diff options
| author | Janne Heß <janne@hess.ooo> | 2022-05-23 19:56:59 +0200 |
|---|---|---|
| committer | Janne Heß <janne@hess.ooo> | 2022-05-23 19:56:59 +0200 |
| commit | 3673f148b3e71f8dafdb11ba0335253d5659ff9f (patch) | |
| tree | b743e44f7c48f9b16fea7c0a662947ae41e45ed1 | |
| parent | 41cc1d5d9584103be4108c1815c350e07c807036 (diff) | |
| parent | f51499324ca76ffcf2f00caff5fc32b3f3e8237c (diff) | |
| download | nixpkgs-3673f148b3e71f8dafdb11ba0335253d5659ff9f.tar nixpkgs-3673f148b3e71f8dafdb11ba0335253d5659ff9f.tar.gz nixpkgs-3673f148b3e71f8dafdb11ba0335253d5659ff9f.tar.bz2 nixpkgs-3673f148b3e71f8dafdb11ba0335253d5659ff9f.tar.lz nixpkgs-3673f148b3e71f8dafdb11ba0335253d5659ff9f.tar.xz nixpkgs-3673f148b3e71f8dafdb11ba0335253d5659ff9f.tar.zst nixpkgs-3673f148b3e71f8dafdb11ba0335253d5659ff9f.zip | |
Merge remote-tracking branch 'origin/staging-next'
* origin/staging-next: (62 commits) Re-Revert "lua: fix on darwin by using makeBinaryWrapper (#172749)" openldap: fix cross-compilation makeBinaryWrapper: fix codesign on aarch64-darwin python3Packages.ldap: fix linking with openldap 2.5+ Revert "lua: fix on darwin by using makeBinaryWrapper (#172749)" wine: enable parallel build again pkgsi686Linux.gdb: fix formatting for 32-bit systems gtk4: Fix incorrect merge nixos/openldap: use upstream unit defaults openldap: update maintainers openldap: 2.4.58 -> 2.6.2 Revert "Add mingwW64-llvm cross-system." lua: fix on darwin by using makeBinaryWrapper (#172749) python310Packages.python-mimeparse: execute tests pandas: fix darwin build gtk3: 3.24.33 -> 3.24.33-2022-03-11 gtk4: patch fixing g-c-c crashes e2fsprogs: patch for CVE-2022-1304 firefox-unwrapped: fix cross compilation rustc: expose correct llvmPackages for cross compile ...
49 files changed, 578 insertions, 288 deletions
diff --git a/doc/stdenv/stdenv.chapter.md b/doc/stdenv/stdenv.chapter.md index d5d27cbf086..b57698cb90b 100644 --- a/doc/stdenv/stdenv.chapter.md +++ b/doc/stdenv/stdenv.chapter.md @@ -869,7 +869,7 @@ makeWrapper $out/bin/foo $wrapperfile --set FOOBAR baz makeWrapper $out/bin/foo $wrapperfile --prefix PATH : ${lib.makeBinPath [ hello git ]} ``` -There’s many more kinds of arguments, they are documented in `nixpkgs/pkgs/build-support/setup-hooks/make-wrapper.sh` for the `makeWrapper` implementation and in `nixpkgs/pkgs/build-support/setup-hooks/make-binary-wrapper.sh` for the `makeBinaryWrapper` implementation. +There’s many more kinds of arguments, they are documented in `nixpkgs/pkgs/build-support/setup-hooks/make-wrapper.sh` for the `makeWrapper` implementation and in `nixpkgs/pkgs/build-support/setup-hooks/make-binary-wrapper/make-binary-wrapper.sh` for the `makeBinaryWrapper` implementation. `wrapProgram` is a convenience function you probably want to use most of the time, implemented by both `makeWrapper` and `makeBinaryWrapper`. diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index 35ac6bc6860..cebb90bf32c 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -118,6 +118,11 @@ </listitem> <listitem> <para> + PostgreSQL now defaults to major version 14. + </para> + </listitem> + <listitem> + <para> The new <link xlink:href="https://nixos.org/manual/nixpkgs/stable/#sec-postgresqlTestHook"><literal>postgresqlTestHook</literal></link> runs a PostgreSQL server for the duration of package checks. @@ -700,6 +705,18 @@ </listitem> <listitem> <para> + <literal>openldap</literal> (and therefore the slapd LDAP + server) were updated to version 2.6.2. The project introduced + backwards-incompatible changes, namely the removal of the bdb, + hdb, ndb, and shell backends in slapd. Therefore before + updating, dump your database <literal>slapcat -n 1</literal> + in LDIF format, and reimport it after updating your + <literal>services.openldap.settings</literal>, which + represents your <literal>cn=config</literal>. + </para> + </listitem> + <listitem> + <para> <literal>openssh</literal> has been update to 8.9p1, changing the FIDO security key middleware interface. </para> diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index 29429df05fc..3136a9607b6 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -45,6 +45,8 @@ In addition to numerous new and upgraded packages, this release has the followin - Pulseaudio has been upgraded to version 15.0 and now optionally [supports additional Bluetooth audio codecs](https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/15.0/#supportforldacandaptxbluetoothcodecsplussbcxqsbcwithhigher-qualityparameters) like aptX or LDAC, with codec switching support being available in `pavucontrol`. This feature is disabled by default but can be enabled by using `hardware.pulseaudio.package = pkgs.pulseaudioFull;`. Existing 3rd party modules that provided similar functionality, like `pulseaudio-modules-bt` or `pulseaudio-hsphfpd` are deprecated and have been removed. +- PostgreSQL now defaults to major version 14. + - The new [`postgresqlTestHook`](https://nixos.org/manual/nixpkgs/stable/#sec-postgresqlTestHook) runs a PostgreSQL server for the duration of package checks. - [`kops`](https://kops.sigs.k8s.io) defaults to 1.22.4, which will enable [Instance Metadata Service Version 2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html) and require tokens on new clusters with Kubernetes 1.22. This will increase security by default, but may break some types of workloads. See the [release notes](https://kops.sigs.k8s.io/releases/1.22-notes/) for details. @@ -246,6 +248,8 @@ In addition to numerous new and upgraded packages, this release has the followin - In the ncdns module, the default value of `services.ncdns.address` has been changed to the IPv6 loopback address (`::1`). +- `openldap` (and therefore the slapd LDAP server) were updated to version 2.6.2. The project introduced backwards-incompatible changes, namely the removal of the bdb, hdb, ndb, and shell backends in slapd. Therefore before updating, dump your database `slapcat -n 1` in LDIF format, and reimport it after updating your `services.openldap.settings`, which represents your `cn=config`. + - `openssh` has been update to 8.9p1, changing the FIDO security key middleware interface. - `git` no longer hardcodes the path to openssh' ssh binary to reduce the amount of rebuilds. If you are using git with ssh remotes and do not have a ssh binary in your enviroment consider adding `openssh` to it or switching to `gitFull`. diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix index 2c1e25d4308..1967a2371bd 100644 --- a/nixos/modules/services/databases/openldap.nix +++ b/nixos/modules/services/databases/openldap.nix @@ -268,9 +268,14 @@ in { }; systemd.services.openldap = { - description = "LDAP server"; + description = "OpenLDAP Server Daemon"; + documentation = [ + "man:slapd" + "man:slapd-config" + "man:slapd-mdb" + ]; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; + after = [ "network-online.target" ]; preStart = let settingsFile = pkgs.writeText "config.ldif" (lib.concatStringsSep "\n" (attrsToLdif "cn=config" cfg.settings)); @@ -306,7 +311,7 @@ in { "${openldap}/libexec/slapd" "-u" cfg.user "-g" cfg.group "-F" configDir "-h" (lib.concatStringsSep " " cfg.urlList) ]); - Type = "forking"; + Type = "notify"; PIDFile = cfg.settings.attrs.olcPidFile; }; }; diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index 2919022496a..550bd36efff 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -295,7 +295,8 @@ in # Note: when changing the default, make it conditional on # ‘system.stateVersion’ to maintain compatibility with existing # systems! - mkDefault (if versionAtLeast config.system.stateVersion "21.11" then pkgs.postgresql_13 + mkDefault (if versionAtLeast config.system.stateVersion "22.05" then pkgs.postgresql_14 + else if versionAtLeast config.system.stateVersion "21.11" then pkgs.postgresql_13 else if versionAtLeast config.system.stateVersion "20.03" then pkgs.postgresql_11 else if versionAtLeast config.system.stateVersion "17.09" then mkThrow "9_6" else mkThrow "9_5"); diff --git a/pkgs/applications/editors/neovim/utils.nix b/pkgs/applications/editors/neovim/utils.nix index e721457f2df..ee0abb58289 100644 --- a/pkgs/applications/editors/neovim/utils.nix +++ b/pkgs/applications/editors/neovim/utils.nix @@ -108,7 +108,7 @@ let hostprog_check_table); in [ - "--argv0" "$0" "--add-flags" (lib.escapeShellArgs flags) + "--inherit-argv0" "--add-flags" (lib.escapeShellArgs flags) ] ++ lib.optionals withRuby [ "--set" "GEM_HOME" "${rubyEnv}/${rubyEnv.ruby.gemPath}" ] ++ lib.optionals (binPath != "") [ diff --git a/pkgs/applications/editors/vscode/generic.nix b/pkgs/applications/editors/vscode/generic.nix index e1003180050..b4731b5701c 100644 --- a/pkgs/applications/editors/vscode/generic.nix +++ b/pkgs/applications/editors/vscode/generic.nix @@ -72,7 +72,7 @@ let ++ lib.optionals stdenv.isLinux [ autoPatchelfHook nodePackages.asar - (wrapGAppsHook.override { makeBinaryWrapper = makeWrapper; }) + (wrapGAppsHook.override { inherit makeWrapper; }) ]; dontBuild = true; diff --git a/pkgs/applications/emulators/wine/base.nix b/pkgs/applications/emulators/wine/base.nix index 47852d69e3b..7788b13b4ec 100644 --- a/pkgs/applications/emulators/wine/base.nix +++ b/pkgs/applications/emulators/wine/base.nix @@ -175,9 +175,7 @@ stdenv.mkDerivation ((lib.optionalAttrs (buildScript != null) { done ''; - # Until https://github.com/NixOS/nixpkgs/pull/172617 is applied, - # parallel builds do not always work because of a bug in dlltool. - enableParallelBuilding = false; + enableParallelBuilding = true; # https://bugs.winehq.org/show_bug.cgi?id=43530 # https://github.com/NixOS/nixpkgs/issues/31989 diff --git a/pkgs/applications/networking/browsers/brave/default.nix b/pkgs/applications/networking/browsers/brave/default.nix index a0f15253d6a..2983ced459f 100644 --- a/pkgs/applications/networking/browsers/brave/default.nix +++ b/pkgs/applications/networking/browsers/brave/default.nix @@ -104,7 +104,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ dpkg - (wrapGAppsHook.override { makeBinaryWrapper = makeWrapper; }) + (wrapGAppsHook.override { inherit makeWrapper; }) ]; buildInputs = [ diff --git a/pkgs/applications/networking/browsers/firefox/common.nix b/pkgs/applications/networking/browsers/firefox/common.nix index b2008a201d3..217b4e32388 100644 --- a/pkgs/applications/networking/browsers/firefox/common.nix +++ b/pkgs/applications/networking/browsers/firefox/common.nix @@ -68,6 +68,7 @@ , xorg , zip , zlib +, pkgsBuildBuild # optionals @@ -142,16 +143,21 @@ let # Target the LLVM version that rustc is built with for LTO. llvmPackages0 = rustc.llvmPackages; + llvmPackagesBuildBuild0 = pkgsBuildBuild.rustc.llvmPackages; # Force the use of lld and other llvm tools for LTO llvmPackages = llvmPackages0.override { bootBintoolsNoLibc = null; bootBintools = null; }; + llvmPackagesBuildBuild = llvmPackagesBuildBuild0.override { + bootBintoolsNoLibc = null; + bootBintools = null; + }; # LTO requires LLVM bintools including ld.lld and llvm-ar. buildStdenv = overrideCC llvmPackages.stdenv (llvmPackages.stdenv.cc.override { - inherit (llvmPackages) bintools; + bintools = if ltoSupport then buildPackages.rustc.llvmPackages.bintools else stdenv.cc.bintools; }); # Compile the wasm32 sysroot to build the RLBox Sandbox @@ -217,10 +223,15 @@ buildStdenv.mkDerivation ({ # two patches. patchFlags = [ "-p1" "-l" ]; + # if not explicitly set, wrong cc from buildStdenv would be used + HOST_CC = "${llvmPackagesBuildBuild.stdenv.cc}/bin/cc"; + HOST_CXX = "${llvmPackagesBuildBuild.stdenv.cc}/bin/c++"; + nativeBuildInputs = [ autoconf cargo - llvmPackages.llvm # llvm-objdump + gnum4 + llvmPackagesBuildBuild.bintools makeWrapper nodejs perl @@ -302,6 +313,9 @@ buildStdenv.mkDerivation ({ export MOZILLA_OFFICIAL=1 ''; + # firefox has a different definition of configurePlatforms from nixpkgs, see configureFlags + configurePlatforms = [ ]; + configureFlags = [ "--disable-tests" "--disable-updater" @@ -309,7 +323,7 @@ buildStdenv.mkDerivation ({ "--enable-default-toolkit=cairo-gtk3${lib.optionalString waylandSupport "-wayland"}" "--enable-system-pixman" "--with-distribution-id=org.nixos" - "--with-libclang-path=${llvmPackages.libclang.lib}/lib" + "--with-libclang-path=${llvmPackagesBuildBuild.libclang.lib}/lib" "--with-system-ffi" "--with-system-icu" "--with-system-jpeg" @@ -320,6 +334,9 @@ buildStdenv.mkDerivation ({ "--with-system-png" # needs APNG support "--with-system-webp" "--with-system-zlib" + # for firefox, host is buildPlatform, target is hostPlatform + "--host=${buildStdenv.buildPlatform.config}" + "--target=${buildStdenv.hostPlatform.config}" ] # LTO is done using clang and lld on Linux. ++ lib.optionals ltoSupport [ @@ -362,7 +379,6 @@ buildStdenv.mkDerivation ({ fontconfig freetype glib - gnum4 gtk3 icu libffi diff --git a/pkgs/applications/networking/browsers/firefox/wrapper.nix b/pkgs/applications/networking/browsers/firefox/wrapper.nix index 2efd9422328..6d93629e718 100644 --- a/pkgs/applications/networking/browsers/firefox/wrapper.nix +++ b/pkgs/applications/networking/browsers/firefox/wrapper.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, makeDesktopItem, makeWrapper, lndir, config +{ stdenv, lib, makeDesktopItem, makeWrapper, makeBinaryWrapper, lndir, config , fetchurl, zip, unzip, jq, xdg-utils, writeText ## various stuff that can be plugged in @@ -231,7 +231,7 @@ let # Symbolic link: wrap the link's target. oldExe="$(readlink -v --canonicalize-existing "$executablePath")" rm "$executablePath" - elif wrapperCmd=$(strings -dw "$executablePath" | sed -n '/^makeCWrapper/,/^$/ p'); [[ $wrapperCmd ]]; then + elif wrapperCmd=$(${makeBinaryWrapper.extractCmd} "$executablePath"); [[ $wrapperCmd ]]; then # If the executable is a binary wrapper, we need to update its target to # point to $out, but we can't just edit the binary in-place because of length # issues. So we extract the command used to create the wrapper and add the @@ -239,10 +239,7 @@ let parseMakeCWrapperCall() { shift # makeCWrapper oldExe=$1; shift - for arg do case $arg in - --inherit-argv0) oldWrapperArgs+=(--argv0 '$0');; # makeWrapper doesn't understand --inherit-argv0 - *) oldWrapperArgs+=("$arg");; - esac done + oldWrapperArgs=("$@") } eval "parseMakeCWrapperCall ''${wrapperCmd//"${browser}"/"$out"}" rm "$executablePath" diff --git a/pkgs/applications/networking/instant-messengers/discord/linux.nix b/pkgs/applications/networking/instant-messengers/discord/linux.nix index f5d984bf3a6..b960caa64d8 100644 --- a/pkgs/applications/networking/instant-messengers/discord/linux.nix +++ b/pkgs/applications/networking/instant-messengers/discord/linux.nix @@ -1,5 +1,5 @@ { pname, version, src, meta, binaryName, desktopName, autoPatchelfHook -, makeDesktopItem, lib, stdenv, wrapGAppsHook, makeWrapper, alsa-lib, at-spi2-atk +, makeDesktopItem, lib, stdenv, wrapGAppsHook, makeShellWrapper, alsa-lib, at-spi2-atk , at-spi2-core, atk, cairo, cups, dbus, expat, fontconfig, freetype, gdk-pixbuf , glib, gtk3, libcxx, libdrm, libnotify, libpulseaudio, libuuid, libX11 , libXScrnSaver, libXcomposite, libXcursor, libXdamage, libXext, libXfixes @@ -24,7 +24,8 @@ stdenv.mkDerivation rec { libxshmfence mesa nss - (wrapGAppsHook.override { makeBinaryWrapper = makeWrapper; }) + wrapGAppsHook + makeShellWrapper ]; dontWrapGApps = true; @@ -78,7 +79,7 @@ stdenv.mkDerivation rec { patchelf --set-interpreter ${stdenv.cc.bintools.dynamicLinker} \ $out/opt/${binaryName}/${binaryName} - wrapProgram $out/opt/${binaryName}/${binaryName} \ + wrapProgramShell $out/opt/${binaryName}/${binaryName} \ "''${gappsWrapperArgs[@]}" \ --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform --ozone-platform=wayland}}" \ --prefix XDG_DATA_DIRS : "${gtk3}/share/gsettings-schemas/${gtk3.name}/" \ diff --git a/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix b/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix index d63c87ee5da..537f78fbcad 100644 --- a/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix +++ b/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix @@ -40,7 +40,7 @@ in stdenv.mkDerivation rec { nativeBuildInputs = [ autoPatchelfHook dpkg - (wrapGAppsHook.override { makeBinaryWrapper = makeWrapper; }) + (wrapGAppsHook.override { inherit makeWrapper; }) ]; buildInputs = [ diff --git a/pkgs/applications/science/logic/tlaplus/toolbox.nix b/pkgs/applications/science/logic/tlaplus/toolbox.nix index d84f0b2abf6..3c53e66c8bd 100644 --- a/pkgs/applications/science/logic/tlaplus/toolbox.nix +++ b/pkgs/applications/science/logic/tlaplus/toolbox.nix @@ -1,6 +1,6 @@ { lib , fetchzip -, makeWrapper +, makeShellWrapper , makeDesktopItem , stdenv , gtk3 @@ -35,8 +35,8 @@ stdenv.mkDerivation rec { buildInputs = [ gtk3 ]; nativeBuildInputs = [ - makeWrapper - (wrapGAppsHook.override { makeBinaryWrapper = makeWrapper; }) + makeShellWrapper + wrapGAppsHook ]; dontWrapGApps = true; @@ -64,7 +64,7 @@ stdenv.mkDerivation rec { --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \ "$(find "$out/toolbox" -name jspawnhelper)" - makeWrapper $out/toolbox/toolbox $out/bin/tla-toolbox \ + makeShellWrapper $out/toolbox/toolbox $out/bin/tla-toolbox \ --chdir "$out/toolbox" \ --add-flags "-data ~/.tla-toolbox" \ --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ gtk3 libXtst glib zlib ]}" \ diff --git a/pkgs/applications/video/mpv/wrapper.nix b/pkgs/applications/video/mpv/wrapper.nix index 28414c3756d..3dfe83e2449 100644 --- a/pkgs/applications/video/mpv/wrapper.nix +++ b/pkgs/applications/video/mpv/wrapper.nix @@ -32,7 +32,7 @@ let # All arguments besides the input and output binaries (${mpv}/bin/mpv and # $out/bin/mpv). These are used by the darwin specific makeWrapper call # used to wrap $out/Applications/mpv.app/Contents/MacOS/mpv as well. - mostMakeWrapperArgs = lib.strings.escapeShellArgs ([ "--argv0" "'$0'" + mostMakeWrapperArgs = lib.strings.escapeShellArgs ([ "--inherit-argv0" # These are always needed (TODO: Explain why) "--prefix" "LUA_CPATH" ";" "${mpv.luaEnv}/lib/lua/${mpv.lua.luaversion}/?.so" "--prefix" "LUA_PATH" ";" "${mpv.luaEnv}/share/lua/${mpv.lua.luaversion}/?.lua" @@ -53,7 +53,7 @@ let )) ++ extraMakeWrapperArgs) ; umpvWrapperArgs = lib.strings.escapeShellArgs ([ - "--argv0" "'$0'" + "--inherit-argv0" "--set" "MPV" "${placeholder "out"}/bin/mpv" ] ++ extraUmpvWrapperArgs) ; diff --git a/pkgs/build-support/bintools-wrapper/default.nix b/pkgs/build-support/bintools-wrapper/default.nix index 6b15aa0ddaf..4c2a13da015 100644 --- a/pkgs/build-support/bintools-wrapper/default.nix +++ b/pkgs/build-support/bintools-wrapper/default.nix @@ -184,40 +184,6 @@ stdenv.mkDerivation { done ''; - emulation = let - fmt = - /**/ if targetPlatform.isDarwin then "mach-o" - else if targetPlatform.isWindows then "pe" - else "elf" + toString targetPlatform.parsed.cpu.bits; - endianPrefix = if targetPlatform.isBigEndian then "big" else "little"; - sep = optionalString (!targetPlatform.isMips && !targetPlatform.isPower && !targetPlatform.isRiscV) "-"; - arch = - /**/ if targetPlatform.isAarch64 then endianPrefix + "aarch64" - else if targetPlatform.isAarch32 then endianPrefix + "arm" - else if targetPlatform.isx86_64 then "x86-64" - else if targetPlatform.isx86_32 then "i386" - else if targetPlatform.isMips then { - mips = "btsmipn32"; # n32 variant - mipsel = "ltsmipn32"; # n32 variant - mips64 = "btsmip"; - mips64el = "ltsmip"; - }.${targetPlatform.parsed.cpu.name} - else if targetPlatform.isMmix then "mmix" - else if targetPlatform.isPower then if targetPlatform.isBigEndian then "ppc" else "lppc" - else if targetPlatform.isSparc then "sparc" - else if targetPlatform.isMsp430 then "msp430" - else if targetPlatform.isAvr then "avr" - else if targetPlatform.isAlpha then "alpha" - else if targetPlatform.isVc4 then "vc4" - else if targetPlatform.isOr1k then "or1k" - else if targetPlatform.isM68k then "m68k" - else if targetPlatform.isS390 then "s390" - else if targetPlatform.isRiscV then "lriscv" - else if targetPlatform.isRx then "rx" - else throw "unknown emulation for platform: ${targetPlatform.config}"; - in if targetPlatform.useLLVM or false then "" - else targetPlatform.bfdEmulation or (fmt + sep + arch); - strictDeps = true; depsTargetTargetPropagated = extraPackages; diff --git a/pkgs/build-support/bintools-wrapper/ld-wrapper.sh b/pkgs/build-support/bintools-wrapper/ld-wrapper.sh index fb01c5096d5..f8bddabbc68 100644 --- a/pkgs/build-support/bintools-wrapper/ld-wrapper.sh +++ b/pkgs/build-support/bintools-wrapper/ld-wrapper.sh @@ -93,11 +93,6 @@ if [ -e @out@/nix-support/add-local-ldflags-before.sh ]; then fi -# Specify the target emulation if nothing is passed in ("-m" overrides this -# environment variable). Ensures we never blindly fallback on targeting the host -# platform. -: ${LDEMULATION:=@emulation@} - # Three tasks: # # 1. Find all -L... switches for rpath diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index 3738f628b18..ac6257220fd 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -14,6 +14,7 @@ , nativeTools, noLibc ? false, nativeLibc, nativePrefix ? "" , propagateDoc ? cc != null && cc ? man , extraTools ? [], extraPackages ? [], extraBuildCommands ? "" +, nixSupport ? {} , isGNU ? false, isClang ? cc.isClang or false, gnugrep ? null , buildPackages ? {} , libcxx ? null @@ -155,6 +156,8 @@ stdenv.mkDerivation { (setenv "NIX_CFLAGS_COMPILE_${suffixSalt}" (concat (getenv "NIX_CFLAGS_COMPILE_${suffixSalt}") " -isystem " arg "/include")))) '(${concatStringsSep " " (map (pkg: "\"${pkg}\"") pkgs)})) ''; + + inherit nixSupport; }; dontBuild = true; @@ -521,7 +524,11 @@ stdenv.mkDerivation { ## ## Extra custom steps ## - + extraBuildCommands; + + extraBuildCommands + + lib.strings.concatStringsSep "; " + (lib.attrsets.mapAttrsToList + (name: value: "echo ${toString value} >> $out/nix-support/${name}") + nixSupport); inherit expand-response-params; diff --git a/pkgs/build-support/setup-hooks/make-binary-wrapper/default.nix b/pkgs/build-support/setup-hooks/make-binary-wrapper/default.nix new file mode 100644 index 00000000000..34bed3bb297 --- /dev/null +++ b/pkgs/build-support/setup-hooks/make-binary-wrapper/default.nix @@ -0,0 +1,26 @@ +{ stdenv +, lib +, makeSetupHook +, dieHook +, writeShellScript +, tests +, cc ? stdenv.cc +, sanitizers ? [] +}: + +makeSetupHook { + deps = [ dieHook ] + # https://github.com/NixOS/nixpkgs/issues/148189 + ++ lib.optional (stdenv.isDarwin && stdenv.isAarch64) cc; + + substitutions = { + cc = "${cc}/bin/cc ${lib.escapeShellArgs (map (s: "-fsanitize=${s}") sanitizers)}"; + + # Extract the function call used to create a binary wrapper from its embedded docstring + passthru.extractCmd = writeShellScript "extract-binary-wrapper-cmd" '' + strings -dw "$1" | sed -n '/^makeCWrapper/,/^$/ p' + ''; + + passthru.tests = tests.makeBinaryWrapper; + }; +} ./make-binary-wrapper.sh diff --git a/pkgs/build-support/setup-hooks/make-binary-wrapper.sh b/pkgs/build-support/setup-hooks/make-binary-wrapper/make-binary-wrapper.sh index 3931b37c242..6b8f5d60eb6 100644 --- a/pkgs/build-support/setup-hooks/make-binary-wrapper.sh +++ b/pkgs/build-support/setup-hooks/make-binary-wrapper/make-binary-wrapper.sh @@ -15,24 +15,25 @@ assertExecutable() { # makeWrapper EXECUTABLE OUT_PATH ARGS # ARGS: -# --argv0 NAME : set name of executed process to NAME -# (otherwise it’s called …-wrapped) +# --argv0 NAME : set the name of the executed process to NAME +# (if unset or empty, defaults to EXECUTABLE) # --inherit-argv0 : the executable inherits argv0 from the wrapper. # (use instead of --argv0 '$0') -# --set VAR VAL : add VAR with value VAL to the executable’s -# environment +# --set VAR VAL : add VAR with value VAL to the executable's environment # --set-default VAR VAL : like --set, but only adds VAR if not already set in # the environment # --unset VAR : remove VAR from the environment # --chdir DIR : change working directory (use instead of --run "cd DIR") # --add-flags FLAGS : add FLAGS to invocation of executable +# TODO(@ncfavier): --append-flags # --prefix ENV SEP VAL : suffix/prefix ENV with VAL, separated by SEP # --suffix # To troubleshoot a binary wrapper after you compiled it, # use the `strings` command or open the binary file in a text editor. -makeWrapper() { +makeWrapper() { makeBinaryWrapper "$@"; } +makeBinaryWrapper() { local NIX_CFLAGS_COMPILE= NIX_CFLAGS_LINK= local original="$1" local wrapper="$2" @@ -43,7 +44,7 @@ makeWrapper() { mkdir -p "$(dirname "$wrapper")" makeDocumentedCWrapper "$original" "$@" | \ - @CC@ \ + @cc@ \ -Wall -Werror -Wpedantic \ -Wno-overlength-strings \ -Os \ @@ -52,7 +53,8 @@ makeWrapper() { } # Syntax: wrapProgram <PROGRAM> <MAKE-WRAPPER FLAGS...> -wrapProgram() { +wrapProgram() { wrapProgramBinary "$@"; } +wrapProgramBinary() { local prog="$1" local hidden @@ -63,8 +65,6 @@ wrapProgram() { hidden="${hidden}_" done mv "$prog" "$hidden" - # Silence warning about unexpanded $0: - # shellcheck disable=SC2016 makeWrapper "$hidden" "$prog" --inherit-argv0 "${@:2}" } @@ -311,8 +311,9 @@ void set_env_suffix(char *env, char *sep, char *suffix) { " } -# Embed a C string which shows up as readable text in the compiled binary wrapper -# documentationString ARGS +# Embed a C string which shows up as readable text in the compiled binary wrapper, +# giving instructions for recreating the wrapper. +# Keep in sync with makeBinaryWrapper.extractCmd docstring() { printf '%s' "const char * DOCSTRING = \"$(escapeStringLiteral " @@ -333,7 +334,7 @@ makeCWrapper $(formatArgs "$@") # formatArgs EXECUTABLE ARGS formatArgs() { - printf '%s' "$1" + printf '%s' "${1@Q}" shift while [ $# -gt 0 ]; do case "$1" in diff --git a/pkgs/build-support/setup-hooks/make-wrapper.sh b/pkgs/build-support/setup-hooks/make-wrapper.sh index 7d598956168..8a38c39efc4 100644 --- a/pkgs/build-support/setup-hooks/make-wrapper.sh +++ b/pkgs/build-support/setup-hooks/make-wrapper.sh @@ -11,16 +11,18 @@ assertExecutable() { # makeWrapper EXECUTABLE OUT_PATH ARGS # ARGS: -# --argv0 NAME : set name of executed process to NAME -# (otherwise it’s called …-wrapped) -# --set VAR VAL : add VAR with value VAL to the executable’s -# environment +# --argv0 NAME : set the name of the executed process to NAME +# (if unset or empty, defaults to EXECUTABLE) +# --inherit-argv0 : the executable inherits argv0 from the wrapper. +# (use instead of --argv0 '$0') +# --set VAR VAL : add VAR with value VAL to the executable's environment # --set-default VAR VAL : like --set, but only adds VAR if not already set in # the environment # --unset VAR : remove VAR from the environment # --chdir DIR : change working directory (use instead of --run "cd DIR") # --run COMMAND : run command before the executable # --add-flags FLAGS : add FLAGS to invocation of executable +# TODO(@ncfavier): --append-flags # --prefix ENV SEP VAL : suffix/prefix ENV with VAL, separated by SEP # --suffix @@ -29,7 +31,8 @@ assertExecutable() { # --prefix-contents ENV SEP FILES : like --suffix-each, but contents of FILES # are read first and used as VALS # --suffix-contents -makeWrapper() { +makeWrapper() { makeShellWrapper "$@"; } +makeShellWrapper() { local original="$1" local wrapper="$2" local params varName value command separator n fileNames @@ -165,6 +168,9 @@ makeWrapper() { elif [[ "$p" == "--argv0" ]]; then argv0="${params[$((n + 1))]}" n=$((n + 1)) + elif [[ "$p" == "--inherit-argv0" ]]; then + # Whichever comes last of --argv0 and --inherit-argv0 wins + argv0='$0' else die "makeWrapper doesn't understand the arg $p" fi @@ -193,7 +199,8 @@ filterExisting() { } # Syntax: wrapProgram <PROGRAM> <MAKE-WRAPPER FLAGS...> -wrapProgram() { +wrapProgram() { wrapProgramShell "$@"; } +wrapProgramShell() { local prog="$1" local hidden @@ -204,7 +211,5 @@ wrapProgram() { hidden="${hidden}_" done mv "$prog" "$hidden" - # Silence warning about unexpanded $0: - # shellcheck disable=SC2016 - makeWrapper "$hidden" "$prog" --argv0 '$0' "${@:2}" + makeWrapper "$hidden" "$prog" --inherit-argv0 "${@:2}" } diff --git a/pkgs/build-support/setup-hooks/wrap-gapps-hook/default.nix b/pkgs/build-support/setup-hooks/wrap-gapps-hook/default.nix index 8c10f67c152..d7699b2557f 100644 --- a/pkgs/build-support/setup-hooks/wrap-gapps-hook/default.nix +++ b/pkgs/build-support/setup-hooks/wrap-gapps-hook/default.nix @@ -1,7 +1,7 @@ { stdenv , lib , makeSetupHook -, makeBinaryWrapper +, makeWrapper , gobject-introspection , isGraphical ? true , gtk3 @@ -34,7 +34,7 @@ makeSetupHook { ] ++ [ # We use the wrapProgram function. - makeBinaryWrapper + makeWrapper ]; substitutions = { passthru.tests = let diff --git a/pkgs/development/compilers/llvm/14/default.nix b/pkgs/development/compilers/llvm/14/default.nix index 4e5e85684a2..b18b558d5b8 100644 --- a/pkgs/development/compilers/llvm/14/default.nix +++ b/pkgs/development/compilers/llvm/14/default.nix @@ -158,16 +158,17 @@ let ] ++ lib.optionals (!stdenv.targetPlatform.isWasm) [ targetLlvmLibraries.libunwind ]; - extraBuildCommands = '' - echo "-rtlib=compiler-rt -Wno-unused-command-line-argument" >> $out/nix-support/cc-cflags - echo "-B${targetLlvmLibraries.compiler-rt}/lib" >> $out/nix-support/cc-cflags - '' + lib.optionalString (!stdenv.targetPlatform.isWasm) '' - echo "--unwindlib=libunwind" >> $out/nix-support/cc-cflags - '' + lib.optionalString (!stdenv.targetPlatform.isWasm && stdenv.targetPlatform.useLLVM or false) '' - echo "-lunwind" >> $out/nix-support/cc-ldflags - '' + lib.optionalString stdenv.targetPlatform.isWasm '' - echo "-fno-exceptions" >> $out/nix-support/cc-cflags - '' + mkExtraBuildCommands cc; + extraBuildCommands = mkExtraBuildCommands cc; + nixSupport.cc-cflags = + [ "-rtlib=compiler-rt" + "-Wno-unused-command-line-argument" + "-B${targetLlvmLibraries.compiler-rt}/lib" + ] + ++ lib.optional (!stdenv.targetPlatform.isWasm) "--unwindlib=libunwind" + ++ lib.optional + (!stdenv.targetPlatform.isWasm && stdenv.targetPlatform.useLLVM or false) + "-lunwind" + ++ lib.optional stdenv.targetPlatform.isWasm "-fno-exceptions"; }; clangNoLibcxx = wrapCCWith rec { @@ -177,11 +178,12 @@ let extraPackages = [ targetLlvmLibraries.compiler-rt ]; - extraBuildCommands = '' - echo "-rtlib=compiler-rt" >> $out/nix-support/cc-cflags - echo "-B${targetLlvmLibraries.compiler-rt}/lib" >> $out/nix-support/cc-cflags - echo "-nostdlib++" >> $out/nix-support/cc-cflags - '' + mkExtraBuildCommands cc; + extraBuildCommands = mkExtraBuildCommands cc; + nixSupport.cc-cflags = [ + "-rtlib=compiler-rt" + "-B${targetLlvmLibraries.compiler-rt}/lib" + "-nostdlib++" + ]; }; clangNoLibc = wrapCCWith rec { @@ -191,10 +193,11 @@ let extraPackages = [ targetLlvmLibraries.compiler-rt ]; - extraBuildCommands = '' - echo "-rtlib=compiler-rt" >> $out/nix-support/cc-cflags - echo "-B${targetLlvmLibraries.compiler-rt}/lib" >> $out/nix-support/cc-cflags - '' + mkExtraBuildCommands cc; + extraBuildCommands = mkExtraBuildCommands cc; + nixSupport.cc-cflags = [ + "-rtlib=compiler-rt" + "-B${targetLlvmLibraries.compiler-rt}/lib" + ]; }; clangNoCompilerRt = wrapCCWith rec { @@ -202,9 +205,8 @@ let libcxx = null; bintools = bintoolsNoLibc'; extraPackages = [ ]; - extraBuildCommands = '' - echo "-nostartfiles" >> $out/nix-support/cc-cflags - '' + mkExtraBuildCommands0 cc; + extraBuildCommands = mkExtraBuildCommands0 cc; + nixSupport.cc-cflags = [ "-nostartfiles" ]; }; clangNoCompilerRtWithLibc = wrapCCWith rec { diff --git a/pkgs/development/compilers/rust/1_60.nix b/pkgs/development/compilers/rust/1_60.nix index 0153b5d23a9..16f8512952d 100644 --- a/pkgs/development/compilers/rust/1_60.nix +++ b/pkgs/development/compilers/rust/1_60.nix @@ -33,7 +33,7 @@ import ./default.nix { llvmShared = llvm_14.override { enableSharedLibraries = true; }; # Expose llvmPackages used for rustc from rustc via passthru for LTO in Firefox - llvmPackagesForBuild = pkgsBuildBuild.llvmPackages_14; + llvmPackages = llvmPackages_14; # Note: the version MUST be one version prior to the version we're # building diff --git a/pkgs/development/compilers/rust/default.nix b/pkgs/development/compilers/rust/default.nix index 6dfc8a49063..6c579373f5d 100644 --- a/pkgs/development/compilers/rust/default.nix +++ b/pkgs/development/compilers/rust/default.nix @@ -10,7 +10,7 @@ , llvmSharedForBuild , llvmSharedForHost , llvmSharedForTarget -, llvmPackagesForBuild # Exposed through rustc for LTO in Firefox +, llvmPackages # Exposed through rustc for LTO in Firefox }: { stdenv, lib , buildPackages @@ -64,7 +64,7 @@ in version = rustcVersion; sha256 = rustcSha256; inherit enableRustcDev; - inherit llvmShared llvmSharedForBuild llvmSharedForHost llvmSharedForTarget llvmPackagesForBuild; + inherit llvmShared llvmSharedForBuild llvmSharedForHost llvmSharedForTarget llvmPackages; patches = rustcPatches; diff --git a/pkgs/development/compilers/rust/rustc.nix b/pkgs/development/compilers/rust/rustc.nix index 1087ac05908..d167cf91c36 100644 --- a/pkgs/development/compilers/rust/rustc.nix +++ b/pkgs/development/compilers/rust/rustc.nix @@ -1,5 +1,5 @@ { lib, stdenv, removeReferencesTo, pkgsBuildBuild, pkgsBuildHost, pkgsBuildTarget -, llvmShared, llvmSharedForBuild, llvmSharedForHost, llvmSharedForTarget, llvmPackagesForBuild +, llvmShared, llvmSharedForBuild, llvmSharedForHost, llvmSharedForTarget, llvmPackages , fetchurl, file, python3 , darwin, cmake, rust, rustPlatform , pkg-config, openssl @@ -179,7 +179,7 @@ in stdenv.mkDerivation rec { passthru = { llvm = llvmShared; - llvmPackages = llvmPackagesForBuild; + inherit llvmPackages; }; meta = with lib; { diff --git a/pkgs/development/interpreters/lua-5/default.nix b/pkgs/development/interpreters/lua-5/default.nix index 3e36f77dab4..5230a46afef 100644 --- a/pkgs/development/interpreters/lua-5/default.nix +++ b/pkgs/development/interpreters/lua-5/default.nix @@ -1,10 +1,11 @@ # similar to interpreters/python/default.nix -{ stdenv, lib, callPackage, fetchurl, fetchpatch }: +{ stdenv, lib, callPackage, fetchurl, fetchpatch, makeBinaryWrapper }: rec { lua5_4 = callPackage ./interpreter.nix { sourceVersion = { major = "5"; minor = "4"; patch = "3"; }; hash = "1yxvjvnbg4nyrdv10bq42gz6dr66pyan28lgzfygqfwy2rv24qgq"; + makeWrapper = makeBinaryWrapper; patches = lib.optional stdenv.isDarwin ./5.4.darwin.patch; }; @@ -16,6 +17,7 @@ rec { lua5_3 = callPackage ./interpreter.nix { sourceVersion = { major = "5"; minor = "3"; patch = "6"; }; hash = "0q3d8qhd7p0b7a4mh9g7fxqksqfs6mr1nav74vq26qvkp2dxcpzw"; + makeWrapper = makeBinaryWrapper; patches = lib.optionals stdenv.isDarwin [ ./5.2.darwin.patch ]; @@ -29,6 +31,7 @@ rec { lua5_2 = callPackage ./interpreter.nix { sourceVersion = { major = "5"; minor = "2"; patch = "4"; }; hash = "0jwznq0l8qg9wh5grwg07b5cy3lzngvl5m2nl1ikp6vqssmf9qmr"; + makeWrapper = makeBinaryWrapper; patches = lib.optional stdenv.isDarwin ./5.2.darwin.patch; }; @@ -40,6 +43,7 @@ rec { lua5_1 = callPackage ./interpreter.nix { sourceVersion = { major = "5"; minor = "1"; patch = "5"; }; hash = "2640fc56a795f29d28ef15e13c34a47e223960b0240e8cb0a82d9b0738695333"; + makeWrapper = makeBinaryWrapper; patches = (lib.optional stdenv.isDarwin ./5.1.darwin.patch) ++ [ ./CVE-2014-5461.patch ]; }; diff --git a/pkgs/development/interpreters/lua-5/interpreter.nix b/pkgs/development/interpreters/lua-5/interpreter.nix index de61714f242..1fb56851ce5 100644 --- a/pkgs/development/interpreters/lua-5/interpreter.nix +++ b/pkgs/development/interpreters/lua-5/interpreter.nix @@ -126,6 +126,7 @@ self = stdenv.mkDerivation rec { passthru = rec { buildEnv = callPackage ./wrapper.nix { lua = self; + inherit makeWrapper; inherit (luaPackages) requiredLuaModules; }; withPackages = import ./with-packages.nix { inherit buildEnv luaPackages;}; diff --git a/pkgs/development/libraries/gtk/3.x.nix b/pkgs/development/libraries/gtk/3.x.nix index 5e0dcf6ce03..a2b4aed108b 100644 --- a/pkgs/development/libraries/gtk/3.x.nix +++ b/pkgs/development/libraries/gtk/3.x.nix @@ -1,7 +1,7 @@ { lib , stdenv , substituteAll -, fetchurl +, fetchzip , pkg-config , gettext , docbook-xsl-nons @@ -60,7 +60,7 @@ in stdenv.mkDerivation rec { pname = "gtk+3"; - version = "3.24.33"; + version = "3.24.33-2022-03-11"; outputs = [ "out" "dev" ] ++ lib.optional withGtkDoc "devdoc"; outputBin = "dev"; @@ -70,9 +70,9 @@ stdenv.mkDerivation rec { gtkCleanImmodulesCache ]; - src = fetchurl { - url = "mirror://gnome/sources/gtk+/${lib.versions.majorMinor version}/gtk+-${version}.tar.xz"; - sha256 = "sha256-WIsGUi4l0VeemJtvnYob2/L+E83gGgTpBP80aiJeeAE="; + src = fetchzip { + url = "https://gitlab.gnome.org/GNOME/gtk/-/archive/9d1d2f0a6643570274121fc1473e46a6edc2e32d/gtk-9d1d2f0a6643570274121fc1473e46a6edc2e32d.tar.gz"; + sha256 = "sha256-+K1Kp3Sklrj/Ly0pSktfQwfcrIKpbf05NQbMDhWJZNI="; }; patches = [ @@ -201,6 +201,8 @@ stdenv.mkDerivation rec { for f in $dev/bin/gtk-encode-symbolic-svg; do wrapProgram $f --prefix XDG_DATA_DIRS : "${shared-mime-info}/share" done + '' + lib.optionalString (stdenv.buildPlatform == stdenv.hostPlatform) '' + GTK_PATH="''${out:?}/lib/gtk-3.0/3.0.0/immodules/" ''${dev:?}/bin/gtk-query-immodules-3.0 > "''${out:?}/lib/gtk-3.0/3.0.0/immodules.cache" ''; # Wrap demos diff --git a/pkgs/development/libraries/libqrtr-glib/default.nix b/pkgs/development/libraries/libqrtr-glib/default.nix index 29097710a69..aefc61f1ccf 100644 --- a/pkgs/development/libraries/libqrtr-glib/default.nix +++ b/pkgs/development/libraries/libqrtr-glib/default.nix @@ -20,6 +20,12 @@ stdenv.mkDerivation rec { sha256 = "MNh5sq3m+PRh3vOmd3VdtcAji6v2iNXIPAOz5qvjXO4="; }; + strictDeps = true; + + depsBuildBuild = [ + pkg-config + ]; + nativeBuildInputs = [ pkg-config gobject-introspection @@ -32,7 +38,7 @@ stdenv.mkDerivation rec { glib ]; - configureFlags = [ + configureFlags = lib.optionals (stdenv.buildPlatform == stdenv.hostPlatform) [ "--enable-gtk-doc" ]; diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix index 4ecfc569ae1..c57aa560fc2 100644 --- a/pkgs/development/libraries/openldap/default.nix +++ b/pkgs/development/libraries/openldap/default.nix @@ -1,33 +1,48 @@ -{ lib, stdenv, fetchurl, openssl, db, groff, libtool, libsodium -, withCyrusSasl ? true +{ lib +, stdenv +, fetchurl + +# dependencies , cyrus_sasl +, db +, groff +, libsodium +, libtool +, openssl +, systemdMinimal }: stdenv.mkDerivation rec { pname = "openldap"; - version = "2.4.58"; + version = "2.6.2"; src = fetchurl { url = "https://www.openldap.org/software/download/OpenLDAP/openldap-release/${pname}-${version}.tgz"; - sha256 = "sha256-V7WSVL4V0L9qmrPVFMHAV3ewISMpFTMTSofJRGj49Hs="; + hash = "sha256-gdCTRSMutiSG7PWsrNLFbAxFtKbIwGZhLn9CGiOhz4c"; }; # TODO: separate "out" and "bin" - outputs = [ "out" "dev" "man" "devdoc" ]; + outputs = [ + "out" + "dev" + "man" + "devdoc" + ]; enableParallelBuilding = true; - nativeBuildInputs = [ groff ]; - - buildInputs = [ openssl cyrus_sasl db libsodium libtool ]; + nativeBuildInputs = [ + groff + ]; - # Disable install stripping as it breaks cross-compiling. - # We strip binaries anyway in fixupPhase. - makeFlags= [ - "STRIP=" - "prefix=$(out)" - "moduledir=$(out)/lib/modules" - "CC=${stdenv.cc.targetPrefix}cc" + buildInputs = [ + cyrus_sasl + db + libsodium + libtool + openssl + ] ++ lib.optionals (stdenv.isLinux) [ + systemdMinimal ]; preConfigure = lib.optionalString (lib.versionAtLeast stdenv.hostPlatform.darwinMinVersion "11") '' @@ -35,56 +50,64 @@ stdenv.mkDerivation rec { ''; configureFlags = [ - "--enable-overlays" - "--disable-dependency-tracking" # speeds up one-time build - "--enable-modules" - "--sysconfdir=/etc" - "--localstatedir=/var" + "--enable-argon2" "--enable-crypt" + "--enable-modules" + "--enable-overlays" ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ "--with-yielding_select=yes" "ac_cv_func_memcmp_working=yes" - ] ++ lib.optional (!withCyrusSasl) "--without-cyrus-sasl" - ++ lib.optional stdenv.isFreeBSD "--with-pic"; + ] ++ lib.optional stdenv.isFreeBSD "--with-pic"; + + makeFlags= [ + "CC=${stdenv.cc.targetPrefix}cc" + "STRIP=" # Disable install stripping as it breaks cross-compiling. We strip binaries anyway in fixupPhase. + "prefix=${placeholder "out"}" + "sysconfdir=${placeholder "out"}/etc" + "systemdsystemunitdir=${placeholder "out"}/lib/systemd/system" + # contrib modules require these + "moduledir=${placeholder "out"}/lib/modules" + "mandir=${placeholder "out"}/share/man" + ] ++ lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [ + # Can be unconditional, doing it like this to prevent a mass rebuild. + "STRIP_OPTS=" + ]; + + extraContribModules = [ + # https://git.openldap.org/openldap/openldap/-/tree/master/contrib/slapd-modules + "passwd/sha2" + "passwd/pbkdf2" + "passwd/totp" + ]; postBuild = '' - make $makeFlags CC=$CC -C contrib/slapd-modules/passwd/sha2 - make $makeFlags CC=$CC -C contrib/slapd-modules/passwd/pbkdf2 - make $makeFlags CC=$CC -C contrib/slapd-modules/passwd/argon2 + for module in ${lib.concatStringsSep " " extraContribModules}; do + make $makeFlags CC=$CC -C contrib/slapd-modules/$module + done ''; - doCheck = false; # needs a running LDAP server + preCheck = '' + substituteInPlace tests/scripts/all \ + --replace "/bin/rm" "rm" + ''; - installFlags = [ - "sysconfdir=$(out)/etc" - "localstatedir=$(out)/var" - "moduledir=$(out)/lib/modules" - # The argon2 module hardcodes /usr/bin/install as the path for the - # `install` binary, which is overridden here. - "INSTALL=install" - ]; + doCheck = true; - # 1. Libraries left in the build location confuse `patchelf --shrink-rpath` - # Delete these to let patchelf discover the right path instead. - # FIXME: that one can be removed when https://github.com/NixOS/patchelf/pull/98 - # is in Nixpkgs patchelf. - # 2. Fixup broken libtool for openssl and cyrus_sasl (if it is not disabled) + # The directory is empty and serve no purpose. preFixup = '' rm -r $out/var - rm -r libraries/*/.libs - rm -r contrib/slapd-modules/passwd/*/.libs - for f in $out/lib/libldap.la $out/lib/libldap_r.la; do - substituteInPlace "$f" --replace '-lssl' '-L${lib.getLib openssl}/lib -lssl' - '' + lib.optionalString withCyrusSasl '' - substituteInPlace "$f" --replace '-lsasl2' '-L${cyrus_sasl.out}/lib -lsasl2' - '' + '' - done ''; + installFlags = [ + "prefix=${placeholder "out"}" + "moduledir=${placeholder "out"}/lib/modules" + "INSTALL=install" + ]; + postInstall = '' - make $installFlags install -C contrib/slapd-modules/passwd/sha2 - make $installFlags install -C contrib/slapd-modules/passwd/pbkdf2 - make $installFlags install-lib -C contrib/slapd-modules/passwd/argon2 + for module in ${lib.concatStringsSep " " extraContribModules}; do + make $installFlags install -C contrib/slapd-modules/$module + done chmod +x "$out"/lib/*.{so,dylib} ''; @@ -92,7 +115,7 @@ stdenv.mkDerivation rec { homepage = "https://www.openldap.org/"; description = "An open source implementation of the Lightweight Directory Access Protocol"; license = licenses.openldap; - maintainers = with maintainers; [ lovek323 ]; + maintainers = with maintainers; [ ajs124 das_j hexa ]; platforms = platforms.unix; }; } diff --git a/pkgs/development/python-modules/ldap/0001-Check-whether-libldap-is-threadsafe-on-startup.patch b/pkgs/development/python-modules/ldap/0001-Check-whether-libldap-is-threadsafe-on-startup.patch new file mode 100644 index 00000000000..f2b7812cf70 --- /dev/null +++ b/pkgs/development/python-modules/ldap/0001-Check-whether-libldap-is-threadsafe-on-startup.patch @@ -0,0 +1,94 @@ +From 3593e2c299c0ac0402f23d44cdbe8e6ff3687b68 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net> +Date: Thu, 27 Jan 2022 10:35:56 +0000 +Subject: [PATCH] Check whether libldap is threadsafe on startup. + +Closes #432 +--- + Lib/ldap/constants.py | 2 -- + Modules/constants.c | 10 ++++++++++ + setup.cfg | 6 ++++-- + setup.py | 1 - + 4 files changed, 14 insertions(+), 5 deletions(-) + +diff --git a/Lib/ldap/constants.py b/Lib/ldap/constants.py +index 1c1d76a..f76609b 100644 +--- a/Lib/ldap/constants.py ++++ b/Lib/ldap/constants.py +@@ -341,9 +341,7 @@ CONSTANTS = ( + # XXX - these should be errors + Int('URL_ERR_BADSCOPE'), + Int('URL_ERR_MEM'), +- # Int('LIBLDAP_R'), + +- Feature('LIBLDAP_R', 'HAVE_LIBLDAP_R'), + Feature('SASL_AVAIL', 'HAVE_SASL'), + Feature('TLS_AVAIL', 'HAVE_TLS'), + Feature('INIT_FD_AVAIL', 'HAVE_LDAP_INIT_FD'), +diff --git a/Modules/constants.c b/Modules/constants.c +index 07d6065..8d6f63b 100644 +--- a/Modules/constants.c ++++ b/Modules/constants.c +@@ -197,6 +197,8 @@ int + LDAPinit_constants(PyObject *m) + { + PyObject *exc, *nobj; ++ struct ldap_apifeature_info info = { 1, "X_OPENLDAP_THREAD_SAFE", 0 }; ++ int thread_safe = 0; + + /* simple constants */ + +@@ -221,6 +223,14 @@ LDAPinit_constants(PyObject *m) + return -1; + Py_INCREF(LDAPexception_class); + ++#ifdef LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE ++ if (ldap_get_option(NULL, LDAP_OPT_API_FEATURE_INFO, &info) == LDAP_SUCCESS) { ++ thread_safe = (info.ldapaif_version == 1); ++ } ++#endif ++ if (PyModule_AddIntConstant(m, "LIBLDAP_R", thread_safe) != 0) ++ return -1; ++ + /* Generated constants -- see Lib/ldap/constants.py */ + + #define add_err(n) do { \ +diff --git a/setup.cfg b/setup.cfg +index 2e372ba..a75f186 100644 +--- a/setup.cfg ++++ b/setup.cfg +@@ -5,7 +5,9 @@ license_file = LICENCE + defines = HAVE_SASL HAVE_TLS HAVE_LIBLDAP_R + extra_compile_args = + extra_objects = +-libs = ldap_r lber ++# Uncomment this if your libldap is not thread-safe and you need libldap_r ++# instead ++#libs = ldap_r lber + + [install] + compile = 1 +@@ -13,7 +15,7 @@ optimize = 1 + + [bdist_rpm] + provides = python-ldap +-requires = python libldap-2_4 ++requires = python libldap-2 + vendor = python-ldap project + packager = python-ldap team + distribution_name = openSUSE 11.x +diff --git a/setup.py b/setup.py +index 119b571..b193957 100644 +--- a/setup.py ++++ b/setup.py +@@ -132,7 +132,6 @@ setup( + extra_objects = LDAP_CLASS.extra_objects, + runtime_library_dirs = (not sys.platform.startswith("win"))*LDAP_CLASS.library_dirs, + define_macros = LDAP_CLASS.defines + \ +- ('ldap_r' in LDAP_CLASS.libs or 'oldap_r' in LDAP_CLASS.libs)*[('HAVE_LIBLDAP_R',None)] + \ + ('sasl' in LDAP_CLASS.libs or 'sasl2' in LDAP_CLASS.libs or 'libsasl' in LDAP_CLASS.libs)*[('HAVE_SASL',None)] + \ + ('ssl' in LDAP_CLASS.libs and 'crypto' in LDAP_CLASS.libs)*[('HAVE_TLS',None)] + \ + [ +-- +2.36.0 + diff --git a/pkgs/development/python-modules/ldap/default.nix b/pkgs/development/python-modules/ldap/default.nix index f9acc0a7674..b58f6bafed5 100644 --- a/pkgs/development/python-modules/ldap/default.nix +++ b/pkgs/development/python-modules/ldap/default.nix @@ -12,6 +12,10 @@ buildPythonPackage rec { sha256 = "60464c8fc25e71e0fd40449a24eae482dcd0fb7fcf823e7de627a6525b3e0d12"; }; + patches = [ + ./0001-Check-whether-libldap-is-threadsafe-on-startup.patch + ]; + propagatedBuildInputs = [ pyasn1 pyasn1-modules ]; checkInputs = [ pytestCheckHook ]; diff --git a/pkgs/development/python-modules/pandas/default.nix b/pkgs/development/python-modules/pandas/default.nix index 38173eb4fe0..54ad2eaf724 100644 --- a/pkgs/development/python-modules/pandas/default.nix +++ b/pkgs/development/python-modules/pandas/default.nix @@ -93,6 +93,10 @@ buildPythonPackage rec { ] ++ lib.optionals stdenv.isDarwin [ "test_locale" "test_clipboard" + # ValueError: cannot reindex on an axis with duplicate labels + # + # Attempts to reproduce this problem outside of Hydra failed. + "test_reindex_timestamp_with_fold" ]; # Tests have relative paths, and need to reference compiled C extensions diff --git a/pkgs/development/python-modules/python-mimeparse/default.nix b/pkgs/development/python-modules/python-mimeparse/default.nix index ccc8dc78f44..ab91a5d5e2e 100644 --- a/pkgs/development/python-modules/python-mimeparse/default.nix +++ b/pkgs/development/python-modules/python-mimeparse/default.nix @@ -1,6 +1,7 @@ { lib , buildPythonPackage , fetchPypi +, pytestCheckHook }: buildPythonPackage rec { @@ -12,8 +13,9 @@ buildPythonPackage rec { sha256 = "76e4b03d700a641fd7761d3cd4fdbbdcd787eade1ebfac43f877016328334f78"; }; - # error: invalid command 'test' - doCheck = false; + checkInputs = [ + pytestCheckHook + ]; meta = with lib; { description = "A module provides basic functions for parsing mime-type names and matching them against a list of media-ranges"; diff --git a/pkgs/development/tools/analysis/valgrind/default.nix b/pkgs/development/tools/analysis/valgrind/default.nix index 6e736df235f..fa29eae2db6 100644 --- a/pkgs/development/tools/analysis/valgrind/default.nix +++ b/pkgs/development/tools/analysis/valgrind/default.nix @@ -1,26 +1,18 @@ { lib, stdenv, fetchurl, fetchpatch , autoreconfHook, perl , gdb, cctools, xnu, bootstrap_cmds +, writeScript }: stdenv.mkDerivation rec { pname = "valgrind"; - version = "3.18.1"; + version = "3.19.0"; src = fetchurl { url = "https://sourceware.org/pub/${pname}/${pname}-${version}.tar.bz2"; - sha256 = "sha256-AIWaoTp3Lt33giIl9LRu4NOa++Bx0yd42k2ZmECB9/U="; + sha256 = "sha256-3V40SG8aSD/3vnMAzBa01rJGkJh4d8MnjXl1NNZzjwI="; }; - patches = [ - # Fix tests on Musl. - # https://bugs.kde.org/show_bug.cgi?id=445300 - (fetchpatch { - url = "https://bugsfiles.kde.org/attachment.cgi?id=143535"; - sha256 = "036zyk30rixjvpylw3c7n171n4gpn6zcp7h6ya2dz4h5r478l9i6"; - }) - ]; - outputs = [ "out" "dev" "man" "doc" ]; hardeningDisable = [ "pie" "stackprotector" ]; @@ -59,9 +51,6 @@ stdenv.mkDerivation rec { --replace /usr/bin/ld ${cctools}/bin/ld ''); - # To prevent rebuild on linux when moving darwin's postPatch fixes to preConfigure - postPatch = ""; - configureFlags = lib.optional (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "x86_64-darwin") "--enable-only64bit" ++ lib.optional stdenv.hostPlatform.isDarwin "--with-xcodedir=${xnu}/include"; @@ -77,6 +66,21 @@ stdenv.mkDerivation rec { done ''; + passthru = { + updateScript = writeScript "update-valgrind" '' + #!/usr/bin/env nix-shell + #!nix-shell -i bash -p curl pcre common-updater-scripts + + set -eu -o pipefail + + # Expect the text in format of: + # 'Current release: <a href="/downloads/current.html#current">valgrind-3.19.0</a>' + new_version="$(curl -s https://valgrind.org/ | + pcregrep -o1 'Current release: .*>valgrind-([0-9.]+)</a>')" + update-source-version ${pname} "$new_version" + ''; + }; + meta = { homepage = "http://www.valgrind.org/"; description = "Debugging and profiling tool suite"; diff --git a/pkgs/development/tools/misc/binutils/default.nix b/pkgs/development/tools/misc/binutils/default.nix index da2b4864552..88b6d3a705e 100644 --- a/pkgs/development/tools/misc/binutils/default.nix +++ b/pkgs/development/tools/misc/binutils/default.nix @@ -82,6 +82,12 @@ stdenv.mkDerivation { # override this behavior, forcing ld to search DT_RPATH even when # cross-compiling. ./always-search-rpath.patch + + # Fixed in 2.39 + # https://sourceware.org/bugzilla/show_bug.cgi?id=28885 + # https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=99852365513266afdd793289813e8e565186c9e6 + # https://github.com/NixOS/nixpkgs/issues/170946 + ./deterministic-temp-prefixes.patch ] ++ lib.optional targetPlatform.isiOS ./support-ios.patch # This patch was suggested by Nick Clifton to fix diff --git a/pkgs/development/tools/misc/binutils/deterministic-temp-prefixes.patch b/pkgs/development/tools/misc/binutils/deterministic-temp-prefixes.patch new file mode 100644 index 00000000000..3c27340b9c0 --- /dev/null +++ b/pkgs/development/tools/misc/binutils/deterministic-temp-prefixes.patch @@ -0,0 +1,36 @@ +From 99852365513266afdd793289813e8e565186c9e6 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 23 Mar 2022 11:39:49 +0000 +Subject: [PATCH] dlltool: Use the output name as basis for deterministic temp + prefixes + + PR 28885 + * dlltool.c (main): use imp_name rather than dll_name when + generating a temporary file name. +--- + binutils/ChangeLog | 9 +++++++++ + binutils/dlltool.c | 7 ++++--- + 2 files changed, 13 insertions(+), 3 deletions(-) + +diff --git a/binutils/dlltool.c b/binutils/dlltool.c +index d95bf3f5470..89871510b45 100644 +--- a/binutils/dlltool.c ++++ b/binutils/dlltool.c +@@ -3992,10 +3992,11 @@ main (int ac, char **av) + if (tmp_prefix == NULL) + { + /* If possible use a deterministic prefix. */ +- if (dll_name) ++ if (imp_name || delayimp_name) + { +- tmp_prefix = xmalloc (strlen (dll_name) + 2); +- sprintf (tmp_prefix, "%s_", dll_name); ++ const char *input = imp_name ? imp_name : delayimp_name; ++ tmp_prefix = xmalloc (strlen (input) + 2); ++ sprintf (tmp_prefix, "%s_", input); + for (i = 0; tmp_prefix[i]; i++) + if (!ISALNUM (tmp_prefix[i])) + tmp_prefix[i] = '_'; +-- +2.31.1 + diff --git a/pkgs/development/tools/misc/gdb/32-bit-BFD_VMA-format.patch b/pkgs/development/tools/misc/gdb/32-bit-BFD_VMA-format.patch new file mode 100644 index 00000000000..41ce4540d2d --- /dev/null +++ b/pkgs/development/tools/misc/gdb/32-bit-BFD_VMA-format.patch @@ -0,0 +1,68 @@ +Fix iWerror=format build for 32-bit systems. +https://sourceware.org/pipermail/gdb-patches/2022-May/189288.html +--- a/sim/cris/sim-if.c ++++ b/sim/cris/sim-if.c +@@ -257,7 +257,8 @@ cris_load_elf_file (SIM_DESC sd, struct bfd *abfd, sim_write_fn do_write) + + if (verbose) + sim_io_printf (sd, +- "Loading segment at 0x%" BFD_VMA_FMT "x, size 0x%lx\n", ++ "Loading segment at 0x%" BFD_VMA_FMT "x, " ++ "size 0x%" BFD_VMA_FMT "x\n", + lma, phdr[i].p_filesz); + + if (bfd_seek (abfd, phdr[i].p_offset, SEEK_SET) != 0 +@@ -265,7 +266,7 @@ cris_load_elf_file (SIM_DESC sd, struct bfd *abfd, sim_write_fn do_write) + { + sim_io_eprintf (sd, + "%s: could not read segment at 0x%" BFD_VMA_FMT "x, " +- "size 0x%lx\n", ++ "size 0x%" BFD_VMA_FMT "x\n", + STATE_MY_NAME (sd), lma, phdr[i].p_filesz); + free (buf); + return FALSE; +@@ -275,7 +276,7 @@ cris_load_elf_file (SIM_DESC sd, struct bfd *abfd, sim_write_fn do_write) + { + sim_io_eprintf (sd, + "%s: could not load segment at 0x%" BFD_VMA_FMT "x, " +- "size 0x%lx\n", ++ "size 0x%" BFD_VMA_FMT "x\n", + STATE_MY_NAME (sd), lma, phdr[i].p_filesz); + free (buf); + return FALSE; +@@ -572,7 +573,8 @@ cris_handle_interpreter (SIM_DESC sd, struct bfd *abfd) + memory area, so we go via a temporary area. Luckily, the + interpreter is supposed to be small, less than 0x40000 + bytes. */ +- sim_do_commandf (sd, "memory region 0x%" BFD_VMA_FMT "x,0x%lx", ++ sim_do_commandf (sd, "memory region 0x%" BFD_VMA_FMT "x," ++ "0x%" BFD_VMA_FMT "x", + interp_load_addr, interpsiz); + + /* Now that memory for the interpreter is defined, load it. */ +--- a/sim/m32c/syscalls.c ++++ b/sim/m32c/syscalls.c +@@ -299,8 +299,8 @@ m32c_syscall (int id) + + rv = gettimeofday (&tv, 0); + if (trace) +- printf ("gettimeofday: %ld sec %ld usec to 0x%x\n", tv.tv_sec, +- tv.tv_usec, tvaddr); ++ printf ("gettimeofday: %lld sec %lld usec to 0x%x\n", ++ (long long)tv.tv_sec, (long long)tv.tv_usec, tvaddr); + mem_put_si (tvaddr, tv.tv_sec); + mem_put_si (tvaddr + 4, tv.tv_usec); + put_reg (r0, rv); +--- a/sim/rx/syscalls.c ++++ b/sim/rx/syscalls.c +@@ -270,8 +270,8 @@ rx_syscall (int id) + + rv = gettimeofday (&tv, 0); + if (trace) +- printf ("gettimeofday: %ld sec %ld usec to 0x%x\n", tv.tv_sec, +- tv.tv_usec, tvaddr); ++ printf ("gettimeofday: %lld sec %lld usec to 0x%x\n", ++ (long long)tv.tv_sec, (long long)tv.tv_usec, tvaddr); + mem_put_si (tvaddr, tv.tv_sec); + mem_put_si (tvaddr + 4, tv.tv_usec); + put_reg (1, rv); diff --git a/pkgs/development/tools/misc/gdb/debug-info-from-env.patch b/pkgs/development/tools/misc/gdb/debug-info-from-env.patch index de59bd2d17b..7a3d78da077 100644 --- a/pkgs/development/tools/misc/gdb/debug-info-from-env.patch +++ b/pkgs/development/tools/misc/gdb/debug-info-from-env.patch @@ -1,24 +1,17 @@ -diff -ur a/gdb/main.c b/gdb/main.c ---- a/gdb/main.c 2020-02-08 13:50:14.000000000 +0100 -+++ b/gdb/main.c 2020-02-24 10:02:07.731806739 +0100 -@@ -567,9 +567,17 @@ - gdb_sysroot = xstrdup (TARGET_SYSROOT_PREFIX); - } +--- a/gdb/main.c ++++ b/gdb/main.c +@@ -708,8 +708,12 @@ captured_main_1 (struct captured_main_args *context) + if (gdb_sysroot.empty ()) + gdb_sysroot = TARGET_SYSROOT_PREFIX; - debug_file_directory -- = xstrdup (relocate_gdb_directory (DEBUGDIR, -- DEBUGDIR_RELOCATABLE).c_str ()); -+ debug_file_directory = getenv ("NIX_DEBUG_INFO_DIRS"); -+ if (debug_file_directory != NULL) -+ // This might be updated later using -+ // $ set debug-file-directory /to/some/path -+ // which will use xfree. We must then have a xmallocated -+ // copy of the string that can be xfeed later. -+ debug_file_directory = xstrdup (debug_file_directory); +- = relocate_gdb_directory (DEBUGDIR, DEBUGDIR_RELOCATABLE); ++ const char * nix_debug = getenv ("NIX_DEBUG_INFO_DIRS"); ++ if (nix_debug != NULL) ++ debug_file_directory = nix_debug; + else + debug_file_directory -+ = xstrdup (relocate_gdb_directory (DEBUGDIR, -+ DEBUGDIR_RELOCATABLE).c_str ()); ++ = relocate_gdb_directory (DEBUGDIR, DEBUGDIR_RELOCATABLE); gdb_datadir = relocate_gdb_directory (GDB_DATADIR, GDB_DATADIR_RELOCATABLE); diff --git a/pkgs/development/tools/misc/gdb/default.nix b/pkgs/development/tools/misc/gdb/default.nix index f21808b1bf7..d9b56428f5c 100644 --- a/pkgs/development/tools/misc/gdb/default.nix +++ b/pkgs/development/tools/misc/gdb/default.nix @@ -1,7 +1,7 @@ { lib, stdenv, targetPackages # Build time -, fetchurl, fetchpatch, pkg-config, perl, texinfo, setupDebugInfoDirs, buildPackages +, fetchurl, pkg-config, perl, texinfo, setupDebugInfoDirs, buildPackages # Run time , ncurses, readline, gmp, mpfr, expat, libipt, zlib, dejagnu, sourceHighlight @@ -15,6 +15,7 @@ # targetPackages so we get the right libc when cross-compiling and using buildPackages.gdb targetPackages.stdenv.cc.cc.lib ] +, writeScript }: let @@ -27,36 +28,32 @@ assert pythonSupport -> python3 != null; stdenv.mkDerivation rec { pname = targetPrefix + basename; - version = "11.2"; + version = "12.1"; src = fetchurl { url = "mirror://gnu/gdb/${basename}-${version}.tar.xz"; - hash = "sha256-FJfDanGIG4ZxqahKDuQPqreIyjDXuhnYRjw8x4cVLjI="; + hash = "sha256-DheTv48rVNU/Rt6oTM/URvSPgbKXsoxPf8AXuBjWn+0="; }; - postPatch = if stdenv.isDarwin then '' + postPatch = lib.optionalString stdenv.isDarwin '' substituteInPlace gdb/darwin-nat.c \ --replace '#include "bfd/mach-o.h"' '#include "mach-o.h"' - '' else if stdenv.hostPlatform.isMusl then '' + '' + lib.optionalString stdenv.hostPlatform.isMusl '' + substituteInPlace sim/erc32/erc32.c --replace sys/fcntl.h fcntl.h + substituteInPlace sim/erc32/interf.c --replace sys/fcntl.h fcntl.h + substituteInPlace sim/erc32/sis.c --replace sys/fcntl.h fcntl.h substituteInPlace sim/ppc/emul_unix.c --replace sys/termios.h termios.h - '' else null; + ''; patches = [ ./debug-info-from-env.patch - - # Pull upstream fix for gcc-12. Will be included in gdb-12. - (fetchpatch { - name = "gcc-12.patch"; - url = "https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=e97436b1b789dcdb6ffb502263f4c86f8bc22996"; - sha256 = "1mpgw6s9qgnwhwyg3hagc6vhqhvia0l1s8nr22bcahwqxi3wvzcw"; - }) ] ++ lib.optionals stdenv.isDarwin [ ./darwin-target-match.patch - ] ++ lib.optional stdenv.hostPlatform.isMusl (fetchpatch { - name = "musl-fix-pagesize-page_size.patch"; - url = "https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=fd0975b96b16d96010dce439af9620d3dfb65426"; - hash = "sha256-M3U7uIIFJnYu0g8/sMLJPhm02q7cGOi6pLjgsUUjeKI="; - }); + # Does not nave to be conditional. We apply it conditionally + # to speed up inclusion to nearby nixos release. + ] ++ lib.optionals stdenv.is32bit [ + ./32-bit-BFD_VMA-format.patch + ]; nativeBuildInputs = [ pkg-config texinfo perl setupDebugInfoDirs ]; @@ -115,6 +112,20 @@ stdenv.mkDerivation rec { # TODO: Investigate & fix the test failures. doCheck = false; + passthru = { + updateScript = writeScript "update-gdb" '' + #!/usr/bin/env nix-shell + #!nix-shell -i bash -p curl pcre common-updater-scripts + + set -eu -o pipefail + + # Expect the text in format of '<h3>GDB version 12.1</h3>' + new_version="$(curl -s https://www.sourceware.org/gdb/ | + pcregrep -o1 '<h3>GDB version ([0-9.]+)</h3>')" + update-source-version ${pname} "$new_version" + ''; + }; + meta = with lib; { description = "The GNU Project debugger"; diff --git a/pkgs/misc/sndio/default.nix b/pkgs/misc/sndio/default.nix index 7b5774d8054..ea2229f264e 100644 --- a/pkgs/misc/sndio/default.nix +++ b/pkgs/misc/sndio/default.nix @@ -11,6 +11,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = lib.optional stdenv.hostPlatform.isDarwin fixDarwinDylibNames; buildInputs = lib.optional stdenv.hostPlatform.isLinux alsa-lib; + configurePlatforms = []; postInstall = '' install -Dm644 contrib/sndiod.service $out/lib/systemd/system/sndiod.service diff --git a/pkgs/servers/sql/postgresql/default.nix b/pkgs/servers/sql/postgresql/default.nix index 0998ddb573d..bfbac087bc3 100644 --- a/pkgs/servers/sql/postgresql/default.nix +++ b/pkgs/servers/sql/postgresql/default.nix @@ -202,9 +202,9 @@ let in self: { postgresql_10 = self.callPackage generic { - version = "10.20"; + version = "10.21"; psqlSchema = "10.0"; # should be 10, but changing it is invasive - sha256 = "sha256-h94W1ZvP5C+mBcMSxZvl4pToo+astlXdetR8u5MKZZ8="; + sha256 = "sha256-0yGYhW1Sqab11QZC74ZoesBYvW78pcntV754CElvRdE="; this = self.postgresql_10; thisAttr = "postgresql_10"; inherit self; @@ -212,36 +212,36 @@ in self: { }; postgresql_11 = self.callPackage generic { - version = "11.15"; + version = "11.16"; psqlSchema = "11.1"; # should be 11, but changing it is invasive - sha256 = "sha256-yPWOjr1PRWf0+boQMus+meAlHYfL4+VktIVZDjeoeeM="; + sha256 = "sha256-LdnhEfCllJ7nyswGXOoPshCSkpuuMQzgW/AbT/xRA6U="; this = self.postgresql_11; thisAttr = "postgresql_11"; inherit self; }; postgresql_12 = self.callPackage generic { - version = "12.10"; + version = "12.11"; psqlSchema = "12"; - sha256 = "sha256-g90ZLmA0lRGSuahtwZzzcXqLghIOLxGgo2cjyCDSslc="; + sha256 = "sha256-ECYkil/Svur0PkxyNqyBflbVi2gaM1hWRl37x1s+gwI="; this = self.postgresql_12; thisAttr = "postgresql_12"; inherit self; }; postgresql_13 = self.callPackage generic { - version = "13.6"; + version = "13.7"; psqlSchema = "13"; - sha256 = "sha256-uvx/o9nU2o/nG4TGO6i9/oCSk1wwwKqFwkssCFCPZ/w="; + sha256 = "sha256-G5Bb9PPYNhSjk7PFH9NFkQ/SYeT1Ekpo2aH906KkY5k="; this = self.postgresql_13; thisAttr = "postgresql_13"; inherit self; }; postgresql_14 = self.callPackage generic { - version = "14.2"; + version = "14.3"; psqlSchema = "14"; - sha256 = "sha256-LPeLLkaJEvgQHWldtTQM8xPC6faKYS+3FCdSToyal3o="; + sha256 = "sha256-J5BXNov1mpGcBa2o+VxeBKu0PnS5oqacPUaiDgeprzg="; this = self.postgresql_14; thisAttr = "postgresql_14"; inherit self; diff --git a/pkgs/servers/sql/postgresql/ext/pg_safeupdate.nix b/pkgs/servers/sql/postgresql/ext/pg_safeupdate.nix index b2a58b6bc3e..5e9976c014d 100644 --- a/pkgs/servers/sql/postgresql/ext/pg_safeupdate.nix +++ b/pkgs/servers/sql/postgresql/ext/pg_safeupdate.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "pg-safeupdate"; - version = "1.2"; + version = "1.4"; buildInputs = [ postgresql ]; @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { owner = "eradman"; repo = pname; rev = version; - sha256 = "010m57jcv5v8pyfm1cqs3a306y750lvnvla9m5d98v5vdx3349jg"; + sha256 = "sha256-1cyvVEC9MQGMr7Tg6EUbsVBrMc8ahdFS3+CmDkmAq4Y="; }; installPhase = '' diff --git a/pkgs/test/default.nix b/pkgs/test/default.nix index d6e4c545a08..ab235d61002 100644 --- a/pkgs/test/default.nix +++ b/pkgs/test/default.nix @@ -72,7 +72,15 @@ with pkgs; dhall = callPackage ./dhall { }; - makeWrapper = callPackage ./make-wrapper {}; + makeWrapper = callPackage ./make-wrapper { }; + makeBinaryWrapper = callPackage ./make-binary-wrapper { + makeBinaryWrapper = pkgs.makeBinaryWrapper.override { + # Enable sanitizers in the tests only, to avoid the performance cost in regular usage. + # The sanitizers cause errors on aarch64-darwin, see https://github.com/NixOS/nixpkgs/pull/150079#issuecomment-994132734 + sanitizers = pkgs.lib.optionals (! (pkgs.stdenv.isDarwin && pkgs.stdenv.isAarch64)) + [ "undefined" "address" ]; + }; + }; pkgs-lib = recurseIntoAttrs (import ../pkgs-lib/tests { inherit pkgs; }); } diff --git a/pkgs/tools/filesystems/e2fsprogs/default.nix b/pkgs/tools/filesystems/e2fsprogs/default.nix index d4c4738be75..7273d805a32 100644 --- a/pkgs/tools/filesystems/e2fsprogs/default.nix +++ b/pkgs/tools/filesystems/e2fsprogs/default.nix @@ -23,15 +23,20 @@ stdenv.mkDerivation rec { ++ lib.optionals stdenv.isLinux [ fuse ]; # Only use glibc's __GNUC_PREREQ(X,Y) (checks if compiler is gcc version >= X.Y) when using glibc - patches = if stdenv.hostPlatform.libc == "glibc" then null - else [ - (fetchpatch { + patches = [ + (fetchpatch { + name = "CVE-2022-1304.patch"; + url = "https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/patch/?id=ab51d587bb9b229b1fade1afd02e1574c1ba5c76"; + sha256 = "sha256-YEEow34/81NBOc6F6FS6i505FCQ7GHeIz0a0qWNs7Fg="; + }) + ] ++ lib.optionals (stdenv.hostPlatform.libc == "glibc") [ + (fetchpatch { url = "https://raw.githubusercontent.com/void-linux/void-packages/9583597eb3e6e6b33f61dbc615d511ce030bc443/srcpkgs/e2fsprogs/patches/fix-glibcism.patch"; sha256 = "1gfcsr0i3q8q2f0lqza8na0iy4l4p3cbii51ds6zmj0y4hz2dwhb"; excludes = [ "lib/ext2fs/hashmap.h" ]; extraPrefix = ""; - }) - ]; + }) + ]; postPatch = '' # Remove six failing tests diff --git a/pkgs/tools/security/cryptomator/default.nix b/pkgs/tools/security/cryptomator/default.nix index 5a1886e49e5..ccd5318ffb6 100644 --- a/pkgs/tools/security/cryptomator/default.nix +++ b/pkgs/tools/security/cryptomator/default.nix @@ -1,7 +1,7 @@ { lib, stdenv, fetchFromGitHub , autoPatchelfHook , fuse, jffi -, maven, jdk, jre, makeWrapper, glib, wrapGAppsHook +, maven, jdk, jre, makeShellWrapper, glib, wrapGAppsHook }: let @@ -65,7 +65,7 @@ in stdenv.mkDerivation rec { rm $out/share/cryptomator/libs/jff*.jar cp -f ${jffi}/share/java/jffi-complete.jar $out/share/cryptomator/libs/ - makeWrapper ${jre}/bin/java $out/bin/cryptomator \ + makeShellWrapper ${jre}/bin/java $out/bin/cryptomator \ --add-flags "--class-path '$out/share/cryptomator/libs/*'" \ --add-flags "--module-path '$out/share/cryptomator/mods'" \ --add-flags "-Dcryptomator.logDir='~/.local/share/Cryptomator/logs'" \ @@ -101,8 +101,8 @@ in stdenv.mkDerivation rec { nativeBuildInputs = [ autoPatchelfHook maven - makeWrapper - (wrapGAppsHook.override { makeBinaryWrapper = makeWrapper; }) + makeShellWrapper + wrapGAppsHook jdk ]; buildInputs = [ fuse jre glib jffi ]; diff --git a/pkgs/tools/typesetting/sile/default.nix b/pkgs/tools/typesetting/sile/default.nix index 32374149190..7aca12e341c 100644 --- a/pkgs/tools/typesetting/sile/default.nix +++ b/pkgs/tools/typesetting/sile/default.nix @@ -114,7 +114,6 @@ stdenv.mkDerivation rec { homepage = "https://sile-typesetter.org"; changelog = "https://github.com/sile-typesetter/sile/raw/v${version}/CHANGELOG.md"; platforms = platforms.unix; - broken = stdenv.isDarwin; # https://github.com/NixOS/nixpkgs/issues/23018 maintainers = with maintainers; [ doronbehar alerque ]; license = licenses.mit; }; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 78d4ca310ee..281b0fd328d 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -781,7 +781,9 @@ with pkgs; makeInitrdNG = callPackage ../build-support/kernel/make-initrd-ng.nix; makeInitrdNGTool = callPackage ../build-support/kernel/make-initrd-ng-tool.nix {}; - makeWrapper = makeSetupHook + makeWrapper = makeShellWrapper; + + makeShellWrapper = makeSetupHook { deps = [ dieHook ]; substitutions = { shell = targetPackages.runtimeShell; @@ -790,30 +792,7 @@ with pkgs; } ../build-support/setup-hooks/make-wrapper.sh; - makeBinaryWrapper = let - f = { cc, sanitizers }: let - san = lib.concatMapStringsSep " " (s: "-fsanitize=${s}") sanitizers; - script = runCommand "make-binary-wrapper.sh" {} '' - substitute ${../build-support/setup-hooks/make-binary-wrapper.sh} $out \ - --replace " @CC@ " " ${cc}/bin/cc ${san} " - ''; - in - makeSetupHook { - deps = [ dieHook cc ]; - substitutions.passthru.tests = callPackage ../test/make-binary-wrapper { - makeBinaryWrapper = makeBinaryWrapper.override { - sanitizers = (if stdenv.isDarwin && stdenv.isAarch64 - then [ ] - else [ "undefined" "address" ] - ); - }; - }; - } script; - in - lib.makeOverridable f { - cc = stdenv.cc; - sanitizers = [ ]; - }; + makeBinaryWrapper = callPackage ../build-support/setup-hooks/make-binary-wrapper { }; compressFirmwareXz = callPackage ../build-support/kernel/compress-firmware-xz.nix { }; @@ -912,7 +891,9 @@ with pkgs; findXMLCatalogs = makeSetupHook { } ../build-support/setup-hooks/find-xml-catalogs.sh; - wrapGAppsHook = callPackage ../build-support/setup-hooks/wrap-gapps-hook { }; + wrapGAppsHook = callPackage ../build-support/setup-hooks/wrap-gapps-hook { + makeWrapper = makeBinaryWrapper; + }; wrapGAppsHook4 = wrapGAppsHook.override { gtk3 = gtk4; }; @@ -14055,6 +14036,7 @@ with pkgs; # default. libcxx ? null , extraPackages ? lib.optional (cc.isGNU or false && stdenv.targetPlatform.isMinGW) threadsCross + , nixSupport ? {} , ... } @ extraArgs: callPackage ../build-support/cc-wrapper (let self = { @@ -14066,7 +14048,7 @@ with pkgs; isGNU = cc.isGNU or false; isClang = cc.isClang or false; - inherit cc bintools libc libcxx extraPackages zlib; + inherit cc bintools libc libcxx extraPackages nixSupport zlib; } // extraArgs; in self); wrapCC = cc: wrapCCWith { @@ -22350,12 +22332,12 @@ with pkgs; postgresql_13 postgresql_14 ; - postgresql = postgresql_13.override { this = postgresql; }; + postgresql = postgresql_14.override { this = postgresql; }; postgresqlPackages = recurseIntoAttrs postgresql.pkgs; postgresql11Packages = recurseIntoAttrs postgresql_11.pkgs; postgresql12Packages = recurseIntoAttrs postgresql_12.pkgs; - postgresql13Packages = postgresqlPackages; - postgresql14Packages = recurseIntoAttrs postgresql_14.pkgs; + postgresql13Packages = recurseIntoAttrs postgresql_13.pkgs; + postgresql14Packages = postgresqlPackages; postgresql_jdbc = callPackage ../development/java-modules/postgresql_jdbc { }; @@ -26450,11 +26432,7 @@ with pkgs; filezilla = callPackage ../applications/networking/ftp/filezilla { }; - buildMozillaMach = - let callPackage = newScope { - inherit (rustPackages) cargo rustc; - }; - in opts: callPackage (import ../applications/networking/browsers/firefox/common.nix opts) {}; + buildMozillaMach = opts: callPackage (import ../applications/networking/browsers/firefox/common.nix opts) {}; firefoxPackages = recurseIntoAttrs (callPackage ../applications/networking/browsers/firefox/packages.nix {}); |