Tests from the bazelTestTargets argument will be run before the build. The new bazelTestFlags argument can be used to pass additional flags to this phase.
The source used to download a particular package still isn't
deterministic in nuget. Even worse, the hash of the package can vary
between sources. This makes nuget use the first enabled source
containing the package.
The order of the dependencies may be slightly different because it now
uses glob order of the lower-case package names and versions, instead of
sorting the output.
If the package actually downloaded was the first source that contains
the package, then it will be hashed from disk to avoid downloading it
again.
On darwin clang driver always sets -D_FORTIFY_SOURCE=0 under asan.
This causes -Werror to trip over macro redefinition:
<command line>:1:9: error: '_FORTIFY_SOURCE' macro redefined [-Werror,-Wmacro-redefined]
#define _FORTIFY_SOURCE 2
^
To avoid it let's always explicitly undefine it first before redefining.
Fixes the problem introduced by 12b3066aae
which caused nixos/release.nix to return the wrong attributes, while
intending to only affect nixos/lib's runTest.
This also removes callTest from the test options, because callTest is
only ever invoked by all-tests.nix.
There are the following issues with the current implementation:
* `fetchurl` with a tarball from GitHub appears to break occasionally
because the tarballs are not necessarily reproducible. Because of
that, `fetchFromGitHub` unpacks the tarball already because the
contents are actually reproducible in contrast to the tarball. To have
the same behavior here, we use `fetchzip` now (and `applyPatches` on
top to apply additional patches if needed).
* Fixes the way how patches are applied. Previously, when having patches
for a git checkout of the app, these wouldn't apply because the
`appname-version` prefix is missing.
* Because all old hashes are broken with this, I added an evaluation
check that breaks evaluation when using the old API (i.e. with
`name`/`version` which are not needed anymore).
This breaks the builder when a nix-shell or keepBuildTree is used. The
issue occurs because paths to cargo lockfiles are read with NIX_BUILD_TOP,
which is not reliable.
This breaks a nix-shell because NIX_BUILD_TOP simply is not set, causing
an invalid path to be used. This can be worked around using
NIX_BUILD_TOP=$PWD, but that obviously is not great.
This breaks keepBuildTree because it changes the working directory to a
different path than NIX_BUILD_TOP. Since the lockfiles are copied based
on the working directory, but read based on NIX_BUILD_TOP, this causes
the hook to not be able to find them.
This was solved by both reading these files based on the working directory,
using absolute paths to avoid having to traverse back in the directory tree.
Fixes: #138554
see https://systemd.io/PORTABLE_SERVICES/ about the definition of
portable services. this tooling is analogous to the `pkgs.dockerTools.buildImage`
tooling and is called `pkgs.portableService`.
systemd (since version 239) supports a concept of “Portable Services”.
“Portable Services” are a delivery method for system services that uses
two specific features of container management:
* Applications are bundled. I.e. multiple services, their binaries and all
their dependencies are packaged in an image, and are run directly from it.
* Stricter default security policies, i.e. sandboxing of applications.
The primary tool for interacting with Portable Services is portablectl,
and they are managed by the systemd-portabled service.
This function will create a squashfs raw image in `result/$pname_$version.raw`
that has the required files by the portable services spec, and all the
dependencies for the running program in the nix store.
There is context here that I needed when resolving an issue in which
libc was added to NIX_CFLAGS_COMPILE before the C++ stdlib that took
me awhile to understand.
It was suggested to me that this context be included as a comment,
since it is not obvious and could help others in the future.
Previously we had an assert that would complain when nugetDeps wasnt set,
which also didnt allow any passthru attributes (like fetch-deps) to be
build. That causes a cycle where you need nugetDeps to fetch the nuget
deps, but arent able to build the script to do so.
For example, this script doesn't work for `xivlauncher` because its
proper `pname` is `XIVLauncher`, and `mktemp` complains about "too few
X's":
$ mktemp -td "XXXXXX-XIVLauncher-home"
mktemp: too few X's in template ‘XXXXXX-XIVLauncher-home’
vs
$ mktemp -td "XIVLauncher-home-XXXXXX"
/tmp/XIVLauncher-home-EdGMei
This makes buildDotnetModule restore nuget dependencies for the
platforms set in meta.platforms. This should help with generating
lockfiles for platforms other than the host machine.
Co-authored-by: mdarocha <git@mdarocha.pl>
Rust binaries are unconditionally linked to libiconv on Darwin (see https://github.com/rust-lang/libc/issues/2870). We already add it as a dependency in `buildRustPackage`, so let's go a step further and propagate it.
`overrideCoqDerivation` allows end-users the ability to easily override
arguments to the underlying call to `mkCoqDerivation` for a given Coq
library.
This is similar to `haskell.lib.overrideCabal` for Haskell packages and
`.overridePythonAttrs` for Python packges.
The check script needs to run at build time. Add a new argument to
makePythonWriter for the appropriate buildPackages version of pythonPackages,
and use this to run the check script.
Nix counts any occurrence of a store path's *hash* as a reference, even
without a store directory prefix. The current version only kills
references of the form `/nix/store/<hash>-`, which can fail e.g. for
compressed files.