MirrorHub/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-18 07:46:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge master into staging-next

Browse source
This commit is contained in:
github-actions[bot] 2022-05-05 18:05:32 +00:00 committed by GitHub
commit aba90d9366
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
44 changed files with 1167 additions and 266 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/doc/manual/release-notes/rl-2205.section.md
View file

@ -135,6 +135,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [nifi](https://nifi.apache.org), an easy to use, powerful, and reliable system to process and distribute data. Available as [services.nifi](options.html#opt-services.nifi.enable).
- [kanidm](https://kanidm.github.io/kanidm/stable/), an identity management server written in Rust.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}

1
nixos/modules/module-list.nix
View file

@ -975,6 +975,7 @@
./services/security/hockeypuck.nix
./services/security/hologram-server.nix
./services/security/hologram-agent.nix
./services/security/kanidm.nix
./services/security/munge.nix
./services/security/nginx-sso.nix
./services/security/oauth2_proxy.nix

345
nixos/modules/services/security/kanidm.nix Normal file
View file

@ -0,0 +1,345 @@
{ config, lib, options, pkgs, ... }:
let
cfg = config.services.kanidm;
settingsFormat = pkgs.formats.toml { };
# Remove null values, so we can document optional values that don't end up in the generated TOML file.
filterConfig = lib.converge (lib.filterAttrsRecursive (_: v: v != null));
serverConfigFile = settingsFormat.generate "server.toml" (filterConfig cfg.serverSettings);
clientConfigFile = settingsFormat.generate "kanidm-config.toml" (filterConfig cfg.clientSettings);
unixConfigFile = settingsFormat.generate "kanidm-unixd.toml" (filterConfig cfg.unixSettings);
defaultServiceConfig = {
BindReadOnlyPaths = [
"/nix/store"
"-/etc/resolv.conf"
"-/etc/nsswitch.conf"
"-/etc/hosts"
"-/etc/localtime"
];
CapabilityBoundingSet = "";
# ProtectClock= adds DeviceAllow=char-rtc r
DeviceAllow = "";
# Implies ProtectSystem=strict, which re-mounts all paths
# DynamicUser = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateNetwork = true;
PrivateTmp = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectHome = true;
ProtectHostname = true;
# Would re-mount paths ignored by temporary root
#ProtectSystem = "strict";
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = [ ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@privileged @resources @setuid @keyring" ];
# Does not work well with the temporary root
#UMask = "0066";
};
in
{
options.services.kanidm = {
enableClient = lib.mkEnableOption "the Kanidm client";
enableServer = lib.mkEnableOption "the Kanidm server";
enablePam = lib.mkEnableOption "the Kanidm PAM and NSS integration.";
serverSettings = lib.mkOption {
type = lib.types.submodule {
freeformType = settingsFormat.type;
options = {
bindaddress = lib.mkOption {
description = "Address/port combination the webserver binds to.";
example = "[::1]:8443";
type = lib.types.str;
};
# Should be optional but toml does not accept null
ldapbindaddress = lib.mkOption {
description = ''
Address and port the LDAP server is bound to. Setting this to <literal>null</literal> disables the LDAP interface.
'';
example = "[::1]:636";
default = null;
type = lib.types.nullOr lib.types.str;
};
origin = lib.mkOption {
description = "The origin of your Kanidm instance. Must have https as protocol.";
example = "https://idm.example.org";
type = lib.types.strMatching "^https://.*";
};
domain = lib.mkOption {
description = ''
The <literal>domain</literal> that Kanidm manages. Must be below or equal to the domain
specified in <literal>serverSettings.origin</literal>.
This can be left at <literal>null</literal>, only if your instance has the role <literal>ReadOnlyReplica</literal>.
While it is possible to change the domain later on, it requires extra steps!
Please consider the warnings and execute the steps described
<link xlink:href="https://kanidm.github.io/kanidm/stable/administrivia.html#rename-the-domain">in the documentation</link>.
'';
example = "example.org";
default = null;
type = lib.types.nullOr lib.types.str;
};
db_path = lib.mkOption {
description = "Path to Kanidm database.";
default = "/var/lib/kanidm/kanidm.db";
readOnly = true;
type = lib.types.path;
};
log_level = lib.mkOption {
description = "Log level of the server.";
default = "default";
type = lib.types.enum [ "default" "verbose" "perfbasic" "perffull" ];
};
role = lib.mkOption {
description = "The role of this server. This affects the replication relationship and thereby available features.";
default = "WriteReplica";
type = lib.types.enum [ "WriteReplica" "WriteReplicaNoUI" "ReadOnlyReplica" ];
};
};
};
default = { };
description = ''
Settings for Kanidm, see
<link xlink:href="https://github.com/kanidm/kanidm/blob/master/kanidm_book/src/server_configuration.md">the documentation</link>
and <link xlink:href="https://github.com/kanidm/kanidm/blob/master/examples/server.toml">example configuration</link>
for possible values.
'';
};
clientSettings = lib.mkOption {
type = lib.types.submodule {
freeformType = settingsFormat.type;
options.uri = lib.mkOption {
description = "Address of the Kanidm server.";
example = "http://127.0.0.1:8080";
type = lib.types.str;
};
};
description = ''
Configure Kanidm clients, needed for the PAM daemon. See
<link xlink:href="https://github.com/kanidm/kanidm/blob/master/kanidm_book/src/client_tools.md#kanidm-configuration">the documentation</link>
and <link xlink:href="https://github.com/kanidm/kanidm/blob/master/examples/config">example configuration</link>
for possible values.
'';
};
unixSettings = lib.mkOption {
type = lib.types.submodule {
freeformType = settingsFormat.type;
options.pam_allowed_login_groups = lib.mkOption {
description = "Kanidm groups that are allowed to login using PAM.";
example = "my_pam_group";
type = lib.types.listOf lib.types.str;
};
};
description = ''
Configure Kanidm unix daemon.
See <link xlink:href="https://github.com/kanidm/kanidm/blob/master/kanidm_book/src/pam_and_nsswitch.md#the-unix-daemon">the documentation</link>
and <link xlink:href="https://github.com/kanidm/kanidm/blob/master/examples/unixd">example configuration</link>
for possible values.
'';
};
};
config = lib.mkIf (cfg.enableClient || cfg.enableServer || cfg.enablePam) {
assertions =
[
{
assertion = !cfg.enableServer || ((cfg.serverSettings.tls_chain or null) == null) || (!lib.isStorePath cfg.serverSettings.tls_chain);
message = ''
<option>services.kanidm.serverSettings.tls_chain</option> points to
a file in the Nix store. You should use a quoted absolute path to
prevent this.
'';
}
{
assertion = !cfg.enableServer || ((cfg.serverSettings.tls_key or null) == null) || (!lib.isStorePath cfg.serverSettings.tls_key);
message = ''
<option>services.kanidm.serverSettings.tls_key</option> points to
a file in the Nix store. You should use a quoted absolute path to
prevent this.
'';
}
{
assertion = !cfg.enableClient || options.services.kanidm.clientSettings.isDefined;
message = ''
<option>services.kanidm.clientSettings</option> needs to be configured
if the client is enabled.
'';
}
{
assertion = !cfg.enablePam || options.services.kanidm.clientSettings.isDefined;
message = ''
<option>services.kanidm.clientSettings</option> needs to be configured
for the PAM daemon to connect to the Kanidm server.
'';
}
{
assertion = !cfg.enableServer || (cfg.serverSettings.domain == null
-> cfg.serverSettings.role == "WriteReplica" || cfg.serverSettings.role == "WriteReplicaNoUI");
message = ''
<option>services.kanidm.serverSettings.domain</option> can only be set if this instance
is not a ReadOnlyReplica. Otherwise the db would inherit it from
the instance it follows.
'';
}
];
environment.systemPackages = lib.mkIf cfg.enableClient [ pkgs.kanidm ];
systemd.services.kanidm = lib.mkIf cfg.enableServer {
description = "kanidm identity management daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = defaultServiceConfig // {
StateDirectory = "kanidm";
StateDirectoryMode = "0700";
ExecStart = "${pkgs.kanidm}/bin/kanidmd server -c ${serverConfigFile}";
User = "kanidm";
Group = "kanidm";
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
# This would otherwise override the CAP_NET_BIND_SERVICE capability.
PrivateUsers = false;
# Port needs to be exposed to the host network
PrivateNetwork = false;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
TemporaryFileSystem = "/:ro";
};
environment.RUST_LOG = "info";
};
systemd.services.kanidm-unixd = lib.mkIf cfg.enablePam {
description = "Kanidm PAM daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
restartTriggers = [ unixConfigFile clientConfigFile ];
serviceConfig = defaultServiceConfig // {
CacheDirectory = "kanidm-unixd";
CacheDirectoryMode = "0700";
RuntimeDirectory = "kanidm-unixd";
ExecStart = "${pkgs.kanidm}/bin/kanidm_unixd";
User = "kanidm-unixd";
Group = "kanidm-unixd";
BindReadOnlyPaths = [
"/nix/store"
"-/etc/resolv.conf"
"-/etc/nsswitch.conf"
"-/etc/hosts"
"-/etc/localtime"
"-/etc/kanidm"
"-/etc/static/kanidm"
];
BindPaths = [
# To create the socket
"/run/kanidm-unixd:/var/run/kanidm-unixd"
];
# Needs to connect to kanidmd
PrivateNetwork = false;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
TemporaryFileSystem = "/:ro";
};
environment.RUST_LOG = "info";
};
systemd.services.kanidm-unixd-tasks = lib.mkIf cfg.enablePam {
description = "Kanidm PAM home management daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "kanidm-unixd.service" ];
partOf = [ "kanidm-unixd.service" ];
restartTriggers = [ unixConfigFile clientConfigFile ];
serviceConfig = {
ExecStart = "${pkgs.kanidm}/bin/kanidm_unixd_tasks";
BindReadOnlyPaths = [
"/nix/store"
"-/etc/resolv.conf"
"-/etc/nsswitch.conf"
"-/etc/hosts"
"-/etc/localtime"
"-/etc/kanidm"
"-/etc/static/kanidm"
];
BindPaths = [
# To manage home directories
"/home"
# To connect to kanidm-unixd
"/run/kanidm-unixd:/var/run/kanidm-unixd"
];
# CAP_DAC_OVERRIDE is needed to ignore ownership of unixd socket
CapabilityBoundingSet = [ "CAP_CHOWN" "CAP_FOWNER" "CAP_DAC_OVERRIDE" "CAP_DAC_READ_SEARCH" ];
IPAddressDeny = "any";
# Need access to users
PrivateUsers = false;
# Need access to home directories
ProtectHome = false;
RestrictAddressFamilies = [ "AF_UNIX" ];
TemporaryFileSystem = "/:ro";
};
environment.RUST_LOG = "info";
};
# These paths are hardcoded
environment.etc = lib.mkMerge [
(lib.mkIf options.services.kanidm.clientSettings.isDefined {
"kanidm/config".source = clientConfigFile;
})
(lib.mkIf cfg.enablePam {
"kanidm/unixd".source = unixConfigFile;
})
];
system.nssModules = lib.mkIf cfg.enablePam [ pkgs.kanidm ];
system.nssDatabases.group = lib.optional cfg.enablePam "kanidm";
system.nssDatabases.passwd = lib.optional cfg.enablePam "kanidm";
users.groups = lib.mkMerge [
(lib.mkIf cfg.enableServer {
kanidm = { };
})
(lib.mkIf cfg.enablePam {
kanidm-unixd = { };
})
];
users.users = lib.mkMerge [
(lib.mkIf cfg.enableServer {
kanidm = {
description = "Kanidm server";
isSystemUser = true;
group = "kanidm";
packages = with pkgs; [ kanidm ];
};
})
(lib.mkIf cfg.enablePam {
kanidm-unixd = {
description = "Kanidm PAM daemon";
isSystemUser = true;
group = "kanidm-unixd";
};
})
];
};
meta.maintainers = with lib.maintainers; [ erictapen Flakebi ];
meta.buildDocsInSandbox = false;
}

199
nixos/modules/tasks/filesystems/zfs.nix
View file

@ -58,6 +58,13 @@ let
# latter case it makes one last attempt at importing, allowing the system to
# (eventually) boot even with a degraded pool.
importLib = {zpoolCmd, awkCmd, cfgZfs}: ''
for o in $(cat /proc/cmdline); do
case $o in
zfs_force|zfs_force=1|zfs_force=y)
ZFS_FORCE="-f"
;;
esac
done
poolReady() {
pool="$1"
state="$("${zpoolCmd}" import 2>/dev/null | "${awkCmd}" "/pool: $pool/ { found = 1 }; /state:/ { if (found == 1) { print \$2; exit } }; END { if (found == 0) { print \"MISSING\" } }")"
@ -78,6 +85,95 @@ let
}
'';
getPoolFilesystems = pool:
filter (x: x.fsType == "zfs" && (fsToPool x) == pool) config.system.build.fileSystems;
getPoolMounts = prefix: pool:
let
# Remove the "/" suffix because even though most mountpoints
# won't have it, the "/" mountpoint will, and we can't have the
# trailing slash in "/sysroot/" in stage 1.
mountPoint = fs: escapeSystemdPath (prefix + (lib.removeSuffix "/" fs.mountPoint));
in
map (x: "${mountPoint x}.mount") (getPoolFilesystems pool);
getKeyLocations = pool:
if isBool cfgZfs.requestEncryptionCredentials
then "${cfgZfs.package}/sbin/zfs list -rHo name,keylocation,keystatus ${pool}"
else "${cfgZfs.package}/sbin/zfs list -Ho name,keylocation,keystatus ${toString (filter (x: datasetToPool x == pool) cfgZfs.requestEncryptionCredentials)}";
createImportService = { pool, systemd, force, prefix ? "" }:
nameValuePair "zfs-import-${pool}" {
description = "Import ZFS pool \"${pool}\"";
# we need systemd-udev-settle to ensure devices are available
# In the future, hopefully someone will complete this:
# https://github.com/zfsonlinux/zfs/pull/4943
requires = [ "systemd-udev-settle.service" ];
after = [
"systemd-udev-settle.service"
"systemd-modules-load.service"
"systemd-ask-password-console.service"
];
wantedBy = (getPoolMounts prefix pool) ++ [ "local-fs.target" ];
before = (getPoolMounts prefix pool) ++ [ "local-fs.target" ];
unitConfig = {
DefaultDependencies = "no";
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
environment.ZFS_FORCE = optionalString force "-f";
script = (importLib {
# See comments at importLib definition.
zpoolCmd = "${cfgZfs.package}/sbin/zpool";
awkCmd = "${pkgs.gawk}/bin/awk";
inherit cfgZfs;
}) + ''
poolImported "${pool}" && exit
echo -n "importing ZFS pool \"${pool}\"..."
# Loop across the import until it succeeds, because the devices needed may not be discovered yet.
for trial in `seq 1 60`; do
poolReady "${pool}" && poolImport "${pool}" && break
sleep 1
done
poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool.
if poolImported "${pool}"; then
${optionalString (if isBool cfgZfs.requestEncryptionCredentials
then cfgZfs.requestEncryptionCredentials
else cfgZfs.requestEncryptionCredentials != []) ''
${getKeyLocations pool} | while IFS=$'\t' read ds kl ks; do
{
if [[ "$ks" != unavailable ]]; then
continue
fi
case "$kl" in
none )
;;
prompt )
tries=3
success=false
while [[ $success != true ]] && [[ $tries -gt 0 ]]; do
${systemd}/bin/systemd-ask-password "Enter key for $ds:" | ${cfgZfs.package}/sbin/zfs load-key "$ds" \
&& success=true \
|| tries=$((tries - 1))
done
[[ $success = true ]]
;;
* )
${cfgZfs.package}/sbin/zfs load-key "$ds"
;;
esac
} < /dev/null # To protect while read ds kl in case anything reads stdin
done
''}
echo "Successfully imported ${pool}"
else
exit 1
fi
'';
};
zedConf = generators.toKeyValue {
mkKeyValue = generators.mkKeyValueDefault {
mkValueString = v:
@ -428,14 +524,6 @@ in
'';
postDeviceCommands = concatStringsSep "\n" ([''
ZFS_FORCE="${optionalString cfgZfs.forceImportRoot "-f"}"
for o in $(cat /proc/cmdline); do
case $o in
zfs_force|zfs_force=1)
ZFS_FORCE="-f"
;;
esac
done
''] ++ [(importLib {
# See comments at importLib definition.
zpoolCmd = "zpool";
@ -464,6 +552,21 @@ in
zfs load-key ${fs}
'') cfgZfs.requestEncryptionCredentials}
'') rootPools));
# Systemd in stage 1
systemd = {
packages = [cfgZfs.package];
services = listToAttrs (map (pool: createImportService {
inherit pool;
systemd = config.boot.initrd.systemd.package;
force = cfgZfs.forceImportRoot;
prefix = "/sysroot";
}) rootPools);
extraBin = {
# zpool and zfs are already in thanks to fsPackages
awk = "${pkgs.gawk}/bin/awk";
};
};
};
systemd.shutdownRamfs.contents."/etc/systemd/system-shutdown/zpool".source = pkgs.writeShellScript "zpool-sync-shutdown" ''
@ -521,79 +624,11 @@ in
systemd.packages = [ cfgZfs.package ];
systemd.services = let
getPoolFilesystems = pool:
filter (x: x.fsType == "zfs" && (fsToPool x) == pool) config.system.build.fileSystems;
getPoolMounts = pool:
let
mountPoint = fs: escapeSystemdPath fs.mountPoint;
in
map (x: "${mountPoint x}.mount") (getPoolFilesystems pool);
createImportService = pool:
nameValuePair "zfs-import-${pool}" {
description = "Import ZFS pool \"${pool}\"";
# we need systemd-udev-settle until https://github.com/zfsonlinux/zfs/pull/4943 is merged
requires = [ "systemd-udev-settle.service" ];
after = [
"systemd-udev-settle.service"
"systemd-modules-load.service"
"systemd-ask-password-console.service"
];
wantedBy = (getPoolMounts pool) ++ [ "local-fs.target" ];
before = (getPoolMounts pool) ++ [ "local-fs.target" ];
unitConfig = {
DefaultDependencies = "no";
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
environment.ZFS_FORCE = optionalString cfgZfs.forceImportAll "-f";
script = (importLib {
# See comments at importLib definition.
zpoolCmd = "${cfgZfs.package}/sbin/zpool";
awkCmd = "${pkgs.gawk}/bin/awk";
inherit cfgZfs;
}) + ''
poolImported "${pool}" && exit
echo -n "importing ZFS pool \"${pool}\"..."
# Loop across the import until it succeeds, because the devices needed may not be discovered yet.
for trial in `seq 1 60`; do
poolReady "${pool}" && poolImport "${pool}" && break
sleep 1
done
poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool.
if poolImported "${pool}"; then
${optionalString (if isBool cfgZfs.requestEncryptionCredentials
then cfgZfs.requestEncryptionCredentials
else cfgZfs.requestEncryptionCredentials != []) ''
${cfgZfs.package}/sbin/zfs list -rHo name,keylocation ${pool} | while IFS=$'\t' read ds kl; do
{
${optionalString (!isBool cfgZfs.requestEncryptionCredentials) ''
if ! echo '${concatStringsSep "\n" cfgZfs.requestEncryptionCredentials}' | grep -qFx "$ds"; then
continue
fi
''}
case "$kl" in
none )
;;
prompt )
${config.systemd.package}/bin/systemd-ask-password "Enter key for $ds:" | ${cfgZfs.package}/sbin/zfs load-key "$ds"
;;
* )
${cfgZfs.package}/sbin/zfs load-key "$ds"
;;
esac
} < /dev/null # To protect while read ds kl in case anything reads stdin
done
''}
echo "Successfully imported ${pool}"
else
exit 1
fi
'';
};
createImportService' = pool: createImportService {
inherit pool;
systemd = config.systemd.package;
force = cfgZfs.forceImportAll;
};
# This forces a sync of any ZFS pools prior to poweroff, even if they're set
# to sync=disabled.
@ -619,7 +654,7 @@ in
wantedBy = [ "zfs.target" ];
};
in listToAttrs (map createImportService dataPools ++
in listToAttrs (map createImportService' dataPools ++
map createSyncService allPools ++
map createZfsService [ "zfs-mount" "zfs-share" "zfs-zed" ]);

1
nixos/tests/all-tests.nix
View file

@ -253,6 +253,7 @@ in
k3s-single-node = handleTest ./k3s-single-node.nix {};
k3s-single-node-docker = handleTest ./k3s-single-node-docker.nix {};
kafka = handleTest ./kafka.nix {};
kanidm = handleTest ./kanidm.nix {};
kbd-setfont-decompress = handleTest ./kbd-setfont-decompress.nix {};
kbd-update-search-paths-patch = handleTest ./kbd-update-search-paths-patch.nix {};
kea = handleTest ./kea.nix {};

1
nixos/tests/installed-tests/default.nix
View file

@ -106,6 +106,5 @@ in
malcontent = callInstalledTest ./malcontent.nix {};
ostree = callInstalledTest ./ostree.nix {};
pipewire = callInstalledTest ./pipewire.nix {};
power-profiles-daemon = callInstalledTest ./power-profiles-daemon.nix {};
xdg-desktop-portal = callInstalledTest ./xdg-desktop-portal.nix {};
}

9
nixos/tests/installed-tests/power-profiles-daemon.nix
View file

@ -1,9 +0,0 @@
{ pkgs, lib, makeInstalledTest, ... }:
makeInstalledTest {
tested = pkgs.power-profiles-daemon;
testConfig = {
services.power-profiles-daemon.enable = true;
};
}

2
nixos/tests/installer-systemd-stage-1.nix
View file

@ -27,7 +27,7 @@
simpleUefiGrubSpecialisation
simpleUefiSystemdBoot
# swraid
# zfsroot
zfsroot
;
}

75
nixos/tests/kanidm.nix Normal file
View file

@ -0,0 +1,75 @@
import ./make-test-python.nix ({ pkgs, ... }:
let
certs = import ./common/acme/server/snakeoil-certs.nix;
serverDomain = certs.domain;
in
{
name = "kanidm";
meta.maintainers = with pkgs.lib.maintainers; [ erictapen Flakebi ];
nodes.server = { config, pkgs, lib, ... }: {
services.kanidm = {
enableServer = true;
serverSettings = {
origin = "https://${serverDomain}";
domain = serverDomain;
bindaddress = "[::1]:8443";
ldapbindaddress = "[::1]:636";
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."${serverDomain}" = {
forceSSL = true;
sslCertificate = certs."${serverDomain}".cert;
sslCertificateKey = certs."${serverDomain}".key;
locations."/".proxyPass = "http://[::1]:8443";
};
};
security.pki.certificateFiles = [ certs.ca.cert ];
networking.hosts."::1" = [ serverDomain ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
users.users.kanidm.shell = pkgs.bashInteractive;
environment.systemPackages = with pkgs; [ kanidm openldap ripgrep ];
};
nodes.client = { pkgs, nodes, ... }: {
services.kanidm = {
enableClient = true;
clientSettings = {
uri = "https://${serverDomain}";
};
};
networking.hosts."${nodes.server.config.networking.primaryIPAddress}" = [ serverDomain ];
security.pki.certificateFiles = [ certs.ca.cert ];
};
testScript = { nodes, ... }:
let
ldapBaseDN = builtins.concatStringsSep "," (map (s: "dc=" + s) (pkgs.lib.splitString "." serverDomain));
# We need access to the config file in the test script.
filteredConfig = pkgs.lib.converge
(pkgs.lib.filterAttrsRecursive (_: v: v != null))
nodes.server.config.services.kanidm.serverSettings;
serverConfigFile = (pkgs.formats.toml { }).generate "server.toml" filteredConfig;
in
''
start_all()
server.wait_for_unit("kanidm.service")
server.wait_until_succeeds("curl -sf https://${serverDomain} | grep Kanidm")
server.wait_until_succeeds("ldapsearch -H ldap://[::1]:636 -b '${ldapBaseDN}' -x '(name=test)'")
client.wait_until_succeeds("kanidm login -D anonymous && kanidm self whoami | grep anonymous@${serverDomain}")
(rv, result) = server.execute("kanidmd recover_account -d quiet -c ${serverConfigFile} -n admin 2>&1 | rg -o '[A-Za-z0-9]{48}'")
assert rv == 0
'';
})

6
pkgs/applications/networking/browsers/firefox/librewolf/src.json
View file

@ -1,8 +1,8 @@
{
"packageVersion": "100.0-1",
"packageVersion": "100.0-2",
"source": {
"rev": "100.0-1",
"sha256": "1xczvsd39g821bh5n12vnn7sgi0x5dqj6vfizkavxj0a05jb4fla"
"rev": "100.0-2",
"sha256": "0pr7fb91zw5qlnfvaavzksd3c2xzgn1344mmfnz9yx2g42vcyi7d"
},
"firefox": {
"version": "100.0",

4
pkgs/applications/networking/instant-messengers/psi-plus/default.nix
View file

@ -43,13 +43,13 @@ assert enablePsiMedia -> enablePlugins;
mkDerivation rec {
pname = "psi-plus";
version = "1.5.1615";
version = "1.5.1618";
src = fetchFromGitHub {
owner = "psi-plus";
repo = "psi-plus-snapshots";
rev = version;
sha256 = "sha256-aD+JVGmBWHUav2bH9rXGtgqI+/5lJTMrYLRP7E65JxI=";
sha256 = "sha256-ueZYFOZFCPQrg9etZCrY5ZTn7PZMkcuwbXVPPbW9S/A=";
};
cmakeFlags = [

7
pkgs/applications/networking/irc/weechat/scripts/weechat-otr/default.nix
View file

@ -24,6 +24,9 @@ let
buildInputs = [ gmp ];
# Tests are relying on old Python 2 modules.
doCheck = false;
preConfigure = ''
sed -i 's,/usr/include,/no-such-dir,' configure
sed -i "s!,'/usr/include/'!!" setup.py
@ -66,5 +69,9 @@ in stdenv.mkDerivation rec {
license = licenses.gpl3;
maintainers = with maintainers; [ oxzi ];
description = "WeeChat script for Off-the-Record messaging";
knownVulnerabilities = [
"There is no upstream release since 2018-03."
"Utilizes deprecated and vulnerable pycrypto library with Debian patches from 2020-04."
];
};
}

4
pkgs/applications/office/portfolio/default.nix
View file

@ -25,11 +25,11 @@ let
in
stdenv.mkDerivation rec {
pname = "PortfolioPerformance";
version = "0.57.1";
version = "0.57.2";
src = fetchurl {
url = "https://github.com/buchen/portfolio/releases/download/${version}/PortfolioPerformance-${version}-linux.gtk.x86_64.tar.gz";
sha256 = "sha256-uEEFkHyApf+TObcu+Yo5vBOs2Erq0IXGhbjzlEe8NmI=";
sha256 = "sha256-ftLKlNzr46iL/V+P3J1wtoUByGHHl7wrh4xctU4JYkM=";
};
nativeBuildInputs = [

6
pkgs/applications/office/timeular/default.nix
View file

@ -7,13 +7,13 @@
}:
let
version = "3.9.1";
version = "4.7.1";
pname = "timeular";
name = "${pname}-${version}";
src = fetchurl {
url = "https://s3.amazonaws.com/timeular-desktop-packages/linux/production/Timeular-${version}.AppImage";
sha256 = "103hy443p697jdkz6li8s1n6kg1r55jmiw2vbjz12kskf7njg4y4";
sha256 = "sha256:0k8ywbdb41imq10ya9y27zks67a6drjb1h0hn8ycd7a6z6703rjz";
};
appimageContents = appimageTools.extractType2 {
@ -35,7 +35,7 @@ in appimageTools.wrapType2 rec {
install -m 444 -D ${appimageContents}/timeular.desktop $out/share/applications/timeular.desktop
install -m 444 -D ${appimageContents}/timeular.png $out/share/icons/hicolor/512x512/apps/timeular.png
substituteInPlace $out/share/applications/timeular.desktop \
--replace 'Exec=AppRun' 'Exec=${pname}'
--replace "Exec=AppRun --no-sandbox %U" "Exec=$out/bin/${pname}"
'';
meta = with lib; {

8
pkgs/applications/version-management/got/default.nix
View file

@ -1,17 +1,17 @@
{ lib, stdenv, fetchurl, pkg-config, openssl, libuuid, libmd, zlib, ncurses }:
{ lib, stdenv, fetchurl, pkg-config, openssl, libbsd, libuuid, libmd, zlib, ncurses }:
stdenv.mkDerivation rec {
pname = "got";
version = "0.68.1";
version = "0.69";
src = fetchurl {
url = "https://gameoftrees.org/releases/portable/got-portable-${version}.tar.gz";
sha256 = "122wignzrhsw00mfnh7mxcxvjyp9rk73yxzfyvmg7f5kmb0hng35";
sha256 = "1cnl0yk866wzjwgas587kvb08njq7db71b5xqsdrwd1varp010vm";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [ openssl libuuid libmd zlib ncurses ];
buildInputs = [ openssl libbsd libuuid libmd zlib ncurses ];
doInstallCheck = true;

48
pkgs/applications/version-management/p4v/default.nix
View file

@ -1,12 +1,38 @@
{ stdenv, fetchurl, lib, qtbase, qtmultimedia, qtscript, qtsensors, qtwebengine, qtwebkit, openssl, xkeyboard_config, patchelfUnstable, wrapQtAppsHook }:
{ stdenv
, fetchurl
, lib
, qtbase
, qtwebengine
, qtdeclarative
, qtwebchannel
, syntax-highlighting
, openssl
, xkeyboard_config
, patchelfUnstable
, wrapQtAppsHook
, writeText
}:
let
# This abomination exists because p4v calls CRYPTO_set_mem_functions and
# expects it to succeed. The function will fail if CRYPTO_malloc has already
# been called, which happens at init time via qtwebengine -> ... -> libssh. I
# suspect it was meant to work with a version of Qt where openssl is
# statically linked or some other library is used.
crypto-hack = writeText "crypto-hack.c" ''
#include <stddef.h>
int CRYPTO_set_mem_functions(
void *(*m)(size_t, const char *, int),
void *(*r)(void *, size_t, const char *, int),
void (*f)(void *, const char *, int)) { return 1; }
'';
stdenv.mkDerivation rec {
in stdenv.mkDerivation rec {
pname = "p4v";
version = "2020.1.1966006";
version = "2021.3.2186916";
src = fetchurl {
url = "https://cdist2.perforce.com/perforce/r20.1/bin.linux26x86_64/p4v.tgz";
sha256 = "0zc70d7jgdrd2jli338n1h05hgb7jmmv8hvq205wh78vvllrlv10";
url = "http://web.archive.org/web/20211118024745/https://cdist2.perforce.com/perforce/r21.3/bin.linux26x86_64/p4v.tgz";
sha256 = "1zldg21xq4srww9pcfbv3p8320ghjnh333pz5r70z1gwbq4vf3jq";
};
dontBuild = true;
@ -15,11 +41,10 @@ stdenv.mkDerivation rec {
ldLibraryPath = lib.makeLibraryPath [
stdenv.cc.cc.lib
qtbase
qtmultimedia
qtscript
qtsensors
qtwebengine
qtwebkit
qtdeclarative
qtwebchannel
syntax-highlighting
openssl
];
@ -29,14 +54,17 @@ stdenv.mkDerivation rec {
cp -r bin $out
mkdir -p $out/lib
cp -r lib/P4VResources $out/lib
$CC -fPIC -shared -o $out/lib/libcrypto-hack.so ${crypto-hack}
for f in $out/bin/*.bin ; do
patchelf --set-rpath $ldLibraryPath --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $f
# combining this with above breaks rpath (patchelf bug?)
patchelf --add-needed libstdc++.so $f \
patchelf --add-needed libstdc++.so \
--add-needed $out/lib/libcrypto-hack.so \
--clear-symbol-version _ZNSt20bad_array_new_lengthD1Ev \
--clear-symbol-version _ZTVSt20bad_array_new_length \
--clear-symbol-version _ZTISt20bad_array_new_length \
--clear-symbol-version _ZdlPvm \
$f
wrapQtApp $f \
--suffix QT_XKB_CONFIG_ROOT : ${xkeyboard_config}/share/X11/xkb

25
pkgs/development/libraries/umockdev/default.nix
View file

@ -19,15 +19,21 @@
stdenv.mkDerivation rec {
pname = "umockdev";
version = "0.17.8";
version = "0.17.9";
outputs = [ "bin" "out" "dev" "devdoc" ];
src = fetchurl {
url = "https://github.com/martinpitt/umockdev/releases/download/${version}/${pname}-${version}.tar.xz";
sha256 = "sha256-s3zeWJxw5ohUtsv4NZGKcdP8khEYzIXycbBrAzdnVoU=";
sha256 = "sha256-FEmWjJVmKKckC30zULGI/mZ3VNtirnweZq2gKh/Y5VE=";
};
patches = [
# Hardcode absolute paths to libraries so that consumers
# do not need to set LD_LIBRARY_PATH themselves.
./hardcode-paths.patch
];
nativeBuildInputs = [
docbook-xsl-nons
gobject-introspection
@ -57,6 +63,21 @@ stdenv.mkDerivation rec {
doCheck = true;
postPatch = ''
# Substitute the path to this derivation in the patch we apply.
substituteInPlace src/umockdev-wrapper \
--subst-var-by 'LIBDIR' "''${!outputLib}/lib"
'';
preCheck = ''
# Our patch makes the path to the `LD_PRELOAD`ed library absolute.
# When running tests, the library is not yet installed, though,
# so we need to replace the absolute path with a local one during build.
# We are using a symlink that will be overridden during installation.
mkdir -p "$out/lib"
ln -s "$PWD/libumockdev-preload.so.0" "$out/lib/libumockdev-preload.so.0"
'';
meta = with lib; {
description = "Mock hardware devices for creating unit tests";
license = licenses.lgpl21Plus;

69
pkgs/development/libraries/umockdev/hardcode-paths.patch Normal file
View file

@ -0,0 +1,69 @@
diff --git a/meson.build b/meson.build
index 2ed9027..1f6bbf2 100644
--- a/meson.build
+++ b/meson.build
@@ -38,6 +38,7 @@ g_ir_compiler = find_program('g-ir-compiler', required: false)
conf.set('PACKAGE_NAME', meson.project_name())
conf.set_quoted('VERSION', meson.project_version())
+conf.set_quoted('LIBDIR', get_option('prefix') / get_option('libdir'))
# glibc versions somewhere between 2.28 and 2.34
if cc.has_function('__fxstatat', prefix: '#include <sys/stat.h>')
@@ -148,7 +149,7 @@ hacked_gir = custom_target('UMockdev-1.0 hacked gir',
if g_ir_compiler.found()
umockdev_typelib = custom_target('UMockdev-1.0 typelib',
- command: [g_ir_compiler, '--output', '@OUTPUT@', '-l', 'libumockdev.so.0', '@INPUT@'],
+ command: [g_ir_compiler, '--output', '@OUTPUT@', '-l', get_option('prefix') / get_option('libdir') / 'libumockdev.so.0', '@INPUT@'],
input: hacked_gir,
output: 'UMockdev-1.0.typelib',
install: true,
diff --git a/src/config.vapi b/src/config.vapi
index 5269dd0..a2ec46d 100644
--- a/src/config.vapi
+++ b/src/config.vapi
@@ -2,5 +2,6 @@
namespace Config {
public const string PACKAGE_NAME;
public const string VERSION;
+ public const string LIBDIR;
}
diff --git a/src/umockdev-record.vala b/src/umockdev-record.vala
index 8434d32..68c7f8e 100644
--- a/src/umockdev-record.vala
+++ b/src/umockdev-record.vala
@@ -435,7 +435,7 @@ main (string[] args)
preload = "";
else
preload = preload + ":";
- Environment.set_variable("LD_PRELOAD", preload + "libumockdev-preload.so.0", true);
+ Environment.set_variable("LD_PRELOAD", preload + Config.LIBDIR + "/libumockdev-preload.so.0", true);
try {
root_dir = DirUtils.make_tmp("umockdev.XXXXXX");
diff --git a/src/umockdev-run.vala b/src/umockdev-run.vala
index 9a1ba10..6df2522 100644
--- a/src/umockdev-run.vala
+++ b/src/umockdev-run.vala
@@ -95,7 +95,7 @@ main (string[] args)
preload = "";
else
preload = preload + ":";
- Environment.set_variable ("LD_PRELOAD", preload + "libumockdev-preload.so.0", true);
+ Environment.set_variable ("LD_PRELOAD", preload + Config.LIBDIR + "/libumockdev-preload.so.0", true);
var testbed = new UMockdev.Testbed ();
diff --git a/src/umockdev-wrapper b/src/umockdev-wrapper
index 6ce4dcd..706c49a 100755
--- a/src/umockdev-wrapper
+++ b/src/umockdev-wrapper
@@ -1,5 +1,5 @@
#!/bin/sh
# Wrapper program to preload the libumockdev library, so that test programs can
# set $UMOCKDEV_DIR for redirecting sysfs and other queries to a test bed.
-exec env LD_PRELOAD=libumockdev-preload.so.0:$LD_PRELOAD "$@"
+exec env LD_PRELOAD=@LIBDIR@/libumockdev-preload.so.0:$LD_PRELOAD "$@"

65
pkgs/development/python-modules/aiolimiter/default.nix Normal file
View file

@ -0,0 +1,65 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, fetchpatch
, poetry-core
, importlib-metadata
, pytest-asyncio
, pytestCheckHook
, pythonOlder
, toml
}:
buildPythonPackage rec {
pname = "aiolimiter";
version = "1.0.0";
format = "pyproject";
disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "mjpieters";
repo = pname;
rev = "v${version}";
sha256 = "sha256-4wByVZoOLhrXFx9oK19GBmRcjGoJolQ3Gwx9vQV/n8s=";
};
nativeBuildInputs = [
poetry-core
];
propagatedBuildInputs = lib.optionals (pythonOlder "3.8") [
importlib-metadata
];
checkInputs = [
pytest-asyncio
pytestCheckHook
toml
];
patches = [
# Switch to poetry-core, https://github.com/mjpieters/aiolimiter/pull/77
(fetchpatch {
name = "switch-to-peotry-core.patch";
url = "https://github.com/mjpieters/aiolimiter/commit/84a85eff42621b0daff8fcf6bb485db313faae0b.patch";
sha256 = "sha256-xUfJwLvMF2Xt/V1bKBFn/fjn1uyw7bGNo9RpWxtyr50=";
})
];
postPatch = ''
substituteInPlace tox.ini \
--replace " --cov=aiolimiter --cov-config=tox.ini --cov-report term-missing" ""
'';
pythonImportsCheck = [
"aiolimiter"
];
meta = with lib; {
description = "Implementation of a rate limiter for asyncio";
homepage = "https://github.com/mjpieters/aiolimiter";
license = with licenses; [ mit ];
maintainers = with maintainers; [ fab ];
};
}

15
pkgs/development/python-modules/azure-mgmt-msi/default.nix
View file

@ -1,16 +1,20 @@
{ lib
, buildPythonPackage
, pythonOlder
, fetchPypi
, msrest
, msrestazure
, azure-common
, azure-mgmt-nspkg
, azure-mgmt-core
}:
buildPythonPackage rec {
pname = "azure-mgmt-msi";
version = "6.0.0";
disabled = pythonOlder "3.6";
format = "setuptools";
src = fetchPypi {
inherit pname version;
extension = "zip";
@ -19,9 +23,8 @@ buildPythonPackage rec {
propagatedBuildInputs = [
msrest
msrestazure
azure-common
azure-mgmt-nspkg
azure-mgmt-core
];
pythonNamespaces = [ "azure.mgmt" ];
@ -29,9 +32,11 @@ buildPythonPackage rec {
# has no tests
doCheck = false;
pythonImportsCheck = [ "azure.mgmt.msi" ];
meta = with lib; {
description = "This is the Microsoft Azure MSI Management Client Library";
homepage = "https://github.com/Azure/azure-sdk-for-python";
homepage = "https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/resources/azure-mgmt-msi";
license = licenses.mit;
maintainers = with maintainers; [ maxwilson ];
};

4
pkgs/development/python-modules/azure-mgmt-resource/default.nix
View file

@ -8,14 +8,14 @@
buildPythonPackage rec {
version = "21.0.0";
version = "21.1.0";
pname = "azure-mgmt-resource";
disabled = !isPy3k;
src = fetchPypi {
inherit pname version;
extension = "zip";
sha256 = "sha256-y9J/UhxwtA/YO/Y88XsStbwD5ecNwrbnpxtevYuQDQM=";
sha256 = "sha256-UpZa3jHNBZ/qKxUT1l/mFgRuQz3g5YPc9cnJvr8+vWk=";
};
propagatedBuildInputs = [

19
pkgs/development/python-modules/backports-zoneinfo/default.nix
View file

@ -7,6 +7,7 @@
, tzdata
, hypothesis
, pytestCheckHook
, fetchpatch
}:
buildPythonPackage rec {
@ -22,7 +23,25 @@ buildPythonPackage rec {
sha256 = "sha256-00xdDOVdDanfsjQTd3yjMN2RFGel4cWRrAA3CvSnl24=";
};
# Make sure test data update patch applies
prePatch = ''
substituteInPlace tests/data/zoneinfo_data.json --replace \"2020a\" \"2021a\"
'';
patches = [
# Update test suite's test data to zoneinfo 2022a
# https://github.com/pganssle/zoneinfo/pull/115
(fetchpatch {
name = "backports-zoneinfo-2022a-update-test-data1.patch";
url = "https://github.com/pganssle/zoneinfo/pull/115/commits/837e2a0f9f1a1332e4233f83e3648fa564a9ec9e.patch";
sha256 = "196knwa212mr0b7zsh8papzr3f5mii87gcjjjx1r9zzvmk3g3ri0";
})
(fetchpatch {
name = "backports-zoneinfo-2022a-update-test-data2.patch";
url = "https://github.com/pganssle/zoneinfo/pull/115/commits/9fd330265b177916d6182249439bb40d5691eb58.patch";
sha256 = "1zxa5bkwi8hbnh4c0qv72wv6vdp5jlxqizfjsc05ymzvwa99cf75";
})
(substituteAll {
name = "zoneinfo-path";
src = ./zoneinfo.patch;

4
pkgs/development/python-modules/databricks-connect/default.nix
View file

@ -9,14 +9,14 @@
buildPythonPackage rec {
pname = "databricks-connect";
version = "9.1.14";
version = "9.1.15";
format = "setuptools";
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-l+mTqiQPuPJfGbEVSILpCTlxAka0GeCgIXjMG4Vs82o=";
sha256 = "sha256-qXS/hgF2qKUtTfo9UZ5KBa9N0PHJqKA8SC/vgE46LmA=";
};
sourceRoot = ".";

4
pkgs/development/python-modules/globus-sdk/default.nix
View file

@ -13,7 +13,7 @@
buildPythonPackage rec {
pname = "globus-sdk";
version = "3.7.0";
version = "3.8.0";
format = "setuptools";
disabled = pythonOlder "3.6";
@ -22,7 +22,7 @@ buildPythonPackage rec {
owner = "globus";
repo = "globus-sdk-python";
rev = "refs/tags/${version}";
hash = "sha256-Us3SCkrBPL3v9YCOQ7ceF3neCUZkJTrchYsvCRSX84Y=";
hash = "sha256-JaAiAAf0zIJDXXl3zb4UE9XpmjZ8KQiEcZJm1ps+efA=";
};
propagatedBuildInputs = [

4
pkgs/development/python-modules/impacket/default.nix
View file

@ -14,14 +14,14 @@
buildPythonPackage rec {
pname = "impacket";
version = "0.9.24";
version = "0.10.0";
format = "setuptools";
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
hash = "sha256-GNVX04f0kU+vpzmBO5FyvD+L2cA26Tv1iajg67cwS7o=";
hash = "sha256-uOsCCiy7RxRmac/jHGS7Ln1kmdBJxJPWQYuXFvXHRYM=";
};
propagatedBuildInputs = [

37
pkgs/development/python-modules/meater-python/default.nix Normal file
View file

@ -0,0 +1,37 @@
{ lib
, aiohttp
, buildPythonPackage
, fetchPypi
, pythonOlder
}:
buildPythonPackage rec {
pname = "meater-python";
version = "0.0.8";
format = "setuptools";
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
hash = "sha256-86XJmKOc2MCyU9v0UAZsPCUL/kAXywOlQOIHaykNF1o=";
};
propagatedBuildInputs = [
aiohttp
];
# Module has no tests
doCheck = false;
pythonImportsCheck = [
"meater"
];
meta = with lib; {
description = "Library for the Apption Labs Meater cooking probe";
homepage = "https://github.com/Sotolotl/meater-python";
license = licenses.asl20;
maintainers = with maintainers; [ fab ];
};
}

58
pkgs/development/python-modules/pyrainbird/default.nix Normal file
View file

@ -0,0 +1,58 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, parameterized
, pycryptodome
, pytestCheckHook
, pythonOlder
, pyyaml
, requests
, responses
, setuptools
}:
buildPythonPackage rec {
pname = "pyrainbird";
version = "0.4.3";
format = "setuptools";
disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "jbarrancos";
repo = pname;
rev = version;
hash = "sha256-uRHknWvoPKPu3B5MbSEUlWqBKwAbNMwsgXuf6PZxhkU=";
};
propagatedBuildInputs = [
pycryptodome
pyyaml
requests
setuptools
];
checkInputs = [
pytestCheckHook
parameterized
responses
];
postPatch = ''
substituteInPlace requirements.txt \
--replace "datetime" ""
substituteInPlace pytest.ini \
--replace "--cov=pyrainbird --cov-report=term-missing --pep8 --flakes --mccabe" ""
'';
pythonImportsCheck = [
"pyrainbird"
];
meta = with lib; {
description = "Module to interact with Rainbird controllers";
homepage = "https://github.com/jbarrancos/pyrainbird/";
license = with licenses; [ mit ];
maintainers = with maintainers; [ fab ];
};
}

61
pkgs/development/python-modules/raincloudy/default.nix Normal file
View file

@ -0,0 +1,61 @@
{ lib
, beautifulsoup4
, buildPythonPackage
, fetchFromGitHub
, html5lib
, pytestCheckHook
, pythonOlder
, requests
, requests-mock
, urllib3
}:
buildPythonPackage rec {
pname = "raincloudy";
version = "1.1.1";
format = "setuptools";
disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "vanstinator";
repo = pname;
rev = version;
hash = "sha256-c6tux0DZY56a4BpuiMXtaqm8+JKNDiyMxrFUju3cp2Y=";
};
propagatedBuildInputs = [
requests
beautifulsoup4
urllib3
html5lib
];
checkInputs = [
pytestCheckHook
requests-mock
];
postPatch = ''
# https://github.com/vanstinator/raincloudy/pull/60
substituteInPlace setup.py \
--replace "bs4" "beautifulsoup4" \
--replace "html5lib==1.0.1" "html5lib"
'';
pythonImportsCheck = [
"raincloudy"
];
disabledTests = [
# Test requires network access
"test_attributes"
];
meta = with lib; {
description = "Module to interact with Melnor RainCloud Smart Garden Watering Irrigation Timer";
homepage = "https://github.com/vanstinator/raincloudy";
license = with licenses; [ asl20 ];
maintainers = with maintainers; [ fab ];
};
}

11
pkgs/development/python-modules/sqlite-utils/default.nix
View file

@ -14,16 +14,21 @@
buildPythonPackage rec {
pname = "sqlite-utils";
version = "3.26";
version = "3.26.1";
format = "setuptools";
disabled = pythonOlder "3.6";
src = fetchPypi {
inherit pname version;
hash = "sha256-G2Fy9PEYtq0dIWhsgV4HZa5y+wLxcI3CYSgDL6ijkdo=";
hash = "sha256-GK/036zijOSi9IWZSFifXrexY8dyo6cfwWyaF06x82c=";
};
postPatch = ''
substituteInPlace setup.py \
--replace "click-default-group-wheel" "click-default-group"
'';
propagatedBuildInputs = [
click
click-default-group
@ -45,6 +50,6 @@ buildPythonPackage rec {
description = "Python CLI utility and library for manipulating SQLite databases";
homepage = "https://github.com/simonw/sqlite-utils";
license = licenses.asl20;
maintainers = with maintainers; [ meatcar ];
maintainers = with maintainers; [ meatcar techknowlogick ];
};
}

18
pkgs/development/tools/flip-link/default.nix
View file

@ -2,23 +2,31 @@
rustPlatform.buildRustPackage rec {
pname = "flip-link";
version = "0.1.4";
version = "0.1.6";
src = fetchFromGitHub {
owner = "knurling-rs";
repo = pname;
rev = "v${version}";
sha256 = "sha256-LE0cWS6sOb9/VvGloezNnePHGldnpfNTdCFUv3F/nwE=";
sha256 = "sha256-Sf2HlAfPlg8Er2g17AnRmUkvRhTw5AVPuL2B92hFvpA=";
};
cargoSha256 = "sha256-8WBMF5stMB4JXvYwa5yHVFV+3utDuMFJNTZ4fZFDftw=";
cargoSha256 = "sha256-2VgsO2hUIvSPNQhR13+bGTxXa6xZXcK0amfiWv2EIxk=";
buildInputs = lib.optional stdenv.isDarwin libiconv;
checkFlags = [
# requires embedded toolchains
"--skip should_link_example_firmware::case_1_normal"
"--skip should_link_example_firmware::case_2_custom_linkerscript"
"--skip should_verify_memory_layout"
];
meta = with lib; {
description = "Adds zero-cost stack overflow protection to your embedded programs";
homepage = "https://github.com/knurling-rs/flip-link";
license = with licenses; [ asl20 mit ];
maintainers = [ maintainers.FlorianFranzen ];
changelog = "https://github.com/knurling-rs/flip-link/blob/v${version}/CHANGELOG.md";
license = with licenses; [ asl20 /* or */ mit ];
maintainers = with maintainers; [ FlorianFranzen newam ];
};
}

8
pkgs/development/tools/protoc-gen-twirp_php/default.nix
View file

@ -2,19 +2,23 @@
buildGoModule rec {
pname = "protoc-gen-twirp_php";
version = "0.8.0";
version = "0.8.1";
# fetchFromGitHub currently not possible, because go.mod and go.sum are export-ignored
src = fetchgit {
url = "https://github.com/twirphp/twirp.git";
rev = "v${version}";
sha256 = "sha256-TaHfyYoWsA/g5xZFxIMNwE1w6Dd9Cq5bp1gpQudYLs0=";
sha256 = "sha256-5PACgKqc8rWqaA6Syj5NyxHm3827yd67tm0mwVSMnWQ=";
};
vendorSha256 = "sha256-qQFlBviRISEnPBt0q5391RqUrPTI/QDxg3MNfwWE8MI=";
subPackages = [ "protoc-gen-twirp_php" ];
ldflags = [
"-X main.version=${version}"
];
meta = with lib; {
description = "PHP port of Twitch's Twirp RPC framework";
homepage = "https://github.com/twirphp/twirp";

22
pkgs/os-specific/linux/bolt/default.nix
View file

@ -13,7 +13,7 @@
, libxml2
, libxslt
, docbook_xml_dtd_45
, docbook_xsl
, docbook-xsl-nons
, glib
, systemd
, polkit
@ -21,39 +21,33 @@
stdenv.mkDerivation rec {
pname = "bolt";
version = "0.9.1";
version = "0.9.2";
src = fetchFromGitLab {
domain = "gitlab.freedesktop.org";
owner = "bolt";
repo = "bolt";
rev = version;
sha256 = "1phgp8fs0dlj74kbkqlvfniwc32daz47b3pvsxlfxqzyrp77xrfm";
sha256 = "eXjj7oD5HOW/AG2uxDa0tSleKmbouFd2fwlL2HHFiMA=";
};
patches = [
# meson install tries to create /var/lib/boltd
./0001-skip-mkdir.patch
# https://github.com/NixOS/nixpkgs/issues/104429
# Test does not work on ZFS with atime disabled.
# Upstream issue: https://gitlab.freedesktop.org/bolt/bolt/-/issues/167
(fetchpatch {
name = "disable-atime-tests.diff";
url = "https://gitlab.freedesktop.org/roberth/bolt/-/commit/1f672a7de2ebc4dd51590bb90f3b873a8ac0f4e6.diff";
sha256 = "134f5s6kjqs6612pwq5pm1miy58crn1kxbyyqhzjnzmf9m57fnc8";
})
# Fix tests with newer umockdev
(fetchpatch {
url = "https://gitlab.freedesktop.org/bolt/bolt/-/commit/130e09d1c7ff02c09e4ad1c9c36e9940b68e58d8.patch";
sha256 = "HycuM7z4VvtBuZZLU68tBxGT1YjaqJRS4sKyoTGHZEk=";
url = "https://gitlab.freedesktop.org/bolt/bolt/-/commit/c2f1d5c40ad71b20507e02faa11037b395fac2f8.diff";
revert = true;
sha256 = "6w7ll65W/CydrWAVi/qgzhrQeDv1PWWShulLxoglF+I=";
})
];
nativeBuildInputs = [
asciidoc
docbook_xml_dtd_45
docbook_xsl
docbook-xsl-nons
libxml2
libxslt
meson

4
pkgs/os-specific/linux/iwd/default.nix
View file

@ -12,12 +12,12 @@
stdenv.mkDerivation rec {
pname = "iwd";
version = "1.26";
version = "1.27";
src = fetchgit {
url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git";
rev = version;
sha256 = "sha256-+BciYfb9++u9Ux4AdvPFFIFVq8j+TVoTLKqxzmn5p3o=";
sha256 = "sha256-gN9+9Cc6zjZBXDhcHBH5wyucO5/vL7bKSLWM5laFqaA=";
};
outputs = [ "out" "man" "doc" ]

71
pkgs/os-specific/linux/power-profiles-daemon/default.nix
View file

@ -8,6 +8,7 @@
, libgudev
, glib
, polkit
, dbus
, gobject-introspection
, gettext
, gtk-doc
@ -29,34 +30,21 @@ let
dbus-python
python-dbusmock
];
testTypelibPath = lib.makeSearchPathOutput "lib" "lib/girepository-1.0" [ umockdev ];
in
stdenv.mkDerivation rec {
pname = "power-profiles-daemon";
version = "0.10.1";
version = "0.11.1";
outputs = [ "out" "devdoc" "installedTests" ];
outputs = [ "out" "devdoc" ];
src = fetchFromGitLab {
domain = "gitlab.freedesktop.org";
owner = "hadess";
repo = "power-profiles-daemon";
rev = version;
sha256 = "sha256-sQWiCHc0kEELdmPq9Qdk7OKDUgbM5R44639feC7gjJc=";
sha256 = "sha256-qU9A9U2R3UioC7bo8Pc0IIsHIjghb6gsG4pTAg6tp9E=";
};
patches = [
# Enable installed tests.
# https://gitlab.freedesktop.org/hadess/power-profiles-daemon/-/merge_requests/92
(fetchpatch {
url = "https://gitlab.freedesktop.org/hadess/power-profiles-daemon/-/commit/3c64d9e1732eb6425e33013c452f1c4aa7a26f7e.patch";
sha256 = "din5VuZZwARNDInHtl44yJK8pLmlxr5eoD4iMT4a8HA=";
})
# Install installed tests to separate output.
./installed-tests-path.patch
];
nativeBuildInputs = [
pkg-config
meson
@ -70,9 +58,6 @@ stdenv.mkDerivation rec {
gobject-introspection
wrapGAppsNoGuiHook
python3.pkgs.wrapPython
# For finding tests.
(python3.withPackages testPythonPkgs)
];
buildInputs = [
@ -91,31 +76,28 @@ stdenv.mkDerivation rec {
python3.pkgs.pygobject3
];
checkInputs = [
umockdev
dbus
(python3.withPackages testPythonPkgs)
];
mesonFlags = [
"-Dinstalled_test_prefix=${placeholder "installedTests"}"
"-Dsystemdsystemunitdir=${placeholder "out"}/lib/systemd/system"
"-Dgtk_doc=true"
];
doCheck = true;
PKG_CONFIG_POLKIT_GOBJECT_1_POLICYDIR = "${placeholder "out"}/share/polkit-1/actions";
# Avoid double wrapping
dontWrapGApps = true;
postPatch = ''
patchShebangs tests/unittest_inspector.py
'';
preConfigure = ''
# For finding tests.
GI_TYPELIB_PATH_original=$GI_TYPELIB_PATH
addToSearchPath GI_TYPELIB_PATH "${testTypelibPath}"
'';
postConfigure = ''
# Restore the original value to prevent the program from depending on umockdev.
export GI_TYPELIB_PATH=$GI_TYPELIB_PATH_original
unset GI_TYPELIB_PATH_original
patchShebangs --build \
tests/integration-test.py \
tests/unittest_inspector.py
'';
preInstall = ''
@ -128,33 +110,22 @@ stdenv.mkDerivation rec {
export PKEXEC_UID=-1
'';
postCheck = ''
# Do not contaminate the wrapper with test dependencies.
unset GI_TYPELIB_PATH
unset XDG_DATA_DIRS
'';
postFixup = ''
# Avoid double wrapping
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
# Make Python libraries available
wrapPythonProgramsIn "$out/bin" "$pythonPath"
# Make Python libraries available for installed tests
makeWrapperArgs+=(
--prefix GI_TYPELIB_PATH : "${testTypelibPath}"
--prefix PATH : "${lib.makeBinPath [ umockdev ]}"
# Vala does not use absolute paths in typelibs
# https://github.com/NixOS/nixpkgs/issues/47226
# Also umockdev binaries use relative paths for LD_PRELOAD.
--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ umockdev ]}"
# dbusmock calls its templates using exec so our regular patching of Python scripts
# to add package directories to site will not carry over.
# https://github.com/martinpitt/python-dbusmock/blob/2254e69279a02fb3027b500ed7288b77c7a80f2a/dbusmock/mockobject.py#L51
# https://github.com/martinpitt/python-dbusmock/blob/2254e69279a02fb3027b500ed7288b77c7a80f2a/dbusmock/__main__.py#L60-L62
--prefix PYTHONPATH : "${lib.makeSearchPath python3.sitePackages (testPythonPkgs python3.pkgs)}"
)
wrapPythonProgramsIn "$installedTests/libexec/installed-tests" "$pythonPath ${lib.concatStringsSep " " (testPythonPkgs python3.pkgs)}"
'';
passthru = {
tests = {
nixos = nixosTests.power-profiles-daemon;
installed-tests = nixosTests.installed-tests.power-profiles-daemon;
};
};

37
pkgs/os-specific/linux/power-profiles-daemon/installed-tests-path.patch
View file

@ -1,37 +0,0 @@
diff --git a/meson_options.txt b/meson_options.txt
index 7e89619..76497db 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -1,3 +1,4 @@
+option('installed_test_prefix', type: 'string', description: 'Prefix for installed tests')
option('systemdsystemunitdir',
description: 'systemd unit directory',
type: 'string',
diff --git a/tests/meson.build b/tests/meson.build
index b306a7f..7670e1b 100644
--- a/tests/meson.build
+++ b/tests/meson.build
@@ -2,8 +2,8 @@ envs = environment()
envs.set ('top_builddir', meson.build_root())
envs.set ('top_srcdir', meson.source_root())
-installed_test_bindir = libexecdir / 'installed-tests' / meson.project_name()
-installed_test_datadir = datadir / 'installed-tests' / meson.project_name()
+installed_test_bindir = get_option('installed_test_prefix') / 'libexec' / 'installed-tests' / meson.project_name()
+installed_test_datadir = get_option('installed_test_prefix') / 'share' / 'installed-tests' / meson.project_name()
python3 = find_program('python3')
unittest_inspector = find_program('unittest_inspector.py')
diff --git a/tests/integration-test.py b/tests/integration-test.py
index 22dc42c..0f92b76 100755
--- a/tests/integration-test.py
+++ b/tests/integration-test.py
@@ -67,7 +67,7 @@ class Tests(dbusmock.DBusTestCase):
print('Testing binaries from JHBuild (%s)' % cls.daemon_path)
else:
cls.daemon_path = None
- with open('/usr/lib/systemd/system/power-profiles-daemon.service') as f:
+ with open('/run/current-system/sw/lib/systemd/system/power-profiles-daemon.service') as f:
for line in f:
if line.startswith('ExecStart='):
cls.daemon_path = line.split('=', 1)[1].strip()

10
pkgs/servers/home-assistant/component-packages.nix
View file

@ -1516,7 +1516,8 @@
pymazda
];
"meater" = ps: with ps; [
]; # missing inputs: meater-python
meater-python
];
"media_extractor" = ps: with ps; [
aiohttp-cors
youtube-dl-light
@ -2121,9 +2122,11 @@
radiotherm
];
"rainbird" = ps: with ps; [
]; # missing inputs: pyrainbird
pyrainbird
];
"raincloud" = ps: with ps; [
]; # missing inputs: raincloudy
raincloudy
];
"rainforest_eagle" = ps: with ps; [
aioeagle
ueagle
@ -3451,6 +3454,7 @@
"manual_mqtt"
"maxcube"
"mazda"
"meater"
"media_player"
"media_source"
"melcloud"

89
pkgs/servers/kanidm/default.nix Normal file
View file

@ -0,0 +1,89 @@
{ stdenv
, lib
, formats
, nixosTests
, rustPlatform
, fetchFromGitHub
, installShellFiles
, pkg-config
, udev
, openssl
, sqlite
, pam
}:
let
arch = if stdenv.isx86_64 then "x86_64" else "generic";
in
rustPlatform.buildRustPackage rec {
pname = "kanidm";
version = "1.1.0-alpha.8";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "v${version}";
sha256 = "sha256-zMtbE6Y9wXFPBqhmiTMJ3m6bLVZl+c6lRY39DWDlJNo=";
};
cargoSha256 = "sha256:1l7xqp457zfd9gfjp6f4lzgadfp6112jbip4irazw4084qwj0z6x";
KANIDM_BUILD_PROFILE = "release_nixos_${arch}";
postPatch =
let
format = (formats.toml { }).generate "${KANIDM_BUILD_PROFILE}.toml";
profile = {
web_ui_pkg_path = "@web_ui_pkg_path@";
cpu_flags = if stdenv.isx86_64 then "x86_64_v1" else "none";
};
in
''
cp ${format profile} profiles/${KANIDM_BUILD_PROFILE}.toml
substituteInPlace profiles/${KANIDM_BUILD_PROFILE}.toml \
--replace '@web_ui_pkg_path@' "$out/ui"
'';
nativeBuildInputs = [
pkg-config
installShellFiles
];
buildInputs = [
udev
openssl
sqlite
pam
];
# Failing tests, probably due to network issues
checkFlags = [
"--skip default_entries"
"--skip oauth2_openid_basic_flow"
"--skip test_server"
"--skip test_cache"
];
preFixup = ''
installShellCompletion --bash $releaseDir/build/completions/*.bash
installShellCompletion --zsh $releaseDir/build/completions/_*
# PAM and NSS need fix library names
mv $out/lib/libnss_kanidm.so $out/lib/libnss_kanidm.so.2
mv $out/lib/libpam_kanidm.so $out/lib/pam_kanidm.so
# We don't compile the wasm-part form source, as there isn't a rustc for
# wasm32-unknown-unknown in nixpkgs yet.
cp -r kanidmd_web_ui/pkg $out/ui
'';
passthru.tests = { inherit (nixosTests) kanidm; };
meta = with lib; {
description = "A simple, secure and fast identity management platform";
homepage = "https://github.com/kanidm/kanidm";
license = licenses.mpl20;
platforms = platforms.linux;
maintainers = with maintainers; [ erictapen Flakebi ];
};
}

15
pkgs/tools/admin/azure-cli/python-packages.nix
View file

@ -226,8 +226,19 @@ let
azure-mgmt-media = overrideAzureMgmtPackage super.azure-mgmt-media "7.0.0" "zip"
"sha256-tF6CpZTtkc1ap6XNXQHwOLesPPEiM+e6K+qqNHeQDo4=";
azure-mgmt-msi = overrideAzureMgmtPackage super.azure-mgmt-msi "0.2.0" "zip"
"0rvik03njz940x2hvqg6iiq8k0d88gyygsr86w8s0sa12sdbq8l6";
azure-mgmt-msi = super.azure-mgmt-msi.overridePythonAttrs (old: rec {
version = "0.2.0";
src = old.src.override {
inherit version;
sha256 = "0rvik03njz940x2hvqg6iiq8k0d88gyygsr86w8s0sa12sdbq8l6";
};
propagatedBuildInputs = with self; [
msrest
msrestazure
azure-common
azure-mgmt-nspkg
];
});
azure-mgmt-privatedns = overrideAzureMgmtPackage super.azure-mgmt-privatedns "1.0.0" "zip"
"b60f16e43f7b291582c5f57bae1b083096d8303e9d9958e2c29227a55cc27c45";

6
pkgs/tools/inputmethods/input-remapper/default.nix
View file

@ -34,9 +34,9 @@
# https://discourse.nixos.org/t/avoid-rec-expresions-in-nixpkgs/8293/7
# The names are prefixed with input_remapper to avoid potential
# collisions with package names
, input_remapper_version ? "unstable-2022-02-09"
, input_remapper_src_rev ? "55227e0b5a28d21d7333c6c8ea1c691e56fd35c4"
, input_remapper_src_hash ? "sha256-kzGlEaYN/JfAgbI0aMLr5mwObYOL43X7QU/ihDEBQFg="
, input_remapper_version ? "1.4.2"
, input_remapper_src_rev ? "af20f87a1298153e765b840a2164ba63b9ef937a"
, input_remapper_src_hash ? "sha256-eG4Fx1z74Bq1HrfmzOuULQLziGdWnHLax8y2dymjWsI="
}:
let

21
pkgs/tools/misc/bsp-layout/default.nix
View file

@ -1,4 +1,11 @@
{ stdenv, fetchFromGitHub, lib, bspwm, makeWrapper, git, bc }:
{ lib
, stdenv
, fetchFromGitHub
, makeWrapper
, git
, bc
, bspwm
}:
stdenv.mkDerivation rec {
pname = "bsp-layout";
@ -17,14 +24,22 @@ stdenv.mkDerivation rec {
makeFlags = [ "PREFIX=$(out)" ];
postInstall = ''
substituteInPlace $out/bin/bsp-layout --replace 'bc ' '${bc}/bin/bc '
substituteInPlace $out/lib/bsp-layout/layout.sh --replace 'bc ' '${bc}/bin/bc '
for layout in tall rtall wide rwide
do
substituteInPlace "$out/lib/bsp-layout/layouts/$layout.sh" --replace 'bc ' '${bc}/bin/bc '
done
'';
meta = with lib; {
description = "Manage layouts in bspwm";
longDescription = ''
bsp-layout is a dynamic layout manager for bspwm, written in bash.
It provides layout options to fit most workflows.
'';
homepage = "https://github.com/phenax/bsp-layout";
license = licenses.mit;
maintainers = with maintainers; [ devins2518 ];
maintainers = with maintainers; [ devins2518 totoroot ];
platforms = platforms.linux;
};
}

15
pkgs/tools/security/ecdsautils/default.nix
View file

@ -1,14 +1,17 @@
{ lib, stdenv, pkgs }:
stdenv.mkDerivation {
version = "0.4.0";
let
pname = "ecdsautils";
version = "0.4.1";
in
stdenv.mkDerivation {
inherit pname version;
src = pkgs.fetchFromGitHub {
owner = "freifunk-gluon";
repo = "ecdsautils";
rev = "07538893fb6c2a9539678c45f9dbbf1e4f222b46";
sha256 = "18sr8x3qiw8s9l5pfi7r9i3ayplz4jqdml75ga9y933vj7vs0k4d";
repo = pname;
rev = "v${version}";
sha256 = "sha256-dv0guQTmot5UO1GkMgzvD6uJFyum5kV89LI3xWS1DZA=";
};
nativeBuildInputs = with pkgs; [ cmake pkg-config doxygen ];
@ -16,7 +19,7 @@ stdenv.mkDerivation {
meta = with lib; {
description = "Tiny collection of programs used for ECDSA (keygen, sign, verify)";
homepage = "https://github.com/tcatm/ecdsautils/";
homepage = "https://github.com/freifunk-gluon/ecdsautils/";
license = with licenses; [ mit bsd2 ];
maintainers = with maintainers; [ ];
platforms = platforms.unix;

10
pkgs/tools/text/sift/default.nix
View file

@ -1,4 +1,4 @@
{ lib, buildGoPackage, fetchFromGitHub }:
{ lib, buildGoPackage, fetchFromGitHub, installShellFiles }:
buildGoPackage rec {
pname = "sift";
@ -7,6 +7,8 @@ buildGoPackage rec {
goPackagePath = "github.com/svent/sift";
nativeBuildInputs = [ installShellFiles ];
src = fetchFromGitHub {
inherit rev;
owner = "svent";
@ -14,12 +16,16 @@ buildGoPackage rec {
sha256 = "0bgy0jf84z1c3msvb60ffj4axayfchdkf0xjnsbx9kad1v10g7i1";
};
postInstall = ''
installShellCompletion --cmd sift --bash go/src/github.com/svent/sift/sift-completion.bash
'';
goDeps = ./deps.nix;
meta = with lib; {
description = "A fast and powerful alternative to grep";
homepage = "https://sift-tool.org";
maintainers = [ maintainers.carlsverre ];
maintainers = with maintainers; [ carlsverre viraptor ];
license = licenses.gpl3;
};
}

5
pkgs/top-level/all-packages.nix
View file

@ -21850,6 +21850,8 @@ with pkgs;
jitsi-videobridge = callPackage ../servers/jitsi-videobridge { };
kanidm = callPackage ../servers/kanidm { };
kapowbang = callPackage ../servers/kapowbang { };
keycloak = callPackage ../servers/keycloak { };
@ -28378,8 +28380,7 @@ with pkgs;
ostinato = libsForQt5.callPackage ../applications/networking/ostinato { };
p4 = callPackage ../applications/version-management/p4 { };
# Broken with Qt5.15 because qtwebkit is broken with it
p4v = libsForQt514.callPackage ../applications/version-management/p4v { };
p4v = libsForQt515.callPackage ../applications/version-management/p4v { };
partio = callPackage ../development/libraries/partio {};

8
pkgs/top-level/python-packages.nix
View file

@ -345,6 +345,8 @@ in {
aiolifx-effects = callPackage ../development/python-modules/aiolifx-effects { };
aiolimiter = callPackage ../development/python-modules/aiolimiter { };
aiolip = callPackage ../development/python-modules/aiolip { };
aiolyric = callPackage ../development/python-modules/aiolyric { };
@ -5168,6 +5170,8 @@ in {
measurement = callPackage ../development/python-modules/measurement { };
meater-python = callPackage ../development/python-modules/meater-python { };
mecab-python3 = callPackage ../development/python-modules/mecab-python3 { };
mechanicalsoup = callPackage ../development/python-modules/mechanicalsoup { };
@ -7700,6 +7704,8 @@ in {
py-radix = callPackage ../development/python-modules/py-radix { };
pyrainbird = callPackage ../development/python-modules/pyrainbird { };
pyramid_beaker = callPackage ../development/python-modules/pyramid_beaker { };
pyramid = callPackage ../development/python-modules/pyramid { };
@ -8820,6 +8826,8 @@ in {
rainbowstream = callPackage ../development/python-modules/rainbowstream { };
raincloudy = callPackage ../development/python-modules/raincloudy { };
ramlfications = callPackage ../development/python-modules/ramlfications { };
random2 = callPackage ../development/python-modules/random2 { };