Joachim Fasting
d4d7bfe07b
grsecurity: add option to disable chroot caps restriction
...
The chroot caps restriction disallows chroot'ed processes from running
any command that requires `CAP_SYS_ADMIN`, breaking `nixos-rebuild`. See
e.g., https://github.com/NixOS/nixpkgs/issues/15293
This significantly weakens chroot protections, but to break
nixos-rebuild out of the box is too severe.
2016-05-10 16:17:08 +02:00
Eelco Dolstra
cb37ab146b
Add mirror://mozilla scheme
2016-05-09 19:37:22 +02:00
Vladimír Čunát
65a9fa8cdc
Merge branch 'master' into staging
2016-05-08 21:24:48 +02:00
zimbatm
4ba7767d91
Merge pull request #14722 from puffnfresh/bug/dockertools-postmount
...
dockerTools: only add "/nix" if it exists
2016-05-06 17:40:23 +01:00
Joachim Fasting
50d915c758
grsecurity: optionally disable features for redistributed kernels
2016-05-06 16:37:25 +02:00
Vladimír Čunát
1dc36904d8
Merge #14920 : windows improvements, mainly mingw
2016-05-05 08:30:19 +02:00
Vladimír Čunát
7a005601d4
Merge branch 'master' to resolve conflicts
2016-05-05 08:25:38 +02:00
Vladimír Čunát
2cbb7bf9d1
cc-wrapper: add -B flag with cc.lib
...
This fixes `gcc --print-file-name=libstdc++.so`
and thus it should fix #14967 .
2016-05-04 14:23:54 +02:00
Peter Simons
397c75aeb4
Revert "Just strip everything by default"
...
This reverts commit 2362891dc8
. The patch
is broken. :-(
2016-05-04 13:40:53 +02:00
Joachim Fasting
da767356f2
grsecurity: support disabling TCP simultaneous connect
...
Defaults to OFF because disabling TCP simultaneous connect breaks some
legitimate use cases, notably WebRTC [1], but it's nice to provide the
option for deployments where those features are unneeded anyway.
This is an alternative to https://github.com/NixOS/nixpkgs/pull/4937
[1]: http://article.gmane.org/gmane.linux.documentation/9425
2016-05-04 03:53:24 +02:00
Tuomas Tynkkynen
aadaa91379
Merge remote-tracking branch 'upstream/master' into staging
...
Conflicts:
pkgs/applications/networking/browsers/vivaldi/default.nix
pkgs/misc/emulators/wine/base.nix
2016-05-03 23:12:48 +03:00
Guillaume Maudoux
2362891dc8
Just strip everything by default
...
Run strip of each file and discard expected failure types.
Also default to stripping the entire output.
2016-05-03 11:04:34 +02:00
Joachim Fasting
39db90eaf6
grsecurity: simplify preConfigure
2016-05-02 11:28:06 +02:00
Joachim Fasting
a69501a936
grsecurity: ensure that PaX ELF markings are enabled
...
The upstream default is to enable only xattr markings, breaking the
paxmarks facility.
2016-05-02 11:28:06 +02:00
Maxim Ivanov
dea920bfdc
Remove obsolete scatter output hook
...
There are no users of it in main tree and recent merge
of multiple outputs branch makes it obsolete for private trees
too.
At the time hook was created, recently merged multiple output
branch was relying on passing flags to autotools to split
outputs, which obviously wasn't working for other build systems
Scatter output was taking different approach where files were
moved out from a build tree based on known paths, which is more
or less what current multiple-outputs.sh hook is able to do too.
2016-04-30 22:05:33 +01:00
Domen Kožar
8a3b70791c
vmTools.diskImages: add ubuntu 16.04
2016-04-29 11:50:27 +01:00
Tuomas Tynkkynen
4ff8f377af
Merge remote-tracking branch 'upstream/master' into staging
2016-04-28 00:13:53 +03:00
Nikolay Amiantov
f6eb686222
Merge pull request #15002 from abbradar/symlink-join-wrappers
...
Use symlinkJoin for wrappers
2016-04-26 16:47:43 +04:00
Frederik Rietdijk
d5e6a4494a
Python: use PyPI mirror ( #15001 )
...
* mirrors: add pypi
* Python: Use pypi mirror for all PyPI packages
2016-04-26 13:38:03 +01:00
Nikolay Amiantov
dfe608c8a2
symlinkJoin: accept set as an argument with additional options
2016-04-26 15:37:42 +03:00
Nikolay Amiantov
62616ec5e2
Merge commit 'refs/pull/14907/head' of git://github.com/NixOS/nixpkgs into staging
2016-04-25 18:02:47 +03:00
Nikolay Amiantov
5e85760ff1
Merge commit 'refs/pull/14909/head' of git://github.com/NixOS/nixpkgs into staging
2016-04-25 18:02:32 +03:00
Nikolay Amiantov
5f19542581
Merge commit 'refs/pull/14694/head' of git://github.com/NixOS/nixpkgs into staging
2016-04-25 18:02:23 +03:00
Nikolay Amiantov
69a072484d
gcc-wrapper-old: fix binutils and coreutils' paths
2016-04-25 14:27:51 +03:00
jraygauthier
ddc401ed0a
icon-conv-tools: init at 0.0.0 ( #13905 )
...
A nix specific set of tools for converting icon files
that are not in a freedesktop ready format.
I plan on using these tools for both `keepass` and
`retroarch` packages. It may benifit many other packages.
2016-04-25 13:16:47 +02:00
Nikolay Amiantov
5ff40ddedf
add get* helper functions and mass-replace manual outputs search with them
2016-04-25 13:24:39 +03:00
Profpatsch
a2d38bc7fc
doc/stdenv.xml document substitution env variables
...
The filtering of environment variables that start with an uppercase
letter is documented in the manual.
2016-04-23 21:41:35 +02:00
Tuomas Tynkkynen
bd18cc3cdc
Merge pull request #14888 from dezgeg/pr-kill-module-init-tools
...
Delete all usages of module_init_tools and remove the package
2016-04-23 14:29:41 +03:00
Vladimír Čunát
6e7787e666
stdenv for windows: auto-link dependency DLLs
...
For every *.{exe,dll} in $output/bin/ we try to find all (potential)
transitive dependencies and symlink those DLLs into $output/bin
so they are found on invocation.
(DLLs are first searched in the directory of the running exe file.)
The links are relative, so relocating whole /nix/store won't break them.
The hook is activated on cygwin and when cross-compiling to mingw.
2016-04-23 10:52:00 +02:00
Guido Zgraggen
6ea0ae58af
nix-prefetch-git: create parent directories
2016-04-22 16:51:49 -07:00
Tuomas Tynkkynen
01854a850a
treewide: Replace module_init_tools -> kmod
...
The former is deprecated and doesn't handle compressed kernel modules,
so all current usages of it are broken.
2016-04-22 10:40:57 +03:00
Vladimír Čunát
57474b7d4a
Merge branch 'master' into staging
...
Compare to Hydra nixpkgs job 1260021.
2016-04-20 16:49:52 +02:00
Vladimír Čunát
f6dfbb692c
stdenv multiple-outputs: fix cross-build propagation
...
Fixes #14817 . The outputs weren't propagated correctly when
cross-building.
2016-04-20 16:37:23 +02:00
Vladimír Čunát
9f8751528c
stdenv multiple-outputs: fix #14782 --docdir location
...
- the default --docdir is typically DATAROOTDIR/doc/pkgName
- I saw no other way than to employ some magic to guess this `pkgName`
- user can override it by setting $shareDocName
2016-04-20 16:36:10 +02:00
Eelco Dolstra
21a2f2ba3b
nix: Add a "dev" output
...
This gets rid of boehm-dev in the closure (as well as Nix's own
headers).
2016-04-18 21:13:18 +02:00
Vladimír Čunát
f57c6449dc
buildEnv: fix #14682 evaluation in some edge cases
...
I supplied meta.outputsToInstall automatically in all
mkDerivation products, but some packages still don't use it.
The reported case: jekyll -> bundlerEnv -> buildEnv -> runCommand.
2016-04-17 08:57:17 +02:00
Marius Bakke
d534e38d58
makeWrapper: allow special characters in variable contents
2016-04-16 02:58:02 +01:00
Brian McKenna
0167b61ef4
dockerTools: only add "/nix" if it exists
...
The /nix path in 4d200538
of the layer tar didn't exist for some
packages, such as cacert. This is because cacert just creates an /etc
directory and doesn't depend on any other /nix paths. If we tried
putting this directory in the tar and using overlayfs with it, we'd get
"Invalid argument" when trying to remove the directory.
We now check whether the closure is non-empty before telling tar to
store the /nix directory.
Fixes #14710 .
2016-04-16 01:16:49 +10:00
Brian McKenna
bc2f314f73
dockerTools: make tars deterministic
...
There were two sources of non-determinisim coming into the images. The
first was tar mtimes, the second was pigz/gzip times.
An example image now passes with the --check flag.
2016-04-15 09:29:15 +10:00
Domen Kožar
0f9268e52c
fetchurl: assert required Nix version for sha512
2016-04-14 12:50:21 +01:00
Luca Bruno
44d651485a
dockerTools: fix difference between base files and layer files
2016-04-14 12:23:49 +02:00
Luca Bruno
4d200538c2
dockerTools: fix /nix/store permissions
2016-04-14 12:23:48 +02:00
Luca Bruno
6d8845ed8f
Merge pull request #14588 from puffnfresh/bug/remove-docker-tarballs
...
dockerTools: remove "tarballs" attribute
2016-04-13 21:01:01 +02:00
Eelco Dolstra
3ecbe604ef
fetchurl: Support SHA-512 hashes
2016-04-13 14:11:14 +02:00
Nikolay Amiantov
d0fd551876
buildFHSEnv: post-closure-size fix
2016-04-13 14:28:33 +03:00
Nikolay Amiantov
5c38c36472
Merge pull request #14650 from hrdinka/fhs-chroot/pkg-path
...
build-fhs-chrootenv: set PKG_CONFIG_PATH
2016-04-13 14:24:09 +04:00
Christoph Hrdinka
54fa4c4cec
build-fhs-chrootenv: set PKG_CONFIG_PATH
...
Currently `PKG_CONFIG_PATH` isn't set in FHS chroots rendering `pkg-config`
unusable. This patch sets it to `/usr/lib/pkgconfig`.
2016-04-13 11:06:33 +02:00
Vladimír Čunát
39ebb01d6e
Merge branch 'staging', containing closure-size #7701
2016-04-13 09:25:28 +02:00
Joachim Fasting
27035365ec
build-support/grsecurity: simplify the grsecurityOverrider
...
Adding inputs required by gcc plugins to the ambient environment is sufficient.
2016-04-12 01:23:32 +02:00
Brian McKenna
d150fe8915
dockerTools: use pigz for final image tar
...
Saves a few seconds on large images.
2016-04-11 16:32:47 +10:00
Brian McKenna
ebb911cc0b
dockerTools: remove tarballs functionality
...
I think the intention of this functionality was to provide a simple
alternative to the "runAsRoot" and "contents" attributes.
The implementation caused very slow builds of Docker images. Almost all
of the build time was spent in IO for tar, due to tarballs being
created, immediately extracted, then recreated. I had 30 minute builds
on some of my images which are now down to less than 2 minutes. A couple
of other users on #nix IRC have observed similar improvements.
The implementation also mutated the produced Docker layers without
changing their hashes. Using non-empty tarballs would produce images
which got cached incorrectly in Docker.
I have a commit which just fixes the performance problem but I opted to
completely remove the tarball feature after I found out that it didn't
correctly implement the Docker Image Specification due to the broken
hashing.
2016-04-11 16:32:43 +10:00
Vladimír Čunát
30f14243c3
Merge branch 'master' into closure-size
...
Comparison to master evaluations on Hydra:
- 1255515 for nixos
- 1255502 for nixpkgs
2016-04-10 11:17:52 +02:00
Vladimír Čunát
710573ce6d
Merge #12653 : rework default outputs
2016-04-07 16:00:09 +02:00
Vladimír Čunát
9a824f2f1d
treewide: rename extraOutputs{ToLink,ToInstall}
...
This is to get more consistent with `meta.outputsToInstall`.
2016-04-07 15:59:44 +02:00
Vladimír Čunát
2995439003
buildEnv: respect meta.outputsToInstall
...
As a result `systemPackages` now also respect it.
Only nix-env remains and that has a PR filed:
https://github.com/NixOS/nix/pull/815
2016-04-07 15:59:44 +02:00
Vladimír Čunát
d1df28f8e5
Merge 'staging' into closure-size
...
This is mainly to get the update of bootstrap tools.
Otherwise there were mysterious segfaults:
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-203389817
2016-04-07 14:40:51 +02:00
Tuomas Tynkkynen
6b42f9f4be
Merge commit 'bde820' from staging
...
http://hydra.nixos.org/eval/1252653 - only ~9400 packages to go at the
time of writing this.
2016-04-06 01:18:28 +03:00
Vladimír Čunát
aa670eb503
vmTools: update debian jessie 8.3 -> 8.4
...
Their in-place updates break download hashes...
2016-04-05 14:32:04 +02:00
Nikolay Amiantov
88c97e2860
Merge pull request #14413 from abbradar/steam-run
...
steam-run: add derivation
2016-04-04 18:04:45 +04:00
Samuel Rivas
f1b0d6410e
emacsWithPackages: reduce some duplication
2016-04-03 21:21:50 +02:00
Samuel Rivas
2b199537b7
emacsWithPackages: move bin and site-lisp to private share directory
...
This is to avoid unwanted side effects when installing a wrapped emacs in the environment:
* All executables in the dependencies become available in the user environment
* All site-lisp binaries in the dependencies become accessible to unwrapped emacs
Also, both bin and site-lisp would generate conflicts so installing a wrapped emacs becomes really cumbersome
2016-04-03 21:11:38 +02:00
Nikolay Amiantov
375c410d07
userFHSEnv: add passthru, rename meta
2016-04-03 04:19:58 +03:00
Tomasz Kontusz
6c9ce23c00
cc-wrapper: Fix a typo in param parsing ( close #14401 )
2016-04-02 20:51:48 +02:00
Eelco Dolstra
13a1c7b8c1
useOldCXXAbi: Change into a setup hook
...
Stdenv adapters considered weird.
2016-04-01 13:36:59 +02:00
Lluís Batlle i Rossell
635c99ce87
vm: allow overriding QEMU_OPTS / memSize for images.
...
It's nice to be able to create disk images with -smp 4
in qemu.
2016-04-01 10:32:59 +02:00
Vladimír Čunát
ab15a62c68
Merge branch 'master' into closure-size
...
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Lluís Batlle i Rossell
ab93f8c137
Making vm's qemu cache=unsafe. Faster.
...
I don't think it's unsafe, if it's meant for nix expressions.
2016-03-31 09:27:25 +02:00
Lluís Batlle i Rossell
e21dd19168
Making vm's interactive shell handle the terminal well.
2016-03-31 09:27:14 +02:00
Nikolay Amiantov
a5322efd95
Revert "Remove PATH assumption from fhs-userenv."
...
This reverts commit 2f26b82411
.
This breaks terminfo in Bash for some reason (i.e. TAB and other
special keys).
2016-03-29 17:58:07 +03:00
Rodney Lorrimar
457eddd18f
bower2nix: 2.1.0 -> 3.0.1
...
1. Update bower2nix version and add new/updated dependencies into
node-packages-generated.nix. This was done manually, with npm2nix
generating the initial set of derivations. In future, it would be
nice to have an automatic process (see #10358 , #9332 ).
2. Add an override to nodePackages.bower2nix wrapping the commands so
that git is on the PATH.
3. Update fetchbower to support new command-line options of bower2nix,
and to allow github URL tag versions.
2016-03-28 08:23:06 +01:00
Domen Kožar
b07e7bfc7b
Merge remote-tracking branch 'origin/staging'
2016-03-27 13:19:04 +01:00
Joachim Fasting
304c4a514e
grsecurity: fix gcc plugin
...
Also needs mpfr and libmpc
2016-03-26 21:01:21 +01:00
Nicolas B. Pierron
5d6a4a6fa9
Merge pull request #14000 from nbp/fix-extend
...
Use fix and extends functions for all-packages.nix
2016-03-24 20:54:20 +01:00
Nikolay Amiantov
119c287c71
cc-wrapper: use Bash arrays properly
2016-03-24 21:13:11 +03:00
Nikolay Amiantov
0c6db0ca48
cc-wrapper: add option to skip flags for native optimizations
2016-03-24 20:16:17 +03:00
Eelco Dolstra
89693e71b9
Merge pull request #13907 from abbradar/cpp-wrapper
...
cc-wrapper: add C++-specific paths if `-x cpp` is passed
2016-03-24 18:12:04 +01:00
zimbatm
40e9dff04a
nix-prefetch-git: fix url_to_name heuristic
...
The function wasn't checking that *all* of the characters where
[a-z0-9]. Fixes #13921
2016-03-23 11:22:51 +00:00
Ryan Trinkle
be30ba8e0e
nix-prefetch-scripts: make nix-prefetch-git report fetchSubmodules in its JSON output
...
Previously, nix-prefetch-git would report the same JSON whether submodules were being fetched or not; with this change, the --fetch-submodules option will cause the JSON output to include "fetchSubmodules": true, so that fetchgit (builtins.fromJSON (builtins.readFile ./path/to/output.json)) will work.
2016-03-21 23:26:18 -04:00
Nicolas B. Pierron
5cdaa7b907
Remove all-packages.nix helperFunctions dependency.
2016-03-20 16:41:20 +00:00
zimbatm
ae487615a6
nix-prefetch-git: fix url_to_name heuristic
...
The function wasn't checking that *all* of the characters where
[a-z0-9]. Fixes #13921
2016-03-18 21:58:52 +00:00
Sander van der Burg
27e23486bb
fetchbower: quote parameter to prevent ambigious redirects if version specifiers have wildcards
2016-03-18 12:06:01 +00:00
Peter Simons
af81505c00
wrap-gapps-hook.sh: fix double inclusion guard
...
The simple "return" would not override the non-zero error code set by the
preceding test command, therefore aborting scripts running with "set -e".
2016-03-18 07:52:36 +01:00
Nikolay Amiantov
11b69246e0
Merge pull request #13938 from abbradar/fhs-gcc-paths
...
buildFHSEnv: add standard paths for compilers
2016-03-16 15:44:34 +03:00
Nikolay Amiantov
9488fee869
buildFHSEnv: add standard paths for compilers
2016-03-15 19:44:42 +03:00
zimbatm
9504992e1d
Merge pull request #13897 from nbp/fix-ocaml-pkgs-platform
...
Ensure that we can evaluate the platform attribute of ocaml packages.
2016-03-14 19:25:40 +00:00
Vladimír Čunát
d6b46ecb30
Merge branch 'closure-size' into p/default-outputs
2016-03-14 11:27:15 +01:00
Nikolay Amiantov
87607af7a1
cc-wrapper: add C++-specific paths if -x c++
is passed
2016-03-14 06:58:18 +03:00
Nicolas B. Pierron
72c6f8a140
Ensure that we can evaluate the platform attribute of ocaml packages.
2016-03-13 19:08:26 +00:00
Nicolas B. Pierron
6313a5698a
Replace references to all-packages.nix, by references to the top-level of nixpkgs repository.
2016-03-13 18:25:52 +00:00
Vladimír Čunát
ab0bc1ecaf
symlinkJoin: preferLocalBuild && !allowSubstitutes
2016-03-11 15:59:18 +01:00
Eelco Dolstra
2af1cb3aa6
Merge remote-tracking branch 'origin/binutils-2.26' into staging
...
This still breaks a few packages, but nothing really major:
http://hydra.nixos.org/eval/1241850?filter=x86_64-linux&compare=1237919&full=#tabs-now-fail
2016-03-11 11:58:49 +01:00
Vladimír Čunát
09af15654f
Merge master into closure-size
...
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Franz Pletz
eb5a897161
Merge remote-tracking branch 'origin/pr/13505'
...
Fixes #13505 .
2016-03-08 01:01:44 +01:00
zimbatm
5e5494a852
make-wrapper.sh: add an --unset argument
...
`--set FOO ""` is not strictly equivalent to `--unset FOO`. In the former case
the environment variable still exists with an empty string as a value.
2016-03-06 22:48:14 +00:00
Profpatsch
82fa1a796b
lib/copyPathToStore: annotate docstring
2016-03-01 15:26:35 +01:00
zimbatm
0d2e437fc9
Merge pull request #13584 from zimbatm/nix-prefetch-git-json
...
nix-prefetch-git: change the default output to JSON
2016-03-01 10:07:00 +00:00
Lluís Batlle i Rossell
202ebf794c
vm/rpm/rpm-closure.pl: make it deterministic
...
Some recent perl version introduced "keys" to return the keys
in random order. As some of the packages are solved by "provides" and
based on the order, this randomness affects what packages get into the
closure.
This problem may be in other nix perl scripts.
2016-03-01 11:02:42 +01:00
zimbatm
90de261f33
nix-prefetch-git: change the default output to JSON
...
As discussed on the mailing list. The nix output was short-lived so it's
probably okay to change it.
2016-02-29 22:47:16 +00:00
Luca Bruno
5f8311775c
chromium: add StartupWMClass to desktop file. Fixes #12433
2016-02-29 20:42:58 +01:00
zimbatm
6d9cc54089
build-maven: use lib.importJSON
2016-02-29 13:49:29 +00:00