diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 577823d61f55..d246f8ad061e 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -71,6 +71,41 @@ jobs: GH_TOKEN: ${{ github.token }} run: gh api /rate_limit | jq + manual-file-edits: + if: inputs.baseBranch && inputs.headBranch + permissions: + pull-requests: write + runs-on: ubuntu-slim + timeout-minutes: 3 + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + path: trusted + sparse-checkout: | + ci/github-script + + - name: Log current API rate limits + env: + GH_TOKEN: ${{ github.token }} + run: gh api /rate_limit | jq + + - name: Discourage manual edits to certain files + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + with: + script: | + require('./trusted/ci/github-script/manual-file-edits.js')({ + github, + context, + core, + repoPath: 'trusted', + }) + + - name: Log current API rate limits + env: + GH_TOKEN: ${{ github.token }} + run: gh api /rate_limit | jq + owners: runs-on: ubuntu-24.04-arm timeout-minutes: 5 diff --git a/ci/github-script/manual-file-edits.js b/ci/github-script/manual-file-edits.js new file mode 100644 index 000000000000..e40d6decbb7d --- /dev/null +++ b/ci/github-script/manual-file-edits.js @@ -0,0 +1,55 @@ +// @ts-check +const { getCommitDetailsForPR } = require('./get-pr-commit-details') + +/** + * @param {{ + * github: InstanceType, + * context: import('@actions/github/lib/context').Context, + * core: import('@actions/core'), + * repoPath?: string, + * }} CheckManualFileEditsProps + */ +async function checkManualFileEdits({ github, context, core, repoPath }) { + const pull_number = context.payload.pull_request?.number + if (!pull_number) { + core.info('This is not a pull request. Skipping checks.') + return + } + + const pr = ( + await github.rest.pulls.get({ + ...context.repo, + pull_number, + }) + ).data + + if (pr.user.login.endsWith('[bot]')) { + core.info('This is a bot, so these checks do not apply.') + return + } + + const details = await getCommitDetailsForPR({ core, pr, repoPath }) + + if ( + details.some(({ changedPaths }) => + changedPaths.includes('maintainers/github-teams.json'), + ) + ) { + core.setFailed( + [ + 'maintainers/github-teams.json is supposed to accurately reflect the state of the teams in GitHub.\n', + 'Therefore, it should not be edited manually.\n', + 'All changes to teams listed in maintainers/github-teams.json should be performed in GitHub by a team maintainer.\n', + "Team maintainers are listed in the github-teams.json file and in GitHub's UI.\n", + 'If there is no team maintainer available, an org owner can make the needed change, please contact one by', + 'following the instructions at https://github.com/NixOS/org/blob/main/doc/github-org-owners.md#how-to-contact-the-team.\n', + 'Thank you!', + ].reduce( + (prev, curr) => prev + (!prev || prev.endsWith('\n') ? '' : ' ') + curr, + '', + ), + ) + } +} + +module.exports = checkManualFileEdits diff --git a/ci/github-script/run b/ci/github-script/run index 744e49f018a4..1ac5075dab1b 100755 --- a/ci/github-script/run +++ b/ci/github-script/run @@ -116,4 +116,15 @@ program await run(checkCommitMessages, owner, repo, pr, options) }) +program + .command('manual-file-edits') + .description("Error when files that shouldn't be edited manually are") + .argument('', 'Owner of the GitHub repository to run on (Example: NixOS)') + .argument('', 'Name of the GitHub repository to run on (Example: nixpkgs)') + .argument('', 'Number of the Pull Request to run on') + .action(async (owner, repo, pr, options) => { + const checkManualFileEdits = (await import('./manual-file-edits.js')).default + await run(checkManualFileEdits, owner, repo, pr, options) + }) + await program.parse() diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 6706ef656676..100a874955d7 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -5091,6 +5091,11 @@ githubId = 9336788; name = "Claes Hallström"; }; + claraphyll = { + github = "claraphyll"; + githubId = 22559310; + name = "Clara Rostock"; + }; claymorwan = { name = "claymorwan"; github = "claymorwan"; diff --git a/nixos/modules/misc/documentation/modular-services.nix b/nixos/modules/misc/documentation/modular-services.nix index c43f95118169..edc60d3bb592 100644 --- a/nixos/modules/misc/documentation/modular-services.nix +++ b/nixos/modules/misc/documentation/modular-services.nix @@ -20,6 +20,7 @@ let modularServicesModule = { options = { "" = fakeSubmodule pkgs.ghostunnel.services.default; + "" = fakeSubmodule pkgs.ktls-utils.services.default; "" = fakeSubmodule pkgs.php.services.default; "" = fakeSubmodule pkgs.snid.services.default; }; diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index f50038332973..8384ee882f13 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -1658,6 +1658,7 @@ in tinydns = runTest ./tinydns.nix; tinyproxy = runTest ./tinyproxy.nix; tinywl = runTest ./tinywl.nix; + tlshd = runTest ./tlshd.nix; tlsrpt = runTest ./tlsrpt.nix; tmate-ssh-server = runTest ./tmate-ssh-server.nix; tomcat = runTest ./tomcat.nix; diff --git a/nixos/tests/tlshd.nix b/nixos/tests/tlshd.nix new file mode 100644 index 000000000000..ee61b3f0bc72 --- /dev/null +++ b/nixos/tests/tlshd.nix @@ -0,0 +1,93 @@ +{ lib, pkgs, ... }: +let + runWithOpenSSL = + name: cmd: + pkgs.runCommand name { + buildInputs = [ pkgs.openssl ]; + } cmd; + + caKey = runWithOpenSSL "ca.key" "openssl ecparam -name prime256v1 -genkey -noout -out $out"; + caCert = runWithOpenSSL "ca.crt" '' + openssl req -new -x509 -sha256 -key ${caKey} -out $out -subj "/CN=Test CA" -days 36500 + ''; + + serverKey = runWithOpenSSL "server.key" "openssl ecparam -name prime256v1 -genkey -noout -out $out"; + serverCert = runWithOpenSSL "server.crt" '' + openssl req -new -sha256 -key ${serverKey} -out server.csr -subj "/CN=server" + openssl x509 -req -in server.csr -CA ${caCert} -CAkey ${caKey} \ + -CAcreateserial -out $out -days 36500 -sha256 + ''; + + clientKey = runWithOpenSSL "client.key" "openssl ecparam -name prime256v1 -genkey -noout -out $out"; + clientCert = runWithOpenSSL "client.crt" '' + openssl req -new -sha256 -key ${clientKey} -out client.csr -subj "/CN=client" + openssl x509 -req -in client.csr -CA ${caCert} -CAkey ${caKey} \ + -CAcreateserial -out $out -days 36500 -sha256 + ''; +in +{ + _class = "nixosTest"; + name = "tlshd"; + + nodes = { + server = + { pkgs, ... }: + { + system.services.tlshd = { + imports = [ pkgs.ktls-utils.services.default ]; + tlshd.settings = { + "authenticate.server" = { + "x509.certificate" = toString serverCert; + "x509.private_key" = toString serverKey; + "x509.truststore" = toString caCert; + }; + }; + }; + + services.nfs.server = { + enable = true; + exports = '' + /export 192.168.1.0/24(rw,no_root_squash,no_subtree_check,xprtsec=mtls) + ''; + createMountPoints = true; + }; + + networking.firewall.enable = false; + }; + + client = + { pkgs, ... }: + { + system.services.tlshd = { + imports = [ pkgs.ktls-utils.services.default ]; + tlshd.settings = { + "authenticate.client" = { + "x509.certificate" = toString clientCert; + "x509.private_key" = toString clientKey; + "x509.truststore" = toString caCert; + }; + }; + }; + + virtualisation.fileSystems."/mnt/nfs" = { + device = "server:/export"; + fsType = "nfs"; + options = [ "xprtsec=mtls" ]; + }; + + networking.firewall.enable = false; + }; + }; + + testScript = '' + start_all() + server.wait_for_unit("nfs-server.service") + server.wait_for_unit("tlshd.service") + client.wait_for_unit("tlshd.service") + client.wait_for_unit("mnt-nfs.mount") + client.wait_until_succeeds("echo 'hello from client' > /mnt/nfs/test.txt") + server.wait_until_succeeds("grep 'hello from client' /export/test.txt") + ''; + + meta.maintainers = with lib.maintainers; [ tomfitzhenry ]; +} diff --git a/pkgs/applications/editors/vim/plugins/non-generated/zig-vim/default.nix b/pkgs/applications/editors/vim/plugins/non-generated/zig-vim/default.nix index 0b704e2f828a..bc2b9148b1a3 100644 --- a/pkgs/applications/editors/vim/plugins/non-generated/zig-vim/default.nix +++ b/pkgs/applications/editors/vim/plugins/non-generated/zig-vim/default.nix @@ -6,13 +6,13 @@ }: vimUtils.buildVimPlugin { pname = "zig.vim"; - version = "0-unstable-2026-03-09"; + version = "0-unstable-2026-04-13"; src = fetchFromCodeberg { owner = "ziglang"; repo = "zig.vim"; - rev = "9e76c2843f6292dc9c804996d78244fe1028891a"; - hash = "sha256-eWQqr/LopjzFJhZC3mHdUrWVDcLPHDHkxcuhrJMaY3w="; + rev = "30a1634b3a4193290dc3aad8f84c53b353b1d80f"; + hash = "sha256-2nr6csxVNDI/fRf0bsYcFKHWhvJe0vMkOT/J+4+EJaU="; }; passthru.updateScript = nix-update-script { diff --git a/pkgs/applications/editors/vscode/extensions/default.nix b/pkgs/applications/editors/vscode/extensions/default.nix index 9f48f2b3ffbb..f51850b13839 100644 --- a/pkgs/applications/editors/vscode/extensions/default.nix +++ b/pkgs/applications/editors/vscode/extensions/default.nix @@ -1109,6 +1109,22 @@ let }; }; + cuelangorg.vscode-cue = buildVscodeMarketplaceExtension { + mktplcRef = { + name = "vscode-cue"; + publisher = "cuelangorg"; + version = "0.0.19"; + hash = "sha256-Ktefsmgs/p6aV6meEMxuzRizIh4xfjTI9z9pqewyvpg="; + }; + meta = { + description = "The offical CUE extension for VS Code, providing syntax highlighting and language server integration (LSP)"; + downloadPage = "https://marketplace.visualstudio.com/items?itemName=cuelangorg.vscode-cue"; + homepage = "https://github.com/cue-lang/vscode-cue"; + license = lib.licenses.mit; + maintainers = [ lib.maintainers.karaolidis ]; + }; + }; + cweijan.dbclient-jdbc = buildVscodeMarketplaceExtension { mktplcRef = { name = "dbclient-jdbc"; @@ -3783,8 +3799,8 @@ let mktplcRef = { name = "prisma"; publisher = "Prisma"; - version = "31.8.0"; - hash = "sha256-xSkT6VlRrC36jnuB16V+eDozDutrv2ksqxatU/KIgS0="; + version = "31.9.0"; + hash = "sha256-ubUVFFfjrtoz+hI8/epCcbrU4WfQdVYy4dPHighFpK0="; }; meta = { changelog = "https://marketplace.visualstudio.com/items/Prisma.prisma/changelog"; diff --git a/pkgs/applications/editors/vscode/extensions/detachhead.basedpyright/default.nix b/pkgs/applications/editors/vscode/extensions/detachhead.basedpyright/default.nix index 9e1ba184ebf9..82d67d21805a 100644 --- a/pkgs/applications/editors/vscode/extensions/detachhead.basedpyright/default.nix +++ b/pkgs/applications/editors/vscode/extensions/detachhead.basedpyright/default.nix @@ -8,8 +8,8 @@ vscode-utils.buildVscodeMarketplaceExtension { mktplcRef = { name = "basedpyright"; publisher = "detachhead"; - version = "1.39.0"; - hash = "sha256-DCLDw+rwhHrVN3m+D4VOCcVWNv9fG4sONiNylbWgPPE="; + version = "1.39.2"; + hash = "sha256-iSjwEPSlPWmg3cYLSCp2YmHOR8EShGuPHzXMHGoa4iM="; }; meta = { changelog = "https://github.com/detachhead/basedpyright/releases"; diff --git a/pkgs/applications/editors/vscode/extensions/google.colab/default.nix b/pkgs/applications/editors/vscode/extensions/google.colab/default.nix index d768a294c702..aa6567d0b525 100644 --- a/pkgs/applications/editors/vscode/extensions/google.colab/default.nix +++ b/pkgs/applications/editors/vscode/extensions/google.colab/default.nix @@ -7,8 +7,8 @@ vscode-utils.buildVscodeMarketplaceExtension { mktplcRef = { publisher = "google"; name = "colab"; - version = "0.5.0"; - hash = "sha256-os1wdxun6HHZKZ7IjObn88mGX0Kr/A1zqeMXW/7lIr4="; + version = "0.7.3"; + hash = "sha256-+YhPF2SMOIA95VMiew/tiCf//xqGgmJyW7Bpn39geJ8="; }; meta = { diff --git a/pkgs/applications/editors/vscode/extensions/language-packs.nix b/pkgs/applications/editors/vscode/extensions/language-packs.nix index cdee6fe42969..76e9aeca631e 100644 --- a/pkgs/applications/editors/vscode/extensions/language-packs.nix +++ b/pkgs/applications/editors/vscode/extensions/language-packs.nix @@ -13,7 +13,7 @@ let buildVscodeLanguagePack = { language, - version ? "1.110.2026040813", + version ? "1.110.2026041514", hash, }: buildVscodeMarketplaceExtension { @@ -41,71 +41,71 @@ in # French vscode-language-pack-fr = buildVscodeLanguagePack { language = "fr"; - hash = "sha256-/34hQYL82oNV4AK+X9Qhc49y11U7QjBtQZkxX2DJCv0="; + hash = "sha256-k+wpnvLqp4blMWKuHf9IAyOZLExvekd4vYjzMiXQAhw="; }; # Italian vscode-language-pack-it = buildVscodeLanguagePack { language = "it"; - hash = "sha256-igknYIMrlTf6dzPRCWeE2IQ8s7SsD4AFN/oPPISv5Vk="; + hash = "sha256-gKdW15gYsoAdBPJBYVvYMmgUW2fhBAZRLLKC9uPjmSk="; }; # German vscode-language-pack-de = buildVscodeLanguagePack { language = "de"; - hash = "sha256-ovzQBQfdPQoVVgKl47qnucUQfhBBDCbbGwKlI86gR10="; + hash = "sha256-8la5VVAq5+62/1biCeGqpA9ohvI7NEeH2M1Q4e4KvQI="; }; # Spanish vscode-language-pack-es = buildVscodeLanguagePack { language = "es"; - hash = "sha256-tn1irueWoqGidrxOv49IP0pdUPjk1mPvFppe2RHEs3E="; + hash = "sha256-XugtbAlrHH73AEAljJ6IdfXvnTWhxVFJJg09YzJbM5o="; }; # Russian vscode-language-pack-ru = buildVscodeLanguagePack { language = "ru"; - hash = "sha256-3RMlWPzjHAYJsiulQOMqIZ0/u2hqxF+gZ9vVZVvPJWE="; + hash = "sha256-YO6uvr1QHvq8HTlPW2ebMADsfqd5acmNnXphDaDrBew="; }; # Chinese (Simplified) vscode-language-pack-zh-hans = buildVscodeLanguagePack { language = "zh-hans"; - hash = "sha256-5ig0jME4lljWRKL3j64RobHW98IdjzrF/cZEEkpjMZo="; + hash = "sha256-h9wvZX1/3raPIthq3L1iD2GyYcUON9IiqriAV6kJlSQ="; }; # Chinese (Traditional) vscode-language-pack-zh-hant = buildVscodeLanguagePack { language = "zh-hant"; - hash = "sha256-gV/Z1br8I+fp+/4ALQQt75sNYJGK+opvUHpkYHwV2Xc="; + hash = "sha256-TO4o3/+4HIElQA37O19u9Ul6VZ8IKCuMElEN9C8kUGo="; }; # Japanese vscode-language-pack-ja = buildVscodeLanguagePack { language = "ja"; - hash = "sha256-UilZzzy8DjhXQP6jrkndNBZFqUeX2zLVy05nOIDViKk="; + hash = "sha256-RqO+OO4wzEc3UQYoWPweXLYMKjNLgwobWzrulREbCmU="; }; # Korean vscode-language-pack-ko = buildVscodeLanguagePack { language = "ko"; - hash = "sha256-Z4a01eQD1bgQnlf0174DozkKqo5TeVR6J8sgnMPGmMg="; + hash = "sha256-QQRqctsXxEwGGTtc+o+CVzxw+Ec/ba4j3YXoZoalUQY="; }; # Czech vscode-language-pack-cs = buildVscodeLanguagePack { language = "cs"; - hash = "sha256-CCqtlFQrlgRN8ds/pqMFP6S5Ks+ZpGu3iUfchSFX1mA="; + hash = "sha256-A/87U9aR4OPUIm6lDwQNHQFUv/wWsyh6rqFnG15VzN4="; }; # Portuguese (Brazil) vscode-language-pack-pt-br = buildVscodeLanguagePack { language = "pt-BR"; - hash = "sha256-Yi2W8bdieyNxJfGy3XNafB5DX27VujSz8Dp8BMyBi1w="; + hash = "sha256-PUGEzmxWonHPl5i96dsFguWjKZPf/FVV2bzYBr63Xs8="; }; # Turkish vscode-language-pack-tr = buildVscodeLanguagePack { language = "tr"; - hash = "sha256-lKHTQryxzSgW7S3QVXHCr7DvFihD+vr2lOwiWk1klVQ="; + hash = "sha256-Hs8LAvINGRO06CQEjSRee1ryT3X31jsy9lynghMzu7k="; }; # Polish vscode-language-pack-pl = buildVscodeLanguagePack { language = "pl"; - hash = "sha256-l2PBwwGS+HFswTF4gbS++AREmTMzzbiZtHzzvX900yc="; + hash = "sha256-fJCNNoYLFhRIUbAFKiiAfc43V8aNKSu/ORNAzoqTTGw="; }; # Pseudo Language vscode-language-pack-qps-ploc = buildVscodeLanguagePack { language = "qps-ploc"; - hash = "sha256-9/SDMQ9v0zZq1fveWDx6TI/28o9NDzN0YI/tOcC7dks="; + hash = "sha256-zmnplZFsQQYuTp9TiBiuuPPcffmFHkIGcy8sn6dDt5M="; }; } diff --git a/pkgs/applications/editors/vscode/extensions/ms-dotnettools.csdevkit/default.nix b/pkgs/applications/editors/vscode/extensions/ms-dotnettools.csdevkit/default.nix index a04cc834c334..af7fd5daef40 100644 --- a/pkgs/applications/editors/vscode/extensions/ms-dotnettools.csdevkit/default.nix +++ b/pkgs/applications/editors/vscode/extensions/ms-dotnettools.csdevkit/default.nix @@ -16,19 +16,19 @@ let { x86_64-linux = { arch = "linux-x64"; - hash = "sha256-ils23RuuuEn25DJl79mMkCXXXdoI+Pyr53VKer1Lvs8="; + hash = "sha256-N3W/cvqAzf7Z9jMjiHN9zWrHXZjIqD1RnuZbZ/yQx8g="; }; aarch64-linux = { arch = "linux-arm64"; - hash = "sha256-RULUblmg5P0EU7PnTLJO6zl27AXhzbqCHWoFDSlI65E="; + hash = "sha256-1zz9xrMALIOXzMpArWSwO12WmRE+0ldbIwUFH1G2GQI="; }; x86_64-darwin = { arch = "darwin-x64"; - hash = "sha256-30RHJ6hwjY1OrYYJNsycjcf2TcxhmL6YQCeIMiYRGrc="; + hash = "sha256-3PoSbp8M2X4bhSQyxvNC7jtNDVNEuEKeYRZQMFOmbtQ="; }; aarch64-darwin = { arch = "darwin-arm64"; - hash = "sha256-3bV8J09LzTj6i+YvBoP+Tqy7OIqGvBxDI7pDO0eOLGk="; + hash = "sha256-F4CsyiX46SpjilJNV+qYps1JAw09pVruLmW+muN9/B4="; }; } .${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}") @@ -38,7 +38,7 @@ vscode-utils.buildVscodeMarketplaceExtension { mktplcRef = { name = "csdevkit"; publisher = "ms-dotnettools"; - version = "3.10.4"; + version = "3.10.14"; inherit (extInfo) hash arch; }; sourceRoot = "extension"; # This has more than one folder. diff --git a/pkgs/applications/editors/vscode/extensions/visualjj.visualjj/default.nix b/pkgs/applications/editors/vscode/extensions/visualjj.visualjj/default.nix index d0ff01bb914f..0788f9d121e1 100644 --- a/pkgs/applications/editors/vscode/extensions/visualjj.visualjj/default.nix +++ b/pkgs/applications/editors/vscode/extensions/visualjj.visualjj/default.nix @@ -11,26 +11,26 @@ vscode-utils.buildVscodeMarketplaceExtension { sources = { "x86_64-linux" = { arch = "linux-x64"; - hash = "sha256-xsenzYvX6uAMK91K9fjhRAhYvxSobq4N1yBsksh4bkM="; + hash = "sha256-xtbI0mqkjF21pL/0R0DReHVMlsf32ys2iprxp6AsTao="; }; "x86_64-darwin" = { arch = "darwin-x64"; - hash = "sha256-3f7Sw47uHigXD1sUE8LWfrfAmXCFRoSuYru106jv2Bk="; + hash = "sha256-wpmx2RNAmGwwehBI/KpKNN3qxoWYFcESYKRRzc5pK/U="; }; "aarch64-linux" = { arch = "linux-arm64"; - hash = "sha256-pjqEVhqUsAPkfLOdIMoJooAabIfNG3vUSzMuNZtBS24="; + hash = "sha256-zp3V8o9BDV29PA8xSlZ/RglnYkuc1rd+N5CuXIqd4ME="; }; "aarch64-darwin" = { arch = "darwin-arm64"; - hash = "sha256-jPvkC5ZmA8LToXIZvkY1iMbEWnJGWQMT74RZ+PS3ZBg="; + hash = "sha256-7Scr8lumlZu5M1pGAWfQTMIpBXWU1/yp5kVE3LpFSVM="; }; }; in { name = "visualjj"; publisher = "visualjj"; - version = "0.27.1"; + version = "0.28.1"; } // sources.${stdenvNoCC.hostPlatform.system} or (throw "Unsupported system ${stdenvNoCC.hostPlatform.system}"); diff --git a/pkgs/applications/gis/qgis/default.nix b/pkgs/applications/gis/qgis/default.nix index 9174d6452f70..dff51be13267 100644 --- a/pkgs/applications/gis/qgis/default.nix +++ b/pkgs/applications/gis/qgis/default.nix @@ -7,20 +7,20 @@ extraPythonPackages ? (ps: [ ]), - libsForQt5, + qt6Packages, # unwrapped package parameters withGrass ? false, withServer ? false, - withWebKit ? false, }: + let - qgis-unwrapped = libsForQt5.callPackage ./unwrapped.nix { - inherit withGrass withServer withWebKit; + qgis-unwrapped = qt6Packages.callPackage ./unwrapped.nix { + inherit withGrass withServer; }; in - symlinkJoin { + inherit (qgis-unwrapped) version outputs src; pname = "qgis"; @@ -31,7 +31,7 @@ symlinkJoin { qgis-unwrapped.py.pkgs.wrapPython ]; - # extend to add to the python environment of QGIS without rebuilding QGIS application. + # Extend to add to the python environment of QGIS without rebuilding QGIS application. pythonInputs = qgis-unwrapped.pythonBuildInputs ++ (extraPythonPackages qgis-unwrapped.py.pkgs); postBuild = '' @@ -40,9 +40,22 @@ symlinkJoin { for program in $out/bin/*; do wrapProgram $program \ --prefix PATH : $program_PATH \ + --set PYTHONHOME ${qgis-unwrapped.py} \ --set PYTHONPATH $program_PYTHONPATH done '' + + lib.optionalString stdenv.hostPlatform.isDarwin '' + QGIS_PYTHON_PATH="$out/Applications/QGIS.app/Contents/Frameworks" + for program in $out/Applications/QGIS.app/Contents/MacOS/qgis \ + $out/Applications/QGIS.app/Contents/MacOS/qgis_process; do + if [[ -e "$program" ]]; then + wrapProgram "$program" \ + --prefix PATH : $program_PATH \ + --set PYTHONHOME ${qgis-unwrapped.py} \ + --set PYTHONPATH "$QGIS_PYTHON_PATH:$program_PYTHONPATH" + fi + done + '' + lib.optionalString (!stdenv.hostPlatform.isDarwin) '' ln -s ${qgis-unwrapped.man} $man ''; diff --git a/pkgs/applications/gis/qgis/set-pyqt6-package-dirs.patch b/pkgs/applications/gis/qgis/set-pyqt6-package-dirs.patch new file mode 100644 index 000000000000..e2488af7c1f1 --- /dev/null +++ b/pkgs/applications/gis/qgis/set-pyqt6-package-dirs.patch @@ -0,0 +1,35 @@ +diff --git a/cmake/FindPyQt6.cmake b/cmake/FindPyQt6.cmake +index a938417a03f..b3a2d3cf091 100644 +--- a/cmake/FindPyQt6.cmake ++++ b/cmake/FindPyQt6.cmake +@@ -25,7 +25,7 @@ ELSE(EXISTS PYQT6_VERSION_STR) + IF(SIP_BUILD_EXECUTABLE) + # SIP >= 5.0 path + +- FILE(GLOB _pyqt6_metadata "${Python_SITEARCH}/PyQt6-*.dist-info/METADATA") ++ FILE(GLOB _pyqt6_metadata "@pyQt6PackageDir@/PyQt6-*.dist-info/METADATA") + IF(_pyqt6_metadata) + FILE(READ ${_pyqt6_metadata} _pyqt6_metadata_contents) + STRING(REGEX REPLACE ".*\nVersion: ([^\n]+).*$" "\\1" PYQT6_VERSION_STR ${_pyqt6_metadata_contents}) + +diff --git a/cmake/FindQsci.cmake b/cmake/FindQsci.cmake +index f6a06ebd5b4..ca502d60fbd 100644 +--- a/cmake/FindQsci.cmake ++++ b/cmake/FindQsci.cmake +@@ -24,7 +24,7 @@ ELSE(QSCI_MOD_VERSION_STR) + IF(SIP_BUILD_EXECUTABLE) + # SIP >= 5.0 path + +- FILE(GLOB _qsci_metadata "${Python_SITEARCH}/QScintilla*.dist-info/METADATA") ++ FILE(GLOB _qsci_metadata "@qsciPackageDir@/QScintilla*.dist-info/METADATA") + IF(_qsci_metadata) + FILE(READ ${_qsci_metadata} _qsci_metadata_contents) + STRING(REGEX REPLACE ".*\nVersion: ([^\n]+).*$" "\\1" QSCI_MOD_VERSION_STR ${_qsci_metadata_contents}) +@@ -33,7 +33,7 @@ ELSE(QSCI_MOD_VERSION_STR) + ENDIF(_qsci_metadata) + + IF(QSCI_MOD_VERSION_STR) +- SET(QSCI_SIP_DIR "${PYQT_SIP_DIR}") ++ SET(QSCI_SIP_DIR "@qsciPackageDir@/PyQt6/bindings") + SET(QSCI_FOUND TRUE) + ENDIF(QSCI_MOD_VERSION_STR) diff --git a/pkgs/applications/gis/qgis/unwrapped.nix b/pkgs/applications/gis/qgis/unwrapped.nix index b71c57880760..bd844a062ed4 100644 --- a/pkgs/applications/gis/qgis/unwrapped.nix +++ b/pkgs/applications/gis/qgis/unwrapped.nix @@ -1,20 +1,18 @@ { lib, stdenv, + fetchFromGitHub, lndir, makeWrapper, - mkDerivation, replaceVars, wrapGAppsHook3, wrapQtAppsHook, withGrass, withServer, - withWebKit, darwin, - libtasn1, bison, cmake, draco, @@ -25,6 +23,8 @@ grass, gsl, hdf5, + libtasn1, + libspatialindex, libspatialite, libzip, netcdf, @@ -35,18 +35,20 @@ proj, protobuf, python3, - qca-qt5, + qca, qscintilla, qt3d, + qt5compat, qtbase, + qtdeclarative, qtkeychain, qtlocation, qtmultimedia, qtsensors, qtserialport, qtsvg, - qtwebkit, - qtxmlpatterns, + qttools, + qtwebengine, qwt, sqlite, txt2tags, @@ -57,8 +59,7 @@ let py = python3.override { self = py; packageOverrides = self: super: { - pyqt5 = super.pyqt5.override { - withLocation = true; + pyqt6 = super.pyqt6.override { withSerialPort = true; }; }; @@ -72,30 +73,30 @@ let owslib psycopg2 pygments - pyqt5 - pyqt5-sip + pyqt6 pyqt-builder python-dateutil pytz pyyaml - qscintilla-qt5 + qscintilla-qt6 requests setuptools sip six urllib3 ]; + in -mkDerivation rec { - version = "3.44.7"; +stdenv.mkDerivation rec { pname = "qgis-unwrapped"; + version = "4.0.1"; outputs = [ "out" ] ++ lib.optional (!stdenv.hostPlatform.isDarwin) "man"; src = fetchFromGitHub { owner = "qgis"; repo = "QGIS"; rev = "final-${lib.replaceStrings [ "." ] [ "_" ] version}"; - hash = "sha256-ewYTl6tR1K7Q/AMA3BDlcSaj4mN3yt+1Kfa4a1JSXL0="; + hash = "sha256-pH48EhH2kmlscFPYiLStGIqXrmO9zgpidtkWVf1K5Mo="; }; passthru = { @@ -125,42 +126,47 @@ mkDerivation rec { geos gsl hdf5 + libpq + libspatialindex libspatialite libzip netcdf openssl pdal - libpq proj protobuf - qca-qt5 + qca qscintilla qt3d + qt5compat qtbase + qtdeclarative qtkeychain qtlocation qtmultimedia qtsensors qtserialport - qtsvg - qtxmlpatterns + qttools + qtwebengine qwt sqlite txt2tags zstd ] ++ lib.optional withGrass grass - ++ lib.optional withWebKit qtwebkit - ++ lib.optional stdenv.hostPlatform.isDarwin libtasn1 + ++ lib.optionals stdenv.hostPlatform.isDarwin [ + libtasn1 + qtsvg + ] ++ pythonBuildInputs; patches = [ - (replaceVars ./set-pyqt-package-dirs.patch { - pyQt5PackageDir = "${py.pkgs.pyqt5}/${py.pkgs.python.sitePackages}"; - qsciPackageDir = "${py.pkgs.qscintilla-qt5}/${py.pkgs.python.sitePackages}"; + (replaceVars ./set-pyqt6-package-dirs.patch { + pyQt6PackageDir = "${py.pkgs.pyqt6}/${py.pkgs.python.sitePackages}"; + qsciPackageDir = "${py.pkgs.qscintilla-qt6}/${py.pkgs.python.sitePackages}"; }) (replaceVars ./spatialite-path.patch { - spatialiteLib = "${libspatialite}/lib/mod_spatialite.so"; + spatialiteLib = "${libspatialite}/lib/mod_spatialite${stdenv.hostPlatform.extensions.sharedLibrary}"; }) ]; @@ -169,6 +175,8 @@ mkDerivation rec { env.QT_QPA_PLATFORM_PLUGIN_PATH = "${qtbase}/${qtbase.qtPluginPrefix}/platforms"; cmakeFlags = [ + "-DWITH_QTWEBENGINE=True" + "-DWITH_3D=True" "-DWITH_PDAL=True" "-DENABLE_TESTS=False" @@ -178,10 +186,10 @@ mkDerivation rec { "-DWITH_INTERNAL_SPATIALINDEX=True" ] ++ lib.optionals stdenv.hostPlatform.isDarwin [ - "-DQGIS_MACAPP_BUNDLE=0" # Don't copy Qt into bundle; we fix paths in postFixup - "-DSQLITE3_INCLUDE_DIR=${sqlite.dev}/include" # FindSqlite3.cmake incorrectly assumes framework + "-DQGIS_MACAPP_BUNDLE=0" + "-DSQLITE3_INCLUDE_DIR=${sqlite.dev}/include" + "-DUSE_OPENCL=OFF" ] - ++ lib.optional (!withWebKit) "-DWITH_QTWEBKIT=OFF" ++ lib.optional withServer [ "-DWITH_SERVER=True" "-DQGIS_CGIBIN_SUBDIR=${placeholder "out"}/lib/cgi-bin" @@ -201,12 +209,11 @@ mkDerivation rec { dontWrapGApps = true; # wrapper params passed below dontWrapQtApps = stdenv.hostPlatform.isDarwin; + # GRASS has to be available on the command line even though we baked in the + # path at build time using GRASS_PREFIX. Using wrapGAppsHook also prevents + # file dialogs from crashing the program on non-NixOS. postFixup = lib.optionalString (withGrass && stdenv.hostPlatform.isLinux) '' - # GRASS has to be available on the command line even though we baked in - # the path at build time using GRASS_PREFIX. - # Using wrapGAppsHook also prevents file dialogs from crashing the program - # on non-NixOS. for program in $out/bin/*; do wrapProgram $program \ "''${gappsWrapperArgs[@]}" \ @@ -214,54 +221,134 @@ mkDerivation rec { done '' + lib.optionalString stdenv.hostPlatform.isDarwin '' - mkdir -p $out/Applications $out/bin - mv $out/QGIS.app $out/Applications/ - ln -s $out/Applications/QGIS.app/Contents/MacOS/QGIS $out/bin/qgis + mkdir -p $out/Applications/QGIS.app $out/bin + mv $out/Contents $out/Applications/QGIS.app/ + ln -s $out/Applications/QGIS.app/Contents/MacOS/qgis $out/bin/qgis SHORT_VERSION=$(echo "${version}" | cut -d. -f1,2) BUNDLE="$out/Applications/QGIS.app" FRAMEWORKS="$BUNDLE/Contents/Frameworks" + for lib in "$FRAMEWORKS"/libqgis*.dylib "$FRAMEWORKS"/libqgispython*.dylib; do + [[ -f "$lib" && ! -L "$lib" ]] || continue + libname=$(basename "$lib") + install_name_tool -id "$FRAMEWORKS/$libname" "$lib" 2>/dev/null || true + done + fix_binary() { local f="$1" [[ -f "$f" ]] || return 0 - file "$f" | grep -q "Mach-O" || return 0 + file "$f" | grep -q "Mach-O" || return 0 # spellok + # QGIS core libraries + local qgis_libs=(core gui analysis 3d native app) + for lib in "''${qgis_libs[@]}"; do + install_name_tool \ + -change "$out/lib/libqgis_$lib.${version}.dylib" \ + "$FRAMEWORKS/libqgis_$lib.${version}.dylib" \ + "$f" 2>/dev/null || true + done + + # libqgispython (no underscore, unlike the other qgis libs) install_name_tool \ - -change "@loader_path/../lib/libqscintilla2_qt5.dylib" "${qscintilla}/lib/libqscintilla2_qt5.dylib" \ - -change "@loader_path/../lib/libqt5keychain.dylib" "${qtkeychain}/lib/libqt5keychain.dylib" \ - -change "@loader_path/../lib/libqwt.dylib" "${qwt}/lib/libqwt.dylib" \ - -change "@loader_path/../../Frameworks/qca-qt5.framework/qca-qt5" "${qca-qt5}/lib/qca-qt5.framework/qca-qt5" \ - -change "@loader_path/../../../qca-qt5.framework/qca-qt5" "${qca-qt5}/lib/qca-qt5.framework/qca-qt5" \ - -change "@loader_path/../../../../MacOS/lib/libqscintilla2_qt5.dylib" "${qscintilla}/lib/libqscintilla2_qt5.dylib" \ - -change "@loader_path/../../../../MacOS/lib/libqt5keychain.dylib" "${qtkeychain}/lib/libqt5keychain.dylib" \ - -change "@loader_path/../../../../MacOS/lib/libqwt.dylib" "${qwt}/lib/libqwt.dylib" \ - -change "@executable_path/lib/libqwt.dylib" "${qwt}/lib/libqwt.dylib" \ - -change "@executable_path/lib/libqscintilla2_qt5.dylib" "${qscintilla}/lib/libqscintilla2_qt5.dylib" \ - -change "@executable_path/lib/libqt5keychain.dylib" "${qtkeychain}/lib/libqt5keychain.dylib" \ - -change "@executable_path/../Frameworks/qca-qt5.framework/qca-qt5" "${qca-qt5}/lib/qca-qt5.framework/qca-qt5" \ - -change "@loader_path/../../../qgis_core.framework/qgis_core" "$FRAMEWORKS/qgis_core.framework/Versions/$SHORT_VERSION/qgis_core" \ - -change "@loader_path/../../../qgis_gui.framework/qgis_gui" "$FRAMEWORKS/qgis_gui.framework/Versions/$SHORT_VERSION/qgis_gui" \ - -change "@loader_path/../../../qgis_analysis.framework/qgis_analysis" "$FRAMEWORKS/qgis_analysis.framework/Versions/$SHORT_VERSION/qgis_analysis" \ - -change "@loader_path/../../../qgis_3d.framework/qgis_3d" "$FRAMEWORKS/qgis_3d.framework/Versions/$SHORT_VERSION/qgis_3d" \ - -change "@loader_path/../../../qgis_native.framework/qgis_native" "$FRAMEWORKS/qgis_native.framework/Versions/$SHORT_VERSION/qgis_native" \ + -change "$out/lib/libqgispython.${version}.dylib" \ + "$FRAMEWORKS/libqgispython.${version}.dylib" \ "$f" 2>/dev/null || true + + # QGIS frameworks + local qgis_frameworks=(core gui analysis 3d native) + for fw in "''${qgis_frameworks[@]}"; do + install_name_tool \ + -change "@loader_path/../../../qgis_$fw.framework/qgis_$fw" \ + "$FRAMEWORKS/qgis_$fw.framework/Versions/$SHORT_VERSION/qgis_$fw" \ + "$f" 2>/dev/null || true + done + + # External libraries - qscintilla + install_name_tool \ + -change "@loader_path/../lib/libqscintilla2_qt6.dylib" \ + "${qscintilla}/lib/libqscintilla2_qt6.dylib" \ + "$f" 2>/dev/null || true + install_name_tool \ + -change "@loader_path/../../../../MacOS/lib/libqscintilla2_qt6.dylib" \ + "${qscintilla}/lib/libqscintilla2_qt6.dylib" \ + "$f" 2>/dev/null || true + install_name_tool \ + -change "@executable_path/lib/libqscintilla2_qt6.dylib" \ + "${qscintilla}/lib/libqscintilla2_qt6.dylib" \ + "$f" 2>/dev/null || true + + # External libraries - qtkeychain + install_name_tool \ + -change "@loader_path/../lib/libqt6keychain.dylib" \ + "${qtkeychain}/lib/libqt6keychain.dylib" \ + "$f" 2>/dev/null || true + install_name_tool \ + -change "@loader_path/../../../../MacOS/lib/libqt6keychain.dylib" \ + "${qtkeychain}/lib/libqt6keychain.dylib" \ + "$f" 2>/dev/null || true + install_name_tool \ + -change "@executable_path/lib/libqt6keychain.dylib" \ + "${qtkeychain}/lib/libqt6keychain.dylib" \ + "$f" 2>/dev/null || true + + # External libraries - qwt + install_name_tool \ + -change "@loader_path/../lib/libqwt.dylib" \ + "${qwt}/lib/libqwt.dylib" \ + "$f" 2>/dev/null || true + install_name_tool \ + -change "@loader_path/../../../../MacOS/lib/libqwt.dylib" \ + "${qwt}/lib/libqwt.dylib" \ + "$f" 2>/dev/null || true + install_name_tool \ + -change "@executable_path/lib/libqwt.dylib" \ + "${qwt}/lib/libqwt.dylib" \ + "$f" 2>/dev/null || true + install_name_tool \ + -change "qwt.framework/Versions/6/qwt" \ + "${qwt}/lib/qwt.framework/Versions/6/qwt" \ + "$f" 2>/dev/null || true + + # QCA framework paths + local qca_paths=( + "@loader_path/../../Frameworks/qca-qt6.framework/qca-qt6" + "@loader_path/../../../qca-qt6.framework/qca-qt6" + "@executable_path/../Frameworks/qca-qt6.framework/qca-qt6" + ) + for qca_path in "''${qca_paths[@]}"; do + install_name_tool \ + -change "$qca_path" "${qca}/lib/qca-qt6.framework/qca-qt6" \ + "$f" 2>/dev/null || true + done } - fix_binary "$BUNDLE/Contents/MacOS/QGIS" - for lib in "$BUNDLE/Contents/MacOS/lib"/*.dylib; do fix_binary "$lib"; done + fix_binary "$BUNDLE/Contents/MacOS/qgis" + for bin in "$BUNDLE/Contents/MacOS"/*; do fix_binary "$bin"; done + for lib in "$FRAMEWORKS"/*.dylib; do fix_binary "$lib"; done + + if [[ -d "$BUNDLE/Contents/MacOS/lib" ]]; then + for lib in "$BUNDLE/Contents/MacOS/lib"/*.dylib; do fix_binary "$lib"; done + fi + for fw in qgis_core qgis_gui qgis_analysis qgis_3d qgis_native; do fix_binary "$FRAMEWORKS/$fw.framework/Versions/$SHORT_VERSION/$fw" [[ -f "$FRAMEWORKS/$fw.framework/$fw" && ! -L "$FRAMEWORKS/$fw.framework/$fw" ]] && \ fix_binary "$FRAMEWORKS/$fw.framework/$fw" done + for plugin in "$BUNDLE/Contents/PlugIns/qgis"/*.so; do fix_binary "$plugin"; done + # Fix Python binding .so files in Frameworks/qgis + for pyso in "$BUNDLE/Contents/Frameworks/qgis"/*.so; do fix_binary "$pyso"; done + ${lib.optionalString withGrass '' fix_binary "$FRAMEWORKS/qgisgrass8.framework/Versions/$SHORT_VERSION/qgisgrass8" + install_name_tool \ -change "@loader_path/../../../qgisgrass8.framework/qgisgrass8" "$FRAMEWORKS/qgisgrass8.framework/Versions/$SHORT_VERSION/qgisgrass8" \ "$BUNDLE/Contents/MacOS/QGIS" 2>/dev/null || true + for lib in "$BUNDLE/Contents/MacOS/lib"/*.dylib; do install_name_tool \ -change "@loader_path/../../../qgisgrass8.framework/qgisgrass8" "$FRAMEWORKS/qgisgrass8.framework/Versions/$SHORT_VERSION/qgisgrass8" \ @@ -273,22 +360,21 @@ mkDerivation rec { fix_binary "$BUNDLE/Contents/MacOS/lib/libqgis_server.${version}.dylib" ''} - # Merge Python packages (lndir handles namespace packages correctly) QGIS_PYTHON="$BUNDLE/Contents/Resources/python" - for pkg in ${ - lib.concatMapStringsSep " " (p: "${p}/${py.pkgs.python.sitePackages}") ( - py.pkgs.requiredPythonModules pythonBuildInputs - ) - }; do - [[ -d "$pkg" ]] && lndir -silent "$pkg" "$QGIS_PYTHON" - done - # Remove broken symlinks - find "$QGIS_PYTHON" -type l ! -exec test -e {} \; -delete + if [[ -d "$QGIS_PYTHON" ]]; then + for pkg in ${ + lib.concatMapStringsSep " " (p: "${p}/${py.pkgs.python.sitePackages}") ( + py.pkgs.requiredPythonModules pythonBuildInputs + ) + }; do + [[ -d "$pkg" ]] && lndir -silent "$pkg" "$QGIS_PYTHON" + done + find "$QGIS_PYTHON" -type l ! -exec test -e {} \; -delete + fi - # Create merged Qt plugins directory in the bundle (LSEnvironment is unreliable) mkdir -p "$BUNDLE/Contents/PlugIns" lndir -silent "${qtbase}/${qtbase.qtPluginPrefix}" "$BUNDLE/Contents/PlugIns" - lndir -silent "${qtsvg.bin}/${qtbase.qtPluginPrefix}" "$BUNDLE/Contents/PlugIns" + lndir -silent "${qtsvg}/${qtbase.qtPluginPrefix}" "$BUNDLE/Contents/PlugIns" cat > "$BUNDLE/Contents/Resources/qt.conf" << 'EOF' [Paths] diff --git a/pkgs/applications/networking/cluster/terraform-providers/providers.json b/pkgs/applications/networking/cluster/terraform-providers/providers.json index 2c651447d56f..8da6df8ed9f6 100644 --- a/pkgs/applications/networking/cluster/terraform-providers/providers.json +++ b/pkgs/applications/networking/cluster/terraform-providers/providers.json @@ -1418,13 +1418,13 @@ "vendorHash": null }, "vancluever_acme": { - "hash": "sha256-aUfIrYKuNsZEv/YKqpHwb5E/aLS9EPc01bkli+Wa6Ek=", + "hash": "sha256-uYlaJfXerng7VfZt08fwvdBTy9UU6DgD5WGIca36LrA=", "homepage": "https://registry.terraform.io/providers/vancluever/acme", "owner": "vancluever", "repo": "terraform-provider-acme", - "rev": "v2.46.1", + "rev": "v2.47.0", "spdx": "MPL-2.0", - "vendorHash": "sha256-E7ym1msahCoJw3Dxn4ex/1yQqodi/RCaO4cLRNpFbcM=" + "vendorHash": "sha256-uXcqb1yTHzERpVtPnu0HCETJyo8BjI/Vw6dVeOyGXys=" }, "venafi_venafi": { "hash": "sha256-wpAckNRqZjSDt7KpCRpLSYkn6Gm+QPzn5sIJ90wRXjI=", diff --git a/pkgs/by-name/ad/adw-gtk3/package.nix b/pkgs/by-name/ad/adw-gtk3/package.nix index 9f98e43f17a6..7f2df848c55b 100644 --- a/pkgs/by-name/ad/adw-gtk3/package.nix +++ b/pkgs/by-name/ad/adw-gtk3/package.nix @@ -10,13 +10,13 @@ stdenvNoCC.mkDerivation (finalAttrs: { pname = "adw-gtk3"; - version = "6.4"; + version = "6.5"; src = fetchFromGitHub { owner = "lassekongo83"; repo = "adw-gtk3"; tag = "v${finalAttrs.version}"; - hash = "sha256-tuOv3uKOQJaKvMeiUqI0jAIQqgb0P8jiO/rnClSp7uU="; + hash = "sha256-7tCmtSauWUEoQUvOVnL4Zq+Om+9bHUCl1mDUejxjP78="; }; nativeBuildInputs = [ diff --git a/pkgs/by-name/ag/age-plugin-fido2prf/package.nix b/pkgs/by-name/ag/age-plugin-fido2prf/package.nix new file mode 100644 index 000000000000..a12a382240b9 --- /dev/null +++ b/pkgs/by-name/ag/age-plugin-fido2prf/package.nix @@ -0,0 +1,37 @@ +{ + lib, + buildGoModule, + fetchFromGitHub, + libfido2, +}: +buildGoModule (finalAttrs: { + pname = "age-plugin-fido2prf"; + version = "0.3.0"; + + src = fetchFromGitHub { + owner = "FiloSottile"; + repo = "typage"; + tag = "v${finalAttrs.version}"; + hash = "sha256-JGEn1xIzfLyoCWd/aRRG08Z/OoviEyZF+tGEfcj9DXw="; + }; + + srcRoot = "${finalAttrs.src}/fido2prf/cmd/age-plugin-fido2prf"; + vendorHash = "sha256-XrgZBvNyVUhKJ87vfd9aZh6aW+JifJWUu/ggNQZKwo0="; + + ldflags = [ + "-s" + "-w" + "-X main.version=v${finalAttrs.version}" + ]; + + buildInputs = [ libfido2 ]; + + meta = { + description = "Age plugin to encrypt files with FIDO2 tokens in a way compatible to typage"; + homepage = "https://github.com/FiloSottile/typage/"; + license = lib.licenses.bsd3; + maintainers = with lib.maintainers; [ claraphyll ]; + mainProgram = "age-plugin-fido2prf"; + }; + __structuredAttrs = true; +}) diff --git a/pkgs/by-name/an/ananicy-rules-cachyos/package.nix b/pkgs/by-name/an/ananicy-rules-cachyos/package.nix index 03787e8af1dc..1841b1b671ba 100644 --- a/pkgs/by-name/an/ananicy-rules-cachyos/package.nix +++ b/pkgs/by-name/an/ananicy-rules-cachyos/package.nix @@ -7,13 +7,13 @@ stdenvNoCC.mkDerivation { pname = "ananicy-rules-cachyos"; - version = "0-unstable-2026-04-06"; + version = "0-unstable-2026-04-15"; src = fetchFromGitHub { owner = "CachyOS"; repo = "ananicy-rules"; - rev = "ca5e3e7714eb051de7d70ee0324c11b5cecf10f8"; - hash = "sha256-a0T6KYB6ZpCCIbEIgvkx7mb0iOS75r9aC5xmmhR5/f0="; + rev = "59de158ecc602270a86e58b89663d141dd688d87"; + hash = "sha256-TwO2pINGLsrYMeUJthj+hPcej+MfFB1zjq+89/QMS+I="; }; dontConfigure = true; diff --git a/pkgs/by-name/ca/cargo-binstall/package.nix b/pkgs/by-name/ca/cargo-binstall/package.nix index be3cc7f5bc2a..2475d673e5b0 100644 --- a/pkgs/by-name/ca/cargo-binstall/package.nix +++ b/pkgs/by-name/ca/cargo-binstall/package.nix @@ -11,16 +11,16 @@ rustPlatform.buildRustPackage (finalAttrs: { pname = "cargo-binstall"; - version = "1.18.0"; + version = "1.18.1"; src = fetchFromGitHub { owner = "cargo-bins"; repo = "cargo-binstall"; tag = "v${finalAttrs.version}"; - hash = "sha256-005RXO9Ah8JA36n27CehwgOOij2d3S3BfmRaaYYqpeg="; + hash = "sha256-SOiwme6MIOzro5/85rgEP90odXUUqeTDzn1ZsKDS4Z4="; }; - cargoHash = "sha256-bulcxmiQAt0WugUlXLFDjLlZi9q2/jFhZ/AuGbXF2K0="; + cargoHash = "sha256-UW960ls3O+0CiQHoFvkhieL+t0dG9RJ3zi/Pu37kvbY="; nativeBuildInputs = [ pkg-config diff --git a/pkgs/by-name/fo/folio/package.nix b/pkgs/by-name/fo/folio/package.nix index 0512b3246231..beaf409ab764 100644 --- a/pkgs/by-name/fo/folio/package.nix +++ b/pkgs/by-name/fo/folio/package.nix @@ -16,13 +16,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "folio"; - version = "25.02"; + version = "26.01"; src = fetchFromGitHub { owner = "toolstack"; repo = "Folio"; tag = finalAttrs.version; - hash = "sha256-u7HieTsbSohCjpLNyeY/ZZdmpQWulZaCkxOV5a5QyBY="; + hash = "sha256-ctBLTGJ0cixqHHOrHmkN1+NyuVr6dcNNtVmquGgMdWE="; }; nativeBuildInputs = [ diff --git a/pkgs/by-name/fo/foxotron/package.nix b/pkgs/by-name/fo/foxotron/package.nix index 3a9af09b7f09..249ebbc03893 100644 --- a/pkgs/by-name/fo/foxotron/package.nix +++ b/pkgs/by-name/fo/foxotron/package.nix @@ -3,7 +3,7 @@ lib, fetchFromGitHub, fetchpatch, - nix-update-script, + unstableGitUpdater, cmake, pkg-config, makeWrapper, @@ -17,48 +17,44 @@ libGLU, alsa-lib, fontconfig, + wayland, + wayland-scanner, + libdecor, + libxkbcommon, }: stdenv.mkDerivation (finalAttrs: { pname = "foxotron"; - version = "2024-09-23"; + version = "2024-09-23-unstable-2026-03-20"; src = fetchFromGitHub { owner = "Gargaj"; repo = "Foxotron"; - tag = finalAttrs.version; + rev = "6edbf2e52e59a4206420bc667225a4e18778be76"; fetchSubmodules = true; - hash = "sha256-OnZWoiQ5ASKQV73/W6nl17B2ANwqCy/PlybHbNwrOyQ="; + hash = "sha256-bqqtBXufeAncOQktpKFLkmc15p2Z8yrrGFLH62aXfj0="; }; - patches = [ - (fetchpatch { - name = "0001-assimp-Include-cstdint-for-std-uint32_t.patch"; - url = "https://github.com/assimp/assimp/commit/108e3192a201635e49e99a91ff2044e1851a2953.patch"; - stripLen = 1; - extraPrefix = "externals/assimp/"; - hash = "sha256-rk0EFmgeZVwvx3NJOOob5Jwj9/J+eOtuAzfwp88o+J4="; - }) - ]; - postPatch = '' substituteInPlace CMakeLists.txt \ - --replace-fail "set(CMAKE_OSX_ARCHITECTURES x86_64)" "" \ - --replace-fail "cmake_minimum_required(VERSION 3.0)" "cmake_minimum_required(VERSION 3.10)" - - substituteInPlace externals/glm/CMakeLists.txt \ - --replace-fail "cmake_minimum_required(VERSION 3.2 FATAL_ERROR)" "cmake_minimum_required(VERSION 3.10)" \ - --replace-fail "cmake_policy(VERSION 3.2)" "cmake_policy(VERSION 3.10)" - - # Outdated vendored assimp, many warnings with newer compilers, too old for CMake option to control this - # Note that this -Werror caused issues on darwin, so make sure to re-check builds there before removing this - substituteInPlace externals/assimp/code/CMakeLists.txt \ - --replace-fail 'TARGET_COMPILE_OPTIONS(assimp PRIVATE -Werror)' "" + --replace-fail "set(CMAKE_OSX_ARCHITECTURES x86_64)" "" + '' + # From glfw package + + lib.optionalString stdenv.hostPlatform.isLinux '' + substituteInPlace externals/glfw/src/wl_init.c \ + --replace-fail '"libdecor-0.so.0"' '"${lib.getLib libdecor}/lib/libdecor-0.so.0"' \ + --replace-fail '"libwayland-client.so.0"' '"${lib.getLib wayland}/lib/libwayland-client.so.0"' \ + --replace-fail '"libwayland-cursor.so.0"' '"${lib.getLib wayland}/lib/libwayland-cursor.so.0"' \ + --replace-fail '"libwayland-egl.so.1"' '"${lib.getLib wayland}/lib/libwayland-egl.so.1"' \ + --replace-fail '"libxkbcommon.so.0"' '"${lib.getLib libxkbcommon}/lib/libxkbcommon.so.0"' ''; nativeBuildInputs = [ cmake pkg-config makeWrapper + ] + ++ lib.optionals stdenv.hostPlatform.isLinux [ + wayland-scanner ]; buildInputs = [ @@ -74,6 +70,8 @@ stdenv.mkDerivation (finalAttrs: { alsa-lib fontconfig libGLU + libxkbcommon + wayland ]; env.NIX_CFLAGS_COMPILE = toString [ @@ -98,7 +96,7 @@ stdenv.mkDerivation (finalAttrs: { ''; passthru = { - updateScript = nix-update-script { }; + updateScript = unstableGitUpdater { }; }; meta = { diff --git a/pkgs/by-name/ki/kikit/default.nix b/pkgs/by-name/ki/kikit/default.nix index f75fd83163e5..40d312da3d57 100644 --- a/pkgs/by-name/ki/kikit/default.nix +++ b/pkgs/by-name/ki/kikit/default.nix @@ -26,14 +26,14 @@ let in buildPythonApplication (finalAttrs: { pname = "kikit"; - version = "1.7.2"; + version = "1.8.0"; pyproject = true; src = fetchFromGitHub { owner = "yaqwsx"; repo = "KiKit"; tag = "v${finalAttrs.version}"; - hash = "sha256-HSAQJJqJMVh44wgOQm+0gteShLogklBFuIzWtoVTf9I="; + hash = "sha256-QhtdQgMgHaB0xj2hQ4MCptr5DDgCOfRClUSyYzrFQis="; # Upstream uses versioneer, which relies on gitattributes substitution. # This leads to non-reproducible archives on GitHub. # See https://github.com/NixOS/nixpkgs/issues/84312 diff --git a/pkgs/by-name/kt/ktls-utils/package.nix b/pkgs/by-name/kt/ktls-utils/package.nix index 8820b61c3471..f11dfffa4f47 100644 --- a/pkgs/by-name/kt/ktls-utils/package.nix +++ b/pkgs/by-name/kt/ktls-utils/package.nix @@ -11,6 +11,7 @@ systemd, withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd, nix-update-script, + nixosTests, }: stdenv.mkDerivation (finalAttrs: { @@ -47,7 +48,14 @@ stdenv.mkDerivation (finalAttrs: { doCheck = true; - passthru.updateScript = nix-update-script { }; + passthru = { + updateScript = nix-update-script { }; + tests.nixos = nixosTests.tlshd; + services.default = { + imports = [ (lib.modules.importApply ./service.nix { }) ]; + tlshd.package = finalAttrs.finalPackage; + }; + }; meta = { description = "TLS handshake utilities for in-kernel TLS consumers"; diff --git a/pkgs/by-name/kt/ktls-utils/service.nix b/pkgs/by-name/kt/ktls-utils/service.nix new file mode 100644 index 000000000000..c755a004e6fd --- /dev/null +++ b/pkgs/by-name/kt/ktls-utils/service.nix @@ -0,0 +1,75 @@ +# Non-module dependencies (`importApply`) +{ }: + +# Service module +{ + lib, + config, + options, + ... +}: +let + inherit (lib) + getExe + mkOption + types + ; + cfg = config.tlshd; + + configFile = config.configData."tlshd.conf".path; +in +{ + # https://nixos.org/manual/nixos/unstable/#modular-services + _class = "service"; + + options.tlshd = { + package = mkOption { + description = "Package to use for tlshd."; + defaultText = lib.literalMD "The `ktls-utils` package that provided this module."; + type = types.package; + }; + + settings = mkOption { + description = '' + Configuration for tlshd in INI format. + See {manpage}`tlshd.conf(5)` for available options. + ''; + type = types.attrsOf (types.attrsOf types.str); + default = { }; + example = lib.literalExpression '' + { + "authenticate.server" = { + "x509.certificate" = "/var/lib/tlshd/cert.pem"; + "x509.private_key" = "/var/lib/tlshd/key.pem"; + "x509.truststore" = "/var/lib/tlshd/truststore.pem"; + }; + } + ''; + }; + }; + + config = { + configData."tlshd.conf".text = lib.generators.toINI { } cfg.settings; + + process.argv = [ + (getExe cfg.package) + "--config" + configFile + ]; + } + // lib.optionalAttrs (options ? systemd) { + systemd.service = { + description = "Handshake service for kernel TLS consumers"; + documentation = [ "man:tlshd(8)" ]; + unitConfig.DefaultDependencies = false; + before = [ "remote-fs-pre.target" ]; + wantedBy = [ "remote-fs.target" ]; + serviceConfig = { + Restart = "on-failure"; + DynamicUser = true; + AmbientCapabilities = [ "CAP_NET_ADMIN" ]; + CapabilityBoundingSet = [ "CAP_NET_ADMIN" ]; + }; + }; + }; +} diff --git a/pkgs/by-name/la/lagrange/package.nix b/pkgs/by-name/la/lagrange/package.nix index 2840c33984ef..05a060d27573 100644 --- a/pkgs/by-name/la/lagrange/package.nix +++ b/pkgs/by-name/la/lagrange/package.nix @@ -22,13 +22,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "lagrange"; - version = "1.20.3"; + version = "1.20.4"; src = fetchFromGitHub { owner = "skyjake"; repo = "lagrange"; tag = "v${finalAttrs.version}"; - hash = "sha256-i6W4618/r3Xc9dNNxkc9eHlgHK2amZ0FQtq/qtr5sE8="; + hash = "sha256-Pm8ITbMlFnJLeUTUOrY4WRG17v/JIi+ZF9Y5LutCz40="; }; nativeBuildInputs = [ diff --git a/pkgs/by-name/li/lix-diff/package.nix b/pkgs/by-name/li/lix-diff/package.nix index 215b952f39ac..19ad58b5f7a1 100644 --- a/pkgs/by-name/li/lix-diff/package.nix +++ b/pkgs/by-name/li/lix-diff/package.nix @@ -6,16 +6,16 @@ }: rustPlatform.buildRustPackage (finalAttrs: { pname = "lix-diff"; - version = "1.4.1"; + version = "1.5.0"; src = fetchFromGitHub { owner = "tgirlcloud"; repo = "lix-diff"; tag = "v${finalAttrs.version}"; - hash = "sha256-aLmCS+Q6B/DU6DZ0U/FfCOovwZTSTAG5vrCGHZ1Xsrk="; + hash = "sha256-x2Ec3Pm80IvTzl3gw0mwWRbW1nLZ2V70KegahSDNwH0="; }; - cargoHash = "sha256-g50St9tX2IYaPmnjSE8AeSKqUF5Ou87Y5F0zVBK3Xxo="; + cargoHash = "sha256-1HjmS5wvlX4gGf6AZQnN+37Y3Nf8HVSOHWG2kZCVg1Y="; passthru.updateScript = nix-update-script { }; diff --git a/pkgs/by-name/re/readest/package.nix b/pkgs/by-name/re/readest/package.nix index 896207b66451..378c8b0159f7 100644 --- a/pkgs/by-name/re/readest/package.nix +++ b/pkgs/by-name/re/readest/package.nix @@ -13,6 +13,7 @@ gtk3, librsvg, openssl, + glib-networking, autoPatchelfHook, lib, nix-update-script, @@ -86,6 +87,7 @@ rustPlatform.buildRustPackage (finalAttrs: { gtk3 librsvg openssl + glib-networking # TTS gst_all_1.gstreamer gst_all_1.gst-plugins-base diff --git a/pkgs/by-name/ru/rust-analyzer-unwrapped/package.nix b/pkgs/by-name/ru/rust-analyzer-unwrapped/package.nix index f3e4a0746918..bd56e6f2b8fd 100644 --- a/pkgs/by-name/ru/rust-analyzer-unwrapped/package.nix +++ b/pkgs/by-name/ru/rust-analyzer-unwrapped/package.nix @@ -13,15 +13,15 @@ rustPlatform.buildRustPackage (finalAttrs: { pname = "rust-analyzer-unwrapped"; - version = "2026-04-06"; + version = "2026-04-13"; - cargoHash = "sha256-IQ+hVSJw3iQ7cAY7PMRHR8md3Shn3xu/OSZB3de5UFY="; + cargoHash = "sha256-qpe40NUQ9ux8fQmjcC63VP8g2NKoLkdqQIVfFFRTq5I="; src = fetchFromGitHub { owner = "rust-lang"; repo = "rust-analyzer"; rev = finalAttrs.version; - hash = "sha256-bFC/p7Ywyd9QIr9DbU3Q75c7AcaCm9wVmEvcI3702cY="; + hash = "sha256-LryjOOjPsZ6Hs3RlVHla6MV8uxO2GoZolF0I/eB5zFM="; }; cargoBuildFlags = [ diff --git a/pkgs/by-name/sg/sgt-puzzles/package.nix b/pkgs/by-name/sg/sgt-puzzles/package.nix index 2e0b2b9768c2..2669dce85dfe 100644 --- a/pkgs/by-name/sg/sgt-puzzles/package.nix +++ b/pkgs/by-name/sg/sgt-puzzles/package.nix @@ -18,11 +18,11 @@ stdenv.mkDerivation (finalAttrs: { pname = "sgt-puzzles"; - version = "20260309.06e37f1"; + version = "20260410.06e37f1"; src = fetchurl { url = "https://www.chiark.greenend.org.uk/~sgtatham/puzzles/puzzles-${finalAttrs.version}.tar.gz"; - hash = "sha256-3Z/Qp8D/0DeJL9oZlKL6vx9BXvMVFa6MMnkStds/VHI="; + hash = "sha256-FdiDTPw3df/8j++wkGTxO3BvnKw7OIF8xXLNzLw8unM="; }; sgt-puzzles-menu = fetchurl { diff --git a/pkgs/by-name/sn/snx-rs/package.nix b/pkgs/by-name/sn/snx-rs/package.nix index 417d990e7a14..9bb55ab6e833 100644 --- a/pkgs/by-name/sn/snx-rs/package.nix +++ b/pkgs/by-name/sn/snx-rs/package.nix @@ -15,13 +15,13 @@ }: rustPlatform.buildRustPackage (finalAttrs: { pname = "snx-rs"; - version = "5.2.4"; + version = "5.3.0"; src = fetchFromGitHub { owner = "ancwrd1"; repo = "snx-rs"; tag = "v${finalAttrs.version}"; - hash = "sha256-Jqj2cux11V0l0YRZY2O19PzduvcxB1Ze186jG5Vo+Gs="; + hash = "sha256-+LgVWZzPfn/OJ+m3kV8N+alo5rU8OZwxB2R3iA0O6ds="; }; passthru.updateScript = nix-update-script { }; @@ -49,7 +49,7 @@ rustPlatform.buildRustPackage (finalAttrs: { versionCheckHook ]; - cargoHash = "sha256-XY4kZ1HBwHpb8hHtt0bay80Jc3d3zyAoKQv3m0n1AL4="; + cargoHash = "sha256-82Hz0+9YgrImBokP2pMh21iH9jCqVTj7HljCFEWXw4E="; doInstallCheck = true; versionCheckProgram = "${placeholder "out"}/bin/snx-rs"; diff --git a/pkgs/by-name/st/stevenblack-blocklist/package.nix b/pkgs/by-name/st/stevenblack-blocklist/package.nix index ed549f7a505e..7e7fbd13a09f 100644 --- a/pkgs/by-name/st/stevenblack-blocklist/package.nix +++ b/pkgs/by-name/st/stevenblack-blocklist/package.nix @@ -6,13 +6,13 @@ }: stdenvNoCC.mkDerivation (finalAttrs: { pname = "stevenblack-blocklist"; - version = "3.16.74"; + version = "3.16.75"; src = fetchFromGitHub { owner = "StevenBlack"; repo = "hosts"; tag = finalAttrs.version; - hash = "sha256-nF+xeCM07xSLYud/bsptWe+mxs5BBMaVwzcVmb+bnUE="; + hash = "sha256-U1EDwPWYmG8F/EpNA0hOz//SC1o8spbTqRc/xl8hB5Y="; }; outputs = [ diff --git a/pkgs/by-name/ve/vencord/fix-deps.patch b/pkgs/by-name/ve/vencord/fix-deps.patch index 01ce29da97bb..52f8f59e56aa 100644 --- a/pkgs/by-name/ve/vencord/fix-deps.patch +++ b/pkgs/by-name/ve/vencord/fix-deps.patch @@ -2,7 +2,7 @@ diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 92c50e4e..67a306eb 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml -@@ -156,8 +156,8 @@ importers: +@@ -162,8 +162,8 @@ importers: specifier: ^22.13.4 version: 22.13.13 '@types/react': diff --git a/pkgs/by-name/ve/vencord/package.nix b/pkgs/by-name/ve/vencord/package.nix index 67fedf81acc2..724b6369d488 100644 --- a/pkgs/by-name/ve/vencord/package.nix +++ b/pkgs/by-name/ve/vencord/package.nix @@ -19,13 +19,13 @@ }: stdenv.mkDerivation (finalAttrs: { pname = "vencord"; - version = "1.14.6"; + version = "1.14.7"; src = fetchFromGitHub { owner = "Vendicated"; repo = "Vencord"; tag = "v${finalAttrs.version}"; - hash = "sha256-Wl89sRv49os6uRuYQVB/LgsOD7Rz3DPoxqeeELyY/o4="; + hash = "sha256-uLuWTquRwguWYu3eolrHa5rguSI8ydwzHY6CrOcP7qM="; }; patches = [ ./fix-deps.patch ]; diff --git a/pkgs/development/compilers/ghc/common-hadrian.nix b/pkgs/development/compilers/ghc/common-hadrian.nix index a2e7b1f2e19d..2b66c97aa3ae 100644 --- a/pkgs/development/compilers/ghc/common-hadrian.nix +++ b/pkgs/development/compilers/ghc/common-hadrian.nix @@ -386,7 +386,7 @@ assert !enableNativeBignum -> gmp != null; assert stdenv.buildPlatform == stdenv.hostPlatform || stdenv.hostPlatform == stdenv.targetPlatform; # It is currently impossible to cross-compile GHC with Hadrian. -assert lib.assertMsg (stdenv.buildPlatform == stdenv.hostPlatform) +assert lib.assertMsg (stdenv.buildPlatform.canExecute stdenv.hostPlatform) "GHC >= 9.6 can't be cross-compiled. If you meant to build a GHC cross-compiler, use `buildPackages`."; let diff --git a/pkgs/development/libraries/nss/latest.nix b/pkgs/development/libraries/nss/latest.nix index 0edde5a0bf7f..e047a0c7e5a6 100644 --- a/pkgs/development/libraries/nss/latest.nix +++ b/pkgs/development/libraries/nss/latest.nix @@ -5,8 +5,8 @@ # Example: nix-shell ./maintainers/scripts/update.nix --argstr package cacert import ./generic.nix { - version = "3.122.1"; - hash = "sha256-ujWCx1fm5JbAUX90+3pekNxh12X9vJHRzHDKgP3UwL8="; + version = "3.123"; + hash = "sha256-Ue98HQIvVWcn42xrbheOAdZmvfAdOTWp83VhHSGuAVc="; filename = "latest.nix"; versionRegex = "NSS_(\\d+)_(\\d+)(?:_(\\d+))?_RTM"; } diff --git a/pkgs/development/python-modules/gguf/default.nix b/pkgs/development/python-modules/gguf/default.nix index 6790cb146b5a..4986dde7dfc8 100644 --- a/pkgs/development/python-modules/gguf/default.nix +++ b/pkgs/development/python-modules/gguf/default.nix @@ -20,14 +20,14 @@ buildPythonPackage (finalAttrs: { pname = "gguf"; - version = "8545"; + version = "8799"; pyproject = true; src = fetchFromGitHub { owner = "ggml-org"; repo = "llama.cpp"; tag = "b${finalAttrs.version}"; - hash = "sha256-sb0fSpzwyl2Ws270if/4Ts75J3E6mGEJ/N5GDjzgg6A="; + hash = "sha256-AQWcj6FtBGKKU8DiAH/ZHH6XU/5hrBKiYvIoULpL+1g="; }; sourceRoot = "${finalAttrs.src.name}/gguf-py"; diff --git a/pkgs/development/python-modules/pytibber/default.nix b/pkgs/development/python-modules/pytibber/default.nix index 54d4e2cc0edd..d50969710471 100644 --- a/pkgs/development/python-modules/pytibber/default.nix +++ b/pkgs/development/python-modules/pytibber/default.nix @@ -12,22 +12,18 @@ buildPythonPackage (finalAttrs: { pname = "pytibber"; - version = "0.37.0"; + version = "0.37.1"; pyproject = true; src = fetchFromGitHub { owner = "Danielhiversen"; repo = "pyTibber"; tag = finalAttrs.version; - hash = "sha256-NCHTSvwAJhRzruBZwPzieI5jqrRrugnDjgZHHiLXgbE="; + hash = "sha256-r2EaT1e9ztmtLXtO9Bpr6mXVXlZQW74G2nTTkJAeZEA="; }; build-system = [ setuptools ]; - pythonRelaxDeps = [ - "gql" - ]; - dependencies = [ aiohttp gql diff --git a/pkgs/development/python-modules/scikit-base/default.nix b/pkgs/development/python-modules/scikit-base/default.nix index cef15ad00a88..e5b268701a48 100644 --- a/pkgs/development/python-modules/scikit-base/default.nix +++ b/pkgs/development/python-modules/scikit-base/default.nix @@ -8,14 +8,14 @@ buildPythonPackage rec { pname = "scikit-base"; - version = "0.13.1"; + version = "0.13.2"; pyproject = true; src = fetchFromGitHub { owner = "sktime"; repo = "skbase"; tag = "v${version}"; - hash = "sha256-aprudD39bcQrCQbDU/IYcOZykKvSv6ZpakAwTCwCtGA="; + hash = "sha256-NZpuc2MUziqpzB2x7ae9xH8mWzia2j/cgzUbJKAVTqE="; }; build-system = [ setuptools ]; diff --git a/pkgs/shells/fish/plugins/forgit.nix b/pkgs/shells/fish/plugins/forgit.nix index 20e810bba77f..105f90f6bdd3 100644 --- a/pkgs/shells/fish/plugins/forgit.nix +++ b/pkgs/shells/fish/plugins/forgit.nix @@ -6,13 +6,13 @@ buildFishPlugin rec { pname = "forgit"; - version = "26.04.1"; + version = "26.04.2"; src = fetchFromGitHub { owner = "wfxr"; repo = "forgit"; rev = version; - hash = "sha256-/tG//6s0km8IUJXI4f++/UUCTAOYTDE/C5bbkHFhdNY="; + hash = "sha256-/zFws4/QkAuoV2edtxW3jK1HbftigYNZzTkSg5Y4Phg="; }; postInstall = ''