Merge remote-tracking branch 'origin/master' into cross-nixos

nixos/doc/manual/release-notes/rl-1803.xml

@@ -430,6 +430,13 @@ following incompatible changes:</para>
       and <literal>stopJob</literal> provide an optional <literal>$user</literal> argument for that purpose.
     </para>
   </listitem>
+  <listitem>
+    <para>
+      Enabling bash completion on NixOS, <literal>programs.bash.enableCompletion</literal>, will now also enable
+      completion for the Nix command line tools by installing the
+      <link xlink:href="https://github.com/hedning/nix-bash-completions">nix-bash-completions</link> package.
+    </para>
+  </listitem>
 </itemizedlist>
 
 </section>

nixos/modules/programs/bash/bash.nix

@@ -211,6 +211,9 @@ in
       "/share/bash-completion"
     ];
 
+    environment.systemPackages = optional cfg.enableCompletion
+      pkgs.nix-bash-completions;
+
     environment.shells =
       [ "/run/current-system/sw/bin/bash"
         "/var/run/current-system/sw/bin/bash"

nixos/modules/services/misc/disnix.nix

@@ -32,11 +32,17 @@ in
         description = "Whether to enable Disnix";
       };
 
+      enableMultiUser = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Whether to support multi-user mode by enabling the Disnix D-Bus service";
+      };
+
       useWebServiceInterface = mkOption {
         default = false;
         description = "Whether to enable the DisnixWebService interface running on Apache Tomcat";
       };
-      
+
       package = mkOption {
         type = types.path;
         description = "The Disnix package";
@@ -52,7 +58,7 @@ in
 
   config = mkIf cfg.enable {
     dysnomia.enable = true;
-    
+
     environment.systemPackages = [ pkgs.disnix ] ++ optional cfg.useWebServiceInterface pkgs.DisnixWebService;
 
     services.dbus.enable = true;
@@ -71,7 +77,7 @@ in
       };
 
     systemd.services = {
-      disnix = {
+      disnix = mkIf cfg.enableMultiUser {
         description = "Disnix server";
         wants = [ "dysnomia.target" ];
         wantedBy = [ "multi-user.target" ];
@@ -92,7 +98,7 @@ in
         }
         // (if config.environment.variables ? DYSNOMIA_CONTAINERS_PATH then { inherit (config.environment.variables) DYSNOMIA_CONTAINERS_PATH; } else {})
         // (if config.environment.variables ? DYSNOMIA_MODULES_PATH then { inherit (config.environment.variables) DYSNOMIA_MODULES_PATH; } else {});
-        
+
         serviceConfig.ExecStart = "${cfg.package}/bin/disnix-service";
       };
 

nixos/modules/services/misc/nix-ssh-serve.nix

@@ -1,8 +1,12 @@
 { config, lib, pkgs, ... }:
 
 with lib;
-
-{
+let cfg = config.nix.sshServe;
+    command =
+      if cfg.protocol == "ssh"
+        then "nix-store --serve"
+      else "nix-daemon --stdio";
+in {
   options = {
 
     nix.sshServe = {
@@ -10,7 +14,7 @@ with lib;
       enable = mkOption {
         type = types.bool;
         default = false;
-        description = "Whether to enable serving the Nix store as a binary cache via SSH.";
+        description = "Whether to enable serving the Nix store as a remote store via SSH.";
       };
 
       keys = mkOption {
@@ -20,14 +24,20 @@ with lib;
         description = "A list of SSH public keys allowed to access the binary cache via SSH.";
       };
 
+      protocol = mkOption {
+        type = types.enum [ "ssh" "ssh-ng" ];
+        default = "ssh";
+        description = "The specific Nix-over-SSH protocol to use.";
+      };
+
     };
 
   };
 
-  config = mkIf config.nix.sshServe.enable {
+  config = mkIf cfg.enable {
 
     users.extraUsers.nix-ssh = {
-      description = "Nix SSH substituter user";
+      description = "Nix SSH store user";
       uid = config.ids.uids.nix-ssh;
       useDefaultShell = true;
     };
@@ -41,11 +51,11 @@ with lib;
         PermitTTY no
         PermitTunnel no
         X11Forwarding no
-        ForceCommand ${config.nix.package.out}/bin/nix-store --serve
+        ForceCommand ${config.nix.package.out}/bin/${command}
       Match All
     '';
 
-    users.extraUsers.nix-ssh.openssh.authorizedKeys.keys = config.nix.sshServe.keys;
+    users.extraUsers.nix-ssh.openssh.authorizedKeys.keys = cfg.keys;
 
   };
 }

nixos/modules/services/security/usbguard.nix

@@ -192,7 +192,7 @@ in {
 
       serviceConfig = {
         Type = "simple";
-        ExecStart = ''${pkgs.usbguard}/bin/usbguard-daemon -d -k -c ${daemonConfFile}'';
+        ExecStart = ''${pkgs.usbguard}/bin/usbguard-daemon -P -d -k -c ${daemonConfFile}'';
         Restart = "on-failure";
       };
     };

nixos/release.nix

@@ -319,6 +319,7 @@ in rec {
   tests.nfs4 = callTest tests/nfs.nix { version = 4; };
   tests.nginx = callTest tests/nginx.nix { };
   tests.nghttpx = callTest tests/nghttpx.nix { };
+  tests.nix-ssh-serve = callTest tests/nix-ssh-serve.nix { };
   tests.novacomd = callTestOnTheseSystems ["x86_64-linux"] tests/novacomd.nix { };
   tests.leaps = callTest tests/leaps.nix { };
   tests.nsd = callTest tests/nsd.nix {};

nixos/tests/nix-ssh-serve.nix

@@ -0,0 +1,39 @@
+import ./make-test.nix ({ pkgs, lib, ... }:
+let inherit (import ./ssh-keys.nix pkgs)
+      snakeOilPrivateKey snakeOilPublicKey;
+    ssh-config = builtins.toFile "ssh.conf" ''
+      UserKnownHostsFile=/dev/null
+      StrictHostKeyChecking=no
+    '';
+in
+   { name = "nix-ssh-serve";
+     meta.maintainers = [ lib.maintainers.shlevy ];
+     nodes =
+       { server.nix.sshServe =
+           { enable = true;
+             keys = [ snakeOilPublicKey ];
+             protocol = "ssh-ng";
+           };
+         server.nix.package = pkgs.nixUnstable;
+         client.nix.package = pkgs.nixUnstable;
+       };
+     testScript = ''
+       startAll;
+
+       $client->succeed("mkdir -m 700 /root/.ssh");
+       $client->copyFileFromHost("${ssh-config}", "/root/.ssh/config");
+       $client->succeed("cat ${snakeOilPrivateKey} > /root/.ssh/id_ecdsa");
+       $client->succeed("chmod 600 /root/.ssh/id_ecdsa");
+
+       $client->succeed("nix-store --add /etc/machine-id > mach-id-path");
+
+       $server->waitForUnit("sshd");
+
+       $client->fail("diff /root/other-store\$(cat mach-id-path) /etc/machine-id");
+       # Currently due to shared store this is a noop :(
+       $client->succeed("nix copy --to ssh-ng://nix-ssh\@server \$(cat mach-id-path)");
+       $client->succeed("nix-store --realise \$(cat mach-id-path) --store /root/other-store --substituters ssh-ng://nix-ssh\@server");
+       $client->succeed("diff /root/other-store\$(cat mach-id-path) /etc/machine-id");
+     '';
+   }
+)

nixos/tests/openssh.nix

@@ -1,20 +1,7 @@
 import ./make-test.nix ({ pkgs, ... }:
 
-let
-  snakeOilPrivateKey = pkgs.writeText "privkey.snakeoil" ''
-    -----BEGIN EC PRIVATE KEY-----
-    MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49
-    AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN
-    r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA==
-    -----END EC PRIVATE KEY-----
-  '';
-
-  snakeOilPublicKey = pkgs.lib.concatStrings [
-    "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA"
-    "yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa"
-    "9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= sakeoil"
-  ];
-
+let inherit (import ./ssh-keys.nix pkgs)
+      snakeOilPrivateKey snakeOilPublicKey;
 in {
   name = "openssh";
   meta = with pkgs.stdenv.lib.maintainers; {

nixos/tests/ssh-keys.nix

@@ -0,0 +1,15 @@
+pkgs:
+{ snakeOilPrivateKey = pkgs.writeText "privkey.snakeoil" ''
+    -----BEGIN EC PRIVATE KEY-----
+    MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49
+    AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN
+    r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA==
+    -----END EC PRIVATE KEY-----
+  '';
+
+  snakeOilPublicKey = pkgs.lib.concatStrings [
+    "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA"
+    "yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa"
+    "9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= sakeoil"
+  ];
+}

pkgs/applications/misc/redshift/default.nix

@@ -1,6 +1,6 @@
 { stdenv, fetchFromGitHub, fetchurl, autoconf, automake, gettext, intltool
 , libtool, pkgconfig, wrapGAppsHook, wrapPython, geoclue2, gobjectIntrospection
-, gtk3, python, pygobject3, pyxdg, libdrm, libxcb }:
+, gtk3, python, pygobject3, pyxdg, libdrm, libxcb, hicolor-icon-theme }:
 
 stdenv.mkDerivation rec {
   name = "redshift-${version}";
@@ -36,6 +36,7 @@ stdenv.mkDerivation rec {
     libdrm
     libxcb
     python
+    hicolor-icon-theme
   ];
 
   pythonPath = [ pygobject3 pyxdg ];

pkgs/applications/misc/tilda/default.nix

@@ -6,11 +6,11 @@
 stdenv.mkDerivation rec {
 
   name = "tilda-${version}";
-  version = "1.3.3";
+  version = "1.4.1";
 
   src = fetchurl {
     url = "https://github.com/lanoxx/tilda/archive/${name}.tar.gz";
-    sha256 = "1cc4qbg1m3i04lj5p6i6xbd0zvy1320pxdgmjhz5p3j95ibsbfki";
+    sha256 = "0w2hry2bqcqrkik4l100b1a9jlsih6sq8zwhfpl8zzfq20i00lfs";
   };
 
   nativeBuildInputs = [ autoreconfHook pkgconfig ];

pkgs/applications/misc/urh/default.nix

@@ -2,13 +2,13 @@
 
 python3Packages.buildPythonApplication rec {
   name = "urh-${version}";
-  version = "1.7.1";
+  version = "1.9.2";
 
   src = fetchFromGitHub {
     owner = "jopohl";
     repo = "urh";
     rev = "v${version}";
-    sha256 = "00l1zs3qw89z1hlylprzrpf6nf7h22h0nw43h97gv775vaqqgczv";
+    sha256 = "02jq2jas6gm08z4l09azi6dcsydaaaqbxfv4mb7pnrc1w8m593zr";
   };
 
   buildInputs = [ hackrf rtl-sdr ];

pkgs/applications/networking/tcpkali/default.nix

@@ -1,6 +1,6 @@
 {stdenv, autoreconfHook, fetchFromGitHub, bison}:
 
-let version = "0.9"; in
+let version = "1.1.1"; in
 
 stdenv.mkDerivation rec {
   name = "tcpkali-${version}";
@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
     owner = "machinezone";
     repo = "tcpkali";
     rev = "v${version}";
-    sha256 = "03cbmnc60wkd7f4bapn5cbm3c4zas2l0znsbpci2mn8ms8agif82";
+    sha256 = "09ky3cccaphcqc6nhfs00pps99lasmzc2pf5vk0gi8hlqbbhilxf";
   };
   nativeBuildInputs = [ autoreconfHook ];
   buildInputs = [ bison];

pkgs/applications/science/misc/tulip/default.nix

@@ -1,13 +1,13 @@
 { fetchurl, stdenv, libxml2, freetype, mesa, glew, qt4
 , cmake, makeWrapper, libjpeg, python }:
 
-let version = "4.9.0"; in
+let version = "5.1.0"; in
 stdenv.mkDerivation rec {
   name = "tulip-${version}";
 
   src = fetchurl {
     url = "mirror://sourceforge/auber/${name}_src.tar.gz";
-    sha256 = "0phc7972brvm0v6lfk4ghq9b2b4jsj6c15xlbgnvhhcxhc99wba3";
+    sha256 = "1i70y8b39gkpxfalr9844pa3l4bnnyw5y7ngxdqibil96k2b9q9h";
   };
 
   buildInputs = [ libxml2 freetype glew mesa qt4 libjpeg python ];

pkgs/applications/search/recoll/default.nix

@@ -15,37 +15,44 @@ stdenv.mkDerivation rec {
     sha256 = "186bj8zx2xw9hwrzvzxdgdin9nj7msiqh5j57w5g7j4abdlsisjn";
   };
 
-  configureFlags = [ "--with-inotify" ];
+  configureFlags = [ "--enable-recollq" ] ++
+    (if stdenv.isLinux then [ "--with-inotify" ] else [ "--without-inotify" ]);
 
-  buildInputs = [ qt4 xapian file python bison];
+  buildInputs = [ qt4 xapian file python bison ];
+
+  patchPhase = stdenv.lib.optionalString stdenv.isDarwin ''
+    sed -i 's/-Wl,--no-undefined -Wl,--warn-unresolved-symbols//' Makefile.am
+    sed -i 's/-Wl,--no-undefined -Wl,--warn-unresolved-symbols//' Makefile.in
+  '';
 
   # the filters search through ${PATH} using a sh proc 'checkcmds' for the
   # filtering utils. Short circuit this by replacing the filtering command with
   # the absolute path to the filtering command. 
   postInstall = ''
     for f in $out/share/recoll/filters/* ; do
-      substituteInPlace  $f --replace antiword      ${lib.getBin antiword}/bin/antiword
-      substituteInPlace  $f --replace awk           ${lib.getBin gawk}/bin/awk
-      substituteInPlace  $f --replace catppt        ${lib.getBin catdoc}/bin/catppt
-      substituteInPlace  $f --replace djvused       ${lib.getBin djvulibre}/bin/djvused
-      substituteInPlace  $f --replace djvutxt       ${lib.getBin djvulibre}/bin/djvutxt
-      substituteInPlace  $f --replace egrep         ${lib.getBin gnugrep}/bin/egrep
-      substituteInPlace  $f --replace groff         ${lib.getBin groff}/bin/groff
-      substituteInPlace  $f --replace gunzip        ${lib.getBin gzip}/bin/gunzip
-      substituteInPlace  $f --replace iconv         ${lib.getBin libiconv}/bin/iconv
-      substituteInPlace  $f --replace lyx           ${lib.getBin lyx}/bin/lyx
-      substituteInPlace  $f --replace pdftotext     ${lib.getBin poppler_utils}/bin/pdftotext
-      substituteInPlace  $f --replace pstotext      ${lib.getBin ghostscript}/bin/ps2ascii
-      substituteInPlace  $f --replace sed           ${lib.getBin gnused}/bin/sed
-      substituteInPlace  $f --replace tar           ${lib.getBin gnutar}/bin/tar
-      substituteInPlace  $f --replace unzip         ${lib.getBin unzip}/bin/unzip
-      substituteInPlace  $f --replace xls2csv       ${lib.getBin catdoc}/bin/xls2csv
-      substituteInPlace  $f --replace xsltproc      ${lib.getBin libxslt}/bin/xsltproc
-      substituteInPlace  $f --replace unrtf         ${lib.getBin unrtf}/bin/unrtf
-      substituteInPlace  $f --replace untex         ${lib.getBin untex}/bin/untex
-      substituteInPlace  $f --replace wpd2html      ${lib.getBin libwpd}/bin/wpd2html
+      substituteInPlace  $f --replace '"antiword"'      '"${lib.getBin antiword}/bin/antiword"'
+      substituteInPlace  $f --replace '"awk"'           '"${lib.getBin gawk}/bin/awk"'
+      substituteInPlace  $f --replace '"catppt"'        '"${lib.getBin catdoc}/bin/catppt"'
+      substituteInPlace  $f --replace '"djvused"'       '"${lib.getBin djvulibre}/bin/djvused"'
+      substituteInPlace  $f --replace '"djvutxt"'       '"${lib.getBin djvulibre}/bin/djvutxt"'
+      substituteInPlace  $f --replace '"egrep"'         '"${lib.getBin gnugrep}/bin/egrep"'
+      substituteInPlace  $f --replace '"groff"'         '"${lib.getBin groff}/bin/groff"'
+      substituteInPlace  $f --replace '"gunzip"'        '"${lib.getBin gzip}/bin/gunzip"'
+      substituteInPlace  $f --replace '"iconv"'         '"${lib.getBin libiconv}/bin/iconv"'
+      substituteInPlace  $f --replace '"pdftotext"'     '"${lib.getBin poppler_utils}/bin/pdftotext"'
+      substituteInPlace  $f --replace '"pstotext"'      '"${lib.getBin ghostscript}/bin/ps2ascii"'
+      substituteInPlace  $f --replace '"sed"'           '"${lib.getBin gnused}/bin/sed"'
+      substituteInPlace  $f --replace '"tar"'           '"${lib.getBin gnutar}/bin/tar"'
+      substituteInPlace  $f --replace '"unzip"'         '"${lib.getBin unzip}/bin/unzip"'
+      substituteInPlace  $f --replace '"xls2csv"'       '"${lib.getBin catdoc}/bin/xls2csv"'
+      substituteInPlace  $f --replace '"xsltproc"'      '"${lib.getBin libxslt}/bin/xsltproc"'
+      substituteInPlace  $f --replace '"unrtf"'         '"${lib.getBin unrtf}/bin/unrtf"'
+      substituteInPlace  $f --replace '"untex"'         '"${lib.getBin untex}/bin/untex"'
+      substituteInPlace  $f --replace '"wpd2html"'      '"${lib.getBin libwpd}/bin/wpd2html"'
       substituteInPlace  $f --replace /usr/bin/perl ${lib.getBin perl}/bin/perl
     done
+  '' + stdenv.lib.optionalString stdenv.isLinux ''
+      substituteInPlace  $f --replace lyx           ${lib.getBin lyx}/bin/lyx
   '';
 
   enableParallelBuilding = true;

pkgs/development/interpreters/supercollider/default.nix

@@ -9,12 +9,12 @@ in
 
 stdenv.mkDerivation rec {
   name = "supercollider-${version}";
-  version = "3.8.1";
+  version = "3.9.1";
 
 
   src = fetchurl {
     url = "https://github.com/supercollider/supercollider/releases/download/Version-${version}/SuperCollider-${version}-Source-linux.tar.bz2";
-    sha256 = "1y8yb20k3lvj7c93qz2srrkvfv175n4n7p3qj89w0dp085mj0qmw";
+    sha256 = "150fgnjcmb06r3pa3mbsvb4iwnqlimjwdxgbs6p55zz6g8wbln7a";
   };
 
   hardeningDisable = [ "stackprotector" ];

pkgs/development/libraries/soundtouch/default.nix

@@ -2,10 +2,10 @@
 
 stdenv.mkDerivation rec {
   pName = "soundtouch";
-  name = "${pName}-1.9.2";
+  name = "${pName}-2.0.0";
   src = fetchurl {
     url = "http://www.surina.net/soundtouch/${name}.tar.gz";
-    sha256 = "04y5l56yn4jvwpv9mn1p3m2vi5kdym9xpdac8pmhwhl13r8qdsya";
+    sha256 = "09cxr02mfyj2bg731bj0i9hh565x8l9p91aclxs8wpqv8b8zf96j";
   };
 
   buildInputs = [ autoconf automake libtool ];

pkgs/development/libraries/unixODBC/default.nix

@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "unixODBC-${version}";
-  version = "2.3.4";
+  version = "2.3.5";
 
   src = fetchurl {
     url = "ftp://ftp.unixodbc.org/pub/unixODBC/${name}.tar.gz";
-    sha256 = "0f8y88rcc2akjvjv5y66yx7k0ms9h1s0vbcfy25j93didflhj59f";
+    sha256 = "0ns93daph4wmk92d7m2w48x0yki4m1yznxnn97p1ldn6bkh742bn";
   };
 
   configureFlags = [ "--disable-gui" "--sysconfdir=/etc" ];

pkgs/development/tools/build-managers/waf/default.nix

@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "waf-${version}";
-  version = "1.9.0";
+  version = "2.0.4";
 
   src = fetchurl {
     url = "https://waf.io/waf-${version}.tar.bz2";
-    sha256 = "1sjpqzm2fzm8pxi3fwfinpsbw4z9040qkrzbg3lxik7ppsbjhn58";
+    sha256 = "0zmnwgccq5j7ipfi2j0k5s40q27krp1m6v2bd650axgzdbpa7ain";
   };
 
   buildInputs = [ python2 ];

pkgs/development/tools/database/squirrel-sql/default.nix

@@ -5,13 +5,13 @@
 , drivers ? []
 }:
 let
-  version = "3.7.1";
+  version = "3.8.1";
 in stdenv.mkDerivation rec {
   name = "squirrel-sql-${version}";
 
   src = fetchurl {
     url = "mirror://sourceforge/project/squirrel-sql/1-stable/${version}-plainzip/squirrelsql-${version}-standard.zip";
-    sha256 = "1v141ply57k5krwbnnmz4mbs9hs8rbys0bkjz69gvxlqjizyiq23";
+    sha256 = "1vv38i4rwm8c8h0p9mmz21dyafd71pqprj7b8i5vx7f4q8xns2d2";
   };
 
   buildInputs = [

pkgs/development/tools/wiggle/default.nix

@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation {
 
-  name = "wiggle-1.0";
+  name = "wiggle-1.1";
 
   src = fetchurl {
-    url = "https://github.com/neilbrown/wiggle/archive/v1.0.tar.gz";
-    sha256 = "0552dkdvl001b2jasj0jwb69s7zy6wbc8gcysqj69b4qgl9c54cs";
+    url = "https://github.com/neilbrown/wiggle/archive/v1.1.tar.gz";
+    sha256 = "0gg1c0zcrd5fgawvjccmdscm3fka8h1qz4v807kvy1b2y1cf9c4w";
   };
 
   buildInputs = [ ncurses groff ];

pkgs/os-specific/linux/usbguard/daemon_read_only_config.patch

@@ -1,13 +0,0 @@
-diff --git a/src/Library/ConfigFilePrivate.cpp b/src/Library/ConfigFilePrivate.cpp
-index 8aefa65..40914f7 100644
---- a/src/Library/ConfigFilePrivate.cpp
-+++ b/src/Library/ConfigFilePrivate.cpp
-@@ -51,7 +51,7 @@ namespace usbguard
- 
-   void ConfigFilePrivate::open(const std::string& path)
-   {
--    _stream.open(path, std::ios::in|std::ios::out);
-+    _stream.open(path, std::ios::in);
-     if (!_stream.is_open()) {
-       throw std::runtime_error("Can't open " + path);
-     }

pkgs/os-specific/linux/usbguard/default.nix

@@ -1,7 +1,8 @@
 {
   stdenv, fetchurl, lib,
-  libxslt, pandoc, pkgconfig,
+  libxslt, pandoc, asciidoctor, pkgconfig,
   dbus-glib, libcap_ng, libqb, libseccomp, polkit, protobuf, qtbase, qttools, qtsvg,
+  audit,
   libgcrypt ? null,
   libsodium ? null
 }:
@@ -11,23 +12,19 @@ with stdenv.lib;
 assert libgcrypt != null -> libsodium == null;
 
 stdenv.mkDerivation rec {
-  version = "0.7.0";
+  version = "0.7.2";
   name = "usbguard-${version}";
 
-  repo = "https://github.com/dkopecek/usbguard";
+  repo = "https://github.com/USBGuard/usbguard";
 
   src = fetchurl {
     url = "${repo}/releases/download/${name}/${name}.tar.gz";
-    sha256 = "1e1485a2b47ba3bde9de2851b371d2552a807047a21e0b81553cf80d7f722709";
+    sha256 = "5bd3e5219c590c3ae27b21315bd10b60e823cef64e5deff3305ff5b4087fc2d6";
   };
 
-  patches = [
-    ./daemon_read_only_config.patch
-    ./documentation.patch
-  ];
-
   nativeBuildInputs = [
     libxslt
+    asciidoctor
     pandoc # for rendering documentation
     pkgconfig
   ];
@@ -39,6 +36,7 @@ stdenv.mkDerivation rec {
     libseccomp
     polkit
     protobuf
+    audit
 
     qtbase
     qtsvg
@@ -61,7 +59,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     description = "The USBGuard software framework helps to protect your computer against BadUSB.";
-    homepage = "https://dkopecek.github.io/usbguard/";
+    homepage = "https://usbguard.github.io/";
     license = licenses.gpl2;
     maintainers = [ maintainers.tnias ];
   };

pkgs/os-specific/linux/usbguard/documentation.patch

@@ -1,32 +0,0 @@
-diff --git a/doc/usbguard-daemon.conf.5.md b/doc/usbguard-daemon.conf.5.md
-index ea86ad1..63aec70 100644
---- a/doc/usbguard-daemon.conf.5.md
-+++ b/doc/usbguard-daemon.conf.5.md
-@@ -30,21 +30,21 @@ The **usbguard-daemon.conf** file is loaded by the USBGuard daemon after it pars
- **RestoreControllerDeviceState**=<*boolean*>
- :   The USBGuard daemon modifies some attributes of controller devices like the default authorization state of new child device instances. Using this setting, you can control whether the daemon will try to restore the attribute values to the state before modification on shutdown.
- 
-+**DeviceManagerBackend**=<*backend*>
-+:   Which device manager backend implementation to use. Backend should be one of `uevent` (default) or `dummy`.
-+
- **IPCAllowedUsers**=<*username*> [<*username*> ...]
- :   A space delimited list of usernames that the daemon will accept IPC connections from.
- 
- **IPCAllowedGroups**=<*groupname*> [<*groupname*> ...]
- :   A space delimited list of groupnames that the daemon will accept IPC connections from.
- 
--**IPCAccessControlFiles**=<*path*>
--:   Path to a directory holding the IPC access control files.
--
--**DeviceManagerBackend**=<*backend*>
--:   Which device manager backend implementation to use. Backend should be one of `uevent` (default) or `dummy`.
--
- **IPCAccessControlFiles**=<*path*>
- :   The files at this location will be interpreted by the daemon as IPC access control definition files. See the **IPC ACCESS CONTROL** section for more details.
- 
-+**DeviceRulesWithPort**=<*boolean*>
-+:   Generate device specific rules including the "via-port" attribute.
-+
- **AuditFilePath**=<*filepath*>
- :   USBGuard audit events log file path.
- 

pkgs/servers/computing/slurm/default.nix

@@ -4,11 +4,11 @@
 
 stdenv.mkDerivation rec {
   name = "slurm-${version}";
-  version = "17.02.9";
+  version = "17.11.3";
 
   src = fetchurl {
     url = "https://download.schedmd.com/slurm/${name}.tar.bz2";
-    sha256 = "0w8v7fzbn7b3f9kg6lcj2jpkzln3vcv9s2cz37xbdifz0m2p1x7s";
+    sha256 = "1x3i6z03d9m46fvj1cslrapm1drvgyqch9pn4xf23kvbz4gkhaps";
   };
 
   outputs = [ "out" "dev" ];

pkgs/shells/nix-bash-completions/default.nix

@@ -1,14 +1,14 @@
 { stdenv, fetchFromGitHub }:
 
 stdenv.mkDerivation rec {
-  version = "0.6.3";
+  version = "0.6.4";
   name = "nix-bash-completions-${version}";
 
   src = fetchFromGitHub {
     owner = "hedning";
     repo = "nix-bash-completions";
     rev = "v${version}";
-    sha256 = "1zmk9f53xpwk5j6qqisjlddgm2fr68p1q6pn3wa14bd777lranhj";
+    sha256 = "1kdysrfc8dx24q438wj3aisn64g2w5yb6mx91qa385p5hz7b1yz2";
   };
 
   # To enable lazy loading via. bash-completion we need a symlink to the script

pkgs/tools/archivers/xarchiver/default.nix

@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, gtk3, pkgconfig, intltool, libxslt }:
+{ stdenv, fetchFromGitHub, gtk3, pkgconfig, intltool, libxslt, hicolor-icon-theme }:
 
 stdenv.mkDerivation rec {
   version = "0.5.4.12";
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
   };
 
   nativeBuildInputs = [ pkgconfig ];
-  buildInputs = [ gtk3 intltool libxslt ];
+  buildInputs = [ gtk3 intltool libxslt hicolor-icon-theme ];
 
   meta = {
     description = "GTK+ frontend to 7z,zip,rar,tar,bzip2, gzip,arj, lha, rpm and deb (open and extract only)";

pkgs/tools/misc/unclutter-xfixes/default.nix

@@ -2,7 +2,7 @@
   xlibsWrapper, libev, libXi, libXfixes,
   pkgconfig, asciidoc, libxslt, docbook_xsl }:
 
-let version = "1.2"; in
+let version = "1.3"; in
 
 stdenv.mkDerivation {
   name = "unclutter-xfixes-${version}";
@@ -12,7 +12,7 @@ stdenv.mkDerivation {
     owner = "Airblader";
     repo = "unclutter-xfixes";
     rev = "v${version}";
-    sha256 = "1pw567mj7mq5kr8mqnyrvy7jj62qfg6zgqfyzz21nncslddnjzg8";
+    sha256 = "1iikrz0023wygv29ny20xj1hlv9ry7hghlwjii6rj4jm59vl0mlz";
   };
 
   nativeBuildInputs = [pkgconfig];

pkgs/tools/networking/surfraw/default.nix

@@ -1,11 +1,11 @@
 {stdenv, fetchurl, perl}:
 
 stdenv.mkDerivation rec {
-  name = "surfraw-2.2.9";
+  name = "surfraw-2.3.0";
 
   src = fetchurl {
-    url = "http://surfraw.alioth.debian.org/dist/surfraw-2.2.9.tar.gz";
-    sha256 = "1fy4ph5h9kp0jzj1m6pfylxnnmgdk0mmdppw76z9jhna4jndk5xa";
+    url = "http://surfraw.alioth.debian.org/dist/surfraw-2.3.0.tar.gz";
+    sha256 = "099nbif0x5cbcf18snc58nx1a3q7z0v9br9p2jiq9pcc7ic2015d";
   };
 
   configureFlags = [

pkgs/tools/networking/swagger-codegen/default.nix

@@ -1,7 +1,7 @@
 { stdenv, fetchurl, jre, makeWrapper }:
 
 stdenv.mkDerivation rec {
-  version = "2.2.1";
+  version = "2.3.1";
   pname = "swagger-codegen";
   name = "${pname}-${version}";
 
@@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "https://oss.sonatype.org/content/repositories/releases/io/swagger/${pname}-cli/${version}/${jarfilename}";
-    sha256 = "1pwxkl3r93c8hsif9xm0h1hmbjrxz1q7hr5qn5n0sni1x3c3k0d1";
+    sha256 = "171qr0zx7i6cykv54vqjf3mplrf7w4a1fpq47wsj861lbf8xm322";
   };
 
   phases = [ "installPhase" ];

pkgs/tools/package-management/mynewt-newt/default.nix

@@ -2,7 +2,7 @@
 
 buildGoPackage rec {
   name = "mynewt-newt-${version}";
-  version = "1.0.0";
+  version = "1.3.0";
 
   goPackagePath = "mynewt.apache.org/newt";
   goDeps = ./deps.nix;
@@ -11,7 +11,7 @@ buildGoPackage rec {
     owner = "apache";
     repo = "incubator-mynewt-newt";
     rev = "mynewt_${builtins.replaceStrings ["."] ["_"] version}_tag";
-    sha256 = "1ixqxqizd957prd4j2nijgnkv84rffj8cx5f7aqyjq9nkawjksf6";
+    sha256 = "0ia6q1wf3ki2yw8ngw5gnbdrb7268qwi078j05f8gs1sppb3g563";
   };
 
   meta = with stdenv.lib; {

pkgs/tools/system/sleuthkit/default.nix

@@ -1,14 +1,14 @@
 { stdenv, fetchFromGitHub, autoreconfHook, libewf, afflib, openssl, zlib }:
 
 stdenv.mkDerivation rec {
-  version = "4.5.0";
+  version = "4.6.0";
   name = "sleuthkit-${version}";
 
   src = fetchFromGitHub {
     owner = "sleuthkit";
     repo = "sleuthkit";
     rev = name;
-    sha256 = "0h9l9yl5ibbgriq12gizg8k0r6jw6bnii3iljjp4p963wc0ms9b9";
+    sha256 = "0m5ll5sx0pxkn58y582b3v90rsfdrh8dm02kmv61psd0k6q0p91x";
   };
 
   postPatch = ''

pkgs/tools/system/ts/default.nix

@@ -4,7 +4,7 @@
 
 stdenv.mkDerivation rec {
 
-  name = "ts-0.7.6";
+  name = "ts-1.0";
 
   installPhase=''make install "PREFIX=$out"'';
 
@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "http://viric.name/~viric/soft/ts/${name}.tar.gz";
-    sha256 = "07b61sx3hqpdxlg5a1xrz9sxww9yqdix3bmr0sm917r3rzk87lwk";
+    sha256 = "15dkzczx10fhl0zs9bmcgkxfbwq2znc7bpscljm4rchbzx7y6lsg";
   };
 
   meta = with stdenv.lib; {