From d323f2925773e9f0d57da6b3ba069ca4221d6300 Mon Sep 17 00:00:00 2001 From: Bang Lee Date: Tue, 26 Aug 2025 16:52:53 -0700 Subject: [PATCH 01/57] nixos/wayvnc: init --- .../manual/release-notes/rl-2511.section.md | 2 ++ nixos/modules/module-list.nix | 1 + nixos/modules/programs/wayland/wayvnc.nix | 25 +++++++++++++++++++ 3 files changed, 28 insertions(+) create mode 100644 nixos/modules/programs/wayland/wayvnc.nix diff --git a/nixos/doc/manual/release-notes/rl-2511.section.md b/nixos/doc/manual/release-notes/rl-2511.section.md index ede6b54dbd7b..e04e2155349f 100644 --- a/nixos/doc/manual/release-notes/rl-2511.section.md +++ b/nixos/doc/manual/release-notes/rl-2511.section.md @@ -25,6 +25,8 @@ - [gtklock](https://github.com/jovanlanik/gtklock), a GTK-based lockscreen for Wayland. Available as [programs.gtklock](#opt-programs.gtklock.enable). - [Chrysalis](https://github.com/keyboardio/Chrysalis), a graphical configurator for Kaleidoscope-powered keyboards. Available as [programs.chrysalis](#opt-programs.chrysalis.enable). +- [wayvnc](https://github.com/any1/wayvnc), VNC server for wlroots based Wayland compositors. Available as [programs.wayvnc](#opt-programs.wayvnc.enable). + - [Pi-hole](https://pi-hole.net/), a DNS sinkhole for advertisements based on Dnsmasq. Available as [services.pihole-ftl](#opt-services.pihole-ftl.enable), and [services.pihole-web](#opt-services.pihole-web.enable) for the web GUI and API. - [Fediwall](https://fediwall.social), a web application for live displaying toots from mastodon, inspired by mastowall. Available as [services.fediwall](#opt-services.fediwall.enable). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index b4d2ebc3c7ae..0501ba817229 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -350,6 +350,7 @@ ./programs/wayland/uwsm.nix ./programs/wayland/waybar.nix ./programs/wayland/wayfire.nix + ./programs/wayland/wayvnc.nix ./programs/weylus.nix ./programs/winbox.nix ./programs/wireshark.nix diff --git a/nixos/modules/programs/wayland/wayvnc.nix b/nixos/modules/programs/wayland/wayvnc.nix new file mode 100644 index 000000000000..0a19541c098d --- /dev/null +++ b/nixos/modules/programs/wayland/wayvnc.nix @@ -0,0 +1,25 @@ +{ + lib, + pkgs, + config, + ... +}: + +let + cfg = config.programs.wayvnc; +in +{ + options.programs.wayvnc = { + enable = lib.mkEnableOption "wayvnc, VNC server for wlroots based Wayland compositors"; + package = lib.mkPackageOption pkgs "wayvnc" { }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = [ cfg.package ]; + + # https://github.com/any1/wayvnc/blob/master/src/pam_auth.c + security.pam.services.wayvnc = { }; + }; + + meta.maintainers = with lib.maintainers; [ qusic ]; +} From 775ce27666ed8e3014cf18f6819c6ab1398b21e7 Mon Sep 17 00:00:00 2001 From: Jeremy Fleischman Date: Thu, 16 Oct 2025 08:21:59 -0400 Subject: [PATCH 02/57] lib.customisation: fix error message when running in `nix repl` MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This code was more careful before (it didn't assume that `unsafeGetAttrPos` always returns a non-null location). Unfortunately, `unsafeGetAttrPos` *does* return `null` when dealing with `nix repl`: ``` nix-repl> f = {foo}: foo nix-repl> builtins.unsafeGetAttrPos "foo" (builtins.functionArgs f) null ``` Here's how to reproduce the issue. *Before* this fix: ``` nix-repl> f = {foo}: foo nix-repl> myCallPackage = lib.callPackageWith {} nix-repl> myCallPackage f {} error: … while calling the 'abort' builtin at /home/jeremy/src/github.com/NixOS/nixpkgs/lib/customisation.nix:323:7: 322| else 323| abort "lib.customisation.callPackageWith: ${error}"; | ^ 324| … while selecting an attribute at /home/jeremy/src/github.com/NixOS/nixpkgs/lib/customisation.nix:310:14: 309| "Function called without required argument \"${arg}\" at " 310| + "${loc.file}:${toString loc.line}${prettySuggestions (getSuggestions arg)}"; | ^ 311| error: expected a set but found null: null ``` *After*: ``` nix-repl> f = {foo}: foo nix-repl> myCallPackage = lib.callPackageWith {} nix-repl> myCallPackage f {} error: … while calling the 'abort' builtin at /home/jeremy/src/github.com/NixOS/nixpkgs/lib/customisation.nix:332:7: 331| # Inputs 332| | ^ 333| `autoArgs` error: evaluation aborted with the following error message: 'lib.customisation.callPackageWith: Function called without required argument "foo" at ' ``` --- lib/customisation.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/customisation.nix b/lib/customisation.nix index 5fb39fdfe1d2..39b59d7cdf6f 100644 --- a/lib/customisation.nix +++ b/lib/customisation.nix @@ -305,9 +305,10 @@ rec { arg: let loc = unsafeGetAttrPos arg fargs; + loc' = if loc != null then loc.file + ":" + toString loc.line else ""; in "Function called without required argument \"${arg}\" at " - + "${loc.file}:${toString loc.line}${prettySuggestions (getSuggestions arg)}"; + + "${loc'}${prettySuggestions (getSuggestions arg)}"; # Only show the error for the first missing argument error = errorForArg (head (attrNames missingArgs)); From 88e1756bc9ef9faa4a495f92012c6375d52cde61 Mon Sep 17 00:00:00 2001 From: Emily Date: Sat, 18 Oct 2025 02:53:06 +0100 Subject: [PATCH 03/57] darwin.{ditto,sudo}: drop MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These were added in in 2021, and used to provide the definition of `sudo`. That was reverted shortly after, in . While embedding these paths in the output of a derivation is potentially legitimate, using them as build inputs to other derivations is not so much; they won’t work in the sandbox, and using `sudo(8)` in a build especially doesn’t seem like a great idea. Using `/usr/bin/ditto` directly along with `sandboxProfile` or `__impureHostDeps` is a better mechanism than a wrapper package if a build really needs `ditto(1)`. --- .../darwin/impure-cmds/default.nix | 38 ------------------- pkgs/top-level/darwin-aliases.nix | 2 + pkgs/top-level/darwin-packages.nix | 6 +-- 3 files changed, 3 insertions(+), 43 deletions(-) delete mode 100644 pkgs/os-specific/darwin/impure-cmds/default.nix diff --git a/pkgs/os-specific/darwin/impure-cmds/default.nix b/pkgs/os-specific/darwin/impure-cmds/default.nix deleted file mode 100644 index eac4f6b97fd2..000000000000 --- a/pkgs/os-specific/darwin/impure-cmds/default.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ lib, runCommandLocal }: - -# On darwin, there are some commands neither opensource nor able to build in nixpkgs. -# We have no choice but to use those system-shipped impure ones. - -let - commands = { - ditto = "/usr/bin/ditto"; # ditto is not opensource - sudo = "/usr/bin/sudo"; # sudo must be owned by uid 0 and have the setuid bit set - }; - - mkImpureDrv = - name: path: - runCommandLocal "${name}-impure-darwin" - { - __impureHostDeps = [ path ]; - - meta = { - platforms = lib.platforms.darwin; - }; - } - '' - if ! [ -x ${path} ]; then - echo Cannot find command ${path} - exit 1 - fi - - mkdir -p $out/bin - ln -s ${path} $out/bin - - manpage="/usr/share/man/man1/${name}.1" - if [ -f $manpage ]; then - mkdir -p $out/share/man/man1 - ln -s $manpage $out/share/man/man1 - fi - ''; -in -lib.mapAttrs mkImpureDrv commands diff --git a/pkgs/top-level/darwin-aliases.nix b/pkgs/top-level/darwin-aliases.nix index 717f2f58763a..cb0f6d7c6d47 100644 --- a/pkgs/top-level/darwin-aliases.nix +++ b/pkgs/top-level/darwin-aliases.nix @@ -116,6 +116,7 @@ stubs ### D ### discrete-scroll = pkgs.discrete-scroll; # added 2024-11-27 + ditto = throw "'darwin.ditto' has been removed, because it was impure and unused"; # added 2025-10-18 ### I ### @@ -150,5 +151,6 @@ stubs stdenvNoCF = throw "darwin.stdenvNoCF has been removed; use `stdenv` or `stdenvNoCC`"; # converted to throw 2025-07-29 stubs = throw "'darwin.stubs.*' have been removed as they were unused"; # added 2025-04-20 + sudo = throw "'darwin.sudo' has been removed, because it was impure and unused"; # added 2025-10-18 swift-corelibs-foundation = throw "'darwin.swift-corelibs-foundation' has been removed, as it was broken and is no longer used"; # added 2025-04-20 } diff --git a/pkgs/top-level/darwin-packages.nix b/pkgs/top-level/darwin-packages.nix index 9adaebefedc5..d107ba471187 100644 --- a/pkgs/top-level/darwin-packages.nix +++ b/pkgs/top-level/darwin-packages.nix @@ -39,14 +39,10 @@ makeScopeWithSplicing' { callPackage = self.callPackage; directory = ../os-specific/darwin/apple-source-releases; }; - - # Must use pkgs.callPackage to avoid infinite recursion. - impure-cmds = pkgs.callPackage ../os-specific/darwin/impure-cmds { }; in lib.recurseIntoAttrs ( - impure-cmds - // apple-source-packages + apple-source-packages // { inherit (self.adv_cmds) ps; From bd549e426e4f80d63a0dd93efcd35285d42e3ac6 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Mon, 20 Oct 2025 00:22:50 +0000 Subject: [PATCH 04/57] asm-lsp: 0.10.0 -> 0.10.1 --- pkgs/by-name/as/asm-lsp/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/as/asm-lsp/package.nix b/pkgs/by-name/as/asm-lsp/package.nix index 20e3a2019d04..226d4ddf51eb 100644 --- a/pkgs/by-name/as/asm-lsp/package.nix +++ b/pkgs/by-name/as/asm-lsp/package.nix @@ -8,7 +8,7 @@ }: let pname = "asm-lsp"; - version = "0.10.0"; + version = "0.10.1"; in rustPlatform.buildRustPackage { inherit pname version; @@ -17,14 +17,14 @@ rustPlatform.buildRustPackage { owner = "bergercookie"; repo = "asm-lsp"; rev = "v${version}"; - hash = "sha256-RAyiE+Msmr/Qt5v7rWuUTAji383XLKxeMQJove2b1NE="; + hash = "sha256-vEilIoIK6fxZBhmyDueP2zvbh1/t2wd4cnq/0y6p+TI="; }; nativeBuildInputs = [ pkg-config ]; buildInputs = lib.optionals (!stdenv.hostPlatform.isDarwin) [ openssl ]; - cargoHash = "sha256-41iWqgywfFdqf3TzZT5peh39jiSZw8FRTI1AeL5CroY="; + cargoHash = "sha256-D91n+sx8qwkn/rEWP5ftS/mhmRru43TmKZUyvAc47H0="; # tests expect ~/.cache/asm-lsp to be writable preCheck = '' From 9a7d7da7a7cad643582f81c936813f6d665b9627 Mon Sep 17 00:00:00 2001 From: Seth Flynn Date: Thu, 21 Aug 2025 17:05:47 -0400 Subject: [PATCH 05/57] moar: rename to moor --- pkgs/by-name/mo/{moar => moor}/package.nix | 6 +++--- pkgs/top-level/aliases.nix | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) rename pkgs/by-name/mo/{moar => moor}/package.nix (89%) diff --git a/pkgs/by-name/mo/moar/package.nix b/pkgs/by-name/mo/moor/package.nix similarity index 89% rename from pkgs/by-name/mo/moar/package.nix rename to pkgs/by-name/mo/moor/package.nix index b231f30b2c5b..c050e255dd2e 100644 --- a/pkgs/by-name/mo/moar/package.nix +++ b/pkgs/by-name/mo/moor/package.nix @@ -6,12 +6,12 @@ }: buildGoModule rec { - pname = "moar"; + pname = "moor"; version = "1.33.0"; src = fetchFromGitHub { owner = "walles"; - repo = "moar"; + repo = "moor"; rev = "v${version}"; hash = "sha256-+06cup9iG+iMyluQPzUQ7vrnFHoeU4KNHGra3AsRRw0="; }; @@ -33,7 +33,7 @@ buildGoModule rec { meta = with lib; { description = "Nice-to-use pager for humans"; - homepage = "https://github.com/walles/moar"; + homepage = "https://github.com/walles/moor"; license = licenses.bsd2WithViews; mainProgram = "moar"; maintainers = with maintainers; [ foo-dogsquared ]; diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index c6286ab8bdbe..0980dc41be0c 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -1761,6 +1761,7 @@ mapAliases { miru = throw "'miru' has been removed due to lack maintenance"; # Added 2025-08-21 mmsd = throw "'mmsd' has been removed due to being unmaintained upstream. Consider using 'mmsd-tng' instead"; # Added 2025-06-07 mmutils = throw "'mmutils' has been removed due to being unmaintained upstream"; # Added 2025-08-29 + moar = lib.warnOnInstantiate "`moar` has been renamed to `moor` by upstream in v2.0.0. See https://github.com/walles/moor/pull/305 for more." pkgs.moor; # Added 2025-09-02 mod_dnssd = throw "'mod_dnssd' has been renamed to/replaced by 'apacheHttpdPackages.mod_dnssd'"; # Converted to throw 2024-10-17 mod_fastcgi = throw "'mod_fastcgi' has been renamed to/replaced by 'apacheHttpdPackages.mod_fastcgi'"; # Converted to throw 2024-10-17 mod_python = throw "'mod_python' has been renamed to/replaced by 'apacheHttpdPackages.mod_python'"; # Converted to throw 2024-10-17 From c217cdd3a2d5c7fc70d1a2675ae10db31d50da20 Mon Sep 17 00:00:00 2001 From: Seth Flynn Date: Thu, 21 Aug 2025 17:08:04 -0400 Subject: [PATCH 06/57] moor: 1.33.0 -> 2.6.1 Diff: https://github.com/walles/moor/compare/v1.33.0...v2.6.1 Changelog: https://github.com/walles/moor/releases/tag/v2.6.1 --- doc/release-notes/rl-2511.section.md | 2 ++ pkgs/by-name/mo/moor/package.nix | 10 +++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/doc/release-notes/rl-2511.section.md b/doc/release-notes/rl-2511.section.md index 658135c92af7..184927d1a70f 100644 --- a/doc/release-notes/rl-2511.section.md +++ b/doc/release-notes/rl-2511.section.md @@ -196,6 +196,8 @@ - `sail-riscv` 0.8 follows [upstream](https://github.com/riscv/sail-riscv/blob/7cc4620eb1a57bfe04832baccdcf5727e9459bd4/doc/ChangeLog.md) and provides only a single binary, `sail_riscv_sim`. +- `moar` has been updated from `1.33.0` to `2.0.0`, and renamed to `moor` following an upstream decision. See the [release notes](https://github.com/walles/moor/releases/tag/v2.0.0) for more. + - `podofo` has been updated from `0.9.8` to `1.0.0`. These releases are by nature very incompatible due to major API changes. The legacy versions can be found under `podofo_0_10` and `podofo_0_9`. Changelog: https://github.com/podofo/podofo/blob/1.0.0/CHANGELOG.md, API-Migration-Guide: https://github.com/podofo/podofo/blob/1.0.0/API-MIGRATION.md. diff --git a/pkgs/by-name/mo/moor/package.nix b/pkgs/by-name/mo/moor/package.nix index c050e255dd2e..9de11015a140 100644 --- a/pkgs/by-name/mo/moor/package.nix +++ b/pkgs/by-name/mo/moor/package.nix @@ -7,21 +7,21 @@ buildGoModule rec { pname = "moor"; - version = "1.33.0"; + version = "2.6.1"; src = fetchFromGitHub { owner = "walles"; repo = "moor"; rev = "v${version}"; - hash = "sha256-+06cup9iG+iMyluQPzUQ7vrnFHoeU4KNHGra3AsRRw0="; + hash = "sha256-5MiTxspdNTFfLnif5C3gcQ0suxRrjerlZl2+kPAjiBM="; }; - vendorHash = "sha256-ComKeqnw1PvDaCRVXfInRjSzhyZWGkD/hp5piwhwxds="; + vendorHash = "sha256-ve8QT2dIUZGTFYESt9vIllGTan22ciZr8SQzfqtqQfw="; nativeBuildInputs = [ installShellFiles ]; postInstall = '' - installManPage ./moar.1 + installManPage ./moor.1 ''; ldflags = [ @@ -35,7 +35,7 @@ buildGoModule rec { description = "Nice-to-use pager for humans"; homepage = "https://github.com/walles/moor"; license = licenses.bsd2WithViews; - mainProgram = "moar"; + mainProgram = "moor"; maintainers = with maintainers; [ foo-dogsquared ]; }; } From fedfddc5c4d4d801035f11c35150a20e7b168b83 Mon Sep 17 00:00:00 2001 From: Seth Flynn Date: Thu, 21 Aug 2025 17:17:05 -0400 Subject: [PATCH 07/57] moor: modernize --- pkgs/by-name/mo/moor/package.nix | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/pkgs/by-name/mo/moor/package.nix b/pkgs/by-name/mo/moor/package.nix index 9de11015a140..e44e9e25334f 100644 --- a/pkgs/by-name/mo/moor/package.nix +++ b/pkgs/by-name/mo/moor/package.nix @@ -3,16 +3,17 @@ buildGoModule, fetchFromGitHub, installShellFiles, + nix-update-script, }: -buildGoModule rec { +buildGoModule (finalAttrs: { pname = "moor"; version = "2.6.1"; src = fetchFromGitHub { owner = "walles"; repo = "moor"; - rev = "v${version}"; + tag = "v${finalAttrs.version}"; hash = "sha256-5MiTxspdNTFfLnif5C3gcQ0suxRrjerlZl2+kPAjiBM="; }; @@ -20,22 +21,27 @@ buildGoModule rec { nativeBuildInputs = [ installShellFiles ]; - postInstall = '' - installManPage ./moor.1 - ''; - ldflags = [ "-s" "-w" "-X" - "main.versionString=v${version}" + "main.versionString=v${finalAttrs.version}" ]; - meta = with lib; { + postInstall = '' + installManPage ./moor.1 + ''; + + passthru = { + updateScript = nix-update-script { }; + }; + + meta = { description = "Nice-to-use pager for humans"; homepage = "https://github.com/walles/moor"; - license = licenses.bsd2WithViews; + changelog = "https://github.com/walles/moor/releases/tag/v${finalAttrs.version}"; + license = lib.licenses.bsd2WithViews; mainProgram = "moor"; - maintainers = with maintainers; [ foo-dogsquared ]; + maintainers = with lib.maintainers; [ foo-dogsquared ]; }; -} +}) From 2635b4753942236b1c36a7367bde3ecb2ac5f100 Mon Sep 17 00:00:00 2001 From: Seth Flynn Date: Thu, 21 Aug 2025 17:19:15 -0400 Subject: [PATCH 08/57] moor: add versionCheckHook --- pkgs/by-name/mo/moor/package.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/by-name/mo/moor/package.nix b/pkgs/by-name/mo/moor/package.nix index e44e9e25334f..961553ccca7e 100644 --- a/pkgs/by-name/mo/moor/package.nix +++ b/pkgs/by-name/mo/moor/package.nix @@ -4,6 +4,7 @@ fetchFromGitHub, installShellFiles, nix-update-script, + versionCheckHook, }: buildGoModule (finalAttrs: { @@ -28,6 +29,9 @@ buildGoModule (finalAttrs: { "main.versionString=v${finalAttrs.version}" ]; + nativeInstallCheckInputs = [ versionCheckHook ]; + doInstallCheck = true; + postInstall = '' installManPage ./moor.1 ''; From 266fdd33fc8b887618b8e047eb31aba40cefbd4f Mon Sep 17 00:00:00 2001 From: Seth Flynn Date: Thu, 21 Aug 2025 17:21:33 -0400 Subject: [PATCH 09/57] moor: add cross package to tests --- pkgs/by-name/mo/moor/package.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/by-name/mo/moor/package.nix b/pkgs/by-name/mo/moor/package.nix index 961553ccca7e..1841e54fabcc 100644 --- a/pkgs/by-name/mo/moor/package.nix +++ b/pkgs/by-name/mo/moor/package.nix @@ -4,6 +4,7 @@ fetchFromGitHub, installShellFiles, nix-update-script, + pkgsCross, versionCheckHook, }: @@ -37,6 +38,7 @@ buildGoModule (finalAttrs: { ''; passthru = { + tests.cross-aarch64 = pkgsCross.aarch64-multiplatform.moor; updateScript = nix-update-script { }; }; From ccb8f2abccd2af5be25cc7c29d42922a690dfaf5 Mon Sep 17 00:00:00 2001 From: Seth Flynn Date: Thu, 21 Aug 2025 17:20:08 -0400 Subject: [PATCH 10/57] moor: add getchoo to maintainers --- pkgs/by-name/mo/moor/package.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/by-name/mo/moor/package.nix b/pkgs/by-name/mo/moor/package.nix index 1841e54fabcc..15300c423454 100644 --- a/pkgs/by-name/mo/moor/package.nix +++ b/pkgs/by-name/mo/moor/package.nix @@ -48,6 +48,9 @@ buildGoModule (finalAttrs: { changelog = "https://github.com/walles/moor/releases/tag/v${finalAttrs.version}"; license = lib.licenses.bsd2WithViews; mainProgram = "moor"; - maintainers = with lib.maintainers; [ foo-dogsquared ]; + maintainers = with lib.maintainers; [ + foo-dogsquared + getchoo + ]; }; }) From adc720421b965f9dddc1033be26bfa7aa02e3405 Mon Sep 17 00:00:00 2001 From: adeci Date: Sun, 19 Oct 2025 19:49:32 -0400 Subject: [PATCH 11/57] python3Packages.chromadb: anonymized telemetry opt-in --- pkgs/development/python-modules/chromadb/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/development/python-modules/chromadb/default.nix b/pkgs/development/python-modules/chromadb/default.nix index 6f7605e74ae5..ad01ae1680f7 100644 --- a/pkgs/development/python-modules/chromadb/default.nix +++ b/pkgs/development/python-modules/chromadb/default.nix @@ -93,6 +93,11 @@ buildPythonPackage rec { # Nixpkgs is taking the version from `chromadb_rust_bindings` which is versioned independently substituteInPlace pyproject.toml \ --replace-fail "dynamic = [\"version\"]" "version = \"${version}\"" + + # Flip anonymized telemetry to opt in versus current opt-in out for privacy + substituteInPlace chromadb/config.py \ + --replace-fail "anonymized_telemetry: bool = True" \ + "anonymized_telemetry: bool = False" ''; pythonRelaxDeps = [ From abe7ea46e4a793a2e43a908f7630ace7330c554a Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 21 Oct 2025 01:48:17 +0000 Subject: [PATCH 12/57] debian-devscripts: 2.25.19 -> 2.25.20 --- pkgs/by-name/de/debian-devscripts/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/de/debian-devscripts/package.nix b/pkgs/by-name/de/debian-devscripts/package.nix index f0c27ba249f0..15d694cd4442 100644 --- a/pkgs/by-name/de/debian-devscripts/package.nix +++ b/pkgs/by-name/de/debian-devscripts/package.nix @@ -30,14 +30,14 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "debian-devscripts"; - version = "2.25.19"; + version = "2.25.20"; src = fetchFromGitLab { domain = "salsa.debian.org"; owner = "debian"; repo = "devscripts"; tag = "v${finalAttrs.version}"; - hash = "sha256-xRWWdM2l1F1Z7U+ThxWvH5wL2ZY+sR8+Jx6h/7mo9dQ="; + hash = "sha256-TpS4Gb6HZfCO42PSMyQ6qC1uUYAGkC9r4DHz4tofYKw="; }; patches = [ From 96be3f19b480296350027787acdad131daef014e Mon Sep 17 00:00:00 2001 From: h7x4 Date: Tue, 21 Oct 2025 16:59:54 +0900 Subject: [PATCH 13/57] nixos/rtkit: harden systemd service --- nixos/modules/security/rtkit.nix | 43 +++++++++++++++++++++++++++++--- 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/nixos/modules/security/rtkit.nix b/nixos/modules/security/rtkit.nix index a5916f1173b7..d7c6df17f03b 100644 --- a/nixos/modules/security/rtkit.nix +++ b/nixos/modules/security/rtkit.nix @@ -57,10 +57,45 @@ in systemd.packages = [ package ]; systemd.services.rtkit-daemon = { - serviceConfig.ExecStart = [ - "" # Resets command from upstream unit. - "${package}/libexec/rtkit-daemon ${utils.escapeSystemdExecArgs cfg.args}" - ]; + serviceConfig = { + ExecStart = [ + "" # Resets command from upstream unit. + "${package}/libexec/rtkit-daemon ${utils.escapeSystemdExecArgs cfg.args}" + ]; + + # Needs to verify the user of the processes. + PrivateUsers = "full"; + # Needs to access other processes to modify their scheduling modes. + ProcSubset = "all"; + ProtectProc = "default"; + # Canary needs to be realtime. + RestrictRealtime = false; + + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateTmp = "disconnected"; + ProtectClock = true; + ProtectControlGroups = "strict"; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = "strict"; + RemoveIPC = true; + RestrictAddressFamilies = [ "AF_UNIX" ]; + IPAddressDeny = "any"; + RestrictNamespaces = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "@mount" # Needs chroot(1) + ]; + UMask = "0777"; + }; }; users.users.rtkit = { From f6a4e3502e0494e0c7b975707faee2ba618ca5bd Mon Sep 17 00:00:00 2001 From: Gliczy <129636582+Gliczy@users.noreply.github.com> Date: Tue, 21 Oct 2025 10:51:12 +0200 Subject: [PATCH 14/57] slade: 3.2.7 -> 3.2.8 --- pkgs/by-name/sl/slade/package.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/by-name/sl/slade/package.nix b/pkgs/by-name/sl/slade/package.nix index d01793cdd99c..db8fbf298497 100644 --- a/pkgs/by-name/sl/slade/package.nix +++ b/pkgs/by-name/sl/slade/package.nix @@ -11,23 +11,23 @@ sfml_2, fluidsynth, curl, - freeimage, ftgl, glew, lua, mpg123, wrapGAppsHook3, + libwebp, }: stdenv.mkDerivation (finalAttrs: { pname = "slade"; - version = "3.2.7"; + version = "3.2.8"; src = fetchFromGitHub { owner = "sirjuddington"; repo = "SLADE"; tag = finalAttrs.version; - hash = "sha256-+i506uzO2q/9k7en6CKs4ui9gjszrMOYwW+V9W5Lvns="; + hash = "sha256-skJpcxLSInAzBHGtxdTWAqocXQKKQY7vJfUx8ZAlMqc="; }; nativeBuildInputs = [ @@ -44,11 +44,11 @@ stdenv.mkDerivation (finalAttrs: { sfml_2 fluidsynth curl - freeimage ftgl glew lua mpg123 + libwebp ]; cmakeFlags = [ From 95625320bff6b09ab0d6d268626444bb9571eb57 Mon Sep 17 00:00:00 2001 From: Tobias M Date: Tue, 21 Oct 2025 12:51:16 +0200 Subject: [PATCH 15/57] nixos/lldap: use exec for start script Use exec for running lldap itself so that the bash startup script does not have to linger around. --- nixos/modules/services/databases/lldap.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/databases/lldap.nix b/nixos/modules/services/databases/lldap.nix index e21deef91f33..1680965573c9 100644 --- a/nixos/modules/services/databases/lldap.nix +++ b/nixos/modules/services/databases/lldap.nix @@ -224,7 +224,7 @@ in fi '' + '' - ${lib.getExe cfg.package} run --config-file ${format.generate "lldap_config.toml" cfg.settings} + exec ${lib.getExe cfg.package} run --config-file ${format.generate "lldap_config.toml" cfg.settings} ''; serviceConfig = { StateDirectory = "lldap"; From 3864a2a11a680190f9db01c5a11372b8dae3fd5f Mon Sep 17 00:00:00 2001 From: Rexiel Scarlet <37258415+Rexcrazy804@users.noreply.github.com> Date: Tue, 21 Oct 2025 15:42:06 +0400 Subject: [PATCH 16/57] qjoypad: fix build with cmake 4 --- pkgs/tools/misc/qjoypad/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/tools/misc/qjoypad/default.nix b/pkgs/tools/misc/qjoypad/default.nix index 7c16bd121bec..5059fb58bfea 100644 --- a/pkgs/tools/misc/qjoypad/default.nix +++ b/pkgs/tools/misc/qjoypad/default.nix @@ -21,6 +21,11 @@ mkDerivation rec { hash = "sha256:1w26ddxb1xirb7qjf7kv9llxzjhbhcb7warnxbx41qhbni46g26y"; }; + postPatch = '' + substituteInPlace CMakeLists.txt \ + --replace-fail "cmake_minimum_required(VERSION 2.8.11)" "cmake_minimum_required(VERSION 3.10)" + ''; + nativeBuildInputs = [ pkg-config cmake From 78729c2c4a98cfe7ecc046114519c0e0968d4609 Mon Sep 17 00:00:00 2001 From: Rexiel Scarlet <37258415+Rexcrazy804@users.noreply.github.com> Date: Tue, 21 Oct 2025 14:29:01 +0400 Subject: [PATCH 17/57] qdmr: 0.12.3 -> 0.13.1 Release: https://github.com/hmatuschek/qdmr/releases/tag/v0.13.1 Changes: https://github.com/hmatuschek/qdmr/compare/v0.12.3...v0.13.1 - switched to qt6 - fix build with cmake 4 - fix build of manpages --- pkgs/by-name/qd/qdmr/package.nix | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/pkgs/by-name/qd/qdmr/package.nix b/pkgs/by-name/qd/qdmr/package.nix index 0875c3b3e14c..ec24d4032f95 100644 --- a/pkgs/by-name/qd/qdmr/package.nix +++ b/pkgs/by-name/qd/qdmr/package.nix @@ -6,8 +6,9 @@ cmake, libxslt, docbook_xsl_ns, - libsForQt5, + kdePackages, libusb1, + librsvg, yaml-cpp, }: @@ -17,28 +18,30 @@ in stdenv.mkDerivation rec { pname = "qdmr"; - version = "0.12.3"; + version = "0.13.1"; src = fetchFromGitHub { owner = "hmatuschek"; repo = "qdmr"; rev = "v${version}"; - hash = "sha256-rb59zbYpIziqXWTjTApWXnkcpRiAUIqPiInEJdsYd48="; + hash = "sha256-Vz7di9VwrvtSCea3pipSCEw9pHfRv9lJn9jKzboyh6E="; }; nativeBuildInputs = [ cmake - libxslt - libsForQt5.wrapQtAppsHook + kdePackages.wrapQtAppsHook installShellFiles ]; buildInputs = [ + librsvg libusb1 - libsForQt5.qtlocation - libsForQt5.qtserialport - libsForQt5.qttools - libsForQt5.qtbase + libxslt + kdePackages.qtlocation + kdePackages.qtserialport + kdePackages.qttools + kdePackages.qtbase + kdePackages.qtpositioning yaml-cpp ]; @@ -59,6 +62,7 @@ stdenv.mkDerivation rec { cmakeFlags = [ "-DBUILD_MAN=ON" "-DCMAKE_INSTALL_FULL_MANDIR=share/man" + "-DDOCBOOK2MAN_XSLT=docbook_man.${if isLinux then "debian" else "macports"}.xsl" "-DINSTALL_UDEV_RULES=OFF" ]; From 901ddad0838f69134e863579d140b2d0d28db46e Mon Sep 17 00:00:00 2001 From: Fernando Rodrigues Date: Tue, 21 Oct 2025 22:57:19 +1100 Subject: [PATCH 18/57] xen: patch with XSA-475 Xen Security Advisory #475 x86: Incorrect input sanitisation in Viridian hypercalls Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause out-of-bounds reads and writes while processing the inputs. * CVE-2025-58147. Hypercalls using the HV_VP_SET Sparse format can cause vpmask_set() to write out of bounds when converting the bitmap to Xen's format. * CVE-2025-58148. Hypercalls using any input format can cause send_ipi() to read d->vcpu[] out-of-bounds, and operate on a wild vCPU pointer. Signed-off-by: Fernando Rodrigues --- pkgs/by-name/xe/xen/package.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/by-name/xe/xen/package.nix b/pkgs/by-name/xe/xen/package.nix index 152ecf6fdd5b..e5910918c62f 100644 --- a/pkgs/by-name/xe/xen/package.nix +++ b/pkgs/by-name/xe/xen/package.nix @@ -215,6 +215,16 @@ stdenv.mkDerivation (finalAttrs: { url = "https://xenbits.xen.org/xsa/xsa473-2.patch"; hash = "sha256-tGuIGxJFBXbckIruSUeTyrM6GabdIj6Pr3cVxeDvNNY="; }) + + # XSA 475 + (fetchpatch { + url = "https://xenbits.xen.org/xsa/xsa475-1.patch"; + hash = "sha256-Bzvtr12g+7+M9jY9Nt2jd41CwYTL+h2fuwzJFsxroio="; + }) + (fetchpatch { + url = "https://xenbits.xen.org/xsa/xsa475-2.patch"; + hash = "sha256-7MKtDAJpihpfcBK+hyBFGCP6gHWs2cdgTks8B439b2s="; + }) ]; outputs = [ From 30629a8ec7bbf9246567727fce3a0f9e9d51c3f0 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 21 Oct 2025 15:02:52 +0000 Subject: [PATCH 19/57] baresip: 4.1.0 -> 4.2.0 --- pkgs/by-name/ba/baresip/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/ba/baresip/package.nix b/pkgs/by-name/ba/baresip/package.nix index 77a50d2a1670..6f1b79be95e8 100644 --- a/pkgs/by-name/ba/baresip/package.nix +++ b/pkgs/by-name/ba/baresip/package.nix @@ -31,14 +31,14 @@ }: stdenv.mkDerivation rec { - version = "4.1.0"; + version = "4.2.0"; pname = "baresip"; src = fetchFromGitHub { owner = "baresip"; repo = "baresip"; rev = "v${version}"; - hash = "sha256-KbjdwvXUiNvHb6AXt38M9gkhliiie+8frvuqYJEsnJE="; + hash = "sha256-kC1pqquIddjqIvGSIE9Rzlvr6qzTXF+mFsZlIzFBExI="; }; patches = [ From 8496210f3d38c148e950c7e45134267da5b19add Mon Sep 17 00:00:00 2001 From: Ross Smyth <18294397+RossSmyth@users.noreply.github.com> Date: Sat, 20 Sep 2025 19:53:43 -0400 Subject: [PATCH 20/57] idris2: Move to by-name --- .../idris2/idris2.nix => by-name/id/idris2/package.nix} | 0 pkgs/{development/compilers => by-name/id}/idris2/tests.nix | 0 pkgs/development/compilers/idris2/default.nix | 6 ++---- pkgs/top-level/all-packages.nix | 2 -- 4 files changed, 2 insertions(+), 6 deletions(-) rename pkgs/{development/compilers/idris2/idris2.nix => by-name/id/idris2/package.nix} (100%) rename pkgs/{development/compilers => by-name/id}/idris2/tests.nix (100%) diff --git a/pkgs/development/compilers/idris2/idris2.nix b/pkgs/by-name/id/idris2/package.nix similarity index 100% rename from pkgs/development/compilers/idris2/idris2.nix rename to pkgs/by-name/id/idris2/package.nix diff --git a/pkgs/development/compilers/idris2/tests.nix b/pkgs/by-name/id/idris2/tests.nix similarity index 100% rename from pkgs/development/compilers/idris2/tests.nix rename to pkgs/by-name/id/idris2/tests.nix diff --git a/pkgs/development/compilers/idris2/default.nix b/pkgs/development/compilers/idris2/default.nix index 57031f673d3e..1083a9b653f8 100644 --- a/pkgs/development/compilers/idris2/default.nix +++ b/pkgs/development/compilers/idris2/default.nix @@ -1,10 +1,8 @@ -{ callPackage }: +{ callPackage, idris2 }: { - idris2 = callPackage ./idris2.nix { }; + inherit idris2; idris2Api = callPackage ./idris2-api.nix { }; idris2Lsp = callPackage ./idris2-lsp.nix { }; - pack = callPackage ./pack.nix { }; - buildIdris = callPackage ./build-idris.nix { }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index c967d8f89074..4c4bf0ac88c9 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5048,8 +5048,6 @@ with pkgs; idris2Packages = recurseIntoAttrs (callPackage ../development/compilers/idris2 { }); - inherit (idris2Packages) idris2; - inherit (callPackage ../development/tools/database/indradb { }) indradb-server indradb-client From 103a6160681685b93a5a530369b29bbe190f49ab Mon Sep 17 00:00:00 2001 From: Ross Smyth <18294397+RossSmyth@users.noreply.github.com> Date: Fri, 19 Sep 2025 14:08:11 -0400 Subject: [PATCH 21/57] idris2: Modernize derivation --- pkgs/by-name/id/idris2/package.nix | 38 +++++++++++-------- pkgs/by-name/id/idris2/tests.nix | 3 +- pkgs/development/compilers/idris2/default.nix | 2 + 3 files changed, 27 insertions(+), 16 deletions(-) diff --git a/pkgs/by-name/id/idris2/package.nix b/pkgs/by-name/id/idris2/package.nix index b34cda66e497..d2d276683f01 100644 --- a/pkgs/by-name/id/idris2/package.nix +++ b/pkgs/by-name/id/idris2/package.nix @@ -1,18 +1,18 @@ -# Almost 1:1 copy of idris2's nix/package.nix. Some work done in their flake.nix -# we do here instead. { - stdenv, lib, + stdenv, + fetchFromGitHub, chez, chez-racket, clang, gmp, - fetchFromGitHub, + installShellFiles, makeWrapper, gambit, nodejs, zsh, callPackage, + idris2Packages, }: # NOTICE: An `idris2WithPackages` is available at: https://github.com/claymager/idris2-pkgs @@ -24,22 +24,22 @@ let else chez-racket; in -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "idris2"; version = "0.7.0"; src = fetchFromGitHub { owner = "idris-lang"; repo = "Idris2"; - rev = "v${version}"; - sha256 = "sha256-VwveX3fZfrxEsytpbOc5Tm6rySpLFhTt5132J6rmrmM="; + rev = "v${finalAttrs.version}"; + hash = "sha256-VwveX3fZfrxEsytpbOc5Tm6rySpLFhTt5132J6rmrmM="; }; strictDeps = true; nativeBuildInputs = [ - makeWrapper clang platformChez + installShellFiles ] ++ lib.optionals stdenv.hostPlatform.isDarwin [ zsh ]; buildInputs = [ @@ -47,11 +47,9 @@ stdenv.mkDerivation rec { gmp ]; - prePatch = '' - patchShebangs --build tests - ''; + enableParallelBuilding = true; - makeFlags = [ "PREFIX=$(out)" ] ++ lib.optional stdenv.hostPlatform.isDarwin "OS="; + makeFlags = [ "PREFIX=${placeholder "out"}" ] ++ lib.optional stdenv.hostPlatform.isDarwin "OS="; # The name of the main executable of pkgs.chez is `scheme` buildFlags = [ @@ -59,6 +57,7 @@ stdenv.mkDerivation rec { "SCHEME=scheme" ]; + doCheck = false; checkTarget = "test"; nativeCheckInputs = [ gambit @@ -99,21 +98,30 @@ stdenv.mkDerivation rec { --suffix IDRIS2_PACKAGE_PATH ':' "${globalLibrariesPath}" \ --suffix DYLD_LIBRARY_PATH ':' "$out/${name}/lib" \ --suffix LD_LIBRARY_PATH ':' "$out/${name}/lib" + '' + + lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' + installShellCompletion --cmd idris2 \ + --bash <($out/bin/idris2 --bash-completion-script idris2) ''; # Run package tests - passthru.tests = callPackage ./tests.nix { inherit pname; }; + passthru.tests = callPackage ./tests.nix { + idris2 = finalAttrs.finalPackage; + idris2Packages = idris2Packages.override { idris2 = finalAttrs.finalPackage; }; + }; meta = { description = "Purely functional programming language with first class types"; mainProgram = "idris2"; homepage = "https://github.com/idris-lang/Idris2"; + changelog = "https://github.com/idris-lang/Idris2/releases/tag/v${finalAttrs.version}"; license = lib.licenses.bsd3; maintainers = with lib.maintainers; [ fabianhjr wchresta mattpolzin + RossSmyth ]; - inherit (chez.meta) platforms; + platforms = lib.platforms.all; }; -} +}) diff --git a/pkgs/by-name/id/idris2/tests.nix b/pkgs/by-name/id/idris2/tests.nix index b26227d7c4ed..6abf9435fcc1 100644 --- a/pkgs/by-name/id/idris2/tests.nix +++ b/pkgs/by-name/id/idris2/tests.nix @@ -2,7 +2,6 @@ stdenv, runCommand, lib, - pname, idris2, idris2Packages, zsh, @@ -18,6 +17,7 @@ let packages ? [ ], }: let + inherit (idris2) pname; packageString = builtins.concatStringsSep " " (map (p: "--package " + p) packages); in runCommand "${pname}-${testName}" @@ -61,6 +61,7 @@ let expectedTree, }: let + inherit (idris2) pname; idrisPkg = transformBuildIdrisOutput (idris2Packages.buildIdris buildIdrisArgs); in runCommand "${pname}-${testName}" diff --git a/pkgs/development/compilers/idris2/default.nix b/pkgs/development/compilers/idris2/default.nix index 1083a9b653f8..8cb6edca8fcd 100644 --- a/pkgs/development/compilers/idris2/default.nix +++ b/pkgs/development/compilers/idris2/default.nix @@ -3,6 +3,8 @@ inherit idris2; idris2Api = callPackage ./idris2-api.nix { }; idris2Lsp = callPackage ./idris2-lsp.nix { }; + pack = callPackage ./pack.nix { }; + buildIdris = callPackage ./build-idris.nix { }; } From 4167386d69c1d0c1352de1057a66cb5f00c0b55c Mon Sep 17 00:00:00 2001 From: Ross Smyth <18294397+RossSmyth@users.noreply.github.com> Date: Sat, 20 Sep 2025 21:46:58 -0400 Subject: [PATCH 22/57] idris2: Fix tests --- pkgs/by-name/id/idris2/tests.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pkgs/by-name/id/idris2/tests.nix b/pkgs/by-name/id/idris2/tests.nix index 6abf9435fcc1..152b055ceefd 100644 --- a/pkgs/by-name/id/idris2/tests.nix +++ b/pkgs/by-name/id/idris2/tests.nix @@ -4,6 +4,7 @@ lib, idris2, idris2Packages, + chez, zsh, tree, }: @@ -28,7 +29,8 @@ let # is not the case with pure nix environments. Thus, we need to include zsh # when we build for darwin in tests. While this is impure, this is also what # we find in real darwin hosts. - nativeBuildInputs = lib.optionals stdenv.hostPlatform.isDarwin [ zsh ]; + strictDeps = true; + nativeBuildInputs = [ chez ] ++ lib.optionals stdenv.hostPlatform.isDarwin [ zsh ]; } '' set -eo pipefail @@ -39,6 +41,7 @@ let ${idris2}/bin/idris2 ${packageString} -o packageTest packageTest.idr + patchShebangs --build ./build/exec/packageTest GOT=$(./build/exec/packageTest) if [ "$GOT" = "${want}" ]; then @@ -68,6 +71,7 @@ let { meta.timeout = 60; + strictDeps = true; nativeBuildInputs = [ tree ]; } '' From f5a33c56af78fd9b403e5f40f9ce31b03b55cb04 Mon Sep 17 00:00:00 2001 From: Ross Smyth <18294397+RossSmyth@users.noreply.github.com> Date: Fri, 19 Sep 2025 16:11:00 -0400 Subject: [PATCH 23/57] idris2: Split runtime support library to seperate derivation --- pkgs/by-name/id/idris2/libidris2_support.nix | 32 ++++++++++++ pkgs/by-name/id/idris2/package.nix | 51 ++++++++++++++------ 2 files changed, 69 insertions(+), 14 deletions(-) create mode 100644 pkgs/by-name/id/idris2/libidris2_support.nix diff --git a/pkgs/by-name/id/idris2/libidris2_support.nix b/pkgs/by-name/id/idris2/libidris2_support.nix new file mode 100644 index 000000000000..81d6c10c9cd5 --- /dev/null +++ b/pkgs/by-name/id/idris2/libidris2_support.nix @@ -0,0 +1,32 @@ +{ + stdenv, + lib, + gmp, + src, + version, +}: +stdenv.mkDerivation (finalAttrs: { + inherit version src; + pname = "libidris2_support"; + + strictDeps = true; + buildInputs = [ gmp ]; + + enableParallelBuilding = true; + makeFlags = [ + "PREFIX=${placeholder "out"}" + ] + ++ lib.optional stdenv.isDarwin "OS="; + + buildFlags = [ "support" ]; + + installTargets = "install-support"; + + postInstall = '' + mv "$out/idris2-${finalAttrs.version}/lib" "$out/lib" + mv "$out/idris2-${finalAttrs.version}/support" "$out/share" + rm -rf $out/idris2-${finalAttrs.version} + ''; + + meta.description = "Runtime library for Idris2"; +}) diff --git a/pkgs/by-name/id/idris2/package.nix b/pkgs/by-name/id/idris2/package.nix index d2d276683f01..799b3599fd44 100644 --- a/pkgs/by-name/id/idris2/package.nix +++ b/pkgs/by-name/id/idris2/package.nix @@ -18,6 +18,19 @@ # NOTICE: An `idris2WithPackages` is available at: https://github.com/claymager/idris2-pkgs let + version = "0.7.0"; + src = fetchFromGitHub { + owner = "idris-lang"; + repo = "Idris2"; + rev = "v${version}"; + hash = "sha256-VwveX3fZfrxEsytpbOc5Tm6rySpLFhTt5132J6rmrmM="; + }; + + # Runtime library + libidris2_support = callPackage ./libidris2_support.nix { inherit src version; }; + libsupportLib = lib.makeLibraryPath [ libidris2_support ]; + libsupportShare = lib.makeSearchPath "share" [ libidris2_support ]; + platformChez = if (stdenv.system == "x86_64-linux") || (lib.versionAtLeast chez.version "10.0.0") then chez @@ -25,15 +38,8 @@ let chez-racket; in stdenv.mkDerivation (finalAttrs: { + inherit version src; pname = "idris2"; - version = "0.7.0"; - - src = fetchFromGitHub { - owner = "idris-lang"; - repo = "Idris2"; - rev = "v${finalAttrs.version}"; - hash = "sha256-VwveX3fZfrxEsytpbOc5Tm6rySpLFhTt5132J6rmrmM="; - }; strictDeps = true; nativeBuildInputs = [ @@ -45,16 +51,23 @@ stdenv.mkDerivation (finalAttrs: { buildInputs = [ platformChez gmp + libidris2_support ]; enableParallelBuilding = true; - makeFlags = [ "PREFIX=${placeholder "out"}" ] ++ lib.optional stdenv.hostPlatform.isDarwin "OS="; + makeFlags = [ + "PREFIX=${placeholder "out"}" + "IDRIS2_SUPPORT_DIR=${libsupportLib}" + ] + ++ lib.optional stdenv.hostPlatform.isDarwin "OS="; # The name of the main executable of pkgs.chez is `scheme` buildFlags = [ "bootstrap" "SCHEME=scheme" + "IDRIS2_LIBS=${libsupportLib}" + "IDRIS2_DATA=${libsupportShare}" ]; doCheck = false; @@ -62,8 +75,15 @@ stdenv.mkDerivation (finalAttrs: { nativeCheckInputs = [ gambit nodejs - ]; # racket ]; - checkFlags = [ "INTERACTIVE=" ]; + ]; + checkFlags = [ + "INTERACTIVE=" + "IDRIS2_DATA=${libsupportShare}" + "IDRIS2_LIBS=${libsupportLib}" + "TEST_IDRIS2_DATA=${libsupportShare}" + "TEST_IDRIS2_LIBS=${libsupportLib}" + "TEST_IDRIS2_SUPPORT_DIR=${libsupportLib}" + ]; # TODO: Move this into its own derivation, such that this can be changed # without having to recompile idris2 every time. @@ -105,9 +125,12 @@ stdenv.mkDerivation (finalAttrs: { ''; # Run package tests - passthru.tests = callPackage ./tests.nix { - idris2 = finalAttrs.finalPackage; - idris2Packages = idris2Packages.override { idris2 = finalAttrs.finalPackage; }; + passthru = { + inherit libidris2_support; + tests = callPackage ./tests.nix { + idris2 = finalAttrs.finalPackage; + idris2Packages = idris2Packages.override { idris2 = finalAttrs.finalPackage; }; + }; }; meta = { From d5365578dd5c81fb3480db94661552f849ccae42 Mon Sep 17 00:00:00 2001 From: Ross Smyth <18294397+RossSmyth@users.noreply.github.com> Date: Fri, 19 Sep 2025 16:09:08 -0400 Subject: [PATCH 24/57] idris2: Make it an "unwrapped" compiler, add wrapper Patch source so the unwrapped compiler can run at all --- pkgs/by-name/id/idris2/package.nix | 206 +++++++++++++++-------------- pkgs/by-name/id/idris2/wrapped.nix | 48 +++++++ 2 files changed, 154 insertions(+), 100 deletions(-) create mode 100644 pkgs/by-name/id/idris2/wrapped.nix diff --git a/pkgs/by-name/id/idris2/package.nix b/pkgs/by-name/id/idris2/package.nix index 799b3599fd44..3698414cb005 100644 --- a/pkgs/by-name/id/idris2/package.nix +++ b/pkgs/by-name/id/idris2/package.nix @@ -7,17 +7,16 @@ clang, gmp, installShellFiles, - makeWrapper, gambit, nodejs, zsh, callPackage, idris2Packages, + testers, }: - -# NOTICE: An `idris2WithPackages` is available at: https://github.com/claymager/idris2-pkgs - let + inherit (stdenv.hostPlatform) extensions; + version = "0.7.0"; src = fetchFromGitHub { owner = "idris-lang"; @@ -36,115 +35,122 @@ let chez else chez-racket; -in -stdenv.mkDerivation (finalAttrs: { - inherit version src; - pname = "idris2"; - strictDeps = true; - nativeBuildInputs = [ - clang - platformChez - installShellFiles - ] - ++ lib.optionals stdenv.hostPlatform.isDarwin [ zsh ]; - buildInputs = [ - platformChez - gmp - libidris2_support - ]; + unwrapped = stdenv.mkDerivation (finalAttrs: { + inherit version src; + pname = "idris2"; - enableParallelBuilding = true; + postPatch = '' + shopt -s globstar - makeFlags = [ - "PREFIX=${placeholder "out"}" - "IDRIS2_SUPPORT_DIR=${libsupportLib}" - ] - ++ lib.optional stdenv.hostPlatform.isDarwin "OS="; + # Patch all occurences of the support lib with an absolute path so it + # works without wrapping. + substituteInPlace **/*.idr \ + --replace-quiet "libidris2_support" "${libidris2_support}/lib/libidris2_support${extensions.sharedLibrary}" - # The name of the main executable of pkgs.chez is `scheme` - buildFlags = [ - "bootstrap" - "SCHEME=scheme" - "IDRIS2_LIBS=${libsupportLib}" - "IDRIS2_DATA=${libsupportShare}" - ]; + substituteInPlace src/Compiler/RefC/CC.idr \ + --replace-fail "libidris2_support${extensions.sharedLibrary}.a" "libidris2_support.a" - doCheck = false; - checkTarget = "test"; - nativeCheckInputs = [ - gambit - nodejs - ]; - checkFlags = [ - "INTERACTIVE=" - "IDRIS2_DATA=${libsupportShare}" - "IDRIS2_LIBS=${libsupportLib}" - "TEST_IDRIS2_DATA=${libsupportShare}" - "TEST_IDRIS2_LIBS=${libsupportLib}" - "TEST_IDRIS2_SUPPORT_DIR=${libsupportLib}" - ]; + patchShebangs --build tests + ''; - # TODO: Move this into its own derivation, such that this can be changed - # without having to recompile idris2 every time. - postInstall = - let - name = "${pname}-${version}"; - globalLibraries = [ - "\\$HOME/.nix-profile/lib/${name}" - "/run/current-system/sw/lib/${name}" - "$out/${name}" - ]; - globalLibrariesPath = builtins.concatStringsSep ":" globalLibraries; - in - '' + strictDeps = true; + nativeBuildInputs = [ + clang + platformChez + installShellFiles + ] + ++ lib.optionals stdenv.hostPlatform.isDarwin [ zsh ]; + buildInputs = [ + platformChez + gmp + libidris2_support + ]; + + enableParallelBuilding = true; + + makeFlags = [ + "PREFIX=${placeholder "out"}" + "IDRIS2_SUPPORT_DIR=${libsupportLib}" + ] + ++ lib.optional stdenv.hostPlatform.isDarwin "OS="; + + # The name of the main executable of pkgs.chez is `scheme` + buildFlags = [ + "bootstrap" + "SCHEME=scheme" + "IDRIS2_LIBS=${libsupportLib}" + "IDRIS2_DATA=${libsupportShare}" + ]; + + doCheck = false; + checkTarget = "test"; + nativeCheckInputs = [ + gambit + nodejs + ]; + checkFlags = [ + "INTERACTIVE=" + "IDRIS2_DATA=${libsupportShare}" + "IDRIS2_LIBS=${libsupportLib}" + "TEST_IDRIS2_DATA=${libsupportShare}" + "TEST_IDRIS2_LIBS=${libsupportLib}" + "TEST_IDRIS2_SUPPORT_DIR=${libsupportLib}" + ]; + + postInstall = '' # Remove existing idris2 wrapper that sets incorrect LD_LIBRARY_PATH rm $out/bin/idris2 - # The only thing we need from idris2_app is the actual binary + + # The only thing we need from idris2_app is the actual binary, which is + # a Chez Scheme object. + # The extensions is .so on Darwin and Linux for some reason mv $out/bin/idris2_app/idris2.so $out/bin/idris2 - rm $out/bin/idris2_app/* - rmdir $out/bin/idris2_app - # idris2 needs to find scheme at runtime to compile - # idris2 installs packages with --install into the path given by - # IDRIS2_PREFIX. We set that to a default of ~/.idris2, to mirror the - # behaviour of the standard Makefile install. - # TODO: Make support libraries their own derivation such that - # overriding LD_LIBRARY_PATH is unnecessary - wrapProgram "$out/bin/idris2" \ - --set-default CHEZ "${platformChez}/bin/scheme" \ - --run 'export IDRIS2_PREFIX=''${IDRIS2_PREFIX-"$HOME/.idris2"}' \ - --suffix IDRIS2_LIBS ':' "$out/${name}/lib" \ - --suffix IDRIS2_DATA ':' "$out/${name}/support" \ - --suffix IDRIS2_PACKAGE_PATH ':' "${globalLibrariesPath}" \ - --suffix DYLD_LIBRARY_PATH ':' "$out/${name}/lib" \ - --suffix LD_LIBRARY_PATH ':' "$out/${name}/lib" + + rm -rf $out/bin/idris2_app '' + lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' installShellCompletion --cmd idris2 \ --bash <($out/bin/idris2 --bash-completion-script idris2) ''; - # Run package tests - passthru = { - inherit libidris2_support; - tests = callPackage ./tests.nix { - idris2 = finalAttrs.finalPackage; - idris2Packages = idris2Packages.override { idris2 = finalAttrs.finalPackage; }; - }; - }; + # Run package tests + passthru = { + inherit libidris2_support; + tests = { + wrapped = testers.testVersion { + package = finalAttrs.finalPackage.withPackages (p: [ p.idris2Api ]); + }; + } + // (callPackage ./tests.nix { + idris2 = finalAttrs.finalPackage; + idris2Packages = idris2Packages.override { idris2 = finalAttrs.finalPackage; }; + }); - meta = { - description = "Purely functional programming language with first class types"; - mainProgram = "idris2"; - homepage = "https://github.com/idris-lang/Idris2"; - changelog = "https://github.com/idris-lang/Idris2/releases/tag/v${finalAttrs.version}"; - license = lib.licenses.bsd3; - maintainers = with lib.maintainers; [ - fabianhjr - wchresta - mattpolzin - RossSmyth - ]; - platforms = lib.platforms.all; - }; -}) + chez = platformChez; + + withPackages = + f: + callPackage ./wrapped.nix { + idris2-unwrapped = finalAttrs.finalPackage; + extraPackages = f idris2Packages; + }; + }; + + meta = { + description = "Purely functional programming language with first class types"; + mainProgram = "idris2"; + homepage = "https://github.com/idris-lang/Idris2"; + changelog = "https://github.com/idris-lang/Idris2/releases/tag/v${finalAttrs.version}"; + license = lib.licenses.bsd3; + maintainers = with lib.maintainers; [ + fabianhjr + wchresta + mattpolzin + RossSmyth + ]; + platforms = lib.platforms.all; + }; + }); +in +unwrapped.withPackages (_: [ ]) diff --git a/pkgs/by-name/id/idris2/wrapped.nix b/pkgs/by-name/id/idris2/wrapped.nix new file mode 100644 index 000000000000..237f6761fc2a --- /dev/null +++ b/pkgs/by-name/id/idris2/wrapped.nix @@ -0,0 +1,48 @@ +{ + lib, + makeBinaryWrapper, + symlinkJoin, + idris2-unwrapped, + extraPackages ? [ ], +}: +let + supportLibrariesPath = lib.makeLibraryPath [ idris2-unwrapped.libidris2_support ]; + supportSharePath = lib.makeSearchPath "share" [ idris2-unwrapped.libidris2_support ]; +in +symlinkJoin { + inherit (idris2-unwrapped) version; + pname = "idris2-wrapped"; + + paths = [ idris2-unwrapped ] ++ extraPackages; + + nativeBuildInputs = [ makeBinaryWrapper ]; + + postBuild = '' + wrapProgram "$out/bin/idris2" \ + --set CHEZ "${lib.getExe idris2-unwrapped.chez}" \ + --suffix IDRIS2_LIBS ':' "${supportLibrariesPath}" \ + --suffix IDRIS2_DATA ':' "${supportSharePath}" \ + --suffix IDRIS2_PACKAGE_PATH ':' "$out/idris2-${idris2-unwrapped.version}" \ + --suffix LD_LIBRARY_PATH ':' "${supportLibrariesPath}" \ + --suffix DYLD_LIBRARY_PATH ':' "${supportLibrariesPath}" + ''; + + passthru = { + unwrapped = idris2-unwrapped; + src = idris2-unwrapped.src; + } + // idris2-unwrapped.passthru; + + meta = { + # Manually inherit so that pos works + inherit (idris2-unwrapped.meta) + description + mainProgram + homepage + changelog + license + maintainers + platforms + ; + }; +} From fa2c3ecdc4c962079236bf68563f61a1b389270d Mon Sep 17 00:00:00 2001 From: Ross Smyth <18294397+RossSmyth@users.noreply.github.com> Date: Sat, 20 Sep 2025 20:12:08 -0400 Subject: [PATCH 25/57] idris2: Make a compiler pkgset --- pkgs/by-name/id/idris2/libidris2_support.nix | 7 +- pkgs/by-name/id/idris2/package.nix | 169 +++--------------- pkgs/by-name/id/idris2/unwrapped.nix | 154 ++++++++++++++++ .../compilers/idris2/idris2-api.nix | 2 +- 4 files changed, 179 insertions(+), 153 deletions(-) create mode 100644 pkgs/by-name/id/idris2/unwrapped.nix diff --git a/pkgs/by-name/id/idris2/libidris2_support.nix b/pkgs/by-name/id/idris2/libidris2_support.nix index 81d6c10c9cd5..538da01e26d7 100644 --- a/pkgs/by-name/id/idris2/libidris2_support.nix +++ b/pkgs/by-name/id/idris2/libidris2_support.nix @@ -2,12 +2,13 @@ stdenv, lib, gmp, - src, - version, + idris2-src, + idris2-version, }: stdenv.mkDerivation (finalAttrs: { - inherit version src; pname = "libidris2_support"; + version = idris2-version; + src = idris2-src; strictDeps = true; buildInputs = [ gmp ]; diff --git a/pkgs/by-name/id/idris2/package.nix b/pkgs/by-name/id/idris2/package.nix index 3698414cb005..694160d9d5c1 100644 --- a/pkgs/by-name/id/idris2/package.nix +++ b/pkgs/by-name/id/idris2/package.nix @@ -1,156 +1,27 @@ { lib, - stdenv, + newScope, fetchFromGitHub, - chez, - chez-racket, - clang, - gmp, - installShellFiles, - gambit, - nodejs, - zsh, - callPackage, - idris2Packages, - testers, }: let - inherit (stdenv.hostPlatform) extensions; + idris2CompilerPackages = lib.makeScope newScope ( + self: + let + inherit (self) callPackage; + in + { + # Compiler version & repo + idris2-version = "0.7.0"; + idris2-src = fetchFromGitHub { + owner = "idris-lang"; + repo = "Idris2"; + rev = "v${self.idris2-version}"; + hash = "sha256-VwveX3fZfrxEsytpbOc5Tm6rySpLFhTt5132J6rmrmM="; + }; - version = "0.7.0"; - src = fetchFromGitHub { - owner = "idris-lang"; - repo = "Idris2"; - rev = "v${version}"; - hash = "sha256-VwveX3fZfrxEsytpbOc5Tm6rySpLFhTt5132J6rmrmM="; - }; - - # Runtime library - libidris2_support = callPackage ./libidris2_support.nix { inherit src version; }; - libsupportLib = lib.makeLibraryPath [ libidris2_support ]; - libsupportShare = lib.makeSearchPath "share" [ libidris2_support ]; - - platformChez = - if (stdenv.system == "x86_64-linux") || (lib.versionAtLeast chez.version "10.0.0") then - chez - else - chez-racket; - - unwrapped = stdenv.mkDerivation (finalAttrs: { - inherit version src; - pname = "idris2"; - - postPatch = '' - shopt -s globstar - - # Patch all occurences of the support lib with an absolute path so it - # works without wrapping. - substituteInPlace **/*.idr \ - --replace-quiet "libidris2_support" "${libidris2_support}/lib/libidris2_support${extensions.sharedLibrary}" - - substituteInPlace src/Compiler/RefC/CC.idr \ - --replace-fail "libidris2_support${extensions.sharedLibrary}.a" "libidris2_support.a" - - patchShebangs --build tests - ''; - - strictDeps = true; - nativeBuildInputs = [ - clang - platformChez - installShellFiles - ] - ++ lib.optionals stdenv.hostPlatform.isDarwin [ zsh ]; - buildInputs = [ - platformChez - gmp - libidris2_support - ]; - - enableParallelBuilding = true; - - makeFlags = [ - "PREFIX=${placeholder "out"}" - "IDRIS2_SUPPORT_DIR=${libsupportLib}" - ] - ++ lib.optional stdenv.hostPlatform.isDarwin "OS="; - - # The name of the main executable of pkgs.chez is `scheme` - buildFlags = [ - "bootstrap" - "SCHEME=scheme" - "IDRIS2_LIBS=${libsupportLib}" - "IDRIS2_DATA=${libsupportShare}" - ]; - - doCheck = false; - checkTarget = "test"; - nativeCheckInputs = [ - gambit - nodejs - ]; - checkFlags = [ - "INTERACTIVE=" - "IDRIS2_DATA=${libsupportShare}" - "IDRIS2_LIBS=${libsupportLib}" - "TEST_IDRIS2_DATA=${libsupportShare}" - "TEST_IDRIS2_LIBS=${libsupportLib}" - "TEST_IDRIS2_SUPPORT_DIR=${libsupportLib}" - ]; - - postInstall = '' - # Remove existing idris2 wrapper that sets incorrect LD_LIBRARY_PATH - rm $out/bin/idris2 - - # The only thing we need from idris2_app is the actual binary, which is - # a Chez Scheme object. - # The extensions is .so on Darwin and Linux for some reason - mv $out/bin/idris2_app/idris2.so $out/bin/idris2 - - rm -rf $out/bin/idris2_app - '' - + lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' - installShellCompletion --cmd idris2 \ - --bash <($out/bin/idris2 --bash-completion-script idris2) - ''; - - # Run package tests - passthru = { - inherit libidris2_support; - tests = { - wrapped = testers.testVersion { - package = finalAttrs.finalPackage.withPackages (p: [ p.idris2Api ]); - }; - } - // (callPackage ./tests.nix { - idris2 = finalAttrs.finalPackage; - idris2Packages = idris2Packages.override { idris2 = finalAttrs.finalPackage; }; - }); - - chez = platformChez; - - withPackages = - f: - callPackage ./wrapped.nix { - idris2-unwrapped = finalAttrs.finalPackage; - extraPackages = f idris2Packages; - }; - }; - - meta = { - description = "Purely functional programming language with first class types"; - mainProgram = "idris2"; - homepage = "https://github.com/idris-lang/Idris2"; - changelog = "https://github.com/idris-lang/Idris2/releases/tag/v${finalAttrs.version}"; - license = lib.licenses.bsd3; - maintainers = with lib.maintainers; [ - fabianhjr - wchresta - mattpolzin - RossSmyth - ]; - platforms = lib.platforms.all; - }; - }); + libidris2_support = callPackage ./libidris2_support.nix { }; + idris2-unwrapped = callPackage ./unwrapped.nix { }; + } + ); in -unwrapped.withPackages (_: [ ]) +idris2CompilerPackages.idris2-unwrapped.withPackages (_: [ ]) diff --git a/pkgs/by-name/id/idris2/unwrapped.nix b/pkgs/by-name/id/idris2/unwrapped.nix new file mode 100644 index 000000000000..42ac86fb5def --- /dev/null +++ b/pkgs/by-name/id/idris2/unwrapped.nix @@ -0,0 +1,154 @@ +{ + lib, + stdenv, + chez, + chez-racket, + clang, + gmp, + installShellFiles, + gambit, + nodejs, + zsh, + callPackage, + idris2Packages, + testers, + libidris2_support, + idris2-version, + idris2-src, +}: +let + inherit (stdenv.hostPlatform) extensions; + + # Runtime library + libsupportLib = lib.makeLibraryPath [ libidris2_support ]; + libsupportShare = lib.makeSearchPath "share" [ libidris2_support ]; + + platformChez = + if (stdenv.system == "x86_64-linux") || (lib.versionAtLeast chez.version "10.0.0") then + chez + else + chez-racket; +in +stdenv.mkDerivation (finalAttrs: { + pname = "idris2"; + version = idris2-version; + src = idris2-src; + + postPatch = '' + shopt -s globstar + + # Patch all occurences of the support lib with an absolute path so it + # works without wrapping. + substituteInPlace **/*.idr \ + --replace-quiet "libidris2_support" "${libidris2_support}/lib/libidris2_support${extensions.sharedLibrary}" + + # The remove changes libidris2_support.a to /nix/store/..../libidris2_support.so.a + # Fix that up so the reference-counted C backend works + substituteInPlace src/Compiler/RefC/CC.idr \ + --replace-fail "libidris2_support${extensions.sharedLibrary}.a" "libidris2_support.a" + + substituteInPlace bootstrap-stage2.sh \ + --replace-fail "MAKE all" "MAKE idris2-exec" + + patchShebangs --build tests + ''; + + strictDeps = true; + nativeBuildInputs = [ + clang + platformChez + installShellFiles + ] + ++ lib.optionals stdenv.hostPlatform.isDarwin [ zsh ]; + buildInputs = [ + platformChez + gmp + libidris2_support + ]; + + enableParallelBuilding = true; + + makeFlags = [ + "PREFIX=${placeholder "out"}" + "IDRIS2_SUPPORT_DIR=${libsupportLib}" + ] + ++ lib.optional stdenv.hostPlatform.isDarwin "OS="; + + # The name of the main executable of pkgs.chez is `scheme` + buildFlags = [ + "bootstrap" + "SCHEME=scheme" + "IDRIS2_LIBS=${libsupportLib}" + "IDRIS2_DATA=${libsupportShare}" + ]; + + doCheck = false; + checkTarget = "test"; + nativeCheckInputs = [ + gambit + nodejs + ]; + checkFlags = [ + "INTERACTIVE=" + "IDRIS2_DATA=${libsupportShare}" + "IDRIS2_LIBS=${libsupportLib}" + "TEST_IDRIS2_DATA=${libsupportShare}" + "TEST_IDRIS2_LIBS=${libsupportLib}" + "TEST_IDRIS2_SUPPORT_DIR=${libsupportLib}" + ]; + + installTargets = "install-idris2"; + + postInstall = '' + # Remove existing idris2 wrapper that sets incorrect LD_LIBRARY_PATH + rm $out/bin/idris2 + + # The only thing we need from idris2_app is the actual binary, which is a Chez + # scheme object and for some reason *.so on darwin too + mv $out/bin/idris2_app/idris2.so $out/bin/idris2 + + rm -rf $out/bin/idris2_app + '' + + lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' + installShellCompletion --cmd idris2 \ + --bash <($out/bin/idris2 --bash-completion-script idris2) + ''; + + # Run package tests + passthru = { + inherit libidris2_support; + tests = { + wrapped = testers.testVersion { + package = finalAttrs.finalPackage.withPackages (p: [ p.idris2Api ]); + }; + } + // (callPackage ./tests.nix { + idris2 = finalAttrs.finalPackage; + idris2Packages = idris2Packages.override { idris2 = finalAttrs.finalPackage; }; + }); + + chez = platformChez; + + withPackages = + f: + callPackage ./wrapped.nix { + idris2-unwrapped = finalAttrs.finalPackage; + extraPackages = f idris2Packages; + }; + }; + + meta = { + description = "Purely functional programming language with first class types"; + mainProgram = "idris2"; + homepage = "https://github.com/idris-lang/Idris2"; + changelog = "https://github.com/idris-lang/Idris2/releases/tag/v${finalAttrs.version}"; + license = lib.licenses.bsd3; + maintainers = with lib.maintainers; [ + fabianhjr + wchresta + mattpolzin + RossSmyth + ]; + platforms = lib.platforms.all; + }; +}) diff --git a/pkgs/development/compilers/idris2/idris2-api.nix b/pkgs/development/compilers/idris2/idris2-api.nix index bd408a64dee1..49f24e927176 100644 --- a/pkgs/development/compilers/idris2/idris2-api.nix +++ b/pkgs/development/compilers/idris2/idris2-api.nix @@ -2,7 +2,7 @@ let inherit (idris2Packages) idris2 buildIdris; apiPkg = buildIdris { - inherit (idris2) src version; + inherit (idris2.unwrapped) src version; ipkgName = "idris2api"; idrisLibraries = [ ]; preBuild = '' From 622489c23a691e1bc2f23736af1a97b1007d4e70 Mon Sep 17 00:00:00 2001 From: Ross Smyth <18294397+RossSmyth@users.noreply.github.com> Date: Fri, 17 Oct 2025 16:35:07 -0400 Subject: [PATCH 26/57] idris2: Make prelude library build helper --- pkgs/by-name/id/idris2/mkPrelude.nix | 39 ++++++++++++++++++++++++++++ pkgs/by-name/id/idris2/package.nix | 2 ++ 2 files changed, 41 insertions(+) create mode 100644 pkgs/by-name/id/idris2/mkPrelude.nix diff --git a/pkgs/by-name/id/idris2/mkPrelude.nix b/pkgs/by-name/id/idris2/mkPrelude.nix new file mode 100644 index 000000000000..90659c8c4fe6 --- /dev/null +++ b/pkgs/by-name/id/idris2/mkPrelude.nix @@ -0,0 +1,39 @@ +{ + lib, + stdenvNoCC, + idris2-src, + idris2-version, + idris2-unwrapped, +}: +lib.extendMkDerivation { + constructDrv = stdenvNoCC.mkDerivation; + + excludeDrvArgNames = [ + "dependencies" + ]; + + extendDrvArgs = + finalAttrs: + { + name, + dependencies ? [ ], + }: + { + pname = name; + version = idris2-version; + src = idris2-src; + strictDeps = true; + + makeFlags = "IDRIS2=${lib.getExe idris2-unwrapped}"; + + enableParallelBuilding = true; + preBuild = '' + cd libs/${name} + ''; + + env = { + IDRIS2_PREFIX = placeholder "out"; + IDRIS2_PACKAGE_PATH = lib.makeSearchPath "idris2-${idris2-version}" dependencies; + }; + }; +} diff --git a/pkgs/by-name/id/idris2/package.nix b/pkgs/by-name/id/idris2/package.nix index 694160d9d5c1..77adf53b0c34 100644 --- a/pkgs/by-name/id/idris2/package.nix +++ b/pkgs/by-name/id/idris2/package.nix @@ -18,6 +18,8 @@ let rev = "v${self.idris2-version}"; hash = "sha256-VwveX3fZfrxEsytpbOc5Tm6rySpLFhTt5132J6rmrmM="; }; + # Prelude libraries + mkPrelude = callPackage ./mkPrelude.nix { }; # Build helper libidris2_support = callPackage ./libidris2_support.nix { }; idris2-unwrapped = callPackage ./unwrapped.nix { }; From 429035971208da8e9bd04234312e1aa087694833 Mon Sep 17 00:00:00 2001 From: Ross Smyth <18294397+RossSmyth@users.noreply.github.com> Date: Fri, 17 Oct 2025 16:10:08 -0400 Subject: [PATCH 27/57] idris2: Put prelude in seperate derivation --- pkgs/by-name/id/idris2/base.nix | 5 +++++ pkgs/by-name/id/idris2/contrib.nix | 12 ++++++++++ pkgs/by-name/id/idris2/linear.nix | 12 ++++++++++ pkgs/by-name/id/idris2/network.nix | 14 ++++++++++++ pkgs/by-name/id/idris2/package.nix | 6 +++++ pkgs/by-name/id/idris2/prelude.nix | 6 +++++ pkgs/by-name/id/idris2/test.nix | 14 ++++++++++++ pkgs/by-name/id/idris2/unwrapped.nix | 19 +++++++++++++++- pkgs/by-name/id/idris2/wrapped.nix | 22 +++++++++++++++++-- .../compilers/idris2/build-idris.nix | 4 ++-- .../compilers/idris2/idris2-lsp.nix | 17 +++++++------- 11 files changed, 118 insertions(+), 13 deletions(-) create mode 100644 pkgs/by-name/id/idris2/base.nix create mode 100644 pkgs/by-name/id/idris2/contrib.nix create mode 100644 pkgs/by-name/id/idris2/linear.nix create mode 100644 pkgs/by-name/id/idris2/network.nix create mode 100644 pkgs/by-name/id/idris2/prelude.nix create mode 100644 pkgs/by-name/id/idris2/test.nix diff --git a/pkgs/by-name/id/idris2/base.nix b/pkgs/by-name/id/idris2/base.nix new file mode 100644 index 000000000000..2d0b1aa5ebe9 --- /dev/null +++ b/pkgs/by-name/id/idris2/base.nix @@ -0,0 +1,5 @@ +{ mkPrelude, prelude }: +mkPrelude { + name = "base"; + dependencies = [ prelude ]; +} diff --git a/pkgs/by-name/id/idris2/contrib.nix b/pkgs/by-name/id/idris2/contrib.nix new file mode 100644 index 000000000000..4d15fe54961e --- /dev/null +++ b/pkgs/by-name/id/idris2/contrib.nix @@ -0,0 +1,12 @@ +{ + mkPrelude, + prelude, + base, +}: +mkPrelude { + name = "contrib"; + dependencies = [ + prelude + base + ]; +} diff --git a/pkgs/by-name/id/idris2/linear.nix b/pkgs/by-name/id/idris2/linear.nix new file mode 100644 index 000000000000..162618d272ac --- /dev/null +++ b/pkgs/by-name/id/idris2/linear.nix @@ -0,0 +1,12 @@ +{ + mkPrelude, + prelude, + base, +}: +mkPrelude { + name = "linear"; + dependencies = [ + prelude + base + ]; +} diff --git a/pkgs/by-name/id/idris2/network.nix b/pkgs/by-name/id/idris2/network.nix new file mode 100644 index 000000000000..c5c6deee1813 --- /dev/null +++ b/pkgs/by-name/id/idris2/network.nix @@ -0,0 +1,14 @@ +{ + mkPrelude, + prelude, + base, + linear, +}: +mkPrelude { + name = "network"; + dependencies = [ + prelude + base + linear + ]; +} diff --git a/pkgs/by-name/id/idris2/package.nix b/pkgs/by-name/id/idris2/package.nix index 77adf53b0c34..1b296d002c1f 100644 --- a/pkgs/by-name/id/idris2/package.nix +++ b/pkgs/by-name/id/idris2/package.nix @@ -20,6 +20,12 @@ let }; # Prelude libraries mkPrelude = callPackage ./mkPrelude.nix { }; # Build helper + prelude = callPackage ./prelude.nix { }; + base = callPackage ./base.nix { }; + linear = callPackage ./linear.nix { }; + network = callPackage ./network.nix { }; + contrib = callPackage ./contrib.nix { }; + test = callPackage ./test.nix { }; libidris2_support = callPackage ./libidris2_support.nix { }; idris2-unwrapped = callPackage ./unwrapped.nix { }; diff --git a/pkgs/by-name/id/idris2/prelude.nix b/pkgs/by-name/id/idris2/prelude.nix new file mode 100644 index 000000000000..7dd74db76f0d --- /dev/null +++ b/pkgs/by-name/id/idris2/prelude.nix @@ -0,0 +1,6 @@ +{ + mkPrelude, +}: +mkPrelude { + name = "prelude"; +} diff --git a/pkgs/by-name/id/idris2/test.nix b/pkgs/by-name/id/idris2/test.nix new file mode 100644 index 000000000000..6cbe06e0e487 --- /dev/null +++ b/pkgs/by-name/id/idris2/test.nix @@ -0,0 +1,14 @@ +{ + mkPrelude, + prelude, + base, + contrib, +}: +mkPrelude { + name = "test"; + dependencies = [ + prelude + base + contrib + ]; +} diff --git a/pkgs/by-name/id/idris2/unwrapped.nix b/pkgs/by-name/id/idris2/unwrapped.nix index 42ac86fb5def..1aa7c86e9077 100644 --- a/pkgs/by-name/id/idris2/unwrapped.nix +++ b/pkgs/by-name/id/idris2/unwrapped.nix @@ -121,9 +121,26 @@ stdenv.mkDerivation (finalAttrs: { wrapped = testers.testVersion { package = finalAttrs.finalPackage.withPackages (p: [ p.idris2Api ]); }; + + prelude = testers.runCommand { + name = "idris2-prelude-wrapped"; + script = '' + local packages=$(idris2 --list-packages) + + if ! [[ $packages =~ "contrib" ]]; then + exit 1 + fi + + touch "$out" + ''; + + nativeBuildInputs = [ + (finalAttrs.finalPackage.withPackages (_: [ ])) + ]; + }; } // (callPackage ./tests.nix { - idris2 = finalAttrs.finalPackage; + idris2 = finalAttrs.finalPackage.withPackages (_: [ ]); idris2Packages = idris2Packages.override { idris2 = finalAttrs.finalPackage; }; }); diff --git a/pkgs/by-name/id/idris2/wrapped.nix b/pkgs/by-name/id/idris2/wrapped.nix index 237f6761fc2a..c1170dc2d854 100644 --- a/pkgs/by-name/id/idris2/wrapped.nix +++ b/pkgs/by-name/id/idris2/wrapped.nix @@ -3,17 +3,34 @@ makeBinaryWrapper, symlinkJoin, idris2-unwrapped, + prelude, + linear, + base, + network, + contrib, + test, extraPackages ? [ ], }: let + preludeLibs = [ + prelude + linear + base + network + contrib + test + ]; supportLibrariesPath = lib.makeLibraryPath [ idris2-unwrapped.libidris2_support ]; supportSharePath = lib.makeSearchPath "share" [ idris2-unwrapped.libidris2_support ]; + packagePath = lib.makeSearchPath "idris2-${idris2-unwrapped.version}" ( + preludeLibs ++ extraPackages + ); in symlinkJoin { inherit (idris2-unwrapped) version; pname = "idris2-wrapped"; - paths = [ idris2-unwrapped ] ++ extraPackages; + paths = [ idris2-unwrapped ]; nativeBuildInputs = [ makeBinaryWrapper ]; @@ -22,12 +39,13 @@ symlinkJoin { --set CHEZ "${lib.getExe idris2-unwrapped.chez}" \ --suffix IDRIS2_LIBS ':' "${supportLibrariesPath}" \ --suffix IDRIS2_DATA ':' "${supportSharePath}" \ - --suffix IDRIS2_PACKAGE_PATH ':' "$out/idris2-${idris2-unwrapped.version}" \ + --suffix IDRIS2_PACKAGE_PATH ':' ${packagePath} \ --suffix LD_LIBRARY_PATH ':' "${supportLibrariesPath}" \ --suffix DYLD_LIBRARY_PATH ':' "${supportLibrariesPath}" ''; passthru = { + prelude = preludeLibs; unwrapped = idris2-unwrapped; src = idris2-unwrapped.src; } diff --git a/pkgs/development/compilers/idris2/build-idris.nix b/pkgs/development/compilers/idris2/build-idris.nix index 9a5a1f2818d7..93fb40f2af86 100644 --- a/pkgs/development/compilers/idris2/build-idris.nix +++ b/pkgs/development/compilers/idris2/build-idris.nix @@ -49,8 +49,8 @@ let idrName = "idris2-${idris2.version}"; libSuffix = "lib/${idrName}"; libDirs = libs: (lib.makeSearchPath libSuffix libs) + ":${idris2}/${idrName}"; - supportDir = "${idris2}/${idrName}/lib"; - drvAttrs = removeAttrs attrs [ + supportDir = "${idris2.libidris2_support}/lib"; + drvAttrs = builtins.removeAttrs attrs [ "ipkgName" "idrisLibraries" ]; diff --git a/pkgs/development/compilers/idris2/idris2-lsp.nix b/pkgs/development/compilers/idris2/idris2-lsp.nix index f5a3d93eab4a..68f7084df45e 100644 --- a/pkgs/development/compilers/idris2/idris2-lsp.nix +++ b/pkgs/development/compilers/idris2/idris2-lsp.nix @@ -6,17 +6,18 @@ }: let - globalLibraries = + globalLibrariesPath = let idrName = "idris2-${idris2Packages.idris2.version}"; - libSuffix = "lib/${idrName}"; in - [ - "\\$HOME/.nix-profile/lib/${idrName}" - "/run/current-system/sw/lib/${idrName}" - "${idris2Packages.idris2}/${idrName}" - ]; - globalLibrariesPath = builtins.concatStringsSep ":" globalLibraries; + lib.makeSearchPath idrName ( + [ + "\\$HOME/.nix-profile/lib/" + "/run/current-system/sw/lib/" + "${idris2Packages.idris2}" + ] + ++ idris2Packages.idris2.prelude + ); inherit (idris2Packages) idris2Api; lspLib = idris2Packages.buildIdris { From efa5600771ecb2198c862af60835b4a9ab3e5f8b Mon Sep 17 00:00:00 2001 From: Ross Smyth <18294397+RossSmyth@users.noreply.github.com> Date: Sun, 21 Sep 2025 21:52:11 -0400 Subject: [PATCH 28/57] docs: Add to docs and release notes --- doc/languages-frameworks/idris2.section.md | 69 ++++++++++++++++++++++ doc/release-notes/rl-2511.section.md | 2 + 2 files changed, 71 insertions(+) diff --git a/doc/languages-frameworks/idris2.section.md b/doc/languages-frameworks/idris2.section.md index 953222b9b315..a9b524250a37 100644 --- a/doc/languages-frameworks/idris2.section.md +++ b/doc/languages-frameworks/idris2.section.md @@ -1,5 +1,57 @@ # Idris2 {#sec-idris2} +When developing using Idris2, by default the Idris compiler only has the minimal support libraries in its environment. This means that it will not attempt to read any libraries installed +globally, for example in the `$HOME` directory. The recommended way to use Idris2 is to wrap the compiler in an environment that provides these packages per-project, for example in a +devShell. + +```nix +{ + pkgs ? import { }, +}: +pkgs.mkShell { + packages = [ (idris2.withPackages (p: [ p.idris2Api ])) ]; +} +``` +or, alternatively if Nix is used to build the Idris2 project: + +```nix +{ + pkgs ? import { }, +}: +pkgs.mkShell { + inputsFrom = [ (pkgs.callPackage ./package.nix { }) ]; +} +``` + +By default, the Idris2 compiler provided by Nixpkgs does not read globally installed packages, nor can install them. Running `idris2 --install` will fail because the Nix store is +a read-only file-system. If globally-installed packages are desired rather than the above strategy, one can set `IDRIS2_PREFIX`, or additional `IDRIS2_PACKAGE_PATH` entries +for the compiler to read from. The following snippet will append `$HOME/.idris2` to `$IDRIS2_PACKAGE_PATH`, and if such a variable does not exist, create it. The Nixpkg's Idris2 +compiler append a few required libraries to this path variable, but any paths in the user's environment will be prefixed to those libraries. + +```nix +{ + pkgs ? import { }, +}: +pkgs.mkShell { + packages = [ (idris2.withPackages (p: [ p.idris2Api ])) ]; + shellHook = '' + IDRIS2_PACKAGE_PATH="''${IDRIS2_PACKAGE_PATH:+$IDRIS2_PACKAGE_PATH}$HOME/.idris2" + ''; +} +``` +The following snippet will allow the Idris2 to run `idris2 --install` successfully: +```nix +{ + pkgs ? import { }, +}: +pkgs.mkShell { + packages = [ (idris2.withPackages (p: [ p.idris2Api ])) ]; + shellHook = '' + IDRIS2_PREFIX="$HOME/.idris2" + ''; +} +``` + In addition to exposing the Idris2 compiler itself, Nixpkgs exposes an `idris2Packages.buildIdris` helper to make it a bit more ergonomic to build Idris2 executables or libraries. The `buildIdris` function takes an attribute set that defines at a minimum the `src` and `ipkgName` of the package to be built and any `idrisLibraries` required to build it. The `src` is the same source you're familiar with and the `ipkgName` must be the name of the `ipkg` file for the project (omitting the `.ipkg` extension). The `idrisLibraries` is a list of other library derivations created with `buildIdris`. You can optionally specify other derivation properties as needed but sensible defaults for `configurePhase`, `buildPhase`, and `installPhase` are provided. @@ -56,3 +108,20 @@ lspPkg.executable ``` The above uses the default value of `withSource = false` for the `idris2Api` but could be modified to include that library's source by passing `(idris2Api { withSource = true; })` to `idrisLibraries` instead. `idris2Api` in the above derivation comes built in with `idris2Packages`. This library exposes many of the otherwise internal APIs of the Idris2 compiler. + +The compiler package can be instantiated with packages on its `IDRIS2_PACKAGES` path from the `idris2Packages` set. + +```nix +{ + idris2, + devShell, +}: +let + myIdris = idris2.withPackages (p: [ p.idris2Api ]); +in +devShell { + packages = [ myIdris ]; +} +``` + +This search path is extended from the path already in the user's environment. diff --git a/doc/release-notes/rl-2511.section.md b/doc/release-notes/rl-2511.section.md index 81389bf97a8b..4e42fcca7ec7 100644 --- a/doc/release-notes/rl-2511.section.md +++ b/doc/release-notes/rl-2511.section.md @@ -267,6 +267,8 @@ - `installShellCompletion`: now supports Nushell completion files +- `idris2` supports being instantiated with a package environment with `idris.withPackages (p: [ ])` + - New hardening flags, `strictflexarrays1` and `strictflexarrays3` were made available, corresponding to the gcc/clang options `-fstrict-flex-arrays=1` and `-fstrict-flex-arrays=3` respectively. - `gramps` has been updated to 6.0.0 From 159c2cb8941ff709a9a674f4fb321f3d16426c81 Mon Sep 17 00:00:00 2001 From: Ross Smyth <18294397+RossSmyth@users.noreply.github.com> Date: Sun, 21 Sep 2025 22:52:57 -0400 Subject: [PATCH 29/57] idris2: Add updateScript --- pkgs/by-name/id/idris2/unwrapped.nix | 2 ++ pkgs/by-name/id/idris2/update.nu | 28 ++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100755 pkgs/by-name/id/idris2/update.nu diff --git a/pkgs/by-name/id/idris2/unwrapped.nix b/pkgs/by-name/id/idris2/unwrapped.nix index 1aa7c86e9077..d932f720ba31 100644 --- a/pkgs/by-name/id/idris2/unwrapped.nix +++ b/pkgs/by-name/id/idris2/unwrapped.nix @@ -152,6 +152,8 @@ stdenv.mkDerivation (finalAttrs: { idris2-unwrapped = finalAttrs.finalPackage; extraPackages = f idris2Packages; }; + + updateScript = ./update.nu; }; meta = { diff --git a/pkgs/by-name/id/idris2/update.nu b/pkgs/by-name/id/idris2/update.nu new file mode 100755 index 000000000000..c687b4646d6e --- /dev/null +++ b/pkgs/by-name/id/idris2/update.nu @@ -0,0 +1,28 @@ +#!/usr/bin/env nix-shell +#! nix-shell -I ./. +#! nix-shell -i nu +#! nix-shell -p nushell nix + +const PACKAGE = './pkgs/by-name/id/idris2/package.nix' + +def main [] { + let tag = http get "https://api.github.com/repos/idris-lang/Idris2/releases" + | sort-by -r created_at + | first + | get tag_name + + print $"Newest version: ($tag)" + + let hash = run-external "nix" "flake" "prefetch" "--json" $"github:idris-lang/Idris2/($tag)" + | from json + | get hash + + let current_hash = nix eval -f ./. idris2.unwrapped.src.outputHash --json | from json + let current_version = nix eval -f ./. idris2.version --json | from json + + $PACKAGE + | open + | str replace $current_version ($tag | str trim -c 'v') + | str replace $current_hash $hash + | save -f $PACKAGE +} From 1d527df27ba3d6937f1843e014d2d4b8f08fe62a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Tue, 21 Oct 2025 18:46:35 +0200 Subject: [PATCH 30/57] python3Packages.rdflib: skip a test broken by python3: 3.13.7 -> 3.13.8 --- pkgs/development/python-modules/rdflib/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/python-modules/rdflib/default.nix b/pkgs/development/python-modules/rdflib/default.nix index 2aecf3ac308d..2b3b1caa6737 100644 --- a/pkgs/development/python-modules/rdflib/default.nix +++ b/pkgs/development/python-modules/rdflib/default.nix @@ -66,6 +66,8 @@ buildPythonPackage rec { # requires network access "rdflib/__init__.py::rdflib" "test/jsonld/test_onedotone.py::test_suite" + # https://github.com/RDFLib/rdflib/issues/3274 + "test/test_sparql/test_translate_algebra.py::test_roundtrip" ]; disabledTests = [ From 263ec6ca014b22b197337b0192e13827df5f5c83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Tue, 21 Oct 2025 18:44:39 +0200 Subject: [PATCH 31/57] python3Packages.rdflib: 7.1.4 -> 7.2.1 https://github.com/RDFLib/rdflib/releases/tag/7.2.1 --- pkgs/development/python-modules/rdflib/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/rdflib/default.nix b/pkgs/development/python-modules/rdflib/default.nix index 2b3b1caa6737..07c57be63ef0 100644 --- a/pkgs/development/python-modules/rdflib/default.nix +++ b/pkgs/development/python-modules/rdflib/default.nix @@ -27,7 +27,7 @@ buildPythonPackage rec { pname = "rdflib"; - version = "7.1.4"; + version = "7.2.1"; pyproject = true; disabled = pythonOlder "3.8"; @@ -36,7 +36,7 @@ buildPythonPackage rec { owner = "RDFLib"; repo = "rdflib"; tag = version; - hash = "sha256-u9hdwxAJIuTQ3zKstbwn88u1opzWXc8otJKbtIl4Li4="; + hash = "sha256-FisMiBTiL6emJS0d7UmlwGUzayA+CME5GGWgw/owfhc="; }; build-system = [ poetry-core ]; From b37a09681db5369500fafd593414cd68063b80fb Mon Sep 17 00:00:00 2001 From: Marcin Serwin Date: Tue, 21 Oct 2025 20:18:54 +0200 Subject: [PATCH 32/57] libreoffice: skip broken aarch64-linux test Signed-off-by: Marcin Serwin --- .../office/libreoffice/skip-broken-tests-still.patch | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/applications/office/libreoffice/skip-broken-tests-still.patch b/pkgs/applications/office/libreoffice/skip-broken-tests-still.patch index 13606bac50fc..1fa0009d97c2 100644 --- a/pkgs/applications/office/libreoffice/skip-broken-tests-still.patch +++ b/pkgs/applications/office/libreoffice/skip-broken-tests-still.patch @@ -176,6 +176,16 @@ createSwDoc("tdf166152.fodt"); auto* pWrtShell = getSwDocShell()->GetWrtShell(); +--- a/unoxml/qa/unit/rdftest.cxx ++++ b/unoxml/qa/unit/rdftest.cxx +@@ -962,6 +962,7 @@ CPPUNIT_TEST_FIXTURE(RDFStreamTest, testTdf123293) + + CPPUNIT_TEST_FIXTURE(RDFStreamTest, testDocumentMetadataAccess) + { ++ return; // fails on aarch64 + loadFromURL(u"private:factory/swriter"_ustr); + + uno::Reference xDocumentMetadataAccess(mxComponent, --- a/vcl/qa/cppunit/pdfexport/pdfexport2.cxx +++ b/vcl/qa/cppunit/pdfexport/pdfexport2.cxx @@ -6077,6 +6077,7 @@ CPPUNIT_TEST_FIXTURE(PdfExportTest2, testTdf162750SmallCapsLigature) From 742ae8a26dd762ab8ad583e2848dce6fb7764a73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Silva?= Date: Tue, 21 Oct 2025 19:28:06 +0100 Subject: [PATCH 33/57] lsp-plugins: use php84 --- pkgs/by-name/ls/lsp-plugins/package.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/by-name/ls/lsp-plugins/package.nix b/pkgs/by-name/ls/lsp-plugins/package.nix index e3ef3b6d7fed..1874f7502232 100644 --- a/pkgs/by-name/ls/lsp-plugins/package.nix +++ b/pkgs/by-name/ls/lsp-plugins/package.nix @@ -11,12 +11,12 @@ libXrandr, libsndfile, lv2, - php82, + php84, pkg-config, }: let - php = php82; + php = php84; in stdenv.mkDerivation (finalAttrs: { From 8703905b226eedc7d5c8bb360cd4e24283b5ea8f Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 21 Oct 2025 19:33:56 +0000 Subject: [PATCH 34/57] google-chrome: 141.0.7390.107 -> 141.0.7390.122 --- pkgs/by-name/go/google-chrome/package.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/by-name/go/google-chrome/package.nix b/pkgs/by-name/go/google-chrome/package.nix index fbf2b103a7ec..e9d941a6a651 100644 --- a/pkgs/by-name/go/google-chrome/package.nix +++ b/pkgs/by-name/go/google-chrome/package.nix @@ -170,11 +170,11 @@ let linux = stdenvNoCC.mkDerivation (finalAttrs: { inherit pname meta passthru; - version = "141.0.7390.107"; + version = "141.0.7390.122"; src = fetchurl { url = "https://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_${finalAttrs.version}-1_amd64.deb"; - hash = "sha256-dNc4pUaqghgMxibOpHn3p2H/85ByqpPDRYpUWXX7ZzU="; + hash = "sha256-svzUxJiw5ldHwl413QV+9Egixes8D7tEmqFU+k94mlA="; }; # With strictDeps on, some shebangs were not being patched correctly @@ -272,11 +272,11 @@ let darwin = stdenvNoCC.mkDerivation (finalAttrs: { inherit pname meta passthru; - version = "141.0.7390.108"; + version = "141.0.7390.123"; src = fetchurl { - url = "http://dl.google.com/release2/chrome/mevrk534jr6le7rbu7gatnuxym_141.0.7390.108/GoogleChrome-141.0.7390.108.dmg"; - hash = "sha256-gMWPUPyHV0HvNkMuk10Kii7IrNMaA0etTPhcddDSDGE="; + url = "http://dl.google.com/release2/chrome/adavkzngpjaayzmntr45fwn25nyq_141.0.7390.123/GoogleChrome-141.0.7390.123.dmg"; + hash = "sha256-06sXHnSG2x8+OSbgXcPsErgdmjypIlbylrb61Du6j7U="; }; dontPatch = true; From 1ac12f97c150ee59a5734f06e9fffe7ec3325792 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Tue, 21 Oct 2025 12:55:00 -0700 Subject: [PATCH 35/57] python3Packages.elevenlabs: 2.18.0 -> 2.20.0 Diff: https://github.com/elevenlabs/elevenlabs-python/compare/v2.18.0...v2.20.0 Changelog: https://github.com/elevenlabs/elevenlabs-python/releases/tag/v2.20.0 --- pkgs/development/python-modules/elevenlabs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/elevenlabs/default.nix b/pkgs/development/python-modules/elevenlabs/default.nix index affab66c0803..9c4ef79a85dd 100644 --- a/pkgs/development/python-modules/elevenlabs/default.nix +++ b/pkgs/development/python-modules/elevenlabs/default.nix @@ -13,7 +13,7 @@ }: let - version = "2.18.0"; + version = "2.20.0"; tag = "v${version}"; in buildPythonPackage { @@ -25,7 +25,7 @@ buildPythonPackage { owner = "elevenlabs"; repo = "elevenlabs-python"; inherit tag; - hash = "sha256-FSUKKYG9cMuh4AcU6nYBtzjt+znfel3SHLRDDWPNCv8="; + hash = "sha256-oxhXvPUOplftB3b7oXmfLSRdPVVjzuOeVPp19OEHVCk="; }; build-system = [ poetry-core ]; From c63a1d81f5f4ca6f1736b4e3d52dee3f57208777 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 21 Oct 2025 20:07:49 +0000 Subject: [PATCH 36/57] sydbox: 3.40.1 -> 3.41.0 --- pkgs/by-name/sy/sydbox/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/sy/sydbox/package.nix b/pkgs/by-name/sy/sydbox/package.nix index 146a41c816a1..d848b16bb536 100644 --- a/pkgs/by-name/sy/sydbox/package.nix +++ b/pkgs/by-name/sy/sydbox/package.nix @@ -12,7 +12,7 @@ rustPlatform.buildRustPackage (finalAttrs: { pname = "sydbox"; - version = "3.40.1"; + version = "3.41.0"; outputs = [ "out" @@ -24,10 +24,10 @@ rustPlatform.buildRustPackage (finalAttrs: { owner = "Sydbox"; repo = "sydbox"; tag = "v${finalAttrs.version}"; - hash = "sha256-hO17Rm4gOSCVlmVZTZdJ2qh9pzdrl8Ay9uU6w7V4RPo="; + hash = "sha256-Qb7BYBMHKb+hCLNADOgBL8r/YeTiw9Rmy0pTV/jk93o="; }; - cargoHash = "sha256-y6FvIH3+daDsYP18BpsoYKsshvpVcSU7s/tjPdnudtY="; + cargoHash = "sha256-dx/AP5CiKz6asfYPEmjo+7ZELMyyxaEHZ5virL68IB4="; nativeBuildInputs = [ mandoc From 1a10671ace748b594b9415c0db2ab5a13d1f28ab Mon Sep 17 00:00:00 2001 From: emilylange Date: Tue, 21 Oct 2025 22:12:06 +0200 Subject: [PATCH 37/57] chromium,chromedriver: 141.0.7390.107 -> 141.0.7390.122 https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_21.html This update includes 1 security fix. CVEs: CVE-2025-12036 --- .../networking/browsers/chromium/info.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/info.json b/pkgs/applications/networking/browsers/chromium/info.json index 058ff8f0bff8..60470a5e6638 100644 --- a/pkgs/applications/networking/browsers/chromium/info.json +++ b/pkgs/applications/networking/browsers/chromium/info.json @@ -1,10 +1,10 @@ { "chromium": { - "version": "141.0.7390.107", + "version": "141.0.7390.122", "chromedriver": { - "version": "141.0.7390.108", - "hash_darwin": "sha256-TvfBtM4vEYmBiUiZmdALHouufc95l9lcptGUafhT/a4=", - "hash_darwin_aarch64": "sha256-xe9/tivLgzkUHRo/39ytgGl32Q/Gml8Vg7Jptf1jtGw=" + "version": "141.0.7390.123", + "hash_darwin": "sha256-grFBdZXToIZiHOrKs3EkVcl3+Bpj4tbui63oUstkpT4=", + "hash_darwin_aarch64": "sha256-Da3LogG0JRRI9iuTw4vWUh9CGCnicMzIDea641teQII=" }, "deps": { "depot_tools": { @@ -21,8 +21,8 @@ "DEPS": { "src": { "url": "https://chromium.googlesource.com/chromium/src.git", - "rev": "1c008349f76ff3a317bf28316fc5008c0120deb4", - "hash": "sha256-NRqWOkGrg/Y4wZi4WQDJ6CvsDpeseVgTc/iAnuPRy/U=", + "rev": "b477534e7e10d193e916cd4e2967c589383625b2", + "hash": "sha256-3sVHRzERwlLzXl2qSn2Lil4U4d6N63MUOomSUrjy2YY=", "recompress": true }, "src/third_party/clang-format/script": { From 5dbf685defeec6ab18cbbb57c537956c968cdaec Mon Sep 17 00:00:00 2001 From: Bonus Date: Tue, 7 Oct 2025 19:52:15 +0200 Subject: [PATCH 38/57] nixos/beszel.hub: init Co-authored-by: Mirza Arnaut --- .../manual/release-notes/rl-2511.section.md | 2 + nixos/modules/module-list.nix | 1 + .../services/monitoring/beszel-hub.nix | 114 ++++++++++++++++++ 3 files changed, 117 insertions(+) create mode 100644 nixos/modules/services/monitoring/beszel-hub.nix diff --git a/nixos/doc/manual/release-notes/rl-2511.section.md b/nixos/doc/manual/release-notes/rl-2511.section.md index 8dc6829d7182..7056f7fd144f 100644 --- a/nixos/doc/manual/release-notes/rl-2511.section.md +++ b/nixos/doc/manual/release-notes/rl-2511.section.md @@ -146,6 +146,8 @@ - [KMinion](https://github.com/redpanda-data/kminion), feature-rich Prometheus exporter for Apache Kafka. Available as [services.prometheus.exporters.kafka](options.html#opt-services.prometheus.exporters.kafka). +- [Beszel](https://beszel.dev), a lightweight server monitoring hub with historical data, docker stats, and alerts. Available as `services.beszel.hub`. + - [Spoolman](https://github.com/Donkie/Spoolman), a inventory management system for Filament spools. Available as [services.spoolman](#opt-services.spoolman.enable). - [Temporal](https://temporal.io/), a durable execution platform that enables diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 457d7923fd63..27ce3ddc3b86 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -973,6 +973,7 @@ ./services/monitoring/apcupsd.nix ./services/monitoring/arbtt.nix ./services/monitoring/below.nix + ./services/monitoring/beszel-hub.nix ./services/monitoring/bosun.nix ./services/monitoring/cadvisor.nix ./services/monitoring/certspotter.nix diff --git a/nixos/modules/services/monitoring/beszel-hub.nix b/nixos/modules/services/monitoring/beszel-hub.nix new file mode 100644 index 000000000000..8028d13c39d3 --- /dev/null +++ b/nixos/modules/services/monitoring/beszel-hub.nix @@ -0,0 +1,114 @@ +{ + lib, + config, + pkgs, + ... +}: +let + cfg = config.services.beszel.hub; +in +{ + meta.maintainers = with lib.maintainers; [ + BonusPlay + arunoruto + ]; + + options.services.beszel.hub = { + enable = lib.mkEnableOption "beszel hub"; + + package = lib.mkPackageOption pkgs "beszel" { }; + + host = lib.mkOption { + default = "127.0.0.1"; + type = lib.types.str; + example = "0.0.0.0"; + description = "Host or address this beszel hub listens on."; + }; + port = lib.mkOption { + default = 8090; + type = lib.types.port; + example = 3002; + description = "Port for this beszel hub to listen on."; + }; + + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/beszel-hub"; + description = "Data directory of beszel-hub."; + }; + + environment = lib.mkOption { + type = with lib.types; attrsOf str; + default = { }; + example = { + DISABLE_PASSWORD_AUTH = "true"; + }; + description = '' + Environment variables passed to the systemd service. + See for available options. + ''; + }; + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = '' + Environment file to be passed to the systemd service. + Useful for passing secrets to the service to prevent them from being + world-readable in the Nix store. See {manpage}`systemd.exec(5)`. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services.beszel-hub = { + description = "Beszel Server Monitoring Web App"; + + wantedBy = [ "multi-user.target" ]; + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + environment = cfg.environment; + + serviceConfig = { + ExecStartPre = [ + "${cfg.package}/bin/beszel-hub migrate up" + "${cfg.package}/bin/beszel-hub history-sync" + ]; + ExecStart = '' + ${cfg.package}/bin/beszel-hub serve --http='${cfg.host}:${toString cfg.port}' + ''; + + EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile; + WorkingDirectory = cfg.dataDir; + StateDirectory = baseNameOf cfg.dataDir; + RuntimeDirectory = baseNameOf cfg.dataDir; + ReadWritePaths = cfg.dataDir; + + DynamicUser = true; + User = "beszel-hub"; + LockPersonality = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateTmp = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = "strict"; + ProtectHome = "read-only"; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = "strict"; + DevicePolicy = "closed"; + Restart = "on-failure"; + RestartSec = "30s"; + RestrictRealtime = true; + RestrictSUIDSGID = true; + RestrictNamespaces = true; + SystemCallArchitectures = "native"; + SystemCallErrorNumber = "EPERM"; + SystemCallFilter = [ "@system-service" ]; + UMask = 27; + }; + }; + }; +} From f5d45f3499777a1a0c075993dea8b0d5bee81302 Mon Sep 17 00:00:00 2001 From: Bonus Date: Tue, 7 Oct 2025 19:54:37 +0200 Subject: [PATCH 39/57] nixos/beszel.agent: init Co-authored-by: Mirza Arnaut --- .../manual/release-notes/rl-2511.section.md | 2 +- nixos/modules/module-list.nix | 1 + .../services/monitoring/beszel-agent.nix | 119 ++++++++++++++++++ 3 files changed, 121 insertions(+), 1 deletion(-) create mode 100644 nixos/modules/services/monitoring/beszel-agent.nix diff --git a/nixos/doc/manual/release-notes/rl-2511.section.md b/nixos/doc/manual/release-notes/rl-2511.section.md index 7056f7fd144f..4fc6e12d04d6 100644 --- a/nixos/doc/manual/release-notes/rl-2511.section.md +++ b/nixos/doc/manual/release-notes/rl-2511.section.md @@ -146,7 +146,7 @@ - [KMinion](https://github.com/redpanda-data/kminion), feature-rich Prometheus exporter for Apache Kafka. Available as [services.prometheus.exporters.kafka](options.html#opt-services.prometheus.exporters.kafka). -- [Beszel](https://beszel.dev), a lightweight server monitoring hub with historical data, docker stats, and alerts. Available as `services.beszel.hub`. +- [Beszel](https://beszel.dev), a lightweight server monitoring hub with historical data, docker stats, and alerts. Available as [`services.beszel.agent`](options.html#opt-services.beszel.agent.enable) and [`services.beszel.hub`](options.html#opt-services.beszel.hub.enable). - [Spoolman](https://github.com/Donkie/Spoolman), a inventory management system for Filament spools. Available as [services.spoolman](#opt-services.spoolman.enable). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 27ce3ddc3b86..ac62b33bd6b6 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -973,6 +973,7 @@ ./services/monitoring/apcupsd.nix ./services/monitoring/arbtt.nix ./services/monitoring/below.nix + ./services/monitoring/beszel-agent.nix ./services/monitoring/beszel-hub.nix ./services/monitoring/bosun.nix ./services/monitoring/cadvisor.nix diff --git a/nixos/modules/services/monitoring/beszel-agent.nix b/nixos/modules/services/monitoring/beszel-agent.nix new file mode 100644 index 000000000000..9cb4e1e57c7c --- /dev/null +++ b/nixos/modules/services/monitoring/beszel-agent.nix @@ -0,0 +1,119 @@ +{ + lib, + config, + pkgs, + ... +}: +let + cfg = config.services.beszel.agent; +in +{ + meta.maintainers = with lib.maintainers; [ + BonusPlay + arunoruto + ]; + + options.services.beszel.agent = { + enable = lib.mkEnableOption "beszel agent"; + package = lib.mkPackageOption pkgs "beszel" { }; + openFirewall = (lib.mkEnableOption "") // { + description = "Whether to open the firewall port (default 45876)."; + }; + + environment = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = { }; + description = '' + Environment variables for configuring the beszel-agent service. + This field will end up public in /nix/store, for secret values (such as `KEY`) use `environmentFile`. + + See for available options. + ''; + }; + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = '' + File path containing environment variables for configuring the beszel-agent service in the format of an EnvironmentFile. See {manpage}`systemd.exec(5)`. + ''; + }; + extraPath = lib.mkOption { + type = lib.types.listOf lib.types.package; + default = [ ]; + description = '' + Extra packages to add to beszel path (such as nvidia-smi or rocm-smi). + ''; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services.beszel-agent = { + description = "Beszel Server Monitoring Agent"; + + wantedBy = [ "multi-user.target" ]; + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + + environment = cfg.environment; + path = + cfg.extraPath + ++ lib.optionals (builtins.elem "nvidia" config.services.xserver.videoDrivers) [ + (lib.getBin config.hardware.nvidia.package) + ] + ++ lib.optionals (builtins.elem "amdgpu" config.services.xserver.videoDrivers) [ + (lib.getBin pkgs.rocmPackages.rocm-smi) + ] + ++ lib.optionals (builtins.elem "intel" config.services.xserver.videoDrivers) [ + (lib.getBin pkgs.intel-gpu-tools) + ]; + + serviceConfig = { + ExecStart = '' + ${cfg.package}/bin/beszel-agent + ''; + + EnvironmentFile = cfg.environmentFile; + + # adds ability to monitor docker/podman containers + SupplementaryGroups = + lib.optionals config.virtualisation.docker.enable [ "docker" ] + ++ lib.optionals ( + config.virtualisation.podman.enable && config.virtualisation.podman.dockerSocket.enable + ) [ "podman" ]; + + DynamicUser = true; + User = "beszel-agent"; + LockPersonality = true; + NoNewPrivileges = true; + PrivateTmp = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = "strict"; + ProtectHome = "read-only"; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = "strict"; + Restart = "on-failure"; + RestartSec = "30s"; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallErrorNumber = "EPERM"; + SystemCallFilter = [ "@system-service" ]; + Type = "simple"; + UMask = 27; + }; + }; + + networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ + ( + if (builtins.hasAttr "PORT" cfg.environment) then + (lib.strings.toInt cfg.environment.PORT) + else + 45876 + ) + ]; + }; +} From c7e3e4546723650366ee18e4aa876856329d3b49 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Mon, 13 Oct 2025 12:52:20 +0200 Subject: [PATCH 40/57] nixos/tests/beszel: init --- nixos/tests/all-tests.nix | 1 + nixos/tests/beszel.nix | 119 +++++++++++++++++++++++++++++ pkgs/by-name/be/beszel/package.nix | 14 ++-- 3 files changed, 129 insertions(+), 5 deletions(-) create mode 100644 nixos/tests/beszel.nix diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 7ef0a3a4a368..3af4002a6aa2 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -266,6 +266,7 @@ in beanstalkd = runTest ./beanstalkd.nix; bees = runTest ./bees.nix; benchexec = runTest ./benchexec.nix; + beszel = runTest ./beszel.nix; binary-cache = runTest { imports = [ ./binary-cache.nix ]; _module.args.compression = "zstd"; diff --git a/nixos/tests/beszel.nix b/nixos/tests/beszel.nix new file mode 100644 index 000000000000..77a4a32a3747 --- /dev/null +++ b/nixos/tests/beszel.nix @@ -0,0 +1,119 @@ +{ pkgs, lib, ... }: +{ + name = "beszel"; + meta.maintainers = with lib.maintainers; [ h7x4 ]; + + nodes = { + hubHost = + { config, pkgs, ... }: + { + virtualisation.vlans = [ 1 ]; + + systemd.network.networks."01-eth1" = { + name = "eth1"; + networkConfig.Address = "10.0.0.1/24"; + }; + + networking = { + useNetworkd = true; + useDHCP = false; + }; + + services.beszel.hub = { + enable = true; + host = "10.0.0.1"; + }; + + networking.firewall.allowedTCPPorts = [ + config.services.beszel.hub.port + ]; + + environment.systemPackages = [ + config.services.beszel.hub.package + ]; + }; + + agentHost = + { config, pkgs, ... }: + { + virtualisation.vlans = [ 1 ]; + + systemd.network.networks."01-eth1" = { + name = "eth1"; + networkConfig.Address = "10.0.0.2/24"; + }; + + networking = { + useNetworkd = true; + useDHCP = false; + }; + + environment.systemPackages = with pkgs; [ jq ]; + + specialisation."agent".configuration = { + services.beszel.agent = { + enable = true; + environment.HUB_URL = "http://10.0.0.1:8090"; + environment.KEY_FILE = "/var/lib/beszel-agent/id_ed25519.pub"; + environment.TOKEN_FILE = "/var/lib/beszel-agent/token"; + openFirewall = true; + }; + }; + }; + }; + + testScript = + { nodes, ... }: + let + hubCfg = nodes.hubHost.services.beszel.hub; + agentCfg = nodes.agentHost.specialisation."agent".configuration.services.beszel.agent; + in + '' + import json + + start_all() + + with subtest("Start hub"): + hubHost.wait_for_unit("beszel-hub.service") + hubHost.wait_for_open_port(${toString hubCfg.port}, "${toString hubCfg.host}") + + with subtest("Register user"): + agentHost.succeed('curl -f --json \'${ + builtins.toJSON { + email = "admin@example.com"; + password = "password"; + } + }\' "${agentCfg.environment.HUB_URL}/api/beszel/create-user"') + user = json.loads(agentHost.succeed('curl -f --json \'${ + builtins.toJSON { + identity = "admin@example.com"; + password = "password"; + } + }\' ${agentCfg.environment.HUB_URL}/api/collections/users/auth-with-password').strip()) + + with subtest("Install agent credentials"): + agentHost.succeed("mkdir -p \"$(dirname '${agentCfg.environment.KEY_FILE}')\" \"$(dirname '${agentCfg.environment.TOKEN_FILE}')\"") + sshkey = agentHost.succeed(f"curl -H 'Authorization: {user["token"]}' -f ${agentCfg.environment.HUB_URL}/api/beszel/getkey | jq -r .key").strip() + utoken = agentHost.succeed(f"curl -H 'Authorization: {user["token"]}' -f ${agentCfg.environment.HUB_URL}/api/beszel/universal-token | jq -r .token").strip() + agentHost.succeed(f"echo '{sshkey}' > '${agentCfg.environment.KEY_FILE}'") + agentHost.succeed(f"echo '{utoken}' > '${agentCfg.environment.TOKEN_FILE}'") + + with subtest("Register agent in hub"): + agentHost.succeed(f'curl -H \'Authorization: {user["token"]}\' -f --json \'{${ + builtins.toJSON { + "host" = "10.0.0.2"; + "name" = "agent"; + "pkey" = "{sshkey}"; + "port" = "45876"; + "tkn" = "{utoken}"; + "users" = ''{user['record']['id']}''; + } + }}\' "${agentCfg.environment.HUB_URL}/api/collections/systems/records"') + + with subtest("Start agent"): + agentHost.succeed("/run/current-system/specialisation/agent/bin/switch-to-configuration switch") + agentHost.wait_for_unit("beszel-agent.service") + agentHost.wait_until_succeeds("journalctl -eu beszel-agent --grep 'SSH connection established'") + agentHost.wait_until_succeeds(f'curl -H \'Authorization: {user["token"]}\' -f ${agentCfg.environment.HUB_URL}/api/collections/systems/records | grep agentHost') + ''; +} diff --git a/pkgs/by-name/be/beszel/package.nix b/pkgs/by-name/be/beszel/package.nix index 79f012fdaea4..930f7b281482 100644 --- a/pkgs/by-name/be/beszel/package.nix +++ b/pkgs/by-name/be/beszel/package.nix @@ -4,6 +4,7 @@ fetchFromGitHub, nix-update-script, buildNpmPackage, + nixosTests, }: buildGoModule rec { pname = "beszel"; @@ -62,11 +63,14 @@ buildGoModule rec { mv $out/bin/hub $out/bin/beszel-hub ''; - passthru.updateScript = nix-update-script { - extraArgs = [ - "--subpackage" - "webui" - ]; + passthru = { + updateScript = nix-update-script { + extraArgs = [ + "--subpackage" + "webui" + ]; + }; + tests.nixos = nixosTests.beszel; }; meta = { From eb0d99b67dfe3f9934275fc8a558031574140925 Mon Sep 17 00:00:00 2001 From: Acid Bong Date: Tue, 21 Oct 2025 21:42:57 +0300 Subject: [PATCH 41/57] spek: update meta.homepage to a relevant URL Use HTTPS + `www` subdomain for a proper cert. --- pkgs/by-name/sp/spek/package.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/by-name/sp/spek/package.nix b/pkgs/by-name/sp/spek/package.nix index 0ebaefd3550f..5ff36e44fdbd 100644 --- a/pkgs/by-name/sp/spek/package.nix +++ b/pkgs/by-name/sp/spek/package.nix @@ -41,7 +41,7 @@ stdenv.mkDerivation (finalAttrs: { meta = { description = "Analyse your audio files by showing their spectrogram"; - homepage = "http://spek.cc/"; + homepage = "https://www.spek.cc/"; license = lib.licenses.gpl3; maintainers = with lib.maintainers; [ bjornfor ]; platforms = lib.platforms.all; From ed877db3b51389eae3ed2a9abf6fa01d322d2bf5 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 21 Oct 2025 21:39:05 +0000 Subject: [PATCH 42/57] ni: 26.1.0 -> 27.0.0 --- pkgs/by-name/ni/ni/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/ni/ni/package.nix b/pkgs/by-name/ni/ni/package.nix index 476baccd55c9..5d350458f138 100644 --- a/pkgs/by-name/ni/ni/package.nix +++ b/pkgs/by-name/ni/ni/package.nix @@ -13,19 +13,19 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "ni"; - version = "26.1.0"; + version = "27.0.0"; src = fetchFromGitHub { owner = "antfu-collective"; repo = "ni"; tag = "v${finalAttrs.version}"; - hash = "sha256-vde0NUOWVfdrJUgYBLP4C3I+lFv3YJVtcqUgB7Nx2b0="; + hash = "sha256-Yh159OpM4LPWJMO2Jv8xkzqRFurgK8EAQDyUIhWfHZ4="; }; pnpmDeps = pnpm.fetchDeps { inherit (finalAttrs) pname version src; fetcherVersion = 2; - hash = "sha256-aNRWBnlZ72OmU619L99aVqL317w4gSaJNtoO25u+s40="; + hash = "sha256-pg2zFm84sqTRM/KaNxnvtZMZHhgdrThPoMV58KKbvHA="; }; nativeBuildInputs = [ From 9be06f56c66a69ce817938a38dc235b156fcf9ca Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Tue, 21 Oct 2025 23:40:04 +0200 Subject: [PATCH 43/57] percona-server_8_0: 8.0.42-33 -> 8.0.43-34 Fixes CVE-2025-50078, CVE-2025-50082, CVE-2025-50083, CVE-2025-50085, CVE-2025-50077, CVE-2025-50092, CVE-2025-50099, CVE-2025-50086, CVE-2025-50093, CVE-2025-50094, CVE-2025-50079, CVE-2025-50084, CVE-2025-50087, CVE-2025-50091, CVE-2025-50101, CVE-2025-50102, CVE-2025-53023, CVE-2025-50097, CVE-2025-50080, CVE-2025-50096, CVE-2025-50081, CVE-2025-50104, CVE-2025-50098 and CVE-2025-50100. https://www.oracle.com/security-alerts/cpujul2025.html#AppendixMSQL https://docs.percona.com/percona-distribution-for-mysql/8.0/release-notes-ps-v8.0.43.html --- pkgs/servers/sql/percona-server/8_0.nix | 8 +- .../sql/percona-server/libcpp-fixes.patch | 207 ------------------ 2 files changed, 3 insertions(+), 212 deletions(-) delete mode 100644 pkgs/servers/sql/percona-server/libcpp-fixes.patch diff --git a/pkgs/servers/sql/percona-server/8_0.nix b/pkgs/servers/sql/percona-server/8_0.nix index 8cdca01efb1e..ff1f517af0e8 100644 --- a/pkgs/servers/sql/percona-server/8_0.nix +++ b/pkgs/servers/sql/percona-server/8_0.nix @@ -43,11 +43,11 @@ stdenv.mkDerivation (finalAttrs: { pname = "percona-server"; - version = "8.0.42-33"; + version = "8.0.43-34"; src = fetchurl { - url = "https://www.percona.com/downloads/Percona-Server-8.0/Percona-Server-${finalAttrs.version}/source/tarball/percona-server-${finalAttrs.version}.tar.gz"; - hash = "sha256-UDdmBz1RVjX/kRivvk69GPdtjLjWTglKxteiLxXKQGc="; + url = "https://downloads.percona.com/downloads/Percona-Server-8.0/Percona-Server-${finalAttrs.version}/source/tarball/percona-server-${finalAttrs.version}.tar.gz"; + hash = "sha256-RGm144c1WfNm62MsfCMeAapwDBucE8zoaQhdvh7JID4="; }; nativeBuildInputs = [ @@ -63,8 +63,6 @@ stdenv.mkDerivation (finalAttrs: { ++ lib.optionals (!stdenv.hostPlatform.isDarwin) [ rpcsvc-proto ]; patches = [ - # adapted from mysql80's llvm 19 fixes - ./libcpp-fixes.patch # fixes using -DWITH_SSL=system with CMAKE_PREFIX_PATH on darwin # https://github.com/Homebrew/homebrew-core/pull/204799 (fetchpatch { diff --git a/pkgs/servers/sql/percona-server/libcpp-fixes.patch b/pkgs/servers/sql/percona-server/libcpp-fixes.patch deleted file mode 100644 index 7e8de096415e..000000000000 --- a/pkgs/servers/sql/percona-server/libcpp-fixes.patch +++ /dev/null @@ -1,207 +0,0 @@ -diff --git a/include/my_char_traits.h b/include/my_char_traits.h -new file mode 100644 -index 00000000000..6336bc039c8 ---- /dev/null -+++ b/include/my_char_traits.h -@@ -0,0 +1,65 @@ -+/* Copyright (c) 2024, Oracle and/or its affiliates. -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License, version 2.0, -+ as published by the Free Software Foundation. -+ -+ This program is designed to work with certain software (including -+ but not limited to OpenSSL) that is licensed under separate terms, -+ as designated in a particular file or component or in included license -+ documentation. The authors of MySQL hereby grant you an additional -+ permission to link the program and your derivative works with the -+ separately licensed software that they have either included with -+ the program or referenced in the documentation. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License, version 2.0, for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program; if not, write to the Free Software -+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ -+ -+#ifndef MY_CHAR_TRAITS_INCLUDED -+#define MY_CHAR_TRAITS_INCLUDED -+ -+#include -+ -+template -+struct my_char_traits; -+ -+/* -+ This is a standards-compliant, drop-in replacement for -+ std::char_traits -+ We need this because clang libc++ is removing support for it in clang 19. -+ It is not a complete implementation. Rather we implement just enough to -+ compile any usage of char_traits we have in our codebase. -+ */ -+template <> -+struct my_char_traits { -+ using char_type = unsigned char; -+ using int_type = unsigned int; -+ -+ static void assign(char_type &c1, const char_type &c2) { c1 = c2; } -+ -+ static char_type *assign(char_type *s, std::size_t n, char_type a) { -+ return static_cast(memset(s, a, n)); -+ } -+ -+ static int compare(const char_type *s1, const char_type *s2, std::size_t n) { -+ return memcmp(s1, s2, n); -+ } -+ -+ static char_type *move(char_type *s1, const char_type *s2, std::size_t n) { -+ if (n == 0) return s1; -+ return static_cast(memmove(s1, s2, n)); -+ } -+ -+ static char_type *copy(char_type *s1, const char_type *s2, std::size_t n) { -+ if (n == 0) return s1; -+ return static_cast(memcpy(s1, s2, n)); -+ } -+}; -+ -+#endif // MY_CHAR_TRAITS_INCLUDED -diff --git a/sql/mdl_context_backup.h b/sql/mdl_context_backup.h -index 89e7e23df34..cf9c307ec2d 100644 ---- a/sql/mdl_context_backup.h -+++ b/sql/mdl_context_backup.h -@@ -28,6 +28,7 @@ - #include - #include - -+#include "my_char_traits.h" - #include "sql/malloc_allocator.h" - #include "sql/mdl.h" - -@@ -47,7 +48,8 @@ class MDL_context_backup_manager { - /** - Key for uniquely identifying MDL_context in the MDL_context_backup map. - */ -- typedef std::basic_string MDL_context_backup_key; -+ using MDL_context_backup_key = -+ std::basic_string>; - - class MDL_context_backup; - -diff --git a/sql/range_optimizer/index_range_scan_plan.cc b/sql/range_optimizer/index_range_scan_plan.cc -index 74fbb100397..8ed1f50da33 100644 ---- a/sql/range_optimizer/index_range_scan_plan.cc -+++ b/sql/range_optimizer/index_range_scan_plan.cc -@@ -54,6 +54,8 @@ - #include "sql/thr_malloc.h" - #include "sql_string.h" - -+#include "my_char_traits.h" -+ - using opt_range::null_element; - using std::max; - using std::min; -@@ -1025,8 +1027,8 @@ static bool null_part_in_key(KEY_PART *key_part, const uchar *key, - - // TODO(sgunders): This becomes a bit simpler with C++20's string_view - // constructors. --static inline std::basic_string_view make_string_view(const uchar *start, -- const uchar *end) { -+static inline std::basic_string_view> -+make_string_view(const uchar *start, const uchar *end) { - return {start, static_cast(end - start)}; - } - -diff --git a/sql/stream_cipher.h b/sql/stream_cipher.h -index 606d40645c6..358fbb41959 100644 ---- a/sql/stream_cipher.h -+++ b/sql/stream_cipher.h -@@ -28,6 +28,8 @@ - #include - #include - -+#include "my_char_traits.h" -+ - /** - @file stream_cipher.h - -@@ -35,7 +37,8 @@ - binary log files. - */ - --typedef std::basic_string Key_string; -+using Key_string = -+ std::basic_string>; - - /** - @class Stream_cipher -diff --git a/unittest/gunit/binlogevents/transaction_compression-t.cc b/unittest/gunit/binlogevents/transaction_compression-t.cc -index ba13f979aa3..01af0e3a360 100644 ---- a/unittest/gunit/binlogevents/transaction_compression-t.cc -+++ b/unittest/gunit/binlogevents/transaction_compression-t.cc -@@ -23,6 +23,7 @@ - */ - - #include -+#include - - #include - #include "libbinlogevents/include/binary_log.h" -@@ -51,14 +52,13 @@ class TransactionPayloadCompressionTest : public ::testing::Test { - using Managed_buffer_t = Decompressor_t::Managed_buffer_t; - using Size_t = Decompressor_t::Size_t; - using Char_t = Decompressor_t::Char_t; -- using String_t = std::basic_string; - using Decompress_status_t = - binary_log::transaction::compression::Decompress_status; - using Compress_status_t = - binary_log::transaction::compression::Compress_status; - -- static String_t constant_data(Size_t size) { -- return String_t(size, (Char_t)'a'); -+ static std::string constant_data(Size_t size) { -+ return std::string(size, (Char_t)'a'); - } - - protected: -@@ -69,7 +69,7 @@ class TransactionPayloadCompressionTest : public ::testing::Test { - void TearDown() override {} - - static void compression_idempotency_test(Compressor_t &c, Decompressor_t &d, -- String_t data) { -+ const std::string &data) { - auto debug_string = concat( - binary_log::transaction::compression::type_to_string(c.get_type_code()), - " ", data.size()); -@@ -104,8 +104,8 @@ class TransactionPayloadCompressionTest : public ::testing::Test { - - // Check decompressed data - ASSERT_EQ(managed_buffer.read_part().size(), data.size()) << debug_string; -- ASSERT_EQ(data, String_t(managed_buffer.read_part().begin(), -- managed_buffer.read_part().end())) -+ ASSERT_EQ(data, std::string(managed_buffer.read_part().begin(), -+ managed_buffer.read_part().end())) - << debug_string; - - // Check that we reached EOF -@@ -118,7 +118,7 @@ TEST_F(TransactionPayloadCompressionTest, CompressDecompressZstdTest) { - for (auto size : buffer_sizes) { - binary_log::transaction::compression::Zstd_dec d; - binary_log::transaction::compression::Zstd_comp c; -- String_t data{TransactionPayloadCompressionTest::constant_data(size)}; -+ std::string data{TransactionPayloadCompressionTest::constant_data(size)}; - TransactionPayloadCompressionTest::compression_idempotency_test(c, d, data); - c.set_compression_level(22); - TransactionPayloadCompressionTest::compression_idempotency_test(c, d, data); -@@ -129,7 +129,7 @@ TEST_F(TransactionPayloadCompressionTest, CompressDecompressNoneTest) { - for (auto size : buffer_sizes) { - binary_log::transaction::compression::None_dec d; - binary_log::transaction::compression::None_comp c; -- String_t data{TransactionPayloadCompressionTest::constant_data(size)}; -+ std::string data{TransactionPayloadCompressionTest::constant_data(size)}; - TransactionPayloadCompressionTest::compression_idempotency_test(c, d, data); - } - } From 6885524b6a57a80bed0a706805e2a4895af79388 Mon Sep 17 00:00:00 2001 From: Rafael Ieda Date: Tue, 21 Oct 2025 19:34:23 -0300 Subject: [PATCH 44/57] libuinputplus: fix build with cmake4 --- pkgs/by-name/li/libuinputplus/package.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/by-name/li/libuinputplus/package.nix b/pkgs/by-name/li/libuinputplus/package.nix index 0371a66131d0..1541a52b32a7 100644 --- a/pkgs/by-name/li/libuinputplus/package.nix +++ b/pkgs/by-name/li/libuinputplus/package.nix @@ -25,6 +25,11 @@ stdenv.mkDerivation rec { pkg-config ]; + postPatch = '' + substituteInPlace CMakeLists.txt \ + --replace-fail "cmake_minimum_required(VERSION 3.0)" "cmake_minimum_required(VERSION 3.10)" + ''; + meta = with lib; { inherit (src.meta) homepage; description = "Easy-to-use uinput library in C++"; From 003b5ac29b2a6a54344db1108221ae8a6898f54d Mon Sep 17 00:00:00 2001 From: Sarah Clark Date: Tue, 21 Oct 2025 15:38:03 -0700 Subject: [PATCH 45/57] python3Packages.aiolifx: modernize derivation --- pkgs/development/python-modules/aiolifx/default.nix | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/pkgs/development/python-modules/aiolifx/default.nix b/pkgs/development/python-modules/aiolifx/default.nix index 3818ad68ef14..bd5d5e776fbb 100644 --- a/pkgs/development/python-modules/aiolifx/default.nix +++ b/pkgs/development/python-modules/aiolifx/default.nix @@ -7,7 +7,6 @@ fetchPypi, ifaddr, inquirerpy, - pythonOlder, setuptools, }: @@ -16,8 +15,6 @@ buildPythonPackage rec { version = "1.2.1"; pyproject = true; - disabled = pythonOlder "3.7"; - src = fetchPypi { inherit pname version; hash = "sha256-h82KPrHcWUUrQFyMy3fY6BmQFA5a4DFJdhJ6zRnKMsc="; @@ -38,12 +35,12 @@ buildPythonPackage rec { pythonImportsCheck = [ "aiolifx" ]; - meta = with lib; { + meta = { description = "Module for local communication with LIFX devices over a LAN"; homepage = "https://github.com/aiolifx/aiolifx"; changelog = "https://github.com/aiolifx/aiolifx/releases/tag/${version}"; - license = licenses.mit; - maintainers = with maintainers; [ netixx ]; + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ netixx ]; mainProgram = "aiolifx"; }; } From 20ef37577ce56303b370b0e134b270d00fb78db9 Mon Sep 17 00:00:00 2001 From: Sarah Clark Date: Tue, 21 Oct 2025 15:40:45 -0700 Subject: [PATCH 46/57] python3Packages.aiolifx: build from GitHub source --- pkgs/development/python-modules/aiolifx/default.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/pkgs/development/python-modules/aiolifx/default.nix b/pkgs/development/python-modules/aiolifx/default.nix index bd5d5e776fbb..d1cc221a239e 100644 --- a/pkgs/development/python-modules/aiolifx/default.nix +++ b/pkgs/development/python-modules/aiolifx/default.nix @@ -4,7 +4,7 @@ bitstring, buildPythonPackage, click, - fetchPypi, + fetchFromGitHub, ifaddr, inquirerpy, setuptools, @@ -15,9 +15,11 @@ buildPythonPackage rec { version = "1.2.1"; pyproject = true; - src = fetchPypi { - inherit pname version; - hash = "sha256-h82KPrHcWUUrQFyMy3fY6BmQFA5a4DFJdhJ6zRnKMsc="; + src = fetchFromGitHub { + owner = "aiolifx"; + repo = "aiolifx"; + tag = version; + hash = "sha256-9FTsY/VFfzLlDEjF8ueBQxr30YasdQwei1/KfHiXwMo="; }; build-system = [ setuptools ]; From f1749a1465df58062399c1606bd9b1eccc12c966 Mon Sep 17 00:00:00 2001 From: Rafael Ieda Date: Tue, 21 Oct 2025 19:52:33 -0300 Subject: [PATCH 47/57] linvstmanager: fix build with cmake4 --- pkgs/applications/audio/linvstmanager/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/applications/audio/linvstmanager/default.nix b/pkgs/applications/audio/linvstmanager/default.nix index 1da68ebb45d1..6da4c7fcc626 100644 --- a/pkgs/applications/audio/linvstmanager/default.nix +++ b/pkgs/applications/audio/linvstmanager/default.nix @@ -27,6 +27,11 @@ stdenv.mkDerivation rec { qtbase ]; + postPatch = '' + substituteInPlace CMakeLists.txt \ + --replace-fail "cmake_minimum_required(VERSION 3.0.0)" "cmake_minimum_required(VERSION 3.10)" + ''; + meta = with lib; { description = "Graphical companion application for various bridges like LinVst, etc"; mainProgram = "linvstmanager"; From 95f51ebfe81f5e245d8cf10ed42e78fd1cc82415 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 22 Oct 2025 00:24:42 +0000 Subject: [PATCH 48/57] libretro.snes9x: 0-unstable-2025-10-11 -> 0-unstable-2025-10-16 --- pkgs/applications/emulators/libretro/cores/snes9x.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/emulators/libretro/cores/snes9x.nix b/pkgs/applications/emulators/libretro/cores/snes9x.nix index af98268827e1..3a8150cbb2f2 100644 --- a/pkgs/applications/emulators/libretro/cores/snes9x.nix +++ b/pkgs/applications/emulators/libretro/cores/snes9x.nix @@ -5,13 +5,13 @@ }: mkLibretroCore { core = "snes9x"; - version = "0-unstable-2025-10-11"; + version = "0-unstable-2025-10-16"; src = fetchFromGitHub { owner = "snes9xgit"; repo = "snes9x"; - rev = "cdffce2e32bfc0305fd5489831d09b5e730bed9b"; - hash = "sha256-uTUhE6yvzgGxik1TMxcOI4K55xKTZNl7PmwYVxBsQZY="; + rev = "abfc018c90799eb55b773fc46d486167d8b3c762"; + hash = "sha256-7PXUGUfhieYz8rLDhfLq09AcJbEcTLC/peYYN/B07c4="; }; makefile = "Makefile"; From 0e19a0dc5eca09370d59f49584064fdbc6225da5 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 22 Oct 2025 01:08:08 +0000 Subject: [PATCH 49/57] libretro-shaders-slang: 0-unstable-2025-10-15 -> 0-unstable-2025-10-20 --- pkgs/by-name/li/libretro-shaders-slang/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/li/libretro-shaders-slang/package.nix b/pkgs/by-name/li/libretro-shaders-slang/package.nix index ca83205dde68..7eab65738a01 100644 --- a/pkgs/by-name/li/libretro-shaders-slang/package.nix +++ b/pkgs/by-name/li/libretro-shaders-slang/package.nix @@ -7,13 +7,13 @@ stdenvNoCC.mkDerivation { pname = "libretro-shaders-slang"; - version = "0-unstable-2025-10-15"; + version = "0-unstable-2025-10-20"; src = fetchFromGitHub { owner = "libretro"; repo = "slang-shaders"; - rev = "c94b1bdfd8c973893ac3fe883ae05c420aba2908"; - hash = "sha256-aZ6Xf7suIlUj3NcGtRfoYTKMnenCupS7dLoENGePr/E="; + rev = "422e59878b7e0b4d5d677e6163cc560767398d20"; + hash = "sha256-PdurVN86deGS1pNvFY1IZblBklc/CEFrB7jKbB8JrG4="; }; dontConfigure = true; From 1b7d72b8485a1360aed12c90347c326cf5bf0551 Mon Sep 17 00:00:00 2001 From: Rafael Ieda Date: Tue, 21 Oct 2025 10:50:18 -0300 Subject: [PATCH 50/57] imagelol: fix build with cmake4, mark as broken on darwin Co-authored-by: Michael Daniels --- pkgs/by-name/im/imagelol/package.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkgs/by-name/im/imagelol/package.nix b/pkgs/by-name/im/imagelol/package.nix index efdc4991ad94..c177b42a7f8e 100644 --- a/pkgs/by-name/im/imagelol/package.nix +++ b/pkgs/by-name/im/imagelol/package.nix @@ -37,6 +37,12 @@ stdenv.mkDerivation rec { mv imagelol src substituteInPlace CMakeLists.txt \ --replace 'add_subdirectory("imagelol")' 'add_subdirectory("src")' + + substituteInPlace External/zlib-no-examples/CMakeLists.txt \ + --replace-fail "cmake_minimum_required(VERSION 2.4.4)" "cmake_minimum_required(VERSION 3.10)" + substituteInPlace External/libpng/CMakeLists.txt \ + --replace-fail "cmake_minimum_required(VERSION 3.1)" "cmake_minimum_required(VERSION 3.10)" \ + --replace-fail "cmake_policy(VERSION 3.1)" "cmake_policy(VERSION 3.10)" ''; nativeBuildInputs = [ cmake ]; @@ -59,6 +65,7 @@ stdenv.mkDerivation rec { license = licenses.mit; maintainers = [ ]; platforms = platforms.unix; + broken = stdenv.hostPlatform.isDarwin; mainProgram = "ImageLOL"; }; } From 5382a7f7be7dd376657760202d4401e18fcc95f9 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 22 Oct 2025 02:16:07 +0000 Subject: [PATCH 51/57] rustical: 0.9.11 -> 0.9.12 --- pkgs/by-name/ru/rustical/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/ru/rustical/package.nix b/pkgs/by-name/ru/rustical/package.nix index 1d8e90342c25..48261b300c02 100644 --- a/pkgs/by-name/ru/rustical/package.nix +++ b/pkgs/by-name/ru/rustical/package.nix @@ -8,16 +8,16 @@ rustPlatform.buildRustPackage (finalAttrs: { pname = "rustical"; - version = "0.9.11"; + version = "0.9.12"; src = fetchFromGitHub { owner = "lennart-k"; repo = "rustical"; tag = "v${finalAttrs.version}"; - hash = "sha256-XDnhHgswje335c3OHR/cUO9qtOj1MQBYvAsoH5coiDY="; + hash = "sha256-pmIWLhrf7AsFr+xvYeibAutIigLeQNQepssLpHxjZyQ="; }; - cargoHash = "sha256-MevmHEdkczL4CcQpjdvv21rvnCmbnSr37Ny6G0kodag="; + cargoHash = "sha256-vU/iXRas6PYUASPTVDkzmZCyOHnH07S4YpvIyg1zybk="; nativeBuildInputs = [ pkg-config ]; buildInputs = [ openssl ]; From a4491bd7eec94380136fac5a002db10f8469ece2 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 22 Oct 2025 02:44:14 +0000 Subject: [PATCH 52/57] tmuxai: 1.1.3 -> 2.0.0 --- pkgs/by-name/tm/tmuxai/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/tm/tmuxai/package.nix b/pkgs/by-name/tm/tmuxai/package.nix index f31a9ae356be..490e3df32d8a 100644 --- a/pkgs/by-name/tm/tmuxai/package.nix +++ b/pkgs/by-name/tm/tmuxai/package.nix @@ -9,16 +9,16 @@ buildGoModule (finalAttrs: { pname = "tmuxai"; - version = "1.1.3"; + version = "2.0.0"; src = fetchFromGitHub { owner = "alvinunreal"; repo = "tmuxai"; tag = "v${finalAttrs.version}"; - hash = "sha256-SOqfEaCtJ8xlv0RA83tevbXjxwyGILSWlxNCVrKeLak="; + hash = "sha256-5XcqovO1HKNAlZ7H26jWHSLt3bbxzhLJIL9sLDMdHR4="; }; - vendorHash = "sha256-6X79tFZCiuVq3ZgHC/EhwF9Nlge/8UoubRG1O9DGwxc="; + vendorHash = "sha256-cw/tW7i+CDN7AYLcU7bC1VNeD1aFRvngvtwmgBqKvoc="; ldflags = [ "-s" From b87416ff95465c54ee87f977e2b48deb5d26b67a Mon Sep 17 00:00:00 2001 From: Sarah Clark Date: Tue, 21 Oct 2025 15:45:01 -0700 Subject: [PATCH 53/57] python3Packages.aiolifx: allow click 8.2.x --- pkgs/development/python-modules/aiolifx/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/python-modules/aiolifx/default.nix b/pkgs/development/python-modules/aiolifx/default.nix index d1cc221a239e..d1525f12f6a1 100644 --- a/pkgs/development/python-modules/aiolifx/default.nix +++ b/pkgs/development/python-modules/aiolifx/default.nix @@ -24,6 +24,8 @@ buildPythonPackage rec { build-system = [ setuptools ]; + pythonRelaxDeps = [ "click" ]; + dependencies = [ async-timeout bitstring From b3bf773364373b88fba01f5c12cf31fff018ac5a Mon Sep 17 00:00:00 2001 From: Sarah Clark Date: Tue, 21 Oct 2025 11:48:58 -0700 Subject: [PATCH 54/57] seagoat: disable broken tests under click 8.2.x --- pkgs/by-name/se/seagoat/failing_tests.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/by-name/se/seagoat/failing_tests.nix b/pkgs/by-name/se/seagoat/failing_tests.nix index 75ed4e5bbab4..b347b63fcad5 100644 --- a/pkgs/by-name/se/seagoat/failing_tests.nix +++ b/pkgs/by-name/se/seagoat/failing_tests.nix @@ -51,4 +51,14 @@ "test_file_change_many_times_is_first_result" "test_newer_change_can_beat_frequent_change_in_past" "test_commit_messages_with_three_or_more_colons" + + # Compatibility issue with click 8.2 + # https://github.com/kantord/SeaGOAT/issues/1021 + "test_seagoat_warns_on_incomplete_accuracy[99]" + "test_seagoat_warns_on_incomplete_accuracy[100]" + "test_server_error_handling[File Not Found on Server-500]" + "test_server_error_handling[Database Connection Failed-503]" + "test_server_does_not_exist_error" + "test_no_network_to_update" + "test_server_shows_error_when_folder_is_not_a_git_repo" ] From 01bc8ac5b9e4000a7aeea26e731330c896280bc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Tue, 21 Oct 2025 20:33:37 -0700 Subject: [PATCH 55/57] python3Packages.python-jose: fix test_incorrect_public_key_hmac_signing --- .../development/python-modules/python-jose/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/development/python-modules/python-jose/default.nix b/pkgs/development/python-modules/python-jose/default.nix index 470337705c89..13e7257d63b3 100644 --- a/pkgs/development/python-modules/python-jose/default.nix +++ b/pkgs/development/python-modules/python-jose/default.nix @@ -4,6 +4,7 @@ cryptography, ecdsa, fetchFromGitHub, + fetchpatch, pyasn1, pycrypto, pycryptodome, @@ -24,6 +25,15 @@ buildPythonPackage rec { hash = "sha256-8DQ0RBQ4ZgEIwcosgX3dzr928cYIQoH0obIOgk0+Ozs="; }; + patches = [ + # https://github.com/mpdavis/python-jose/pull/393 + (fetchpatch { + name = "fix-test_incorrect_public_key_hmac_signing.patch"; + url = "https://github.com/mpdavis/python-jose/commit/7c0e4c6640bdc9cd60ac66d96d5d90f4377873db.patch"; + hash = "sha256-bCzxZEWKYD20TLqzVv6neZlpU41otbVqaXc7C0Ky9BQ="; + }) + ]; + pythonRelaxDeps = [ # https://github.com/mpdavis/python-jose/pull/376 "pyasn1" From 669a4768042a398e1514d1bf89daa9b6c0a26785 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 22 Oct 2025 03:50:00 +0000 Subject: [PATCH 56/57] mpv-handler: 0.4.1 -> 0.4.2 --- pkgs/by-name/mp/mpv-handler/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/mp/mpv-handler/package.nix b/pkgs/by-name/mp/mpv-handler/package.nix index e0dd5c913cca..14637dcab48d 100644 --- a/pkgs/by-name/mp/mpv-handler/package.nix +++ b/pkgs/by-name/mp/mpv-handler/package.nix @@ -9,16 +9,16 @@ }: rustPlatform.buildRustPackage rec { pname = "mpv-handler"; - version = "0.4.1"; + version = "0.4.2"; src = fetchFromGitHub { owner = "akiirui"; repo = "mpv-handler"; tag = "v${version}"; - hash = "sha256-uWV9pjZp5s8H1UDS/T0JK//eJNnsaaby88l/tDqlQHY="; + hash = "sha256-QoctjneJA7CdXqGm0ylAh9w6611vv2PD1fzS0exag5A="; }; - cargoHash = "sha256-Cps+cPOv8uV8x0MiBdSqsdJ/8n259K6Y5aVl2aWJ/tE="; + cargoHash = "sha256-gKDkDLTLzC53obDd7pORsqP6DhORTbx6tvQ4jq61znQ="; passthru.updateScript = nix-update-script { }; From b22b5a3c20c81569504934ed7c897a3ce1a0f611 Mon Sep 17 00:00:00 2001 From: Will Fancher Date: Wed, 22 Oct 2025 01:43:39 -0400 Subject: [PATCH 57/57] nixos/tests: More temporary uaccess fixes See: https://github.com/NixOS/nixpkgs/pull/453603 --- nixos/tests/budgie.nix | 3 ++- nixos/tests/cinnamon-wayland.nix | 3 ++- nixos/tests/cinnamon.nix | 3 ++- nixos/tests/enlightenment.nix | 3 ++- nixos/tests/gnome-extensions.nix | 3 ++- nixos/tests/gnome-flashback.nix | 3 ++- nixos/tests/gnome-xorg.nix | 3 ++- nixos/tests/gnome.nix | 3 ++- nixos/tests/lxqt.nix | 3 ++- nixos/tests/mate.nix | 3 ++- nixos/tests/pantheon.nix | 3 ++- nixos/tests/xfce-wayland.nix | 3 ++- nixos/tests/xfce.nix | 3 ++- 13 files changed, 26 insertions(+), 13 deletions(-) diff --git a/nixos/tests/budgie.nix b/nixos/tests/budgie.nix index a6c40f6a9ab4..b003e1c65240 100644 --- a/nixos/tests/budgie.nix +++ b/nixos/tests/budgie.nix @@ -54,7 +54,8 @@ machine.succeed("xauth merge ${user.home}/.Xauthority") with subtest("Check that logging in has given the user ownership of devices"): - machine.succeed("getfacl -p /dev/snd/timer | grep -q ${user.name}") + # Change back to /dev/snd/timer after systemd-258.1 + machine.succeed("getfacl -p /dev/dri/card0 | grep -q ${user.name}") with subtest("Check if Budgie session components actually start"): for i in ["budgie-daemon", "budgie-panel", "budgie-wm", "budgie-desktop-view", "gsd-media-keys"]: diff --git a/nixos/tests/cinnamon-wayland.nix b/nixos/tests/cinnamon-wayland.nix index d19ac920b388..e4118d82f4dd 100644 --- a/nixos/tests/cinnamon-wayland.nix +++ b/nixos/tests/cinnamon-wayland.nix @@ -42,7 +42,8 @@ machine.wait_for_file("/run/user/${toString user.uid}/wayland-0") with subtest("Check that logging in has given the user ownership of devices"): - machine.succeed("getfacl -p /dev/snd/timer | grep -q ${user.name}") + # Change back to /dev/snd/timer after systemd-258.1 + machine.succeed("getfacl -p /dev/dri/card0 | grep -q ${user.name}") with subtest("Wait for the Cinnamon shell"): # Correct output should be (true, '2') diff --git a/nixos/tests/cinnamon.nix b/nixos/tests/cinnamon.nix index 9ff43a8dbbb7..1f8fb683efc7 100644 --- a/nixos/tests/cinnamon.nix +++ b/nixos/tests/cinnamon.nix @@ -53,7 +53,8 @@ machine.succeed("xauth merge ${user.home}/.Xauthority") with subtest("Check that logging in has given the user ownership of devices"): - machine.succeed("getfacl -p /dev/snd/timer | grep -q ${user.name}") + # Change back to /dev/snd/timer after systemd-258.1 + machine.succeed("getfacl -p /dev/dri/card0 | grep -q ${user.name}") with subtest("Wait for the Cinnamon shell"): # Correct output should be (true, '2') diff --git a/nixos/tests/enlightenment.nix b/nixos/tests/enlightenment.nix index 77e731feddbf..41dfc754e7fe 100644 --- a/nixos/tests/enlightenment.nix +++ b/nixos/tests/enlightenment.nix @@ -42,7 +42,8 @@ machine.succeed("xauth merge ${user.home}/.Xauthority") with subtest("Check that logging in has given the user ownership of devices"): - machine.succeed("getfacl -p /dev/snd/timer | grep -q ${user.name}") + # Change back to /dev/snd/timer after systemd-258.1 + machine.succeed("getfacl -p /dev/dri/card0 | grep -q ${user.name}") with subtest("First time wizard"): machine.wait_for_text("Default") # Language diff --git a/nixos/tests/gnome-extensions.nix b/nixos/tests/gnome-extensions.nix index bde20a8c95aa..66003daa09d9 100644 --- a/nixos/tests/gnome-extensions.nix +++ b/nixos/tests/gnome-extensions.nix @@ -105,7 +105,8 @@ # wait for alice to be logged in machine.wait_for_unit("default.target", "${user.name}") # check that logging in has given the user ownership of devices - assert "alice" in machine.succeed("getfacl -p /dev/snd/timer") + # Change back to /dev/snd/timer after systemd-258.1 + assert "alice" in machine.succeed("getfacl -p /dev/dri/card0") with subtest("Wait for GNOME Shell"): # correct output should be (true, 'false') diff --git a/nixos/tests/gnome-flashback.nix b/nixos/tests/gnome-flashback.nix index 6df6e621995e..46cb6402bbb1 100644 --- a/nixos/tests/gnome-flashback.nix +++ b/nixos/tests/gnome-flashback.nix @@ -46,7 +46,8 @@ machine.wait_for_file("${xauthority}") machine.succeed("xauth merge ${xauthority}") # Check that logging in has given the user ownership of devices - assert "alice" in machine.succeed("getfacl -p /dev/snd/timer") + # Change back to /dev/snd/timer after systemd-258.1 + assert "alice" in machine.succeed("getfacl -p /dev/dri/card0") with subtest("Wait for Metacity"): machine.wait_until_succeeds("pgrep metacity") diff --git a/nixos/tests/gnome-xorg.nix b/nixos/tests/gnome-xorg.nix index 82d3bf3e08ce..9e9fdc9bdb9f 100644 --- a/nixos/tests/gnome-xorg.nix +++ b/nixos/tests/gnome-xorg.nix @@ -83,7 +83,8 @@ machine.wait_for_file("${xauthority}") machine.succeed("xauth merge ${xauthority}") # Check that logging in has given the user ownership of devices - assert "alice" in machine.succeed("getfacl -p /dev/snd/timer") + # Change back to /dev/snd/timer after systemd-258.1 + assert "alice" in machine.succeed("getfacl -p /dev/dri/card0") with subtest("Wait for GNOME Shell"): # correct output should be (true, 'false') diff --git a/nixos/tests/gnome.nix b/nixos/tests/gnome.nix index 4d1b4c71ecd2..0bb2e7061133 100644 --- a/nixos/tests/gnome.nix +++ b/nixos/tests/gnome.nix @@ -76,7 +76,8 @@ # wait for alice to be logged in machine.wait_for_unit("default.target", "${user.name}") # check that logging in has given the user ownership of devices - assert "alice" in machine.succeed("getfacl -p /dev/snd/timer") + # Change back to /dev/snd/timer after systemd-258.1 + assert "alice" in machine.succeed("getfacl -p /dev/dri/card0") with subtest("Wait for GNOME Shell"): # correct output should be (true, 'false') diff --git a/nixos/tests/lxqt.nix b/nixos/tests/lxqt.nix index 595b6dc3f9ba..a7b8120016aa 100644 --- a/nixos/tests/lxqt.nix +++ b/nixos/tests/lxqt.nix @@ -42,7 +42,8 @@ machine.succeed("su - ${user.name} -c 'xauth merge /tmp/xauth_*'") with subtest("Check that logging in has given the user ownership of devices"): - machine.succeed("getfacl -p /dev/snd/timer | grep -q ${user.name}") + # Change back to /dev/snd/timer after systemd-258.1 + machine.succeed("getfacl -p /dev/dri/card0 | grep -q ${user.name}") with subtest("Check if LXQt components actually start"): for i in ["openbox", "lxqt-session", "pcmanfm-qt", "lxqt-panel", "lxqt-runner"]: diff --git a/nixos/tests/mate.nix b/nixos/tests/mate.nix index 45fd877c1ca4..81948d5a1ae1 100644 --- a/nixos/tests/mate.nix +++ b/nixos/tests/mate.nix @@ -41,7 +41,8 @@ machine.succeed("xauth merge ${user.home}/.Xauthority") with subtest("Check that logging in has given the user ownership of devices"): - machine.succeed("getfacl -p /dev/snd/timer | grep -q ${user.name}") + # Change back to /dev/snd/timer after systemd-258.1 + machine.succeed("getfacl -p /dev/dri/card0 | grep -q ${user.name}") with subtest("Check if MATE session components actually start"): machine.wait_until_succeeds("pgrep marco") diff --git a/nixos/tests/pantheon.nix b/nixos/tests/pantheon.nix index 336f84a061b4..3e24bff88527 100644 --- a/nixos/tests/pantheon.nix +++ b/nixos/tests/pantheon.nix @@ -72,7 +72,8 @@ machine.wait_for_file("/run/user/${toString user.uid}/wayland-0") with subtest("Check that logging in has given the user ownership of devices"): - machine.succeed("getfacl -p /dev/snd/timer | grep -q ${user.name}") + # Change back to /dev/snd/timer after systemd-258.1 + machine.succeed("getfacl -p /dev/dri/card0 | grep -q ${user.name}") with subtest("Check if Pantheon components actually start"): pgrep_list = [ diff --git a/nixos/tests/xfce-wayland.nix b/nixos/tests/xfce-wayland.nix index 17defe1b4d26..061efa002327 100644 --- a/nixos/tests/xfce-wayland.nix +++ b/nixos/tests/xfce-wayland.nix @@ -39,7 +39,8 @@ machine.wait_for_file("/run/user/${toString user.uid}/wayland-0") with subtest("Check that logging in has given the user ownership of devices"): - machine.succeed("getfacl -p /dev/snd/timer | grep -q ${user.name}") + # Change back to /dev/snd/timer after systemd-258.1 + machine.succeed("getfacl -p /dev/dri/card0 | grep -q ${user.name}") with subtest("Check if Xfce components actually start"): for p in ["labwc", "xfdesktop", "xfce4-notifyd", "xfconfd", "xfce4-panel"]: diff --git a/nixos/tests/xfce.nix b/nixos/tests/xfce.nix index 0b88fb18870f..cdd1f3ffc676 100644 --- a/nixos/tests/xfce.nix +++ b/nixos/tests/xfce.nix @@ -38,7 +38,8 @@ machine.succeed("xauth merge ${user.home}/.Xauthority") with subtest("Check that logging in has given the user ownership of devices"): - machine.succeed("getfacl -p /dev/snd/timer | grep -q ${user.name}") + # Change back to /dev/snd/timer after systemd-258.1 + machine.succeed("getfacl -p /dev/dri/card0 | grep -q ${user.name}") with subtest("Check if Xfce components actually start"): machine.wait_for_window("xfce4-panel")