alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

Merge pull request #95492 from NixOS/staging-next

Browse source 
Staging next
This commit is contained in:
Frederik Rietdijk 2020-08-24 11:54:40 +02:00 committed by GitHub
parent bc00ecedfa 0a874ff2a6
commit 784e819070
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
44 changed files with 291 additions and 215 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/modules/system/boot/systemd.nix
View file

@ -25,7 +25,7 @@ let
"nss-lookup.target"
"nss-user-lookup.target"
"time-sync.target"
#"cryptsetup.target"
"cryptsetup.target"
"sigpwr.target"
"timers.target"
"paths.target"

25
nixos/tests/systemd.nix
View file

@ -4,7 +4,10 @@ import ./make-test-python.nix ({ pkgs, ... }: {
machine = { lib, ... }: {
imports = [ common/user-account.nix common/x11.nix ];
virtualisation.emptyDiskImages = [ 512 ];
virtualisation.emptyDiskImages = [ 512 512 ];
virtualisation.memorySize = 1024;
environment.systemPackages = [ pkgs.cryptsetup ];
fileSystems = lib.mkVMOverride {
"/test-x-initrd-mount" = {
@ -144,5 +147,25 @@ import ./make-test-python.nix ({ pkgs, ... }: {
assert "RuntimeWatchdogUSec=30s" in output
assert "RebootWatchdogUSec=10m" in output
assert "KExecWatchdogUSec=5m" in output
# Test systemd cryptsetup support
with subtest("systemd successfully reads /etc/crypttab and unlocks volumes"):
# create a luks volume and put a filesystem on it
machine.succeed(
"echo -n supersecret | cryptsetup luksFormat -q /dev/vdc -",
"echo -n supersecret | cryptsetup luksOpen --key-file - /dev/vdc foo",
"mkfs.ext3 /dev/mapper/foo",
)
# create a keyfile and /etc/crypttab
machine.succeed("echo -n supersecret > /var/lib/luks-keyfile")
machine.succeed("chmod 600 /var/lib/luks-keyfile")
machine.succeed("echo 'luks1 /dev/vdc /var/lib/luks-keyfile luks' > /etc/crypttab")
# after a reboot, systemd should unlock the volume and we should be able to mount it
machine.shutdown()
machine.succeed("systemctl status systemd-cryptsetup@luks1.service")
machine.succeed("mkdir -p /tmp/luks1")
machine.succeed("mount /dev/mapper/luks1 /tmp/luks1")
'';
})

2
pkgs/build-support/alternatives/blas/default.nix
View file

@ -70,7 +70,7 @@ stdenv.mkDerivation {
exit 1
fi
nm -an "$libblas" | cut -f3 -d' ' > symbols
$NM -an "$libblas" | cut -f3 -d' ' > symbols
for symbol in ${toString blasFortranSymbols}; do
grep -q "^$symbol_$" symbols || { echo "$symbol" was not found in "$libblas"; exit 1; }
done

5
pkgs/build-support/cc-wrapper/default.nix
View file

@ -209,6 +209,7 @@ stdenv.mkDerivation {
wrap ${targetPrefix}gfortran $wrapper $ccPath/${targetPrefix}gfortran
ln -sv ${targetPrefix}gfortran $out/bin/${targetPrefix}g77
ln -sv ${targetPrefix}gfortran $out/bin/${targetPrefix}f77
export named_fc=${targetPrefix}gfortran
''
+ optionalString cc.langJava or false ''
@ -227,8 +228,8 @@ stdenv.mkDerivation {
setupHooks = [
../setup-hooks/role.bash
./setup-hook.sh
];
] ++ stdenv.lib.optional (cc.langC or true) ./setup-hook.sh
++ stdenv.lib.optional (cc.langFortran or false) ./fortran-hook.sh;
postFixup =
# Ensure flags files exists, as some other programs cat them. (That these

11
pkgs/build-support/cc-wrapper/fortran-hook.sh Normal file
View file

@ -0,0 +1,11 @@
getTargetRole
getTargetRoleWrapper
export FC${role_post}=@named_fc@
# If unset, assume the default hardening flags.
# These are different for fortran.
: ${NIX_HARDENING_ENABLE="stackprotector pic strictoverflow relro bindnow"}
export NIX_HARDENING_ENABLE
unset -v role_post

4
pkgs/desktops/gnome-3/core/gnome-desktop/default.nix
View file

@ -4,13 +4,13 @@
stdenv.mkDerivation rec {
pname = "gnome-desktop";
version = "3.36.4";
version = "3.36.5";
outputs = [ "out" "dev" "devdoc" ];
src = fetchurl {
url = "mirror://gnome/sources/gnome-desktop/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
sha256 = "1ilv49qkppbbag5728iswg1jhhqx9hbj7j8k8wccnbyaq54bsyq0";
sha256 = "0lxpgb199hn37vq822qg9g43pwixbki3x5lkazqa77qhjhlj98gf";
};
nativeBuildInputs = [

4
pkgs/development/compilers/go/1.14.nix
View file

@ -31,11 +31,11 @@ in
stdenv.mkDerivation rec {
pname = "go";
version = "1.14.6";
version = "1.14.7";
src = fetchurl {
url = "https://dl.google.com/go/go${version}.src.tar.gz";
sha256 = "02acr52bxfjlr3m11576gdwn8hjv1pr2pffcis913m0m31w9vz3k";
sha256 = "1qrhdjdzi1knchk1wmlaqgkqhxkq2niw14b931rhqrk36m1r4hq6";
};
# perl is used for testing go vet

4
pkgs/development/compilers/rust/1_45.nix
View file

@ -16,8 +16,8 @@
} @ args:
import ./default.nix {
rustcVersion = "1.45.0";
rustcSha256 = "0z6dh0yd3fcm3qh960wi4s6fa6pxz9mh77psycsqfkkx5kqra15s";
rustcVersion = "1.45.2";
rustcSha256 = "0273a1g3f59plyi1n0azf21qjzwml1yqdnj5z472crz37qggr8xp";
# Note: the version MUST be one version prior to the version we're
# building

24
pkgs/development/interpreters/python/cpython/2.7/CVE-2019-20907.patch Normal file
View file

@ -0,0 +1,24 @@
From 5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4 Mon Sep 17 00:00:00 2001
From: Rishi <rishi_devan@mail.com>
Date: Wed, 15 Jul 2020 13:51:00 +0200
Subject: [PATCH] bpo-39017: Avoid infinite loop in the tarfile module
(GH-21454)
Avoid infinite loop when reading specially crafted TAR files using the tarfile module
(CVE-2019-20907).
---
Lib/tarfile.py | 2 ++
diff --git a/Lib/tarfile.py b/Lib/tarfile.py
index e2b60532f6..6769066cab 100755
--- a/Lib/tarfile.py
+++ b/Lib/tarfile.py
@@ -1249,6 +1249,8 @@ class TarInfo(object):
length, keyword = match.groups()
length = int(length)
+ if length == 0:
+ raise InvalidHeaderError("invalid header")
value = buf[match.end(2) + 1:match.start(1) + length - 1]
# Normally, we could just use "utf-8" as the encoding and "strict"

3
pkgs/development/interpreters/python/cpython/2.7/default.nix
View file

@ -90,6 +90,9 @@ let
# Backport from CPython 3.8 of a good list of tests to run for PGO.
./profile-task.patch
# Patch is likely to go away in the next release (if there is any)
./CVE-2019-20907.patch
] ++ optionals (x11Support && stdenv.isDarwin) [
./use-correct-tcl-tk-on-darwin.patch
] ++ optionals stdenv.isLinux [

11
pkgs/development/interpreters/python/cpython/default.nix
View file

@ -156,6 +156,8 @@ in with passthru; stdenv.mkDerivation {
];
postPatch = ''
substituteInPlace Lib/subprocess.py \
--replace "'/bin/sh'" "'${bash}/bin/sh'"
'' + optionalString (x11Support && (tix != null)) ''
substituteInPlace "Lib/tkinter/tix.py" --replace "os.environ.get('TIX_LIBRARY')" "os.environ.get('TIX_LIBRARY') or '${tix}/lib'"
'';
@ -289,6 +291,13 @@ in with passthru; stdenv.mkDerivation {
find $out -name "*.py" | ${pythonForBuildInterpreter} -OO -m compileall -q -f -x "lib2to3" -i -
'' + optionalString stripBytecode ''
find $out -type d -name __pycache__ -print0 | xargs -0 -I {} rm -rf "{}"
'' + ''
# *strip* shebang from libpython gdb script - it should be dual-syntax and
# interpretable by whatever python the gdb in question is using, which may
# not even match the major version of this python. doing this after the
# bytecode compilations for the same reason.
mkdir -p $out/share/gdb
sed '/^#!/d' Tools/gdb/libpython.py > $out/share/gdb/libpython.py
'';
preFixup = stdenv.lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) ''
@ -306,6 +315,8 @@ in with passthru; stdenv.mkDerivation {
pythonForBuild buildPackages.bash
];
separateDebugInfo = true;
inherit passthru;
enableParallelBuilding = true;

4
pkgs/development/libraries/check/default.nix
View file

@ -4,11 +4,11 @@
stdenv.mkDerivation rec {
pname = "check";
version = "0.15.0";
version = "0.15.2";
src = fetchurl {
url = "https://github.com/libcheck/check/releases/download/${version}/check-${version}.tar.gz";
sha256 = "0q5cs6rqbq8a1m9ij3dxnsjcs31mvg0b2i77g0iykqd6iz3f78mf";
sha256 = "02m25y9m46pb6n46s51av62kpd936lkfv3b13kfpckgvmh5lxpm8";
};
# Test can randomly fail: https://hydra.nixos.org/build/7243912

1
pkgs/development/libraries/ffmpeg/generic.nix
View file

@ -126,6 +126,7 @@ stdenv.mkDerivation rec {
# Docs
(ifMinVer "0.6" "--disable-doc")
# External Libraries
"--enable-libass"
"--enable-bzlib"
"--enable-gnutls"
(ifMinVer "1.0" "--enable-fontconfig")

35
pkgs/development/libraries/ilmbase/cross.patch
View file

@ -1,35 +0,0 @@
From: Helmut Grohne <>
Subject: compile build tools with the build architecture compiler
Patch-Source: https://github.com/openexr/openexr/issues/221
Index: ilmbase-2.2.0/configure.ac
===================================================================
--- ilmbase-2.2.0.orig/configure.ac
+++ ilmbase-2.2.0/configure.ac
@@ -28,6 +28,7 @@
AC_PROG_LN_S
AC_PROG_LIBTOOL
AC_PROG_MAKE_SET
+AX_PROG_CXX_FOR_BUILD
dnl
dnl PKGCONFIG preparations
Index: ilmbase-2.2.0/Half/Makefile.am
===================================================================
--- ilmbase-2.2.0.orig/Half/Makefile.am
+++ ilmbase-2.2.0/Half/Makefile.am
@@ -17,9 +17,11 @@
CLEANFILES = eLut eLut.h toFloat toFloat.h
-eLut_SOURCES = eLut.cpp
+eLut$(EXEEXT): eLut.cpp
+ $(CXX_FOR_BUILD) $(CXXFLAGS_FOR_BUILD) $< -o $@
-toFloat_SOURCES = toFloat.cpp
+toFloat$(EXEEXT): toFloat.cpp
+ $(CXX_FOR_BUILD) $(CXXFLAGS_FOR_BUILD) $< -o $@
eLut.h: eLut
./eLut > eLut.h

18
pkgs/development/libraries/ilmbase/default.nix
View file

@ -2,7 +2,6 @@
, lib
, buildPackages
, cmake
, libtool
, openexr
}:
@ -12,26 +11,23 @@ stdenv.mkDerivation rec {
# the project no longer provides separate tarballs. We may even want to merge
# the ilmbase package into openexr in the future.
src = openexr.src;
sourceRoot = "source/IlmBase";
inherit (openexr) src patches;
outputs = [ "out" "dev" ];
nativeBuildInputs = [ cmake libtool ];
nativeBuildInputs = [ cmake ];
depsBuildBuild = [ buildPackages.stdenv.cc ];
patches = [
./cross.patch
] ++ lib.optionals (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.libc != "glibc") [
openexr.non_glibc_fpstate_patch # see description of this patch in `openexr`
];
# fails 1 out of 1 tests with
# "lt-ImathTest: testBoxAlgo.cpp:892: void {anonymous}::boxMatrixTransform(): Assertion `b21 == b2' failed"
# at least on i686. spooky!
doCheck = stdenv.isx86_64;
preConfigure = ''
# Need to cd after patches for openexr patches to apply.
cd IlmBase
'';
meta = with stdenv.lib; {
description = " A library for 2D/3D vectors and matrices and other mathematical objects, functions and data types for computer graphics";
homepage = "https://www.openexr.com/";

4
pkgs/development/libraries/imlib2/default.nix
View file

@ -12,11 +12,11 @@ let
in
stdenv.mkDerivation rec {
pname = "imlib2";
version = "1.6.1";
version = "1.7.0";
src = fetchurl {
url = "mirror://sourceforge/enlightenment/${pname}-${version}.tar.bz2";
sha256 = "0v8n3dswx7rxqfd0q03xwc7j2w1mv8lv18rdxv487a1xw5vklfad";
sha256 = "0zdk4afdrrr1539f2q15zja19j4wwfmpswzws2ffgflcnhywlxhr";
};
buildInputs = [

4
pkgs/development/libraries/libbytesize/default.nix
View file

@ -4,7 +4,7 @@
}:
let
version = "2.3";
version = "2.4";
in stdenv.mkDerivation rec {
pname = "libbytesize";
inherit version;
@ -13,7 +13,7 @@ in stdenv.mkDerivation rec {
owner = "storaged-project";
repo = "libbytesize";
rev = version;
sha256 = "1nrlmn63k0ix1yzn8v4lni5n5b4c0b6w9f33p1ig113ymmdvcc0h";
sha256 = "1kq0hnw2yxjdmcrwvgp0x4j1arkka23k8vp2l6nqcw9lc15x18fp";
};
outputs = [ "out" "dev" "devdoc" ];

13
pkgs/development/libraries/libevdev/default.nix
View file

@ -2,22 +2,13 @@
stdenv.mkDerivation rec {
pname = "libevdev";
version = "1.9.0";
version = "1.9.1";
src = fetchurl {
url = "https://www.freedesktop.org/software/${pname}/${pname}-${version}.tar.xz";
sha256 = "17pb5375njb1r05xmk0r57a2j986ihglh2n5nqcylbag4rj8mqg7";
sha256 = "1jvsphdrs1i54ccjcn6ll26jy42am7h28lbsvwa6pmxgqm43qq7m";
};
patches = [
# Fix libevdev-python tests on aarch64
# https://gitlab.freedesktop.org/libevdev/libevdev/merge_requests/63
(fetchpatch {
url = "https://gitlab.freedesktop.org/libevdev/libevdev/commit/66113fe84f62bab3a672a336eb10b255d2aa5ce7.patch";
sha256 = "gZKr/P+/OqU69IGslP8CQlcGuyzA/ulcm+nGwHdis58=";
})
];
nativeBuildInputs = [ python3 ];
meta = with stdenv.lib; {

4
pkgs/development/libraries/libinput/default.nix
View file

@ -27,11 +27,11 @@ in
with stdenv.lib;
stdenv.mkDerivation rec {
pname = "libinput";
version = "1.15.6";
version = "1.16.1";
src = fetchurl {
url = "https://www.freedesktop.org/software/libinput/${pname}-${version}.tar.xz";
sha256 = "073z61dw46cyq0635a5n1mw7hw4qdgr58gbwwb3ds5v3d8hymvdf";
sha256 = "e6fRru3RUWi7IdF+nmKKocJ5V5Y6Qjo/6jk4pQF1hTk=";
};
outputs = [ "bin" "out" "dev" ];

4
pkgs/development/libraries/libipt/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "libipt";
version = "2.0.1";
version = "2.0.2";
src = fetchFromGitHub {
owner = "intel";
repo = "libipt";
rev = "v${version}";
sha256 = "19y1lk5z1rf8xmr08m8zrpjkgr5as83b96xyaxwn67m2wz58mpmh";
sha256 = "095agnk7r2sq5yas6c1ri8fmsl55n4l5hkl6j5l397p9nxvxvrkc";
};
nativeBuildInputs = [ cmake ];

4
pkgs/development/libraries/libmbim/default.nix
View file

@ -10,11 +10,11 @@
stdenv.mkDerivation rec {
pname = "libmbim";
version = "1.24.0";
version = "1.24.2";
src = fetchurl {
url = "https://www.freedesktop.org/software/libmbim/${pname}-${version}.tar.xz";
sha256 = "15hi1vq327drgi6h4dsi74lb7wg0sxd7mipa3irh5zgc7gn5qj9x";
sha256 = "1r41d4yddp8rgccxrkz9vg5lbrj3dr5vy71d8igrr147k44qq69j";
};
outputs = [ "out" "dev" "man" ];

4
pkgs/development/libraries/libqmi/default.nix
View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "libqmi";
version = "1.26.0";
version = "1.26.2";
src = fetchurl {
url = "https://www.freedesktop.org/software/libqmi/${pname}-${version}.tar.xz";
sha256 = "0h3fzmjlla7ib9wn4rv98bm40y2k28jcl29da4hjwyaqmvh2j13z";
sha256 = "00vvvfq74awg6mk0si1cdv79f6z6wqx11h47nl78a1h7zsr6fd0k";
};
outputs = [ "out" "dev" "devdoc" ];

2
pkgs/development/libraries/libuv/default.nix
View file

@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
"getaddrinfo_fail" "getaddrinfo_fail_sync"
"threadpool_multiple_event_loops" # times out on slow machines
"get_passwd" # passed on NixOS but failed on other Linuxes
"tcp_writealot" # times out sometimes
"tcp_writealot" "udp_multicast_join" "udp_multicast_join6" # times out sometimes
] ++ stdenv.lib.optionals stdenv.isDarwin [
# Sometimes: timeout (no output), failed uv_listen. Someone
# should report these failures to libuv team. There tests should

4
pkgs/development/libraries/mesa/default.nix
View file

@ -32,7 +32,7 @@ with stdenv.lib;
let
# Release calendar: https://www.mesa3d.org/release-calendar.html
# Release frequency: https://www.mesa3d.org/releasing.html#schedule
version = "20.1.4";
version = "20.1.5";
branch = versions.major version;
in
@ -47,7 +47,7 @@ stdenv.mkDerivation {
"ftp://ftp.freedesktop.org/pub/mesa/${version}/mesa-${version}.tar.xz"
"ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz"
];
sha256 = "1zlrczmmkcy42w332rfmlicihlnrxmkrnkpb21sl98725cf2f038";
sha256 = "16y609zavqqhvxb55c06zwkg986qp6znvn7qjg4axw8bdqg8dhgs";
};
prePatch = "patchShebangs .";

46
pkgs/development/libraries/openexr/default.nix
View file

@ -6,52 +6,32 @@
, ilmbase
, fetchpatch
, cmake
, libtool
}:
let
non_glibc_fpstate_patch =
# Fix ilmbase/openexr using glibc-only fpstate.
# Found via https://git.alpinelinux.org/aports/tree/community/openexr/10-musl-_fpstate.patch?id=80d9611b7b8e406a554c6f511137e03ff26acbae,
# TODO Remove when https://github.com/AcademySoftwareFoundation/openexr/pull/798 is merged and available.
# Remove it from `ilmbase` as well then.
(fetchpatch {
name = "ilmbase-musl-_fpstate.patch.patch";
url = "https://raw.githubusercontent.com/void-linux/void-packages/80bbc168faa25448bd3399f4df331b836e74b85c/srcpkgs/ilmbase/patches/musl-_fpstate.patch";
sha256 = "0appzbs9pd6dia5pzxmrs9ww35shlxi329ks6lchwzw4f2a81arz";
});
in
stdenv.mkDerivation rec {
pname = "openexr";
version = "2.4.1";
version = "2.5.3";
outputs = [ "bin" "dev" "out" "doc" ];
src = fetchFromGitHub {
owner = "AcademySoftwareFoundation";
repo = "openexr";
rev = "v${version}";
sha256 = "020gyl8zv83ag6gbcchmqiyx9rh2jca7j8n52zx1gk4rck7kwc01";
sha256 = "xyYdRrwAYdnRZmErIK0tZspguqtrXvixO5+6nMDoOh8=";
};
outputs = [ "bin" "dev" "out" "doc" ];
nativeBuildInputs = [ cmake libtool ];
patches = [
# Fix pkg-config paths
(fetchpatch {
url = "https://github.com/AcademySoftwareFoundation/openexr/commit/6442fb71a86c09fb0a8118b6dbd93bcec4883a3c.patch";
sha256 = "bwD5WTKPT4DjOJDnPXIvT5hJJkH0b71Vo7qupWO9nPA=";
})
];
nativeBuildInputs = [ cmake ];
propagatedBuildInputs = [ ilmbase zlib ];
postPatch =
if (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.libc != "glibc")
then
''
patch -p0 < ${non_glibc_fpstate_patch}
''
else null; # `null` avoids rebuild on glibc
enableParallelBuilding = true;
passthru = {
# So that ilmbase (sharing the same source code) can re-use this patch.
inherit non_glibc_fpstate_patch;
};
meta = with stdenv.lib; {
description = "A high dynamic-range (HDR) image file format";
homepage = "https://www.openexr.com/";

10
pkgs/development/libraries/qt-5/modules/qtdeclarative.nix
View file

@ -1,4 +1,4 @@
{ qtModule, lib, python3, qtbase, qtsvg }:
{ qtModule, lib, fetchpatch, python3, qtbase, qtsvg }:
with lib;
@ -23,4 +23,12 @@ qtModule {
"bin/qmlscene"
"bin/qmltestrunner"
];
patches =
# https://mail.kde.org/pipermail/kde-distro-packagers/2020-June/000419.html
lib.optional (lib.versionAtLeast qtbase.version "5.14.2")
(fetchpatch {
url = "https://codereview.qt-project.org/gitweb?p=qt/qtdeclarative.git;a=patch;h=3e47ac319b0f53c43cc02a8356c2dec4f0daeef4";
sha256 = "0wvncg7047q73nm0svc6kb14sigwk7sc53r4778kn033aj0qqszj";
name = "qtdeclarative-QQuickItemView-fix-max-extent.patch";
});
}

2
pkgs/development/libraries/science/math/arpack/default.nix
View file

@ -31,7 +31,7 @@ stdenv.mkDerivation {
];
preCheck = if stdenv.isDarwin then ''
export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH''${DYLD_LIBRARY_PATH:+:}`pwd`/lib
export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH''${DYLD_LIBRARY_PATH:+:}`pwd`/lib:${blas}/lib:${lapack}/lib
'' else ''
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}`pwd`/lib
'' + ''

66
pkgs/development/libraries/x265/default.nix
View file

@ -1,7 +1,6 @@
{ stdenv, fetchurl, fetchpatch, cmake, nasm, numactl
, numaSupport ? stdenv.hostPlatform.isLinux && (stdenv.hostPlatform.isx86 || stdenv.hostPlatform.isAarch64) # Enabled by default on NUMA platforms
, debugSupport ? false # Run-time sanity checks (debugging)
, highbitdepthSupport ? false # false=8bits per channel, true=10/12bits per channel
, werrorSupport ? false # Warnings as errors
, ppaSupport ? false # PPA profiling instrumentation
, vtuneSupport ? false # Vtune profiling instrumentation
@ -13,10 +12,17 @@
let
mkFlag = optSet: flag: if optSet then "-D${flag}=ON" else "-D${flag}=OFF";
inherit (stdenv) is64bit;
in
stdenv.mkDerivation rec {
pname = "x265";
cmakeFlagsAll = [
"-DSTATIC_LINK_CRT=OFF"
(mkFlag debugSupport "CHECKED_BUILD")
(mkFlag ppaSupport "ENABLE_PPA")
(mkFlag vtuneSupport "ENABLE_VTUNE")
(mkFlag custatsSupport "DETAILED_CU_STATS")
(mkFlag unittestsSupport "ENABLE_TESTS")
(mkFlag werrorSupport "WARNINGS_AS_ERRORS")
];
version = "3.2";
src = fetchurl {
@ -27,8 +33,6 @@ stdenv.mkDerivation rec {
sha256 = "0fqkhfhr22gzavxn60cpnj3agwdf5afivszxf3haj5k1sny7jk9n";
};
enableParallelBuilding = true;
patches = [
# Fix build on ARM (#406)
(fetchpatch {
@ -37,22 +41,54 @@ stdenv.mkDerivation rec {
})
];
buildLib = has12Bit: stdenv.mkDerivation rec {
name = "libx265-${if has12Bit then "12" else "10"}-${version}";
inherit src patches;
enableParallelBuilding = true;
postPatch = ''
sed -i 's/unknown/${version}/g' source/cmake/version.cmake
'';
cmakeLibFlags = [
"-DENABLE_CLI=OFF"
"-DENABLE_SHARED=OFF"
"-DENABLE_HDR10_PLUS=ON"
"-DEXPORT_C_API=OFF"
"-DHIGH_BIT_DEPTH=ON"
];
cmakeFlags = [(mkFlag has12Bit "MAIN12")] ++ cmakeLibFlags ++ cmakeFlagsAll;
preConfigure = ''
cd source
'';
nativeBuildInputs = [cmake nasm] ++ stdenv.lib.optional numaSupport numactl;
};
libx265-10 = buildLib false;
libx265-12 = buildLib true;
in
stdenv.mkDerivation rec {
pname = "x265";
inherit version src patches;
enableParallelBuilding = true;
postPatch = ''
sed -i 's/unknown/${version}/g' source/cmake/version.cmake
'';
cmakeFlags = [
(mkFlag debugSupport "CHECKED_BUILD")
"-DSTATIC_LINK_CRT=OFF"
(mkFlag (highbitdepthSupport && is64bit) "HIGH_BIT_DEPTH")
(mkFlag werrorSupport "WARNINGS_AS_ERRORS")
(mkFlag ppaSupport "ENABLE_PPA")
(mkFlag vtuneSupport "ENABLE_VTUNE")
(mkFlag custatsSupport "DETAILED_CU_STATS")
"-DENABLE_SHARED=ON"
"-DHIGH_BIT_DEPTH=OFF"
"-DENABLE_HDR10_PLUS=OFF"
"-DEXTRA_LIB=${libx265-10}/lib/libx265.a;${libx265-12}/lib/libx265.a"
"-DLINKED_10BIT=ON"
"-DLINKED_12BIT=ON"
(mkFlag cliSupport "ENABLE_CLI")
(mkFlag unittestsSupport "ENABLE_TESTS")
];
] ++ cmakeFlagsAll;
preConfigure = ''
cd source

3
pkgs/development/python-modules/numpy/default.nix
View file

@ -3,6 +3,7 @@
, python
, buildPythonPackage
, gfortran
, hypothesis
, pytest
, blas
, lapack
@ -67,6 +68,8 @@ in buildPythonPackage rec {
doCheck = !isPyPy; # numpy 1.16+ hits a bug in pypy's ctypes, using either numpy or pypy HEAD fixes this (https://github.com/numpy/numpy/issues/13807)
checkInputs = [ hypothesis ];
checkPhase = ''
runHook preCheck
pushd dist

12
pkgs/development/tools/build-managers/cmake/default.nix
View file

@ -1,4 +1,4 @@
{ stdenv, lib, fetchurl, pkgconfig
{ stdenv, lib, fetchurl, pkgconfig, fetchpatch
, bzip2, curl, expat, libarchive, xz, zlib, libuv, rhash
, buildPackages
# darwin attributes
@ -19,12 +19,12 @@ stdenv.mkDerivation rec {
+ lib.optionalString useNcurses "-cursesUI"
+ lib.optionalString withQt5 "-qt5UI"
+ lib.optionalString useQt4 "-qt4UI";
version = "3.18.0";
version = "3.18.1";
src = fetchurl {
url = "${meta.homepage}files/v${lib.versions.majorMinor version}/cmake-${version}.tar.gz";
# compare with https://cmake.org/files/v${lib.versions.majorMinor version}/cmake-${version}-SHA-256.txt
sha256 = "0aby67jn3i0rqhj6cvpm0f7idw3dl7jayaqxa9hkk9w2jk5zzd43";
sha256 = "0215srmc9l7ygwdpfms8yx0wbd96qgz2d58ykmdiarvysf5k7qy0";
};
patches = [
@ -37,6 +37,12 @@ stdenv.mkDerivation rec {
# Derived from https://github.com/libuv/libuv/commit/1a5d4f08238dd532c3718e210078de1186a5920d
./libuv-application-services.patch
# TODO: Remove this patch for a regression once CMake 3.18.2 is out:
(fetchpatch { # PCH: Avoid Apple-specific architecture flags on other platforms
url = "https://gitlab.kitware.com/cmake/cmake/-/commit/70ce1ad64a04a244bb1c03753da0752c61fc3a37.patch";
sha256 = "0jcdgv48j0dd4nlhyy3j0s3h6bcbrq2yg1mdhpgfqrb2y3p91fky";
})
] ++ lib.optional stdenv.isCygwin ./3.2.2-cygwin.patch;
outputs = [ "out" ];

2
pkgs/development/tools/build-managers/cmake/setup-hook.sh
View file

@ -77,7 +77,7 @@ cmakeConfigurePhase() {
fi
# The argument sometimes contains garbage or variable interpolation.
# When that is the case, lets fall back to the derivation name.
if [[ -z "$shareDocName" ]] || echo "$shareDocName" | grep -q '[^a-zA-Z0-9_-+]'; then
if [[ -z "$shareDocName" ]] || echo "$shareDocName" | grep -q '[^a-zA-Z0-9_+-]'; then
if [[ -n "${pname-}" ]]; then
shareDocName="$pname"
else

4
pkgs/development/tools/documentation/doxygen/default.nix
View file

@ -2,14 +2,14 @@
stdenv.mkDerivation rec {
name = "doxygen-1.8.18";
name = "doxygen-1.8.19";
src = fetchurl {
urls = [
"mirror://sourceforge/doxygen/${name}.src.tar.gz" # faster, with https, etc.
"http://doxygen.nl/files/${name}.src.tar.gz"
];
sha256 = "0mh6s1ri1fs5yb27m0avnjsbcxpchgb9aaprq4bd3lj6vjg3s5qq";
sha256 = "1lvqfw2yzba588c5ggl8yhw7aw4xkk44mrghsd9yqlajc48x25dc";
};
nativeBuildInputs = [

4
pkgs/development/tools/parsing/bison/default.nix
View file

@ -7,11 +7,11 @@
stdenv.mkDerivation rec {
pname = "bison";
version = "3.6.4";
version = "3.7.1";
src = fetchurl {
url = "mirror://gnu/${pname}/${pname}-${version}.tar.gz";
sha256 = "1s8kmfhg7a58vm65fc977ckp8zspy8diayrcjhs3cgrqnmjdx0w1";
sha256 = "04vx6sah3bnr3a5n9knw306sb3y41pjfl7k9ihbsimghkj1m5n8x";
};
nativeBuildInputs = [ m4 perl ] ++ stdenv.lib.optional stdenv.isSunOS help2man;

7
pkgs/os-specific/linux/iproute/default.nix
View file

@ -5,16 +5,19 @@
stdenv.mkDerivation rec {
pname = "iproute2";
version = "5.7.0";
version = "5.8.0";
src = fetchurl {
url = "mirror://kernel/linux/utils/net/${pname}/${pname}-${version}.tar.xz";
sha256 = "088gs56iqhdlpw1iqjwrss4zxd4zbl2wl8s2implrrdajjxcfpbj";
sha256 = "0vk4vickrpahdhl3zazr2qn2bf99v5549ncirjpwiy4h0a4izkfg";
};
preConfigure = ''
# Don't try to create /var/lib/arpd:
sed -e '/ARPDDIR/d' -i Makefile
# TODO: Drop temporary version fix for 5.8 (53159d81) once 5.9 is out:
substituteInPlace include/version.h \
--replace "v5.7.0-77-gb687d1067169" "5.8.0"
'';
outputs = [ "out" "dev" ];

18
pkgs/os-specific/linux/kernel/linux-5.8.nix Normal file
View file

@ -0,0 +1,18 @@
{ stdenv, buildPackages, fetchurl, perl, buildLinux, modDirVersionArg ? null, ... } @ args:
with stdenv.lib;
buildLinux (args // rec {
version = "5.8";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
# branchVersion needs to be x.y
extraMeta.branch = versions.majorMinor version;
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "1xgibkwb1yfl6qdlbxyagai0qc1pk5ark7giz1512hh6ma353xz7";
};
} // (args.argsOverride or {}))

34
pkgs/os-specific/linux/systemd/cryptsetup-generator.nix
View file

@ -1,34 +0,0 @@
{ systemd, cryptsetup }:
systemd.overrideAttrs (p: {
version = p.version;
name = "systemd-cryptsetup-generator-${p.version}";
buildInputs = p.buildInputs ++ [ cryptsetup ];
outputs = [ "out" ];
buildPhase = ''
ninja systemd-cryptsetup systemd-cryptsetup-generator
'';
# As ninja install is not used here, the rpath needs to be manually fixed.
# Otherwise the resulting binary doesn't properly link against systemd-shared.so
postFixup = ''
for prog in `find $out -type f -executable`; do
(patchelf --print-needed $prog | grep 'libsystemd-shared-.*\.so' > /dev/null) && (
patchelf --set-rpath `patchelf --print-rpath $prog`:"$out/lib/systemd" $prog
) || true
done
# test it's OK
"$out"/lib/systemd/systemd-cryptsetup
'';
installPhase = ''
mkdir -p $out/lib/systemd/
cp systemd-cryptsetup $out/lib/systemd/systemd-cryptsetup
cp src/shared/*.so $out/lib/systemd/
mkdir -p $out/lib/systemd/system-generators/
cp systemd-cryptsetup-generator $out/lib/systemd/system-generators/systemd-cryptsetup-generator
'';
})

32
pkgs/os-specific/linux/systemd/default.nix
View file

@ -1,5 +1,5 @@
{ stdenv, lib, fetchFromGitHub, fetchpatch, pkgconfig, intltool, gperf, libcap
, curl, kmod, gnupg, gnutar, xz, pam, acl, libuuid, m4, utillinux, libffi
{ stdenv, lib, fetchFromGitHub, pkgconfig, intltool, gperf, libcap
, curl, kmod, gnupg, gnutar, xz, pam, acl, libuuid, m4, e2fsprogs, utillinux, libffi
, glib, kbd, libxslt, coreutils, libgcrypt, libgpgerror, libidn2, libapparmor
, audit, lz4, bzip2, pcre2
, linuxHeaders ? stdenv.cc.libc.linuxHeaders
@ -9,6 +9,7 @@
, patchelf
, substituteAll
, getent
, cryptsetup, lvm2
, buildPackages
, perl
, withSelinux ? false, libselinux
@ -30,8 +31,9 @@ let gnupg-minimal = gnupg.override {
zlib = null;
bzip2 = null;
};
in stdenv.mkDerivation {
version = "245.6";
version = "245.7";
pname = "systemd";
# When updating, use https://github.com/systemd/systemd-stable tree, not the development one!
@ -39,8 +41,8 @@ in stdenv.mkDerivation {
src = fetchFromGitHub {
owner = "systemd";
repo = "systemd-stable";
rev = "aa0cb635f1f6a4d9b50ed2cca7782f3f751be933";
sha256 = "191f0r1g946bsqxky00z78wygsxi9pld11y2q4374bshnpsff2ll";
rev = "1e6233ed07f7af08550fffa7a885cac1ac67a2c3";
sha256 = "1hd5kc3mm7mg4i7hhi82wg4cpg4fpi2k6hzjq9sv07pkn2lw390w";
};
patches = [
@ -89,7 +91,7 @@ in stdenv.mkDerivation {
];
buildInputs =
[ linuxHeaders libcap curl.dev kmod xz pam acl
/* cryptsetup */ libuuid glib libgcrypt libgpgerror libidn2
cryptsetup libuuid glib libgcrypt libgpgerror libidn2
pcre2 ] ++
stdenv.lib.optional withKexectools kexectools ++
stdenv.lib.optional withLibseccomp libseccomp ++
@ -176,12 +178,28 @@ in stdenv.mkDerivation {
export LC_ALL="en_US.UTF-8";
# FIXME: patch this in systemd properly (and send upstream).
# already fixed in f00929ad622c978f8ad83590a15a765b4beecac9: (u)mount
for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.in src/journal/cat.c src/shutdown/shutdown.c src/nspawn/nspawn.c src/shared/generator.c units/systemd-logind.service.in units/systemd-nspawn@.service.in; do
for i in \
src/core/mount.c \
src/core/swap.c \
src/cryptsetup/cryptsetup-generator.c \
src/fsck/fsck.c \
src/journal/cat.c \
src/nspawn/nspawn.c \
src/remount-fs/remount-fs.c \
src/shared/generator.c \
src/shutdown/shutdown.c \
units/emergency.service.in \
units/rescue.service.in \
units/systemd-logind.service.in \
units/systemd-nspawn@.service.in; \
do
test -e $i
substituteInPlace $i \
--replace /usr/bin/getent ${getent}/bin/getent \
--replace /sbin/mkswap ${lib.getBin utillinux}/sbin/mkswap \
--replace /sbin/swapon ${lib.getBin utillinux}/sbin/swapon \
--replace /sbin/swapoff ${lib.getBin utillinux}/sbin/swapoff \
--replace /sbin/mke2fs ${lib.getBin e2fsprogs}/sbin/mke2fs \
--replace /sbin/fsck ${lib.getBin utillinux}/sbin/fsck \
--replace /bin/echo ${coreutils}/bin/echo \
--replace /bin/cat ${coreutils}/bin/cat \

20
pkgs/servers/sql/postgresql/default.nix
View file

@ -182,41 +182,41 @@ let
in self: {
postgresql_9_5 = self.callPackage generic {
version = "9.5.22";
version = "9.5.23";
psqlSchema = "9.5";
sha256 = "03v4d4nr9f86y0i1j5jmvfan5w8y4ga1mar59lhcnj3jl5q58ma8";
sha256 = "0rl31jc3kg2wq6hazyd297gnmx3cibjvivllbsivii2m6dzgl573";
this = self.postgresql_9_5;
inherit self;
};
postgresql_9_6 = self.callPackage generic {
version = "9.6.18";
version = "9.6.19";
psqlSchema = "9.6";
sha256 = "16crr2a1sl97aiacqzd0bk56yl1abq6blc0c6qpx5rl5ny1c4zji";
sha256 = "1c2wnl5bbpjs1s1rpzvlnzsqlpb0p823zw7s38nhpgnxrja3myb1";
this = self.postgresql_9_6;
inherit self;
};
postgresql_10 = self.callPackage generic {
version = "10.13";
version = "10.14";
psqlSchema = "10.0"; # should be 10, but changing it is invasive
sha256 = "1qal0yp7a90yzya7hl56gsmw5fvacplrdhpn7h9gnbyr1i2iyw2d";
sha256 = "0fxj30jvwq5pqpbj97vhlxgmn2ah59a78s9jyjr7vxyqj7sdh71q";
this = self.postgresql_10;
inherit self;
};
postgresql_11 = self.callPackage generic {
version = "11.8";
version = "11.9";
psqlSchema = "11.1"; # should be 11, but changing it is invasive
sha256 = "1qksqyayxmnccmbapg3ajsw9pjgqva0inxjhx64rqd6ckhrg9wpa";
sha256 = "0db6pfphc5rp12abnkvv2l9pbl7bdyf3hhiwj8ghjwh35skqlq9m";
this = self.postgresql_11;
inherit self;
};
postgresql_12 = self.callPackage generic {
version = "12.3";
version = "12.4";
psqlSchema = "12";
sha256 = "0hfg3n7rlz96579cj3z1dh2idl15rh3wfvn8jl31jj4h2yk69vcl";
sha256 = "1k06wryy8p4s1fim9qafcjlak3f58l0wqaqnrccr9x9j5jz3zsdy";
this = self.postgresql_12;
inherit self;
};

11
pkgs/tools/compression/zstd/default.nix
View file

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, fetchpatch, cmake, gnugrep
{ stdenv, fetchFromGitHub, fetchpatch, cmake, bash, gnugrep
, fixDarwinDylibNames
, file
, legacySupport ? false
@ -18,6 +18,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ cmake ]
++ stdenv.lib.optional stdenv.isDarwin fixDarwinDylibNames;
buildInputs = [ bash ];
patches = [
./playtests-darwin.patch
@ -29,11 +30,7 @@ stdenv.mkDerivation rec {
# work fine, and I'm not sure how to write the condition.
++ stdenv.lib.optional stdenv.hostPlatform.isWindows ./mcfgthreads-no-pthread.patch;
postPatch =
# Patch shebangs for playTests
''
patchShebangs programs/zstdgrep
'' + stdenv.lib.optionalString (!static) ''
postPatch = stdenv.lib.optionalString (!static) ''
substituteInPlace build/cmake/CMakeLists.txt \
--replace 'message(SEND_ERROR "You need to build static library to build tests")' ""
substituteInPlace build/cmake/tests/CMakeLists.txt \
@ -60,6 +57,8 @@ stdenv.mkDerivation rec {
doCheck = true;
checkPhase = ''
runHook preCheck
# Patch shebangs for playTests
patchShebangs ../programs/zstdgrep
ctest -R playTests # The only relatively fast test.
runHook postCheck
'';

4
pkgs/tools/networking/radsecproxy/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "radsecproxy";
version = "1.8.1";
version = "1.8.2";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = version;
sha256 = "12pvwd7v3iswki3riycxaiiqxingg4bqnkwc5ay3j4n2kzynr1qg";
sha256 = "1g7q128cip1dac9jad58rd96afx4xz7x7vsiv0af8iyq2ivqvs2m";
};
nativeBuildInputs = [ autoreconfHook ];

10
pkgs/tools/security/gnupg/22.nix
View file

@ -16,11 +16,11 @@ assert guiSupport -> pinentry != null && enableMinimal == false;
stdenv.mkDerivation rec {
pname = "gnupg";
version = "2.2.20";
version = "2.2.21";
src = fetchurl {
url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2";
sha256 = "0c6a4v9p6qzhsw1pfcwc459bxpc8hma0w9z8iqb9khvligack9q4";
sha256 = "1v3nirp9m7yxjkkcdixibckl379pdyr3mdx8b1k379szzdw35s31";
};
depsBuildBuild = [ buildPackages.stdenv.cc ];
@ -38,8 +38,10 @@ stdenv.mkDerivation rec {
./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
];
postPatch = ''
sed -i 's,hkps://hkps.pool.sks-keyservers.net,hkps://keys.openpgp.org,g' \
configure doc/dirmngr.texi doc/gnupg.info-1
sed -i 's,hkps://hkps.pool.sks-keyservers.net,hkps://keys.openpgp.org,g' configure doc/dirmngr.texi doc/gnupg.info-1
# Fix broken SOURCE_DATE_EPOCH usage - remove on the next upstream update
sed -i 's/$SOURCE_DATE_EPOCH/''${SOURCE_DATE_EPOCH}/' doc/Makefile.am
sed -i 's/$SOURCE_DATE_EPOCH/''${SOURCE_DATE_EPOCH}/' doc/Makefile.in
'' + stdenv.lib.optionalString ( stdenv.isLinux && pcsclite != null) ''
sed -i 's,"libpcsclite\.so[^"]*","${stdenv.lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c
''; #" fix Emacs syntax highlighting :-(

4
pkgs/tools/security/rhash/default.nix
View file

@ -1,14 +1,14 @@
{ stdenv, fetchFromGitHub, which }:
stdenv.mkDerivation rec {
version = "1.3.9";
version = "1.4.0";
pname = "rhash";
src = fetchFromGitHub {
owner = "rhash";
repo = "RHash";
rev = "v${version}";
sha256 = "06i49x1l21h2q7pfnf4crbmjyg8b9ad0qs10ywyyn5sjpi0c21wq";
sha256 = "18zgr1bjzz8v6rckz2q2hx9f2ssbv8qfwclzpbyjaz0c1c9lqqar";
};
nativeBuildInputs = [ which ];

1
pkgs/top-level/aliases.nix
View file

@ -562,6 +562,7 @@ mapAliases ({
sup = throw "deprecated in 2019-09-10: abandoned by upstream";
swfdec = throw "swfdec has been removed as broken and unmaintained."; # added 2020-08-23
system_config_printer = system-config-printer; # added 2016-01-03
systemd-cryptsetup-generator = throw "systemd-cryptsetup-generator is now included in the systemd package"; # added 2020-07-12
systemd_with_lvm2 = throw "obsolete, enabled by default via the lvm module"; # added 2020-07-12
systool = sysfsutils; # added 2018-04-25
tahoelafs = tahoe-lafs; # added 2018-03-26

20
pkgs/top-level/all-packages.nix
View file

@ -17159,7 +17159,11 @@ in
criu = callPackage ../os-specific/linux/criu { };
cryptsetup = callPackage ../os-specific/linux/cryptsetup { };
cryptsetup = callPackage ../os-specific/linux/cryptsetup {
# cryptsetup only really needs the devmapper component of cryptsetup
# but itself is used as a library in systemd (=udev)
lvm2 = lvm2.override { udev = null; };
};
cramfsprogs = callPackage ../os-specific/linux/cramfsprogs { };
@ -17504,6 +17508,14 @@ in
];
};
linux_5_8 = callPackage ../os-specific/linux/kernel/linux-5.8.nix {
kernelPatches = [
kernelPatches.bridge_stp_helper
kernelPatches.request_key_helper
kernelPatches.export_kernel_fpu_functions."5.3"
];
};
linux_testing = callPackage ../os-specific/linux/kernel/linux-testing.nix {
kernelPatches = [
kernelPatches.bridge_stp_helper
@ -17729,7 +17741,7 @@ in
# Update this when adding the newest kernel major version!
# And update linux_latest_for_hardened below if the patches are already available
linuxPackages_latest = linuxPackages_5_7;
linuxPackages_latest = linuxPackages_5_8;
linux_latest = linuxPackages_latest.kernel;
# Build the kernel modules for the some of the kernels.
@ -17744,6 +17756,7 @@ in
linuxPackages_4_19 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_4_19);
linuxPackages_5_4 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_5_4);
linuxPackages_5_7 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_5_7);
linuxPackages_5_8 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_5_8);
# When adding to this list:
# - Update linuxPackages_latest to the latest version
@ -18236,9 +18249,6 @@ in
};
udev = systemd; # TODO: move to aliases.nix
# standalone cryptsetup generator for systemd
systemd-cryptsetup-generator = callPackage ../os-specific/linux/systemd/cryptsetup-generator.nix { };
systemd-wait = callPackage ../os-specific/linux/systemd-wait { };
sysvinit = callPackage ../os-specific/linux/sysvinit { };