1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-25 03:17:13 +00:00
Commit graph

158682 commits

Author SHA1 Message Date
aszlig c64624b843
autoPatchelfHook: Correctly detect PIE binaries
I originally thought it would just be enough to just check for an INTERP
section in isExecutable, however this would mean that we don't detect
statically linked ELF files, which would break our recent improvement to
gracefully handle those.

In theory, we are only interested in ELF files that have an INTERP
section, so checking for INTERP would be enough. Unfortunately the
isExecutable function is already used outside of autoPatchelfHook, so we
can't easily get rid of it now, so let's actually strive for more
correctness and make isExecutable actually match ELF files that are
executable.

So what we're doing instead now is to check whether either the ELF type
is EXEC *or* we have an INTERP section and if one of them is true we
should have an ELF executable, even if it's statically linked.

Along the way I also set LANG=C for the invocations of readelf, just to
be sure we don't get locale-dependent output.

Tested this with the following command (which contains almost[1] all the
packages using autoPatchelfHook), checking whether we run into any
library-related errors:

  nix-build -E 'with import ./. { config.allowUnfree = true; };
    runCommand "test-executables" {
      drvs = [
        anydesk cups-kyodialog3 elasticsearch franz gurobi
        masterpdfeditor oracle-instantclient powershell reaper
        sourcetrail teamviewer unixODBCDrivers.msodbcsql17 virtlyst
        vk-messenger wavebox zoom-us
      ];
    } ("for i in $drvs; do for b in $i/bin/*; do " +
       "[ -x \"$b\" ] && timeout 10 \"$b\" || :; done; done")
  '

Apart from testing against library-related errors I also compared the
resulting store paths against the ones prior to this commit. Only
anydesk and virtlyst had the same as they didn't have self-references,
everything else differed only because of self-references, except
elasticsearch, which had the following PIE binaries:

  * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/autoconfig
  * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/autodetect
  * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/categorize
  * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/controller
  * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/normalize

These binaries were now patched, which is what this commit is all about.

[1]: I didn't include the "maxx" package (MaXX Interactive Desktop)
     because the upstream URLs are no longer existing and I couldn't
     find them elsewhere on the web.

Signed-off-by: aszlig <aszlig@nix.build>
Fixes: https://github.com/NixOS/nixpkgs/issues/48330
Cc: @gnidorah (for MaXX Interactive Desktop)
2018-11-03 08:07:42 +01:00
Matthew Bauer 370ce8fcd3 stage.nix: throw error on incorrect pkgsi686Linux usage
pkgsi686Linux now throws an error with a message as opposed to the
previous assertion.
2018-11-03 00:58:58 -05:00
Matthew Bauer 4a8fc5b9aa treewide: remove pkgs_i686
This was getting evaluated eagerly causing assertion failures in
aarch64 systems. We can replace usages of pkgs_i686 with
pkgs.pkgsi686Linux.
2018-11-03 00:56:39 -05:00
Matthew Bauer b3ab4d1f8e Revert "Revert "stage.nix: pkgsi686Linux only works on x86 family""
This reverts commit 08b5cffe87.
2018-11-03 00:52:14 -05:00
Matthew Bauer 08b5cffe87 Revert "stage.nix: pkgsi686Linux only works on x86 family"
This reverts commit 78ca6d885f.

Broke eval on aarch64
2018-11-03 00:47:39 -05:00
Wael M. Nasreddine e09e5297d3
vim-plugins: vim-go: provide the binaries required for the plugin to be functional 2018-11-02 22:04:44 -07:00
Wael M. Nasreddine e2355c6973
iferr: init unstable at 2018-06-15 2018-11-02 22:04:44 -07:00
Wael M. Nasreddine fce50a7880
impl: init unstable at 2018-02-27 2018-11-02 22:04:44 -07:00
Wael M. Nasreddine 6a09bfc8bc
gometalinter: init at 2.0.11 2018-11-02 22:04:44 -07:00
Wael M. Nasreddine a1faa70368
gosec: init at 1.1.0 2018-11-02 22:04:43 -07:00
Wael M. Nasreddine cfa5c7f896
maligned: init unstable at 2018-07-07 2018-11-02 22:04:43 -07:00
Wael M. Nasreddine ed31a46727
interfacer: init at unstable 2018-08-31 2018-11-02 22:04:43 -07:00
Wael M. Nasreddine 1efe4d9005
gocyclo: init unstable at 2015-02-08 2018-11-02 22:04:43 -07:00
Wael M. Nasreddine f10fcf202b
go-check: init unstable at 2018-09-12 2018-11-02 22:04:43 -07:00
Wael M. Nasreddine fe83c5c3f5
goconst: init at 1.1.0 2018-11-02 22:04:42 -07:00
Wael M. Nasreddine 63d9863394
unconvert: init at unstable 2018-07-03 2018-11-02 22:04:42 -07:00
Wael M. Nasreddine df46a94d8b
ineffassign: init at unstable 2018-09-09 2018-11-02 22:04:38 -07:00
Wael M. Nasreddine d225933b4e
go-tools: init at 2017.2.2 2018-11-02 21:58:09 -07:00
Wael M. Nasreddine 9795ad34dd
deadcode: init at unstable 2016-07-24 2018-11-02 21:58:09 -07:00
Wael M. Nasreddine f5e4939277
gogetdoc: init at unstable 2018-10-25 2018-11-02 21:58:09 -07:00
Wael M. Nasreddine f6e78e49fa
reftools: init at unstable 2018-09-14 2018-11-02 21:58:09 -07:00
Wael M. Nasreddine 6d7413e54a
errcheck: init at 1.1.0 2018-11-02 21:58:08 -07:00
Wael M. Nasreddine 126e64e658
asmfmt: init at 1.1 2018-11-02 21:58:08 -07:00
Jörg Thalheim 5ea21ad32a
Merge pull request #49629 from marsam/feature/fixes-pyre
pyre: 0.0.14 -> 0.0.17
2018-11-03 02:32:16 +00:00
Matthew Bauer 78ca6d885f stage.nix: pkgsi686Linux only works on x86 family
aarch64 cpus are going to break on pkgsi686Linux packages.

See this error:

https://hydra.nixos.org/build/82962379/
2018-11-02 21:24:55 -05:00
Matthew Bauer e9db1e2917 grpc: disable werror for unknown warning option
This seems silly to do an error for. It breaks clang builds.
2018-11-02 21:24:55 -05:00
Matthew Bauer 3085f5fcb8 libobjc2: mark aarch64 as bad platform
Apparently some assembly has not been ported. This commit should fix
it:

b952a21abe (diff-e49aa4e60f8ccec1be46afc5e6ffcee5)

But no release has been made by the gnustep team yet!
2018-11-02 21:24:55 -05:00
Matthew Bauer 8bae7d328e
gsasl: disable check on darwin 2018-11-02 20:41:38 -05:00
Matthew Bauer 0923607ff7
gemrb: add libiconv
https://hydra.nixos.org/build/83508053/
2018-11-02 20:39:40 -05:00
Matthew Bauer 7f4b26681d
Merge pull request #49417 from matthewbauer/disallow-native-build-inputs
Disallow references to nativeBuildInputs
2018-11-02 20:26:48 -05:00
Will Dietz 7959f77fad bup: 0.29.1 -> 0.29.2
https://github.com/bup/bup/blob/master/note/0.29.2-from-0.29.1.md
2018-11-02 20:10:03 -05:00
Florian Klink 9e491f732a gitlab: 11.4.3 -> 11.4.4
SSRF in Kubernetes integration
The GitLab Kubernetes integration was vulnerable to a SSRF issue which could allow an attacker to make requests to access any internal URLs. The issue is now mitigated in the latest release and is assigned CVE-2018-18843.
2018-11-03 01:49:49 +01:00
Florian Klink 93f8ff68ea
Merge pull request #49658 from mayflower/gitlab-refactor
gitlab: refactor and fix test
2018-11-03 01:49:23 +01:00
Matthew Bauer 8dbfb61e46 make-derivation: add disallowedReferences in strictDeps
When strictDeps = true, we don’t want native build inputs to end up in
the output. For instance gcc is a builtin native build input and
should only show up in an output if it is also listed in buildInputs.

/cc @ericson2314
2018-11-02 19:31:51 -05:00
Jörg Thalheim 469cce069b
Merge pull request #49661 from dywedir/bat
bat: fix build on darwin
2018-11-03 00:22:22 +00:00
Matthew Bauer 791e98eb90
Add myself to a few CODEOWNERS paths 2018-11-02 19:07:08 -05:00
Vladyslav Mykhailichenko d87a2481d2
bat: fix build on darwin 2018-11-03 02:06:08 +02:00
Will Dietz 86cee9771b
Merge pull request #48672 from dtzWill/update/w3m-2018
w3m: 20161120 -> 20180125
2018-11-02 19:05:00 -05:00
lewo 3fb4eb1c43 nixos/dockerPreloader: preload docker images (#49379)
This module permits to preload Docker image in a VM in order to reduce
OIs on file copies. This module has to be only used in testing
environments, when the test requires several Docker images such as in
Kubernetes tests. In this case,
`virtualisation.dockerPreloader.images` can replace the
`services.kubernetes.kubelet.seedDockerImages` options.

The idea is to populate the /var/lib/docker directory by mounting qcow
files (we uses qcow file to avoid permission issues) that contain images.

For each image specified in
config.virtualisation.dockerPreloader.images:
1. The image is loaded by Docker in a VM
2. The resulting /var/lib/docker is written to a QCOW file

This set of QCOW files can then be used to populate the
/var/lib/docker:
1. Each QCOW is mounted in the VM
2. Symlink are created from these mount points to /var/lib/docker
3. A /var/lib/docker/image/overlay2/repositories.json file is generated
4. The docker daemon is started.
2018-11-03 01:00:53 +01:00
zimbatm f9bf6cef54
terraform_0_11: 0.11.8 -> 0.11.10 2018-11-03 00:52:24 +01:00
Arian van Putten 13effc913d terraform-providers: Bump all releases (#49582)
Does what it says on the tin. Auto-generated.
2018-11-03 00:50:35 +01:00
Matthew Bauer 29b4ac8e41 release-corss.nix: fix ppc-embedded name
s/powerpc-embedded/ppc-embedded
2018-11-02 18:42:58 -05:00
Thilo Uttendorfer a3739a908c ansible-lint: fix install tests 2018-11-03 00:11:24 +01:00
Thilo Uttendorfer c0d30e5f03 ansible_2_7: init at 2.7.1 2018-11-03 00:11:24 +01:00
Thilo Uttendorfer e63509a651 ansible_2_6: 2.6.2 -> 2.6.7 2018-11-03 00:11:24 +01:00
Thilo Uttendorfer de8a3e3125 ansible_2_5: 2.5.2 -> 2.5.11 2018-11-03 00:11:24 +01:00
Eric Wolf 79dace1b30 haskellPackages.sdl2: test-suite needs x server, so deactivate it 2018-11-03 00:11:11 +01:00
Renaud 4e8bed52ce
Merge pull request #49352 from talyz/master
nomachine-client: init at 6.3.6_1
2018-11-03 00:01:10 +01:00
Kevin Quick 411c665f33
yices: 2.6.0 -> 2.6.1 2018-11-02 15:49:09 -07:00
Robert Helgesson 1851203c7b
comfortaa: 2.004 -> 3.001 2018-11-02 23:38:37 +01:00