diff options
54 files changed, 1109 insertions, 842 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md index 4e8bd364281..20fe17df469 100644 --- a/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixos/doc/manual/release-notes/rl-2311.section.md @@ -164,6 +164,18 @@ The module update takes care of the new config syntax and the data itself (user - The use of `sourceRoot = "source";`, `sourceRoot = "source/subdir";`, and similar lines in package derivations using the default `unpackPhase` is deprecated as it requires `unpackPhase` to always produce a directory named "source". Use `sourceRoot = src.name`, `sourceRoot = "${src.name}/subdir";`, or `setSourceRoot = "sourceRoot=$(echo */subdir)";` or similar instead. +- The `django` alias in the python package set was upgraded to Django 4.x. + Applications that consume Django should always pin their python environment + to a compatible major version, so they can move at their own pace. + + ```nix + python = python3.override { + packageOverrides = self: super: { + django = super.django_3; + }; + }; + ``` + - The `qemu-vm.nix` module by default now identifies block devices via persistent names available in `/dev/disk/by-*`. Because the rootDevice is identfied by its filesystem label, it needs to be formatted before the VM is diff --git a/pkgs/applications/misc/privacyidea/default.nix b/pkgs/applications/misc/privacyidea/default.nix index 74efc4c1db0..2a7f6c50c73 100644 --- a/pkgs/applications/misc/privacyidea/default.nix +++ b/pkgs/applications/misc/privacyidea/default.nix @@ -9,6 +9,8 @@ let python3' = python310.override { packageOverrides = self: super: { + django = super.django_3; + sqlalchemy = super.sqlalchemy.overridePythonAttrs (oldAttrs: rec { version = "1.3.24"; src = fetchPypi { diff --git a/pkgs/build-support/cc-wrapper/cc-wrapper.sh b/pkgs/build-support/cc-wrapper/cc-wrapper.sh index 5350fc3cc9a..244a0bb6623 100644 --- a/pkgs/build-support/cc-wrapper/cc-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/cc-wrapper.sh @@ -246,10 +246,13 @@ if [[ -e @out@/nix-support/cc-wrapper-hook ]]; then fi if (( "${NIX_CC_USE_RESPONSE_FILE:-@use_response_file_by_default@}" >= 1 )); then - exec @prog@ @<(printf "%q\n" \ + responseFile=$(mktemp --tmpdir cc-params.XXXXXX) + trap 'rm -f -- "$responseFile"' EXIT + printf "%q\n" \ ${extraBefore+"${extraBefore[@]}"} \ ${params+"${params[@]}"} \ - ${extraAfter+"${extraAfter[@]}"}) + ${extraAfter+"${extraAfter[@]}"} > "$responseFile" + @prog@ "@$responseFile" else exec @prog@ \ ${extraBefore+"${extraBefore[@]}"} \ diff --git a/pkgs/build-support/go/module.nix b/pkgs/build-support/go/module.nix index 6c2284a7a98..586af56bd98 100644 --- a/pkgs/build-support/go/module.nix +++ b/pkgs/build-support/go/module.nix @@ -52,6 +52,9 @@ assert (args' ? vendorHash && args' ? vendorSha256) -> throw "both `vendorHash` let args = removeAttrs args' [ "overrideModAttrs" "vendorSha256" "vendorHash" ]; + GO111MODULE = "on"; + GOTOOLCHAIN = "local"; + goModules = if (vendorHash == null) then "" else (stdenv.mkDerivation { name = "${name}-go-modules"; @@ -60,6 +63,7 @@ let inherit (args) src; inherit (go) GOOS GOARCH; + inherit GO111MODULE GOTOOLCHAIN; # The following inheritence behavior is not trivial to expect, and some may # argue it's not ideal. Changing it may break vendor hashes in Nixpkgs and @@ -73,8 +77,6 @@ let postBuild = args.modPostBuild or ""; sourceRoot = args.sourceRoot or ""; - GO111MODULE = "on"; - impureEnvVars = lib.fetchers.proxyImpureEnvVars ++ [ "GIT_PROXY_COMMAND" "SOCKS_SERVER" @@ -85,6 +87,9 @@ let runHook preConfigure export GOCACHE=$TMPDIR/go-cache export GOPATH="$TMPDIR/go" + # fixes 'GOPROXY list is not the empty string, but contains no entries' + # "https://proxy.golang.org,direct" is the go default + export GOPROXY="''${GOPROXY:-"https://proxy.golang.org,direct"}" # respect impureEnvVars cd "${modRoot}" runHook postConfigure ''; @@ -149,9 +154,8 @@ let inherit (go) GOOS GOARCH; - GO111MODULE = "on"; GOFLAGS = lib.optionals (!proxyVendor) [ "-mod=vendor" ] ++ lib.optionals (!allowGoReference) [ "-trimpath" ]; - inherit CGO_ENABLED enableParallelBuilding; + inherit CGO_ENABLED enableParallelBuilding GO111MODULE GOTOOLCHAIN; configurePhase = args.configurePhase or ('' runHook preConfigure diff --git a/pkgs/build-support/go/package.nix b/pkgs/build-support/go/package.nix index b4cb264d9f2..7e099b76f0b 100644 --- a/pkgs/build-support/go/package.nix +++ b/pkgs/build-support/go/package.nix @@ -86,6 +86,7 @@ let inherit CGO_ENABLED enableParallelBuilding; GO111MODULE = "off"; + GOTOOLCHAIN = "local"; GOFLAGS = lib.optionals (!allowGoReference) [ "-trimpath" ]; GOARM = toString (lib.intersectLists [(stdenv.hostPlatform.parsed.cpu.version or "")] ["5" "6" "7"]); diff --git a/pkgs/build-support/setup-hooks/patch-shebangs.sh b/pkgs/build-support/setup-hooks/patch-shebangs.sh index 9a48440debe..e6872db1acd 100644 --- a/pkgs/build-support/setup-hooks/patch-shebangs.sh +++ b/pkgs/build-support/setup-hooks/patch-shebangs.sh @@ -11,11 +11,12 @@ fixupOutputHooks+=(patchShebangsAuto) # Run patch shebangs on a directory or file. # Can take multiple paths as arguments. -# patchShebangs [--build | --host] PATH... +# patchShebangs [--build | --host | --update] [--] PATH... # Flags: # --build : Lookup commands available at build-time # --host : Lookup commands available at runtime +# --update : Update shebang paths that are in Nix store # Example use cases, # $ patchShebangs --host /nix/store/...-hello-1.0/bin @@ -23,14 +24,35 @@ fixupOutputHooks+=(patchShebangsAuto) patchShebangs() { local pathName - - if [[ "$1" == "--host" ]]; then - pathName=HOST_PATH - shift - elif [[ "$1" == "--build" ]]; then - pathName=PATH - shift - fi + local update + + while [[ $# -gt 0 ]]; do + case "$1" in + --host) + pathName=HOST_PATH + shift + ;; + --build) + pathName=PATH + shift + ;; + --update) + update=true + shift + ;; + --) + shift + break + ;; + -*|--*) + echo "Unknown option $1 supplied to patchShebangs" >&2 + return 1 + ;; + *) + break + ;; + esac + done echo "patching script interpreter paths in $@" local f @@ -93,7 +115,7 @@ patchShebangs() { newInterpreterLine="$newPath $args" newInterpreterLine=${newInterpreterLine%${newInterpreterLine##*[![:space:]]}} - if [[ -n "$oldPath" && "${oldPath:0:${#NIX_STORE}}" != "$NIX_STORE" ]]; then + if [[ -n "$oldPath" && ( "$update" == true || "${oldPath:0:${#NIX_STORE}}" != "$NIX_STORE" ) ]]; then if [[ -n "$newPath" && "$newPath" != "$oldPath" ]]; then echo "$f: interpreter directive changed from \"$oldInterpreterLine\" to \"$newInterpreterLine\"" # escape the escape chars so that sed doesn't interpret them diff --git a/pkgs/build-support/setup-hooks/strip-tmp-aarch64.sh b/pkgs/build-support/setup-hooks/strip-tmp-aarch64.sh deleted file mode 100644 index 5f53e7e95b2..00000000000 --- a/pkgs/build-support/setup-hooks/strip-tmp-aarch64.sh +++ /dev/null @@ -1,90 +0,0 @@ -# This setup hook strips libraries and executables in the fixup phase. - -fixupOutputHooks+=(_doStrip) - -_doStrip() { - # We don't bother to strip build platform code because it shouldn't make it - # to $out anyways---if it does, that's a bigger problem that a lack of - # stripping will help catch. - local -ra flags=(dontStripHost dontStripTarget) - local -ra debugDirs=(stripDebugList stripDebugListTarget) - local -ra allDirs=(stripAllList stripAllListTarget) - local -ra stripCmds=(STRIP STRIP_FOR_TARGET) - local -ra ranlibCmds=(RANLIB RANLIB_FOR_TARGET) - - # TODO(structured-attrs): This doesn't work correctly if one of - # the items in strip*List or strip*Flags contains a space, - # even with structured attrs enabled. This is OK for now - # because very few packages set any of these, and it doesn't - # affect any of them. - # - # After __structuredAttrs = true is universal, come back and - # push arrays all the way through this logic. - - # Strip only host paths by default. Leave targets as is. - stripDebugList=${stripDebugList[*]:-lib lib32 lib64 libexec bin sbin} - stripDebugListTarget=${stripDebugListTarget[*]:-} - stripAllList=${stripAllList[*]:-} - stripAllListTarget=${stripAllListTarget[*]:-} - - local i - for i in ${!stripCmds[@]}; do - local -n flag="${flags[$i]}" - local -n debugDirList="${debugDirs[$i]}" - local -n allDirList="${allDirs[$i]}" - local -n stripCmd="${stripCmds[$i]}" - local -n ranlibCmd="${ranlibCmds[$i]}" - - # `dontStrip` disables them all - if [[ "${dontStrip-}" || "${flag-}" ]] || ! type -f "${stripCmd-}" 2>/dev/null 1>&2 - then continue; fi - - stripDirs "$stripCmd" "$ranlibCmd" "$debugDirList" "${stripDebugFlags[*]:--S -p}" - stripDirs "$stripCmd" "$ranlibCmd" "$allDirList" "${stripAllFlags[*]:--s -p}" - done -} - -stripDirs() { - local cmd="$1" - local ranlibCmd="$2" - local paths="$3" - local stripFlags="$4" - local pathsNew= - - [ -z "$cmd" ] && echo "stripDirs: Strip command is empty" 1>&2 && exit 1 - [ -z "$ranlibCmd" ] && echo "stripDirs: Ranlib command is empty" 1>&2 && exit 1 - - local p - for p in ${paths}; do - if [ -e "$prefix/$p" ]; then - pathsNew="${pathsNew} $prefix/$p" - fi - done - paths=${pathsNew} - - if [ -n "${paths}" ]; then - echo "stripping (with command $cmd and flags $stripFlags) in $paths" - local striperr - striperr="$(mktemp 'striperr.XXXXXX')" - # Do not strip lib/debug. This is a directory used by setup-hooks/separate-debug-info.sh. - find $paths -type f -a '!' -path "$prefix/lib/debug/*" -print0 | - # Make sure we process files under symlinks only once. Otherwise - # 'strip` can corrupt files when writes to them in parallel: - # https://github.com/NixOS/nixpkgs/issues/246147#issuecomment-1657072039 - xargs -r -0 -n1 -- realpath -z | sort -u -z | - - xargs -r -0 -n1 -P "$NIX_BUILD_CORES" -- $cmd $stripFlags 2>"$striperr" || exit_code=$? - # xargs exits with status code 123 if some but not all of the - # processes fail. We don't care if some of the files couldn't - # be stripped, so ignore specifically this code. - [[ "$exit_code" = 123 || -z "$exit_code" ]] || (cat "$striperr" 1>&2 && exit 1) - - rm "$striperr" - # 'strip' does not normally preserve archive index in .a files. - # This usually causes linking failures against static libs like: - # ld: ...-i686-w64-mingw32-stage-final-gcc-13.0.0-lib/i686-w64-mingw32/lib/libstdc++.dll.a: - # error adding symbols: archive has no index; run ranlib to add one - # Restore the index by running 'ranlib'. - find $paths -name '*.a' -type f -exec $ranlibCmd '{}' \; 2>/dev/null - fi -} diff --git a/pkgs/build-support/setup-hooks/strip.sh b/pkgs/build-support/setup-hooks/strip.sh index 1d65c10c523..5f53e7e95b2 100644 --- a/pkgs/build-support/setup-hooks/strip.sh +++ b/pkgs/build-support/setup-hooks/strip.sh @@ -68,6 +68,11 @@ stripDirs() { striperr="$(mktemp 'striperr.XXXXXX')" # Do not strip lib/debug. This is a directory used by setup-hooks/separate-debug-info.sh. find $paths -type f -a '!' -path "$prefix/lib/debug/*" -print0 | + # Make sure we process files under symlinks only once. Otherwise + # 'strip` can corrupt files when writes to them in parallel: + # https://github.com/NixOS/nixpkgs/issues/246147#issuecomment-1657072039 + xargs -r -0 -n1 -- realpath -z | sort -u -z | + xargs -r -0 -n1 -P "$NIX_BUILD_CORES" -- $cmd $stripFlags 2>"$striperr" || exit_code=$? # xargs exits with status code 123 if some but not all of the # processes fail. We don't care if some of the files couldn't diff --git a/pkgs/build-support/writers/scripts.nix b/pkgs/build-support/writers/scripts.nix index c43f10f0a2e..184ecee6877 100644 --- a/pkgs/build-support/writers/scripts.nix +++ b/pkgs/build-support/writers/scripts.nix @@ -92,12 +92,7 @@ rec { passAsFile = [ "content" ]; } else { contentPath = content; - }) // lib.optionalAttrs (stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64) { - # post-link-hook expects codesign_allocate to be in PATH - # https://github.com/NixOS/nixpkgs/issues/154203 - # https://github.com/NixOS/nixpkgs/issues/148189 - nativeBuildInputs = [ stdenv.cc.bintools ]; - } // lib.optionalAttrs (nameOrPath == "/bin/${name}") { + }) // lib.optionalAttrs (nameOrPath == "/bin/${name}") { meta.mainProgram = name; }) '' ${compileScript} diff --git a/pkgs/development/compilers/go/1.20.nix b/pkgs/development/compilers/go/1.20.nix index 18fa8db9879..bd226f32157 100644 --- a/pkgs/development/compilers/go/1.20.nix +++ b/pkgs/development/compilers/go/1.20.nix @@ -46,11 +46,11 @@ let in stdenv.mkDerivation rec { pname = "go"; - version = "1.20.6"; + version = "1.20.7"; src = fetchurl { url = "https://go.dev/dl/go${version}.src.tar.gz"; - hash = "sha256-Yu5bxvtVuLro9wXgy434bWRTYmtOz5MnnihnCS4Lf3A="; + hash = "sha256-LF7pyeweczsNu8K9/tP2IwblHYFyvzj09OVCsnUg9Zc="; }; strictDeps = true; diff --git a/pkgs/development/compilers/go/1.21.nix b/pkgs/development/compilers/go/1.21.nix new file mode 100644 index 00000000000..cdd91ab1e63 --- /dev/null +++ b/pkgs/development/compilers/go/1.21.nix @@ -0,0 +1,182 @@ +{ lib +, stdenv +, fetchurl +, tzdata +, substituteAll +, iana-etc +, Security +, Foundation +, xcbuild +, mailcap +, buildPackages +, pkgsBuildTarget +, threadsCross +, testers +, skopeo +, buildGo121Module +}: + +let + useGccGoBootstrap = stdenv.buildPlatform.isMusl || stdenv.buildPlatform.isRiscV; + goBootstrap = if useGccGoBootstrap then buildPackages.gccgo12 else buildPackages.callPackage ./bootstrap117.nix { }; + + skopeoTest = skopeo.override { buildGoModule = buildGo121Module; }; + + goarch = platform: { + "aarch64" = "arm64"; + "arm" = "arm"; + "armv5tel" = "arm"; + "armv6l" = "arm"; + "armv7l" = "arm"; + "i686" = "386"; + "mips" = "mips"; + "mips64el" = "mips64le"; + "mipsel" = "mipsle"; + "powerpc64le" = "ppc64le"; + "riscv64" = "riscv64"; + "s390x" = "s390x"; + "x86_64" = "amd64"; + }.${platform.parsed.cpu.name} or (throw "Unsupported system: ${platform.parsed.cpu.name}"); + + # We need a target compiler which is still runnable at build time, + # to handle the cross-building case where build != host == target + targetCC = pkgsBuildTarget.targetPackages.stdenv.cc; + + isCross = stdenv.buildPlatform != stdenv.targetPlatform; +in +stdenv.mkDerivation rec { + pname = "go"; + version = "1.21rc4"; + + src = fetchurl { + url = "https://go.dev/dl/go${version}.src.tar.gz"; + hash = "sha256-IyTyDxERKuw+XV5CjQRoYaNOT5neCrgqjZFNJrj7Af0="; + }; + + strictDeps = true; + buildInputs = [ ] + ++ lib.optionals stdenv.isLinux [ stdenv.cc.libc.out ] + ++ lib.optionals (stdenv.hostPlatform.libc == "glibc") [ stdenv.cc.libc.static ]; + + depsTargetTargetPropagated = lib.optionals stdenv.targetPlatform.isDarwin [ Foundation Security xcbuild ]; + + depsBuildTarget = lib.optional isCross targetCC; + + depsTargetTarget = lib.optional stdenv.targetPlatform.isWindows threadsCross.package; + + postPatch = '' + patchShebangs . + ''; + + patches = [ + (substituteAll { + src = ./iana-etc-1.17.patch; + iana = iana-etc; + }) + # Patch the mimetype database location which is missing on NixOS. + # but also allow static binaries built with NixOS to run outside nix + (substituteAll { + src = ./mailcap-1.17.patch; + inherit mailcap; + }) + # prepend the nix path to the zoneinfo files but also leave the original value for static binaries + # that run outside a nix server + (substituteAll { + src = ./tzdata-1.19.patch; + inherit tzdata; + }) + ./remove-tools-1.11.patch + ./go_no_vendor_checks-1.21.patch + ]; + + GOOS = stdenv.targetPlatform.parsed.kernel.name; + GOARCH = goarch stdenv.targetPlatform; + # GOHOSTOS/GOHOSTARCH must match the building system, not the host system. + # Go will nevertheless build a for host system that we will copy over in + # the install phase. + GOHOSTOS = stdenv.buildPlatform.parsed.kernel.name; + GOHOSTARCH = goarch stdenv.buildPlatform; + + # {CC,CXX}_FOR_TARGET must be only set for cross compilation case as go expect those + # to be different from CC/CXX + CC_FOR_TARGET = + if isCross then + "${targetCC}/bin/${targetCC.targetPrefix}cc" + else + null; + CXX_FOR_TARGET = + if isCross then + "${targetCC}/bin/${targetCC.targetPrefix}c++" + else + null; + + GOARM = toString (lib.intersectLists [ (stdenv.hostPlatform.parsed.cpu.version or "") ] [ "5" "6" "7" ]); + GO386 = "softfloat"; # from Arch: don't assume sse2 on i686 + CGO_ENABLED = 1; + + GOROOT_BOOTSTRAP = if useGccGoBootstrap then goBootstrap else "${goBootstrap}/share/go"; + + buildPhase = '' + runHook preBuild + export GOCACHE=$TMPDIR/go-cache + # this is compiled into the binary + export GOROOT_FINAL=$out/share/go + + export PATH=$(pwd)/bin:$PATH + + ${lib.optionalString isCross '' + # Independent from host/target, CC should produce code for the building system. + # We only set it when cross-compiling. + export CC=${buildPackages.stdenv.cc}/bin/cc + ''} + ulimit -a + + pushd src + ./make.bash + popd + runHook postBuild + ''; + + preInstall = '' + # Contains the wrong perl shebang when cross compiling, + # since it is not used for anything we can deleted as well. + rm src/regexp/syntax/make_perl_groups.pl + '' + (if (stdenv.buildPlatform.system != stdenv.hostPlatform.system) then '' + mv bin/*_*/* bin + rmdir bin/*_* + ${lib.optionalString (!(GOHOSTARCH == GOARCH && GOOS == GOHOSTOS)) '' + rm -rf pkg/${GOHOSTOS}_${GOHOSTARCH} pkg/tool/${GOHOSTOS}_${GOHOSTARCH} + ''} + '' else lib.optionalString (stdenv.hostPlatform.system != stdenv.targetPlatform.system) '' + rm -rf bin/*_* + ${lib.optionalString (!(GOHOSTARCH == GOARCH && GOOS == GOHOSTOS)) '' + rm -rf pkg/${GOOS}_${GOARCH} pkg/tool/${GOOS}_${GOARCH} + ''} + ''); + + installPhase = '' + runHook preInstall + mkdir -p $GOROOT_FINAL + cp -a bin pkg src lib misc api doc $GOROOT_FINAL + ln -s $GOROOT_FINAL/bin $out/bin + runHook postInstall + ''; + + disallowedReferences = [ goBootstrap ]; + + passthru = { + inherit goBootstrap skopeoTest; + tests = { + skopeo = testers.testVersion { package = skopeoTest; }; + }; + }; + + meta = with lib; { + changelog = "https://go.dev/doc/devel/release#go${lib.versions.majorMinor version}"; + description = "The Go Programming language"; + homepage = "https://go.dev/"; + license = licenses.bsd3; + maintainers = teams.golang.members; + platforms = platforms.darwin ++ platforms.linux; + }; +} diff --git a/pkgs/development/compilers/go/go_no_vendor_checks-1.21.patch b/pkgs/development/compilers/go/go_no_vendor_checks-1.21.patch new file mode 100644 index 00000000000..1adbf46398c --- /dev/null +++ b/pkgs/development/compilers/go/go_no_vendor_checks-1.21.patch @@ -0,0 +1,23 @@ +Starting from go1.14, go verifes that vendor/modules.txt matches the requirements +and replacements listed in the main module go.mod file, and it is a hard failure if +vendor/modules.txt is missing. + +Relax module consistency checks and switch back to pre go1.14 behaviour if +vendor/modules.txt is missing regardless of go version requirement in go.mod. + +This has been ported from FreeBSD: https://reviews.freebsd.org/D24122 +See https://github.com/golang/go/issues/37948 for discussion. + +diff --git a/src/cmd/go/internal/modload/vendor.go b/src/cmd/go/internal/modload/vendor.go +index ffc79bb93f..2d0311975d 100644 +--- a/src/cmd/go/internal/modload/vendor.go ++++ b/src/cmd/go/internal/modload/vendor.go +@@ -144,7 +144,7 @@ func checkVendorConsistency(index *modFileIndex, modFile *modfile.File) { + readVendorList(MainModules.mustGetSingleMainModule()) + + pre114 := false +- if gover.Compare(index.goVersion, "1.14") < 0 { ++ if gover.Compare(index.goVersion, "1.14") < 0 || (os.Getenv("GO_NO_VENDOR_CHECKS") == "1" && len(vendorMeta) == 0) { + // Go versions before 1.14 did not include enough information in + // vendor/modules.txt to check for consistency. + // If we know that we're on an earlier version, relax the consistency check. diff --git a/pkgs/development/libraries/gdk-pixbuf/default.nix b/pkgs/development/libraries/gdk-pixbuf/default.nix index bece2287c05..d982b772970 100644 --- a/pkgs/development/libraries/gdk-pixbuf/default.nix +++ b/pkgs/development/libraries/gdk-pixbuf/default.nix @@ -143,8 +143,9 @@ stdenv.mkDerivation (finalAttrs: { pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage; }; - # gdk_pixbuf_moduledir variable from gdk-pixbuf-2.0.pc - moduleDir = "lib/gdk-pixbuf-2.0/2.10.0/loaders"; + # gdk_pixbuf_binarydir and gdk_pixbuf_moduledir variables from gdk-pixbuf-2.0.pc + binaryDir = "lib/gdk-pixbuf-2.0/2.10.0"; + moduleDir = "${finalAttrs.passthru.binaryDir}/loaders"; }; meta = with lib; { diff --git a/pkgs/development/libraries/glibc/locales.nix b/pkgs/development/libraries/glibc/locales.nix index 86d6d1438b2..6a33464c672 100644 --- a/pkgs/development/libraries/glibc/locales.nix +++ b/pkgs/development/libraries/glibc/locales.nix @@ -12,14 +12,13 @@ (callPackage ./common.nix { inherit stdenv; } { pname = "glibc-locales"; + extraNativeBuildInputs = [ glibc ]; }).overrideAttrs(finalAttrs: previousAttrs: { builder = ./locales-builder.sh; outputs = [ "out" ]; - extraNativeBuildInputs = [ glibc ]; - LOCALEDEF_FLAGS = [ (if stdenv.hostPlatform.isLittleEndian then "--little-endian" diff --git a/pkgs/development/libraries/libavif/default.nix b/pkgs/development/libraries/libavif/default.nix index dca45186d4c..eb8a8b1e3b5 100644 --- a/pkgs/development/libraries/libavif/default.nix +++ b/pkgs/development/libraries/libavif/default.nix @@ -8,8 +8,15 @@ , libjpeg , dav1d , libyuv +, gdk-pixbuf +, makeWrapper }: +let + gdkPixbufModuleDir = "${placeholder "out"}/${gdk-pixbuf.moduleDir}"; + gdkPixbufModuleFile = "${placeholder "out"}/${gdk-pixbuf.binaryDir}/avif-loaders.cache"; +in + stdenv.mkDerivation rec { pname = "libavif"; version = "0.11.1"; @@ -29,14 +36,18 @@ stdenv.mkDerivation rec { "-DAVIF_CODEC_DAV1D=ON" # best decoder (fast) "-DAVIF_CODEC_AOM_DECODE=OFF" "-DAVIF_BUILD_APPS=ON" + "-DAVIF_BUILD_GDK_PIXBUF=ON" ]; nativeBuildInputs = [ cmake pkg-config + gdk-pixbuf + makeWrapper ]; buildInputs = [ + gdk-pixbuf libaom zlib libpng @@ -45,6 +56,23 @@ stdenv.mkDerivation rec { libyuv ]; + postPatch = '' + substituteInPlace contrib/gdk-pixbuf/avif.thumbnailer.in \ + --replace '@CMAKE_INSTALL_FULL_BINDIR@/gdk-pixbuf-thumbnailer' "$out/libexec/gdk-pixbuf-thumbnailer-avif" + ''; + + env.PKG_CONFIG_GDK_PIXBUF_2_0_GDK_PIXBUF_MODULEDIR = gdkPixbufModuleDir; + + postInstall = '' + GDK_PIXBUF_MODULEDIR=${gdkPixbufModuleDir} \ + GDK_PIXBUF_MODULE_FILE=${gdkPixbufModuleFile} \ + gdk-pixbuf-query-loaders --update-cache + + mkdir -p "$out/bin" + makeWrapper ${gdk-pixbuf}/bin/gdk-pixbuf-thumbnailer "$out/libexec/gdk-pixbuf-thumbnailer-avif" \ + --set GDK_PIXBUF_MODULE_FILE ${gdkPixbufModuleFile} + ''; + meta = with lib; { description = "C implementation of the AV1 Image File Format"; longDescription = '' diff --git a/pkgs/development/libraries/libhwy/default.nix b/pkgs/development/libraries/libhwy/default.nix index afbbf69966b..4373f747433 100644 --- a/pkgs/development/libraries/libhwy/default.nix +++ b/pkgs/development/libraries/libhwy/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { rev = version; hash = "sha256-Gym2iHq5ws9kuG4HWSQndD8hVugV4USZt6dUFnEkLwY="; }; - patches = lib.optionals (with stdenv; isAarch64 && isLinux) [ # conditional, temporarily + patches = [ # backport for compilation issue on aarch64 # https://github.com/google/highway/issues/1613 (fetchpatch { diff --git a/pkgs/development/libraries/librsvg/default.nix b/pkgs/development/libraries/librsvg/default.nix index 6542fdfb14f..d81a31ce05c 100644 --- a/pkgs/development/libraries/librsvg/default.nix +++ b/pkgs/development/libraries/librsvg/default.nix @@ -4,6 +4,7 @@ , pkg-config , glib , gdk-pixbuf +, installShellFiles , pango , cairo , libxml2 @@ -32,7 +33,7 @@ stdenv.mkDerivation (finalAttrs: { pname = "librsvg"; - version = "2.56.2"; + version = "2.56.3"; outputs = [ "out" "dev" ] ++ lib.optionals withIntrospection [ "devdoc" @@ -40,13 +41,13 @@ stdenv.mkDerivation (finalAttrs: { src = fetchurl { url = "mirror://gnome/sources/librsvg/${lib.versions.majorMinor finalAttrs.version}/librsvg-${finalAttrs.version}.tar.xz"; - sha256 = "PsPE2Pc+C6S5EwAmlp6DccCStzQpjTbi/bPrSvzsEgA="; + hash = "sha256-WjKASKAtAUZFzSf2EUD04LESgPssfyohhk/gxZrBzog="; }; cargoDeps = rustPlatform.fetchCargoTarball { inherit (finalAttrs) src; name = "librsvg-deps-${finalAttrs.version}"; - hash = "sha256-GIEpZ5YMvmYQLcaLXseXQ6gIF7ICtUKq28JCVJ3PEYk="; + hash = "sha256-s7eNMSdajr2VhB/BPVUFftHhHKCqpR9sTfxfWwag1mI="; # TODO: move this to fetchCargoTarball dontConfigure = true; }; @@ -59,6 +60,7 @@ stdenv.mkDerivation (finalAttrs: { nativeBuildInputs = [ gdk-pixbuf + installShellFiles pkg-config rustc cargo-auditable-cargo-wrapper @@ -121,12 +123,10 @@ stdenv.mkDerivation (finalAttrs: { postConfigure = '' GDK_PIXBUF=$out/lib/gdk-pixbuf-2.0/2.10.0 mkdir -p $GDK_PIXBUF/loaders - sed -e "s#gdk_pixbuf_moduledir = .*#gdk_pixbuf_moduledir = $GDK_PIXBUF/loaders#" \ - -i gdk-pixbuf-loader/Makefile - sed -e "s#gdk_pixbuf_cache_file = .*#gdk_pixbuf_cache_file = $GDK_PIXBUF/loaders.cache#" \ - -i gdk-pixbuf-loader/Makefile - sed -e "s#\$(GDK_PIXBUF_QUERYLOADERS)#GDK_PIXBUF_MODULEDIR=$GDK_PIXBUF/loaders \$(GDK_PIXBUF_QUERYLOADERS)#" \ - -i gdk-pixbuf-loader/Makefile + sed -i gdk-pixbuf-loader/Makefile \ + -e "s#gdk_pixbuf_moduledir = .*#gdk_pixbuf_moduledir = $GDK_PIXBUF/loaders#" \ + -e "s#gdk_pixbuf_cache_file = .*#gdk_pixbuf_cache_file = $GDK_PIXBUF/loaders.cache#" \ + -e "s#\$(GDK_PIXBUF_QUERYLOADERS)#GDK_PIXBUF_MODULEDIR=$GDK_PIXBUF/loaders \$(GDK_PIXBUF_QUERYLOADERS)#" # Fix thumbnailer path sed -e "s#@bindir@\(/gdk-pixbuf-thumbnailer\)#${gdk-pixbuf}/bin\1#g" \ @@ -147,12 +147,10 @@ stdenv.mkDerivation (finalAttrs: { cat ${lib.getLib gdk-pixbuf}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache $GDK_PIXBUF/loaders.cache > $GDK_PIXBUF/loaders.cache.tmp mv $GDK_PIXBUF/loaders.cache.tmp $GDK_PIXBUF/loaders.cache - mkdir -p "$out/share/bash-completion/completions/" - ${emulator} $out/bin/rsvg-convert --completion bash > "$out/share/bash-completion/completions/rsvg-convert" - mkdir -p "$out/share/zsh/site-functions/" - ${emulator} $out/bin/rsvg-convert --completion zsh > "$out/share/zsh/site-functions/_rsvg-convert" - mkdir -p "$out/share/fish/vendor_completions.d/" - ${emulator} $out/bin/rsvg-convert --completion fish > "$out/share/fish/vendor_completions.d/rsvg-convert.fish" + installShellCompletion --cmd rsvg-convert \ + --bash <(${emulator} $out/bin/rsvg-convert --completion bash) \ + --fish <(${emulator} $out/bin/rsvg-convert --completion fish) \ + --zsh <(${emulator} $out/bin/rsvg-convert --completion zsh) ''; postFixup = lib.optionalString withIntrospection '' diff --git a/pkgs/development/libraries/openssl/3.0/CVE-2023-2975.patch b/pkgs/development/libraries/openssl/3.0/CVE-2023-2975.patch deleted file mode 100644 index d1622977b64..00000000000 --- a/pkgs/development/libraries/openssl/3.0/CVE-2023-2975.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc Mon Sep 17 00:00:00 2001 -From: Tomas Mraz <tomas@openssl.org> -Date: Tue, 4 Jul 2023 17:30:35 +0200 -Subject: [PATCH] Do not ignore empty associated data with AES-SIV mode - -The AES-SIV mode allows for multiple associated data items -authenticated separately with any of these being 0 length. - -The provided implementation ignores such empty associated data -which is incorrect in regards to the RFC 5297 and is also -a security issue because such empty associated data then become -unauthenticated if an application expects to authenticate them. - -Fixes CVE-2023-2975 - -Reviewed-by: Matt Caswell <matt@openssl.org> -Reviewed-by: Paul Dale <pauli@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/21384) - -(cherry picked from commit c426c281cfc23ab182f7d7d7a35229e7db1494d9) ---- - .../implementations/ciphers/cipher_aes_siv.c | 18 +++++++++++------- - 1 file changed, 11 insertions(+), 7 deletions(-) - -diff --git a/providers/implementations/ciphers/cipher_aes_siv.c b/providers/implementations/ciphers/cipher_aes_siv.c -index 45010b90db2a..b396c8651a32 100644 ---- a/providers/implementations/ciphers/cipher_aes_siv.c -+++ b/providers/implementations/ciphers/cipher_aes_siv.c -@@ -120,14 +120,18 @@ static int siv_cipher(void *vctx, unsigned char *out, size_t *outl, - if (!ossl_prov_is_running()) - return 0; - -- if (inl == 0) { -- *outl = 0; -- return 1; -- } -+ /* Ignore just empty encryption/decryption call and not AAD. */ -+ if (out != NULL) { -+ if (inl == 0) { -+ if (outl != NULL) -+ *outl = 0; -+ return 1; -+ } - -- if (outsize < inl) { -- ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); -- return 0; -+ if (outsize < inl) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); -+ return 0; -+ } - } - - if (ctx->hw->cipher(ctx, out, in, inl) <= 0) diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index fae2c5f1cc2..aaee6685cfc 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -254,8 +254,8 @@ in { }; openssl_3 = common { - version = "3.0.9"; - sha256 = "sha256-6xqwR4FHQ2D3fDGKuJ2MWgOrw45j1lpgPKu/GwCh3JA="; + version = "3.0.10"; + sha256 = "sha256-F2HU9bE6ECi5tvPUuOF/6wztyTcPav5h1xk9LNzoMyM="; patches = [ ./3.0/nix-ssl-cert-file.patch @@ -263,9 +263,6 @@ in { # This patch disables build-time detection. ./3.0/openssl-disable-kernel-detection.patch - # https://www.openssl.org/news/secadv/20230714.txt - ./3.0/CVE-2023-2975.patch - (if stdenv.hostPlatform.isDarwin then ./use-etc-ssl-certs-darwin.patch else ./use-etc-ssl-certs.patch) diff --git a/pkgs/development/libraries/tix/default.nix b/pkgs/development/libraries/tix/default.nix index 80b93823df9..a46b2499964 100644 --- a/pkgs/development/libraries/tix/default.nix +++ b/pkgs/development/libraries/tix/default.nix @@ -21,6 +21,9 @@ tcl.mkTclDerivation { }) # Remove duplicated definition of XLowerWindow ./duplicated-xlowerwindow.patch + # Fix incompatible function pointer conversions and implicit definition of `panic`. + # `panic` is just `Tcl_Panic`, but it is not defined on Darwin due to a conflict with `mach/mach.h`. + ./fix-clang16.patch ] ++ lib.optional (tcl.release == "8.6") (fetchpatch { name = "tix-8.4.3-tcl8.6.patch"; diff --git a/pkgs/development/libraries/tix/fix-clang16.patch b/pkgs/development/libraries/tix/fix-clang16.patch new file mode 100644 index 00000000000..f5d8a5337de --- /dev/null +++ b/pkgs/development/libraries/tix/fix-clang16.patch @@ -0,0 +1,215 @@ +diff -ur a/generic/tixDItem.c b/generic/tixDItem.c +--- a/generic/tixDItem.c 2004-03-27 19:44:56.000000000 -0700 ++++ b/generic/tixDItem.c 2023-07-11 14:49:51.583894242 -0600 +@@ -30,7 +30,7 @@ + Tcl_Interp *interp, Tk_Window tkwin, CONST84 char *value, + char *widRec, int offset)); + +-static char *DItemPrintProc _ANSI_ARGS_(( ++static const char *DItemPrintProc _ANSI_ARGS_(( + ClientData clientData, Tk_Window tkwin, char *widRec, + int offset, Tcl_FreeProc **freeProcPtr)); + +@@ -548,7 +548,7 @@ + return TCL_OK; + } + +-static char *DItemPrintProc(clientData, tkwin, widRec,offset, freeProcPtr) ++static const char *DItemPrintProc(clientData, tkwin, widRec,offset, freeProcPtr) + ClientData clientData; + Tk_Window tkwin; + char *widRec; +diff -ur a/generic/tixDiStyle.c b/generic/tixDiStyle.c +--- a/generic/tixDiStyle.c 2004-03-27 19:44:56.000000000 -0700 ++++ b/generic/tixDiStyle.c 2023-07-11 15:02:45.245210252 -0600 +@@ -31,7 +31,7 @@ + static int DItemStyleParseProc _ANSI_ARGS_((ClientData clientData, + Tcl_Interp *interp, Tk_Window tkwin, + CONST84 char *value,char *widRec, int offset)); +-static char * DItemStylePrintProc _ANSI_ARGS_(( ++static const char * DItemStylePrintProc _ANSI_ARGS_(( + ClientData clientData, Tk_Window tkwin, + char *widRec, int offset, + Tcl_FreeProc **freeProcPtr)); +@@ -785,7 +785,7 @@ + + hashPtr = Tcl_CreateHashEntry(&stylePtr->base.items, (char*)iPtr, &isNew); + if (!isNew) { +- panic("DItem is already associated with style"); ++ Tcl_Panic("DItem is already associated with style"); + } else { + Tcl_SetHashValue(hashPtr, (char*)iPtr); + } +@@ -801,7 +801,7 @@ + + hashPtr = Tcl_FindHashEntry(&stylePtr->base.items, (char*)iPtr); + if (hashPtr == NULL) { +- panic("DItem is not associated with style"); ++ Tcl_Panic("DItem is not associated with style"); + } + Tcl_DeleteHashEntry(hashPtr); + stylePtr->base.refCount--; +@@ -998,7 +998,7 @@ + return TCL_ERROR; + } + +-static char *DItemStylePrintProc(clientData, tkwin, widRec,offset, freeProcPtr) ++static const char *DItemStylePrintProc(clientData, tkwin, widRec,offset, freeProcPtr) + ClientData clientData; + Tk_Window tkwin; + char *widRec; +diff -ur a/generic/tixForm.c b/generic/tixForm.c +--- a/generic/tixForm.c 2004-03-27 19:44:56.000000000 -0700 ++++ b/generic/tixForm.c 2023-07-11 14:53:45.695753419 -0600 +@@ -802,7 +802,7 @@ + * Now set all the client's geometry + */ + if (PlaceAllClients(masterPtr) != TCL_OK) { +- panic("circular dependency"); ++ Tcl_Panic("circular dependency"); + } + + for (clientPtr = masterPtr->client; clientPtr; clientPtr=clientPtr->next) { +diff -ur a/generic/tixGrData.c b/generic/tixGrData.c +--- a/generic/tixGrData.c 2004-03-27 19:44:56.000000000 -0700 ++++ b/generic/tixGrData.c 2023-07-11 14:54:19.644741199 -0600 +@@ -296,7 +296,7 @@ + Tcl_DeleteHashEntry(cy); + } + else { +- panic("Inconsistent grid dataset: (%d,%d) : %x %x", x, y, cx, cy); ++ Tcl_Panic("Inconsistent grid dataset: (%d,%d) : %x %x", x, y, cx, cy); + } + + return 1; +diff -ur a/generic/tixGrid.c b/generic/tixGrid.c +--- a/generic/tixGrid.c 2008-02-27 21:10:43.000000000 -0700 ++++ b/generic/tixGrid.c 2023-07-11 14:53:59.283841038 -0600 +@@ -831,7 +831,7 @@ + * All mapped windows should have been unmapped when the + * the entries were deleted + */ +- panic("tixGrid: mappedWindows not NULL"); ++ Tcl_Panic("tixGrid: mappedWindows not NULL"); + } + + Tk_FreeOptions(configSpecs, (char *) wPtr, wPtr->dispData.display, 0); +diff -ur a/generic/tixHList.c b/generic/tixHList.c +--- a/generic/tixHList.c 2008-02-27 21:05:29.000000000 -0700 ++++ b/generic/tixHList.c 2023-07-11 14:55:20.699375202 -0600 +@@ -2036,7 +2036,7 @@ + break; + } + if (wPtr->headerWin != NULL) { +- panic("HList: header subwindow deleted illegally\n"); ++ Tcl_Panic("HList: header subwindow deleted illegally\n"); + } + #endif + break; +@@ -2117,7 +2117,7 @@ + * All mapped windows should have been unmapped when the + * the entries were deleted + */ +- panic("tixHList: mappedWindows not NULL"); ++ Tcl_Panic("tixHList: mappedWindows not NULL"); + } + if (wPtr->headerWin) { + wPtr->headerWin = NULL; +diff -ur a/generic/tixImgCmp.c b/generic/tixImgCmp.c +--- a/generic/tixImgCmp.c 2008-02-27 21:05:29.000000000 -0700 ++++ b/generic/tixImgCmp.c 2023-07-11 14:59:16.429640785 -0600 +@@ -142,8 +142,8 @@ + * The type record for bitmap images: + */ + static int ImgCmpCreate _ANSI_ARGS_((Tcl_Interp *interp, +- char *name, int argc, Tcl_Obj *CONST objv[], +- Tk_ImageType *typePtr, Tk_ImageMaster master, ++ const char *name, int argc, Tcl_Obj *CONST objv[], ++ const Tk_ImageType *typePtr, Tk_ImageMaster master, + ClientData *clientDataPtr)); + static ClientData ImgCmpGet _ANSI_ARGS_((Tk_Window tkwin, + ClientData clientData)); +@@ -378,11 +378,11 @@ + ImgCmpCreate(interp, name, argc, objv, typePtr, master, clientDataPtr) + Tcl_Interp *interp; /* Interpreter for application containing + * image. */ +- char *name; /* Name to use for image. */ ++ const char *name; /* Name to use for image. */ + int argc; /* Number of arguments. */ + Tcl_Obj *CONST objv[]; /* Argument strings for options (doesn't + * include image name or type). */ +- Tk_ImageType *typePtr; /* Pointer to our type record (not used). */ ++ const Tk_ImageType *typePtr;/* Pointer to our type record (not used). */ + Tk_ImageMaster master; /* Token for image, to be used by us in + * later callbacks. */ + ClientData *clientDataPtr; /* Store manager's token for image here; +diff -ur a/generic/tixImgXpm.c b/generic/tixImgXpm.c +--- a/generic/tixImgXpm.c 2023-07-11 15:01:05.887387236 -0600 ++++ b/generic/tixImgXpm.c 2023-07-11 15:00:37.209042328 -0600 +@@ -22,8 +22,8 @@ + */ + + static int ImgXpmCreate _ANSI_ARGS_((Tcl_Interp *interp, +- char *name, int argc, Tcl_Obj *CONST objv[], +- Tk_ImageType *typePtr, Tk_ImageMaster master, ++ const char *name, int argc, Tcl_Obj *CONST objv[], ++ const Tk_ImageType *typePtr, Tk_ImageMaster master, + ClientData *clientDataPtr)); + static ClientData ImgXpmGet _ANSI_ARGS_((Tk_Window tkwin, + ClientData clientData)); +@@ -115,11 +115,11 @@ + ImgXpmCreate(interp, name, argc, objv, typePtr, master, clientDataPtr) + Tcl_Interp *interp; /* Interpreter for application containing + * image. */ +- char *name; /* Name to use for image. */ ++ const char *name; /* Name to use for image. */ + int argc; /* Number of arguments. */ + Tcl_Obj *CONST objv[]; /* Argument strings for options (doesn't + * include image name or type). */ +- Tk_ImageType *typePtr; /* Pointer to our type record (not used). */ ++ const Tk_ImageType *typePtr;/* Pointer to our type record (not used). */ + Tk_ImageMaster master; /* Token for image, to be used by us in + * later callbacks. */ + ClientData *clientDataPtr; /* Store manager's token for image here; +@@ -1213,7 +1213,7 @@ + PixmapMaster *masterPtr = (PixmapMaster *) masterData; + + if (masterPtr->instancePtr != NULL) { +- panic("tried to delete pixmap image when instances still exist"); ++ Tcl_Panic("tried to delete pixmap image when instances still exist"); + } + masterPtr->tkMaster = NULL; + if (masterPtr->imageCmd != NULL) { +diff -ur a/generic/tixTList.c b/generic/tixTList.c +--- a/generic/tixTList.c 2008-02-27 21:05:29.000000000 -0700 ++++ b/generic/tixTList.c 2023-07-11 14:55:35.960761327 -0600 +@@ -1208,7 +1208,7 @@ + sprintf(buff, "%d", i); + Tcl_AppendResult(interp, buff, NULL); + } else { +- panic("TList list entry is invalid"); ++ Tcl_Panic("TList list entry is invalid"); + } + } else { + Tcl_ResetResult(interp); +diff -ur a/generic/tixUtils.c b/generic/tixUtils.c +--- a/generic/tixUtils.c 2008-02-27 21:29:17.000000000 -0700 ++++ b/generic/tixUtils.c 2023-07-11 15:01:43.718202631 -0600 +@@ -24,7 +24,7 @@ + static int ReliefParseProc(ClientData clientData, + Tcl_Interp *interp, Tk_Window tkwin, CONST84 char *value, + char *widRec, int offset); +-static char * ReliefPrintProc(ClientData clientData, ++static const char * ReliefPrintProc(ClientData clientData, + Tk_Window tkwin, char *widRec, int offset, + Tix_FreeProc **freeProcPtr); + +@@ -637,7 +637,7 @@ + return TCL_ERROR; + } + +-static char * ++static const char * + ReliefPrintProc(clientData, tkwin, widRec,offset, freeProcPtr) + ClientData clientData; + Tk_Window tkwin; diff --git a/pkgs/development/libraries/webp-pixbuf-loader/default.nix b/pkgs/development/libraries/webp-pixbuf-loader/default.nix index bf2c8c28dbd..1f36ffc1c66 100644 --- a/pkgs/development/libraries/webp-pixbuf-loader/default.nix +++ b/pkgs/development/libraries/webp-pixbuf-loader/default.nix @@ -11,10 +11,7 @@ let inherit (gdk-pixbuf) moduleDir; - - # turning lib/gdk-pixbuf-#.#/#.#.#/loaders into lib/gdk-pixbuf-#.#/#.#.#/loaders.cache - # removeSuffix is just in case moduleDir gets a trailing slash - loadersPath = (lib.strings.removeSuffix "/" gdk-pixbuf.moduleDir) + ".cache"; + loadersPath = "${gdk-pixbuf.binaryDir}/webp-loaders.cache"; in stdenv.mkDerivation rec { pname = "webp-pixbuf-loader"; @@ -47,7 +44,7 @@ stdenv.mkDerivation rec { postPatch = '' # It looks for gdk-pixbuf-thumbnailer in this package's bin rather than the gdk-pixbuf bin. We need to patch that. substituteInPlace webp-pixbuf.thumbnailer.in \ - --replace "@bindir@/gdk-pixbuf-thumbnailer" "$out/bin/webp-thumbnailer" + --replace "@bindir@/gdk-pixbuf-thumbnailer" "$out/libexec/gdk-pixbuf-thumbnailer-webp" ''; postInstall = '' @@ -58,7 +55,7 @@ stdenv.mkDerivation rec { # It assumes gdk-pixbuf-thumbnailer can find the webp loader in the loaders.cache referenced by environment variable, breaking containment. # So we replace it with a wrapped executable. mkdir -p "$out/bin" - makeWrapper "${gdk-pixbuf}/bin/gdk-pixbuf-thumbnailer" "$out/bin/webp-thumbnailer" \ + makeWrapper "${gdk-pixbuf}/bin/gdk-pixbuf-thumbnailer" "$out/libexec/gdk-pixbuf-thumbnailer-webp" \ --set GDK_PIXBUF_MODULE_FILE "$out/${loadersPath}" ''; diff --git a/pkgs/development/python-modules/django-cachalot/default.nix b/pkgs/development/python-modules/django-cachalot/default.nix index f52a3aa46e6..33d9e484f11 100644 --- a/pkgs/development/python-modules/django-cachalot/default.nix +++ b/pkgs/development/python-modules/django-cachalot/default.nix @@ -6,18 +6,19 @@ , psycopg2 , beautifulsoup4 , python +, pytz }: buildPythonPackage rec { pname = "django-cachalot"; - version = "2.5.3"; + version = "2.6.1"; format = "setuptools"; src = fetchFromGitHub { owner = "noripyt"; repo = "django-cachalot"; rev = "v${version}"; - hash = "sha256-ayAN+PgK3aIpt4R8aeC6c6mRGTnfObycmkoXPTjx4WI="; + hash = "sha256-bCiIZkh02+7xL6aSWE9by+4dFDsanr0iXuO9QKpLOjw="; }; patches = [ @@ -34,6 +35,7 @@ buildPythonPackage rec { beautifulsoup4 django-debug-toolbar psycopg2 + pytz ]; pythonImportsCheck = [ "cachalot" ]; diff --git a/pkgs/development/python-modules/django-compat/default.nix b/pkgs/development/python-modules/django-compat/default.nix deleted file mode 100644 index d33a4be2817..00000000000 --- a/pkgs/development/python-modules/django-compat/default.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ lib, buildPythonPackage, fetchFromGitHub, python, - django, six -}: - -buildPythonPackage rec { - pname = "django-compat"; - version = "1.0.15"; - - # the pypi packages don't include everything required for the tests - src = fetchFromGitHub { - owner = "arteria"; - repo = "django-compat"; - rev = "v${version}"; - sha256 = "1pr6v38ahrsvxlgmcx69s4b5q5082f44gzi4h3c32sccdc4pwqxp"; - }; - - patches = [ - ./fix-tests.diff - ]; - - checkPhase = '' - runHook preCheck - - # to convince the tests to run against the installed package, not the source directory, we extract the - # tests directory from it then dispose of the actual source - mv compat/tests . - rm -r compat - substituteInPlace runtests.py --replace compat.tests tests - ${python.interpreter} runtests.py - - runHook postCheck - ''; - - propagatedBuildInputs = [ django six ]; - - meta = with lib; { - description = "Forward and backwards compatibility layer for Django 1.4, 1.7, 1.8, 1.9, 1.10 and 1.11"; - homepage = "https://github.com/arteria/django-compat"; - license = licenses.mit; - maintainers = with maintainers; [ ris ]; - }; -} diff --git a/pkgs/development/python-modules/django-compat/fix-tests.diff b/pkgs/development/python-modules/django-compat/fix-tests.diff deleted file mode 100644 index 58165db96a8..00000000000 --- a/pkgs/development/python-modules/django-compat/fix-tests.diff +++ /dev/null @@ -1,56 +0,0 @@ -diff -ur a/compat/tests/settings.py b/compat/tests/settings.py ---- a/compat/tests/settings.py 2020-03-06 15:32:07.548482597 +0100 -+++ b/compat/tests/settings.py 2020-03-06 22:19:25.422934249 +0100 -@@ -16,11 +16,12 @@ - 'django.contrib.admin', - 'django.contrib.auth', - 'django.contrib.contenttypes', -+ 'django.contrib.messages', - 'compat', - 'compat.tests.test_app', - ] - --MIDDLEWARE_CLASSES = ( -+MIDDLEWARE = ( - 'django.contrib.sessions.middleware.SessionMiddleware', - 'django.middleware.common.CommonMiddleware', - 'django.middleware.csrf.CsrfViewMiddleware', -@@ -43,6 +44,7 @@ - 'django.template.context_processors.i18n', - 'django.template.context_processors.tz', - 'django.template.context_processors.request', -+ 'django.contrib.messages.context_processors.messages', - ], - 'loaders': [ - 'django.template.loaders.filesystem.Loader', -diff -ur a/compat/tests/test_compat.py b/compat/tests/test_compat.py ---- a/compat/tests/test_compat.py 2020-03-06 15:32:07.548482597 +0100 -+++ b/compat/tests/test_compat.py 2020-03-06 15:37:39.202835075 +0100 -@@ -9,7 +9,7 @@ - from django.core.serializers.json import DjangoJSONEncoder - from django.test import TestCase, SimpleTestCase - from django.test.client import RequestFactory --from django.contrib.auth.views import logout -+from django.contrib.auth.views import auth_logout - try: - from django.urls import NoReverseMatch - except ImportError: -@@ -103,7 +103,7 @@ - Tests that passing a view name to ``resolve_url`` will result in the - URL path mapping to that view name. - """ -- resolved_url = resolve_url(logout) -+ resolved_url = resolve_url(auth_logout) - self.assertEqual('/accounts/logout/', resolved_url) - - ''' -diff -ur a/compat/tests/urls.py b/compat/tests/urls.py ---- a/compat/tests/urls.py 2020-03-06 15:32:07.548482597 +0100 -+++ b/compat/tests/urls.py 2020-03-06 15:34:25.962377799 +0100 -@@ -2,5 +2,5 @@ - from django.contrib.auth import views - - urlpatterns = [ -- url(r'^accounts/logout/$', views.logout, name='logout'), -+ url(r'^accounts/logout/$', views.auth_logout, name='logout'), - ] diff --git a/pkgs/development/python-modules/django-haystack/default.nix b/pkgs/development/python-modules/django-haystack/default.nix index e85d27f907b..d9d6fb8ecd6 100644 --- a/pkgs/development/python-modules/django-haystack/default.nix +++ b/pkgs/development/python-modules/django-haystack/default.nix @@ -4,12 +4,14 @@ , fetchPypi # build dependencies +, setuptools , setuptools-scm # dependencies , django # tests +, elasticsearch , geopy , nose , pysolr @@ -21,7 +23,8 @@ buildPythonPackage rec { pname = "django-haystack"; version = "3.2.1"; - format = "setuptools"; + format = "pyproject"; + disabled = pythonOlder "3.5"; src = fetchPypi { @@ -35,13 +38,22 @@ buildPythonPackage rec { ''; nativeBuildInputs = [ + setuptools setuptools-scm ]; - propagatedBuildInputs = [ + buildInputs = [ django ]; + passthru.optional-dependencies = { + elasticsearch = [ + elasticsearch + ]; + }; + + doCheck = lib.versionOlder django.version "4"; + nativeCheckInputs = [ geopy nose @@ -49,7 +61,14 @@ buildPythonPackage rec { python-dateutil requests whoosh - ]; + ] + ++ passthru.optional-dependencies.elasticsearch; + + checkPhase = '' + runHook preCheck + python test_haystack/run_tests.py + runHook postCheck + ''; meta = with lib; { description = "Pluggable search for Django"; diff --git a/pkgs/development/python-modules/django-hijack/default.nix b/pkgs/development/python-modules/django-hijack/default.nix index 18ef2e3ace7..ef77abefeea 100644 --- a/pkgs/development/python-modules/django-hijack/default.nix +++ b/pkgs/development/python-modules/django-hijack/default.nix @@ -11,7 +11,6 @@ # dependencies , django -, django-compat # tests , pytest-django @@ -54,7 +53,6 @@ buildPythonPackage rec { propagatedBuildInputs = [ django - django-compat ]; nativeCheckInputs = [ diff --git a/pkgs/development/python-modules/django-mailman3/default.nix b/pkgs/development/python-modules/django-mailman3/default.nix index 32bfe947c82..6639257740b 100644 --- a/pkgs/development/python-modules/django-mailman3/default.nix +++ b/pkgs/development/python-modules/django-mailman3/default.nix @@ -1,27 +1,50 @@ -{ lib, buildPythonPackage, fetchPypi, django-gravatar2, django-compressor -, django-allauth, mailmanclient, django, mock +{ lib +, buildPythonPackage +, fetchPypi + +# propagates +, django-gravatar2 +, django-allauth +, mailmanclient +, pytz + +# tests +, django +, pytest-django +, pytestCheckHook }: buildPythonPackage rec { pname = "django-mailman3"; version = "1.3.9"; + format = "setuptools"; src = fetchPypi { inherit pname version; hash = "sha256-GpI1W0O9aJpLF/mcS23ktJDZsP69S2zQy7drOiWBnTM="; }; + postPatch = '' + substituteInPlace setup.py \ + --replace 'django>=3.2,<4.2' 'django>=3.2,<4.3' + ''; + propagatedBuildInputs = [ - django-gravatar2 django-compressor django-allauth mailmanclient + django-allauth + django-gravatar2 + mailmanclient + pytz ]; - nativeCheckInputs = [ django mock ]; - checkPhase = '' - cd $NIX_BUILD_TOP/$sourceRoot - PYTHONPATH=.:$PYTHONPATH django-admin.py test --settings=django_mailman3.tests.settings_test - ''; + nativeCheckInputs = [ + django + pytest-django + pytestCheckHook + ]; - pythonImportsCheck = [ "django_mailman3" ]; + pythonImportsCheck = [ + "django_mailman3" + ]; meta = with lib; { description = "Django library for Mailman UIs"; diff --git a/pkgs/development/python-modules/django-modelcluster/default.nix b/pkgs/development/python-modules/django-modelcluster/default.nix index b7fbc9f2b17..5ad43dfc9b1 100644 --- a/pkgs/development/python-modules/django-modelcluster/default.nix +++ b/pkgs/development/python-modules/django-modelcluster/default.nix @@ -1,11 +1,18 @@ { lib , buildPythonPackage , fetchFromGitHub +, pythonOlder + +# dependencies , django -, django-taggit , pytz -, pythonOlder -, python + +# optionals +, django-taggit + +# tests +, pytest-django +, pytestCheckHook }: buildPythonPackage rec { @@ -17,8 +24,8 @@ buildPythonPackage rec { src = fetchFromGitHub { owner = "wagtail"; - repo = pname; - rev = "v${version}"; + repo = "modelcluster"; + rev = "refs/tags/v${version}"; hash = "sha256-p6hvOkPWRVJYLHvwyn9nS05wblikRFmlSYZuLiCcuqc="; }; @@ -31,13 +38,17 @@ buildPythonPackage rec { django-taggit ]; - nativeCheckInputs = passthru.optional-dependencies.taggit; + env.DJANGO_SETTINGS_MODULE = "tests.settings"; - checkPhase = '' - runHook preCheck - ${python.interpreter} ./runtests.py --noinput - runHook postCheck - ''; + nativeCheckInputs = [ + pytest-django + pytestCheckHook + ] ++ passthru.optional-dependencies.taggit; + + # https://github.com/wagtail/django-modelcluster/issues/173 + disabledTests = lib.optionals (lib.versionAtLeast django.version "4.2") [ + "test_formfield_callback" + ]; meta = with lib; { description = "Django extension to allow working with 'clusters' of models as a single unit, independently of the database"; diff --git a/pkgs/development/python-modules/django-pattern-library/default.nix b/pkgs/development/python-modules/django-pattern-library/default.nix index 40cc4f64188..00b6fe9c978 100644 --- a/pkgs/development/python-modules/django-pattern-library/default.nix +++ b/pkgs/development/python-modules/django-pattern-library/default.nix @@ -51,5 +51,7 @@ buildPythonPackage rec { changelog = "https://github.com/torchbox/django-pattern-library/blob/v${version}/CHANGELOG.md"; license = licenses.bsd3; maintainers = with maintainers; [ sephi ]; + # https://github.com/torchbox/django-pattern-library/issues/212 + broken = lib.versionAtLeast django.version "4.2"; }; } diff --git a/pkgs/development/python-modules/django-scim2/default.nix b/pkgs/development/python-modules/django-scim2/default.nix index 90db4fe633d..536d851a409 100644 --- a/pkgs/development/python-modules/django-scim2/default.nix +++ b/pkgs/development/python-modules/django-scim2/default.nix @@ -2,37 +2,43 @@ , buildPythonPackage , fetchFromGitHub +# build-system +, poetry-core + # propagates , django -, python-dateutil , scim2-filter-parser -, gssapi -, python-ldap -, sssd # tests , mock +, pytest-django +, pytestCheckHook }: buildPythonPackage rec { pname = "django-scim2"; - version = "0.17.3"; - format = "setuptools"; + version = "0.19.0"; + format = "pyproject"; src = fetchFromGitHub { owner = "15five"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-5zdGPpjooiFoj+2OoglXhhKsPFB/KOHvrZWZd+1nZqU="; + hash = "sha256-larDh4f9/xVr11/n/WfkJ2Tx45DMQqyK3ZzkWAvzeig="; }; + postPatch = '' + substituteInPlace pyproject.toml \ + --replace "poetry.masonry.api" "poetry.core.masonry.api" + ''; + + nativeBuildInputs = [ + poetry-core + ]; + propagatedBuildInputs = [ django - python-dateutil scim2-filter-parser - gssapi - python-ldap - sssd ]; pythonImportsCheck = [ @@ -41,9 +47,12 @@ buildPythonPackage rec { nativeCheckInputs = [ mock + pytest-django + pytestCheckHook ]; meta = with lib; { + changelog = "https://github.com/15five/django-scim2/blob/${src.rev}/CHANGES.txt"; description = "A SCIM 2.0 Service Provider Implementation (for Django)"; homepage = "https://github.com/15five/django-scim2"; license = licenses.mit; diff --git a/pkgs/development/python-modules/django-sites/default.nix b/pkgs/development/python-modules/django-sites/default.nix index 5587014c574..3a9255daecd 100644 --- a/pkgs/development/python-modules/django-sites/default.nix +++ b/pkgs/development/python-modules/django-sites/default.nix @@ -37,5 +37,7 @@ buildPythonPackage rec { description = "Alternative implementation of django sites framework"; homepage = "https://github.com/niwinz/django-sites"; license = lib.licenses.bsd3; + # has not been updated for django>=4.0 + broken = lib.versionAtLeast django.version "4"; }; } diff --git a/pkgs/development/python-modules/djangorestframework-guardian/default.nix b/pkgs/development/python-modules/djangorestframework-guardian/default.nix index fdc6b3184d9..4358a61b345 100644 --- a/pkgs/development/python-modules/djangorestframework-guardian/default.nix +++ b/pkgs/development/python-modules/djangorestframework-guardian/default.nix @@ -1,6 +1,7 @@ { lib , buildPythonPackage , fetchFromGitHub +, django , django-guardian , djangorestframework }: @@ -37,5 +38,7 @@ buildPythonPackage rec { homepage = "https://github.com/rpkilby/django-rest-framework-guardian"; license = licenses.bsd3; maintainers = with maintainers; [ ]; + # unmaintained, last compatible version is 3.x, use djangorestframework-guardian2 instead + broken = lib.versionAtLeast django.version "4"; }; } diff --git a/pkgs/development/python-modules/drf-nested-routers/default.nix b/pkgs/development/python-modules/drf-nested-routers/default.nix index 15676ed304b..849fe8bb130 100644 --- a/pkgs/development/python-modules/drf-nested-routers/default.nix +++ b/pkgs/development/python-modules/drf-nested-routers/default.nix @@ -1,33 +1,55 @@ { lib , buildPythonPackage , fetchFromGitHub -, setuptools +, fetchpatch , django , djangorestframework -, pytest -, pytest-cov +, pytestCheckHook , pytest-django , ipdb -, python }: buildPythonPackage rec { pname = "drf-nested-routers"; version = "0.93.4"; + format = "setuptools"; src = fetchFromGitHub { owner = "alanjds"; repo = "drf-nested-routers"; - rev = "v${version}"; + rev = "refs/tags/v${version}"; hash = "sha256-qlXNDydoQJ9FZB6G7yV/pNmx3BEo+lvRqsfjrvlbdNY="; }; - propagatedBuildInputs = [ django djangorestframework setuptools ]; - nativeCheckInputs = [ pytest pytest-cov pytest-django ipdb ]; + patches = [ + # django4 compatibility + (fetchpatch { + url = "https://github.com/alanjds/drf-nested-routers/commit/59764cc356f7f593422b26845a9dfac0ad196120.patch"; + hash = "sha256-mq3vLHzQlGl2EReJ5mVVQMMcYgGIVt/T+qi1STtQ0aI="; + }) + (fetchpatch { + url = "https://github.com/alanjds/drf-nested-routers/commit/723a5729dd2ffcb66fe315f229789ca454986fa4.patch"; + hash = "sha256-UCbBjwlidqsJ9vEEWlGzfqqMOr0xuB2TAaUxHsLzFfU="; + }) + (fetchpatch { + url = "https://github.com/alanjds/drf-nested-routers/commit/38e49eb73759bc7dcaaa9166169590f5315e1278.patch"; + hash = "sha256-IW4BLhHHhXDUZqHaXg46qWoQ89pMXv0ZxKjOCTnDcI0="; + }) + ]; - checkPhase = '' - ${python.interpreter} runtests.py --nolint - ''; + buildInputs = [ + django + ]; + + propagatedBuildInputs = [ + djangorestframework + ]; + + nativeCheckInputs = [ + ipdb + pytestCheckHook + pytest-django + ]; meta = with lib; { homepage = "https://github.com/alanjds/drf-nested-routers"; diff --git a/pkgs/development/python-modules/mezzanine/default.nix b/pkgs/development/python-modules/mezzanine/default.nix index 9eda32b4e48..46bf44bf8ad 100644 --- a/pkgs/development/python-modules/mezzanine/default.nix +++ b/pkgs/development/python-modules/mezzanine/default.nix @@ -14,6 +14,7 @@ , pillow , pyflakes , pythonOlder +, pytz , requests , requests-oauthlib , tzlocal @@ -47,6 +48,7 @@ buildPythonPackage rec { future grappelli_safe pillow + pytz requests requests-oauthlib tzlocal diff --git a/pkgs/development/python-modules/mock/default.nix b/pkgs/development/python-modules/mock/default.nix index e12ed6d6b04..7e5a72a47fa 100644 --- a/pkgs/development/python-modules/mock/default.nix +++ b/pkgs/development/python-modules/mock/default.nix @@ -1,40 +1,35 @@ { lib , buildPythonPackage , fetchPypi -, fetchpatch -, python , pythonOlder -, pytest -, unittestCheckHook +, pytestCheckHook }: buildPythonPackage rec { pname = "mock"; - version = "4.0.3"; + version = "5.1.0"; format = "setuptools"; disabled = pythonOlder "3.6"; src = fetchPypi { inherit pname version; - sha256 = "7d3fbbde18228f4ff2f1f119a45cdffa458b4c0dee32eb4d2bb2f82554bac7bc"; + sha256 = "sha256-Xpaq1czaRxjgointlLICTfdcwtVVdbpXYtMfV2e4dn0="; }; - patches = [ - (fetchpatch { - url = "https://github.com/testing-cabal/mock/commit/f3e3d82aab0ede7e25273806dc0505574d85eae2.patch"; - hash = "sha256-wPrv1/WeICZHn31UqFlICFsny2knvn3+Xg8BZoaGbwQ="; - }) + nativeCheckInputs = [ + pytestCheckHook ]; - nativeCheckInputs = [ - unittestCheckHook - pytest + pythonImportsCheck = [ + "mock" ]; meta = with lib; { - description = "Mock objects for Python"; + description = "Rolling backport of unittest.mock for all Pythons"; homepage = "https://github.com/testing-cabal/mock"; + changelog = "https://github.com/testing-cabal/mock/blob/${version}/CHANGELOG.rst"; license = licenses.bsd2; + maintainers = [ ]; }; } diff --git a/pkgs/development/python-modules/nplusone/default.nix b/pkgs/development/python-modules/nplusone/default.nix index ecf2255b359..5a31394c2d3 100644 --- a/pkgs/development/python-modules/nplusone/default.nix +++ b/pkgs/development/python-modules/nplusone/default.nix @@ -1,6 +1,7 @@ { lib , blinker , buildPythonPackage +, django , fetchFromGitHub , flake8 , flask-sqlalchemy @@ -79,5 +80,6 @@ buildPythonPackage rec { homepage = "https://github.com/jmcarp/nplusone"; maintainers = with maintainers; [ cript0nauta ]; license = licenses.mit; + broken = lib.versionAtLeast django.version "4"; }; } diff --git a/pkgs/development/python-modules/qcodes/default.nix b/pkgs/development/python-modules/qcodes/default.nix index db565e11d02..3dd8342ec1c 100644 --- a/pkgs/development/python-modules/qcodes/default.nix +++ b/pkgs/development/python-modules/qcodes/default.nix @@ -124,6 +124,11 @@ buildPythonPackage rec { "--durations=20" ]; + disabledTests = [ + # timing sensitive + "test_access_channels_by_slice" + ]; + disabledTestPaths = [ # depends on qcodes-loop, causing a cyclic dependency "qcodes/tests/dataset/measurement/test_load_legacy_data.py" diff --git a/pkgs/development/tools/build-managers/meson/darwin-case-sensitive-fs.patch b/pkgs/development/tools/build-managers/meson/darwin-case-sensitive-fs.patch deleted file mode 100644 index 2de9484226b..00000000000 --- a/pkgs/development/tools/build-managers/meson/darwin-case-sensitive-fs.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 1643ed0d8a9201732905bee51b096605d26aaaac Mon Sep 17 00:00:00 2001 -From: Randy Eckenrode <randy@largeandhighquality.com> -Date: Fri, 26 May 2023 00:10:45 -0400 -Subject: [PATCH] Fix test failures on Darwin on a case-sensitive fs - -This issue was encounetered while working on a contribution to nixpkgs. -Nix allows the store to be installed on a separate, case-sensitive APFS -volume. When the store is on a case-sensitive volume, these tests fail -because they try to use `foundation` instead of `Foundation`. ---- - .../failing/78 framework dependency with version/meson.build | 2 +- - test cases/objc/2 nsstring/meson.build | 2 +- - test cases/osx/6 multiframework/meson.build | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/test cases/failing/78 framework dependency with version/meson.build b/test cases/failing/78 framework dependency with version/meson.build -index b7e04bab446..ee315ebcbd7 100644 ---- a/test cases/failing/78 framework dependency with version/meson.build -+++ b/test cases/failing/78 framework dependency with version/meson.build -@@ -5,4 +5,4 @@ if host_machine.system() != 'darwin' - endif - - # do individual frameworks have a meaningful version to test? And multiple frameworks might be listed... --dep = dependency('appleframeworks', modules: 'foundation', version: '>0') -+dep = dependency('appleframeworks', modules: 'Foundation', version: '>0') -diff --git a/test cases/objc/2 nsstring/meson.build b/test cases/objc/2 nsstring/meson.build -index 94d2cf18ab4..2c483d50d68 100644 ---- a/test cases/objc/2 nsstring/meson.build -+++ b/test cases/objc/2 nsstring/meson.build -@@ -1,7 +1,7 @@ - project('nsstring', 'objc') - - if host_machine.system() == 'darwin' -- dep = dependency('appleframeworks', modules : 'foundation') -+ dep = dependency('appleframeworks', modules : 'Foundation') - elif host_machine.system() == 'cygwin' - error('MESON_SKIP_TEST GNUstep is not packaged for Cygwin.') - else -diff --git a/test cases/osx/6 multiframework/meson.build b/test cases/osx/6 multiframework/meson.build -index 28846243b21..57e5d61560b 100644 ---- a/test cases/osx/6 multiframework/meson.build -+++ b/test cases/osx/6 multiframework/meson.build -@@ -4,7 +4,7 @@ project('multiframework', 'objc') - # that causes a build failure when defining two modules. The - # arguments for the latter module overwrote the arguments for - # the first one rather than adding to them. --cocoa_dep = dependency('appleframeworks', modules : ['AppKit', 'foundation']) -+cocoa_dep = dependency('appleframeworks', modules : ['AppKit', 'Foundation']) - - executable('deptester', - 'main.m', diff --git a/pkgs/development/tools/build-managers/meson/default.nix b/pkgs/development/tools/build-managers/meson/default.nix index 58468ccee5b..aa09a5d2358 100644 --- a/pkgs/development/tools/build-managers/meson/default.nix +++ b/pkgs/development/tools/build-managers/meson/default.nix @@ -1,6 +1,6 @@ { lib , stdenv -, fetchPypi +, fetchFromGitHub , fetchpatch , installShellFiles , ninja @@ -18,18 +18,16 @@ python3.pkgs.buildPythonApplication rec { pname = "meson"; - version = "1.1.1"; + version = "1.2.0"; - src = fetchPypi { - inherit pname version; - hash = "sha256-0EtUH5fKQ5+4L6t9DUgJiL5L1OYlY6XKNfrbVAByexw="; + src = fetchFromGitHub { + owner = "mesonbuild"; + repo = "meson"; + rev = "refs/tags/${version}"; + hash = "sha256-bJAmkE+sL9DqKpcjZdBf4/z9lz+m/o0Z87hlAwbVbTY="; }; patches = [ - # Fix Meson tests that fail when the Nix store is case-sensitive APFS. - # https://github.com/mesonbuild/meson/pull/11820 - ./darwin-case-sensitive-fs.patch - # Meson is currently inspecting fewer variables than autoconf does, which # makes it harder for us to use setup hooks, etc. Taken from # https://github.com/mesonbuild/meson/pull/6827 diff --git a/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix b/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix index e44241171c6..3ac338d5c61 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/adv_cmds/default.nix @@ -1,5 +1,17 @@ -{ lib, appleDerivation, xcbuild, ncurses, libutil, Libc }: +{ stdenv, lib, appleDerivation, xcbuild, ncurses, libutil, Libc }: +let + # Libc conflicts with libc++ 16, so provide only the header from it that’s needed to build. + msgcat = stdenv.mkDerivation { + pname = "Libc-msgcat"; + version = lib.getVersion Libc; + + buildCommand = '' + mkdir -p "$out/include" + ln -s ${lib.getDev Libc}/include/msgcat.h "$out/include/" + ''; + }; +in appleDerivation { # We can't just run the root build, because https://github.com/facebook/xcbuild/issues/264 @@ -44,7 +56,7 @@ appleDerivation { ''; nativeBuildInputs = [ xcbuild ]; - buildInputs = [ ncurses libutil Libc ]; + buildInputs = [ ncurses libutil msgcat ]; meta = { platforms = lib.platforms.darwin; diff --git a/pkgs/os-specific/darwin/signing-utils/post-link-sign-hook.nix b/pkgs/os-specific/darwin/signing-utils/post-link-sign-hook.nix new file mode 100644 index 00000000000..13595e3771a --- /dev/null +++ b/pkgs/os-specific/darwin/signing-utils/post-link-sign-hook.nix @@ -0,0 +1,13 @@ +{ writeTextFile, cctools, sigtool }: + +writeTextFile { + name = "post-link-sign-hook"; + executable = true; + + text = '' + if [ "$linkerOutput" != "/dev/null" ]; then + CODESIGN_ALLOCATE=${cctools}/bin/${cctools.targetPrefix}codesign_allocate \ + ${sigtool}/bin/codesign -f -s - "$linkerOutput" + fi + ''; +} diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 3240fe93de1..efbcdead6f8 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -36,7 +36,10 @@ let debug = { # Necessary for BTF - DEBUG_INFO = yes; + DEBUG_INFO = mkMerge [ + (whenOlder "5.2" (if (features.debug or false) then yes else no)) + (whenBetween "5.2" "5.18" yes) + ]; DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT = whenAtLeast "5.18" yes; # Reduced debug info conflict with BTF and have been enabled in # aarch64 defconfig since 5.13 @@ -59,8 +62,6 @@ let SUNRPC_DEBUG = yes; # Provide access to tunables like sched_migration_cost_ns SCHED_DEBUG = yes; - - GDB_SCRIPTS = yes; }; power-management = { diff --git a/pkgs/os-specific/linux/kernel/generic.nix b/pkgs/os-specific/linux/kernel/generic.nix index 66052134905..56d89f67c64 100644 --- a/pkgs/os-specific/linux/kernel/generic.nix +++ b/pkgs/os-specific/linux/kernel/generic.nix @@ -47,7 +47,7 @@ # symbolic name and `patch' is the actual patch. The patch may # optionally be compressed with gzip or bzip2. kernelPatches ? [] -, ignoreConfigErrors ? stdenv.hostPlatform.linux-kernel.name or "" != "pc" +, ignoreConfigErrors ? stdenv.hostPlatform.linux-kernel.name != "pc" , extraMeta ? {} , isZen ? false @@ -55,7 +55,7 @@ , isHardened ? false # easy overrides to stdenv.hostPlatform.linux-kernel members -, autoModules ? stdenv.hostPlatform.linux-kernel.autoModules or true +, autoModules ? stdenv.hostPlatform.linux-kernel.autoModules , preferBuiltin ? stdenv.hostPlatform.linux-kernel.preferBuiltin or false , kernelArch ? stdenv.hostPlatform.linuxArch , kernelTests ? [] @@ -128,8 +128,11 @@ let ++ lib.optionals (lib.versionAtLeast version "4.16") [ bison flex ] ++ lib.optional (lib.versionAtLeast version "5.2") pahole; + platformName = stdenv.hostPlatform.linux-kernel.name; # e.g. "defconfig" - kernelBaseConfig = if defconfig != null then defconfig else stdenv.hostPlatform.linux-kernel.baseConfig or "defconfig"; + kernelBaseConfig = if defconfig != null then defconfig else stdenv.hostPlatform.linux-kernel.baseConfig; + # e.g. "bzImage" + kernelTarget = stdenv.hostPlatform.linux-kernel.target; makeFlags = lib.optionals (stdenv.hostPlatform.linux-kernel ? makeFlags) stdenv.hostPlatform.linux-kernel.makeFlags ++ extraMakeFlags; diff --git a/pkgs/os-specific/linux/kernel/manual-config.nix b/pkgs/os-specific/linux/kernel/manual-config.nix index 07325f0e10b..61013ef090a 100644 --- a/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/pkgs/os-specific/linux/kernel/manual-config.nix @@ -1,5 +1,5 @@ { lib, stdenv, buildPackages, runCommand, nettools, bc, bison, flex, perl, rsync, gmp, libmpc, mpfr, openssl -, libelf, cpio, elfutils, zstd, python3Minimal, zlib, pahole, ubootTools +, libelf, cpio, elfutils, zstd, python3Minimal, zlib, pahole , fetchpatch }: @@ -53,10 +53,6 @@ in lib.makeOverridable ({ }: let - config_ = config; -in - -let inherit (lib) hasAttr getAttr optional optionals optionalString optionalAttrs maintainers platforms; @@ -69,144 +65,315 @@ let (buildPackages.deterministic-uname.override { inherit modDirVersion; }) ] ++ optional (lib.versionAtLeast version "5.13") zstd; - config = let attrName = attr: "CONFIG_" + attr; in { - isSet = attr: hasAttr (attrName attr) config; - - getValue = attr: if config.isSet attr then getAttr (attrName attr) config else null; - - isYes = attr: (config.getValue attr) == "y"; - - isNo = attr: (config.getValue attr) == "n"; - - isModule = attr: (config.getValue attr) == "m"; - - isEnabled = attr: (config.isModule attr) || (config.isYes attr); - - isDisabled = attr: (!(config.isSet attr)) || (config.isNo attr); - } // config_; - - isModular = config.isYes "MODULES"; - - kernelConf = stdenv.hostPlatform.linux-kernel; - target = kernelConf.target or "vmlinux"; - - buildDTBs = kernelConf.DTB or false; + drvAttrs = config_: kernelConf: kernelPatches: configfile: + let + config = let attrName = attr: "CONFIG_" + attr; in { + isSet = attr: hasAttr (attrName attr) config; + + getValue = attr: if config.isSet attr then getAttr (attrName attr) config else null; + + isYes = attr: (config.getValue attr) == "y"; + + isNo = attr: (config.getValue attr) == "n"; + + isModule = attr: (config.getValue attr) == "m"; + + isEnabled = attr: (config.isModule attr) || (config.isYes attr); + + isDisabled = attr: (!(config.isSet attr)) || (config.isNo attr); + } // config_; + + isModular = config.isYes "MODULES"; + + buildDTBs = kernelConf.DTB or false; + + in (optionalAttrs isModular { outputs = [ "out" "dev" ]; }) // { + passthru = rec { + inherit version modDirVersion config kernelPatches configfile + moduleBuildDependencies stdenv; + inherit isZen isHardened isLibre; + isXen = lib.warn "The isXen attribute is deprecated. All Nixpkgs kernels that support it now have Xen enabled." true; + baseVersion = lib.head (lib.splitString "-rc" version); + kernelOlder = lib.versionOlder baseVersion; + kernelAtLeast = lib.versionAtLeast baseVersion; + }; + + inherit src; + + patches = + map (p: p.patch) kernelPatches + # Required for deterministic builds along with some postPatch magic. + ++ optional (lib.versionOlder version "5.19") ./randstruct-provide-seed.patch + ++ optional (lib.versionAtLeast version "5.19") ./randstruct-provide-seed-5.19.patch + # Linux 5.12 marked certain PowerPC-only symbols as GPL, which breaks + # OpenZFS; this was fixed in Linux 5.19 so we backport the fix + # https://github.com/openzfs/zfs/pull/13367 + ++ optional (lib.versionAtLeast version "5.12" && + lib.versionOlder version "5.19" && + stdenv.hostPlatform.isPower) + (fetchpatch { + url = "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/patch/?id=d9e5c3e9e75162f845880535957b7fd0b4637d23"; + hash = "sha256-bBOyJcP6jUvozFJU0SPTOf3cmnTQ6ZZ4PlHjiniHXLU="; + }); + + postPatch = '' + sed -i Makefile -e 's|= depmod|= ${buildPackages.kmod}/bin/depmod|' + + # fixup for pre-5.4 kernels using the $(cd $foo && /bin/pwd) pattern + # FIXME: remove when no longer needed + substituteInPlace Makefile tools/scripts/Makefile.include --replace /bin/pwd pwd + + # Don't include a (random) NT_GNU_BUILD_ID, to make the build more deterministic. + # This way kernels can be bit-by-bit reproducible depending on settings + # (e.g. MODULE_SIG and SECURITY_LOCKDOWN_LSM need to be disabled). + # See also https://kernelnewbies.org/BuildId + sed -i Makefile -e 's|--build-id=[^ ]*|--build-id=none|' + + # Some linux-hardened patches now remove certain files in the scripts directory, so the file may not exist. + [[ -f scripts/ld-version.sh ]] && patchShebangs scripts/ld-version.sh + + # Set randstruct seed to a deterministic but diversified value. Note: + # we could have instead patched gen-random-seed.sh to take input from + # the buildFlags, but that would require also patching the kernel's + # toplevel Makefile to add a variable export. This would be likely to + # cause future patch conflicts. + for file in scripts/gen-randstruct-seed.sh scripts/gcc-plugins/gen-random-seed.sh; do + if [ -f "$file" ]; then + substituteInPlace "$file" \ + --replace NIXOS_RANDSTRUCT_SEED \ + $(echo ${randstructSeed}${src} ${placeholder "configfile"} | sha256sum | cut -d ' ' -f 1 | tr -d '\n') + break + fi + done + + patchShebangs scripts + + # also patch arch-specific install scripts + for i in $(find arch -name install.sh); do + patchShebangs "$i" + done + ''; + + configurePhase = '' + runHook preConfigure + + mkdir build + export buildRoot="$(pwd)/build" + + echo "manual-config configurePhase buildRoot=$buildRoot pwd=$PWD" + + if [ -f "$buildRoot/.config" ]; then + echo "Could not link $buildRoot/.config : file exists" + exit 1 + fi + ln -sv ${configfile} $buildRoot/.config + + # reads the existing .config file and prompts the user for options in + # the current kernel source that are not found in the file. + make $makeFlags "''${makeFlagsArray[@]}" oldconfig + runHook postConfigure + + make $makeFlags "''${makeFlagsArray[@]}" prepare + actualModDirVersion="$(cat $buildRoot/include/config/kernel.release)" + if [ "$actualModDirVersion" != "${modDirVersion}" ]; then + echo "Error: modDirVersion ${modDirVersion} specified in the Nix expression is wrong, it should be: $actualModDirVersion" + exit 1 + fi + + buildFlagsArray+=("KBUILD_BUILD_TIMESTAMP=$(date -u -d @$SOURCE_DATE_EPOCH)") + + cd $buildRoot + ''; + + buildFlags = [ + "KBUILD_BUILD_VERSION=1-NixOS" + kernelConf.target + "vmlinux" # for "perf" and things like that + ] ++ optional isModular "modules" + ++ optionals buildDTBs ["dtbs" "DTC_FLAGS=-@"] + ++ extraMakeFlags; + + installFlags = [ + "INSTALL_PATH=$(out)" + ] ++ (optional isModular "INSTALL_MOD_PATH=$(out)") + ++ optionals buildDTBs ["dtbs_install" "INSTALL_DTBS_PATH=$(out)/dtbs"]; + + preInstall = let + # All we really need to do here is copy the final image and System.map to $out, + # and use the kernel's modules_install, firmware_install, dtbs_install, etc. targets + # for the rest. Easy, right? + # + # Unfortunately for us, the obvious way of getting the built image path, + # make -s image_name, does not work correctly, because some architectures + # (*cough* aarch64 *cough*) change KBUILD_IMAGE on the fly in their install targets, + # so we end up attempting to install the thing we didn't actually build. + # + # Thankfully, there's a way out that doesn't involve just hardcoding everything. + # + # The kernel has an install target, which runs a pretty simple shell script + # (located at scripts/install.sh or arch/$arch/boot/install.sh, depending on + # which kernel version you're looking at) that tries to do something sensible. + # + # (it would be great to hijack this script immediately, as it has all the + # information we need passed to it and we don't need it to try and be smart, + # but unfortunately, the exact location of the scripts differs between kernel + # versions, and they're seemingly not considered to be public API at all) + # + # One of the ways it tries to discover what "something sensible" actually is + # is by delegating to what's supposed to be a user-provided install script + # located at ~/bin/installkernel. + # + # (the other options are: + # - a distribution-specific script at /sbin/installkernel, + # which we can't really create in the sandbox easily + # - an architecture-specific script at arch/$arch/boot/install.sh, + # which attempts to guess _something_ and usually guesses very wrong) + # + # More specifically, the install script exec's into ~/bin/installkernel, if one + # exists, with the following arguments: + # + # $1: $KERNELRELEASE - full kernel version string + # $2: $KBUILD_IMAGE - the final image path + # $3: System.map - path to System.map file, seemingly hardcoded everywhere + # $4: $INSTALL_PATH - path to the destination directory as specified in installFlags + # + # $2 is exactly what we want, so hijack the script and use the knowledge given to it + # by the makefile overlords for our own nefarious ends. + # + # Note that the makefiles specifically look in ~/bin/installkernel, and + # writeShellScriptBin writes the script to <store path>/bin/installkernel, + # so HOME needs to be set to just the store path. + # + # FIXME: figure out a less roundabout way of doing this. + installkernel = buildPackages.writeShellScriptBin "installkernel" '' + cp -av $2 $4 + cp -av $3 $4 + ''; + in '' + installFlagsArray+=("-j$NIX_BUILD_CORES") + export HOME=${installkernel} + ''; + + # Some image types need special install targets (e.g. uImage is installed with make uinstall) + installTargets = [ + (kernelConf.installTarget or ( + /**/ if kernelConf.target == "uImage" then "uinstall" + else if kernelConf.target == "zImage" || kernelConf.target == "Image.gz" then "zinstall" + else "install")) + ]; + + postInstall = optionalString isModular '' + mkdir -p $dev + cp vmlinux $dev/ + if [ -z "''${dontStrip-}" ]; then + installFlagsArray+=("INSTALL_MOD_STRIP=1") + fi + make modules_install $makeFlags "''${makeFlagsArray[@]}" \ + $installFlags "''${installFlagsArray[@]}" + unlink $out/lib/modules/${modDirVersion}/build + unlink $out/lib/modules/${modDirVersion}/source + + mkdir -p $dev/lib/modules/${modDirVersion}/{build,source} + + # To save space, exclude a bunch of unneeded stuff when copying. + (cd .. && rsync --archive --prune-empty-dirs \ + --exclude='/build/' \ + * $dev/lib/modules/${modDirVersion}/source/) + + cd $dev/lib/modules/${modDirVersion}/source + + cp $buildRoot/{.config,Module.symvers} $dev/lib/modules/${modDirVersion}/build + make modules_prepare $makeFlags "''${makeFlagsArray[@]}" O=$dev/lib/modules/${modDirVersion}/build + + # For reproducibility, removes accidental leftovers from a `cc1` call + # from a `try-run` call from the Makefile + rm -f $dev/lib/modules/${modDirVersion}/build/.[0-9]*.d + + # Keep some extra files on some arches (powerpc, aarch64) + for f in arch/powerpc/lib/crtsavres.o arch/arm64/kernel/ftrace-mod.o; do + if [ -f "$buildRoot/$f" ]; then + cp $buildRoot/$f $dev/lib/modules/${modDirVersion}/build/$f + fi + done + + # !!! No documentation on how much of the source tree must be kept + # If/when kernel builds fail due to missing files, you can add + # them here. Note that we may see packages requiring headers + # from drivers/ in the future; it adds 50M to keep all of its + # headers on 3.10 though. + + chmod u+w -R .. + arch=$(cd $dev/lib/modules/${modDirVersion}/build/arch; ls) + + # Remove unused arches + for d in $(cd arch/; ls); do + if [ "$d" = "$arch" ]; then continue; fi + if [ "$arch" = arm64 ] && [ "$d" = arm ]; then continue; fi + rm -rf arch/$d + done + + # Remove all driver-specific code (50M of which is headers) + rm -fR drivers + + # Keep all headers + find . -type f -name '*.h' -print0 | xargs -0 -r chmod u-w + + # Keep linker scripts (they are required for out-of-tree modules on aarch64) + find . -type f -name '*.lds' -print0 | xargs -0 -r chmod u-w + + # Keep root and arch-specific Makefiles + chmod u-w Makefile arch/"$arch"/Makefile* + + # Keep whole scripts dir + chmod u-w -R scripts + + # Delete everything not kept + find . -type f -perm -u=w -print0 | xargs -0 -r rm + + # Delete empty directories + find -empty -type d -delete + + # Remove reference to kmod + sed -i Makefile -e 's|= ${buildPackages.kmod}/bin/depmod|= depmod|' + ''; + + requiredSystemFeatures = [ "big-parallel" ]; + + meta = { + description = + "The Linux kernel" + + (if kernelPatches == [] then "" else + " (with patches: " + + lib.concatStringsSep ", " (map (x: x.name) kernelPatches) + + ")"); + license = lib.licenses.gpl2Only; + homepage = "https://www.kernel.org/"; + maintainers = lib.teams.linux-kernel.members ++ [ + maintainers.thoughtpolice + ]; + platforms = platforms.linux; + timeout = 14400; # 4 hours + } // extraMeta; + }; in assert lib.versionOlder version "5.8" -> libelf != null; assert lib.versionAtLeast version "5.8" -> elfutils != null; -stdenv.mkDerivation ({ +stdenv.mkDerivation ((drvAttrs config stdenv.hostPlatform.linux-kernel kernelPatches configfile) // { pname = "linux"; - inherit version src; + inherit version; + + enableParallelBuilding = true; depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ - bc gmp libmpc mpfr nettools openssl perl python3Minimal rsync ubootTools - zstd - ] ++ optional (lib.versionOlder version "5.8") libelf - ++ optionals (lib.versionAtLeast version "4.16") [ bison flex ] - ++ optionals (lib.versionAtLeast version "5.2") [ cpio pahole zlib ] - ++ optional (lib.versionAtLeast version "5.8") elfutils; - - patches = - map (p: p.patch) kernelPatches - # Required for deterministic builds along with some postPatch magic. - ++ optional (lib.versionOlder version "5.19") ./randstruct-provide-seed.patch - ++ optional (lib.versionAtLeast version "5.19") ./randstruct-provide-seed-5.19.patch - # Linux 5.12 marked certain PowerPC-only symbols as GPL, which breaks - # OpenZFS; this was fixed in Linux 5.19 so we backport the fix - # https://github.com/openzfs/zfs/pull/13367 - ++ optional (lib.versionAtLeast version "5.12" && - lib.versionOlder version "5.19" && - stdenv.hostPlatform.isPower) - (fetchpatch { - url = "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/patch/?id=d9e5c3e9e75162f845880535957b7fd0b4637d23"; - hash = "sha256-bBOyJcP6jUvozFJU0SPTOf3cmnTQ6ZZ4PlHjiniHXLU="; - }); - - preUnpack = '' - # The same preUnpack is used to build the configfile, - # which does not have $dev. - if [ -n "$dev" ]; then - mkdir -p $dev/lib/modules/${modDirVersion} - cd $dev/lib/modules/${modDirVersion} - fi - ''; - - postUnpack = '' - mv -Tv "$sourceRoot" source 2>/dev/null || : - export sourceRoot=$PWD/source - ''; - - postPatch = '' - sed -i Makefile -e 's|= depmod|= ${buildPackages.kmod}/bin/depmod|' - - # fixup for pre-4.15 kernels using the $(cd $foo && /bin/pwd) pattern - # FIXME: remove when no longer needed - substituteInPlace Makefile tools/scripts/Makefile.include --replace /bin/pwd pwd - - # Don't include a (random) NT_GNU_BUILD_ID, to make the build more deterministic. - # This way kernels can be bit-by-bit reproducible depending on settings - # (e.g. MODULE_SIG and SECURITY_LOCKDOWN_LSM need to be disabled). - # See also https://kernelnewbies.org/BuildId - sed -i Makefile -e 's|--build-id=[^ ]*|--build-id=none|' - - # Some linux-hardened patches now remove certain files in the scripts directory, so the file may not exist. - [[ -f scripts/ld-version.sh ]] && patchShebangs scripts/ld-version.sh - - # Set randstruct seed to a deterministic but diversified value. Note: - # we could have instead patched gen-random-seed.sh to take input from - # the buildFlags, but that would require also patching the kernel's - # toplevel Makefile to add a variable export. This would be likely to - # cause future patch conflicts. - for file in scripts/gen-randstruct-seed.sh scripts/gcc-plugins/gen-random-seed.sh; do - if [ -f "$file" ]; then - substituteInPlace "$file" \ - --replace NIXOS_RANDSTRUCT_SEED \ - $(echo ${randstructSeed}${src} ${placeholder "configfile"} | sha256sum | cut -d ' ' -f 1 | tr -d '\n') - break - fi - done - - patchShebangs scripts - - # also patch arch-specific install scripts - for i in $(find arch -name install.sh); do - patchShebangs "$i" - done - ''; - - configurePhase = '' - runHook preConfigure - - export buildRoot=$TMPDIR/kernel-buildroot - mkdir -p $buildRoot - - echo "manual-config configurePhase buildRoot=$buildRoot pwd=$PWD" - - if [ -f "$buildRoot/.config" ]; then - echo "Could not link $buildRoot/.config : file exists" - exit 1 - fi - ln -sv ${configfile} $buildRoot/.config - - # reads the existing .config file and prompts the user for options in - # the current kernel source that are not found in the file. - make $makeFlags "''${makeFlagsArray[@]}" oldconfig - runHook postConfigure - - make $makeFlags "''${makeFlagsArray[@]}" prepare - actualModDirVersion="$(cat $buildRoot/include/config/kernel.release)" - if [ "$actualModDirVersion" != "${modDirVersion}" ]; then - echo "Error: modDirVersion ${modDirVersion} specified in the Nix expression is wrong, it should be: $actualModDirVersion" - exit 1 - fi - - buildFlagsArray+=("KBUILD_BUILD_TIMESTAMP=$(date -u -d @$SOURCE_DATE_EPOCH)") - - cd $buildRoot - ''; + nativeBuildInputs = [ perl bc nettools openssl rsync gmp libmpc mpfr zstd python3Minimal ] + ++ optional (stdenv.hostPlatform.linux-kernel.target == "uImage") buildPackages.ubootTools + ++ optional (lib.versionOlder version "5.8") libelf + ++ optionals (lib.versionAtLeast version "4.16") [ bison flex ] + ++ optionals (lib.versionAtLeast version "5.2") [ cpio pahole zlib ] + ++ optional (lib.versionAtLeast version "5.8") elfutils + ; hardeningDisable = [ "bindnow" "format" "fortify" "stackprotector" "pic" "pie" ]; @@ -219,214 +386,8 @@ stdenv.mkDerivation ({ "ARCH=${stdenv.hostPlatform.linuxArch}" ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ "CROSS_COMPILE=${stdenv.cc.targetPrefix}" - ] ++ (kernelConf.makeFlags or []) + ] ++ (stdenv.hostPlatform.linux-kernel.makeFlags or []) ++ extraMakeFlags; karch = stdenv.hostPlatform.linuxArch; - - buildFlags = [ - "DTC_FLAGS=-@" - "KBUILD_BUILD_VERSION=1-NixOS" - - # Set by default in the kernel since a73619a845d5, - # replicated here to apply to older versions. - # Makes __FILE__ relative to the build directory. - "KCPPFLAGS=-fmacro-prefix-map=$(sourceRoot)/=" - kernelConf.target - ] ++ optional isModular "modules" - ++ optional buildDTBs "dtbs" - ++ extraMakeFlags; - - installFlags = [ - "INSTALL_PATH=$(out)" - ] ++ (optional isModular "INSTALL_MOD_PATH=$(out)") - ++ optionals buildDTBs ["dtbs_install" "INSTALL_DTBS_PATH=$(out)/dtbs"]; - - preInstall = let - # All we really need to do here is copy the final image and System.map to $out, - # and use the kernel's modules_install, firmware_install, dtbs_install, etc. targets - # for the rest. Easy, right? - # - # Unfortunately for us, the obvious way of getting the built image path, - # make -s image_name, does not work correctly, because some architectures - # (*cough* aarch64 *cough*) change KBUILD_IMAGE on the fly in their install targets, - # so we end up attempting to install the thing we didn't actually build. - # - # Thankfully, there's a way out that doesn't involve just hardcoding everything. - # - # The kernel has an install target, which runs a pretty simple shell script - # (located at scripts/install.sh or arch/$arch/boot/install.sh, depending on - # which kernel version you're looking at) that tries to do something sensible. - # - # (it would be great to hijack this script immediately, as it has all the - # information we need passed to it and we don't need it to try and be smart, - # but unfortunately, the exact location of the scripts differs between kernel - # versions, and they're seemingly not considered to be public API at all) - # - # One of the ways it tries to discover what "something sensible" actually is - # is by delegating to what's supposed to be a user-provided install script - # located at ~/bin/installkernel. - # - # (the other options are: - # - a distribution-specific script at /sbin/installkernel, - # which we can't really create in the sandbox easily - # - an architecture-specific script at arch/$arch/boot/install.sh, - # which attempts to guess _something_ and usually guesses very wrong) - # - # More specifically, the install script exec's into ~/bin/installkernel, if one - # exists, with the following arguments: - # - # $1: $KERNELRELEASE - full kernel version string - # $2: $KBUILD_IMAGE - the final image path - # $3: System.map - path to System.map file, seemingly hardcoded everywhere - # $4: $INSTALL_PATH - path to the destination directory as specified in installFlags - # - # $2 is exactly what we want, so hijack the script and use the knowledge given to it - # by the makefile overlords for our own nefarious ends. - # - # Note that the makefiles specifically look in ~/bin/installkernel, and - # writeShellScriptBin writes the script to <store path>/bin/installkernel, - # so HOME needs to be set to just the store path. - # - # FIXME: figure out a less roundabout way of doing this. - installkernel = buildPackages.writeShellScriptBin "installkernel" '' - cp -av $2 $4 - cp -av $3 $4 - ''; - in '' - installFlagsArray+=("-j$NIX_BUILD_CORES") - export HOME=${installkernel} - ''; - - # Some image types need special install targets (e.g. uImage is installed with make uinstall) - installTargets = [ - (kernelConf.installTarget or ( - /**/ if target == "uImage" then "uinstall" - else if target == "zImage" || target == "Image.gz" then "zinstall" - else "install")) - ]; - - postInstall = optionalString isModular '' - if [ -z "''${dontStrip-}" ]; then - installFlagsArray+=("INSTALL_MOD_STRIP=1") - fi - make modules_install $makeFlags "''${makeFlagsArray[@]}" \ - $installFlags "''${installFlagsArray[@]}" - unlink $out/lib/modules/${modDirVersion}/build - unlink $out/lib/modules/${modDirVersion}/source - - mkdir $dev/lib/modules/${modDirVersion}/build - - cd $dev/lib/modules/${modDirVersion}/source - - cp $buildRoot/{.config,Module.symvers} $dev/lib/modules/${modDirVersion}/build - make modules_prepare $makeFlags "''${makeFlagsArray[@]}" O=$dev/lib/modules/${modDirVersion}/build - - # For reproducibility, removes accidental leftovers from a `cc1` call - # from a `try-run` call from the Makefile - rm -f $dev/lib/modules/${modDirVersion}/build/.[0-9]*.d - - # Keep some extra files - for f in arch/powerpc/lib/crtsavres.o arch/arm64/kernel/ftrace-mod.o \ - scripts/gdb/linux vmlinux vmlinux-gdb.py - do - if [ -e "$buildRoot/$f" ]; then - mkdir -p "$(dirname "$dev/lib/modules/${modDirVersion}/build/$f")" - cp -HR $buildRoot/$f $dev/lib/modules/${modDirVersion}/build/$f - fi - done - ln -s $dev/lib/modules/${modDirVersion}/build/vmlinux $dev - - # !!! No documentation on how much of the source tree must be kept - # If/when kernel builds fail due to missing files, you can add - # them here. Note that we may see packages requiring headers - # from drivers/ in the future; it adds 50M to keep all of its - # headers on 3.10 though. - - chmod u+w -R .. - arch=$(cd $dev/lib/modules/${modDirVersion}/build/arch; ls) - - # Remove unused arches - for d in $(cd arch/; ls); do - if [ "$d" = "$arch" ]; then continue; fi - if [ "$arch" = arm64 ] && [ "$d" = arm ]; then continue; fi - rm -rf arch/$d - done - - # Remove all driver-specific code (50M of which is headers) - rm -fR drivers - - # Keep all headers - find . -type f -name '*.h' -print0 | xargs -0 -r chmod u-w - - # Keep linker scripts (they are required for out-of-tree modules on aarch64) - find . -type f -name '*.lds' -print0 | xargs -0 -r chmod u-w - - # Keep root and arch-specific Makefiles - chmod u-w Makefile arch/"$arch"/Makefile* - - # Keep whole scripts dir - chmod u-w -R scripts - - # Delete everything not kept - find . -type f -perm -u=w -print0 | xargs -0 -r rm - - # Delete empty directories - find -empty -type d -delete - - # Remove reference to kmod - sed -i Makefile -e 's|= ${buildPackages.kmod}/bin/depmod|= depmod|' - '' - # unfortunately linux/arch/mips/Makefile does not understand installkernel - # and simply copies to $(INSTALL_PATH)/vmlinux-$(KERNELRELEASE) - + lib.optionalString stdenv.hostPlatform.isMips '' - mv $out/vmlinux-* $out/vmlinux || true - mv $out/vmlinuz-* $out/vmlinuz || true - mv $out/System.map-* $out/System.map - ''; - - preFixup = '' - # Don't strip $dev/lib/modules/*/vmlinux - stripDebugList="$(cd $dev && echo lib/modules/*/build/*/)" - '' + lib.optionalString (stdenv.hostPlatform.isMips) '' - $STRIP -s $out/vmlinux || true - ''; - - enableParallelBuilding = true; - - passthru = rec { - inherit version modDirVersion config kernelPatches configfile - moduleBuildDependencies stdenv; - inherit isZen isHardened isLibre; - isXen = lib.warn "The isXen attribute is deprecated. All Nixpkgs kernels that support it now have Xen enabled." true; - baseVersion = lib.head (lib.splitString "-rc" version); - kernelOlder = lib.versionOlder baseVersion; - kernelAtLeast = lib.versionAtLeast baseVersion; - }; - - requiredSystemFeatures = [ "big-parallel" ]; - - meta = { - description = - "The Linux kernel" + - (lib.optionalString (kernelPatches != []) ( - " (with patches: " - + lib.concatStringsSep ", " (map (x: x.name) kernelPatches) - + ")" - )); - license = lib.licenses.gpl2Only; - homepage = "https://www.kernel.org/"; - maintainers = lib.teams.linux-kernel.members ++ [ - maintainers.thoughtpolice - ]; - platforms = platforms.linux; - badPlatforms = - lib.optionals (lib.versionOlder version "4.15") [ "riscv32-linux" "riscv64-linux" ] ++ - lib.optional (lib.versionOlder version "5.19") "loongarch64-linux"; - timeout = 14400; # 4 hours - } // extraMeta; -} // optionalAttrs (pos != null) { - inherit pos; -} // optionalAttrs isModular { - outputs = [ "out" "dev" ]; -})) +} // (optionalAttrs (pos != null) { inherit pos; }))) diff --git a/pkgs/servers/baserow/default.nix b/pkgs/servers/baserow/default.nix index 09a1b5e83da..34fba145c9c 100644 --- a/pkgs/servers/baserow/default.nix +++ b/pkgs/servers/baserow/default.nix @@ -29,6 +29,8 @@ let doCheck = false; }; + + django = super.django_3; }; }; in diff --git a/pkgs/servers/mail/mailman/python.nix b/pkgs/servers/mail/mailman/python.nix index 288e48d814e..dfd8790302f 100644 --- a/pkgs/servers/mail/mailman/python.nix +++ b/pkgs/servers/mail/mailman/python.nix @@ -2,6 +2,8 @@ python3.override { packageOverrides = self: super: { + django = super.django_3; + # does not find tests alembic = super.alembic.overridePythonAttrs (oldAttrs: { doCheck = false; diff --git a/pkgs/stdenv/darwin/default.nix b/pkgs/stdenv/darwin/default.nix index 7e6a7077763..25a80fd11aa 100644 --- a/pkgs/stdenv/darwin/default.nix +++ b/pkgs/stdenv/darwin/default.nix @@ -65,11 +65,7 @@ let isBuiltByBootstrapFilesCompiler = pkg: isFromNixpkgs pkg && isFromBootstrapFiles pkg.stdenv.cc.cc; - commonPreHook = pkgs: lib.optionalString (pkgs.darwin.system_cmds != null) '' - # Only use a response file on older systems with a small ARG_MAX (less than 1 MiB). - export NIX_CC_USE_RESPONSE_FILE=$(( "$("${lib.getBin pkgs.darwin.system_cmds}/bin/getconf" ARG_MAX)" < 1048576 )) - export NIX_LD_USE_RESPONSE_FILE=$NIX_CC_USE_RESPONSE_FILE - '' + '' + commonPreHook = '' export NIX_ENFORCE_NO_NATIVE=''${NIX_ENFORCE_NO_NATIVE-1} export NIX_ENFORCE_PURITY=''${NIX_ENFORCE_PURITY-1} export NIX_IGNORE_LD_THROUGH_GCC=1 @@ -166,7 +162,7 @@ let # dependencies on the bootstrapTools in the final stdenv. dontPatchShebangs=1 '' + '' - ${commonPreHook prevStage} + ${commonPreHook} ${extraPreHook} '' + lib.optionalString (prevStage.darwin ? locale) '' export PATH_LOCALE=${prevStage.darwin.locale}/share/locale @@ -216,7 +212,6 @@ in print-reexports = null; rewrite-tbd = null; sigtool = null; - system_cmds = null; CF = null; Libsystem = null; }; @@ -300,27 +295,6 @@ in rewrite-tbd = bootstrapTools; sigtool = bootstrapTools; - - # The bootstrap only needs `getconf` from system_cmds, and it only needs to be able to - # query `ARG_MAX`. Using a small value here should be fine for the initial stage 1 build. - system_cmds = self.stdenv.mkDerivation { - name = "bootstrap-stage0-system_cmds"; - buildCommand = '' - mkdir -p "$out/bin" - cat <<block > "$out/bin/getconf" - #!${bootstrapTools}/bin/bash - case "\$1" in - ARG_MAX) - echo "262144" - ;; - *) - exit 1 - esac - block - chmod a+x "$out/bin/getconf" - ''; - passthru.isFromBootstrapFiles = true; - }; } // lib.optionalAttrs (! useAppleSDKLibs) { CF = self.stdenv.mkDerivation { name = "bootstrap-stage0-CF"; @@ -453,7 +427,7 @@ in assert lib.all isFromBootstrapFiles (with prevStage; [ bash coreutils cpio gnugrep pbzx ]); assert lib.all isFromBootstrapFiles (with prevStage.darwin; [ - binutils-unwrapped cctools print-reexports rewrite-tbd sigtool system_cmds + binutils-unwrapped cctools print-reexports rewrite-tbd sigtool ]); assert (! useAppleSDKLibs) -> lib.all isFromBootstrapFiles (with prevStage.darwin; [ CF Libsystem ]); @@ -486,12 +460,14 @@ in python3 = super.python3Minimal; darwin = super.darwin.overrideScope (selfDarwin: superDarwin: { - inherit (prevStage.darwin) system_cmds; - signingUtils = prevStage.darwin.signingUtils.override { inherit (selfDarwin) sigtool; }; + postLinkSignHook = prevStage.darwin.postLinkSignHook.override { + inherit (selfDarwin) sigtool; + }; + binutils = superDarwin.binutils.override { inherit (self) coreutils; inherit (selfDarwin) postLinkSignHook signingUtils; @@ -536,7 +512,7 @@ in ''; }) - # Build sysctl, system_cmds and Python for use by LLVM’s check phase. These must be built in their + # Build sysctl and Python for use by LLVM’s check phase. These must be built in their # own stage, or an infinite recursion results on x86_64-darwin when using the source-based SDK. (prevStage: # previous stage1 stdenv: @@ -553,8 +529,6 @@ in assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ binutils-unwrapped cctools locale libtapi print-reexports rewrite-tbd sigtool ]); - assert lib.all isFromBootstrapFiles (with prevStage.darwin; [ system_cmds ]); - assert (! useAppleSDKLibs) -> lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ CF Libsystem configd ]); assert useAppleSDKLibs -> lib.all isFromNixpkgs (with prevStage.darwin; [ CF Libsystem libobjc]); assert lib.all isFromNixpkgs (with prevStage.darwin; [ dyld launchd xnu ]); @@ -651,7 +625,7 @@ in ]); assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ - binutils-unwrapped cctools locale libtapi print-reexports rewrite-tbd sigtool system_cmds + binutils-unwrapped cctools locale libtapi print-reexports rewrite-tbd sigtool ]); assert (! useAppleSDKLibs) -> lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ CF Libsystem configd ]); @@ -679,8 +653,7 @@ in darwin = super.darwin.overrideScope (_: superDarwin: { inherit (prevStage.darwin) CF Libsystem configd darwin-stubs dyld launchd libclosure libdispatch libobjc - locale objc4 postLinkSignHook print-reexports rewrite-tbd signingUtils sigtool - system_cmds; + locale objc4 postLinkSignHook print-reexports rewrite-tbd signingUtils sigtool; # Avoid building unnecessary Python dependencies due to building LLVM manpages. cctools-llvm = superDarwin.cctools-llvm.override { enableManpages = false; }; @@ -749,7 +722,7 @@ in ]); assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ - binutils-unwrapped cctools locale libtapi print-reexports rewrite-tbd sigtool system_cmds + binutils-unwrapped cctools locale libtapi print-reexports rewrite-tbd sigtool ]); assert (! useAppleSDKLibs) -> lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ CF Libsystem configd ]); @@ -786,7 +759,7 @@ in darwin = super.darwin.overrideScope (selfDarwin: superDarwin: { inherit (prevStage.darwin) CF binutils-unwrapped cctools configd darwin-stubs launchd libobjc libtapi locale - objc4 print-reexports rewrite-tbd signingUtils sigtool system_cmds; + objc4 print-reexports rewrite-tbd signingUtils sigtool; }); llvmPackages = super.llvmPackages // ( @@ -848,7 +821,7 @@ in ]); assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ - binutils-unwrapped cctools locale libtapi print-reexports rewrite-tbd sigtool system_cmds + binutils-unwrapped cctools locale libtapi print-reexports rewrite-tbd sigtool ]); assert (! useAppleSDKLibs) -> lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ CF configd ]); @@ -882,7 +855,7 @@ in darwin = super.darwin.overrideScope (selfDarwin: superDarwin: { inherit (prevStage.darwin) Libsystem configd darwin-stubs launchd locale print-reexports rewrite-tbd - signingUtils sigtool system_cmds; + signingUtils sigtool; # Rewrap binutils so it uses the rebuilt Libsystem. binutils = superDarwin.binutils.override { @@ -971,7 +944,7 @@ in ]); assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ - locale print-reexports rewrite-tbd sigtool system_cmds + locale print-reexports rewrite-tbd sigtool ]); assert lib.all isBuiltByNixpkgsCompiler (with prevStage.darwin; [ binutils-unwrapped cctools libtapi @@ -1011,7 +984,7 @@ in inherit (prevStage.darwin) CF Libsystem binutils binutils-unwrapped cctools cctools-llvm cctools-port configd darwin-stubs dyld launchd libclosure libdispatch libobjc libtapi locale objc4 - postLinkSignHook print-reexports rewrite-tbd signingUtils sigtool system_cmds; + postLinkSignHook print-reexports rewrite-tbd signingUtils sigtool; }); llvmPackages = super.llvmPackages // ( @@ -1051,7 +1024,7 @@ in ]); assert lib.all isBuiltByBootstrapFilesCompiler (with prevStage.darwin; [ - locale print-reexports rewrite-tbd sigtool system_cmds + locale print-reexports rewrite-tbd sigtool ]); assert lib.all isBuiltByNixpkgsCompiler (with prevStage.darwin; [ binutils-unwrapped cctools libtapi @@ -1191,7 +1164,7 @@ in ]); assert lib.all isBuiltByNixpkgsCompiler (with prevStage.darwin; [ - binutils-unwrapped cctools libtapi locale print-reexports rewrite-tbd sigtool system_cmds + binutils-unwrapped cctools libtapi locale print-reexports rewrite-tbd sigtool ]); assert (! useAppleSDKLibs) -> lib.all isBuiltByNixpkgsCompiler (with prevStage.darwin; [ CF Libsystem configd ]); @@ -1226,7 +1199,8 @@ in inherit config; - preHook = (commonPreHook prevStage) + '' + preHook = '' + ${commonPreHook} stripDebugFlags="-S" # llvm-strip does not support "-p" for Mach-O export PATH_LOCALE=${prevStage.darwin.locale}/share/locale ''; @@ -1324,7 +1298,6 @@ in dyld libtapi locale - system_cmds ] ++ lib.optional useAppleSDKLibs [ objc4 ] ++ lib.optionals doSign [ postLinkSignHook sigtool signingUtils ]); @@ -1341,7 +1314,7 @@ in darwin = super.darwin.overrideScope (_: _: { inherit (prevStage.darwin) - CF ICU Libsystem darwin-stubs dyld locale libobjc libtapi system_cmds xnu; + CF ICU Libsystem darwin-stubs dyld locale libobjc libtapi xnu; } // lib.optionalAttrs (super.stdenv.targetPlatform == localSystem) { inherit (prevStage.darwin) binutils binutils-unwrapped cctools-llvm cctools-port; }); diff --git a/pkgs/stdenv/generic/default.nix b/pkgs/stdenv/generic/default.nix index 0d9ae8d3c4f..cf194be92bd 100644 --- a/pkgs/stdenv/generic/default.nix +++ b/pkgs/stdenv/generic/default.nix @@ -70,10 +70,7 @@ let ../../build-support/setup-hooks/prune-libtool-files.sh ../../build-support/setup-hooks/reproducible-builds.sh ../../build-support/setup-hooks/set-source-date-epoch-to-latest.sh - (with buildPlatform; if isAarch64 && isLinux - then ../../build-support/setup-hooks/strip-tmp-aarch64.sh - else ../../build-support/setup-hooks/strip.sh - ) + ../../build-support/setup-hooks/strip.sh ] ++ lib.optionals hasCC [ cc ]; defaultBuildInputs = extraBuildInputs; diff --git a/pkgs/test/stdenv/patch-shebangs.nix b/pkgs/test/stdenv/patch-shebangs.nix index fb52f38ecc9..888d4a53a27 100644 --- a/pkgs/test/stdenv/patch-shebangs.nix +++ b/pkgs/test/stdenv/patch-shebangs.nix @@ -39,6 +39,23 @@ let }; }; + updates-nix-store = stdenv.mkDerivation { + name = "updates-nix-store"; + strictDeps = false; + dontUnpack = true; + installPhase = '' + mkdir -p $out/bin + echo "#!$NIX_STORE/path/to/bash" > $out/bin/test + echo "echo -n hello" >> $out/bin/test + chmod +x $out/bin/test + patchShebangs --update $out/bin/test + dontPatchShebangs=1 + ''; + passthru = { + assertion = "grep '^#!${stdenv.shell}' $out/bin/test > /dev/null"; + }; + }; + split-string = stdenv.mkDerivation { name = "split-string"; strictDeps = false; @@ -59,7 +76,7 @@ let in stdenv.mkDerivation { name = "test-patch-shebangs"; - passthru = { inherit (tests) bad-shebang ignores-nix-store split-string; }; + passthru = { inherit (tests) bad-shebang ignores-nix-store updates-nix-store split-string; }; buildCommand = '' validate() { local name=$1 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index a7238087a3d..65dbc2209ad 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -25618,6 +25618,17 @@ with pkgs; go = buildPackages.go_1_20; }; + # requires a newer Apple SDK + go_1_21 = darwin.apple_sdk_11_0.callPackage ../development/compilers/go/1.21.nix { + inherit (darwin.apple_sdk_11_0.frameworks) Foundation Security; + }; + buildGo121Module = darwin.apple_sdk_11_0.callPackage ../build-support/go/module.nix { + go = buildPackages.go_1_21; + }; + buildGo121Package = darwin.apple_sdk_11_0.callPackage ../build-support/go/package.nix { + go = buildPackages.go_1_21; + }; + go2nix = callPackage ../development/tools/go2nix { }; leaps = callPackage ../development/tools/leaps { }; diff --git a/pkgs/top-level/darwin-packages.nix b/pkgs/top-level/darwin-packages.nix index ef4240955b9..ee962d36671 100644 --- a/pkgs/top-level/darwin-packages.nix +++ b/pkgs/top-level/darwin-packages.nix @@ -133,20 +133,10 @@ impure-cmds // appleSourcePackages // chooseLibs // { sigtool = callPackage ../os-specific/darwin/sigtool { }; - postLinkSignHook = pkgs.writeTextFile { - name = "post-link-sign-hook"; - executable = true; - - text = '' - if [ "$linkerOutput" != "/dev/null" ]; then - CODESIGN_ALLOCATE=${targetPrefix}codesign_allocate \ - ${self.sigtool}/bin/codesign -f -s - "$linkerOutput" - fi - ''; - }; - signingUtils = callPackage ../os-specific/darwin/signing-utils { }; + postLinkSignHook = callPackage ../os-specific/darwin/signing-utils/post-link-sign-hook.nix { }; + autoSignDarwinBinariesHook = pkgs.makeSetupHook { name = "auto-sign-darwin-binaries-hook"; propagatedBuildInputs = [ self.signingUtils ]; diff --git a/pkgs/top-level/python-aliases.nix b/pkgs/top-level/python-aliases.nix index bab93fa033b..64362589ec0 100644 --- a/pkgs/top-level/python-aliases.nix +++ b/pkgs/top-level/python-aliases.nix @@ -93,6 +93,7 @@ mapAliases ({ django_classytags = django-classy-tags; # added 2023-07-25 django_colorful = django-colorful; # added 2023-07-25 django_compat = django-compat; # added 2023-07-25 + django-compat = throw "django-compat has been removed. It provided forward/backport compat for django 1.x, which is long end of life."; # added 2023-07-26 django_contrib_comments = django-contrib-comments; # added 2023-07-25 django-discover-runner = throw "django-discover-runner was removed because it is no longer maintained."; # added 2022-11-21 django_environ = django-environ; # added 2021-12-25 diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 1c34627d3a6..0c598c8e6cd 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -2731,12 +2731,11 @@ self: super: with self; { distutils_extra = callPackage ../development/python-modules/distutils_extra { }; - django = self.django_3; - - # Current LTS + # LTS in extended support phase django_3 = callPackage ../development/python-modules/django/3.nix { }; - # Current latest + # LTS with mainsteam support + django = self.django_4; django_4 = callPackage ../development/python-modules/django/4.nix { }; django-admin-datta = callPackage ../development/python-modules/django-admin-datta { }; @@ -2779,8 +2778,6 @@ self: super: with self; { django-colorful = callPackage ../development/python-modules/django-colorful { }; - django-compat = callPackage ../development/python-modules/django-compat { }; - django-compressor = callPackage ../development/python-modules/django-compressor { }; django-compression-middleware = callPackage ../development/python-modules/django-compression-middleware { }; |