diff options
| author | Vladimír Čunát <v@cunat.cz> | 2022-07-08 09:31:25 +0200 |
|---|---|---|
| committer | Vladimír Čunát <v@cunat.cz> | 2022-07-08 09:31:25 +0200 |
| commit | b39924fc7764c08ae3b51beef9a3518c414cdb7d (patch) | |
| tree | a58285393c76913d3f028e2f5838c0c58e7d7448 | |
| parent | 0be91cefefde5701f8fa957904618a13e3bb51d8 (diff) | |
| parent | add0201f354284b5447b1bcf6a065a9a50aebea8 (diff) | |
| download | nixpkgs-b39924fc7764c08ae3b51beef9a3518c414cdb7d.tar nixpkgs-b39924fc7764c08ae3b51beef9a3518c414cdb7d.tar.gz nixpkgs-b39924fc7764c08ae3b51beef9a3518c414cdb7d.tar.bz2 nixpkgs-b39924fc7764c08ae3b51beef9a3518c414cdb7d.tar.lz nixpkgs-b39924fc7764c08ae3b51beef9a3518c414cdb7d.tar.xz nixpkgs-b39924fc7764c08ae3b51beef9a3518c414cdb7d.tar.zst nixpkgs-b39924fc7764c08ae3b51beef9a3518c414cdb7d.zip | |
Merge #179844: staging-next 2022-07-01
77 files changed, 926 insertions, 540 deletions
diff --git a/doc/languages-frameworks/perl.section.md b/doc/languages-frameworks/perl.section.md index 9bfd209fec5..28a78cc2344 100644 --- a/doc/languages-frameworks/perl.section.md +++ b/doc/languages-frameworks/perl.section.md @@ -1,6 +1,6 @@ # Perl {#sec-language-perl} -## Running perl programs on the shell {#ssec-perl-running} +## Running Perl programs on the shell {#ssec-perl-running} When executing a Perl script, it is possible you get an error such as `./myscript.pl: bad interpreter: /usr/bin/perl: no such file or directory`. This happens when the script expects Perl to be installed at `/usr/bin/perl`, which is not the case when using Perl from nixpkgs. You can fix the script by changing the first line to: @@ -35,15 +35,16 @@ Perl packages from CPAN are defined in [pkgs/top-level/perl-packages.nix](https: ```nix ClassC3 = buildPerlPackage rec { - name = "Class-C3-0.21"; + pname = "Class-C3"; + version = "0.21"; src = fetchurl { - url = "mirror://cpan/authors/id/F/FL/FLORA/${name}.tar.gz"; + url = "mirror://cpan/authors/id/F/FL/FLORA/${pname}-${version}.tar.gz"; sha256 = "1bl8z095y4js66pwxnm7s853pi9czala4sqc743fdlnk27kq94gz"; }; }; ``` -Note the use of `mirror://cpan/`, and the `${name}` in the URL definition to ensure that the name attribute is consistent with the source that we’re actually downloading. Perl packages are made available in `all-packages.nix` through the variable `perlPackages`. For instance, if you have a package that needs `ClassC3`, you would typically write +Note the use of `mirror://cpan/`, and the `pname` and `version` in the URL definition to ensure that the `pname` attribute is consistent with the source that we’re actually downloading. Perl packages are made available in `all-packages.nix` through the variable `perlPackages`. For instance, if you have a package that needs `ClassC3`, you would typically write ```nix foo = import ../path/to/foo.nix { @@ -72,10 +73,11 @@ So what does `buildPerlPackage` do? It does the following: { buildPerlPackage, fetchurl, db }: buildPerlPackage rec { - name = "BerkeleyDB-0.36"; + pname = "BerkeleyDB"; + version = "0.36"; src = fetchurl { - url = "mirror://cpan/authors/id/P/PM/PMQS/${name}.tar.gz"; + url = "mirror://cpan/authors/id/P/PM/PMQS/${pname}-${version}.tar.gz"; sha256 = "07xf50riarb60l1h6m2dqmql8q5dij619712fsgw7ach04d8g3z1"; }; @@ -90,9 +92,10 @@ Dependencies on other Perl packages can be specified in the `buildInputs` and `p ```nix ClassC3Componentised = buildPerlPackage rec { - name = "Class-C3-Componentised-1.0004"; + pname = "Class-C3-Componentised"; + version = "1.0004"; src = fetchurl { - url = "mirror://cpan/authors/id/A/AS/ASH/${name}.tar.gz"; + url = "mirror://cpan/authors/id/A/AS/ASH/${pname}-${version}.tar.gz"; sha256 = "0xql73jkcdbq4q9m0b0rnca6nrlvf5hyzy8is0crdk65bynvs8q1"; }; propagatedBuildInputs = [ @@ -111,7 +114,7 @@ ImageExifTool = buildPerlPackage { version = "11.50"; src = fetchurl { - url = "https://www.sno.phy.queensu.ca/~phil/exiftool/Image-ExifTool-11.50.tar.gz"; + url = "https://www.sno.phy.queensu.ca/~phil/exiftool/${pname}-${version}.tar.gz"; sha256 = "0d8v48y94z8maxkmw1rv7v9m0jg2dc8xbp581njb6yhr7abwqdv3"; }; @@ -139,9 +142,10 @@ This program takes a Perl module name, looks it up on CPAN, fetches and unpacks ```ShellSession $ nix-generate-from-cpan XML::Simple XMLSimple = buildPerlPackage rec { - name = "XML-Simple-2.22"; + pname = "XML-Simple"; + version = "2.22"; src = fetchurl { - url = "mirror://cpan/authors/id/G/GR/GRANTM/${name}.tar.gz"; + url = "mirror://cpan/authors/id/G/GR/GRANTM/XML-Simple-2.22.tar.gz"; sha256 = "b9450ef22ea9644ae5d6ada086dc4300fa105be050a2030ebd4efd28c198eb49"; }; propagatedBuildInputs = [ XMLNamespaceSupport XMLSAX XMLSAXExpat ]; diff --git a/pkgs/applications/networking/cluster/kompose/default.nix b/pkgs/applications/networking/cluster/kompose/default.nix index 2b80dfc6815..a4081408871 100644 --- a/pkgs/applications/networking/cluster/kompose/default.nix +++ b/pkgs/applications/networking/cluster/kompose/default.nix @@ -1,4 +1,4 @@ -{ lib, buildGoModule, fetchFromGitHub, installShellFiles, testers, kompose }: +{ lib, buildGoModule, fetchFromGitHub, installShellFiles, testers, kompose, git }: buildGoModule rec { pname = "kompose"; @@ -13,7 +13,7 @@ buildGoModule rec { vendorSha256 = "sha256-OR5U2PnebO0a+lwU09Dveh0Yxk91cmSRorTxQIO5lHc="; - nativeBuildInputs = [ installShellFiles ]; + nativeBuildInputs = [ installShellFiles git ]; ldflags = [ "-s" "-w" ]; diff --git a/pkgs/applications/version-management/git-and-tools/gitbatch/default.nix b/pkgs/applications/version-management/git-and-tools/gitbatch/default.nix index 75fea7bf871..0eb20db1462 100644 --- a/pkgs/applications/version-management/git-and-tools/gitbatch/default.nix +++ b/pkgs/applications/version-management/git-and-tools/gitbatch/default.nix @@ -1,4 +1,4 @@ -{ lib, buildGoModule, fetchFromGitHub }: +{ lib, buildGoModule, fetchFromGitHub, git }: buildGoModule rec { pname = "gitbatch"; @@ -15,7 +15,15 @@ buildGoModule rec { ldflags = [ "-s" "-w" ]; - checkFlags = [ "-short" ]; + nativeBuildInputs = [ + git # required by unit tests + ]; + + preCheck = '' + HOME=$(mktemp -d) + # Disable tests requiring network access to gitlab.com + buildFlagsArray+=("-run" "[^(Test(Run|Start|(Fetch|Pull)With(Go|)Git))]") + ''; meta = with lib; { description = "Running git UI commands"; diff --git a/pkgs/data/misc/cacert/default.nix b/pkgs/data/misc/cacert/default.nix index ecd8a1c3dfd..0ed4f95f8cf 100644 --- a/pkgs/data/misc/cacert/default.nix +++ b/pkgs/data/misc/cacert/default.nix @@ -20,7 +20,7 @@ let blocklist = writeText "cacert-blocklist.txt" (lib.concatStringsSep "\n" blacklist); extraCertificatesBundle = writeText "cacert-extra-certificates-bundle.crt" (lib.concatStringsSep "\n\n" extraCertificateStrings); - srcVersion = "3.77"; + srcVersion = "3.80"; version = if nssOverride != null then nssOverride.version else srcVersion; meta = with lib; { homepage = "https://curl.haxx.se/docs/caextract.html"; @@ -35,7 +35,7 @@ let src = if nssOverride != null then nssOverride.src else fetchurl { url = "mirror://mozilla/security/nss/releases/NSS_${lib.replaceStrings ["."] ["_"] version}_RTM/src/nss-${version}.tar.gz"; - sha256 = "1pfy33b51914sivqyaxdwfd930hzb77gm07z4f57hnyk5xddypl2"; + sha256 = "sha256-wL8f0sfimmsCswliK6r8RD7skMiTS7FV2ku5iYh4S2o="; }; dontBuild = true; diff --git a/pkgs/development/compilers/gcc/10/default.nix b/pkgs/development/compilers/gcc/10/default.nix index 82269a395fe..1b9f542894e 100644 --- a/pkgs/development/compilers/gcc/10/default.nix +++ b/pkgs/development/compilers/gcc/10/default.nix @@ -53,11 +53,11 @@ with lib; with builtins; let majorVersion = "10"; - version = "${majorVersion}.3.0"; + version = "${majorVersion}.4.0"; inherit (stdenv) buildPlatform hostPlatform targetPlatform; - patches = [ ./gcc10-asan-glibc-2.34.patch ] + patches = [ ] ++ optional (targetPlatform != hostPlatform) ../libstdc++-target.patch ++ optional noSysDirs ../no-sys-dirs.patch ++ optional (noSysDirs && hostPlatform.isRiscV) ../no-sys-dirs-riscv.patch @@ -73,8 +73,6 @@ let majorVersion = "10"; # Obtain latest patch with ../update-mcfgthread-patches.sh ++ optional (!crossStageStatic && targetPlatform.isMinGW) ./Added-mcf-thread-model-support-from-mcfgthread.patch - ++ [ ../libsanitizer-no-cyclades.patch ] - ++ optional (buildPlatform.system == "aarch64-darwin" && targetPlatform != buildPlatform) (fetchpatch { url = "https://raw.githubusercontent.com/richard-vd/musl-cross-make/5e9e87f06fc3220e102c29d3413fbbffa456fcd6/patches/gcc-${version}/0008-darwin-aarch64-self-host-driver.patch"; sha256 = "sha256-XtykrPd5h/tsnjY1wGjzSOJ+AyyNLsfnjuOZ5Ryq9vA="; @@ -95,7 +93,7 @@ stdenv.mkDerivation ({ src = fetchurl { url = "mirror://gcc/releases/gcc-${version}/gcc-${version}.tar.xz"; - sha256 = "0i6378ig6h397zkhd7m4ccwjx5alvzrf2hm27p1pzwjhlv0h9x34"; + sha256 = "1wg4xdizkksmwi66mvv2v4pk3ja8x64m7v9gzhykzd3wrmdpsaf9"; }; inherit patches; diff --git a/pkgs/development/compilers/gcc/10/gcc10-asan-glibc-2.34.patch b/pkgs/development/compilers/gcc/10/gcc10-asan-glibc-2.34.patch deleted file mode 100644 index d6d4f41ffdf..00000000000 --- a/pkgs/development/compilers/gcc/10/gcc10-asan-glibc-2.34.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 950bac27d63c1c2ac3a6ed867692d6a13f21feb3 Mon Sep 17 00:00:00 2001 -From: Jakub Jelinek <jakub@redhat.com> -Date: Sat, 17 Apr 2021 11:27:14 +0200 -Subject: [PATCH] sanitizer: Fix asan against glibc 2.34 [PR100114] - -As mentioned in the PR, SIGSTKSZ is no longer a compile time constant in -glibc 2.34 and later, so -static const uptr kAltStackSize = SIGSTKSZ * 4; -needs dynamic initialization, but is used by a function called indirectly -from .preinit_array and therefore before the variable is constructed. -This results in using 0 size instead and all asan instrumented programs -die with: -==91==ERROR: AddressSanitizer failed to allocate 0x0 (0) bytes of SetAlternateSignalStack (error code: 22) - -Here is a cherry-pick from upstream to fix this. - -2021-04-17 Jakub Jelinek <jakub@redhat.com> - - PR sanitizer/100114 - * sanitizer_common/sanitizer_posix_libcdep.cpp: Cherry-pick - llvm-project revisions 82150606fb11d28813ae6da1101f5bda638165fe - and b93629dd335ffee2fc4b9b619bf86c3f9e6b0023. - -(cherry picked from commit d9f462fb372fb02da032cefd6b091d7582c425ae) ---- - .../sanitizer_common/sanitizer_posix_libcdep.cpp | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -diff --git a/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp b/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp -index 304b3a01a08..ac88fbe074e 100644 ---- a/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp -+++ b/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp -@@ -169,7 +169,11 @@ bool SupportsColoredOutput(fd_t fd) { - - #if !SANITIZER_GO - // TODO(glider): different tools may require different altstack size. --static const uptr kAltStackSize = SIGSTKSZ * 4; // SIGSTKSZ is not enough. -+static uptr GetAltStackSize() { -+ // SIGSTKSZ is not enough. -+ static const uptr kAltStackSize = SIGSTKSZ * 4; -+ return kAltStackSize; -+} - - void SetAlternateSignalStack() { - stack_t altstack, oldstack; -@@ -180,10 +184,9 @@ void SetAlternateSignalStack() { - // TODO(glider): the mapped stack should have the MAP_STACK flag in the - // future. It is not required by man 2 sigaltstack now (they're using - // malloc()). -- void* base = MmapOrDie(kAltStackSize, __func__); -- altstack.ss_sp = (char*) base; -+ altstack.ss_size = GetAltStackSize(); -+ altstack.ss_sp = (char *)MmapOrDie(altstack.ss_size, __func__); - altstack.ss_flags = 0; -- altstack.ss_size = kAltStackSize; - CHECK_EQ(0, sigaltstack(&altstack, nullptr)); - } - -@@ -191,7 +194,7 @@ void UnsetAlternateSignalStack() { - stack_t altstack, oldstack; - altstack.ss_sp = nullptr; - altstack.ss_flags = SS_DISABLE; -- altstack.ss_size = kAltStackSize; // Some sane value required on Darwin. -+ altstack.ss_size = GetAltStackSize(); // Some sane value required on Darwin. - CHECK_EQ(0, sigaltstack(&altstack, &oldstack)); - UnmapOrDie(oldstack.ss_sp, oldstack.ss_size); - } --- -2.27.0 - diff --git a/pkgs/development/compilers/ghc/8.6.5-binary.nix b/pkgs/development/compilers/ghc/8.6.5-binary.nix index 22bfae79c0c..d7d2578cdc4 100644 --- a/pkgs/development/compilers/ghc/8.6.5-binary.nix +++ b/pkgs/development/compilers/ghc/8.6.5-binary.nix @@ -12,7 +12,8 @@ assert stdenv.targetPlatform == stdenv.hostPlatform; let useLLVM = !stdenv.targetPlatform.isx86; - useNcurses6 = stdenv.hostPlatform.system == "x86_64-linux"; + useNcurses6 = stdenv.hostPlatform.system == "x86_64-linux" + || (with stdenv.hostPlatform; isPower64 && isLittleEndian); ourNcurses = if useNcurses6 then ncurses6 else ncurses5; @@ -73,6 +74,10 @@ stdenv.mkDerivation rec { url = "${downloadsUrl}/${version}/ghc-${version}-x86_64-apple-darwin.tar.xz"; sha256 = "0s9188vhhgf23q3rjarwhbr524z6h2qga5xaaa2pma03sfqvvhfz"; }; + powerpc64le-linux = { + url = "https://downloads.haskell.org/~ghc/${version}/ghc-${version}-powerpc64le-fedora29-linux.tar.xz"; + sha256 = "sha256-tWSsJdPVrCiqDyIKzpBt5DaXb3b6j951tCya584kWs4="; + }; }.${stdenv.hostPlatform.system} or (throw "cannot bootstrap GHC on this platform")); @@ -211,7 +216,7 @@ stdenv.mkDerivation rec { meta = rec { license = lib.licenses.bsd3; - platforms = ["x86_64-linux" "i686-linux" "x86_64-darwin"]; + platforms = ["x86_64-linux" "i686-linux" "x86_64-darwin" "powerpc64le-linux" ]; # build segfaults, use ghc8102Binary which has proper musl support instead broken = stdenv.hostPlatform.isMusl; maintainers = with lib.maintainers; [ diff --git a/pkgs/development/go-modules/generic/default.nix b/pkgs/development/go-modules/generic/default.nix index b0c587ea471..7e9a76dbde6 100644 --- a/pkgs/development/go-modules/generic/default.nix +++ b/pkgs/development/go-modules/generic/default.nix @@ -178,12 +178,22 @@ let exclude+='\)' buildGoDir() { - local d; local cmd; - cmd="$1" - d="$2" + local cmd="$1" dir="$2" + . $TMPDIR/buildFlagsArray + + declare -a flags + flags+=($buildFlags "''${buildFlagsArray[@]}") + flags+=(''${tags:+-tags=${lib.concatStringsSep "," tags}}) + flags+=(''${ldflags:+-ldflags="$ldflags"}) + flags+=("-v" "-p" "$NIX_BUILD_CORES") + + if [ "$cmd" = "test" ]; then + flags+=($checkFlags) + fi + local OUT - if ! OUT="$(go $cmd $buildFlags "''${buildFlagsArray[@]}" ''${tags:+-tags=${lib.concatStringsSep "," tags}} ''${ldflags:+-ldflags="$ldflags"} -v -p $NIX_BUILD_CORES $d 2>&1)"; then + if ! OUT="$(go $cmd "''${flags[@]}" $dir 2>&1)"; then if ! echo "$OUT" | grep -qE '(no( buildable| non-test)?|build constraints exclude all) Go (source )?files'; then echo "$OUT" >&2 return 1 @@ -241,7 +251,7 @@ let runHook preCheck for pkg in $(getGoDirs test); do - buildGoDir test $checkFlags "$pkg" + buildGoDir test "$pkg" done runHook postCheck diff --git a/pkgs/development/go-packages/generic/default.nix b/pkgs/development/go-packages/generic/default.nix index 0559f7f07a7..643c1955d2b 100644 --- a/pkgs/development/go-packages/generic/default.nix +++ b/pkgs/development/go-packages/generic/default.nix @@ -160,12 +160,22 @@ let exclude+='\)' buildGoDir() { - local d; local cmd; - cmd="$1" - d="$2" + local cmd="$1" dir="$2" + . $TMPDIR/buildFlagsArray + + declare -a flags + flags+=($buildFlags "''${buildFlagsArray[@]}") + flags+=(''${tags:+-tags=${lib.concatStringsSep "," tags}}) + flags+=(''${ldflags:+-ldflags="$ldflags"}) + flags+=("-v" "-p" "$NIX_BUILD_CORES") + + if [ "$cmd" = "test" ]; then + flags+=($checkFlags) + fi + local OUT - if ! OUT="$(go $cmd $buildFlags "''${buildFlagsArray[@]}" ''${tags:+-tags=${lib.concatStringsSep "," tags}} ''${ldflags:+-ldflags="$ldflags"} -v -p $NIX_BUILD_CORES $d 2>&1)"; then + if ! OUT="$(go $cmd "''${flags[@]}" $dir 2>&1)"; then if ! echo "$OUT" | grep -qE '(no( buildable| non-test)?|build constraints exclude all) Go (source )?files'; then echo "$OUT" >&2 return 1 @@ -225,7 +235,7 @@ let runHook preCheck for pkg in $(getGoDirs test); do - buildGoDir test $checkFlags "$pkg" + buildGoDir test "$pkg" done runHook postCheck diff --git a/pkgs/development/libraries/audio/libopenmpt/default.nix b/pkgs/development/libraries/audio/libopenmpt/default.nix index 2cca0078aff..bd383ffe39c 100644 --- a/pkgs/development/libraries/audio/libopenmpt/default.nix +++ b/pkgs/development/libraries/audio/libopenmpt/default.nix @@ -16,13 +16,13 @@ stdenv.mkDerivation rec { pname = "libopenmpt"; - version = "0.6.3"; + version = "0.6.4"; outputs = [ "out" "dev" "bin" ]; src = fetchurl { url = "https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-${version}+release.autotools.tar.gz"; - sha256 = "pBCv63zVlwsWuabOfazPSVsaXpEhqdZELeDAKP1Uols="; + sha256 = "4J+4RcMpJwCnrBPDsx1mns072+vL/hMo66I3bOvkAWI="; }; enableParallelBuilding = true; diff --git a/pkgs/development/libraries/glib/default.nix b/pkgs/development/libraries/glib/default.nix index 29a1f642089..8fb12fc0203 100644 --- a/pkgs/development/libraries/glib/default.nix +++ b/pkgs/development/libraries/glib/default.nix @@ -45,11 +45,11 @@ in stdenv.mkDerivation rec { pname = "glib"; - version = "2.72.2"; + version = "2.72.3"; src = fetchurl { url = "mirror://gnome/sources/glib/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "eNWZoTPbp/4gNt+o24+2Exq5ZCeD/JV4sHogmVJS0t4="; + sha256 = "Sjmi9iS4US1QDVhAFz7af6hfUcEJBS6ugGrOzoXTRfA="; }; patches = optionals stdenv.isDarwin [ diff --git a/pkgs/development/libraries/gnu-efi/default.nix b/pkgs/development/libraries/gnu-efi/default.nix index f331a8f753b..a49e0fad215 100644 --- a/pkgs/development/libraries/gnu-efi/default.nix +++ b/pkgs/development/libraries/gnu-efi/default.nix @@ -12,6 +12,16 @@ stdenv.mkDerivation rec { sha256 = "tztkOg1Wl9HzltdDFEjoht2AVmh4lXjj4aKCd8lShDU="; }; + patches = [ + # Pull fix pending upstream inclusion for parallel builds + # https://sourceforge.net/p/gnu-efi/patches/84/ + (fetchurl { + name = "parallel-build.patch"; + url = "https://sourceforge.net/p/gnu-efi/patches/84/attachment/0001-lib-Makefile-add-.o-file-dependency-on-libsubdirs-ta.patch"; + sha256 = "sha256-+2UwV2lopdB/tazib1BLzO1E3GgB1L8dZsSQKWVoLwA="; + }) + ]; + buildInputs = [ pciutils ]; hardeningDisable = [ "stackprotector" ]; diff --git a/pkgs/development/libraries/gpgme/default.nix b/pkgs/development/libraries/gpgme/default.nix index 1e6d9260b57..079caf85da9 100644 --- a/pkgs/development/libraries/gpgme/default.nix +++ b/pkgs/development/libraries/gpgme/default.nix @@ -47,6 +47,9 @@ stdenv.mkDerivation rec { ./python-310-detection-without-distutils.patch # Find correct version string for Python >= 3.10, https://dev.gnupg.org/D546 ./python-find-version-string-above-310.patch + # Fix a test after disallowing compressed signatures in gpg (PR #180336) + ./test_t-verify_double-plaintext.patch + # Disable python tests on Darwin as they use gpg (see configureFlags below) ] ++ lib.optional stdenv.isDarwin ./disable-python-tests.patch # Fix _AC_UNDECLARED_WARNING for autoconf>=2.70 diff --git a/pkgs/development/libraries/gpgme/test_t-verify_double-plaintext.patch b/pkgs/development/libraries/gpgme/test_t-verify_double-plaintext.patch new file mode 100644 index 00000000000..8f866af0da9 --- /dev/null +++ b/pkgs/development/libraries/gpgme/test_t-verify_double-plaintext.patch @@ -0,0 +1,31 @@ +--- a/tests/gpg/t-verify.c ++++ b/tests/gpg/t-verify.c +@@ -304,7 +304,7 @@ + err = gpgme_data_new (&text); + fail_if_err (err); + err = gpgme_op_verify (ctx, sig, NULL, text); +- if (gpgme_err_code (err) != GPG_ERR_BAD_DATA) ++ if (gpgme_err_code (err) == GPG_ERR_NO_ERROR) + { + fprintf (stderr, "%s:%i: Double plaintext message not detected\n", + PGM, __LINE__); +--- a/lang/python/tests/t-verify.py ++++ b/lang/python/tests/t-verify.py +@@ -142,7 +142,7 @@ + c.op_verify(sig, None, text) + except Exception as e: + assert type(e) == gpg.errors.GPGMEError +- assert e.getcode() == gpg.errors.BAD_DATA ++ assert e.getcode() != gpg.errors.NO_ERROR + else: + assert False, "Expected an error but got none." + +@@ -178,7 +178,7 @@ + try: + c.verify(double_plaintext_sig) + except gpg.errors.GPGMEError as e: +- assert e.getcode() == gpg.errors.BAD_DATA ++ assert e.getcode() != gpg.errors.NO_ERROR + else: + assert False, "Expected an error but got none." + diff --git a/pkgs/development/libraries/libaom/default.nix b/pkgs/development/libraries/libaom/default.nix index f6921091bea..575c2613e5b 100644 --- a/pkgs/development/libraries/libaom/default.nix +++ b/pkgs/development/libraries/libaom/default.nix @@ -1,15 +1,15 @@ { lib, stdenv, fetchzip, yasm, perl, cmake, pkg-config, python3 -, enableButteraugli ? false, libjxl # Broken +, enableButteraugli ? true, libjxl , enableVmaf ? true, libvmaf }: stdenv.mkDerivation rec { pname = "libaom"; - version = "3.3.0"; + version = "3.4.0"; src = fetchzip { url = "https://aomedia.googlesource.com/aom/+archive/v${version}.tar.gz"; - sha256 = "sha256-g6QkKLrk+SH1s5fRmseAQMmM6y4QwmKmVDPxdbqGmwg="; + sha256 = "sha256-NgzpVxQmsgOPzKkGpJIJrLiNQcruhpEoCi/CYJx5b3A="; stripRoot = false; }; diff --git a/pkgs/development/libraries/libjxl/default.nix b/pkgs/development/libraries/libjxl/default.nix index 2017fc66d70..352c810e81a 100644 --- a/pkgs/development/libraries/libjxl/default.nix +++ b/pkgs/development/libraries/libjxl/default.nix @@ -48,6 +48,17 @@ stdenv.mkDerivation rec { url = "https://github.com/libjxl/libjxl/commit/204f87a5e4d684544b13900109abf040dc0b402b.patch"; sha256 = "sha256-DoAaYWLmQ+R9GZbHMTYGe0gBL9ZesgtB+2WhmbARna8="; }) + + # fix build with asciidoc wrapped in shell script + (fetchpatch { + url = "https://github.com/libjxl/libjxl/commit/b8ec58c58c6281987f42ebec892f513824c0cc0e.patch"; + hash = "sha256-g8U+YVhLfgSHJ+PWJgvVOI66+FElJSC8IgSRodNnsMw="; + }) + (fetchpatch { + url = "https://github.com/libjxl/libjxl/commit/ca8e276aacf63a752346a6a44ba673b0af993237.patch"; + excludes = [ "AUTHORS" ]; + hash = "sha256-9VXy1LdJ0JhYbCGPNMySpnGLBxUrr8BYzE+oU3LnUGw="; + }) ]; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/libsoup/3.x.nix b/pkgs/development/libraries/libsoup/3.x.nix index c4ab1094cce..2b1c6e68795 100644 --- a/pkgs/development/libraries/libsoup/3.x.nix +++ b/pkgs/development/libraries/libsoup/3.x.nix @@ -21,13 +21,13 @@ stdenv.mkDerivation rec { pname = "libsoup"; - version = "3.0.6"; + version = "3.0.7"; outputs = [ "out" "dev" ]; src = fetchurl { url = "mirror://gnome/sources/${pname}/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "sha256-tF1Z+EC5rPm7Rf1FhU4+9nL1fjq5V0AcOtjXUCrCPaY="; + sha256 = "sha256-69+QzzWZwRrLtoGKnZ4/ydLGjlbrgpuTlilyaD4b98g="; }; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/liburing/default.nix b/pkgs/development/libraries/liburing/default.nix index 678fd0b3f73..c95ea31b3bf 100644 --- a/pkgs/development/libraries/liburing/default.nix +++ b/pkgs/development/libraries/liburing/default.nix @@ -4,12 +4,12 @@ stdenv.mkDerivation rec { pname = "liburing"; - version = "2.1"; # remove patch when updating + version = "2.2"; src = fetchgit { url = "http://git.kernel.dk/${pname}"; rev = "liburing-${version}"; - sha256 = "sha256-7wSpKqjIdQeOdsQu4xN3kFHV49n6qQ3xVbjUcY1tmas="; + sha256 = "sha256-M/jfxZ+5DmFvlAt8sbXrjBTPf2gLd9UyTNymtjD+55g"; }; separateDebugInfo = true; @@ -43,15 +43,6 @@ stdenv.mkDerivation rec { cp ./examples/ucontext-cp $bin/bin/io_uring-ucontext-cp ''; - # fix for compilation on 32-bit ARM, merged by upstream but not released; remove when - # upstream releases an update - patches = lib.optional stdenv.isAarch32 [ - (fetchpatch { - url = "https://github.com/axboe/liburing/commit/e75a6cfa085fc9b5dbf5140fc1efb5a07b6b829e.diff"; - sha256 = "sha256-qQEQXYm5mkws2klLxwuuoPSPRkpP1s6tuylAAEp7+9E="; - }) - ]; - meta = with lib; { description = "Userspace library for the Linux io_uring API"; homepage = "https://git.kernel.dk/cgit/liburing/"; diff --git a/pkgs/development/libraries/pcre2/default.nix b/pkgs/development/libraries/pcre2/default.nix index 221272a45bc..ea0ca3e4030 100644 --- a/pkgs/development/libraries/pcre2/default.nix +++ b/pkgs/development/libraries/pcre2/default.nix @@ -6,16 +6,20 @@ stdenv.mkDerivation rec { pname = "pcre2"; version = "10.40"; + src = fetchurl { url = "https://github.com/PhilipHazel/pcre2/releases/download/pcre2-${version}/pcre2-${version}.tar.bz2"; hash = "sha256-FOS4PEeDkz3BfpZDGOYyT3yuG8ddjzx5vGlp8AwVnWg="; }; - # Disable jit on Apple Silicon, https://github.com/zherczeg/sljit/issues/51 configureFlags = [ "--enable-pcre2-16" "--enable-pcre2-32" - ] ++ lib.optional (!(stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64)) "--enable-jit=auto"; + # only enable jit on supported platforms which excludes Apple Silicon, see https://github.com/zherczeg/sljit/issues/51 + "--enable-jit=auto" + # fix pcre jit in systemd units that set MemoryDenyWriteExecute=true like gitea + "--enable-jit-sealloc" + ]; outputs = [ "bin" "dev" "out" "doc" "man" "devdoc" ]; @@ -24,7 +28,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - homepage = "http://www.pcre.org/"; + homepage = "https://www.pcre.org/"; description = "Perl Compatible Regular Expressions"; license = licenses.bsd3; maintainers = with maintainers; [ ttuegel ]; diff --git a/pkgs/development/libraries/proj/7.nix b/pkgs/development/libraries/proj/7.nix index 3eb4789939f..25cd5179f7c 100644 --- a/pkgs/development/libraries/proj/7.nix +++ b/pkgs/development/libraries/proj/7.nix @@ -27,6 +27,7 @@ stdenv.mkDerivation rec { url = "https://github.com/OSGeo/PROJ/commit/6f1a3c4648bf06862dca0b3725cbb3b7ee0284e3.diff"; sha256 = "0gapny0a9c3r0x9szjgn86sspjrrf4vwbija77b17w6ci5cq4pdf"; }) + ./tests-sqlite-3.39.patch ]; postPatch = lib.optionalString (version == "7.2.1") '' diff --git a/pkgs/development/libraries/proj/tests-sqlite-3.39.patch b/pkgs/development/libraries/proj/tests-sqlite-3.39.patch new file mode 100644 index 00000000000..0654ff5eadb --- /dev/null +++ b/pkgs/development/libraries/proj/tests-sqlite-3.39.patch @@ -0,0 +1,13 @@ +Drop tests that time out with newest sqlite. +https://github.com/OSGeo/PROJ/issues/3254 + +--- a/test/cli/CMakeLists.txt ++++ b/test/cli/CMakeLists.txt +@@ -16 +15,0 @@ +-proj_add_test_script_sh("testprojinfo" PROJINFO_BIN) +--- a/test/unit/CMakeLists.txt ++++ b/test/unit/CMakeLists.txt +@@ -144,3 +143,0 @@ +-add_test(NAME proj_test_cpp_api COMMAND proj_test_cpp_api) +-set_property(TEST proj_test_cpp_api +- PROPERTY ENVIRONMENT ${PROJ_TEST_ENVIRONMENT}) diff --git a/pkgs/development/libraries/re2/default.nix b/pkgs/development/libraries/re2/default.nix index 6ad8e06b145..38a5194b1b3 100644 --- a/pkgs/development/libraries/re2/default.nix +++ b/pkgs/development/libraries/re2/default.nix @@ -15,13 +15,13 @@ stdenv.mkDerivation rec { pname = "re2"; - version = "2022-04-01"; + version = "2022-06-01"; src = fetchFromGitHub { owner = "google"; repo = "re2"; rev = version; - sha256 = "sha256-ywmXIAyVWYMKBOsAndcq7dFYpn9ZgNz5YWTPjylXxsk="; + sha256 = "sha256-UontAjOXpnPcOgoFHjf+1WSbCR7h58/U7nn4meT200Y="; }; preConfigure = '' @@ -33,11 +33,6 @@ stdenv.mkDerivation rec { buildFlags = lib.optionals stdenv.hostPlatform.isStatic [ "static" ]; enableParallelBuilding = true; - # Broken when shared/static are tested in parallel: - # cp: cannot create regular file 'obj/testinstall.cc': File exists - # make: *** [Makefile:334: static-testinstall] Error 1 - # Will be fixed by https://code-review.googlesource.com/c/re2/+/59830 - enableParallelChecking = false; preCheck = "patchShebangs runtests"; doCheck = true; diff --git a/pkgs/development/libraries/sqlite/default.nix b/pkgs/development/libraries/sqlite/default.nix index 7677406874a..b0333a09407 100644 --- a/pkgs/development/libraries/sqlite/default.nix +++ b/pkgs/development/libraries/sqlite/default.nix @@ -12,13 +12,13 @@ in stdenv.mkDerivation rec { pname = "sqlite${optionalString interactive "-interactive"}"; - version = "3.38.5"; + version = "3.39.0"; # nixpkgs-update: no auto update # NB! Make sure to update ./tools.nix src (in the same directory). src = fetchurl { url = "https://sqlite.org/2022/sqlite-autoconf-${archiveVersion version}.tar.gz"; - sha256 = "sha256-WvB96YK6ZY/ZGgMXDJRfmclx9pVbx53zJmVENz45hpw="; + sha256 = "sha256-6QvK723VgT/N7k6Gf2tl88m/0K7A8QF/nzu84eTtCeI="; }; outputs = [ "bin" "dev" "out" ]; diff --git a/pkgs/development/libraries/sqlite/tools.nix b/pkgs/development/libraries/sqlite/tools.nix index b804fcbfd65..e3aaf449953 100644 --- a/pkgs/development/libraries/sqlite/tools.nix +++ b/pkgs/development/libraries/sqlite/tools.nix @@ -4,12 +4,12 @@ let archiveVersion = import ./archive-version.nix lib; mkTool = { pname, makeTarget, description, homepage, mainProgram }: stdenv.mkDerivation rec { inherit pname; - version = "3.38.5"; + version = "3.39.0"; # nixpkgs-update: no auto update src = assert version == sqlite.version; fetchurl { url = "https://sqlite.org/2022/sqlite-src-${archiveVersion version}.zip"; - sha256 = "sha256-ZQO7WeOeyGYwg2lpQOyBjNVVUZbmylQ9QClEDMp7ANk="; + sha256 = "sha256-s1hfN90Qbbs9RsjBei0nX5pLh9+MRQm9LWpbQAMkJuY="; }; nativeBuildInputs = [ unzip ]; diff --git a/pkgs/development/libraries/tracker/default.nix b/pkgs/development/libraries/tracker/default.nix index 8489655dcb6..835f38ff509 100644 --- a/pkgs/development/libraries/tracker/default.nix +++ b/pkgs/development/libraries/tracker/default.nix @@ -38,6 +38,14 @@ stdenv.mkDerivation rec { sha256 = "Wtb1vJd4Hr9V7NaUfNSuf/QZJRZYDRC9g4Dx3UcZbtI="; }; + patches = [ + ./fix-test-order.patch + ]; + + postPatch = '' + patchShebangs utils/data-generators/cc/generate + ''; + nativeBuildInputs = [ meson ninja @@ -78,10 +86,6 @@ stdenv.mkDerivation rec { doCheck = true; - postPatch = '' - patchShebangs utils/data-generators/cc/generate - ''; - preCheck = '' # (tracker-store:6194): Tracker-CRITICAL **: 09:34:07.722: Cannot initialize database: Could not open sqlite3 database:'/homeless-shelter/.cache/tracker/meta.db': unable to open database file export HOME=$(mktemp -d) diff --git a/pkgs/development/libraries/tracker/fix-test-order.patch b/pkgs/development/libraries/tracker/fix-test-order.patch new file mode 100644 index 00000000000..baa15b18abd --- /dev/null +++ b/pkgs/development/libraries/tracker/fix-test-order.patch @@ -0,0 +1,9 @@ +diff --git a/tests/libtracker-data/algebra/filter-scope-1.rq b/tests/libtracker-data/algebra/filter-scope-1.rq +index 7ee5a24ad..a8cd89ca9 100644 +--- a/tests/libtracker-data/algebra/filter-scope-1.rq ++++ b/tests/libtracker-data/algebra/filter-scope-1.rq +@@ -7,3 +7,4 @@ SELECT ?v ?w ?v2 + OPTIONAL { :x :p ?v2 FILTER(?v = 1) } + } + } ++ORDER BY ?v ?w ?v2 diff --git a/pkgs/development/perl-modules/generic/default.nix b/pkgs/development/perl-modules/generic/default.nix index aa8d66f037a..2d1c550d316 100644 --- a/pkgs/development/perl-modules/generic/default.nix +++ b/pkgs/development/perl-modules/generic/default.nix @@ -27,27 +27,16 @@ , ... }@attrs: -assert attrs?pname -> attrs?version; -assert attrs?pname -> !(attrs?name); - -lib.warnIf (attrs ? name) "builtPerlPackage: `name' (\"${attrs.name}\") is deprecated, use `pname' and `version' instead" +lib.throwIf (attrs ? name) "buildPerlPackage: `name` (\"${attrs.name}\") is deprecated, use `pname` and `version` instead" (let defaultMeta = { - homepage = "https://metacpan.org/release/${lib.getName attrs}"; # TODO: phase-out `attrs.name` - mainProgram = attrs.pname or (builtins.parseDrvName attrs.name).name; - platforms = perl.meta.platforms; + homepage = "https://metacpan.org/dist/${attrs.pname}"; + inherit (perl.meta) platforms; }; - cleanedAttrs = builtins.removeAttrs attrs [ - "meta" "builder" "version" "pname" "fullperl" - "buildInputs" "nativeBuildInputs" "buildInputs" - "PERL_AUTOINSTALL" "AUTOMATED_TESTING" "PERL_USE_UNSAFE_INC" - ]; - - package = stdenv.mkDerivation ({ - pname = "perl${perl.version}-${lib.getName attrs}"; # TODO: phase-out `attrs.name` - version = lib.getVersion attrs; # TODO: phase-out `attrs.name` + package = stdenv.mkDerivation (attrs // { + name = "perl${perl.version}-${attrs.pname}-${attrs.version}"; builder = ./builder.sh; @@ -60,6 +49,6 @@ lib.warnIf (attrs ? name) "builtPerlPackage: `name' (\"${attrs.name}\") is depre inherit PERL_AUTOINSTALL AUTOMATED_TESTING PERL_USE_UNSAFE_INC; meta = defaultMeta // (attrs.meta or { }); - } // cleanedAttrs); + }); in toPerlModule package) diff --git a/pkgs/development/python-modules/Cython/default.nix b/pkgs/development/python-modules/Cython/default.nix index 5ceabe766b8..15ddfbe9f7a 100644 --- a/pkgs/development/python-modules/Cython/default.nix +++ b/pkgs/development/python-modules/Cython/default.nix @@ -4,7 +4,6 @@ , fetchPypi , fetchpatch , python -, glibcLocales , pkg-config , gdb , numpy @@ -24,12 +23,13 @@ let ; in buildPythonPackage rec { - pname = "Cython"; - version = "0.29.28"; + pname = "cython"; + version = "0.29.30"; src = fetchPypi { - inherit pname version; - sha256 = "sha256-1vrCNCgCww5RQmgo/ghP9N6xszhzZ8+Yl2uy5ktvjkU="; + pname = "Cython"; + inherit version; + sha256 = "sha256-IjW2Laj+b6i5lCLI5YPy+5XhQ4Z9M3tcdeS5oahl+eM="; }; nativeBuildInputs = [ @@ -40,7 +40,6 @@ in buildPythonPackage rec { gdb numpy ncurses ]; - buildInputs = [ glibcLocales ]; LC_ALL = "en_US.UTF-8"; patches = [ diff --git a/pkgs/development/python-modules/babel/default.nix b/pkgs/development/python-modules/babel/default.nix index 14633062f36..5273069d019 100644 --- a/pkgs/development/python-modules/babel/default.nix +++ b/pkgs/development/python-modules/babel/default.nix @@ -2,12 +2,12 @@ buildPythonPackage rec { pname = "babel"; - version = "2.10.1"; + version = "2.10.3"; src = fetchPypi { pname = "Babel"; inherit version; - sha256 = "sha256-mK6soIYTPvs+HiqtA5aYdJDIQlkp3bz+BVAYT9xUzRM="; + sha256 = "sha256-dhRVNxHul0kPcyEm3Ad/jQrghOvGqW4j2xSCr6vbLFE="; }; propagatedBuildInputs = [ pytz ]; diff --git a/pkgs/development/python-modules/certifi/default.nix b/pkgs/development/python-modules/certifi/default.nix index bef7c64ea13..674fc1183d8 100644 --- a/pkgs/development/python-modules/certifi/default.nix +++ b/pkgs/development/python-modules/certifi/default.nix @@ -7,7 +7,7 @@ buildPythonPackage rec { pname = "certifi"; - version = "2022.05.18.1"; + version = "2022.06.15"; disabled = pythonOlder "3.5"; @@ -15,7 +15,7 @@ buildPythonPackage rec { owner = pname; repo = "python-certifi"; rev = version; - sha256 = "sha256-uDNVzKcT45mz0zXBwPkttKV21fEcgbRamE3+QutNLjA="; + sha256 = "sha256-CKO8wF5FMGLIZbTd7YrKE9OWV9MbfQ2+BMc5IPk1FFU="; }; checkInputs = [ diff --git a/pkgs/development/python-modules/google-auth/default.nix b/pkgs/development/python-modules/google-auth/default.nix index 3882f3571e4..d228e40e1a0 100644 --- a/pkgs/development/python-modules/google-auth/default.nix +++ b/pkgs/development/python-modules/google-auth/default.nix @@ -4,6 +4,7 @@ , fetchPypi , pytestCheckHook , cachetools +, cryptography , flask , freezegun , mock @@ -32,6 +33,7 @@ buildPythonPackage rec { ]; checkInputs = [ + cryptography flask freezegun mock @@ -46,21 +48,11 @@ buildPythonPackage rec { "google.oauth2" ]; - disabledTests = lib.optionals stdenv.isDarwin [ - "test_request_with_timeout_success" - "test_request_with_timeout_failure" - "test_request_headers" - "test_request_error" - "test_request_basic" - ] ++ lib.optionals (stdenv.isDarwin && stdenv.isAarch64) [ - # E MemoryError: Cannot allocate write+execute memory for ffi.callback(). - # You might be running on a system that prevents this. - # For more information, see https://cffi.readthedocs.io/en/latest/using.html#callbacks - "test_configure_mtls_channel_with_callback" - "test_configure_mtls_channel_with_metadata" - "TestDecryptPrivateKey" - "TestMakeMutualTlsHttp" - "TestMutualTlsAdapter" + disabledTestPaths = [ + # Disable tests related to pyopenssl + "tests/transport/test__mtls_helper.py" + "tests/transport/test_requests.py" + "tests/transport/test_urllib3.py" ]; meta = with lib; { diff --git a/pkgs/development/python-modules/jsonschema/default.nix b/pkgs/development/python-modules/jsonschema/default.nix index e90ea39132f..176334a0ed7 100644 --- a/pkgs/development/python-modules/jsonschema/default.nix +++ b/pkgs/development/python-modules/jsonschema/default.nix @@ -14,14 +14,14 @@ buildPythonPackage rec { pname = "jsonschema"; - version = "4.6.0"; + version = "4.6.1"; format = "pyproject"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - sha256 = "sha256-nWOXukpsC/AwBzYFf2SePhLsvAfT6BoNrLct5OmAGVc="; + sha256 = "sha256-7CgC5qN1F/CdR9m6EHlHWJrh0l/1V7kl2DoyH8KqXTs="; }; postPatch = '' diff --git a/pkgs/development/python-modules/pycares/default.nix b/pkgs/development/python-modules/pycares/default.nix index 868dbeca6c6..c8e8fdb7b3d 100644 --- a/pkgs/development/python-modules/pycares/default.nix +++ b/pkgs/development/python-modules/pycares/default.nix @@ -8,11 +8,11 @@ buildPythonPackage rec { pname = "pycares"; - version = "4.1.2"; + version = "4.2.1"; src = fetchPypi { inherit pname version; - sha256 = "sha256-A0kL4Oe1GgyAc/h3vsNH7/MQA/ZPV9lRjUGdk2lFKDc="; + sha256 = "sha256-c1tPdf0PWVxOkYTaGM2Hc39GvIGmTqQfTtzitraNRtI="; }; buildInputs = [ diff --git a/pkgs/development/python-modules/pycryptodome/default.nix b/pkgs/development/python-modules/pycryptodome/default.nix index ef7b571170f..29ef48bde16 100644 --- a/pkgs/development/python-modules/pycryptodome/default.nix +++ b/pkgs/development/python-modules/pycryptodome/default.nix @@ -11,14 +11,14 @@ let in buildPythonPackage rec { pname = "pycryptodome"; - version = "3.14.1"; + version = "3.15.0"; format = "setuptools"; src = fetchFromGitHub { owner = "Legrandin"; repo = "pycryptodome"; rev = "v${version}"; - hash = "sha256-0GjpKNyALe2Q1R3dEjeAEn6E8hxYDic/vbN1YkVaUfs="; + hash = "sha256-SPRoAfwP1MFlVzZsVWmXDWUY5Yje7eg7d+9zJhZNXrw="; }; postPatch = '' diff --git a/pkgs/development/python-modules/pytest-mock/default.nix b/pkgs/development/python-modules/pytest-mock/default.nix index 837dec7c96d..8992694dca1 100644 --- a/pkgs/development/python-modules/pytest-mock/default.nix +++ b/pkgs/development/python-modules/pytest-mock/default.nix @@ -1,6 +1,6 @@ { lib , buildPythonPackage -, fetchpatch +, pythonOlder , fetchPypi , pytest , pytest-asyncio @@ -10,24 +10,20 @@ buildPythonPackage rec { pname = "pytest-mock"; - version = "3.7.0"; + version = "3.8.1"; + + disabled = pythonOlder "3.7"; + + format = "setuptools"; src = fetchPypi { inherit pname version; - hash = "sha256-URK9ksyfGG7pbhqS78hJaepJSTnDrq05xQ9CHEzGlTQ="; + hash = "sha256-LG11bV07+Y4ugHl6lZyn+B9Hnn0fX1cWEbD91tF0UkA="; }; - patches = [ - (fetchpatch { - # pytest7 compatbilitya - url = "https://github.com/pytest-dev/pytest-mock/commit/0577f1ad051fb8d0da94ea22dcb02346d74064b2.patch"; - hash = "sha256-eim4v7U8Mjigr462bXI0pKH/M0ANBzSRc0lT4RpbZ0w="; - }) - ]; - nativeBuildInputs = [ setuptools-scm ]; - propagatedBuildInputs = [ + buildInputs = [ pytest ]; @@ -36,18 +32,13 @@ buildPythonPackage rec { pytestCheckHook ]; - disabledTests = [ - # output of pytest has changed - "test_used_with_" - "test_plain_stopall" - ]; - pythonImportsCheck = [ "pytest_mock" ]; meta = with lib; { - description = "Thin-wrapper around the mock package for easier use with pytest"; + description = "Thin wrapper around the mock package for easier use with pytest"; homepage = "https://github.com/pytest-dev/pytest-mock"; - license = with licenses; [ mit ]; + changelog = "https://github.com/pytest-dev/pytest-mock/blob/v${version}/CHANGELOG.rst"; + license = licenses.mit; maintainers = with maintainers; [ dotlambda ]; }; } diff --git a/pkgs/development/python-modules/pythran/0001-hardcode-path-to-libgomp.patch b/pkgs/development/python-modules/pythran/0001-hardcode-path-to-libgomp.patch index 14d2c2fbfd2..0f5a7ae404b 100644 --- a/pkgs/development/python-modules/pythran/0001-hardcode-path-to-libgomp.patch +++ b/pkgs/development/python-modules/pythran/0001-hardcode-path-to-libgomp.patch @@ -1,64 +1,79 @@ -From 208fe98f10c580a5a2fb6a8cfdd56de109073925 Mon Sep 17 00:00:00 2001 -From: Frederik Rietdijk <fridh@fridh.nl> -Date: Sat, 17 Jul 2021 18:36:27 +0200 -Subject: [PATCH] hardcode path to libgomp - ---- - omp/__init__.py | 40 ++++------------------------------------ - 1 file changed, 4 insertions(+), 36 deletions(-) - diff --git a/omp/__init__.py b/omp/__init__.py -index bddae3063..9ba3678d8 100644 +index 3801d1c8c..a93a74d6f 100644 --- a/omp/__init__.py +++ b/omp/__init__.py -@@ -69,43 +69,11 @@ class OpenMP(object): +@@ -48,72 +48,8 @@ class OpenMP(object): + return ['omp', 'gomp', 'iomp5'] def init_not_msvc(self): - """ Find OpenMP library and try to load if using ctype interface. """ -- # find_library() does not search automatically LD_LIBRARY_PATH -- paths = os.environ.get('LD_LIBRARY_PATH', '').split(':') -+ libgomp_path = "@gomp@" - -- for libomp_name in self.get_libomp_names(): -- if cxx is None or sys.platform == 'win32': -- # Note: Clang supports -print-file-name, but not yet for -- # clang-cl as of v12.0.0 (April '21) -- continue +- """ Find OpenMP library and try to load if using ctype interface. """ +- # find_library() does not automatically search LD_LIBRARY_PATH +- # until Python 3.6+, so we explicitly add it. +- # LD_LIBRARY_PATH is used on Linux, while macOS uses DYLD_LIBRARY_PATH +- # and DYLD_FALLBACK_LIBRARY_PATH. +- env_vars = [] +- if sys.platform == 'darwin': +- env_vars = ['DYLD_LIBRARY_PATH', 'DYLD_FALLBACK_LIBRARY_PATH'] +- else: +- env_vars = ['LD_LIBRARY_PATH'] - -- cmd = [cxx, '-print-file-name=' + libomp_name] -- # the subprocess can fail in various ways in that case just give up -- try: -- path = os.path.dirname(check_output(cmd).decode().strip()) -- if path: -- paths.append(path) -- except (OSError, CalledProcessError): -- pass +- paths = [] +- for env_var in env_vars: +- env_paths = os.environ.get(env_var, '') +- if env_paths: +- paths.extend(env_paths.split(os.pathsep)) - -- # Try to load find libgomp shared library using loader search dirs -- libgomp_path = find_library("gomp") - -- # Try to use custom paths if lookup failed -- for path in paths: -- if libgomp_path: -- break -- path = path.strip() -- if os.path.isdir(path): -- libgomp_path = find_library(os.path.join(str(path), "libgomp")) +- libomp_names = self.get_libomp_names() - -- if not libgomp_path: -- raise ImportError("I can't find a shared library for libgomp," -- " you may need to install it or adjust the " -- "LD_LIBRARY_PATH environment variable.") -- else: -- # Load the library (shouldn't fail with an absolute path right?) -- self.libomp = ctypes.CDLL(libgomp_path) -- self.version = 45 -+ # Load the library (shouldn't fail with an absolute path right?) -+ self.libomp = ctypes.CDLL(libgomp_path) +- if cxx is not None: +- for libomp_name in libomp_names: +- cmd = [cxx, +- '-print-file-name=lib{}{}'.format( +- libomp_name, +- get_shared_lib_extension())] +- # The subprocess can fail in various ways, including because it +- # doesn't support '-print-file-name'. In that case just give up. +- try: +- output = check_output(cmd, +- stderr=DEVNULL) +- path = os.path.dirname(output.decode().strip()) +- if path: +- paths.append(path) +- except (OSError, CalledProcessError): +- pass +- +- +- for libomp_name in libomp_names: +- # Try to load find libomp shared library using loader search dirs +- libomp_path = find_library(libomp_name) +- +- # Try to use custom paths if lookup failed +- if not libomp_path: +- for path in paths: +- candidate_path = os.path.join( +- path, +- 'lib{}{}'.format(libomp_name, +- get_shared_lib_extension())) +- if os.path.isfile(candidate_path): +- libomp_path = candidate_path +- break +- +- # Load the library +- if libomp_path: +- try: +- self.libomp = ctypes.CDLL(libomp_path) +- except OSError: +- raise ImportError("found openMP library '{}' but couldn't load it. " +- "This may happen if you are cross-compiling.".format(libomp_path)) +- self.version = 45 +- return +- +- raise ImportError("I can't find a shared library for libomp, you may need to install it " +- "or adjust the {} environment variable.".format(env_vars[0])) +- ++ self.libomp = ctypes.CDLL("@gomp@") + self.version = 45 def __getattr__(self, name): """ --- -2.32.0 - diff --git a/pkgs/development/python-modules/pythran/default.nix b/pkgs/development/python-modules/pythran/default.nix index 382a01e7b87..0e09a198ab7 100644 --- a/pkgs/development/python-modules/pythran/default.nix +++ b/pkgs/development/python-modules/pythran/default.nix @@ -3,7 +3,6 @@ , buildPythonPackage , fetchFromGitHub , openmp -, pytest-runner , ply , networkx , decorator @@ -11,8 +10,6 @@ , six , numpy , beniget -, pytestCheckHook -, scipy , isPy3k , substituteAll }: @@ -22,13 +19,13 @@ let in buildPythonPackage rec { pname = "pythran"; - version = "0.9.12"; + version = "0.11.0"; src = fetchFromGitHub { owner = "serge-sans-paille"; repo = "pythran"; rev = version; - sha256 = "sha256-lQbVq4K/Q8RzlFhE+l3HPCmUGmauXawcKe31kfbUHsI="; + sha256 = "sha256-F9gUZOTSuiqvfGoN4yQqwUg9mnCeBntw5eHO7ZnjpzI="; }; patches = [ @@ -39,10 +36,6 @@ in buildPythonPackage rec { }) ]; - nativeBuildInputs = [ - pytest-runner - ]; - propagatedBuildInputs = [ ply networkx @@ -62,14 +55,7 @@ in buildPythonPackage rec { "pythran.spec" ]; - checkInputs = [ - pytestCheckHook - numpy - scipy - ]; - - # Test suite is huge. - # Also, in the future scipy will rely on it resulting in a circular test dependency + # Test suite is huge and has a circular dependency on scipy. doCheck = false; disabled = !isPy3k; @@ -79,5 +65,4 @@ in buildPythonPackage rec { homepage = "https://github.com/serge-sans-paille/pythran"; license = lib.licenses.bsd3; }; - } diff --git a/pkgs/development/python-modules/requests/default.nix b/pkgs/development/python-modules/requests/default.nix index b87be59bad8..9b19c7b9c25 100644 --- a/pkgs/development/python-modules/requests/default.nix +++ b/pkgs/development/python-modules/requests/default.nix @@ -17,12 +17,12 @@ buildPythonPackage rec { pname = "requests"; - version = "2.28.0"; + version = "2.28.1"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-1WhyOn69JYddjR6vXfoGjNL8gZSy5IPXsffIGRjb7Gs="; + hash = "sha256-fFWZsQL+3apmHIJsVqtP7ii/0X9avKHrvj5/GdfJeYM="; }; patches = [ diff --git a/pkgs/development/python-modules/setuptools-scm/default.nix b/pkgs/development/python-modules/setuptools-scm/default.nix index c175cfb4c60..5fa082d8221 100644 --- a/pkgs/development/python-modules/setuptools-scm/default.nix +++ b/pkgs/development/python-modules/setuptools-scm/default.nix @@ -3,6 +3,7 @@ , fetchPypi , packaging , tomli +, setuptools , lib }: @@ -19,6 +20,7 @@ buildPythonPackage rec { propagatedBuildInputs = [ packaging tomli + setuptools ]; pythonImportsCheck = [ diff --git a/pkgs/development/python-modules/sqlalchemy/default.nix b/pkgs/development/python-modules/sqlalchemy/default.nix index 544bdccd2cb..5c467e2f905 100644 --- a/pkgs/development/python-modules/sqlalchemy/default.nix +++ b/pkgs/development/python-modules/sqlalchemy/default.nix @@ -13,11 +13,11 @@ buildPythonPackage rec { pname = "SQLAlchemy"; - version = "1.4.37"; + version = "1.4.39"; src = fetchPypi { inherit pname version; - hash = "sha256-Noj5LGLbbF3yaOImSJEHjxfsuR4xQbQA8uKND3V5beo="; + hash = "sha256-gZSJYDh1O0awigsK6JpdgMiX+2Ad1R4kPtVyDx8VXSc="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/twisted/default.nix b/pkgs/development/python-modules/twisted/default.nix index 59011ef1d64..ceaadd74ee6 100644 --- a/pkgs/development/python-modules/twisted/default.nix +++ b/pkgs/development/python-modules/twisted/default.nix @@ -119,7 +119,8 @@ buildPythonPackage rec { pyhamcrest ] ++ passthru.optional-dependencies.conch - ++ passthru.optional-dependencies.tls; + # not supported on aarch64-darwin: https://github.com/pyca/pyopenssl/issues/873 + ++ lib.optionals (!(stdenv.isDarwin && stdenv.isAarch64)) passthru.optional-dependencies.tls; checkPhase = '' export SOURCE_DATE_EPOCH=315532800 diff --git a/pkgs/development/python-modules/urllib3/default.nix b/pkgs/development/python-modules/urllib3/default.nix index 8a79241eebc..790b497bb8f 100644 --- a/pkgs/development/python-modules/urllib3/default.nix +++ b/pkgs/development/python-modules/urllib3/default.nix @@ -4,16 +4,16 @@ , buildPythonPackage , certifi , cryptography -, python-dateutil , fetchPypi -, isPyPy , idna +, isPyPy , mock , pyopenssl , pysocks , pytest-freezegun , pytest-timeout , pytestCheckHook +, python-dateutil , tornado , trustme }: @@ -30,7 +30,7 @@ buildPythonPackage rec { # FIXME: remove backwards compatbility hack propagatedBuildInputs = passthru.optional-dependencies.brotli - ++ passthru.optional-dependencies.secure; + ++ passthru.optional-dependencies.socks; checkInputs = [ python-dateutil @@ -65,6 +65,7 @@ buildPythonPackage rec { passthru.optional-dependencies = { brotli = if isPyPy then [ brotlicffi ] else [ brotli ]; + # Use carefully since pyopenssl is not supported aarch64-darwin secure = [ certifi cryptography idna pyopenssl ]; socks = [ pysocks ]; }; diff --git a/pkgs/development/tools/build-managers/cmake/search-path.patch b/pkgs/development/tools/build-managers/cmake/001-search-path.diff index b71c2dd4441..b71c2dd4441 100644 --- a/pkgs/development/tools/build-managers/cmake/search-path.patch +++ b/pkgs/development/tools/build-managers/cmake/001-search-path.diff diff --git a/pkgs/development/tools/build-managers/cmake/application-services.patch b/pkgs/development/tools/build-managers/cmake/002-application-services.diff index 7c77336b41b..7c77336b41b 100644 --- a/pkgs/development/tools/build-managers/cmake/application-services.patch +++ b/pkgs/development/tools/build-managers/cmake/002-application-services.diff diff --git a/pkgs/development/tools/build-managers/cmake/libuv-application-services.patch b/pkgs/development/tools/build-managers/cmake/003-libuv-application-services.diff index 6607a9c6ed1..6607a9c6ed1 100644 --- a/pkgs/development/tools/build-managers/cmake/libuv-application-services.patch +++ b/pkgs/development/tools/build-managers/cmake/003-libuv-application-services.diff diff --git a/pkgs/development/tools/build-managers/cmake/3.2.2-cygwin.patch b/pkgs/development/tools/build-managers/cmake/004-cygwin.diff index 982aba17e87..982aba17e87 100644 --- a/pkgs/development/tools/build-managers/cmake/3.2.2-cygwin.patch +++ b/pkgs/development/tools/build-managers/cmake/004-cygwin.diff diff --git a/pkgs/development/tools/build-managers/cmake/remove-systemconfiguration-dep.patch b/pkgs/development/tools/build-managers/cmake/005-remove-systemconfiguration-dep.diff index 2329ae3f835..76aa91cff92 100644 --- a/pkgs/development/tools/build-managers/cmake/remove-systemconfiguration-dep.patch +++ b/pkgs/development/tools/build-managers/cmake/005-remove-systemconfiguration-dep.diff @@ -1,23 +1,19 @@ -diff --git a/Utilities/cmcurl/CMakeLists.txt b/Utilities/cmcurl/CMakeLists.txt -index 9eef01aaf0..d141d4086c 100644 --- a/Utilities/cmcurl/CMakeLists.txt +++ b/Utilities/cmcurl/CMakeLists.txt -@@ -537,12 +537,7 @@ if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin") - message(FATAL_ERROR "CoreFoundation framework not found") - endif() +@@ -391,13 +391,6 @@ if(ENABLE_IPV6 AND NOT WIN32) -- find_library(SYSTEMCONFIGURATION_FRAMEWORK "SystemConfiguration") -- if(NOT SYSTEMCONFIGURATION_FRAMEWORK) -- message(FATAL_ERROR "SystemConfiguration framework not found") -- endif() + if(CMAKE_SYSTEM_NAME STREQUAL "Darwin" AND NOT ENABLE_ARES) + set(use_core_foundation ON) +- +- find_library(SYSTEMCONFIGURATION_FRAMEWORK "SystemConfiguration") +- if(NOT SYSTEMCONFIGURATION_FRAMEWORK) +- message(FATAL_ERROR "SystemConfiguration framework not found") +- endif() - -- list(APPEND CURL_LIBS "-framework CoreFoundation" "-framework SystemConfiguration") -+ list(APPEND CURL_LIBS "-framework CoreFoundation") +- list(APPEND CURL_LIBS "-framework SystemConfiguration") + endif() + endif() - if(CMAKE_USE_SECTRANSP) - find_library(SECURITY_FRAMEWORK "Security") -diff --git a/Utilities/cmcurl/lib/curl_setup.h b/Utilities/cmcurl/lib/curl_setup.h -index 554dcc1e67..059f14e632 100644 --- a/Utilities/cmcurl/lib/curl_setup.h +++ b/Utilities/cmcurl/lib/curl_setup.h @@ -257,11 +257,7 @@ @@ -32,8 +28,6 @@ index 554dcc1e67..059f14e632 100644 #endif #ifdef USE_LWIPSOCK -diff --git a/Utilities/cmcurl/lib/hostip.c b/Utilities/cmcurl/lib/hostip.c -index 117caa2957..9f7c709e44 100644 --- a/Utilities/cmcurl/lib/hostip.c +++ b/Utilities/cmcurl/lib/hostip.c @@ -68,10 +68,6 @@ @@ -47,7 +41,7 @@ index 117caa2957..9f7c709e44 100644 #if defined(CURLRES_SYNCH) && \ defined(HAVE_ALARM) && defined(SIGALRM) && defined(HAVE_SIGSETJMP) /* alarm-based timeouts can only be used with all the dependencies satisfied */ -@@ -653,23 +649,6 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, +@@ -661,23 +657,6 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, return CURLRESOLV_ERROR; } diff --git a/pkgs/development/tools/build-managers/cmake/darwin-always-set-runtime-c-flag.patch b/pkgs/development/tools/build-managers/cmake/006-darwin-always-set-runtime-c-flag.diff index dc10e6b3423..dc10e6b3423 100644 --- a/pkgs/development/tools/build-managers/cmake/darwin-always-set-runtime-c-flag.patch +++ b/pkgs/development/tools/build-managers/cmake/006-darwin-always-set-runtime-c-flag.diff diff --git a/pkgs/development/tools/build-managers/cmake/default.nix b/pkgs/development/tools/build-managers/cmake/default.nix index f7fab1c0176..7752db352fd 100644 --- a/pkgs/development/tools/build-managers/cmake/default.nix +++ b/pkgs/development/tools/build-managers/cmake/default.nix @@ -1,62 +1,91 @@ -{ stdenv, lib, fetchurl, pkg-config -, bzip2, curlMinimal, expat, libarchive, xz, zlib, libuv, rhash +{ lib +, stdenv , buildPackages -# darwin attributes +, bzip2 +, curlMinimal +, expat +, fetchurl +, libarchive +, libuv +, ncurses +, openssl +, pkg-config +, qtbase +, rhash +, sphinx +, texinfo +, wrapQtAppsHook +, xz +, zlib , SystemConfiguration , ps , isBootstrap ? false +, useOpenSSL ? !isBootstrap , useSharedLibraries ? (!isBootstrap && !stdenv.isCygwin) -, useOpenSSL ? !isBootstrap, openssl -, useNcurses ? false, ncurses -, withQt5 ? false, qtbase, wrapQtAppsHook -, buildDocs ? (!isBootstrap && (useNcurses || withQt5)), sphinx, texinfo +, uiToolkits ? [] # can contain "ncurses" and/or "qt5" +, buildDocs ? !(isBootstrap || (uiToolkits == [])) }: +let + cursesUI = lib.elem "ncurses" uiToolkits; + qt5UI = lib.elem "qt5" uiToolkits; +in +# Accepts only "ncurses" and "qt5" as possible uiToolkits +assert lib.subtractLists [ "ncurses" "qt5" ] uiToolkits == []; stdenv.mkDerivation rec { pname = "cmake" + lib.optionalString isBootstrap "-boot" - + lib.optionalString useNcurses "-cursesUI" - + lib.optionalString withQt5 "-qt5UI"; - version = "3.22.3"; + + lib.optionalString cursesUI "-cursesUI" + + lib.optionalString qt5UI "-qt5UI"; + version = "3.23.2"; src = fetchurl { url = "https://cmake.org/files/v${lib.versions.majorMinor version}/cmake-${version}.tar.gz"; - sha256 = "sha256-n4RpFm+UVTtpeKFu4pIn7Emi61zrYIJ13sQNiuDRtaA="; + sha256 = "sha256-8xa0AFNGb5pBat+YHv2kGxYMqFnpf2pIS0R+opn/Jqo="; }; patches = [ # Don't search in non-Nix locations such as /usr, but do search in our libc. - ./search-path.patch - + ./001-search-path.diff # Don't depend on frameworks. - ./application-services.patch - + ./002-application-services.diff # Derived from https://github.com/libuv/libuv/commit/1a5d4f08238dd532c3718e210078de1186a5920d - ./libuv-application-services.patch - - ] ++ lib.optional stdenv.isCygwin ./3.2.2-cygwin.patch + ./003-libuv-application-services.diff + ] + ++ lib.optional stdenv.isCygwin ./004-cygwin.diff # Derived from https://github.com/curl/curl/commit/31f631a142d855f069242f3e0c643beec25d1b51 - ++ lib.optional (stdenv.isDarwin && isBootstrap) ./remove-systemconfiguration-dep.patch + ++ lib.optional (stdenv.isDarwin && isBootstrap) ./005-remove-systemconfiguration-dep.diff # On Darwin, always set CMAKE_SHARED_LIBRARY_RUNTIME_C_FLAG. - ++ lib.optional stdenv.isDarwin ./darwin-always-set-runtime-c-flag.patch; + ++ lib.optional stdenv.isDarwin ./006-darwin-always-set-runtime-c-flag.diff; - outputs = [ "out" ] - ++ lib.optionals buildDocs [ "man" "info" ]; + outputs = [ "out" ] ++ lib.optionals buildDocs [ "man" "info" ]; setOutputFlags = false; setupHook = ./setup-hook.sh; depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ setupHook pkg-config ] - ++ lib.optionals buildDocs [ texinfo ] - ++ lib.optionals withQt5 [ wrapQtAppsHook ]; - - buildInputs = lib.optionals useSharedLibraries [ bzip2 curlMinimal expat libarchive xz zlib libuv rhash ] - ++ lib.optional useOpenSSL openssl - ++ lib.optional useNcurses ncurses - ++ lib.optional withQt5 qtbase - ++ lib.optional (stdenv.isDarwin && !isBootstrap) SystemConfiguration; + nativeBuildInputs = [ + pkg-config + setupHook + ] + ++ lib.optionals buildDocs [ texinfo ] + ++ lib.optionals qt5UI [ wrapQtAppsHook ]; + + buildInputs = lib.optionals useSharedLibraries [ + bzip2 + curlMinimal + expat + libarchive + xz + zlib + libuv + rhash + ] + ++ lib.optional useOpenSSL openssl + ++ lib.optional cursesUI ncurses + ++ lib.optional qt5UI qtbase + ++ lib.optional (stdenv.isDarwin && !isBootstrap) SystemConfiguration; propagatedBuildInputs = lib.optional stdenv.isDarwin ps; @@ -73,18 +102,21 @@ stdenv.mkDerivation rec { configureFlags = [ "CXXFLAGS=-Wno-elaborated-enum-base" "--docdir=share/doc/${pname}${version}" - ] ++ (if useSharedLibraries then [ "--no-system-jsoncpp" "--system-libs" ] else [ "--no-system-libs" ]) # FIXME: cleanup - ++ lib.optional withQt5 "--qt-gui" + ] ++ (if useSharedLibraries + then [ "--no-system-jsoncpp" "--system-libs" ] + else [ "--no-system-libs" ]) # FIXME: cleanup + ++ lib.optional qt5UI "--qt-gui" ++ lib.optionals buildDocs [ "--sphinx-build=${sphinx}/bin/sphinx-build" - "--sphinx-man" "--sphinx-info" + "--sphinx-man" ] # Workaround https://gitlab.kitware.com/cmake/cmake/-/issues/20568 ++ lib.optionals stdenv.hostPlatform.is32bit [ "CFLAGS=-D_FILE_OFFSET_BITS=64" "CXXFLAGS=-D_FILE_OFFSET_BITS=64" - ] ++ [ + ] + ++ [ "--" # We should set the proper `CMAKE_SYSTEM_NAME`. # http://www.cmake.org/Wiki/CMake_Cross_Compiling @@ -100,7 +132,7 @@ stdenv.mkDerivation rec { "-DCMAKE_USE_OPENSSL=${if useOpenSSL then "ON" else "OFF"}" # Avoid depending on frameworks. - "-DBUILD_CursesDialog=${if useNcurses then "ON" else "OFF"}" + "-DBUILD_CursesDialog=${if cursesUI then "ON" else "OFF"}" ]; # make install attempts to use the just-built cmake @@ -118,19 +150,19 @@ stdenv.mkDerivation rec { doCheck = false; # fails meta = with lib; { - broken = (withQt5 && stdenv.isDarwin); homepage = "https://cmake.org/"; - changelog = "https://cmake.org/cmake/help/v${lib.versions.majorMinor version}/release/${lib.versions.majorMinor version}.html"; - description = "Cross-Platform Makefile Generator"; + description = "Cross-platform, open-source build system generator"; longDescription = '' - CMake is an open-source, cross-platform family of tools designed to - build, test and package software. CMake is used to control the software + CMake is an open-source, cross-platform family of tools designed to build, + test and package software. CMake is used to control the software compilation process using simple platform and compiler independent - configuration files, and generate native makefiles and workspaces that - can be used in the compiler environment of your choice. + configuration files, and generate native makefiles and workspaces that can + be used in the compiler environment of your choice. ''; - platforms = platforms.all; - maintainers = with maintainers; [ ttuegel lnl7 ]; + changelog = "https://cmake.org/cmake/help/v${lib.versions.majorMinor version}/release/${lib.versions.majorMinor version}.html"; license = licenses.bsd3; + maintainers = with maintainers; [ ttuegel lnl7 AndersonTorres ]; + platforms = platforms.all; + broken = (qt5UI && stdenv.isDarwin); }; } diff --git a/pkgs/development/tools/build-managers/ninja/setup-hook.sh b/pkgs/development/tools/build-managers/ninja/setup-hook.sh index 015759c9d48..63fa7d8f16f 100644 --- a/pkgs/development/tools/build-managers/ninja/setup-hook.sh +++ b/pkgs/development/tools/build-managers/ninja/setup-hook.sh @@ -14,7 +14,7 @@ ninjaBuildPhase() { ) echoCmd 'build flags' "${flagsArray[@]}" - ninja "${flagsArray[@]}" | cat + TERM=dumb ninja "${flagsArray[@]}" runHook postBuild } @@ -33,7 +33,7 @@ ninjaInstallPhase() { ) echoCmd 'install flags' "${flagsArray[@]}" - ninja "${flagsArray[@]}" | cat + TERM=dumb ninja "${flagsArray[@]}" runHook postInstall } @@ -67,7 +67,7 @@ ninjaCheckPhase() { ) echoCmd 'check flags' "${flagsArray[@]}" - ninja "${flagsArray[@]}" | cat + TERM=dumb ninja "${flagsArray[@]}" fi runHook postCheck diff --git a/pkgs/development/tools/delve/default.nix b/pkgs/development/tools/delve/default.nix index e7b7e709fec..238bc728b04 100644 --- a/pkgs/development/tools/delve/default.nix +++ b/pkgs/development/tools/delve/default.nix @@ -1,4 +1,4 @@ -{ lib, buildGoModule, fetchFromGitHub, makeWrapper }: +{ lib, buildGoModule, fetchFromGitHub, makeWrapper, stdenv }: buildGoModule rec { pname = "delve"; @@ -17,7 +17,19 @@ buildGoModule rec { nativeBuildInputs = [ makeWrapper ]; - checkFlags = [ "-short" ]; + hardeningDisable = [ "fortify" ]; + + preCheck = '' + XDG_CONFIG_HOME=$(mktemp -d) + ''; + + # Disable tests on Darwin as they require various workarounds. + # + # - Tests requiring local networking fail with or without sandbox, + # even with __darwinAllowLocalNetworking allowed. + # - CGO_FLAGS warnings break tests' expected stdout/stderr outputs. + # - DAP test binaries exit prematurely. + doCheck = !stdenv.isDarwin; postInstall = '' # fortify source breaks build since delve compiles with -O0 diff --git a/pkgs/development/tools/documentation/doxygen/default.nix b/pkgs/development/tools/documentation/doxygen/default.nix index 5a0807974ed..eb2e1f6055b 100644 --- a/pkgs/development/tools/documentation/doxygen/default.nix +++ b/pkgs/development/tools/documentation/doxygen/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "doxygen"; - version = "1.9.3"; + version = "1.9.4"; src = fetchFromGitHub { owner = "doxygen"; repo = "doxygen"; rev = "Release_${lib.replaceStrings [ "." ] [ "_" ] version}"; - sha256 = "1xfsv31ffrv03qhxlscav0r5mdi3qz4654ib9cq35rvmxfj999bw"; + sha256 = "sha256-Dnr8d+ngSBkgL/BITvsvoERAHQyEXCoQDltbnQ2nXKM="; }; nativeBuildInputs = [ diff --git a/pkgs/development/tools/misc/autoconf-archive/default.nix b/pkgs/development/tools/misc/autoconf-archive/default.nix index bde9db89434..318daf9e599 100644 --- a/pkgs/development/tools/misc/autoconf-archive/default.nix +++ b/pkgs/development/tools/misc/autoconf-archive/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "autoconf-archive"; - version = "2021.02.19"; + version = "2022.02.11"; src = fetchurl { url = "mirror://gnu/autoconf-archive/autoconf-archive-${version}.tar.xz"; - sha256 = "sha256-6KbrnSjdy6j/7z+iEWUyOem/I5q6agGmt8/Hzq7GnL0="; + sha256 = "sha256-eKYbYR4u61WongOY4M44e8r1f+LdU8b+QnEw93etHow="; }; strictDeps = true; diff --git a/pkgs/development/tools/misc/luarocks/default.nix b/pkgs/development/tools/misc/luarocks/default.nix index 1b05f88a091..70df08af2de 100644 --- a/pkgs/development/tools/misc/luarocks/default.nix +++ b/pkgs/development/tools/misc/luarocks/default.nix @@ -26,6 +26,10 @@ stdenv.mkDerivation rec { substituteInPlace src/luarocks/core/cfg.lua --subst-var-by 'darwinMinVersion' '${stdenv.targetPlatform.darwinMinVersion}' ''; + # Manually written ./configure does not support --build= or --host=: + # Error: Unknown flag: --build=x86_64-unknown-linux-gnu + configurePlatforms = [ ]; + preConfigure = '' lua -e "" || { luajit -e "" && { diff --git a/pkgs/development/tools/misc/texinfo/common.nix b/pkgs/development/tools/misc/texinfo/common.nix index e5814e9bda4..df3b12ea5b6 100644 --- a/pkgs/development/tools/misc/texinfo/common.nix +++ b/pkgs/development/tools/misc/texinfo/common.nix @@ -36,8 +36,7 @@ stdenv.mkDerivation { strictDeps = true; enableParallelBuilding = true; - # We need a native compiler to build perl XS extensions - # when cross-compiling. + # A native compiler is needed to build tools needed at build time depsBuildBuild = [ buildPackages.stdenv.cc perl ]; buildInputs = [ xz.bin bash libintl ] @@ -45,6 +44,9 @@ stdenv.mkDerivation { ++ optional interactive ncurses; configureFlags = [ "PERL=${buildPackages.perl}/bin/perl" ] + # Perl XS modules are difficult to cross-compile and texinfo has pure Perl + # fallbacks. + ++ optional crossBuildTools "--enable-perl-xs=no" ++ lib.optional stdenv.isSunOS "AWK=${gawk}/bin/awk"; installFlags = [ "TEXMF=$(out)/texmf-dist" ]; @@ -62,6 +64,13 @@ stdenv.mkDerivation { "XFAIL_TESTS=test_scripts/layout_formatting_fr_icons.sh" ]; + postFixup = optionalString crossBuildTools '' + for f in "$out"/bin/{pod2texi,texi2any}; do + substituteInPlace "$f" \ + --replace ${buildPackages.perl}/bin/perl ${perl}/bin/perl + done + ''; + meta = { homepage = "https://www.gnu.org/software/texinfo/"; description = "The GNU documentation system"; diff --git a/pkgs/os-specific/linux/alsa-project/alsa-lib/default.nix b/pkgs/os-specific/linux/alsa-project/alsa-lib/default.nix index 58e5990ae0a..4928f114a88 100644 --- a/pkgs/os-specific/linux/alsa-project/alsa-lib/default.nix +++ b/pkgs/os-specific/linux/alsa-project/alsa-lib/default.nix @@ -7,11 +7,11 @@ stdenv.mkDerivation rec { pname = "alsa-lib"; - version = "1.2.6.1"; + version = "1.2.7.1"; src = fetchurl { url = "mirror://alsa/lib/${pname}-${version}.tar.bz2"; - hash = "sha256-rVgpk9Us21+xWaC+q2CmrFfqsMwb34XcTbbWGX8CMz8="; + hash = "sha256-BG3ELfz60mkhe+BZVGhhN+XnOX8wQTcvjG3NfXlGHmE="; }; patches = [ diff --git a/pkgs/os-specific/linux/alsa-project/alsa-plugins/default.nix b/pkgs/os-specific/linux/alsa-project/alsa-plugins/default.nix index 86ff7ff5d21..ababb767955 100644 --- a/pkgs/os-specific/linux/alsa-project/alsa-plugins/default.nix +++ b/pkgs/os-specific/linux/alsa-project/alsa-plugins/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "alsa-plugins"; - version = "1.2.6"; + version = "1.2.7.1"; src = fetchurl { url = "mirror://alsa/plugins/${pname}-${version}.tar.bz2"; - sha256 = "sha256-BogYpLVdjAKdqgABXYU9RRE/VrIkt8ZOHhF5iMglsqA="; + hash = "sha256-jDN4FJVLt8FnRWczpgRhQqKTHxLsy6PsKkrmGKNDJRE="; }; nativeBuildInputs = [ pkg-config ]; diff --git a/pkgs/os-specific/linux/alsa-project/alsa-ucm-conf/default.nix b/pkgs/os-specific/linux/alsa-project/alsa-ucm-conf/default.nix index e1474e02ed5..512fe605b6e 100644 --- a/pkgs/os-specific/linux/alsa-project/alsa-ucm-conf/default.nix +++ b/pkgs/os-specific/linux/alsa-project/alsa-ucm-conf/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "alsa-ucm-conf"; - version = "1.2.6.3"; + version = "1.2.7.1"; src = fetchurl { url = "mirror://alsa/lib/${pname}-${version}.tar.bz2"; - sha256 = "sha256-uKA6o4emJKL2XtwgG/d3QhGQtgUpqSCHZGgjr72Wxc0="; + hash = "sha256-rFsqEnV4Pv8H4cs0w2xsWYd0JnmjQAN1B8BKncHSLKw="; }; dontBuild = true; diff --git a/pkgs/os-specific/linux/ell/default.nix b/pkgs/os-specific/linux/ell/default.nix index 43b65f5ae7b..da2488bd75d 100644 --- a/pkgs/os-specific/linux/ell/default.nix +++ b/pkgs/os-specific/linux/ell/default.nix @@ -7,14 +7,14 @@ stdenv.mkDerivation rec { pname = "ell"; - version = "0.50"; + version = "0.51"; outputs = [ "out" "dev" ]; src = fetchgit { url = "https://git.kernel.org/pub/scm/libs/ell/ell.git"; rev = version; - sha256 = "sha256-LQAbE/pAKjVFsn9FjIbvY6sTBcVBdi4LCOnDVZ/WGV0="; + sha256 = "sha256-UGc6msj+V3U7IzquD4+KDLWt1vUxdV2Qm9Y0FOmsqtc="; }; nativeBuildInputs = [ diff --git a/pkgs/os-specific/linux/iproute/default.nix b/pkgs/os-specific/linux/iproute/default.nix index 64c54306333..4d06e82fcae 100644 --- a/pkgs/os-specific/linux/iproute/default.nix +++ b/pkgs/os-specific/linux/iproute/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "iproute2"; - version = "5.17.0"; + version = "5.18.0"; src = fetchurl { url = "mirror://kernel/linux/utils/net/${pname}/${pname}-${version}.tar.xz"; - sha256 = "bjhPG0LHXhqdqsV4Zto33P+QkJC6huslpudk2niTZg4="; + sha256 = "W6PUZNUcjCg1UNUH/6w9EPeuxYe3xmsMy2lQZDZGOJ4="; }; patches = [ diff --git a/pkgs/os-specific/linux/iptables/default.nix b/pkgs/os-specific/linux/iptables/default.nix index d76bba1c37d..0704860c961 100644 --- a/pkgs/os-specific/linux/iptables/default.nix +++ b/pkgs/os-specific/linux/iptables/default.nix @@ -24,6 +24,11 @@ stdenv.mkDerivation rec { url = "https://git.netfilter.org/iptables/patch/?id=f319389525b066b7dc6d389c88f16a0df3b8f189"; sha256 = "sha256-rOxCEWZoI8Ac5fQDp286YHAwvreUAoDVAbomboKrGyM="; }) + # fix Musl build + (fetchpatch { + url = "https://git.netfilter.org/iptables/patch/?id=0e7cf0ad306cdf95dc3c28d15a254532206a888e"; + sha256 = "18mnvqfxzd7ifq3zjb4vyifcyadpxdi8iqcj8wsjgw23n49lgrbj"; + }) ]; outputs = [ "out" "dev" "man" ]; diff --git a/pkgs/os-specific/linux/iwd/default.nix b/pkgs/os-specific/linux/iwd/default.nix index 424a1d1a50e..f83d96d787c 100644 --- a/pkgs/os-specific/linux/iwd/default.nix +++ b/pkgs/os-specific/linux/iwd/default.nix @@ -12,12 +12,12 @@ stdenv.mkDerivation rec { pname = "iwd"; - version = "1.27"; + version = "1.28"; src = fetchgit { url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git"; rev = version; - sha256 = "sha256-gN9+9Cc6zjZBXDhcHBH5wyucO5/vL7bKSLWM5laFqaA="; + sha256 = "sha256-UAhgmXTbCgxja8nniexr6+jkzHIOMn9k1Cp8oMuskk0="; }; outputs = [ "out" "man" "doc" ] diff --git a/pkgs/os-specific/linux/libsepol/default.nix b/pkgs/os-specific/linux/libsepol/default.nix index 5fa51ac2238..108e6507231 100644 --- a/pkgs/os-specific/linux/libsepol/default.nix +++ b/pkgs/os-specific/linux/libsepol/default.nix @@ -31,6 +31,8 @@ stdenv.mkDerivation rec { NIX_CFLAGS_COMPILE = "-Wno-error"; + enableParallelBuilding = true; + passthru = { inherit se_url; }; meta = with lib; { diff --git a/pkgs/os-specific/linux/v4l-utils/default.nix b/pkgs/os-specific/linux/v4l-utils/default.nix index 3fdd9e791bd..f8d0c9be0d9 100644 --- a/pkgs/os-specific/linux/v4l-utils/default.nix +++ b/pkgs/os-specific/linux/v4l-utils/default.nix @@ -1,5 +1,5 @@ { stdenv, lib, fetchurl, pkg-config, perl -, libjpeg, udev +, argp-standalone, libjpeg, udev , withUtils ? true , withGUI ? true, alsa-lib, libX11, qtbase, libGLU, wrapQtAppsHook }: @@ -35,7 +35,9 @@ in stdenv.mkDerivation rec { nativeBuildInputs = [ pkg-config perl ] ++ lib.optional withQt wrapQtAppsHook; - buildInputs = [ udev ] ++ lib.optionals withQt [ alsa-lib libX11 qtbase libGLU ]; + buildInputs = [ udev ] + ++ lib.optional (!stdenv.hostPlatform.isGnu) argp-standalone + ++ lib.optionals withQt [ alsa-lib libX11 qtbase libGLU ]; propagatedBuildInputs = [ libjpeg ]; diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix index 6475d7f2ca1..880286bbcd2 100644 --- a/pkgs/stdenv/linux/default.nix +++ b/pkgs/stdenv/linux/default.nix @@ -304,15 +304,18 @@ in binutils coreutils gnugrep perl patchelf linuxHeaders gnum4 bison libidn2 libunistring; ${localSystem.libc} = getLibc prevStage; - # Link GCC statically against GMP etc. This makes sense because - # these builds of the libraries are only used by GCC, so it - # reduces the size of the stdenv closure. - gmp = super.gmp.override { stdenv = self.makeStaticLibraries self.stdenv; }; - mpfr = super.mpfr.override { stdenv = self.makeStaticLibraries self.stdenv; }; - libmpc = super.libmpc.override { stdenv = self.makeStaticLibraries self.stdenv; }; - isl_0_20 = super.isl_0_20.override { stdenv = self.makeStaticLibraries self.stdenv; }; - gcc-unwrapped = super.gcc-unwrapped.override { - isl = isl_0_20; + gcc-unwrapped = + let makeStaticLibrariesAndMark = pkg: + lib.makeOverridable (pkg.override { stdenv = self.makeStaticLibraries self.stdenv; }) + .overrideAttrs (a: { pname = "${a.pname}-stage3"; }); + in super.gcc-unwrapped.override { + # Link GCC statically against GMP etc. This makes sense because + # these builds of the libraries are only used by GCC, so it + # reduces the size of the stdenv closure. + gmp = makeStaticLibrariesAndMark super.gmp; + mpfr = makeStaticLibrariesAndMark super.mpfr; + libmpc = makeStaticLibrariesAndMark super.libmpc; + isl = makeStaticLibrariesAndMark super.isl_0_20; # Use a deterministically built compiler # see https://github.com/NixOS/nixpkgs/issues/108475 for context reproducibleBuild = true; @@ -336,7 +339,7 @@ in # because gcc (since JAR support) already depends on zlib, and # then if we already have a zlib we want to use that for the # other purposes (binutils and top-level pkgs) too. - inherit (prevStage) gettext gnum4 bison gmp perl texinfo zlib linuxHeaders libidn2 libunistring; + inherit (prevStage) gettext gnum4 bison perl texinfo zlib linuxHeaders libidn2 libunistring; ${localSystem.libc} = getLibc prevStage; binutils = super.binutils.override { # Don't use stdenv's shell but our own @@ -347,6 +350,14 @@ in }; }; + # force gmp to rebuild so we have the option of dynamically linking + # libgmp without creating a reference path from: + # stage5.gcc -> stage4.coreutils -> stage3.glibc -> bootstrap + gmp = lib.makeOverridable (super.gmp.override { stdenv = self.stdenv; }).overrideAttrs (a: { pname = "${a.pname}-stage4"; }); + + # coreutils gets rebuilt both here and also in the final stage; we rename this one to avoid confusion + coreutils = super.coreutils.overrideAttrs (a: { pname = "${a.pname}-stage4"; }); + gcc = lib.makeOverridable (import ../../build-support/cc-wrapper) { nativeTools = false; nativeLibc = false; @@ -417,7 +428,7 @@ in # Simple executable tools concatMap (p: [ (getBin p) (getLib p) ]) [ gzip bzip2 xz bash binutils.bintools coreutils diffutils findutils - gawk gnumake gnused gnutar gnugrep gnupatch patchelf ed file + gawk gmp gnumake gnused gnutar gnugrep gnupatch patchelf ed file ] # Library dependencies ++ map getLib ( diff --git a/pkgs/tools/filesystems/go-mtpfs/default.nix b/pkgs/tools/filesystems/go-mtpfs/default.nix index 4bb2a3c24d5..260e6891f95 100644 --- a/pkgs/tools/filesystems/go-mtpfs/default.nix +++ b/pkgs/tools/filesystems/go-mtpfs/default.nix @@ -18,7 +18,11 @@ buildGoModule rec { nativeBuildInputs = [ pkg-config ]; buildInputs = [ libusb1 ]; - checkFlags = [ "-short" ]; + preCheck = '' + # Only run tests under mtp/encoding_test.go + # Other tests require an Android deviced attached over USB. + buildFlagsArray+=("-run" "Test(Encode|Decode|Variant).*") + ''; meta = with lib; { description = "A simple FUSE filesystem for mounting Android devices as a MTP device"; diff --git a/pkgs/tools/misc/coreutils/default.nix b/pkgs/tools/misc/coreutils/default.nix index f6d2591716e..5b8c1c38c50 100644 --- a/pkgs/tools/misc/coreutils/default.nix +++ b/pkgs/tools/misc/coreutils/default.nix @@ -39,6 +39,11 @@ stdenv.mkDerivation rec { sha256 = "sha256-YaH0ENeLp+fzelpPUObRMgrKMzdUhKMlXt3xejhYBCM="; }; + patches = lib.optionals (stdenv.isDarwin && stdenv.isx86_64) [ + # Workaround for https://debbugs.gnu.org/cgi/bugreport.cgi?bug=51433 + ./disable-seek-hole.patch + ]; + postPatch = '' # The test tends to fail on btrfs, f2fs and maybe other unusual filesystems. sed '2i echo Skipping dd sparse test && exit 77' -i ./tests/dd/sparse.sh diff --git a/pkgs/tools/misc/coreutils/disable-seek-hole.patch b/pkgs/tools/misc/coreutils/disable-seek-hole.patch new file mode 100644 index 00000000000..89503287980 --- /dev/null +++ b/pkgs/tools/misc/coreutils/disable-seek-hole.patch @@ -0,0 +1,43 @@ +diff --git a/src/copy.c b/src/copy.c +index cb9018f93..2a4ccc061 100644 +--- a/src/copy.c ++++ b/src/copy.c +@@ -502,7 +502,7 @@ write_zeros (int fd, off_t n_bytes) + return true; + } + +-#ifdef SEEK_HOLE ++#if 0 + /* Perform an efficient extent copy, if possible. This avoids + the overhead of detecting holes in hole-introducing/preserving + copy, and thus makes copying sparse files much more efficient. +@@ -1095,7 +1095,7 @@ infer_scantype (int fd, struct stat const *sb, + && ST_NBLOCKS (*sb) < sb->st_size / ST_NBLOCKSIZE)) + return PLAIN_SCANTYPE; + +-#ifdef SEEK_HOLE ++#if 0 + scan_inference->ext_start = lseek (fd, 0, SEEK_DATA); + if (0 <= scan_inference->ext_start) + return LSEEK_SCANTYPE; +@@ -1377,7 +1377,7 @@ copy_reg (char const *src_name, char const *dst_name, + off_t n_read; + bool wrote_hole_at_eof = false; + if (! ( +-#ifdef SEEK_HOLE ++#if 0 + scantype == LSEEK_SCANTYPE + ? lseek_copy (source_desc, dest_desc, buf, buf_size, hole_size, + scan_inference.ext_start, src_open_sb.st_size, +diff --git a/tests/seek-data-capable b/tests/seek-data-capable +index cc6372214..6e7a9ec1e 100644 +--- a/tests/seek-data-capable ++++ b/tests/seek-data-capable +@@ -1,5 +1,7 @@ + import sys, os, errno, platform + ++sys.exit(1) ++ + # Pass an _empty_ file + if len(sys.argv) != 2: + sys.exit(1) diff --git a/pkgs/tools/misc/mmake/default.nix b/pkgs/tools/misc/mmake/default.nix index 2172b8b958c..b95033bea24 100644 --- a/pkgs/tools/misc/mmake/default.nix +++ b/pkgs/tools/misc/mmake/default.nix @@ -15,7 +15,8 @@ buildGoModule rec { ldflags = [ "-s" "-w" ]; - checkFlags = [ "-short" ]; + # Almost all tests require non-local networking, trying to resolve githubusercontent.com. + doCheck = false; meta = with lib; { homepage = "https://github.com/tj/mmake"; diff --git a/pkgs/tools/security/gnupg/23.nix b/pkgs/tools/security/gnupg/23.nix index d9ad2d0a276..13364f5498a 100644 --- a/pkgs/tools/security/gnupg/23.nix +++ b/pkgs/tools/security/gnupg/23.nix @@ -15,11 +15,11 @@ assert guiSupport -> pinentry != null && enableMinimal == false; stdenv.mkDerivation rec { pname = "gnupg"; - version = "2.3.4"; + version = "2.3.6"; src = fetchurl { url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; - sha256 = "sha256-80aOyvsdf5rXtR/R23rr8XzridLvqKBc8vObTUBUAq4="; + sha256 = "sha256-Iff+L8XC8hQYSrBQl37HqOME5Yv64qsJj+xp+Pq9qcE="; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; @@ -34,6 +34,12 @@ stdenv.mkDerivation rec { ./tests-add-test-cases-for-import-without-uid.patch ./allow-import-of-previously-known-keys-even-without-UI.patch ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch + + # Patch from upstream 34c649b36013, https://dev.gnupg.org/T6027 + ./CVE-2022-34903-g10-fix-garbled-status-messages-in-NOTATION_DATA.patch + + # Patch for DoS vuln from https://seclists.org/oss-sec/2022/q3/27 + ./v3-0001-Disallow-compressed-signatures-and-certificates.patch ]; postPatch = '' sed -i 's,\(hkps\|https\)://keyserver.ubuntu.com,hkps://keys.openpgp.org,g' configure configure.ac doc/dirmngr.texi doc/gnupg.info-1 diff --git a/pkgs/tools/security/gnupg/CVE-2022-34903-g10-fix-garbled-status-messages-in-NOTATION_DATA.patch b/pkgs/tools/security/gnupg/CVE-2022-34903-g10-fix-garbled-status-messages-in-NOTATION_DATA.patch new file mode 100644 index 00000000000..4383475a1c8 --- /dev/null +++ b/pkgs/tools/security/gnupg/CVE-2022-34903-g10-fix-garbled-status-messages-in-NOTATION_DATA.patch @@ -0,0 +1,45 @@ +commit 34c649b3601383cd11dbc76221747ec16fd68e1b +Author: Werner Koch <wk@gnupg.org> +Date: 2022-06-14 11:33:27 +0200 + + g10: Fix garbled status messages in NOTATION_DATA + + * g10/cpr.c (write_status_text_and_buffer): Fix off-by-one + -- + + Depending on the escaping and line wrapping the computed remaining + buffer length could be wrong. Fixed by always using a break to + terminate the escape detection loop. Might have happened for all + status lines which may wrap. + + GnuPG-bug-id: T6027 + +diff --git a/g10/cpr.c b/g10/cpr.c +index 9bfdd3c34..fa8005d6f 100644 +--- a/g10/cpr.c ++++ b/g10/cpr.c +@@ -372,20 +372,15 @@ write_status_text_and_buffer (int no, const char *string, + } + first = 0; + } +- for (esc=0, s=buffer, n=len; n && !esc; s++, n--) ++ for (esc=0, s=buffer, n=len; n; s++, n--) + { + if (*s == '%' || *(const byte*)s <= lower_limit + || *(const byte*)s == 127 ) + esc = 1; + if (wrap && ++count > wrap) +- { +- dowrap=1; +- break; +- } +- } +- if (esc) +- { +- s--; n++; ++ dowrap=1; ++ if (esc || dowrap) ++ break; + } + if (s != buffer) + es_fwrite (buffer, s-buffer, 1, statusfp); diff --git a/pkgs/tools/security/gnupg/v3-0001-Disallow-compressed-signatures-and-certificates.patch b/pkgs/tools/security/gnupg/v3-0001-Disallow-compressed-signatures-and-certificates.patch new file mode 100644 index 00000000000..267085dff4c --- /dev/null +++ b/pkgs/tools/security/gnupg/v3-0001-Disallow-compressed-signatures-and-certificates.patch @@ -0,0 +1,216 @@ +From 459b61fa21db755d6c879c3ef9ab85b3d1786c9f Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour <demi () invisiblethingslab com> +Date: Fri, 27 May 2022 19:51:19 -0400 +Subject: [PATCH GnuPG v3] Disallow compressed signatures and certificates + +Compressed packets have significant attack surface, due to the potential +for both denial of service (zip bombs and the like) and for code +execution via memory corruption vulnerabilities in the decompressor. +Furthermore, I am not aware of any implementation that uses them in keys +or detached signatures. Therefore, disallow their use in such contexts +entirely. This includes signatures that are part of a cleartext-signed +message. + +When parsing detached signatures, forbid any packet that is not a +signature or marker packet. When parsing keys, return an error when +encountering a compressed packet, instead of decompressing the packet. + +Furthermore, certificates, keys, and signatures are not allowed to +contain partial-length or indeterminate-length packets. Reject those in +parse_packet, rather than activating the partial-length filter code. +This is not (yet) implemented for cleartext-signed messages, as these +messages are internally represented as inline-signed messages. + +GnuPG-bug-id: T5993 +Signed-off-by: Demi Marie Obenour <demiobenour () gmail com> +--- + g10/import.c | 18 ++---------------- + g10/mainproc.c | 24 +++++++++++++++++++++--- + g10/packet.h | 2 ++ + g10/parse-packet.c | 44 +++++++++++++++++++++++++++++++++++++++++++- + 4 files changed, 68 insertions(+), 20 deletions(-) + +diff --git a/g10/import.c b/g10/import.c +index bb0bf67934a8316130cde182cd43d56353e0171d..a8136351f6f7dae8c65634ed8e1c242d323e2009 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -1042,22 +1042,8 @@ read_block( IOBUF a, unsigned int options, + switch (pkt->pkttype) + { + case PKT_COMPRESSED: +- if (check_compress_algo (pkt->pkt.compressed->algorithm)) +- { +- rc = GPG_ERR_COMPR_ALGO; +- goto ready; +- } +- else +- { +- compress_filter_context_t *cfx = xmalloc_clear( sizeof *cfx ); +- pkt->pkt.compressed->buf = NULL; +- if (push_compress_filter2 (a, cfx, +- pkt->pkt.compressed->algorithm, 1)) +- xfree (cfx); /* e.g. in case of compression_algo NONE. */ +- } +- free_packet (pkt, &parsectx); +- init_packet(pkt); +- break; ++ rc = GPG_ERR_UNEXPECTED; ++ goto ready; + + case PKT_RING_TRUST: + /* Skip those packets unless we are in restore mode. */ +diff --git a/g10/mainproc.c b/g10/mainproc.c +index af11877aa257e46662c42b6ff573ee01c3ad1547..3629fc921b742afd131e8d8e2664b201095990f0 100644 +--- a/g10/mainproc.c ++++ b/g10/mainproc.c +@@ -152,6 +152,7 @@ add_onepass_sig (CTX c, PACKET *pkt) + { + kbnode_t node; + ++ log_assert(!(c->sigs_only && c->signed_data.used)); + if (c->list) /* Add another packet. */ + add_kbnode (c->list, new_kbnode (pkt)); + else /* Insert the first one. */ +@@ -1076,8 +1077,16 @@ proc_compressed (CTX c, PACKET *pkt) + int rc; + + /*printf("zip: compressed data packet\n");*/ +- if (c->sigs_only) +- rc = handle_compressed (c->ctrl, c, zd, proc_compressed_cb, c); ++ if ( literals_seen ) ++ { ++ log_error ("Compressed packet follows literal data packet\n"); ++ rc = GPG_ERR_UNEXPECTED; ++ } ++ else if ( c->sigs_only ) ++ { ++ log_assert(!c->signed_data.used); ++ rc = handle_compressed (c->ctrl, c, zd, proc_compressed_cb, c); ++ } + else if( c->encrypt_only ) + rc = handle_compressed (c->ctrl, c, zd, proc_encrypt_cb, c); + else +@@ -1596,6 +1605,7 @@ do_proc_packets (CTX c, iobuf_t a) + c->iobuf = a; + init_packet(pkt); + init_parse_packet (&parsectx, a); ++ parsectx.sigs_only = c->sigs_only && c->signed_data.used; + while ((rc=parse_packet (&parsectx, pkt)) != -1) + { + any_data = 1; +@@ -1607,6 +1617,12 @@ do_proc_packets (CTX c, iobuf_t a) + if (gpg_err_code (rc) == GPG_ERR_INV_PACKET + && opt.list_packets == 0) + break; ++ ++ if (gpg_err_code (rc) == GPG_ERR_UNEXPECTED) ++ { ++ write_status_text( STATUS_UNEXPECTED, "0" ); ++ goto leave; ++ } + continue; + } + newpkt = -1; +@@ -1644,7 +1660,9 @@ do_proc_packets (CTX c, iobuf_t a) + case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break; + case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break; + case PKT_GPG_CONTROL: newpkt = add_gpg_control (c, pkt); break; +- default: newpkt = 0; break; ++ default: ++ log_assert(!c->signed_data.used); ++ newpkt = 0; break; + } + } + else if (c->encrypt_only) +diff --git a/g10/packet.h b/g10/packet.h +index 5a14015a16c872fe7b0b15468598daf7a05ffc02..82dfe786b46051491e7015e64441678140defa9e 100644 +--- a/g10/packet.h ++++ b/g10/packet.h +@@ -657,6 +657,7 @@ struct parse_packet_ctx_s + int free_last_pkt; /* Indicates that LAST_PKT must be freed. */ + int skip_meta; /* Skip ring trust packets. */ + unsigned int n_parsed_packets; /* Number of parsed packets. */ ++ int sigs_only; /* Only accept detached signature packets */ + }; + typedef struct parse_packet_ctx_s *parse_packet_ctx_t; + +@@ -667,6 +668,7 @@ typedef struct parse_packet_ctx_s *parse_packet_ctx_t; + (a)->free_last_pkt = 0; \ + (a)->skip_meta = 0; \ + (a)->n_parsed_packets = 0; \ ++ (a)->sigs_only = 0; \ + } while (0) + + #define deinit_parse_packet(a) do { \ +diff --git a/g10/parse-packet.c b/g10/parse-packet.c +index cea1f7ebc5daec3863ae963c1ab25500f86796fe..dca66ff427ea6778e536782ec6bda83584877342 100644 +--- a/g10/parse-packet.c ++++ b/g10/parse-packet.c +@@ -738,6 +738,20 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, + case PKT_ENCRYPTED_MDC: + case PKT_ENCRYPTED_AEAD: + case PKT_COMPRESSED: ++ if (ctx->sigs_only) ++ { ++ log_error (_("partial length packet of type %d in detached" ++ " signature\n"), pkttype); ++ rc = gpg_error (GPG_ERR_UNEXPECTED); ++ goto leave; ++ } ++ if (onlykeypkts) ++ { ++ log_error (_("partial length packet of type %d in keyring\n"), ++ pkttype); ++ rc = gpg_error (GPG_ERR_UNEXPECTED); ++ goto leave; ++ } + iobuf_set_partial_body_length_mode (inp, c & 0xff); + pktlen = 0; /* To indicate partial length. */ + partial = 1; +@@ -775,6 +789,20 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, + rc = gpg_error (GPG_ERR_INV_PACKET); + goto leave; + } ++ else if (ctx->sigs_only) ++ { ++ log_error (_("indeterminate length packet of type %d in detached" ++ " signature\n"), pkttype); ++ rc = gpg_error (GPG_ERR_UNEXPECTED); ++ goto leave; ++ } ++ else if (onlykeypkts) ++ { ++ log_error (_("indeterminate length packet of type %d in" ++ " keyring\n"), pkttype); ++ rc = gpg_error (GPG_ERR_UNEXPECTED); ++ goto leave; ++ } + } + else + { +@@ -828,7 +856,21 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, + goto leave; + } + +- if (with_uid && pkttype == PKT_USER_ID) ++ if (ctx->sigs_only) ++ switch (pkttype) ++ { ++ case PKT_SIGNATURE: ++ case PKT_MARKER: ++ break; ++ default: ++ log_error(_("Packet type %d not allowed in detached signature\n"), ++ pkttype); ++ iobuf_skip_rest (inp, pktlen, partial); ++ *skip = 1; ++ rc = GPG_ERR_UNEXPECTED; ++ goto leave; ++ } ++ else if (with_uid && pkttype == PKT_USER_ID) + /* If ONLYKEYPKTS is set to 2, then we never skip user id packets, + even if DO_SKIP is set. */ + ; +-- +2.36.1 + diff --git a/pkgs/tools/system/skeema/default.nix b/pkgs/tools/system/skeema/default.nix index 56ee0e69aa1..be18340de70 100644 --- a/pkgs/tools/system/skeema/default.nix +++ b/pkgs/tools/system/skeema/default.nix @@ -1,4 +1,4 @@ -{ lib, buildGoModule, fetchFromGitHub }: +{ lib, buildGoModule, fetchFromGitHub, coreutils }: buildGoModule rec { pname = "skeema"; @@ -17,6 +17,29 @@ buildGoModule rec { ldflags = [ "-s" "-w" ]; + preCheck = '' + # Disable tests requiring network access to gitlab.com + buildFlagsArray+=("-run" "[^(Test(ParseDir(Symlinks|))|DirRelPath)]") + + # Fix tests expecting /usr/bin/printf and /bin/echo + substituteInPlace skeema_cmd_test.go \ + --replace /usr/bin/printf "${coreutils}/bin/printf" + + substituteInPlace internal/fs/dir_test.go \ + --replace /bin/echo "${coreutils}/bin/echo" \ + --replace /usr/bin/printf "${coreutils}/bin/printf" + + substituteInPlace internal/applier/ddlstatement_test.go \ + --replace /bin/echo "${coreutils}/bin/echo" + + substituteInPlace internal/util/shellout_unix_test.go \ + --replace /bin/echo "${coreutils}/bin/echo" \ + --replace /usr/bin/printf "${coreutils}/bin/printf" + + substituteInPlace internal/util/shellout_unix_test.go \ + --replace /bin/echo "${coreutils}/bin/echo" + ''; + checkFlags = [ "-short" ]; meta = with lib; { diff --git a/pkgs/tools/text/gucci/default.nix b/pkgs/tools/text/gucci/default.nix index 3e87b7cb79c..8d9bd5279af 100644 --- a/pkgs/tools/text/gucci/default.nix +++ b/pkgs/tools/text/gucci/default.nix @@ -21,6 +21,14 @@ buildGoModule rec { checkFlags = [ "-short" ]; + # Integration tests rely on Ginkgo but fail. + # Related: https://github.com/onsi/ginkgo/issues/602 + # + # Disable integration tests. + preCheck = '' + buildFlagsArray+=("-run" "[^(TestIntegration)]") + ''; + meta = with lib; { description = "A simple CLI templating tool written in golang"; homepage = "https://github.com/noqcks/gucci"; diff --git a/pkgs/tools/typesetting/asciidoc/default.nix b/pkgs/tools/typesetting/asciidoc/default.nix index ed07c5588fe..64061c84183 100644 --- a/pkgs/tools/typesetting/asciidoc/default.nix +++ b/pkgs/tools/typesetting/asciidoc/default.nix @@ -1,39 +1,39 @@ { fetchurl, lib, stdenv, python3 , fetchFromGitHub, autoreconfHook +, installShellFiles , enableStandardFeatures ? false -, sourceHighlight ? null -, highlight ? null -, pygments ? null -, graphviz ? null -, texlive ? null -, dblatexFull ? null -, libxslt ? null -, w3m ? null -, lynx ? null -, imagemagick ? null -, lilypond ? null -, libxml2 ? null -, docbook_xml_dtd_45 ? null -, docbook_xsl_ns ? null -, docbook_xsl ? null -, fop ? null -# TODO: Package this: -#, epubcheck ? null -, gnused ? null -, coreutils ? null +, sourceHighlight +, highlight +, pygments +, graphviz +, texlive +, dblatexFull +, libxslt +, w3m +, lynx +, imagemagick +, lilypond +, libxml2 +, docbook_xml_dtd_45 +, docbook_xsl_ns +, docbook_xsl +, fop +, epubcheck +, gnused +, coreutils # if true, enable all the below filters and backends , enableExtraPlugins ? false # unzip is needed to extract filter and backend plugins -, unzip ? null +, unzip # filters -, enableDitaaFilter ? false, jre ? null -, enableMscgenFilter ? false, mscgen ? null -, enableDiagFilter ? false, blockdiag ? null, seqdiag ? null, actdiag ? null, nwdiag ? null -, enableQrcodeFilter ? false, qrencode ? null -, enableMatplotlibFilter ? false, matplotlib ? null, numpy ? null -, enableAafigureFilter ? false, aafigure ? null, recursivePthLoader ? null +, enableDitaaFilter ? false, jre +, enableMscgenFilter ? false, mscgen +, enableDiagFilter ? false, blockdiag, seqdiag, actdiag, nwdiag +, enableQrcodeFilter ? false, qrencode +, enableMatplotlibFilter ? false, matplotlib, numpy +, enableAafigureFilter ? false, aafigure, recursivePthLoader # backends , enableDeckjsBackend ? false , enableOdfBackend ? false @@ -44,38 +44,6 @@ , buildPackages }: -assert enableStandardFeatures -> - sourceHighlight != null && - highlight != null && - pygments != null && - graphviz != null && - texlive != null && - dblatexFull != null && - libxslt != null && - w3m != null && - lynx != null && - imagemagick != null && - lilypond != null && - libxml2 != null && - docbook_xml_dtd_45 != null && - docbook_xsl_ns != null && - docbook_xsl != null && - (fop != null || !enableJava) && -# TODO: Package this: -# epubcheck != null && - gnused != null && - coreutils != null; - -# filters -assert enableExtraPlugins || enableDitaaFilter || enableMscgenFilter || enableDiagFilter || enableQrcodeFilter || enableAafigureFilter -> unzip != null; -assert (enableExtraPlugins && enableJava) || enableDitaaFilter -> jre != null; -assert enableExtraPlugins || enableMscgenFilter -> mscgen != null; -assert enableExtraPlugins || enableDiagFilter -> blockdiag != null && seqdiag != null && actdiag != null && nwdiag != null; -assert enableExtraPlugins || enableMatplotlibFilter -> matplotlib != null && numpy != null; -assert enableExtraPlugins || enableAafigureFilter -> aafigure != null && recursivePthLoader != null; -# backends -assert enableExtraPlugins || enableDeckjsBackend || enableOdfBackend -> unzip != null; - let _enableDitaaFilter = (enableExtraPlugins && enableJava) || enableDitaaFilter; @@ -144,26 +112,24 @@ let sha256 = "08ya4bskygzqkfqwjllpg31qc5k08xp2k78z9b2480g8y57bfy10"; }; -in - -stdenv.mkDerivation rec { +in python3.pkgs.buildPythonApplication rec { pname = "asciidoc" + lib.optionalString enableStandardFeatures "-full" + lib.optionalString enableExtraPlugins "-with-plugins"; - version = "9.1.0"; + version = "10.2.0"; - # Note: a substitution to improve reproducibility should be updated once 10.0.0 is - # released. See the comment in `patchPhase` for more information. src = fetchFromGitHub { - owner = "asciidoc"; - repo = "asciidoc-py3"; + owner = "asciidoc-py"; + repo = "asciidoc-py"; rev = version; - sha256 = "1clf1axkns23wfmh48xfspzsnw04pjh4mq1pshpzvj0cwxhz0yaq"; + hash = "sha256-TqC0x9xB6e2d6Wc9bgnlqgZVOmYHmUUKfE/CKAiEtag="; }; - strictDeps = true; - nativeBuildInputs = [ python3 unzip autoreconfHook ]; - buildInputs = [ python3 ]; + nativeBuildInputs = [ + autoreconfHook + installShellFiles + unzip + ]; # install filters early, so their shebangs are patched too postPatch = with lib; '' @@ -230,22 +196,22 @@ stdenv.mkDerivation rec { -e "s|twopi|${graphviz}/bin/twopi|g" \ -e "s|circo|${graphviz}/bin/circo|g" \ -e "s|fdp|${graphviz}/bin/fdp|g" \ - -i "filters/graphviz/graphviz2png.py" + -i "asciidoc/resources/filters/graphviz/graphviz2png.py" sed -e "s|run('latex|run('${texlive}/bin/latex|g" \ -e "s|cmd = 'dvipng'|cmd = '${texlive}/bin/dvipng'|g" \ -e "s|cmd = 'dvisvgm'|cmd = '${texlive}/bin/dvisvgm'|g" \ - -i "filters/latex/latex2img.py" + -i "asciidoc/resources/filters/latex/latex2img.py" sed -e "s|run('abc2ly|run('${lilypond}/bin/abc2ly|g" \ -e "s|run('lilypond|run('${lilypond}/bin/lilypond|g" \ -e "s|run('convert|run('${imagemagick.out}/bin/convert|g" \ - -i "filters/music/music2png.py" + -i "asciidoc/resources/filters/music/music2png.py" sed -e 's|filter="source-highlight|filter="${sourceHighlight}/bin/source-highlight|' \ -e 's|filter="highlight|filter="${highlight}/bin/highlight|' \ -e 's|filter="pygmentize|filter="${pygments}/bin/pygmentize|' \ - -i "filters/source/source-highlight-filter.conf" + -i "asciidoc/resources/filters/source/source-highlight-filter.conf" # ENV is custom environment passed to programs that a2x invokes. Here we # use it to work around an impurity in the tetex package; tetex tools @@ -260,55 +226,45 @@ stdenv.mkDerivation rec { -e "s|^W3M =.*|W3M = '${w3m}/bin/w3m'|" \ -e "s|^LYNX =.*|LYNX = '${lynx}/bin/lynx'|" \ -e "s|^XMLLINT =.*|XMLLINT = '${libxml2.bin}/bin/xmllint'|" \ - -e "s|^EPUBCHECK =.*|EPUBCHECK = 'nixpkgs_is_missing_epubcheck'|" \ - -i a2x.py + -e "s|^EPUBCHECK =.*|EPUBCHECK = '${epubcheck}/bin/epubcheck'|" \ + -i asciidoc/a2x.py '' else '' sed -e "s|^ENV =.*|ENV = dict(XML_CATALOG_FILES='${docbook_xml_dtd_45}/xml/dtd/docbook/catalog.xml ${docbook_xsl_ns}/xml/xsl/docbook/catalog.xml ${docbook_xsl}/xml/xsl/docbook/catalog.xml')|" \ -e "s|^XSLTPROC =.*|XSLTPROC = '${libxslt.bin}/bin/xsltproc'|" \ -e "s|^XMLLINT =.*|XMLLINT = '${libxml2.bin}/bin/xmllint'|" \ - -i a2x.py + -i asciidoc/a2x.py '') + '' - patchShebangs --host \ - asciidoc.py \ - a2x.py \ - tests/testasciidoc.py \ - filters/code/code-filter.py \ - filters/latex/latex2img.py \ - filters/music/music2png.py \ - filters/unwraplatex.py \ - filters/graphviz/graphviz2png.py - - # Hardcode the path to its own asciidoc. - # This helps with cross-compilation. - substituteInPlace a2x.py \ - --replace "find_executable(ASCIIDOC)" "'${placeholder "out"}/bin/asciidoc'" - - # Note: this substitution will not work in the planned 10.0.0 release: - # - # https://github.com/asciidoc/asciidoc-py3/commit/dfffda23381014481cd13e8e9d8f131e1f93f08a - # - # Update this substitution to: - # - # --replace "python3 -m asciidoc.a2x" "python3 -m asciidoc.a2x -a revdate=01/01/1980" - substituteInPlace Makefile.in \ - --replace "python3 a2x.py" "python3 a2x.py -a revdate=01/01/1980" - # Fix tests for f in $(grep -R --files-with-matches "2002-11-25") ; do - substituteInPlace $f --replace "2002-11-25" "1970-01-01" - substituteInPlace $f --replace "00:37:42" "00:00:01" + substituteInPlace $f --replace "2002-11-25" "1980-01-02" + substituteInPlace $f --replace "00:37:42" "00:00:00" done '' + lib.optionalString (stdenv.buildPlatform != stdenv.hostPlatform) '' # We want to use asciidoc from the build platform to build the documentation. substituteInPlace Makefile.in \ - --replace "python3 a2x.py" "python3 ${buildPackages.asciidoc}/bin/a2x.py" + --replace "python3 -m asciidoc.a2x" "${buildPackages.asciidoc}/bin/a2x" ''; - preInstall = "mkdir -p $out/etc/vim"; - makeFlags = lib.optional stdenv.isCygwin "DESTDIR=/."; + postBuild = '' + make manpages + ''; + + postInstall = '' + installManPage doc/asciidoc.1 doc/a2x.1 doc/testasciidoc.1 + ''; + + checkInputs = with python3.pkgs; [ + pytest + pytest-mock + ]; - checkInputs = [ sourceHighlight ]; - doCheck = true; + checkPhase = '' + runHook preCheck + + make test + + runHook postCheck + ''; meta = with lib; { description = "Text-based document generation system"; @@ -325,9 +281,10 @@ stdenv.mkDerivation rec { sourceProvenance = with sourceTypes; [ fromSource ] ++ lib.optional _enableDitaaFilter binaryBytecode; - homepage = "http://www.methods.co.nz/asciidoc/"; + homepage = "https://asciidoc-py.github.io/"; + changelog = "https://github.com/asciidoc-py/asciidoc-py/blob/${src.rev}/CHANGELOG.adoc"; license = licenses.gpl2Plus; platforms = platforms.unix; - maintainers = [ maintainers.bjornfor ]; + maintainers = with maintainers; [ bjornfor dotlambda ]; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f662ccf890d..4b9c2055dee 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -4601,21 +4601,17 @@ with pkgs; arpoison = callPackage ../tools/networking/arpoison { }; asciidoc = callPackage ../tools/typesetting/asciidoc { - inherit (python3.pkgs) matplotlib numpy aafigure recursivePthLoader; + inherit (python3.pkgs) pygments matplotlib numpy aafigure recursivePthLoader; + texlive = texlive.combine { inherit (texlive) scheme-minimal dvipng; }; + w3m = w3m-batch; enableStandardFeatures = false; }; asciidoc-full = asciidoc.override { - inherit (python3.pkgs) pygments; - texlive = texlive.combine { inherit (texlive) scheme-minimal dvipng; }; - w3m = w3m-batch; enableStandardFeatures = true; }; asciidoc-full-with-plugins = asciidoc.override { - inherit (python3.pkgs) pygments; - texlive = texlive.combine { inherit (texlive) scheme-minimal dvipng; }; - w3m = w3m-batch; enableStandardFeatures = true; enableExtraPlugins = true; }; @@ -15527,20 +15523,27 @@ with pkgs; ctmg = callPackage ../tools/security/ctmg { }; - cmake = libsForQt5.callPackage ../development/tools/build-managers/cmake { + cmake = callPackage ../development/tools/build-managers/cmake { inherit (darwin.apple_sdk.frameworks) SystemConfiguration; + inherit (libsForQt5) qtbase wrapQtAppsHook; }; - cmakeMinimal = libsForQt5.callPackage ../development/tools/build-managers/cmake { + cmakeMinimal = callPackage ../development/tools/build-managers/cmake { isBootstrap = true; + qtbase = null; + wrapQtAppsHook = null; # There is no SystemConfiguration in bootstrapTools, so this version gets # patched to remove that dependency. SystemConfiguration = null; }; - cmakeCurses = cmake.override { useNcurses = true; }; + cmakeCurses = cmake.override { + uiToolkits = [ "ncurses" ]; + }; - cmakeWithGui = cmakeCurses.override { withQt5 = true; }; + cmakeWithGui = cmake.override { + uiToolkits = [ "ncurses" "qt5" ]; + }; cmake-format = python3Packages.callPackage ../development/tools/cmake-format { }; @@ -21042,23 +21045,6 @@ with pkgs; sphinx = with python3Packages; toPythonApplication sphinx; - # A variation of sphinx that is only suitable for offline use as it excludes - # pyopenssl, which is broken on aarch64-darwin. - # https://github.com/NixOS/nixpkgs/issues/175875 - sphinx_offline = - if !(stdenv.buildPlatform.isDarwin && stdenv.buildPlatform.isAarch64) - then sphinx - else - sphinx.override (o: { - requests = pkgsBuildTarget.python3Packages.requests.override (o: { - urllib3 = pkgsBuildTarget.python3Packages.urllib3.overrideAttrs (o: { - # urllib3 adds the optional pyopenssl to propagatedBuildInputs - # pkgs/development/python-modules/urllib3/default.nix - propagatedBuildInputs = []; - }); - }); - }); - sphinx-autobuild = with python3Packages; toPythonApplication sphinx-autobuild; sphinx-serve = with python3Packages; toPythonApplication sphinx-serve; @@ -23452,7 +23438,7 @@ with pkgs; # latest 6.8 mysteriously fails to parse '@headings single': # https://lists.gnu.org/archive/html/bug-texinfo/2021-09/msg00011.html - texinfo = texinfo6_7; + texinfo = buildPackages.texinfo6_7; }; gpm-ncurses = gpm.override { inherit ncurses; }; diff --git a/pkgs/top-level/haskell-packages.nix b/pkgs/top-level/haskell-packages.nix index 54a050be73f..b0d4a7325ce 100644 --- a/pkgs/top-level/haskell-packages.nix +++ b/pkgs/top-level/haskell-packages.nix @@ -49,8 +49,6 @@ let # Use this rather than `rec { ... }` below for sake of overlays. inherit (pkgs.haskell) compiler packages; - sphinx = buildPackages.sphinx_offline; - in { lib = haskellLibUncomposable; @@ -99,7 +97,7 @@ in { packages.ghc8102Binary else packages.ghc865Binary; - inherit sphinx; + inherit (buildPackages.python3Packages) sphinx; buildTargetLlvmPackages = pkgsBuildTarget.llvmPackages_7; llvmPackages = pkgs.llvmPackages_7; }; @@ -110,9 +108,12 @@ in { # Musl bindists do not exist for ghc 8.6.5, so we use 8.10.* for them if stdenv.isAarch64 || stdenv.isAarch32 then packages.ghc8107BinaryMinimal + else if stdenv.hostPlatform.isPower64 && stdenv.hostPlatform.isLittleEndian then + # to my (@a-m-joseph) knowledge there are no newer official binaries for this platform + packages.ghc865Binary else packages.ghc8107Binary; - inherit sphinx; + inherit (buildPackages.python3Packages) sphinx; # Need to use apple's patched xattr until # https://github.com/xattr/xattr/issues/44 and # https://github.com/xattr/xattr/issues/55 are solved. @@ -126,9 +127,11 @@ in { # the oldest ghc with aarch64-darwin support is 8.10.5 if stdenv.isAarch64 || stdenv.isAarch32 then packages.ghc8107BinaryMinimal + else if stdenv.hostPlatform.isPower64 && stdenv.hostPlatform.isLittleEndian then + packages.ghc8107 else packages.ghc8107Binary; - inherit sphinx; + inherit (buildPackages.python3Packages) sphinx; inherit (buildPackages.darwin) autoSignDarwinBinariesHook xattr; buildTargetLlvmPackages = pkgsBuildTarget.llvmPackages_12; llvmPackages = pkgs.llvmPackages_12; @@ -138,9 +141,11 @@ in { # aarch64 ghc8107Binary exceeds max output size on hydra if stdenv.isAarch64 || stdenv.isAarch32 then packages.ghc8107BinaryMinimal + else if stdenv.hostPlatform.isPower64 && stdenv.hostPlatform.isLittleEndian then + packages.ghc8107 else packages.ghc8107Binary; - inherit sphinx; + inherit (buildPackages.python3Packages) sphinx; # Need to use apple's patched xattr until # https://github.com/xattr/xattr/issues/44 and # https://github.com/xattr/xattr/issues/55 are solved. @@ -149,8 +154,12 @@ in { llvmPackages = pkgs.llvmPackages_12; }; ghcHEAD = callPackage ../development/compilers/ghc/head.nix { - bootPkgs = packages.ghc8107Binary; - inherit sphinx; + bootPkgs = + if stdenv.hostPlatform.isPower64 && stdenv.hostPlatform.isLittleEndian then + packages.ghc8107 + else + packages.ghc8107Binary; + inherit (buildPackages.python3Packages) sphinx; # Need to use apple's patched xattr until # https://github.com/xattr/xattr/issues/44 and # https://github.com/xattr/xattr/issues/55 are solved. |