Update openshift client from 4.1 (almost three years old) to latest version.
Note that the upstream repository for the `oc` CLI tool has been changed
to a `openshift/oc`.
I also tried to simplify the derivation by using buildGoModule and
removing some unnecessary environment variables. Also added man
pages, a passthru test and added myself as a maintainer.
At some point, I'd like to make another attempt at
71f1f4884b ("openssl: stop static binaries referencing libs"), which
was reverted in 195c7da07d. One problem with my previous attempt is
that I moved OpenSSL's libraries to a lib output, but many dependent
packages were hardcoding the out output as the location of the
libraries. This patch fixes every such case I could find in the tree.
It won't have any effect immediately, but will mean these packages
will automatically use an OpenSSL lib output if it is reintroduced in
future.
This patch should cause very few rebuilds, because it shouldn't make
any change at all to most packages I'm touching. The few rebuilds
that are introduced come from when I've changed a package builder not
to use variable names like openssl.out in scripts / substitution
patterns, which would be confusing since they don't hardcode the
output any more.
I started by making the following global replacements:
${pkgs.openssl.out}/lib -> ${lib.getLib pkgs.openssl}/lib
${openssl.out}/lib -> ${lib.getLib openssl}/lib
Then I removed the ".out" suffix when part of the argument to
lib.makeLibraryPath, since that function uses lib.getLib internally.
Then I fixed up cases where openssl was part of the -L flag to the
compiler/linker, since that unambigously is referring to libraries.
Then I manually investigated and fixed the following packages:
- pycurl
- citrix-workspace
- ppp
- wraith
- unbound
- gambit
- acl2
I'm reasonably confindent in my fixes for all of them.
For acl2, since the openssl library paths are manually provided above
anyway, I don't think openssl is required separately as a build input
at all. Removing it doesn't make a difference to the output size, the
file list, or the closure.
I've tested evaluation with the OfBorg meta checks, to protect against
introducing evaluation failures.
Firefox uses a sandboxing model that only allows access to paths that
were previously explicitly granted. We can only add granular permissions
to a specific sandbox by patching, because setting LD_LIBRARY_PATH would
affect all of them.
To use hardware decoding via VA-API with Firefox 98.0.2 one needs to
head to `about:config` and enable `media.ffmpeg.vaapi.enabled`.
Closes: #157061
Both LTO and PGO require the use of clang so I think its easier to just
stick with clang for all builds, so PGO and LTO could in theory be used
without each other.
Lo and behold, we're finally catching up with Mozillas very own firefox
build in terms of speed.
PGO is an optimization technique in which in a first step we create a
build that supports instrumentation, meaning we can use it to create a
profile of how the browser behaved during usage. Then in a second pass
we create the final build that uses the acquired profiling data to
optimize the browser for the workload it actually received during
profiling.
The downside is that with PGO we now need to build Firefox twice, which
increases the build time from around 20 minutes to roughly 50 minutes.
In the Speedometer 2.0 benchmark multiple tests could see a
responsiveness improvemeant around 20-25%, which makes the increased
build time well worth it.
Sadly this benefit seems limited to x86_64-linux, builds on
aarch64-linux get stuck during profiling and I haven't found out why.
Finally, after a long time, we can say:
Closes: #76484
Supersedes: #129503
In #109133 @alyssais discovered that the drmSupport flag stopped
working. This is because Mozilla decided around Firefox 51
(mozbz#1289634) to swap the default values and our flag was asking for
the wrong thing all along.
Since this flag has now been enabled for multiple years, disabling it
would mean a regression for our users. Leaving it enabled should be
unproblematic since it only controls whether Firefox shows the EME nagbar,
that allows to enable Widevine CDM, when a site requests it. The choice is
therefore completely up to the enduser.
Disabling this nagbar is still possible at runtime by setting
`browser.eme.ui.enabled` to `false`. If Widevine CDM was inadvertently
enabled it can be disabled at `media.gmp-widevinecdm.enabled`.
Supersedes: #109133
This commit exposes that support for compilation without systemd,
controlled by the global systemdSupport argument. This argument is
understood by many other nixpkgs expressions and can be set globally
in ~/.config/nixpkgs/config.nix.