3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

4206 commits

Author SHA1 Message Date
Frederik Rietdijk f3b4ae8402 Merge staging-next into staging 2020-12-31 13:29:55 +01:00
Daniël de Kok 67a10c88bb buildRustPackage: add cargoHash for SRI hashes of vendored deps
`buildRustPackage` currently accepts `cargoSha256` as a hash for
vendored dependencies. This change adds `cargoHash` which accepts SRI
hashes, setting `outputHashAlgo` to `null`.

The hash mismatch message still uses `cargoSha256` as an example,
which it probably should until we completely switch to SRI hashes.
2020-12-31 11:18:11 +01:00
github-actions[bot] 8eb607335b
Merge staging-next into staging 2020-12-30 12:24:51 +00:00
Damien Diederen 3363377530 vmTools.debClosureGenerator: Fix non-determinism in dependency graph
By default, Perl versions since 5.8.1 use randomization to make hashes
resistant to complexity attacks.

That randomization makes building VM images such as ubuntu1804x86_64
non-deterministic because the (imported) derivations built by
deb/deb-closure.pl are not stable.

This can easily be observed by repeating the following sequence of
commands and noting the path of the image's .drv:

    nix-instantiate -E '(import <nixpkgs> {}).vmTools.diskImageFuns.ubuntu1804x86_64 {}'
    nix-store --delete /nix/store/*ubuntu-18.04-bionic-amd64.nix

One source of non-determinism is the handling of Provides/Replaces,
which depends on the order of iteration over %packages.  Here is a
diff showing the corresponding change in output:

     >>> awk
    -virtual awk: using original-awk
    -    original-awk: libc6 (>= 2.14)
    +virtual awk: using mawk
    +    mawk: libc6 (>= 2.14)

    -    mawk: libc6 (>= 2.14)
    ->>> libc6

This patch sorts packages by name for Provides/Replaces processing,
which seems to result in stable output.

(If the above turns out not to be sufficient, one could also set the
PERL_HASH_SEED and PERL_PERTURB_KEYS environment variables, documented
in 'perlrun', to disable Perl's built-in randomization.  Complexity
attacks are not an issue as we control and trust all inputs.)
2020-12-30 11:37:37 +01:00
Jörg Thalheim 66c16e12fa
buildFhsUserenv: don't downgrade root user 2020-12-27 17:19:49 +01:00
Jörg Thalheim 61bbbcd1af
bintools-wrapper: skip dynamic linker for static binaries 2020-12-27 16:42:11 +01:00
Kevin Cox 11e522cb6e
Revert "nix-gitignore: Optimise performance" 2020-12-27 08:04:16 -05:00
DavHau 2efcf6dc26 autoPatchelf: add comment why ignore failing ldd/sed 2020-12-25 12:13:03 +01:00
DavHau 2fde1e63ba autoPatchelfHook: fix shellcheck errors 2020-12-25 12:13:03 +01:00
DavHau 4ac5d22654 autoPatchelfHook: fix bug introduced by #101142 2020-12-25 12:13:03 +01:00
John Ericson fb875dcf6f
Merge pull request #107507 from LibreCybernetics/add-zen-info
lib.systems: update processor architecture info
2020-12-24 10:23:10 -05:00
Florian Klink 8f5c939147
Merge pull request #107435 from flokli/gnats-cc-wrapper-format-unsupported
gnats: format hardened flag isn't supported
2020-12-24 02:25:27 +01:00
Fabián Heredia Montiel 2a9ac172c1 lib.systems: update processor architecture info 2020-12-23 18:57:59 -06:00
Ryan Burns 61a6d1aae2 stdenv: trim random seed to avoid reference cycles
Using the full store hash as the random seed occasionally caused
reference cycles when the invocation was stored in output artifacts.
For example, cross-compiled gcc was failing due to this:
https://hydra.nixos.org/eval/1631713#tabs-now-fail

Simply truncating the hash is sufficient to avoid this.
2020-12-23 16:46:39 -08:00
Florian Klink 07c4056179 gnats: format hardened flag isn't supported
When invoking a simple Ada program with `gcc` from `gnats10`, the
following warnings are shown:

```
$ gcc -c conftest.adb
gnat1: warning: command-line option ‘-Wformat=1’ is valid for C/C++/ObjC/ObjC++ but not for Ada
gnat1: warning: command-line option ‘-Wformat-security’ is valid for C/C++/ObjC/ObjC++ but not for Ada
gnat1: warning: ‘-Werror=’ argument ‘-Werror=format-security’ is not valid for Ada
$ echo $?
0
```

This is only spammy when compiling Ada programs inside a Nix derivation,
but certain configure scripts (such as the ./configure script from the
gcc that's built by coreboot's `make crossgcc` command) fail entirely
when getting that warning output.

https://nixos.wiki/wiki/Coreboot currently suggests manually running

> NIX_HARDENING_ENABLE="${NIX_HARDENING_ENABLE/ format/}" make crossgcc

… but actually teaching the nixpkgs-provided cc wrapper that `format`
isn't supported as a hardening flag seems to be the more canonical way
to do this in nixpgks.

After this, Ada programs still compile:

```
$ gcc -c conftest.adb
$ echo $?
0
```

And the compiler output is empty.
2020-12-23 01:51:14 +01:00
adisbladis f475529d44
Merge pull request #107284 from r3v2d0g/emacs-wrapper-nativecomp
emacs: replace 'emacs.nativeComp' in wrapper with 'nativeComp'
2020-12-23 00:07:44 +01:00
Matthieu Le brazidec (r3v2d0g) bfec6c34b4
emacs: replace 'emacs.nativeComp' in wrapper with 'nativeComp' 2020-12-20 21:15:18 +01:00
sternenseemann 640d92513d buildDunePackage: use dune install instead of opaline 2020-12-21 00:43:33 +01:00
John Ericson ddeef0d322 tests.buildRustCrate: Fix after hashing method change
As @lopsided98 points out in #105305, since the hashes are now target
sensative, and until we find reason to actually care to test what they
are exactly, we are best just normalizing them away in the tests.
2020-12-19 19:05:07 +00:00
Linus Heckemann 14fbf575ec make-initrd: various improvements
- Generate a link to the initramfs file with an appropriate file
  extension, guessed based on the compressor by default
- Use correct metadata in u-boot images if generated, up to now this
  was hardcoded to gzip and would silently generate an erroneous image
  if another compressor was specified
- Document all the parameters
- Improve cross-building compatibility, by allowing passing either a
  string as before, or a function taking a package set and returning the
  path to a compressor in the "compressor" argument of the
  function.
- Support more compression algorithms
- Place compressor executable function and arguments in passthru, for
  reuse when appending initramfses

Co-Authored-By: Dominik Xaver Hörl <hoe.dom@gmx.de>
2020-12-17 11:37:04 +01:00
Linus Heckemann 3a3c9c9548 makeInitrd: include dotfiles at root 2020-12-17 11:10:37 +01:00
Linus Heckemann 85e0ae7827 makeInitrd: don't assume uImage => arm
mips for example might use uImages too
2020-12-17 11:10:37 +01:00
Linus Heckemann a343ff7e14 makeInitrd: make uinitrd behaviour optional 2020-12-17 11:10:36 +01:00
aszlig 1152978cda
vm: Remove runInWindowsVM implementation
Originally this was meant to support other Windows versions than just
Windows XP, but before I actually got a chance to implement this I left
the project that I implemented this for.

The code has been broken for years now and I highly doubt anyone is
interested in resurrecting this (including me), so in order to make this
less of a maintenance burden for everybody, let's remove it.

Signed-off-by: aszlig <aszlig@nix.build>
2020-12-17 07:03:36 +01:00
adisbladis dd5d2482c9
emacs: Fix accidental double wrapping
This makeWrapper invocation found it's way back via a rebase.
2020-12-17 02:44:37 +01:00
Tad Fisher a7cb8e36ac
emacs: Add comp-eln-load-path infrastructure 2020-12-16 19:45:07 +01:00
Daniël de Kok 00941cd747
Merge pull request #105787 from danieldk/build-rust-crate-njobs
buildRustCrate: set NUM_JOBS to NIX_BUILD_CORES
2020-12-16 13:38:43 +01:00
Lassulus 00b8fa792b
Merge pull request #106000 from Luis-Hebendanz/firefoxWrapperAddonSettings
firefox: wrapper updating an addon perserves addon settings
2020-12-15 22:16:48 +01:00
Luis Hebendanz 1c8c134972 firefox: wrapper updating an addon perserves addon settings 2020-12-15 22:02:34 +01:00
Robert Hensing 5cacf0fcec dockerTools: use go.GOARCH as default arch 2020-12-15 02:15:35 -08:00
Terin Stock 8f66dc94a7 dockerTools: normalize arch to GOARCH
Docker (via containerd) and the the OCI Image Configuration imply and
suggest, respectfully, that the architecture set in images matches those
of GOARCH in the Go Language document.

This changeset updates the implimentation of getArch in dockerTools to
return GOARCH values, to satisfy Docker.

Fixes: #106695
2020-12-15 02:14:01 -08:00
Mario Rodas eb9751c6d6 emacsWithPackages: fix application wrapper on darwin 2020-12-12 04:20:00 +00:00
Frederik Rietdijk 3b85d7d54f
Merge pull request #106321 from NixOS/staging-next
Staging next
2020-12-11 15:56:17 +01:00
Robert Hensing ba5e222245 fetchMavenArtifact: fix generated url 2020-12-11 13:58:19 +01:00
Robert Hensing f0568c2228 fetchMavenArtifact: switch mirrors to https
Maven repositories are disabling HTTP support for security.
Even though Nix adds some security with its own hash validation,
broken mirrors are a, well, suboptimal experience.
I don't know of any plans by sonatype, but it seems like a matter
of time.

https://www.lightbend.com/blog/lightbend-to-require-https-on-repos-starting-august-5-2020
2020-12-11 11:43:23 +01:00
github-actions[bot] 614876ef33
Merge master into staging-next 2020-12-11 00:40:21 +00:00
adisbladis 316094b8ab
Merge pull request #106606 from alyssais/elpa-meta
emacsPackages.elpaBuild: pass through meta
2020-12-11 00:22:42 +01:00
adisbladis 1ad3b14759
Merge pull request #106608 from alyssais/melpa-homepage
emacsPackages.melpaPackages: HTTPS for homepages
2020-12-11 00:10:01 +01:00
adisbladis 09e349206d
Merge pull request #106486 from alyssais/emacsWithPackages
emacsWithPackages: EMACSLOADPATH correctness fixes
2020-12-11 00:08:59 +01:00
Alyssa Ross 23d4bfb666
emacsWithPackages: don't tell sub-Emacs about pkgs
If I'm running an Emacs executable from emacsWithPackages as my main
programming environment, and I'm hacking on Emacs, or the Emacs
packaging in Nixpkgs, or whatever, I don't want the Emacs packages
from the wrapper to show up in the load path of that child Emacs.  It
results in differing behaviour depending on whether the child Emacs is
run from Emacs or from, for example, an external terminal emulator,
which is very surprising.

To avoid this, pass another environment variable containing the
wrapper site-lisp path, and use that value to remove the corresponding
entry in EMACSLOADPATH, so it won't be propagated to child Emacsen.
2020-12-10 22:52:31 +00:00
Alyssa Ross 0127013b0f
emacsWithPackages: mutate EMACSLOADPATH correctly
An empty entry in EMACSLOADPATH gets filled with the default value.
This is presumably why the wrapper inserted a colon after the entry it
added for the dependencies.  But this naive approach wasn't always
correct.

For example, if the user ran emacs with EMACSLOADPATH=foo, the wrapper
would insert the default value (by adding the trailing `:') even
though the user was trying to expressly opt out of it.

To do this correctly, here I've replaced makeWrapper with a bespoke
script that will actually parse the EMACSLOADPATH provided in the
environment (if given), and insert the wrapper's load path just before
the default value.  If EMACSLOADPATH is given but contains no default
value, we respect that and don't add the wrapped dependencies at all.
If no EMACSLOADPATH is given, we insert the wrapped dependencies
before the default value, just like before.  In this way, the wrapped
Emacs should now behave as if the wrapped dependencies were part of
Emacs's default load-path value.
2020-12-10 22:35:57 +00:00
Alyssa Ross 00a246c5ce
emacsPackages.melpaPackages: HTTPS for homepages 2020-12-10 22:15:21 +00:00
Alyssa Ross 5016fdb269
emacsPackages.elpaBuild: pass through meta
Previously, meta wasn't being passed through at all, because it's
removed from args without being used anywhere.  This made it so that
rcirc-menu wasn't being marked as broken even though it was supposed
to be.

This patch copies the meta handling from melpaBuild, including the
default home page (adapted for ELPA).
2020-12-10 22:03:20 +00:00
Guillaume Girol 4eb94d0ca1
Merge pull request #94960 from symphorien/gitignore
nix-gitignore: filter-out .git
2020-12-10 20:34:54 +00:00
github-actions[bot] faad8493f7
Merge master into staging-next 2020-12-09 18:15:18 +00:00
Martin Weinelt 6a4be92dd8
Merge pull request #106409 from jonringer/fix-steam
steam: fix paradox launchers, and electron apps
2020-12-09 17:08:05 +01:00
Emery Hemingway e9158eca70 fetchfirefoxaddon: support for SRI hashes 2020-12-09 15:09:49 +01:00
Jonathan Ringer 6c52434eb0
buildFHSUserEnvBubblewrap: expand unshare options 2020-12-08 18:40:51 -08:00
github-actions[bot] 7d6630d7db
Merge master into staging-next 2020-12-09 00:39:29 +00:00
Matthieu Coudron 3dd316723d mirrors: fix lua mirrors
Seems like urls in mirrors must end up with a / otherwise download fails.
2020-12-08 23:55:31 +01:00
Emery Hemingway e4d17dc558 setup-hooks/strip: more robust stripping
Use "find -exec" to strip rather than "find … | xargs …". The former
ensures that stripping is attempted for each file, whereas the latter
will stop stripping at the first failure. Unstripped files can fool
runtime dependency detection and bloat closure sizes.
2020-12-08 05:35:48 +01:00
Anderson Torres cef4502feb
Merge pull request #105818 from raboof/symlink-compressed-manpages-deterministically
compress-man-pages: symlink compressed manpages deterministically
2020-12-07 23:37:35 -03:00
github-actions[bot] a1b2303710
Merge staging-next into staging 2020-12-07 18:15:25 +00:00
adisbladis ef3ed45c12
nix-gitignore: Optimise performance
There are a few operations in this library that naively runs on every
iteration while they could be cached.

For a simple test repository with a small number of files and ~1000
gitignore patterns this brings memory usage down from ~233M to ~157M
and wall time from 2.6s down to 0.78s.

This should scale similarly with the number of files in a repository.
2020-12-07 14:14:20 +01:00
github-actions[bot] 6bc7a2c814
Merge staging-next into staging 2020-12-06 12:18:43 +00:00
Frederik Rietdijk b6e98f1895
Merge pull request #105584 from NixOS/staging-next
Staging next
2020-12-06 11:48:51 +01:00
Jörg Thalheim 1df84d17b9
Merge pull request #103755 from hlolli/feature/fetchmaven-classifiers 2020-12-06 08:37:15 +00:00
hlolli 38ad378228
add classifier as an argument 2020-12-05 18:56:46 +01:00
github-actions[bot] 899d916e1d
Merge staging-next into staging 2020-12-05 12:18:20 +00:00
github-actions[bot] 0947539ec1
Merge master into staging-next 2020-12-05 12:18:17 +00:00
Arnout Engelen 777cb35eb8
compress-man-pages: symlink compressed manpages deterministically
For example graphviz has chained symlinked manpages: dot2gxl.1 is
a symlink to gv2gxl.1 which is a symlink to gxl2gv.1

The second loop replaces each non-compressed symlink to a compressed
symlink. The target is determined with 'readlink -f', which follows
links recursively until the first name that is not a link (so either
the 'target name' or the first 'dangling' symlink).

This means that if the loop converted dot2gxl.1 before converting
gv2gxl.1 it would add a symlink `dot2gxl.1.gz->gxl2gv.1.gz`. When
it converted gv2gxl.1 first, it would then add a
`dot2gxl.1.gz->gv2gxl.1.gz` symlink.

Both are 'correct', but it's weird the result depends on the order
in which 'find' returns the files. This PR makes the behaviour
deterministic.

fixes #104708
2020-12-04 09:24:37 +01:00
Luke Granger-Brown 1f6d750097 fetchzip: get write permission on unpacked directory
This is a workaround for NixOS/nix#4295, which caused single-user Linux
Nix installations using sandboxed builds to start failing to build
fetchzip derivations after 4a5c49363a.

In short: removing write permissions for the entire directory is great,
except we then can't rename(2) it to the final Nix store path out of the
sandbox, because we don't have write permission on the directory and
thus cannot update the ".." directory entry.
2020-12-04 03:28:00 +00:00
github-actions[bot] 03619d4f2b
Merge staging-next into staging 2020-12-03 12:18:48 +00:00
github-actions[bot] 5b73e3087a
Merge master into staging-next 2020-12-03 12:18:45 +00:00
Daniël de Kok e87d457564 buildRustCrate: set NUM_JOBS to NIX_BUILD_CORES
Bofore this change, NUM_JOBS was set to 1. Some crates for building
C/C++ code (e.g. the cc and cmake crates), rely on this variable to
set the number of jobs. As a consequence, we were compiling embedded
libraries serially. Change this to NIX_BUILD_CORES to permit parallel
builds.

Prior discussion:

https://github.com/NixOS/nixpkgs/pull/50452#issuecomment-439407547
2020-12-03 12:44:12 +01:00
Frederik Rietdijk c7843cf6a2
Merge pull request #101142 from DavHau/improve-autopatchelf
autoPatchelfHook: optimize performance; better error handling
2020-12-03 12:34:05 +01:00
Jörg Thalheim 3cd6bc103d
Merge branch 'master' into firefox-nix-addon-support 2020-12-03 07:20:16 +00:00
github-actions[bot] 58274c4f8d
Merge master into staging-next 2020-12-03 00:36:28 +00:00
Florian Klink 7a34bcc2a3
Merge pull request #105685 from flokli/dockertools-fakenss
dockerTools.fakeNss: init
2020-12-02 23:34:46 +01:00
github-actions[bot] d3f5608624
Merge master into staging-next 2020-12-02 18:13:34 +00:00
John Ericson 8e21ce5fae
Merge pull request #105294 from Ericson2314/platform-config-improvements
Platform config improvements
2020-12-02 11:17:41 -05:00
Florian Klink e054694925 dockerTools.binSh: init 2020-12-02 14:57:23 +01:00
Florian Klink f7ee2706c2 dockerTools.fakeNss: init
This provides a /etc/passwd and /etc/group that contain root and nobody.

Useful when packaging binaries that insist on using nss to look up
username/groups (like nginx).

The current nginx example used the `runAsRoot` parameter to setup
/etc/group and /etc/passwd (which also doesn't exist in
buildLayeredImage), so we can now just use fakeNss there and use
buildLayeredImage.
2020-12-02 14:56:07 +01:00
github-actions[bot] 89e8bf0f2a
Merge master into staging-next 2020-12-02 12:30:55 +00:00
Jörg Thalheim 9712bbdf74
firefoxaddon: formatting nitpicks 2020-12-02 09:53:53 +01:00
Luis Hebendanz 5f8eca5461
Added missing sha1 and sha512 flags 2020-12-02 09:40:53 +01:00
Luis Hebendanz 397597f731
Added fetchfirefoxaddon 2020-12-02 09:40:53 +01:00
edef de88771a7d nix-prefetch-docker: output informational messages to stderr
Informational messages belong on stderr, not on stdout and intermixed
with structured output for programmatic use.

Change-Id: I34d094d04460494e9ec8953db7490f4e2292d959
2020-12-01 16:58:29 +00:00
Jan Tojnar 27b974d84b
Merge branch 'staging-next' into staging 2020-12-01 03:26:36 +01:00
Frederik Rietdijk 9a63b3d3d6
Merge pull request #104781 from NixOS/staging-next
Staging next
2020-11-30 18:27:29 +01:00
John Ericson 77816426b6
Merge pull request #105305 from lopsided98/build-rust-crate-platform-hash
buildRustCrate: add host platform to rlib hash suffix
2020-11-29 10:50:25 -05:00
Frederik Rietdijk 05d1c49209 Merge staging-next into staging 2020-11-29 13:51:33 +01:00
Frederik Rietdijk 0d8491cb2b Merge master into staging-next 2020-11-29 13:51:10 +01:00
Ben Wolsieffer 8c479059b9 buildRustCrate: add host platform to rlib hash suffix 2020-11-28 22:25:11 -05:00
Fabian Möller 50f54c5ca7 copyDesktopItems: add new setup-hook 2020-11-29 04:03:38 +01:00
John Ericson 73425f6c3b Merge remote-tracking branch 'upstream/master' into staging 2020-11-28 21:33:03 -05:00
Benjamin Hipple 9426084fec
Merge pull request #102114 from MetaDark/fetchzip
fetchzip: remove write permissions for unpacked files
2020-11-28 19:18:14 -05:00
John Ericson 04f6973200 lib, binutils: Move Risc-V bfdEmulation to be by the others 2020-11-29 00:03:51 +00:00
John Ericson 8ddf5c6907 Merge remote-tracking branch 'upstream/master' into aj-rust-custom-target 2020-11-28 18:10:38 +00:00
John Ericson c6617d28ef Merge remote-tracking branch 'upstream/master' into aj-rust-custom-target 2020-11-28 17:09:12 +00:00
Jan Tojnar 136152af80
Merge pull request #101537 from jtojnar/gtk-tracker 2020-11-28 01:37:37 +01:00
Frederik Rietdijk b2a3891e12 Merge master into staging-next 2020-11-27 15:09:19 +01:00
Florian Klink ae5764621d make-desktopitem: desktop-file-utils is a nativeBuildInput
This fixes cross-compilation of a NixOS with the manual enabled.
2020-11-27 01:17:32 +01:00
Sandro 3819fb300b
Merge pull request #101542 from wahjava/fix/fetchfossil
fetchfossil: Depend on cacert
2020-11-27 00:15:29 +01:00
MetaDark 4a5c49363a fetchzip: remove write permissions for unpacked files
Fixes https://github.com/NixOS/nixpkgs/issues/38649
2020-11-26 15:30:12 -05:00
Jan Tojnar acfc45bacc
wrapGAppsNoGuiHook: init 2020-11-26 14:06:07 +01:00
Graham Christensen bc49a0815a
utillinux: rename to util-linux 2020-11-24 12:42:06 -05:00
Jörg Thalheim 79086e5d55
Merge pull request #104769 from symphorien/appimage-run-locale
appimage-run: parse readelf's output in C locale
2020-11-24 15:39:35 +01:00
Symphorien Gibol 4d51f95638 appimage-run: parse readelf's output in C locale
fixes #101137
2020-11-24 13:55:04 +01:00
Jan Tojnar 6d99109b12
Merge branch 'staging-next' into staging 2020-11-24 05:44:44 +01:00