Until now, `pkgs.pass` was rebuilt entirely when adding an extension
using the `pass.withExtensions`-function. This is fixed now by removing the
linking of extensions from the fixupPhase and merge all paths (including
those from pkgs.pass) together in using `pkgs.buildEnv`.
The attribute `verifyCargoDeps` is no longer defined in the rustPlatform helper;
it is now the default and always on as part of the improvements in #79975
These patches are gathered from different sources,
such as https://patchwork.kernel.org/patch/10862231/ for the
`gettid` patch.
Another patch comes from the issue in the AFL repository.
The ultimate goal is to get these patches upstream as well,
so we don't keep these general patches only within nixos.
A PR is created against Google/AFL
https://github.com/google/AFL/pull/79,
but it might take a while before it's landed, considering the history
of the project (there are more PRs open).
ZHF: #80379
Fixes issue #82232
This adds a patch series which allows GnuPG to import updates
(revocations and subkeys) from certificates that contain no user ids.
This is relevant for refreshing keys from the default keyserver
keys.openpgp.org, where only user ids that contain verified email
addresses will be distributed, and revoked keys never contain any user
ids.
This patch series was originally authored and submitted to upstream half
a year ago (by me), but now comes from Debian packaging where it's been
included since then.
Relates to the following upstream issue: https://dev.gnupg.org/T4393
Monotonic timer test expects sleep(200ms) to take at most 1s. On
loaded systems like hydra, it's possible for such a test to take
longer than 1 second.
Tests expecting sleep(200ms) to take at least 175ms weren't removed,
because load shouldn't cause sleep to be shorter.
Currently broken; see #79975 for details. Would also be fixed by #80153
eventually, but since we want to upgrade either way we might as well do so now.
Changes the default fetcher in the Rust Platform to be the newer
`fetchCargoTarball`, and changes every application using the current default to
instead opt out.
This commit does not change any hashes or cause any rebuilds. Once integrated,
we will start deleting the opt-outs and recomputing hashes.
See #79975 for details.
This has several advantages:
1. It takes up less space on disk in-between builds in the nix store.
2. It uses less space in the binary cache for vendor derivation packages.
3. It uses less network traffic downloading from the binary cache.
4. It plays nicely with hashed mirrors like tarballs.nixos.org, which only
substitute --flat hashes on single files (not recursive directory hashes).
5. It's consistent with how simple `fetchurl` src derivations work.
6. It provides a stronger abstraction between input src-package and output
package, e.g., it's harder to accidentally depend on the src derivation at
runtime by referencing something like `${src}/etc/index.html`. Likewise, in
the store it's harder to get confused with something that is just there as a
build-time dependency vs. a runtime dependency, since the build-time
src dependencies are tarred up.
Disadvantages are:
1. It takes slightly longer to untar at the start of a build.
As currently implemented, this attaches the compacted vendor.tar.gz feature as a
rider on `verifyCargoDeps`, since both of them are relatively newly implemented
behavior that change the `cargoSha256`.
If this PR is accepted, I will push forward the remaining rust packages with a
series of treewide PRs to update the `cargoSha256`s.
In 87a19e9048 I merged staging-next into master using the GitHub gui as intended.
In ac241fb7a5 I merged master into staging-next for the next staging cycle, however, I accidentally pushed it to master.
Thinking this may cause trouble, I reverted it in 0be87c7979. This was however wrong, as it "removed" master.
This reverts commit 0be87c7979.
I merged master into staging-next but accidentally pushed it to master.
This should get us back to 87a19e9048.
This reverts commit ac241fb7a5, reversing
changes made to 76a439239e.
