alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

Merge master into staging-next

Browse source
This commit is contained in:
Frederik Rietdijk 2020-05-11 22:08:13 +02:00
parent d20d734bcf 82ca249c92
commit 568cef433d
91 changed files with 1088 additions and 557 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/kernel.nix
View file

@ -14,7 +14,7 @@ with lib;
freeform = x: { freeform = x; };
/*
Common patterns/legacy used in common-config/hardened-config.nix
Common patterns/legacy used in common-config/hardened/config.nix
*/
whenHelpers = version: {
whenAtLeast = ver: mkIf (versionAtLeast version ver);

7
nixos/doc/manual/release-notes/rl-2009.xml
View file

@ -279,6 +279,13 @@ php.override {
</programlisting>
</para>
</listitem>
<listitem>
<para>
The Nginx log directory has been moved to <literal>/var/log/nginx</literal>, the cache directory
to <literal>/var/cache/nginx</literal>. The option <literal>services.nginx.stateDir</literal> has
been removed.
</para>
</listitem>
<listitem>
<para>
The httpd web server previously started its main process as root

2
nixos/lib/test-driver/test-driver.py
View file

@ -369,7 +369,7 @@ class Machine:
q = q.replace("'", "\\'")
return self.execute(
(
"su -l {} -c "
"su -l {} --shell /bin/sh -c "
"$'XDG_RUNTIME_DIR=/run/user/`id -u` "
"systemctl --user {}'"
).format(user, q)

4
nixos/modules/services/logging/awstats.nix
View file

@ -24,7 +24,7 @@ let
logFile = mkOption {
type = types.str;
example = "/var/spool/nginx/logs/access.log";
example = "/var/log/nginx/access.log";
description = ''
The log file to be scanned.
@ -110,7 +110,7 @@ in
{
"mysite" = {
domain = "example.com";
logFile = "/var/spool/nginx/logs/access.log";
logFile = "/var/log/nginx/access.log";
};
}
'';

2
nixos/modules/services/networking/monero.nix
View file

@ -26,7 +26,7 @@ let
rpc-login=${rpc.user}:${rpc.password}
''}
${optionalString rpc.restricted ''
restrict-rpc=1
restricted-rpc=1
''}
limit-rate-up=${toString limits.upload}

28
nixos/modules/services/web-servers/nginx/default.nix
View file

@ -187,7 +187,7 @@ let
then "/etc/nginx/nginx.conf"
else configFile;
execCommand = "${cfg.package}/bin/nginx -c '${configPath}' -p '${cfg.stateDir}'";
execCommand = "${cfg.package}/bin/nginx -c '${configPath}'";
vhosts = concatStringsSep "\n" (mapAttrsToList (vhostName: vhost:
let
@ -463,13 +463,6 @@ in
'';
};
stateDir = mkOption {
default = "/var/spool/nginx";
description = "
Directory holding all state for nginx to run.
";
};
user = mkOption {
type = types.str;
default = "nginx";
@ -636,6 +629,13 @@ in
};
};
imports = [
(mkRemovedOptionModule [ "services" "nginx" "stateDir" ] ''
The Nginx log directory has been moved to /var/log/nginx, the cache directory
to /var/cache/nginx. The option services.nginx.stateDir has been removed.
'')
];
config = mkIf cfg.enable {
# TODO: test user supplied config file pases syntax test
@ -680,12 +680,6 @@ in
}
];
systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/logs' 0750 ${cfg.user} ${cfg.group} - -"
"Z '${cfg.stateDir}' - ${cfg.user} ${cfg.group} - -"
];
systemd.services.nginx = {
description = "Nginx Web Server";
wantedBy = [ "multi-user.target" ];
@ -708,6 +702,12 @@ in
# Runtime directory and mode
RuntimeDirectory = "nginx";
RuntimeDirectoryMode = "0750";
# Cache directory and mode
CacheDirectory = "nginx";
CacheDirectoryMode = "0750";
# Logs directory and mode
LogsDirectory = "nginx";
LogsDirectoryMode = "0750";
# Capabilities
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" "CAP_SYS_RESOURCE" ];
};

2
nixos/tests/service-runner.nix
View file

@ -23,7 +23,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
machine.fail(f"curl {url}")
machine.succeed(
"""
mkdir -p /run/nginx /var/spool/nginx/logs
mkdir -p /run/nginx /var/log/nginx /var/cache/nginx
${nodes.machine.config.systemd.services.nginx.runner} &
echo $!>my-nginx.pid
"""

17
pkgs/applications/editors/mg/default.nix
View file

@ -1,12 +1,14 @@
{ stdenv, fetchurl, pkgconfig, libbsd, ncurses, buildPackages }:
{ stdenv, fetchFromGitHub, pkgconfig, ncurses, buildPackages }:
stdenv.mkDerivation rec {
pname = "mg";
version = "20171014";
version = "6.7";
src = fetchurl {
url = "http://homepage.boetes.org/software/mg/${pname}-${version}.tar.gz";
sha256 = "0hakfikzsml7z0hja8m8mcahrmfy2piy81bq9nccsjplyfc9clai";
src = fetchFromGitHub {
owner = "ibara";
repo = "mg";
rev = "mg-6.7";
sha256 = "15adwibq6xrfxbrxzk765g9250iyfn4wbcxd7kcsabiwn6apm0ai";
};
enableParallelBuilding = true;
@ -17,14 +19,13 @@ stdenv.mkDerivation rec {
install -m 555 -Dt $out/bin mg
install -m 444 -Dt $out/share/man/man1 mg.1
'';
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ libbsd ncurses ];
buildInputs = [ ncurses ];
meta = with stdenv.lib; {
description = "Micro GNU/emacs, a portable version of the mg maintained by the OpenBSD team";
homepage = "https://homepage.boetes.org/software/mg";
homepage = "https://man.openbsd.org/OpenBSD-current/man1/mg.1";
license = licenses.publicDomain;
platforms = platforms.all;
};

4
pkgs/applications/graphics/yed/default.nix
View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "yEd";
version = "3.19.1.1";
version = "3.20";
src = fetchzip {
url = "https://www.yworks.com/resources/yed/demo/${pname}-${version}.zip";
sha256 = "0px88rc1slf7n1n8lpk56hf29ppbnnd4lrqfyggihcr0pxmw157c";
sha256 = "08j8lpn2nd41gavgrj03rlrxl04wcamq1y02f1x1569ykbhycb3m";
};
nativeBuildInputs = [ makeWrapper unzip ];

10
pkgs/applications/kde/kdegraphics-thumbnailers.nix
View file

@ -1,5 +1,5 @@
{
mkDerivation, lib,
mkDerivation, lib, fetchpatch,
extra-cmake-modules, karchive, kio, libkexiv2, libkdcraw
}:
@ -9,6 +9,14 @@ mkDerivation {
license = [ lib.licenses.lgpl21 ];
maintainers = [ lib.maintainers.ttuegel ];
};
patches = [
# Fix a bug with thumbnail.so processes hanging:
# https://bugs.kde.org/show_bug.cgi?id=404652
(fetchpatch {
url = "https://phabricator.kde.org/file/data/tnk4b6roouixzifi6vre/PHID-FILE-qkkedevt7svx7lv56ea5/D26635.diff";
sha256 = "0fq85zhymmrq8vl0y6vgh87qf4c6fhcq704p4kpkaq7y0isxj4h1";
})
];
nativeBuildInputs = [ extra-cmake-modules ];
buildInputs = [ karchive kio libkexiv2 libkdcraw ];
}

31
pkgs/applications/misc/bemenu/default.nix
View file

@ -1,32 +1,33 @@
{ stdenv, fetchFromGitHub, cairo, cmake, libxkbcommon
{ stdenv, lib, fetchFromGitHub, cairo, libxkbcommon
, pango, fribidi, harfbuzz, pcre, pkgconfig
, ncursesSupport ? true, ncurses ? null
, waylandSupport ? true, wayland ? null
, waylandSupport ? true, wayland ? null, wayland-protocols ? null
, x11Support ? true, xlibs ? null, xorg ? null
}:
assert ncursesSupport -> ncurses != null;
assert waylandSupport -> wayland != null;
assert waylandSupport -> ! lib.elem null [wayland wayland-protocols];
assert x11Support -> xlibs != null && xorg != null;
stdenv.mkDerivation rec {
pname = "bemenu";
version = "0.3.0";
version = "0.4.1";
src = fetchFromGitHub {
owner = "Cloudef";
repo = pname;
rev = version;
sha256 = "03k8wijdgj5nwmvgjhsrlh918n719789fhs4dqm23pd00rapxipk";
sha256 = "1fjcs9d3533ay3nz79cx3c0lmy2chgragr2lhsy0xl2ckr0iins0";
};
nativeBuildInputs = [ cmake pkgconfig pcre ];
nativeBuildInputs = [ pkgconfig pcre ];
cmakeFlags = [
"-DBEMENU_CURSES_RENDERER=${if ncursesSupport then "ON" else "OFF"}"
"-DBEMENU_WAYLAND_RENDERER=${if waylandSupport then "ON" else "OFF"}"
"-DBEMENU_X11_RENDERER=${if x11Support then "ON" else "OFF"}"
];
makeFlags = ["PREFIX=$(out)"];
buildFlags = ["clients"]
++ lib.optional ncursesSupport "curses"
++ lib.optional waylandSupport "wayland"
++ lib.optional x11Support "x11";
buildInputs = with stdenv.lib; [
cairo
@ -34,18 +35,18 @@ stdenv.mkDerivation rec {
harfbuzz
libxkbcommon
pango
] ++ optionals ncursesSupport [ ncurses ]
++ optionals waylandSupport [ wayland ]
] ++ optional ncursesSupport ncurses
++ optionals waylandSupport [ wayland wayland-protocols ]
++ optionals x11Support [
xlibs.libX11 xlibs.libXinerama xlibs.libXft
xorg.libXdmcp xorg.libpthreadstubs xorg.libxcb
];
meta = with stdenv.lib; {
meta = with lib; {
homepage = "https://github.com/Cloudef/bemenu";
description = "Dynamic menu library and client program inspired by dmenu";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ thiagokokada ];
maintainers = with maintainers; [ lheckemann ];
platforms = with platforms; linux;
};
}

7
pkgs/applications/misc/cura/default.nix
View file

@ -2,25 +2,26 @@
mkDerivation rec {
pname = "cura";
version = "4.5.0";
version = "4.6.1";
src = fetchFromGitHub {
owner = "Ultimaker";
repo = "Cura";
rev = version;
sha256 = "0fm04s912sgmr66wyb55ly4jh39ijsj6lx4fx9wn7hchlqmw5jxi";
sha256 = "0h1r9caa579d3gfpcmch54rdbkg5df64ds2v84iqsbxwjp0rmn4n";
};
materials = fetchFromGitHub {
owner = "Ultimaker";
repo = "fdm_materials";
rev = version;
sha256 = "0fgkwz1anw49macq1jxjhjr79slhmx7g3zwij7g9fqyzzhrrmwqn";
sha256 = "1k5c3qmixhpz3z2yi0fysxcyyf1yhcwmdlrcypkw827lhsialqp4";
};
buildInputs = [ qtbase qtquickcontrols2 qtgraphicaleffects ];
propagatedBuildInputs = with python3.pkgs; [
libsavitar numpy-stl pyserial requests uranium zeroconf
sentry-sdk trimesh
] ++ plugins;
nativeBuildInputs = [ cmake python3.pkgs.wrapPython ];

15
pkgs/applications/misc/cura/plugins.nix
View file

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, fetchpatch, cmake, python3Packages }:
{ stdenv, fetchFromGitHub, fetchpatch, python3Packages }:
let
@ -6,21 +6,24 @@ let
octoprint = stdenv.mkDerivation rec {
pname = "Cura-OctoPrintPlugin";
version = "3.5.11";
version = "3.5.12";
src = fetchFromGitHub {
owner = "fieldOfView";
repo = pname;
rev = "3cef0a955ae7ccfa5c07d20d9d147c530cc9d6ec";
sha256 = "0q9bkwgpsbfwkp1bfaxq3wm9pbwx5d7ji0jr7cwc4y5nizji81is";
rev = "ad522c0b7ead5fbe28da686a3cc75e351274c2bc";
sha256 = "0ln11ng32bh0smfsk54mv2j3sadh0gwf031nmm95zrvbj9cr6yc0";
};
nativeBuildInputs = [ cmake ];
propagatedBuildInputs = with python3Packages; [
netifaces
];
installPhase = ''
mkdir -p $out/lib/cura/plugins/OctoPrintPlugin
cp -rv . $out/lib/cura/plugins/OctoPrintPlugin/
'';
meta = with stdenv.lib; {
description = "Enables printing directly to OctoPrint and monitoring the process";
homepage = "https://github.com/fieldOfView/Cura-OctoPrintPlugin";

54
pkgs/applications/misc/genxword/default.nix Normal file
View file

@ -0,0 +1,54 @@
{ lib
, python3
, fetchFromGitHub
, gettext
, gobject-introspection
, wrapGAppsHook
, pango
, gtksourceview3
}:
python3.pkgs.buildPythonApplication rec {
pname = "genxword";
version = "2.0.1";
src = fetchFromGitHub {
owner = "riverrun";
repo = pname;
rev = "v${version}";
sha256 = "00czdvyb5wnrk3x0g529afisl8v4frfys9ih0nzf1fs4jkzjcijg";
};
nativeBuildInputs = [
gettext
gobject-introspection
wrapGAppsHook
];
buildInputs = [
gobject-introspection
pango
gtksourceview3
];
propagatedBuildInputs = with python3.pkgs; [
pycairo
pygobject3
];
# to prevent double wrapping
dontWrapGApps = true;
preFixup = ''
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
# there are no tests
doCheck = false;
meta = with lib; {
inherit (src.meta) homepage;
description = "Crossword generator";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ dotlambda ];
};
}

14
pkgs/applications/misc/yubioath-desktop/default.nix
View file

@ -6,11 +6,11 @@
mkDerivation rec {
pname = "yubioath-desktop";
version = "5.0.2";
version = "5.0.3";
src = fetchurl {
url = "https://developers.yubico.com/yubioath-desktop/Releases/yubioath-desktop-${version}.tar.gz";
sha256 = "19ingk0ab88a22s04apcw8kx9xygxlbk8kp4xnb8pmf8z3k6l2gf";
sha256 = "1g0jd7mmch6a6n8k5pp3w27qd5cijnvzk05lwraf0i96m68h7x1k";
};
doCheck = false;
@ -38,13 +38,13 @@ mkDerivation rec {
--prefix LD_LIBRARY_PATH : "${stdenv.lib.getLib pcsclite}/lib:${yubikey-personalization}/lib"
mkdir -p $out/share/applications
cp resources/yubioath-desktop.desktop \
$out/share/applications/yubioath-desktop.desktop
cp resources/com.yubico.yubioath.desktop \
$out/share/applications/com.yubico.yubioath.desktop
mkdir -p $out/share/yubioath/icons
cp resources/icons/*.{icns,ico,png,xpm} $out/share/yubioath/icons
substituteInPlace $out/share/applications/yubioath-desktop.desktop \
cp resources/icons/*.{icns,ico,png,svg} $out/share/yubioath/icons
substituteInPlace $out/share/applications/com.yubico.yubioath.desktop \
--replace 'Exec=yubioath-desktop' "Exec=$out/bin/yubioath-desktop" \
--replace 'Icon=yubioath' "Icon=$out/share/yubioath/icons/yubioath.png"
--replace 'Icon=yubioath' "Icon=$out/share/yubioath/icons/com.yubico.yubioath.png"
'';
meta = with stdenv.lib; {

4
pkgs/applications/radio/xlog/default.nix
View file

@ -1,11 +1,11 @@
{ stdenv, fetchurl, glib, gtk2, pkgconfig, hamlib }:
stdenv.mkDerivation rec {
pname = "xlog";
version = "2.0.17";
version = "2.0.19";
src = fetchurl {
url = "https://download.savannah.gnu.org/releases/xlog/${pname}-${version}.tar.gz";
sha256 = "0vmn8518zk7qk1mbp1h8dm0f8fx0z0jvmy42c1n15il714lj7vsl";
sha256 = "0y38gkcm4mgv6wn31pjq6d5bm22m63rpwa55qjmrlywrmw76rppy";
};
# glib-2.62 deprecations

20
pkgs/applications/science/electronics/kicad/base.nix
View file

@ -2,7 +2,6 @@
, libX11, gettext, glew, glm, cairo, curl, openssl, boost, pkgconfig
, doxygen, pcre, libpthreadstubs, libXdmcp, fetchpatch, lndir, callPackages
, pname ? "kicad"
, stable ? true
, baseName ? "kicad"
, versions ? { }
@ -20,26 +19,26 @@ with lib;
let
versionConfig = versions.${baseName};
baseVersion = "${versions.${baseName}.kicadVersion.version}";
# oce on aarch64 fails a test
withOCE = oceSupport && !stdenv.isAarch64;
withOCC = (withOCCT && !withOCE) || (oceSupport && stdenv.isAarch64);
kicad-libraries = callPackages ./libraries.nix versionConfig.libVersion;
libraries = callPackages ./libraries.nix versionConfig.libVersion;
in
stdenv.mkDerivation rec {
inherit pname;
version = "base-${baseVersion}";
i18n = libraries.i18n;
pname = "kicad-base";
version = "${versions.${baseName}.kicadVersion.version}";
src = fetchFromGitLab (
{
group = "kicad";
owner = "code";
repo = "kicad";
rev = baseVersion;
} // versionConfig.kicadVersion.src
);
@ -57,9 +56,11 @@ stdenv.mkDerivation rec {
# tagged releases don't have "unknown"
# kicad nightlies use git describe --dirty
# nix removes .git, so its approximated here
# "-1" appended to indicate we're adding a patch
postPatch = ''
substituteInPlace CMakeModules/KiCadVersion.cmake \
--replace "unknown" ${builtins.substring 0 10 src.rev}
--replace "unknown" "${builtins.substring 0 10 src.rev}-1" \
--replace "${version}" "${version}-1"
'';
makeFlags = optional (debug) [ "CFLAGS+=-Og" "CFLAGS+=-ggdb" ];
@ -113,7 +114,7 @@ stdenv.mkDerivation rec {
postInstall = optional (withI18n) ''
mkdir -p $out/share
lndir ${kicad-libraries.i18n}/share $out/share
lndir ${i18n}/share $out/share
'';
meta = {
@ -124,7 +125,6 @@ stdenv.mkDerivation rec {
'';
homepage = "https://www.kicad-pcb.org/";
license = licenses.agpl3;
maintainers = with maintainers; [ evils kiwi berce ];
platforms = with platforms; linux;
platforms = platforms.all;
};
}

103
pkgs/applications/science/electronics/kicad/default.nix
View file

@ -4,6 +4,7 @@
, librsvg, cups
, pname ? "kicad"
, stable ? true
, oceSupport ? false, opencascade
, withOCCT ? true, opencascade-occt
, ngspiceSupport ? true, libngspice
@ -18,7 +19,6 @@ assert ngspiceSupport -> libngspice != null;
with lib;
let
stable = pname != "kicad-unstable";
baseName = if (stable) then "kicad" else "kicad-unstable";
versions = import ./versions.nix;
@ -35,17 +35,16 @@ let
python = python3;
wxPython = python3Packages.wxPython_4_0;
libraries = callPackages ./libraries.nix versionConfig.libVersion;
in
stdenv.mkDerivation rec {
passthru.libraries = callPackages ./libraries.nix versionConfig.libVersion;
base = callPackage ./base.nix {
pname = baseName;
inherit versions stable baseName;
inherit wxGTK python wxPython;
inherit debug withI18n withOCCT oceSupport ngspiceSupport scriptingSupport;
};
in
stdenv.mkDerivation rec {
inherit pname;
version = versions.${baseName}.kicadVersion.version;
@ -63,7 +62,7 @@ stdenv.mkDerivation rec {
# wrapGAppsHook added the equivalent to ${base}/share
# though i noticed no difference without it
makeWrapperArgs = [
makeWrapperArgs = with passthru.libraries; [
"--prefix XDG_DATA_DIRS : ${base}/share"
"--prefix XDG_DATA_DIRS : ${hicolor-icon-theme}/share"
"--prefix XDG_DATA_DIRS : ${gnome3.defaultIconTheme}/share"
@ -73,47 +72,40 @@ stdenv.mkDerivation rec {
"--prefix XDG_DATA_DIRS : ${cups}/share"
"--prefix GIO_EXTRA_MODULES : ${gnome3.dconf}/lib/gio/modules"
"--set KISYSMOD ${libraries.footprints}/share/kicad/modules"
"--set KICAD_SYMBOL_DIR ${libraries.symbols}/share/kicad/library"
"--set KICAD_TEMPLATE_DIR ${libraries.templates}/share/kicad/template"
"--prefix KICAD_TEMPLATE_DIR : ${libraries.symbols}/share/kicad/template"
"--prefix KICAD_TEMPLATE_DIR : ${libraries.footprints}/share/kicad/template"
"--set KISYSMOD ${footprints}/share/kicad/modules"
"--set KICAD_SYMBOL_DIR ${symbols}/share/kicad/library"
"--set KICAD_TEMPLATE_DIR ${templates}/share/kicad/template"
"--prefix KICAD_TEMPLATE_DIR : ${symbols}/share/kicad/template"
"--prefix KICAD_TEMPLATE_DIR : ${footprints}/share/kicad/template"
]
++ optionals (with3d) [ "--set KISYS3DMOD ${libraries.packages3d}/share/kicad/modules/packages3d" ]
++ optionals (with3d) [ "--set KISYS3DMOD ${packages3d}/share/kicad/modules/packages3d" ]
++ optionals (ngspiceSupport) [ "--prefix LD_LIBRARY_PATH : ${libngspice}/lib" ]
# infinisil's workaround for #39493
++ [ "--set GDK_PIXBUF_MODULE_FILE ${librsvg}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache" ]
;
# dunno why i have to add $makeWrapperArgs manually...
# why does $makeWrapperArgs have to be added explicitly?
# $out and $program_PYTHONPATH don't exist when makeWrapperArgs gets set?
# not sure if anything has to be done with the other stuff in base/bin
# dxf2idf, idf2vrml, idfcyl, idfrect, kicad2step, kicad-ogltest
installPhase =
optionalString (scriptingSupport) '' buildPythonPath "${base} $pythonPath"
'' +
'' makeWrapper ${base}/bin/kicad $out/bin/kicad $makeWrapperArgs ''
+ optionalString (scriptingSupport) '' --set PYTHONPATH "$program_PYTHONPATH"
'' +
'' makeWrapper ${base}/bin/pcbnew $out/bin/pcbnew $makeWrapperArgs ''
+ optionalString (scriptingSupport) '' --set PYTHONPATH "$program_PYTHONPATH"
'' +
'' makeWrapper ${base}/bin/eeschema $out/bin/eeschema $makeWrapperArgs ''
+ optionalString (scriptingSupport) '' --set PYTHONPATH "$program_PYTHONPATH"
'' +
'' makeWrapper ${base}/bin/gerbview $out/bin/gerbview $makeWrapperArgs ''
+ optionalString (scriptingSupport) '' --set PYTHONPATH "$program_PYTHONPATH"
'' +
'' makeWrapper ${base}/bin/pcb_calculator $out/bin/pcb_calculator $makeWrapperArgs ''
+ optionalString (scriptingSupport) '' --set PYTHONPATH "$program_PYTHONPATH"
'' +
'' makeWrapper ${base}/bin/pl_editor $out/bin/pl_editor $makeWrapperArgs ''
+ optionalString (scriptingSupport) '' --set PYTHONPATH "$program_PYTHONPATH"
'' +
'' makeWrapper ${base}/bin/bitmap2component $out/bin/bitmap2component $makeWrapperArgs ''
+ optionalString (scriptingSupport) '' --set PYTHONPATH "$program_PYTHONPATH"
''
# kicad-ogltest's source seems to indicate that crashing is expected behaviour...
installPhase = with lib;
let
tools = [ "kicad" "pcbnew" "eeschema" "gerbview" "pcb_calculator" "pl_editor" "bitmap2component" ];
utils = [ "dxf2idf" "idf2vrml" "idfcyl" "idfrect" "kicad2step" "kicad-ogltest" ];
in
( concatStringsSep "\n"
( flatten [
( optionalString (scriptingSupport) "buildPythonPath \"${base} $pythonPath\" \n" )
# wrap each of the directly usable tools
( map ( tool: "makeWrapper ${base}/bin/${tool} $out/bin/${tool} $makeWrapperArgs"
+ optionalString (scriptingSupport) " --set PYTHONPATH \"$program_PYTHONPATH\""
) tools )
# link in the CLI utils
( map ( util: "ln -s ${base}/bin/${util} $out/bin/${util}" ) utils )
])
)
;
# can't run this for each pname
@ -123,10 +115,11 @@ stdenv.mkDerivation rec {
# and can't git commit if this could be running in parallel with other scripts
passthru.updateScript = [ ./update.sh "all" ];
meta = {
description = if (stable)
then "Open Source Electronics Design Automation Suite"
else "Open Source EDA Suite, Development Build";
meta = rec {
description = (if (stable)
then "Open Source Electronics Design Automation suite"
else "Open Source EDA suite, development build")
+ (if (!with3d) then ", without 3D models" else "");
homepage = "https://www.kicad-pcb.org/";
longDescription = ''
KiCad is an open source software suite for Electronic Design Automation.
@ -134,12 +127,20 @@ stdenv.mkDerivation rec {
'';
license = licenses.agpl3;
# berce seems inactive...
maintainers = with maintainers; [ evils kiwi berce ];
# kicad's cross-platform, not sure what to fill in here
platforms = with platforms; linux;
} // optionalAttrs with3d {
# We can't download the 3d models on Hydra - they are a ~1 GiB download and
# they occupy ~5 GiB in store.
hydraPlatforms = [];
maintainers = with stdenv.lib.maintainers; [ evils kiwi berce ];
# kicad is cross platform
platforms = stdenv.lib.platforms.all;
# despite that, nipkgs' wxGTK for darwin is "wxmac"
# and wxPython_4_0 does not account for this
# adjusting this package to downgrade to python2Packages.wxPython (wxPython 3),
# seems like more trouble than fixing wxPython_4_0 would be
# additionally, libngspice is marked as linux only, though it should support darwin
hydraPlatforms = if (with3d) then [ ] else platforms;
# We can't download the 3d models on Hydra,
# they are a ~1 GiB download and they occupy ~5 GiB in store.
# as long as the base and libraries (minus 3d) are build,
# this wrapper does not need to get built
# the kicad-*small "packages" cause this to happen
};
}

39
pkgs/applications/science/electronics/kicad/libraries.nix
View file

@ -13,21 +13,27 @@
with lib;
let
mkLib = name:
stdenv.mkDerivation
{
pname = "kicad-${name}";
version = "${version}";
src = fetchFromGitHub (
{
owner = "KiCad";
repo = "kicad-${name}";
rev = version;
inherit name;
} // (libSources.${name} or { })
);
nativeBuildInputs = [ cmake ];
meta.license = licenses.cc-by-sa-40;
stdenv.mkDerivation {
pname = "kicad-${name}";
version = "${version}";
src = fetchFromGitHub (
{
owner = "KiCad";
repo = "kicad-${name}";
rev = version;
inherit name;
} // (libSources.${name} or { })
);
nativeBuildInputs = [ cmake ];
meta = rec {
license = licenses.cc-by-sa-40;
platforms = stdenv.lib.platforms.all;
# the 3d models are a ~1 GiB download and occupy ~5 GiB in store.
# this would exceed the hydra output limit
hydraPlatforms = if (name == "packages3d" ) then [ ] else platforms;
};
};
in
{
symbols = mkLib "symbols";
@ -56,6 +62,9 @@ in
);
buildInputs = [ gettext ];
nativeBuildInputs = [ cmake ];
meta.license = licenses.gpl2; # https://github.com/KiCad/kicad-i18n/issues/3
meta = {
license = licenses.gpl2; # https://github.com/KiCad/kicad-i18n/issues/3
platforms = stdenv.lib.platforms.all;
};
};
}

24
pkgs/applications/science/electronics/kicad/versions.nix
View file

@ -27,25 +27,25 @@
};
"kicad-unstable" = {
kicadVersion = {
version = "2020-04-25";
version = "2020-05-06";
src = {
rev = "3759799d1e03b2da6a0dcd72273e4978880fc8f1";
sha256 = "0ba14fla8m5zli68wfjkfc4ymvj4j8z92y3jigxs8hys0450bybi";
rev = "c92181621e2e51dc8aae1bd9f4483bb3301ffaa5";
sha256 = "0s50xn5gbjy7yxnp9yiynxvxi2mkcrp6yghgdzclpm40rnfyi0v5";
};
};
libVersion = {
version = "2020-04-25";
version = "2020-05-06";
libSources = {
i18n.rev = "fc14baa52ca56a58b0048ab860bf31887d3cf8eb";
i18n.sha256 = "05nayab7dkjyq7g3i9q7k55hcckpc0cmq4bbklmxx16rx4rbhzc6";
symbols.rev = "0f9ff2d17237f90bb649bf0a52b6d454f68197e8";
symbols.sha256 = "1a54428syn2xksc00n2bvh1alrx2vrqmp7cg7d2rn8nlq8yk4qd5";
i18n.rev = "f29cab831eb823165fa2c5efab5d9c9b443e62e2";
i18n.sha256 = "0cc0zvpml75yxphay3281f762ls08fzvv538cd5hmkr8xqlj3vbi";
symbols.rev = "d4245ae8cf633095a0994ab01492bd56cd124112";
symbols.sha256 = "11pynjgji3skw42q5mryz98f8z418k43jy6s2k90w6jv638z3cb0";
templates.rev = "7db8d4d0ea0711f1961d117853547fb3edbc3857";
templates.sha256 = "1hppcsrkn4dk6ggby6ckh0q65qxkywrbyxa4lwpaf7pxjyv498xg";
footprints.rev = "61df6d8853b4c68cca0ac87784c0a33cff9394d3";
footprints.sha256 = "0blmhk8pwd4mi6rlsr4lf4lq7j01h6xbpbvr3pm8pmw8zylhi54v";
packages3d.rev = "88bcf2e817fe000bb2c05e14489afc3b1a4e10ed";
packages3d.sha256 = "0z9p1fn5xbz940kr5jz2ibzf09hpdi1c9izmabkffvrnfy6408x6";
footprints.rev = "3bff23ee339bc48490bb39deba5d8b2f1f42733e";
footprints.sha256 = "0430r8k49ib6w1sjr8fx42szbz960yhlzg4w80jl5bwasq67nqwd";
packages3d.rev = "889a3dd550233ec51baed4a04a01d4cc64a8d747";
packages3d.sha256 = "152zv4j51v8skqlvrabblpcqpbn5yf3grisjj8vnwf7kdd41chb2";
};
};
};

5
pkgs/desktops/plasma-5/kwin/default.nix
View file

@ -11,11 +11,10 @@
kcoreaddons, kcrash, kdeclarative, kdecoration, kglobalaccel, ki18n,
kiconthemes, kidletime, kinit, kio, knewstuff, knotifications, kpackage,
kscreenlocker, kservice, kwayland, kwidgetsaddons, kwindowsystem, kxmlgui,
plasma-framework, qtsensors, libcap, libdrm
plasma-framework, qtsensors, libcap, libdrm, mesa
}:
# TODO (ttuegel): investigate qmlplugindump failure
# TODO (ttuegel): investigate gbm dependency
mkDerivation {
name = "kwin";
@ -30,7 +29,7 @@ mkDerivation {
kcoreaddons kcrash kdeclarative kdecoration kglobalaccel ki18n kiconthemes
kidletime kinit kio knewstuff knotifications kpackage kscreenlocker kservice
kwayland kwidgetsaddons kwindowsystem kxmlgui plasma-framework
libcap libdrm
libcap libdrm mesa
];
outputs = [ "bin" "dev" "out" ];
patches = [

32
pkgs/development/compilers/llvm/10/compiler-rt-armv7l.patch Normal file
View file

@ -0,0 +1,32 @@
diff -ur compiler-rt-10.0.0.src/cmake/builtin-config-ix.cmake compiler-rt-10.0.0.src-patched/cmake/builtin-config-ix.cmake
--- compiler-rt-10.0.0.src/cmake/builtin-config-ix.cmake 2020-03-24 00:01:02.000000000 +0900
+++ compiler-rt-10.0.0.src-patched/cmake/builtin-config-ix.cmake 2020-05-10 03:42:00.883450706 +0900
@@ -24,7 +24,7 @@
set(ARM64 aarch64)
-set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k)
+set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k armv7l)
set(HEXAGON hexagon)
set(X86 i386)
set(X86_64 x86_64)
diff -ur compiler-rt-10.0.0.src/lib/builtins/CMakeLists.txt compiler-rt-10.0.0.src-patched/lib/builtins/CMakeLists.txt
--- compiler-rt-10.0.0.src/lib/builtins/CMakeLists.txt 2020-03-24 00:01:02.000000000 +0900
+++ compiler-rt-10.0.0.src-patched/lib/builtins/CMakeLists.txt 2020-05-10 03:44:49.468579650 +0900
@@ -474,6 +474,7 @@
set(armv7_SOURCES ${arm_SOURCES})
set(armv7s_SOURCES ${arm_SOURCES})
set(armv7k_SOURCES ${arm_SOURCES})
+set(armv7l_SOURCES ${arm_SOURCES})
set(arm64_SOURCES ${aarch64_SOURCES})
# macho_embedded archs
@@ -595,7 +596,7 @@
foreach (arch ${BUILTIN_SUPPORTED_ARCH})
if (CAN_TARGET_${arch})
# For ARM archs, exclude any VFP builtins if VFP is not supported
- if (${arch} MATCHES "^(arm|armhf|armv7|armv7s|armv7k|armv7m|armv7em)$")
+ if (${arch} MATCHES "^(arm|armhf|armv7|armv7s|armv7k|armv7l|armv7m|armv7em)$")
string(REPLACE ";" " " _TARGET_${arch}_CFLAGS "${TARGET_${arch}_CFLAGS}")
check_compile_definition(__VFP_FP__ "${CMAKE_C_FLAGS} ${_TARGET_${arch}_CFLAGS}" COMPILER_RT_HAS_${arch}_VFP)
if(NOT COMPILER_RT_HAS_${arch}_VFP)

4
pkgs/development/compilers/llvm/10/compiler-rt.nix
View file

@ -48,7 +48,9 @@ stdenv.mkDerivation rec {
patches = [
./compiler-rt-codesign.patch # Revert compiler-rt commit that makes codesign mandatory
./find-darwin-sdk-version.patch # don't test for macOS being >= 10.15
];# ++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch
]# ++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch
++ stdenv.lib.optional stdenv.hostPlatform.isAarch32 ./compiler-rt-armv7l.patch;
# TSAN requires XPC on Darwin, which we have no public/free source files for. We can depend on the Apple frameworks
# to get it, but they're unfree. Since LLVM is rather central to the stdenv, we patch out TSAN support so that Hydra

23
pkgs/development/compilers/llvm/5/compiler-rt-armv7l.patch Normal file
View file

@ -0,0 +1,23 @@
diff -ur compiler-rt-5.0.2.src/cmake/builtin-config-ix.cmake compiler-rt-5.0.2.src-patched/cmake/builtin-config-ix.cmake
--- compiler-rt-5.0.2.src/cmake/builtin-config-ix.cmake 2017-05-25 00:53:24.000000000 +0900
+++ compiler-rt-5.0.2.src-patched/cmake/builtin-config-ix.cmake 2020-05-10 03:24:24.937433155 +0900
@@ -24,7 +24,7 @@
set(ARM64 aarch64)
-set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k)
+set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k armv7l)
set(X86 i386 i686)
set(X86_64 x86_64)
set(MIPS32 mips mipsel)
diff -ur compiler-rt-5.0.2.src/lib/builtins/CMakeLists.txt compiler-rt-5.0.2.src-patched/lib/builtins/CMakeLists.txt
--- compiler-rt-5.0.2.src/lib/builtins/CMakeLists.txt 2017-07-13 04:33:30.000000000 +0900
+++ compiler-rt-5.0.2.src-patched/lib/builtins/CMakeLists.txt 2020-05-10 03:24:45.945075423 +0900
@@ -444,6 +444,7 @@
set(armv7_SOURCES ${arm_SOURCES})
set(armv7s_SOURCES ${arm_SOURCES})
set(armv7k_SOURCES ${arm_SOURCES})
+set(armv7l_SOURCES ${arm_SOURCES})
set(arm64_SOURCES ${aarch64_SOURCES})
# macho_embedded archs

3
pkgs/development/compilers/llvm/5/compiler-rt.nix
View file

@ -48,7 +48,8 @@ stdenv.mkDerivation {
patches = [
./compiler-rt-codesign.patch # Revert compiler-rt commit that makes codesign mandatory
] ++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch
++ stdenv.lib.optional (stdenv.hostPlatform.libc == "glibc") ./compiler-rt-sys-ustat.patch;
++ stdenv.lib.optional (stdenv.hostPlatform.libc == "glibc") ./compiler-rt-sys-ustat.patch
++ stdenv.lib.optional stdenv.hostPlatform.isAarch32 ./compiler-rt-armv7l.patch;
# TSAN requires XPC on Darwin, which we have no public/free source files for. We can depend on the Apple frameworks
# to get it, but they're unfree. Since LLVM is rather central to the stdenv, we patch out TSAN support so that Hydra

32
pkgs/development/compilers/llvm/6/compiler-rt-armv7l.patch Normal file
View file

@ -0,0 +1,32 @@
diff -ur compiler-rt-6.0.1.src/cmake/builtin-config-ix.cmake compiler-rt-6.0.1.src-patched/cmake/builtin-config-ix.cmake
--- compiler-rt-6.0.1.src/cmake/builtin-config-ix.cmake 2017-12-01 06:04:11.000000000 +0900
+++ compiler-rt-6.0.1.src-patched/cmake/builtin-config-ix.cmake 2020-05-10 03:30:01.939694303 +0900
@@ -24,7 +24,7 @@
set(ARM64 aarch64)
-set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k)
+set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k armv7l)
set(X86 i386)
set(X86_64 x86_64)
set(MIPS32 mips mipsel)
diff -ur compiler-rt-6.0.1.src/lib/builtins/CMakeLists.txt compiler-rt-6.0.1.src-patched/lib/builtins/CMakeLists.txt
--- compiler-rt-6.0.1.src/lib/builtins/CMakeLists.txt 2017-12-25 06:11:32.000000000 +0900
+++ compiler-rt-6.0.1.src-patched/lib/builtins/CMakeLists.txt 2020-05-10 03:30:44.814964156 +0900
@@ -452,6 +452,7 @@
set(armv7_SOURCES ${arm_SOURCES})
set(armv7s_SOURCES ${arm_SOURCES})
set(armv7k_SOURCES ${arm_SOURCES})
+set(armv7l_SOURCES ${arm_SOURCES})
set(arm64_SOURCES ${aarch64_SOURCES})
# macho_embedded archs
@@ -521,7 +522,7 @@
set(_arch ${arch})
if("${arch}" STREQUAL "armv6m")
set(_arch "arm|armv6m")
- elseif("${arch}" MATCHES "^(armhf|armv7|armv7s|armv7k|armv7m|armv7em)$")
+ elseif("${arch}" MATCHES "^(armhf|armv7|armv7s|armv7k|armv7l|armv7m|armv7em)$")
set(_arch "arm")
endif()

3
pkgs/development/compilers/llvm/6/compiler-rt.nix
View file

@ -47,7 +47,8 @@ stdenv.mkDerivation {
patches = [
./compiler-rt-codesign.patch # Revert compiler-rt commit that makes codesign mandatory
] ++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch;
] ++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch
++ stdenv.lib.optional stdenv.hostPlatform.isAarch32 ./compiler-rt-armv7l.patch;
# TSAN requires XPC on Darwin, which we have no public/free source files for. We can depend on the Apple frameworks
# to get it, but they're unfree. Since LLVM is rather central to the stdenv, we patch out TSAN support so that Hydra

38
pkgs/development/compilers/llvm/7/compiler-rt-armv7l.patch Normal file
View file

@ -0,0 +1,38 @@
diff -ur compiler-rt-7.1.0.src/cmake/builtin-config-ix.cmake compiler-rt-7.1.0.src-patched/cmake/builtin-config-ix.cmake
--- compiler-rt-7.1.0.src/cmake/builtin-config-ix.cmake 2018-05-25 06:36:27.000000000 +0900
+++ compiler-rt-7.1.0.src-patched/cmake/builtin-config-ix.cmake 2020-05-09 20:26:33.030608692 +0900
@@ -24,7 +24,7 @@
set(ARM64 aarch64)
-set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k)
+set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k armv7l)
set(HEXAGON hexagon)
set(X86 i386)
set(X86_64 x86_64)
diff -ur compiler-rt-7.1.0.src/lib/builtins/CMakeLists.txt compiler-rt-7.1.0.src-patched/lib/builtins/CMakeLists.txt
--- compiler-rt-7.1.0.src/lib/builtins/CMakeLists.txt 2018-07-31 03:18:59.000000000 +0900
+++ compiler-rt-7.1.0.src-patched/lib/builtins/CMakeLists.txt 2020-05-09 20:27:38.893409318 +0900
@@ -453,6 +453,7 @@
set(armv7_SOURCES ${arm_SOURCES})
set(armv7s_SOURCES ${arm_SOURCES})
set(armv7k_SOURCES ${arm_SOURCES})
+set(armv7l_SOURCES ${arm_SOURCES})
set(arm64_SOURCES ${aarch64_SOURCES})
# macho_embedded archs
@@ -563,12 +564,12 @@
set(_arch ${arch})
if("${arch}" STREQUAL "armv6m")
set(_arch "arm|armv6m")
- elseif("${arch}" MATCHES "^(armhf|armv7|armv7s|armv7k|armv7m|armv7em)$")
+ elseif("${arch}" MATCHES "^(armhf|armv7|armv7s|armv7k|armv7l|armv7m|armv7em)$")
set(_arch "arm")
endif()
# For ARM archs, exclude any VFP builtins if VFP is not supported
- if (${arch} MATCHES "^(arm|armhf|armv7|armv7s|armv7k|armv7m|armv7em)$")
+ if (${arch} MATCHES "^(arm|armhf|armv7|armv7s|armv7k|armv7l|armv7m|armv7em)$")
string(REPLACE ";" " " _TARGET_${arch}_CFLAGS "${TARGET_${arch}_CFLAGS}")
check_compile_definition(__VFP_FP__ "${CMAKE_C_FLAGS} ${_TARGET_${arch}_CFLAGS}" COMPILER_RT_HAS_${arch}_VFP)
if(NOT COMPILER_RT_HAS_${arch}_VFP)

3
pkgs/development/compilers/llvm/7/compiler-rt.nix
View file

@ -48,7 +48,8 @@ stdenv.mkDerivation {
patches = [
./compiler-rt-codesign.patch # Revert compiler-rt commit that makes codesign mandatory
] ++ stdenv.lib.optional (useLLVM) ./crtbegin-and-end.patch
++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch;
++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch
++ stdenv.lib.optional stdenv.hostPlatform.isAarch32 ./compiler-rt-armv7l.patch;
# TSAN requires XPC on Darwin, which we have no public/free source files for. We can depend on the Apple frameworks
# to get it, but they're unfree. Since LLVM is rather central to the stdenv, we patch out TSAN support so that Hydra

38
pkgs/development/compilers/llvm/8/compiler-rt-armv7l.patch Normal file
View file

@ -0,0 +1,38 @@
diff -ur compiler-rt-7.1.0.src/cmake/builtin-config-ix.cmake compiler-rt-7.1.0.src-patched/cmake/builtin-config-ix.cmake
--- compiler-rt-7.1.0.src/cmake/builtin-config-ix.cmake 2018-05-25 06:36:27.000000000 +0900
+++ compiler-rt-7.1.0.src-patched/cmake/builtin-config-ix.cmake 2020-05-09 20:26:33.030608692 +0900
@@ -24,7 +24,7 @@
set(ARM64 aarch64)
-set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k)
+set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k armv7l)
set(HEXAGON hexagon)
set(X86 i386)
set(X86_64 x86_64)
diff -ur compiler-rt-7.1.0.src/lib/builtins/CMakeLists.txt compiler-rt-7.1.0.src-patched/lib/builtins/CMakeLists.txt
--- compiler-rt-7.1.0.src/lib/builtins/CMakeLists.txt 2018-07-31 03:18:59.000000000 +0900
+++ compiler-rt-7.1.0.src-patched/lib/builtins/CMakeLists.txt 2020-05-09 20:27:38.893409318 +0900
@@ -453,6 +453,7 @@
set(armv7_SOURCES ${arm_SOURCES})
set(armv7s_SOURCES ${arm_SOURCES})
set(armv7k_SOURCES ${arm_SOURCES})
+set(armv7l_SOURCES ${arm_SOURCES})
set(arm64_SOURCES ${aarch64_SOURCES})
# macho_embedded archs
@@ -563,12 +564,12 @@
set(_arch ${arch})
if("${arch}" STREQUAL "armv6m")
set(_arch "arm|armv6m")
- elseif("${arch}" MATCHES "^(armhf|armv7|armv7s|armv7k|armv7m|armv7em)$")
+ elseif("${arch}" MATCHES "^(armhf|armv7|armv7s|armv7k|armv7l|armv7m|armv7em)$")
set(_arch "arm")
endif()
# For ARM archs, exclude any VFP builtins if VFP is not supported
- if (${arch} MATCHES "^(arm|armhf|armv7|armv7s|armv7k|armv7m|armv7em)$")
+ if (${arch} MATCHES "^(arm|armhf|armv7|armv7s|armv7k|armv7l|armv7m|armv7em)$")
string(REPLACE ";" " " _TARGET_${arch}_CFLAGS "${TARGET_${arch}_CFLAGS}")
check_compile_definition(__VFP_FP__ "${CMAKE_C_FLAGS} ${_TARGET_${arch}_CFLAGS}" COMPILER_RT_HAS_${arch}_VFP)
if(NOT COMPILER_RT_HAS_${arch}_VFP)

3
pkgs/development/compilers/llvm/8/compiler-rt.nix
View file

@ -48,7 +48,8 @@ stdenv.mkDerivation {
patches = [
./compiler-rt-codesign.patch # Revert compiler-rt commit that makes codesign mandatory
]# ++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch
++ stdenv.lib.optional (useLLVM) ./crtbegin-and-end.patch;
++ stdenv.lib.optional (useLLVM) ./crtbegin-and-end.patch
++ stdenv.lib.optional stdenv.hostPlatform.isAarch32 ./compiler-rt-armv7l.patch;
# TSAN requires XPC on Darwin, which we have no public/free source files for. We can depend on the Apple frameworks
# to get it, but they're unfree. Since LLVM is rather central to the stdenv, we patch out TSAN support so that Hydra

38
pkgs/development/compilers/llvm/9/compiler-rt-armv7l.patch Normal file
View file

@ -0,0 +1,38 @@
diff -ur compiler-rt-7.1.0.src/cmake/builtin-config-ix.cmake compiler-rt-7.1.0.src-patched/cmake/builtin-config-ix.cmake
--- compiler-rt-7.1.0.src/cmake/builtin-config-ix.cmake 2018-05-25 06:36:27.000000000 +0900
+++ compiler-rt-7.1.0.src-patched/cmake/builtin-config-ix.cmake 2020-05-09 20:26:33.030608692 +0900
@@ -24,7 +24,7 @@
set(ARM64 aarch64)
-set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k)
+set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k armv7l)
set(HEXAGON hexagon)
set(X86 i386)
set(X86_64 x86_64)
diff -ur compiler-rt-7.1.0.src/lib/builtins/CMakeLists.txt compiler-rt-7.1.0.src-patched/lib/builtins/CMakeLists.txt
--- compiler-rt-7.1.0.src/lib/builtins/CMakeLists.txt 2018-07-31 03:18:59.000000000 +0900
+++ compiler-rt-7.1.0.src-patched/lib/builtins/CMakeLists.txt 2020-05-09 20:27:38.893409318 +0900
@@ -453,6 +453,7 @@
set(armv7_SOURCES ${arm_SOURCES})
set(armv7s_SOURCES ${arm_SOURCES})
set(armv7k_SOURCES ${arm_SOURCES})
+set(armv7l_SOURCES ${arm_SOURCES})
set(arm64_SOURCES ${aarch64_SOURCES})
# macho_embedded archs
@@ -563,12 +564,12 @@
set(_arch ${arch})
if("${arch}" STREQUAL "armv6m")
set(_arch "arm|armv6m")
- elseif("${arch}" MATCHES "^(armhf|armv7|armv7s|armv7k|armv7m|armv7em)$")
+ elseif("${arch}" MATCHES "^(armhf|armv7|armv7s|armv7k|armv7l|armv7m|armv7em)$")
set(_arch "arm")
endif()
# For ARM archs, exclude any VFP builtins if VFP is not supported
- if (${arch} MATCHES "^(arm|armhf|armv7|armv7s|armv7k|armv7m|armv7em)$")
+ if (${arch} MATCHES "^(arm|armhf|armv7|armv7s|armv7k|armv7l|armv7m|armv7em)$")
string(REPLACE ";" " " _TARGET_${arch}_CFLAGS "${TARGET_${arch}_CFLAGS}")
check_compile_definition(__VFP_FP__ "${CMAKE_C_FLAGS} ${_TARGET_${arch}_CFLAGS}" COMPILER_RT_HAS_${arch}_VFP)
if(NOT COMPILER_RT_HAS_${arch}_VFP)

3
pkgs/development/compilers/llvm/9/compiler-rt.nix
View file

@ -47,7 +47,8 @@ stdenv.mkDerivation rec {
patches = [
./compiler-rt-codesign.patch # Revert compiler-rt commit that makes codesign mandatory
];# ++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch
]# ++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch
++ stdenv.lib.optional stdenv.hostPlatform.isAarch32 ./compiler-rt-armv7l.patch;
# TSAN requires XPC on Darwin, which we have no public/free source files for. We can depend on the Apple frameworks
# to get it, but they're unfree. Since LLVM is rather central to the stdenv, we patch out TSAN support so that Hydra

5
pkgs/development/libraries/libfm/default.nix
View file

@ -28,6 +28,11 @@ stdenv.mkDerivation rec {
"sysconfdir=${placeholder "out"}/etc"
];
# libfm-extra is pulled in by menu-cache and thus leads to a collision for libfm
postInstall = optional (!extraOnly) ''
rm $out/lib/libfm-extra.so $out/lib/libfm-extra.so.* $out/lib/libfm-extra.la $out/lib/pkgconfig/libfm-extra.pc
'';
enableParallelBuilding = true;
meta = with stdenv.lib; {

23
pkgs/development/ocaml-modules/async/default.nix
View file

@ -1,23 +0,0 @@
{stdenv, buildOcaml, fetchurl, async_kernel_p4,
async_unix_p4, async_extra_p4, pa_ounit}:
buildOcaml rec {
name = "async";
version = "112.24.00";
minimumSupportedOcamlVersion = "4.02";
src = fetchurl {
url = "https://github.com/janestreet/async/archive/${version}.tar.gz";
sha256 = "ecc4ca939ab098e689332921b110dbaacd06d9f8d8bf697023dfff3ca37dc1e9";
};
propagatedBuildInputs = [ async_kernel_p4 async_unix_p4 async_extra_p4 pa_ounit ];
meta = with stdenv.lib; {
homepage = "https://github.com/janestreet/async";
description = "Jane Street Capital's asynchronous execution library";
license = licenses.asl20;
maintainers = [ maintainers.ericbmerritt ];
};
}

16
pkgs/development/ocaml-modules/janestreet/async.nix
View file

@ -1,16 +0,0 @@
{stdenv, buildOcamlJane, async_kernel,
async_unix, async_extra}:
buildOcamlJane {
name = "async";
version = "113.33.03";
hash = "0wyspkp8k833fh03r3h016nbfn6kjfhvb2bg42cly6agcak59fmr";
propagatedBuildInputs = [ async_kernel async_unix async_extra ];
meta = with stdenv.lib; {
homepage = "https://github.com/janestreet/async";
description = "Jane Street Capital's asynchronous execution library";
license = licenses.asl20;
maintainers = [ maintainers.maurer maintainers.ericbmerritt ];
};
}

4
pkgs/development/ocaml-modules/lablgtk3/default.nix
View file

@ -1,14 +1,14 @@
{ lib, fetchurl, pkgconfig, buildDunePackage, gtk3, cairo2 }:
buildDunePackage rec {
version = "3.0.beta6";
version = "3.1.0";
pname = "lablgtk3";
minimumOCamlVersion = "4.05";
src = fetchurl {
url = "https://github.com/garrigue/lablgtk/releases/download/${version}/lablgtk3-${version}.tbz";
sha256 = "1jni5cbp54qs7y0dc5zkm28v2brpfwy5miighv7cy0nmmxrsq520";
sha256 = "1fn04qwgkwc86jndlrnv4vxcmasjsp1mmcgfznahj1ccc7bv47sv";
};
nativeBuildInputs = [ pkgconfig ];

9
pkgs/development/python-modules/fastapi/default.nix
View file

@ -16,7 +16,7 @@
buildPythonPackage rec {
pname = "fastapi";
version = "0.54.0";
version = "0.54.1";
format = "flit";
disabled = !isPy3k;
@ -24,9 +24,14 @@ buildPythonPackage rec {
owner = "tiangolo";
repo = "fastapi";
rev = version;
sha256 = "17bicrpr801z71wrn9iimvh7qk6iwyxvr89ialf0s2rxxa2s0yb5";
sha256 = "0k0lss8x6lzf0szcli48v28r269fsx1jdkr9q78liz47dz5x03d8";
};
postPatch = ''
substituteInPlace pyproject.toml \
--replace "starlette ==0.13.2" "starlette"
'';
propagatedBuildInputs = [
uvicorn
starlette

12
pkgs/development/python-modules/jc/default.nix
View file

@ -1,6 +1,6 @@
{ stdenv
, buildPythonPackage
, fetchPypi
, fetchFromGitHub
, ruamel_yaml
, xmltodict
, pygments
@ -9,12 +9,14 @@
buildPythonPackage rec {
pname = "jc";
version = "1.10.7";
version = "1.10.10";
disabled = isPy27;
src = fetchPypi {
inherit pname version;
sha256 = "198vsnh6j0nv9d7msnvw6qr1bzf0nffjsz7clm11bs7fh3ri3qxp";
src = fetchFromGitHub {
owner = "kellyjonbrazil";
repo = "jc";
rev = "v${version}";
sha256 = "1rkgk1d1gijic6l6rsvz5mpfhdj8l7qc60aqafj27s4yi5bbqrc7";
};
propagatedBuildInputs = [ ruamel_yaml xmltodict pygments ];

4
pkgs/development/python-modules/ldap3/default.nix
View file

@ -2,11 +2,11 @@
buildPythonPackage rec {
pname = "ldap3";
version = "2.6.1";
version = "2.7";
src = fetchPypi {
inherit pname version;
sha256 = "0ag5xqlki6pjk3f50b8ar8vynx2fmkna7rfampv3kdgwg8z6gjr7";
sha256 = "1h1q8g1c2nkhx8p5n91bzkvjx5js5didi9xqbnmfrxqbnyc45w0p";
};
propagatedBuildInputs = [ pyasn1 ];

2
pkgs/development/python-modules/libarcus/default.nix
View file

@ -3,7 +3,7 @@
buildPythonPackage rec {
pname = "libarcus";
version = "4.5.0";
version = "4.6.1";
format = "other";
src = fetchFromGitHub {

4
pkgs/development/python-modules/libsavitar/default.nix
View file

@ -2,14 +2,14 @@
buildPythonPackage rec {
pname = "libsavitar";
version = "4.5.0";
version = "4.6.1";
format = "other";
src = fetchFromGitHub {
owner = "Ultimaker";
repo = "libSavitar";
rev = version;
sha256 = "1l3l8cgaxzqdk93880p2ijrabshdj5sq05cwj1i6jpmhlqc5b9rx";
sha256 = "0nk8zl5b0b36wrrkj271ck4phzxsigkjsazndscjslc9nkldmnpq";
};
postPatch = ''

27
pkgs/development/python-modules/onnx/default.nix
View file

@ -18,29 +18,18 @@
buildPythonPackage rec {
pname = "onnx";
version = "1.6.0";
version = "1.7.0";
# Due to Protobuf packaging issues this build of Onnx with Python 2 gives
# errors on import
# errors on import.
# Also support for Python 2 will be deprecated from Onnx v1.8.
disabled = isPy27;
src = fetchPypi {
inherit pname version;
sha256 = "0ig33jl3591041lyylxp52yi20rfrcqx3i030hd6al8iabzc721v";
sha256 = "0j6rgfbhsw3a8id8pyg18y93k68lbjbj1kq6qia36h69f6pvlyjy";
};
# Remove the unqualified requirement for the typing package for running the
# tests. typing is already required for the installation, where it is
# correctly qualified so as to only be required for sufficiently old Python
# versions.
# This patch should be in the next release (>1.6).
patches = [
(fetchpatch {
url = "https://github.com/onnx/onnx/commit/c963586d0f8dd5740777b2fd06f04ec60816de9f.patch";
sha256 = "1hl26cw5zckc91gmh0bdah87jyprccxiw0f4i5h1gwkq28hm6wbj";
})
];
nativeBuildInputs = [ cmake ];
propagatedBuildInputs = [
@ -61,13 +50,17 @@ buildPythonPackage rec {
patchShebangs tools/protoc-gen-mypy.py
'';
preBuild = ''
export MAX_JOBS=$NIX_BUILD_CORES
'';
# The executables are just utility scripts that aren't too important
postInstall = ''
rm -r $out/bin
'';
# The setup.py does all the configuration (running CMake)
dontConfigure = true;
# The setup.py does all the configuration
dontUseCmakeConfigure = true;
meta = {
homepage = "http://onnx.ai";

4
pkgs/development/python-modules/parver/default.nix
View file

@ -11,11 +11,11 @@
buildPythonPackage rec {
pname = "parver";
version = "0.2.1";
version = "0.3.0";
src = fetchPypi {
inherit pname version;
sha256 = "0jzyylcmjxb0agc4fpdnzdnv2ajvp99rs9pz7qcklnhlmy8scdqv";
sha256 = "0a6jp17c1ag6b9yp5xgy9wvznk3g0v2f8gpwkcwxpyc9ygk98zdm";
};
propagatedBuildInputs = [ six attrs arpeggio ];

4
pkgs/development/python-modules/plotly/default.nix
View file

@ -11,11 +11,11 @@
buildPythonPackage rec {
pname = "plotly";
version = "4.4.1";
version = "4.6.0";
src = fetchPypi {
inherit pname version;
sha256 = "acc94f17452471ca3446c2ce491c4d1affb99b9ddd9eac4e05614ac4318f8780";
sha256 = "0br996lqbyq1prq9hhrzkgpicz5fgvxamzjrrpms20a2y1alkwv1";
};
propagatedBuildInputs = [

4
pkgs/development/python-modules/pyGithub/default.nix
View file

@ -12,14 +12,14 @@
buildPythonPackage rec {
pname = "PyGithub";
version = "1.47";
version = "1.51";
disabled = !isPy3k;
src = fetchFromGitHub {
owner = "PyGithub";
repo = "PyGithub";
rev = "v${version}";
sha256 = "0zvp1gib2lryw698vxkbdv40n3lsmdlhwp7vdcg41dqqa5nfryhn";
hash = "sha256-8uQCFiw1ByPOX8ZRUlSLYPIibjmd19r/JtTnmQdz5cM=";
};
checkInputs = [ httpretty parameterized pytestCheckHook ];

6
pkgs/development/python-modules/pyenchant/default.nix
View file

@ -1,16 +1,18 @@
{ stdenv
, buildPythonPackage
, isPy27
, fetchPypi
, enchant2
}:
buildPythonPackage rec {
pname = "pyenchant";
version = "2.0.0";
version = "3.0.1";
disabled = isPy27;
src = fetchPypi {
inherit pname version;
sha256 = "fc31cda72ace001da8fe5d42f11c26e514a91fa8c70468739216ddd8de64e2a0";
sha256 = "0nfmckqm45fbfz795qw5hgvygdxgxchdiwp3kmm1k05z99j6mlhv";
};
propagatedBuildInputs = [ enchant2 ];

4
pkgs/development/python-modules/pytest-metadata/default.nix
View file

@ -3,11 +3,11 @@
buildPythonPackage rec {
pname = "pytest-metadata";
version = "1.8.0";
version = "1.9.0";
src = fetchPypi {
inherit pname version;
sha256 = "1fk6icip2x1nh4kzhbc8cnqrs77avpqvj7ny3xadfh6yhn9aaw90";
sha256 = "1711gippwsl7c1wi8pc2y75xqq5sn1sscpqvrxjvpjm8pcx2138n";
};
nativeBuildInputs = [ setuptools_scm ];

4
pkgs/development/python-modules/pyudev/default.nix
View file

@ -4,11 +4,11 @@
buildPythonPackage rec {
pname = "pyudev";
version = "0.21.0";
version = "0.22.0";
src = fetchPypi {
inherit pname version;
sha256 = "0arz0dqp75sszsmgm6vhg92n1lsx91ihddx3m944f4ah0487ljq9";
sha256 = "0xmj6l08iih2js9skjqpv4w7y0dhxyg91zmrs6v5aa65gbmipfv9";
};
postPatch = ''

4
pkgs/development/python-modules/rdflib/default.nix
View file

@ -10,11 +10,11 @@
buildPythonPackage rec {
pname = "rdflib";
version = "4.2.2";
version = "5.0.0";
src = fetchPypi {
inherit pname version;
sha256 = "0398c714znnhaa2x7v51b269hk20iz073knq2mvmqp2ma92z27fs";
sha256 = "0mdi7xh4zcr3ngqwlgqdqf0i5bxghwfddyxdng1zwpiqkpa9s53q";
};
propagatedBuildInputs = [isodate html5lib SPARQLWrapper ];

4
pkgs/development/python-modules/rfc3986/default.nix
View file

@ -3,11 +3,11 @@
buildPythonPackage rec {
pname = "rfc3986";
version = "1.3.2";
version = "1.4.0";
src = fetchPypi {
inherit pname version;
sha256 = "0344d0bd428126ce554e7ca2b61787b6a28d2bbd19fc70ed2dd85efe31176405";
sha256 = "17dvx15m3r49bmif5zlli8kzjd6bys6psixzbp14sd5367d9h8qi";
};
checkInputs = [ pytest ];

4
pkgs/development/python-modules/snakeviz/default.nix
View file

@ -2,11 +2,11 @@
buildPythonPackage rec {
pname = "snakeviz";
version = "2.0.1";
version = "2.1.0";
src = fetchPypi {
inherit pname version;
sha256 = "11a8cd4g98vq2x61i99ncl5w83clnndwg909ya4y1cdf0k1ckb40";
sha256 = "0s6byw23hr2khqx2az36hpi52fk4v6bfm1bb7biaf0d2nrpqgbcj";
};
# Upstream doesn't run tests from setup.py

4
pkgs/development/python-modules/sparse/default.nix
View file

@ -10,13 +10,13 @@
buildPythonPackage rec {
pname = "sparse";
version = "0.8.0";
version = "0.9.1";
disabled = !isPy3k;
src = fetchPypi {
inherit pname version;
sha256 = "a3dc14ee5314caa2e64331b0b50c8f92e8999d7d275179a804a114e6cb1f8b81";
sha256 = "04gfwm1y9knryx992biniqa3978n3chr38iy3y4i2b8wy52fzy3d";
};
checkInputs = [ pytest ];

4
pkgs/development/python-modules/starlette/default.nix
View file

@ -26,14 +26,14 @@ buildPythonPackage rec {
# https://github.com/tiangolo/fastapi/issues/683. Please update when
# possible. FastAPI is currently Starlette's only dependent.
version = "0.13.2";
version = "0.13.4";
disabled = isPy27;
src = fetchFromGitHub {
owner = "encode";
repo = pname;
rev = version;
sha256 = "1ls8d121zyyhry5ji7gf7vjvhyqdpr4za3qx1llq48943fmaxxpq";
sha256 = "1rk20rj62iigkkikb80bmalriyg1j3g28s25l8z2gijagv1v5c7l";
};
propagatedBuildInputs = [

4
pkgs/development/python-modules/stripe/default.nix
View file

@ -2,7 +2,7 @@
buildPythonPackage rec {
pname = "stripe";
version = "2.44.0";
version = "2.47.0";
# Tests require network connectivity and there's no easy way to disable
# them. ~ C.
@ -10,7 +10,7 @@ buildPythonPackage rec {
src = fetchPypi {
inherit pname version;
sha256 = "0aaaf8dp989im2n0cdmslq0ys4ia970yl1irhxiwwqarmh6fap5i";
sha256 = "14skddrf2nl25bvcyys0bgibjqkcivvfdywzldqjzyqvbwr4mkal";
};
propagatedBuildInputs = [ requests ];

4
pkgs/development/python-modules/subliminal/default.nix
View file

@ -28,11 +28,11 @@
buildPythonPackage rec {
pname = "subliminal";
version = "2.0.5";
version = "2.1.0";
src = fetchPypi {
inherit pname version;
sha256 = "1dzv5csjcwgz69aimarx2c6606ckm2gbn4x2mzydcqnyai7sayhl";
sha256 = "12v2clnbic8320fjsvkg3xfxfa7x8inhjk61z00pzwx46g3rqhy6";
};
propagatedBuildInputs = [

4
pkgs/development/python-modules/testfixtures/default.nix
View file

@ -3,11 +3,11 @@
buildPythonPackage rec {
pname = "testfixtures";
version = "6.10.3";
version = "6.14.1";
src = fetchPypi {
inherit pname version;
sha256 = "8f22100d4fb841b958f64e71c8820a32dc46f57d4d7e077777b932acd87b7327";
sha256 = "0rh38zj8wywgqlsi5j75c7drpqhkrg50qknj1kdmvg4kdlab7ljq";
};
checkInputs = [ pytest mock sybil zope_component twisted ];

24
pkgs/development/python-modules/trimesh/default.nix Normal file
View file

@ -0,0 +1,24 @@
{ lib, buildPythonPackage, fetchPypi, numpy }:
buildPythonPackage rec {
pname = "trimesh";
version = "3.6.36";
src = fetchPypi {
inherit pname version;
sha256 = "1m8dqqyzazrjk4d32cqn4d8gvbfcwgs2qbmgvpi2f2mi5vnp6d85";
};
propagatedBuildInputs = [ numpy ];
# tests are not included in pypi distributions and would require lots of
# optional dependencies
doCheck = false;
meta = with lib; {
description = "Python library for loading and using triangular meshes.";
homepage = "https://trimsh.org/";
license = licenses.mit;
maintainers = with maintainers; [ gebner ];
};
}

4
pkgs/development/python-modules/uranium/default.nix
View file

@ -2,7 +2,7 @@
, pyqt5, numpy, scipy, shapely, libarcus, doxygen, gettext, pythonOlder }:
buildPythonPackage rec {
version = "4.5.0";
version = "4.6.1";
pname = "uranium";
format = "other";
@ -10,7 +10,7 @@ buildPythonPackage rec {
owner = "Ultimaker";
repo = "Uranium";
rev = version;
sha256 = "1l8fwj521irla42bdbw298d3c5rjpn1nm9xhjnx7hidbqixr5d27";
sha256 = "07pksjbgxs1ks2i6pgxkwfg9c56pcql7f9p89dnwaf2rcn7yhx6r";
};
disabled = pythonOlder "3.5.0";

4
pkgs/development/python-modules/xapp/default.nix
View file

@ -11,13 +11,13 @@
buildPythonPackage rec {
pname = "xapp";
version = "1.8.1";
version = "2.0.1";
src = fetchFromGitHub {
owner = "linuxmint";
repo = "python-xapp";
rev = version;
sha256 = "0vw3cn09nx75lv4d9idp5fdhd81xs279zhbyyilynq29cxxs2zil";
sha256 = "1pp3z4q6ryxcc26kaq222j53ji110n2v7rx29c7vy1fbb8mq64im";
};
propagatedBuildInputs = [

4
pkgs/development/python-modules/yamllint/default.nix
View file

@ -3,11 +3,11 @@
buildPythonPackage rec {
pname = "yamllint";
version = "1.21.0";
version = "1.23.0";
src = fetchPypi {
inherit pname version;
sha256 = "14yijcnmanyd3s2ir38sxl07rzpxgpgw9s6b8sy68jrl7n5nj7ky";
sha256 = "1agl80csxhiqglm0idwhw98iqfpp61c9inzcdaz4czsfyivzzwsr";
};
checkInputs = [ nose ];

1
pkgs/development/r-modules/default.nix
View file

@ -444,6 +444,7 @@ let
sundialr = [ pkgs.libiconv ];
ucminf = [ pkgs.libiconv ];
glmnet = [ pkgs.libiconv ];
mvtnorm = [ pkgs.libiconv ];
};
packagesRequireingX = [

6
pkgs/development/tools/misc/texlab/default.nix
View file

@ -6,16 +6,16 @@
rustPlatform.buildRustPackage rec {
pname = "texlab";
version = "2.0.0";
version = "2.1.0";
src = fetchFromGitHub {
owner = "latex-lsp";
repo = pname;
rev = "v${version}";
sha256 = "0y8cv8y92a4nqwrvqk2cxgs6nspqjk8jm4spr8rgkwlpfbrg74xn";
sha256 = "0cmciadiknw6w573v71spzf5ydaz2xxm2snv3n1hks732nahlr56";
};
cargoSha256 = "1qi1c4v5d5a4xcf1bjbdicrv35w6chl5swlm96c1h3pr9s09lqy7";
cargoSha256 = "0dhbbni8ia0dkwjacx5jlr5rj7173nsbivm9gjsx9j8ais0f0hff";
buildInputs = stdenv.lib.optionals stdenv.isDarwin [ Security ];

4
pkgs/development/tools/misc/ycmd/default.nix
View file

@ -2,6 +2,7 @@
, gocode ? null
, godef ? null
, gotools ? null
, nodePackages ? null
, rustracerd ? null
, fixDarwinDylibNames, Cocoa ? null
}:
@ -69,6 +70,9 @@ stdenv.mkDerivation {
TARGET=$out/lib/ycmd/third_party/go/src/golang.org/x/tools/cmd/gopls
mkdir -p $TARGET
ln -sf ${gotools}/bin/gopls $TARGET
'' + lib.optionalString (nodePackages != null) ''
TARGET=$out/lib/ycmd/third_party/tsserver
ln -sf ${nodePackages.typescript} $TARGET
'' + lib.optionalString (rustracerd != null) ''
TARGET=$out/lib/ycmd/third_party/racerd/target/release
mkdir -p $TARGET

0
pkgs/os-specific/linux/kernel/anthraxx.asc → pkgs/os-specific/linux/kernel/hardened/anthraxx.asc
View file

0
pkgs/os-specific/linux/kernel/hardened-config.nix → pkgs/os-specific/linux/kernel/hardened/config.nix
View file

0
pkgs/os-specific/linux/kernel/hardened-patches.json → pkgs/os-specific/linux/kernel/hardened/patches.json
View file

0
pkgs/os-specific/linux/kernel/tag-hardened.patch → pkgs/os-specific/linux/kernel/hardened/tag-hardened.patch
View file

277
pkgs/os-specific/linux/kernel/hardened/update.py Executable file
View file

@ -0,0 +1,277 @@
#! /usr/bin/env nix-shell
#! nix-shell -i python -p "python38.withPackages (ps: [ps.PyGithub])" git gnupg
# This is automatically called by ../update.sh.
from __future__ import annotations
import json
import os
import re
import subprocess
import sys
from dataclasses import dataclass
from pathlib import Path
from tempfile import TemporaryDirectory
from typing import (
Dict,
Iterator,
List,
Optional,
Sequence,
Tuple,
TypedDict,
Union,
)
from github import Github
from github.GitRelease import GitRelease
VersionComponent = Union[int, str]
Version = List[VersionComponent]
Patch = TypedDict("Patch", {"name": str, "url": str, "sha256": str})
@dataclass
class ReleaseInfo:
version: Version
release: GitRelease
HERE = Path(__file__).resolve().parent
NIXPKGS_KERNEL_PATH = HERE.parent
NIXPKGS_PATH = HERE.parents[4]
HARDENED_GITHUB_REPO = "anthraxx/linux-hardened"
HARDENED_TRUSTED_KEY = HERE / "anthraxx.asc"
HARDENED_PATCHES_PATH = HERE / "patches.json"
MIN_KERNEL_VERSION: Version = [4, 14]
def run(*args: Union[str, Path]) -> subprocess.CompletedProcess[bytes]:
try:
return subprocess.run(
args,
check=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
encoding="utf-8",
)
except subprocess.CalledProcessError as err:
print(
f"error: `{err.cmd}` failed unexpectedly\n"
f"status code: {err.returncode}\n"
f"stdout:\n{err.stdout.strip()}\n"
f"stderr:\n{err.stderr.strip()}",
file=sys.stderr,
)
sys.exit(1)
def nix_prefetch_url(url: str) -> Tuple[str, Path]:
output = run("nix-prefetch-url", "--print-path", url).stdout
sha256, path = output.strip().split("\n")
return sha256, Path(path)
def verify_openpgp_signature(
*, name: str, trusted_key: Path, sig_path: Path, data_path: Path,
) -> bool:
with TemporaryDirectory(suffix=".nixpkgs-gnupg-home") as gnupg_home_str:
gnupg_home = Path(gnupg_home_str)
run("gpg", "--homedir", gnupg_home, "--import", trusted_key)
keyring = gnupg_home / "pubring.kbx"
try:
subprocess.run(
("gpgv", "--keyring", keyring, sig_path, data_path),
check=True,
stderr=subprocess.PIPE,
encoding="utf-8",
)
return True
except subprocess.CalledProcessError as err:
print(
f"error: signature for {name} failed to verify!",
file=sys.stderr,
)
print(err.stderr, file=sys.stderr, end="")
return False
def fetch_patch(*, name: str, release: GitRelease) -> Optional[Patch]:
def find_asset(filename: str) -> str:
try:
it: Iterator[str] = (
asset.browser_download_url
for asset in release.get_assets()
if asset.name == filename
)
return next(it)
except StopIteration:
raise KeyError(filename)
patch_filename = f"{name}.patch"
try:
patch_url = find_asset(patch_filename)
sig_url = find_asset(patch_filename + ".sig")
except KeyError:
print(f"error: {patch_filename}{{,.sig}} not present", file=sys.stderr)
return None
sha256, patch_path = nix_prefetch_url(patch_url)
_, sig_path = nix_prefetch_url(sig_url)
sig_ok = verify_openpgp_signature(
name=name,
trusted_key=HARDENED_TRUSTED_KEY,
sig_path=sig_path,
data_path=patch_path,
)
if not sig_ok:
return None
return Patch(name=patch_filename, url=patch_url, sha256=sha256)
def parse_version(version_str: str) -> Version:
version: Version = []
for component in version_str.split("."):
try:
version.append(int(component))
except ValueError:
version.append(component)
return version
def version_string(version: Version) -> str:
return ".".join(str(component) for component in version)
def major_kernel_version_key(kernel_version: Version) -> str:
return version_string(kernel_version[:-1])
def commit_patches(*, kernel_key: str, message: str) -> None:
new_patches_path = HARDENED_PATCHES_PATH.with_suffix(".new")
with open(new_patches_path, "w") as new_patches_file:
json.dump(patches, new_patches_file, indent=4, sort_keys=True)
new_patches_file.write("\n")
os.rename(new_patches_path, HARDENED_PATCHES_PATH)
message = f"linux/hardened/patches/{kernel_key}: {message}"
print(message)
if os.environ.get("COMMIT"):
run(
"git",
"-C",
NIXPKGS_PATH,
"commit",
f"--message={message}",
HARDENED_PATCHES_PATH,
)
# Load the existing patches.
patches: Dict[str, Patch]
with open(HARDENED_PATCHES_PATH) as patches_file:
patches = json.load(patches_file)
# Get the set of currently packaged kernel versions.
kernel_versions = {}
for filename in os.listdir(NIXPKGS_KERNEL_PATH):
filename_match = re.fullmatch(r"linux-(\d+)\.(\d+)\.nix", filename)
if filename_match:
nix_version_expr = f"""
with import {NIXPKGS_PATH} {{}};
(callPackage {NIXPKGS_KERNEL_PATH / filename} {{}}).version
"""
kernel_version = parse_version(
run(
"nix", "eval", "--impure", "--raw", "--expr", nix_version_expr,
).stdout
)
if kernel_version < MIN_KERNEL_VERSION:
continue
kernel_key = major_kernel_version_key(kernel_version)
kernel_versions[kernel_key] = kernel_version
# Remove patches for unpackaged kernel versions.
for kernel_key in sorted(patches.keys() - kernel_versions.keys()):
commit_patches(kernel_key=kernel_key, message="remove")
g = Github(os.environ.get("GITHUB_TOKEN"))
repo = g.get_repo(HARDENED_GITHUB_REPO)
failures = False
# Match each kernel version with the best patch version.
releases = {}
for release in repo.get_releases():
version = parse_version(release.tag_name)
# needs to look like e.g. 5.6.3.a
if len(version) < 4:
continue
kernel_version = version[:-1]
kernel_key = major_kernel_version_key(kernel_version)
try:
packaged_kernel_version = kernel_versions[kernel_key]
except KeyError:
continue
release_info = ReleaseInfo(version=version, release=release)
if kernel_version == packaged_kernel_version:
releases[kernel_key] = release_info
else:
# Fall back to the latest patch for this major kernel version,
# skipping patches for kernels newer than the packaged one.
if kernel_version > packaged_kernel_version:
continue
elif (
kernel_key not in releases or releases[kernel_key].version < version
):
releases[kernel_key] = release_info
# Update hardened-patches.json for each release.
for kernel_key in sorted(releases.keys()):
release_info = releases[kernel_key]
release = release_info.release
version = release_info.version
version_str = release.tag_name
name = f"linux-hardened-{version_str}"
old_version: Optional[Version] = None
old_version_str: Optional[str] = None
update: bool
try:
old_filename = patches[kernel_key]["name"]
old_version_str = old_filename.replace("linux-hardened-", "").replace(
".patch", ""
)
old_version = parse_version(old_version_str)
update = old_version < version
except KeyError:
update = True
if update:
patch = fetch_patch(name=name, release=release)
if patch is None:
failures = True
else:
patches[kernel_key] = patch
if old_version:
message = f"{old_version_str} -> {version_str}"
else:
message = f"init at {version_str}"
commit_patches(kernel_key=kernel_key, message=message)
missing_kernel_versions = kernel_versions.keys() - patches.keys()
if missing_kernel_versions:
print(
f"warning: no patches for kernel versions "
+ ", ".join(missing_kernel_versions),
file=sys.stderr,
)
if failures:
sys.exit(1)

4
pkgs/os-specific/linux/kernel/linux-4.14.nix
View file

@ -3,7 +3,7 @@
with stdenv.lib;
buildLinux (args // rec {
version = "4.14.179";
version = "4.14.180";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "10arrj3ppbxkn15yxqpxlz4k8yp2afzbfpp2nwfy6klhjiffp9sx";
sha256 = "03pd4wpg526n391jwc0kbmbxi059mvq8d42a9qbym9mnv5rzjkj4";
};
} // (args.argsOverride or {}))

4
pkgs/os-specific/linux/kernel/linux-4.19.nix
View file

@ -3,7 +3,7 @@
with stdenv.lib;
buildLinux (args // rec {
version = "4.19.121";
version = "4.19.122";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "11bhjdaihhc42xhf4qxdkkjznc0i6igh0ahjbzr3fb8bmq9sirgv";
sha256 = "1980vza1vf6cl772dynn4m0rgdjazbn125kd6sb3s06gqn72cl2h";
};
} // (args.argsOverride or {}))

4
pkgs/os-specific/linux/kernel/linux-4.4.nix
View file

@ -1,11 +1,11 @@
{ stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args:
buildLinux (args // rec {
version = "4.4.222";
version = "4.4.223";
extraMeta.branch = "4.4";
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "02zxy5vjxgrqs0mkz5aj70v6pazhif7x5cm26rf8zh4idpmhk2zh";
sha256 = "09fln0sdfif2zv2jifp24yiqi0vcyj8fqx2jz91g21zvsxk3x5nd";
};
} // (args.argsOverride or {}))

4
pkgs/os-specific/linux/kernel/linux-4.9.nix
View file

@ -1,11 +1,11 @@
{ stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args:
buildLinux (args // rec {
version = "4.9.222";
version = "4.9.223";
extraMeta.branch = "4.9";
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "0aajgflf96bj7chbd83rdmgcdwd025c6mz6li4cwbfx7xcb91kjc";
sha256 = "1r9ag1fhy0g429q44qlqh0qkf42qkhzxa04gxlmnrinqypk00lyg";
};
} // (args.argsOverride or {}))

4
pkgs/os-specific/linux/kernel/linux-5.4.nix
View file

@ -3,7 +3,7 @@
with stdenv.lib;
buildLinux (args // rec {
version = "5.4.39";
version = "5.4.40";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "1j35yf1nilb9z7lw8w2drpww7q2zy8zfr0ip8hwcbcd7c5d9chai";
sha256 = "1ar001rljlr15rcl77la5y1cj3plaqhdblnh87xsmv47fq13yml3";
};
} // (args.argsOverride or {}))

4
pkgs/os-specific/linux/kernel/linux-5.6.nix
View file

@ -3,7 +3,7 @@
with stdenv.lib;
buildLinux (args // rec {
version = "5.6.11";
version = "5.6.12";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "1ahv4a3mnszqs3qcnwmhbvjgis1jg37anj5jvn70i7s2k6z6rpfn";
sha256 = "0892ar2irfhd612sb8jpx85w0wwh4n76jgsv8wb92fp6mim37sns";
};
} // (args.argsOverride or {}))

4
pkgs/os-specific/linux/kernel/patches.nix
View file

@ -35,7 +35,7 @@
tag_hardened = {
name = "tag-hardened";
patch = ./tag-hardened.patch;
patch = ./hardened/tag-hardened.patch;
};
hardened = let
@ -43,7 +43,7 @@
name = lib.removeSuffix ".patch" src.name;
patch = fetchurl src;
};
patches = builtins.fromJSON (builtins.readFile ./hardened-patches.json);
patches = builtins.fromJSON (builtins.readFile ./hardened/patches.json);
in lib.mapAttrs mkPatch patches;
# https://bugzilla.kernel.org/show_bug.cgi?id=197591#c6

229
pkgs/os-specific/linux/kernel/update-hardened.py
View file

@ -1,229 +0,0 @@
#! /usr/bin/env nix-shell
#! nix-shell -i python -p "python3.withPackages (ps: [ps.PyGithub])" git gnupg
# This is automatically called by ./update.sh.
import re
import json
import sys
import os.path
from glob import glob
import subprocess
from tempfile import TemporaryDirectory
from github import Github
HERE = os.path.dirname(os.path.realpath(__file__))
HARDENED_GITHUB_REPO = 'anthraxx/linux-hardened'
HARDENED_TRUSTED_KEY = os.path.join(HERE, 'anthraxx.asc')
HARDENED_PATCHES_PATH = os.path.join(HERE, 'hardened-patches.json')
MIN_KERNEL_VERSION = [4, 14]
def run(*args, **kwargs):
try:
return subprocess.run(
args, **kwargs,
check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
)
except subprocess.CalledProcessError as err:
print(
f'error: `{err.cmd}` failed unexpectedly\n'
f'status code: {err.returncode}\n'
f'stdout:\n{err.stdout.decode("utf-8").strip()}\n'
f'stderr:\n{err.stderr.decode("utf-8").strip()}',
file=sys.stderr,
)
sys.exit(1)
def nix_prefetch_url(url):
output = run('nix-prefetch-url', '--print-path', url).stdout
return output.decode('utf-8').strip().split('\n')
def verify_openpgp_signature(*, name, trusted_key, sig_path, data_path):
with TemporaryDirectory(suffix='.nixpkgs-gnupg-home') as gnupg_home:
run('gpg', '--homedir', gnupg_home, '--import', trusted_key)
keyring = os.path.join(gnupg_home, 'pubring.kbx')
try:
subprocess.run(
('gpgv', '--keyring', keyring, sig_path, data_path),
check=True, stderr=subprocess.PIPE,
)
return True
except subprocess.CalledProcessError as err:
print(
f'error: signature for {name} failed to verify!',
file=sys.stderr,
)
print(err.stderr.decode('utf-8'), file=sys.stderr, end='')
return False
def fetch_patch(*, name, release):
def find_asset(filename):
try:
return next(
asset.browser_download_url
for asset in release.get_assets()
if asset.name == filename
)
except StopIteration:
raise KeyError(filename)
patch_filename = f'{name}.patch'
try:
patch_url = find_asset(patch_filename)
sig_url = find_asset(patch_filename + '.sig')
except KeyError:
print(f'error: {patch_filename}{{,.sig}} not present', file=sys.stderr)
return None
sha256, patch_path = nix_prefetch_url(patch_url)
_, sig_path = nix_prefetch_url(sig_url)
sig_ok = verify_openpgp_signature(
name=name,
trusted_key=HARDENED_TRUSTED_KEY,
sig_path=sig_path,
data_path=patch_path,
)
if not sig_ok:
return None
return {
'name': patch_filename,
'url': patch_url,
'sha256': sha256,
}
def parse_version(version_str):
version = []
for component in version_str.split('.'):
try:
version.append(int(component))
except ValueError:
version.append(component)
return version
def version_string(version):
return '.'.join(str(component) for component in version)
def major_kernel_version_key(kernel_version):
return version_string(kernel_version[:-1])
def commit_patches(*, kernel_key, message):
with open(HARDENED_PATCHES_PATH + '.new', 'w') as new_patches_file:
json.dump(patches, new_patches_file, indent=4, sort_keys=True)
new_patches_file.write('\n')
os.rename(HARDENED_PATCHES_PATH + '.new', HARDENED_PATCHES_PATH)
message = f'linux/hardened-patches/{kernel_key}: {message}'
print(message)
if os.environ.get('COMMIT'):
run(
'git', '-C', HERE, 'commit', f'--message={message}',
'hardened-patches.json',
)
# Load the existing patches.
with open(HARDENED_PATCHES_PATH) as patches_file:
patches = json.load(patches_file)
NIX_VERSION_RE = re.compile(r'''
\s* version \s* =
\s* " (?P<version> [^"]*) "
\s* ; \s* \n
''', re.VERBOSE)
# Get the set of currently packaged kernel versions.
kernel_versions = {}
for filename in os.listdir(HERE):
filename_match = re.fullmatch(r'linux-(\d+)\.(\d+)\.nix', filename)
if filename_match:
with open(os.path.join(HERE, filename)) as nix_file:
for nix_line in nix_file:
match = NIX_VERSION_RE.fullmatch(nix_line)
if match:
kernel_version = parse_version(match.group('version'))
if kernel_version < MIN_KERNEL_VERSION:
continue
kernel_key = major_kernel_version_key(kernel_version)
kernel_versions[kernel_key] = kernel_version
# Remove patches for unpackaged kernel versions.
for kernel_key in sorted(patches.keys() - kernel_versions.keys()):
commit_patches(kernel_key=kernel_key, message='remove')
g = Github(os.environ.get('GITHUB_TOKEN'))
repo = g.get_repo(HARDENED_GITHUB_REPO)
failures = False
# Match each kernel version with the best patch version.
releases = {}
for release in repo.get_releases():
version = parse_version(release.tag_name)
# needs to look like e.g. 5.6.3.a
if len(version) < 4:
continue
kernel_version = version[:-1]
kernel_key = major_kernel_version_key(kernel_version)
try:
packaged_kernel_version = kernel_versions[kernel_key]
except KeyError:
continue
release_info = {
'version': version,
'release': release,
}
if kernel_version == packaged_kernel_version:
releases[kernel_key] = release_info
else:
# Fall back to the latest patch for this major kernel version,
# skipping patches for kernels newer than the packaged one.
if kernel_version > packaged_kernel_version:
continue
elif (kernel_key not in releases or
releases[kernel_key]['version'] < version):
releases[kernel_key] = release_info
# Update hardened-patches.json for each release.
for kernel_key, release_info in releases.items():
release = release_info['release']
version = release_info['version']
version_str = release.tag_name
name = f'linux-hardened-{version_str}'
try:
old_filename = patches[kernel_key]['name']
old_version_str = (old_filename
.replace('linux-hardened-', '')
.replace('.patch', ''))
old_version = parse_version(old_version_str)
update = old_version < version
except KeyError:
update = True
old_version = None
if update:
patch = fetch_patch(name=name, release=release)
if patch is None:
failures = True
else:
patches[kernel_key] = patch
if old_version:
message = f'{old_version_str} -> {version_str}'
else:
message = f'init at {version_str}'
commit_patches(kernel_key=kernel_key, message=message)
missing_kernel_versions = kernel_versions.keys() - patches.keys()
if missing_kernel_versions:
print(
f'warning: no patches for kernel versions ' +
', '.join(missing_kernel_versions),
file=sys.stderr,
)
if failures:
sys.exit(1)

2
pkgs/os-specific/linux/kernel/update.sh
View file

@ -62,4 +62,4 @@ done
COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/update-libre.sh
# Update linux-hardened
COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/update-hardened.py
COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/hardened/update.py

4
pkgs/os-specific/linux/uclibc/default.nix
View file

@ -48,7 +48,7 @@ let
UCLIBC_HAS_FPU n
'';
version = "1.0.32";
version = "1.0.33";
in
stdenv.mkDerivation {
@ -58,7 +58,7 @@ stdenv.mkDerivation {
src = fetchurl {
url = "https://downloads.uclibc-ng.org/releases/${version}/uClibc-ng-${version}.tar.bz2";
# from "${url}.sha256";
sha256 = "0cp4xf3k0ib76xaz6n6i7yybw7s92s607ak8svq1kakwk0d1jjbv";
sha256 = "0qy9xsqacrhhrxd16azm26pqb2ks6c43wbrlq3i8xmq2917kw3xi";
};
# 'ftw' needed to build acl, a coreutils dependency

42
pkgs/servers/http/nginx/generic.nix
View file

@ -68,6 +68,14 @@ stdenv.mkDerivation {
"--with-http_stub_status_module"
"--with-threads"
"--with-pcre-jit"
"--http-log-path=/var/log/nginx/access.log"
"--error-log-path=/var/log/nginx/error.log"
"--pid-path=/var/log/nginx/nginx.pid"
"--http-client-body-temp-path=/var/cache/nginx/client_body"
"--http-proxy-temp-path=/var/cache/nginx/proxy"
"--http-fastcgi-temp-path=/var/cache/nginx/fastcgi"
"--http-uwsgi-temp-path=/var/cache/nginx/uwsgi"
"--http-scgi-temp-path=/var/cache/nginx/scgi"
] ++ optionals withDebug [
"--with-debug"
] ++ optionals withStream [
@ -99,26 +107,28 @@ stdenv.mkDerivation {
preConfigure = preConfigure
+ concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules;
patches = map fixPatch
(singleton (substituteAll {
patches = map fixPatch ([
(substituteAll {
src = ./nix-etag-1.15.4.patch;
preInstall = ''
export nixStoreDir="$NIX_STORE" nixStoreDirLen="''${#NIX_STORE}"
'';
}) ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
(fetchpatch {
url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/102-sizeof_test_fix.patch";
sha256 = "0i2k30ac8d7inj9l6bl0684kjglam2f68z8lf3xggcc2i5wzhh8a";
})
(fetchpatch {
url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/101-feature_test_fix.patch";
sha256 = "0v6890a85aqmw60pgj3mm7g8nkaphgq65dj4v9c6h58wdsrc6f0y";
})
(fetchpatch {
url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/103-sys_nerr.patch";
sha256 = "0s497x6mkz947aw29wdy073k8dyjq8j99lax1a1mzpikzr4rxlmd";
})
] ++ mapModules "patches");
})
./nix-skip-check-logs-path.patch
] ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
(fetchpatch {
url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/102-sizeof_test_fix.patch";
sha256 = "0i2k30ac8d7inj9l6bl0684kjglam2f68z8lf3xggcc2i5wzhh8a";
})
(fetchpatch {
url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/101-feature_test_fix.patch";
sha256 = "0v6890a85aqmw60pgj3mm7g8nkaphgq65dj4v9c6h58wdsrc6f0y";
})
(fetchpatch {
url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/103-sys_nerr.patch";
sha256 = "0s497x6mkz947aw29wdy073k8dyjq8j99lax1a1mzpikzr4rxlmd";
})
] ++ mapModules "patches");
hardeningEnable = optional (!stdenv.isDarwin) "pie";

27
pkgs/servers/http/nginx/nix-skip-check-logs-path.patch Normal file
View file

@ -0,0 +1,27 @@
diff --git a/auto/install b/auto/install
index d884487..dccc411 100644
--- a/auto/install
+++ b/auto/install
@@ -148,12 +148,6 @@ install: build $NGX_INSTALL_PERL_MODULES
|| cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PATH'
cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PREFIX/nginx.conf.default'
- test -d '\$(DESTDIR)`dirname "$NGX_PID_PATH"`' \\
- || mkdir -p '\$(DESTDIR)`dirname "$NGX_PID_PATH"`'
-
- test -d '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' \\
- || mkdir -p '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`'
-
test -d '\$(DESTDIR)$NGX_PREFIX/html' \\
|| cp -R $NGX_HTML '\$(DESTDIR)$NGX_PREFIX'
END
@@ -161,9 +155,6 @@ END
if test -n "$NGX_ERROR_LOG_PATH"; then
cat << END >> $NGX_MAKEFILE
-
- test -d '\$(DESTDIR)`dirname "$NGX_ERROR_LOG_PATH"`' \\
- || mkdir -p '\$(DESTDIR)`dirname "$NGX_ERROR_LOG_PATH"`'
END
fi

7
pkgs/servers/http/openresty/default.nix
View file

@ -16,10 +16,11 @@ callPackage ../nginx/generic.nix args rec {
sha256 = "1a1la7vszv1parsnhphydblz64ffhycazncn3ividnvqg2mg735n";
};
fixPatch = patch:
runCommand "openresty-${patch.name}" { src = patch; } ''
fixPatch = patch: let name = patch.name or (builtins.baseNameOf patch); in
runCommand "openresty-${name}" { src = patch; } ''
substitute $src $out \
--replace "src/" "bundle/nginx-${nginxVersion}/src/"
--replace "a/" "a/bundle/nginx-${nginxVersion}/" \
--replace "b/" "b/bundle/nginx-${nginxVersion}/"
'';
buildInputs = [ postgresql ];

18
pkgs/servers/http/tengine/default.nix
View file

@ -1,5 +1,5 @@
{ stdenv, fetchFromGitHub, openssl, zlib, pcre, libxml2, libxslt
, gd, geoip, gperftools, jemalloc
, substituteAll, gd, geoip, gperftools, jemalloc
, withDebug ? false
, withMail ? false
, withStream ? false
@ -24,8 +24,14 @@ stdenv.mkDerivation rec {
[ openssl zlib pcre libxml2 libxslt gd geoip gperftools jemalloc ]
++ concatMap (mod: mod.inputs or []) modules;
patches = [
patches = singleton (substituteAll {
src = ../nginx/nix-etag-1.15.4.patch;
preInstall = ''
export nixStoreDir="$NIX_STORE" nixStoreDirLen="''${#NIX_STORE}"
'';
}) ++ [
./check-resolv-conf.patch
../nginx/nix-skip-check-logs-path.patch
];
configureFlags = [
@ -53,6 +59,14 @@ stdenv.mkDerivation rec {
"--with-poll_module"
"--with-google_perftools_module"
"--with-jemalloc"
"--http-log-path=/var/log/nginx/access.log"
"--error-log-path=/var/log/nginx/error.log"
"--pid-path=/var/log/nginx/nginx.pid"
"--http-client-body-temp-path=/var/cache/nginx/client_body"
"--http-proxy-temp-path=/var/cache/nginx/proxy"
"--http-fastcgi-temp-path=/var/cache/nginx/fastcgi"
"--http-uwsgi-temp-path=/var/cache/nginx/uwsgi"
"--http-scgi-temp-path=/var/cache/nginx/scgi"
] ++ optionals withDebug [
"--with-debug"
] ++ optionals withMail [

36
pkgs/tools/misc/nix-direnv/default.nix Normal file
View file

@ -0,0 +1,36 @@
{ lib, stdenv, fetchFromGitHub, gnugrep, nix }:
stdenv.mkDerivation rec {
pname = "nix-direnv";
version = "1.0.0";
src = fetchFromGitHub {
owner = "nix-community";
repo = "nix-direnv";
rev = "${version}";
sha256 = "1lwmg6mn3lf7s0345v53zadxn9v0x8z6pcbj90v5dx3pgrq41gs8";
};
# Substitute instead of wrapping because the resulting file is
# getting sourced, not executed:
postPatch = ''
substituteInPlace direnvrc \
--replace "grep" "${gnugrep}/bin/grep" \
--replace "nix-shell" "${nix}/bin/nix-shell" \
--replace "nix-instantiate" "${nix}/bin/nix-instantiate"
'';
installPhase = ''
runHook preInstall
install -m500 -D direnvrc $out/share/nix-direnv/direnvrc
runHook postInstall
'';
meta = with stdenv.lib; {
description = "A fast, persistent use_nix implementation for direnv";
homepage = "https://github.com/nix-community/nix-direnv";
license = licenses.mit;
platforms = platforms.unix;
maintainers = with maintainers; [ mic92 ];
};
}

6
pkgs/tools/networking/amass/default.nix
View file

@ -5,16 +5,16 @@
buildGoModule rec {
pname = "amass";
version = "3.5.5";
version = "3.6.0";
src = fetchFromGitHub {
owner = "OWASP";
repo = "Amass";
rev = "v${version}";
sha256 = "1w93ia9jr2afgkbaklx2rj0ccd0ghg1qbdg363aqqvyw40ccya1r";
sha256 = "05rh61dx4f9kv5p8sahhwwiyivwq438fl30j9d97i4sagvb5jvvm";
};
modSha256 = "051fxfh7lwrj3hzsgr2c2ga6hksz56673lg35y36sz4d93yldj6f";
modSha256 = "1k7yd2lh6hwz3qm6ywrlr1qw0asqwdgrpj594v1gvav426yqyr6s";
outputs = [ "out" "wordlists" ];

4
pkgs/tools/networking/wireguard-tools/default.nix
View file

@ -13,11 +13,11 @@ with stdenv.lib;
stdenv.mkDerivation rec {
pname = "wireguard-tools";
version = "1.0.20200319";
version = "1.0.20200510";
src = fetchzip {
url = "https://git.zx2c4.com/wireguard-tools/snapshot/wireguard-tools-${version}.tar.xz";
sha256 = "0g9vlngg9dnh7qqfhaycw35fq8ij5hfz6p1cykh4ncjgr93i7rbx";
sha256 = "0xqchidfn1j3jq5w7ck570aib12q9z0mfvwhmnyzqxx7d3qh76j6";
};
outputs = [ "out" "man" ];

103
pkgs/tools/security/jadx/default.nix Normal file
View file

@ -0,0 +1,103 @@
{ stdenv, fetchFromGitHub, gradle, jdk, makeWrapper, perl }:
let
pname = "jadx";
version = "1.1.0";
src = fetchFromGitHub {
owner = "skylot";
repo = pname;
rev = "v${version}";
sha256 = "1dx3g0sm46qy57gggpg8bpmin5glzbxdbf0qzvha9r2dwh4mrwlg";
};
deps = stdenv.mkDerivation {
name = "${pname}-deps";
inherit src;
nativeBuildInputs = [ gradle jdk perl ];
buildPhase = ''
export GRADLE_USER_HOME=$(mktemp -d)
export JADX_VERSION=${version}
gradle --no-daemon jar
'';
# Mavenize dependency paths
# e.g. org.codehaus.groovy/groovy/2.4.0/{hash}/groovy-2.4.0.jar -> org/codehaus/groovy/groovy/2.4.0/groovy-2.4.0.jar
installPhase = ''
find $GRADLE_USER_HOME/caches/modules-2 -type f -regex '.*\.\(jar\|pom\)' \
| perl -pe 's#(.*/([^/]+)/([^/]+)/([^/]+)/[0-9a-f]{30,40}/([^/\s]+))$# ($x = $2) =~ tr|\.|/|; "install -Dm444 $1 \$out/$x/$3/$4/$5" #e' \
| sh
'';
outputHashAlgo = "sha256";
outputHashMode = "recursive";
outputHash = "083r4hg6m9cxzm2m8nckf10awq8kh901v5i39r60x47xk5yw84ps";
};
in stdenv.mkDerivation {
inherit pname version src;
nativeBuildInputs = [ gradle jdk makeWrapper ];
buildPhase = ''
# The installDist Gradle build phase tries to copy some dependency .jar
# files multiple times into the build directory. This ends up failing when
# the dependencies are read directly from the Nix store since they are not
# marked as chmod +w. To work around this, get a local copy of the
# dependency store, and give write permissions.
depsDir=$(mktemp -d)
cp -R ${deps}/* $depsDir
chmod -R u+w $depsDir
gradleInit=$(mktemp)
cat >$gradleInit <<EOF
gradle.projectsLoaded {
rootProject.allprojects {
buildscript {
repositories {
clear()
maven { url '$depsDir' }
}
}
repositories {
clear()
maven { url '$depsDir' }
}
}
}
settingsEvaluated { settings ->
settings.pluginManagement {
repositories {
maven { url '$depsDir' }
}
}
}
EOF
export GRADLE_USER_HOME=$(mktemp -d)
export JADX_VERSION=${version}
gradle --offline --no-daemon --info --init-script $gradleInit pack
'';
installPhase = ''
mkdir $out $out/bin
cp -R build/jadx/lib $out
for prog in jadx jadx-gui; do
cp build/jadx/bin/$prog $out/bin
wrapProgram $out/bin/$prog --set JAVA_HOME ${jdk.home}
done
'';
meta = with stdenv.lib; {
description = "Dex to Java decompiler";
longDescription = ''
Command line and GUI tools for produce Java source code from Android Dex
and Apk files.
'';
license = licenses.asl20;
platforms = platforms.unix;
maintainers = with maintainers; [ delroth ];
};
}

6
pkgs/tools/system/ytop/default.nix
View file

@ -4,18 +4,18 @@ assert stdenv.isDarwin -> IOKit != null;
rustPlatform.buildRustPackage rec {
pname = "ytop";
version = "0.6.0";
version = "0.6.1";
src = fetchFromGitHub {
owner = "cjbassi";
repo = pname;
rev = version;
sha256 = "1zajgzhhxigga5wc94bmbk8iwx7yc2jq3f0hqadfsa4f0wmpi0nf";
sha256 = "1p746v9xrfm6avc6v9dvcnpckhvdizzf53pcg9bpcp0lw5sh85da";
};
buildInputs = stdenv.lib.optionals stdenv.isDarwin [ IOKit ];
cargoSha256 = "1ka9d81ddzz52w75xdiwd2xkv1rlamyvvdax09wanb61zxxwm0i7";
cargoSha256 = "15cpi0b5yqjwi1liry2q17sn9hpc4xf9gn33ri3rs6ls5qs7j7pa";
meta = with stdenv.lib; {
description = "A TUI system monitor written in Rust";

17
pkgs/top-level/all-packages.nix
View file

@ -2058,6 +2058,8 @@ in
nfstrace = callPackage ../tools/networking/nfstrace { };
nix-direnv = callPackage ../tools/misc/nix-direnv { };
nixpkgs-pytools = with python3.pkgs; toPythonApplication nixpkgs-pytools;
noteshrink = callPackage ../tools/misc/noteshrink { };
@ -4373,6 +4375,8 @@ in
jade = callPackage ../tools/text/sgml/jade { };
jadx = callPackage ../tools/security/jadx { };
jazzy = callPackage ../development/tools/jazzy { };
jc = with python3Packages; toPythonApplication jc;
@ -17063,7 +17067,7 @@ in
# Hardened linux
hardenedLinuxPackagesFor = kernel: linuxPackagesFor (kernel.override {
structuredExtraConfig = import ../os-specific/linux/kernel/hardened-config.nix {
structuredExtraConfig = import ../os-specific/linux/kernel/hardened/config.nix {
inherit stdenv;
inherit (kernel) version;
};
@ -19385,6 +19389,8 @@ in
geany = callPackage ../applications/editors/geany { };
geany-with-vte = callPackage ../applications/editors/geany/with-vte.nix { };
genxword = callPackage ../applications/misc/genxword { };
geoipupdate = callPackage ../applications/misc/geoipupdate/default.nix { };
ghostwriter = libsForQt5.callPackage ../applications/editors/ghostwriter { };
@ -24954,9 +24960,16 @@ in
fped = callPackage ../applications/science/electronics/fped { };
# this is a wrapper for kicad.base and kicad.libraries
kicad = callPackage ../applications/science/electronics/kicad { };
kicad-small = kicad.override { pname = "kicad-small"; with3d = false; };
kicad-unstable = kicad.override { pname = "kicad-unstable"; debug = true; };
kicad-unstable = kicad.override { pname = "kicad-unstable"; stable = false; };
# mostly here so the kicad-unstable components (except packages3d) get built
kicad-unstable-small = kicad.override {
pname = "kicad-unstable-small";
stable = false;
with3d = false;
};
librepcb = libsForQt5.callPackage ../applications/science/electronics/librepcb { };

12
pkgs/top-level/ocaml-packages.nix
View file

@ -42,11 +42,6 @@ let
async_unix_p4 = callPackage ../development/ocaml-modules/async_unix { };
async_p4 =
if lib.versionOlder "4.02" ocaml.version
then callPackage ../development/ocaml-modules/async { }
else null;
atd = callPackage ../development/ocaml-modules/atd { };
atdgen = callPackage ../development/ocaml-modules/atdgen { };
@ -1213,13 +1208,6 @@ let
then callPackage ../development/ocaml-modules/janestreet/async-extra.nix {}
else async_extra_p4;
async =
if lib.versionOlder "4.03" ocaml.version
then janeStreet.async
else if lib.versionOlder "4.02" ocaml.version
then callPackage ../development/ocaml-modules/janestreet/async.nix {}
else async_p4;
# Apps / from all-packages
ocamlnat = callPackage ../development/ocaml-modules/ocamlnat { };

2
pkgs/top-level/python-packages.nix
View file

@ -1479,6 +1479,8 @@ in {
transforms3d = callPackage ../development/python-modules/transforms3d { };
trimesh = callPackage ../development/python-modules/trimesh {};
sentinel = callPackage ../development/python-modules/sentinel { };
sentry-sdk = callPackage ../development/python-modules/sentry-sdk {};