1) Packages formerly called haskell-haskell-platform-ghcXYZ-VVVV.X.Y.Z are
now called haskell-platform-VVVV.X.Y.Z. The latest version can be
installed by running "nix-env -i haskell-platform".
2) The attributes haskellPackages_ghcXYZ.haskellPlatform no longer exist.
Instead, we have attributes like haskellPlatformPackages."2012_4_0_0".
(The last numeric bit must be quoted when used in a Nix file, but not on
the command line to nix-env, nix-build, etc.) The latest Platform has a
top-level alias called simply haskellPlatform.
3) The haskellPackages_ghcXYZ package sets offer the latest version of every
library that GHC x.y.z can compile. For example, if 2.7 is the latest
version of QuickCheck and if GHC 7.0.4 can compile that version, then
haskellPackages_ghc704.QuickCheck refers to version 2.7.
4) All intermediate GHC releases were dropped from all-packages.nix to
simplify our configuration. What remains is a haskellPackages_ghcXYZ set
for the latest version of every major release branch, i.e. GHC 6.10.4,
6.12.3, 7.0.4, 7.2.2, 7.4.2, 7.6.3, 7.8.2, and 7.9.x (HEAD snapshot).
5) The ghcXYZPrefs functions in haskell-defaults.nix now inherit overrides
from newer to older compilers, i.e. an override configured for GHC 7.0.4
will automatically apply to GHC 6.12.3 and 6.10.4, too. This change has
reduced the redundancy in those configuration functions. The downside is
that overriding an attribute for only one particular GHC version has become
more difficult. In practice, this case doesn't occur much, though.
6) The 'cabal' builder has a brand-new argument called 'extension'. That
function is "self : super : {}" by default and users can override it to
mess with the attribute set passed to cabal.mkDerivation. An example use
would be the definition of darcs in all-packages.nix:
| darcs = haskellPackages.darcs.override {
| cabal = haskellPackages.cabal.override {
| extension = self : super : {
| isLibrary = false;
| configureFlags = "-f-library " + super.configureFlags or "";
| };
| };
| };
In this case, extension disables building the library part of the package
to give us an executable-only version that has no dependencies on GHC or
any other Haskell packages.
The 'self' argument refers to the final version of the attribute set and
'super' refers to the original attribute set.
Note that ...
- Haskell Platform packages always provide the Haddock binary that came with
the compiler.
- Haskell Platform 2009.2.0.2 is broken because of build failures in cgi and
cabal-install.
- Haskell Platform 2010.1.0.0 is broken becasue of build failures in cgi.
Now that both self and super are available to prefFun, we can use self, where appropriate to access late bound versions of most
packages.
When extensions are not used, there is no difference between self and super.
The existing knot-tying code I felt was a bit incoherent with result, finalReturn, self, refering to different various forms of the "haskellPackages" value and often
different forms in the same place.
This commit instills some object-oriented discipline to the construction of hasekllPackages using a small number of fundamental OO concepts:
* An class is a open recursive function of the form (self : fooBody) where fooBody is a set.
* An instance of a class is the fixed point of the class.
This value is sometimes refered to as an object and the values in the resulting set are sometimes refered to as methods.
* A class, foo = self : fooBody, can be extended by an extension which is a function bar = (self : super : barBody) where barBody a set of overrides for fooBody.
The result of a class extension is a new class whose value is self : foo self // bar self (foo self).
The super parameter gives access to the original methods that barBody may be overriding.
This commit turns the haskell-packages value into a "class".
The knot-tying, a.k.a the object instanitation, is moved into haskells-defaults. The "finalReturn" is no longer needed and is eliminated from the body of
haskell-packages. All the work done by prefFun is moved to haskell-defaults, so that parameter is eliminated form haskell-packages. Notice that the old prefFun took
two pameters named "self" and "super", but both parameters got passed the same value "result". There seems to have been some confusion in the old code.
Inside haskell-defaults, the haskell-packages class is extended twice before instantiation. The first extension is done using prefFun argument.
The second extension is done the extension argument, which is a renamed version of extraPrefs.
This two stage approach means that extension's super gets access to the post "perfFun" object while previously the extraPrefs only had access to the pre "prefFun"
object. Also the extension function has access to both the super (post "perfFun") object and to self, the final object. With extraPrefs, one needed to use the
"finalReturn" of the haskell packages to get access to the final object. Due to significant changes in semantics, I thought it best to replace extraPrefs with
extension so that people using extraPrefs know to update thier cod.
Lastly, all the Prefs functions have renamed the "self" parameter to "super". This is because "self" was never actually a self-reference in the object oriented sense
of the word. For example
Cabal_1_18_1_3 = self.Cabal_1_18_1_3.override { deepseq = self.deepseq_1_3_0_2; };
doesn't actually make sense from an object oriented standpoint because, barring further method overriding, the value of Cabal_1_18_1_3 would be trying to override it's
own value which simply causes a loop exception. Thankfully all these uses of self were really uses of super:
Cabal_1_18_1_3 = super.Cabal_1_18_1_3.override { deepseq = super.deepseq_1_3_0_2; };
In this notation the overriden Cabal_1_18_1_3 method calls the Cabal_1_18_1_3 of the super-class, which is a well-founded notion.
Below is an example use of using "extension" parameter
{
packageOverrides = pkgs : {
testHaskellPackages = pkgs.haskellPackages.override {
extension = self : super : {
transformers_0_4_1_0 = self.cabal.mkDerivation (pkgs: {
pname = "transformers";
version = "0.4.1.0";
sha256 = "0jlnz86f87jndv4sifg1zpv5b2g2cxy1x2575x727az6vyaarwwg";
meta = {
description = "Concrete functor and monad transformers";
license = pkgs.stdenv.lib.licenses.bsd3;
platforms = pkgs.ghc.meta.platforms;
maintainers = [ pkgs.stdenv.lib.maintainers.andres ];
};
});
transformers = self.transformers_0_4_1_0;
lensFamilyCore = super.lensFamilyCore.override { transformers = self.transformers_0_3_0_0; };
};
};
};
}
Notice the use of self in the body of the override of the transformers method which references the newly defined transformers_0_4_1_0 method.
With the previous code, one would have to instead akwardly write
transformers = super.finalReturn.transformers_0_4_1_0;
or use a rec clause, which would prevent futher overriding of transformers_0_4_1_0.
This should make it easier to enable proprietary pepper API plugins
though nixpkgs config, so it can be easily installed using something
like:
nix-env -i chromium-stable
With something like:
{ chromium.enablePepperFlash = true; }
In ~/.nixpkgs/config.nix to enable pepper API based Flash and to avoid
the browser wrapper from Firefox entirely.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This is a small wrapper around fetchzip. It allows you to say:
src = fetchGitHub {
owner = "NixOS";
repo = "nix";
rev = "924e19341a5ee488634bc9ce1ea9758ac496afc3"; # or a tag
sha256 = "1ld1jc26wy0smkg63chvdzsppfw6zy1ykf3mmc50hkx397wcbl09";
};
This function downloads and unpacks a file in one fixed-output
derivation. This is primarily useful for dynamically generated zip
files, such as GitHub's /archive URLs, where the unpacked content of
the zip file doesn't change, but the zip file itself may (e.g. due to
minor changes in the compression algorithm, or changes in timestamps).
Fetchzip is implemented by extending fetchurl with a "postFetch" hook
that is executed after the file has been downloaded. This hook can
thus perform arbitrary checks or transformations on the downloaded
file.
COPRTHR is a very excellent little SDK implementing OpenCL and related
tech for regular multicore processors, as well as things like my new
Parallella (along with remote/networked OpenCL compute support).
Signed-off-by: Austin Seipp <aseipp@pobox.com>
allows to write neat expressions like (as we're still generating an
expression string):
```
{
build = haskellPackages.buildLocalCabalWithArgs {
inherit src name;
cabalDrvArgs = {
jailbreak = false;
doCheck = false;
};
};
}
```
without resorting to weird kung-fu like darcs does:
```
darcs = haskellPackages.darcs.override {
# A variant of the Darcs derivation that containts only the
# executable and
# thus has no dependencies on other Haskell packages.
cabal = { mkDerivation = x: rec { final = haskellPackages.cabal.mkDerivation (self: (x final) // {
isLibrary = false;
configureFlags = "-f-library"; }); }.final;
};
};
```
While here, move the `jailbreak = true;` as the default `cabalDrvArgs`
option.
The whole notion of per-compiler HP-compliant environments has failed
anyway and I'll try to get rid of that ASAP, so it feels pointless to
configure that stuff for GHC 7.8.2 to begin with.
These packages come with R, but if we install them as part of this build, then
we cannot update them without re-building R as well. Instead, we add those
packages to the R environment through the r-wrapper. This means that
recommended packages can be updated in cran-packgaes.nix, and those updates
have an effect on the installation without re-building R itself.
This packaging splices off the unfree faac library and forces handbrake
to use the (more recent/patched) versions of libraries in Nixpkgs.
Produces the CLI HandbrakeCLI and optionally the GTK+ version ghb.
Libmkv was started from Handbrake but is now unmaintained upstream.
Patches:
- A01: add constant to header file
- A02: Breaks API: Allow changing output sampling frequency
- P00: Fix accessing large files on Mingw32
'qgis', one of the few 'qwt' dependees in nixpkgs, fails to build with
qwt 6. So I'm not moving the default version away from 5.x. Also, not
changing the default allows easy/safe cherry-picking to the stable
branch.
compiler/simplCore/CoreMonad.lhs:835:10:
Non type-variable argument in the constraint: MonadPlus IO
(Use -XFlexibleContexts to permit this)
In the context: (MonadPlus IO)
While checking an instance declaration
In the instance declaration for `A.Alternative CoreM'
compiler/simplCore/CoreMonad.lhs:841:10:
Non type-variable argument in the constraint: MonadPlus IO
(Use -XFlexibleContexts to permit this)
In the context: (MonadPlus IO)
While checking an instance declaration
In the instance declaration for `MonadPlus CoreM'
By default, we now build all the optional nginx modules, including the
out-of-band ones like moreheaders and rtmp support.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
This also includes support for the verification tools I'm using. Cryptol
2 is still the default obviously.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
Brice Minaud reported a simple attack on the CBEAM Pi permutation
function, resulting in it being withdrawn from CAESAR. :(
Signed-off-by: Austin Seipp <aseipp@pobox.com>
This is just a convenient shorthand so people don't have to spell out
haskellPackages.cryptol
Note that the top-level expression is named 'cryptol2' but the package
isn't. That's because Cryptol is a library and other things could depend
on it (hence the vanilla name), but also the full name will be
disambiguated as 'haskell-cryptol-ghc7.6.3' anyway.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
This comes with several extra libraries, including GraphSCC, monadLib,
presburger, process and smtLib, all required as build dependencies. But
otherwise totally automated via cabal2nix.
Next up is CVC4 (a total pain in the ass to package) for proving/SAT
support.
I have another WIP branch for the unfree 1.x series which I may (or may
not) add later as it has external verification tech at the moment.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
Upstream has not been tagging new versions for a long time, but we need
compatibility with newer kernels. The 0.6.2 versions already have a bunch of
backported compatibility patches, but 3.14 kernels need even more.
Also, the git versions have fixed a bunch of crashes and other bugs, so perhaps
we should just bite the bullet and just use recent git versions (as sometimes
upstream recommends, when people run into bugs).
This adds a new "boot.zfs.useGit" boolean option, so that a user can
easily opt into using the git versions.
Our version of SQLite causes the tests to fail, so I'm hereby adding a
patch from dbsrgits/dbix-class@ed5550d36 with the hunk for the Changes
file dropped.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This includes a lot of fixes for cross-building to Windows and Mac OS X
and could possibly fix things even for non-cross-builds, like for
example OpenSSL on Windows.
The main reason for merging this in 14.04 already is that we already
have runInWindowsVM in master and it doesn't work until we actually
cross-build Cygwin's setup binary as the upstream version is a fast
moving target which gets _overwritten_ on every new release.
Conflicts:
pkgs/top-level/all-packages.nix
This implements some longstanding work of getting the Chromium
derivation more modular. Unfortunately, I didn't manage to decrease the
compile time, which was one of the primary goal for doing the refactor.
A main reason this didn't work out well was the fact that most bundled
libraries are so heavily patched that it's not possible within a limited
time frame to decouple it from the main derivation.
However, it should now be easier to build other derivations that build
upon Chromium, like libcef. Also, it finally adds support for the
non-free PepperAPI Flash and PDF plugins and support for fetching the
corresponding versions through the updater.
The current version of v8 breaks builds of nodejs, mongodb and
rethinkdb. So let's bring back the old package with annoying _3_14
version suffix so hopefully the corresponding maintainers will get rid
of that dependency :-)
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This currently only passes through the arguments and is nothing more
than the foundation of the new structure. In essence, I want to have a
really small default.nix which is then going down into the respective
subparts that are isolated from each other.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This is needed by Chromium and is part of the zlib source tree in
contrib/, so let's propagate the version of zlib and use the same source
tree.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Note that systemd no longer depends on dbus, so we're rid of the
cyclic dependency problem between systemd and dbus.
This commit incorporates from wkennington's systemd branch
(203dcff45002a63f6be75c65f1017021318cc839,
1f842558a95947261ece66f707bfa24faf5a9d88).
This module implements a significant refactoring in grsecurity
configuration for NixOS, making it far more usable by default and much
easier to configure.
- New security.grsecurity NixOS attributes.
- All grsec kernels supported
- Allows default 'auto' grsec configuration, or custom config
- Supports custom kernel options through kernelExtraConfig
- Defaults to high-security - user must choose kernel, server/desktop
mode, and any virtualisation software. That's all.
- kptr_restrict is fixed under grsecurity (it's unwriteable)
- grsecurity patch creation is now significantly abstracted
- only need revision, version, and SHA1
- kernel version requirements are asserted for sanity
- built kernels can have the uname specify the exact grsec version
for development or bug reports. Off by default (requires
`security.grsecurity.config.verboseVersion = true;`)
- grsecurity sysctl support
- By default, disabled.
- For people who enable it, NixOS deploys a 'grsec-lock' systemd
service which runs at startup. You are expected to configure sysctl
through NixOS like you regularly would, which will occur before the
service is started. As a result, changing sysctl settings requires
a reboot.
- New default group: 'grsecurity'
- Root is a member by default
- GRKERNSEC_PROC_GID is implicitly set to the 'grsecurity' GID,
making it possible to easily add users to this group for /proc
access
- AppArmor is now automatically enabled where it wasn't before, despite
implying features.apparmor = true
The most trivial example of enabling grsecurity in your kernel is by
specifying:
security.grsecurity.enable = true;
security.grsecurity.testing = true; # testing 3.13 kernel
security.grsecurity.config.system = "desktop"; # or "server"
This specifies absolutely no virtualisation support. In general, you
probably at least want KVM host support, which is a little more work.
So:
security.grsecurity.enable = true;
security.grsecurity.stable = true; # enable stable 3.2 kernel
security.grsecurity.config = {
system = "server";
priority = "security";
virtualisationConfig = "host";
virtualisationSoftware = "kvm";
hardwareVirtualisation = true;
}
This module has primarily been tested on Hetzner EX40 & VQ7 servers
using NixOps.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
- mark llvm34 as broken on darwin (so it doesn't install by default with nix-env)
- don't use our gcc for llvm_34 (might fix the build)
- switch also clang default to 3.3 on darwin (llvm was before)
