gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge staging-next into staging

Browse Source
This commit is contained in:
nixpkgs-ci[bot]
2025-03-22 06:05:08 +00:00
committed by GitHub
parent c060400edc ba561f878e
commit 56654a8868
30 changed files with 445 additions and 439 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
nixos/modules/services/networking/clatd.nix
View File

@@ -75,6 +75,7 @@ in
"AF_INET"
"AF_INET6"
"AF_NETLINK"
"AF_UNIX"
];
RestrictNamespaces = true;
RestrictRealtime = true;

2
nixos/tests/all-tests.nix
View File

@@ -264,7 +264,7 @@ in {
cinnamon = handleTest ./cinnamon.nix {};
cinnamon-wayland = handleTest ./cinnamon-wayland.nix {};
cjdns = handleTest ./cjdns.nix {};
clatd = handleTest ./clatd.nix {};
clatd = runTest ./clatd.nix;
clickhouse = handleTest ./clickhouse.nix {};
cloud-init = handleTest ./cloud-init.nix {};
cloud-init-hostname = handleTest ./cloud-init-hostname.nix {};

350
nixos/tests/clatd.nix
View File

@@ -26,160 +26,160 @@
# | Route: 192.0.2.0/24 via 100.64.0.1
# +------
import ./make-test-python.nix (
{ pkgs, lib, ... }:
{ lib, ... }:
{
name = "clatd";
meta = with pkgs.lib.maintainers; {
maintainers = [
hax404
jmbaur
{
name = "clatd";
meta.maintainers = with lib.maintainers; [
hax404
jmbaur
];
nodes = {
# The server is configured with static IPv4 addresses. RFC 6052 Section 3.1
# disallows the mapping of non-global IPv4 addresses like RFC 1918 into the
# Well-Known Prefix 64:ff9b::/96. TAYGA also does not allow the mapping of
# documentation space (RFC 5737). To circumvent this, 100.64.0.2/24 from
# RFC 6589 (Carrier Grade NAT) is used here.
# To reach the IPv4 address pool of the NAT64 gateway, there is a static
# route configured. In normal cases, where the router would also source NAT
# the pool addresses to one IPv4 addresses, this would not be needed.
server = {
virtualisation.vlans = [
2 # towards router
];
networking = {
useDHCP = false;
interfaces.eth1 = lib.mkForce { };
};
systemd.network = {
enable = true;
networks."vlan1" = {
matchConfig.Name = "eth1";
address = [
"100.64.0.2/24"
];
routes = [
{
Destination = "192.0.2.0/24";
Gateway = "100.64.0.1";
}
];
};
};
};
nodes = {
# The server is configured with static IPv4 addresses. RFC 6052 Section 3.1
# disallows the mapping of non-global IPv4 addresses like RFC 1918 into the
# Well-Known Prefix 64:ff9b::/96. TAYGA also does not allow the mapping of
# documentation space (RFC 5737). To circumvent this, 100.64.0.2/24 from
# RFC 6589 (Carrier Grade NAT) is used here.
# To reach the IPv4 address pool of the NAT64 gateway, there is a static
# route configured. In normal cases, where the router would also source NAT
# the pool addresses to one IPv4 addresses, this would not be needed.
server = {
virtualisation.vlans = [
2 # towards router
];
networking = {
useDHCP = false;
interfaces.eth1 = lib.mkForce { };
};
systemd.network = {
enable = true;
networks."vlan1" = {
matchConfig.Name = "eth1";
address = [
"100.64.0.2/24"
];
routes = [
# The router is configured with static IPv4 addresses towards the server
# and IPv6 addresses towards the client. DNS64 is exposed towards the
# client so clatd is able to auto-discover the PLAT prefix. For NAT64, the
# Well-Known prefix 64:ff9b::/96 is used. NAT64 is done with TAYGA which
# provides the tun-interface nat64 and does the translation over it. The
# IPv6 packets are sent to this interfaces and received as IPv4 packets and
# vice versa. As TAYGA only translates IPv6 addresses to dedicated IPv4
# addresses, it needs a pool of IPv4 addresses which must be at least as
# big as the expected amount of clients. In this test, the packets from the
# pool are directly routed towards the client. In normal cases, there would
# be a second source NAT44 to map all clients behind one IPv4 address.
router = {
boot.kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
virtualisation.vlans = [
2 # towards server
3 # towards client
];
networking = {
useDHCP = false;
useNetworkd = true;
firewall.enable = false;
interfaces.eth1 = lib.mkForce {
ipv4 = {
addresses = [
{
Destination = "192.0.2.0/24";
Gateway = "100.64.0.1";
address = "100.64.0.1";
prefixLength = 24;
}
];
};
};
interfaces.eth2 = lib.mkForce {
ipv6 = {
addresses = [
{
address = "2001:db8::1";
prefixLength = 64;
}
];
};
};
};
# The router is configured with static IPv4 addresses towards the server
# and IPv6 addresses towards the client. DNS64 is exposed towards the
# client so clatd is able to auto-discover the PLAT prefix. For NAT64, the
# Well-Known prefix 64:ff9b::/96 is used. NAT64 is done with TAYGA which
# provides the tun-interface nat64 and does the translation over it. The
# IPv6 packets are sent to this interfaces and received as IPv4 packets and
# vice versa. As TAYGA only translates IPv6 addresses to dedicated IPv4
# addresses, it needs a pool of IPv4 addresses which must be at least as
# big as the expected amount of clients. In this test, the packets from the
# pool are directly routed towards the client. In normal cases, there would
# be a second source NAT44 to map all clients behind one IPv4 address.
router = {
boot.kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
virtualisation.vlans = [
2 # towards server
3 # towards client
];
networking = {
useDHCP = false;
useNetworkd = true;
firewall.enable = false;
interfaces.eth1 = lib.mkForce {
ipv4 = {
addresses = [
{
address = "100.64.0.1";
prefixLength = 24;
}
];
};
};
interfaces.eth2 = lib.mkForce {
ipv6 = {
addresses = [
{
address = "2001:db8::1";
prefixLength = 64;
}
];
};
};
};
systemd.network.networks."40-eth2" = {
networkConfig.IPv6SendRA = true;
ipv6Prefixes = [ { Prefix = "2001:db8::/64"; } ];
ipv6PREF64Prefixes = [ { Prefix = "64:ff9b::/96"; } ];
ipv6SendRAConfig = {
EmitDNS = true;
DNS = "_link_local";
};
};
services.resolved.extraConfig = ''
DNSStubListener=no
'';
networking.extraHosts = ''
192.0.0.171 ipv4only.arpa
192.0.0.170 ipv4only.arpa
'';
services.coredns = {
enable = true;
config = ''
.:53 {
bind ::
hosts /etc/hosts
dns64 64:ff9b::/96
}
'';
};
services.tayga = {
enable = true;
ipv4 = {
address = "192.0.2.0";
router = {
address = "192.0.2.1";
};
pool = {
address = "192.0.2.0";
prefixLength = 24;
};
};
ipv6 = {
address = "2001:db8::1";
router = {
address = "64:ff9b::1";
};
pool = {
address = "64:ff9b::";
prefixLength = 96;
};
};
systemd.network.networks."40-eth2" = {
networkConfig.IPv6SendRA = true;
ipv6Prefixes = [ { Prefix = "2001:db8::/64"; } ];
ipv6PREF64Prefixes = [ { Prefix = "64:ff9b::/96"; } ];
ipv6SendRAConfig = {
EmitDNS = true;
DNS = "_link_local";
};
};
# The client uses SLAAC to assign IPv6 addresses. To reach the IPv4-only
# server, the client starts the clat daemon which starts and configures the
# local IPv4 -> IPv6 translation via Tayga after discovering the PLAT
# prefix via DNS64.
client = {
services.resolved.extraConfig = ''
DNSStubListener=no
'';
networking.extraHosts = ''
192.0.0.171 ipv4only.arpa
192.0.0.170 ipv4only.arpa
'';
services.coredns = {
enable = true;
config = ''
.:53 {
bind ::
hosts /etc/hosts
dns64 64:ff9b::/96
}
'';
};
services.tayga = {
enable = true;
ipv4 = {
address = "192.0.2.0";
router = {
address = "192.0.2.1";
};
pool = {
address = "192.0.2.0";
prefixLength = 24;
};
};
ipv6 = {
address = "2001:db8::1";
router = {
address = "64:ff9b::1";
};
pool = {
address = "64:ff9b::";
prefixLength = 96;
};
};
};
};
# The client uses SLAAC to assign IPv6 addresses. To reach the IPv4-only
# server, the client starts the clat daemon which starts and configures the
# local IPv4 -> IPv6 translation via Tayga after discovering the PLAT
# prefix via DNS64.
client =
{ pkgs, ... }:
{
virtualisation.vlans = [
3 # towards router
];
@@ -193,62 +193,44 @@ import ./make-test-python.nix (
enable = true;
networks."vlan1" = {
matchConfig.Name = "eth1";
# NOTE: clatd does not actually use the PREF64 prefix discovered by
# systemd-networkd (nor does systemd-networkd do anything with it,
# yet), but we set this to confirm it works. See the test script
# below.
ipv6AcceptRAConfig.UsePREF64 = true;
};
};
services.clatd = {
enable = true;
# NOTE: Perl's Net::DNS resolver does not seem to work well querying
# for AAAA records to systemd-resolved's default IPv4 bind address
# (127.0.0.53), so we add an IPv6 listener address to systemd-resolved
# and tell clatd to use that instead.
settings.dns64-servers = "::1";
};
# Allow clatd to find dns server. See comment above.
services.resolved.extraConfig = ''
DNSStubListenerExtra=::1
'';
services.clatd.enable = true;
environment.systemPackages = [ pkgs.mtr ];
};
};
};
testScript = ''
import json
testScript = ''
import json
start_all()
start_all()
# wait for all machines to start up
for machine in client, router, server:
machine.wait_for_unit("network-online.target")
# wait for all machines to start up
for machine in client, router, server:
machine.wait_for_unit("network.target")
with subtest("Wait for tayga and clatd"):
router.wait_for_unit("tayga.service")
client.wait_for_unit("clatd.service")
# clatd checks if this system has IPv4 connectivity for 10 seconds
client.wait_until_succeeds(
'journalctl -u clatd -e | grep -q "Starting up TAYGA, using config file"'
)
with subtest("Wait for tayga and clatd"):
router.wait_for_unit("tayga.service")
client.wait_for_unit("clatd.service")
# clatd checks if this system has IPv4 connectivity for 10 seconds
client.wait_until_succeeds(
'journalctl -u clatd -e | grep -q "Starting up TAYGA, using config file"'
)
with subtest("networkd exports PREF64 prefix"):
assert json.loads(client.succeed("networkctl status eth1 --json=short"))[
"NDisc"
]["PREF64"][0]["Prefix"] == [0x0, 0x64, 0xFF, 0x9B] + ([0] * 12)
with subtest("networkd exports PREF64 prefix"):
assert json.loads(client.succeed("networkctl status eth1 --json=short"))[
"NDisc"
]["PREF64"][0]["Prefix"] == [0x0, 0x64, 0xFF, 0x9B] + ([0] * 12)
with subtest("Test ICMP"):
client.wait_until_succeeds("ping -c 3 100.64.0.2 >&2")
with subtest("Test ICMP"):
client.wait_until_succeeds("ping -c3 100.64.0.2 >&2")
with subtest("Test ICMP and show a traceroute"):
client.wait_until_succeeds("mtr --show-ips --report-wide 100.64.0.2 >&2")
with subtest("Test ICMP and show a traceroute"):
client.wait_until_succeeds("mtr --show-ips --report-wide 100.64.0.2 >&2")
client.log(client.execute("systemd-analyze security clatd.service")[1])
'';
}
)
client.log(client.execute("systemd-analyze security clatd.service")[1])
'';
}

9
pkgs/applications/audio/jamesdsp/default.nix
View File

@@ -1,6 +1,7 @@
{
copyDesktopItems,
fetchFromGitHub,
fetchpatch,
glibmm,
gst_all_1,
lib,
@@ -42,6 +43,14 @@ stdenv.mkDerivation (finalAttrs: {
wrapQtAppsHook
];
patches = [
(fetchpatch {
url = "https://github.com/Audio4Linux/JDSP4Linux/pull/241.patch";
hash = "sha256-RtVKlw2ca8An4FodeD0RN95z9yHDHBgAxsEwLAmW7co=";
name = "fix-build-with-new-pipewire.patch";
})
];
buildInputs =
[
glibmm

6
pkgs/by-name/bu/buildpack/package.nix
View File

@@ -7,7 +7,7 @@
let
pname = "pack";
version = "0.36.4";
version = "0.37.0";
in
buildGoModule {
inherit pname version;
@@ -16,10 +16,10 @@ buildGoModule {
owner = "buildpacks";
repo = pname;
rev = "refs/tags/v${version}";
hash = "sha256-6cWmBNlmPnNszmv6zaHlyd8GqncMtttKOMfQxxJGJ18=";
hash = "sha256-QCN0UvWa5u9XX5LvY3yD8Xz2s1XzZUg/WXnAfWwZnY0=";
};
vendorHash = "sha256-9fO/jwTpVvCdHIy1GrE2YZr7jN7Oyw64EbS2w08VOVI=";
vendorHash = "sha256-W8FTk2eJYaTE9gCRwrT+mDhda/ZZeCytqQ9vvVZZHSQ=";
nativeBuildInputs = [ installShellFiles ];

20
pkgs/by-name/ca/cascadia-code/package.nix
View File

@@ -2,14 +2,15 @@
lib,
stdenvNoCC,
fetchzip,
useVariableFont ? false,
}:
stdenvNoCC.mkDerivation rec {
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "cascadia-code";
version = "2407.24";
src = fetchzip {
url = "https://github.com/microsoft/cascadia-code/releases/download/v${version}/CascadiaCode-${version}.zip";
url = "https://github.com/microsoft/cascadia-code/releases/download/v${finalAttrs.version}/CascadiaCode-${finalAttrs.version}.zip";
stripRoot = false;
hash = "sha256-bCQzGCvjSQ1TXFVC3w9VPXNtjM4h7lRvljVjX/w1TJ4=";
};
@@ -17,8 +18,17 @@ stdenvNoCC.mkDerivation rec {
installPhase = ''
runHook preInstall
install -Dm644 otf/static/*.otf -t $out/share/fonts/opentype
install -Dm644 ttf/static/*.ttf -t $out/share/fonts/truetype
${
if useVariableFont then
''
install -Dm644 ttf/*.ttf -t $out/share/fonts/truetype
''
else
''
install -Dm644 otf/static/*.otf -t $out/share/fonts/opentype
install -Dm644 ttf/static/*.ttf -t $out/share/fonts/truetype
''
}
runHook postInstall
'';
@@ -31,4 +41,4 @@ stdenvNoCC.mkDerivation rec {
maintainers = with maintainers; [ ryanccn ];
platforms = platforms.all;
};
}
})

22
pkgs/by-name/cl/clatd/package.nix
View File

@@ -7,19 +7,21 @@
perlPackages,
tayga,
iproute2,
iptables,
nftables,
systemd,
nixosTests,
}:
stdenv.mkDerivation rec {
assert (lib.assertMsg systemd.withNetworkd "systemd for clatd must be built with networkd support");
stdenv.mkDerivation (finalAttrs: {
pname = "clatd";
version = "1.6";
version = "2.1.0";
src = fetchFromGitHub {
owner = "toreanderson";
repo = "clatd";
rev = "v${version}";
hash = "sha256-ZUGWQTXXgATy539NQxkZSvQA7HIWkIPsw1NJrz0xKEg=";
rev = "v${finalAttrs.version}";
hash = "sha256-hNFuS6pdaA/FTIUeuwjGovlHcPh248Au1VXCzMuYwLU=";
};
strictDeps = true;
@@ -33,6 +35,7 @@ stdenv.mkDerivation rec {
perl
NetIP
NetDNS
JSON
];
makeFlags = [ "PREFIX=$(out)" ];
@@ -47,9 +50,10 @@ stdenv.mkDerivation rec {
--set PERL5LIB $PERL5LIB \
--prefix PATH : ${
lib.makeBinPath [
tayga
iproute2
iptables
tayga # tayga
iproute2 # ip
nftables # nft
systemd # networkctl
]
}
'';
@@ -64,4 +68,4 @@ stdenv.mkDerivation rec {
mainProgram = "clatd";
platforms = platforms.linux;
};
}
})

10
pkgs/by-name/gl/glab/package.nix
View File

@@ -1,24 +1,24 @@
{
lib,
buildGo123Module,
buildGoModule,
fetchFromGitLab,
installShellFiles,
stdenv,
nix-update-script,
}:
buildGo123Module rec {
buildGoModule rec {
pname = "glab";
version = "1.53.0";
version = "1.54.0";
src = fetchFromGitLab {
owner = "gitlab-org";
repo = "cli";
rev = "v${version}";
hash = "sha256-QbXc249DKRrLdDwH3R7ZWXh2izLe97jc/WcjC8z1mv8=";
hash = "sha256-CtzTZ4PryY2zDCvoAp/cf0E0jpFPGH7SzFDaCwf48gg=";
};
vendorHash = "sha256-wwWKxdAIlZw5s/kp08mZf8x10ujht9xbSoYWlGT4sPk=";
vendorHash = "sha256-r9HRDKf4EOjAeHo9rT69+nAf8zGZFWtXVo9nHuBOgaQ=";
ldflags = [
"-s"

6
pkgs/by-name/go/gotosocial/package.nix
View File

@@ -9,11 +9,11 @@ let
owner = "superseriousbusiness";
repo = "gotosocial";
version = "0.18.2";
version = "0.18.3";
web-assets = fetchurl {
url = "https://github.com/${owner}/${repo}/releases/download/v${version}/${repo}_${version}_web-assets.tar.gz";
hash = "sha256-36UwUhf3FZ+/DMI0L/g88prbEwyj2ApoRdMK8f57KCU=";
hash = "sha256-60aSiWHHHDxZggreqTVHip2Ld/PyN9T4k+NGjX/ONQc=";
};
in
buildGoModule rec {
@@ -23,7 +23,7 @@ buildGoModule rec {
src = fetchFromGitHub {
inherit owner repo;
tag = "v${version}";
hash = "sha256-GHUHtTE8KQtm+sWr5K+WmOr3KY7gA9hDINIBTioXNlw=";
hash = "sha256-fn3QrfTrKYWABRMF3imyoeVEpARl13fcq6Fu2GwsrcE=";
};
vendorHash = null;

6
pkgs/by-name/ha/harper/package.nix
View File

@@ -7,18 +7,18 @@
rustPlatform.buildRustPackage rec {
pname = "harper";
version = "0.25.1";
version = "0.26.0";
src = fetchFromGitHub {
owner = "Automattic";
repo = "harper";
rev = "v${version}";
hash = "sha256-nH1DyWGJMYiisdS4YRw+kUIJLX4twB9ZJ7OWH+QLlIA=";
hash = "sha256-lPxmcBQxiCGLeF0TZ8wui/MmGWE/IgqwGI44zMs2+V8=";
};
buildAndTestSubdir = "harper-ls";
useFetchCargoVendor = true;
cargoHash = "sha256-C5+5cxsnyM6cZ724C2czuoCfmIE0nQJXCwYCjfW7sgE=";
cargoHash = "sha256-F0WMeUhXVgLkCIaGR5s5zcPWGySoCQXcdVXLmRbs4Ac=";
passthru.updateScript = nix-update-script { };

6
pkgs/by-name/in/inputplumber/package.nix
View File

@@ -10,17 +10,17 @@
rustPlatform.buildRustPackage rec {
pname = "inputplumber";
version = "0.49.2";
version = "0.49.6";
src = fetchFromGitHub {
owner = "ShadowBlip";
repo = "InputPlumber";
tag = "v${version}";
hash = "sha256-vWqmcVF/gi0ubIF/NDnz0op1ss0t7A7O8NrOzszx7Gw=";
hash = "sha256-iLr7n+llvvIwS4JJMwZou4pDbT+sYOy6+un+g1YXrP4=";
};
useFetchCargoVendor = true;
cargoHash = "sha256-5yG8iUW5BVHI2QcOl+9dN1c1b/wmrFCO4mDs4ZflhUM=";
cargoHash = "sha256-v0aMbaKoPL3wqcFHVcrGUGlvR5m3XhMTXD1k0YBz6OI=";
nativeBuildInputs = [
pkg-config

99
pkgs/by-name/jb/jbigkit/package.nix
View File

@@ -14,37 +14,40 @@ stdenv.mkDerivation (finalAttrs: {
hash = "sha256-3nEGtr+vSV1oZcfdesbKE4G9EuDYFAXqgefyFnJj2TI=";
};
patches = [
# Archlinux patch: build shared object
(fetchpatch {
url = "https://gitlab.archlinux.org/archlinux/packaging/packages/jbigkit/-/raw/main/jbigkit-2.1-shared_lib.patch";
hash = "sha256-+efeeKg3FJ/TjSOj58kD+DwnaCm3zhGzKLfUes/d5rg=";
})
(fetchpatch {
url = "https://gitlab.archlinux.org/archlinux/packaging/packages/jbigkit/-/raw/main/jbigkit-2.1-ldflags.patch";
hash = "sha256-ik3NifyuhDHnIMTrNLAKInPgu2F5u6Gvk9daqrn8ZhY=";
})
# Archlinux patch: update coverity
(fetchpatch {
url = "https://gitlab.archlinux.org/archlinux/packaging/packages/jbigkit/-/raw/main/jbigkit-2.1-coverity.patch";
hash = "sha256-APm9A2f4sMufuY3cnL9HOcSCa9ov3pyzgQTTKLd49/E=";
})
# Archlinux patch: fix build warnings
(fetchpatch {
url = "https://gitlab.archlinux.org/archlinux/packaging/packages/jbigkit/-/raw/main/jbigkit-2.1-build_warnings.patch";
hash = "sha256-lDEJ1bvZ+zR7K4CiTq+aXJ8PGjILE3W13kznLLlGOOg=";
})
# Archlinux patch: this helps users to reduce denial-of-service risks, as in CVE-2017-9937
(fetchpatch {
url = "https://gitlab.archlinux.org/archlinux/packaging/packages/jbigkit/-/raw/main/0013-new-jbig.c-limit-s-maxmem-maximum-decoded-image-size.patch";
hash = "sha256-Yq5qCTF7KZTrm4oeWbpctb+QLt3shJUGEReZvd0ey9k=";
})
# Archlinux patch: fix heap overflow
(fetchpatch {
url = "https://gitlab.archlinux.org/archlinux/packaging/packages/jbigkit/-/raw/main/0015-jbg_newlen-check-for-end-of-file-within-MARKER_NEWLE.patch";
hash = "sha256-F3qA/btR9D9NfzrNY76X4Z6vG6NrisI36SjCDjS+F5s=";
})
];
patches =
[
# Archlinux patch: this helps users to reduce denial-of-service risks, as in CVE-2017-9937
(fetchpatch {
url = "https://gitlab.archlinux.org/archlinux/packaging/packages/jbigkit/-/raw/main/0013-new-jbig.c-limit-s-maxmem-maximum-decoded-image-size.patch";
hash = "sha256-Yq5qCTF7KZTrm4oeWbpctb+QLt3shJUGEReZvd0ey9k=";
})
# Archlinux patch: fix heap overflow
(fetchpatch {
url = "https://gitlab.archlinux.org/archlinux/packaging/packages/jbigkit/-/raw/main/0015-jbg_newlen-check-for-end-of-file-within-MARKER_NEWLE.patch";
hash = "sha256-F3qA/btR9D9NfzrNY76X4Z6vG6NrisI36SjCDjS+F5s=";
})
]
++ lib.optionals stdenv.hostPlatform.isLinux [
# Archlinux patch: build shared object
(fetchpatch {
url = "https://gitlab.archlinux.org/archlinux/packaging/packages/jbigkit/-/raw/main/jbigkit-2.1-shared_lib.patch";
hash = "sha256-+efeeKg3FJ/TjSOj58kD+DwnaCm3zhGzKLfUes/d5rg=";
})
(fetchpatch {
url = "https://gitlab.archlinux.org/archlinux/packaging/packages/jbigkit/-/raw/main/jbigkit-2.1-ldflags.patch";
hash = "sha256-ik3NifyuhDHnIMTrNLAKInPgu2F5u6Gvk9daqrn8ZhY=";
})
# Archlinux patch: update coverity
(fetchpatch {
url = "https://gitlab.archlinux.org/archlinux/packaging/packages/jbigkit/-/raw/main/jbigkit-2.1-coverity.patch";
hash = "sha256-APm9A2f4sMufuY3cnL9HOcSCa9ov3pyzgQTTKLd49/E=";
})
# Archlinux patch: fix build warnings
(fetchpatch {
url = "https://gitlab.archlinux.org/archlinux/packaging/packages/jbigkit/-/raw/main/jbigkit-2.1-build_warnings.patch";
hash = "sha256-lDEJ1bvZ+zR7K4CiTq+aXJ8PGjILE3W13kznLLlGOOg=";
})
];
makeFlags = [
"AR=${lib.getBin stdenv.cc.bintools.bintools}/bin/${stdenv.cc.targetPrefix}ar"
@@ -61,26 +64,32 @@ stdenv.mkDerivation (finalAttrs: {
done
'';
installPhase = ''
runHook preInstall
installPhase =
''
runHook preInstall
install -vDm 644 libjbig/*.h -t "$out/include/"
install -vDm 755 pbmtools/{jbgtopbm{,85},pbmtojbg{,85}} -t "$out/bin/"
install -vDm 644 pbmtools/*.1* -t "$out/share/man/man1/"
install -vDm 644 libjbig/*.h -t "$out/include/"
install -vDm 755 pbmtools/{jbgtopbm{,85},pbmtojbg{,85}} -t "$out/bin/"
install -vDm 644 pbmtools/*.1* -t "$out/share/man/man1/"
''
+ lib.optionalString stdenv.hostPlatform.isDarwin ''
install -vDm 644 libjbig/libjbig*.a -t "$out/lib/"
''
+ lib.optionalString stdenv.hostPlatform.isLinux ''
install -vDm 755 libjbig/*.so.* -t "$out/lib/"
install -vDm 755 libjbig/*.so.* -t "$out/lib/"
for lib in libjbig.so libjbig85.so; do
ln -sv "$lib.${finalAttrs.version}" "$out/lib/$lib"
ln -sv "$out/lib/$lib.${finalAttrs.version}" "$out/lib/$lib.0"
done
runHook postInstall
'';
for lib in libjbig.so libjbig85.so; do
ln -sv "$lib.${finalAttrs.version}" "$out/lib/$lib"
ln -sv "$out/lib/$lib.${finalAttrs.version}" "$out/lib/$lib.0"
done
''
+ ''
runHook postInstall
'';
doCheck = true;
meta = {
broken = stdenv.hostPlatform.isDarwin;
description = "Software implementation of the JBIG1 data compression standard";
homepage = "http://www.cl.cam.ac.uk/~mgk25/jbigkit/";
license = lib.licenses.gpl2Plus;

6
pkgs/by-name/ko/komac/package.nix
View File

@@ -17,17 +17,17 @@
}:
rustPlatform.buildRustPackage (finalAttrs: {
pname = "komac";
version = "2.11.0";
version = "2.11.1";
src = fetchFromGitHub {
owner = "russellbanks";
repo = "Komac";
tag = "v${finalAttrs.version}";
hash = "sha256-iohqtbzebX/1hkAwEe6UT6cw0BOQF5Ec5MS5ycrHoNU=";
hash = "sha256-X0lvr8GafJIP8kwnLTk3taq3WZAx50/jUt3zJIELJnc=";
};
useFetchCargoVendor = true;
cargoHash = "sha256-LvYweWuMytBcke1lKNmIPeFFfjEqzR07vO2MQQ37ASY=";
cargoHash = "sha256-utsLfvFGTBuD1Tywu9TfnPGDhvSWZSokvwW22USWWls=";
nativeBuildInputs =
[

91
pkgs/by-name/le/legcord/package.nix
View File

@@ -2,48 +2,70 @@
lib,
stdenv,
fetchFromGitHub,
pnpm_9,
pnpm,
nodejs,
electron_34,
electron,
makeWrapper,
copyDesktopItems,
makeDesktopItem,
autoPatchelfHook,
pipewire,
libpulseaudio,
nix-update-script,
}:
stdenv.mkDerivation rec {
stdenv.mkDerivation (finalAttrs: {
pname = "legcord";
version = "1.1.0";
version = "1.1.1";
src = fetchFromGitHub {
owner = "Legcord";
repo = "Legcord";
rev = "v${version}";
hash = "sha256-IfRjblC3L6A7HgeEDeDrRxtIMvWQB3P7mpq5bhaHWqk=";
tag = "v${finalAttrs.version}";
hash = "sha256-0RbLvRCvy58HlOhHLcAoErRFgYxjWrKFQ6DPJD50c5Q=";
};
nativeBuildInputs = [
pnpm_9.configHook
pnpm.configHook
nodejs
# we use a script wrapper here for environment variable expansion at runtime
# https://github.com/NixOS/nixpkgs/issues/172583
makeWrapper
copyDesktopItems
# legcord uses venmic, which is a shipped as a prebuilt node module
# and needs to be patched
autoPatchelfHook
];
pnpmDeps = pnpm_9.fetchDeps {
inherit pname version src;
hash = "sha256-LbHYY97HsNF9cBQzAfFw+A/tLf27y3he9Bbw9H3RKK4=";
};
buildInputs = [
libpulseaudio
pipewire
(lib.getLib stdenv.cc.cc)
];
ELECTRON_SKIP_BINARY_DOWNLOAD = "1";
pnpmDeps = pnpm.fetchDeps {
inherit (finalAttrs) pname version src;
hash = "sha256-zAf3EGIt/BWSZ9BMHWWVPWo3m+whnl/p+SahmpdLoZ4=";
};
buildPhase = ''
runHook preBuild
pnpm build
npm exec electron-builder -- \
# Replicating the build step to copy venmic from the vendored node module manually,
# since the install script does not do this for whatever reason
cp ./node_modules/@vencord/venmic/prebuilds/venmic-addon-linux-x64/node-napi-v7.node ./dist/venmic-x64.node
cp ./node_modules/@vencord/venmic/prebuilds/venmic-addon-linux-arm64/node-napi-v7.node ./dist/venmic-arm64.node
# Patch venmic before putting it into the ASAR archive
autoPatchelf ./dist
pnpm exec electron-builder \
--dir \
-c.electronDist="${electron_34.dist}" \
-c.electronVersion="${electron_34.version}"
-c.asarUnpack="**/*.node" \
-c.electronDist="${electron.dist}" \
-c.electronVersion="${electron.version}"
runHook postBuild
'';
@@ -56,39 +78,60 @@ stdenv.mkDerivation rec {
install -Dm644 "build/icon.png" "$out/share/icons/hicolor/256x256/apps/legcord.png"
makeShellWrapper "${lib.getExe electron_34}" "$out/bin/legcord" \
# use makeShellWrapper (instead of the makeBinaryWrapper provided by wrapGAppsHook3) for proper shell variable expansion
# see https://github.com/NixOS/nixpkgs/issues/172583
makeShellWrapper "${lib.getExe electron}" "$out/bin/legcord" \
--add-flags "$out/share/lib/legcord/resources/app.asar" \
"''${gappsWrapperArgs[@]}" \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime=true}}" \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=UseOzonePlatform,WaylandWindowDecorations,WebRTCPipeWireCapturer --enable-wayland-ime=true}}" \
--set-default ELECTRON_IS_DEV 0 \
--inherit-argv0
runHook postInstall
'';
env = {
ELECTRON_SKIP_BINARY_DOWNLOAD = 1;
};
desktopItems = [
(makeDesktopItem {
name = "legcord";
genericName = "Internet Messenger";
desktopName = "Legcord";
exec = "legcord %U";
icon = "legcord";
comment = meta.description;
categories = [ "Network" ];
comment = finalAttrs.meta.description;
keywords = [
"discord"
"vencord"
"electron"
"chat"
];
categories = [
"Network"
"InstantMessaging"
"Chat"
];
startupWMClass = "Legcord";
terminal = false;
})
];
passthru.updateScript = nix-update-script { };
passthru = {
inherit (finalAttrs) pnpmDeps;
updateScript = nix-update-script { };
};
meta = with lib; {
meta = {
description = "Lightweight, alternative desktop client for Discord";
homepage = "https://legcord.app";
downloadPage = "https://github.com/Legcord/Legcord";
license = licenses.osl3;
maintainers = with maintainers; [
license = lib.licenses.osl3;
maintainers = with lib.maintainers; [
wrmilling
water-sucks
nyabinary
];
platforms = [
"x86_64-linux"
@@ -96,4 +139,4 @@ stdenv.mkDerivation rec {
];
mainProgram = "legcord";
};
}
})

4
pkgs/by-name/nz/nzbget/package.nix
View File

@@ -27,13 +27,13 @@ let
in
stdenv.mkDerivation (finalAttrs: {
pname = "nzbget";
version = "24.7";
version = "24.8";
src = fetchFromGitHub {
owner = "nzbgetcom";
repo = "nzbget";
rev = "v${finalAttrs.version}";
hash = "sha256-t/zVSCiSL+/8qnmLwKqmL7IL84CAtZRfZneoC0mvnJM=";
hash = "sha256-jsCjiZQ5Li+PKAfeMliAe341f8kn7QgUjUKciP5CdKE=";
};
patches = [

42
pkgs/by-name/pr/prefect/make_ui_files_writeable_on_startup.patch
View File

@@ -1,42 +0,0 @@
From a97d5f501ff3125d96e6c64dfa498ca1a598a4bd Mon Sep 17 00:00:00 2001
From: happysalada <raphael@megzari.com>
Date: Sun, 2 Mar 2025 08:30:36 -0500
Subject: [PATCH] feat: ensure ui files are writeable On startup prefect copies
over files from the ui into the ui directory. If for any reason the ui files
were not writeable, the whole setup will fail. This PR ensures that the
copied files are writeable. To give a bit more context, I am currently
packaging Prefect for nixos. Nix having a little bit of a strict build
system, makes sure that the built package has only read-only files. this is
to ensure the build is deterministic. I understand that this might appear as
a detail related to nix build system only. I can patch the source when
building the nix package, but I thought I would try to contribute the patch.
No hard feelings if you are not interested in this patch. Thank you for
developping prefect!
fix formatting
---
src/prefect/server/api/server.py | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/prefect/server/api/server.py b/src/prefect/server/api/server.py
index e5b64d527..ac64616ef 100644
--- a/src/prefect/server/api/server.py
+++ b/src/prefect/server/api/server.py
@@ -250,8 +250,14 @@ def copy_directory(directory: str, path: str) -> None:
if os.path.exists(destination):
shutil.rmtree(destination)
shutil.copytree(source, destination, symlinks=True)
+ # ensure copied files are writeable
+ for root, dirs, files in os.walk(destination):
+ for f in files:
+ os.chmod(os.path.join(root, f), 0o600)
else:
shutil.copy2(source, destination)
+ # Ensure copied file is writeable
+ os.chmod(destination, 0o600)
async def custom_internal_exception_handler(
--
2.48.1

125
pkgs/by-name/pr/prefect/package.nix
View File

@@ -7,7 +7,7 @@
python3Packages.buildPythonApplication rec {
pname = "prefect";
version = "3.2.7";
version = "3.2.13";
pyproject = true;
# Trying to install from source is challenging
@@ -16,13 +16,9 @@ python3Packages.buildPythonApplication rec {
# Source will be missing sdist, uv.lock, ui artefacts ...
src = fetchPypi {
inherit pname version;
hash = "sha256-4kwGrKvDihBi6Gcvcf6ophNI6GGd+M4qR0nnu/AUK1Q=";
hash = "sha256-NJL3KTvSIzUX1JMa/Lfpx2UzsAgqjU/mbndnkG2evTA=";
};
patches = [
./make_ui_files_writeable_on_startup.patch
];
pythonRelaxDeps = [
"websockets"
];
@@ -32,61 +28,68 @@ python3Packages.buildPythonApplication rec {
versioningit
];
dependencies = with python3Packages; [
aiosqlite
alembic
anyio
apprise
asgi-lifespan
asyncpg
cachetools
click
cloudpickle
coolname
cryptography
dateparser
docker
exceptiongroup
fastapi
fsspec
graphviz
griffe
httpcore
httpx
humanize
importlib-metadata
jinja2
jinja2-humanize-extension
jsonpatch
jsonschema
opentelemetry-api
orjson
packaging
pathspec
pendulum
prometheus-client
pydantic
pydantic-core
pydantic-extra-types
pydantic-settings
python-dateutil
python-slugify
python-socks
pytz
pyyaml
readchar
rfc3339-validator
rich
ruamel-yaml
sniffio
sqlalchemy
toml
typer
typing-extensions
ujson
uvicorn
websockets
];
dependencies =
with python3Packages;
[
aiosqlite
alembic
apprise
asyncpg
click
cryptography
dateparser
docker
graphviz
jinja2
jinja2-humanize-extension
humanize
pytz
readchar
sqlalchemy
typer
# client dependencies
anyio
asgi-lifespan
cachetools
cloudpickle
coolname
exceptiongroup
fastapi
fsspec
# graphviz already included
griffe
httpcore
httpx
jsonpatch
jsonschema
opentelemetry-api
orjson
packaging
pathspec
pendulum
prometheus-client
pydantic
pydantic-core
pydantic-extra-types
pydantic-settings
python-dateutil
python-slugify
python-socks
pyyaml
rfc3339-validator
rich
ruamel-yaml
sniffio
toml
typing-extensions
ujson
uvicorn
websockets
uv
]
++ sqlalchemy.optional-dependencies.asyncio
++ httpx.optional-dependencies.http2
++ python-socks.optional-dependencies.asyncio;
optional-dependencies = with python3Packages; {
aws = [

4
pkgs/by-name/st/stm32cubemx/package.nix
View File

@@ -14,13 +14,13 @@ let
iconame = "STM32CubeMX";
package = stdenvNoCC.mkDerivation rec {
pname = "stm32cubemx";
version = "6.13.0";
version = "6.14.0";
src = fetchzip {
url = "https://sw-center.st.com/packs/resource/library/stm32cube_mx_v${
builtins.replaceStrings [ "." ] [ "" ] version
}-lin.zip";
hash = "sha256-ypZVVPmAsApaccWl7ZtAECwphD2SUUiVNC2DYC5rYb4=";
hash = "sha256-GOvoPyfPdQV/gjveuFpZjueTZD/BYuEWSHgQKBm3o3A=";
stripRoot = false;
};

4
pkgs/by-name/vi/vintagestory/package.nix
View File

@@ -21,11 +21,11 @@
stdenv.mkDerivation rec {
pname = "vintagestory";
version = "1.20.4";
version = "1.20.5";
src = fetchurl {
url = "https://cdn.vintagestory.at/gamefiles/stable/vs_client_linux-x64_${version}.tar.gz";
hash = "sha256-Hgp2u/y2uPnJhAmPpwof76/woFGz4ISUXU+FIRMjMuQ=";
hash = "sha256-qpTWZ1nG4yrYgVvonZ3btIwhCK6S+aipq4H3b9FE3vI=";
};
nativeBuildInputs = [

6
pkgs/by-name/wg/wgsl-analyzer/package.nix
View File

@@ -6,17 +6,17 @@
rustPlatform.buildRustPackage rec {
pname = "wgsl-analyzer";
version = "0.9.5";
version = "0.9.8";
src = fetchFromGitHub {
owner = "wgsl-analyzer";
repo = "wgsl-analyzer";
tag = "v${version}";
hash = "sha256-j9UUikbJojksR6Ak9mh32T4H5mZmtPfj1m7sItUiXY4=";
hash = "sha256-UizD6cTRs6M5GaOX3wvacMr5JWwyHrQS6L19fRnw6Xo=";
};
useFetchCargoVendor = true;
cargoHash = "sha256-5eq/MvdtLl7wlSTwUkGRv1WurYMIBd6lmQYCDK96V1U=";
cargoHash = "sha256-W1WQ00SFpYOm4J1C65Jg1Yb3pujdcDQFdrpIgqKRLk4=";
checkFlags = [
# Imports failures

5
pkgs/by-name/xo/xonsh/unwrapped.nix
View File

@@ -28,7 +28,7 @@
buildPythonPackage rec {
pname = "xonsh";
version = "0.19.2";
version = "0.19.3";
pyproject = true;
# PyPI package ships incomplete tests
@@ -36,7 +36,7 @@ buildPythonPackage rec {
owner = "xonsh";
repo = "xonsh";
tag = version;
hash = "sha256-h5WK/7PZQKHajiaj3BTHLeW4TYhSB/IV0eRZPCSD6qg=";
hash = "sha256-2ZxNVyONA9eFyasMK+49T98zl67/95BNfDp/gINPc1U=";
};
build-system = [
@@ -91,6 +91,7 @@ buildPythonPackage rec {
# https://github.com/xonsh/xonsh/issues/5569
"test_spec_decorator_alias_output_format"
"test_trace_in_script"
];
disabledTestPaths = [

4
pkgs/development/python-modules/apycula/default.nix
View File

@@ -9,7 +9,7 @@
buildPythonPackage rec {
pname = "apycula";
version = "0.15";
version = "0.16";
pyproject = true;
disabled = pythonOlder "3.8";
@@ -17,7 +17,7 @@ buildPythonPackage rec {
src = fetchPypi {
inherit version;
pname = "Apycula";
hash = "sha256-Bg5nHvUaW+cHZEzmZ08YuXwecVx6R8tys8ZBuqUEhTg=";
hash = "sha256-/wKJOmTjMnDL9off5i3o18+2omry0h1Z88p0GV2/FGE=";
};
build-system = [ setuptools-scm ];

20
pkgs/development/python-modules/llama-cpp-python/default.nix
View File

@@ -4,7 +4,6 @@
gcc13Stdenv,
buildPythonPackage,
fetchFromGitHub,
fetchpatch2,
# nativeBuildInputs
cmake,
@@ -40,28 +39,18 @@ let
in
buildPythonPackage rec {
pname = "llama-cpp-python";
version = "0.3.6";
version = "0.3.8";
pyproject = true;
src = fetchFromGitHub {
owner = "abetlen";
repo = "llama-cpp-python";
tag = "v${version}";
hash = "sha256-d5nMgpS7m6WEILs222ztwphoqkAezJ+qt6sVKSlpIYI=";
hash = "sha256-F1E1c2S1iIL3HX/Sot/uIIrOWvfPU1dCrHx14A1Jn9E=";
fetchSubmodules = true;
};
# src = /home/gaetan/llama-cpp-python;
patches = [
# fix segfault when running tests due to missing default Metal devices
(fetchpatch2 {
url = "https://github.com/ggml-org/llama.cpp/commit/acd38efee316f3a5ed2e6afcbc5814807c347053.patch?full_index=1";
stripLen = 1;
extraPrefix = "vendor/llama.cpp/";
hash = "sha256-71+Lpg9z5KPlaQTX9D85KS2LXFWLQNJJ18TJyyq3/pU=";
})
];
dontUseCmakeConfigure = true;
SKBUILD_CMAKE_ARGS = lib.strings.concatStringsSep ";" (
# Set GGML_NATIVE=off. Otherwise, cmake attempts to build with
@@ -72,7 +61,10 @@ buildPythonPackage rec {
# -mcpu, breaking linux build as follows:
#
# cc1: error: unknown value native+nodotprod+noi8mm+nosve for -mcpu
[ "-DGGML_NATIVE=off" ]
[
"-DGGML_NATIVE=off"
"-DGGML_BUILD_NUMBER=1"
]
++ lib.optionals cudaSupport [
"-DGGML_CUDA=on"
"-DCUDAToolkit_ROOT=${lib.getDev cudaPackages.cuda_nvcc}"

15
pkgs/development/python-modules/llm-anthropic/default.nix
View File

@@ -9,19 +9,19 @@
pytestCheckHook,
pytest-asyncio,
pytest-recording,
nix-update-script,
writableTmpDirAsHomeHook,
}:
buildPythonPackage rec {
pname = "llm-anthropic";
version = "0.14.1";
version = "0.15.1";
pyproject = true;
src = fetchFromGitHub {
owner = "simonw";
repo = "llm-anthropic";
tag = version;
hash = "sha256-tKgcag8sBJA4QWunaFyZxkZH0mtc0SS17104YuX1Kac=";
hash = "sha256-8bVs3MJteOTCiw7n/4pMf+oXMhsQbCSzUFVQqm2ezcE=";
};
build-system = [
@@ -30,22 +30,15 @@ buildPythonPackage rec {
];
dependencies = [ anthropic ];
# Otherwise tests will fail to create directory
# Permission denied: '/homeless-shelter'
preCheck = ''
export HOME=$(mktemp -d)
'';
nativeCheckInputs = [
pytestCheckHook
pytest-asyncio
pytest-recording
writableTmpDirAsHomeHook
];
pythonImportsCheck = [ "llm_anthropic" ];
passthru.updateScript = nix-update-script { };
passthru.tests = {
llm-plugin = callPackage ./tests/llm-plugin.nix { };
};

4
pkgs/development/python-modules/pylamarzocco/default.nix
View File

@@ -14,7 +14,7 @@
buildPythonPackage rec {
pname = "pylamarzocco";
version = "1.4.7";
version = "1.4.9";
pyproject = true;
disabled = pythonOlder "3.11";
@@ -23,7 +23,7 @@ buildPythonPackage rec {
owner = "zweckj";
repo = "pylamarzocco";
tag = "v${version}";
hash = "sha256-H3TCuTD6T/KPUGndtYoWtFum1LTwrJe18iyKrsWFZnc=";
hash = "sha256-rEN1z+gkQjWjDkISdnn0KsxVzzPSKGPI/+VeYclIvkI=";
};
build-system = [ setuptools ];

4
pkgs/development/python-modules/python-snoo/default.nix
View File

@@ -10,14 +10,14 @@
buildPythonPackage rec {
pname = "python-snoo";
version = "0.6.3";
version = "0.6.4";
pyproject = true;
src = fetchFromGitHub {
owner = "Lash-L";
repo = "python-snoo";
tag = "v${version}";
hash = "sha256-kY8LetiY5wMJ6BMeoWK8al1PDC00ODU8B4CXesxBZSU=";
hash = "sha256-Lzyh9DbU9opKxx/2eb2yDEmwHCHsDkbcU6Xhqj0qOaU=";
};
postPatch = ''

4
pkgs/development/python-modules/zha/default.nix
View File

@@ -27,7 +27,7 @@
buildPythonPackage rec {
pname = "zha";
version = "0.0.52";
version = "0.0.53";
pyproject = true;
disabled = pythonOlder "3.12";
@@ -36,7 +36,7 @@ buildPythonPackage rec {
owner = "zigpy";
repo = "zha";
tag = version;
hash = "sha256-tGVRlYUoXS3uEAis9NE3gYBjbY5KzMvx8+J67BgU3kI=";
hash = "sha256-EszxMIdZKmw1q9WNyeTSMaGU9or/6oBe7VGOzXMkUzg=";
};
postPatch = ''

1
pkgs/os-specific/linux/systemd/default.nix
View File

@@ -886,6 +886,7 @@ stdenv.mkDerivation (finalAttrs: {
withKmod
withLocaled
withMachined
withNetworkd
withPortabled
withTimedated
withTpm2Tss

2
pkgs/servers/home-assistant/component-packages.nix
View File

@@ -2,7 +2,7 @@
# Do not edit!
{
version = "2025.3.3";
version = "2025.3.4";
components = {
"3_day_blinds" =
ps: with ps; [

6
pkgs/servers/home-assistant/default.nix
View File

@@ -393,7 +393,7 @@ let
extraBuildInputs = extraPackages python.pkgs;
# Don't forget to run update-component-packages.py after updating
hassVersion = "2025.3.3";
hassVersion = "2025.3.4";
in
python.pkgs.buildPythonApplication rec {
@@ -414,13 +414,13 @@ python.pkgs.buildPythonApplication rec {
owner = "home-assistant";
repo = "core";
tag = version;
hash = "sha256-uWNK7izeaK5XZMNfDgq/npJ1PrmC/HYHvHc5NU7Rff8=";
hash = "sha256-g1t9xAjrSSePyAloTQ2qwxAGEXJUTWX2zIZmAvlGGa8=";
};
# Secondary source is pypi sdist for translations
sdist = fetchPypi {
inherit pname version;
hash = "sha256-axmqJRiOt5T8gr/eh7qXOQBMLrcR9ZSqLS8SlmTgkE8=";
hash = "sha256-MIh8FMTKZVEZ/zC+Av8fykTpz9kkXgZZfnsuOZbgP0M=";
};
build-system = with python.pkgs; [