7..c88a5cb19827 100644 --- a/pkgs/applications/editors/vscode/extensions/anthropic.claude-code/default.nix +++ b/pkgs/applications/editors/vscode/extensions/anthropic.claude-code/default.nix @@ -21,26 +21,26 @@ vscode-utils.buildVscodeMarketplaceExtension (finalAttrs: { sources = { "x86_64-linux" = { arch = "linux-x64"; - hash = "sha256-VTbeOLAGmaVy9PL5/Y+ebbCNa6ki4cx0VGXhzLuz1ow="; + hash = "sha256-bAD+NqqkEe5RfMQdMSAokPzb+SqoVc6DKnTPrW0+MA0="; }; "aarch64-linux" = { arch = "linux-arm64"; - hash = "sha256-j8cDVoxT38/dmorTlPQjrd2GQS+BkoatIbQQzB1c7GA="; + hash = "sha256-AzF2ZK4mOHoQnZz1W8IhLzGQzdysr6skbICxvfY+iHA="; }; "x86_64-darwin" = { arch = "darwin-x64"; - hash = "sha256-Kl23fdHFlh9cvfMtXNr6GI+AWknPFMM1lGFCuJY5kXw="; + hash = "sha256-vky+lZyLDeA3o04FXGPTnKQCRsV3L7Ry0RJ9w2XCmUo="; }; "aarch64-darwin" = { arch = "darwin-arm64"; - hash = "sha256-M1dfKzjfHeH4xmvnuRmBsnhaQryL6c84nPrl2NGQT5k="; + hash = "sha256-MU0ZptlmHlpSvJu+j/QY7p+xXiKG6+iF65DMAuE98v0="; }; }; in { name = "claude-code"; publisher = "anthropic"; - version = "2.1.143"; + version = "2.1.145"; } // sources.${stdenvNoCC.hostPlatform.system} or (throw "Unsupported system ${stdenvNoCC.hostPlatform.system}"); diff --git a/pkgs/applications/networking/browsers/firefox/packages/firefox-devedition.nix b/pkgs/applications/networking/browsers/firefox/packages/firefox-devedition.nix index 235be9bf0062..64b9d7a3e7ac 100644 --- a/pkgs/applications/networking/browsers/firefox/packages/firefox-devedition.nix +++ b/pkgs/applications/networking/browsers/firefox/packages/firefox-devedition.nix @@ -10,13 +10,13 @@ buildMozillaMach rec { pname = "firefox-devedition"; binaryName = "firefox-devedition"; - version = "150.0b7"; + version = "152.0b1"; applicationName = "Firefox Developer Edition"; requireSigning = false; branding = "browser/branding/aurora"; src = fetchurl { url = "mirror://mozilla/devedition/releases/${version}/source/firefox-${version}.source.tar.xz"; - sha512 = "e4240a9c13bbe188763eb03d65935576c03ba4ead80411ff2ca528a06788bbe4b61be3fa221c01f70e4601428bf8c7895506df28a782078e8171d34d017299a0"; + sha512 = "1fcbb8bd7b80415639dec2e1f28e6e893b43592115e1a445f447868f114f04b9b20307af030017fd19fa9f3d7b8ae13e7083229aaa1af9d092f44f6eaa0ae798"; }; # buildMozillaMach sets MOZ_APP_REMOTINGNAME during configuration, but diff --git a/pkgs/applications/networking/cluster/terraform-providers/providers.json b/pkgs/applications/networking/cluster/terraform-providers/providers.json index 5edddf51e0ac..470391ea66bf 100644 --- a/pkgs/applications/networking/cluster/terraform-providers/providers.json +++ b/pkgs/applications/networking/cluster/terraform-providers/providers.json @@ -679,13 +679,13 @@ "vendorHash": "sha256-boeh/lZHlBD/bQqLnrY9oul4GcRZUHT97FyhKb4nE/c=" }, "hashicorp_tls": { - "hash": "sha256-r7nthgw7MycME+edQ4jHQQ33mmpNv3t/LDbD5IkXDYA=", + "hash": "sha256-mTfWFYkot4iMFosHZUyj1265PpJafavG68sWG9k/wp4=", "homepage": "https://registry.terraform.io/providers/hashicorp/tls", "owner": "hashicorp", "repo": "terraform-provider-tls", - "rev": "v4.2.1", + "rev": "v4.3.0", "spdx": "MPL-2.0", - "vendorHash": "sha256-OvotUEh+P2b3ngaD/8lVbemnM3lrtwqduPXPjF/bqVA=" + "vendorHash": "sha256-aM9bDzYM4RW3cIeJCMnIB9VqEaPV4D0r3zMOU3d0QDs=" }, "hashicorp_vault": { "hash": "sha256-k/S1ez6q70vvnHMfU2aweTFzRnLlYbxUEh4xZumT1mo=", diff --git a/pkgs/by-name/_1/_1password-gui/sources.json b/pkgs/by-name/_1/_1password-gui/sources.json index ff8aa8fa2dcf..a7f258fa0f52 100644 --- a/pkgs/by-name/_1/_1password-gui/sources.json +++ b/pkgs/by-name/_1/_1password-gui/sources.json @@ -1,28 +1,28 @@ { "stable": { "linux": { - "version": "8.12.12", + "version": "8.12.21", "sources": { "x86_64": { - "url": "https://downloads.1password.com/linux/tar/stable/x86_64/1password-8.12.12.x64.tar.gz", - "hash": "sha256-tdhuBJeCXbepDN6Z9Yqs6gE5lMUh72sOJuQSv4Qoj1M=" + "url": "https://downloads.1password.com/linux/tar/stable/x86_64/1password-8.12.21.x64.tar.gz", + "hash": "sha256-+TNkHD+CEODImJqxsvYO008UYqOAyrFpfXiaI5zYuDs=" }, "aarch64": { - "url": "https://downloads.1password.com/linux/tar/stable/aarch64/1password-8.12.12.arm64.tar.gz", - "hash": "sha256-RNwZOqr29aLgNJYH/66TFEKCK3AVBhk+qnSax+Y7Dl4=" + "url": "https://downloads.1password.com/linux/tar/stable/aarch64/1password-8.12.21.arm64.tar.gz", + "hash": "sha256-zY2hwSANgpGLGh/qOXUbY2JlZnNpXByysAgZvnuS+Qc=" } } }, "darwin": { - "version": "8.12.12", + "version": "8.12.21", "sources": { "x86_64": { - "url": "https://downloads.1password.com/mac/1Password-8.12.12-x86_64.zip", - "hash": "sha256-6vVMkra7T4kVRrVn8QexBMRkHDrUoZXP/eALyBPYPow=" + "url": "https://downloads.1password.com/mac/1Password-8.12.21-x86_64.zip", + "hash": "sha256-3CX1Qv2lYTy23XXRaAblOE+mp5YoX4qtV0SXV4hP8xI=" }, "aarch64": { - "url": "https://downloads.1password.com/mac/1Password-8.12.12-aarch64.zip", - "hash": "sha256-IqMw4dgMhHkzjMVbmZy/h3li74JZxbY8D4COeMEg+1o=" + "url": "https://downloads.1password.com/mac/1Password-8.12.21-aarch64.zip", + "hash": "sha256-dwE97R0ZXn5kH9GGlyE+Zizb2T5GasgpGW+5zUFog8U=" } } } diff --git a/pkgs/by-name/ar/arwen/package.nix b/pkgs/by-name/ar/arwen/package.nix new file mode 100644 index 000000000000..71d35e8a80e3 --- /dev/null +++ b/pkgs/by-name/ar/arwen/package.nix @@ -0,0 +1,46 @@ +{ + lib, + rustPlatform, + fetchFromGitHub, +}: + +rustPlatform.buildRustPackage (finalAttrs: { + pname = "arwen"; + version = "0.0.5-unstable-2026-04-07"; + + src = fetchFromGitHub { + owner = "nichmor"; + repo = "arwen"; + rev = "696351a8c208315b0dfd4a1e5c37288a689ccd2e"; + hash = "sha256-6RW8BeKjoxeO8SBz/VdZGnrRW+EIKq5NtrFdM0lx0+o="; + }; + + cargoHash = "sha256-bj7YB7xNlfdrYYZv3CDuqkm+/pg+C1KwizPTlNqQWt8="; + + __structuredAttrs = true; + + meta = { + description = "Cross-platform patching of shared libraries in Rust"; + longDescription = '' + Arwen is a command-line utility and Rust library designed to modify + executable files and shared libraries. + + Specifically, it targets the ELF format (commonly used on Linux, BSD, and + other Unix-like systems) and the Mach-O format (used on macOS and iOS). + + It allows you to inspect and rewrite various properties within these + files that influence how they load and link with other libraries at + runtime. + + Think of arwen as a modern, unified, Rust-based alternative to the + widely-used patchelf (for ELF files) and install_name_tool (for Mach-O + files). It combines the core functionalities of both into a single tool. + ''; + homepage = "https://github.com/nichmor/arwen"; + mainProgram = "arwen"; + license = lib.licenses.mit; + platforms = lib.platforms.all; + maintainers = with lib.maintainers; [ eljamm ]; + teams = with lib.teams; [ ngi ]; + }; +}) diff --git a/pkgs/by-name/cl/claude-code/manifest.json b/pkgs/by-name/cl/claude-code/manifest.json index e9444eb564d4..992b4967d5ae 100644 --- a/pkgs/by-name/cl/claude-code/manifest.json +++ b/pkgs/by-name/cl/claude-code/manifest.json @@ -1,47 +1,47 @@ { - "version": "2.1.143", - "commit": "cfb8132e4c3551e2773f41a1900efd1cc93637db", - "buildDate": "2026-05-15T17:47:13Z", + "version": "2.1.145", + "commit": "daa4c3755d45ab0cf97bb41db8c03bd2dfd2ff5f", + "buildDate": "2026-05-19T01:56:17Z", "platforms": { "darwin-arm64": { "binary": "claude", - "checksum": "2701c6cfd68483f8faf0316a1ba6481a1455a90645ada179f0c48d8c36d722ef", - "size": 207605280 + "checksum": "368dcd9709c85534f673071e7cc8eb5422bcff367fb9bdf5ce25d9619aab7ef5", + "size": 208546464 }, "darwin-x64": { "binary": "claude", - "checksum": "bc8ff4ce02b765a033808fb596f9522306cbe5c50d21344ed8752c08966f362c", - "size": 210119440 + "checksum": "c23dc566214279d0708f4212261f023d8e63d5af5aef91638ebfdc090b3e33de", + "size": 211044112 }, "linux-arm64": { "binary": "claude", - "checksum": "32e8edc4a5c3c41d18607c75d1b8e7bec643330c03e266be46ac3b41a446c4eb", - "size": 232961672 + "checksum": "75ad61d690d79440c82b5841444e1b42caae55736af37c97dd0e068ef20ce390", + "size": 233944712 }, "linux-x64": { "binary": "claude", - "checksum": "f75fdc3ff9d9cd494b86192f9e349b5c5c6d3970ed4d5cd5c7b330c5a2b1dcc4", - "size": 233088720 + "checksum": "b3ffbc12689bfe81389d6577787fcea4cab81bd3b6bba9b719e73770b62d720e", + "size": 234022608 }, "linux-arm64-musl": { "binary": "claude", - "checksum": "e68903ec56ddd5560bb0820c96c8f7a4193e7eab6236ede56cb2e05f450ce44f", - "size": 225816408 + "checksum": "3a73f058b2225a4210931362bc9c98e486e3362ca28b339281755737fb375c7c", + "size": 226799448 }, "linux-x64-musl": { "binary": "claude", - "checksum": "e4cb8588ed6e38f9920bdaa2611263d4a0b0d11300f1d23945df234fdf5e278a", - "size": 227482672 + "checksum": "cfc95961a41329204405c4b0e257cb467821133eb7bdb1ca0866dfe789d5d442", + "size": 228416560 }, "win32-x64": { "binary": "claude.exe", - "checksum": "e480244f2a4660fe76ed32442c1e3e2edda8fb5433417e73faba39f0e7f69eb6", - "size": 228902560 + "checksum": "1da511cee5d3a4968634174498e9148635a5908d7f6ea5ec91b04d531c20c3bc", + "size": 229910176 }, "win32-arm64": { "binary": "claude.exe", - "checksum": "5cbad78d2f316fedd0d621289aae558aaf259b404d0a46e0e49662ef3b397986", - "size": 224866976 + "checksum": "b6b920c757e08ff3e4f0dc211360ad7815db539d4915bb691e57ee4d34db31e5", + "size": 225875616 } } } diff --git a/pkgs/by-name/cs/csmith/package.nix b/pkgs/by-name/cs/csmith/package.nix index 80830a36167a..2e682f6d21e9 100644 --- a/pkgs/by-name/cs/csmith/package.nix +++ b/pkgs/by-name/cs/csmith/package.nix @@ -1,7 +1,8 @@ { lib, stdenv, - fetchurl, + fetchFromGitHub, + cmake, m4, makeWrapper, libbsd, @@ -10,14 +11,20 @@ stdenv.mkDerivation rec { pname = "csmith"; - version = "2.3.0"; + version = "2.3.0-unstable-2026-03-01"; - src = fetchurl { - url = "https://embed.cs.utah.edu/csmith/${pname}-${version}.tar.gz"; - sha256 = "1mb5zgixsyf86slggs756k8a5ddmj980md3ic9sa1y75xl5cqizj"; + src = fetchFromGitHub { + owner = "csmith-project"; + repo = "csmith"; + rev = "0cdc710315cfee9035e22ef4363ca479270d1934"; + hash = "sha256-m0xdGtccxGFMHFYRCultkEfMEs9ju8ccx7kZbxNTapE="; }; + strictDeps = true; + __structuredAttrs = true; + nativeBuildInputs = [ + cmake m4 makeWrapper ]; diff --git a/pkgs/by-name/dr/drupal/package.nix b/pkgs/by-name/dr/drupal/package.nix index df9e77c91c98..2de0b7fc51ea 100644 --- a/pkgs/by-name/dr/drupal/package.nix +++ b/pkgs/by-name/dr/drupal/package.nix @@ -8,18 +8,18 @@ php.buildComposerProject2 (finalAttrs: { pname = "drupal"; - version = "11.3.9"; + version = "11.3.10"; src = fetchFromGitLab { domain = "git.drupalcode.org"; owner = "project"; repo = "drupal"; tag = finalAttrs.version; - hash = "sha256-r+Xd+vD4HAUOmVqZOzZo4cVsItv5WwW1OFOC2SICroo="; + hash = "sha256-22oi80H8CZfafX0PFMmMinwIdKKdPs0iM0ime1aYXDI="; }; composerNoPlugins = false; - vendorHash = "sha256-FFHgINgXFT5eV2gx87Peoh3mfsvlQzG4tZRus97Faes="; + vendorHash = "sha256-jwCHtpshEVzBhcXjCl5HOdkIiHRcH3V7fBxTxU39/S0="; passthru = { tests = { diff --git a/pkgs/by-name/fl/flow/package.nix b/pkgs/by-name/fl/flow/package.nix index b9fa4836b0f0..2bc74078a227 100644 --- a/pkgs/by-name/fl/flow/package.nix +++ b/pkgs/by-name/fl/flow/package.nix @@ -16,13 +16,13 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "flow"; - version = "0.313.0"; + version = "0.314.0"; src = fetchFromGitHub { owner = "facebook"; repo = "flow"; tag = "v${finalAttrs.version}"; - hash = "sha256-U2TC9IV414X71zhrRb47kCvQkVqOSxzeNnfuoBSeJQE="; + hash = "sha256-98rtymAYp8MoPtgnuoMVKc8ss4JK2cQ/4dWVN1TGJsA="; }; patches = [ diff --git a/pkgs/by-name/gh/ghgrab/package.nix b/pkgs/by-name/gh/ghgrab/package.nix index 68cbd698a663..14a0e3259716 100644 --- a/pkgs/by-name/gh/ghgrab/package.nix +++ b/pkgs/by-name/gh/ghgrab/package.nix @@ -8,16 +8,16 @@ # note: upstream has a flake rustPlatform.buildRustPackage (finalAttrs: { pname = "ghgrab"; - version = "1.3.2"; + version = "2.0.1"; src = fetchFromGitHub { owner = "abhixdd"; repo = "ghgrab"; tag = "v${finalAttrs.version}"; - hash = "sha256-Wg0tDsK29RZ4iunaoLp2IbU4rC7GBlihGWbTJs0l480="; + hash = "sha256-5eGJqnGTctaXM5x/1QUcL9ne4kPZhjiN7+D3Lb0UJpc="; }; - cargoHash = "sha256-6B9rVTqA2IoYCYOKy1Dc0f+3YZUJFeFQfEXF1OXZmEQ="; + cargoHash = "sha256-nn7oT0TIBFxfFVOvLIvp9TswPIr6v+ttdw74CnaKqAQ="; doInstallCheck = true; versionCheckProgramArg = "--version"; diff --git a/pkgs/by-name/hm/hmcl/package.nix b/pkgs/by-name/hm/hmcl/package.nix index cdf46b5de703..2dba788bc092 100644 --- a/pkgs/by-name/hm/hmcl/package.nix +++ b/pkgs/by-name/hm/hmcl/package.nix @@ -50,13 +50,13 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "hmcl"; - version = "3.13.2"; + version = "3.14.1"; src = fetchurl { # HMCL has built-in keys, such as the Microsoft OAuth secret and the CurseForge API key. # See https://github.com/HMCL-dev/HMCL/blob/refs/tags/release-3.6.12/.github/workflows/gradle.yml#L26-L28 url = "https://github.com/HMCL-dev/HMCL/releases/download/v${finalAttrs.version}/HMCL-${finalAttrs.version}.jar"; - hash = "sha256-2OLtf47fmNiEFOkjHiDCj99seiMy25PlmRDSFKu9WFI="; + hash = "sha256-j8+PIbNySlwELKKdsYQe53++w9zunKaN9TRqZq+LpYI="; }; # - HMCL prompts users to download prebuilt Terracotta binary for @@ -71,7 +71,7 @@ stdenv.mkDerivation (finalAttrs: { terracottaBundleJava = fetchurl { name = "hmcl-terracotta-bundle-java-${finalAttrs.version}"; url = "https://raw.githubusercontent.com/HMCL-dev/HMCL/v${finalAttrs.version}/${finalAttrs.terracottaBundleJavaPath}"; - hash = "sha256-QXjo/NiYQyJfan15hnvJlBir9s9R6H+jHsr+K9M1oTw="; + hash = "sha256-05U4/TUYECPgrzZbLiSPUwo5XtIm2w+T8gCdtqpsRVs="; }; macOSProviderJava = fetchurl { name = "hmcl-macos-provider-java-${finalAttrs.version}"; diff --git a/pkgs/by-name/im/impression/package.nix b/pkgs/by-name/im/impression/package.nix index 41013ce31dd3..b5e4f8638f93 100644 --- a/pkgs/by-name/im/impression/package.nix +++ b/pkgs/by-name/im/impression/package.nix @@ -24,18 +24,18 @@ stdenv.mkDerivation (finalAttrs: { pname = "impression"; - version = "3.6.0"; + version = "3.7.0"; src = fetchFromGitLab { owner = "adhami3310"; repo = "Impression"; tag = "v${finalAttrs.version}"; - hash = "sha256-jxfleGDIetTxh0YltKYz2KYE00opwZb+rnaR76beGWA="; + hash = "sha256-EyVbK+E9X9q+O/2RItJDXjQNsLZ3cn2YmK9Ct98w8IQ="; }; cargoDeps = rustPlatform.fetchCargoVendor { inherit (finalAttrs) pname version src; - hash = "sha256-RR27VE1/8jG2HgeWtIwGsF9HUlI3Kky9J4X6kZnA+kw="; + hash = "sha256-Mvpy5aDeu4qycSj+fp4DfRNLv6T2Ksqgjt5GFTkjS6U="; }; nativeBuildInputs = [ diff --git a/pkgs/by-name/ki/kiro/package.nix b/pkgs/by-name/ki/kiro/package.nix index b61e6c5f1db3..0b65dbc1fcf0 100644 --- a/pkgs/by-name/ki/kiro/package.nix +++ b/pkgs/by-name/ki/kiro/package.nix @@ -14,7 +14,7 @@ in inherit useVSCodeRipgrep; commandLineArgs = extraCommandLineArgs; - version = "0.12.184"; + version = "0.12.200"; pname = "kiro"; # You can find the current VSCode version in the About dialog: diff --git a/pkgs/by-name/ki/kiro/sources.json b/pkgs/by-name/ki/kiro/sources.json index e8054a56d5f8..31565e2585e9 100644 --- a/pkgs/by-name/ki/kiro/sources.json +++ b/pkgs/by-name/ki/kiro/sources.json @@ -1,14 +1,14 @@ { "x86_64-linux": { - "url": "https://prod.download.desktop.kiro.dev/releases/stable/linux-x64/signed/0.12.184/tar/kiro-ide-0.12.184-stable-linux-x64.tar.gz", - "hash": "sha256-6T3ZS6KaEBkW0ESQMiNO3UBytk0Ad4g1moBS6dYCTAs=" + "url": "https://prod.download.desktop.kiro.dev/releases/stable/linux-x64/signed/0.12.200/tar/kiro-ide-0.12.200-stable-linux-x64.tar.gz", + "hash": "sha256-9OEMZ7FojIyJuHBwEPPYCbg6pjtDjAo5R6sFJ6P8Sbo=" }, "x86_64-darwin": { - "url": "https://prod.download.desktop.kiro.dev/releases/stable/darwin-x64/signed/0.12.184/kiro-ide-0.12.184-stable-darwin-x64.dmg", - "hash": "sha256-fqsdcFdCR/fSxmqpjJ2fxfbtcmfd9RunuW+/RV2khAQ=" + "url": "https://prod.download.desktop.kiro.dev/releases/stable/darwin-x64/signed/0.12.200/kiro-ide-0.12.200-stable-darwin-x64.dmg", + "hash": "sha256-gRwyFF3IgzQ1e1T7k08YF+0q2KnJZ+Ns1o+po6mc2Bc=" }, "aarch64-darwin": { - "url": "https://prod.download.desktop.kiro.dev/releases/stable/darwin-arm64/signed/0.12.184/kiro-ide-0.12.184-stable-darwin-arm64.dmg", - "hash": "sha256-LpBdGzmDTVlGIYEWxeR9l9ywJ0T5HE4rbCoXGxf4Vxs=" + "url": "https://prod.download.desktop.kiro.dev/releases/stable/darwin-arm64/signed/0.12.200/kiro-ide-0.12.200-stable-darwin-arm64.dmg", + "hash": "sha256-SpCHOXhR/OdMpJQe+IvtLXri6T4ecBTO7LyA8WzNzbc=" } } diff --git a/pkgs/by-name/ky/kyverno/package.nix b/pkgs/by-name/ky/kyverno/package.nix index 3bda1e170320..05edb054143b 100644 --- a/pkgs/by-name/ky/kyverno/package.nix +++ b/pkgs/by-name/ky/kyverno/package.nix @@ -10,13 +10,13 @@ buildGoModule (finalAttrs: { pname = "kyverno"; - version = "1.18.0"; + version = "1.18.1"; src = fetchFromGitHub { owner = "kyverno"; repo = "kyverno"; rev = "v${finalAttrs.version}"; - hash = "sha256-emjXUd9yr6Rwv3I/em+BicC2MppGdT736DMuWBLdSZM="; + hash = "sha256-zo02ABieJ+CykuqGJlnthXibgBzNGB3t3UdlKMTIkFo="; }; ldflags = [ diff --git a/pkgs/by-name/mi/minijinja/package.nix b/pkgs/by-name/mi/minijinja/package.nix index 363dfc8835c9..656e0837d125 100644 --- a/pkgs/by-name/mi/minijinja/package.nix +++ b/pkgs/by-name/mi/minijinja/package.nix @@ -6,16 +6,16 @@ rustPlatform.buildRustPackage (finalAttrs: { pname = "minijinja"; - version = "2.19.0"; + version = "2.20.0"; src = fetchFromGitHub { owner = "mitsuhiko"; repo = "minijinja"; rev = finalAttrs.version; - hash = "sha256-aZBC2OypmrPNU/uuaCCjhcFTJn0jl3VPTJYHh0piTxo="; + hash = "sha256-8EEhtdfTU+q9TON6InIv0gdAS154745NeQX2TE513J0="; }; - cargoHash = "sha256-TGqfng5SB2tTplZaFWC6BM/L385av6tYTQvcHsSk3h0="; + cargoHash = "sha256-uCyG+gT8zltsqwfwsQguoUvIEs5zLG70nBJC7txRLsI="; # The tests relies on the presence of network connection doCheck = false; diff --git a/pkgs/by-name/mo/monophony/package.nix b/pkgs/by-name/mo/monophony/package.nix index 19da2ab1d6af..95c026562553 100644 --- a/pkgs/by-name/mo/monophony/package.nix +++ b/pkgs/by-name/mo/monophony/package.nix @@ -12,14 +12,14 @@ }: python3Packages.buildPythonApplication (finalAttrs: { pname = "monophony"; - version = "4.4.4"; + version = "4.4.6"; pyproject = true; src = fetchFromGitLab { owner = "zehkira"; repo = "monophony"; tag = "v${finalAttrs.version}"; - hash = "sha256-YG8YHD3wSEN0/9fINXwDwIfY74Wl24Se40j1SLlTWPc="; + hash = "sha256-aDtz1VKOx+HvZxzXVEkFe2JMwMfdXmSJKq6ilI24TnI="; }; sourceRoot = "${finalAttrs.src.name}/source"; diff --git a/pkgs/by-name/ne/nezha/package.nix b/pkgs/by-name/ne/nezha/package.nix index 54b84dd46d46..414f6ffd1322 100644 --- a/pkgs/by-name/ne/nezha/package.nix +++ b/pkgs/by-name/ne/nezha/package.nix @@ -48,13 +48,13 @@ let in buildGoModule (finalAttrs: { pname = "nezha"; - version = "2.0.7"; + version = "2.0.11"; src = fetchFromGitHub { owner = "nezhahq"; repo = "nezha"; tag = "v${finalAttrs.version}"; - hash = "sha256-QFNv1O0XYkH+OwrUbkmeuLKTSsumo+1uvunDn8LbTho="; + hash = "sha256-XZPyzIiqf2UG1gE6uHiYSVPCP6G/lrKK+Y3vRgkPk20="; }; proxyVendor = true; @@ -94,7 +94,7 @@ buildGoModule (finalAttrs: { GOROOT=''${GOROOT-$(go env GOROOT)} swag init --pd -d cmd/dashboard -g main.go -o cmd/dashboard/docs ''; - vendorHash = "sha256-gRvWCX+6fSTEbL6Rp7FRoqNXz1HRVIlYl4ADi/fIq80="; + vendorHash = "sha256-x347CkS4nw8hFUhmuewvrqNDE2a2lT3KmIQ1hc98NJE="; ldflags = [ "-s" diff --git a/pkgs/by-name/ri/ringboard/package.nix b/pkgs/by-name/ri/ringboard/package.nix index baa518846b6c..4c4f0bf21e32 100644 --- a/pkgs/by-name/ri/ringboard/package.nix +++ b/pkgs/by-name/ri/ringboard/package.nix @@ -26,16 +26,16 @@ rustPlatform.buildRustPackage (finalAttrs: { # release version needs nightly, so we use a custom tree, see: # https://github.com/SUPERCILEX/clipboard-history/issues/22#issuecomment-3676256971 - version = "0.14.0-unstable-2026-01-19"; + version = "0.16.2-unstable-2026-05-10"; src = fetchFromGitHub { owner = "SUPERCILEX"; repo = "clipboard-history"; - rev = "cb2e94add2388a68a8f015b77f9b082b1658b3b7"; - hash = "sha256-r2632XJ/2Er1TuHCDNm6uItvdhqJ87i9p+h9M2MwKwk="; + rev = "0719d4398034efa32c3f093e06a2fdb033afbc22"; + hash = "sha256-/LDxZ3bsuVwMiRzLTuLIs6y7jAS/84sXhTRhovXV8zM="; }; - cargoHash = "sha256-c5Zdvz2xHsGh4VnOED2JiitNWwNTSkygaMFHPPLANqw="; + cargoHash = "sha256-ARSvWjeVWXksZ27lRJn67wXpgr8epagflOAULKmYaQ8="; nativeBuildInputs = [ makeWrapper diff --git a/pkgs/by-name/st/stevenblack-blocklist/package.nix b/pkgs/by-name/st/stevenblack-blocklist/package.nix index 98de56bd51cb..978f11bfc49a 100644 --- a/pkgs/by-name/st/stevenblack-blocklist/package.nix +++ b/pkgs/by-name/st/stevenblack-blocklist/package.nix @@ -6,13 +6,13 @@ }: stdenvNoCC.mkDerivation (finalAttrs: { pname = "stevenblack-blocklist"; - version = "3.16.80"; + version = "3.16.81"; src = fetchFromGitHub { owner = "StevenBlack"; repo = "hosts"; tag = finalAttrs.version; - hash = "sha256-wTiDXFiBKV4M4jv1JrVLL/kkIyE1FK4qino07BYU5fc="; + hash = "sha256-TdfeoGfVEsrP1dIzchd++iMkVxQixSpJNIfcvV1Dl2c="; }; outputs = [ diff --git a/pkgs/by-name/vc/vcmi/package.nix b/pkgs/by-name/vc/vcmi/package.nix index 521c34ddb7cd..ef2c940b8c1d 100644 --- a/pkgs/by-name/vc/vcmi/package.nix +++ b/pkgs/by-name/vc/vcmi/package.nix @@ -28,14 +28,14 @@ }: stdenv.mkDerivation (finalAttrs: { pname = "vcmi"; - version = "1.7.3"; + version = "1.7.4"; src = fetchFromGitHub { owner = "vcmi"; repo = "vcmi"; tag = finalAttrs.version; fetchSubmodules = true; - hash = "sha256-4Gp/neisH3zpblc/LTQlaWHzXSi6OHzP0IQHI6wzygE="; + hash = "sha256-uzdnRKF0xb2B2r6kTzk6OEDGBdOwcu9eGYsvv4ALCF0="; }; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/asn1/default.nix b/pkgs/development/python-modules/asn1/default.nix index b2ede45e5a87..cc64d91a3440 100644 --- a/pkgs/development/python-modules/asn1/default.nix +++ b/pkgs/development/python-modules/asn1/default.nix @@ -8,14 +8,14 @@ buildPythonPackage rec { pname = "asn1"; - version = "3.2.0"; + version = "3.3.0"; pyproject = true; src = fetchFromGitHub { owner = "andrivet"; repo = "python-asn1"; tag = "v${version}"; - hash = "sha256-Ge4ffqew/cfYUoKSudCz4S3+In6nEUPOK6Zes//R4Ls="; + hash = "sha256-gqFW+akhWwvtqJQb4LqcgjyJb6bcInl0gT6f2CMTtA0="; }; build-system = [ setuptools ]; diff --git a/pkgs/development/python-modules/geodatasets/default.nix b/pkgs/development/python-modules/geodatasets/default.nix index acb1ac1c4716..e1a7b806f089 100644 --- a/pkgs/development/python-modules/geodatasets/default.nix +++ b/pkgs/development/python-modules/geodatasets/default.nix @@ -12,14 +12,14 @@ buildPythonPackage rec { pname = "geodatasets"; - version = "2026.5.0"; + version = "2026.5.1"; pyproject = true; src = fetchFromGitHub { owner = "geopandas"; repo = "geodatasets"; tag = version; - hash = "sha256-6RaWZOp5V5gc/vY3tZsXDNnDmUYnhmZFpto0pa6uMNg="; + hash = "sha256-wKe5hDK0J3e+9PyMvH1dJWpNMC8Ct4u5ysJoi7/xw4k="; }; build-system = [ setuptools-scm ]; diff --git a/pkgs/development/python-modules/py-arwen/default.nix b/pkgs/development/python-modules/py-arwen/default.nix new file mode 100644 index 000000000000..affd282efc18 --- /dev/null +++ b/pkgs/development/python-modules/py-arwen/default.nix @@ -0,0 +1,58 @@ +{ + lib, + buildPythonPackage, + rustPlatform, + arwen, + pytestCheckHook, +}: + +buildPythonPackage (finalAttrs: { + pname = "py-arwen"; + pyproject = true; + + inherit (arwen) + version + src + ; + + sourceRoot = "${finalAttrs.src.name}/py-arwen"; + + cargoDeps = rustPlatform.fetchCargoVendor { + inherit (finalAttrs) + pname + version + src + sourceRoot + ; + hash = "sha256-SJ3RZ/kCfMJb26uaJEQzA2NXOCudyqbJpbvC4d/R/T8="; + }; + + nativeBuildInputs = with rustPlatform; [ + cargoSetupHook + maturinBuildHook + ]; + + nativeCheckInputs = [ + pytestCheckHook + ]; + + preCheck = '' + # conflicts with built module + rm -r arwen + ''; + + pythonImportsCheck = [ + "arwen" + ]; + + meta = { + inherit (arwen.meta) + description + homepage + license + platforms + maintainers + teams + ; + }; +}) diff --git a/pkgs/development/python-modules/wand/default.nix b/pkgs/development/python-modules/wand/default.nix index 8a4f89a2055a..7a3212a78742 100644 --- a/pkgs/development/python-modules/wand/default.nix +++ b/pkgs/development/python-modules/wand/default.nix @@ -10,14 +10,14 @@ buildPythonPackage rec { pname = "wand"; - version = "0.7.0"; + version = "0.7.1"; pyproject = true; src = fetchFromGitHub { owner = "emcconville"; repo = "wand"; tag = version; - hash = "sha256-U4qxtOC72YSgo74OZdFmMG8W2s4wFI0ohJ7uJ4caabA="; + hash = "sha256-SigXdX4sfw0nKYvIu/Jsoj+RBmcoHAGCFRA8t7gc+3s="; }; postPatch = '' diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix index e1680f07cfa4..fb61ade7e4e3 100644 --- a/pkgs/stdenv/generic/make-derivation.nix +++ b/pkgs/stdenv/generic/make-derivation.nix @@ -32,6 +32,7 @@ let isBool isDerivation isInt + isFunction isList isPath isString @@ -41,12 +42,10 @@ let optional optionalString optionals - pipe remove seq splitString subtractLists - toExtension toFunction typeOf unique @@ -55,6 +54,7 @@ let warn warnIf zipAttrsWith + any ; inherit (lib.generators) toPretty; @@ -112,8 +112,21 @@ let final: let prev = rattrs final; - thisOverlay = toExtension f0 final prev; - pos = unsafeGetAttrPos "version" thisOverlay; + # inlined version of toExtension + thisOverlay = + if isFunction f0 then + let + fPrev = f0 prev; + in + if isFunction fPrev then + # f is (final: prev: { ... }) + f0 final prev + else + # f is (prev: { ... }) + fPrev + else + # f is not a function; probably { ... } + f0; in warnIf ( @@ -126,26 +139,31 @@ let && !(thisOverlay ? src) && !(thisOverlay.__intentionallyOverridingVersion or false) ) - '' - ${ - args.name or "${args.pname or "<unknown name>"}-${args.version or "<unknown version>"}" - } was overridden with `version` but not `src` at ${pos.file or "<unknown file>"}:${ - toString pos.line or "<unknown line>" - }:${toString pos.column or "<unknown column>"}. - - This is most likely not what you want. In order to properly change the version of a package, override - both the `version` and `src` attributes: - - hello.overrideAttrs (oldAttrs: rec { - version = "1.0.0"; - src = pkgs.fetchurl { - url = "mirror://gnu/hello/hello-''${version}.tar.gz"; - hash = "..."; - }; - }) - - (To silence this warning, set `__intentionallyOverridingVersion = true` in your `overrideAttrs` call.) - '' + ( + let + pos = unsafeGetAttrPos "version" thisOverlay; + in + '' + ${ + args.name or "${args.pname or "<unknown name>"}-${args.version or "<unknown version>"}" + } was overridden with `version` but not `src` at ${pos.file or "<unknown file>"}:${ + toString pos.line or "<unknown line>" + }:${toString pos.column or "<unknown column>"}. + + This is most likely not what you want. In order to properly change the version of a package, override + both the `version` and `src` attributes: + + hello.overrideAttrs (oldAttrs: rec { + version = "1.0.0"; + src = pkgs.fetchurl { + url = "mirror://gnu/hello/hello-''${version}.tar.gz"; + hash = "..."; + }; + }) + + (To silence this warning, set `__intentionallyOverridingVersion = true` in your `overrideAttrs` call.) + '' + ) (prev // (removeAttrs thisOverlay [ "__intentionallyOverridingVersion" ])) ); @@ -176,10 +194,6 @@ let "zerocallusedregs" ]; - concretizeFlagImplications = - flag: impliesFlags: list: - if elem flag list then (list ++ impliesFlags) else list; - removedOrReplacedAttrNames = [ "checkInputs" "installCheckInputs" @@ -237,6 +251,10 @@ let ./default-builder.sh ]; + doCheckByDefault = config.doCheckByDefault or false; + structuredAttrsByDefault = config.structuredAttrsByDefault or false; + inherit (config) enableParallelBuildingByDefault contentAddressedByDefault; + inherit (stdenv) hostPlatform buildPlatform @@ -400,16 +418,16 @@ let # TODO(@Ericson2314): Make unconditional / resolve #33599 # Check phase - doCheck ? config.doCheckByDefault or false, + doCheck ? doCheckByDefault, # TODO(@Ericson2314): Make unconditional / resolve #33599 # InstallCheck phase - doInstallCheck ? config.doCheckByDefault or false, + doInstallCheck ? doCheckByDefault, # TODO(@Ericson2314): Make always true and remove / resolve #178468 strictDeps ? defaultStrictDeps, - enableParallelBuilding ? config.enableParallelBuildingByDefault, + enableParallelBuilding ? enableParallelBuildingByDefault, separateDebugInfo ? false, outputs ? [ "out" ], @@ -428,11 +446,11 @@ let __contentAddressed ? (!attrs ? outputHash) # Fixed-output drvs can't be content addressed too - && config.contentAddressedByDefault, + && contentAddressedByDefault, # Experimental. For simple packages mostly just works, # but for anything complex, be prepared to debug if enabling. - __structuredAttrs ? config.structuredAttrsByDefault or false, + __structuredAttrs ? structuredAttrsByDefault, ... }@attrs: @@ -463,11 +481,6 @@ let actualValue; outputs' = if separateDebugInfo' then outputs ++ [ "debug" ] else outputs; - # hardeningDisable additionally supports "all". - erroneousHardeningFlags = subtractLists knownHardeningFlags ( - hardeningEnable ++ remove "all" hardeningDisable - ); - checkDependencyList = checkDependencyList' [ ]; checkDependencyList' = positions: name: deps: @@ -494,9 +507,19 @@ let concatMapStrings (ix: "element ${toString ix} of ") ([ index ] ++ positions) }${name} for ${attrs.name or attrs.pname}" ) 1 deps) deps; + + isErroneous = flag: !elem flag knownHardeningFlags; in - if erroneousHardeningFlags != [ ] then + if + # Check if any hardening flag is erroneous + any isErroneous hardeningEnable || any (flag: flag != "all" && isErroneous flag) hardeningDisable + then abort ( + let + erroneousHardeningFlags = subtractLists knownHardeningFlags ( + hardeningEnable ++ remove "all" hardeningDisable + ); + in "mkDerivation was called with unsupported hardening flags: " + toPretty { } { inherit @@ -739,23 +762,21 @@ let else null } = - let - enabledHardeningOptions = - if elem "all" hardeningDisable then - [ ] - else - subtractLists (unique ( - pipe hardeningDisable [ - # disabling fortify implies fortify3 should also be disabled - (concretizeFlagImplications "fortify" [ "fortify3" ]) - # disabling strictflexarrays1 implies strictflexarrays3 should also be disabled - (concretizeFlagImplications "strictflexarrays1" [ "strictflexarrays3" ]) - # disabling libcxxhardeningfast implies libcxxhardeningextensive should also be disabled - (concretizeFlagImplications "libcxxhardeningfast" [ "libcxxhardeningextensive" ]) - ] - )) (defaultHardeningFlags ++ hardeningEnable); - in - concatStringsSep " " enabledHardeningOptions; + concatStringsSep " " ( + if elem "all" hardeningDisable then + [ ] + else + filter ( + flag: + !(elem flag hardeningDisable) + # disabling fortify implies fortify3 should also be disabled + && (flag == "fortify3" -> !elem "fortify" hardeningDisable) + # disabling strictflexarrays1 implies strictflexarrays3 should also be disabled + && (flag == "strictflexarrays3" -> !elem "strictflexarrays1" hardeningDisable) + # disabling libcxxhardeningfast implies libcxxhardeningextensive should also be disabled + && (flag == "libcxxhardeningextensive" -> !elem "libcxxhardeningfast" hardeningDisable) + ) (defaultHardeningFlags ++ hardeningEnable) + ); # TODO: remove platform condition # Enabling this check could be a breaking change as it requires to edit nix.conf @@ -918,7 +939,7 @@ let # Experimental. For simple packages mostly just works, # but for anything complex, be prepared to debug if enabling. - __structuredAttrs ? config.structuredAttrsByDefault or false, + __structuredAttrs ? structuredAttrsByDefault, env ? { }, diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 1861ca498ede..f8f82a93a828 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -40,33 +40,44 @@ in openssh_hpn = common rec { pname = "openssh-with-hpn"; - version = "10.2p1"; + version = "10.3p1"; extraDesc = " with high performance networking patches"; src = fetchurl { url = urlFor version; - hash = "sha256-zMQsBBmTeVkmP6Hb0W2vwYxWuYTANWLSk3zlamD3mLI="; + hash = "sha256-VmgqNruS3PS08Bb9jsjnQFm3mo3iXBXWcNcx59GORfQ="; }; extraPatches = let - url = "https://raw.githubusercontent.com/freebsd/freebsd-ports/7d4f03d56d19a19a15399a03b3ceca8a0f5924b4/security/openssh-portable/files/extra-patch-hpn"; + urlBase = "https://raw.githubusercontent.com/freebsd/freebsd-ports/294be7ad9ef5106b696d830e06b9f322bd79d6f5/security/openssh-portable/files"; + noBlocklistdHpnGluePatch = "${urlBase}/extra-patch-no-blocklistd-hpn-glue"; + hpnPatch = "${urlBase}/extra-patch-hpn"; in [ ./ssh-keysign-8.5.patch + # the blocklistd patch from FreeBSD ports is now required for HPN, + # unless we apply this HPN glue patch + (fetchpatch { + name = "ssh-no-blocklistd-hpn-glue.patch"; + url = noBlocklistdHpnGluePatch; + extraPrefix = ""; + hash = "sha256-+AeJ9fLmmT/P07JZvGaXpNft+2F9PoFsbzr+s9wfdro="; + }) + # HPN Patch from FreeBSD ports (fetchpatch { name = "ssh-hpn-wo-channels.patch"; - inherit url; + url = hpnPatch; stripLen = 1; excludes = [ "channels.c" ]; - hash = "sha256-BGR0Jn1JoD/0q9/TKjygg9C3UWeVf0R2DrH0esMzmpY="; + hash = "sha256-dEYCSBcUXbSBzoMV/6QwLl5tj0c0/DPTtArchfRRQvM="; }) (fetchpatch { name = "ssh-hpn-channels.patch"; - inherit url; + url = hpnPatch; extraPrefix = ""; includes = [ "channels.c" ]; hash = "sha256-pDLUbjv5XIyByEbiRAXC3WMUPKmn15af1stVmcvr7fE="; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 4e65749da218..73ea6e0ad256 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -13292,6 +13292,8 @@ self: super: with self; { py-aosmith = callPackage ../development/python-modules/py-aosmith { }; + py-arwen = callPackage ../development/python-modules/py-arwen { }; + py-bip39-bindings = callPackage ../development/python-modules/py-bip39-bindings { }; py-canary = callPackage ../development/python-modules/py-canary { }; |