1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-27 08:01:14 +00:00
Commit graph

2240 commits

Author SHA1 Message Date
obadz 1cd9c58834 Merge pull request #17461 from rasendubi/powerpc
cross-compilation: fixes for powerpc-linux-uclibc
2016-08-11 00:51:51 +01:00
cmfwyp 37c83ca3a2
sage: update mirrors
The list of mirrors is at https://www.sagemath.org/mirrors.html.
2016-08-07 21:09:14 -04:00
Robin Gloster 1b979d8384 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-03 13:34:44 +00:00
Alexey Shmalko 662721a461
gcc-cross-wrapper: fix for non-chroot build
When `libc` is not set, many lines expand to `/lib`, `/include`, which
makes gccCross use host libraries outside Nix (with a different
architecture).
2016-08-03 03:28:14 +03:00
Tuomas Tynkkynen 21f17d69f6 treewide: Add lots of meta.platforms
Build-tested on x86_64 Linux & Mac.
2016-08-02 21:42:43 +03:00
Tuomas Tynkkynen 55b23aeff5 icon-conv-tools: Don't depend on the .nix file at build time
The `src = ./.;` would cause spurious rebuild of the package since the
output hash now depends on the contents of the .nix file.
2016-08-02 21:30:17 +03:00
Tuomas Tynkkynen 2258b21e4b treewide: Add lots of platforms to packages with no meta
Build-tested on x86_64 Linux and on Darwin.
2016-08-02 21:17:44 +03:00
Tuomas Tynkkynen 59ce911810 treewide: Some EOF-whitespace fixes 2016-08-02 21:17:44 +03:00
Robin Gloster 1be4907ca2 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-02 13:46:36 +00:00
Robin Gloster 63c7b4f9a7 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-31 20:51:34 +00:00
Maarten Hoogendoorn e809667b17 vmTools.runInLinuxImage: add virtio_rng device
This allows the QEMU VM's to use the /dev/random device, by
getting entropy from the host.
2016-07-31 12:39:19 +02:00
Franz Pletz 7e8b3adb04 fetchpatch: add addPrefixes argument
Sometimes patches start without a leading prefix. We default to strip
one prefix or path component from patches (-p1) in the patchPhase in
stdenv.

As all patches should therefore be in this format, fetchpatch should
have an option to normalize patch paths. This commit introduces a new
argument to fetchpatch called addPrefixes that adds one patch prefix to
the old and new paths in a patch before putting it into the store.
2016-07-29 12:03:08 +02:00
Alexey Shmalko bb3fc68b30
antBuild: run default hooks
Fixes https://github.com/NixOS/nixpkgs/issues/10931.
antBuild overrides buildPhase and installPhase without calling default
hooks.
2016-07-26 02:02:42 +03:00
Robin Gloster 203846b9de Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-19 10:37:02 +00:00
Franz Pletz 1109b236cf Merge pull request #16660 from nathan7/tarsum
dockerTools: disable compression in tarsum.go
2016-07-19 10:18:41 +02:00
Renzo Carbonara e54ec2f907 fetchMavenArtifact: init (#16825)
fetchMavenArtifact downloads a Maven artifact given a group id, an artifact id,
and a version.

Example usage:

   org_apache_httpcomponents_httpclient_4_5_2 = fetchMavenArtifact {
     groupId = "org.apache.httpcomponents";
     artifactId = "httpclient";
     version = "4.5.2";
     sha256 = "0ms00zc28pwqk83nwwbafhq6p8zci9mrjzbqalpn6v0d80hwdzqd";
     # Optionally: repos = [ ... urls to some Maven repos to use ... ];
     # Optionally: url, urls - pointing directly to a specific jar url.
   };

Now `org_apache_httpcomponents_httpclient_4_5_2.jar` points to the downloaded
JAR file, while `org_apache_httpcomponents_httpclient_4_5_2` refers to a
derivation that when used used in `buildInputs` will be automatically added to
the Java classpath.
2016-07-19 09:48:36 +02:00
Joachim F 2621e9b641 Merge pull request #16976 from phanimahesh/sourceforge-mirrors
mirrors: add downloads.sourceforge.net
2016-07-16 13:12:49 +02:00
Robin Gloster 5185bc1773 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-15 14:41:01 +00:00
J Phani Mahesh c4fa18b7a2 mirrors: add downloads.sourceforge.net
downloads.sourceforge.net is the official way to download tarballs from
SourceForge.  However, it is reported as unreliable due to SF's weird
load balancing system.

This commit gives the official mirror utmost priority, and will use
other configured mirrors (which may be temporary) as a fallback only
when the official one can't be reached/download fails/hangs.

References: NixOs/nixpkgs#16900
2016-07-15 13:20:35 +05:30
Tuomas Tynkkynen 13160d9c10 buildInLinuxVM: Workaround bug #16742
This is blocking the channel update: #16949
2016-07-14 15:12:50 +03:00
Vladimír Čunát 1b5ac05845 Merge branch 'staging'
Includes security fixes in gd and libarchive.
2016-07-14 15:51:28 +02:00
Vladimír Čunát ab9515092b symlinkJoin: truly pass the defaulted parameters
The catch is that in nix the @-pattern binds the set that was *explicitly*
passed to the function, i.e. default values are *not* taken into account.
2016-07-14 15:36:53 +02:00
Alexey Shmalko 0172558e82 buildEnv: build the whole tree of directories to pathsToLink
This patch fixes #16614 and #16741.

The first issue was caused by the fact that both `/share` and
`/share/fish/vendor_completions.d` end in the `pathsToLink`. The
`pkgs/build-support/buildenv/builder.pl` creates `/share`, then links
`/share/fish` under `/share` and then tries to create the directory
`/share/fish/vendor_completions.d` and fails because it already exists.

The simplest way to reproduce the issue is to build the next Nix
expression:

```nix
let pkgs = import <nixpkgs> { };
in pkgs.buildEnv {
  name = "buildenv-issue";

  paths = [
    pkgs.fish
    pkgs.vim
  ];

  pathsToLink = [
    "/share"
    "/share/fish/vendor_completions.d"
  ];
}
```

The second issue is more critical and was caused by the fact findFiles
doesn't recurse deep enough. It stops at first unique directory for the
package (e.g., "/share" or even "/") and later the scripts decides it
shouldn't link it as it doesn't match pathsToLink (e.g., "/share/fish"),
so the result is empty.

The test:
```nix
let pkgs = import <nixpkgs> { };
in pkgs.buildEnv {
  name = "buildenv-issue";

  paths = [
    pkgs.fish
    pkgs.vim
  ];

  pathsToLink = [
    "/share/fish/functions"
  ];
}
```

or

```nix
let pkgs = import <nixpkgs> { };
in pkgs.buildEnv {
  name = "buildenv-issue";

  paths = [
    pkgs.vim
  ];

  pathsToLink = [
    "/share"
  ];
}
```
2016-07-13 03:54:11 +03:00
Nikolay Amiantov d43bde5f2b patchShebangs: quote variable assignment 2016-07-09 03:05:11 +03:00
Cireo ff3e7d2b4b patchShebangs: strip trailing whitespace
Prior to this commit, trailing whitespace would be introduced when
modifying '#!' lines with no arguments.  For example (whitespace added):

    /nix/store/.../foo: interpreter directive changed
        from "/bin/bash"
          to "/nix/store/...-bash-4.3-p42/bin/bash  "

    /nix/store/.../bar: interpreter directive changed
        from "/bin/baz wef"
          to "/nix/store/...-baz wef "

We add a sed command to strip trailing whitespace, so the above commands
would drop the two spaces after "bash", or the one space after "baz wef".

abbradar: fixed commit title

Closes #16785.
2016-07-09 03:00:27 +03:00
Bjørn Forsman 68205d0ade nix-prefetch-git: unbreak JSON output
This fixes a regression caused by commit f56ab9e
("nix-prefetch-git: Include the date in the machine-readable [...]")
where a couple of directory paths printed by pushd/popd appeared before
the JSON output on stdout (thus breaking it). Fix it by redirecting the
extraneous output to /dev/null.

Reported by Michael Alan Dorman <mdorman@ironicdesign.com>.
2016-07-04 14:39:47 +02:00
David Grayson f56ab9e5e4 nix-prefetch-git: Include the date in the machine-readable output on
stdout, in strict ISO 8601 format.

This will be helpful for automatically updating fetchgit expressions
and the dates in version numbers associated with them.
2016-07-03 11:19:13 +01:00
Nathan Zadoks b9284e445b dockerTools: disable compression in tarsum.go
Previously, tarsum would compress the (discarded) tarball produced.
That's a waste of CPU, and a waste of time.
2016-07-02 02:22:36 -04:00
Nathan Zadoks 23e9e33975 dockerTools: format tarsum.go with gofmt
Nearly all Go code on this earth is formatted with gofmt, and it's
somewhat surprising to find a Go file that isn't formatted accordingly.
2016-07-02 02:22:36 -04:00
Vladimír Čunát 3afa246038 Merge branch 'staging'
This includes a security update of expat.
2016-06-29 07:47:04 +02:00
Benno Fünfstück a368b27270 fhs-user-env: keep DBUS_SESSION_BUS_ADDRESS env
Steam requires this variable or some games run incredibly slow.
See ValveSoftware/Dota-2#921 for more information.
2016-06-28 23:55:43 +02:00
Nikolay Amiantov 5cec134c70 buildFHSUserEnv: don't set CHROOTENV_EXTRA_BINDS 2016-06-28 18:59:33 +03:00
zimbatm 4f5918cd2e Revert "stdenv: introduce baseHash() to replace stripHash()"
Introduced by mistake

This reverts commit e71a5cb878.
2016-06-25 14:25:58 +01:00
zimbatm e71a5cb878 stdenv: introduce baseHash() to replace stripHash()
stripHash uses a global variable to communicate it's computation
results, but it's not necessary. You can just pipe to stdout in a
subshell. A function mostly behaves like just another command.

baseHash() also introduces a suffix-stripping capability since it's
something the users of the function tend to use.
2016-06-25 14:20:56 +01:00
Vladimír Čunát 6b27ceb006 Merge 'master' into staging and re-revert merge
... from staging to master, reverted temporarily in aa9a04883e.
2016-06-23 12:09:03 +02:00
Vladimír Čunát aa9a04883e Revert "Merge branch 'staging'" due to glibc
The main output started to retain dependency on bootstrap-tools; see
https://github.com/NixOS/nixpkgs/pull/15867#issuecomment-227949096

This reverts commit c05d829598, reversing
changes made to f073df60d6.
2016-06-23 09:25:10 +02:00
Vladimír Čunát c05d829598 Merge branch 'staging' 2016-06-22 10:49:56 +02:00
obadz fb6b4860c7 xl2tpd: add nixos module for service
(required adding execv to libredirect)
2016-06-20 21:41:59 +01:00
Eelco Dolstra 5fc64c4baa debian: 7.10 -> 7.11, 8.4 -> 8.5 2016-06-20 14:39:44 +02:00
zimbatm b0f8416c5c Merge pull request #16180 from zimbatm/shell-escaping
Escape all shell arguments uniformly
2016-06-19 23:27:52 +01:00
Vladimír Čunát 61b8d27b4c make-wrapper: fixup #14753 changes to make tests work
The tests need to expand passed variable and very carefully.
I could see no other easy way than to change single-quoting in
makeWrapper to double-quoting.
The tests now fail with the same problem as on master...
2016-06-19 13:38:46 +02:00
Vladimír Čunát e757404555 Merge branch 'master' into staging
Hydra nixpkgs: ?compare=1279790
2016-06-19 12:33:04 +02:00
Moritz Ulrich e72282be84 Merge pull request #16052 from dvc94ch/rust-cross
Rust and cargo improvements
2016-06-16 09:42:23 +02:00
Benno Fünfstück 9ff91371d0 nix-prefetch-git: fix bash evaluation order dependency 2016-06-15 22:54:35 +02:00
David Craven 54f80775cb rust: Refactoring of rust and cargo packages 2016-06-15 12:47:13 +02:00
Joachim Fasting 886c03ad2e Merge pull request #16107 from joachifm/grsec-ng
Rework grsecurity support
2016-06-14 03:52:50 +02:00
Joachim Fasting 75b9a7beac
grsecurity: implement a single NixOS kernel
This patch replaces the old grsecurity kernels with a single NixOS
specific grsecurity kernel.  This kernel is intended as a general
purpose kernel, tuned for casual desktop use.

Providing only a single kernel may seem like a regression compared to
offering a multitude of flavors.  It is impossible, however, to
effectively test and support that many options.  This is amplified by
the reality that very few seem to actually use grsecurity on NixOS,
meaning that bugs go unnoticed for long periods of time, simply because
those code paths end up never being exercised.  More generally, it is
hopeless to anticipate imagined needs.  It is better to start from a
solid foundation and possibly add more flavours on demand.

While the generic kernel is intended to cover a wide range of use cases,
it cannot cover everything.  For some, the configuration will be either
too restrictive or too lenient.  In those cases, the recommended
solution is to build a custom kernel --- this is *strongly* recommended
for security sensitive deployments.

Building a custom grsec kernel should be as simple as
```nix
linux_grsec_nixos.override {
  extraConfig = ''
    GRKERNSEC y
    PAX y
    # and so on ...
  '';
}
```

The generic kernel should be usable both as a KVM guest and host.  When
running as a host, the kernel assumes hardware virtualisation support.
Virtualisation systems other than KVM are *unsupported*: users of
non-KVM systems are better served by compiling a custom kernel.

Unlike previous Grsecurity kernels, this configuration disables `/proc`
restrictions in favor of `security.hideProcessInformation`.

Known incompatibilities:
- ZFS: can't load spl and zfs kernel modules; claims incompatibility
  with KERNEXEC method `or` and RAP; changing to `bts` does not fix the
  problem, which implies we'd have to disable RAP as well for ZFS to
  work
- `kexec()`: likely incompatible with KERNEXEC (unverified)
- Xen: likely incompatible with KERNEXEC and UDEREF (unverified)
- Virtualbox: likely incompatible with UDEREF (unverified)
2016-06-14 00:08:20 +02:00
Rob Vermaas 91436641ec Fix hash for Debian 8.4 Jessie
(cherry picked from commit fd60751ce0)
2016-06-13 12:20:55 +00:00
zimbatm 28fa4a2f03 Escape all shell arguments uniformly 2016-06-12 18:11:37 +01:00
zimbatm a42b7faaec nix-prefetch-git: shellcheck fixes
Used shellcheck (https://github.com/koalaman/shellcheck) to validate
the script and fixed any resulting escaping and ambiguity issues.
2016-06-12 13:45:20 +01:00
Nikolay Amiantov b341de88e9 Merge pull request #16030 from abbradar/fhs-refactor
Improvements for FHS user chrootenv
2016-06-11 21:04:20 +04:00
Tuomas Tynkkynen a06a405d0b cross GCC: Fix some paths to libc headers (after multiple outputs)
It's not completely clear to me why the path to libc headers is set
differently when cross building...
2016-06-11 04:15:17 +03:00
Robin Gloster 8031cba2ab Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-06-10 09:27:04 +00:00
Domen Kožar 7a5b85cdda pkgs.runCommand: passAsFile (buildCommand can be very long)
Close #15803. This avoids the error:

while setting up the build environment: executing
‘/nix/store/7sb42axk5lrxqz45nldrb2pchlys14s1-bash-4.3-p42/bin/bash’:
Argument list too long

Note: I wanted to make it optional based on buildCommand length,
but that seems pointless as I'm sure it's less performant.

Amended by vcunat:
https://github.com/NixOS/nixpkgs/pull/15803#issuecomment-224841225
2016-06-10 10:49:26 +02:00
Vladimír Čunát 46f22d89b9 Merge #15867: glibc, gcc: fixes for ARM targets
... needed after closure-size merge (#7701)
2016-06-10 09:57:17 +02:00
Vladimír Čunát cec03a8ecd Merge #14753: makeWrapper: allow spaces in variables 2016-06-09 13:09:43 +02:00
Kamil Chmielewski 7eb671ebcd no more goPackages 2016-06-09 13:08:00 +02:00
Nikolay Amiantov 3d8664ee42 buildFHSUserEnv: mark CHROOTENV_EXTRA_BINDS as discussed for deprecation 2016-06-07 14:22:38 +03:00
Nikolay Amiantov 3e90b00c10 buildFHSEnv: link 'bin' output 2016-06-07 04:06:35 +03:00
Nikolay Amiantov 8d9e5d297d buildFHSEnv: don't link GCC compiler part 2016-06-07 04:06:35 +03:00
Nikolay Amiantov 74107a7867 buildFHSEnv: refactor and simplify, drop buildFHSChrootEnv
This takes another approach at binding FHS directory structure. We
now bind-mount all the root filesystem to directory "/host" in the target tree.
From that we symlink all the directories into the tree if they do not already
exist in FHS structure.

This probably makes `CHROOTENV_EXTRA_BINDS` unnecessary -- its main usecase was
to add bound directories from the host to the sandbox, and we not just symlink
all of them. I plan to get some feedback on its usage and maybe deprecate it.

This also drops old `buildFHSChrootEnv` infrastructure. The main problem with it
is it's very difficult to unmount a recursive-bound directory when mount is not
sandboxed. This problem is a bug even without these changes -- if
you have for example `/home/alice` mounted to somewhere, you wouldn't see
it in `buildFHSChrootEnv` now. With the new directory structure, it's
impossible to use regular bind at all. After some tackling with this I realized
that the fix would be brittle and dangerous (if you don't unmount everything
clearly and proceed to removing the temporary directory, bye-bye fs!). It also
probably doesn't worth it because I haven't heard that someone actually uses it
for a long time, and `buildFHSUserEnv` should cover most cases while being much
more maintainable and safe for the end-user.
2016-06-07 04:06:35 +03:00
David Craven c22f0c7474 Fix buildRustPackage edge cases
1. When multiple versions of the same package are required
   $revs is an array.
2. When cargo fetch is run it usually doesn't need a network
   connection. But when it does SSL_CERT_FILE isn't set.
2016-06-02 17:15:52 +02:00
Eric Litak 7399d0949c fixing libcCross related flags
(excluding darwin and mingw for now)
2016-05-31 16:28:04 -07:00
Robin Gloster 2d382f3d98 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-05-30 19:39:34 +00:00
Nikolay Amiantov 1b2139b3e2 buildFHSEnv: use separate gcc for 64- and 32-bit 2016-05-29 23:22:58 +03:00
Moritz Ulrich d8b0618e6c buildRustPackage: Don't specify logLevel by default. 2016-05-28 15:05:11 +02:00
Moritz Ulrich 1e04865e87 buildRustPackage: Add log-level argument. 2016-05-28 15:05:11 +02:00
Vladimír Čunát e4832c7541 Merge branch 'staging'
Includes a security update of libxml2.
2016-05-27 15:58:40 +02:00
Nikolay Amiantov ebe1cbe0da symlinkJoin: allow arbitrary additional attributes 2016-05-27 13:42:22 +03:00
Vladimír Čunát 81039713fa Merge branch 'master' into staging
... to get the systemd update (rebuilding ~7k jobs).
2016-05-26 16:50:22 +02:00
Domen Kožar 56714859f4 add CentOS 7.1 2016-05-24 11:35:39 +01:00
Domen Kožar 7fc845aeb1 add OpenSuse 13.2
(cherry picked from commit 2cf5dcd99a)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-05-24 11:06:11 +01:00
Domen Kožar ba0d4ecaf7 debian7: change hash due to 7.10 release
(cherry picked from commit 00df301ac2fd1818fa1f96debcee23dbb979834d)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-05-24 10:40:39 +01:00
Vladimír Čunát 0b192a0976 Merge branch 'master' into staging
That's to get mesa rebuild from master, as it's nontrivial.
2016-05-23 09:02:10 +02:00
Guillaume Maudoux bfd522da63 setup-hooks: do not pass missing dirs to find (close #15405)
find fails when called with an inexistent search path.
That situation may arise when the output is created after by a postFixup hook.
vcunat amended the PR by clarifying one more `return` to `return 0`.
2016-05-22 12:08:01 +02:00
Nikolay Amiantov ca38376566 buildFHSUserEnv: don't run bash in login mode for .env
Fixes https://github.com/NixOS/nixpkgs/issues/12406 for `.env`
2016-05-20 14:17:49 +03:00
Profpatsch 28f8ca560f debian-build: fix checkinstall invocation (#15538)
Checkinstall had two problems:
1. when it was called without a version (e.g. with a derivation created
by fetchFromGitHub) it would use `src` as debian version, which caused
dpkg to fail
2. when dpkg failed, it would invoke the pager with the log, which hangs
the build

So now
1. the default version is the dummy `0.0.0`
2. the used pager is `cat`
2016-05-19 09:41:10 +01:00
Franz Pletz f8d481754c
Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-05-18 17:10:02 +02:00
Domen Kožar a01b6a0d07 fetchzip: improve error message 2016-05-17 17:32:53 +01:00
Vladimír Čunát af364c0f77 fetchurl mirrors: fix gnupg URLs
Some mirrors were missing /gcrypt. Now they should be consistent.
Fixes 15510. Closes 15511.
2016-05-17 11:35:49 +02:00
Eelco Dolstra a5fa7c25cb Merge pull request #15469 from NixOS/fetchgit
fetchgit: remove only .git folder
2016-05-16 16:44:55 +02:00
Domen Kožar 64a072e357 fetchgit: remove only .git
Source of this change goes back to 2009 and original version of
fetchgit at 205fb0c87e.

The nondeterminism is really caused by changing .git so leave other
files alone as they might be interesting.

Note: this causes a hash mismatch with Hydra's version of Git Plugin
which we should fix to comply.
2016-05-15 00:24:04 +01:00
Thomas Tuegel 21efdd8003 Merge pull request #15420 from samuelrivas/emacs-wrapper
emacs: hide wrapper dependencies
2016-05-13 11:58:24 -05:00
Samuel Rivas 67394f9152 emacs: hide wrapper dependencies
Move all the dependencies to their own derivation, so that we don't publish all
of them if the wrapper is installed in a profile.

The previous solution just moved them to a custom directory to avoid conflicts,
this refactors that and completely hides them, while preserving the desired
improvement of adding only one directory to each of the emacs search paths
2016-05-12 22:43:30 +02:00
Vladimír Čunát 6c2fbfbd77 Merge branch 'master' into staging 2016-05-12 04:53:38 +02:00
Carles Pagès e7ab828da1 makeImageFromDebDist: accept additional parameters for vm, as in rpm version. 2016-05-11 15:43:24 +02:00
Joachim Fasting d4d7bfe07b
grsecurity: add option to disable chroot caps restriction
The chroot caps restriction disallows chroot'ed processes from running
any command that requires `CAP_SYS_ADMIN`, breaking `nixos-rebuild`. See
e.g., https://github.com/NixOS/nixpkgs/issues/15293

This significantly weakens chroot protections, but to break
nixos-rebuild out of the box is too severe.
2016-05-10 16:17:08 +02:00
Eelco Dolstra cb37ab146b Add mirror://mozilla scheme 2016-05-09 19:37:22 +02:00
Vladimír Čunát 65a9fa8cdc Merge branch 'master' into staging 2016-05-08 21:24:48 +02:00
zimbatm 4ba7767d91 Merge pull request #14722 from puffnfresh/bug/dockertools-postmount
dockerTools: only add "/nix" if it exists
2016-05-06 17:40:23 +01:00
Joachim Fasting 50d915c758
grsecurity: optionally disable features for redistributed kernels 2016-05-06 16:37:25 +02:00
Vladimír Čunát 1dc36904d8 Merge #14920: windows improvements, mainly mingw 2016-05-05 08:30:19 +02:00
Vladimír Čunát 7a005601d4 Merge branch 'master' to resolve conflicts 2016-05-05 08:25:38 +02:00
Vladimír Čunát 2cbb7bf9d1 cc-wrapper: add -B flag with cc.lib
This fixes `gcc --print-file-name=libstdc++.so`
and thus it should fix #14967.
2016-05-04 14:23:54 +02:00
Peter Simons 397c75aeb4 Revert "Just strip everything by default"
This reverts commit 2362891dc8. The patch
is broken. :-(
2016-05-04 13:40:53 +02:00
Joachim Fasting da767356f2
grsecurity: support disabling TCP simultaneous connect
Defaults to OFF because disabling TCP simultaneous connect breaks some
legitimate use cases, notably WebRTC [1], but it's nice to provide the
option for deployments where those features are unneeded anyway.

This is an alternative to https://github.com/NixOS/nixpkgs/pull/4937

[1]: http://article.gmane.org/gmane.linux.documentation/9425
2016-05-04 03:53:24 +02:00
Tuomas Tynkkynen aadaa91379 Merge remote-tracking branch 'upstream/master' into staging
Conflicts:
	pkgs/applications/networking/browsers/vivaldi/default.nix
	pkgs/misc/emulators/wine/base.nix
2016-05-03 23:12:48 +03:00
Guillaume Maudoux 2362891dc8 Just strip everything by default
Run strip of each file and discard expected failure types.
Also default to stripping the entire output.
2016-05-03 11:04:34 +02:00
Robin Gloster c92bca56f8 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-05-02 22:58:02 +00:00
Joachim Fasting 39db90eaf6
grsecurity: simplify preConfigure 2016-05-02 11:28:06 +02:00
Joachim Fasting a69501a936
grsecurity: ensure that PaX ELF markings are enabled
The upstream default is to enable only xattr markings, breaking the
paxmarks facility.
2016-05-02 11:28:06 +02:00
Maxim Ivanov dea920bfdc Remove obsolete scatter output hook
There are no users of it in main tree and recent merge
of multiple outputs branch makes it obsolete for private trees
too.

At the time hook was created, recently merged multiple output
branch was relying on passing flags to autotools to split
outputs, which obviously wasn't working for other build systems

Scatter output was taking different approach where files were
moved out from a build tree based on known  paths, which is more
or less what current multiple-outputs.sh hook is able to do too.
2016-04-30 22:05:33 +01:00
Domen Kožar 8a3b70791c vmTools.diskImages: add ubuntu 16.04 2016-04-29 11:50:27 +01:00
Tuomas Tynkkynen 4ff8f377af Merge remote-tracking branch 'upstream/master' into staging 2016-04-28 00:13:53 +03:00
Nikolay Amiantov f6eb686222 Merge pull request #15002 from abbradar/symlink-join-wrappers
Use symlinkJoin for wrappers
2016-04-26 16:47:43 +04:00
Frederik Rietdijk d5e6a4494a Python: use PyPI mirror (#15001)
* mirrors: add pypi

* Python: Use pypi mirror for all PyPI packages
2016-04-26 13:38:03 +01:00
Nikolay Amiantov dfe608c8a2 symlinkJoin: accept set as an argument with additional options 2016-04-26 15:37:42 +03:00
Nikolay Amiantov 62616ec5e2 Merge commit 'refs/pull/14907/head' of git://github.com/NixOS/nixpkgs into staging 2016-04-25 18:02:47 +03:00
Nikolay Amiantov 5e85760ff1 Merge commit 'refs/pull/14909/head' of git://github.com/NixOS/nixpkgs into staging 2016-04-25 18:02:32 +03:00
Nikolay Amiantov 5f19542581 Merge commit 'refs/pull/14694/head' of git://github.com/NixOS/nixpkgs into staging 2016-04-25 18:02:23 +03:00
Nikolay Amiantov 69a072484d gcc-wrapper-old: fix binutils and coreutils' paths 2016-04-25 14:27:51 +03:00
jraygauthier ddc401ed0a icon-conv-tools: init at 0.0.0 (#13905)
A nix specific set of tools for converting icon files
that are not in a freedesktop ready format.

I plan on using these tools for both `keepass` and
`retroarch` packages. It may benifit many other packages.
2016-04-25 13:16:47 +02:00
Nikolay Amiantov 5ff40ddedf add get* helper functions and mass-replace manual outputs search with them 2016-04-25 13:24:39 +03:00
Profpatsch a2d38bc7fc doc/stdenv.xml document substitution env variables
The filtering of environment variables that start with an uppercase
letter is documented in the manual.
2016-04-23 21:41:35 +02:00
Tuomas Tynkkynen bd18cc3cdc Merge pull request #14888 from dezgeg/pr-kill-module-init-tools
Delete all usages of module_init_tools and remove the package
2016-04-23 14:29:41 +03:00
Vladimír Čunát 6e7787e666 stdenv for windows: auto-link dependency DLLs
For every *.{exe,dll} in $output/bin/ we try to find all (potential)
transitive dependencies and symlink those DLLs into $output/bin
so they are found on invocation.
(DLLs are first searched in the directory of the running exe file.)

The links are relative, so relocating whole /nix/store won't break them.
The hook is activated on cygwin and when cross-compiling to mingw.
2016-04-23 10:52:00 +02:00
Guido Zgraggen 6ea0ae58af nix-prefetch-git: create parent directories 2016-04-22 16:51:49 -07:00
Tuomas Tynkkynen 01854a850a treewide: Replace module_init_tools -> kmod
The former is deprecated and doesn't handle compressed kernel modules,
so all current usages of it are broken.
2016-04-22 10:40:57 +03:00
Vladimír Čunát 57474b7d4a Merge branch 'master' into staging
Compare to Hydra nixpkgs job 1260021.
2016-04-20 16:49:52 +02:00
Vladimír Čunát f6dfbb692c stdenv multiple-outputs: fix cross-build propagation
Fixes #14817. The outputs weren't propagated correctly when
cross-building.
2016-04-20 16:37:23 +02:00
Vladimír Čunát 9f8751528c stdenv multiple-outputs: fix #14782 --docdir location
- the default --docdir is typically DATAROOTDIR/doc/pkgName
- I saw no other way than to employ some magic to guess this `pkgName`
- user can override it by setting $shareDocName
2016-04-20 16:36:10 +02:00
Eelco Dolstra 21a2f2ba3b nix: Add a "dev" output
This gets rid of boehm-dev in the closure (as well as Nix's own
headers).
2016-04-18 21:13:18 +02:00
Robin Gloster d020caa5b2 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-04-18 13:49:22 +00:00
Vladimír Čunát f57c6449dc buildEnv: fix #14682 evaluation in some edge cases
I supplied meta.outputsToInstall automatically in all
mkDerivation products, but some packages still don't use it.
The reported case: jekyll -> bundlerEnv -> buildEnv -> runCommand.
2016-04-17 08:57:17 +02:00
Marius Bakke d534e38d58 makeWrapper: allow special characters in variable contents 2016-04-16 02:58:02 +01:00
Brian McKenna 0167b61ef4 dockerTools: only add "/nix" if it exists
The /nix path in 4d200538 of the layer tar didn't exist for some
packages, such as cacert. This is because cacert just creates an /etc
directory and doesn't depend on any other /nix paths. If we tried
putting this directory in the tar and using overlayfs with it, we'd get
"Invalid argument" when trying to remove the directory.

We now check whether the closure is non-empty before telling tar to
store the /nix directory.

Fixes #14710.
2016-04-16 01:16:49 +10:00
Brian McKenna bc2f314f73 dockerTools: make tars deterministic
There were two sources of non-determinisim coming into the images. The
first was tar mtimes, the second was pigz/gzip times.

An example image now passes with the --check flag.
2016-04-15 09:29:15 +10:00
Domen Kožar 0f9268e52c fetchurl: assert required Nix version for sha512 2016-04-14 12:50:21 +01:00
Luca Bruno 44d651485a dockerTools: fix difference between base files and layer files 2016-04-14 12:23:49 +02:00
Luca Bruno 4d200538c2 dockerTools: fix /nix/store permissions 2016-04-14 12:23:48 +02:00
Luca Bruno 6d8845ed8f Merge pull request #14588 from puffnfresh/bug/remove-docker-tarballs
dockerTools: remove "tarballs" attribute
2016-04-13 21:01:01 +02:00
Eelco Dolstra 3ecbe604ef fetchurl: Support SHA-512 hashes 2016-04-13 14:11:14 +02:00
Nikolay Amiantov d0fd551876 buildFHSEnv: post-closure-size fix 2016-04-13 14:28:33 +03:00
Nikolay Amiantov 5c38c36472 Merge pull request #14650 from hrdinka/fhs-chroot/pkg-path
build-fhs-chrootenv: set PKG_CONFIG_PATH
2016-04-13 14:24:09 +04:00
Christoph Hrdinka 54fa4c4cec build-fhs-chrootenv: set PKG_CONFIG_PATH
Currently `PKG_CONFIG_PATH` isn't set in FHS chroots rendering `pkg-config`
unusable. This patch sets it to `/usr/lib/pkgconfig`.
2016-04-13 11:06:33 +02:00
Vladimír Čunát 39ebb01d6e Merge branch 'staging', containing closure-size #7701 2016-04-13 09:25:28 +02:00
Joachim Fasting 27035365ec build-support/grsecurity: simplify the grsecurityOverrider
Adding inputs required by gcc plugins to the ambient environment is sufficient.
2016-04-12 01:23:32 +02:00
Brian McKenna d150fe8915 dockerTools: use pigz for final image tar
Saves a few seconds on large images.
2016-04-11 16:32:47 +10:00
Brian McKenna ebb911cc0b dockerTools: remove tarballs functionality
I think the intention of this functionality was to provide a simple
alternative to the "runAsRoot" and "contents" attributes.

The implementation caused very slow builds of Docker images. Almost all
of the build time was spent in IO for tar, due to tarballs being
created, immediately extracted, then recreated. I had 30 minute builds
on some of my images which are now down to less than 2 minutes. A couple
of other users on #nix IRC have observed similar improvements.

The implementation also mutated the produced Docker layers without
changing their hashes. Using non-empty tarballs would produce images
which got cached incorrectly in Docker.

I have a commit which just fixes the performance problem but I opted to
completely remove the tarball feature after I found out that it didn't
correctly implement the Docker Image Specification due to the broken
hashing.
2016-04-11 16:32:43 +10:00
Vladimír Čunát 30f14243c3 Merge branch 'master' into closure-size
Comparison to master evaluations on Hydra:
  - 1255515 for nixos
  - 1255502 for nixpkgs
2016-04-10 11:17:52 +02:00
Robin Gloster 3e68106afd Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-04-07 21:52:26 +00:00
Vladimír Čunát 710573ce6d Merge #12653: rework default outputs 2016-04-07 16:00:09 +02:00
Vladimír Čunát 9a824f2f1d treewide: rename extraOutputs{ToLink,ToInstall}
This is to get more consistent with `meta.outputsToInstall`.
2016-04-07 15:59:44 +02:00
Vladimír Čunát 2995439003 buildEnv: respect meta.outputsToInstall
As a result `systemPackages` now also respect it.
Only nix-env remains and that has a PR filed:
    https://github.com/NixOS/nix/pull/815
2016-04-07 15:59:44 +02:00
Vladimír Čunát d1df28f8e5 Merge 'staging' into closure-size
This is mainly to get the update of bootstrap tools.
Otherwise there were mysterious segfaults:
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-203389817
2016-04-07 14:40:51 +02:00
Tuomas Tynkkynen 6b42f9f4be Merge commit 'bde820' from staging
http://hydra.nixos.org/eval/1252653 - only ~9400 packages to go at the
time of writing this.
2016-04-06 01:18:28 +03:00
Vladimír Čunát aa670eb503 vmTools: update debian jessie 8.3 -> 8.4
Their in-place updates break download hashes...
2016-04-05 14:32:04 +02:00
Robin Gloster bbbaccfa68 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-04-04 15:24:52 +00:00
Nikolay Amiantov 88c97e2860 Merge pull request #14413 from abbradar/steam-run
steam-run: add derivation
2016-04-04 18:04:45 +04:00
Samuel Rivas f1b0d6410e emacsWithPackages: reduce some duplication 2016-04-03 21:21:50 +02:00
Samuel Rivas 2b199537b7 emacsWithPackages: move bin and site-lisp to private share directory
This is to avoid unwanted side effects when installing a wrapped emacs in the environment:

  * All executables in the dependencies become available in the user environment
  * All site-lisp binaries in the dependencies become accessible to unwrapped emacs

Also, both bin and site-lisp would generate conflicts so installing a wrapped emacs becomes really cumbersome
2016-04-03 21:11:38 +02:00
Robin Gloster 696d85a62d Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-04-03 11:01:57 +00:00
Nikolay Amiantov 375c410d07 userFHSEnv: add passthru, rename meta 2016-04-03 04:19:58 +03:00
Tomasz Kontusz 6c9ce23c00 cc-wrapper: Fix a typo in param parsing (close #14401) 2016-04-02 20:51:48 +02:00
Eelco Dolstra 13a1c7b8c1 useOldCXXAbi: Change into a setup hook
Stdenv adapters considered weird.
2016-04-01 13:36:59 +02:00
Lluís Batlle i Rossell 635c99ce87 vm: allow overriding QEMU_OPTS / memSize for images.
It's nice to be able to create disk images with -smp 4
in qemu.
2016-04-01 10:32:59 +02:00
Vladimír Čunát ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Franz Pletz 2e08d8234e Merge remote-tracking branch 'origin/master' 2016-03-31 10:06:30 +02:00
Lluís Batlle i Rossell ab93f8c137 Making vm's qemu cache=unsafe. Faster.
I don't think it's unsafe, if it's meant for nix expressions.
2016-03-31 09:27:25 +02:00
Lluís Batlle i Rossell e21dd19168 Making vm's interactive shell handle the terminal well. 2016-03-31 09:27:14 +02:00
Robin Gloster a4e65c3639 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-30 09:01:20 +00:00
Nikolay Amiantov a5322efd95 Revert "Remove PATH assumption from fhs-userenv."
This reverts commit 2f26b82411.

This breaks terminfo in Bash for some reason (i.e. TAB and other
special keys).
2016-03-29 17:58:07 +03:00
Robin Gloster f60c9df0ba Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-28 15:16:29 +00:00
Rodney Lorrimar 457eddd18f bower2nix: 2.1.0 -> 3.0.1
1. Update bower2nix version and add new/updated dependencies into
   node-packages-generated.nix. This was done manually, with npm2nix
   generating the initial set of derivations. In future, it would be
   nice to have an automatic process (see #10358, #9332).

2. Add an override to nodePackages.bower2nix wrapping the commands so
   that git is on the PATH.

3. Update fetchbower to support new command-line options of bower2nix,
   and to allow github URL tag versions.
2016-03-28 08:23:06 +01:00
Domen Kožar b07e7bfc7b Merge remote-tracking branch 'origin/staging' 2016-03-27 13:19:04 +01:00
Joachim Fasting 304c4a514e grsecurity: fix gcc plugin
Also needs mpfr and libmpc
2016-03-26 21:01:21 +01:00
Nicolas B. Pierron 5d6a4a6fa9 Merge pull request #14000 from nbp/fix-extend
Use fix and extends functions for all-packages.nix
2016-03-24 20:54:20 +01:00
Nikolay Amiantov 119c287c71 cc-wrapper: use Bash arrays properly 2016-03-24 21:13:11 +03:00
Nikolay Amiantov 0c6db0ca48 cc-wrapper: add option to skip flags for native optimizations 2016-03-24 20:16:17 +03:00
Eelco Dolstra 89693e71b9 Merge pull request #13907 from abbradar/cpp-wrapper
cc-wrapper: add C++-specific paths if `-x cpp` is passed
2016-03-24 18:12:04 +01:00
zimbatm 40e9dff04a nix-prefetch-git: fix url_to_name heuristic
The function wasn't checking that *all* of the characters where
[a-z0-9]. Fixes #13921
2016-03-23 11:22:51 +00:00
Ryan Trinkle be30ba8e0e nix-prefetch-scripts: make nix-prefetch-git report fetchSubmodules in its JSON output
Previously, nix-prefetch-git would report the same JSON whether submodules were being fetched or not; with this change, the --fetch-submodules option will cause the JSON output to include "fetchSubmodules": true, so that fetchgit (builtins.fromJSON (builtins.readFile ./path/to/output.json)) will work.
2016-03-21 23:26:18 -04:00
Nicolas B. Pierron 5cdaa7b907 Remove all-packages.nix helperFunctions dependency. 2016-03-20 16:41:20 +00:00
zimbatm ae487615a6 nix-prefetch-git: fix url_to_name heuristic
The function wasn't checking that *all* of the characters where
[a-z0-9]. Fixes #13921
2016-03-18 21:58:52 +00:00
Sander van der Burg 27e23486bb fetchbower: quote parameter to prevent ambigious redirects if version specifiers have wildcards 2016-03-18 12:06:01 +00:00
Peter Simons af81505c00 wrap-gapps-hook.sh: fix double inclusion guard
The simple "return" would not override the non-zero error code set by the
preceding test command, therefore aborting scripts running with "set -e".
2016-03-18 07:52:36 +01:00
Nikolay Amiantov 11b69246e0 Merge pull request #13938 from abbradar/fhs-gcc-paths
buildFHSEnv: add standard paths for compilers
2016-03-16 15:44:34 +03:00
Nikolay Amiantov 9488fee869 buildFHSEnv: add standard paths for compilers 2016-03-15 19:44:42 +03:00
Robin Gloster 3f45f0948d Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-15 01:44:24 +00:00
zimbatm 9504992e1d Merge pull request #13897 from nbp/fix-ocaml-pkgs-platform
Ensure that we can evaluate the platform attribute of ocaml packages.
2016-03-14 19:25:40 +00:00
Vladimír Čunát d6b46ecb30 Merge branch 'closure-size' into p/default-outputs 2016-03-14 11:27:15 +01:00
Nikolay Amiantov 87607af7a1 cc-wrapper: add C++-specific paths if -x c++ is passed 2016-03-14 06:58:18 +03:00
Robin Gloster a9b942c061 cc-wrapper: treat hardeningDisable as string
This fixes passing the env variable to the ld-wrapper through the gcc
call. Wtf?!
2016-03-14 00:26:52 +00:00
Nicolas B. Pierron 72c6f8a140 Ensure that we can evaluate the platform attribute of ocaml packages. 2016-03-13 19:08:26 +00:00
Nicolas B. Pierron 6313a5698a Replace references to all-packages.nix, by references to the top-level of nixpkgs repository. 2016-03-13 18:25:52 +00:00
Vladimír Čunát ab0bc1ecaf symlinkJoin: preferLocalBuild && !allowSubstitutes 2016-03-11 15:59:18 +01:00
Tristan Helmich 1a5acdb695 cc-wrapper: Add additional NIX_DEBUG statements 2016-03-11 14:02:07 +01:00
Eelco Dolstra 2af1cb3aa6 Merge remote-tracking branch 'origin/binutils-2.26' into staging
This still breaks a few packages, but nothing really major:

  http://hydra.nixos.org/eval/1241850?filter=x86_64-linux&compare=1237919&full=#tabs-now-fail
2016-03-11 11:58:49 +01:00
Tristan Helmich 7e2e0dfe7a cc-wrapper: Use stderr for NIX_DEBUG output
Otherwise configure scripts might break when looking for the path to ld
2016-03-10 15:47:55 +01:00
Franz Pletz 514a478e61 cc-wrapper: Fix if syntax 2016-03-09 10:08:07 +01:00
Robin Gloster 9a5b070b45 hardening: debug with NIX_DEBUG 2016-03-08 20:51:35 +00:00
Vladimír Čunát 09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Franz Pletz eb5a897161 Merge remote-tracking branch 'origin/pr/13505'
Fixes #13505.
2016-03-08 01:01:44 +01:00
Franz Pletz baee91ec60 cc-wrapper: Check if ld supports -z, fixes darwin 2016-03-07 21:40:20 +01:00
Franz Pletz b2b499e6c4 cc-wrapper: Increase number of functions for stackprotector 2016-03-07 01:30:40 +01:00
Franz Pletz ab1092875a cc-wrapper: Disable pie for linking static libs 2016-03-07 01:30:39 +01:00
Franz Pletz 63f60b6a13 cc-wrapper: Disable pie when linking shared libraries 2016-03-07 01:30:39 +01:00
zimbatm 5e5494a852 make-wrapper.sh: add an --unset argument
`--set FOO ""` is not strictly equivalent to `--unset FOO`. In the former case
the environment variable still exists with an empty string as a value.
2016-03-06 22:48:14 +00:00
Franz Pletz 05a02c53a0 cc-wrapper: -pie is a ldflag 2016-03-06 00:14:55 +01:00
Franz Pletz aff1f4ab94 Use general hardening flag toggle lists
The following parameters are now available:

  * hardeningDisable
    To disable specific hardening flags
  * hardeningEnable
    To enable specific hardening flags

Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.

cc-wrapper supports the following flags:

  * fortify
  * stackprotector
  * pie (disabled by default)
  * pic
  * strictoverflow
  * format
  * relro
  * bindnow
2016-03-05 18:55:26 +01:00
Profpatsch 82fa1a796b lib/copyPathToStore: annotate docstring 2016-03-01 15:26:35 +01:00
zimbatm 0d2e437fc9 Merge pull request #13584 from zimbatm/nix-prefetch-git-json
nix-prefetch-git: change the default output to JSON
2016-03-01 10:07:00 +00:00
Lluís Batlle i Rossell 202ebf794c vm/rpm/rpm-closure.pl: make it deterministic
Some recent perl version introduced "keys" to return the keys
in random order. As some of the packages are solved by "provides" and
based on the order, this randomness affects what packages get into the
closure.

This problem may be in other nix perl scripts.
2016-03-01 11:02:42 +01:00
zimbatm 90de261f33 nix-prefetch-git: change the default output to JSON
As discussed on the mailing list. The nix output was short-lived so it's
probably okay to change it.
2016-02-29 22:47:16 +00:00
Luca Bruno 5f8311775c chromium: add StartupWMClass to desktop file. Fixes #12433 2016-02-29 20:42:58 +01:00
zimbatm 6d9cc54089 build-maven: use lib.importJSON 2016-02-29 13:49:29 +00:00
tg(x) 38614d3f6a grsecurity: use kernel version instead of testing / stable 2016-02-28 04:10:59 +01:00
Eelco Dolstra d5bb6a1f9c glibc: Enable separate debug symbols
The importance of glibc makes it worthwhile to provide debug
symbols. However, this revealed an issue with separateDebugInfo: it
was indiscriminately adding --build-id to all ld invocations, while in
fact it should only do that for final links. Glibc also uses non-final
("relocatable") links, leading to subsequent failure to apply a build
ID ("Cannot create .note.gnu.build-id section, --build-id
ignored"). So now ld-wrapper.sh only passes --build-id for final
links.
2016-02-28 02:57:37 +01:00
Eelco Dolstra 69a337edae separateDebugInfo: Compress debug sections at compile/link time 2016-02-28 01:54:55 +01:00
Eelco Dolstra 2040a9ac57 stdenv-linux: Ensure binutils comes before bootstrapTools in $PATH
Otherwise, when building glibc and other packages, the "strip" from
bootstrapTools is used, which doesn't recognise some tags produced by
the newer "ld" from binutils.
2016-02-28 01:13:15 +01:00
zimbatm de124cfa79 Merge pull request #11671 from timbertson/fetchgit
fetchgit: output improvements
2016-02-27 22:45:07 +00:00
Eelco Dolstra e6f61b4cf3 fetchurlBoot: Use Nix's builtin fetchurl function
This removes the need for curl in bootstrapTools, and enables https
for bootstrap tarballs.
2016-02-27 20:27:24 +01:00
tg(x) 4e3d6d3e90 grsecurity: separate fix patches for testing & stable 2016-02-27 19:54:55 +01:00
tg(x) 7547960546 grsecurity: move version information to one place 2016-02-27 18:36:12 +01:00
tg(x) d95321b83e grsecurity: 4.3.4 -> 4.4.2 2016-02-27 18:36:12 +01:00
Tim Cuthbertson 21547a61ba nix-prefetch-git: print out valid nix expression; make --quiet very quiet 2016-02-27 21:26:35 +11:00
Tim Cuthbertson 456cbb29d9 nix-prefetch-git: add --quiet flag and minor cleanup 2016-02-27 16:56:38 +11:00
zimbatm 35ab3d301f Merge remote-tracking branch 'upstream/staging' 2016-02-26 22:37:04 +00:00
Tony White 4806cddda3 fetchurl: use kernel.org cdn by default
- use http://cdn.kernel.org/pub/ as the default mirror
for kernel source requests.
Discovered by browsing :
 https://www.kernel.org/introducing-fastly-cdn.html
2016-02-26 21:32:00 +00:00
zimbatm d2f3e250cf Merge pull request #8576 from obadz/nix-prefetch-zip
Add --ext option to nix-prefetch-zip
2016-02-26 00:57:30 +00:00
Nikolay Amiantov 4f74a4aacb fetch-cargo-deps: factor into fetchCargoDeps function 2016-02-25 14:05:44 +03:00
Nikolay Amiantov 34023d867d fetchcargo: set CA bundle path 2016-02-25 13:51:12 +03:00
Vladimír Čunát 93f6af1071 Merge branch 'master' into staging 2016-02-25 09:01:48 +01:00
Vladimír Čunát 30b7bd8d01 Merge branch 'glibc-2.22' into staging
I'm running whole my working notebook on 2.22 without any problems.
I don't expect any significant issues.
2016-02-25 08:42:59 +01:00
Jude Taylor a2b19cdb04 revert fetch-cargo-deps change 2016-02-23 18:31:45 -08:00
Jude Taylor 7336191574 fix fetch-cargo SSL error 2016-02-23 16:42:51 -08:00
zimbatm cfa99e5a99 Merge pull request #13114 from colemickens/azure
azure: package qemu 2.2.0 to fix VHD creation
2016-02-23 22:47:44 +00:00
zimbatm 69059602ff Merge pull request #13111 from tsion/simplify-assert
Simplify fetchurl assertion logic.
2016-02-23 22:42:27 +00:00
zimbatm c3e9630dfa Merge pull request #13369 from grahamc/nix-prefetch-git-output-base32
nix-prefetch-git: output base32 hash so output matches nix-build errors
2016-02-22 18:21:11 +00:00
Graham Christensen 60f354dfb8 nix-prefetch-git: output base32 hash so output matches nix-build errors
It turns out hashFormat has never been set.
2016-02-22 10:50:27 -06:00
Ricardo M. Correia fd3e02add8 Merge pull request #13027 from puffnfresh/package/pijul
pijul: 0.1 -> 0.2-6ab9ba
2016-02-20 15:43:53 +01:00
Vladimír Čunát 4b581903b3 requireFile: preferLocalBuild = true
There's no point trying to "distribute" showing the error message.
2016-02-19 13:47:50 +01:00
Nikolay Amiantov 9525abdeec steamPackages.runtime: use mirrors, add my mirror 2016-02-19 14:10:09 +03:00
Scott Olson 43a523526d Require at least one of url or urls in fetchurl. 2016-02-19 03:18:21 -06:00
Cole Mickens 718848d5aa azure: package qemu @ 2.2.0
This commit packages qemu-220. This package is qemu-2.2.0
and is only used with Azure.
2016-02-18 21:08:28 -08:00
Scott Olson 9cf93ba135 Simplify fetchurl assertion logic.
The two lines I removed technically assert the exact same thing, since `!a -> b`
is equivalent to `a || b`. So, I replaced the two lines with the more symmetric
form to make it clearer.
2016-02-18 22:39:43 -06:00
Eelco Dolstra d71a4851e8 Don't try to apply patchelf to non-ELF binaries 2016-02-18 22:54:11 +01:00
Eelco Dolstra bf63de1613 separateDebugInfo: Handle weird filenames properly 2016-02-18 22:54:11 +01:00
Eelco Dolstra 076de98c94 separateDebugInfo: Restore ELF check 2016-02-18 21:37:26 +01:00
Luca Bruno b7c57c831f Merge pull request #13099 from datakurre/datakurre-dockertools
dockerTools: Fix issue where image name with repository prefix was no…
2016-02-18 17:30:54 +01:00
Asko Soukka 584427c694 dockerTools: Fix issue where image name with repository prefix was not supported 2016-02-18 18:16:58 +02:00
Vladimír Čunát e9520e81b3 Merge branch 'master' into staging 2016-02-17 10:06:31 +01:00
Benjamin Staffin fc85f1beed nix-prefetch-hg: Various bash style improvements, fixes #9511 2016-02-17 00:35:30 +01:00
Brian McKenna 8b644c5826 rust: fix prePatch phase fail when sourceRoot set
We want to go up more than a single directory if we're in a nested one.
2016-02-17 07:28:26 +11:00
Vladimír Čunát d039c87984 Merge branch 'master' into closure-size 2016-02-14 08:33:51 +01:00
zimbatm 02f5a01c19 nix-prefetch-git: use fetchgit's naming heuristic
This commit fixes #6651.

Before this change the `nix-prefetch-git` script would use a different store
name than nix's `fetchgit` function. Because of that it was not possible to
use `nix-prefetch-git` as a way to pre-populate the store (for example when
the user it using private git dependencies that needs access to the ssh agent)
2016-02-13 14:39:44 +00:00
Vladimír Čunát a115bff08c Merge branch 'master' into staging 2016-02-07 13:52:42 +01:00
Vladimír Čunát 96cbdc70f2 cc-wrapper: fix #10574: old gcc -> cc fallout
The part with gcc-wrapper-old changes is rather unimportant,
as it's almost unused but I still tested that the sole user `gnat` builds.
2016-02-05 14:05:14 +01:00
Vladimír Čunát 54299b60c4 Merge #12779: Mass replace pkg}/bin-style strings
... to refer to correct outputs
2016-02-03 17:25:22 +01:00
Vladimír Čunát f89a136fd5 cc-wrapper: fixup branch interactions
c0599fdd61 and changes on closure-size didn't go well together.
2016-02-03 16:57:41 +01:00
Vladimír Čunát ae74c356d9 Merge recent 'staging' into closure-size
Let's get rid of those merge conflicts.
2016-02-03 16:57:19 +01:00
Guillaume Maudoux 9f358f809d Configure a default trust store for openssl 2016-02-03 12:42:01 +01:00
Eric Seidel f62b04954f fetchgitlocal: be less chatty 2016-02-01 10:57:01 -08:00
Tuomas Tynkkynen 3cc7fa0be9 treewide: Mass replace 'lzma}/bin' to refer the 'bin' output 2016-02-01 20:46:15 +02:00
Eelco Dolstra 030838ba25 makeModulesClosure: Small cleanup 2016-02-01 18:19:23 +01:00
Thomas Tuegel 1e5cad9c8c Merge pull request #12738 from ttuegel/emacsWithPackages
Reduce load time of emacsWithPackages
2016-01-31 17:28:20 -06:00
Franz Pletz c5f092c6a7 Merge pull request #12626 from aspiwack/deepclone-doc
Fix usage message in `nix-prefetch-git`
2016-01-30 17:34:42 +01:00
Eelco Dolstra 9855cbcbf8 debian: 8.2 -> 8.3 2016-01-30 11:08:37 +01:00
zimbatm 48a5bb703d stdenv: fix set-source-date-epoch-to-latest (close #12602)
In some cases the $sourceRoot is missing. Skip the hook instead
of showing the following cryptic error:

    find: cannot search `': No such file or directory
    /nix/store/0p1afvl8jcpi6dvsq2n58i90w9c59vz1-set-source-date-epoch-to-latest.sh: line 12: [: : integer expression expected

vcunat removed the warning; the hook will just skip silently in these cases.
Perhaps someone can improve on it some time.
2016-01-29 12:03:48 +01:00
Vladimír Čunát de0af30716 Merge branch 'master' into staging 2016-01-29 10:19:48 +01:00
aszlig ab84149c99
buildEnv: Pass the right number of args to addPkg
Regression introduced by 4529ed1259.

I've missed this in #5096, not because of a messed up rebase as I have
guessed from a comment on #12635 but missed this in the first place.

The testing I did while working on the pull request weren't exhaustive
enough to cover this, because I haven't tested with packages that use
the propagatedUserEnvPkgs attribute.

In order to make the test a bit more exhaustive this time, let's test it
using:

nix-build -E 'with import ./. {}; buildEnv {
  name = "testenv";
  paths = [
    pkgs.hello pkgs.binutils pkgs.libsoup pkgs.gnome3.yelp
    pkgs.gnome3.totem
  ];
}'

And with this commit the errors no longer show up and the environment is
built correctly.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #12635
2016-01-28 14:50:44 +01:00
Vladimír Čunát ab8a691d05 nixos systemPackages: rework default outputs
- Now `pkg.outputUnspecified = true` but this attribute is missing in
  every output, so we can recognize whether the user chose or not.
  If (s)he didn't choose, we put `pkg.bin or pkg.out or pkg` into
  `systemPackages`.
- `outputsToLink` is replaced by `extraOutputsToLink`.
  We add extra outputs *regardless* of whether the user chose anything.
  It's mainly meant for outputs with docs and debug symbols.
- Note that as a result, some libraries will disappear from system path.
2016-01-28 11:24:18 +01:00
Vladimír Čunát a33fcc8731 cc-wrapper: attempt to fix on darwin
This fixes evaluation at least. I'm unable to test this myself and noone steps up;
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-174448705
however, Hydra's macs are idling so let's employ them for that.
2016-01-28 06:59:36 +01:00
Arthur Noel 903129f770 dockerTools: private registry support
* authorization token is optional
* registry url is taken from X-Docker-Endpoints header
* pull.sh correctly resumes partial layer downloads
* detjson.py does not fail on missing keys
2016-01-27 21:13:07 +00:00
Thomas Tuegel 063f5e3d0b remove autonix 2016-01-27 06:26:14 -06:00
Arnaud Spiwack 07f7ecdcce Fix usage message in nix-prefetch-git
The comment related to the `deepClone` and `no-deepClone` options was
misleading as these options have no relation with submodules, but on the
the depth in `git clone --depth n`.
2016-01-26 16:09:52 +01:00
Peter Simons 5ff34bac8c build-support/source-tarball.nix: fix syntax highlighting in Emacs 2016-01-26 14:03:06 +01:00
Vladimír Čunát c0599fdd61 Merge #11798: cc-wrapper: fix on darwin 2016-01-25 10:03:42 +01:00
Vladimír Čunát 8f48a9756b cc-wrapper: quote when saving $PATH 2016-01-25 09:54:10 +01:00
Dan Peebles 8f9aea9ccc grsecurity: fix kernel config and uncomment grsecurity kernels 2016-01-23 16:58:44 +00:00
Dan Peebles 33cf0792b1 grsecurity-testing: update patches and associated kernel version 2016-01-23 14:29:34 +00:00
Nikolay Amiantov f18317885a fhs-userenv: don't use bash login mode
Login mode can cause hidden problems, e.g. #12406. Generally we don't want
to read user's .bash_profile when we don't start an interactive shell inside
a chroot.
2016-01-23 15:55:53 +03:00
Vladimír Čunát 0957359568 Merge branch 'staging' 2016-01-22 13:48:35 +01:00
Thomas Tuegel 32c30411cf emacsWithPackages: link packages into single load-path
This should provide a small speed improvement by avoiding having to set
hundreds of load-paths.
2016-01-20 12:53:11 -06:00
Thomas Tuegel 2b1024646b emacsWithPackages: defer loading package.el
Also stops duplicating load paths.
2016-01-20 12:43:21 -06:00
Thomas Tuegel 97e1258ded emacsWithPackages: use local variables correctly 2016-01-20 12:43:00 -06:00
Rok Garbas 36fc03edb6 fetchgit: import impure GIT_PROXY_COMMAND and SOCKS_SERVER, fixes #8605
These environment variables allow using fetchgit with git:// URLs using
the SOCKS proxy technique described in 'Using Git with a SOCKS proxy':

  http://www.patthoyts.tk/blog/using-git-with-socks-proxy.html

Briefly, GIT_PROXY_COMMAND is set to a script which invokes connect[1],
which reads SOCKS_PROXY, which might be pointing to a local instance of
'ssh -D'.

[1] pkgs/tools/networking/connect
2016-01-20 02:18:22 +01:00
Anthony Cowley d96893647d cc-wrapper: fix on darwin
The ld-wrapper.sh script calls `readlink` in some circumstances. We need
to ensure that this is the `readlink` from the `coreutils` package so
that flag support is as expected.

This is accomplished by explicitly setting PATH at the top of each shell
script.

Without doing this, the following happens with a trivial `main.c`:

```
nix-env -f "<nixpkgs>" -iA pkgs.clang
$ clang main.c -L /nix/../nix/store/2ankvagznq062x1gifpxwkk7fp3xwy63-xnu-2422.115.4/Library -o a.out
readlink: illegal option -- f
usage: readlink [-n] [file ...]
```

The key element is the `..` in the path supplied to the linker via a
`-L` flag. With this patch, the above invocation works correctly on
darwin, whose native `/usr/bin/readlink` does not support the `-f` flag.

The explicit path also ensures that the `grep` called by `cc-wrapper.sh`
is the one from Nix.

Fixes #6447
2016-01-19 17:47:11 -05:00
Domen Kožar 9c571a98ed Merge pull request #10998 from andrewrynhard/master
Add help flag to nix-prefetch-git
2016-01-19 12:01:55 +01:00
Eelco Dolstra e210fdd272 Merge pull request #12469 from domenkozar/fetchurl/executable
fetchurl: support executables
2016-01-19 11:27:13 +01:00
Domen Kožar c7383cb34b fetchurl: support executables 2016-01-19 11:17:49 +01:00
Vladimír Čunát 716aac2519 Merge branch 'staging' into closure-size 2016-01-19 09:55:31 +01:00
Domen Kožar 3b381d37ee Merge pull request #5096 from aszlig/buildenv-check-collision-contents
buildEnv: Check the content of colliding paths.
2016-01-19 01:00:09 +01:00
Thomas Tuegel 9dfd9fe0bf elpa2nix: fix packages with DOS line endings 2016-01-18 15:29:19 -06:00
Thomas Tuegel decb5802c9 elpaBuild: factor out package installation
Building packages requires package-build.el from Melpa, but installing
packages only requires package.el. Packages from ELPA are already built,
so there is no need to involve package-build.el.
2016-01-18 15:29:19 -06:00
Thomas Tuegel 1724a07e2e melpaBuild: keep original source file names without hash 2016-01-18 15:29:19 -06:00
Thomas Tuegel cd54d7af47 melpaBuild: don't download dependencies
Stop package.el from trying to download dependencies. It wouldn't work
anyway.
2016-01-18 15:29:17 -06:00
Thomas Tuegel 18251778c9 melpaBuild: don't guess archive file name
package-build can tell us exactly what the archive file name is, instead
of globbing for it.
2016-01-18 15:29:17 -06:00
Thomas Tuegel 4b2303b8c9 melpaBuild: get Emacs package name from recipe
When building a package from a Melpa recipe file, get the Emacs package
name from the recipe. Nix is more restrictive about packages names than
Emacs, so the Nix name for a package is sometimes different.
2016-01-18 15:29:16 -06:00
Vladimír Čunát 620c147cce Merge branch 'master' into staging 2016-01-18 09:48:49 +01:00
aszlig bfb11fd030
buildEnv: Skip content check on ignoreCollisions.
Checking file contents is redundant in this case, because we will go
ahead anyway, regardless of whether the content is the same.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-01-18 03:56:09 +01:00
aszlig 4529ed1259
buildEnv: Check the content of colliding paths.
Originally wanted to include ignoreCollisions in cups-progs, but I think
it's better if we use ignoreCollisions only if there are _real_
collisions between files with different contents.

Of course, we also check whether the file permissions match, so you get
a collision if contents are the same but the permissions are different.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-01-18 03:54:22 +01:00
Domen Kožar 36057827f6 requireFile: remove colon from the url for easier copy/paste 2016-01-16 21:58:40 +01:00
Nikolay Amiantov de9634bba3 Merge pull request #11998 from abbradar/initrd-root
make-initrd: store all files with root as owner
2016-01-16 22:45:49 +03:00
Eelco Dolstra 2fcee55e5f separateDebugInfo: Create symlinks matching original binaries
For instance, a binary like libfoo.so will cause a symlink
lib/debug/libfoo.so.debug -> .build-id/<build-ID>.debug to be
created. This is primarily useful for use with eu-addr2line, if you
know the name of a binary and the relative address, but not the build
ID.
2016-01-15 16:16:11 +01:00
Vladimír Čunát 2d0893088f Merge branch 'master' into staging 2016-01-15 13:43:57 +01:00
Vladimír Čunát 98218971c2 Merge #12299: make firefox-like browsers wrapped by default 2016-01-15 08:53:58 +01:00
Vladimír Čunát f50d80f627 makeDesktopItem: change name of the derivations
The name wasn't suggesting what kind of stuff is in there;
now it's the same as the name of the file that gets generated.
2016-01-15 08:37:02 +01:00
Domen Kožar 622eb5f699 requireFile: use correct absolute path syntax 2016-01-14 14:13:58 +01:00
lethalman 091c74b1c8 Merge pull request #12062 from mogorman/platformio
platformio: init at 2.7.0
2016-01-13 15:47:25 +01:00