From d579023fbea74721c50bdbbd7e87b4708473f513 Mon Sep 17 00:00:00 2001
From: Sandro <sandro.jaeckel@gmail.com>
Date: Thu, 23 Nov 2023 11:35:47 +0100
Subject: [PATCH 01/76] nixos/mediawiki: update url option defaultText

(cherry picked from commit 401e56568738cc33456603ab9797e2cabdb314cb)
---
 nixos/modules/services/web-apps/mediawiki.nix | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/nixos/modules/services/web-apps/mediawiki.nix b/nixos/modules/services/web-apps/mediawiki.nix
index ce7bcd94b3f01..e34039708f309 100644
--- a/nixos/modules/services/web-apps/mediawiki.nix
+++ b/nixos/modules/services/web-apps/mediawiki.nix
@@ -230,11 +230,8 @@ in
             "${if hasSSL config.services.nginx.virtualHosts.${cfg.nginx.hostName} then "https" else "http"}://${cfg.nginx.hostName}"
           else
             "http://localhost";
-        defaultText = literalExpression ''
-          if cfg.webserver == "apache" then
-            "''${if cfg.httpd.virtualHost.addSSL || cfg.httpd.virtualHost.forceSSL || cfg.httpd.virtualHost.onlySSL then "https" else "http"}://''${cfg.httpd.virtualHost.hostName}"
-          else
-            "http://localhost";
+        defaultText = ''
+          if "mediawiki uses ssl" then "{"https" else "http"}://''${cfg.hostName}" else "http://localhost";
         '';
         example = "https://wiki.example.org";
         description = lib.mdDoc "URL of the wiki.";

From 89d26b9e2240cfa19f3842b9b9679b0285a190c5 Mon Sep 17 00:00:00 2001
From: annalee <150648636+a-n-n-a-l-e-e@users.noreply.github.com>
Date: Sun, 26 Nov 2023 09:31:01 +0000
Subject: [PATCH 02/76] libxmlxx: code predates c++17, use -std=c++11; fix
 darwin

code from is from 2015
https://download.gnome.org/sources/libxml++/2.40/

(cherry picked from commit 3f13584af6c4074846807fba426bf82f80f47a06)
---
 pkgs/development/libraries/libxmlxx/default.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkgs/development/libraries/libxmlxx/default.nix b/pkgs/development/libraries/libxmlxx/default.nix
index 717ef7c70bdeb..9ec4090f60f0b 100644
--- a/pkgs/development/libraries/libxmlxx/default.nix
+++ b/pkgs/development/libraries/libxmlxx/default.nix
@@ -9,6 +9,11 @@ stdenv.mkDerivation rec {
     sha256 = "1sb3akryklvh2v6m6dihdnbpf1lkx441v972q9hlz1sq6bfspm2a";
   };
 
+  configureFlags = [
+    # remove if library is updated
+    "CXXFLAGS=-std=c++11"
+  ];
+
   outputs = [ "out" "devdoc" ];
 
   nativeBuildInputs = [ pkg-config perl ];

From 0cb6160d8febf762b3af9f347a274f72566d525d Mon Sep 17 00:00:00 2001
From: datafoo <34766150+datafoo@users.noreply.github.com>
Date: Fri, 1 Sep 2023 11:48:51 +0200
Subject: [PATCH 03/76] nixos/syncoid: add possibility to use string type for
 sshKey options

The sshKey options do not need to be a valid path at build time. Using
string instead allow use case when the path is not known at build time
such as when using systemd credentials (e.g. `sshKey =
"\${CREDENTIALS_DIRECTORY}/zfs-replication_ed25519";`).

(cherry picked from commit e98fd99eb3a6c81a18ea9494f684764e75315e8f)
---
 nixos/modules/services/backup/syncoid.nix | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/nixos/modules/services/backup/syncoid.nix b/nixos/modules/services/backup/syncoid.nix
index 1a1df38617b55..f770108295759 100644
--- a/nixos/modules/services/backup/syncoid.nix
+++ b/nixos/modules/services/backup/syncoid.nix
@@ -123,9 +123,7 @@ in
     };
 
     sshKey = mkOption {
-      type = types.nullOr types.path;
-      # Prevent key from being copied to store
-      apply = mapNullable toString;
+      type = with types; nullOr (coercedTo path toString str);
       default = null;
       description = lib.mdDoc ''
         SSH private key file to use to login to the remote system. Can be
@@ -205,9 +203,7 @@ in
           recursive = mkEnableOption (lib.mdDoc ''the transfer of child datasets'');
 
           sshKey = mkOption {
-            type = types.nullOr types.path;
-            # Prevent key from being copied to store
-            apply = mapNullable toString;
+            type = with types; nullOr (coercedTo path toString str);
             description = lib.mdDoc ''
               SSH private key file to use to login to the remote system.
               Defaults to {option}`services.syncoid.sshKey` option.

From 836ef86948668e7a18c8831ed436495e42ae5350 Mon Sep 17 00:00:00 2001
From: adisbladis <adisbladis@gmail.com>
Date: Fri, 24 Nov 2023 16:10:13 +1300
Subject: [PATCH 04/76] lib.attrsets.matchAttrs: Avoid some list allocations
 when walking structure

Benchmarks (`nix-instantiate ./. -A python3`):

- Before:
``` json
{
  "cpuTime": 0.29049500823020935,
  "envs": {
    "bytes": 4484216,
    "elements": 221443,
    "number": 169542
  },
  "gc": {
    "heapSize": 402915328,
    "totalBytes": 53086800
  },
  "list": {
    "bytes": 749424,
    "concats": 4242,
    "elements": 93678
  },
  "nrAvoided": 253991,
  "nrFunctionCalls": 149848,
  "nrLookups": 49612,
  "nrOpUpdateValuesCopied": 1587837,
  "nrOpUpdates": 10104,
  "nrPrimOpCalls": 130356,
  "nrThunks": 358981,
  "sets": {
    "bytes": 30423600,
    "elements": 1859999,
    "number": 41476
  },
  "sizes": {
    "Attr": 16,
    "Bindings": 16,
    "Env": 16,
    "Value": 24
  },
  "symbols": {
    "bytes": 236145,
    "number": 24453
  },
  "values": {
    "bytes": 10502520,
    "number": 437605
  }
}
```

- After:
``` json
{
  "cpuTime": 0.2946169972419739,
  "envs": {
    "bytes": 3315224,
    "elements": 172735,
    "number": 120834
  },
  "gc": {
    "heapSize": 402915328,
    "totalBytes": 48718432
  },
  "list": {
    "bytes": 347568,
    "concats": 4242,
    "elements": 43446
  },
  "nrAvoided": 173252,
  "nrFunctionCalls": 101140,
  "nrLookups": 73595,
  "nrOpUpdateValuesCopied": 1587837,
  "nrOpUpdates": 10104,
  "nrPrimOpCalls": 83067,
  "nrThunks": 304216,
  "sets": {
    "bytes": 29704096,
    "elements": 1831673,
    "number": 24833
  },
  "sizes": {
    "Attr": 16,
    "Bindings": 16,
    "Env": 16,
    "Value": 24
  },
  "symbols": {
    "bytes": 236145,
    "number": 24453
  },
  "values": {
    "bytes": 8961552,
    "number": 373398
  }
}
```

(cherry picked from commit 013a0a1357c446d0a46b4bbd8f68512fd9223257)
---
 lib/attrsets.nix   | 29 ++++++++++++++++++++---------
 lib/tests/misc.nix | 20 ++++++++++++++++++++
 2 files changed, 40 insertions(+), 9 deletions(-)

diff --git a/lib/attrsets.nix b/lib/attrsets.nix
index bf6c90bf1be60..14ce9c2577313 100644
--- a/lib/attrsets.nix
+++ b/lib/attrsets.nix
@@ -883,7 +883,10 @@ rec {
     recursiveUpdateUntil (path: lhs: rhs: !(isAttrs lhs && isAttrs rhs)) lhs rhs;
 
 
-  /* Returns true if the pattern is contained in the set. False otherwise.
+  /*
+    Recurse into every attribute set of the first argument and check that:
+    - Each attribute path also exists in the second argument.
+    - If the attribute's value is not a nested attribute set, it must have the same value in the right argument.
 
      Example:
        matchAttrs { cpu = {}; } { cpu = { bits = 64; }; }
@@ -895,16 +898,24 @@ rec {
   matchAttrs =
     # Attribute set structure to match
     pattern:
-    # Attribute set to find patterns in
+    # Attribute set to check
     attrs:
     assert isAttrs pattern;
-    all id (attrValues (zipAttrsWithNames (attrNames pattern) (n: values:
-      let pat = head values; val = elemAt values 1; in
-      if length values == 1 then false
-      else if isAttrs pat then isAttrs val && matchAttrs pat val
-      else pat == val
-    ) [pattern attrs]));
-
+    all
+    ( # Compare equality between `pattern` & `attrs`.
+      attr:
+      # Missing attr, not equal.
+      attrs ? ${attr} && (
+        let
+          lhs = pattern.${attr};
+          rhs = attrs.${attr};
+        in
+        # If attrset check recursively
+        if isAttrs lhs then isAttrs rhs && matchAttrs lhs rhs
+        else lhs == rhs
+      )
+    )
+    (attrNames pattern);
 
   /* Override only the attributes that are already present in the old set
     useful for deep-overriding.
diff --git a/lib/tests/misc.nix b/lib/tests/misc.nix
index 8f4a37149d92c..9f1fee2ba2341 100644
--- a/lib/tests/misc.nix
+++ b/lib/tests/misc.nix
@@ -831,6 +831,26 @@ runTests {
     };
   };
 
+  testMatchAttrsMatchingExact = {
+    expr = matchAttrs { cpu = { bits = 64; }; } { cpu = { bits = 64; }; };
+    expected = true;
+  };
+
+  testMatchAttrsMismatch = {
+    expr = matchAttrs { cpu = { bits = 128; }; } { cpu = { bits = 64; }; };
+    expected = false;
+  };
+
+  testMatchAttrsMatchingImplicit = {
+    expr = matchAttrs { cpu = { }; } { cpu = { bits = 64; }; };
+    expected = true;
+  };
+
+  testMatchAttrsMissingAttrs = {
+    expr = matchAttrs { cpu = {}; } { };
+    expected = false;
+  };
+
   testOverrideExistingEmpty = {
     expr = overrideExisting {} { a = 1; };
     expected = {};

From f5ce0365ec19de3a3daac5cd061a556ed3575b8f Mon Sep 17 00:00:00 2001
From: hulr <>
Date: Thu, 23 Nov 2023 21:42:17 +0100
Subject: [PATCH 05/76] python3Packages.pytest-testinfra: 9.0.0 -> 10.0.0

(cherry picked from commit b88b9a4700174359f2623f7e195ba372a68cd60b)
---
 .../python-modules/pytest-testinfra/default.nix        | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pkgs/development/python-modules/pytest-testinfra/default.nix b/pkgs/development/python-modules/pytest-testinfra/default.nix
index df1ae78c8612b..3f2cbf8d874ae 100644
--- a/pkgs/development/python-modules/pytest-testinfra/default.nix
+++ b/pkgs/development/python-modules/pytest-testinfra/default.nix
@@ -1,7 +1,7 @@
 { lib
 , buildPythonPackage
 , fetchPypi
-, pythonAtLeast
+, pythonOlder
 , setuptools-scm
 , ansible-core
 , paramiko
@@ -13,11 +13,11 @@
 
 buildPythonPackage rec {
   pname = "pytest-testinfra";
-  version = "9.0.0";
+  version = "10.0.0";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-UxGzaeBUaSD85GTDv5RbVevnWhJ1aPbWFelLiJE0AUk=";
+    hash = "sha256-L7fQGFRYqbpmn/FNDdvsizkAxr3j+2+tmwlzdM5Kt30=";
   };
 
   nativeBuildInputs = [
@@ -52,8 +52,8 @@ buildPythonPackage rec {
     "test_user_connection"
     "test_sudo"
     "test_docker_encoding"
-  ] ++ lib.optionals (pythonAtLeast "3.11") [
-    # broken because salt package only built for python 3.10
+  ] ++ lib.optionals (pythonOlder "3.11") [
+    # broken because salt package only built for python 3.11
     "test_backend_importables"
   ];
 

From 922bb090dc0b0b20986b972116e6d0a0fa493005 Mon Sep 17 00:00:00 2001
From: "R. Ryantm" <ryantm-bot@ryantm.com>
Date: Fri, 23 Jun 2023 20:58:20 +0000
Subject: [PATCH 06/76] dconf2nix: 0.0.12 -> 0.1.1

(cherry picked from commit c502300eccc097603a46e57869ee988e77ab3b4d)
---
 pkgs/development/tools/haskell/dconf2nix/dconf2nix.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/tools/haskell/dconf2nix/dconf2nix.nix b/pkgs/development/tools/haskell/dconf2nix/dconf2nix.nix
index 66341d2c8c507..eae92da192673 100644
--- a/pkgs/development/tools/haskell/dconf2nix/dconf2nix.nix
+++ b/pkgs/development/tools/haskell/dconf2nix/dconf2nix.nix
@@ -3,11 +3,11 @@
 }:
 mkDerivation {
   pname = "dconf2nix";
-  version = "0.0.12";
+  version = "0.1.1";
   src = fetchgit {
     url = "https://github.com/gvolpe/dconf2nix.git";
-    sha256 = "0cy47g6ksxf7p0qnzljg0c5dv65r79krkzw6iasivv8czc2lv8sc";
-    rev = "101e102c6a3aa79d1787e2ae77fa3379153d29f8";
+    sha256 = "0frqnq7ryr4gvkbb67n0615d9h1blps2kp55ic05n7wxyh26adgz";
+    rev = "2fc3b0dfbbce9f1ea2ee89f3689a7cb95b33b63f";
     fetchSubmodules = true;
   };
   isLibrary = true;

From 190bba9e0db58d3545fb3cba604849e27e13e5a0 Mon Sep 17 00:00:00 2001
From: annalee <150648636+a-n-n-a-l-e-e@users.noreply.github.com>
Date: Tue, 28 Nov 2023 08:39:32 +0000
Subject: [PATCH 07/76] python311Packages.gentools: switch to pyproject; fix
 build

(cherry picked from commit 6d2cb963287f8bca8c1f5b6feaa2669372fb9d7d)
---
 .../python-modules/gentools/default.nix       | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/pkgs/development/python-modules/gentools/default.nix b/pkgs/development/python-modules/gentools/default.nix
index c53dd68fb815a..ce247e60ec921 100644
--- a/pkgs/development/python-modules/gentools/default.nix
+++ b/pkgs/development/python-modules/gentools/default.nix
@@ -1,10 +1,17 @@
-{ buildPythonPackage, lib, fetchFromGitHub, pytest
-, typing ? null, funcsigs ? null, pythonOlder
+{ lib
+, buildPythonPackage
+, fetchFromGitHub
+, poetry-core
+, pytestCheckHook
+, pythonOlder
+, typing ? null
+, funcsigs ? null
 }:
 
 buildPythonPackage rec {
   pname = "gentools";
   version = "1.2.1";
+  pyproject = true;
 
   # Pypi doesn't ship the tests, so we fetch directly from GitHub
   src = fetchFromGitHub {
@@ -14,12 +21,15 @@ buildPythonPackage rec {
     sha256 = "sha256-RBUIji3FOIRjfp4t7zBAVSeiWaYufz4ID8nTWmhDkf8=";
   };
 
+  nativeBuildInputs = [ poetry-core ];
+
   propagatedBuildInputs =
     lib.optionals (pythonOlder "3.5") [ typing ] ++
     lib.optionals (pythonOlder "3.4") [ funcsigs ];
 
-  nativeCheckInputs = [ pytest ];
-  checkPhase = "pytest";
+  nativeCheckInputs = [ pytestCheckHook ];
+
+  pythonImportCheck = [ "gentools" ];
 
   meta = with lib; {
     description = "Tools for generators, generator functions, and generator-based coroutines";
@@ -27,5 +37,4 @@ buildPythonPackage rec {
     homepage = "https://gentools.readthedocs.io/";
     maintainers = with maintainers; [ mredaelli ];
   };
-
 }

From f2448398e1c3af2ba73926f89acfc31aa6c14c27 Mon Sep 17 00:00:00 2001
From: Fabian Affolter <mail@fabian-affolter.ch>
Date: Tue, 28 Nov 2023 10:04:15 +0100
Subject: [PATCH 08/76] python311Packages.gentools: add changelog to meta

(cherry picked from commit 2a5388a54e6dad4828647c53c180d69df7683605)
---
 pkgs/development/python-modules/gentools/default.nix | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkgs/development/python-modules/gentools/default.nix b/pkgs/development/python-modules/gentools/default.nix
index ce247e60ec921..8fbf4a788fe9f 100644
--- a/pkgs/development/python-modules/gentools/default.nix
+++ b/pkgs/development/python-modules/gentools/default.nix
@@ -13,12 +13,11 @@ buildPythonPackage rec {
   version = "1.2.1";
   pyproject = true;
 
-  # Pypi doesn't ship the tests, so we fetch directly from GitHub
   src = fetchFromGitHub {
     owner = "ariebovenberg";
-    repo = pname;
+    repo = "gentools";
     rev = "refs/tags/v${version}";
-    sha256 = "sha256-RBUIji3FOIRjfp4t7zBAVSeiWaYufz4ID8nTWmhDkf8=";
+    hash = "sha256-RBUIji3FOIRjfp4t7zBAVSeiWaYufz4ID8nTWmhDkf8=";
   };
 
   nativeBuildInputs = [ poetry-core ];
@@ -33,8 +32,9 @@ buildPythonPackage rec {
 
   meta = with lib; {
     description = "Tools for generators, generator functions, and generator-based coroutines";
-    license = licenses.mit;
     homepage = "https://gentools.readthedocs.io/";
+    changelog = "https://github.com/ariebovenberg/gentools/blob/v${version}/CHANGELOG.rst";
+    license = licenses.mit;
     maintainers = with maintainers; [ mredaelli ];
   };
 }

From 3cc5e9a9b92cbc9208e5be1eecfa2b249dae7fbb Mon Sep 17 00:00:00 2001
From: Fabian Affolter <mail@fabian-affolter.ch>
Date: Tue, 28 Nov 2023 10:07:27 +0100
Subject: [PATCH 09/76] python311Packages.gentools: adjust inputs

- disable on unsupported Python releases

(cherry picked from commit f3c44905d8f10582ca81dfff509705e3c961c796)
---
 .../python-modules/gentools/default.nix       | 23 ++++++++++++-------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/pkgs/development/python-modules/gentools/default.nix b/pkgs/development/python-modules/gentools/default.nix
index 8fbf4a788fe9f..6d2ae215eafac 100644
--- a/pkgs/development/python-modules/gentools/default.nix
+++ b/pkgs/development/python-modules/gentools/default.nix
@@ -1,11 +1,10 @@
 { lib
 , buildPythonPackage
 , fetchFromGitHub
+, importlib-metadata
 , poetry-core
 , pytestCheckHook
 , pythonOlder
-, typing ? null
-, funcsigs ? null
 }:
 
 buildPythonPackage rec {
@@ -13,6 +12,8 @@ buildPythonPackage rec {
   version = "1.2.1";
   pyproject = true;
 
+  disabled = pythonOlder "3.7";
+
   src = fetchFromGitHub {
     owner = "ariebovenberg";
     repo = "gentools";
@@ -20,15 +21,21 @@ buildPythonPackage rec {
     hash = "sha256-RBUIji3FOIRjfp4t7zBAVSeiWaYufz4ID8nTWmhDkf8=";
   };
 
-  nativeBuildInputs = [ poetry-core ];
+  nativeBuildInputs = [
+    poetry-core
+  ];
 
-  propagatedBuildInputs =
-    lib.optionals (pythonOlder "3.5") [ typing ] ++
-    lib.optionals (pythonOlder "3.4") [ funcsigs ];
+  propagatedBuildInputs = lib.optionals (pythonOlder "3.8") [
+    importlib-metadata
+  ];
 
-  nativeCheckInputs = [ pytestCheckHook ];
+  nativeCheckInputs = [
+    pytestCheckHook
+  ];
 
-  pythonImportCheck = [ "gentools" ];
+  pythonImportCheck = [
+    "gentools"
+  ];
 
   meta = with lib; {
     description = "Tools for generators, generator functions, and generator-based coroutines";

From fb428b90c7f56a1df6067bb84bb573e6a22b356a Mon Sep 17 00:00:00 2001
From: "R. Ryantm" <ryantm-bot@ryantm.com>
Date: Sat, 11 Nov 2023 07:59:26 +0000
Subject: [PATCH 10/76] sftpgo: 2.5.4 -> 2.5.5

(cherry picked from commit 4ad5678a8e92b6d993f03a39070ab463084ba5d7)
---
 pkgs/servers/sftpgo/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/servers/sftpgo/default.nix b/pkgs/servers/sftpgo/default.nix
index 1aa4323cda6f2..95e55c0edbb5d 100644
--- a/pkgs/servers/sftpgo/default.nix
+++ b/pkgs/servers/sftpgo/default.nix
@@ -7,16 +7,16 @@
 
 buildGoModule rec {
   pname = "sftpgo";
-  version = "2.5.4";
+  version = "2.5.5";
 
   src = fetchFromGitHub {
     owner = "drakkan";
     repo = "sftpgo";
     rev = "refs/tags/v${version}";
-    hash = "sha256-Xhu7QNPox0i6UuunRF1APYqdLrrlW0nR2BjzsABBnCw=";
+    hash = "sha256-SW+8Lp2NNW2I1BoOGVRzIx+1+DsffxlmHf8xFCxTyNw=";
   };
 
-  vendorHash = "sha256-XAfGNRHXLGzvZ5E397CNVx9VuSa///yoX49hwQKuAA4=";
+  vendorHash = "sha256-IQg50z+X0dUOk2zEiGejywEE+8SCtS3mdgUAxIddcQs=";
 
   ldflags = [
     "-s"

From 42d2ec6b04eda050b0d8c7c537b8e13b71be623d Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Sun, 19 Nov 2023 20:56:15 +0100
Subject: [PATCH 11/76] darwin.linux-builder: Disable evaluation

A remote builder does not need to evaluate anything, so let's trim
it down to (eventually) save some space, and make the purpose of
the builder clear.

Users should evaluate on the host instead.

(cherry picked from commit 66b29137978dcca809ffdfba8d9d7d7f7f6a114b)
---
 nixos/modules/profiles/macos-builder.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/nixos/modules/profiles/macos-builder.nix b/nixos/modules/profiles/macos-builder.nix
index d48afed18f7ea..5454b29f2eb9f 100644
--- a/nixos/modules/profiles/macos-builder.nix
+++ b/nixos/modules/profiles/macos-builder.nix
@@ -103,6 +103,16 @@ in
     # server that QEMU provides (normally 10.0.2.3)
     networking.nameservers = [ "8.8.8.8" ];
 
+    # The linux builder is a lightweight VM for remote building; not evaluation.
+    nix.channel.enable = false;
+    # remote builder uses `nix-daemon` (ssh-ng:) or `nix-store --serve` (ssh:)
+    # --force: do not complain when missing
+    # TODO: install a store-only nix
+    #       https://github.com/NixOS/rfcs/blob/master/rfcs/0134-nix-store-layer.md#detailed-design
+    environment.extraSetup = ''
+      rm --force $out/bin/{nix-instantiate,nix-build,nix-shell,nix-prefetch*,nix}
+    '';
+
     nix.settings = {
       auto-optimise-store = true;
 

From 61609b59eeadd08716feef795f74cf980bf401d1 Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Sun, 19 Nov 2023 21:21:16 +0100
Subject: [PATCH 12/76] nixos/system.disableInstallerTools: Do define options
 without effect

These won't cause anything to appear in toplevel.

(cherry picked from commit 64b587e3e22dc078cd4c73d2d8f5331d8321ae65)
---
 nixos/modules/installer/tools/tools.nix | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/nixos/modules/installer/tools/tools.nix b/nixos/modules/installer/tools/tools.nix
index 15e10128ac9a4..9ccc76a82c95a 100644
--- a/nixos/modules/installer/tools/tools.nix
+++ b/nixos/modules/installer/tools/tools.nix
@@ -130,7 +130,7 @@ in
     '';
   };
 
-  config = lib.mkIf (config.nix.enable && !config.system.disableInstallerTools) {
+  config = lib.mkMerge [ (lib.mkIf (config.nix.enable && !config.system.disableInstallerTools) {
 
     system.nixos-generate-config.configuration = mkDefault ''
       # Edit this configuration file to define what should be installed on
@@ -257,10 +257,13 @@ in
 
     documentation.man.man-db.skipPackages = [ nixos-version ];
 
+  })
+
+  # These may be used in auxiliary scripts (ie not part of toplevel), so they are defined unconditionally.
+  ({
     system.build = {
       inherit nixos-install nixos-generate-config nixos-option nixos-rebuild nixos-enter;
     };
-
-  };
+  })];
 
 }

From 33831fc31bf018431e9074b355ade54b3090540e Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Sun, 19 Nov 2023 21:24:27 +0100
Subject: [PATCH 13/76] darwin.linux-builder: Disable installer tools

(cherry picked from commit f3e9d7f84bfc569b5bf85c43d1b25d8770b0d7b4)
---
 nixos/modules/profiles/macos-builder.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/nixos/modules/profiles/macos-builder.nix b/nixos/modules/profiles/macos-builder.nix
index 5454b29f2eb9f..6c2602881d6b5 100644
--- a/nixos/modules/profiles/macos-builder.nix
+++ b/nixos/modules/profiles/macos-builder.nix
@@ -112,6 +112,9 @@ in
     environment.extraSetup = ''
       rm --force $out/bin/{nix-instantiate,nix-build,nix-shell,nix-prefetch*,nix}
     '';
+    # Deployment is by image.
+    # TODO system.switch.enable = false;?
+    system.disableInstallerTools = true;
 
     nix.settings = {
       auto-optimise-store = true;

From 74608f93b82f9077654d666cd7d7d84dc792aef6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bastian=20K=C3=B6cher?= <info@kchr.de>
Date: Tue, 28 Nov 2023 20:37:23 +0100
Subject: [PATCH 14/76] firefox: Adds patch for systems without a default page
 size

This patch ensures that firefox is not crashing when running Nixos on MX
Apple machines. (using Asahi Linux)

(cherry picked from commit 1d8c5b758677aca927950e52156af2cd1c438597)
---
 .../networking/browsers/firefox/packages.nix           | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix
index 2d08f391d283f..63368119ffed8 100644
--- a/pkgs/applications/networking/browsers/firefox/packages.nix
+++ b/pkgs/applications/networking/browsers/firefox/packages.nix
@@ -9,6 +9,16 @@
       sha512 = "31d5f9e1d4173280c8de6d9b8551bc6bba5e2c49b84f944f50d42002d5b39c2fb743bc130f26c81160388a102b8301b94a0a378ecdfa6f943860f971a860df8c";
     };
 
+    extraPatches = [
+      (fetchpatch {
+        # Do not crash on systems without an expected statically assumed page size.
+        # https://phabricator.services.mozilla.com/D194458
+        name = "mozbz1866025.patch";
+        url = "https://hg.mozilla.org/mozilla-central/raw-rev/42c80086da4468f407648f2f57a7222aab2e9951";
+        hash = "sha256-cWOyvjIPUU1tavPRqg61xJ53XE4EJTdsFzadfVxyTyM=";
+      })
+    ];
+
     meta = {
       changelog = "https://www.mozilla.org/en-US/firefox/${version}/releasenotes/";
       description = "A web browser built from Firefox source tree";

From 0395c08ab70da189b08c796ebe318fffb0d00922 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Fri, 24 Nov 2023 01:21:48 +0100
Subject: [PATCH 15/76] nextcloud26: 26.0.8 -> 26.0.9

(cherry picked from commit 2fd8e3361591e34697948411d8ab303302e93d7b)
---
 pkgs/servers/nextcloud/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/nextcloud/default.nix b/pkgs/servers/nextcloud/default.nix
index 6cfecd47a92c0..038773bdf5268 100644
--- a/pkgs/servers/nextcloud/default.nix
+++ b/pkgs/servers/nextcloud/default.nix
@@ -54,8 +54,8 @@ in {
   '';
 
   nextcloud26 = generic {
-    version = "26.0.8";
-    hash = "sha256-ydCay0RuM2AZYIKRM/jzdutvJ5pN73CCF/xxWBiSiH8=";
+    version = "26.0.9";
+    hash = "sha256-nVD8a+jjZXyfXrhEj6Fleofh2p5uq0DvYlXSNTMNiIE=";
     packages = nextcloud26Packages;
   };
 

From a5c47714b5a9bc97ee09d4ad7b12f4418a63d76e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Fri, 24 Nov 2023 01:21:58 +0100
Subject: [PATCH 16/76] nextcloud27: 27.1.3 -> 27.1.4

(cherry picked from commit 2070d4b56584d6a0c453da6964b6f5c45c54b6fe)
---
 pkgs/servers/nextcloud/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/nextcloud/default.nix b/pkgs/servers/nextcloud/default.nix
index 038773bdf5268..b5e1a94b129ec 100644
--- a/pkgs/servers/nextcloud/default.nix
+++ b/pkgs/servers/nextcloud/default.nix
@@ -60,8 +60,8 @@ in {
   };
 
   nextcloud27 = generic {
-    version = "27.1.3";
-    hash = "sha256-HWFJNSReSjdbSsmRwC8yNZK3U5cvhviHY/2A7X0nV5M=";
+    version = "27.1.4";
+    hash = "sha256-vsZfIWa4LJMDuvR2weQk9xqhltrQEP/kwMOdA5kNWUw=";
     packages = nextcloud27Packages;
   };
 

From c1471f4d2026425b988c4cec76f9bbca7ce245f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Fri, 24 Nov 2023 01:22:09 +0100
Subject: [PATCH 17/76] nextcloud26Packages: regen

(cherry picked from commit 8da1d68e33ac99be880f95ba4f24e9d75f7d21f8)
---
 pkgs/servers/nextcloud/packages/26.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/servers/nextcloud/packages/26.json b/pkgs/servers/nextcloud/packages/26.json
index 82d03843ad9a8..2226ca99f8c7a 100644
--- a/pkgs/servers/nextcloud/packages/26.json
+++ b/pkgs/servers/nextcloud/packages/26.json
@@ -240,9 +240,9 @@
     ]
   },
   "spreed": {
-    "sha256": "06cixw0bbmz20fybdqq192bk11xraaaplqybbxa0xjs3x6pcw1na",
-    "url": "https://github.com/nextcloud-releases/spreed/releases/download/v16.0.7/spreed-v16.0.7.tar.gz",
-    "version": "16.0.7",
+    "sha256": "1fm80hqrqan4w1jd896x2j0pav56xd55bcljmpqliyirylayni9x",
+    "url": "https://github.com/nextcloud-releases/spreed/releases/download/v16.0.8/spreed-v16.0.8.tar.gz",
+    "version": "16.0.8",
     "description": "Chat, video & audio-conferencing using WebRTC\n\n* 💬 **Chat integration!** Nextcloud Talk comes with a simple text chat. Allowing you to share files from your Nextcloud and mentioning other participants.\n* 👥 **Private, group, public and password protected calls!** Just invite somebody, a whole group or send a public link to invite to a call.\n* 💻 **Screen sharing!** Share your screen with participants of your call. You just need to use Firefox version 66 (or newer), latest Edge or Chrome 72 (or newer, also possible using Chrome 49 with this [Chrome extension](https://chrome.google.com/webstore/detail/screensharing-for-nextclo/kepnpjhambipllfmgmbapncekcmabkol)).\n* 🚀 **Integration with other Nextcloud apps** like Files, Contacts and Deck. More to come.\n\nAnd in the works for the [coming versions](https://github.com/nextcloud/spreed/milestones/):\n* ✋ [Federated calls](https://github.com/nextcloud/spreed/issues/21), to call people on other Nextclouds",
     "homepage": "https://github.com/nextcloud/spreed",
     "licenses": [

From 0fd7221b808d78a6a4192dff169acdec7199ee73 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Fri, 24 Nov 2023 01:22:21 +0100
Subject: [PATCH 18/76] nextcloud27Packages: regen

(cherry picked from commit b0f478b86138bf0003c126da67ddec9fed080b4f)
---
 pkgs/servers/nextcloud/packages/27.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/servers/nextcloud/packages/27.json b/pkgs/servers/nextcloud/packages/27.json
index 6ecb1f3f522bc..a16881240b422 100644
--- a/pkgs/servers/nextcloud/packages/27.json
+++ b/pkgs/servers/nextcloud/packages/27.json
@@ -240,9 +240,9 @@
     ]
   },
   "spreed": {
-    "sha256": "1hbgnz0zbhka82csh4rkr1p7zrgbc8wiznqmzh4w1q3d9pz47xis",
-    "url": "https://github.com/nextcloud-releases/spreed/releases/download/v17.1.2/spreed-v17.1.2.tar.gz",
-    "version": "17.1.2",
+    "sha256": "1mgihmaajksi78xm78x95lqbj4apzkiwhg1lf6awwyhla5rlfhsa",
+    "url": "https://github.com/nextcloud-releases/spreed/releases/download/v17.1.3/spreed-v17.1.3.tar.gz",
+    "version": "17.1.3",
     "description": "Chat, video & audio-conferencing using WebRTC\n\n* 💬 **Chat integration!** Nextcloud Talk comes with a simple text chat. Allowing you to share files from your Nextcloud and mentioning other participants.\n* 👥 **Private, group, public and password protected calls!** Just invite somebody, a whole group or send a public link to invite to a call.\n* 💻 **Screen sharing!** Share your screen with participants of your call. You just need to use Firefox version 66 (or newer), latest Edge or Chrome 72 (or newer, also possible using Chrome 49 with this [Chrome extension](https://chrome.google.com/webstore/detail/screensharing-for-nextclo/kepnpjhambipllfmgmbapncekcmabkol)).\n* 🚀 **Integration with other Nextcloud apps** like Files, Contacts and Deck. More to come.\n\nAnd in the works for the [coming versions](https://github.com/nextcloud/spreed/milestones/):\n* ✋ [Federated calls](https://github.com/nextcloud/spreed/issues/21), to call people on other Nextclouds",
     "homepage": "https://github.com/nextcloud/spreed",
     "licenses": [

From 50740a4dae266a282b55e0c29f2f7d9b63692128 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Sat, 25 Nov 2023 22:58:06 +0100
Subject: [PATCH 19/76] nixos/tests/nextcloud: fix
 with-declarative-redis-and-secrets test

(cherry picked from commit 79e3ab84dd10e448b06f2af7a5b322c03932a9d9)
---
 .../nextcloud/with-declarative-redis-and-secrets.nix | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/nixos/tests/nextcloud/with-declarative-redis-and-secrets.nix b/nixos/tests/nextcloud/with-declarative-redis-and-secrets.nix
index e638f2e5b861f..addc898bd7602 100644
--- a/nixos/tests/nextcloud/with-declarative-redis-and-secrets.nix
+++ b/nixos/tests/nextcloud/with-declarative-redis-and-secrets.nix
@@ -41,10 +41,13 @@ in {
         };
         secretFile = "/etc/nextcloud-secrets.json";
 
-        extraOptions.redis = {
-          dbindex = 0;
-          timeout = 1.5;
-          # password handled via secretfile below
+        extraOptions = {
+          allow_local_remote_servers = true;
+          redis = {
+            dbindex = 0;
+            timeout = 1.5;
+            # password handled via secretfile below
+          };
         };
         configureRedis = true;
       };
@@ -62,6 +65,7 @@ in {
 
       services.postgresql = {
         enable = true;
+        package = pkgs.postgresql_14;
       };
       systemd.services.postgresql.postStart = pkgs.lib.mkAfter ''
         password=$(cat ${passFile})

From a7a418b99f6b1848f1ee18628171e18d9a57f254 Mon Sep 17 00:00:00 2001
From: Emily Trau <emily@downunderctf.com>
Date: Wed, 29 Nov 2023 14:11:46 +1100
Subject: [PATCH 20/76] readline63: fix clang build

(cherry picked from commit d6d41d403c9821f863914a7903d778ca6264c84f)
---
 pkgs/development/libraries/readline/6.3.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkgs/development/libraries/readline/6.3.nix b/pkgs/development/libraries/readline/6.3.nix
index 853078b5561c2..aff16c3e4184d 100644
--- a/pkgs/development/libraries/readline/6.3.nix
+++ b/pkgs/development/libraries/readline/6.3.nix
@@ -34,6 +34,10 @@ stdenv.mkDerivation {
      in
        import ./readline-6.3-patches.nix patch);
 
+  env = lib.optionalAttrs stdenv.cc.isClang {
+    NIX_CFLAGS_COMPILE = "-Wno-error=implicit-function-declaration";
+  };
+
   meta = with lib; {
     description = "Library for interactive line editing";
 

From e354a7fb493799c82b5e66209973ccb84da579e6 Mon Sep 17 00:00:00 2001
From: natsukium <tomoya.otabi@gmail.com>
Date: Tue, 28 Nov 2023 23:23:16 +0900
Subject: [PATCH 21/76] python311Packages.afdko: fix build on clang

(cherry picked from commit fa1309bae91d1ee0e09258b4a303e328ab456dc0)
---
 pkgs/development/python-modules/afdko/default.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkgs/development/python-modules/afdko/default.nix b/pkgs/development/python-modules/afdko/default.nix
index a821e9d878903..556261277ea09 100644
--- a/pkgs/development/python-modules/afdko/default.nix
+++ b/pkgs/development/python-modules/afdko/default.nix
@@ -64,6 +64,11 @@ buildPythonPackage rec {
     ./use-dynamic-system-antlr4-runtime.patch
   ];
 
+  env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.cc.isClang (toString [
+    "-Wno-error=incompatible-function-pointer-types"
+    "-Wno-error=int-conversion"
+  ]);
+
   # setup.py will always (re-)execute cmake in buildPhase
   dontConfigure = true;
 

From 63a781147b917ddbc131be0f4f3a5917407973b6 Mon Sep 17 00:00:00 2001
From: Matthias Beyer <mail@beyermatthias.de>
Date: Wed, 29 Nov 2023 12:03:10 +0100
Subject: [PATCH 22/76] zellij: 0.39.1 -> 0.39.2

Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
(cherry picked from commit 0e1eccf34c43d125af2cedffd7383ad9445c9b77)
---
 pkgs/tools/misc/zellij/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/tools/misc/zellij/default.nix b/pkgs/tools/misc/zellij/default.nix
index 624fa1d15d5df..160bb2bab62d4 100644
--- a/pkgs/tools/misc/zellij/default.nix
+++ b/pkgs/tools/misc/zellij/default.nix
@@ -16,16 +16,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "zellij";
-  version = "0.39.1";
+  version = "0.39.2";
 
   src = fetchFromGitHub {
     owner = "zellij-org";
     repo = "zellij";
     rev = "v${version}";
-    hash = "sha256-nT4P/ZlquJz48T8LCRQd5menL8vtGMBSUgZNJYx0Pn4=";
+    hash = "sha256-FSLbRfxSWY0a9H9iHT3oQ2SXwB70AwyH0Cm8sDZGaUk=";
   };
 
-  cargoHash = "sha256-jp3FS+sEvQY0DtVPCkJjAZlEc2bJOiA20+Pdt//yat4=";
+  cargoHash = "sha256-a5dFtK5czOGqE6mKeeI0kkY2da1kS3IRZ1NTluZ9Syc=";
 
   nativeBuildInputs = [
     mandown

From 47d2185b5fa95c646b3c5bc2b78da3df3d441cc2 Mon Sep 17 00:00:00 2001
From: Frank Lanitz <frank@frank.uvena.de>
Date: Mon, 20 Nov 2023 13:08:46 +0100
Subject: [PATCH 23/76] homebank: 5.7.1 -> 5.7.2

(cherry picked from commit f4ec121e10bfa9804c3104a8b052a21480f3a2f1)
---
 pkgs/applications/office/homebank/default.nix | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkgs/applications/office/homebank/default.nix b/pkgs/applications/office/homebank/default.nix
index 105ec8456895a..653eaf63f84c0 100644
--- a/pkgs/applications/office/homebank/default.nix
+++ b/pkgs/applications/office/homebank/default.nix
@@ -3,10 +3,10 @@
 
 stdenv.mkDerivation rec {
   pname = "homebank";
-  version = "5.7.1";
+  version = "5.7.2";
   src = fetchurl {
-    url = "http://homebank.free.fr/public/sources/homebank-${version}.tar.gz";
-    hash = "sha256-fwqSnXde7yalqfKfo8AT8+762/aYLMCGp8dd3bm09Ck=";
+    url = "https://www.gethomebank.org/public/sources/homebank-${version}.tar.gz";
+    hash = "sha256-Mx1++I2Q8/NMpmEPfxjonpNUQ7GLCRqH2blL11Vjme8=";
   };
 
   nativeBuildInputs = [ pkg-config wrapGAppsHook intltool ];
@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
 
   meta = with lib; {
     description = "Free, easy, personal accounting for everyone";
-    homepage = "http://homebank.free.fr/";
+    homepage = "https://www.gethomebank.org";
     license = licenses.gpl2Plus;
     maintainers = with maintainers; [ pSub ];
     platforms = platforms.linux ++ platforms.darwin;

From bd4b5ce1cab5e926271cbfafab6d776a9d2c6d8e Mon Sep 17 00:00:00 2001
From: Julien Malka <julien@malka.sh>
Date: Wed, 29 Nov 2023 14:02:07 +0000
Subject: [PATCH 24/76] jellyfin: 10.8.12 -> 10.8.13

(cherry picked from commit 2d4a8ed6c4636a272997a0b9258cc9d53e931036)
---
 pkgs/servers/jellyfin/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/jellyfin/default.nix b/pkgs/servers/jellyfin/default.nix
index 23950d3a9e4d9..b627ef4d0325e 100644
--- a/pkgs/servers/jellyfin/default.nix
+++ b/pkgs/servers/jellyfin/default.nix
@@ -14,13 +14,13 @@
 
 buildDotnetModule rec {
   pname = "jellyfin";
-  version = "10.8.12"; # ensure that jellyfin-web has matching version
+  version = "10.8.13"; # ensure that jellyfin-web has matching version
 
   src = fetchFromGitHub {
     owner = "jellyfin";
     repo = "jellyfin";
     rev = "v${version}";
-    sha256 = "aou73pgusNIEyRxzNalfow/PThgK6Gn6XiylBoRwR1w=";
+    sha256 = "sha256-UtcrJRqDIPyewCNfI89E/IYrgLUhWx1me6MtPX+aeFU=";
   };
 
   patches = [

From 2ba31c01cb3c672845bdb5d19e7bf366464930d9 Mon Sep 17 00:00:00 2001
From: Julien Malka <julien@malka.sh>
Date: Wed, 29 Nov 2023 14:02:20 +0000
Subject: [PATCH 25/76] jellyfin-web: 10.8.12 -> 10.8.13

(cherry picked from commit d60046d367b0a99b2372750e53f1bd6881e33bf7)
---
 pkgs/servers/jellyfin/web.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/servers/jellyfin/web.nix b/pkgs/servers/jellyfin/web.nix
index bff9cd411aef6..b2a40c0690832 100644
--- a/pkgs/servers/jellyfin/web.nix
+++ b/pkgs/servers/jellyfin/web.nix
@@ -7,16 +7,16 @@
 
 buildNpmPackage rec {
   pname = "jellyfin-web";
-  version = "10.8.12";
+  version = "10.8.13";
 
   src = fetchFromGitHub {
     owner = "jellyfin";
     repo = "jellyfin-web";
     rev = "v${version}";
-    hash = "sha256-T5MACoNg6yADfM7eike3f6V/ELZXrZYP+3Cz6ea8WtQ=";
+    hash = "sha256-2W9s8TQV9BtxNYIrCbGRh5EUw0brwxSHohnb7269pQE=";
   };
 
-  npmDepsHash = "sha256-s+14x/jucCAxDWlQjCngjGtLB+4PCuO6R0qxP+SZ1+s=";
+  npmDepsHash = "sha256-i077UAxY2K12VXkHYbGYZRV1uhgdGUnoDbokSk2ZDIA=";
 
   npmBuildScript = [ "build:production" ];
 

From ba8330f57c619775351de91db81a308e5c2e86a6 Mon Sep 17 00:00:00 2001
From: Raito Bezarius <masterancpp@gmail.com>
Date: Thu, 23 Nov 2023 16:15:18 +0100
Subject: [PATCH 26/76] zfs_2_1: init at 2.1.13

This re-introduces the old stable ZFS version we had in the past following
the many predicted issues of ZFS 2.2.x series, that is much more stable
than any further ZFS version at the moment.

I am also removing myself from maintenance of any further ZFS versions as I am
planning to quit ZFS maintenance at some point.

In the meantime, for users like me who depend on ZFS for critical operations, here is a ZFS version
that is known to work for LTS kernels.

(cherry picked from commit e04c0b0d99fb66e4ab52dc47840f237f92242c4f)
---
 .github/CODEOWNERS                      |   5 +-
 nixos/modules/tasks/filesystems/zfs.nix |  31 +-
 nixos/tests/zfs.nix                     |  10 +-
 pkgs/os-specific/linux/zfs/2_1.nix      |  49 +++
 pkgs/os-specific/linux/zfs/generic.nix  | 449 ++++++++++++------------
 pkgs/os-specific/linux/zfs/stable.nix   |  11 +-
 pkgs/os-specific/linux/zfs/unstable.nix |  10 +-
 pkgs/top-level/all-packages.nix         |   3 +
 pkgs/top-level/linux-kernels.nix        |   4 +
 9 files changed, 338 insertions(+), 234 deletions(-)
 create mode 100644 pkgs/os-specific/linux/zfs/2_1.nix

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 7b0659a9d0270..47fea580e82df 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -322,9 +322,8 @@ pkgs/applications/version-management/forgejo @bendlas @emilylange
 /pkgs/development/ocaml-modules     @ulrikstrid
 
 # ZFS
-pkgs/os-specific/linux/zfs                @raitobezarius
-nixos/lib/make-single-disk-zfs-image.nix  @raitobezarius
-nixos/lib/make-multi-disk-zfs-image.nix   @raitobezarius
+pkgs/os-specific/linux/zfs/2_1.nix        @raitobezarius
+pkgs/os-specific/linux/zfs/generic.nix    @raitobezarius
 nixos/modules/tasks/filesystems/zfs.nix   @raitobezarius
 nixos/tests/zfs.nix                       @raitobezarius
 
diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix
index 4b6a5b6c12c14..72bc79f31b68a 100644
--- a/nixos/modules/tasks/filesystems/zfs.nix
+++ b/nixos/modules/tasks/filesystems/zfs.nix
@@ -16,6 +16,7 @@ let
   cfgTrim = config.services.zfs.trim;
   cfgZED = config.services.zfs.zed;
 
+  selectModulePackage = package: config.boot.kernelPackages.${package.kernelModuleAttribute};
   inInitrd = any (fs: fs == "zfs") config.boot.initrd.supportedFilesystems;
   inSystem = any (fs: fs == "zfs") config.boot.supportedFilesystems;
 
@@ -210,11 +211,17 @@ in
   options = {
     boot.zfs = {
       package = mkOption {
-        readOnly = true;
         type = types.package;
-        default = if config.boot.zfs.enableUnstable then pkgs.zfsUnstable else pkgs.zfs;
-        defaultText = literalExpression "if config.boot.zfs.enableUnstable then pkgs.zfsUnstable else pkgs.zfs";
-        description = lib.mdDoc "Configured ZFS userland tools package.";
+        default = if cfgZfs.enableUnstable then pkgs.zfsUnstable else pkgs.zfs;
+        defaultText = literalExpression "if zfsUnstable is enabled then pkgs.zfsUnstable else pkgs.zfs";
+        description = lib.mdDoc "Configured ZFS userland tools package, use `pkgs.zfsUnstable` if you want to track the latest staging ZFS branch.";
+      };
+
+      modulePackage = mkOption {
+        internal = true; # It is supposed to be selected automatically, but can be overridden by expert users.
+        default = selectModulePackage cfgZfs.package;
+        type = types.package;
+        description = lib.mdDoc "Configured ZFS kernel module package.";
       };
 
       enabled = mkOption {
@@ -533,6 +540,10 @@ in
   config = mkMerge [
     (mkIf cfgZfs.enabled {
       assertions = [
+        {
+          assertion = cfgZfs.modulePackage.version == cfgZfs.package.version;
+          message = "The kernel module and the userspace tooling versions are not matching, this is an unsupported usecase.";
+        }
         {
           assertion = cfgZED.enableMail -> cfgZfs.package.enableMail;
           message = ''
@@ -571,18 +582,14 @@ in
         # https://github.com/NixOS/nixpkgs/issues/106093
         kernelParams = lib.optionals (!config.boot.zfs.allowHibernation) [ "nohibernate" ];
 
-        extraModulePackages = let
-          kernelPkg = if config.boot.zfs.enableUnstable then
-            config.boot.kernelPackages.zfsUnstable
-           else
-            config.boot.kernelPackages.zfs;
-        in [
-          (kernelPkg.override { inherit (cfgZfs) removeLinuxDRM; })
+        extraModulePackages = [
+          (cfgZfs.modulePackage.override { inherit (cfgZfs) removeLinuxDRM; })
         ];
       };
 
       boot.initrd = mkIf inInitrd {
-        kernelModules = [ "zfs" ] ++ optional (!cfgZfs.enableUnstable) "spl";
+        # spl has been removed in ≥ 2.2.0.
+        kernelModules = [ "zfs" ] ++ lib.optional (lib.versionOlder "2.2.0" version) "spl";
         extraUtilsCommands =
           mkIf (!config.boot.initrd.systemd.enable) ''
             copy_bin_and_libs ${cfgZfs.package}/sbin/zfs
diff --git a/nixos/tests/zfs.nix b/nixos/tests/zfs.nix
index 3454fbaf78fe5..ad4ea254f34d7 100644
--- a/nixos/tests/zfs.nix
+++ b/nixos/tests/zfs.nix
@@ -13,6 +13,7 @@ let
                       else pkgs.linuxPackages
     , enableUnstable ? false
     , enableSystemdStage1 ? false
+    , zfsPackage ? if enableUnstable then pkgs.zfs else pkgs.zfsUnstable
     , extraTest ? ""
     }:
     makeTest {
@@ -21,7 +22,7 @@ let
         maintainers = [ adisbladis elvishjerricco ];
       };
 
-      nodes.machine = { pkgs, lib, ... }:
+      nodes.machine = { config, pkgs, lib, ... }:
         let
           usersharePath = "/var/lib/samba/usershares";
         in {
@@ -35,8 +36,8 @@ let
         boot.loader.efi.canTouchEfiVariables = true;
         networking.hostId = "deadbeef";
         boot.kernelPackages = kernelPackage;
+        boot.zfs.package = zfsPackage;
         boot.supportedFilesystems = [ "zfs" ];
-        boot.zfs.enableUnstable = enableUnstable;
         boot.initrd.systemd.enable = enableSystemdStage1;
 
         environment.systemPackages = [ pkgs.parted ];
@@ -193,6 +194,11 @@ let
 
 in {
 
+  # maintainer: @raitobezarius
+  series_2_1 = makeZfsTest "2.1-series" {
+    zfsPackage = pkgs.zfs_2_1;
+  };
+
   stable = makeZfsTest "stable" { };
 
   unstable = makeZfsTest "unstable" {
diff --git a/pkgs/os-specific/linux/zfs/2_1.nix b/pkgs/os-specific/linux/zfs/2_1.nix
new file mode 100644
index 0000000000000..737a52fcc4ff4
--- /dev/null
+++ b/pkgs/os-specific/linux/zfs/2_1.nix
@@ -0,0 +1,49 @@
+{ callPackage
+, kernel ? null
+, stdenv
+, linuxKernel
+, removeLinuxDRM ? false
+, lib
+, nixosTests
+, fetchpatch
+, ...
+} @ args:
+
+let
+  stdenv' = if kernel == null then stdenv else kernel.stdenv;
+in
+callPackage ./generic.nix args {
+  # You have to ensure that in `pkgs/top-level/linux-kernels.nix`
+  # this attribute is the correct one for this package.
+  kernelModuleAttribute = "zfs_2_1";
+  # check the release notes for compatible kernels
+  kernelCompatible =
+    if stdenv'.isx86_64 || removeLinuxDRM
+    then kernel.kernelOlder "6.6"
+    else kernel.kernelOlder "6.2";
+
+  latestCompatibleLinuxPackages = if stdenv'.isx86_64 || removeLinuxDRM
+    then linuxKernel.packages.linux_6_5
+    else linuxKernel.packages.linux_6_1;
+
+  # This is a fixed version to the 2.1.x series, move only
+  # if the 2.1.x series moves.
+  version = "2.1.13";
+
+  extraPatches = [
+    (fetchpatch {
+      # https://github.com/openzfs/zfs/pull/15571
+      # Remove when it's backported to 2.1.x.
+      url = "https://github.com/robn/zfs/commit/617c990a4cf1157b0f8332f35672846ad16ca70a.patch";
+      hash = "sha256-j5YSrud7BaWk2npBl31qwFFLYltbut3CUjI1cjZOpag=";
+    })
+  ];
+
+  hash = "sha256-tqUCn/Hf/eEmyWRQthWQdmTJK2sDspnHiiEfn9rz2Kc=";
+
+  tests = [
+    nixosTests.zfs.series_2_1
+  ];
+
+  maintainers = [ lib.maintainers.raitobezarius ];
+}
diff --git a/pkgs/os-specific/linux/zfs/generic.nix b/pkgs/os-specific/linux/zfs/generic.nix
index 8adbb8cab8f91..d8b22e872f1da 100644
--- a/pkgs/os-specific/linux/zfs/generic.nix
+++ b/pkgs/os-specific/linux/zfs/generic.nix
@@ -1,222 +1,241 @@
-{ pkgs, lib, stdenv, fetchFromGitHub, fetchpatch
-, autoreconfHook269, util-linux, nukeReferences, coreutils
-, perl, nixosTests
-, configFile ? "all"
-
-# Userspace dependencies
-, zlib, libuuid, python3, attr, openssl
-, libtirpc
-, nfs-utils, samba
-, gawk, gnugrep, gnused, systemd
-, smartmontools, enableMail ? false
-, sysstat, pkg-config
-, curl
-, pam
-
-# Kernel dependencies
-, kernel ? null
-, enablePython ? true
-, ...
-}:
-
-{ version
-, sha256
-, extraPatches ? []
-, rev ? "zfs-${version}"
-, isUnstable ? false
-, latestCompatibleLinuxPackages
-, kernelCompatible ? null
-}:
-
 let
-  inherit (lib) any optionalString optionals optional makeBinPath;
-
-  smartmon = smartmontools.override { inherit enableMail; };
-
-  buildKernel = any (n: n == configFile) [ "kernel" "all" ];
-  buildUser = any (n: n == configFile) [ "user" "all" ];
-
-  # XXX: You always want to build kernel modules with the same stdenv as the
-  # kernel was built with. However, since zfs can also be built for userspace we
-  # need to correctly pick between the provided/default stdenv, and the one used
-  # by the kernel.
-  # If you don't do this your ZFS builds will fail on any non-standard (e.g.
-  # clang-built) kernels.
-  stdenv' = if kernel == null then stdenv else kernel.stdenv;
-in
+  genericBuild =
+  { pkgs, lib, stdenv, fetchFromGitHub, fetchpatch
+  , autoreconfHook269, util-linux, nukeReferences, coreutils
+  , perl
+  , configFile ? "all"
+
+  # Userspace dependencies
+  , zlib, libuuid, python3, attr, openssl
+  , libtirpc
+  , nfs-utils, samba
+  , gawk, gnugrep, gnused, systemd
+  , smartmontools, enableMail ? false
+  , sysstat, pkg-config
+  , curl
+  , pam
+
+  # Kernel dependencies
+  , kernel ? null
+  , enablePython ? true
+  , ...
+  }@outerArgs:
+
+  assert (configFile == "kernel") -> (kernel != null);
+  { version
+  , hash
+  , kernelModuleAttribute
+  , extraPatches ? []
+  , rev ? "zfs-${version}"
+  , isUnstable ? false
+  , latestCompatibleLinuxPackages
+  , kernelCompatible ? null
+  , maintainers ? (with lib.maintainers; [ amarshall adamcstephens ])
+  , tests
+  }@innerArgs:
+
+  let
+    inherit (lib) any optionalString optionals optional makeBinPath versionAtLeast;
+
+    smartmon = smartmontools.override { inherit enableMail; };
+
+    buildKernel = any (n: n == configFile) [ "kernel" "all" ];
+    buildUser = any (n: n == configFile) [ "user" "all" ];
+    isAtLeast22Series = versionAtLeast version "2.2.0";
+
+    # XXX: You always want to build kernel modules with the same stdenv as the
+    # kernel was built with. However, since zfs can also be built for userspace we
+    # need to correctly pick between the provided/default stdenv, and the one used
+    # by the kernel.
+    # If you don't do this your ZFS builds will fail on any non-standard (e.g.
+    # clang-built) kernels.
+    stdenv' = if kernel == null then stdenv else kernel.stdenv;
+  in
+
+  stdenv'.mkDerivation {
+    name = "zfs-${configFile}-${version}${optionalString buildKernel "-${kernel.version}"}";
+    pname = "zfs";
+    inherit version;
+
+    src = fetchFromGitHub {
+      owner = "openzfs";
+      repo = "zfs";
+      inherit rev hash;
+    };
+
+    patches = extraPatches;
+
+    postPatch = optionalString buildKernel ''
+      patchShebangs scripts
+      # The arrays must remain the same length, so we repeat a flag that is
+      # already part of the command and therefore has no effect.
+      substituteInPlace ./module/os/linux/zfs/zfs_ctldir.c \
+        --replace '"/usr/bin/env", "umount"' '"${util-linux}/bin/umount", "-n"' \
+        --replace '"/usr/bin/env", "mount"'  '"${util-linux}/bin/mount", "-n"'
+    '' + optionalString buildUser ''
+      substituteInPlace ./lib/libshare/os/linux/nfs.c --replace "/usr/sbin/exportfs" "${
+        # We don't *need* python support, but we set it like this to minimize closure size:
+        # If it's disabled by default, no need to enable it, even if we have python enabled
+        # And if it's enabled by default, only change that if we explicitly disable python to remove python from the closure
+        nfs-utils.override (old: { enablePython = old.enablePython or true && enablePython; })
+      }/bin/exportfs"
+      substituteInPlace ./lib/libshare/smb.h        --replace "/usr/bin/net"            "${samba}/bin/net"
+      # Disable dynamic loading of libcurl
+      substituteInPlace ./config/user-libfetch.m4   --replace "curl-config --built-shared" "true"
+      substituteInPlace ./config/user-systemd.m4    --replace "/usr/lib/modules-load.d" "$out/etc/modules-load.d"
+      substituteInPlace ./config/zfs-build.m4       --replace "\$sysconfdir/init.d"     "$out/etc/init.d" \
+                                                    --replace "/etc/default"            "$out/etc/default"
+      substituteInPlace ./contrib/initramfs/Makefile.am \
+        --replace "/usr/share/initramfs-tools" "$out/usr/share/initramfs-tools"
+    '' + optionalString isAtLeast22Series ''
+      substituteInPlace ./udev/vdev_id \
+        --replace "PATH=/bin:/sbin:/usr/bin:/usr/sbin" \
+         "PATH=${makeBinPath [ coreutils gawk gnused gnugrep systemd ]}"
+    '' + optionalString (!isAtLeast22Series) ''
+      substituteInPlace ./etc/zfs/Makefile.am --replace "\$(sysconfdir)/zfs" "$out/etc/zfs"
+
+      find ./contrib/initramfs -name Makefile.am -exec sed -i -e 's|/usr/share/initramfs-tools|'$out'/share/initramfs-tools|g' {} \;
+
+      substituteInPlace ./cmd/vdev_id/vdev_id \
+        --replace "PATH=/bin:/sbin:/usr/bin:/usr/sbin" \
+        "PATH=${makeBinPath [ coreutils gawk gnused gnugrep systemd ]}"
+    '' + ''
+      substituteInPlace ./config/zfs-build.m4 \
+        --replace "bashcompletiondir=/etc/bash_completion.d" \
+          "bashcompletiondir=$out/share/bash-completion/completions"
+    '';
 
-stdenv'.mkDerivation {
-  name = "zfs-${configFile}-${version}${optionalString buildKernel "-${kernel.version}"}";
+    nativeBuildInputs = [ autoreconfHook269 nukeReferences ]
+      ++ optionals buildKernel (kernel.moduleBuildDependencies ++ [ perl ])
+      ++ optional buildUser pkg-config;
+    buildInputs = optionals buildUser [ zlib libuuid attr libtirpc pam ]
+      ++ optional buildUser openssl
+      ++ optional buildUser curl
+      ++ optional (buildUser && enablePython) python3;
+
+    # for zdb to get the rpath to libgcc_s, needed for pthread_cancel to work
+    NIX_CFLAGS_LINK = "-lgcc_s";
+
+    hardeningDisable = [ "fortify" "stackprotector" "pic" ];
+
+    configureFlags = [
+      "--with-config=${configFile}"
+      "--with-tirpc=1"
+      (lib.withFeatureAs (buildUser && enablePython) "python" python3.interpreter)
+    ] ++ optionals buildUser [
+      "--with-dracutdir=$(out)/lib/dracut"
+      "--with-udevdir=$(out)/lib/udev"
+      "--with-systemdunitdir=$(out)/etc/systemd/system"
+      "--with-systemdpresetdir=$(out)/etc/systemd/system-preset"
+      "--with-systemdgeneratordir=$(out)/lib/systemd/system-generator"
+      "--with-mounthelperdir=$(out)/bin"
+      "--libexecdir=$(out)/libexec"
+      "--sysconfdir=/etc"
+      "--localstatedir=/var"
+      "--enable-systemd"
+      "--enable-pam"
+    ] ++ optionals buildKernel ([
+      "--with-linux=${kernel.dev}/lib/modules/${kernel.modDirVersion}/source"
+      "--with-linux-obj=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
+    ] ++ kernel.makeFlags);
+
+    makeFlags = optionals buildKernel kernel.makeFlags;
+
+    enableParallelBuilding = true;
+
+    installFlags = [
+      "sysconfdir=\${out}/etc"
+      "DEFAULT_INITCONF_DIR=\${out}/default"
+      "INSTALL_MOD_PATH=\${out}"
+    ];
+
+    preConfigure = ''
+      # The kernel module builds some tests during the configurePhase, this envvar controls their parallelism
+      export TEST_JOBS=$NIX_BUILD_CORES
+      if [ -z "$enableParallelBuilding" ]; then
+        export TEST_JOBS=1
+      fi
+    '';
 
-  src = fetchFromGitHub {
-    owner = "openzfs";
-    repo = "zfs";
-    inherit rev sha256;
-  };
+    # Enabling BTF causes zfs to be build with debug symbols.
+    # Since zfs compress kernel modules on installation, our strip hooks skip stripping them.
+    # Hence we strip modules prior to compression.
+    postBuild = optionalString buildKernel ''
+       find . -name "*.ko" -print0 | xargs -0 -P$NIX_BUILD_CORES ${stdenv.cc.targetPrefix}strip --strip-debug
+    '';
 
-  patches = extraPatches;
-
-  postPatch = optionalString buildKernel ''
-    patchShebangs scripts
-    # The arrays must remain the same length, so we repeat a flag that is
-    # already part of the command and therefore has no effect.
-    substituteInPlace ./module/os/linux/zfs/zfs_ctldir.c \
-      --replace '"/usr/bin/env", "umount"' '"${util-linux}/bin/umount", "-n"' \
-      --replace '"/usr/bin/env", "mount"'  '"${util-linux}/bin/mount", "-n"'
-  '' + optionalString buildUser ''
-    substituteInPlace ./lib/libshare/os/linux/nfs.c --replace "/usr/sbin/exportfs" "${
-      # We don't *need* python support, but we set it like this to minimize closure size:
-      # If it's disabled by default, no need to enable it, even if we have python enabled
-      # And if it's enabled by default, only change that if we explicitly disable python to remove python from the closure
-      nfs-utils.override (old: { enablePython = old.enablePython or true && enablePython; })
-    }/bin/exportfs"
-    substituteInPlace ./lib/libshare/smb.h        --replace "/usr/bin/net"            "${samba}/bin/net"
-    # Disable dynamic loading of libcurl
-    substituteInPlace ./config/user-libfetch.m4   --replace "curl-config --built-shared" "true"
-    substituteInPlace ./config/user-systemd.m4    --replace "/usr/lib/modules-load.d" "$out/etc/modules-load.d"
-    substituteInPlace ./config/zfs-build.m4       --replace "\$sysconfdir/init.d"     "$out/etc/init.d" \
-                                                  --replace "/etc/default"            "$out/etc/default"
-    substituteInPlace ./contrib/initramfs/Makefile.am \
-      --replace "/usr/share/initramfs-tools" "$out/usr/share/initramfs-tools"
-    substituteInPlace ./udev/vdev_id \
-      --replace "PATH=/bin:/sbin:/usr/bin:/usr/sbin" \
-       "PATH=${makeBinPath [ coreutils gawk gnused gnugrep systemd ]}"
-    substituteInPlace ./config/zfs-build.m4 \
-      --replace "bashcompletiondir=/etc/bash_completion.d" \
-        "bashcompletiondir=$out/share/bash-completion/completions"
-  '';
-
-  nativeBuildInputs = [ autoreconfHook269 nukeReferences ]
-    ++ optionals buildKernel (kernel.moduleBuildDependencies ++ [ perl ])
-    ++ optional buildUser pkg-config;
-  buildInputs = optionals buildUser [ zlib libuuid attr libtirpc pam ]
-    ++ optional buildUser openssl
-    ++ optional buildUser curl
-    ++ optional (buildUser && enablePython) python3;
-
-  # for zdb to get the rpath to libgcc_s, needed for pthread_cancel to work
-  NIX_CFLAGS_LINK = "-lgcc_s";
-
-  hardeningDisable = [ "fortify" "stackprotector" "pic" ];
-
-  configureFlags = [
-    "--with-config=${configFile}"
-    "--with-tirpc=1"
-    (lib.withFeatureAs (buildUser && enablePython) "python" python3.interpreter)
-  ] ++ optionals buildUser [
-    "--with-dracutdir=$(out)/lib/dracut"
-    "--with-udevdir=$(out)/lib/udev"
-    "--with-systemdunitdir=$(out)/etc/systemd/system"
-    "--with-systemdpresetdir=$(out)/etc/systemd/system-preset"
-    "--with-systemdgeneratordir=$(out)/lib/systemd/system-generator"
-    "--with-mounthelperdir=$(out)/bin"
-    "--libexecdir=$(out)/libexec"
-    "--sysconfdir=/etc"
-    "--localstatedir=/var"
-    "--enable-systemd"
-    "--enable-pam"
-  ] ++ optionals buildKernel ([
-    "--with-linux=${kernel.dev}/lib/modules/${kernel.modDirVersion}/source"
-    "--with-linux-obj=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
-  ] ++ kernel.makeFlags);
-
-  makeFlags = optionals buildKernel kernel.makeFlags;
-
-  enableParallelBuilding = true;
-
-  installFlags = [
-    "sysconfdir=\${out}/etc"
-    "DEFAULT_INITCONF_DIR=\${out}/default"
-    "INSTALL_MOD_PATH=\${out}"
-  ];
-
-  preConfigure = ''
-    # The kernel module builds some tests during the configurePhase, this envvar controls their parallelism
-    export TEST_JOBS=$NIX_BUILD_CORES
-    if [ -z "$enableParallelBuilding" ]; then
-      export TEST_JOBS=1
-    fi
-  '';
-
-  # Enabling BTF causes zfs to be build with debug symbols.
-  # Since zfs compress kernel modules on installation, our strip hooks skip stripping them.
-  # Hence we strip modules prior to compression.
-  postBuild = optionalString buildKernel ''
-     find . -name "*.ko" -print0 | xargs -0 -P$NIX_BUILD_CORES ${stdenv.cc.targetPrefix}strip --strip-debug
-  '';
-
-  postInstall = optionalString buildKernel ''
-    # Add reference that cannot be detected due to compressed kernel module
-    mkdir -p "$out/nix-support"
-    echo "${util-linux}" >> "$out/nix-support/extra-refs"
-  '' + optionalString buildUser ''
-    # Remove provided services as they are buggy
-    rm $out/etc/systemd/system/zfs-import-*.service
-
-    for i in $out/etc/systemd/system/*; do
-       if [ -L $i ]; then
-         continue
-       fi
-       sed -i '/zfs-import-scan.service/d' $i
-       substituteInPlace $i --replace "zfs-import-cache.service" "zfs-import.target"
-    done
-
-    # Remove tests because they add a runtime dependency on gcc
-    rm -rf $out/share/zfs/zfs-tests
-
-    # Add Bash completions.
-    install -v -m444 -D -t $out/share/bash-completion/completions contrib/bash_completion.d/zfs
-    (cd $out/share/bash-completion/completions; ln -s zfs zpool)
-  '';
-
-  postFixup = let
-    path = "PATH=${makeBinPath [ coreutils gawk gnused gnugrep util-linux smartmon sysstat ]}:$PATH";
-  in ''
-    for i in $out/libexec/zfs/zpool.d/*; do
-      sed -i '2i${path}' $i
-    done
-  '';
-
-  outputs = [ "out" ] ++ optionals buildUser [ "dev" ];
-
-  passthru = {
-    inherit enableMail latestCompatibleLinuxPackages;
-
-    tests =
-      if isUnstable then [
-        nixosTests.zfs.unstable
-      ] else [
-        nixosTests.zfs.installer
-        nixosTests.zfs.stable
-      ];
-  };
+    postInstall = optionalString buildKernel ''
+      # Add reference that cannot be detected due to compressed kernel module
+      mkdir -p "$out/nix-support"
+      echo "${util-linux}" >> "$out/nix-support/extra-refs"
+    '' + optionalString buildUser ''
+      # Remove provided services as they are buggy
+      rm $out/etc/systemd/system/zfs-import-*.service
+
+      for i in $out/etc/systemd/system/*; do
+         if [ -L $i ]; then
+           continue
+         fi
+         sed -i '/zfs-import-scan.service/d' $i
+         substituteInPlace $i --replace "zfs-import-cache.service" "zfs-import.target"
+      done
+
+      # Remove tests because they add a runtime dependency on gcc
+      rm -rf $out/share/zfs/zfs-tests
+
+      # Add Bash completions.
+      install -v -m444 -D -t $out/share/bash-completion/completions contrib/bash_completion.d/zfs
+      (cd $out/share/bash-completion/completions; ln -s zfs zpool)
+    '';
 
-  meta = {
-    description = "ZFS Filesystem Linux Kernel module";
-    longDescription = ''
-      ZFS is a filesystem that combines a logical volume manager with a
-      Copy-On-Write filesystem with data integrity detection and repair,
-      snapshotting, cloning, block devices, deduplication, and more.
+    postFixup = let
+      path = "PATH=${makeBinPath [ coreutils gawk gnused gnugrep util-linux smartmon sysstat ]}:$PATH";
+    in ''
+      for i in $out/libexec/zfs/zpool.d/*; do
+        sed -i '2i${path}' $i
+      done
     '';
-    homepage = "https://github.com/openzfs/zfs";
-    changelog = "https://github.com/openzfs/zfs/releases/tag/zfs-${version}";
-    license = lib.licenses.cddl;
-
-    # The case-block for TARGET_CPU has branches for only some CPU families,
-    # which prevents ZFS from building on any other platform.  Since the NixOS
-    # `boot.zfs.enabled` property is `readOnly`, excluding platforms where ZFS
-    # does not build is the only way to produce a NixOS installer on such
-    # platforms.
-    # https://github.com/openzfs/zfs/blob/6723d1110f6daf93be93db74d5ea9f6b64c9bce5/config/always-arch.m4#L12
-    platforms =
-      with lib.systems.inspect.patterns;
-      map (p: p // isLinux) ([ isx86_32 isx86_64 isPower isAarch64 isSparc ] ++ isArmv7);
-
-    maintainers = with lib.maintainers; [ jcumming jonringer globin raitobezarius ];
-    mainProgram = "zfs";
-    # If your Linux kernel version is not yet supported by zfs, try zfsUnstable.
-    # On NixOS set the option boot.zfs.enableUnstable.
-    broken = buildKernel && (kernelCompatible != null) && !kernelCompatible;
-  };
-}
 
+    outputs = [ "out" ] ++ optionals buildUser [ "dev" ];
+
+    passthru = {
+      inherit enableMail latestCompatibleLinuxPackages kernelModuleAttribute;
+      # The corresponding userspace tools to this instantiation
+      # of the ZFS package set.
+      userspaceTools = genericBuild (outerArgs // {
+        configFile = "user";
+      }) innerArgs;
+
+      inherit tests;
+    };
+
+    meta = {
+      description = "ZFS Filesystem Linux Kernel module";
+      longDescription = ''
+        ZFS is a filesystem that combines a logical volume manager with a
+        Copy-On-Write filesystem with data integrity detection and repair,
+        snapshotting, cloning, block devices, deduplication, and more.
+      '';
+      homepage = "https://github.com/openzfs/zfs";
+      changelog = "https://github.com/openzfs/zfs/releases/tag/zfs-${version}";
+      license = lib.licenses.cddl;
+
+      # The case-block for TARGET_CPU has branches for only some CPU families,
+      # which prevents ZFS from building on any other platform.  Since the NixOS
+      # `boot.zfs.enabled` property is `readOnly`, excluding platforms where ZFS
+      # does not build is the only way to produce a NixOS installer on such
+      # platforms.
+      # https://github.com/openzfs/zfs/blob/6723d1110f6daf93be93db74d5ea9f6b64c9bce5/config/always-arch.m4#L12
+      platforms =
+        with lib.systems.inspect.patterns;
+        map (p: p // isLinux) ([ isx86_32 isx86_64 isPower isAarch64 isSparc ] ++ isArmv7);
+
+      inherit maintainers;
+      mainProgram = "zfs";
+      # If your Linux kernel version is not yet supported by zfs, try zfsUnstable.
+      # On NixOS set the option boot.zfs.enableUnstable.
+      broken = buildKernel && (kernelCompatible != null) && !kernelCompatible;
+    };
+  };
+in
+  genericBuild
diff --git a/pkgs/os-specific/linux/zfs/stable.nix b/pkgs/os-specific/linux/zfs/stable.nix
index 09b5dd6bc9b71..4714a08fbc72a 100644
--- a/pkgs/os-specific/linux/zfs/stable.nix
+++ b/pkgs/os-specific/linux/zfs/stable.nix
@@ -3,6 +3,7 @@
 , stdenv
 , linuxKernel
 , removeLinuxDRM ? false
+, nixosTests
 , ...
 } @ args:
 
@@ -10,6 +11,9 @@ let
   stdenv' = if kernel == null then stdenv else kernel.stdenv;
 in
 callPackage ./generic.nix args {
+  # You have to ensure that in `pkgs/top-level/linux-kernels.nix`
+  # this attribute is the correct one for this package.
+  kernelModuleAttribute = "zfs";
   # check the release notes for compatible kernels
   kernelCompatible =
     if stdenv'.isx86_64 || removeLinuxDRM
@@ -23,9 +27,14 @@ callPackage ./generic.nix args {
   # this package should point to the latest release.
   version = "2.2.1";
 
+  hash = "sha256-2Q/Nhp3YKgMCLPNRNBq5r9U4GeuYlWMWAsjsQy3vFW4=";
+
   extraPatches = [
     ./patches/disable-zfs-dmu-offset-next-sync-by-default-v2-2.patch
   ];
 
-  sha256 = "sha256-2Q/Nhp3YKgMCLPNRNBq5r9U4GeuYlWMWAsjsQy3vFW4=";
+  tests = [
+    nixosTests.zfs.installer
+    nixosTests.zfs.stable
+  ];
 }
diff --git a/pkgs/os-specific/linux/zfs/unstable.nix b/pkgs/os-specific/linux/zfs/unstable.nix
index 097e6f736c1aa..76f57bb0b44dd 100644
--- a/pkgs/os-specific/linux/zfs/unstable.nix
+++ b/pkgs/os-specific/linux/zfs/unstable.nix
@@ -3,6 +3,7 @@
 , stdenv
 , linuxKernel
 , removeLinuxDRM ? false
+, nixosTests
 , ...
 } @ args:
 
@@ -10,6 +11,9 @@ let
   stdenv' = if kernel == null then stdenv else kernel.stdenv;
 in
 callPackage ./generic.nix args {
+  # You have to ensure that in `pkgs/top-level/linux-kernels.nix`
+  # this attribute is the correct one for this package.
+  kernelModuleAttribute = "zfsUnstable";
   # check the release notes for compatible kernels
   kernelCompatible = if stdenv'.isx86_64 || removeLinuxDRM
     then kernel.kernelOlder "6.7"
@@ -25,11 +29,15 @@ callPackage ./generic.nix args {
   # maintainers.
   version = "2.2.1";
 
-  sha256 = "sha256-2Q/Nhp3YKgMCLPNRNBq5r9U4GeuYlWMWAsjsQy3vFW4=";
+  hash = "sha256-2Q/Nhp3YKgMCLPNRNBq5r9U4GeuYlWMWAsjsQy3vFW4=";
 
   isUnstable = true;
 
   extraPatches = [
     ./patches/disable-zfs-dmu-offset-next-sync-by-default-v2-2.patch
   ];
+
+  tests = [
+    nixosTests.zfs.unstable
+  ];
 }
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 79e984e927dcf..6b175327c1e80 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -28990,6 +28990,9 @@ with pkgs;
 
   zenmonitor = callPackage ../os-specific/linux/zenmonitor { };
 
+  zfs_2_1 = callPackage ../os-specific/linux/zfs/2_1.nix {
+    configFile = "user";
+  };
   zfsStable = callPackage ../os-specific/linux/zfs/stable.nix {
     configFile = "user";
   };
diff --git a/pkgs/top-level/linux-kernels.nix b/pkgs/top-level/linux-kernels.nix
index 12ad5a678f213..7218a8ed8dda1 100644
--- a/pkgs/top-level/linux-kernels.nix
+++ b/pkgs/top-level/linux-kernels.nix
@@ -546,6 +546,10 @@ in {
 
     zenpower = callPackage ../os-specific/linux/zenpower { };
 
+    zfs_2_1 = callPackage ../os-specific/linux/zfs/2_1.nix {
+      configFile = "kernel";
+      inherit pkgs kernel;
+    };
     zfsStable = callPackage ../os-specific/linux/zfs/stable.nix {
       configFile = "kernel";
       inherit pkgs kernel;

From 03c6a5df40e4e8351243fdb169f55a4f7be0ba0d Mon Sep 17 00:00:00 2001
From: Raito Bezarius <masterancpp@gmail.com>
Date: Fri, 24 Nov 2023 14:04:55 +0100
Subject: [PATCH 27/76] zfs: improve description and long description

When we are building for user or kernel, we are not building a kernel module all the time.

(cherry picked from commit b026c45bf62b0c14836e8f30ce870336456218ee)
---
 pkgs/os-specific/linux/zfs/generic.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkgs/os-specific/linux/zfs/generic.nix b/pkgs/os-specific/linux/zfs/generic.nix
index d8b22e872f1da..566af6950d483 100644
--- a/pkgs/os-specific/linux/zfs/generic.nix
+++ b/pkgs/os-specific/linux/zfs/generic.nix
@@ -210,11 +210,13 @@ let
     };
 
     meta = {
-      description = "ZFS Filesystem Linux Kernel module";
+      description = "ZFS Filesystem Linux" + (if buildUser then " Userspace Tools" else " Kernel Module");
       longDescription = ''
         ZFS is a filesystem that combines a logical volume manager with a
         Copy-On-Write filesystem with data integrity detection and repair,
         snapshotting, cloning, block devices, deduplication, and more.
+
+        ${if buildUser then "This is the userspace tools package." else "This is the kernel module package."}
       '';
       homepage = "https://github.com/openzfs/zfs";
       changelog = "https://github.com/openzfs/zfs/releases/tag/zfs-${version}";

From 327ce5c2ea0b9381dae32334ea3e0d93516f4b40 Mon Sep 17 00:00:00 2001
From: "R. Ryantm" <ryantm-bot@ryantm.com>
Date: Thu, 23 Nov 2023 03:12:56 +0000
Subject: [PATCH 28/76] capnproto: 1.0.1 -> 1.0.1.1

(cherry picked from commit 6db5b06f027fae8e6d964fddb104bc97af0e3f23)
---
 pkgs/development/libraries/capnproto/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/capnproto/default.nix b/pkgs/development/libraries/capnproto/default.nix
index 05e80893ebb0e..0312eeaf7eed7 100644
--- a/pkgs/development/libraries/capnproto/default.nix
+++ b/pkgs/development/libraries/capnproto/default.nix
@@ -8,14 +8,14 @@
 
 stdenv.mkDerivation rec {
   pname = "capnproto";
-  version = "1.0.1";
+  version = "1.0.1.1";
 
   # release tarballs are missing some ekam rules
   src = fetchFromGitHub {
     owner = "capnproto";
     repo = "capnproto";
     rev = "v${version}";
-    sha256 = "sha256-ZruJikcMZuUBmNq+f6+wUl4Rr6MVFxmgcj1TSOKM1ZE=";
+    sha256 = "sha256-LFpCQiepPG78iMq/d3NAN6cSZI1X0QgkKRIxeeZhfEQ=";
   };
 
   nativeBuildInputs = [ cmake ];

From 0ed8d7c21469bcf907d7f6aa9ed9f85048fe9a23 Mon Sep 17 00:00:00 2001
From: Emily Trau <emily@downunderctf.com>
Date: Wed, 29 Nov 2023 12:54:36 +1100
Subject: [PATCH 29/76] neomutt: fix build on x86_64-darwin

(cherry picked from commit da7e6f5447a6a4ad3627bcd81868d61e119820d3)
---
 pkgs/top-level/all-packages.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 79e984e927dcf..5cbde426b15e1 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -34032,7 +34032,7 @@ with pkgs;
 
   n8n = callPackage ../applications/networking/n8n { };
 
-  neomutt = callPackage ../applications/networking/mailreaders/neomutt { };
+  neomutt = darwin.apple_sdk_11_0.callPackage ../applications/networking/mailreaders/neomutt { };
 
   neosay = callPackage ../applications/networking/instant-messengers/neosay { };
 

From 00c99a12bdad22e78024464f6902137af4ef2783 Mon Sep 17 00:00:00 2001
From: Luflosi <luflosi@luflosi.de>
Date: Mon, 27 Nov 2023 23:22:49 +0100
Subject: [PATCH 30/76] teeworlds: fix build on Darwin

The Cocoa dependency is also needed when not building the Client.
The Carbon dependency does not seem to be needed at all.
The libGLU dependency does not currently build on macOS because of one of its transitive dependencies but teeworlds compiles and runs fine without libGLU on macOS, so just make this dependency Linux-only.

(cherry picked from commit f563b8bb66c4fa757913ad5a7a913547f964da85)
---
 pkgs/games/teeworlds/default.nix | 8 +++-----
 pkgs/top-level/all-packages.nix  | 2 +-
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/pkgs/games/teeworlds/default.nix b/pkgs/games/teeworlds/default.nix
index a915832fdbe90..7189d5cbef209 100644
--- a/pkgs/games/teeworlds/default.nix
+++ b/pkgs/games/teeworlds/default.nix
@@ -1,7 +1,6 @@
 { fetchFromGitHub, lib, stdenv, cmake, pkg-config, python3, alsa-lib
 , libX11, libGLU, SDL2, lua5_3, zlib, freetype, wavpack, icoutils
 , nixosTests
-, Carbon
 , Cocoa
 , buildClient ? true
 }:
@@ -45,17 +44,16 @@ stdenv.mkDerivation rec {
 
   buildInputs = [
     python3 lua5_3 zlib
+  ] ++ lib.optionals stdenv.isDarwin [
+    Cocoa
   ] ++ lib.optionals buildClient ([
-    libGLU
     SDL2
     freetype
     wavpack
   ] ++ lib.optionals stdenv.isLinux [
+    libGLU
     alsa-lib
     libX11
-  ] ++ lib.optionals stdenv.isDarwin [
-    Carbon
-    Cocoa
   ]);
 
   cmakeFlags = [
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 79e984e927dcf..037106517c9a5 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -38474,7 +38474,7 @@ with pkgs;
   teetertorture = callPackage ../games/teetertorture { };
 
   teeworlds = callPackage ../games/teeworlds {
-    inherit (darwin.apple_sdk.frameworks) Carbon Cocoa;
+    inherit (darwin.apple_sdk.frameworks) Cocoa;
   };
   teeworlds-server = teeworlds.override { buildClient = false; };
 

From b6b0c8862ab9cfc717767a9a9606c399e4dc1d58 Mon Sep 17 00:00:00 2001
From: Luflosi <luflosi@luflosi.de>
Date: Mon, 27 Nov 2023 23:08:58 +0100
Subject: [PATCH 31/76] teeworlds-server: fix unbundling of wavpack dependency

(cherry picked from commit db5b38723e8a6981524b304cc11399decfe16dfb)
---
 pkgs/games/teeworlds/default.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkgs/games/teeworlds/default.nix b/pkgs/games/teeworlds/default.nix
index 7189d5cbef209..eed9853ece9d8 100644
--- a/pkgs/games/teeworlds/default.nix
+++ b/pkgs/games/teeworlds/default.nix
@@ -33,6 +33,14 @@ stdenv.mkDerivation rec {
     substituteInPlace 'other/bundle/client/Info.plist.in' \
       --replace ${"'"}''${TARGET_CLIENT}' 'teeworlds' \
       --replace ${"'"}''${PROJECT_VERSION}' '${version}'
+
+    # Make sure some bundled dependencies are actually unbundled.
+    # This will fail compilation if one of these dependencies could not
+    # be found, instead of falling back to the bundled version.
+    rm -rf 'src/engine/external/wavpack/'
+    rm -rf 'src/engine/external/zlib/'
+    # md5, pnglite and json-parser (https://github.com/udp/json-parser)
+    # don't seem to be packaged in Nixpkgs, so don't unbundle them.
   '';
 
   nativeBuildInputs = [
@@ -44,12 +52,12 @@ stdenv.mkDerivation rec {
 
   buildInputs = [
     python3 lua5_3 zlib
+    wavpack
   ] ++ lib.optionals stdenv.isDarwin [
     Cocoa
   ] ++ lib.optionals buildClient ([
     SDL2
     freetype
-    wavpack
   ] ++ lib.optionals stdenv.isLinux [
     libGLU
     alsa-lib

From 6a4d5693c49eb051a63066d3d98c25760e2be756 Mon Sep 17 00:00:00 2001
From: figsoda <figsoda@pm.me>
Date: Tue, 28 Nov 2023 14:21:05 -0500
Subject: [PATCH 32/76] inlyne: 0.3.1 -> 0.3.2

Diff: https://github.com/trimental/inlyne/compare/v0.3.1...v0.3.2

Changelog: https://github.com/trimental/inlyne/releases/tag/v0.3.2
(cherry picked from commit 083d4ff4c3d66a0859727f6a4a92ec45715e15f3)
---
 pkgs/applications/misc/inlyne/default.nix | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/pkgs/applications/misc/inlyne/default.nix b/pkgs/applications/misc/inlyne/default.nix
index 5cecae9db664d..01ce66abc7fb4 100644
--- a/pkgs/applications/misc/inlyne/default.nix
+++ b/pkgs/applications/misc/inlyne/default.nix
@@ -13,16 +13,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "inlyne";
-  version = "0.3.1";
+  version = "0.3.2";
 
   src = fetchFromGitHub {
     owner = "trimental";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-B+H3G4jVysqrzWIP+1hktSGnycZLizxhmBCO/lYIr0I=";
+    hash = "sha256-DSi6iS1ySdvGf6FxZpsDOAFpAKx/APcZjxA3Qy0gQBU=";
   };
 
-  cargoHash = "sha256-LFL2DVKu/UM7effikZN/IhSD6DrlwO+CF+S60PXULa0=";
+  cargoHash = "sha256-UzegSJGAOBUDN8WluN7fLWS7NfHhm9YY0Zuq6DCIqHo=";
 
   nativeBuildInputs = [
     installShellFiles
@@ -41,6 +41,12 @@ rustPlatform.buildRustPackage rec {
     darwin.apple_sdk_11_0.frameworks.AppKit
   ];
 
+  checkFlags = lib.optionals stdenv.isDarwin [
+    # time out on darwin
+    "--skip=interpreter::tests::centered_image_with_size_align_and_link"
+    "--skip=watcher::tests::the_gauntlet"
+  ];
+
   postInstall = ''
     installShellCompletion --cmd inlyne \
       --bash <($out/bin/inlyne --gen-completions bash) \

From 7a461e5d86e61ce59ab8d33084e406c3f0cb7db7 Mon Sep 17 00:00:00 2001
From: figsoda <figsoda@pm.me>
Date: Mon, 27 Nov 2023 16:00:03 -0500
Subject: [PATCH 33/76] argc: 1.12.0 -> 1.14.0

Diff: https://github.com/sigoden/argc/compare/v1.12.0...v1.14.0

Changelog: https://github.com/sigoden/argc/releases/tag/v1.14.0
(cherry picked from commit 10c6473b4071362496efa5ddc1ae8718d2d10614)
---
 pkgs/development/tools/argc/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/tools/argc/default.nix b/pkgs/development/tools/argc/default.nix
index b36331e8126f1..43e9076110d9a 100644
--- a/pkgs/development/tools/argc/default.nix
+++ b/pkgs/development/tools/argc/default.nix
@@ -6,16 +6,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "argc";
-  version = "1.12.0";
+  version = "1.14.0";
 
   src = fetchFromGitHub {
     owner = "sigoden";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-bF+NTiPrqWD1B/v44+XuxXotOPhUBCYyg6h+T/ydmGM=";
+    hash = "sha256-Li/K5/SLG6JuoRJDz2DQoj1Oi9LQgZWHNvtZ1HVbj88=";
   };
 
-  cargoHash = "sha256-T6NfjlHQhHwfcAnmr8R2WWXVKgMZZXFq6IvlvWOVACg=";
+  cargoHash = "sha256-D1T9FWTvwKtAYoqFlR2OmLRLGWhPJ9D8J7lq/QKcBoM=";
 
   nativeBuildInputs = [ installShellFiles ];
 

From 46e6f3d07742dccb5dd3ab055370d1d6af4f3032 Mon Sep 17 00:00:00 2001
From: Emily Trau <emily@downunderctf.com>
Date: Wed, 29 Nov 2023 14:09:07 +1100
Subject: [PATCH 34/76] rman: fix clang build

(cherry picked from commit eeb5eb2186b2b0e4ba6b65e068026b6b0a234fec)
---
 pkgs/development/tools/misc/rman/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkgs/development/tools/misc/rman/default.nix b/pkgs/development/tools/misc/rman/default.nix
index 99f3d8c13e744..c3c044fef0009 100644
--- a/pkgs/development/tools/misc/rman/default.nix
+++ b/pkgs/development/tools/misc/rman/default.nix
@@ -24,11 +24,14 @@ stdenv.mkDerivation rec {
 
   hardeningDisable = [ "format" ];
 
+  env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.cc.isClang "-Wno-error=incompatible-function-pointer-types";
+
   doCheck = false; # "check" target is probably meant to do "installcheck" or something
 
   meta = {
     description = "Parse formatted man pages and man page source from most flavors of UNIX and converts them to HTML, ASCII, TkMan, DocBook, and other formats";
     license = "artistic";
     platforms = lib.platforms.all;
+    mainProgram = "rman";
   };
 }

From cf81a9a1360521eb781b658918fa09da67e25ca7 Mon Sep 17 00:00:00 2001
From: Emily Trau <emily@downunderctf.com>
Date: Wed, 29 Nov 2023 14:06:08 +1100
Subject: [PATCH 35/76] rxp: fix clang build

(cherry picked from commit 54bd72c1d3f43aae39ff1534e955be47644a69a3)
---
 pkgs/tools/text/xml/rxp/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkgs/tools/text/xml/rxp/default.nix b/pkgs/tools/text/xml/rxp/default.nix
index 918a491ede38d..b45c89af1c03d 100644
--- a/pkgs/tools/text/xml/rxp/default.nix
+++ b/pkgs/tools/text/xml/rxp/default.nix
@@ -9,10 +9,13 @@ stdenv.mkDerivation rec {
     sha256 = "0y365r36wzj4xn1dzhb03spxljnrx8vwqbiwnnwz4630129gzpm6";
   };
 
+  env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.cc.isClang "-Wno-error=implicit-function-declaration -Wno-error=int-conversion";
+
   meta = {
     license = lib.licenses.gpl2Plus;
     description = "A validating XML parser written in C";
     homepage = "https://www.cogsci.ed.ac.uk/~richard/rxp.html";
     platforms = lib.platforms.unix;
+    mainProgram = "rxp";
   };
 }

From 31f6156e76c318fa5f693616fcd05637874f2296 Mon Sep 17 00:00:00 2001
From: Emily Trau <emily@downunderctf.com>
Date: Wed, 29 Nov 2023 14:01:05 +1100
Subject: [PATCH 36/76] rzip: fix clang build

(cherry picked from commit 45f4341f16cee78b9cf6dd292a57bb40052fd9f7)
---
 pkgs/tools/compression/rzip/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkgs/tools/compression/rzip/default.nix b/pkgs/tools/compression/rzip/default.nix
index 24f59d25a91f5..3d744dfa35fd7 100644
--- a/pkgs/tools/compression/rzip/default.nix
+++ b/pkgs/tools/compression/rzip/default.nix
@@ -18,6 +18,8 @@ stdenv.mkDerivation rec {
     })
   ];
 
+  env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.cc.isClang "-Wno-error=implicit-int";
+
   meta = with lib; {
     homepage = "https://rzip.samba.org/";
     description = "Compression program";

From 467acf8a506a7ffb7238f52df30f68648c7a24c6 Mon Sep 17 00:00:00 2001
From: Emily Trau <emily@downunderctf.com>
Date: Wed, 29 Nov 2023 13:12:56 +1100
Subject: [PATCH 37/76] buddy: fix clang build

(cherry picked from commit aca48610cc44c9849a447b1894d259dd6cfc23a3)
---
 pkgs/development/libraries/buddy/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkgs/development/libraries/buddy/default.nix b/pkgs/development/libraries/buddy/default.nix
index 47b61fe035104..eb9d146291d9b 100644
--- a/pkgs/development/libraries/buddy/default.nix
+++ b/pkgs/development/libraries/buddy/default.nix
@@ -12,6 +12,7 @@ stdenv.mkDerivation rec {
   buildInputs = [ bison ];
   patches = [ ./gcc-4.3.3-fixes.patch ];
   configureFlags = [ "CFLAGS=-O3" "CXXFLAGS=-O3" ];
+  env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.cc.isClang "-Wno-error=register";
   NIX_LDFLAGS = "-lm";
   doCheck = true;
 

From 064e9dae14313377859a62e789b20f9a20886c5a Mon Sep 17 00:00:00 2001
From: Emmanuel Rosa <emmanuelrosa@protonmail.com>
Date: Tue, 10 Oct 2023 11:50:46 -0400
Subject: [PATCH 38/76] bisq-desktop: 1.9.12 -> 1.9.14

(cherry picked from commit 09a4aa0e519a7e0eab98e664b4f16f85a28e9eed)
---
 .../blockchains/bisq-desktop/default.nix      | 30 ++++++++++---------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/pkgs/applications/blockchains/bisq-desktop/default.nix b/pkgs/applications/blockchains/bisq-desktop/default.nix
index 9560292e1b7ef..8e6881f0d7e85 100644
--- a/pkgs/applications/blockchains/bisq-desktop/default.nix
+++ b/pkgs/applications/blockchains/bisq-desktop/default.nix
@@ -13,6 +13,7 @@
 , tor
 , zip
 , xz
+, findutils
 }:
 
 let
@@ -24,7 +25,9 @@ let
     # whereas Nix only scans for hashes in uncompressed text.
     # ${bisq-tor}
 
-    JAVA_TOOL_OPTIONS="-XX:+UseG1GC -XX:MaxHeapFreeRatio=10 -XX:MinHeapFreeRatio=5 -XX:+UseStringDeduplication ${args}" bisq-desktop-wrapped "$@"
+    classpath=@out@/lib/desktop.jar:@out@/lib/*
+
+    exec "${openjdk11}/bin/java" -Djpackage.app-version=@version@ -XX:MaxRAM=8g -Xss1280k -XX:+UseG1GC -XX:MaxHeapFreeRatio=10 -XX:MinHeapFreeRatio=5 -XX:+UseStringDeduplication -Djava.net.preferIPv4Stack=true -classpath $classpath ${args} bisq.desktop.app.BisqAppMain "$@"
   '';
 
   bisq-tor = writeScript "bisq-tor" ''
@@ -35,11 +38,11 @@ let
 in
 stdenv.mkDerivation rec {
   pname = "bisq-desktop";
-  version = "1.9.12";
+  version = "1.9.14";
 
   src = fetchurl {
     url = "https://github.com/bisq-network/bisq/releases/download/v${version}/Bisq-64bit-${version}.deb";
-    sha256 = "0zzrl7dmd3m7pymwvl68gnjspbpzf1w17bcwr0ipgsszmr35k9rs";
+    sha256 = "0xbq94qbp59523xjp80bly38aisfwkfi0y9hmyhf8xlw084b82kz";
   };
 
   nativeBuildInputs = [
@@ -50,6 +53,7 @@ stdenv.mkDerivation rec {
     strip-nondeterminism
     xz
     zip
+    findutils
   ];
 
   desktopItems = [
@@ -83,24 +87,22 @@ stdenv.mkDerivation rec {
     mkdir -p native/linux/x64/
     cp ${bisq-tor} ./tor
     tar --sort=name --mtime="@$SOURCE_DATE_EPOCH" -cJf native/linux/x64/tor.tar.xz tor
-    zip -r opt/bisq/lib/app/desktop-${version}-all.jar native
-    strip-nondeterminism opt/bisq/lib/app/desktop-${version}-all.jar
+    tor_jar_file=$(find ./opt/bisq/lib/app -name "tor-binary-linux64-*.jar")
+    zip -r $tor_jar_file native
+    strip-nondeterminism ./opt/bisq/lib/app/*.jar
   '';
 
   installPhase = ''
     runHook preInstall
 
-    mkdir -p $out/lib $out/bin
-    cp opt/bisq/lib/app/desktop-${version}-all.jar $out/lib
-
-    makeWrapper ${openjdk11}/bin/java $out/bin/bisq-desktop-wrapped \
-      --add-flags "-jar $out/lib/desktop-${version}-all.jar bisq.desktop.app.BisqAppMain"
+    mkdir -p $out $out/bin
+    cp -r opt/bisq/lib/app $out/lib
 
-    makeWrapper ${bisq-launcher ""} $out/bin/bisq-desktop \
-      --prefix PATH : $out/bin
+    install -D -m 777 ${bisq-launcher ""} $out/bin/bisq-desktop
+    substituteAllInPlace $out/bin/bisq-desktop
 
-    makeWrapper ${bisq-launcher "-Dglass.gtk.uiScale=2.0"} $out/bin/bisq-desktop-hidpi \
-      --prefix PATH : $out/bin
+    install -D -m 777 ${bisq-launcher "-Dglass.gtk.uiScale=2.0"} $out/bin/bisq-desktop-hidpi
+    substituteAllInPlace $out/bin/bisq-desktop-hidpi
 
     for n in 16 24 32 48 64 96 128 256; do
       size=$n"x"$n

From a1df914ce697048fc68dfc1ae8af33ef59b075de Mon Sep 17 00:00:00 2001
From: chayleaf <chayleaf-git@pavluk.org>
Date: Tue, 21 Nov 2023 12:26:15 +0700
Subject: [PATCH 39/76] cutter: fix build; switch from qt5 to qt6

(cherry picked from commit e0a6355d722e9aebe7b0ba0685b17321564b7d9a)
---
 .../tools/analysis/rizin/cutter.nix           | 55 ++++++++++++++++---
 pkgs/top-level/all-packages.nix               |  2 +-
 2 files changed, 47 insertions(+), 10 deletions(-)

diff --git a/pkgs/development/tools/analysis/rizin/cutter.nix b/pkgs/development/tools/analysis/rizin/cutter.nix
index f274bff6cca7a..f20f77eca7a22 100644
--- a/pkgs/development/tools/analysis/rizin/cutter.nix
+++ b/pkgs/development/tools/analysis/rizin/cutter.nix
@@ -1,18 +1,26 @@
-{ fetchFromGitHub, lib, mkDerivation
+{ lib
+, fetchFromGitHub
+, fetchpatch
+, stdenv
 # for passthru.plugins
 , pkgs
 # nativeBuildInputs
-, qmake, pkg-config, cmake
+, cmake
+, pkg-config
+, wrapQtAppsHook
 # Qt
-, qtbase, qtsvg, qtwebengine, qttools
+, qt5compat
+, qtbase
+, qtsvg
+, qttools
+, qtwebengine
 # buildInputs
 , graphviz
-, rizin
 , python3
-, wrapQtAppsHook
+, rizin
 }:
 
-let cutter = mkDerivation rec {
+let cutter = stdenv.mkDerivation rec {
   pname = "cutter";
   version = "2.3.2";
 
@@ -24,15 +32,43 @@ let cutter = mkDerivation rec {
     fetchSubmodules = true;
   };
 
-  nativeBuildInputs = [ cmake qmake pkg-config python3 wrapQtAppsHook ];
-  propagatedBuildInputs = [ python3.pkgs.pyside2 ];
-  buildInputs = [ graphviz qtbase qttools qtsvg qtwebengine rizin python3 ];
+  patches = [
+    # tracking: https://github.com/rizinorg/cutter/pull/3268
+    (fetchpatch {
+      name = "cutter-simplify-python-binding-include-handling.patch";
+      url = "https://github.com/rizinorg/cutter/compare/7256fbb00e92ab12a24d14a92364db482ed295cb..ca5949d9d7c907185cf3d062d9fa71c34c5960d4.diff";
+      hash = "sha256-bqV2FTA8lMNpHBDXdenNx+1cLYa7MH47XKo1YatmLV4=";
+    })
+  ];
+
+  nativeBuildInputs = [
+    cmake
+    pkg-config
+    python3
+    wrapQtAppsHook
+  ];
+
+  propagatedBuildInputs = [
+    python3.pkgs.pyside6
+  ];
+
+  buildInputs = [
+    graphviz
+    python3
+    qt5compat
+    qtbase
+    qtsvg
+    qttools
+    qtwebengine
+    rizin
+  ];
 
   cmakeFlags = [
     "-DCUTTER_USE_BUNDLED_RIZIN=OFF"
     "-DCUTTER_ENABLE_PYTHON=ON"
     "-DCUTTER_ENABLE_PYTHON_BINDINGS=ON"
     "-DCUTTER_ENABLE_GRAPHVIZ=ON"
+    "-DCUTTER_QT6=ON"
   ];
 
   preBuild = ''
@@ -59,5 +95,6 @@ let cutter = mkDerivation rec {
     license = licenses.gpl3;
     mainProgram = "cutter";
     maintainers = with maintainers; [ mic92 dtzWill ];
+    inherit (rizin.meta) platforms;
   };
 }; in cutter
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 79e984e927dcf..789b59d3a97e7 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -19880,7 +19880,7 @@ with pkgs;
 
   rizinPlugins = recurseIntoAttrs rizin.plugins;
 
-  cutter = libsForQt5.callPackage ../development/tools/analysis/rizin/cutter.nix { };
+  cutter = qt6.callPackage ../development/tools/analysis/rizin/cutter.nix { };
 
   cutterPlugins = recurseIntoAttrs cutter.plugins;
 

From 79a61fc831665fd644345956b7e6c1416bdac1f7 Mon Sep 17 00:00:00 2001
From: chayleaf <chayleaf-git@pavluk.org>
Date: Tue, 21 Nov 2023 12:55:39 +0700
Subject: [PATCH 40/76] rz-ghidra: switch from qt5 to qt6

(cherry picked from commit fd2031b77c571d7d92839b76351fb6489f07f324)
---
 pkgs/development/tools/analysis/rizin/default.nix   | 2 +-
 pkgs/development/tools/analysis/rizin/rz-ghidra.nix | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/tools/analysis/rizin/default.nix b/pkgs/development/tools/analysis/rizin/default.nix
index d4bd1e84b112f..3112e438da051 100644
--- a/pkgs/development/tools/analysis/rizin/default.nix
+++ b/pkgs/development/tools/analysis/rizin/default.nix
@@ -109,7 +109,7 @@ let rizin = stdenv.mkDerivation rec {
       jsdec = pkgs.callPackage ./jsdec.nix {
         inherit rizin openssl;
       };
-      rz-ghidra = pkgs.libsForQt5.callPackage ./rz-ghidra.nix {
+      rz-ghidra = pkgs.qt6.callPackage ./rz-ghidra.nix {
         inherit rizin openssl;
         enableCutterPlugin = false;
       };
diff --git a/pkgs/development/tools/analysis/rizin/rz-ghidra.nix b/pkgs/development/tools/analysis/rizin/rz-ghidra.nix
index d349a33af8147..d2cb95f2d9628 100644
--- a/pkgs/development/tools/analysis/rizin/rz-ghidra.nix
+++ b/pkgs/development/tools/analysis/rizin/rz-ghidra.nix
@@ -10,6 +10,7 @@
 # optional buildInputs
 , enableCutterPlugin ? true
 , cutter
+, qt5compat
 , qtbase
 , qtsvg
 }:
@@ -40,6 +41,7 @@ stdenv.mkDerivation rec {
     rizin
   ] ++ lib.optionals enableCutterPlugin [
     cutter
+    qt5compat
     qtbase
     qtsvg
   ];
@@ -54,9 +56,12 @@ stdenv.mkDerivation rec {
   ];
 
   meta = with lib; {
+    # errors out with undefined symbols from Cutter
+    broken = enableCutterPlugin && stdenv.isDarwin;
     description = "Deep ghidra decompiler and sleigh disassembler integration for rizin";
     homepage = src.meta.homepage;
     license = licenses.lgpl3;
     maintainers = with maintainers; [ chayleaf ];
+    inherit (rizin.meta) platforms;
   };
 }

From 596a28bf4034bcaa8f097bebb2d783cca188f9fb Mon Sep 17 00:00:00 2001
From: Charlotte Van Petegem <charlotte@vanpetegem.me>
Date: Sat, 25 Nov 2023 12:29:06 +0100
Subject: [PATCH 41/76] uni: 2.5.1 -> 2.6.0

https://github.com/arp242/uni/releases/tag/v2.6.0
(cherry picked from commit 7694dd1fc0548c70d4bd2fbc334126416b44b539)
---
 pkgs/applications/misc/uni/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/applications/misc/uni/default.nix b/pkgs/applications/misc/uni/default.nix
index 5f7db6f85bf7a..72c4f84ba7334 100644
--- a/pkgs/applications/misc/uni/default.nix
+++ b/pkgs/applications/misc/uni/default.nix
@@ -5,16 +5,16 @@
 
 buildGoModule rec {
   pname = "uni";
-  version = "2.5.1";
+  version = "2.6.0";
 
   src = fetchFromGitHub {
     owner = "arp242";
     repo = "uni";
     rev = "refs/tags/v${version}";
-    hash = "sha256-kWiglMuJdcD7z2MDfz1MbItB8r9BJ7LUqfPfJa8QkLA=";
+    hash = "sha256-Ij/jUbXl3GkeNZmGJ82i++6VkOW46YFI9m83otY6M7Q=";
   };
 
-  vendorHash = "sha256-6HNFCUSJA6oduCx/SCUQQeCHGS7ohaWRunixdwMurBw=";
+  vendorHash = "sha256-88SSrGvZSs6Opi3IKSNNqptuOWMmtTQ4ZDR7ViuGugk=";
 
   ldflags = [
     "-s"

From 53e4d47072a8c439242a4ab3bf3587b3b41c67cb Mon Sep 17 00:00:00 2001
From: Mario Rodas <marsam@users.noreply.github.com>
Date: Tue, 28 Nov 2023 04:20:00 +0000
Subject: [PATCH 42/76] postgresqlPackages.timescaledb: 2.12.2 -> 2.13.0

Diff: https://github.com/timescale/timescaledb/compare/2.12.2...2.13.0

Changelog: https://github.com/timescale/timescaledb/blob/2.13.0/CHANGELOG.md
(cherry picked from commit 60f8cd13cc02b2d700fea5989575f08ee5225f64)
---
 pkgs/servers/sql/postgresql/ext/timescaledb.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/sql/postgresql/ext/timescaledb.nix b/pkgs/servers/sql/postgresql/ext/timescaledb.nix
index a567db9481215..307171adeb39e 100644
--- a/pkgs/servers/sql/postgresql/ext/timescaledb.nix
+++ b/pkgs/servers/sql/postgresql/ext/timescaledb.nix
@@ -2,7 +2,7 @@
 
 stdenv.mkDerivation rec {
   pname = "timescaledb${lib.optionalString (!enableUnfree) "-apache"}";
-  version = "2.12.2";
+  version = "2.13.0";
 
   nativeBuildInputs = [ cmake ];
   buildInputs = [ postgresql openssl libkrb5 ];
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
     owner = "timescale";
     repo = "timescaledb";
     rev = version;
-    hash = "sha256-bZHgkcCmkheTupVLOBZ5UsgIVyy7aIJoge+ot2SmMFg=";
+    hash = "sha256-ZF3VNiTfuxCMVMRv9fqBssXuikxKbwza6ib7IuXYjgA=";
   };
 
   cmakeFlags = [ "-DSEND_TELEMETRY_DEFAULT=OFF" "-DREGRESS_CHECKS=OFF" "-DTAP_CHECKS=OFF" ]

From 5ea10a41d73c495648a6e53509ee9f11c0f97675 Mon Sep 17 00:00:00 2001
From: Mario Rodas <marsam@users.noreply.github.com>
Date: Tue, 28 Nov 2023 04:20:00 +0000
Subject: [PATCH 43/76] postgresql12Packages.timescaledb: mark broken

(cherry picked from commit 358670d6ae680c4b5552681b051ca7f8444ea1f1)
---
 pkgs/servers/sql/postgresql/ext/timescaledb.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/servers/sql/postgresql/ext/timescaledb.nix b/pkgs/servers/sql/postgresql/ext/timescaledb.nix
index 307171adeb39e..dac2e77c0cf26 100644
--- a/pkgs/servers/sql/postgresql/ext/timescaledb.nix
+++ b/pkgs/servers/sql/postgresql/ext/timescaledb.nix
@@ -39,6 +39,6 @@ stdenv.mkDerivation rec {
     maintainers = with maintainers; [ marsam ];
     platforms = postgresql.meta.platforms;
     license = with licenses; if enableUnfree then tsl else asl20;
-    broken = versionOlder postgresql.version "12";
+    broken = versionOlder postgresql.version "13";
   };
 }

From 9e1f2c9baba6e5c4de288fddb723ea3fc7cfd097 Mon Sep 17 00:00:00 2001
From: annalee <150648636+a-n-n-a-l-e-e@users.noreply.github.com>
Date: Sun, 26 Nov 2023 12:40:39 +0000
Subject: [PATCH 44/76] libLAS: apply upstream patch to fix compile error

https://github.com/libLAS/libLAS/pull/151
(cherry picked from commit 4cd6f5a826e22c0e87919fc56dec8f83e3aa9533)
---
 pkgs/development/libraries/libLAS/default.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/pkgs/development/libraries/libLAS/default.nix b/pkgs/development/libraries/libLAS/default.nix
index 7f2c12a9dea2b..195f77d19231e 100644
--- a/pkgs/development/libraries/libLAS/default.nix
+++ b/pkgs/development/libraries/libLAS/default.nix
@@ -25,6 +25,13 @@ stdenv.mkDerivation rec {
       url = "https://github.com/libLAS/libLAS/commit/0d3b8d75f371a6b7c605bbe5293091cb64a7e2d3.patch";
       hash = "sha256-gtNIazR+l1h+Xef+4qQc7EVi+Nlht3F8CrwkINothtA=";
     })
+    # remove on update. fix compile error in apps/las2col.c
+    # https://github.com/libLAS/libLAS/pull/151
+    (fetchpatch {
+      name = "fflush-x2-is-not-an-fsync.patch";
+      url = "https://github.com/libLAS/libLAS/commit/e789d43df4500da0c12d2f6d3ac1d031ed835493.patch";
+      hash = "sha256-0zI0NvOt9C5BPrfAbgU1N1kj3rZFB7rf0KRj7yemyWI=";
+    })
   ];
 
   nativeBuildInputs = [ cmake ] ++ lib.optional stdenv.hostPlatform.isDarwin fixDarwinDylibNames;

From 9436c2971c3649da23155f897729396d223ca3d1 Mon Sep 17 00:00:00 2001
From: Pol Dellaiera <pol.dellaiera@protonmail.com>
Date: Wed, 29 Nov 2023 22:49:19 +0100
Subject: [PATCH 45/76] vscode-extensions.devsense.composer-php-vscode:
 1.36.13428 -> 1.41.14332

(cherry picked from commit 7f1a76173f5276fc44b6e3aaca2041eb49ddbec2)
---
 pkgs/applications/editors/vscode/extensions/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/applications/editors/vscode/extensions/default.nix b/pkgs/applications/editors/vscode/extensions/default.nix
index 5f3366ebc1fef..4beabd02b916b 100644
--- a/pkgs/applications/editors/vscode/extensions/default.nix
+++ b/pkgs/applications/editors/vscode/extensions/default.nix
@@ -969,15 +969,15 @@ let
         mktplcRef = {
           name = "composer-php-vscode";
           publisher = "devsense";
-          version = "1.36.13428";
-          sha256 = "sha256-dzRuD0XBWU+xUtr86eN8zbZ6bVIq1BP0/EqgQG4JbvY=";
+          version = "1.41.14332";
+          sha256 = "sha256-qRgncn6u40Igd40OZShRHXqdgjFqRLNb0hPirwc+DoU=";
         };
         meta = {
           changelog = "https://marketplace.visualstudio.com/items/DEVSENSE.composer-php-vscode/changelog";
           description = "A visual studio code extension for full development integration for Composer, the PHP package manager.";
           downloadPage = "https://marketplace.visualstudio.com/items?itemName=DEVSENSE.composer-php-vscode";
           homepage = "https://github.com/DEVSENSE/phptools-docs";
-          license = lib.licenses.asl20;
+          license = lib.licenses.unfree;
           maintainers = [ lib.maintainers.drupol ];
         };
       };

From 84861e2124f1fd5c6d8b590b67245cf4d8c21bb7 Mon Sep 17 00:00:00 2001
From: Pol Dellaiera <pol.dellaiera@protonmail.com>
Date: Wed, 29 Nov 2023 22:50:59 +0100
Subject: [PATCH 46/76] vscode-extensions.devsense.profiler-php-vscode:
 1.36.13428 -> 1.41.14332

(cherry picked from commit 898592c6937fd099e4943c96b990f96be98cbd89)
---
 pkgs/applications/editors/vscode/extensions/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/applications/editors/vscode/extensions/default.nix b/pkgs/applications/editors/vscode/extensions/default.nix
index 4beabd02b916b..d6e155cac5cc9 100644
--- a/pkgs/applications/editors/vscode/extensions/default.nix
+++ b/pkgs/applications/editors/vscode/extensions/default.nix
@@ -1036,15 +1036,15 @@ let
         mktplcRef = {
           name = "profiler-php-vscode";
           publisher = "devsense";
-          version = "1.36.13428";
-          sha256 = "sha256-/CT83LdQkEvsWrQX30bgnklgGKduYC0LqZ8gaexqu60=";
+          version = "1.41.14332";
+          sha256 = "sha256-u2lNqG6FUhWnnNGtv+sjTbP/hbu4Da/8xjLzmPZkZOA=";
         };
         meta = {
           changelog = "https://marketplace.visualstudio.com/items/DEVSENSE.profiler-php-vscode/changelog";
           description = "A visual studio code extension for PHP and XDebug profiling and inspecting.";
           downloadPage = "https://marketplace.visualstudio.com/items?itemName=DEVSENSE.profiler-php-vscode";
           homepage = "https://github.com/DEVSENSE/phptools-docs";
-          license = lib.licenses.asl20;
+          license = lib.licenses.unfree;
           maintainers = [ lib.maintainers.drupol ];
         };
       };

From 0e06eea466813e5ad1d728c26bbdfeeef7f977d2 Mon Sep 17 00:00:00 2001
From: Pol Dellaiera <pol.dellaiera@protonmail.com>
Date: Wed, 29 Nov 2023 22:51:45 +0100
Subject: [PATCH 47/76] vscode-extensions.devsense.phptools-vscode: 1.36.13428
 -> 1.41.14332

(cherry picked from commit 50f8513e1f2bd45154b120a2ac9fc121dd66245d)
---
 .../editors/vscode/extensions/default.nix            | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/pkgs/applications/editors/vscode/extensions/default.nix b/pkgs/applications/editors/vscode/extensions/default.nix
index d6e155cac5cc9..9086d1dc13e82 100644
--- a/pkgs/applications/editors/vscode/extensions/default.nix
+++ b/pkgs/applications/editors/vscode/extensions/default.nix
@@ -987,25 +987,25 @@ let
           sources = {
             "x86_64-linux" = {
               arch = "linux-x64";
-              sha256 = "sha256-x4Vsr/79vZuNPGQqwOVdIMi2Ba9DfnKM1AjxCZbzJms=";
+              sha256 = "sha256-8i5nRlzd+LnpEh9trWECxfiC1W4S0ekBab5vo18OlsA=";
             };
             "x86_64-darwin" = {
               arch = "darwin-x64";
-              sha256 = "0c9jcjavkjiv92cd4wrvgcv70igghi5ha96hg7h63cgmxg7b87gk";
+              sha256 = "14crw56277rdwhigabb3nsndkfcs3yzzf7gw85jvryxviq32chgy";
             };
             "aarch64-linux" = {
               arch = "linux-arm64";
-              sha256 = "0b3w3ssxymf9p1h4amnqimbsjf1wpxsi55b05wgqwh2w2zfxd91l";
+              sha256 = "1j1xlvbg3nrfmdd9zm6kywwicdwdkrq0si86lcndaii8m7sj5pfp";
             };
             "aarch64-darwin" = {
               arch = "darwin-arm64";
-              sha256 = "0mdqa9w1p6cmli6976v4wi0sw9r4p5prkj7lzfd1877wk11c9c73";
+              sha256 = "0nlks6iqxkx1xlicsa8lrb1319rgznlxkv2gg7wkwgzph97ik8bi";
             };
           };
         in {
           name = "phptools-vscode";
           publisher = "devsense";
-          version = "1.36.13428";
+          version = "1.41.14332";
         } // sources.${stdenv.system};
 
         nativeBuildInputs = [
@@ -1026,7 +1026,7 @@ let
           description = "A visual studio code extension for full development integration for the PHP language.";
           downloadPage = "https://marketplace.visualstudio.com/items?itemName=DEVSENSE.phptools-vscode";
           homepage = "https://github.com/DEVSENSE/phptools-docs";
-          license = lib.licenses.asl20;
+          license = lib.licenses.unfree;
           maintainers = [ lib.maintainers.drupol ];
           platforms = [ "x86_64-linux" "x86_64-darwin" "aarch64-darwin" "aarch64-linux" ];
         };

From ffa6a5bcd8dc133afd92a9555f304c991ce0d80f Mon Sep 17 00:00:00 2001
From: Sean Buckley <sean.bck@gmail.com>
Date: Wed, 29 Nov 2023 14:00:34 -0500
Subject: [PATCH 48/76] brave: 1.60.118 -> 1.60.125

https://community.brave.com/t/release-channel-1-60-125/518691
(cherry picked from commit 0295c486fa854220ee2bc019bb03e389483ea941)
---
 pkgs/applications/networking/browsers/brave/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/networking/browsers/brave/default.nix b/pkgs/applications/networking/browsers/brave/default.nix
index d51f3816ef754..9f192ec4f16d6 100644
--- a/pkgs/applications/networking/browsers/brave/default.nix
+++ b/pkgs/applications/networking/browsers/brave/default.nix
@@ -92,11 +92,11 @@ in
 
 stdenv.mkDerivation rec {
   pname = "brave";
-  version = "1.60.118";
+  version = "1.60.125";
 
   src = fetchurl {
     url = "https://github.com/brave/brave-browser/releases/download/v${version}/brave-browser_${version}_amd64.deb";
-    sha256 = "sha256-Lo9F7z8gJJRId7LBfVTj18C65swDr8C7Mt1gNmXoSoY=";
+    hash = "sha256-ZctJBLEpaOzRK8BppMK7aT0kx00e7zXO+y8U38CCxKo=";
   };
 
   dontConfigure = true;

From 146cfe4d132bdf2de9388950759afd945bfe93c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= <nix@dotlambda.de>
Date: Wed, 29 Nov 2023 11:34:12 -0800
Subject: [PATCH 49/76] python311Packages.keyrings-passwordstore: mark broken

(cherry picked from commit 0e1c8f57a20c269ff65914b2e0c106ada8a617c1)
---
 .../python-modules/keyrings-passwordstore/default.nix            | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkgs/development/python-modules/keyrings-passwordstore/default.nix b/pkgs/development/python-modules/keyrings-passwordstore/default.nix
index f7f5cf0aef2ce..db8d934c93004 100644
--- a/pkgs/development/python-modules/keyrings-passwordstore/default.nix
+++ b/pkgs/development/python-modules/keyrings-passwordstore/default.nix
@@ -34,5 +34,6 @@ buildPythonPackage rec {
     description = "Keyring backend for password-store";
     homepage = "https://github.com/stv0g/keyrings.passwordstore";
     maintainers = [ lib.maintainers.shlevy ];
+    broken = true; # https://github.com/stv0g/keyrings.passwordstore/issues/2
   };
 }

From a231bbc4e0b5d04b859d803ea79b17b2679396fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= <nix@dotlambda.de>
Date: Wed, 29 Nov 2023 11:42:47 -0800
Subject: [PATCH 50/76] 
 python311Packages.keyrings-google-artifactregistry-auth: 1.1.1 -> 1.1.2

Changelog: https://github.com/GoogleCloudPlatform/artifact-registry-python-tools/blob/main/HISTORY.md
(cherry picked from commit 50188c47ae98c9f2c5c25642fcc9b40fd559a7a2)
---
 .../default.nix                                      | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/python-modules/keyrings-google-artifactregistry-auth/default.nix b/pkgs/development/python-modules/keyrings-google-artifactregistry-auth/default.nix
index 82938b33f27aa..b9204cbdabe77 100644
--- a/pkgs/development/python-modules/keyrings-google-artifactregistry-auth/default.nix
+++ b/pkgs/development/python-modules/keyrings-google-artifactregistry-auth/default.nix
@@ -4,6 +4,7 @@
 , google-auth
 , keyring
 , pluggy
+, pythonOlder
 , requests
 , setuptools-scm
 , toml
@@ -11,11 +12,15 @@
 
 buildPythonPackage rec {
   pname = "keyrings.google-artifactregistry-auth";
-  version = "1.1.1";
+  version = "1.1.2";
+
+  disabled = pythonOlder "3.6";
+
+  pyproject = true;
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-vrA3+/awws4R2BAxn9wYDKuIZdqioWsQnDr3MYL/5E0=";
+    hash = "sha256-vWq7cnQNLf60pcA8OxBcb326FpyqKd7jlZaU8fAsd94=";
   };
 
   buildInputs = [
@@ -34,8 +39,11 @@ buildPythonPackage rec {
     "keyrings.gauth"
   ];
 
+  # upstream has no tests
+  doCheck = false;
 
   meta = with lib; {
+    changelog = "https://github.com/GoogleCloudPlatform/artifact-registry-python-tools/blob/main/HISTORY.md";
     description = "Python package which allows you to configure keyring to interact with Python repositories stored in Artifact Registry";
     homepage = "https://pypi.org/project/keyrings.google-artifactregistry-auth";
     license = licenses.asl20;

From 0f2e12b5da32031adeea7b1c0102f125cca2d82b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= <bjorn.forsman@gmail.com>
Date: Thu, 23 Nov 2023 20:43:43 +0100
Subject: [PATCH 51/76] ddclient: 3.11.1 -> 3.11.2

Changelog: https://github.com/ddclient/ddclient/blob/4a1b06630b90b3e6ff1d837b849bdbc68a2f53f9/ChangeLog.md#2023-11-23-v3112
(cherry picked from commit 1aafac5ceb5ce7b2a6f981c510da5ec5c7e21449)
---
 pkgs/tools/networking/ddclient/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/networking/ddclient/default.nix b/pkgs/tools/networking/ddclient/default.nix
index 53401cf4acf3e..ec84c7c526cb6 100644
--- a/pkgs/tools/networking/ddclient/default.nix
+++ b/pkgs/tools/networking/ddclient/default.nix
@@ -5,7 +5,7 @@ let
 in
 perlPackages.buildPerlPackage rec {
   pname = "ddclient";
-  version = "3.11.1";
+  version = "3.11.2";
 
   outputs = [ "out" ];
 
@@ -13,7 +13,7 @@ perlPackages.buildPerlPackage rec {
     owner = "ddclient";
     repo = "ddclient";
     rev = "v${version}";
-    sha256 = "sha256-OM+JW3HP0llzyJNqmP5PLZ30TOvC2nA1bWwOspTbZZM=";
+    sha256 = "sha256-d1G+AM28nBpMWh1QBjm78KKeOL5b5arxERYRCXohwBg=";
   };
 
   postPatch = ''

From e0f33fdbea47d0b2f694acc8d0400f3c4fd95d6d Mon Sep 17 00:00:00 2001
From: emilylange <git@emilylange.de>
Date: Wed, 29 Nov 2023 22:51:35 +0100
Subject: [PATCH 52/76] nixos/jitsi-meet: fix `cfg.caddy.enable`

This fixes the following error:

```
error: failed processing files:
        FailedJobs(
        "static/404.html": Permission denied (os error 13) at path "/build/static/.tmpRMzDXu"
)
```

(cherry picked from commit 3e5dc7174ede2897c5da25bb7863b2df52400a0c)
---
 nixos/modules/services/web-apps/jitsi-meet.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/web-apps/jitsi-meet.nix b/nixos/modules/services/web-apps/jitsi-meet.nix
index c0f9d785eea21..0c0eb66e65b7c 100644
--- a/nixos/modules/services/web-apps/jitsi-meet.nix
+++ b/nixos/modules/services/web-apps/jitsi-meet.nix
@@ -479,7 +479,7 @@ in
         extraConfig =
         let
           templatedJitsiMeet = pkgs.runCommand "templated-jitsi-meet" { } ''
-            cp -R ${pkgs.jitsi-meet}/* .
+            cp -R --no-preserve=all ${pkgs.jitsi-meet}/* .
             for file in *.html **/*.html ; do
               ${pkgs.sd}/bin/sd '<!--#include virtual="(.*)" -->' '{{ include "$1" }}' $file
             done

From d31e4e801641afaa5105fcd044d638a2b8ac546f Mon Sep 17 00:00:00 2001
From: emilylange <git@emilylange.de>
Date: Wed, 29 Nov 2023 22:53:32 +0100
Subject: [PATCH 53/76] nixosTests.jitsi-meet: test `cfg.caddy.enable`

(cherry picked from commit a55f535146ccf13ab031a39f9e8298d6ff473960)
---
 nixos/tests/jitsi-meet.nix | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/nixos/tests/jitsi-meet.nix b/nixos/tests/jitsi-meet.nix
index c39cd19e1f0a7..fc6654f2c076c 100644
--- a/nixos/tests/jitsi-meet.nix
+++ b/nixos/tests/jitsi-meet.nix
@@ -24,10 +24,23 @@ import ./make-test-python.nix ({ pkgs, ... }: {
       security.acme.acceptTerms = true;
       security.acme.defaults.email = "me@example.org";
       security.acme.defaults.server = "https://example.com"; # self-signed only
+
+      specialisation.caddy = {
+        inheritParentConfig = true;
+        configuration = {
+          services.jitsi-meet = {
+            caddy.enable = true;
+            nginx.enable = false;
+          };
+          services.caddy.virtualHosts.${config.services.jitsi-meet.hostName}.extraConfig = ''
+            tls internal
+          '';
+        };
+      };
     };
   };
 
-  testScript = ''
+  testScript = { nodes, ... }: ''
     server.wait_for_unit("jitsi-videobridge2.service")
     server.wait_for_unit("jicofo.service")
     server.wait_for_unit("nginx.service")
@@ -41,6 +54,15 @@ import ./make-test-python.nix ({ pkgs, ... }: {
     )
 
     client.wait_for_unit("network.target")
-    assert "<title>Jitsi Meet</title>" in client.succeed("curl -sSfkL http://server/")
+
+    def client_curl():
+        assert "<title>Jitsi Meet</title>" in client.succeed("curl -sSfkL http://server/")
+
+    client_curl()
+
+    with subtest("Testing backup service"):
+        server.succeed("${nodes.server.system.build.toplevel}/specialisation/caddy/bin/switch-to-configuration test")
+        server.wait_for_unit("caddy.service")
+        client_curl()
   '';
 })

From 3e58f8559f2f863c328d0be757d7a7da3a342d75 Mon Sep 17 00:00:00 2001
From: Randy Eckenrode <randy@largeandhighquality.com>
Date: Wed, 15 Nov 2023 19:02:46 -0500
Subject: [PATCH 54/76] =?UTF-8?q?gcc6:=20don=E2=80=99t=20link=20libstdc++?=
 =?UTF-8?q?=20to=20CoreFoundation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Using flat namespaces causes libstdc++ to link CoreFoundation, but
that fails after #265102. Since CoreFoundation is not actually needed,
disable flat namespaces to avoid linking it unnecessarily.

Disabling flat namespaces matches the behavior of newer versions of
libstdc++ (GCC 7+) when building for newer Darwin hosts (10.5+).

(cherry picked from commit 647b2dbf6292353b80ba2014084215841d473dfd)
---
 .../6/libstdc++-disable-flat_namespace.patch  | 26 +++++++++++++++++++
 .../compilers/gcc/patches/default.nix         |  3 +++
 2 files changed, 29 insertions(+)
 create mode 100644 pkgs/development/compilers/gcc/patches/6/libstdc++-disable-flat_namespace.patch

diff --git a/pkgs/development/compilers/gcc/patches/6/libstdc++-disable-flat_namespace.patch b/pkgs/development/compilers/gcc/patches/6/libstdc++-disable-flat_namespace.patch
new file mode 100644
index 0000000000000..571644410def0
--- /dev/null
+++ b/pkgs/development/compilers/gcc/patches/6/libstdc++-disable-flat_namespace.patch
@@ -0,0 +1,26 @@
+Backported from GCC 7.
+
+diff --git a/libstdc++-v3/configure.host b/libstdc++-v3/configure.host
+index 304a7f5aff6..d1a189d93d0 100644
+--- a/libstdc++-v3/configure.host
++++ b/libstdc++-v3/configure.host
+@@ -234,7 +234,7 @@ case "${host_os}" in
+     os_include_dir="os/newlib"
+     OPT_LDFLAGS="${OPT_LDFLAGS} \$(lt_host_flags)"
+     ;;
+-  darwin | darwin[1-7] | darwin[1-7].*)
++  darwin[1-7] | darwin[1-7].*)
+     # On Darwin, performance is improved if libstdc++ is single-module.
+     # Up to at least 10.3.7, -flat_namespace is required for proper
+     # treatment of coalesced symbols.
+@@ -252,6 +252,10 @@ case "${host_os}" in
+     esac
+     os_include_dir="os/bsd/darwin"
+     ;;
++  darwin*)
++    # Post Darwin8, defaults should be sufficient.
++    os_include_dir="os/bsd/darwin"
++    ;;
+   *djgpp*)      # leading * picks up "msdosdjgpp"
+     os_include_dir="os/djgpp"
+     error_constants_dir="os/djgpp"
diff --git a/pkgs/development/compilers/gcc/patches/default.nix b/pkgs/development/compilers/gcc/patches/default.nix
index c4b0dbf91b665..9eda241f6d3ac 100644
--- a/pkgs/development/compilers/gcc/patches/default.nix
+++ b/pkgs/development/compilers/gcc/patches/default.nix
@@ -259,6 +259,9 @@ in
 # This patch can be dropped should darwin.cctools-llvm ever implement support.
 ++ optional (!atLeast7 && hostPlatform.isDarwin && lib.versionAtLeast (lib.getVersion stdenv.cc) "12") ./4.9/darwin-clang-as.patch
 
+# Building libstdc++ with flat namespaces results in trying to link CoreFoundation, which
+# defaults to the impure, system location and causes the build to fail.
+++ optional (is6 && hostPlatform.isDarwin) ./6/libstdc++-disable-flat_namespace.patch
 
 ## gcc 4.9 and older ##############################################################################
 

From 665a6d12489d198580b87a627206e3875691f695 Mon Sep 17 00:00:00 2001
From: Emily Trau <emily@downunderctf.com>
Date: Wed, 29 Nov 2023 16:54:59 +1100
Subject: [PATCH 55/76] python3Packages.importlab: fix darwin support

(cherry picked from commit 21ef6dd691f58af0a583eeced805a0ddcb5e00a4)
---
 pkgs/development/python-modules/importlab/default.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/python-modules/importlab/default.nix b/pkgs/development/python-modules/importlab/default.nix
index 5b572e50f1cb0..bcbe23ec66aaa 100644
--- a/pkgs/development/python-modules/importlab/default.nix
+++ b/pkgs/development/python-modules/importlab/default.nix
@@ -23,10 +23,12 @@ buildPythonPackage {
 
   disabledTestPaths = [ "tests/test_parsepy.py" ];
 
+  # Test fails on darwin filesystem
+  disabledTests = [ "testIsDir" ];
+
   pythonImportsCheck = [ "importlab" ];
 
   meta = with lib; {
-    broken = stdenv.isDarwin;
     description = "A library that automatically infers dependencies for Python files";
     homepage = "https://github.com/google/importlab";
     license = licenses.mit;

From c1adec7450864a617bbffef713df14879149a0bc Mon Sep 17 00:00:00 2001
From: Vincent Laporte <Vincent.Laporte@gmail.com>
Date: Tue, 28 Nov 2023 05:40:13 +0100
Subject: [PATCH 56/76] =?UTF-8?q?coqPackages.gaia:=201.15=20=E2=86=92=201.?=
 =?UTF-8?q?17?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

(cherry picked from commit 8736064acbc9adde19c43637b75aaadabdee1b1c)
---
 pkgs/development/coq-modules/gaia/default.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/coq-modules/gaia/default.nix b/pkgs/development/coq-modules/gaia/default.nix
index a2994dcc9b347..715f5ec3d3644 100644
--- a/pkgs/development/coq-modules/gaia/default.nix
+++ b/pkgs/development/coq-modules/gaia/default.nix
@@ -8,11 +8,12 @@ mkCoqDerivation {
   release."1.13".sha256 = "sha256:0i8ix2rbw10v34bi0yrx0z89ng96ydqbxm8rv2rnfgy4d1b27x6q";
   release."1.14".sha256 = "sha256-wgeQC0fIN3PSmRY1K6/KTy+rJmqqxdo3Bhsz1vjVAes=";
   release."1.15".sha256 = "sha256:04zchnkvaq2mzpcilpspn5l947689gj3m0w20m0nd7w4drvlahnw";
+  release."1.17".sha256 = "sha256-2VzdopXgKS/wC5Rd1/Zlr12J5bSIGINFjG1nrMjDrGE=";
   releaseRev = (v: "v${v}");
 
   inherit version;
   defaultVersion = with lib.versions; lib.switch [ coq.version mathcomp.version ] [
-    { cases = [ (range "8.10" "8.16") (isGe "1.12.0") ]; out = "1.15"; }
+    { cases = [ (range "8.10" "8.18") (range "1.12.0" "1.18.0") ]; out = "1.17"; }
     { cases = [ (range "8.10" "8.12") "1.11.0" ]; out = "1.11"; }
   ] null;
 

From db378310a12255e9c95d5fb86adfd79ef448b98e Mon Sep 17 00:00:00 2001
From: Vincent Laporte <Vincent.Laporte@gmail.com>
Date: Tue, 28 Nov 2023 06:54:31 +0100
Subject: [PATCH 57/76] =?UTF-8?q?coqPackages.{hydra-battles,gaia-hydras}:?=
 =?UTF-8?q?=200.6=20=E2=86=92=200.9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

(cherry picked from commit 56c2b1447afb40b3a1c90e66a6d954354738255d)
---
 pkgs/development/coq-modules/gaia-hydras/default.nix   | 3 ++-
 pkgs/development/coq-modules/hydra-battles/default.nix | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/coq-modules/gaia-hydras/default.nix b/pkgs/development/coq-modules/gaia-hydras/default.nix
index 4f9e7a12e0482..1e16adddf4958 100644
--- a/pkgs/development/coq-modules/gaia-hydras/default.nix
+++ b/pkgs/development/coq-modules/gaia-hydras/default.nix
@@ -7,11 +7,12 @@ mkCoqDerivation rec {
 
   release."0.5".sha256 = "121pcbn6v59l0c165ha9n00whbddpy11npx2y9cn7g879sfk2nqk";
   release."0.6".sha256 = "1dri4sisa7mhclf8w4kw7ixs5zxm8xyjr034r1377p96rdk3jj0j";
+  release."0.9".sha256 = "sha256-wlK+154owQD/03FB669KCjyQlL2YOXLCi0KLSo0DOwc=";
   releaseRev = (v: "v${v}");
 
   inherit version;
   defaultVersion = with lib.versions; lib.switch [coq.coq-version mathcomp.version] [
-    { cases = [ (range "8.14" "8.16") (isGe "1.12.0") ]; out = "0.6"; }
+    { cases = [ (range "8.13" "8.16") (isGe "1.12.0") ]; out = "0.9"; }
     { cases = [ (range "8.13" "8.14") (isGe "1.12.0") ]; out = "0.5"; }
   ] null;
 
diff --git a/pkgs/development/coq-modules/hydra-battles/default.nix b/pkgs/development/coq-modules/hydra-battles/default.nix
index 06798c5fcc291..4a6823dcf4203 100644
--- a/pkgs/development/coq-modules/hydra-battles/default.nix
+++ b/pkgs/development/coq-modules/hydra-battles/default.nix
@@ -7,11 +7,12 @@
   release."0.4".sha256 = "1f7pc4w3kir4c9p0fjx5l77401bx12y72nmqxrqs3qqd3iynvqlp";
   release."0.5".sha256 = "121pcbn6v59l0c165ha9n00whbddpy11npx2y9cn7g879sfk2nqk";
   release."0.6".sha256 = "1dri4sisa7mhclf8w4kw7ixs5zxm8xyjr034r1377p96rdk3jj0j";
+  release."0.9".sha256 = "sha256-wlK+154owQD/03FB669KCjyQlL2YOXLCi0KLSo0DOwc=";
   releaseRev = (v: "v${v}");
 
   inherit version;
   defaultVersion = with lib.versions; lib.switch coq.coq-version [
-    { case = range "8.13" "8.16"; out = "0.6"; }
+    { case = range "8.13" "8.16"; out = "0.9"; }
     { case = range "8.11" "8.12"; out = "0.4"; }
   ] null;
 

From 4e904fc78c01efc8122299a1aa7baea0418ee61a Mon Sep 17 00:00:00 2001
From: Dmitry Ivankov <boltzmannrain@gmail.com>
Date: Mon, 20 Nov 2023 02:34:49 +0100
Subject: [PATCH 58/76] bazel_5: fix CLang 16 Werror-s on darwin

Fixing `bazel_5` after #234710

Error example
https://hydra.nixos.org/build/241240612/nixlog/1
```
external/com_google_absl/absl/meta/type_traits.h:560:8: error: builtin __has_trivial_assign is deprecated; use __is_trivially_assignable instead [-Werror,-Wdeprecated-builtins]
      (__has_trivial_assign(ExtentsRemoved) || !kIsCopyOrMoveAssignable) &&
```

Similar to #269297, and remaining `bazel_4` is WIP for another PR

(cherry picked from commit 781538c5ed90dd702a6b976ef6d6235f85869ff3)
---
 .../build-managers/bazel/bazel_5/default.nix  |  4 +
 .../bazel/bazel_5/upb-clang16.patch           | 83 +++++++++++++++++++
 2 files changed, 87 insertions(+)
 create mode 100644 pkgs/development/tools/build-managers/bazel/bazel_5/upb-clang16.patch

diff --git a/pkgs/development/tools/build-managers/bazel/bazel_5/default.nix b/pkgs/development/tools/build-managers/bazel/bazel_5/default.nix
index 8382f9d4be352..e662c14fa399d 100644
--- a/pkgs/development/tools/build-managers/bazel/bazel_5/default.nix
+++ b/pkgs/development/tools/build-managers/bazel/bazel_5/default.nix
@@ -166,6 +166,8 @@ stdenv.mkDerivation rec {
   inherit src;
   inherit sourceRoot;
   patches = [
+    ./upb-clang16.patch
+
     # On Darwin, the last argument to gcc is coming up as an empty string. i.e: ''
     # This is breaking the build of any C target. This patch removes the last
     # argument if it's found to be an empty string.
@@ -364,6 +366,8 @@ stdenv.mkDerivation rec {
       # libcxx includes aren't added by libcxx hook
       # https://github.com/NixOS/nixpkgs/pull/41589
       export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -isystem ${lib.getDev libcxx}/include/c++/v1"
+      # for CLang 16 compatibility in external/{absl,upb} dependencies and in execlog
+      export NIX_CFLAGS_COMPILE+=" -Wno-deprecated-builtins -Wno-gnu-offsetof-extensions -Wno-implicit-function-declaration"
 
       # don't use system installed Xcode to run clang, use Nix clang instead
       sed -i -E "s;/usr/bin/xcrun (--sdk macosx )?clang;${stdenv.cc}/bin/clang $NIX_CFLAGS_COMPILE $(bazelLinkFlags) -framework CoreFoundation;g" \
diff --git a/pkgs/development/tools/build-managers/bazel/bazel_5/upb-clang16.patch b/pkgs/development/tools/build-managers/bazel/bazel_5/upb-clang16.patch
new file mode 100644
index 0000000000000..6280082e52a51
--- /dev/null
+++ b/pkgs/development/tools/build-managers/bazel/bazel_5/upb-clang16.patch
@@ -0,0 +1,83 @@
+diff --git a/distdir_deps.bzl b/distdir_deps.bzl
+index 9068f50537..b3f45e8653 100644
+--- a/distdir_deps.bzl
++++ b/distdir_deps.bzl
+@@ -110,6 +110,8 @@ DIST_DEPS = {
+     "protocolbuffers": {
+         "archive": "2de300726a1ba2de9a468468dc5ff9ed17a3215f.tar.gz",
+         "sha256": "6a5f67874af66b239b709c572ac1a5a00fdb1b29beaf13c3e6f79b1ba10dc7c4",
++        "patches": ["//:upb-clang16.patch"],
++        "patch_args": ["-p1"],
+         "urls": [
+             "https://mirror.bazel.build/github.com/protocolbuffers/upb/archive/2de300726a1ba2de9a468468dc5ff9ed17a3215f.tar.gz",
+             "https://github.com/protocolbuffers/upb/archive/2de300726a1ba2de9a468468dc5ff9ed17a3215f.tar.gz",
+@@ -131,6 +133,7 @@ DIST_DEPS = {
+         "patches": [
+             "//third_party/grpc:grpc_1.41.0.patch",
+             "//third_party/grpc:grpc_1.41.0.win_arm64.patch",
++            "//:grpc-upb-clang16.patch",
+         ],
+         "used_in": [
+             "additional_distfiles",
+diff --git a/grpc-upb-clang16.patch b/grpc-upb-clang16.patch
+new file mode 100644
+index 0000000000..69194099db
+--- /dev/null
++++ b/grpc-upb-clang16.patch
+@@ -0,0 +1,13 @@
++diff -r -u a/bazel/grpc_deps.bzl b/bazel/grpc_deps.bzl
++--- a/bazel/grpc_deps.bzl
+++++ b/bazel/grpc_deps.bzl
++@@ -340,6 +340,8 @@
++             name = "upb",
++             sha256 = "6a5f67874af66b239b709c572ac1a5a00fdb1b29beaf13c3e6f79b1ba10dc7c4",
++             strip_prefix = "upb-2de300726a1ba2de9a468468dc5ff9ed17a3215f",
+++            patches = ["//:upb-clang16.patch"],
+++            patch_args = ["-p1"],
++             urls = [
++                 "https://storage.googleapis.com/grpc-bazel-mirror/github.com/protocolbuffers/upb/archive/2de300726a1ba2de9a468468dc5ff9ed17a3215f.tar.gz",
++                 "https://github.com/protocolbuffers/upb/archive/2de300726a1ba2de9a468468dc5ff9ed17a3215f.tar.gz",
++
++diff -r -u a/third_party/upb/bazel/build_defs.bzl b/third_party/upb/bazel/build_defs.bzl
++--- a/third_party/upb/bazel/build_defs.bzl	2021-09-25 04:33:41.000000000 +0200
+++++ b/third_party/upb/bazel/build_defs.bzl	2023-11-22 22:27:39.421459688 +0100
++@@ -34,6 +34,7 @@
++         "-Wextra",
++         # "-Wshorten-64-to-32",  # not in GCC (and my Kokoro images doesn't have Clang)
++         "-Werror",
+++        "-Wno-gnu-offsetof-extensions",
++         "-Wno-long-long",
++         # copybara:strip_end
++     ],
++@@ -48,6 +49,7 @@
++         "-pedantic",
++         "-Werror=pedantic",
++         "-Wall",
+++        "-Wno-gnu-offsetof-extensions",
++         "-Wstrict-prototypes",
++         # GCC (at least) emits spurious warnings for this that cannot be fixed
++         # without introducing redundant initialization (with runtime cost):
+diff --git a/upb-clang16.patch b/upb-clang16.patch
+new file mode 100644
+index 0000000000..f81855181f
+--- /dev/null
++++ upb-clang16.patch
+@@ -0,0 +1,18 @@
++--- a/bazel/build_defs.bzl
+++++ b/bazel/build_defs.bzl
++@@ -34,6 +34,7 @@
++         "-Wextra",
++         # "-Wshorten-64-to-32",  # not in GCC (and my Kokoro images doesn't have Clang)
++         "-Werror",
+++        "-Wno-gnu-offsetof-extensions",
++         "-Wno-long-long",
++         # copybara:strip_end
++     ],
++@@ -48,6 +49,7 @@
++         "-pedantic",
++         "-Werror=pedantic",
++         "-Wall",
+++        "-Wno-gnu-offsetof-extensions",
++         "-Wstrict-prototypes",
++         # GCC (at least) emits spurious warnings for this that cannot be fixed
++         # without introducing redundant initialization (with runtime cost):

From 1970789c11eaf2e6c31769db05eed93e4f331845 Mon Sep 17 00:00:00 2001
From: Yaroslav Bolyukin <iam@lach.pw>
Date: Sat, 25 Nov 2023 14:14:49 +0100
Subject: [PATCH 59/76] heatshrink: add cmake build script

Wanted by prusa-slicer and libbgcode

(cherry picked from commit fa36136ceed0e2c58e0c9e21492a7e60c3a64470)
---
 pkgs/tools/compression/heatshrink/default.nix | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/pkgs/tools/compression/heatshrink/default.nix b/pkgs/tools/compression/heatshrink/default.nix
index 49ef7354cbc91..b5cfb92247afa 100644
--- a/pkgs/tools/compression/heatshrink/default.nix
+++ b/pkgs/tools/compression/heatshrink/default.nix
@@ -1,6 +1,8 @@
 { lib
 , stdenv
 , fetchFromGitHub
+, cmake
+, fetchpatch
 }:
 
 stdenv.mkDerivation rec {
@@ -14,14 +16,17 @@ stdenv.mkDerivation rec {
     hash = "sha256-Nm9/+JFMDXY1N90hmNFGh755V2sXSRQ4VBN9f8TcsGk=";
   };
 
-  makeFlags = [ "PREFIX=$(out)" ];
+  patches = [
+    # Add CMake build script, wanted by prusa-slicer and libbgcode, which are the only users of this library.
+    (fetchpatch {
+      url = "https://github.com/atomicobject/heatshrink/commit/0886e9ca76552b8e325841e2b820b4563e5d5aba.patch";
+      hash = "sha256-13hy4+/RDaaKgQcdaSbACvMfElUIskvJ+owXqm40feY=";
+    })
+  ];
 
-  preInstall = ''
-    mkdir -p $out/{bin,lib,include}
-  '';
-
-  doCheck = true;
-  checkTarget = "test";
+  nativeBuildInputs = [
+    cmake
+  ];
 
   doInstallCheck = true;
   installCheckPhase = ''

From d965d84502f910d8f8f94b15ebf373621d4a57bc Mon Sep 17 00:00:00 2001
From: Yaroslav Bolyukin <iam@lach.pw>
Date: Sat, 25 Nov 2023 01:34:15 +0100
Subject: [PATCH 60/76] libbgcode: init at 2023-11-16

(cherry picked from commit 33b855390864c109120a3f525c31a88f5f67c8cc)
---
 pkgs/by-name/li/libbgcode/package.nix | 40 +++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 pkgs/by-name/li/libbgcode/package.nix

diff --git a/pkgs/by-name/li/libbgcode/package.nix b/pkgs/by-name/li/libbgcode/package.nix
new file mode 100644
index 0000000000000..e4dd6099bc9de
--- /dev/null
+++ b/pkgs/by-name/li/libbgcode/package.nix
@@ -0,0 +1,40 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, cmake
+, pkg-config
+, heatshrink
+, zlib
+, boost
+, catch2
+}:
+stdenv.mkDerivation {
+  pname = "libbgcode";
+  version = "2023-11-16";
+
+  src = fetchFromGitHub {
+    owner = "prusa3d";
+    repo = "libbgcode";
+    rev = "bc390aab4427589a6402b4c7f65cf4d0a8f987ec";
+    hash = "sha256-TZShYeDAh+fNdmTr1Xqctji9f0vEGpNZv1ba/IY5EoY=";
+  };
+
+  nativeBuildInputs = [
+    cmake
+    pkg-config
+  ];
+
+  buildInputs = [
+    heatshrink
+    zlib
+    boost
+    catch2
+  ];
+
+  meta = with lib; {
+    homepage = "https://github.com/prusa3d/libbgcode";
+    description = "Prusa Block & Binary G-code reader / writer / converter";
+    license = licenses.agpl3Only;
+    maintainers = with maintainers; [ lach ];
+  };
+}

From a0145e7fa8e5c207d17b4fae872c2fc5d26e1c05 Mon Sep 17 00:00:00 2001
From: Yaroslav Bolyukin <iam@lach.pw>
Date: Sat, 25 Nov 2023 01:34:59 +0100
Subject: [PATCH 61/76] prusa-slicer: 2.6.1 -> 2.7.0

(cherry picked from commit a9c11e323a474597c18f4fcef66919c3f54a1e3e)
---
 .../misc/prusa-slicer/default.nix             | 30 +++++++++----------
 1 file changed, 14 insertions(+), 16 deletions(-)

diff --git a/pkgs/applications/misc/prusa-slicer/default.nix b/pkgs/applications/misc/prusa-slicer/default.nix
index 0c9907764f225..8114f2ecb416c 100644
--- a/pkgs/applications/misc/prusa-slicer/default.nix
+++ b/pkgs/applications/misc/prusa-slicer/default.nix
@@ -32,6 +32,9 @@
 , tbb_2021_8
 , wxGTK32
 , xorg
+, libbgcode
+, heatshrink
+, catch2
 , fetchpatch
 , withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd, systemd
 , wxGTK-override ? null
@@ -68,7 +71,14 @@ let
 in
 stdenv.mkDerivation (finalAttrs: {
   pname = "prusa-slicer";
-  version = "2.6.1";
+  version = "2.7.0";
+
+  src = fetchFromGitHub {
+    owner = "prusa3d";
+    repo = "PrusaSlicer";
+    hash = "sha256-S0z2v6knkQ+xlABB1zedEGtlxA/65X/vxLh304StfbE=";
+    rev = "version_${finalAttrs.version}";
+  };
 
   nativeBuildInputs = [
     cmake
@@ -102,6 +112,9 @@ stdenv.mkDerivation (finalAttrs: {
     tbb_2021_8
     wxGTK-override'
     xorg.libX11
+    libbgcode
+    heatshrink
+    catch2
   ] ++ lib.optionals withSystemd [
     systemd
   ];
@@ -143,21 +156,6 @@ stdenv.mkDerivation (finalAttrs: {
       --replace "#ifdef __APPLE__" "#if 0"
   '';
 
-  patches = [
-    # wxWidgets: CheckResizerFlags assert fix
-    (fetchpatch {
-      url = "https://github.com/prusa3d/PrusaSlicer/commit/24a5ebd65c9d25a0fd69a3716d079fd1b00eb15c.patch";
-      hash = "sha256-MNGtaI7THu6HEl9dMwcO1hkrCtIkscoNh4ulA2cKtZA=";
-    })
-  ];
-
-  src = fetchFromGitHub {
-    owner = "prusa3d";
-    repo = "PrusaSlicer";
-    hash = "sha256-t5lnBL7SZVfyR680ZK29YXgE3pag+uVv4+BGJZq40/A=";
-    rev = "version_${finalAttrs.version}";
-  };
-
   cmakeFlags = [
     "-DSLIC3R_STATIC=0"
     "-DSLIC3R_FHS=1"

From 90cb48315359e2fde072efcb9ee0763d5285de77 Mon Sep 17 00:00:00 2001
From: figsoda <figsoda@pm.me>
Date: Wed, 29 Nov 2023 09:48:35 -0500
Subject: [PATCH 62/76] svg2pdf: 0.9.0 -> 0.9.1

Diff: https://github.com/typst/svg2pdf/compare/v0.9.0...v0.9.1

Changelog: https://github.com/typst/svg2pdf/releases/tag/v0.9.1
(cherry picked from commit 4dc3fa27a59e5bda8263d1dd1266dc8824466883)
---
 pkgs/tools/graphics/svg2pdf/default.nix | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/pkgs/tools/graphics/svg2pdf/default.nix b/pkgs/tools/graphics/svg2pdf/default.nix
index d92fa5802d876..24065574ddcca 100644
--- a/pkgs/tools/graphics/svg2pdf/default.nix
+++ b/pkgs/tools/graphics/svg2pdf/default.nix
@@ -5,16 +5,20 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "svg2pdf";
-  version = "0.9.0";
+  version = "0.9.1";
 
   src = fetchFromGitHub {
     owner = "typst";
     repo = "svg2pdf";
     rev = "v${version}";
-    hash = "sha256-Xy1ID2/M3v9/ZEo8fWEDlJ8+cmgAMdHhs27xDfe8IYQ=";
+    hash = "sha256-mWj9zWxqcJ+5VFYSaeNLxClWdOGd34JboZBwT8E75Ew=";
   };
-  cargoHash = "sha256-l3671zvqSM4CY7lOXOur0Q6PBDVf6jXnhZ/8kADWQz4=";
-  buildFeatures = [ "cli" ];
+
+  cargoHash = "sha256-zP448dFnkoPca/GJA2kT5ht1fVGkWN0XdaKEePJaloQ=";
+
+  cargoBuildFlags = [
+    "-p=svg2pdf-cli"
+  ];
 
   meta = with lib; {
     description = "Convert SVG files to PDFs";

From bf41159d5da154f0723ad1357472debf6709fd3d Mon Sep 17 00:00:00 2001
From: techknowlogick <techknowlogick@gitea.com>
Date: Tue, 31 Oct 2023 14:28:43 -0400
Subject: [PATCH 63/76] consul: 1.16.1 -> 1.16.3

Diff: https://github.com/hashicorp/consul/compare/v1.16.1...v1.16.3
(cherry picked from commit ae2c5f6e15312622b298a107dfc38412f8b98979)
---
 pkgs/servers/consul/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/servers/consul/default.nix b/pkgs/servers/consul/default.nix
index 1e94991b5c089..2d449c531cc8b 100644
--- a/pkgs/servers/consul/default.nix
+++ b/pkgs/servers/consul/default.nix
@@ -2,7 +2,7 @@
 
 buildGoModule rec {
   pname = "consul";
-  version = "1.16.1";
+  version = "1.16.3";
   rev = "v${version}";
 
   # Note: Currently only release tags are supported, because they have the Consul UI
@@ -17,7 +17,7 @@ buildGoModule rec {
     owner = "hashicorp";
     repo = pname;
     inherit rev;
-    hash = "sha256-EEreAhxBQm6Wj1JFGfC9Ql3NARPXNOhqZkzIDJ2NMkg=";
+    hash = "sha256-XxT+66CNuDeVBoaNhlgET5bJYB/KDCjcO0RDmyI6S9o=";
   };
 
   passthru.tests.consul = nixosTests.consul;
@@ -26,7 +26,7 @@ buildGoModule rec {
   # has a split module structure in one repo
   subPackages = ["." "connect/certgen"];
 
-  vendorHash = "sha256-zERHmtmGrPrUPJ2fFc+J0pWKLKQc9TTSFkN2RUOXOoM=";
+  vendorHash = "sha256-WNvdHT915GSTFhZZfoi/MCHAjzBVYkhUiPNPw5GDT4s=";
 
   doCheck = false;
 

From f7ad190c6712721cc35f59edccc6041417b67567 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Thu, 30 Nov 2023 12:58:28 +0100
Subject: [PATCH 64/76] firefox-unwrapped: 120.0 -> 120.0.1

https://www.mozilla.org/en-US/firefox/120.0.1/releasenotes/
(cherry picked from commit d266f6f91b3fa177b7cde84c9bae66d9cf502e5e)
---
 pkgs/applications/networking/browsers/firefox/packages.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix
index 801e1ca0ad407..ec18c07125604 100644
--- a/pkgs/applications/networking/browsers/firefox/packages.nix
+++ b/pkgs/applications/networking/browsers/firefox/packages.nix
@@ -3,10 +3,10 @@
 {
   firefox = buildMozillaMach rec {
     pname = "firefox";
-    version = "120.0";
+    version = "120.0.1";
     src = fetchurl {
       url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
-      sha512 = "31d5f9e1d4173280c8de6d9b8551bc6bba5e2c49b84f944f50d42002d5b39c2fb743bc130f26c81160388a102b8301b94a0a378ecdfa6f943860f971a860df8c";
+      sha512 = "dd0e3eb234d58c39431d1f100834ef4bcc8cfb89ff471a37b948eda4dd3874b63b1979cda39a0db0dd3b4a579b5f09a7d2d1f39d26fd9f2b8d5635e4b8738b6c";
     };
 
     extraPatches = [

From 0cd77f0031164d4e01aa8d960269d5704c8a48ae Mon Sep 17 00:00:00 2001
From: Yureka <yuka@yuka.dev>
Date: Tue, 28 Nov 2023 23:21:04 +0100
Subject: [PATCH 65/76] firefox: move page size patch to buildMozillaMach

(cherry picked from commit 3219a1f4499a87ea40f2132deddd0ca7e7709007)
---
 pkgs/applications/networking/browsers/firefox/common.nix | 9 +++++++++
 .../networking/browsers/firefox/packages.nix             | 7 -------
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/pkgs/applications/networking/browsers/firefox/common.nix b/pkgs/applications/networking/browsers/firefox/common.nix
index ffe1786be32ec..4396d7e85d419 100644
--- a/pkgs/applications/networking/browsers/firefox/common.nix
+++ b/pkgs/applications/networking/browsers/firefox/common.nix
@@ -236,6 +236,15 @@ buildStdenv.mkDerivation {
   ++ lib.optional (lib.versionAtLeast version "111") ./env_var_for_system_dir-ff111.patch
   ++ lib.optional (lib.versionAtLeast version "96" && lib.versionOlder version "121") ./no-buildconfig-ffx96.patch
   ++ lib.optional (lib.versionAtLeast version "121") ./no-buildconfig-ffx121.patch
+  ++ lib.optionals (lib.versionAtLeast version "120" && lib.versionOlder version "120.0.1") [
+    (fetchpatch {
+      # Do not crash on systems without an expected statically assumed page size.
+      # https://phabricator.services.mozilla.com/D194458
+      name = "mozbz1866025.patch";
+      url = "https://hg.mozilla.org/mozilla-central/raw-rev/42c80086da4468f407648f2f57a7222aab2e9951";
+      hash = "sha256-cWOyvjIPUU1tavPRqg61xJ53XE4EJTdsFzadfVxyTyM=";
+    })
+  ]
   ++ extraPatches;
 
   postPatch = ''
diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix
index 801e1ca0ad407..2cc9f9d54bd0b 100644
--- a/pkgs/applications/networking/browsers/firefox/packages.nix
+++ b/pkgs/applications/networking/browsers/firefox/packages.nix
@@ -10,13 +10,6 @@
     };
 
     extraPatches = [
-      (fetchpatch {
-        # Do not crash on systems without an expected statically assumed page size.
-        # https://phabricator.services.mozilla.com/D194458
-        name = "mozbz1866025.patch";
-        url = "https://hg.mozilla.org/mozilla-central/raw-rev/42c80086da4468f407648f2f57a7222aab2e9951";
-        hash = "sha256-cWOyvjIPUU1tavPRqg61xJ53XE4EJTdsFzadfVxyTyM=";
-      })
     ];
 
     meta = {

From afb6bf728490951aea3ace4b327ae75020224c61 Mon Sep 17 00:00:00 2001
From: Alyssa Ross <hi@alyssa.is>
Date: Thu, 30 Nov 2023 12:10:28 +0100
Subject: [PATCH 66/76] materia-theme: fix build

I'm not sure why this was disabled, but when we later ran
"ninja install", it would be built anyway.  Now that we run
"meson install", that's no longer implicit, so we have to have the
build step enabled.

Fixes: 10f35ff05df1 ("meson.setupHook: prefer meson commands over ninja")
(cherry picked from commit 410698c71a787e38fc40092d73eba52d13864101)
---
 pkgs/data/themes/materia-theme/default.nix | 2 --
 1 file changed, 2 deletions(-)

diff --git a/pkgs/data/themes/materia-theme/default.nix b/pkgs/data/themes/materia-theme/default.nix
index da79f68638b9d..f42e532b64913 100644
--- a/pkgs/data/themes/materia-theme/default.nix
+++ b/pkgs/data/themes/materia-theme/default.nix
@@ -27,8 +27,6 @@ stdenv.mkDerivation rec {
 
   propagatedUserEnvPkgs = [ gtk-engine-murrine ];
 
-  dontBuild = true;
-
   mesonFlags = [
     "-Dgnome_shell_version=${lib.versions.majorMinor gnome.gnome-shell.version}"
   ];

From af5976fe8ee27cdbb1eb3b5946515b751de91f45 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Thu, 9 Nov 2023 23:26:51 +0100
Subject: [PATCH 67/76] linux-rt_latest: remove patch that doesn't apply

(cherry picked from commit 7cacb030def5af71894297787a4a98e9cf91ae3e)
---
 pkgs/top-level/linux-kernels.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/pkgs/top-level/linux-kernels.nix b/pkgs/top-level/linux-kernels.nix
index 12ad5a678f213..eb690b23ecef7 100644
--- a/pkgs/top-level/linux-kernels.nix
+++ b/pkgs/top-level/linux-kernels.nix
@@ -166,7 +166,6 @@ in {
         kernelPatches.bridge_stp_helper
         kernelPatches.request_key_helper
         kernelPatches.export-rt-sched-migrate
-        kernelPatches.dell_xps_regression
       ];
     };
 

From ca523f6464903b09d40938bdcf69d3142ee3750e Mon Sep 17 00:00:00 2001
From: Luflosi <luflosi@luflosi.de>
Date: Mon, 27 Nov 2023 22:08:42 +0100
Subject: [PATCH 68/76] teeworlds: fix meta.license

Replace stringy license with a list of all used licenses.

The original meta.license said that the license was BSD-style but this information has been outdated for a long time.
The license was changed in 2008: https://github.com/teeworlds/teeworlds/commit/bc108df382b5ac4ca637bf97ba9b2d8b2d83e58f#diff-7bb54d15ef4c4e0f20bb24add68a12fccced9925b304eaa696023143d278ea26.
The current license is clearly the zlib license and below that some notes about the licenses of `datasrc` (and `data`, which has not existed in the tree for many years), the fonts in `datasrc` and the libraries in `src/engine/external`.
See https://github.com/teeworlds/teeworlds/blob/master/license.txt for the current version of the license.
The meta.license string has been unchanged since the commit adding teeworlds in 2009: e71dbdbb8334152dbf3083801d194b2f88cee9b4.

See issue #269788.

(cherry picked from commit ed48ad7b256ba45209d4d3e6ee641706faccb0e0)
---
 pkgs/games/teeworlds/default.nix | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/pkgs/games/teeworlds/default.nix b/pkgs/games/teeworlds/default.nix
index eed9853ece9d8..bec2b9bc7aa79 100644
--- a/pkgs/games/teeworlds/default.nix
+++ b/pkgs/games/teeworlds/default.nix
@@ -99,7 +99,18 @@ stdenv.mkDerivation rec {
     '';
 
     homepage = "https://teeworlds.com/";
-    license = "BSD-style, see `license.txt'";
+    license = with lib.licenses; [
+      # See https://github.com/teeworlds/teeworlds/blob/master/license.txt
+      lib.licenses.zlib # Main license
+      cc-by-sa-30 # All content under 'datasrc' except the fonts
+      ofl  # datasrc/fonts/SourceHanSans.ttc
+      free # datasrc/fonts/DejaVuSans.ttf
+      bsd2 # src/engine/external/json-parser/
+      bsd3 # src/engine/external/wavpack
+      # zlib src/engine/external/md5/
+      # zlib src/engine/external/pnglite/
+      # zlib src/engine/external/zlib/
+    ];
     maintainers = with lib.maintainers; [ astsmtl Luflosi ];
     platforms = lib.platforms.unix;
   };

From fc92afc3f0cef9138fe25008e6a04bc838292432 Mon Sep 17 00:00:00 2001
From: Luna Nova <git@lunnova.dev>
Date: Sun, 16 Jul 2023 10:31:18 -0700
Subject: [PATCH 69/76] nixos/i3: add updateSessionEnvironment option

Runs dbus-update-activation-environment and systemctl import-environment on session start
to ensure xdg portals work, and user services have correct PATH / XDG env vars.
Matches behavior of Plasma/Gnome sessions.

(cherry picked from commit d47bb3261f54f5285b0f0714cd4f3f7452f89017)
---
 nixos/modules/services/x11/window-managers/i3.nix | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/nixos/modules/services/x11/window-managers/i3.nix b/nixos/modules/services/x11/window-managers/i3.nix
index 5bb73cd0bfb17..5b939e7fa602e 100644
--- a/nixos/modules/services/x11/window-managers/i3.nix
+++ b/nixos/modules/services/x11/window-managers/i3.nix
@@ -4,6 +4,10 @@ with lib;
 
 let
   cfg = config.services.xserver.windowManager.i3;
+  updateSessionEnvironmentScript = ''
+    systemctl --user import-environment PATH DISPLAY XAUTHORITY DESKTOP_SESSION XDG_CONFIG_DIRS XDG_DATA_DIRS XDG_RUNTIME_DIR XDG_SESSION_ID DBUS_SESSION_BUS_ADDRESS || true
+    dbus-update-activation-environment --systemd --all || true
+  '';
 in
 
 {
@@ -19,6 +23,15 @@ in
       '';
     };
 
+    updateSessionEnvironment = mkOption {
+      default = true;
+      type = types.bool;
+      description = lib.mdDoc ''
+        Whether to run dbus-update-activation-environment and systemctl import-environment before session start.
+        Required for xdg portals to function properly.
+      '';
+    };
+
     extraSessionCommands = mkOption {
       default     = "";
       type        = types.lines;
@@ -58,6 +71,8 @@ in
       start = ''
         ${cfg.extraSessionCommands}
 
+        ${lib.optionalString cfg.updateSessionEnvironment updateSessionEnvironmentScript}
+
         ${cfg.package}/bin/i3 ${optionalString (cfg.configFile != null)
           "-c /etc/i3/config"
         } &

From 47d644ff2412835134a317e69662a7b8cbe12bd3 Mon Sep 17 00:00:00 2001
From: Alyssa Ross <hi@alyssa.is>
Date: Thu, 30 Nov 2023 15:28:37 +0100
Subject: [PATCH 70/76] libreoffice: backport fix for expired test certs

(cherry picked from commit f52f3f8be6eafa0c579255dea9b76f185d45e057)
---
 pkgs/applications/office/libreoffice/default.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/pkgs/applications/office/libreoffice/default.nix b/pkgs/applications/office/libreoffice/default.nix
index 3f2885816a4bc..a44d5bd8853ac 100644
--- a/pkgs/applications/office/libreoffice/default.nix
+++ b/pkgs/applications/office/libreoffice/default.nix
@@ -1,5 +1,6 @@
 { stdenv
 , fetchurl
+, fetchpatch
 , lib
 , substituteAll
 , pam
@@ -218,6 +219,12 @@ in stdenv.mkDerivation (finalAttrs: {
     # runtime closure. This behavior was introduced by upstream in commit
     # cbfac11330882c7d0a817b6c37a08b2ace2b66f4
     ./0001-Strip-away-BUILDCONFIG.patch
+
+    # Backport fix for tests broken by expired test certificates.
+    (fetchpatch {
+      url = "https://cgit.freedesktop.org/libreoffice/core/patch/?id=ececb678b8362e3be8e02768ddd5e4197d87dc2a";
+      hash = "sha256-TUfKlwNxUTOJ95VLqwVD+ez1xhu7bW6xZlgIaCyIiNg=";
+    })
   ];
 
   # libreoffice tries to reference the BUILDCONFIG (e.g. PKG_CONFIG_PATH)

From abfa927ff8fcd3cd113e3783085d11e4253ec115 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <v@cunat.cz>
Date: Thu, 30 Nov 2023 20:49:23 +0100
Subject: [PATCH 71/76] Revert "libreoffice: skip tests for now"

This reverts commit 5f4ce4b64d6c072ad4cd0f47162531ff29cfe4c4.
It should all work now.
---
 pkgs/applications/office/libreoffice/default.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/pkgs/applications/office/libreoffice/default.nix b/pkgs/applications/office/libreoffice/default.nix
index a44d5bd8853ac..e49f4be07b2f8 100644
--- a/pkgs/applications/office/libreoffice/default.nix
+++ b/pkgs/applications/office/libreoffice/default.nix
@@ -400,8 +400,7 @@ in stdenv.mkDerivation (finalAttrs: {
 
   buildTargets = [ "build-nocheck" ];
 
-  # FIXME: https://github.com/NixOS/nixpkgs/pull/269828#issuecomment-1829260859
-  doCheck = variant == "fresh";
+  doCheck = true;
 
   # It installs only things to $out/lib/libreoffice
   postInstall = ''

From 580324732c4ba670371dd8610934e53c460f0c59 Mon Sep 17 00:00:00 2001
From: Muhammad Falak R Wani <falakreyaz@gmail.com>
Date: Thu, 16 Nov 2023 17:16:23 +0530
Subject: [PATCH 72/76] prometheus: 2.47.2 -> 2.48.0

Diff: https://github.com/prometheus/prometheus/compare/v2.47.2...2.48.0
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
(cherry picked from commit b8ff55a04517df153278d419d910f8ae804332a5)
---
 pkgs/servers/monitoring/prometheus/default.nix | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkgs/servers/monitoring/prometheus/default.nix b/pkgs/servers/monitoring/prometheus/default.nix
index d50fac3c71124..b24c86cefb306 100644
--- a/pkgs/servers/monitoring/prometheus/default.nix
+++ b/pkgs/servers/monitoring/prometheus/default.nix
@@ -31,10 +31,10 @@
 }:
 
 let
-  version = "2.47.2";
+  version = "2.48.0";
   webUiStatic = fetchurl {
     url = "https://github.com/prometheus/prometheus/releases/download/v${version}/prometheus-web-ui-${version}.tar.gz";
-    hash = "sha256-QLJXY6WzmKcOoLmBTVvCRhTRCAt3IXiHmd9KeLrfz+I=";
+    hash = "sha256-B7BXjzTbIEEOYxgy0uvnbHPMV8WD9sRAW9yQd0h6vVc=";
   };
 in
 buildGoModule rec {
@@ -47,10 +47,10 @@ buildGoModule rec {
     owner = "prometheus";
     repo = "prometheus";
     rev = "v${version}";
-    hash = "sha256-mV5sfv4+2a9R34wWcqMu/h/VqBSutmnSWnx0Q3K9L6M=";
+    hash = "sha256-4mQcfYk+DwhVADVQ1JuNn4ZDq2xDyzcDZHMozFrSLyo=";
   };
 
-  vendorHash = "sha256-qFp+tMHhXmJGY9MSukVRjBVzaIBgfxB0BorWiuInMwk=";
+  vendorHash = "sha256-OHTmAfhN+aPOJAIweW+GuvN2lNn2A+JeVU8chT1hqLU=";
 
   excludedPackages = [ "documentation/prometheus-mixin" ];
 

From c3543f9ca25af0e9afa2f18b63167b248a11fbe8 Mon Sep 17 00:00:00 2001
From: Daniel Olsen <daniel.olsen99@gmail.com>
Date: Wed, 29 Nov 2023 23:48:10 +0100
Subject: [PATCH 73/76] hydrus: 553 -> 554

Diff: https://github.com/hydrusnetwork/hydrus/compare/refs/tags/v553...v554
(cherry picked from commit 89926323eca11b21dde00d480eabb3350b367472)
---
 pkgs/applications/graphics/hydrus/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/applications/graphics/hydrus/default.nix b/pkgs/applications/graphics/hydrus/default.nix
index 84b750f939719..544b67fe26c2c 100644
--- a/pkgs/applications/graphics/hydrus/default.nix
+++ b/pkgs/applications/graphics/hydrus/default.nix
@@ -12,14 +12,14 @@
 
 python3Packages.buildPythonPackage rec {
   pname = "hydrus";
-  version = "553";
+  version = "554";
   format = "other";
 
   src = fetchFromGitHub {
     owner = "hydrusnetwork";
     repo = "hydrus";
     rev = "refs/tags/v${version}";
-    hash = "sha256-AQq5ljaxNzh0ZsoUqKgzz5kZKZMav99Jj8fI+e0wv7s=";
+    hash = "sha256-BNAEM9XFkdKLQUAWerM6IWts04FWdd8SSCJZaymmxGo=";
   };
 
   nativeBuildInputs = [
@@ -106,7 +106,7 @@ python3Packages.buildPythonPackage rec {
   installPhase = ''
     # Move the hydrus module and related directories
     mkdir -p $out/${python3Packages.python.sitePackages}
-    mv {hydrus,static} $out/${python3Packages.python.sitePackages}
+    mv {hydrus,static,db} $out/${python3Packages.python.sitePackages}
     # Fix random files being marked with execute permissions
     chmod -x $out/${python3Packages.python.sitePackages}/static/*.{png,svg,ico}
     # Build docs

From 4b2c4e5c1cac07b54f1fdd49378d3d01f3fe34fe Mon Sep 17 00:00:00 2001
From: Felix Buehler <account@buehler.rocks>
Date: Sat, 25 Nov 2023 23:45:06 +0100
Subject: [PATCH 74/76] nixos/libvirtd: add netcat and support

see: https://github.com/NixOS/nixpkgs/issues/180806
(cherry picked from commit 1b5617e25bc7b4f2390898e895792be5f0e68c6e)
---
 nixos/modules/virtualisation/libvirtd.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/virtualisation/libvirtd.nix b/nixos/modules/virtualisation/libvirtd.nix
index 708c577ec1edf..39aabcd7f4175 100644
--- a/nixos/modules/virtualisation/libvirtd.nix
+++ b/nixos/modules/virtualisation/libvirtd.nix
@@ -434,7 +434,7 @@ in
         ] ++ cfg.extraOptions
       );
 
-      path = [ cfg.qemu.package ] # libvirtd requires qemu-img to manage disk images
+      path = [ cfg.qemu.package pkgs.netcat ] # libvirtd requires qemu-img to manage disk images
         ++ optional vswitch.enable vswitch.package
         ++ optional cfg.qemu.swtpm.enable cfg.qemu.swtpm.package;
 

From 8f64f7edbe5de37ab229e4f52fc538507743107f Mon Sep 17 00:00:00 2001
From: Emil Thorsoe <jekarlson@gmail.com>
Date: Thu, 30 Nov 2023 14:34:02 +0200
Subject: [PATCH 75/76] sparse: set llvm to llvm_14

llvm_16 fails to compile
llvm_15 fails tests

(cherry picked from commit 172a5a2104aef6a915956bd8d3b54c121189c5dd)
---
 pkgs/top-level/all-packages.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index becbc80491e7f..cd8bcb7a53079 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -20091,7 +20091,9 @@ with pkgs;
 
   snowman = qt5.callPackage ../development/tools/analysis/snowman { };
 
-  sparse = callPackage ../development/tools/analysis/sparse { };
+  sparse = callPackage ../development/tools/analysis/sparse {
+    llvm = llvm_14;
+  };
 
   speedtest-cli = with python3Packages; toPythonApplication speedtest-cli;
 

From 3667b2ec3b472d4f5a477ec493bda971f63a09d4 Mon Sep 17 00:00:00 2001
From: Pol Dellaiera <pol.dellaiera@protonmail.com>
Date: Thu, 30 Nov 2023 09:06:57 +0100
Subject: [PATCH 76/76] vscode-extensions.bmewburn.vscode-intelephense-client:
 1.9.5 -> 1.10.1

(cherry picked from commit 2f2672d77297ec661b134297bbea7a2564df9995)
---
 pkgs/applications/editors/vscode/extensions/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/applications/editors/vscode/extensions/default.nix b/pkgs/applications/editors/vscode/extensions/default.nix
index 9086d1dc13e82..49e14a8907a1e 100644
--- a/pkgs/applications/editors/vscode/extensions/default.nix
+++ b/pkgs/applications/editors/vscode/extensions/default.nix
@@ -591,12 +591,12 @@ let
         mktplcRef = {
           name = "vscode-intelephense-client";
           publisher = "bmewburn";
-          version = "1.9.5";
-          sha256 = "sha256-KqWSQ+p5KqRVULwjoWuNE+lIEYkaUVkeOwMpXUxccqw=";
+          version = "1.10.1";
+          sha256 = "sha256-VZQ3dpwj4RWZuyMba8DM7+JcIBSYB8zimZOkP5mJbms=";
         };
         meta = {
           description = "PHP code intelligence for Visual Studio Code";
-          license = lib.licenses.mit;
+          license = lib.licenses.unfree;
           downloadPage = "https://marketplace.visualstudio.com/items?itemName=bmewburn.vscode-intelephense-client";
           maintainers = [ lib.maintainers.drupol ];
         };