Loading maintainers/maintainer-list.nix +13 −6 Original line number Diff line number Diff line Loading @@ -10477,6 +10477,13 @@ githubId = 36996706; name = "Philip Rying"; }; ImSapphire = { email = "imsapphire0@gmail.com"; github = "ImSapphire"; githubId = 48931512; name = "Sapphire"; keys = [ { fingerprint = "D303 4473 1843 D27B 5D4E 2273 6429 11AA 4025 C8CC"; } ]; }; imsick = { email = "lent-lather-excuse@duck.com"; github = "dvishal485"; Loading Loading @@ -12713,6 +12720,12 @@ githubId = 8211181; name = "Kevin Kandlbinder"; }; keysmashes = { email = "x-89cjg9@keysmash.solutions"; github = "keysmashes"; githubId = 9433472; name = "ash"; }; kfollesdal = { email = "kfollesdal@gmail.com"; github = "kfollesdal"; Loading Loading @@ -22175,12 +22188,6 @@ githubId = 56278796; name = "Sergio Ribera"; }; sersorrel = { email = "ash@sorrel.sh"; github = "sersorrel"; githubId = 9433472; name = "ash"; }; servalcatty = { email = "servalcat@pm.me"; github = "servalcatty"; nixos/tests/openssh.nix +44 −0 Original line number Diff line number Diff line Loading @@ -35,6 +35,38 @@ import ./make-test-python.nix ( ]; }; server-x11 = { ... }: { environment.systemPackages = [ pkgs.xorg.xauth ]; services.openssh = { enable = true; settings.X11Forwarding = true; }; users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; }; server-x11-disable = { ... }: { environment.systemPackages = [ pkgs.xorg.xauth ]; services.openssh = { enable = true; settings = { X11Forwarding = true; # CVE-2025-32728: the following line is ineffectual DisableForwarding = true; }; }; users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; }; server-allowed-users = { ... }: Loading Loading @@ -240,6 +272,8 @@ import ./make-test-python.nix ( start_all() server.wait_for_unit("sshd", timeout=30) server_x11.wait_for_unit("sshd", timeout=30) server_x11_disable.wait_for_unit("sshd", timeout=30) server_allowed_users.wait_for_unit("sshd", timeout=30) server_localhost_only.wait_for_unit("sshd", timeout=30) server_match_rule.wait_for_unit("sshd", timeout=30) Loading Loading @@ -307,6 +341,16 @@ import ./make-test-python.nix ( timeout=30 ) with subtest("x11-forwarding"): client.succeed( "[ \"$(ssh -Y -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil server-x11 'xauth list' | tee /dev/stderr | wc -l)\" -eq 1 ]", timeout=30 ) client.succeed( "[ \"$(ssh -Y -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil server-x11-disable 'xauth list' | tee /dev/stderr | wc -l)\" -eq 0 ]", timeout=30 ) with subtest("localhost-only"): server_localhost_only.succeed("ss -nlt | grep '127.0.0.1:22'") server_localhost_only_lazy.succeed("ss -nlt | grep '127.0.0.1:22'") Loading pkgs/applications/audio/hushboard/default.nix +1 −1 Original line number Diff line number Diff line Loading @@ -70,6 +70,6 @@ buildPythonApplication { description = "Mute your microphone while typing"; mainProgram = "hushboard"; platforms = platforms.linux; maintainers = with maintainers; [ sersorrel ]; maintainers = with maintainers; [ keysmashes ]; }; } pkgs/applications/editors/vscode/extensions/ms-vscode.cpptools/default.nix +13 −3 Original line number Diff line number Diff line Loading @@ -39,6 +39,7 @@ let gdbDefaultsTo = if gdbUseFixed then "${gdb}/bin/gdb" else "gdb"; isx86Linux = stdenv.hostPlatform.system == "x86_64-linux"; isDarwin = stdenv.hostPlatform.isDarwin; supported = { x86_64-linux = { hash = "sha256-KWr+nfODCRoZq67qwswzbcPW5WMmf9kvRwNFKpjyt4k="; Loading @@ -48,6 +49,10 @@ let hash = "sha256-a6PwlSo3q1hLVx0JDSTwPGfjfk7CtdYCuFccSpPg7U8="; arch = "linux-arm64"; }; aarch64-darwin = { hash = "sha256-B6Dmcbk8Z8qPr/0Xv9GfBxL6+7DaVmYNVRfBY9geCoY="; arch = "darwin-arm64"; }; }; base = Loading @@ -68,13 +73,12 @@ vscode-utils.buildVscodeMarketplaceExtension { buildInputs = [ jq lttng-ust libkrb5 zlib (lib.getLib stdenv.cc.cc) ]; ] ++ lib.optionals stdenv.hostPlatform.isLinux [ lttng-ust ]; dontAutoPatchelf = isx86Linux; dontAutoPatchelf = isx86Linux || isDarwin; postPatch = '' Loading @@ -97,10 +101,15 @@ vscode-utils.buildVscodeMarketplaceExtension { # Patching binaries chmod +x bin/cpptools bin/cpptools-srv bin/cpptools-wordexp debugAdapters/bin/OpenDebugAD7 '' + lib.optionalString stdenv.hostPlatform.isLinux '' patchelf --replace-needed liblttng-ust.so.0 liblttng-ust.so.1 ./debugAdapters/bin/libcoreclrtraceptprovider.so '' + lib.optionalString isx86Linux '' chmod +x bin/libc.so '' + lib.optionalString isDarwin '' chmod +x debugAdapters/lldb-mi/bin/lldb-mi ''; # On aarch64 the binaries are statically linked Loading Loading @@ -128,6 +137,7 @@ vscode-utils.buildVscodeMarketplaceExtension { platforms = [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" ]; sourceProvenance = [ lib.sourceTypes.binaryNativeCode ]; }; Loading pkgs/applications/radio/sdrangel/default.nix +9 −0 Original line number Diff line number Diff line Loading @@ -13,6 +13,7 @@ dsdcc, faad2, fetchFromGitHub, fetchpatch, fftwFloat, flac, glew, Loading Loading @@ -117,6 +118,14 @@ stdenv.mkDerivation (finalAttrs: { ++ lib.optionals stdenv.hostPlatform.isDarwin [ apple-sdk_12 ] ++ lib.optionals withSDRplay [ sdrplay ]; patches = [ # https://github.com/f4exb/sdrangel/pull/2439 (fetchpatch { url = "https://github.com/f4exb/sdrangel/commit/60869b74f96b26e8a173f3f215c2badeaef9a136.patch"; hash = "sha256-Lq9pyissNmLYavLCISga0EWbRwisGnKiz6UYhzxJatc="; }) ]; cmakeFlags = [ "-DAPT_DIR=${aptdec}" "-DDAB_DIR=${dab_lib}" Loading Loading
maintainers/maintainer-list.nix +13 −6 Original line number Diff line number Diff line Loading @@ -10477,6 +10477,13 @@ githubId = 36996706; name = "Philip Rying"; }; ImSapphire = { email = "imsapphire0@gmail.com"; github = "ImSapphire"; githubId = 48931512; name = "Sapphire"; keys = [ { fingerprint = "D303 4473 1843 D27B 5D4E 2273 6429 11AA 4025 C8CC"; } ]; }; imsick = { email = "lent-lather-excuse@duck.com"; github = "dvishal485"; Loading Loading @@ -12713,6 +12720,12 @@ githubId = 8211181; name = "Kevin Kandlbinder"; }; keysmashes = { email = "x-89cjg9@keysmash.solutions"; github = "keysmashes"; githubId = 9433472; name = "ash"; }; kfollesdal = { email = "kfollesdal@gmail.com"; github = "kfollesdal"; Loading Loading @@ -22175,12 +22188,6 @@ githubId = 56278796; name = "Sergio Ribera"; }; sersorrel = { email = "ash@sorrel.sh"; github = "sersorrel"; githubId = 9433472; name = "ash"; }; servalcatty = { email = "servalcat@pm.me"; github = "servalcatty";
nixos/tests/openssh.nix +44 −0 Original line number Diff line number Diff line Loading @@ -35,6 +35,38 @@ import ./make-test-python.nix ( ]; }; server-x11 = { ... }: { environment.systemPackages = [ pkgs.xorg.xauth ]; services.openssh = { enable = true; settings.X11Forwarding = true; }; users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; }; server-x11-disable = { ... }: { environment.systemPackages = [ pkgs.xorg.xauth ]; services.openssh = { enable = true; settings = { X11Forwarding = true; # CVE-2025-32728: the following line is ineffectual DisableForwarding = true; }; }; users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; }; server-allowed-users = { ... }: Loading Loading @@ -240,6 +272,8 @@ import ./make-test-python.nix ( start_all() server.wait_for_unit("sshd", timeout=30) server_x11.wait_for_unit("sshd", timeout=30) server_x11_disable.wait_for_unit("sshd", timeout=30) server_allowed_users.wait_for_unit("sshd", timeout=30) server_localhost_only.wait_for_unit("sshd", timeout=30) server_match_rule.wait_for_unit("sshd", timeout=30) Loading Loading @@ -307,6 +341,16 @@ import ./make-test-python.nix ( timeout=30 ) with subtest("x11-forwarding"): client.succeed( "[ \"$(ssh -Y -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil server-x11 'xauth list' | tee /dev/stderr | wc -l)\" -eq 1 ]", timeout=30 ) client.succeed( "[ \"$(ssh -Y -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil server-x11-disable 'xauth list' | tee /dev/stderr | wc -l)\" -eq 0 ]", timeout=30 ) with subtest("localhost-only"): server_localhost_only.succeed("ss -nlt | grep '127.0.0.1:22'") server_localhost_only_lazy.succeed("ss -nlt | grep '127.0.0.1:22'") Loading
pkgs/applications/audio/hushboard/default.nix +1 −1 Original line number Diff line number Diff line Loading @@ -70,6 +70,6 @@ buildPythonApplication { description = "Mute your microphone while typing"; mainProgram = "hushboard"; platforms = platforms.linux; maintainers = with maintainers; [ sersorrel ]; maintainers = with maintainers; [ keysmashes ]; }; }
pkgs/applications/editors/vscode/extensions/ms-vscode.cpptools/default.nix +13 −3 Original line number Diff line number Diff line Loading @@ -39,6 +39,7 @@ let gdbDefaultsTo = if gdbUseFixed then "${gdb}/bin/gdb" else "gdb"; isx86Linux = stdenv.hostPlatform.system == "x86_64-linux"; isDarwin = stdenv.hostPlatform.isDarwin; supported = { x86_64-linux = { hash = "sha256-KWr+nfODCRoZq67qwswzbcPW5WMmf9kvRwNFKpjyt4k="; Loading @@ -48,6 +49,10 @@ let hash = "sha256-a6PwlSo3q1hLVx0JDSTwPGfjfk7CtdYCuFccSpPg7U8="; arch = "linux-arm64"; }; aarch64-darwin = { hash = "sha256-B6Dmcbk8Z8qPr/0Xv9GfBxL6+7DaVmYNVRfBY9geCoY="; arch = "darwin-arm64"; }; }; base = Loading @@ -68,13 +73,12 @@ vscode-utils.buildVscodeMarketplaceExtension { buildInputs = [ jq lttng-ust libkrb5 zlib (lib.getLib stdenv.cc.cc) ]; ] ++ lib.optionals stdenv.hostPlatform.isLinux [ lttng-ust ]; dontAutoPatchelf = isx86Linux; dontAutoPatchelf = isx86Linux || isDarwin; postPatch = '' Loading @@ -97,10 +101,15 @@ vscode-utils.buildVscodeMarketplaceExtension { # Patching binaries chmod +x bin/cpptools bin/cpptools-srv bin/cpptools-wordexp debugAdapters/bin/OpenDebugAD7 '' + lib.optionalString stdenv.hostPlatform.isLinux '' patchelf --replace-needed liblttng-ust.so.0 liblttng-ust.so.1 ./debugAdapters/bin/libcoreclrtraceptprovider.so '' + lib.optionalString isx86Linux '' chmod +x bin/libc.so '' + lib.optionalString isDarwin '' chmod +x debugAdapters/lldb-mi/bin/lldb-mi ''; # On aarch64 the binaries are statically linked Loading Loading @@ -128,6 +137,7 @@ vscode-utils.buildVscodeMarketplaceExtension { platforms = [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" ]; sourceProvenance = [ lib.sourceTypes.binaryNativeCode ]; }; Loading
pkgs/applications/radio/sdrangel/default.nix +9 −0 Original line number Diff line number Diff line Loading @@ -13,6 +13,7 @@ dsdcc, faad2, fetchFromGitHub, fetchpatch, fftwFloat, flac, glew, Loading Loading @@ -117,6 +118,14 @@ stdenv.mkDerivation (finalAttrs: { ++ lib.optionals stdenv.hostPlatform.isDarwin [ apple-sdk_12 ] ++ lib.optionals withSDRplay [ sdrplay ]; patches = [ # https://github.com/f4exb/sdrangel/pull/2439 (fetchpatch { url = "https://github.com/f4exb/sdrangel/commit/60869b74f96b26e8a173f3f215c2badeaef9a136.patch"; hash = "sha256-Lq9pyissNmLYavLCISga0EWbRwisGnKiz6UYhzxJatc="; }) ]; cmakeFlags = [ "-DAPT_DIR=${aptdec}" "-DDAB_DIR=${dab_lib}" Loading
![nixpkgs-ci[bot]'s avatar](https://secure.gravatar.com/avatar/21d9e4256a026824783d9069d7622ceb22d44398fd318ddfee596c72e5556369?s=48&d=identicon "nixpkgs-ci[bot]")