Merge staging-next into staging

2024-09-29 23:52:55 +00:00 · 2024-06-12 06:01:24 +00:00 · 2024-06-12 06:01:24 +00:00 · d4adfab6df
commit d4adfab6df
parent ad67554387 e145b7fb56
21 changed files with 305 additions and 51 deletions
--- a/nixos/doc/manual/release-notes/rl-2411.section.md
+++ b/nixos/doc/manual/release-notes/rl-2411.section.md
@ -14,6 +14,8 @@

 - [Quickwit](https://quickwit.io), sub-second search & analytics engine on cloud storage. Available as [services.quickwit](options.html#opt-services.quickwit).

+- [Renovate](https://github.com/renovatebot/renovate), a dependency updating tool for various git forges and language ecosystems. Available as [services.renovate](#opt-services.renovate.enable).
+
 ## Backward Incompatibilities {#sec-release-24.11-incompatibilities}

 - `nginx` package no longer includes `gd` and `geoip` dependencies. For enabling it, override `nginx` package with the optionals `withImageFilter` and `withGeoIP`.
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -794,6 +794,7 @@
  ./services/misc/radarr.nix
  ./services/misc/readarr.nix
  ./services/misc/redmine.nix
+  ./services/misc/renovate.nix
  ./services/misc/ripple-data-api.nix
  ./services/misc/rippled.nix
  ./services/misc/rmfakecloud.nix
--- a/nixos/modules/services/misc/renovate.nix
+++ b/nixos/modules/services/misc/renovate.nix
@ -0,0 +1,153 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  inherit (lib)
+    mkEnableOption
+    mkPackageOption
+    mkOption
+    types
+    mkIf
+    ;
+  json = pkgs.formats.json { };
+  cfg = config.services.renovate;
+  generateValidatedConfig =
+    name: value:
+    pkgs.callPackage (
+      { runCommand, jq }:
+      runCommand name
+        {
+          nativeBuildInputs = [
+            jq
+            cfg.package
+          ];
+          value = builtins.toJSON value;
+          passAsFile = [ "value" ];
+          preferLocalBuild = true;
+        }
+        ''
+          jq . "$valuePath"> $out
+          renovate-config-validator $out
+        ''
+    ) { };
+  generateConfig = if cfg.validateSettings then generateValidatedConfig else json.generate;
+in
+{
+  meta.maintainers = with lib.maintainers; [ marie natsukium ];
+
+  options.services.renovate = {
+    enable = mkEnableOption "renovate";
+    package = mkPackageOption pkgs "renovate" { };
+    schedule = mkOption {
+      type = with types; nullOr str;
+      description = "How often to run renovate. See {manpage}`systemd.time(7)` for the format.";
+      example = "*:0/10";
+      default = null;
+    };
+    credentials = mkOption {
+      type = with types; attrsOf path;
+      description = ''
+        Allows configuring environment variable credentials for renovate, read from files.
+        This should always be used for passing confidential data to renovate.
+      '';
+      example = {
+        RENOVATE_TOKEN = "/etc/renovate/token";
+      };
+      default = { };
+    };
+    runtimePackages = mkOption {
+      type = with types; listOf package;
+      description = "Packages available to renovate.";
+      default = [ ];
+    };
+    validateSettings = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Weither to run renovate's config validator on the built configuration.";
+    };
+    settings = mkOption {
+      type = json.type;
+      default = { };
+      example = {
+        platform = "gitea";
+        endpoint = "https://git.example.com";
+        gitAuthor = "Renovate <renovate@example.com>";
+      };
+      description = ''
+        Renovate's global configuration.
+        If you want to pass secrets to renovate, please use {option}`services.renovate.credentials` for that.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.renovate.settings = {
+      cacheDir = "/var/cache/renovate";
+      baseDir = "/var/lib/renovate";
+    };
+
+    systemd.services.renovate = {
+      description = "Renovate dependency updater";
+      documentation = [ "https://docs.renovatebot.com/" ];
+      after = [ "network.target" ];
+      startAt = lib.optional (cfg.schedule != null) cfg.schedule;
+      path = [
+        config.systemd.package
+        pkgs.git
+      ] ++ cfg.runtimePackages;
+
+      serviceConfig = {
+        Type = "oneshot";
+        User = "renovate";
+        Group = "renovate";
+        DynamicUser = true;
+        LoadCredential = lib.mapAttrsToList (name: value: "SECRET-${name}:${value}") cfg.credentials;
+        RemainAfterExit = false;
+        Restart = "on-failure";
+        CacheDirectory = "renovate";
+        StateDirectory = "renovate";
+
+        # Hardening
+        CapabilityBoundingSet = [ "" ];
+        DeviceAllow = [ "" ];
+        LockPersonality = true;
+        PrivateDevices = true;
+        PrivateUsers = true;
+        ProcSubset = "pid";
+        ProtectClock = true;
+        ProtectControlGroups = true;
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectProc = "invisible";
+        RestrictAddressFamilies = [
+          "AF_INET"
+          "AF_INET6"
+        ];
+        RestrictNamespaces = true;
+        RestrictRealtime = true;
+        SystemCallArchitectures = "native";
+        UMask = "0077";
+      };
+
+      script = ''
+        ${lib.concatStringsSep "\n" (
+          builtins.map (name: "export ${name}=$(systemd-creds cat 'SECRET-${name}')") (
+            lib.attrNames cfg.credentials
+          )
+        )}
+        exec ${lib.escapeShellArg (lib.getExe cfg.package)}
+      '';
+
+      environment = {
+        RENOVATE_CONFIG_FILE = generateConfig "renovate-config.json" cfg.settings;
+        HOME = "/var/lib/renovate";
+      };
+    };
+  };
+}
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@ -803,6 +803,7 @@ in {
  redis = handleTest ./redis.nix {};
  redlib = handleTest ./redlib.nix {};
  redmine = handleTest ./redmine.nix {};
+  renovate = handleTest ./renovate.nix {};
  restartByActivationScript = handleTest ./restart-by-activation-script.nix {};
  restic-rest-server = handleTest ./restic-rest-server.nix {};
  restic = handleTest ./restic.nix {};
--- a/nixos/tests/renovate.nix
+++ b/nixos/tests/renovate.nix
@ -0,0 +1,69 @@
+import ./make-test-python.nix (
+  { pkgs, ... }:
+  {
+    name = "renovate";
+    meta.maintainers = with pkgs.lib.maintainers; [ marie natsukium ];
+
+    nodes.machine =
+      { config, ... }:
+      {
+        services.renovate = {
+          enable = true;
+          settings = {
+            platform = "gitea";
+            endpoint = "http://localhost:3000";
+            autodiscover = true;
+            gitAuthor = "Renovate <renovate@example.com>";
+          };
+          credentials = {
+            RENOVATE_TOKEN = "/etc/renovate-token";
+          };
+        };
+        environment.systemPackages = [
+          config.services.forgejo.package
+          pkgs.tea
+          pkgs.git
+        ];
+        services.forgejo = {
+          enable = true;
+          settings.server.HTTP_PORT = 3000;
+        };
+      };
+
+    testScript = ''
+      def gitea(command):
+        return machine.succeed(f"cd /var/lib/forgejo && sudo --user=forgejo GITEA_WORK_DIR=/var/lib/forgejo GITEA_CUSTOM=/var/lib/forgejo/custom gitea {command}")
+
+      machine.wait_for_unit("forgejo.service")
+      machine.wait_for_open_port(3000)
+
+      machine.systemctl("stop forgejo.service")
+
+      gitea("admin user create --username meow --email meow@example.com --password meow")
+
+      machine.systemctl("start forgejo.service")
+      machine.wait_for_unit("forgejo.service")
+      machine.wait_for_open_port(3000)
+
+      accessToken = gitea("admin user generate-access-token --raw --username meow --scopes all | tr -d '\n'")
+
+      machine.succeed(f"tea login add --name default --user meow --token '{accessToken}' --password meow --url http://localhost:3000")
+      machine.succeed("tea repo create --name kitty --init")
+      machine.succeed("git config --global user.name Meow")
+      machine.succeed("git config --global user.email meow@example.com")
+      machine.succeed(f"git clone http://meow:{accessToken}@localhost:3000/meow/kitty.git /tmp/kitty")
+      machine.succeed("echo '{ \"name\": \"meow\", \"version\": \"0.1.0\" }' > /tmp/kitty/package.json")
+      machine.succeed("git -C /tmp/kitty add /tmp/kitty/package.json")
+      machine.succeed("git -C /tmp/kitty commit -m 'add package.json'")
+      machine.succeed("git -C /tmp/kitty push origin")
+
+      machine.succeed(f"echo '{accessToken}' > /etc/renovate-token")
+      machine.systemctl("start renovate.service")
+
+      machine.succeed("tea pulls list --repo meow/kitty | grep 'Configure Renovate'")
+      machine.succeed("tea pulls merge --repo meow/kitty 1")
+
+      machine.systemctl("start renovate.service")
+    '';
+  }
+)
--- a/pkgs/applications/blockchains/go-ethereum/default.nix
+++ b/pkgs/applications/blockchains/go-ethereum/default.nix
@ -9,13 +9,13 @@ let

 in buildGoModule rec {
  pname = "go-ethereum";
-  version = "1.14.4";
+  version = "1.14.5";

  src = fetchFromGitHub {
    owner = "ethereum";
    repo = pname;
    rev = "v${version}";
-    sha256 = "sha256-qjzwIyzuZxmz/72TylHsnofLIF3Jr7qjC1gy7NcP+KI=";
+    sha256 = "sha256-IY0BKoDRMVRZTIysdUgqhTFQx0Pz+kl61vbPbhSdT8k=";
  };

  proxyVendor = true;
--- a/pkgs/applications/misc/archivy/default.nix
+++ b/pkgs/applications/misc/archivy/default.nix
@ -9,7 +9,8 @@ let
      wtforms = super.wtforms.overridePythonAttrs (oldAttrs: rec {
        version = "2.3.1";

-        src = oldAttrs.src.override {
+        src = fetchPypi {
+          pname = "WTForms";
          inherit version;
          sha256 = "sha256-hhoTs65SHWcA2sOydxlwvTVKY7pwQ+zDqCtSiFlqGXI=";
        };
--- a/pkgs/by-name/at/atuin/package.nix
+++ b/pkgs/by-name/at/atuin/package.nix
@ -4,43 +4,51 @@
 , installShellFiles
 , rustPlatform
 , libiconv
+, protobuf
 , darwin
 , nixosTests
 }:

 rustPlatform.buildRustPackage rec {
  pname = "atuin";
-  version = "18.2.0";
+  version = "18.3.0";

  src = fetchFromGitHub {
    owner = "atuinsh";
    repo = "atuin";
    rev = "v${version}";
-    hash = "sha256-TTQ2XLqng7TMLnRsLDb/50yyHYuMSPZJ4H+7CEFWQQ0=";
+    hash = "sha256-Q3UI1IUD5Jz2O4xj3mFM7DqY3lTy3WhWYPa8QjJHTKE=";
  };

  # TODO: unify this to one hash because updater do not support this
  cargoHash =
    if stdenv.isLinux
-    then "sha256-KMH19Op7uyb3Z/cjT6bdmO+JEp1o2n6rWRNYmn1+0hE="
-    else "sha256-mBOyo6bKipMfmsowQujeUpog12jXAiqx5CtkwCxquRU=";
+    then "sha256-K4Vw/d0ZOROWujWr76I3QvfKefLhXLeFufUrgStAyjQ="
+    else "sha256-8NAfE7cGFT64ntNXK9RT0D/MbDJweN7vvsG/KlrY4K4=";

  # atuin's default features include 'check-updates', which do not make sense
  # for distribution builds. List all other default features.
  buildNoDefaultFeatures = true;
  buildFeatures = [
-    "client" "sync" "server" "clipboard"
+    "client" "sync" "server" "clipboard" "daemon"
  ];

  nativeBuildInputs = [ installShellFiles ];

-  buildInputs = lib.optionals stdenv.isDarwin [
+  buildInputs = [
+    protobuf
+  ] ++ lib.optionals stdenv.isDarwin [
    libiconv
    darwin.apple_sdk_11_0.frameworks.AppKit
    darwin.apple_sdk_11_0.frameworks.Security
    darwin.apple_sdk_11_0.frameworks.SystemConfiguration
  ];

+  preBuild = ''
+    export PROTOC=${protobuf}/bin/protoc
+    export PROTOC_INCLUDE="${protobuf}/include";
+  '';
+
  postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
    installShellCompletion --cmd atuin \
      --bash <($out/bin/atuin gen-completions -s bash) \
@ -60,6 +68,7 @@ rustPlatform.buildRustPackage rec {
    # PermissionDenied (Operation not permitted)
    "--skip=change_password"
    "--skip=multi_user_test"
+    "--skip=store::var::tests::build_vars"
    # Tries to touch files
    "--skip=build_aliases"
  ];
--- a/pkgs/by-name/ch/chezmoi/package.nix
+++ b/pkgs/by-name/ch/chezmoi/package.nix
@ -8,16 +8,16 @@
 let
  argset = {
    pname = "chezmoi";
-    version = "2.48.2";
+    version = "2.49.0";

    src = fetchFromGitHub {
      owner = "twpayne";
      repo = "chezmoi";
      rev = "v${argset.version}";
-      hash = "sha256-Ikxp8PJ72UCRYmaoloruVdIpi46nF41bi7RK0rPvs1E=";
+      hash = "sha256-9VMNeWJzbfpHL9u6fYF1HzQGlREU6eQmF9mwqxosTGI=";
    };

-    vendorHash = "sha256-151l+yen1QI5DiYJgBvWV/OlbnE72ecmMtHUBRhxQM4=";
+    vendorHash = "sha256-0gM2C8vXFOFDNJVnjq0Qbm2urhenWcH8F+ExAtjMVc0=";

    nativeBuildInputs = [
      installShellFiles
--- a/pkgs/by-name/du/dune3d/package.nix
+++ b/pkgs/by-name/du/dune3d/package.nix
@ -1,5 +1,6 @@
 {
  cmake,
+  desktopToDarwinBundle,
  eigen,
  fetchFromGitHub,
  glm,
@ -7,26 +8,33 @@
  gtkmm4,
  lib,
  libepoxy,
+  libossp_uuid,
  librsvg,
  libspnav,
  libuuid,
+  libxml2,
+  llvmPackages_17,
  meson,
  ninja,
-  opencascade-occt,
+  opencascade-occt_7_6,
  pkg-config,
  python3,
  stdenv,
  wrapGAppsHook3,
 }:

-stdenv.mkDerivation rec {
+let
+  stdenv' = if stdenv.isDarwin then llvmPackages_17.stdenv else stdenv;
+  opencascade-occt = opencascade-occt_7_6;
+in
+stdenv'.mkDerivation (finalAttrs: {
  pname = "dune3d";
  version = "1.1.0";

  src = fetchFromGitHub {
    owner = "dune3d";
    repo = "dune3d";
-    rev = "v${version}";
+    rev = "v${finalAttrs.version}";
    hash = "sha256-Z/kdOc/MbnnEyRsel3aZGndTAy1eCdAK0Wdta0HxaE4=";
  };

@ -36,7 +44,9 @@ stdenv.mkDerivation rec {
    ninja
    pkg-config
    wrapGAppsHook3
-  ];
+    libxml2 # for xmllints
+  ] ++ lib.optional stdenv.isDarwin desktopToDarwinBundle;
+
  buildInputs = [
    cmake
    eigen
@ -45,7 +55,7 @@ stdenv.mkDerivation rec {
    libepoxy
    librsvg
    libspnav
-    libuuid
+    (if stdenv.isLinux then libuuid else libossp_uuid)
    opencascade-occt
    (python3.withPackages (pp: [
      pp.pygobject3
@ -54,12 +64,12 @@ stdenv.mkDerivation rec {

  env.CASROOT = opencascade-occt;

-  meta = with lib; {
+  meta = {
    description = "3D CAD application";
    homepage = "https://dune3d.org";
-    license = licenses.gpl3Plus;
-    maintainers = with maintainers; [ _0x4A6F jue89 ];
+    license = lib.licenses.gpl3Plus;
+    maintainers = with lib.maintainers; [ _0x4A6F jue89 ];
    mainProgram = "dune3d";
-    platforms = platforms.linux;
+    platforms = lib.platforms.linux ++ lib.platforms.darwin;
  };
-}
+})
--- a/pkgs/by-name/ek/eksctl/package.nix
+++ b/pkgs/by-name/ek/eksctl/package.nix
@ -6,13 +6,13 @@

 buildGoModule rec {
  pname = "eksctl";
-  version = "0.181.0";
+  version = "0.182.0";

  src = fetchFromGitHub {
    owner = "weaveworks";
    repo = pname;
    rev = version;
-    hash = "sha256-3VTMkWDahIMrOO05ZI0f/sbyZagwbVVD/fu9z4JRPZw=";
+    hash = "sha256-KCd0AuizmsdGOBh7YZLEKcehoygd19HjjFu7V6NsVVw=";
  };

  vendorHash = "sha256-eaEAC1jDmApcyn0RC5pvonYVWblRCB2PFTr/K5rZvtU=";
--- a/pkgs/by-name/no/nom/package.nix
+++ b/pkgs/by-name/no/nom/package.nix
@ -5,16 +5,16 @@
 }:
 buildGoModule rec {
  pname = "nom";
-  version = "2.4.0";
+  version = "2.5.0";

  src = fetchFromGitHub {
    owner = "guyfedwards";
    repo = "nom";
    rev = "v${version}";
-    hash = "sha256-1KHU+y8aoEdXzP5jUZlTokbv383aKgMt+Wby2bodCTI=";
+    hash = "sha256-uy4c3NLBZY0ybjoK/AYilAZ4bA0+Jkh7OLScH5cVRHI=";
  };

-  vendorHash = "sha256-wWdsLU656wBAUmnVw21wo+a/OLmyhZ2Bq0j8S190XQs=";
+  vendorHash = "sha256-xolhwdWRjYZMgwI4jq0fGzvxnNjx6EplvZC7XMvBw+M=";

  meta = with lib; {
    homepage = "https://github.com/guyfedwards/nom";
--- a/pkgs/by-name/ol/ollama/package.nix
+++ b/pkgs/by-name/ol/ollama/package.nix
@ -7,9 +7,7 @@
 , overrideCC
 , makeWrapper
 , stdenv
-, nixosTests

-, pkgs
 , cmake
 , gcc12
 , clblast
@ -19,8 +17,11 @@
 , linuxPackages
 , darwin

+, nixosTests
 , testers
 , ollama
+, ollama-rocm
+, ollama-cuda

 , config
  # one of `[ null false "rocm" "cuda" ]`
@ -198,20 +199,24 @@ goBuild ((lib.optionalAttrs enableRocm {

  passthru.tests = {
    service = nixosTests.ollama;
-    rocm = pkgs.ollama.override { acceleration = "rocm"; };
-    cuda = pkgs.ollama.override { acceleration = "cuda"; };
    version = testers.testVersion {
      inherit version;
      package = ollama;
    };
+  } // stdenv.isLinux {
+    inherit ollama-rocm ollama-cuda;
  };

  meta = {
-    description = "Get up and running with large language models locally";
+    description = "Get up and running with large language models locally"
+      + lib.optionalString enableRocm ", using ROCm for AMD GPU acceleration"
+      + lib.optionalString enableCuda ", using CUDA for NVIDIA GPU acceleration";
    homepage = "https://github.com/ollama/ollama";
    changelog = "https://github.com/ollama/ollama/releases/tag/v${version}";
    license = licenses.mit;
-    platforms = platforms.unix;
+    platforms =
+      if (enableRocm || enableCuda) then platforms.linux
+      else platforms.unix;
    mainProgram = "ollama";
    maintainers = with maintainers; [ abysssol dit7ya elohmeier roydubnium ];
  };
--- a/pkgs/by-name/re/renovate/package.nix
+++ b/pkgs/by-name/re/renovate/package.nix
@ -10,6 +10,7 @@
  renovate,
  testers,
  xcbuild,
+  nixosTests,
 }:

 let
@ -77,11 +78,11 @@ stdenv'.mkDerivation (finalAttrs: {
    runHook preInstall

    mkdir -p $out/{bin,lib/node_modules/renovate}
-    cp -r dist node_modules package.json $out/lib/node_modules/renovate
+    cp -r dist node_modules package.json renovate-schema.json $out/lib/node_modules/renovate

    makeWrapper "${lib.getExe nodejs}" "$out/bin/renovate" \
      --add-flags "$out/lib/node_modules/renovate/dist/renovate.js"
-    makeWrapper "${lib.getExe nodejs}" "$out/bin/config-validator" \
+    makeWrapper "${lib.getExe nodejs}" "$out/bin/renovate-config-validator" \
      --add-flags "$out/lib/node_modules/renovate/dist/config-validator.js"

    runHook postInstall
@ -89,6 +90,7 @@ stdenv'.mkDerivation (finalAttrs: {

  passthru.tests = {
    version = testers.testVersion { package = renovate; };
+    vm-test = nixosTests.renovate;
  };

  meta = {
--- a/pkgs/by-name/tr/trealla/package.nix
+++ b/pkgs/by-name/tr/trealla/package.nix
@ -23,13 +23,13 @@ assert lib.elem lineEditingLibrary [
 ];
 stdenv.mkDerivation (finalAttrs: {
  pname = "trealla";
-  version = "2.52.15";
+  version = "2.52.18";

  src = fetchFromGitHub {
    owner = "trealla-prolog";
    repo = "trealla";
    rev = "v${finalAttrs.version}";
-    hash = "sha256-Ej3YmPMBwCZGdYVmz5Ni+0EUN4TZ2VA4nKH6ovgeOPc=";
+    hash = "sha256-ai1z/Y3KuQUnRhWduuZfnPdz+vc1VS24Wih/CFnuCtk=";
  };

  postPatch = ''
--- a/pkgs/development/ocaml-modules/ppx_cstubs/default.nix
+++ b/pkgs/development/ocaml-modules/ppx_cstubs/default.nix
@ -1,4 +1,5 @@
 { lib
+, ocaml
 , fetchFromGitHub
 , buildDunePackage
 , bigarray-compat
@ -12,6 +13,9 @@
 , findlib
 }:

+lib.throwIf (lib.versionAtLeast ocaml.version "5.2")
+  "ppx_cstubs is not available for OCaml ${ocaml.version}"
+
 buildDunePackage rec {
  pname = "ppx_cstubs";
  version = "0.7.0";
--- a/pkgs/development/ocaml-modules/stdcompat/default.nix
+++ b/pkgs/development/ocaml-modules/stdcompat/default.nix
@ -1,8 +1,12 @@
 { buildDunePackage
+, ocaml
 , lib
 , fetchurl
 }:

+lib.throwIf (lib.versionAtLeast ocaml.version "5.2")
+  "stdcompat is not available for OCaml ${ocaml.version}"
+
 buildDunePackage rec {
  pname = "stdcompat";
  version = "19";
--- a/pkgs/development/ocaml-modules/torch/default.nix
+++ b/pkgs/development/ocaml-modules/torch/default.nix
@ -64,5 +64,6 @@ buildDunePackage rec {
    description = "Ocaml bindings to Pytorch";
    maintainers = [ maintainers.bcdarwin ];
    license = licenses.asl20;
+    broken = true; # Not compatible with libtorch ≥ 2.3.0
  };
 }
--- a/pkgs/development/python-modules/tox/default.nix
+++ b/pkgs/development/python-modules/tox/default.nix
@ -25,14 +25,14 @@

 buildPythonPackage rec {
  pname = "tox";
-  version = "4.15.0";
+  version = "4.15.1";
  format = "pyproject";

  src = fetchFromGitHub {
    owner = "tox-dev";
    repo = "tox";
    rev = "refs/tags/${version}";
-    hash = "sha256-aKk3a0RAcLyrHK6I3Q7rcBdZVJGNBXsBqA8N7Kpdrms=";
+    hash = "sha256-BLOxyvcC3ngQDVSMaw/NfLVbFkIHbTmhUOOVBqlcK/Q=";
  };

  postPatch = ''
--- a/pkgs/os-specific/linux/multipath-tools/default.nix
+++ b/pkgs/os-specific/linux/multipath-tools/default.nix
@ -35,8 +35,7 @@ stdenv.mkDerivation rec {
    # Backport build fix for musl libc 1.2.5
    (fetchpatch {
      url = "https://github.com/openSUSE/multipath-tools/commit/e5004de8296cd596aeeac0a61b901e98cf7a69d2.patch";
-      hash = "sha256-ZvNFVphB9f+S/XMxktR6P/YYSTLeJXEsj4XrAnw6GUI=";
-      excludes = ["tests/util.c"];
+      hash = "sha256-3Qt8zfrWi9aOdqMObZQaNAaXDmjhvSYrXK7qycC9L1Q=";
    })
  ];

@ -46,16 +45,6 @@ stdenv.mkDerivation rec {

    substituteInPlace multipathd/multipathd.service.in \
      --replace-fail /sbin/multipathd "$out/bin/multipathd"
-
-    sed -i -re '
-      s,^( *#define +DEFAULT_MULTIPATHDIR\>).*,\1 "'"$out/lib/multipath"'",
-    ' libmultipath/defaults.h
-    sed -i -e 's,\$(DESTDIR)/\(usr/\)\?,$(prefix)/,g' \
-      kpartx/Makefile libmpathpersist/Makefile
-    sed -i -e "s,GZIP,GZ," \
-      $(find * -name Makefile\*)
-
-    sed '1i#include <assert.h>' -i tests/{util,vpd}.c
  '';

  nativeBuildInputs = [
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -812,6 +812,9 @@ with pkgs;

  oletools = with python3.pkgs; toPythonApplication oletools;

+  ollama-rocm = callPackage ../by-name/ol/ollama/package.nix { acceleration = "rocm"; };
+  ollama-cuda = callPackage ../by-name/ol/ollama/package.nix { acceleration = "cuda"; };
+
  ots = callPackage ../tools/security/ots {  };

  credential-detector = callPackage ../tools/security/credential-detector { };