3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

1958 commits

Author SHA1 Message Date
Nikolay Amiantov 74107a7867 buildFHSEnv: refactor and simplify, drop buildFHSChrootEnv
This takes another approach at binding FHS directory structure. We
now bind-mount all the root filesystem to directory "/host" in the target tree.
From that we symlink all the directories into the tree if they do not already
exist in FHS structure.

This probably makes `CHROOTENV_EXTRA_BINDS` unnecessary -- its main usecase was
to add bound directories from the host to the sandbox, and we not just symlink
all of them. I plan to get some feedback on its usage and maybe deprecate it.

This also drops old `buildFHSChrootEnv` infrastructure. The main problem with it
is it's very difficult to unmount a recursive-bound directory when mount is not
sandboxed. This problem is a bug even without these changes -- if
you have for example `/home/alice` mounted to somewhere, you wouldn't see
it in `buildFHSChrootEnv` now. With the new directory structure, it's
impossible to use regular bind at all. After some tackling with this I realized
that the fix would be brittle and dangerous (if you don't unmount everything
clearly and proceed to removing the temporary directory, bye-bye fs!). It also
probably doesn't worth it because I haven't heard that someone actually uses it
for a long time, and `buildFHSUserEnv` should cover most cases while being much
more maintainable and safe for the end-user.
2016-06-07 04:06:35 +03:00
David Craven c22f0c7474 Fix buildRustPackage edge cases
1. When multiple versions of the same package are required
   $revs is an array.
2. When cargo fetch is run it usually doesn't need a network
   connection. But when it does SSL_CERT_FILE isn't set.
2016-06-02 17:15:52 +02:00
Eric Litak 7399d0949c fixing libcCross related flags
(excluding darwin and mingw for now)
2016-05-31 16:28:04 -07:00
Nikolay Amiantov 1b2139b3e2 buildFHSEnv: use separate gcc for 64- and 32-bit 2016-05-29 23:22:58 +03:00
Moritz Ulrich d8b0618e6c buildRustPackage: Don't specify logLevel by default. 2016-05-28 15:05:11 +02:00
Moritz Ulrich 1e04865e87 buildRustPackage: Add log-level argument. 2016-05-28 15:05:11 +02:00
Vladimír Čunát e4832c7541 Merge branch 'staging'
Includes a security update of libxml2.
2016-05-27 15:58:40 +02:00
Nikolay Amiantov ebe1cbe0da symlinkJoin: allow arbitrary additional attributes 2016-05-27 13:42:22 +03:00
Vladimír Čunát 81039713fa Merge branch 'master' into staging
... to get the systemd update (rebuilding ~7k jobs).
2016-05-26 16:50:22 +02:00
Domen Kožar 56714859f4 add CentOS 7.1 2016-05-24 11:35:39 +01:00
Domen Kožar 7fc845aeb1 add OpenSuse 13.2
(cherry picked from commit 2cf5dcd99a)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-05-24 11:06:11 +01:00
Domen Kožar ba0d4ecaf7 debian7: change hash due to 7.10 release
(cherry picked from commit 00df301ac2fd1818fa1f96debcee23dbb979834d)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-05-24 10:40:39 +01:00
Vladimír Čunát 0b192a0976 Merge branch 'master' into staging
That's to get mesa rebuild from master, as it's nontrivial.
2016-05-23 09:02:10 +02:00
Guillaume Maudoux bfd522da63 setup-hooks: do not pass missing dirs to find (close #15405)
find fails when called with an inexistent search path.
That situation may arise when the output is created after by a postFixup hook.
vcunat amended the PR by clarifying one more `return` to `return 0`.
2016-05-22 12:08:01 +02:00
Nikolay Amiantov ca38376566 buildFHSUserEnv: don't run bash in login mode for .env
Fixes https://github.com/NixOS/nixpkgs/issues/12406 for `.env`
2016-05-20 14:17:49 +03:00
Profpatsch 28f8ca560f debian-build: fix checkinstall invocation (#15538)
Checkinstall had two problems:
1. when it was called without a version (e.g. with a derivation created
by fetchFromGitHub) it would use `src` as debian version, which caused
dpkg to fail
2. when dpkg failed, it would invoke the pager with the log, which hangs
the build

So now
1. the default version is the dummy `0.0.0`
2. the used pager is `cat`
2016-05-19 09:41:10 +01:00
Domen Kožar a01b6a0d07 fetchzip: improve error message 2016-05-17 17:32:53 +01:00
Vladimír Čunát af364c0f77 fetchurl mirrors: fix gnupg URLs
Some mirrors were missing /gcrypt. Now they should be consistent.
Fixes 15510. Closes 15511.
2016-05-17 11:35:49 +02:00
Eelco Dolstra a5fa7c25cb Merge pull request #15469 from NixOS/fetchgit
fetchgit: remove only .git folder
2016-05-16 16:44:55 +02:00
Domen Kožar 64a072e357 fetchgit: remove only .git
Source of this change goes back to 2009 and original version of
fetchgit at 205fb0c87e.

The nondeterminism is really caused by changing .git so leave other
files alone as they might be interesting.

Note: this causes a hash mismatch with Hydra's version of Git Plugin
which we should fix to comply.
2016-05-15 00:24:04 +01:00
Thomas Tuegel 21efdd8003 Merge pull request #15420 from samuelrivas/emacs-wrapper
emacs: hide wrapper dependencies
2016-05-13 11:58:24 -05:00
Samuel Rivas 67394f9152 emacs: hide wrapper dependencies
Move all the dependencies to their own derivation, so that we don't publish all
of them if the wrapper is installed in a profile.

The previous solution just moved them to a custom directory to avoid conflicts,
this refactors that and completely hides them, while preserving the desired
improvement of adding only one directory to each of the emacs search paths
2016-05-12 22:43:30 +02:00
Vladimír Čunát 6c2fbfbd77 Merge branch 'master' into staging 2016-05-12 04:53:38 +02:00
Carles Pagès e7ab828da1 makeImageFromDebDist: accept additional parameters for vm, as in rpm version. 2016-05-11 15:43:24 +02:00
Joachim Fasting d4d7bfe07b
grsecurity: add option to disable chroot caps restriction
The chroot caps restriction disallows chroot'ed processes from running
any command that requires `CAP_SYS_ADMIN`, breaking `nixos-rebuild`. See
e.g., https://github.com/NixOS/nixpkgs/issues/15293

This significantly weakens chroot protections, but to break
nixos-rebuild out of the box is too severe.
2016-05-10 16:17:08 +02:00
Eelco Dolstra cb37ab146b Add mirror://mozilla scheme 2016-05-09 19:37:22 +02:00
Vladimír Čunát 65a9fa8cdc Merge branch 'master' into staging 2016-05-08 21:24:48 +02:00
zimbatm 4ba7767d91 Merge pull request #14722 from puffnfresh/bug/dockertools-postmount
dockerTools: only add "/nix" if it exists
2016-05-06 17:40:23 +01:00
Joachim Fasting 50d915c758
grsecurity: optionally disable features for redistributed kernels 2016-05-06 16:37:25 +02:00
Vladimír Čunát 1dc36904d8 Merge #14920: windows improvements, mainly mingw 2016-05-05 08:30:19 +02:00
Vladimír Čunát 7a005601d4 Merge branch 'master' to resolve conflicts 2016-05-05 08:25:38 +02:00
Vladimír Čunát 2cbb7bf9d1 cc-wrapper: add -B flag with cc.lib
This fixes `gcc --print-file-name=libstdc++.so`
and thus it should fix #14967.
2016-05-04 14:23:54 +02:00
Peter Simons 397c75aeb4 Revert "Just strip everything by default"
This reverts commit 2362891dc8. The patch
is broken. :-(
2016-05-04 13:40:53 +02:00
Joachim Fasting da767356f2
grsecurity: support disabling TCP simultaneous connect
Defaults to OFF because disabling TCP simultaneous connect breaks some
legitimate use cases, notably WebRTC [1], but it's nice to provide the
option for deployments where those features are unneeded anyway.

This is an alternative to https://github.com/NixOS/nixpkgs/pull/4937

[1]: http://article.gmane.org/gmane.linux.documentation/9425
2016-05-04 03:53:24 +02:00
Tuomas Tynkkynen aadaa91379 Merge remote-tracking branch 'upstream/master' into staging
Conflicts:
	pkgs/applications/networking/browsers/vivaldi/default.nix
	pkgs/misc/emulators/wine/base.nix
2016-05-03 23:12:48 +03:00
Guillaume Maudoux 2362891dc8 Just strip everything by default
Run strip of each file and discard expected failure types.
Also default to stripping the entire output.
2016-05-03 11:04:34 +02:00
Joachim Fasting 39db90eaf6
grsecurity: simplify preConfigure 2016-05-02 11:28:06 +02:00
Joachim Fasting a69501a936
grsecurity: ensure that PaX ELF markings are enabled
The upstream default is to enable only xattr markings, breaking the
paxmarks facility.
2016-05-02 11:28:06 +02:00
Maxim Ivanov dea920bfdc Remove obsolete scatter output hook
There are no users of it in main tree and recent merge
of multiple outputs branch makes it obsolete for private trees
too.

At the time hook was created, recently merged multiple output
branch was relying on passing flags to autotools to split
outputs, which obviously wasn't working for other build systems

Scatter output was taking different approach where files were
moved out from a build tree based on known  paths, which is more
or less what current multiple-outputs.sh hook is able to do too.
2016-04-30 22:05:33 +01:00
Domen Kožar 8a3b70791c vmTools.diskImages: add ubuntu 16.04 2016-04-29 11:50:27 +01:00
Tuomas Tynkkynen 4ff8f377af Merge remote-tracking branch 'upstream/master' into staging 2016-04-28 00:13:53 +03:00
Nikolay Amiantov f6eb686222 Merge pull request #15002 from abbradar/symlink-join-wrappers
Use symlinkJoin for wrappers
2016-04-26 16:47:43 +04:00
Frederik Rietdijk d5e6a4494a Python: use PyPI mirror (#15001)
* mirrors: add pypi

* Python: Use pypi mirror for all PyPI packages
2016-04-26 13:38:03 +01:00
Nikolay Amiantov dfe608c8a2 symlinkJoin: accept set as an argument with additional options 2016-04-26 15:37:42 +03:00
Nikolay Amiantov 62616ec5e2 Merge commit 'refs/pull/14907/head' of git://github.com/NixOS/nixpkgs into staging 2016-04-25 18:02:47 +03:00
Nikolay Amiantov 5e85760ff1 Merge commit 'refs/pull/14909/head' of git://github.com/NixOS/nixpkgs into staging 2016-04-25 18:02:32 +03:00
Nikolay Amiantov 5f19542581 Merge commit 'refs/pull/14694/head' of git://github.com/NixOS/nixpkgs into staging 2016-04-25 18:02:23 +03:00
Nikolay Amiantov 69a072484d gcc-wrapper-old: fix binutils and coreutils' paths 2016-04-25 14:27:51 +03:00
jraygauthier ddc401ed0a icon-conv-tools: init at 0.0.0 (#13905)
A nix specific set of tools for converting icon files
that are not in a freedesktop ready format.

I plan on using these tools for both `keepass` and
`retroarch` packages. It may benifit many other packages.
2016-04-25 13:16:47 +02:00
Nikolay Amiantov 5ff40ddedf add get* helper functions and mass-replace manual outputs search with them 2016-04-25 13:24:39 +03:00
Profpatsch a2d38bc7fc doc/stdenv.xml document substitution env variables
The filtering of environment variables that start with an uppercase
letter is documented in the manual.
2016-04-23 21:41:35 +02:00
Tuomas Tynkkynen bd18cc3cdc Merge pull request #14888 from dezgeg/pr-kill-module-init-tools
Delete all usages of module_init_tools and remove the package
2016-04-23 14:29:41 +03:00
Vladimír Čunát 6e7787e666 stdenv for windows: auto-link dependency DLLs
For every *.{exe,dll} in $output/bin/ we try to find all (potential)
transitive dependencies and symlink those DLLs into $output/bin
so they are found on invocation.
(DLLs are first searched in the directory of the running exe file.)

The links are relative, so relocating whole /nix/store won't break them.
The hook is activated on cygwin and when cross-compiling to mingw.
2016-04-23 10:52:00 +02:00
Guido Zgraggen 6ea0ae58af nix-prefetch-git: create parent directories 2016-04-22 16:51:49 -07:00
Tuomas Tynkkynen 01854a850a treewide: Replace module_init_tools -> kmod
The former is deprecated and doesn't handle compressed kernel modules,
so all current usages of it are broken.
2016-04-22 10:40:57 +03:00
Vladimír Čunát 57474b7d4a Merge branch 'master' into staging
Compare to Hydra nixpkgs job 1260021.
2016-04-20 16:49:52 +02:00
Vladimír Čunát f6dfbb692c stdenv multiple-outputs: fix cross-build propagation
Fixes #14817. The outputs weren't propagated correctly when
cross-building.
2016-04-20 16:37:23 +02:00
Vladimír Čunát 9f8751528c stdenv multiple-outputs: fix #14782 --docdir location
- the default --docdir is typically DATAROOTDIR/doc/pkgName
- I saw no other way than to employ some magic to guess this `pkgName`
- user can override it by setting $shareDocName
2016-04-20 16:36:10 +02:00
Eelco Dolstra 21a2f2ba3b nix: Add a "dev" output
This gets rid of boehm-dev in the closure (as well as Nix's own
headers).
2016-04-18 21:13:18 +02:00
Vladimír Čunát f57c6449dc buildEnv: fix #14682 evaluation in some edge cases
I supplied meta.outputsToInstall automatically in all
mkDerivation products, but some packages still don't use it.
The reported case: jekyll -> bundlerEnv -> buildEnv -> runCommand.
2016-04-17 08:57:17 +02:00
Marius Bakke d534e38d58 makeWrapper: allow special characters in variable contents 2016-04-16 02:58:02 +01:00
Brian McKenna 0167b61ef4 dockerTools: only add "/nix" if it exists
The /nix path in 4d200538 of the layer tar didn't exist for some
packages, such as cacert. This is because cacert just creates an /etc
directory and doesn't depend on any other /nix paths. If we tried
putting this directory in the tar and using overlayfs with it, we'd get
"Invalid argument" when trying to remove the directory.

We now check whether the closure is non-empty before telling tar to
store the /nix directory.

Fixes #14710.
2016-04-16 01:16:49 +10:00
Brian McKenna bc2f314f73 dockerTools: make tars deterministic
There were two sources of non-determinisim coming into the images. The
first was tar mtimes, the second was pigz/gzip times.

An example image now passes with the --check flag.
2016-04-15 09:29:15 +10:00
Domen Kožar 0f9268e52c fetchurl: assert required Nix version for sha512 2016-04-14 12:50:21 +01:00
Luca Bruno 44d651485a dockerTools: fix difference between base files and layer files 2016-04-14 12:23:49 +02:00
Luca Bruno 4d200538c2 dockerTools: fix /nix/store permissions 2016-04-14 12:23:48 +02:00
Luca Bruno 6d8845ed8f Merge pull request #14588 from puffnfresh/bug/remove-docker-tarballs
dockerTools: remove "tarballs" attribute
2016-04-13 21:01:01 +02:00
Eelco Dolstra 3ecbe604ef fetchurl: Support SHA-512 hashes 2016-04-13 14:11:14 +02:00
Nikolay Amiantov d0fd551876 buildFHSEnv: post-closure-size fix 2016-04-13 14:28:33 +03:00
Nikolay Amiantov 5c38c36472 Merge pull request #14650 from hrdinka/fhs-chroot/pkg-path
build-fhs-chrootenv: set PKG_CONFIG_PATH
2016-04-13 14:24:09 +04:00
Christoph Hrdinka 54fa4c4cec build-fhs-chrootenv: set PKG_CONFIG_PATH
Currently `PKG_CONFIG_PATH` isn't set in FHS chroots rendering `pkg-config`
unusable. This patch sets it to `/usr/lib/pkgconfig`.
2016-04-13 11:06:33 +02:00
Vladimír Čunát 39ebb01d6e Merge branch 'staging', containing closure-size #7701 2016-04-13 09:25:28 +02:00
Joachim Fasting 27035365ec build-support/grsecurity: simplify the grsecurityOverrider
Adding inputs required by gcc plugins to the ambient environment is sufficient.
2016-04-12 01:23:32 +02:00
Brian McKenna d150fe8915 dockerTools: use pigz for final image tar
Saves a few seconds on large images.
2016-04-11 16:32:47 +10:00
Brian McKenna ebb911cc0b dockerTools: remove tarballs functionality
I think the intention of this functionality was to provide a simple
alternative to the "runAsRoot" and "contents" attributes.

The implementation caused very slow builds of Docker images. Almost all
of the build time was spent in IO for tar, due to tarballs being
created, immediately extracted, then recreated. I had 30 minute builds
on some of my images which are now down to less than 2 minutes. A couple
of other users on #nix IRC have observed similar improvements.

The implementation also mutated the produced Docker layers without
changing their hashes. Using non-empty tarballs would produce images
which got cached incorrectly in Docker.

I have a commit which just fixes the performance problem but I opted to
completely remove the tarball feature after I found out that it didn't
correctly implement the Docker Image Specification due to the broken
hashing.
2016-04-11 16:32:43 +10:00
Vladimír Čunát 30f14243c3 Merge branch 'master' into closure-size
Comparison to master evaluations on Hydra:
  - 1255515 for nixos
  - 1255502 for nixpkgs
2016-04-10 11:17:52 +02:00
Vladimír Čunát 710573ce6d Merge #12653: rework default outputs 2016-04-07 16:00:09 +02:00
Vladimír Čunát 9a824f2f1d treewide: rename extraOutputs{ToLink,ToInstall}
This is to get more consistent with `meta.outputsToInstall`.
2016-04-07 15:59:44 +02:00
Vladimír Čunát 2995439003 buildEnv: respect meta.outputsToInstall
As a result `systemPackages` now also respect it.
Only nix-env remains and that has a PR filed:
    https://github.com/NixOS/nix/pull/815
2016-04-07 15:59:44 +02:00
Vladimír Čunát d1df28f8e5 Merge 'staging' into closure-size
This is mainly to get the update of bootstrap tools.
Otherwise there were mysterious segfaults:
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-203389817
2016-04-07 14:40:51 +02:00
Tuomas Tynkkynen 6b42f9f4be Merge commit 'bde820' from staging
http://hydra.nixos.org/eval/1252653 - only ~9400 packages to go at the
time of writing this.
2016-04-06 01:18:28 +03:00
Vladimír Čunát aa670eb503 vmTools: update debian jessie 8.3 -> 8.4
Their in-place updates break download hashes...
2016-04-05 14:32:04 +02:00
Nikolay Amiantov 88c97e2860 Merge pull request #14413 from abbradar/steam-run
steam-run: add derivation
2016-04-04 18:04:45 +04:00
Samuel Rivas f1b0d6410e emacsWithPackages: reduce some duplication 2016-04-03 21:21:50 +02:00
Samuel Rivas 2b199537b7 emacsWithPackages: move bin and site-lisp to private share directory
This is to avoid unwanted side effects when installing a wrapped emacs in the environment:

  * All executables in the dependencies become available in the user environment
  * All site-lisp binaries in the dependencies become accessible to unwrapped emacs

Also, both bin and site-lisp would generate conflicts so installing a wrapped emacs becomes really cumbersome
2016-04-03 21:11:38 +02:00
Nikolay Amiantov 375c410d07 userFHSEnv: add passthru, rename meta 2016-04-03 04:19:58 +03:00
Tomasz Kontusz 6c9ce23c00 cc-wrapper: Fix a typo in param parsing (close #14401) 2016-04-02 20:51:48 +02:00
Eelco Dolstra 13a1c7b8c1 useOldCXXAbi: Change into a setup hook
Stdenv adapters considered weird.
2016-04-01 13:36:59 +02:00
Lluís Batlle i Rossell 635c99ce87 vm: allow overriding QEMU_OPTS / memSize for images.
It's nice to be able to create disk images with -smp 4
in qemu.
2016-04-01 10:32:59 +02:00
Vladimír Čunát ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Lluís Batlle i Rossell ab93f8c137 Making vm's qemu cache=unsafe. Faster.
I don't think it's unsafe, if it's meant for nix expressions.
2016-03-31 09:27:25 +02:00
Lluís Batlle i Rossell e21dd19168 Making vm's interactive shell handle the terminal well. 2016-03-31 09:27:14 +02:00
Nikolay Amiantov a5322efd95 Revert "Remove PATH assumption from fhs-userenv."
This reverts commit 2f26b82411.

This breaks terminfo in Bash for some reason (i.e. TAB and other
special keys).
2016-03-29 17:58:07 +03:00
Rodney Lorrimar 457eddd18f bower2nix: 2.1.0 -> 3.0.1
1. Update bower2nix version and add new/updated dependencies into
   node-packages-generated.nix. This was done manually, with npm2nix
   generating the initial set of derivations. In future, it would be
   nice to have an automatic process (see #10358, #9332).

2. Add an override to nodePackages.bower2nix wrapping the commands so
   that git is on the PATH.

3. Update fetchbower to support new command-line options of bower2nix,
   and to allow github URL tag versions.
2016-03-28 08:23:06 +01:00
Domen Kožar b07e7bfc7b Merge remote-tracking branch 'origin/staging' 2016-03-27 13:19:04 +01:00
Joachim Fasting 304c4a514e grsecurity: fix gcc plugin
Also needs mpfr and libmpc
2016-03-26 21:01:21 +01:00
Nicolas B. Pierron 5d6a4a6fa9 Merge pull request #14000 from nbp/fix-extend
Use fix and extends functions for all-packages.nix
2016-03-24 20:54:20 +01:00
Nikolay Amiantov 119c287c71 cc-wrapper: use Bash arrays properly 2016-03-24 21:13:11 +03:00
Nikolay Amiantov 0c6db0ca48 cc-wrapper: add option to skip flags for native optimizations 2016-03-24 20:16:17 +03:00
Eelco Dolstra 89693e71b9 Merge pull request #13907 from abbradar/cpp-wrapper
cc-wrapper: add C++-specific paths if `-x cpp` is passed
2016-03-24 18:12:04 +01:00