summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--doc/stdenv.xml17
-rw-r--r--lib/systems/for-meta.nix6
-rw-r--r--nixos/modules/services/misc/nix-daemon.nix15
-rw-r--r--nixos/release.nix1
-rw-r--r--nixos/tests/gdk-pixbuf.nix19
-rw-r--r--pkgs/applications/altcoins/bitcoin.nix4
-rw-r--r--pkgs/applications/audio/easytag/default.nix2
-rw-r--r--pkgs/applications/graphics/ImageMagick/default.nix2
-rw-r--r--pkgs/applications/misc/audio/soxr/default.nix4
-rw-r--r--pkgs/applications/networking/browsers/firefox-bin/release_sources.nix788
-rw-r--r--pkgs/applications/networking/browsers/firefox/common.nix1
-rw-r--r--pkgs/applications/networking/browsers/firefox/no-buildconfig.patch6
-rw-r--r--pkgs/applications/networking/browsers/firefox/packages.nix33
-rw-r--r--pkgs/applications/networking/browsers/firefox/update.nix6
-rw-r--r--pkgs/applications/networking/browsers/firefox/wrapper.nix2
-rw-r--r--pkgs/applications/networking/p2p/transmission-remote-gtk/default.nix17
-rw-r--r--pkgs/applications/networking/remote/citrix-receiver/default.nix2
-rw-r--r--pkgs/applications/version-management/cvs/default.nix2
-rw-r--r--pkgs/applications/version-management/git-and-tools/git/default.nix80
-rw-r--r--pkgs/applications/version-management/git-and-tools/git/docbook2texi.patch16
-rw-r--r--pkgs/applications/version-management/git-and-tools/git/git-send-email-honor-PATH.patch8
-rw-r--r--pkgs/applications/version-management/git-and-tools/git/installCheck-path.patch12
-rw-r--r--pkgs/applications/version-management/git-and-tools/git/symlinks-in-bin.patch8
-rw-r--r--pkgs/applications/version-management/subversion/default.nix2
-rw-r--r--pkgs/applications/video/omxplayer/default.nix22
-rw-r--r--pkgs/applications/video/vlc/default.nix99
-rw-r--r--pkgs/applications/video/vlc/plugin.nix34
-rw-r--r--pkgs/applications/virtualization/qemu/default.nix2
-rw-r--r--pkgs/build-support/bintools-wrapper/add-flags.sh16
-rw-r--r--pkgs/build-support/bintools-wrapper/add-hardening.sh87
-rw-r--r--pkgs/build-support/bintools-wrapper/default.nix13
-rw-r--r--pkgs/build-support/bintools-wrapper/ld-wrapper.sh6
-rw-r--r--pkgs/build-support/bintools-wrapper/setup-hook.sh42
-rw-r--r--pkgs/build-support/cc-wrapper/add-flags.sh17
-rw-r--r--pkgs/build-support/cc-wrapper/add-hardening.sh115
-rw-r--r--pkgs/build-support/cc-wrapper/cc-wrapper.sh6
-rw-r--r--pkgs/build-support/cc-wrapper/default.nix13
-rw-r--r--pkgs/build-support/cc-wrapper/setup-hook.sh53
-rw-r--r--pkgs/build-support/rust/default.nix2
-rw-r--r--pkgs/build-support/setup-hooks/role.bash75
-rw-r--r--pkgs/build-support/wrapper-common/utils.bash (renamed from pkgs/build-support/cc-wrapper/utils.sh)15
-rw-r--r--pkgs/data/misc/poppler-data/default.nix4
-rw-r--r--pkgs/data/misc/tzdata/default.nix2
-rw-r--r--pkgs/desktops/gnome-2/desktop/gtksourceview/default.nix3
-rw-r--r--pkgs/desktops/gnome-2/desktop/zenity/default.nix2
-rw-r--r--pkgs/desktops/gnome-2/platform/gnome-vfs/default.nix2
-rw-r--r--pkgs/desktops/gnome-3/apps/gnome-boxes/default.nix3
-rw-r--r--pkgs/desktops/gnome-3/core/dconf/default.nix2
-rw-r--r--pkgs/desktops/xfce/core/xfconf.nix3
-rw-r--r--pkgs/development/compilers/gcc/4.8/default.nix26
-rw-r--r--pkgs/development/compilers/gcc/4.9/default.nix26
-rw-r--r--pkgs/development/compilers/gcc/5/default.nix26
-rw-r--r--pkgs/development/compilers/gcc/6/default.nix25
-rw-r--r--pkgs/development/compilers/gcc/7/default.nix101
-rw-r--r--pkgs/development/compilers/gcc/8/default.nix19
-rw-r--r--pkgs/development/compilers/gcc/libstdc++-hook.sh7
-rw-r--r--pkgs/development/compilers/gcc/snapshot/default.nix90
-rw-r--r--pkgs/development/compilers/ghc/8.2.2.nix1
-rw-r--r--pkgs/development/compilers/go/1.10.nix4
-rw-r--r--pkgs/development/compilers/llvm/3.4/clang.nix5
-rw-r--r--pkgs/development/compilers/llvm/3.5/clang.nix9
-rw-r--r--pkgs/development/compilers/llvm/3.5/libc++/default.nix5
-rw-r--r--pkgs/development/compilers/llvm/3.5/libc++/setup-hook.sh7
-rw-r--r--pkgs/development/compilers/llvm/3.7/clang/default.nix9
-rw-r--r--pkgs/development/compilers/llvm/3.7/libc++/default.nix5
-rw-r--r--pkgs/development/compilers/llvm/3.7/libc++/setup-hook.sh7
-rw-r--r--pkgs/development/compilers/llvm/3.8/clang/default.nix9
-rw-r--r--pkgs/development/compilers/llvm/3.8/libc++/default.nix5
-rw-r--r--pkgs/development/compilers/llvm/3.8/libc++/setup-hook.sh7
-rw-r--r--pkgs/development/compilers/llvm/3.9/clang/default.nix9
-rw-r--r--pkgs/development/compilers/llvm/3.9/libc++/default.nix5
-rw-r--r--pkgs/development/compilers/llvm/3.9/libc++/setup-hook.sh7
-rw-r--r--pkgs/development/compilers/llvm/4/clang/default.nix9
-rw-r--r--pkgs/development/compilers/llvm/4/libc++/default.nix5
-rw-r--r--pkgs/development/compilers/llvm/4/libc++/setup-hook.sh7
-rw-r--r--pkgs/development/compilers/llvm/5/clang/default.nix14
-rw-r--r--pkgs/development/compilers/llvm/5/default.nix6
-rw-r--r--pkgs/development/compilers/llvm/5/libc++/default.nix7
-rw-r--r--pkgs/development/compilers/llvm/5/libc++/setup-hook.sh7
-rw-r--r--pkgs/development/compilers/llvm/5/libc++abi.nix2
-rw-r--r--pkgs/development/compilers/llvm/5/lld.nix2
-rw-r--r--pkgs/development/compilers/llvm/5/lldb.nix2
-rw-r--r--pkgs/development/compilers/llvm/5/llvm.nix2
-rw-r--r--pkgs/development/compilers/llvm/5/openmp.nix2
-rw-r--r--pkgs/development/compilers/llvm/6/clang/default.nix9
-rw-r--r--pkgs/development/compilers/llvm/6/libc++/default.nix5
-rw-r--r--pkgs/development/compilers/llvm/6/libc++/setup-hook.sh7
-rw-r--r--pkgs/development/compilers/openjdk/8.nix2
-rw-r--r--pkgs/development/haskell-modules/generic-builder.nix7
-rw-r--r--pkgs/development/interpreters/dart/default.nix6
-rw-r--r--pkgs/development/interpreters/guile/1.8.nix1
-rw-r--r--pkgs/development/interpreters/guile/2.0.nix1
-rw-r--r--pkgs/development/interpreters/guile/default.nix1
-rw-r--r--pkgs/development/interpreters/perl/default.nix2
-rw-r--r--pkgs/development/interpreters/python/build-python-package.nix3
-rw-r--r--pkgs/development/interpreters/python/cpython/2.7/default.nix13
-rw-r--r--pkgs/development/interpreters/python/cpython/2.7/properly-detect-curses.patch116
-rw-r--r--pkgs/development/interpreters/python/cpython/3.4/default.nix23
-rw-r--r--pkgs/development/interpreters/python/cpython/3.5/default.nix27
-rw-r--r--pkgs/development/interpreters/python/cpython/3.6/default.nix27
-rw-r--r--pkgs/development/interpreters/python/mk-python-derivation.nix5
-rw-r--r--pkgs/development/libraries/appstream-glib/default.nix2
-rw-r--r--pkgs/development/libraries/at-spi2-atk/default.nix2
-rw-r--r--pkgs/development/libraries/at-spi2-core/default.nix2
-rw-r--r--pkgs/development/libraries/avahi/default.nix6
-rw-r--r--pkgs/development/libraries/boehm-gc/default.nix4
-rw-r--r--pkgs/development/libraries/boost/generic.nix4
-rw-r--r--pkgs/development/libraries/c-ares/default.nix4
-rw-r--r--pkgs/development/libraries/cairo/default.nix24
-rw-r--r--pkgs/development/libraries/celt/generic.nix2
-rw-r--r--pkgs/development/libraries/ctpp2/default.nix2
-rw-r--r--pkgs/development/libraries/db/generic.nix2
-rw-r--r--pkgs/development/libraries/dbus-glib/default.nix6
-rw-r--r--pkgs/development/libraries/dbus/default.nix4
-rw-r--r--pkgs/development/libraries/eigen/default.nix8
-rw-r--r--pkgs/development/libraries/enchant/2.x.nix2
-rw-r--r--pkgs/development/libraries/epoxy/default.nix6
-rw-r--r--pkgs/development/libraries/ffmpeg-full/default.nix21
-rw-r--r--pkgs/development/libraries/ffmpeg/generic.nix21
-rw-r--r--pkgs/development/libraries/fontconfig/2.10.nix12
-rw-r--r--pkgs/development/libraries/fontconfig/default.nix12
-rw-r--r--pkgs/development/libraries/gdk-pixbuf/default.nix77
-rw-r--r--pkgs/development/libraries/gdk-pixbuf/installed-tests-path.patch13
-rw-r--r--pkgs/development/libraries/gdk-pixbuf/no-mime-sniffing.patch18
-rw-r--r--pkgs/development/libraries/gegl/default.nix2
-rw-r--r--pkgs/development/libraries/geoclue/2.0.nix4
-rw-r--r--pkgs/development/libraries/gettext/default.nix5
-rw-r--r--pkgs/development/libraries/gettext/gettext-setup-hook.sh23
-rw-r--r--pkgs/development/libraries/git2/0.25.nix2
-rw-r--r--pkgs/development/libraries/git2/default.nix2
-rw-r--r--pkgs/development/libraries/glib/default.nix2
-rw-r--r--pkgs/development/libraries/glibc/common.nix2
-rw-r--r--pkgs/development/libraries/gobject-introspection/default.nix2
-rw-r--r--pkgs/development/libraries/grantlee/5/default.nix2
-rw-r--r--pkgs/development/libraries/gstreamer/bad/default.nix5
-rw-r--r--pkgs/development/libraries/gstreamer/base/default.nix4
-rw-r--r--pkgs/development/libraries/gtk+/2.x.nix2
-rw-r--r--pkgs/development/libraries/gtk+/3.x.nix2
-rw-r--r--pkgs/development/libraries/gts/default.nix2
-rw-r--r--pkgs/development/libraries/id3lib/default.nix4
-rw-r--r--pkgs/development/libraries/jasper/default.nix2
-rw-r--r--pkgs/development/libraries/kerberos/krb5.nix1
-rw-r--r--pkgs/development/libraries/lcms/default.nix2
-rw-r--r--pkgs/development/libraries/ldns/default.nix3
-rw-r--r--pkgs/development/libraries/libappindicator/default.nix2
-rw-r--r--pkgs/development/libraries/libarchive/default.nix2
-rw-r--r--pkgs/development/libraries/libav/default.nix52
-rw-r--r--pkgs/development/libraries/libcddb/default.nix2
-rw-r--r--pkgs/development/libraries/libcue/default.nix2
-rw-r--r--pkgs/development/libraries/libdrm/default.nix4
-rw-r--r--pkgs/development/libraries/libdvdcss/default.nix4
-rw-r--r--pkgs/development/libraries/libevdev/default.nix4
-rw-r--r--pkgs/development/libraries/libevent/default.nix2
-rw-r--r--pkgs/development/libraries/libical/default.nix2
-rw-r--r--pkgs/development/libraries/libiconv/default.nix5
-rw-r--r--pkgs/development/libraries/libiconv/setup-hook.sh18
-rw-r--r--pkgs/development/libraries/libidn/default.nix6
-rw-r--r--pkgs/development/libraries/libindicate/default.nix2
-rw-r--r--pkgs/development/libraries/libindicator/default.nix4
-rw-r--r--pkgs/development/libraries/libinput/default.nix4
-rw-r--r--pkgs/development/libraries/libjpeg-turbo/default.nix3
-rw-r--r--pkgs/development/libraries/libjpeg/default.nix6
-rw-r--r--pkgs/development/libraries/liblo/default.nix4
-rw-r--r--pkgs/development/libraries/libmsgpack/generic.nix13
-rw-r--r--pkgs/development/libraries/libnetfilter_conntrack/default.nix4
-rw-r--r--pkgs/development/libraries/libnfsidmap/default.nix6
-rw-r--r--pkgs/development/libraries/libnftnl/default.nix4
-rw-r--r--pkgs/development/libraries/libnih/default.nix4
-rw-r--r--pkgs/development/libraries/libomxil-bellagio/default.nix2
-rw-r--r--pkgs/development/libraries/libpcap/default.nix20
-rw-r--r--pkgs/development/libraries/libproxy/default.nix2
-rw-r--r--pkgs/development/libraries/librsvg/default.nix21
-rw-r--r--pkgs/development/libraries/librsync/0.9.nix4
-rw-r--r--pkgs/development/libraries/librsync/default.nix4
-rw-r--r--pkgs/development/libraries/libsoup/default.nix2
-rw-r--r--pkgs/development/libraries/libtorrent-rasterbar/default.nix2
-rw-r--r--pkgs/development/libraries/libtoxcore/default.nix6
-rw-r--r--pkgs/development/libraries/libuchardet/default.nix2
-rw-r--r--pkgs/development/libraries/libunwind/default.nix2
-rw-r--r--pkgs/development/libraries/libuv/default.nix4
-rw-r--r--pkgs/development/libraries/libvdpau-va-gl/default.nix2
-rw-r--r--pkgs/development/libraries/libvpx/default.nix56
-rw-r--r--pkgs/development/libraries/libvpx/git.nix34
-rw-r--r--pkgs/development/libraries/libwacom/default.nix4
-rw-r--r--pkgs/development/libraries/libwebp/default.nix4
-rw-r--r--pkgs/development/libraries/libxkbcommon/default.nix2
-rw-r--r--pkgs/development/libraries/libxml2/default.nix4
-rw-r--r--pkgs/development/libraries/mesa/default.nix6
-rw-r--r--pkgs/development/libraries/mpfi/default.nix11
-rw-r--r--pkgs/development/libraries/mpfr/default.nix5
-rw-r--r--pkgs/development/libraries/ncurses/default.nix10
-rw-r--r--pkgs/development/libraries/nspr/default.nix4
-rw-r--r--pkgs/development/libraries/nss/default.nix15
-rw-r--r--pkgs/development/libraries/openexr/default.nix1
-rw-r--r--pkgs/development/libraries/openldap/default.nix2
-rw-r--r--pkgs/development/libraries/openssl/default.nix3
-rw-r--r--pkgs/development/libraries/p11-kit/default.nix2
-rw-r--r--pkgs/development/libraries/pcre2/default.nix2
-rw-r--r--pkgs/development/libraries/phonon/backends/vlc.nix4
-rw-r--r--pkgs/development/libraries/poppler/default.nix4
-rw-r--r--pkgs/development/libraries/popt/default.nix6
-rw-r--r--pkgs/development/libraries/qt-4.x/4.8/default.nix2
-rw-r--r--pkgs/development/libraries/qt-5/5.10/default.nix4
-rw-r--r--pkgs/development/libraries/qt-5/5.10/restore-pc-files.patch27
-rw-r--r--pkgs/development/libraries/qt-5/mkDerivation.nix3
-rw-r--r--pkgs/development/libraries/spice-gtk/default.nix2
-rw-r--r--pkgs/development/libraries/sqlcipher/default.nix2
-rw-r--r--pkgs/development/libraries/tk/8.5.nix1
-rw-r--r--pkgs/development/libraries/tk/8.6.nix1
-rw-r--r--pkgs/development/libraries/tk/generic.nix2
-rw-r--r--pkgs/development/libraries/wayland/default.nix4
-rw-r--r--pkgs/development/libraries/wayland/protocols.nix4
-rw-r--r--pkgs/development/libraries/x265/default.nix4
-rw-r--r--pkgs/development/libraries/zeromq/3.x.nix2
-rw-r--r--pkgs/development/libraries/zeromq/4.x.nix2
-rw-r--r--pkgs/development/python-modules/Cython/default.nix4
-rw-r--r--pkgs/development/python-modules/Nikola/default.nix4
-rw-r--r--pkgs/development/python-modules/XlsxWriter/default.nix4
-rw-r--r--pkgs/development/python-modules/aenum/default.nix4
-rw-r--r--pkgs/development/python-modules/aiohttp/default.nix4
-rw-r--r--pkgs/development/python-modules/astral/default.nix4
-rw-r--r--pkgs/development/python-modules/astropy/default.nix4
-rw-r--r--pkgs/development/python-modules/bayespy/default.nix4
-rw-r--r--pkgs/development/python-modules/bootstrapped-pip/default.nix20
-rw-r--r--pkgs/development/python-modules/buildout-nix/default.nix4
-rw-r--r--pkgs/development/python-modules/buildout/default.nix4
-rw-r--r--pkgs/development/python-modules/cmarkgfm/default.nix4
-rw-r--r--pkgs/development/python-modules/colorlog/default.nix4
-rw-r--r--pkgs/development/python-modules/confluent-kafka/default.nix4
-rw-r--r--pkgs/development/python-modules/dask/default.nix4
-rw-r--r--pkgs/development/python-modules/deprecation/default.nix25
-rw-r--r--pkgs/development/python-modules/devpi-common/default.nix4
-rw-r--r--pkgs/development/python-modules/django-ipware/default.nix4
-rw-r--r--pkgs/development/python-modules/django/2_0.nix4
-rw-r--r--pkgs/development/python-modules/docker-pycreds/default.nix4
-rw-r--r--pkgs/development/python-modules/docker/default.nix4
-rw-r--r--pkgs/development/python-modules/faker/default.nix4
-rw-r--r--pkgs/development/python-modules/fastimport/default.nix4
-rw-r--r--pkgs/development/python-modules/fiona/default.nix4
-rw-r--r--pkgs/development/python-modules/flake8-future-import/default.nix17
-rw-r--r--pkgs/development/python-modules/flask-cors/default.nix4
-rw-r--r--pkgs/development/python-modules/flask/default.nix4
-rw-r--r--pkgs/development/python-modules/google-api-python-client/default.nix4
-rw-r--r--pkgs/development/python-modules/google_api_core/default.nix4
-rw-r--r--pkgs/development/python-modules/hdbscan/default.nix4
-rw-r--r--pkgs/development/python-modules/ipywidgets/default.nix4
-rw-r--r--pkgs/development/python-modules/jira/default.nix4
-rw-r--r--pkgs/development/python-modules/jug/default.nix4
-rw-r--r--pkgs/development/python-modules/keras/default.nix9
-rw-r--r--pkgs/development/python-modules/keyring/default.nix4
-rw-r--r--pkgs/development/python-modules/llfuse/default.nix4
-rw-r--r--pkgs/development/python-modules/marisa-trie/default.nix4
-rw-r--r--pkgs/development/python-modules/marshmallow/default.nix4
-rw-r--r--pkgs/development/python-modules/moto/default.nix4
-rw-r--r--pkgs/development/python-modules/nipype/default.nix4
-rw-r--r--pkgs/development/python-modules/numexpr/default.nix4
-rw-r--r--pkgs/development/python-modules/numpy/default.nix9
-rw-r--r--pkgs/development/python-modules/onkyo-eiscp/default.nix4
-rw-r--r--pkgs/development/python-modules/openpyxl/default.nix4
-rw-r--r--pkgs/development/python-modules/pathlib2/default.nix4
-rw-r--r--pkgs/development/python-modules/pbr/default.nix4
-rw-r--r--pkgs/development/python-modules/pip-tools/default.nix6
-rw-r--r--pkgs/development/python-modules/pip/default.nix6
-rw-r--r--pkgs/development/python-modules/pretend/default.nix4
-rw-r--r--pkgs/development/python-modules/psutil/default.nix4
-rw-r--r--pkgs/development/python-modules/pyblake2/default.nix4
-rw-r--r--pkgs/development/python-modules/pycairo/default.nix21
-rw-r--r--pkgs/development/python-modules/pygit2/default.nix4
-rw-r--r--pkgs/development/python-modules/pyglet/default.nix4
-rw-r--r--pkgs/development/python-modules/pypcap/default.nix4
-rw-r--r--pkgs/development/python-modules/pytest/default.nix4
-rw-r--r--pkgs/development/python-modules/qtpy/default.nix4
-rw-r--r--pkgs/development/python-modules/robotframework/default.nix4
-rw-r--r--pkgs/development/python-modules/rpy2/default.nix4
-rw-r--r--pkgs/development/python-modules/s3fs/default.nix4
-rw-r--r--pkgs/development/python-modules/sphinx/default.nix4
-rw-r--r--pkgs/development/python-modules/sqlalchemy/default.nix4
-rw-r--r--pkgs/development/python-modules/sqlmap/default.nix4
-rw-r--r--pkgs/development/python-modules/tables/default.nix4
-rw-r--r--pkgs/development/python-modules/testfixtures/default.nix4
-rw-r--r--pkgs/development/python-modules/textacy/default.nix4
-rw-r--r--pkgs/development/python-modules/transitions/default.nix4
-rw-r--r--pkgs/development/python-modules/tweepy/default.nix28
-rw-r--r--pkgs/development/python-modules/widgetsnbextension/default.nix4
-rw-r--r--pkgs/development/python-modules/xarray/default.nix4
-rw-r--r--pkgs/development/python-modules/zetup/default.nix4
-rw-r--r--pkgs/development/python-modules/zxcvbn-python/default.nix4
-rw-r--r--pkgs/development/ruby-modules/bundler/default.nix4
-rw-r--r--pkgs/development/tools/analysis/valgrind/default.nix2
-rw-r--r--pkgs/development/tools/build-managers/cmake/default.nix1
-rw-r--r--pkgs/development/tools/build-managers/conan/default.nix14
-rw-r--r--pkgs/development/tools/dcadec/default.nix4
-rw-r--r--pkgs/development/tools/documentation/doxygen/default.nix1
-rw-r--r--pkgs/development/tools/documentation/gtk-doc/default.nix3
-rw-r--r--pkgs/development/tools/go2nix/default.nix2
-rw-r--r--pkgs/development/tools/govers/default.nix5
-rw-r--r--pkgs/development/tools/misc/autoconf/2.64.nix10
-rw-r--r--pkgs/development/tools/misc/autoconf/default.nix10
-rw-r--r--pkgs/development/tools/misc/binutils/default.nix4
-rw-r--r--pkgs/development/tools/misc/itstool/default.nix4
-rw-r--r--pkgs/development/tools/misc/libtool/libtool2.nix1
-rw-r--r--pkgs/development/tools/misc/pkgconfig/default.nix2
-rw-r--r--pkgs/development/tools/misc/texinfo/4.13a.nix33
-rw-r--r--pkgs/development/tools/misc/texinfo/5.2.nix56
-rw-r--r--pkgs/development/tools/misc/texinfo/6.5.nix58
-rw-r--r--pkgs/development/tools/misc/texinfo/common.nix64
-rw-r--r--pkgs/development/tools/parsing/bison/3.x.nix3
-rw-r--r--pkgs/development/tools/vagrant/Gemfile2
-rw-r--r--pkgs/development/tools/vagrant/Gemfile.lock73
-rw-r--r--pkgs/development/tools/vagrant/default.nix25
-rw-r--r--pkgs/development/tools/vagrant/gemset.nix175
-rw-r--r--pkgs/development/web/nodejs/v10.nix11
-rw-r--r--pkgs/misc/cups/filters.nix1
-rw-r--r--pkgs/misc/emulators/wine/winetricks.nix2
-rw-r--r--pkgs/os-specific/bsd/netbsd/compat-setup-hook.sh22
-rw-r--r--pkgs/os-specific/bsd/netbsd/default.nix10
-rw-r--r--pkgs/os-specific/bsd/netbsd/fts-setup-hook.sh18
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/CarbonHeaders/default.nix2
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/CommonCrypto/default.nix2
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/ICU/default.nix1
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/Libc/825_40_1.nix2
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/Libc/default.nix2
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/Libinfo/default.nix2
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/Libm/default.nix4
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/Libnotify/default.nix2
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/Librpcsvc/default.nix2
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/Libsystem/default.nix1
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/architecture/default.nix14
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/copyfile/default.nix5
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/dyld/default.nix2
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/eap8021x/default.nix5
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/launchd/default.nix4
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/libclosure/default.nix4
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/libdispatch/default.nix4
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/libiconv/default.nix10
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/libplatform/default.nix2
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/libpthread/default.nix2
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/libresolv/default.nix2
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/libutil/default.nix2
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/ppp/default.nix3
-rw-r--r--pkgs/os-specific/darwin/apple-source-releases/removefile/default.nix4
-rw-r--r--pkgs/os-specific/darwin/cctools/port.nix10
-rw-r--r--pkgs/os-specific/darwin/xcode/default.nix1
-rw-r--r--pkgs/os-specific/linux/apparmor/default.nix24
-rw-r--r--pkgs/os-specific/linux/busybox/default.nix2
-rw-r--r--pkgs/os-specific/linux/hwdata/default.nix2
-rw-r--r--pkgs/os-specific/linux/kernel/perf.nix3
-rw-r--r--pkgs/os-specific/linux/kexectools/default.nix4
-rw-r--r--pkgs/os-specific/linux/libcap-ng/default.nix4
-rw-r--r--pkgs/os-specific/linux/libnl/default.nix2
-rw-r--r--pkgs/os-specific/linux/lvm2/default.nix2
-rw-r--r--pkgs/os-specific/linux/mmc-utils/default.nix2
-rw-r--r--pkgs/os-specific/linux/musl/fts-setup-hook.sh19
-rw-r--r--pkgs/os-specific/linux/musl/fts.nix5
-rw-r--r--pkgs/os-specific/linux/net-tools/default.nix2
-rw-r--r--pkgs/os-specific/linux/nfs-utils/default.nix14
-rw-r--r--pkgs/os-specific/linux/pam/default.nix13
-rw-r--r--pkgs/os-specific/linux/procps-ng/default.nix35
-rw-r--r--pkgs/os-specific/linux/systemd/default.nix14
-rw-r--r--pkgs/os-specific/linux/tcp-wrappers/cdecls.patch31
-rw-r--r--pkgs/os-specific/linux/tcp-wrappers/default.nix13
-rw-r--r--pkgs/os-specific/linux/tcp-wrappers/tcp-wrappers-7.6-headers.patch295
-rw-r--r--pkgs/os-specific/linux/udisks/2-default.nix2
-rw-r--r--pkgs/os-specific/linux/upower/default.nix2
-rw-r--r--pkgs/os-specific/linux/util-linux/default.nix6
-rw-r--r--pkgs/os-specific/linux/v4l-utils/default.nix4
-rw-r--r--pkgs/servers/amqp/rabbitmq-server/default.nix10
-rw-r--r--pkgs/servers/dns/bind/default.nix2
-rw-r--r--pkgs/servers/monitoring/net-snmp/default.nix1
-rw-r--r--pkgs/servers/sql/mariadb/default.nix4
-rw-r--r--pkgs/servers/sql/postgresql/default.nix2
-rw-r--r--pkgs/servers/x11/xorg/default.nix6
-rw-r--r--pkgs/servers/x11/xorg/overrides.nix4
-rw-r--r--pkgs/shells/bash/4.4.nix53
-rw-r--r--pkgs/shells/bash/cygwin-bash-4.4.11-2.src.patch76
-rw-r--r--pkgs/stdenv/generic/make-derivation.nix84
-rw-r--r--pkgs/stdenv/generic/setup.sh169
-rw-r--r--pkgs/stdenv/linux/default.nix10
-rw-r--r--pkgs/tools/archivers/gnutar/default.nix3
-rw-r--r--pkgs/tools/compression/brotli/default.nix4
-rw-r--r--pkgs/tools/compression/gzip/default.nix2
-rw-r--r--pkgs/tools/compression/xz/default.nix4
-rw-r--r--pkgs/tools/filesystems/curlftpfs/default.nix2
-rw-r--r--pkgs/tools/graphics/graphviz/base.nix7
-rw-r--r--pkgs/tools/inputmethods/ibus/default.nix1
-rw-r--r--pkgs/tools/misc/bogofilter/default.nix2
-rw-r--r--pkgs/tools/misc/ethtool/default.nix4
-rw-r--r--pkgs/tools/misc/file/default.nix4
-rw-r--r--pkgs/tools/misc/fontforge/default.nix4
-rw-r--r--pkgs/tools/misc/parallel/default.nix4
-rw-r--r--pkgs/tools/networking/atftp/default.nix2
-rw-r--r--pkgs/tools/networking/curl/default.nix6
-rw-r--r--pkgs/tools/networking/dhcp/default.nix4
-rw-r--r--pkgs/tools/networking/maildrop/default.nix2
-rw-r--r--pkgs/tools/networking/network-manager/default.nix2
-rw-r--r--pkgs/tools/networking/tcpdump/default.nix12
-rw-r--r--pkgs/tools/networking/telnet/default.nix2
-rw-r--r--pkgs/tools/networking/unbound/default.nix4
-rw-r--r--pkgs/tools/security/gnupg/22.nix4
-rw-r--r--pkgs/tools/security/nmap/default.nix2
-rw-r--r--pkgs/tools/security/rhash/default.nix2
-rw-r--r--pkgs/tools/security/rng-tools/default.nix3
-rw-r--r--pkgs/tools/security/sudo/default.nix2
-rw-r--r--pkgs/tools/system/at/default.nix15
-rw-r--r--pkgs/tools/system/runit/default.nix8
-rw-r--r--pkgs/tools/system/runit/fix-ar-ranlib.patch18
-rw-r--r--pkgs/tools/text/gnupatch/CVE-2018-6951.patch28
-rw-r--r--pkgs/tools/text/gnupatch/default.nix5
-rw-r--r--pkgs/tools/text/gnused/default.nix4
-rw-r--r--pkgs/tools/text/groff/default.nix13
-rw-r--r--pkgs/tools/text/patchutils/default.nix2
-rw-r--r--pkgs/tools/text/sgml/opensp/default.nix2
-rw-r--r--pkgs/tools/typesetting/docbook2x/default.nix14
-rw-r--r--pkgs/tools/typesetting/tex/texlive/bin.nix2
-rw-r--r--pkgs/top-level/aliases.nix128
-rw-r--r--pkgs/top-level/all-packages.nix537
-rw-r--r--pkgs/top-level/lua-packages.nix2
-rw-r--r--pkgs/top-level/perl-packages.nix4
-rw-r--r--pkgs/top-level/python-packages.nix22
-rw-r--r--pkgs/top-level/release.nix4
-rw-r--r--pkgs/top-level/stage.nix3
-rw-r--r--pkgs/top-level/unix-tools.nix13
422 files changed, 3299 insertions, 2864 deletions
diff --git a/doc/stdenv.xml b/doc/stdenv.xml
index d5028c51cd5..78fa1d209b5 100644
--- a/doc/stdenv.xml
+++ b/doc/stdenv.xml
@@ -1164,6 +1164,14 @@ passthru = {
      </listitem>
     </varlistentry>
     <varlistentry>
+      <term><varname>checkInputs</varname>
+      </term>
+      <listitem><para>
+        A list of dependencies used by the phase. This gets included in
+        <varname>buildInputs</varname> when <varname>doCheck</varname> is set.
+      </para></listitem>
+    </varlistentry>
+    <varlistentry>
      <term><varname>makeFlags</varname>
      </term>
      <listitem>
@@ -1647,6 +1655,15 @@ set debug-file-directory ~/.nix-profile/lib/debug
      </listitem>
     </varlistentry>
     <varlistentry>
+      <term><varname>installCheckInputs</varname>
+      </term>
+      <listitem><para>
+        A list of dependencies used by the phase. This gets included in
+        <varname>buildInputs</varname> when <varname>doInstallCheck</varname>
+        is set.
+      </para></listitem>
+    </varlistentry>
+    <varlistentry>
      <term><varname>preInstallCheck</varname>
      </term>
      <listitem>
diff --git a/lib/systems/for-meta.nix b/lib/systems/for-meta.nix
index 9e85cea3ad1..4ecd9ffc6ac 100644
--- a/lib/systems/for-meta.nix
+++ b/lib/systems/for-meta.nix
@@ -19,7 +19,11 @@ in rec {
   darwin  = [ patterns.isDarwin ];
   freebsd = [ patterns.isFreeBSD ];
   # Should be better, but MinGW is unclear, and HURD is bit-rotted.
-  gnu     = [ { kernel = parse.kernels.linux; abi = parse.abis.gnu; } ];
+  gnu     = [
+    { kernel = parse.kernels.linux; abi = parse.abis.gnu; }
+    { kernel = parse.kernels.linux; abi = parse.abis.gnueabi; }
+    { kernel = parse.kernels.linux; abi = parse.abis.gnueabihf; }
+  ];
   illumos = [ patterns.isSunOS ];
   linux   = [ patterns.isLinux ];
   netbsd  = [ patterns.isNetBSD ];
diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix
index 277ae9e292c..6aa6d9b271f 100644
--- a/nixos/modules/services/misc/nix-daemon.nix
+++ b/nixos/modules/services/misc/nix-daemon.nix
@@ -33,7 +33,7 @@ let
       sh = pkgs.runtimeShell;
       binshDeps = pkgs.writeReferencesToFile sh;
     in
-      pkgs.runCommand "nix.conf" { extraOptions = cfg.extraOptions; } ''
+      pkgs.runCommand "nix.conf" { extraOptions = cfg.extraOptions; } (''
         ${optionalString (!isNix20) ''
           extraPaths=$(for i in $(cat ${binshDeps}); do if test -d $i; then echo $i; fi; done)
         ''}
@@ -62,7 +62,11 @@ let
         ''}
         $extraOptions
         END
-      '';
+      '' + optionalString cfg.checkConfig ''
+        echo "Checking that Nix can read nix.conf..."
+        ln -s $out ./nix.conf
+        NIX_CONF_DIR=$PWD ${cfg.package}/bin/nix show-config >/dev/null
+      '');
 
 in
 
@@ -351,6 +355,13 @@ in
         '';
       };
 
+      checkConfig = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          If enabled (the default), checks that Nix can parse the generated nix.conf.
+        '';
+      };
     };
 
   };
diff --git a/nixos/release.nix b/nixos/release.nix
index 57fc245e57d..66bd312f443 100644
--- a/nixos/release.nix
+++ b/nixos/release.nix
@@ -286,6 +286,7 @@ in rec {
   tests.firefox = callTest tests/firefox.nix {};
   tests.firewall = callTest tests/firewall.nix {};
   tests.fwupd = callTest tests/fwupd.nix {};
+  tests.gdk-pixbuf = callTest tests/gdk-pixbuf.nix {};
   #tests.gitlab = callTest tests/gitlab.nix {};
   tests.gitolite = callTest tests/gitolite.nix {};
   tests.gjs = callTest tests/gjs.nix {};
diff --git a/nixos/tests/gdk-pixbuf.nix b/nixos/tests/gdk-pixbuf.nix
new file mode 100644
index 00000000000..b20f61b5ffe
--- /dev/null
+++ b/nixos/tests/gdk-pixbuf.nix
@@ -0,0 +1,19 @@
+# run installed tests
+import ./make-test.nix ({ pkgs, ... }: {
+  name = "gdk-pixbuf";
+
+  meta = {
+    maintainers = pkgs.gdk_pixbuf.meta.maintainers;
+  };
+
+  machine = { pkgs, ... }: {
+    environment.systemPackages = with pkgs; [ gnome-desktop-testing ];
+    environment.variables.XDG_DATA_DIRS = [ "${pkgs.gdk_pixbuf.installedTests}/share" ];
+
+    virtualisation.memorySize = 4096; # Tests allocate a lot of memory trying to exploit a CVE
+  };
+
+  testScript = ''
+    $machine->succeed("gnome-desktop-testing-runner");
+  '';
+})
diff --git a/pkgs/applications/altcoins/bitcoin.nix b/pkgs/applications/altcoins/bitcoin.nix
index 0acd616eeaf..30bbcb2c839 100644
--- a/pkgs/applications/altcoins/bitcoin.nix
+++ b/pkgs/applications/altcoins/bitcoin.nix
@@ -25,6 +25,10 @@ stdenv.mkDerivation rec{
                                             "--with-qt-bindir=${qtbase.dev}/bin:${qttools.dev}/bin"
                                           ];
 
+  # Fails with "This application failed to start because it could not
+  # find or load the Qt platform plugin "minimal""
+  doCheck = false;
+
   meta = {
     description = "Peer-to-peer electronic cash system";
     longDescription= ''
diff --git a/pkgs/applications/audio/easytag/default.nix b/pkgs/applications/audio/easytag/default.nix
index e3263c944f4..f3bcff7a2c5 100644
--- a/pkgs/applications/audio/easytag/default.nix
+++ b/pkgs/applications/audio/easytag/default.nix
@@ -22,6 +22,8 @@ in stdenv.mkDerivation rec {
     gsettings-desktop-schemas gnome3.defaultIconTheme
   ];
 
+  doCheck = false; # fails 1 out of 9 tests
+
   passthru = {
     updateScript = gnome3.updateScript {
       packageName = pname;
diff --git a/pkgs/applications/graphics/ImageMagick/default.nix b/pkgs/applications/graphics/ImageMagick/default.nix
index 4bbc34bb7bb..4b8d2ab291b 100644
--- a/pkgs/applications/graphics/ImageMagick/default.nix
+++ b/pkgs/applications/graphics/ImageMagick/default.nix
@@ -78,6 +78,8 @@ stdenv.mkDerivation rec {
       [ libX11 libXext libXt libwebp ]
     ;
 
+  doCheck = false; # fails 6 out of 76 tests
+
   postInstall = ''
     (cd "$dev/include" && ln -s ImageMagick* ImageMagick)
     moveToOutput "bin/*-config" "$dev"
diff --git a/pkgs/applications/misc/audio/soxr/default.nix b/pkgs/applications/misc/audio/soxr/default.nix
index 12da125bb3e..7c4e6ff8c3d 100644
--- a/pkgs/applications/misc/audio/soxr/default.nix
+++ b/pkgs/applications/misc/audio/soxr/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, cmake }:
 
 stdenv.mkDerivation rec {
-  name = "soxr-0.1.2";
+  name = "soxr-0.1.3";
 
   src = fetchurl {
     url = "mirror://sourceforge/soxr/${name}-Source.tar.xz";
-    sha256 = "0xf2w3piwz9gfr1xqyrj4k685q5dy53kq3igv663i4f4y4sg9rjl";
+    sha256 = "12aql6svkplxq5fjycar18863hcq84c5kx8g6f4rj0lcvigw24di";
   };
 
   outputs = [ "out" "doc" ]; # headers are just two and very small
diff --git a/pkgs/applications/networking/browsers/firefox-bin/release_sources.nix b/pkgs/applications/networking/browsers/firefox-bin/release_sources.nix
index 3dd7d9e8e65..478728cf09e 100644
--- a/pkgs/applications/networking/browsers/firefox-bin/release_sources.nix
+++ b/pkgs/applications/networking/browsers/firefox-bin/release_sources.nix
@@ -1,975 +1,985 @@
 {
-  version = "59.0.2";
+  version = "60.0";
   sources = [
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/ach/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/ach/firefox-60.0.tar.bz2";
       locale = "ach";
       arch = "linux-x86_64";
-      sha512 = "6242d81b96456c52a25af82049ffae548f7b5e14e47e2e643cea94f338e10027270d67b13c27a4a77fddc378b1e0869b5a0f897b9b269fecbe1d55336dfa4718";
+      sha512 = "1e7d2419e488a14eed5af7f2aec9a0092f830cea256f69cf654b2bbf783b192ead4512538fe3b2566dd55061cccaced91a7aa54732fc0987a4b24f676b9cabd9";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/af/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/af/firefox-60.0.tar.bz2";
       locale = "af";
       arch = "linux-x86_64";
-      sha512 = "e2aa156326a38c4ac55b4ebcbcd460ce64d5e9abc210bd53d484cb97bded59bd73045fb7b3099ff3301f0262938ce8b4b90f5b0f807f73d9b7637a826a5055d9";
+      sha512 = "5714025668a2a9856571c743870f3401f0bfba66bb216936df7fbc977d9a935ae8b66fcb3042e45a934584a2571289fdac4f8fe8af2ec6a52c93d6fbf21484fd";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/an/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/an/firefox-60.0.tar.bz2";
       locale = "an";
       arch = "linux-x86_64";
-      sha512 = "2946fdb675ac86e32e91b3a6cf4c26d14a5c977f22a587315a1c5a03db69f84efcd5057d7bd7f8b37e7433f53d915e9e9e5ab0c9d35739ce82e1c3183b1c4d5e";
+      sha512 = "678a060be20453e11fa2e8dc92db8a510789082d026a768dfb6cb3ac6a77924a1f6a9cce4e8c83e19a4aa6702b1e7e0b17846c52d2de2719dc5f8141a95d1c47";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/ar/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/ar/firefox-60.0.tar.bz2";
       locale = "ar";
       arch = "linux-x86_64";
-      sha512 = "2d497f930358fdd36ae5e708bd73e151461497f8715b11efd5a2b6c23b71fbf985faeeb2bfa5cc2816982e81f27091705f849923cb724078764b50fa684374f4";
+      sha512 = "0c8e9cff9d7a349dfb18e3c5924efb068e1f9f145347b08feb158521b3ebf331ee01b035052ddb889d09b728745465fb6b7ba79c3608719c6f14a36e1da061c5";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/as/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/as/firefox-60.0.tar.bz2";
       locale = "as";
       arch = "linux-x86_64";
-      sha512 = "a1d51a99f8a5b47668c74414372d11120160f264762a3bfb988be2aaeb958ad5d3897472618a86a4a8422850c46f2895cf426fe9d064938c263bca96a9592eb4";
+      sha512 = "0ec81546fa30b6ff5fd8b66df5b97eff25b359ea0ff258cd24aeab63cc87ecec3deb5f4173d9da46efbf82f70a3fd1579aff819de4e299a464abe289e7c77890";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/ast/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/ast/firefox-60.0.tar.bz2";
       locale = "ast";
       arch = "linux-x86_64";
-      sha512 = "dcd450fb49cce376f27e8135f8c27400af1c2cf139120602c000091231703db2cac791c82de157c9335fb09050cd4e4ee6013da3068b1527dcd9e0aedda16c5d";
+      sha512 = "ca9eceb89df3d618756618d961be5115846c1c6426f7f145379c2a127c807ba17c4796e9a16395e6f2d05b5638366b7f0a77ca19a75f89bbdf6a2a2f93269c74";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/az/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/az/firefox-60.0.tar.bz2";
       locale = "az";
       arch = "linux-x86_64";
-      sha512 = "fb004315a6ad15cc9ccb6d3b36901c4c495ea21fe146df3869711fc7ae8fb625a109fc416079e85163e79524bb987b366b2d057cd0808d0dfc61f78910fbef96";
+      sha512 = "e99295b469fb85cba099424700267f875e7d4ad9c3e8398c7ed8bd4427a3d173feec957edec2847ade3735df77a7313ca99a98b66b67c158b33bd17e39fe98df";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/be/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/be/firefox-60.0.tar.bz2";
       locale = "be";
       arch = "linux-x86_64";
-      sha512 = "ba51003823e74734726f655cfd20fe968ebe5feacd0c985f7c8b2cf9766d7b68fe74dafc8baa0605b8fb46b22312a593218c5a57fdfabddea6a51491de74cc13";
+      sha512 = "ce80aa81c5b04da5f0f89d9e527b8e1d7ebc287ddb05d2ecc08994c0e31ea8860b68316af5e00f59e1ba85a4abb29e1e9403cedde40faa294af6b130be2a4ef1";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/bg/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/bg/firefox-60.0.tar.bz2";
       locale = "bg";
       arch = "linux-x86_64";
-      sha512 = "f9df1a70c569f853b94c912d8cdbc7cf98a57eda9d461777f9f94c776f4db0a70b6093478ae1e7c87e80f37cfc5a39af3d2b37897ca60496f0d00ac9b45c1713";
+      sha512 = "5a5f0fa8745c9c649dc26e8d235729bcdcbc397c4deb56bc0d8bff954ec64c2acd9f4d9fbeab9b0484d3fe91ed3717f8e37d5602f139fb5bc4fb22d0a372b926";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/bn-BD/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/bn-BD/firefox-60.0.tar.bz2";
       locale = "bn-BD";
       arch = "linux-x86_64";
-      sha512 = "85758a1ac327b067a59358d3faa0663244a24a4769ac0dfe03bf9dddd5a680503ea4bc9313294d9771bc7e4f3341904c68e0059d912b563aba8061dd0b6cc793";
+      sha512 = "62989d16accef0717ec9360d66cd169d89847701cab64f06fae6290b9be6d67acb0dd6c5d7f0e0c79107301512f57b44da04ce66096232291c5947a903e446e7";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/bn-IN/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/bn-IN/firefox-60.0.tar.bz2";
       locale = "bn-IN";
       arch = "linux-x86_64";
-      sha512 = "895d63b62be42947e955ce426e03f7f8cbf8333d77fd3ff4ca6623db18cc740fb1ea6c41aefbc75aa79d60fca2f00b75f1b2e6b5b0bb1ddcec61f9c0772dedfb";
+      sha512 = "fd75cfe4d3e9e7534d4b99452c05e4ee8bb45ddeb0b6cbac979b65db0a783f342b346204428c9b0787ab4e1bcccf4d4f056f4043a906dee41e7753ab8e53fc9a";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/br/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/br/firefox-60.0.tar.bz2";
       locale = "br";
       arch = "linux-x86_64";
-      sha512 = "e62f445437a07f9fa070335328064355715d2e5ef81e5572f04a8644f47dd1c8cf8a3a7ac6fa88038c4e996229ab695e692aa1c0b0b3becf214579aaa76a5569";
+      sha512 = "5c17a47e0fcc7231e6d1a9fb632f5f55c6dcb4dbfdf02ca6607ddcc54db3e198d563b0247fd4e95226ca29dfda25bf092e1b427d1b532b6544c2f2c5c498ee02";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/bs/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/bs/firefox-60.0.tar.bz2";
       locale = "bs";
       arch = "linux-x86_64";
-      sha512 = "d3adea6061daa0fd54d5cd7d9d8a00f8b88db8ed36545f9fcaee7520c1cfe58534d1fb57e8297fdc8b4f348bd6c728891f6a88f1d4d36f59a7f2ffbe0e4eb229";
+      sha512 = "290f57558d2d0b6abee4e6220047e0e6082f328bf3c1c7ba02474d7885ad3bbe77ead7875ec2726ae5ab4db25bf9659147c5abe9fea771a54acd4a9cefa18c8a";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/ca/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/ca/firefox-60.0.tar.bz2";
       locale = "ca";
       arch = "linux-x86_64";
-      sha512 = "5bab1fe909680ff6eacf8fadc9aba7786d801379a2e79e5da04e973a3a218de8807c3d08f7641be554fd49c592028949e30b262fcda52413303d9044e161a60e";
+      sha512 = "cfd5654a3ac3a50885621bc4be9918f5e71dd8150e4fe4e54acf35685a42ea82d6115e8a50593866e186860c7d5de5408c5a0e7325050b1bc39d6964e828a3e7";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/cak/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/cak/firefox-60.0.tar.bz2";
       locale = "cak";
       arch = "linux-x86_64";
-      sha512 = "f54a09501c7311890542d91b0ec96dfa5cb634685af4ef0fcc69e633157183f0c5ef906a205fadba6e132c9ee657f7161879a83ea382bbe400694e92c065de64";
+      sha512 = "479d713253b99a19c6ec305e7986062b3a1ee476afb8968dfa2f57c52f22b734df82661bf487ad1fe7e706dfb581a99b247ea4128e89c9105b719b96f37e1cc2";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/cs/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/cs/firefox-60.0.tar.bz2";
       locale = "cs";
       arch = "linux-x86_64";
-      sha512 = "28f17b2ef72356a058976da30960af1c8d4f2a02a946aec57b3671d71887573a98375eecca4a2f0f21b37bcbe0dd189ce4ee17ccb9af8fc60d63e9bd20ca44b6";
+      sha512 = "5139f4a2820ee921bd3c02acca7f57c5c2cc510c0e364129ecc07f17843cf92c565770fd0829515bfae94f96f6c9c68e8eb05c87fe5800da0be64f2400bf876a";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/cy/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/cy/firefox-60.0.tar.bz2";
       locale = "cy";
       arch = "linux-x86_64";
-      sha512 = "36c8a1ac125a55db15d0bf7c8d8fed1ca3b0031a9421437b683adf7691fca281a499af6812cccd608e65bbcda3e1e94469b16ead2a9093708c8c2daf4ea7d588";
+      sha512 = "d26fa97dae91eaaf0b09a580880ff0bb70f67c473cd8dd804d835823ac6cd97306b0bfab9b8fabd45b35330ddbef72e779dd09b47580b0347d4d857dd04182e5";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/da/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/da/firefox-60.0.tar.bz2";
       locale = "da";
       arch = "linux-x86_64";
-      sha512 = "fd8c669362fcf945b6280d103d1b9524741993db8d38b78e494ae14106309999d09f4b13d55b8521612cac9e5dad622ef361fa16f197389405ff620b3eeac467";
+      sha512 = "66a187b067f2e71f8ef43e3eed3eb12d02b407a230692e653111407c2dec82dce552eb5f9716733b0b3112d2d07ba6d917e4166e9bdac030dc0569a8630b566e";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/de/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/de/firefox-60.0.tar.bz2";
       locale = "de";
       arch = "linux-x86_64";
-      sha512 = "32cbc3d054628a11959ccc7b553fdcf98f863a86373307bf8f558a78482de0161e533b71cbfc03142b0ac7aded506e53e821213e42c574d28132fd2f98a753e4";
+      sha512 = "aab4cfcf1c47d99c01cc93b0e26babecb4619b67df65a2400259249a870aa765152b7e4be625a9708e3e44b90f5a20b77f282b6939f2d092cc0bd180d8167c0d";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/dsb/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/dsb/firefox-60.0.tar.bz2";
       locale = "dsb";
       arch = "linux-x86_64";
-      sha512 = "4e7c2f6b980dd4872850f7dfcc068c7e40a8bc896e27ede759029bf0324e1189e605ffdd2291d2e6a4a0c61e56bff6cd760b77e232209127e9a90a38b012e4fb";
+      sha512 = "8726bd887b610e74b8b7073b8e797a98e009150594f2dd5e0f301f375b7bd6af02b5c8915c444145fadc6ae3e77f494a6c39632858d172b6324a2e4c84c0d6f0";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/el/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/el/firefox-60.0.tar.bz2";
       locale = "el";
       arch = "linux-x86_64";
-      sha512 = "ecf743c23ef70e92e1f7ddfd2f1862b5b60b446f0e1020778a79ec11af94ce5f03ffea9b0b7048a7ee0861602d5c32f4f4bc8cd4b7171ae306987e1ca9993ddf";
+      sha512 = "f67a778f0aa15bac7450a210287f8e1e29cb9f4abc0f9e3c037d15a0f9341cdfff80b38a936724e5d18b5ceb373233fd8d038579e3a044c177887e05f5834310";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/en-GB/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/en-GB/firefox-60.0.tar.bz2";
       locale = "en-GB";
       arch = "linux-x86_64";
-      sha512 = "ddec1dfcf976f93d1eb310ccacd9e04dac8e0b075d37b54be1402531d12c11ee9dce2be7d0bfa92c9b654192c71781fd2631cad24c8153275e786552b9ab11e6";
+      sha512 = "fecd277c434cf3d4509371a5abf09fad81aba3fc7807470fcb91975939fef0d1384a97c4322411a787bb3fb27e3b043f9dd3ac182e41d35ea59824d109ff483e";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/en-US/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/en-US/firefox-60.0.tar.bz2";
       locale = "en-US";
       arch = "linux-x86_64";
-      sha512 = "3257084102282621f15207af04e6dcbb98887b13a8be911069572c151d8ad96f90e7c083e571b4ecd4d4d4ff3bfeee1dc539042d8e5bc6a0fbd7f36c427da402";
+      sha512 = "263b6e827b8e6f8757c82a2ca24f78bd649ee07254cfde454e6d6ed879cfe816ed61c94aab3c10f3d63a38f83f391bf66bc578ae958343327298801fc30eaf3f";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/en-ZA/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/en-ZA/firefox-60.0.tar.bz2";
       locale = "en-ZA";
       arch = "linux-x86_64";
-      sha512 = "35d2f29daddfb6ba439b160644869bf806ce7a2e36c26d4dc9ef2ff2eb5079e0bda9095edd727fca9c64c3be5a5646e56892bd7ff76b2c67300c1ec7f074d98f";
+      sha512 = "6ffa936e9f5e495309ff535fa9775200f8110bc0162d97f8d8bd00cbf3606c47b88b566114224f882a323c6e9538150ef79e1340e1e1eead8ddaf030b4ffb3fe";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/eo/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/eo/firefox-60.0.tar.bz2";
       locale = "eo";
       arch = "linux-x86_64";
-      sha512 = "867ac54d47f2266ad357d1666c9206c00e45d7184f6b3a0199c2474b63829ad1d41e95491d2c977885e878d36e2d7e93d215c53e629886e7cb04abc198a06e42";
+      sha512 = "f65bf2b40299c5260cb857c781445c9213dea8a49751d6701f43f6dd11fccec206b5850d54e96a4eba544d59b6a470f21b3e15b60116615c343d78726e7402f4";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/es-AR/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/es-AR/firefox-60.0.tar.bz2";
       locale = "es-AR";
       arch = "linux-x86_64";
-      sha512 = "3d577099cb28dd4c4d1349141a715783215510d015f7b2b02739d530222ece5229ab3e6cfe481be4e9d1d17c40aaacac10af9d9c2be37f7956620924e56c87e8";
+      sha512 = "50a912c5d4cb1e73bbe5b4c6cd8a112cf88377ca78cb45a073bfe74b4b5618a39fe088c908e278eedaf50308e70e63d38c06343c4d60fdfc346684ce7042a5ef";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/es-CL/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/es-CL/firefox-60.0.tar.bz2";
       locale = "es-CL";
       arch = "linux-x86_64";
-      sha512 = "821738beffdb260b6b3d8b5c3a1395b6b7d58db6b05a744899c0eb83a291855152f5055c3ca6d9a460bd032d5e72829198cb72dedfcf6614aafe1d7b8189dc26";
+      sha512 = "b12f0fca0d307b280ec2a44f9dceed0073b0b9e898e05a55fdfd15623e022eac7b937e6b4ce470c7892e9ed429fd98a4d09141a5e1141fe05e3b21ab838a21d2";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/es-ES/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/es-ES/firefox-60.0.tar.bz2";
       locale = "es-ES";
       arch = "linux-x86_64";
-      sha512 = "10ae818fd27acc38a5386d06cd7d890d4eaa44407fe6334b81cdbe3f43ded90be72e749f075e165105e9a6f02e08014aabd7cd783860d6790b67eb2889718e5d";
+      sha512 = "492aed6ef8fa3e51ad1604cf858dd1223ccc8a949b3cef4ec37be1596640421b057f50d3ad1827fe139230013ba4c040466682e61ebee59e7b6c168f35a14b1d";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/es-MX/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/es-MX/firefox-60.0.tar.bz2";
       locale = "es-MX";
       arch = "linux-x86_64";
-      sha512 = "239d3c287eeface29994c8c2bb9bacd739d638cb277e18e57dc729e35cc0c11f6c7168673c110206f3e931c850bfebaf1a26d4f690d8f3ff6f85a61147522941";
+      sha512 = "8f12520b74b0899c58f29217f9ecc6223635b627ddf525e3d36b7a0616ad2ea39e239bdb3cf3e0570ba4be03ebd93a2aa2739cb7cbfb851e84d2549970fd0bec";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/et/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/et/firefox-60.0.tar.bz2";
       locale = "et";
       arch = "linux-x86_64";
-      sha512 = "824b63c3c596191f1f1c60734bbed70058cb9bf71959dbba759a2b2e75a76d0b0c50ead203c093d568a18bb622372ae112ac22da0a33e4cfe89e5a42d7329b04";
+      sha512 = "c24e822fbd147ae85a8f02dcbb070764c31b96056a07b2b344f85641517e1e8fa78fff860bc7e951675f9ba30616dcb567e279db93638f241a75632f7fd97b9f";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/eu/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/eu/firefox-60.0.tar.bz2";
       locale = "eu";
       arch = "linux-x86_64";
-      sha512 = "01e0991d3a1926f41708353bd98e3aa00d3cc71dc7635b9cce52c3699aa5ee670818db76e9d82de4afce338165fa01bb0e88c3e8b86ab2d92d1b8d3845183510";
+      sha512 = "61ebe8e2e353419f7ed3ef8f944f4d8ae54d3c1c21ed7c1707212ac31e20c6f0607c00d0f3039e83c1aba832653f9c352b4976af4100b968045ad103862cee6c";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/fa/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/fa/firefox-60.0.tar.bz2";
       locale = "fa";
       arch = "linux-x86_64";
-      sha512 = "726100abc12832418c5cdc15b9e9083d88d72a70a0f6a1a567ce781173a554cc4495da0e53539185e6ec27143bae98e952a5002dea91fceaa5f8d8e51b6d6a2d";
+      sha512 = "d47f63bedfc12a2e14eab57eeca7f946513b3067ea84b7931237a32841c40e477dfb4f3979fdd617b6b43787631f97fa4e28f996038f3eac7c2be7c82f8edfaf";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/ff/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/ff/firefox-60.0.tar.bz2";
       locale = "ff";
       arch = "linux-x86_64";
-      sha512 = "1a0d97e27008ff5f3bf3fe85cb14c303320a3015cf928b2ea4c2e115a5a1cfd809743d801157f53d6ffdfcc359c3738f2e2a0e12e5ca7ac8e3f2b93253654e8f";
+      sha512 = "91fbab65d71da4416df7501ef392154844a6e5fafde529e9a9a42f01b44eb87ad248d83387b68fbda5b964b8d18b1b22b978dac8751cd73bf30c46d3cafda868";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/fi/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/fi/firefox-60.0.tar.bz2";
       locale = "fi";
       arch = "linux-x86_64";
-      sha512 = "ba0278c06463d0ef44308f46326a3fb9dfc0cc4243086dd9acb856e54465ad672bcfac68afd9ff81d08a1d0c924a044e0ac5afb299be9d06b657c159f6c8ceec";
+      sha512 = "483408626eaec192e753277b02de5c5bb68ca6056f35756fd7f80ff6c6ab3e6ff15f23d4cd5d1a28c8e662bc278ce7cb285513504663340451b912126e4d4fbe";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/fr/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/fr/firefox-60.0.tar.bz2";
       locale = "fr";
       arch = "linux-x86_64";
-      sha512 = "bd8ca7884937574f0d6b4dc5399771135778aef06bd09aac275ca11c2a8dff580be45ffbea5ceb58f8baa7d7007587aa07c3ddedd407f0852c1a3940e7ccfc8e";
+      sha512 = "adb7d295ba37c0cc7b51e312ffc3f60e8ee13106bacbb833086d160535504fa2f8f859ea3c1d30eb6a823ed9c2c6efc97bb691dde8cdcf991090e29e15d5c21b";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/fy-NL/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/fy-NL/firefox-60.0.tar.bz2";
       locale = "fy-NL";
       arch = "linux-x86_64";
-      sha512 = "9e5fa467a99cd7a9ab102eb2a50ef14a4402d03ad3dec5b6d511c7da3843e779b1492b1ba22cc72f83070ff88353ffdbf1a9d26636462c0e3bdaa6dccd6a6200";
+      sha512 = "ff44abaf4ec57162bdeb3197c3f75f312029934a8546018dab76aee8bab44cf2411c59d04a4dee9bebd618f26b466fd074f7533d839f1202e643d255e97e8015";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/ga-IE/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/ga-IE/firefox-60.0.tar.bz2";
       locale = "ga-IE";
       arch = "linux-x86_64";
-      sha512 = "1226faa2c14196824f31da863aca7d076972a47d71a971847c09c66d268d07a9aa2677fa0a7e8f11f149b77261636d62c39e7a382db3abb2917bbbac74330d45";
+      sha512 = "5d511a4dbc00b39199500b30c98ecd6bc009217644b82f58beed9fbb74699fdeca7cc31b59a046a7c56fa57c53c2aef7cc55232fedbca751b85347460c014d3b";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/gd/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/gd/firefox-60.0.tar.bz2";
       locale = "gd";
       arch = "linux-x86_64";
-      sha512 = "eb0dd803b7ba91574a044503d2edbf633e08c834f8eaa5e546975d91ac7254b3fd4357710fe4627d742a2ea3e64f568a5ef1a893363c516f958e4a153f528f12";
+      sha512 = "c7c893d0acb97541d9545a35c031aec967405113a4855d6833b5ade0418004fb8b6efab82abb551499c4b4f8a32010634b64a96e8c9b12f27b764dc50b33a23e";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/gl/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/gl/firefox-60.0.tar.bz2";
       locale = "gl";
       arch = "linux-x86_64";
-      sha512 = "e789fdf2452043165df90c83ce4bc0ca641366ffe5f89026bb763480973073d79c097313b744c3b2017be3d80f690d18459d1b8969538ce310b802163a2eec45";
+      sha512 = "aadd92086094860936f1c0436bab9742170533a1b233022313439c9aa968269835b2f63bf33226c1fc52bafbcbe1e00677e8f1e04579193c474600e5dc3d94c0";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/gn/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/gn/firefox-60.0.tar.bz2";
       locale = "gn";
       arch = "linux-x86_64";
-      sha512 = "c368f07013b7b4fcc74e88d68a07d5d0a1fb5133991fb343d5b1a86145108e14a762962f3a3d5c7188d8cd75188cba7f26bee5555d3a5e7cfb9741e2e11ed42a";
+      sha512 = "cf566c8adb01873712708f76bb976a92a3b729459639faabd22ab5515cf59951142af734c9eab7d67ec4eabf9590f1d7bab65787f70908dbc01aece73bf52277";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/gu-IN/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/gu-IN/firefox-60.0.tar.bz2";
       locale = "gu-IN";
       arch = "linux-x86_64";
-      sha512 = "34795309248224a31ef64cef9ff335f357505684f38edc06b9365dc0da98c5b96aa38f21e317e5f0cff0d3d3fa94ef7f8aea6c27f67501aeac68c3112b63cc43";
+      sha512 = "ecc4afe4acebf476fb0c4bd089679d8fdfb88c06769a75dc473ca3cefae09c01c8e71f88cf3c8130f4576eac17445032223f2713327ef6386fda6a2e3f588bbd";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/he/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/he/firefox-60.0.tar.bz2";
       locale = "he";
       arch = "linux-x86_64";
-      sha512 = "05e21abbec43babe818f28f2f12e55159e413b0e6e0871fee76f50c380085ea129620864642d3d26e80e039a50a8434015ed348c51341b6d87190c627b90bb82";
+      sha512 = "604048649305e7abe426b831c8b3fd0eb3cb26cabc7b055f85b7fcad8d0f9cb8bb06a431a28013ae8fd24ab4b21d8f8e68053dd7397a88546305f241adab476a";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/hi-IN/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/hi-IN/firefox-60.0.tar.bz2";
       locale = "hi-IN";
       arch = "linux-x86_64";
-      sha512 = "f6964340a688305ac3855efa57280e3b5eb64f22e11445d76fe28edbe04216318a16c1fd02009b8a66ccc2ec689d8e0bc374e485bc03e964dd5b65ad27e535e4";
+      sha512 = "1f1d56c762166cd8c099f636c610c361ca94d388bd4d627ddae6d94e4424074686b5fb6a3aae5562e9250dc82576bc52abac4e1b09386dc2f81799a1804bb7c9";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/hr/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/hr/firefox-60.0.tar.bz2";
       locale = "hr";
       arch = "linux-x86_64";
-      sha512 = "e0966ea4bfa256eb3a255eab7c89fc9073789512941311863199d96db4014f657acbd1e403a6a4dfc8165dc39d54fb1f9ef48790e942eadaf90f0cb7ffe15ef4";
+      sha512 = "f5968a481d92aa0b57ed6319e7bba0d11ff00e0ec8beab9c6b66e18f4a6d128979ce1efaaf6fa07d4202130698216e58b8580833c13e1420dcfadbcda925b908";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/hsb/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/hsb/firefox-60.0.tar.bz2";
       locale = "hsb";
       arch = "linux-x86_64";
-      sha512 = "e8ac60e1b925e7530884777a4ae05037e5c577fe6dc834ff8a007f473846b052290787d3d2f0c19b56e573385b6471336208d360c4c13a3ea3dd686429c28fe2";
+      sha512 = "6dee0423afa3ab5c173568aa91a2e92927cd6aae390033f34d8e63ad224d813b3f688a0287872cd8b08efad823b05804ddf54efcb57d1503bb70731391fafebf";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/hu/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/hu/firefox-60.0.tar.bz2";
       locale = "hu";
       arch = "linux-x86_64";
-      sha512 = "737634b022794a37223779592ec948015a90c6c96c952acff5821c3af9c060e7fc60c988f17d87d5faa822fb860e6697e233601c7fb910ab5596935fce12ba49";
+      sha512 = "688103282fbc64a541bf6b914f757ef4cdf58ac6eaa942f45bb8b20b661136913b62735b7352c2118643118c48d94dd9a7cc18dcac184c3080e078d6bafbb278";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/hy-AM/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/hy-AM/firefox-60.0.tar.bz2";
       locale = "hy-AM";
       arch = "linux-x86_64";
-      sha512 = "53d3a10011e8cbd22bbe86c6ed256775de580f7b8094ce30d8337268362cffa2df85267fe11432f659a012047a164a63d1c143014c0dd26ff865760119223f5c";
+      sha512 = "f836cd764ddd7f9f48295c103b4ec0c091c8eaceb756825fbc9f4a03b9dab786fc94781903975167d93c8d9ee73940a6607403ae6d0ef97a7c83b89989ec628c";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/ia/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/ia/firefox-60.0.tar.bz2";
       locale = "ia";
       arch = "linux-x86_64";
-      sha512 = "5d1ba2fa31d3c5ee692d3bf8ae0995ab166ea0c31044e056b4806bca141d34f93ed5117630c311c072d22cf65d12efefa812203a8237464cc9a285c236439810";
+      sha512 = "61ed80fa61e7e8247ac1b59dd26582b063fd1313a02bf1ab73c696389cdf5f3d8bc0c3b58a15fd9ff08ca9514e3a3b53fb16aa532758586d412a8155131fa457";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/id/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/id/firefox-60.0.tar.bz2";
       locale = "id";
       arch = "linux-x86_64";
-      sha512 = "b94a086208cff6fa7b4b3f7eb4d681e77d2042ef1c6b21af322ef7316b8551344aa72c3d7a39b86826b8c6d69f847b9d20f60143a048ee28db88847dedfd1d37";
+      sha512 = "a87de8f34c82d35a5bfc77ba7a5be2c5afa6b5015d79f25280d162f9563cf8e48ff54386c03b67e4743a376c0d679f1d90b7f87924126028f2a4b990e7d28182";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/is/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/is/firefox-60.0.tar.bz2";
       locale = "is";
       arch = "linux-x86_64";
-      sha512 = "9767dcbe58dd91364b313f4b7b8f85e1768148080ff97220fa1dfb3dc8d5a69e6fb8fbd607a92411d5f4adbfb856c101bc80f922b0b1ce8b63a79039e84c329b";
+      sha512 = "3b51c777930363c3085f11f3fd54a58a3ebf63a1a35384ec8d324acd670cb35e8bf8f9d1bd3b6ba735b63b5b2f0901d064e7802c5fea6edd5b36d7cc022cfd94";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/it/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/it/firefox-60.0.tar.bz2";
       locale = "it";
       arch = "linux-x86_64";
-      sha512 = "f8ffccb521f97f0f18f70a0cd2cecc1c31162072bbbd929a1952823275d7b7d07f36e64bf6811e1aaba64b880c432b1dd342483b9ad5a594971a0bd068c45197";
+      sha512 = "84ab4fc30b8753fd7586239b6f7313828862793581932aba00394ba59f6070a5ce69455a102f2ad05fe19e8cdfcd78de82d488bc31918b63f4d8aa810db2be76";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/ja/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/ja/firefox-60.0.tar.bz2";
       locale = "ja";
       arch = "linux-x86_64";
-      sha512 = "bd97cbffe8c4c1ca0fd8e44615a6e04dc5929c8ab896952911a04da3796a9132f797a4e32ee262af7a2d8bad294a30e11349731306d86ad18200715408337437";
+      sha512 = "345b9ed332637d74064064894d34d32263725af9d288da3de3b2c05d2e38ee97355bba5a871698980d772a7b6847642c19716e00514d2965900f12b8a5d7a633";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/ka/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/ka/firefox-60.0.tar.bz2";
       locale = "ka";
       arch = "linux-x86_64";
-      sha512 = "1b5a69053263a0571227e614e0ed05ca1cf8bfd7a6294fb82778c2bc99b209fc68b7d644cafa223686ae2a54ee125036a91a3a847a753c194982c0f2327b3b49";
+      sha512 = "fa3baf6c474e883c94e5d862739e2124980e3d7cb7692dee8507d13bd1aaf389c849b218ec0cde02f60db479c1ecd32e8e444afe3e09c6ebb4e7afa0b273a2a4";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/kab/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/kab/firefox-60.0.tar.bz2";
       locale = "kab";
       arch = "linux-x86_64";
-      sha512 = "33805bf3976c9ff6699767ef69336f06eb86f08b540b54b33c8997b6af42eaac6be7b9dc8f29d3099ca9530209516ef84e819fcf98f3a7bef3e8d47be8d372b2";
+      sha512 = "a86ccc40c7a7460acf3242a8ab85fdae4146bf0efbae20ea44fb0251f18bbc803f55748348022ad5196c2347e3da7b79a03418ae281835af184d2245e4bb7635";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/kk/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/kk/firefox-60.0.tar.bz2";
       locale = "kk";
       arch = "linux-x86_64";
-      sha512 = "c2bc89ceadb7ea2c81ee2b4d72bfbeac8a34cd1838f0c2201d7ef0c819e597b87a935a0e6be0831b997ecd290e286de7a1c9b903a10daaa5dfc0fdec2309b260";
+      sha512 = "420956435202d7166c3d29c795974034b43c758fe19d0d55dfbd207e4e1862272a55a6770294ffa54a4cb9259985eac7f17a290e13a49006661b18beb7f27a23";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/km/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/km/firefox-60.0.tar.bz2";
       locale = "km";
       arch = "linux-x86_64";
-      sha512 = "cb1919f31651b38a77683850077cccd73c27496e1f9b4354accfc35f294d479b92549ebbfa173fdfadf95b03bbb45cf1baa0c8a4e51f132448ffb9fb2293a67b";
+      sha512 = "cfc262238316cd3dcab2e2a11647cdf3a7ba38004d4fa18f83286d6cf1320a78534cb88727635c330e6ca8c8608aae748786a83fb68484f6d2f6ee23cff603f1";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/kn/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/kn/firefox-60.0.tar.bz2";
       locale = "kn";
       arch = "linux-x86_64";
-      sha512 = "4293747292be73ccf60a19744120f9cc13b45a7be0c5de4243dacb5a2258eb88391d6dc6b240420ca5097ff5f5e2d5d36240289f6a5c51ba7d0fd31729d342fe";
+      sha512 = "27c445445080f6642d4f95022d8bd07824ea81549f80da041ad1273db6d4a0eccb9e1bdcacb89e269e69dc63a33af2c131f193545624771e25444e212592c45b";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/ko/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/ko/firefox-60.0.tar.bz2";
       locale = "ko";
       arch = "linux-x86_64";
-      sha512 = "1a4723d890649ae29e9030ed2fe3208e44ed10adbe35c25877003a6adc21e033278874241bf5fc971b93f94d33fb4b503dda438153a8bc80b187b584841423ae";
+      sha512 = "21f8dedddbcc5da3788abbc17ae07c422b2f1476fea3c45f173376b1ba38736f1a85b7d11bfc0e50ad610d605680b3333c39b18b89e9e4990086a782f8559881";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/lij/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/lij/firefox-60.0.tar.bz2";
       locale = "lij";
       arch = "linux-x86_64";
-      sha512 = "564260546bc6436dc47ebe6b413abad6d2d25dd7a64d9b5ddbd52fdec49af951b9ce26f3aeccc330aa9601605bec7b3b1f8701668d2b01ee06a228f723600fc1";
+      sha512 = "706bb394d90ac405773448cd4869c8880a649569d15af420e15851131194a014b0b9f72a9b60b2f621596d4215f606b3b81e0409ea4eff5da0c04a91691bd99f";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/lt/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/lt/firefox-60.0.tar.bz2";
       locale = "lt";
       arch = "linux-x86_64";
-      sha512 = "0aa6b9bb99ae8284f7287def5048af21372d03211a279f2226de7a739523fe189b3e06e207660be7ab35751b5ccc6aaa1b53dc293417971300a4a8e7cc162b6d";
+      sha512 = "6cf1735fb80b7fd945a2b993f1963ed14c903791dd720fb9821a728251b0c006cfda12f80f55e96bb821c7988f7e73144254e7e3a3c92a4a66680be9293771cc";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/lv/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/lv/firefox-60.0.tar.bz2";
       locale = "lv";
       arch = "linux-x86_64";
-      sha512 = "f63955b57e40d2d49d5d1b276ad5b2bdd5122daf476c560dc64e82afa36e4a649e384957c69609e74ff96935004ddbd45c8043a27991d082e59e0f42e7221aac";
+      sha512 = "5feccbfe1088ed569e67e3a54f9cff0f7fcac91dccb8fa447febfd96ef2a4f25a2f51b8dce2f397b2b09fd8654bfcf292339cc5d25140a1892894425f2d86e3e";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/mai/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/mai/firefox-60.0.tar.bz2";
       locale = "mai";
       arch = "linux-x86_64";
-      sha512 = "7e857033b14656e972ecbb6f60454cc63f79a9c775bb1fdc669f44af3bde4e1d04ceac3f7028eaab17fccd8136c417d937009b6fc0e80c45200b279660924bd5";
+      sha512 = "0b75fa47591f6ed9cdab76ceda17636a7f666b6469e2fef948d29c77f559328320cb1108105590a240a0004976cc922439eaa800a5234f7064396e2d56e5a45c";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/mk/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/mk/firefox-60.0.tar.bz2";
       locale = "mk";
       arch = "linux-x86_64";
-      sha512 = "8f7bf3418145af3ab47372af8e131b4a8b350dcfa8a7f74720a96812563327a4e4816976c2fd655fbaced91fadeb98489bf0fd043e103e5e0923b9c2ee408188";
+      sha512 = "bcecbd3a82a66abc1918f03ff0c5da822526f3c1a8ad72ca9a021d5c036a382734251513dacef9ca6f290b130b67edeea5a79a37606ac34f34b27528ba7cffac";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/ml/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/ml/firefox-60.0.tar.bz2";
       locale = "ml";
       arch = "linux-x86_64";
-      sha512 = "b9e65dd54f8b4c1da28f6079938320f9943ff94ea0a0a7857192805ff84b53e7de6b762d05f8a66b6dee9f8586623932c5cac7163db2829fe41a13b3c73c27a2";
+      sha512 = "14d844aa0c430376d17224e0172234bf028f1bdc56b931aad2455c221affb93f1048866b8bb3418dd10fe12367178e7504842762fa9fff381a21ef8599bf9f37";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/mr/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/mr/firefox-60.0.tar.bz2";
       locale = "mr";
       arch = "linux-x86_64";
-      sha512 = "80e20cc4d30dd2ce2a7d5c40b4c98271a0c0834cff7bf201c3db8df4bece056becbe71dce7056d24b837d16889cb15ec73be7e853384d88447d9d00eada4fcd6";
+      sha512 = "b25b3aad52c6670c27c977084cacaf526b4c64b24c679dd7f45f4ab583a80799912b6e6b9eac195ba19c94d70dc5a1fcdac46e2c1234fac777d706fa51008221";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/ms/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/ms/firefox-60.0.tar.bz2";
       locale = "ms";
       arch = "linux-x86_64";
-      sha512 = "ab4e6a3c244a7e1c4683f58252d02865cc9e8be51a2fe189d8bf555c968260dde63af130a491a8c3b093776a1d1d6b883e32b4054c19a20a9d1856685b4cbe35";
+      sha512 = "5df8c5ca3e8dec6b84066ce0c4e2db00d12cbf7c0c51d229a88072653166359652caf4c51e7470f06151d9ddda0075f8f53eebe2bd83e25bec9920db7654a97a";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/my/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/my/firefox-60.0.tar.bz2";
       locale = "my";
       arch = "linux-x86_64";
-      sha512 = "aef82a1dff4adc9d93c967ca4fa3e4601772e8b748c3d41a08d2893667bc661a0c640b02450bfa647d35b9c097919ce90a4a4034f83cf4ec51d2341651205aab";
+      sha512 = "eb35f499f6d2ad6e71eb780767abef864b2611e8cf83669e1a8a08f6fdd098ea183234e157a5ea442773c45348b13c55b2811398a2440d5e579cf57ffd1620fe";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/nb-NO/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/nb-NO/firefox-60.0.tar.bz2";
       locale = "nb-NO";
       arch = "linux-x86_64";
-      sha512 = "edd9601c678f8f551fa379d7f3c31d2e4c68434d9d3401b40f2945622e6c844993fcf3aaf010ec5b3bc13eb8c8cbe951d76b66a908b4824526b8da368361a347";
+      sha512 = "bf8b5d719d507faed5f2f9c34d6a78471b16f0452286ab3f79d63d516bdd6af54186cb4cd896d09400da51ec4a923f711791e4040048ed546a0d30a065dac129";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/ne-NP/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/ne-NP/firefox-60.0.tar.bz2";
       locale = "ne-NP";
       arch = "linux-x86_64";
-      sha512 = "6d7a5d81e0551e675d8dee4be7fc0b8a39afb37b74949d408f197562bb8d7866706dd1b9fad60de4410cac9bc91a4ecdb92aa75a60b2fc2e2b7cc51fc9e46c60";
+      sha512 = "e389da15177b36b9f480630e88491252b37ae1c4b9874804eda96a259fd8d0dd5c53975056246dbfb1ec8b5d47c90a9eddd2dc665c19dda64d35fb1af4d1a531";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/nl/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/nl/firefox-60.0.tar.bz2";
       locale = "nl";
       arch = "linux-x86_64";
-      sha512 = "3d4c3714c7d1c7d4865bace3827df94068bf0cfa4037af130cb7ce0a5f6cf7eaa0e37d091fb36758b13f52a5307288e5480ddcae50bd8645cec527481c03d7f3";
+      sha512 = "d4b4978889d9acd79e60c05f9e088c8850ef234e475bc05b27abe79596f74db47da748fa228b0b9706ff8f7e747b28edda36555dca8a3c8a70bb3a2ee147b8cf";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/nn-NO/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/nn-NO/firefox-60.0.tar.bz2";
       locale = "nn-NO";
       arch = "linux-x86_64";
-      sha512 = "753e792e3402a5b75043899a5f50f5926ce31d2439ee1eed16193932e962338cddd974194ac94f7aa1ef0df548d95f901a50988abbf9f3e9820f89ac372e39d0";
+      sha512 = "7f27fefba306c82b7227889f56059d271623ac40af272ecf810c53224cdfca8a79225bdc1dbf267be8b8a4db4a5c870f5f969f0e30cb3bc6488c8ce101c43bd5";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/or/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/oc/firefox-60.0.tar.bz2";
+      locale = "oc";
+      arch = "linux-x86_64";
+      sha512 = "f5dd23837b4c6d60a3efece4f70fa4ad2c69a0d560d2dba884ca0bf004619c26aca11348e4eaecebb0a92c46a835ea766b09a9734f7ae34dab88c4849aae5151";
+    }
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/or/firefox-60.0.tar.bz2";
       locale = "or";
       arch = "linux-x86_64";
-      sha512 = "ac0068afcdd2b6bf5416298e1be065387606bb0b79cffa364aeef9011535ca5c155d1d28fec0715a648f065628efd2c847f47785ac7f27415ceda1902da1add8";
+      sha512 = "f3224d03f3a264498167e62fa8df8b1d4ad0cd9de07f9bfe26eb85977214a00d64daa0d3ed8ae9d2d4ba30e606bb006a0399918dcda34d6eb5b9009eb3db6dcf";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/pa-IN/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/pa-IN/firefox-60.0.tar.bz2";
       locale = "pa-IN";
       arch = "linux-x86_64";
-      sha512 = "fe77072b374c34f5026de80ffae16fd4b30705969a795079ef9e81dcf66dddddfe01287dd44bb4f0001427935671d2753d22a8b80469f9c4e896e215400dd9f1";
+      sha512 = "47b347b899f7300a9bc9fb15f00ea5b05ed26f422b4836d24da1a795b8f35fa8cdce292fcd92b8730e54078318794cf942b27425c367ed4090f3ea9237611cb1";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/pl/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/pl/firefox-60.0.tar.bz2";
       locale = "pl";
       arch = "linux-x86_64";
-      sha512 = "e4b05ab04418e65880f989d642478023bde4ba5ce17627f806b223d19005b4e6825d8a9d5c532c878a397b3cbd8220c4aa4c2627b17b83fd6f4acc395c0a1923";
+      sha512 = "844eb1c7e46ef7bea66317220a6a57daa0cca6022457da4184550974cb9f616bc25ea01ccd8f158c3d195d39e74cab4d04f51d41406a9cbaffb423c87ea24b3c";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/pt-BR/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/pt-BR/firefox-60.0.tar.bz2";
       locale = "pt-BR";
       arch = "linux-x86_64";
-      sha512 = "9d67c1264b90dc58ac62fa094792955b75724791b7941354d5836cecf2c5c13ec279cad12f93287e524f0f0dfc2302f68f7585dd783998630007dac806f7e2d3";
+      sha512 = "ba3418e27df6f0e037c37d1afde5e96c5415257fb0ad70f95bec98d50084f8f0aaf1a5d8752163bfaf00b390db6d0dfb88867d3afe48bb246664e7a9361b2d87";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/pt-PT/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/pt-PT/firefox-60.0.tar.bz2";
       locale = "pt-PT";
       arch = "linux-x86_64";
-      sha512 = "a241e003b6d1a3537b5232fc793aa6dce194433028987753bbeaa5c21cdec58b326e12bd4136656cb35bae3cdece5dac100f912151aeee7548420de2d3875e93";
+      sha512 = "6f675e939407e19ddea4962e2f8cb0fcfc7f573ff76689d1f434416b02024bf8786ad78b03fcd4150301309fbfbb91be078340a47d9fa413d2312c6b8aebdb8c";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/rm/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/rm/firefox-60.0.tar.bz2";
       locale = "rm";
       arch = "linux-x86_64";
-      sha512 = "87ada5bbfeb43e3a42f1eaa44c58e025f66ddce965e1c97de8ca0df190ca18106eacd2d1f28c959a104e79df583672206c047eb79c51a32f431f8cb6fd68bccb";
+      sha512 = "d6623710addc98457977ff62337a3aaccf1953874e6df5fb6d4ecfe2d7650920d5c1d4593793f37b5397e688ee3e745ac7007f3925e0982b7ce168f5a1fd90ae";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/ro/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/ro/firefox-60.0.tar.bz2";
       locale = "ro";
       arch = "linux-x86_64";
-      sha512 = "97c5d69e1e40bcb779ce058820b0a4afa4000b3c12170c63ecff1ad4b5994f71ddf36c49536280edefb971fafa6be52a3b436a405ca9a1762aa08d2cd61022c0";
+      sha512 = "38c6a14a6ac375ce700cea3853b4fa208929ab6814bf2037c2b9d03b15d85ce81833c09e889ef5a8966c61658055fc11e4d1ece2a16370e7436adb52ab321bc5";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/ru/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/ru/firefox-60.0.tar.bz2";
       locale = "ru";
       arch = "linux-x86_64";
-      sha512 = "74fb10b42eef3a2391aeab0e3dd1ce463b58cadba5c42e2fc8a5e0bdb1f9df122aec65a662c9ecb8a14b1ee76bb060c64de93f116a37d207b4cc0887ecc0e2bd";
+      sha512 = "730d26ce8e54b9b4e8379c475e6db9bfc293cd6bd233f566ac54ef6512f3f3bcf687b18f8a31f3869821a9fa1d26cd8e6149e3721b5950ff7633a645df4df8fb";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/si/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/si/firefox-60.0.tar.bz2";
       locale = "si";
       arch = "linux-x86_64";
-      sha512 = "d63503345ef7896e9d9a3ecfc80395b6ced67c38b02c19f7afcf94a9efde01f3ac53f1d581b8151d78eed6c7f8eb69f9edccaa3be49133aa3abf2a1eb759a02e";
+      sha512 = "37b72c9fd02ca03087458b58080da505fd334fd7059291a7d83557212af0e30273ef002a3fdd9a8797e76f1178fba731c127a28051b1bbf74f570f13d6d8064f";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/sk/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/sk/firefox-60.0.tar.bz2";
       locale = "sk";
       arch = "linux-x86_64";
-      sha512 = "1020baafadd4a1de8118bbdf4e281c704595730937d3aca9c8185a6ada54f4a72b8efcc7c493200c32a6a11e7121ef52d7aace68c47784eb5d17ed7fdda32d60";
+      sha512 = "5ad4c596575cf5ee63d7ee6c9df3f9b9dead8fe41fc66dd09c010755d069f2c6dc2a920ce4cd82f23df7a22d600aa502b3accbdb05976ad5f08f1ec19772fd51";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/sl/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/sl/firefox-60.0.tar.bz2";
       locale = "sl";
       arch = "linux-x86_64";
-      sha512 = "a93e20498b5b3a2b5d19197bbeb48c4502217e44a25c48372f8855a49f762e89438262ccf5dde1fea24af1199bc8cc5c935b1bc886e0bb581d698d10a59d60e9";
+      sha512 = "5c7181d319b5bc4c9c731640360fec12a862975fb8d6b59f913a9a113b88a65ab3b9db9ff759f9faef6088f25c5f59462f0f82b62a8e5115836f498289478f6c";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/son/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/son/firefox-60.0.tar.bz2";
       locale = "son";
       arch = "linux-x86_64";
-      sha512 = "24411644b553e6f3c305b8a893a7bcd4ed59568a6fb7001b999be114a3e88f30d40ac6f3351c28b3287bd2a9e6aec461c54433caa45fdd349aea07e83401fc2f";
+      sha512 = "f1ff760bc5516ac6a5beb251d541e38cadf0652ff51f9f1798b9677e9d3e33c844d56e6397288c898ba38c6bfc80129c7318e1e9cba3ef9ab4b9f07405dd628a";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/sq/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/sq/firefox-60.0.tar.bz2";
       locale = "sq";
       arch = "linux-x86_64";
-      sha512 = "40ec8fdcc4fcec937a710e5d19077243d0ff5cd832bd20365817e4f4ff1cae5eeb2a664906ce7f60a5184fb053735df5825ffddce41276797fcce3a11548f4db";
+      sha512 = "d57cd7cf4669cb537d96d6b9b4bc81446d7e54d6cc294776f2155b1280352289c1afc3d0b2744973280bc980c4f6200a0cf114e449c15c339535cb30ed153766";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/sr/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/sr/firefox-60.0.tar.bz2";
       locale = "sr";
       arch = "linux-x86_64";
-      sha512 = "e538596cf0de4a9d8af4e801d7c17d00c1e63c56775cef0d087a77e320cda2269cca74f0c73f679208a184c6cbf4b20c56d1d222e8846f15fc4a91c16ae3ea5e";
+      sha512 = "2aaaa459fc730feb75428dc4af773d001bd18fd0afbe564d919925f159cd95abc22a21db9919a0c3f16f12ffdb30e8f0d91c0d3c113578804c35a1764b86af1b";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/sv-SE/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/sv-SE/firefox-60.0.tar.bz2";
       locale = "sv-SE";
       arch = "linux-x86_64";
-      sha512 = "3466f482ec04f5e8827f437c9456908f04e78c67ffd299b841f2f82cdc2c38a61a566c8d85405312c144aa5c45698b5f6e81190aaee739adf4384f95c81f9e76";
+      sha512 = "223f00e509c53a88f102c2f9da9b75640bea329307251b59aaf2ccc759fa0246701b1877c400f3fef2337099f2c070f33ffb92c8313612a384e7f5ec7cf66ffd";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/ta/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/ta/firefox-60.0.tar.bz2";
       locale = "ta";
       arch = "linux-x86_64";
-      sha512 = "7598994ca03afb1c2933b640298453a618d140791fe20255789081babb0d9788c4f3ab34d5ede82e1d688f5dc0486fa0f842f1d125dc5a955580d14b1efb6489";
+      sha512 = "910ff3e81fda8c94989b3d6cefc5ade22ff0dce21a81907e84f1573d631253ca3b3f45383552193fb46875e09b770ff8e28fe945558fd897bf0b64bfb4e01004";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/te/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/te/firefox-60.0.tar.bz2";
       locale = "te";
       arch = "linux-x86_64";
-      sha512 = "759be69dcd9b795f7b1b8192928e27799061d83d86e0234cd2a1fdda0d922a7a9d958b19655bbe976d409297f2e2fb2d2a6a525f90f77fa53071d510ffdc6438";
+      sha512 = "3fb89f3620d5a39a44cef228a9fdd11362bb3bff59fc64815468376221bc151e3538f929023fe634a163e0c7ec47c45c54388d4f5dc911b53a3f2565caaa6edf";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/th/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/th/firefox-60.0.tar.bz2";
       locale = "th";
       arch = "linux-x86_64";
-      sha512 = "a46d7eae4a2670615e100707ec3e340d48502b63d6f6f98d4a3140c1bc9d0826b44001bd8ef940c4e786ba5d3f8a00e350faa18d30fcc7663f9c29f20e7a20fd";
+      sha512 = "78a66d69b6225ee29c5c1084c9059a9f1bb867c22886ad42e628fd7e0316bc2eb8eb02522972817508557f1be5369e00ba489260b7b6882a4f12448808b9af16";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/tr/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/tr/firefox-60.0.tar.bz2";
       locale = "tr";
       arch = "linux-x86_64";
-      sha512 = "ec5ecf9c76315d1fdc508c94023cdd60edaeba44ef6ee49859ba0689413819f11f54c9ba787000a166b0fd7f628e3c2b42f42c9014f9e7823da257d0abe88cba";
+      sha512 = "afb9c372e5b1f0f69c53b4c0ea9dcd8ba73672c163bd63cf88b7d8c9bf24af3656a924b29c6b3e28f826ea710c452cde789ee68e0a80bf269b034428ca2de577";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/uk/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/uk/firefox-60.0.tar.bz2";
       locale = "uk";
       arch = "linux-x86_64";
-      sha512 = "430cbe8281803ca0a4e124fb62a8d2dcafb751ae20441e22dbfd45e544cf906371eef4889f16df5c1be91a4eafa193303e053f75ff15fbe82a836df3ef19a5ff";
+      sha512 = "ff3cd139b34652446807063c4d68f4a5ff8b5643bfe786527114a11a4cfe2838f64ff151d5d77ffc9c51e4b057d3f1058dee1dde521ea95bc9f17392a641c5ae";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/ur/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/ur/firefox-60.0.tar.bz2";
       locale = "ur";
       arch = "linux-x86_64";
-      sha512 = "b293eaea548f8d1e96087e111e96fa35940254477599a3c2aec9bbe005347cdcfdcd79f9e3e6d22829fe52b091d6d18dc04ce768724f9709a6e397838974c45a";
+      sha512 = "f075ecd1d15e9737ea6079c2dad94f7e3bda9503ae8a17f017fba27c166f1721ff9e5956c3a7a3704594d8f4154f9e11dd2df19630aa735aa7d3e533283af43f";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/uz/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/uz/firefox-60.0.tar.bz2";
       locale = "uz";
       arch = "linux-x86_64";
-      sha512 = "dc0a6b771469b89cca470a50afe47c642fe6bae284599c876c51c2c5834147cec435508c101f33d76d1e4ce5760f52f3a59592495c82db314de426a9602097ab";
+      sha512 = "8c885715f9df669d79fa4c0b0bc054c4e760916ddef288deda943ce372dfc85693a2297ed591b4f540f618e4044321fd3812c9fb037561969a11a7b472dba2ca";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/vi/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/vi/firefox-60.0.tar.bz2";
       locale = "vi";
       arch = "linux-x86_64";
-      sha512 = "6f7b9acc584e41be34b884da9b9f2d7aae602958cbac9843d73dada11d1a584101e603f9111c24983dc3ca0b70462091cbcf755c93b7811469b179aa2b3ecc60";
+      sha512 = "19b398ae13e9cb74f61fbfeefe68fa8fcdf8785fdba2dece9e2674900cd9ab71b401029e1f1fb91174c9996e65522eabea975d3bf9d46de0f76c29d0ff6d3812";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/xh/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/xh/firefox-60.0.tar.bz2";
       locale = "xh";
       arch = "linux-x86_64";
-      sha512 = "7623715582708bf3e18ce924aa6e1d0fc6c8bf38503691d3ede092070860db3a116b2f39ee1e467d286e0566bad594679b489b39d2c5b5885321982689b8a56a";
+      sha512 = "e236beb0e0d5a7fda5c6bde0141884a0d5e09628e579ad0e31280db64d2f373946bba15fa1fc40a7c5ac7d468896d9e7af41b587378a999dd7fc1d9b89d7a11d";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/zh-CN/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/zh-CN/firefox-60.0.tar.bz2";
       locale = "zh-CN";
       arch = "linux-x86_64";
-      sha512 = "9d0e41df6cf6a7244c4aa29913ac664c67463ad50b91ffa1e7e345601eaeba76d8553523b322ae477ef0f0c5fce55ad2e1cf5bfc5fd777d9433ebedcd2474d98";
+      sha512 = "d4865b13e94ed4ecaddee1458700ad6ac3850aed5c5298761fc1dee3b483a302a60256ceae15fb0b8d2b212420aedf1e66345b951dc90e5d8368242bcdd0cebb";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-x86_64/zh-TW/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-x86_64/zh-TW/firefox-60.0.tar.bz2";
       locale = "zh-TW";
       arch = "linux-x86_64";
-      sha512 = "c65832ecb353527c6b9e11dacccc9e3d1cbfbb16db1872c8afb4472f632a0e2b4f994af43144e430aa8c8ba6aa6a579d3c024c9111fcbfa6531a4b2b7377414c";
+      sha512 = "2165c1971c390be50a8af0e7a17766952a28c62355ac6c017c0871696b4073dd164795b3a347c3db99fd6b625f02c7e1ab8dfedb48943bcd50a1fcd46aca797d";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/ach/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/ach/firefox-60.0.tar.bz2";
       locale = "ach";
       arch = "linux-i686";
-      sha512 = "468b25a5e90b385514b0f486bc3fd09a1e7c8c7230b8e31b04dc4bd18027396078b525fc5b51c9747e642d1bc60be49a7e2cfafafd528d95f08033abd12b0757";
+      sha512 = "ae783339b7f51f9e7fdddd36086fee47545b0624d42498627b65233bdc157cd30b2efd2272e27699e495b617b888c6c0a179d9026b7e22b5f96112f9cb520837";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/af/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/af/firefox-60.0.tar.bz2";
       locale = "af";
       arch = "linux-i686";
-      sha512 = "a3b92e792d1ef58e029fc097eb354940094c8a94da97dd39b1f69610ffdb9a1a6527b01da2b6716c6c199d85886b6e05aa084bab30f8a2d0ba33ad4c2f6c36ef";
+      sha512 = "8591da90fb08f30445457e84464219f47e685b973b118829878e5c9bda41a58296190f34959549bec9cfda400cf4dd29b2bff99b8411a3f255b04da4f67789b4";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/an/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/an/firefox-60.0.tar.bz2";
       locale = "an";
       arch = "linux-i686";
-      sha512 = "9fcb76d123b657b9eb7c62c53c703ea27afa2f41b5107cd67dc01923ffb9dc6d3f334f5d801058f05925b18afea289eac03dfc3c2b188bd2059f4dd0c40710fe";
+      sha512 = "f60502441cc1d58194329d9853cc5d893ef1255dbf0d07a9344d9d49ebf328473bc978a5cd8ec43de5b57751b698774e090c2ee471ce65423f5a33750262c280";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/ar/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/ar/firefox-60.0.tar.bz2";
       locale = "ar";
       arch = "linux-i686";
-      sha512 = "eee65b88c2269081dd04fbb37d360b0738e6527581e60dfef60093719a3a15b44d0d594321b4865a35784d2f378e8d86f308736d8be76c1cb7d39152b916bbc8";
+      sha512 = "c0174c009dce15fc2836d28cf80063e04ce34d12c04ce2230c5a9e01bbdcdc8073856601db45158bee68b410c4b9d9c53c78bfbe24c8293536c866b2cd13c3cf";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/as/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/as/firefox-60.0.tar.bz2";
       locale = "as";
       arch = "linux-i686";
-      sha512 = "f2e54d00258b6f1c55bd8a1deed5e9c9b1e6f1579447ad832f348b50bec8fce66e50c78b2ee6e05c885359a6b2b1f9d298e907fe99478536967103708143f24a";
+      sha512 = "19f81fb36908e5959818c74c0534d4189025b061222bcd01745033891321a2931ffcfec76a893249a8e7026489ced55497c00ef0dab156416a644a9b88c72a05";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/ast/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/ast/firefox-60.0.tar.bz2";
       locale = "ast";
       arch = "linux-i686";
-      sha512 = "4f23798708447a4a3801b392a2ac27207df7d2b722291d3836163b3900c7745404399cb700873cf6afa70121c429ba31bbd8b0b1f597e8c91b2f970d0d6421e5";
+      sha512 = "a9bcf4be3e09509d34f70ea2cbffd4ecbf3aeb15f535080851c63aa2cc8e473fcc9453ef76d25fd525ae79f74eb76a6269919261aff5e8637cac139587b92c95";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/az/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/az/firefox-60.0.tar.bz2";
       locale = "az";
       arch = "linux-i686";
-      sha512 = "2f12c45870d5ac1a6baea455bda954cf3b112b0a3b46249a23b7cfc064c6eb00cf0ed2952deb220777cc084fa2345368b95388e143dad6e45042e7863c6c3038";
+      sha512 = "14dc7149a69e6dce184e4526cc31f1a8d2f5a833c49ffd1c0ec51d67e8746d27334fa49abf9d487b7656b9f1e71ee0f24e7ef69b9888e6da640ffeab1da12ef0";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/be/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/be/firefox-60.0.tar.bz2";
       locale = "be";
       arch = "linux-i686";
-      sha512 = "f70af6a6f464b6098802e65226b198f670e5d9ecb2fd56f9c375cabec1e602211c4cf7d80e430f961bb56694cb1d546aa116c7a5aaeb06d13319ed41e3e69ddb";
+      sha512 = "38dc8e028feb9a523190346b01b9342e865af18db67eda7dd65189087ec1302085a141c708da5834339f5abb36e5eb91cf727eab1dd4feca3b4fda8035f8b423";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/bg/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/bg/firefox-60.0.tar.bz2";
       locale = "bg";
       arch = "linux-i686";
-      sha512 = "87377e96a52ed8866be4a3e6ee9c20c6d8acfaaccb53de0d2a4fd553060166c20b3677a2cd3322523f3b3f7d03618e6a6c27e485113184698207cd4b88b7e699";
+      sha512 = "d8f0df46d689c512996623657d3b2e893d2a465bf22be0679c1ff9204e8e773172f6a857d392fe2278c59c44e91eb588ba4b035b1dca1540ed59645a9d8708b7";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/bn-BD/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/bn-BD/firefox-60.0.tar.bz2";
       locale = "bn-BD";
       arch = "linux-i686";
-      sha512 = "0d275fdd76d8ee85615f67a11ef46bbf8b718c54a09cf6f3c7f2336098e0bc282caf429a4b228e31e7c3622be41f41384af174da9fa856fe36dc46271f55ed1f";
+      sha512 = "98902ccb5f3b34e3dfcf101c6f1333428a6a1579d5c5c390cfc134fcf64ae0b4fdb493094bd654c39e9e6708bcdb1ffab377003544432a73e4d80c150a17e871";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/bn-IN/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/bn-IN/firefox-60.0.tar.bz2";
       locale = "bn-IN";
       arch = "linux-i686";
-      sha512 = "b77374481f21f37e246eb325ee41202fed9916ce36065a88f51e28fe5a015e2df341417b3420d2bff0df93437a56adb4e1fae0422bb094918a19157c655fa34d";
+      sha512 = "d2582614773a08192d0ef87eba9392dc4023c15affbfd14227b642ff93bffa8339fcafad0ef0ee8428c8d5f84a4e84f67af376cbd2e14f187c37a294e710dd12";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/br/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/br/firefox-60.0.tar.bz2";
       locale = "br";
       arch = "linux-i686";
-      sha512 = "ba071fe6a668ebc7c00baec930a568a90d03c866a0b5f0011b25e8427f40fd32d54fd770e94610da43775a882eb27eff6359c67d65670fa0fc6179e788cd1394";
+      sha512 = "62457d015c193a77d12bfe58dff76a23c8b71e184965130699d7d97ba9dcdac47cdbbe9858e5a571185e4c56621f5aa4d8ec01a8c081f6157a98c6ef68ee90d9";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/bs/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/bs/firefox-60.0.tar.bz2";
       locale = "bs";
       arch = "linux-i686";
-      sha512 = "de70dff3aa71422c96e17e637bd56c18d4b74c8cf1ef5834f1f077249f6d7d1e95703f55063737b464916b2aa87eb4469d197e3fe772d168d184e72979712e65";
+      sha512 = "5fe3bdeabe8804b4604440541565fd45854c82f421714a182b93f5b455935743ccb8f29d7b177316513a3f86bf31f549bfbda296c68f5808071dd3f74744fd4b";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/ca/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/ca/firefox-60.0.tar.bz2";
       locale = "ca";
       arch = "linux-i686";
-      sha512 = "e197d847b044a9ff4e09b67c64a2e4bca5eb2a1770ed4cd9ba965342106b7ec809950d611367308fe2c556c4b413640f050cbbaa00532402d71b59d51c4b60c6";
+      sha512 = "05240abcb093d8a643e636f05fc24f58cd79aebdfd9050dbea00cbec8f25bd61f521f4f85492df0bb4b7db1a69b0d73a322604a0d3741ebd88a3c961495924e8";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/cak/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/cak/firefox-60.0.tar.bz2";
       locale = "cak";
       arch = "linux-i686";
-      sha512 = "a716ff884d1d5260b9ed830877223eff731ad301c1349c9f1dcfea5b9dbed0770269c27aa8a336516270386c4b896a87721e3a5e433e92bd579e0d88311271e9";
+      sha512 = "9bd35d87ee4b3e0d867088c5c788c3871ed6c1bdfb5443d7cc4c88501a59a2cd16d58ebe38343d7e9789292ef9ba1392d7a26d86dc56ca916330cf91e7e859d2";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/cs/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/cs/firefox-60.0.tar.bz2";
       locale = "cs";
       arch = "linux-i686";
-      sha512 = "d66e5f440b2bcece18013499129462ed20d85d9b27ec803ed27bb7d4302d2369331b2320970d256b6e61ba77d93e362171ed012843ec926047c281223218a25a";
+      sha512 = "643daf0dabf25827872158e746355b2cce1df12b696e03e2e1e1ee9beb70339eae1175c3eacb31bef8af45d82772310bbcda00fa4d19219421c636a79b85fd0f";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/cy/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/cy/firefox-60.0.tar.bz2";
       locale = "cy";
       arch = "linux-i686";
-      sha512 = "87c2c1056bb56b5fc3d1fa9aaf8a1d99a5ad5558016b3953d0dd1f7c70b989863fd1d66f6a8d7a0d14fff351dee8f436b89d5dc593e610721068fe187055aca4";
+      sha512 = "3742cf47692ef0a6cc3597678601c260bbbcedf1828286ecef73c55b51113b63954d8f1577050f7db647fc5c520c080fd476e2b714c1c7fc4d2a2eb7bb5ef450";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/da/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/da/firefox-60.0.tar.bz2";
       locale = "da";
       arch = "linux-i686";
-      sha512 = "6243867a2a5a7a30176c4698888e7998c35ad84790a75a86808e6490f013990890a8137579928573564ac7dadaee6efe921579423773a0c25aa57db17a216eeb";
+      sha512 = "500ac0b682d60e92a695da8b63c87414f2d86f48fea269946b978fe2e1adb79583c813764d039e2201736d367c86dd91a2ca62a555d3355d25b7c4dc96f9fea7";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/de/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/de/firefox-60.0.tar.bz2";
       locale = "de";
       arch = "linux-i686";
-      sha512 = "d21c6a44def103db09a072ad72fc42d3876fee9095c5b660fd491084301e2d3bbe383b4c7f9419d666dbf280bec59743a034b4f576cd618142dc7f498fc69e5b";
+      sha512 = "4d0e210832d9a3290271b804bcf3a64c125764c6236bb84af88988c8ffd0aa57ba7e1060985005100476f36a4a93da93469717634665a634d726a1eda372cf73";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/dsb/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/dsb/firefox-60.0.tar.bz2";
       locale = "dsb";
       arch = "linux-i686";
-      sha512 = "34446bdb17e81da9ec3689eac248b2ca0fb11ceff7a153bb502a5e0d62a16d2d4a090f9a29e4ff61ae1f87ec68f2fef94be53895a409678d14ad99331058495c";
+      sha512 = "39b5f2aaf2617a021d15a9da5a3bdb9ce5e56b28e8d61d7d422d5e95918fe10b5608aeb255595f9f92879fc48686337dcb93fc5b8e4a04610523156c8097f579";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/el/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/el/firefox-60.0.tar.bz2";
       locale = "el";
       arch = "linux-i686";
-      sha512 = "f5d73ccbe24e30eed81546b6132dc70f08feaac68dffb749ecd7af14052b343aaa4de7bf0ff73924b28b4c5b86c29ca1f6a69caf85ee77d4c4088b925547825b";
+      sha512 = "bc8d884f1b850d0b76625d4abf1a919481d23a0632e89396ade24841d7bbc9e23eeabed768b7d937bd7d69adeb2146551e25065251d65021240459f197a6d533";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/en-GB/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/en-GB/firefox-60.0.tar.bz2";
       locale = "en-GB";
       arch = "linux-i686";
-      sha512 = "4dbf56a7aa86341c2d08b799d76c7e0dde04d418539657f74e18a088df29d390ee10b60c1b9625bdf46ffc4f458b6ca3e86aa93b1a2d948f10b7d7bb6ac250d4";
+      sha512 = "905394e0add0e530b4a0202237ce6c77bbc124543f2fada77ff6d578b52deeb90861ce4b7df907b9be0c12863b4aea9f545ad55729b83e713cdb556c7d1c4404";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/en-US/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/en-US/firefox-60.0.tar.bz2";
       locale = "en-US";
       arch = "linux-i686";
-      sha512 = "15e93c9d069d0e4761520cefa508fdd7e06cca979ddb9cfa1762d70d104f5758fdccfecb531c6099f9372f112abc88dd273a29a67f720cbfa1be5c440378363e";
+      sha512 = "75d3f38d13033717486a7b9cd686cdda1dc15d2064f47311b1bc4c7cbd4c1fd783fb1b8298751360f1513e74dcd1f9eefd73967fb248dc52e26bbc92f5914b3e";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/en-ZA/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/en-ZA/firefox-60.0.tar.bz2";
       locale = "en-ZA";
       arch = "linux-i686";
-      sha512 = "772ca9b0318e1175e455d2243ea537a5bfab8d84541a7ee306b3670084240b9eb165935f41ef874650c3b1f5e4632ad2d5c0bce3f29a05a0676ed3ddf133cbd0";
+      sha512 = "9ce1abed9f7bc0debbd34e70c036ae48afe36d87b1cd4df108fd5ff698b3d8e8b32cdf5c8d9ba8b9bba2c7113eddaf9f7a5d015e1b908b47c98f066bff644b40";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/eo/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/eo/firefox-60.0.tar.bz2";
       locale = "eo";
       arch = "linux-i686";
-      sha512 = "cc3c98e80c343b065ac8f6af6875d1b2146113303ebaac42c5866d03ff254aebab2cafe398aa1fe38ef8c9d4fb8ece87345e09114145e06a2a7d6c783f1ef601";
+      sha512 = "bf671aa74bd9f22d56864b46d12ac131255c43b2820cda77264f08c48223627e4dff88872240b39d6404a7cec2135788ce5b08506eeeee571c14e2d933d8eb35";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/es-AR/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/es-AR/firefox-60.0.tar.bz2";
       locale = "es-AR";
       arch = "linux-i686";
-      sha512 = "fea909cd16c4558ed05602cab2c3a22186d727da969143b77deb9515ef4d87dd41e59e7fc6a322e924f0b809b6205f37297576106a50b5896b4920cdab2e4749";
+      sha512 = "b282c35954eed46ddf46ed1f0e0ad52440811f6bb0b351337716eed5bd595c519792853003a6f7a742f83beb5231abe8f11deaaa176febe2dcbf84a43eda4077";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/es-CL/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/es-CL/firefox-60.0.tar.bz2";
       locale = "es-CL";
       arch = "linux-i686";
-      sha512 = "5015cdb3a1d803abed9a143fca7a118a239e37a38a65898de7ae60981066113f270260fe8e9b83822385115c2b5e378cc58ed68949ef6297e0f7fc1e28c9c8e8";
+      sha512 = "278245defd36da337383e6970b8afc59c37b207248638db8947a8fa970ca025620dfa8c8045ac2c0f53b4f3e8167425c2f6dc2071574931b43190560ca511ad5";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/es-ES/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/es-ES/firefox-60.0.tar.bz2";
       locale = "es-ES";
       arch = "linux-i686";
-      sha512 = "81fe49a2f31913c030cb801180daf730855dedc5f6adbd39d7d1d8a4b359a3aeee063d7fef0ce35641f163f5f8c965603bc549a1ae3b2458682c390d16a0faf0";
+      sha512 = "f0fb467bbace051bc229fbe07f21f29db492d35f3901cfa9b488c72f303a5dcc85a7969517165980ea7182a85c45a3758a7ceedea3c51bb8a31b9e81ae197214";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/es-MX/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/es-MX/firefox-60.0.tar.bz2";
       locale = "es-MX";
       arch = "linux-i686";
-      sha512 = "24bff972bb2f27530b18cb7a640f2f85190977725cd82b1e86c1b47578f1d3058fcb7387d19cb2e1dece49b72c17048829bf6a66aabee2592a4b9503e3c4e546";
+      sha512 = "9a0bfa7ec953da8564b34d0e17efb6935bac51399f604ede83f4c0497494a93ce087ea35daa8ba0c52839e8722ce3bdbceb2e1ed17810f5816c5dbc9778bcd72";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/et/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/et/firefox-60.0.tar.bz2";
       locale = "et";
       arch = "linux-i686";
-      sha512 = "d60b637f9d78a2b9e53dbab8e6db27aafa701af3cde841e056158d3de53d1c0c1032c5381f7c388edf59b1476078e0dc8166e82f39f7c006fc28c5d897f0e1b4";
+      sha512 = "12209ad383627aaafdc4a89b462494f23eb239c736d5f3a1f2541b0ebd5487d6348ac63ccfd4da40df9c8bb929c02a9a54563bd6c53ec5dd87edfdeaece0bb5a";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/eu/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/eu/firefox-60.0.tar.bz2";
       locale = "eu";
       arch = "linux-i686";
-      sha512 = "47ed51fa6f27e8b7bd9dd0c3556af3d85e6b004d5c6a5868db8c844ba97a06eba4d3998295058ef92c4a49dad31fca0a3c24b19603e1fafccbf6b7d461596080";
+      sha512 = "afc9e8e0fed835420c385f0c19e81d1711a8c99a7b02f1a8e09218ac2a30aac6380ed88040e96a36edd39a057b98581cdc3a043d6222aaf30bab92ca81669729";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/fa/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/fa/firefox-60.0.tar.bz2";
       locale = "fa";
       arch = "linux-i686";
-      sha512 = "8919e1daf708630e397200f09b3e9810b3aa40feb87769af5e1f0ae44ab49c63fcda1982cae5ac4753c600164b34f533054e055293a87e5a8fcf55809cda61c0";
+      sha512 = "6e8821bc7678a1d486693b2043031064618ff06309cd5b0dcaad0c9b712a312e43cb948bfa0e5e5af1eb54ac8e258bb6a5464b1369c9759ac72803709f5d86b3";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/ff/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/ff/firefox-60.0.tar.bz2";
       locale = "ff";
       arch = "linux-i686";
-      sha512 = "b0a6f5a974750f3ee5b485872d1e7c51a3d894c4118de139b718e85eab94624be302ce2603233fdc3a75df3f12242d4d57c9a96ca1f429bf9e0613d2b299ee86";
+      sha512 = "ecf9565c6d6e8442836dfb50f1ad833cf88ea9eab884dd3d2fe6f1296d6230658093f27e30e953a51c2bd6ba5d69823f1f4e3f5457cc40a4e516b14baa17d884";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/fi/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/fi/firefox-60.0.tar.bz2";
       locale = "fi";
       arch = "linux-i686";
-      sha512 = "7dc300de36cd860d566a9b84de0ce2c4fdd5eeda4bf641a45e40779e98087c7dc881d2c623c99f8551c08bc84b98b1ab4547ab8144b1a22795710f57112285c6";
+      sha512 = "ca10ece92ea7114a4c91bdebadbab97933232f8610719b5130e2658600b9ff7667834708a992500f31628249bca5c585f08fbced1e98ff31e318a20b68d3e27c";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/fr/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/fr/firefox-60.0.tar.bz2";
       locale = "fr";
       arch = "linux-i686";
-      sha512 = "ff793e4873e8895259b2657d613513404953d27d81bcb0c26ac97c3c2ef2c1ed8db3ec909ecb744dcaa7d194b4fa0660885daf96932270f1382742dd55e0f5b0";
+      sha512 = "2458452a4c239cdc36e744e4116791a310f2a300b913b61dee64e20349dbce8c0290e544027f0b9eca6d50dcc57561e63f4c618ef5ece9cc05815337ce639498";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/fy-NL/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/fy-NL/firefox-60.0.tar.bz2";
       locale = "fy-NL";
       arch = "linux-i686";
-      sha512 = "cbb9bf54a401aad2bc8bb869f8680ee4c00e5ae206ca9b7db732c955ee256e4ad226ccb8ffa320cb3e08aaaa787032b3dbed06aad548e733ba43ec87ddb52bb9";
+      sha512 = "51cf096cd74d98bb081f9d397ff7eebc4624bfc4b90de8000bdf07dd739a441543d631dc783af1bb8aa3c639492aa1e402541ea979fd7837535874d8a4adb771";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/ga-IE/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/ga-IE/firefox-60.0.tar.bz2";
       locale = "ga-IE";
       arch = "linux-i686";
-      sha512 = "bdfc3de17be432cb55219bf3f2a3d1371f3fe4776f452a0fb37ce4f5259fadb46487778ec63f6065dfec2cce43758be2e5ed8c5f75394f1604f3318e96f56363";
+      sha512 = "680c47e14f7c6a1abd94ac73bba738a44c0bab8745176639283efea617974c40efecf5b43538940c43599bcdb21ff6c4cb380c3c53c0c9915fc542cc647240d2";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/gd/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/gd/firefox-60.0.tar.bz2";
       locale = "gd";
       arch = "linux-i686";
-      sha512 = "008548e75853625b690bd92e60cea25c1d9b302f7f78f42fdb4536413c10b8203f337c8384b45c3c9b729e6541f57a22e12ba264594ccfa82742373df571ebff";
+      sha512 = "3702012b6a32bb9878747d85a0a66c69ee68fe2eac25be428b9e07081a90c867cafd70d2cae32b48229fb333c3f3dddc339f43212aaca29508db33f5807ee6a3";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/gl/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/gl/firefox-60.0.tar.bz2";
       locale = "gl";
       arch = "linux-i686";
-      sha512 = "212ce344a4592ff36006e4671c29b7a4734e513d5267c4ed0e7c50c6d0b794547cb042d543feeb55a48ced69bf001670683df159354f152f9d45786cc7184c03";
+      sha512 = "bbc4986b7d03bd11041e969ef8341023a95e2f4a524c6cbd2290555ced2669edaf89971bd58b30b8193dd880a068d9bc8b2c0a3b16310a678b19e3f5e60c3c65";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/gn/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/gn/firefox-60.0.tar.bz2";
       locale = "gn";
       arch = "linux-i686";
-      sha512 = "6f60fe0c208b6447b4ee9f8c550805f070f4b3209632de91fd0a60853cdba70aa9e6653a29429ea4686dff3ccfe5dcc5a1fedd6495c7d7c38b623f31c2cfe19d";
+      sha512 = "a27c80bd7041fc80939716b55c631796e2421a5bdd05843d411d6f0dda84a636fbd366cffa214fba133635332318af2d2e67f5e03c719b12368437dcb4341142";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/gu-IN/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/gu-IN/firefox-60.0.tar.bz2";
       locale = "gu-IN";
       arch = "linux-i686";
-      sha512 = "0ec6bdefeffbbd52655d332b9c21be2b372f6ee260684cd28216679aa1af267d0408d5ba641a5dcee145b80c357936a090700427520f9ee7d712e20eec13c57f";
+      sha512 = "14edc663057b200f32f9a4437c0141d079fa5b77eeeee357d3a09342299643aa0ee5146c6dc2fe0a178285d39f530c58c456f8bf6533e7f901cba551ad84f1fd";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/he/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/he/firefox-60.0.tar.bz2";
       locale = "he";
       arch = "linux-i686";
-      sha512 = "2a4a76c674fd53eed5a73f3ef5d143138752e9d52db5c69d56fd5d0dff1c19349afba6987c4736d53391bc602245c1d4ac9f5c9b60a0c1d561f4162c859ae3b5";
+      sha512 = "ce57395416083abb353c45050b6f6fcc8c7b9affe81d6e8504b8c6264b806ce33a44bc018918df92cfcdef047d31c67640074c63447a76c65f5928fbf6b0f50a";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/hi-IN/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/hi-IN/firefox-60.0.tar.bz2";
       locale = "hi-IN";
       arch = "linux-i686";
-      sha512 = "34d932f073e803678990098623149dc0ea427a70ed3e604651fb622a87404ddaf25c3a79503f4e343315101704f5cd1db058a262ed47ae02eba85f102a64f780";
+      sha512 = "a3621b49b47f835381df92712044a1d9d4655bb0d4a8502841761a60c8d00f0fd0288b8a6574aa2baba88ab8cfbe714c866bbb493aaa1bb382f75ca069f1a97f";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/hr/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/hr/firefox-60.0.tar.bz2";
       locale = "hr";
       arch = "linux-i686";
-      sha512 = "474f5d71087f8eb2646750bb6a14c993b2d3708234a09b4ecee7b43e2ed75a8b9d249749f16408751a019b9a32ed8be57c5d61f9fdc36ad0f1e7aa7b5863ab9f";
+      sha512 = "49cb57fc321b67e1b5c9e516b72d36025d22abfdc49bda180cca0194cdc0465be5c0e7edd9b98714eb3b1a7c0a1946bd28d8b9ae59e2ac4e9f45d48916cbfeb2";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/hsb/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/hsb/firefox-60.0.tar.bz2";
       locale = "hsb";
       arch = "linux-i686";
-      sha512 = "9b9127af72f9f4d780714c41a54d26ac3e8065c8ec42e0ed1318013896a3e8d920786713c79ba626f4930c92d44f2acad72ac600b5735122470fa3e3ea317965";
+      sha512 = "c8488108906636a4a93447ca28176013e161c56e86d16b535cd73bd27dc568ce22fccff1d26a520a76578c31d870637afcf04ae9e104fc6b347701d4021eb98c";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/hu/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/hu/firefox-60.0.tar.bz2";
       locale = "hu";
       arch = "linux-i686";
-      sha512 = "cec7b19e6e3fc11708c4b67105b191433880b53da8316fc8fa4d6af9eea23cf17423bbfa2f6283490815ee5c7ab33ba8e66ee7bdc201e3eef39808db34d572e0";
+      sha512 = "69bc30e00e39f2c3ae4da333fbd48a595dcc84f7e9e2cc0691e04658ab02e48d2ac6a1e9194faba7a0c28df3637ff9d213708812436200213721136775243d91";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/hy-AM/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/hy-AM/firefox-60.0.tar.bz2";
       locale = "hy-AM";
       arch = "linux-i686";
-      sha512 = "4c25802601dadbac82dc260e329db69dff3b69d1eb9237fff76ae6de98a00a79dde0702d4cecfe67016a26e2a7ea4b1f15ce70eb82f422ea3bb8afb9810313bb";
+      sha512 = "155c1a34a252cb1789c85ce4d757f483cc51b62d1f8bbe6179adfe5642a9693f1d202240a1765c5966602c03f95dba5c8ae58cd9a0c98edd65da101e61593cfd";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/ia/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/ia/firefox-60.0.tar.bz2";
       locale = "ia";
       arch = "linux-i686";
-      sha512 = "99b3d9c4533d376ee7a9f8fd364b9b44a8f0b9f235346a60755f144fae4550a6d51993952736b58e28ed3d07a549cd1d2da5223d7af28f187c78b41959e5d733";
+      sha512 = "7e603f5d72c0b060404d6639858051951a4aef9d61f3e1e813e8c0167896e15a4b837d6f0eae5da8b26acd8b5899c7a557e5e259a797b096a6e6d8eca2cc7177";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/id/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/id/firefox-60.0.tar.bz2";
       locale = "id";
       arch = "linux-i686";
-      sha512 = "27275c8e2deb6716c8492fbc4ff56b8a2061be51101a2a7085c0a4bdf35c0bfec77af1f650236d13096ad204b93df695d5ab238ff6c312f9092f4d8adbc8d431";
+      sha512 = "82179d401af39f949057153062190214bf294445964a6d1c63102da1a7f94ce3327351e6257e82bd66c4586791a73c11e2394207514cab6b8ac76fc7f4a2f147";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/is/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/is/firefox-60.0.tar.bz2";
       locale = "is";
       arch = "linux-i686";
-      sha512 = "54b6be973aab07231843455b3e0adf8f7dbc19ecd1e484795af7d6a3e346ae717621d0950297379c88a955bd75af0a19497f55015cc624609510fc3ff7b8355e";
+      sha512 = "20237dc74245241a289a4a51964d19ec0ae60732c2a528de412d5ae70aebc1b58c4d4ad514109c01bfb1bbd83d4be22bfcf18b89361eeff0e9024bd07acfec35";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/it/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/it/firefox-60.0.tar.bz2";
       locale = "it";
       arch = "linux-i686";
-      sha512 = "bea36ccf3c3202bb41d09ef07cf4a30d8f3b7d64a96e4955f1e62c6ce1c252726991bb3dbd1d41b840ad7d626ca2abc83eca59a1997325d0f54231daea95ff06";
+      sha512 = "d15b7b6a4e56676a45d2a0c55612de6b57a5d90558bd826d3c9047db831551893cc288771826b95a0ceb587b9bd82e5b30c914f9dc7070bb09a93073222e2bea";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/ja/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/ja/firefox-60.0.tar.bz2";
       locale = "ja";
       arch = "linux-i686";
-      sha512 = "bfc409fd6487ff113045732d1826589f8020597958cad12d2b821f496eeb53e65cd4e1b1d002527f6255350254b60a96d9d04c47bcde8bac89483b04270f5b86";
+      sha512 = "e47706e58a216f0f468bd6972d0373c3795a33318f811064b1c7dbf78a955bc65a62f8f27d66c656b002a4301043485abeaef8c5ef28622e65bc355cb1fa05db";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/ka/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/ka/firefox-60.0.tar.bz2";
       locale = "ka";
       arch = "linux-i686";
-      sha512 = "f62ff3d950324b140238dc9e521e6a038a64dcc22c2679b36b59900b0f58b15d774084fdea7a1f82125a7d09d1b5c831808424e63612aac9e0a61320f6a3e4f8";
+      sha512 = "84c141262f4c2a7ece6ae6effb47ac2ce277da9db4bf1683dfc62e78dea5a0daac52647279da7ef19e439c8622678e235fc90763a0e19dcbf156aa0e2b30d8d0";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/kab/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/kab/firefox-60.0.tar.bz2";
       locale = "kab";
       arch = "linux-i686";
-      sha512 = "573b7cbca69294ac56fd714308caed1549dbaff2c3716887765cf968c20d0ed37b1e0f2849af2481ef237d7c617c6641c42ecf0337fb0fc18afba82c89def034";
+      sha512 = "d5ca56b0d58f9acf8577cc1a69f1e0213a2d9e6c6ad70f6ef2b234d6ca87ae4b37489f69f7d8003a71a7992c6443700c8aa2739c58bafb34d3f99ecbe2b9aca3";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/kk/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/kk/firefox-60.0.tar.bz2";
       locale = "kk";
       arch = "linux-i686";
-      sha512 = "0503e33fc8716dd94c455a0a6201334ad2bbe1f3ad9cbce057d69ec77d65bdda48a126464335cee62117b3638be636e8f2908a003951dd2866908c964a9f889d";
+      sha512 = "8b892727929298025c9f7c212da27c6941afbea15a07b5212bae363b358c05ca5373a1fcaf487e2f4f2aa5a491ac0a244e74240b22d80125140ea563432bb7b8";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/km/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/km/firefox-60.0.tar.bz2";
       locale = "km";
       arch = "linux-i686";
-      sha512 = "15797d366faf6f4daa60191e4c91cd9feab242e0879204ae8114ca5824a78fc42941c79d190526e1387ec28d2c150d008d4f69c78c450fa6c6aa9d3cbbd151c9";
+      sha512 = "11326282020f7b673b78490452fd47bfd932c99ed523b87ef4d99b55a189069665d1e8cb7d39d0f45a673e1e36e0bb689b9454c9047c1f701dc1c9b18055f043";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/kn/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/kn/firefox-60.0.tar.bz2";
       locale = "kn";
       arch = "linux-i686";
-      sha512 = "53908d7a78feb6b4ac8365aeacfa7cc845af5f324b57e0fed6bce78eb4298b316ccad268d022e9adc409eb9be49b9777c7f01197dad4ab79746b8805877c1706";
+      sha512 = "842005f68c58fbfc6c831a7515e0ad5078697e6eabf40294fb1c0b8bf45497549f0636b6a9d53973f64d0d522d601cc0d872ce6f515c4a488c2aaa563b70da60";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/ko/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/ko/firefox-60.0.tar.bz2";
       locale = "ko";
       arch = "linux-i686";
-      sha512 = "ee4bc8ffdbd1a329df5dac2580122d883895418b93c69146206ae4e516ba1e5e993b23870ff487fb26df198b3ad73b708f9cd1f8c3f6a9f60dab73dea6ecd373";
+      sha512 = "aa8bf2c373fe549a59f3412e3b155164c3f4953257f7adb6535c3e4cec494e1191f25dfff9475fa610cd3ab765c10c4a303c895c78b35720483677a87613923a";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/lij/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/lij/firefox-60.0.tar.bz2";
       locale = "lij";
       arch = "linux-i686";
-      sha512 = "a3e92d13e071ec8e76c9a4b946fadc146664263b5176ecd56dc6d412d4a0b8165b67c6be568805455e2179dacb2dc9d5d917981e3b6d52b8ce994d4062d7aae5";
+      sha512 = "fbcfad4fae4dcd132ccbc2fdbf7cb6f0deb49357c987c52edcf87b25d55684732b5e6a834d0263996620c2b4149e06b5e82a097807d8673a8b7df6c0cb9a0561";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/lt/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/lt/firefox-60.0.tar.bz2";
       locale = "lt";
       arch = "linux-i686";
-      sha512 = "47c6066bea50fa958812ac3389efa3408b2c35ace30c99d9ffb91ae037f1a2444933eb081992b97e3419554ef6ede9aff7c445b5262a59a324e7c1301059f149";
+      sha512 = "f388751a01ed0214c284ec1ef1045a7c66c7a201901ad48370d7fa3c0e06e2b66c3ecc42357c781b58f6308efcf74e6b0c3902a8db46b11d0b39435294eb5e42";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/lv/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/lv/firefox-60.0.tar.bz2";
       locale = "lv";
       arch = "linux-i686";
-      sha512 = "090db495b0e0883e0e378d992a855aee03e2f2fa02ea257522485742e5a879ca42231029c2e36b8a8c31425e343ea0fcc2568a9a961752ca709737c3b3bc32ce";
+      sha512 = "f932a06b7667762f41c410e394b4ec5cd91116cf82a774899b48045143c6fe88840ba472d91c71f7088f420563857b185c99cbaee884acb2ad760ce7f83abcc4";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/mai/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/mai/firefox-60.0.tar.bz2";
       locale = "mai";
       arch = "linux-i686";
-      sha512 = "b073c397f8d5196e14d0bbd45485532ac11cd01c42fba883c6d2f3b8f831b6cd6ce095f44e279b17ec60a12e48b776004edbc22ab76fde69af875842a48fb2c6";
+      sha512 = "34da4ab327eba8076fd9944ad1c86b6e0e300df870b5a7ce906c7666df8c8ba7c76c792da7d8776150710bf2e8098a0ee9de86c273b19f6fdeadb5978258357a";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/mk/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/mk/firefox-60.0.tar.bz2";
       locale = "mk";
       arch = "linux-i686";
-      sha512 = "eb20befd569cf18a9bd8455d56d152e48b194e6703cc21457af6407348f5db0405d9fa6a7b503b8c72c96b9cda953c3e0167e5803f6f62947751e042562ad427";
+      sha512 = "8b92fd90754604535c641286e465b720400505e86d778d554364ba6e3fea9db038607bc0638e426123760de59a4a920d21fc4522d8e3e155f47d834ef7db4cd8";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/ml/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/ml/firefox-60.0.tar.bz2";
       locale = "ml";
       arch = "linux-i686";
-      sha512 = "d91c916c45e9ac2abeb655bb318030553139294859701ad99cbaed1c946a24b71ebe63b7efc2d66f995cefe09b7d04bc5bda17784713d8e4a5f27702c4ac7797";
+      sha512 = "4ce610e4b8979027e12dc07cca350f467d9f48c9c8cff1f52d08452616cab30dc8c49ce967ee49afca1c4905121d93ec00be9892b7b613736f1daced144f4347";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/mr/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/mr/firefox-60.0.tar.bz2";
       locale = "mr";
       arch = "linux-i686";
-      sha512 = "9d925c4828a427bc77631b28ffd6857f5adc38266731be58e283aa99b2fb4ed304ab464b32f33bce4ce1506c13c76947264891eabd7e63dfdbd020605bb1e8c6";
+      sha512 = "1c1092ee47d62addc304dc81ddef6fa2987afd778ed8deb2796c862496bba584812a9acad11deb045c050fe80aec523de3b007488bbd23fc039767254b8f5918";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/ms/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/ms/firefox-60.0.tar.bz2";
       locale = "ms";
       arch = "linux-i686";
-      sha512 = "2e0f463f9db9f6c0e44e354ea495cc06f5dda8c92af586745744434c112073f4f46eab7576d1e26c93a7a8b739deb09930b10cca01eea70f6bc245a44d58fa74";
+      sha512 = "d0e4257f953e907c2ebdeafb7c60e3407906f908a9724ce6674842a2c87692963d0d932ba16e92ab0506cb91461ad07712178914f38feeb0662cde7b0fe035c8";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/my/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/my/firefox-60.0.tar.bz2";
       locale = "my";
       arch = "linux-i686";
-      sha512 = "3e279289928231a02436cb344f1629b990b220c22df04e4cd3583a4995e59901a0062763e246e8cbc44ec696c7a94eb8e25ab7534a9f32b957f1332228af9b7f";
+      sha512 = "d77bce209f0b333abf132f9d8220b5d808e7aa45930f509278b9666c4f0bf03d09cd9a38752af7924a66f3c1171260a92ffee2ed550c75c304065e413d9d25ac";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/nb-NO/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/nb-NO/firefox-60.0.tar.bz2";
       locale = "nb-NO";
       arch = "linux-i686";
-      sha512 = "abf3048155dff62d4225471531568292410bae499f10a7f51caa493bf3c66d45a30fd3fe62db2bc21447259aa75e024681abd8b1f8567fd7647202b7399b256e";
+      sha512 = "a1d86b6859599df2680e68e166e411590eda852923117051e28c14832c061a975dd535b11439639e44b1ea85bc4b409aada94e01bbda8847d4ca5239268306f3";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/ne-NP/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/ne-NP/firefox-60.0.tar.bz2";
       locale = "ne-NP";
       arch = "linux-i686";
-      sha512 = "a0a9a872bb6f92cc1f5fbf17e8ffa06fe841d5c0f50bfc543779caf10726e1a0a18bd003aef9619b25110b5a37510375de077461c3fab276cd58b319f4107a1c";
+      sha512 = "5cd668f8c4295bffd14d769557f0be86b643ade50990497d72f15f5da15e1b4e82cb9b671045f445e87987f13fc97d05d04970d9fb559db1edc0122bf08871e1";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/nl/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/nl/firefox-60.0.tar.bz2";
       locale = "nl";
       arch = "linux-i686";
-      sha512 = "0b0a0b5df01a72c4a433938dd8f750c60594e393108564ba20745205fa87e30231e8518e28bedb770d5b988c3684ea80f27f7de28d864a26da69fda3a5c39617";
+      sha512 = "a0aac7fda38ac8f85ba341a11b1e90bb21dd5827e5201c782adc854a5b159a5555eaacc8df78bd6ccfe6945fa4502711b655688e61bf1d24748872da7830f522";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/nn-NO/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/nn-NO/firefox-60.0.tar.bz2";
       locale = "nn-NO";
       arch = "linux-i686";
-      sha512 = "0a8c474d2e0103dad61e7efbfe8bdabcf246395e7abc213a6b195aff79ae28d843c4dbcfcdbb1740c6d49e2329a1afbbde8e798dc50044be4924450c7f024396";
+      sha512 = "e40c0bab77e5437c77a2db272444d0fe6874b9e153f84033f0bbc21a3d987562d77b5e37da82accc1e996682b8cdfc8eb67c104134191414e6a86f755130aac0";
+    }
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/oc/firefox-60.0.tar.bz2";
+      locale = "oc";
+      arch = "linux-i686";
+      sha512 = "86a2193d5d442dad54fa55d83f0788d3e30b278370ef6b5836ad06e36307b599155ce2bef6760e6c73c56f4badfb1ad63073d3348395c598e13be73b2fef762d";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/or/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/or/firefox-60.0.tar.bz2";
       locale = "or";
       arch = "linux-i686";
-      sha512 = "3b97c26b98859f1fa6e8cd682908c46fcfac7bc4aa6d6e8b0495bcdd4e1ddb53f924d4436499dcf0f059ab24d516439c2c8b4881c938d74ebb7c0e2b30911a14";
+      sha512 = "b10a8f799764a2933d6a3843848028bbd8f6cc7fbe2566550426c2f066699158f654bb6913e57585fd695bd775efa29c054c5b7992efd1110d3e7135723ce206";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/pa-IN/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/pa-IN/firefox-60.0.tar.bz2";
       locale = "pa-IN";
       arch = "linux-i686";
-      sha512 = "978e0143198910d4c8c47764f7fce401cace00018318e5deb71a22666d7f94df735304354dd07ec2ca4386898ed4c15c8cd3efb1104dd054a4c1c11661b7619a";
+      sha512 = "5b0e9b50dd17472919cbcbc04dd8edcdde706d08421723e7afeb978fb31422e49751a4377a414b330ee81a6ad0e6ecb508db28d9a6a9fddd6e915819c1895fe5";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/pl/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/pl/firefox-60.0.tar.bz2";
       locale = "pl";
       arch = "linux-i686";
-      sha512 = "618f2dd7460090dd0b1c0edff4b33d5ae51f1298f20ec5ccf845e5e6e5e4128c55b937496257ef49064806a720b5c8326cedca9764702824391447a83ed2118c";
+      sha512 = "49f9ff7f27dd04ff0c05b82b82d9f3864b3fa10cc27fe86099773e4984f6ae8d6ab8be964d345801a4bbf84b5fd28e794eb850d67f5e82d8a1a693ad77e8f396";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/pt-BR/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/pt-BR/firefox-60.0.tar.bz2";
       locale = "pt-BR";
       arch = "linux-i686";
-      sha512 = "7e12f0f18562fb628b994df2e2c2a9bac4fe85ad593a0de37f3e1c3b1dce60406d2f28606aec5cf84ecec05570b38e7dd95d6f348dbadee09bf27ac34d52b47e";
+      sha512 = "e4e6a6b5017297faff42ea399519c414530b2a281a9e8d20858c10b464e06d989f145b78b955e653fa5f11895a2b375d549bf8bad01b10fb4b8c88e7b5aab2e1";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/pt-PT/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/pt-PT/firefox-60.0.tar.bz2";
       locale = "pt-PT";
       arch = "linux-i686";
-      sha512 = "80d9c00f741ab177a5d0ffd94a8462077240c07a56dfb49213e222264224d5df5f4f964dac55d097b0ba9d658dd42ed50761ca86fc087c29cc4ef9d2972956ae";
+      sha512 = "6acb042f4e22f67afb66a2a34f7c3865b77fa59dee2e163594f87c0aff0e409d3f252ffdb1986a4f7d776ece974ccb8701c90e72ee4782ea774298f801782271";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/rm/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/rm/firefox-60.0.tar.bz2";
       locale = "rm";
       arch = "linux-i686";
-      sha512 = "9ef01b038cb0971b41fbb19d250db4ca96adc31f0a9cf8b7197ebe700acfab69b2dae35f2c3487ae1983df0793cacd5a7aca7d9fdec8b7fa94cb245ff1308338";
+      sha512 = "822ca52c4be4a5ac19fd1c0436603d587816b3771f39ba1c6bb9e2e047b8e5fce8d8b4ae5109a07c79cbe35ece397cbd9644a45b4a8dd3d79d0e5162bdc6f68d";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/ro/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/ro/firefox-60.0.tar.bz2";
       locale = "ro";
       arch = "linux-i686";
-      sha512 = "d60ec8a9bddaabdae7b210c7b8f4229b10ae1080a89a3a661b6ffbffae479c81ec8f620b82655d92a792e31d4f1fad9477d195005dfdc803a7f3998d4a091413";
+      sha512 = "0c85d51248e95ba3a6a871b99e97dad557af06686949616990aca8ff939fdc1e4fa3414f91c03f7c9f6b8b1a90d13d8b080bc1a04af40daf57b01681efb8ff46";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/ru/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/ru/firefox-60.0.tar.bz2";
       locale = "ru";
       arch = "linux-i686";
-      sha512 = "8a42c89e4a0ac8f26421450637c2781c2dac2fd4469080f5d17a86cbbaa2c1cae56cc641797e6c1efb1576467c2d9e960b8a486f4b79556eba1d8a099d82e567";
+      sha512 = "cf2b8f766237534342c31f6227e653fbe171222caeb4ba8a234dd23389ac5fd4e1ff7a75cb9fa66d25a3022e73c148cce9872f976cc9e0f8b275c828cb30fd5a";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/si/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/si/firefox-60.0.tar.bz2";
       locale = "si";
       arch = "linux-i686";
-      sha512 = "230b155c90db9c05a8f896357c1cb2baca0f96cada2a62fced73caa94a49116459b4ae42a4f61ce03dd08d9ce03541067a5cc64a53ad17cd63debbfe645a2614";
+      sha512 = "4b480cec371499a48f01455a908b1acc90525b8f92a7cc0e0a4dbb7f81daac6ee60b96ef2c8439dd3e8b38d721317b07928afd59ac329ec80575e10d16579f67";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/sk/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/sk/firefox-60.0.tar.bz2";
       locale = "sk";
       arch = "linux-i686";
-      sha512 = "1072c117830b85c54e7c1ead8ca552e92ce0c1971f26a28d27490802ceeb15fc105323599fd768a8ecd94597b3f51f8efdfb3e91743395c19b52a152ffb383d5";
+      sha512 = "415a8231ef4303fabe66b9e4f3e34ec8fbabd1d56feb5a2f7e9c63dd30907786255992f56ce340609fdfccec6eb88583c00473fdc52245456aa16078cfe6a834";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/sl/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/sl/firefox-60.0.tar.bz2";
       locale = "sl";
       arch = "linux-i686";
-      sha512 = "5580f6777ce0acd2d47af993a8bec2e23ef16d77e6fb653147637e1efa08e82006a41108b94b213e7bb6d57b9dc27e8cc2bc1f0a26e9c2cf766e9c82dcc673d9";
+      sha512 = "e3f4374669d2ef1cb029695ac2945147f7a47d6b97a711f99a0e622aa6919dc30505f19879018f6df4c1f3086937c5317ad85945770ff3cfd7d86e89bbd22886";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/son/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/son/firefox-60.0.tar.bz2";
       locale = "son";
       arch = "linux-i686";
-      sha512 = "0f930af28da8a3643d424dc957643682909d86f83d2cde87656abb33fd5d9c5277a46cf46d4ed28a790eaa0b5681f48cc43a2184c8273cb85c821359d07ad46e";
+      sha512 = "0ca8209e1ca51d4529b6dc20b7c7d15f8e5307a4b4b292a6c6eaabf4919d91c35a6d35694031eac5889ea17ef691f34683210de3590c9bc768bcc5f444b6a0c4";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/sq/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/sq/firefox-60.0.tar.bz2";
       locale = "sq";
       arch = "linux-i686";
-      sha512 = "08589b3b4bfb670a912045614bb408a856b48aee4184b98e475101b1ff0ce3f6659c13ae4ffeb981e28f0b7243ba6b340065224dae0cef85e6f5877b0b150db0";
+      sha512 = "27613a71060a22665d6332b2f8e5e3c91c98a8cd3207b94a67ebfd08b8604c7bad834e4cc2bfab10f9f0897696925e19addee42eb45eaca9b358fe15136c09a9";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/sr/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/sr/firefox-60.0.tar.bz2";
       locale = "sr";
       arch = "linux-i686";
-      sha512 = "2abe8a5c502564823ffeaf59925d6749463e4aa0fcb0732f0c68acd8243b5a1bf5a71834fd9e519df8aa4b7b32fe69336ed9976b1ffb2ca67068cbe47f9b6987";
+      sha512 = "6234e96196069614a25ddf751f820f5787e77f75d0adf91c9a479749471c75cef114d4a3816b4d63227344c4ae9915756c81e862aca3282d467f86fd42faee99";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/sv-SE/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/sv-SE/firefox-60.0.tar.bz2";
       locale = "sv-SE";
       arch = "linux-i686";
-      sha512 = "ff79a7639d654cc2714f75e619c0c6c5862c1e4216fe7e2eeaf3876c47e16a6555dfa28e9be6b8215fe9e308e4c8753c5d70bcc6f3979c8a70fd7330652126ed";
+      sha512 = "3b5f8c85ffd4037aea0f8de95c77ac29f227e6ea02cbd8fdebbfc50ef6a03c6b7d31f695c7e0eb54dbd4d1d5471edf0c4793bf39e78b846c287f35ffc5a01aab";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/ta/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/ta/firefox-60.0.tar.bz2";
       locale = "ta";
       arch = "linux-i686";
-      sha512 = "fb4d4c6def12ffe32eb9517858488921f1c77380f3d1d35a8652ebe7b9e14429709debffa6dd6a1008fee71c664fd8f582db1052a203dc1d7c10ba418222f7fc";
+      sha512 = "e965954447ea2b47b949b74c06857c75b31edf724987559fc13ec25c4eb2766811da9929f0430297d4c7354ffe8bc9ee2b8ef7274bc47d1a07af3ed3f0ceaf61";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/te/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/te/firefox-60.0.tar.bz2";
       locale = "te";
       arch = "linux-i686";
-      sha512 = "ae97d60ac98c6cd9bad620a7c5dba8d51bdb2b035132daa0d915d1fc1e04802a25137bbbac82009ec51c0d858346e2f5c43f9981c48e991cc094cf11711fdeef";
+      sha512 = "05b795c817f46fdbb1b15055203f4622fc231d5344993d96db81c98466724b72e99f8293cab8d560e9c297f7b4197e3cc0449e037096455c480020817aa24a0f";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/th/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/th/firefox-60.0.tar.bz2";
       locale = "th";
       arch = "linux-i686";
-      sha512 = "695fae213cc6705ec130c4dc08dd1c28f6ad605e0a2d0e92deef13737cc2780cd420dd883dc5153bf9cd174e1740effbc817054b16417fed90d04be04f21ab24";
+      sha512 = "6e10c20163819045bafd07216f7d29ef4d737bf60c9f38e4981871fda4c19112b19aa628ede00f45b71c7b549b2611c2cf74044a1d153fb9fab9b9014184bf84";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/tr/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/tr/firefox-60.0.tar.bz2";
       locale = "tr";
       arch = "linux-i686";
-      sha512 = "f79e1f5027a84b772358d25f0441744036f60da7de5c0b26428ebd81900977e70d2c36b454e73f7026b7e20c058830502c92bdb8cc7d55c3ab40df43b7380d31";
+      sha512 = "1ed74dc5b302c70c9d980f6c19dcda00b399879034f6d49368b0a859434d5ba3097360e15de8d47b136dccd3567d60dbef1f0ac20cdcea3ca8757b2dc189a19c";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/uk/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/uk/firefox-60.0.tar.bz2";
       locale = "uk";
       arch = "linux-i686";
-      sha512 = "30b7661e84a875ff356284a87d1dc00a9e8fc1c03c953c471d785445e78cf4568450fec97bb16a1c63b092931719119510f33f55f02ff56e38adf4fb3be3f2c8";
+      sha512 = "be15de40cc87999b145178e5009e144aa1a68d6c7c422dd3f7c1669bdf8c200787ffe650670d29b2ab8230dd25a3ece9bdf9dc5b93331da96df6f28bb2388b1a";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/ur/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/ur/firefox-60.0.tar.bz2";
       locale = "ur";
       arch = "linux-i686";
-      sha512 = "9ef6fed1bea2857fc60e22eb9a87db8261316ba0852a3c5d35d65c3ead474ae34ee532588e25942f76be2f13a341c9bd9b672e5b192db1d3ccfee3f6a6787b83";
+      sha512 = "c4d853ce32374513df113fc95e28c26c2dfdd4e7d2f4771cd23fbad78f29068cd003fd2aad657ea582a5229ee217d3c05c2acc0ee248c10b1630c0bd8b521625";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/uz/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/uz/firefox-60.0.tar.bz2";
       locale = "uz";
       arch = "linux-i686";
-      sha512 = "ab75b5c8e81b6bfc12b07b4fb2872cf2297c7249c352f5b66d95d867698f3e9a601f273e708bcb8855505eaba87b384e2b62f9d0b85e5976acf1c948e5e5a3e1";
+      sha512 = "9912cef59e3f2457126a6623f0e3913248335b29d5c5412b6ddd451aa32e455cf3d4a752f975c6b06a9a4dcbb2511cff6cb918b0bf3564c8e8c37a06f79e862d";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/vi/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/vi/firefox-60.0.tar.bz2";
       locale = "vi";
       arch = "linux-i686";
-      sha512 = "d08e244d22c92c0e64c1104d5bbaaa19fa3b0d8f7a3616ae0df71d8f141039f1e7e87480f52d319f57d545f58c7095da643d4bac150e47c3e595b27cb793076f";
+      sha512 = "5ae557d429613cc9bb3fb4220d3242fad8b7b5a625b01bbe662283b78153b9d96f4d27907e63488500a766606196d8292b61614d007c6c5a4391dc8f88332e5d";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/xh/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/xh/firefox-60.0.tar.bz2";
       locale = "xh";
       arch = "linux-i686";
-      sha512 = "b956f01619afc421ed23ac644af51f62fa9f5cffcd7f5b6bf640014d1326583f8ba871e4e4f5cf8e81ab0a2b46335b5e921243e71ed16d51b2c89f0a7d1a1280";
+      sha512 = "4fac1b8bce8770812566dd05460d7d580f2fca9b4b006c5aefe50ecb8e24d104f725c0fe952e59492d438e5c98e683bf4b55df12a18748eb3daffa59aa4de35e";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/zh-CN/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/zh-CN/firefox-60.0.tar.bz2";
       locale = "zh-CN";
       arch = "linux-i686";
-      sha512 = "80f3c557a7fa2d51f5ba2d07adef2bd6980a4cd256b95702ee4fac2967d039476ea3b828ce951b354be9fea9508ecae2ea12a8b29f8feb0101b2101d741bf633";
+      sha512 = "0f1adcc43685a0da2e855ad8b679270be7131343f92c4f3f19048049696ce75b03e5a8b508a0d025b1348a66f18e65ccbb7def6382d3bb51152d7b9389f53656";
     }
-    { url = "http://archive.mozilla.org/pub/firefox/releases/59.0.2/linux-i686/zh-TW/firefox-59.0.2.tar.bz2";
+    { url = "http://archive.mozilla.org/pub/firefox/releases/60.0/linux-i686/zh-TW/firefox-60.0.tar.bz2";
       locale = "zh-TW";
       arch = "linux-i686";
-      sha512 = "50668a428310083cd175ce0dd9d09742866143d56efb0b13d11de1905d5b1d9f61e441bf1364e518aa87ebc790a335cc3b69d2438d3a4f92b4802345b8a443fa";
+      sha512 = "9a53a37523125ae165f2fd71957f748841302918812b0dea1b1b088eb56906524ddb0a3dc27bbfe7e0b9e7adec2823d5656561eed662c9239473fa21feaf8184";
     }
     ];
 }
diff --git a/pkgs/applications/networking/browsers/firefox/common.nix b/pkgs/applications/networking/browsers/firefox/common.nix
index e8e1862d7f8..5b88a61afce 100644
--- a/pkgs/applications/networking/browsers/firefox/common.nix
+++ b/pkgs/applications/networking/browsers/firefox/common.nix
@@ -213,6 +213,7 @@ stdenv.mkDerivation (rec {
   ++ extraMakeFlags;
 
   enableParallelBuilding = true;
+  doCheck = false; # "--disable-tests" above
 
   preInstall = ''
     # The following is needed for startup cache creation on grsecurity kernels.
diff --git a/pkgs/applications/networking/browsers/firefox/no-buildconfig.patch b/pkgs/applications/networking/browsers/firefox/no-buildconfig.patch
index 83f9a1329be..de278152f97 100644
--- a/pkgs/applications/networking/browsers/firefox/no-buildconfig.patch
+++ b/pkgs/applications/networking/browsers/firefox/no-buildconfig.patch
@@ -1,7 +1,7 @@
 diff -ru -x '*~' firefox-55.0.3-orig/docshell/base/nsAboutRedirector.cpp firefox-55.0.3/docshell/base/nsAboutRedirector.cpp
 --- firefox-55.0.3-orig/docshell/base/nsAboutRedirector.cpp	2017-07-31 18:20:51.000000000 +0200
 +++ firefox-55.0.3/docshell/base/nsAboutRedirector.cpp	2017-09-26 22:02:00.814151731 +0200
-@@ -40,10 +40,6 @@
+@@ -36,10 +36,6 @@
      nsIAboutModule::ALLOW_SCRIPT
    },
    {
@@ -20,6 +20,6 @@ diff -ru -x '*~' firefox-55.0.3-orig/toolkit/content/jar.mn firefox-55.0.3/toolk
     content/global/browser-child.js
     content/global/browser-content.js
 -*   content/global/buildconfig.html
+    content/global/buildconfig.css
     content/global/contentAreaUtils.js
- #ifndef MOZ_FENNEC
-    content/global/customizeToolbar.css
+    content/global/datepicker.xhtml
diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix
index 07495e7d470..33bdb62929e 100644
--- a/pkgs/applications/networking/browsers/firefox/packages.nix
+++ b/pkgs/applications/networking/browsers/firefox/packages.nix
@@ -18,10 +18,10 @@ rec {
 
   firefox = common rec {
     pname = "firefox";
-    version = "59.0.2";
+    version = "60.0";
     src = fetchurl {
-      url = "https://hg.mozilla.org/releases/mozilla-release/archive/239e434d6d2b8e1e2b697c3416d1e96d48fe98e5.tar.bz2";
-      sha512 = "3kfh224sfc9ig4733frnskcs49xzjkrs00lxllsvx1imm6f4sf117mqlvc7bhgrn8ldiqn6vaa5g6gd9b7awkk1g975bbzk9namb3yv";
+      url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
+      sha512 = "3ya0rq50cwryza7d56mm3g2h7kayh17vry565qvaq7wsi9gcd4cbjk4z7a1s4bdka0xsxg2l7v0zkaj666nbllky2462svbi8imdhb3";
     };
 
     patches = nixpkgsPatches ++ [
@@ -39,12 +39,12 @@ rec {
     };
   } {};
 
-  firefox-esr = common rec {
+  firefox-esr-52 = common rec {
     pname = "firefox-esr";
-    version = "52.7.3esr";
+    version = "52.8.0esr";
     src = fetchurl {
       url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
-      sha512 = "31y3qrslg61724vmly6gr1lqcrqgpkh3zsl8riax45gizfcp3qbgkvmd5wwfn9fiwjqi6ww3i08j51wxrfxcxznv7c6qzsvzzc30mgw";
+      sha512 = "4136fa582e4ffd754d46a79bdb562bd12da4d013d87dfe40fa92addf377e95f5f642993c8b783edd5290089619beeb5a907a0810b68b8808884f087986977df1";
     };
 
     patches = nixpkgsPatches;
@@ -58,6 +58,27 @@ rec {
     };
   } {};
 
+  firefox-esr-60 = common rec {
+    pname = "firefox-esr";
+    version = "60.0esr";
+    src = fetchurl {
+      url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
+      sha512 = "20whvk4spdi4yb3alb492c1jca60p4p70mgj2bypa7r8fgjqn57pyh9rcvnci61asar0zvmlihq46ywzrijm1804iw8c4wmlv7qy8dv";
+    };
+
+    patches = nixpkgsPatches ++ [
+      ./no-buildconfig.patch
+    ];
+
+    meta = firefox.meta // {
+      description = "A web browser built from Firefox Extended Support Release source tree";
+    };
+    updateScript = callPackage ./update.nix {
+      attrPath = "firefox-esr-unwrapped";
+      versionSuffix = "esr";
+    };
+  } {};
+
 } // (let
 
   commonAttrs = {
diff --git a/pkgs/applications/networking/browsers/firefox/update.nix b/pkgs/applications/networking/browsers/firefox/update.nix
index 997bccbe9a9..8cc03cf8212 100644
--- a/pkgs/applications/networking/browsers/firefox/update.nix
+++ b/pkgs/applications/networking/browsers/firefox/update.nix
@@ -28,9 +28,5 @@ writeScript "update-${attrPath}" ''
            sort --version-sort | \
            tail -n 1`
 
-  source_url=`curl --silent $url$version/SOURCE | grep -o 'https://.*\.tar\.bz2'`
-
-  shasum=`curl --silent $url$version/SHA512SUMS | grep 'source\.tar\.xz' | cut -d ' ' -f 1`
-
-  update-source-version ${attrPath} "$version" "$shasum" "$source_url"
+  update-source-version ${attrPath} "$version"
 ''
diff --git a/pkgs/applications/networking/browsers/firefox/wrapper.nix b/pkgs/applications/networking/browsers/firefox/wrapper.nix
index b619941820e..5b2ede611d0 100644
--- a/pkgs/applications/networking/browsers/firefox/wrapper.nix
+++ b/pkgs/applications/networking/browsers/firefox/wrapper.nix
@@ -7,7 +7,6 @@
 , trezor-bridge, bluejeans, djview4, adobe-reader
 , google_talk_plugin, fribid, gnome3/*.gnome-shell*/
 , esteidfirefoxplugin
-, vlc_npapi
 , browserpass, chrome-gnome-shell, uget-integrator
 , libudev
 , kerberos
@@ -57,7 +56,6 @@ let
           ++ lib.optional (cfg.enableBluejeans or false) bluejeans
           ++ lib.optional (cfg.enableAdobeReader or false) adobe-reader
           ++ lib.optional (cfg.enableEsteid or false) esteidfirefoxplugin
-          ++ lib.optional (cfg.enableVLC or false) vlc_npapi
           ++ extraPlugins
         );
       nativeMessagingHosts =
diff --git a/pkgs/applications/networking/p2p/transmission-remote-gtk/default.nix b/pkgs/applications/networking/p2p/transmission-remote-gtk/default.nix
index eb88d1c24c2..3ddbe9be4fc 100644
--- a/pkgs/applications/networking/p2p/transmission-remote-gtk/default.nix
+++ b/pkgs/applications/networking/p2p/transmission-remote-gtk/default.nix
@@ -21,13 +21,16 @@ stdenv.mkDerivation rec {
     pkgconfig intltool autoconf-archive
     appstream-glib
   ];
+
   buildInputs = [ gtk3 json-glib curl glib hicolor-icon-theme ];
 
-  meta = with stdenv.lib;
-    { description = "GTK remote control for the Transmission BitTorrent client";
-      homepage = https://github.com/ajf8/transmission-remote-gtk;
-      license = licenses.gpl2;
-      maintainers = [ maintainers.ehmry ];
-      platforms = platforms.linux;
-    };
+  doCheck = false; # fails with style validation error
+
+  meta = with stdenv.lib; {
+    description = "GTK remote control for the Transmission BitTorrent client";
+    homepage = https://github.com/ajf8/transmission-remote-gtk;
+    license = licenses.gpl2;
+    maintainers = [ maintainers.ehmry ];
+    platforms = platforms.linux;
+  };
 }
diff --git a/pkgs/applications/networking/remote/citrix-receiver/default.nix b/pkgs/applications/networking/remote/citrix-receiver/default.nix
index e1fee1bd78b..61dfb434070 100644
--- a/pkgs/applications/networking/remote/citrix-receiver/default.nix
+++ b/pkgs/applications/networking/remote/citrix-receiver/default.nix
@@ -23,7 +23,7 @@
 , alsaLib
 , libidn
 , zlib
-, version ? null
+, version ? "13.9.0"
 }:
 
 let
diff --git a/pkgs/applications/version-management/cvs/default.nix b/pkgs/applications/version-management/cvs/default.nix
index 8a729c28da9..71fb7612b33 100644
--- a/pkgs/applications/version-management/cvs/default.nix
+++ b/pkgs/applications/version-management/cvs/default.nix
@@ -30,6 +30,8 @@ stdenv.mkDerivation {
 
   buildInputs = [ nano ];
 
+  doCheck = false; # fails 1 of 1 tests
+
   meta = {
     homepage = http://cvs.nongnu.org;
     description = "Concurrent Versions System - a source control system";
diff --git a/pkgs/applications/version-management/git-and-tools/git/default.nix b/pkgs/applications/version-management/git-and-tools/git/default.nix
index 74e88430239..a3f61f3399d 100644
--- a/pkgs/applications/version-management/git-and-tools/git/default.nix
+++ b/pkgs/applications/version-management/git-and-tools/git/default.nix
@@ -18,7 +18,7 @@ assert sendEmailSupport -> perlSupport;
 assert svnSupport -> perlSupport;
 
 let
-  version = "2.16.3";
+  version = "2.17.0";
   svn = subversionClient.override { perlBindings = perlSupport; };
 in
 
@@ -27,19 +27,24 @@ stdenv.mkDerivation {
 
   src = fetchurl {
     url = "https://www.kernel.org/pub/software/scm/git/git-${version}.tar.xz";
-    sha256 = "0j1dwvg5llnj3g0fp8hdgpms4hp90qw9f6509vqw30dhwplrjpfn";
+    sha256 = "1ismz7nsz8dgjmk782xr9s0mr2qh06f72pdcgbxfmnw1bvlya5p9";
   };
 
   outputs = [ "out" ] ++ stdenv.lib.optional perlSupport "gitweb";
 
   hardeningDisable = [ "format" ];
 
+  enableParallelBuilding = true;
+
+  ## Patch
+
   patches = [
     ./docbook2texi.patch
     ./symlinks-in-bin.patch
     ./git-sh-i18n.patch
     ./ssh-path.patch
     ./git-send-email-honor-PATH.patch
+    ./installCheck-path.patch
   ];
 
   postPatch = ''
@@ -47,6 +52,10 @@ stdenv.mkDerivation {
       substituteInPlace "$x" \
         --subst-var-by ssh "${openssh}/bin/ssh"
     done
+
+    # Fix references to gettext introduced by ./git-sh-i18n.patch
+    substituteInPlace git-sh-i18n.sh \
+        --subst-var-by gettext ${gettext}
   '';
 
   nativeBuildInputs = [ gettext perl ]
@@ -58,7 +67,6 @@ stdenv.mkDerivation {
     ++ stdenv.lib.optionals withpcre2 [ pcre2 ]
     ++ stdenv.lib.optionals stdenv.isDarwin [ darwin.Security ];
 
-
   # required to support pthread_cancel()
   NIX_LDFLAGS = stdenv.lib.optionalString (!stdenv.cc.isClang) "-lgcc_s"
               + stdenv.lib.optionalString (stdenv.isFreeBSD) "-lthr";
@@ -68,6 +76,10 @@ stdenv.mkDerivation {
     "ac_cv_snprintf_returns_bogus=no"
   ];
 
+  preBuild = ''
+    makeFlagsArray+=( perllibdir=$out/$(perl -MConfig -wle 'print substr $Config{installsitelib}, 1 + length $Config{siteprefixexp}') )
+  '';
+
   makeFlags = [
     "prefix=\${out}"
     "SHELL_PATH=${stdenv.shell}"
@@ -86,15 +98,17 @@ stdenv.mkDerivation {
     popd
   '';
 
-  # FIXME: "make check" requires Sparse; the Makefile must be tweaked
-  # so that `SPARSE_FLAGS' corresponds to the current architecture...
-  #doCheck = true;
+
+  ## Install
+
+  # WARNING: Do not `rm` or `mv` files from the source tree; use `cp` instead.
+  #          We need many of these files during the installCheckPhase.
 
   installFlags = "NO_INSTALL_HARDLINKS=1";
 
   preInstall = stdenv.lib.optionalString stdenv.isDarwin ''
     mkdir -p $out/bin
-    mv $PWD/contrib/credential/osxkeychain/git-credential-osxkeychain $out/bin
+    cp -a $PWD/contrib/credential/osxkeychain/git-credential-osxkeychain $out/bin
   '';
 
   postInstall =
@@ -112,7 +126,7 @@ stdenv.mkDerivation {
 
       # Install contrib stuff.
       mkdir -p $out/share/git
-      mv contrib $out/share/git/
+      cp -a contrib $out/share/git/
       ln -s "$out/share/git/contrib/credential/netrc/git-credential-netrc" $out/bin/
       mkdir -p $out/share/emacs/site-lisp
       ln -s "$out/share/git/contrib/emacs/"*.el $out/share/emacs/site-lisp/
@@ -145,9 +159,6 @@ stdenv.mkDerivation {
       perl -0777 -i -pe "$SCRIPT" \
         $out/libexec/git-core/git-{sh-setup,filter-branch,merge-octopus,mergetool,quiltimport,request-pull,stash,submodule,subtree,web--browse}
 
-      # Fix references to gettext.
-      substituteInPlace $out/libexec/git-core/git-sh-i18n \
-          --subst-var-by gettext ${gettext}
 
       # Also put git-http-backend into $PATH, so that we can use smart
       # HTTP(s) transports for pushing
@@ -225,7 +236,52 @@ EOF
   '';
 
 
-  enableParallelBuilding = true;
+  ## InstallCheck
+
+  doInstallCheck = true;
+
+  installCheckTarget = "test";
+
+  # see also installCheckFlagsArray
+  installCheckFlags = "DEFAULT_TEST_TARGET=prove";
+
+  preInstallCheck = ''
+    installCheckFlagsArray+=(
+      GIT_PROVE_OPTS="--jobs $NIX_BUILD_CORES --failures --state=failed,save"
+      GIT_TEST_INSTALLED=$out/bin
+      ${stdenv.lib.optionalString (!svnSupport) "NO_SVN_TESTS=y"}
+    )
+
+    function disable_test {
+      local test=$1 pattern=$2
+      if [ $# -eq 1 ]; then
+        mv t/{,skip-}$test.sh || true
+      else
+        sed -i t/$test.sh \
+          -e "/^ *test_expect_.*$pattern/,/^ *' *\$/{s/^/#/}"
+      fi
+    }
+
+    # Shared permissions are forbidden in sandbox builds.
+    disable_test t0001-init shared
+    disable_test t1301-shared-repo
+
+    # Our patched gettext never fallbacks
+    disable_test t0201-gettext-fallbacks
+
+    ${stdenv.lib.optionalString (!sendEmailSupport) ''
+      # Disable sendmail tests
+      disable_test t9001-send-email
+    ''}
+
+    # XXX: I failed to understand why this one fails.
+    # Could someone try to re-enable it on the next release ?
+    disable_test t1700-split-index "null sha1"
+  '' + stdenv.lib.optionalString stdenv.hostPlatform.isMusl ''
+    # Test fails (as of 2.17.0, musl 1.1.19)
+    disable_test t3900-i18n-commit
+  '';
+
 
   meta = {
     homepage = https://git-scm.com/;
diff --git a/pkgs/applications/version-management/git-and-tools/git/docbook2texi.patch b/pkgs/applications/version-management/git-and-tools/git/docbook2texi.patch
index bf36b2d321f..ab5bb3c3a6c 100644
--- a/pkgs/applications/version-management/git-and-tools/git/docbook2texi.patch
+++ b/pkgs/applications/version-management/git-and-tools/git/docbook2texi.patch
@@ -2,19 +2,19 @@ This patch does two things: (1) use the right name for `docbook2texi',
 and (2) make sure `gitman.info' isn't produced since it's broken (duplicate
 node names).
 
-diff -ru git-1.8.4-orig/Documentation/Makefile git-1.8.4/Documentation/Makefile
---- git-1.8.4-orig/Documentation/Makefile	2013-08-23 21:38:43.000000000 +0200
-+++ git-1.8.4/Documentation/Makefile	2013-09-30 14:48:51.532890378 +0200
-@@ -101,7 +101,7 @@
+diff --git a/Documentation/Makefile b/Documentation/Makefile
+--- a/Documentation/Makefile
++++ b/Documentation/Makefile
+@@ -122,7 +122,7 @@
  
  MAKEINFO = makeinfo
  INSTALL_INFO = install-info
 -DOCBOOK2X_TEXI = docbook2x-texi
 +DOCBOOK2X_TEXI = docbook2texi
  DBLATEX = dblatex
- ifndef PERL_PATH
- 	PERL_PATH = /usr/bin/perl
-@@ -205,7 +205,7 @@
+ ASCIIDOC_DBLATEX_DIR = /etc/asciidoc/dblatex
+ DBLATEX_COMMON = -p $(ASCIIDOC_DBLATEX_DIR)/asciidoc-dblatex.xsl -s $(ASCIIDOC_DBLATEX_DIR)/asciidoc-dblatex.sty
+@@ -240,7 +240,7 @@
  man5: $(DOC_MAN5)
  man7: $(DOC_MAN7)
  
@@ -23,7 +23,7 @@ diff -ru git-1.8.4-orig/Documentation/Makefile git-1.8.4/Documentation/Makefile
  
  pdf: user-manual.pdf
  
-@@ -221,10 +221,9 @@
+@@ -256,10 +256,9 @@
  
  install-info: info
  	$(INSTALL) -d -m 755 $(DESTDIR)$(infodir)
diff --git a/pkgs/applications/version-management/git-and-tools/git/git-send-email-honor-PATH.patch b/pkgs/applications/version-management/git-and-tools/git/git-send-email-honor-PATH.patch
index 9a484262b7b..6b93d061a3b 100644
--- a/pkgs/applications/version-management/git-and-tools/git/git-send-email-honor-PATH.patch
+++ b/pkgs/applications/version-management/git-and-tools/git/git-send-email-honor-PATH.patch
@@ -1,22 +1,20 @@
 diff --git a/Documentation/git-send-email.txt b/Documentation/git-send-email.txt
-index 8060ea35c..c81067a19 100644
 --- a/Documentation/git-send-email.txt
 +++ b/Documentation/git-send-email.txt
-@@ -203,8 +203,7 @@ a password is obtained using 'git-credential'.
+@@ -208,8 +208,7 @@ a password is obtained using 'git-credential'.
  	specify a full pathname of a sendmail-like program instead;
  	the program must support the `-i` option.  Default value can
  	be specified by the `sendemail.smtpServer` configuration
 -	option; the built-in default is to search for `sendmail` in
 -	`/usr/sbin`, `/usr/lib` and $PATH if such program is
-+        option; the built-in default is to search in $PATH if such program is
++	option; the built-in default is to search in $PATH if such program is
  	available, falling back to `localhost` otherwise.
 
  --smtp-server-port=<port>::
 diff --git a/git-send-email.perl b/git-send-email.perl
-index edcc6d346..8e357aeab 100755
 --- a/git-send-email.perl
 +++ b/git-send-email.perl
-@@ -885,8 +885,7 @@ if (defined $initial_reply_to) {
+@@ -944,8 +944,7 @@ if (defined $reply_to) {
  }
 
  if (!defined $smtp_server) {
diff --git a/pkgs/applications/version-management/git-and-tools/git/installCheck-path.patch b/pkgs/applications/version-management/git-and-tools/git/installCheck-path.patch
new file mode 100644
index 00000000000..8c68fb9f186
--- /dev/null
+++ b/pkgs/applications/version-management/git-and-tools/git/installCheck-path.patch
@@ -0,0 +1,12 @@
+diff --git a/t/test-lib.sh b/t/test-lib.sh
+--- a/t/test-lib.sh
++++ b/t/test-lib.sh
+@@ -923,7 +923,7 @@
+ then
+ 	GIT_EXEC_PATH=$($GIT_TEST_INSTALLED/git --exec-path)  ||
+ 	error "Cannot run git from $GIT_TEST_INSTALLED."
+-	PATH=$GIT_TEST_INSTALLED:$GIT_BUILD_DIR:$PATH
++	PATH=$GIT_TEST_INSTALLED:$GIT_BUILD_DIR/t/helper:$GIT_BUILD_DIR:$PATH
+ 	GIT_EXEC_PATH=${GIT_TEST_EXEC_PATH:-$GIT_EXEC_PATH}
+ else # normal case, use ../bin-wrappers only unless $with_dashes:
+ 	git_bin_dir="$GIT_BUILD_DIR/bin-wrappers"
diff --git a/pkgs/applications/version-management/git-and-tools/git/symlinks-in-bin.patch b/pkgs/applications/version-management/git-and-tools/git/symlinks-in-bin.patch
index 29d537db25f..0a581a61d46 100644
--- a/pkgs/applications/version-management/git-and-tools/git/symlinks-in-bin.patch
+++ b/pkgs/applications/version-management/git-and-tools/git/symlinks-in-bin.patch
@@ -1,7 +1,7 @@
-diff -ru -x '*~' git-1.8.2.1-orig/Makefile git-1.8.2.1/Makefile
---- git-1.8.2.1-orig/Makefile	2013-04-08 00:52:04.000000000 +0200
-+++ git-1.8.2.1/Makefile	2013-04-22 15:46:42.906026940 +0200
-@@ -2319,8 +2319,7 @@
+diff --git a/Makefile b/Makefile
+--- a/Makefile
++++ b/Makefile
+@@ -2609,8 +2609,7 @@
  	{ test "$$bindir/" = "$$execdir/" || \
  	  for p in git$X $(filter $(install_bindir_programs),$(ALL_PROGRAMS)); do \
  		$(RM) "$$execdir/$$p" && \
diff --git a/pkgs/applications/version-management/subversion/default.nix b/pkgs/applications/version-management/subversion/default.nix
index e069c39f059..6b8ef7b88e8 100644
--- a/pkgs/applications/version-management/subversion/default.nix
+++ b/pkgs/applications/version-management/subversion/default.nix
@@ -88,6 +88,8 @@ let
 
     enableParallelBuilding = true;
 
+    doCheck = false; # fails 10 out of ~2300 tests
+
     meta = {
       description = "A version control system intended to be a compelling replacement for CVS in the open source community";
       homepage = http://subversion.apache.org/;
diff --git a/pkgs/applications/video/omxplayer/default.nix b/pkgs/applications/video/omxplayer/default.nix
index 520451df400..00a419d0a85 100644
--- a/pkgs/applications/video/omxplayer/default.nix
+++ b/pkgs/applications/video/omxplayer/default.nix
@@ -12,9 +12,13 @@ let
       sha256 = "03s1zsprz5p6gjgwwqcf7b6cvzwwid6l8k7bamx9i0f1iwkgdm0j";
     };
     
+    configurePlatforms = [];
     configureFlags = [
-      "--arch=arm"
+      "--arch=${hostPlatform.parsed.cpu.name}"
+    ] ++ stdenv.lib.optionals stdenv.hostPlatform.isAarch32 [
+      # TODO be better with condition
       "--cpu=arm1176jzf-s"
+    ] ++ [
       "--disable-muxers"
       "--enable-muxer=spdif"
       "--enable-muxer=adts"
@@ -42,19 +46,14 @@ let
       "--enable-hardcoded-tables"
       "--disable-runtime-cpudetect"
       "--disable-debug"
+      "--arch=${hostPlatform.parsed.cpu.name}"
+      "--target_os=${hostPlatform.parsed.kernel.name}"
+    ] ++ stdenv.lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
+      "--cross-prefix=${stdenv.cc.targetPrefix}"
+      "--enable-cross-compile"
     ];
 
     enableParallelBuilding = true;
-      
-    crossAttrs = {
-      configurePlatforms = [];
-      configureFlags = configureFlags ++ [
-        "--cross-prefix=${stdenv.cc.targetPrefix}"
-        "--enable-cross-compile"
-        "--target_os=linux"
-        "--arch=${hostPlatform.parsed.cpu.name}"
-        ];
-    };
 
     meta = {
       homepage = http://www.ffmpeg.org/;
@@ -83,5 +82,6 @@ stdenv.mkDerivation rec {
     homepage = https://github.com/huceke/omxplayer;
     description = "Commandline OMX player for the Raspberry Pi";
     license = stdenv.lib.licenses.gpl2Plus;
+    platforms = stdenv.lib.platforms.arm;
   };
 }
diff --git a/pkgs/applications/video/vlc/default.nix b/pkgs/applications/video/vlc/default.nix
index 44c4d317d36..6cc26baf70c 100644
--- a/pkgs/applications/video/vlc/default.nix
+++ b/pkgs/applications/video/vlc/default.nix
@@ -1,86 +1,81 @@
-{ stdenv, fetchurl, xz, bzip2, perl, xorg, libdvdnav, libbluray
+{ stdenv, fetchurl, autoreconfHook
+, libarchive, perl, xorg, libdvdnav, libbluray
 , zlib, a52dec, libmad, faad2, ffmpeg, alsaLib
 , pkgconfig, dbus, fribidi, freefont_ttf, libebml, libmatroska
-, libvorbis, libtheora, speex, lua5, libgcrypt, libupnp
+, libvorbis, libtheora, speex, lua5, libgcrypt, libgpgerror, libupnp
 , libcaca, libpulseaudio, flac, schroedinger, libxml2, librsvg
-, mpeg2dec, udev, gnutls, avahi, libcddb, libjack2, SDL, SDL_image
+, mpeg2dec, systemd, gnutls, avahi, libcddb, libjack2, SDL, SDL_image
 , libmtp, unzip, taglib, libkate, libtiger, libv4l, samba, liboggz
-, libass, libva, libdvbpsi, libdc1394, libraw1394, libopus
-, libvdpau, libsamplerate, live555, fluidsynth
-, qt4 ? null
-, withQt5 ? false, qtbase ? null, qtx11extras ? null
+, libass, libva-full, libdvbpsi, libdc1394, libraw1394, libopus
+, libvdpau, libsamplerate, live555, fluidsynth, wayland, wayland-protocols
+, onlyLibVLC ? false
+, withQt5 ? true, qtbase ? null, qtsvg ? null, qtx11extras ? null
 , jackSupport ? false
 , fetchpatch
 }:
 
 with stdenv.lib;
 
-assert (withQt5 -> qtbase != null && qtx11extras != null);
-assert (!withQt5 -> qt4 != null);
+assert (withQt5 -> qtbase != null && qtsvg != null && qtx11extras != null);
 
 stdenv.mkDerivation rec {
   name = "vlc-${version}";
-  version = "2.2.8";
+  version = "3.0.1";
 
   src = fetchurl {
     url = "http://get.videolan.org/vlc/${version}/${name}.tar.xz";
-    sha256 = "1v32snw46rkgbdqdy3dssl2y13i8p2cr1cw1i18r6vdmiy24dw4v";
+    sha256 = "008krfhykm9447wc1kkw82bsw3f6ikljgrqyb1sinwlxnkghqw6f";
   };
 
-  # Comment-out the Qt 5.5 version check, as we do apply the relevant patch.
-  # https://trac.videolan.org/vlc/ticket/16497
-  postPatch = if (!withQt5) then null else
-    "sed '/I78ef29975181ee22429c9bd4b11d96d9e68b7a9c/s/^/: #/' -i configure";
-
-  buildInputs =
-    [ xz bzip2 perl zlib a52dec libmad faad2 ffmpeg alsaLib libdvdnav libdvdnav.libdvdread
-      libbluray dbus fribidi libvorbis libtheora speex lua5 libgcrypt
-      libupnp libcaca libpulseaudio flac schroedinger libxml2 librsvg mpeg2dec
-      udev gnutls avahi libcddb SDL SDL_image libmtp unzip taglib
-      libkate libtiger libv4l samba liboggz libass libdvbpsi libva
-      xorg.xlibsWrapper xorg.libXv xorg.libXvMC xorg.libXpm xorg.xcbutilkeysyms
-      libdc1394 libraw1394 libopus libebml libmatroska libvdpau libsamplerate live555
-      fluidsynth
-    ]
-    ++ [(if withQt5 then qtbase else qt4)]
-    ++ optional withQt5 qtx11extras
+  # VLC uses a *ton* of libraries for various pieces of functionality, many of
+  # which are not included here for no other reason that nobody has mentioned
+  # needing them
+  buildInputs = [
+    zlib a52dec libmad faad2 ffmpeg alsaLib libdvdnav libdvdnav.libdvdread
+    libbluray dbus fribidi libvorbis libtheora speex lua5 libgcrypt libgpgerror
+    libupnp libcaca libpulseaudio flac schroedinger libxml2 librsvg mpeg2dec
+    systemd gnutls avahi libcddb SDL SDL_image libmtp unzip taglib libarchive
+    libkate libtiger libv4l samba liboggz libass libdvbpsi libva-full
+    xorg.xlibsWrapper xorg.libXv xorg.libXvMC xorg.libXpm xorg.xcbutilkeysyms
+    libdc1394 libraw1394 libopus libebml libmatroska libvdpau libsamplerate live555
+    fluidsynth wayland wayland-protocols
+  ] ++ optionals withQt5    [ qtbase qtsvg qtx11extras ]
     ++ optional jackSupport libjack2;
 
-  nativeBuildInputs = [ pkgconfig ];
+  nativeBuildInputs = [ autoreconfHook perl pkgconfig ];
+
+  enableParallelBuilding = true;
 
   LIVE555_PREFIX = live555;
 
-  preConfigure = ''
-    sed -e "s@/bin/echo@echo@g" -i configure
-  '' + optionalString withQt5 ''
-    # Make sure we only *add* "-std=c++11" to CXXFLAGS instead of overriding the
-    # values figured out by configure (for example "-g -O2").
-    sed -i -re '/^ *CXXFLAGS=("[^$"]+")? *$/s/CXXFLAGS="?/&-std=c++11 /' \
-      configure
-  '';
+  # vlc depends on a c11-gcc wrapper script which we don't have so we need to
+  # set the path to the compiler
+  BUILDCC = "${stdenv.cc}/bin/gcc";
 
-  configureFlags =
-    [ "--enable-alsa"
-      "--with-kde-solid=$out/share/apps/solid/actions"
-      "--enable-dc1394"
-      "--enable-ncurses"
-      "--enable-vdpau"
-      "--enable-dvdnav"
-      "--enable-samplerate"
-    ];
+  postPatch = ''
+    substituteInPlace configure \
+      --replace /bin/echo echo
 
-  enableParallelBuilding = true;
+    substituteInPlace modules/text_renderer/freetype/platform_fonts.h --replace \
+      /usr/share/fonts/truetype/freefont ${freefont_ttf}/share/fonts/truetype
+  '';
 
-  preBuild = ''
-    substituteInPlace modules/text_renderer/freetype.c --replace \
-      /usr/share/fonts/truetype/freefont/FreeSerifBold.ttf \
-      ${freefont_ttf}/share/fonts/truetype/FreeSerifBold.ttf
+  # https://github.com/NixOS/nixpkgs/pull/35124#issuecomment-370552830
+  postFixup = ''
+    find $out/lib/vlc/plugins -exec touch -d @1 '{}' ';'
+    $out/lib/vlc/vlc-cache-gen $out/vlc/plugins
   '';
 
+  # Most of the libraries are auto-detected so we don't need to set a bunch of
+  # "--enable-foo" flags here
+  configureFlags = [
+    "--with-kde-solid=$out/share/apps/solid/actions"
+  ] ++ optional onlyLibVLC "--disable-vlc";
+
   meta = with stdenv.lib; {
     description = "Cross-platform media player and streaming server";
     homepage = http://www.videolan.org/vlc/;
-    platforms = platforms.linux;
     license = licenses.lgpl21Plus;
+    platforms = platforms.linux;
   };
 }
diff --git a/pkgs/applications/video/vlc/plugin.nix b/pkgs/applications/video/vlc/plugin.nix
deleted file mode 100644
index 583d978a551..00000000000
--- a/pkgs/applications/video/vlc/plugin.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ stdenv, fetchgit, vlc, autoconf, automake, libtool, pkgconfig, npapi_sdk,
-libxcb, xlibsWrapper, gtk}:
-
-with stdenv.lib;
-
-stdenv.mkDerivation rec {
-  name = "vlc-plugin-${version}";
-  version = "2.2.2"; # This 2.2.2 builds fine with vlc 2.2.4
-
-  src = fetchgit {
-    url = "https://code.videolan.org/videolan/npapi-vlc.git";
-    rev = "5fa6fbc11cf5bad983f57656c0085e47e18fbf20";
-    sha256 = "0k4s0657kv1mx1md8vj87scs0hz59xy7syqdsxb48w3w8gnfljs0";
-  };
-
-  preConfigure = "sh autogen.sh";
-
-  nativeBuildInputs = [ pkgconfig ];
-  buildInputs = [ vlc autoconf automake libtool npapi_sdk libxcb
-      xlibsWrapper gtk ];
-
-  enableParallelBuilding = true;
-
-  passthru = {
-    mozillaPlugin = "/lib/mozilla/plugins";
-  };
-
-  meta = with stdenv.lib; {
-    description = "Webplugins based on libVLC (for firefox, npapi)";
-    homepage = https://code.videolan.org/videolan/npapi-vlc;
-    platforms = platforms.linux;
-    license = licenses.gpl2Plus;
-  };
-}
diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix
index eee42d2ce1e..8c429ff1d06 100644
--- a/pkgs/applications/virtualization/qemu/default.nix
+++ b/pkgs/applications/virtualization/qemu/default.nix
@@ -119,6 +119,8 @@ stdenv.mkDerivation rec {
     ++ optional openGLSupport "--enable-opengl"
     ++ optional virglSupport "--enable-virglrenderer";
 
+  doCheck = false; # tries to access /dev
+
   postFixup =
     ''
       for exe in $out/bin/qemu-system-* ; do
diff --git a/pkgs/build-support/bintools-wrapper/add-flags.sh b/pkgs/build-support/bintools-wrapper/add-flags.sh
index 7d118d20fc6..e5c0556556c 100644
--- a/pkgs/build-support/bintools-wrapper/add-flags.sh
+++ b/pkgs/build-support/bintools-wrapper/add-flags.sh
@@ -5,28 +5,20 @@ var_templates_list=(
     NIX+LDFLAGS_BEFORE
     NIX+LDFLAGS_AFTER
     NIX+LDFLAGS_HARDEN
+    NIX+HARDENING_ENABLE
 )
 var_templates_bool=(
     NIX+SET_BUILD_ID
     NIX+DONT_SET_RPATH
 )
 
-declare -a role_infixes=()
-if [ "${NIX_BINTOOLS_WRAPPER_@infixSalt@_TARGET_BUILD:-}" ]; then
-    role_infixes+=(_BUILD_)
-fi
-if [ "${NIX_BINTOOLS_WRAPPER_@infixSalt@_TARGET_HOST:-}" ]; then
-    role_infixes+=(_)
-fi
-if [ "${NIX_BINTOOLS_WRAPPER_@infixSalt@_TARGET_TARGET:-}" ]; then
-    role_infixes+=(_TARGET_)
-fi
+accumulateRoles
 
 for var in "${var_templates_list[@]}"; do
-    mangleVarList "$var" "${role_infixes[@]}"
+    mangleVarList "$var" ${role_infixes[@]+"${role_infixes[@]}"}
 done
 for var in "${var_templates_bool[@]}"; do
-    mangleVarBool "$var" "${role_infixes[@]}"
+    mangleVarBool "$var" ${role_infixes[@]+"${role_infixes[@]}"}
 done
 
 if [ -e @out@/nix-support/libc-ldflags ]; then
diff --git a/pkgs/build-support/bintools-wrapper/add-hardening.sh b/pkgs/build-support/bintools-wrapper/add-hardening.sh
index 5282d17fce2..b7180870860 100644
--- a/pkgs/build-support/bintools-wrapper/add-hardening.sh
+++ b/pkgs/build-support/bintools-wrapper/add-hardening.sh
@@ -1,53 +1,58 @@
-hardeningFlags=(relro bindnow)
-# Intentionally word-split in case 'hardeningEnable' is defined in
-# Nix. Also, our bootstrap tools version of bash is old enough that
-# undefined arrays trip `set -u`.
-if [[ -v hardeningEnable[@] ]]; then
-  hardeningFlags+=(${hardeningEnable[@]})
-fi
-hardeningLDFlags=()
+declare -a hardeningLDFlags=()
+
+declare -A hardeningEnableMap=()
 
-declare -A hardeningDisableMap
+# Intentionally word-split in case 'NIX_HARDENING_ENABLE' is defined in Nix. The
+# array expansion also prevents undefined variables from causing trouble with
+# `set -u`.
+for flag in ${NIX_@infixSalt@_HARDENING_ENABLE-}; do
+  hardeningEnableMap["$flag"]=1
+done
 
-# Intentionally word-split in case 'hardeningDisable' is defined in Nix.
-for flag in ${hardeningDisable[@]:-IGNORED_KEY} @hardening_unsupported_flags@
-do
-  hardeningDisableMap[$flag]=1
+# Remove unsupported flags.
+for flag in @hardening_unsupported_flags@; do
+  unset -v "hardeningEnableMap[$flag]"
 done
 
 if (( "${NIX_DEBUG:-0}" >= 1 )); then
+  declare -a allHardeningFlags=(pie relro bindnow)
+  declare -A hardeningDisableMap=()
+
+  # Determine which flags were effectively disabled so we can report below.
+  for flag in "${allHardeningFlags[@]}"; do
+    if [[ -z "${hardeningEnableMap[$flag]-}" ]]; then
+      hardeningDisableMap[$flag]=1
+    fi
+  done
+
   printf 'HARDENING: disabled flags:' >&2
   (( "${#hardeningDisableMap[@]}" )) && printf ' %q' "${!hardeningDisableMap[@]}" >&2
   echo >&2
-fi
 
-if [[ -z "${hardeningDisableMap[all]:-}" ]]; then
-  if (( "${NIX_DEBUG:-0}" >= 1 )); then
+  if (( "${#hardeningEnableMap[@]}" )); then
     echo 'HARDENING: Is active (not completely disabled with "all" flag)' >&2;
   fi
-  for flag in "${hardeningFlags[@]}"
-  do
-    if [[ -z "${hardeningDisableMap[$flag]:-}" ]]; then
-      case $flag in
-        pie)
-          if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static ") ]]; then
-            if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi
-            hardeningLDFlags+=('-pie')
-          fi
-          ;;
-        relro)
-          if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling relro >&2; fi
-          hardeningLDFlags+=('-z' 'relro')
-          ;;
-        bindnow)
-          if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling bindnow >&2; fi
-          hardeningLDFlags+=('-z' 'now')
-          ;;
-        *)
-          # Ignore unsupported. Checked in Nix that at least *some*
-          # tool supports each flag.
-          ;;
-      esac
-    fi
-  done
 fi
+
+for flag in "${!hardeningEnableMap[@]}"; do
+  case $flag in
+    pie)
+      if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static ") ]]; then
+        if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi
+        hardeningLDFlags+=('-pie')
+      fi
+      ;;
+    relro)
+      if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling relro >&2; fi
+      hardeningLDFlags+=('-z' 'relro')
+      ;;
+    bindnow)
+      if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling bindnow >&2; fi
+      hardeningLDFlags+=('-z' 'now')
+      ;;
+    *)
+      # Ignore unsupported. Checked in Nix that at least *some*
+      # tool supports each flag.
+      ;;
+  esac
+done
diff --git a/pkgs/build-support/bintools-wrapper/default.nix b/pkgs/build-support/bintools-wrapper/default.nix
index 47301bbdde6..e53b58d12a0 100644
--- a/pkgs/build-support/bintools-wrapper/default.nix
+++ b/pkgs/build-support/bintools-wrapper/default.nix
@@ -74,7 +74,7 @@ in
 
 stdenv.mkDerivation {
   name = targetPrefix
-    + (if name != "" then name else "${bintoolsName}-wrapper")
+    + (if name != "" then name else stdenv.lib.removePrefix targetPrefix "${bintoolsName}-wrapper")
     + (stdenv.lib.optionalString (bintools != null && bintoolsVersion != "") "-${bintoolsVersion}");
 
   preferLocalBuild = true;
@@ -190,7 +190,12 @@ stdenv.mkDerivation {
 
   depsTargetTargetPropagated = extraPackages;
 
-  setupHook = ./setup-hook.sh;
+  wrapperName = "BINTOOLS_WRAPPER";
+
+  setupHooks = [
+    ../setup-hooks/role.bash
+    ./setup-hook.sh
+  ];
 
   postFixup =
     ''
@@ -289,7 +294,7 @@ stdenv.mkDerivation {
       set +u
       substituteAll ${./add-flags.sh} $out/nix-support/add-flags.sh
       substituteAll ${./add-hardening.sh} $out/nix-support/add-hardening.sh
-      substituteAll ${../cc-wrapper/utils.sh} $out/nix-support/utils.sh
+      substituteAll ${../wrapper-common/utils.bash} $out/nix-support/utils.bash
 
       ##
       ## Extra custom steps
@@ -300,7 +305,7 @@ stdenv.mkDerivation {
 
   inherit dynamicLinker expand-response-params;
 
-  # for substitution in utils.sh
+  # for substitution in utils.bash
   expandResponseParams = "${expand-response-params}/bin/expand-response-params";
 
   meta =
diff --git a/pkgs/build-support/bintools-wrapper/ld-wrapper.sh b/pkgs/build-support/bintools-wrapper/ld-wrapper.sh
index 991ed0fe263..ed2f00a8974 100644
--- a/pkgs/build-support/bintools-wrapper/ld-wrapper.sh
+++ b/pkgs/build-support/bintools-wrapper/ld-wrapper.sh
@@ -14,7 +14,7 @@ if [ -n "@coreutils_bin@" ]; then
     PATH="@coreutils_bin@/bin"
 fi
 
-source @out@/nix-support/utils.sh
+source @out@/nix-support/utils.bash
 
 if [ -z "${NIX_BINTOOLS_WRAPPER_@infixSalt@_FLAGS_SET:-}" ]; then
     source @out@/nix-support/add-flags.sh
@@ -57,8 +57,8 @@ fi
 
 source @out@/nix-support/add-hardening.sh
 
-extraAfter=("${hardeningLDFlags[@]}")
-extraBefore=()
+extraAfter=()
+extraBefore=(${hardeningLDFlags[@]+"${hardeningLDFlags[@]}"})
 
 if [ -z "${NIX_@infixSalt@_LDFLAGS_SET:-}" ]; then
     extraAfter+=($NIX_@infixSalt@_LDFLAGS)
diff --git a/pkgs/build-support/bintools-wrapper/setup-hook.sh b/pkgs/build-support/bintools-wrapper/setup-hook.sh
index 48a00b0b9b0..28387bac503 100644
--- a/pkgs/build-support/bintools-wrapper/setup-hook.sh
+++ b/pkgs/build-support/bintools-wrapper/setup-hook.sh
@@ -11,44 +11,22 @@ set -u
 [[ -z ${crossConfig-} ]] || (( "$hostOffset" < 0 )) || return 0
 
 bintoolsWrapper_addLDVars () {
-    case $depHostOffset in
-        -1) local role='BUILD_' ;;
-        0)  local role='' ;;
-        1)  local role='TARGET_' ;;
-        *)  echo "bintools-wrapper: Error: Cannot be used with $depHostOffset-offset deps" >2;
-            return 1 ;;
-    esac
+    # See ../setup-hooks/role.bash
+    local role_post role_pre
+    getTargetRoleEnvHook
 
     if [[ -d "$1/lib64" && ! -L "$1/lib64" ]]; then
-        export NIX_${role}LDFLAGS+=" -L$1/lib64"
+        export NIX_${role_pre}LDFLAGS+=" -L$1/lib64"
     fi
 
     if [[ -d "$1/lib" ]]; then
-        export NIX_${role}LDFLAGS+=" -L$1/lib"
+        export NIX_${role_pre}LDFLAGS+=" -L$1/lib"
     fi
 }
 
-case $targetOffset in
-    -1)
-        export NIX_BINTOOLS_WRAPPER_@infixSalt@_TARGET_BUILD=1
-        role_pre='BUILD_'
-        role_post='_FOR_BUILD'
-        ;;
-    0)
-        export NIX_BINTOOLS_WRAPPER_@infixSalt@_TARGET_HOST=1
-        role_pre=''
-        role_post=''
-        ;;
-    1)
-        export NIX_BINTOOLS_WRAPPER_@infixSalt@_TARGET_TARGET=1
-        role_pre='TARGET_'
-        role_post='_FOR_TARGET'
-        ;;
-    *)
-        echo "cc-wrapper: used as improper sort of dependency" >2;
-        return 1
-        ;;
-esac
+# See ../setup-hooks/role.bash
+getTargetRole
+getTargetRoleWrapper
 
 addEnvHooks "$targetOffset" bintoolsWrapper_addLDVars
 
@@ -83,6 +61,10 @@ do
     fi
 done
 
+# If unset, assume the default hardening flags.
+: ${NIX_HARDENING_ENABLE="fortify stackprotector pic strictoverflow format relro bindnow"}
+export NIX_HARDENING_ENABLE
+
 # No local scope in sourced file
 unset -v role_pre role_post cmd upper_case
 set +u
diff --git a/pkgs/build-support/cc-wrapper/add-flags.sh b/pkgs/build-support/cc-wrapper/add-flags.sh
index 604aaf6b6cf..9762894607a 100644
--- a/pkgs/build-support/cc-wrapper/add-flags.sh
+++ b/pkgs/build-support/cc-wrapper/add-flags.sh
@@ -14,26 +14,15 @@ var_templates_bool=(
     NIX+ENFORCE_NO_NATIVE
 )
 
-# Accumulate infixes for taking in the right input parameters. See setup-hook
-# for details.
-declare -a role_infixes=()
-if [ "${NIX_CC_WRAPPER_@infixSalt@_TARGET_BUILD:-}" ]; then
-    role_infixes+=(_BUILD_)
-fi
-if [ "${NIX_CC_WRAPPER_@infixSalt@_TARGET_HOST:-}" ]; then
-    role_infixes+=(_)
-fi
-if [ "${NIX_CC_WRAPPER_@infixSalt@_TARGET_TARGET:-}" ]; then
-    role_infixes+=(_TARGET_)
-fi
+accumulateRoles
 
 # We need to mangle names for hygiene, but also take parameters/overrides
 # from the environment.
 for var in "${var_templates_list[@]}"; do
-    mangleVarList "$var" "${role_infixes[@]}"
+    mangleVarList "$var" ${role_infixes[@]+"${role_infixes[@]}"}
 done
 for var in "${var_templates_bool[@]}"; do
-    mangleVarBool "$var" "${role_infixes[@]}"
+    mangleVarBool "$var" ${role_infixes[@]+"${role_infixes[@]}"}
 done
 
 # `-B@out@/bin' forces cc to use ld-wrapper.sh when calling ld.
diff --git a/pkgs/build-support/cc-wrapper/add-hardening.sh b/pkgs/build-support/cc-wrapper/add-hardening.sh
index a35ff3cb426..fc40fe7408b 100644
--- a/pkgs/build-support/cc-wrapper/add-hardening.sh
+++ b/pkgs/build-support/cc-wrapper/add-hardening.sh
@@ -1,67 +1,72 @@
-hardeningFlags=(fortify stackprotector pic strictoverflow format relro bindnow)
-# Intentionally word-split in case 'hardeningEnable' is defined in
-# Nix. Also, our bootstrap tools version of bash is old enough that
-# undefined arrays trip `set -u`.
-if [[ -v hardeningEnable[@] ]]; then
-  hardeningFlags+=(${hardeningEnable[@]})
-fi
-hardeningCFlags=()
+declare -a hardeningCFlags=()
+
+declare -A hardeningEnableMap=()
 
-declare -A hardeningDisableMap
+# Intentionally word-split in case 'NIX_HARDENING_ENABLE' is defined in Nix. The
+# array expansion also prevents undefined variables from causing trouble with
+# `set -u`.
+for flag in ${NIX_@infixSalt@_HARDENING_ENABLE-}; do
+  hardeningEnableMap["$flag"]=1
+done
 
-# Intentionally word-split in case 'hardeningDisable' is defined in Nix.
-for flag in ${hardeningDisable[@]:-IGNORED_KEY} @hardening_unsupported_flags@
-do
-  hardeningDisableMap[$flag]=1
+# Remove unsupported flags.
+for flag in @hardening_unsupported_flags@; do
+  unset -v "hardeningEnableMap[$flag]"
 done
 
 if (( "${NIX_DEBUG:-0}" >= 1 )); then
+  declare -a allHardeningFlags=(fortify stackprotector pie pic strictoverflow format)
+  declare -A hardeningDisableMap=()
+
+  # Determine which flags were effectively disabled so we can report below.
+  for flag in "${allHardeningFlags[@]}"; do
+    if [[ -z "${hardeningEnableMap[$flag]-}" ]]; then
+      hardeningDisableMap["$flag"]=1
+    fi
+  done
+
   printf 'HARDENING: disabled flags:' >&2
   (( "${#hardeningDisableMap[@]}" )) && printf ' %q' "${!hardeningDisableMap[@]}" >&2
   echo >&2
-fi
 
-if [[ -z "${hardeningDisableMap[all]:-}" ]]; then
-  if (( "${NIX_DEBUG:-0}" >= 1 )); then
+  if (( "${#hardeningEnableMap[@]}" )); then
     echo 'HARDENING: Is active (not completely disabled with "all" flag)' >&2;
   fi
-  for flag in "${hardeningFlags[@]}"
-  do
-    if [[ -z "${hardeningDisableMap[$flag]:-}" ]]; then
-      case $flag in
-        fortify)
-          if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling fortify >&2; fi
-          hardeningCFlags+=('-O2' '-D_FORTIFY_SOURCE=2')
-          ;;
-        stackprotector)
-          if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling stackprotector >&2; fi
-          hardeningCFlags+=('-fstack-protector-strong' '--param' 'ssp-buffer-size=4')
-          ;;
-        pie)
-          if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling CFlags -fPIE >&2; fi
-          hardeningCFlags+=('-fPIE')
-          if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static ") ]]; then
-            if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi
-            hardeningCFlags+=('-pie')
-          fi
-          ;;
-        pic)
-          if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling pic >&2; fi
-          hardeningCFlags+=('-fPIC')
-          ;;
-        strictoverflow)
-          if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling strictoverflow >&2; fi
-          hardeningCFlags+=('-fno-strict-overflow')
-          ;;
-        format)
-          if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling format >&2; fi
-          hardeningCFlags+=('-Wformat' '-Wformat-security' '-Werror=format-security')
-          ;;
-        *)
-          # Ignore unsupported. Checked in Nix that at least *some*
-          # tool supports each flag.
-          ;;
-      esac
-    fi
-  done
 fi
+
+for flag in "${!hardeningEnableMap[@]}"; do
+  case $flag in
+    fortify)
+      if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling fortify >&2; fi
+      hardeningCFlags+=('-O2' '-D_FORTIFY_SOURCE=2')
+      ;;
+    stackprotector)
+      if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling stackprotector >&2; fi
+      hardeningCFlags+=('-fstack-protector-strong' '--param' 'ssp-buffer-size=4')
+      ;;
+    pie)
+      if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling CFlags -fPIE >&2; fi
+      hardeningCFlags+=('-fPIE')
+      if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static ") ]]; then
+        if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi
+        hardeningCFlags+=('-pie')
+      fi
+      ;;
+    pic)
+      if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling pic >&2; fi
+      hardeningCFlags+=('-fPIC')
+      ;;
+    strictoverflow)
+       if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling strictoverflow >&2; fi
+      hardeningCFlags+=('-fno-strict-overflow')
+      ;;
+    format)
+      if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling format >&2; fi
+      hardeningCFlags+=('-Wformat' '-Wformat-security' '-Werror=format-security')
+      ;;
+    *)
+      # Ignore unsupported. Checked in Nix that at least *some*
+      # tool supports each flag.
+      ;;
+  esac
+done
diff --git a/pkgs/build-support/cc-wrapper/cc-wrapper.sh b/pkgs/build-support/cc-wrapper/cc-wrapper.sh
index c2e6c140635..1b43d7cc211 100644
--- a/pkgs/build-support/cc-wrapper/cc-wrapper.sh
+++ b/pkgs/build-support/cc-wrapper/cc-wrapper.sh
@@ -15,7 +15,7 @@ if [[ -n "@coreutils_bin@" && -n "@gnugrep_bin@" ]]; then
     PATH="@coreutils_bin@/bin:@gnugrep_bin@/bin"
 fi
 
-source @out@/nix-support/utils.sh
+source @out@/nix-support/utils.bash
 
 # Flirting with a layer violation here.
 if [ -z "${NIX_BINTOOLS_WRAPPER_@infixSalt@_FLAGS_SET:-}" ]; then
@@ -134,8 +134,8 @@ fi
 source @out@/nix-support/add-hardening.sh
 
 # Add the flags for the C compiler proper.
-extraAfter=($NIX_@infixSalt@_CFLAGS_COMPILE "${hardeningCFlags[@]}")
-extraBefore=()
+extraAfter=($NIX_@infixSalt@_CFLAGS_COMPILE)
+extraBefore=(${hardeningCFlags[@]+"${hardeningCFlags[@]}"})
 
 if [ "$dontLink" != 1 ]; then
 
diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix
index 43cd87fb459..365aa192db2 100644
--- a/pkgs/build-support/cc-wrapper/default.nix
+++ b/pkgs/build-support/cc-wrapper/default.nix
@@ -71,7 +71,7 @@ assert nativePrefix == bintools.nativePrefix;
 
 stdenv.mkDerivation {
   name = targetPrefix
-    + (if name != "" then name else "${ccName}-wrapper")
+    + (if name != "" then name else stdenv.lib.removePrefix targetPrefix "${ccName}-wrapper")
     + (stdenv.lib.optionalString (cc != null && ccVersion != "") "-${ccVersion}");
 
   preferLocalBuild = true;
@@ -191,7 +191,12 @@ stdenv.mkDerivation {
   propagatedBuildInputs = [ bintools ];
   depsTargetTargetPropagated = extraPackages;
 
-  setupHook = ./setup-hook.sh;
+  wrapperName = "CC_WRAPPER";
+
+  setupHooks = [
+    ../setup-hooks/role.bash
+    ./setup-hook.sh
+  ];
 
   postFixup =
     ''
@@ -277,7 +282,7 @@ stdenv.mkDerivation {
     + ''
       substituteAll ${./add-flags.sh} $out/nix-support/add-flags.sh
       substituteAll ${./add-hardening.sh} $out/nix-support/add-hardening.sh
-      substituteAll ${./utils.sh} $out/nix-support/utils.sh
+      substituteAll ${../wrapper-common/utils.bash} $out/nix-support/utils.bash
 
       ##
       ## Extra custom steps
@@ -288,7 +293,7 @@ stdenv.mkDerivation {
 
   inherit expand-response-params;
 
-  # for substitution in utils.sh
+  # for substitution in utils.bash
   expandResponseParams = "${expand-response-params}/bin/expand-response-params";
 
   meta =
diff --git a/pkgs/build-support/cc-wrapper/setup-hook.sh b/pkgs/build-support/cc-wrapper/setup-hook.sh
index 29a7306b9b7..94b5cc6231b 100644
--- a/pkgs/build-support/cc-wrapper/setup-hook.sh
+++ b/pkgs/build-support/cc-wrapper/setup-hook.sh
@@ -66,55 +66,22 @@ set -u
 # over no state, and there's no @-substitutions within, so any redefined
 # function is guaranteed to be exactly the same.
 ccWrapper_addCVars () {
-    # The `depHostOffset` describes how the host platform of the dependencies
-    # are slid relative to the depending package. It is brought into scope of
-    # the environment hook defined as the role of the dependency being applied.
-    case $depHostOffset in
-        -1) local role='BUILD_' ;;
-        0)  local role='' ;;
-        1)  local role='TARGET_' ;;
-        *)  echo "cc-wrapper: Error: Cannot be used with $depHostOffset-offset deps" >2;
-            return 1 ;;
-    esac
+    # See ../setup-hooks/role.bash
+    local role_post role_pre
+    getTargetRoleEnvHook
 
     if [[ -d "$1/include" ]]; then
-        export NIX_${role}CFLAGS_COMPILE+=" ${ccIncludeFlag:--isystem} $1/include"
+        export NIX_${role_pre}CFLAGS_COMPILE+=" ${ccIncludeFlag:--isystem} $1/include"
     fi
 
     if [[ -d "$1/Library/Frameworks" ]]; then
-        export NIX_${role}CFLAGS_COMPILE+=" -F$1/Library/Frameworks"
+        export NIX_${role_pre}CFLAGS_COMPILE+=" -F$1/Library/Frameworks"
     fi
 }
 
-# Since the same cc-wrapper derivation can be depend on in multiple ways, we
-# need to accumulate *each* role (i.e. target platform relative the depending
-# derivation) in which the cc-wrapper derivation is used.
-# `NIX_CC_WRAPPER_@infixSalt@_TARGET_*` tracks this (needs to be an exported env
-# var so can't use fancier data structures).
-#
-# We also need to worry about what role is being added on *this* invocation of
-# setup-hook, which `role` tracks.
-case $targetOffset in
-    -1)
-        export NIX_CC_WRAPPER_@infixSalt@_TARGET_BUILD=1
-        role_pre='BUILD_'
-        role_post='_FOR_BUILD'
-        ;;
-    0)
-        export NIX_CC_WRAPPER_@infixSalt@_TARGET_HOST=1
-        role_pre=''
-        role_post=''
-        ;;
-    1)
-        export NIX_CC_WRAPPER_@infixSalt@_TARGET_TARGET=1
-        role_pre='TARGET_'
-        role_post='_FOR_TARGET'
-        ;;
-    *)
-        echo "cc-wrapper: used as improper sort of dependency" >2;
-        return 1
-        ;;
-esac
+# See ../setup-hooks/role.bash
+getTargetRole
+getTargetRoleWrapper
 
 # We use the `targetOffset` to choose the right env hook to accumulate the right
 # sort of deps (those with that offset).
@@ -147,6 +114,10 @@ export ${role_pre}CXX=@named_cxx@
 export CC${role_post}=@named_cc@
 export CXX${role_post}=@named_cxx@
 
+# If unset, assume the default hardening flags.
+: ${NIX_HARDENING_ENABLE="fortify stackprotector pic strictoverflow format relro bindnow"}
+export NIX_HARDENING_ENABLE
+
 # No local scope in sourced file
 unset -v role_pre role_post
 set +u
diff --git a/pkgs/build-support/rust/default.nix b/pkgs/build-support/rust/default.nix
index f407ba25bf8..d7d03aae33e 100644
--- a/pkgs/build-support/rust/default.nix
+++ b/pkgs/build-support/rust/default.nix
@@ -91,7 +91,7 @@ in stdenv.mkDerivation (args // {
   installPhase = args.installPhase or ''
     runHook preInstall
     mkdir -p $out/bin
-    find target/release -maxdepth 1 -executable -exec cp "{}" $out/bin \;
+    find target/release -maxdepth 1 -executable -type f -exec cp "{}" $out/bin \;
     runHook postInstall
   '';
 
diff --git a/pkgs/build-support/setup-hooks/role.bash b/pkgs/build-support/setup-hooks/role.bash
new file mode 100644
index 00000000000..6f1c36f5c05
--- /dev/null
+++ b/pkgs/build-support/setup-hooks/role.bash
@@ -0,0 +1,75 @@
+# Since the same derivation can be depend on in multiple ways, we need to
+# accumulate *each* role (i.e. host and target platforms relative the depending
+# derivation) in which the derivation is used.
+#
+# The role is intened to be use as part of other variables names like
+#  - $NIX_${role_pre}_SOMETHING
+#  - $NIX_SOMETHING_${role_post}
+
+function getRole() {
+    case $1 in
+        -1)
+            role_pre='BUILD_'
+            role_post='_FOR_BUILD'
+            ;;
+        0)
+            role_pre=''
+            role_post=''
+            ;;
+        1)
+            role_pre='TARGET_'
+            role_post='_FOR_TARGET'
+            ;;
+        *)
+            echo "@name@: used as improper sort of dependency" >2
+            return 1
+            ;;
+    esac
+}
+
+# `hostOffset` describes how the host platform of the package is slid relative
+# to the depending package. `targetOffset` likewise describes the target
+# platform of the package. Both are brought into scope of the setup hook defined
+# for dependency whose setup hook is being processed relative to the package
+# being built.
+
+function getHostRole()   {
+    getRole "$hostOffset"
+}
+function getTargetRole() {
+    getRole "$targetOffset"
+}
+
+# `depHostOffset` describes how the host platform of the dependencies are slid
+# relative to the depending package. `depTargetOffset` likewise describes the
+# target platform of dependenices. Both are brought into scope of the
+# environment hook defined for the dependency being applied relative to the
+# package being built.
+
+function getHostRoleEnvHook()   {
+    getRole "$depHostOffset"
+}
+function getTargetRoleEnvHook() {
+    getRole "$depTargetOffset"
+}
+
+# This variant is inteneded specifically for code-prodocing tool wrapper scripts
+# `NIX_@wrapperName@_@infixSalt@_TARGET_*` tracks this (needs to be an exported
+# env var so can't use fancier data structures).
+function getTargetRoleWrapper() {
+    case $targetOffset in
+        -1)
+            export NIX_@wrapperName@_@infixSalt@_TARGET_BUILD=1
+            ;;
+        0)
+            export NIX_@wrapperName@_@infixSalt@_TARGET_HOST=1
+            ;;
+        1)
+            export NIX_@wrapperName@_@infixSalt@_TARGET_TARGET=1
+            ;;
+        *)
+            echo "@name@: used as improper sort of dependency" >2
+            return 1
+            ;;
+    esac
+}
diff --git a/pkgs/build-support/cc-wrapper/utils.sh b/pkgs/build-support/wrapper-common/utils.bash
index 9215fe2dc39..12b596a83e6 100644
--- a/pkgs/build-support/cc-wrapper/utils.sh
+++ b/pkgs/build-support/wrapper-common/utils.bash
@@ -1,3 +1,18 @@
+# Accumulate infixes for taking in the right input parameters with the `mangle*`
+# functions below. See setup-hook for details.
+accumulateRoles() {
+    declare -ga role_infixes=()
+    if [ "${NIX_@wrapperName@_@infixSalt@_TARGET_BUILD:-}" ]; then
+        role_infixes+=(_BUILD_)
+    fi
+    if [ "${NIX_@wrapperName@_@infixSalt@_TARGET_HOST:-}" ]; then
+        role_infixes+=(_)
+    fi
+    if [ "${NIX_@wrapperName@_@infixSalt@_TARGET_TARGET:-}" ]; then
+        role_infixes+=(_TARGET_)
+    fi
+}
+
 mangleVarList() {
     local var="$1"
     shift
diff --git a/pkgs/data/misc/poppler-data/default.nix b/pkgs/data/misc/poppler-data/default.nix
index 5c8e0970518..d7a5ce33bd2 100644
--- a/pkgs/data/misc/poppler-data/default.nix
+++ b/pkgs/data/misc/poppler-data/default.nix
@@ -1,11 +1,11 @@
 { fetchurl, stdenv, cmake, ninja }:
 
 stdenv.mkDerivation rec {
-  name = "poppler-data-0.4.8";
+  name = "poppler-data-0.4.9";
 
   src = fetchurl {
     url = "http://poppler.freedesktop.org/${name}.tar.gz";
-    sha256 = "0wi8yyynladny51r4q53z7ygh7y491ayp8nqqv6wqqzjc60s35hh";
+    sha256 = "04i0wgdkn5lhda8cyxd1ll4a2p41pwqrwd47n9mdpl7cx5ypx70z";
   };
 
   nativeBuildInputs = [ cmake ninja ];
diff --git a/pkgs/data/misc/tzdata/default.nix b/pkgs/data/misc/tzdata/default.nix
index 9d2790ff1b5..0f790f78f19 100644
--- a/pkgs/data/misc/tzdata/default.nix
+++ b/pkgs/data/misc/tzdata/default.nix
@@ -37,6 +37,8 @@ stdenv.mkDerivation rec {
 
   depsBuildBuild = [ buildPackages.stdenv.cc ];
 
+  doCheck = false; # needs more tools
+
   installFlags = [ "ZIC=./zic-native" ];
 
   preInstall = ''
diff --git a/pkgs/desktops/gnome-2/desktop/gtksourceview/default.nix b/pkgs/desktops/gnome-2/desktop/gtksourceview/default.nix
index 9efca75e8f8..6feaf13d88e 100644
--- a/pkgs/desktops/gnome-2/desktop/gtksourceview/default.nix
+++ b/pkgs/desktops/gnome-2/desktop/gtksourceview/default.nix
@@ -40,4 +40,7 @@ stdenv.mkDerivation rec {
   '';
 
   NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isDarwin "-lintl";
+
+  doCheck = false; # requires X11 daemon
+
 }
diff --git a/pkgs/desktops/gnome-2/desktop/zenity/default.nix b/pkgs/desktops/gnome-2/desktop/zenity/default.nix
index 014255785dd..a9b692aadf5 100644
--- a/pkgs/desktops/gnome-2/desktop/zenity/default.nix
+++ b/pkgs/desktops/gnome-2/desktop/zenity/default.nix
@@ -13,4 +13,6 @@ stdenv.mkDerivation {
   buildInputs = [ gtk libglade libxml2 libxslt libX11 docbook_xml_dtd_412 ];
 
   nativeBuildInputs = [ pkgconfig intltool gnome-doc-utils which ];
+
+  doCheck = false; # fails, tries to access the net
 }
diff --git a/pkgs/desktops/gnome-2/platform/gnome-vfs/default.nix b/pkgs/desktops/gnome-2/platform/gnome-vfs/default.nix
index 4ca0e791a2a..9d71b999d11 100644
--- a/pkgs/desktops/gnome-2/platform/gnome-vfs/default.nix
+++ b/pkgs/desktops/gnome-2/platform/gnome-vfs/default.nix
@@ -21,4 +21,6 @@ stdenv.mkDerivation rec {
   propagatedBuildInputs = [ GConf glib ];
 
   postPatch = "find . -name Makefile.in | xargs sed 's/-DG_DISABLE_DEPRECATED//g' -i ";
+
+  doCheck = false; # needs dbus daemon
 }
diff --git a/pkgs/desktops/gnome-3/apps/gnome-boxes/default.nix b/pkgs/desktops/gnome-3/apps/gnome-boxes/default.nix
index 0ba4199630a..5b91ded959b 100644
--- a/pkgs/desktops/gnome-3/apps/gnome-boxes/default.nix
+++ b/pkgs/desktops/gnome-3/apps/gnome-boxes/default.nix
@@ -24,6 +24,9 @@ in stdenv.mkDerivation rec {
     meson ninja vala pkgconfig gettext itstool wrapGAppsHook gobjectIntrospection desktop-file-utils
   ];
 
+  # Required for USB redirection PolicyKit rules file
+  propagatedUserEnvPkgs = [ spice-gtk ];
+
   buildInputs = [
     libvirt-glib glib gtk3 gtkvnc libxml2
     libvirt spice-gtk spice-protocol libsoup json-glib webkitgtk libosinfo systemd
diff --git a/pkgs/desktops/gnome-3/core/dconf/default.nix b/pkgs/desktops/gnome-3/core/dconf/default.nix
index 9b1adeb953d..400b3ea9a9b 100644
--- a/pkgs/desktops/gnome-3/core/dconf/default.nix
+++ b/pkgs/desktops/gnome-3/core/dconf/default.nix
@@ -23,6 +23,8 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [ meson ninja vala pkgconfig python3 libxslt libxml2 docbook_xsl ];
   buildInputs = [ glib dbus-glib ];
 
+  doCheck = false; # fails 2 out of 9 tests, maybe needs dbus daemon?
+
   passthru = {
     updateScript = gnome3.updateScript {
       packageName = pname;
diff --git a/pkgs/desktops/xfce/core/xfconf.nix b/pkgs/desktops/xfce/core/xfconf.nix
index 9aa66a1343f..9af365c6f14 100644
--- a/pkgs/desktops/xfce/core/xfconf.nix
+++ b/pkgs/desktops/xfce/core/xfconf.nix
@@ -19,6 +19,8 @@ stdenv.mkDerivation rec {
   buildInputs = [ intltool glib libxfce4util ];
   propagatedBuildInputs = [ dbus-glib ];
 
+  doCheck = false; # requires dbus daemon
+
   meta = with stdenv.lib; {
     homepage = http://docs.xfce.org/xfce/xfconf/start;
     description = "Simple client-server configuration storage and query system for Xfce";
@@ -26,4 +28,3 @@ stdenv.mkDerivation rec {
     platforms = platforms.linux;
   };
 }
-
diff --git a/pkgs/development/compilers/gcc/4.8/default.nix b/pkgs/development/compilers/gcc/4.8/default.nix
index fbeb649f96a..5d4221c168b 100644
--- a/pkgs/development/compilers/gcc/4.8/default.nix
+++ b/pkgs/development/compilers/gcc/4.8/default.nix
@@ -25,7 +25,8 @@
 , libcCross ? null
 , crossStageStatic ? false
 , libpthread ? null, libpthreadCross ? null  # required for GNU/Hurd
-, stripped ? true
+, # Strip kills static libs of other archs (hence no cross)
+  stripped ? hostPlatform == buildPlatform && targetPlatform == hostPlatform
 , gnused ? null
 , darwin ? null
 , buildPlatform, hostPlatform, targetPlatform
@@ -154,7 +155,7 @@ let version = "4.8.5";
           "--disable-decimal-float" # No final libdecnumber (it may work only in 386)
         ]));
     stageNameAddon = if crossStageStatic then "-stage-static" else "-stage-final";
-    crossNameAddon = if targetPlatform != hostPlatform then "-${targetPlatform.config}" + stageNameAddon else "";
+    crossNameAddon = if targetPlatform != hostPlatform then "${targetPlatform.config}${stageNameAddon}-" else "";
 
     bootstrap = targetPlatform == hostPlatform;
 
@@ -164,7 +165,7 @@ in
 assert x11Support -> (filter (x: x == null) ([ gtk2 libart_lgpl ] ++ xlibs)) == [];
 
 stdenv.mkDerivation ({
-  name = "${name}${if stripped then "" else "-debug"}-${version}" + crossNameAddon;
+  name = crossNameAddon + "${name}${if stripped then "" else "-debug"}-${version}";
 
   builder = ../builder.sh;
 
@@ -355,21 +356,19 @@ stdenv.mkDerivation ({
 
   targetConfig = if targetPlatform != hostPlatform then targetPlatform.config else null;
 
-  buildFlags = if bootstrap then
-    (if profiledCompiler then "profiledbootstrap" else "bootstrap")
-    else "";
+  buildFlags = optional
+    (bootstrap && hostPlatform == buildPlatform)
+    (if profiledCompiler then "profiledbootstrap" else "bootstrap");
+
+  dontStrip = !stripped;
+
+  doCheck = false; # requires a lot of tools, causes a dependency cycle for stdenv
 
   installTargets =
     if stripped
     then "install-strip"
     else "install";
 
-  /* For cross-built gcc (build != host == target) */
-  crossAttrs =  {
-    dontStrip = true;
-    buildFlags = "";
-  };
-
   # http://gcc.gnu.org/install/specific.html#x86-64-x-solaris210
   ${if hostPlatform.system == "x86_64-solaris" then "CC" else null} = "gcc -m64";
 
@@ -471,8 +470,5 @@ stdenv.mkDerivation ({
   installTargets = "install-gcc install-target-libgcc";
 }
 
-# Strip kills static libs of other archs (hence targetPlatform != hostPlatform)
-// optionalAttrs (!stripped || targetPlatform != hostPlatform) { dontStrip = true; }
-
 // optionalAttrs (enableMultilib) { dontMoveLib64 = true; }
 )
diff --git a/pkgs/development/compilers/gcc/4.9/default.nix b/pkgs/development/compilers/gcc/4.9/default.nix
index b8aebe6ed09..437a9d83a56 100644
--- a/pkgs/development/compilers/gcc/4.9/default.nix
+++ b/pkgs/development/compilers/gcc/4.9/default.nix
@@ -25,7 +25,8 @@
 , libcCross ? null
 , crossStageStatic ? false
 , libpthread ? null, libpthreadCross ? null  # required for GNU/Hurd
-, stripped ? true
+, # Strip kills static libs of other archs (hence no cross)
+  stripped ? hostPlatform == buildPlatform && targetPlatform == hostPlatform
 , gnused ? null
 , darwin ? null
 , buildPlatform, hostPlatform, targetPlatform
@@ -162,7 +163,7 @@ let version = "4.9.4";
           "--disable-decimal-float" # No final libdecnumber (it may work only in 386)
         ]));
     stageNameAddon = if crossStageStatic then "-stage-static" else "-stage-final";
-    crossNameAddon = if targetPlatform != hostPlatform then "-${targetPlatform.config}" + stageNameAddon else "";
+    crossNameAddon = if targetPlatform != hostPlatform then "${targetPlatform.config}${stageNameAddon}-" else "";
 
     bootstrap = targetPlatform == hostPlatform;
 
@@ -172,7 +173,7 @@ in
 assert x11Support -> (filter (x: x == null) ([ gtk2 libart_lgpl ] ++ xlibs)) == [];
 
 stdenv.mkDerivation ({
-  name = "${name}${if stripped then "" else "-debug"}-${version}" + crossNameAddon;
+  name = crossNameAddon + "${name}${if stripped then "" else "-debug"}-${version}";
 
   builder = ../builder.sh;
 
@@ -377,21 +378,19 @@ stdenv.mkDerivation ({
 
   targetConfig = if targetPlatform != hostPlatform then targetPlatform.config else null;
 
-  buildFlags = if bootstrap then
-    (if profiledCompiler then "profiledbootstrap" else "bootstrap")
-    else "";
+  buildFlags = optional
+    (bootstrap && hostPlatform == buildPlatform)
+    (if profiledCompiler then "profiledbootstrap" else "bootstrap");
+
+  dontStrip = !stripped;
+
+  doCheck = false; # requires a lot of tools, causes a dependency cycle for stdenv
 
   installTargets =
     if stripped
     then "install-strip"
     else "install";
 
-  /* For cross-built gcc (build != host == target) */
-  crossAttrs = {
-    dontStrip = true;
-    buildFlags = "";
-  };
-
   # http://gcc.gnu.org/install/specific.html#x86-64-x-solaris210
   ${if hostPlatform.system == "x86_64-solaris" then "CC" else null} = "gcc -m64";
 
@@ -489,9 +488,6 @@ stdenv.mkDerivation ({
   installTargets = "install-gcc install-target-libgcc";
 }
 
-# Strip kills static libs of other archs (hence targetPlatform != hostPlatform)
-// optionalAttrs (!stripped || targetPlatform != hostPlatform) { dontStrip = true; }
-
 // optionalAttrs (enableMultilib) { dontMoveLib64 = true; }
 
 // optionalAttrs (langJava) {
diff --git a/pkgs/development/compilers/gcc/5/default.nix b/pkgs/development/compilers/gcc/5/default.nix
index 8cbd85d9d19..91935b172a0 100644
--- a/pkgs/development/compilers/gcc/5/default.nix
+++ b/pkgs/development/compilers/gcc/5/default.nix
@@ -25,7 +25,8 @@
 , libcCross ? null
 , crossStageStatic ? false
 , libpthread ? null, libpthreadCross ? null  # required for GNU/Hurd
-, stripped ? true
+, # Strip kills static libs of other archs (hence no cross)
+  stripped ? hostPlatform == buildPlatform && targetPlatform == hostPlatform
 , gnused ? null
 , cloog # unused; just for compat with gcc4, as we override the parameter on some places
 , darwin ? null
@@ -152,7 +153,7 @@ let version = "5.5.0";
           "--disable-decimal-float" # No final libdecnumber (it may work only in 386)
         ]));
     stageNameAddon = if crossStageStatic then "-stage-static" else "-stage-final";
-    crossNameAddon = if targetPlatform != hostPlatform then "-${targetPlatform.config}" + stageNameAddon else "";
+    crossNameAddon = if targetPlatform != hostPlatform then "${targetPlatform.config}${stageNameAddon}-" else "";
 
     bootstrap = targetPlatform == hostPlatform;
 
@@ -162,7 +163,7 @@ in
 assert x11Support -> (filter (x: x == null) ([ gtk2 libart_lgpl ] ++ xlibs)) == [];
 
 stdenv.mkDerivation ({
-  name = "${name}${if stripped then "" else "-debug"}-${version}" + crossNameAddon;
+  name = crossNameAddon + "${name}${if stripped then "" else "-debug"}-${version}";
 
   builder = ../builder.sh;
 
@@ -380,21 +381,19 @@ stdenv.mkDerivation ({
 
   targetConfig = if targetPlatform != hostPlatform then targetPlatform.config else null;
 
-  buildFlags = if bootstrap then
-    (if profiledCompiler then "profiledbootstrap" else "bootstrap")
-    else "";
+  buildFlags = optional
+    (bootstrap && hostPlatform == buildPlatform)
+    (if profiledCompiler then "profiledbootstrap" else "bootstrap");
+
+  dontStrip = !stripped;
+
+  doCheck = false; # requires a lot of tools, causes a dependency cycle for stdenv
 
   installTargets =
     if stripped
     then "install-strip"
     else "install";
 
-  /* For cross-built gcc (build != host == target) */
-  crossAttrs = {
-    dontStrip = true;
-    buildFlags = "";
-  };
-
   # http://gcc.gnu.org/install/specific.html#x86-64-x-solaris210
   ${if hostPlatform.system == "x86_64-solaris" then "CC" else null} = "gcc -m64";
 
@@ -492,8 +491,5 @@ stdenv.mkDerivation ({
   installTargets = "install-gcc install-target-libgcc";
 }
 
-# Strip kills static libs of other archs (hence targetPlatform != hostPlatform)
-// optionalAttrs (!stripped || targetPlatform != hostPlatform) { dontStrip = true; }
-
 // optionalAttrs (enableMultilib) { dontMoveLib64 = true; }
 )
diff --git a/pkgs/development/compilers/gcc/6/default.nix b/pkgs/development/compilers/gcc/6/default.nix
index 8985879977d..56b09cba126 100644
--- a/pkgs/development/compilers/gcc/6/default.nix
+++ b/pkgs/development/compilers/gcc/6/default.nix
@@ -25,7 +25,8 @@
 , libcCross ? null
 , crossStageStatic ? false
 , libpthread ? null, libpthreadCross ? null  # required for GNU/Hurd
-, stripped ? true
+, # Strip kills static libs of other archs (hence no cross)
+  stripped ? hostPlatform == buildPlatform && targetPlatform == hostPlatform
 , gnused ? null
 , cloog # unused; just for compat with gcc4, as we override the parameter on some places
 , darwin ? null
@@ -151,7 +152,7 @@ let version = "6.4.0";
           "--disable-decimal-float" # No final libdecnumber (it may work only in 386)
         ]));
     stageNameAddon = if crossStageStatic then "-stage-static" else "-stage-final";
-    crossNameAddon = if targetPlatform != hostPlatform then "-${targetPlatform.config}" + stageNameAddon else "";
+    crossNameAddon = if targetPlatform != hostPlatform then "${targetPlatform.config}${stageNameAddon}-" else "";
 
     bootstrap = targetPlatform == hostPlatform;
 
@@ -161,7 +162,7 @@ in
 assert x11Support -> (filter (x: x == null) ([ gtk2 libart_lgpl ] ++ xlibs)) == [];
 
 stdenv.mkDerivation ({
-  name = "${name}${if stripped then "" else "-debug"}-${version}" + crossNameAddon;
+  name = crossNameAddon + "${name}${if stripped then "" else "-debug"}-${version}";
 
   builder = ../builder.sh;
 
@@ -384,20 +385,19 @@ stdenv.mkDerivation ({
 
   targetConfig = if targetPlatform != hostPlatform then targetPlatform.config else null;
 
-  buildFlags =
-    optional bootstrap (if profiledCompiler then "profiledbootstrap" else "bootstrap");
+  buildFlags = optional
+    (bootstrap && hostPlatform == buildPlatform)
+    (if profiledCompiler then "profiledbootstrap" else "bootstrap");
+
+  dontStrip = !stripped;
+
+  doCheck = false; # requires a lot of tools, causes a dependency cycle for stdenv
 
   installTargets =
     if stripped
     then "install-strip"
     else "install";
 
-  /* For cross-built gcc (build != host == target) */
-  crossAttrs = {
-    dontStrip = true;
-    buildFlags = "";
-  };
-
   # http://gcc.gnu.org/install/specific.html#x86-64-x-solaris210
   ${if hostPlatform.system == "x86_64-solaris" then "CC" else null} = "gcc -m64";
 
@@ -495,9 +495,6 @@ stdenv.mkDerivation ({
   installTargets = "install-gcc install-target-libgcc";
 }
 
-# Strip kills static libs of other archs (hence targetPlatform != hostPlatform)
-// optionalAttrs (!stripped || targetPlatform != hostPlatform) { dontStrip = true; }
-
 // optionalAttrs (enableMultilib) { dontMoveLib64 = true; }
 
 // optionalAttrs (langJava) {
diff --git a/pkgs/development/compilers/gcc/7/default.nix b/pkgs/development/compilers/gcc/7/default.nix
index d2fc25dad58..a86d87feb65 100644
--- a/pkgs/development/compilers/gcc/7/default.nix
+++ b/pkgs/development/compilers/gcc/7/default.nix
@@ -2,30 +2,24 @@
 , langC ? true, langCC ? true, langFortran ? false
 , langObjC ? targetPlatform.isDarwin
 , langObjCpp ? targetPlatform.isDarwin
-, langJava ? false
 , langGo ? false
 , profiledCompiler ? false
 , staticCompiler ? false
 , enableShared ? true
 , texinfo ? null
-, perl ? null # optional, for texi2pod (then pod2man); required for Java
+, perl ? null # optional, for texi2pod (then pod2man)
 , gmp, mpfr, libmpc, gettext, which
 , libelf                      # optional, for link-time optimizations (LTO)
 , isl ? null # optional, for the Graphite optimization framework.
-, zlib ? null, boehmgc ? null
-, zip ? null, unzip ? null, pkgconfig ? null
-, gtk2 ? null, libart_lgpl ? null
-, libX11 ? null, libXt ? null, libSM ? null, libICE ? null, libXtst ? null
-, libXrender ? null, xproto ? null, renderproto ? null, xextproto ? null
-, libXrandr ? null, libXi ? null, inputproto ? null, randrproto ? null
-, x11Support ? langJava
+, zlib ? null
 , enableMultilib ? false
 , enablePlugin ? hostPlatform == buildPlatform # Whether to support user-supplied plug-ins
 , name ? "gcc"
 , libcCross ? null
 , crossStageStatic ? false
 , libpthread ? null, libpthreadCross ? null  # required for GNU/Hurd
-, stripped ? true
+, # Strip kills static libs of other archs (hence no cross)
+  stripped ? hostPlatform == buildPlatform && targetPlatform == hostPlatform
 , gnused ? null
 , cloog # unused; just for compat with gcc4, as we override the parameter on some places
 , darwin ? null
@@ -33,10 +27,6 @@
 , buildPackages
 }:
 
-assert langJava     -> zip != null && unzip != null
-                       && zlib != null && boehmgc != null
-                       && perl != null;  # for `--enable-java-home'
-
 # LTO needs libelf and zlib.
 assert libelf != null -> zlib != null;
 
@@ -70,29 +60,6 @@ let version = "7.3.0";
       })
       ++ optional langFortran ../gfortran-driving.patch;
 
-    javaEcj = fetchurl {
-      # The `$(top_srcdir)/ecj.jar' file is automatically picked up at
-      # `configure' time.
-
-      # XXX: Eventually we might want to take it from upstream.
-      url = "ftp://sourceware.org/pub/java/ecj-4.3.jar";
-      sha256 = "0jz7hvc0s6iydmhgh5h2m15yza7p2rlss2vkif30vm9y77m97qcx";
-    };
-
-    # Antlr (optional) allows the Java `gjdoc' tool to be built.  We want a
-    # binary distribution here to allow the whole chain to be bootstrapped.
-    javaAntlr = fetchurl {
-      url = http://www.antlr.org/download/antlr-4.4-complete.jar;
-      sha256 = "02lda2imivsvsis8rnzmbrbp8rh1kb8vmq4i67pqhkwz7lf8y6dz";
-    };
-
-    xlibs = [
-      libX11 libXt libSM libICE libXtst libXrender libXrandr libXi
-      xproto renderproto xextproto inputproto randrproto
-    ];
-
-    javaAwtGtk = langJava && x11Support;
-
     /* Cross-gcc settings (build == host != target) */
     crossMingw = targetPlatform != hostPlatform && targetPlatform.libc == "msvcrt";
     crossDarwin = targetPlatform != hostPlatform && targetPlatform.libc == "libSystem";
@@ -156,17 +123,14 @@ let version = "7.3.0";
           "--disable-decimal-float" # No final libdecnumber (it may work only in 386)
         ]));
     stageNameAddon = if crossStageStatic then "-stage-static" else "-stage-final";
-    crossNameAddon = if targetPlatform != hostPlatform then "-${targetPlatform.config}" + stageNameAddon else "";
+    crossNameAddon = if targetPlatform != hostPlatform then "${targetPlatform.config}${stageNameAddon}-" else "";
 
     bootstrap = targetPlatform == hostPlatform;
 
 in
 
-# We need all these X libraries when building AWT with GTK+.
-assert x11Support -> (filter (x: x == null) ([ gtk2 libart_lgpl ] ++ xlibs)) == [];
-
 stdenv.mkDerivation ({
-  name = "${name}${if stripped then "" else "-debug"}-${version}" + crossNameAddon;
+  name = crossNameAddon + "${name}${if stripped then "" else "-debug"}-${version}";
 
   builder = ../builder.sh;
 
@@ -266,13 +230,12 @@ stdenv.mkDerivation ({
 
   # TODO(@Ericson2314): Make passthru instead. Weird to avoid mass rebuild,
   crossStageStatic = targetPlatform == hostPlatform || crossStageStatic;
-  inherit noSysDirs staticCompiler langJava
+  inherit noSysDirs staticCompiler
     libcCross crossMingw;
 
   depsBuildBuild = [ buildPackages.stdenv.cc ];
   nativeBuildInputs = [ texinfo which gettext ]
-    ++ (optional (perl != null) perl)
-    ++ (optional javaAwtGtk pkgconfig);
+    ++ (optional (perl != null) perl);
 
   # For building runtime libs
   depsBuildTarget =
@@ -287,8 +250,6 @@ stdenv.mkDerivation ({
     targetPackages.stdenv.cc.bintools # For linking code at run-time
   ] ++ (optional (isl != null) isl)
     ++ (optional (zlib != null) zlib)
-    ++ (optionals langJava [ boehmgc zip unzip ])
-    ++ (optionals javaAwtGtk ([ gtk2 libart_lgpl ] ++ xlibs))
     ++ (optionals (targetPlatform != hostPlatform) [targetPackages.stdenv.cc.bintools])
 
     # The builder relies on GNU sed (for instance, Darwin's `sed' fails with
@@ -340,7 +301,6 @@ stdenv.mkDerivation ({
           (  optional langC        "c"
           ++ optional langCC       "c++"
           ++ optional langFortran  "fortran"
-          ++ optional langJava     "java"
           ++ optional langGo       "go"
           ++ optional langObjC     "objc"
           ++ optional langObjCpp   "obj-c++"
@@ -361,18 +321,6 @@ stdenv.mkDerivation ({
     # Optional features
     optional (isl != null) "--with-isl=${isl}" ++
 
-    # Java options
-    optionals langJava [
-      "--with-ecj-jar=${javaEcj}"
-
-      # Follow Sun's layout for the convenience of IcedTea/OpenJDK.  See
-      # <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2010-April/008888.html>.
-      "--enable-java-home"
-      "--with-java-home=\${prefix}/lib/jvm/jre"
-    ] ++
-    optional javaAwtGtk "--enable-java-awt=gtk" ++
-    optional (langJava && javaAntlr != null) "--with-antlr-jar=${javaAntlr}" ++
-
     (import ../common/platform-flags.nix { inherit (stdenv) lib targetPlatform; }) ++
     optional (targetPlatform != hostPlatform) crossConfigureFlags ++
     optional (!bootstrap) "--disable-bootstrap" ++
@@ -389,31 +337,25 @@ stdenv.mkDerivation ({
 
   targetConfig = if targetPlatform != hostPlatform then targetPlatform.config else null;
 
-  buildFlags =
-    optional bootstrap (if profiledCompiler then "profiledbootstrap" else "bootstrap");
+  buildFlags = optional
+    (bootstrap && hostPlatform == buildPlatform)
+    (if profiledCompiler then "profiledbootstrap" else "bootstrap");
+
+  dontStrip = !stripped;
+
+  doCheck = false; # requires a lot of tools, causes a dependency cycle for stdenv
 
   installTargets =
     if stripped
     then "install-strip"
     else "install";
 
-  /* For cross-built gcc (build != host == target) */
-  crossAttrs = {
-    dontStrip = true;
-    buildFlags = "";
-  };
-
   # http://gcc.gnu.org/install/specific.html#x86-64-x-solaris210
   ${if hostPlatform.system == "x86_64-solaris" then "CC" else null} = "gcc -m64";
 
   # Setting $CPATH and $LIBRARY_PATH to make sure both `gcc' and `xgcc' find the
   # library headers and binaries, regarless of the language being compiled.
   #
-  # Note: When building the Java AWT GTK+ peer, the build system doesn't honor
-  # `--with-gmp' et al., e.g., when building
-  # `libjava/classpath/native/jni/java-math/gnu_java_math_GMP.c', so we just add
-  # them to $CPATH and $LIBRARY_PATH in this case.
-  #
   # Likewise, the LTO code doesn't find zlib.
   #
   # Cross-compiling, we need gcc not to read ./specs in order to build the g++
@@ -422,9 +364,6 @@ stdenv.mkDerivation ({
 
   CPATH = optionals (targetPlatform == hostPlatform) (makeSearchPathOutput "dev" "include" ([]
     ++ optional (zlib != null) zlib
-    ++ optional langJava boehmgc
-    ++ optionals javaAwtGtk xlibs
-    ++ optionals javaAwtGtk [ gmp mpfr ]
     ++ optional (libpthread != null) libpthread
     ++ optional (libpthreadCross != null) libpthreadCross
 
@@ -436,9 +375,6 @@ stdenv.mkDerivation ({
 
   LIBRARY_PATH = optionals (targetPlatform == hostPlatform) (makeLibraryPath ([]
     ++ optional (zlib != null) zlib
-    ++ optional langJava boehmgc
-    ++ optionals javaAwtGtk xlibs
-    ++ optionals javaAwtGtk [ gmp mpfr ]
     ++ optional (libpthread != null) libpthread)
   );
 
@@ -479,8 +415,8 @@ stdenv.mkDerivation ({
 
     longDescription = ''
       The GNU Compiler Collection includes compiler front ends for C, C++,
-      Objective-C, Fortran, OpenMP for C/C++/Fortran, Java, and Ada, as well
-      as libraries for these languages (libstdc++, libgcj, libgomp,...).
+      Objective-C, Fortran, OpenMP for C/C++/Fortran, and Ada, as well as
+      libraries for these languages (libstdc++, libgomp,...).
 
       GCC development is a part of the GNU Project, aiming to improve the
       compiler used in the GNU system including the GNU/Linux variant.
@@ -500,8 +436,5 @@ stdenv.mkDerivation ({
   installTargets = "install-gcc install-target-libgcc";
 }
 
-# Strip kills static libs of other archs (hence targetPlatform != hostPlatform)
-// optionalAttrs (!stripped || targetPlatform != hostPlatform) { dontStrip = true; }
-
 // optionalAttrs (enableMultilib) { dontMoveLib64 = true; }
 )
diff --git a/pkgs/development/compilers/gcc/8/default.nix b/pkgs/development/compilers/gcc/8/default.nix
index b7e209ebc0c..b26b11c8e18 100644
--- a/pkgs/development/compilers/gcc/8/default.nix
+++ b/pkgs/development/compilers/gcc/8/default.nix
@@ -18,7 +18,8 @@
 , libcCross ? null
 , crossStageStatic ? false
 , libpthread ? null, libpthreadCross ? null  # required for GNU/Hurd
-, stripped ? true
+, # Strip kills static libs of other archs (hence no cross)
+  stripped ? hostPlatform == buildPlatform && targetPlatform == hostPlatform
 , gnused ? null
 , cloog # unused; just for compat with gcc4, as we override the parameter on some places
 , darwin ? null
@@ -331,20 +332,17 @@ stdenv.mkDerivation ({
 
   targetConfig = if targetPlatform != hostPlatform then targetPlatform.config else null;
 
-  buildFlags =
-    optional bootstrap (if profiledCompiler then "profiledbootstrap" else "bootstrap");
+  buildFlags = optional
+    (bootstrap && hostPlatform == buildPlatform)
+    (if profiledCompiler then "profiledbootstrap" else "bootstrap");
+
+  dontStrip = !stripped;
 
   installTargets =
     if stripped
     then "install-strip"
     else "install";
 
-  /* For cross-built gcc (build != host == target) */
-  crossAttrs = {
-    dontStrip = true;
-    buildFlags = "";
-  };
-
   # http://gcc.gnu.org/install/specific.html#x86-64-x-solaris210
   ${if hostPlatform.system == "x86_64-solaris" then "CC" else null} = "gcc -m64";
 
@@ -431,8 +429,5 @@ stdenv.mkDerivation ({
   installTargets = "install-gcc install-target-libgcc";
 }
 
-# Strip kills static libs of other archs (hence targetPlatform != hostPlatform)
-// optionalAttrs (!stripped || targetPlatform != hostPlatform) { dontStrip = true; }
-
 // optionalAttrs (enableMultilib) { dontMoveLib64 = true; }
 )
diff --git a/pkgs/development/compilers/gcc/libstdc++-hook.sh b/pkgs/development/compilers/gcc/libstdc++-hook.sh
index 893bbbc0c2d..8b1d5d2da67 100644
--- a/pkgs/development/compilers/gcc/libstdc++-hook.sh
+++ b/pkgs/development/compilers/gcc/libstdc++-hook.sh
@@ -1,2 +1,5 @@
-export NIX_CXXSTDLIB_COMPILE+=" -isystem $(echo -n @gcc@/include/c++/*) -isystem $(echo -n @gcc@/include/c++/*)/$(@gcc@/bin/gcc -dumpmachine)"
-export NIX_CXXSTDLIB_LINK=" -stdlib=libstdc++"
+# See pkgs/build-support/setup-hooks/role.bash
+getHostRole
+
+export NIX_${role_pre}CXXSTDLIB_COMPILE+=" -isystem $(echo -n @gcc@/include/c++/*) -isystem $(echo -n @gcc@/include/c++/*)/$(@gcc@/bin/gcc -dumpmachine)"
+export NIX_${role_pre}CXXSTDLIB_LINK=" -stdlib=libstdc++"
diff --git a/pkgs/development/compilers/gcc/snapshot/default.nix b/pkgs/development/compilers/gcc/snapshot/default.nix
index 06e44d2868a..52e262e0b99 100644
--- a/pkgs/development/compilers/gcc/snapshot/default.nix
+++ b/pkgs/development/compilers/gcc/snapshot/default.nix
@@ -2,30 +2,24 @@
 , langC ? true, langCC ? true, langFortran ? false
 , langObjC ? targetPlatform.isDarwin
 , langObjCpp ? targetPlatform.isDarwin
-, langJava ? false
 , langGo ? false
 , profiledCompiler ? false
 , staticCompiler ? false
 , enableShared ? true
 , texinfo ? null
-, perl ? null # optional, for texi2pod (then pod2man); required for Java
+, perl ? null # optional, for texi2pod (then pod2man)
 , gmp, mpfr, libmpc, gettext, which
 , libelf                      # optional, for link-time optimizations (LTO)
 , isl ? null # optional, for the Graphite optimization framework.
-, zlib ? null, boehmgc ? null
-, zip ? null, unzip ? null, pkgconfig ? null
-, gtk2 ? null, libart_lgpl ? null
-, libX11 ? null, libXt ? null, libSM ? null, libICE ? null, libXtst ? null
-, libXrender ? null, xproto ? null, renderproto ? null, xextproto ? null
-, libXrandr ? null, libXi ? null, inputproto ? null, randrproto ? null
-, x11Support ? langJava
+, zlib ? null
 , enableMultilib ? false
 , enablePlugin ? hostPlatform == buildPlatform # Whether to support user-supplied plug-ins
 , name ? "gcc"
 , libcCross ? null
 , crossStageStatic ? false
 , libpthread ? null, libpthreadCross ? null  # required for GNU/Hurd
-, stripped ? true
+, # Strip kills static libs of other archs (hence no cross)
+  stripped ? hostPlatform == buildPlatform && targetPlatform == hostPlatform
 , gnused ? null
 , cloog # unused; just for compat with gcc4, as we override the parameter on some places
 , darwin ? null
@@ -34,10 +28,6 @@
 , buildPackages
 }:
 
-assert langJava     -> zip != null && unzip != null
-                       && zlib != null && boehmgc != null
-                       && perl != null;  # for `--enable-java-home'
-
 # LTO needs libelf and zlib.
 assert libelf != null -> zlib != null;
 
@@ -63,29 +53,6 @@ let version = "7-20170409";
       ++ optional noSysDirs ../no-sys-dirs.patch
       ++ optional langFortran ../gfortran-driving.patch;
 
-    javaEcj = fetchurl {
-      # The `$(top_srcdir)/ecj.jar' file is automatically picked up at
-      # `configure' time.
-
-      # XXX: Eventually we might want to take it from upstream.
-      url = "ftp://sourceware.org/pub/java/ecj-4.3.jar";
-      sha256 = "0jz7hvc0s6iydmhgh5h2m15yza7p2rlss2vkif30vm9y77m97qcx";
-    };
-
-    # Antlr (optional) allows the Java `gjdoc' tool to be built.  We want a
-    # binary distribution here to allow the whole chain to be bootstrapped.
-    javaAntlr = fetchurl {
-      url = http://www.antlr.org/download/antlr-4.4-complete.jar;
-      sha256 = "02lda2imivsvsis8rnzmbrbp8rh1kb8vmq4i67pqhkwz7lf8y6dz";
-    };
-
-    xlibs = [
-      libX11 libXt libSM libICE libXtst libXrender libXrandr libXi
-      xproto renderproto xextproto inputproto randrproto
-    ];
-
-    javaAwtGtk = langJava && x11Support;
-
     /* Cross-gcc settings (build == host != target) */
     crossMingw = targetPlatform != hostPlatform && targetPlatform.libc == "msvcrt";
     crossDarwin = targetPlatform != hostPlatform && targetPlatform.libc == "libSystem";
@@ -150,9 +117,6 @@ let version = "7-20170409";
 
 in
 
-# We need all these X libraries when building AWT with GTK+.
-assert x11Support -> (filter (x: x == null) ([ gtk2 libart_lgpl ] ++ xlibs)) == [];
-
 stdenv.mkDerivation ({
   name = "${name}${if stripped then "" else "-debug"}-${version}" + crossNameAddon;
 
@@ -229,13 +193,12 @@ stdenv.mkDerivation ({
 
   # TODO(@Ericson2314): Make passthru instead. Weird to avoid mass rebuild,
   crossStageStatic = targetPlatform == hostPlatform || crossStageStatic;
-  inherit noSysDirs staticCompiler langJava
+  inherit noSysDirs staticCompiler
     libcCross crossMingw;
 
   depsBuildBuild = [ buildPackages.stdenv.cc ];
   nativeBuildInputs = [ texinfo which gettext ]
-    ++ (optional (perl != null) perl)
-    ++ (optional javaAwtGtk pkgconfig);
+    ++ (optional (perl != null) perl);
 
   # For building runtime libs
   depsBuildTarget =
@@ -250,8 +213,6 @@ stdenv.mkDerivation ({
     targetPackages.stdenv.cc.bintools # For linking code at run-time
   ] ++ (optional (isl != null) isl)
     ++ (optional (zlib != null) zlib)
-    ++ (optionals langJava [ boehmgc zip unzip ])
-    ++ (optionals javaAwtGtk ([ gtk2 libart_lgpl ] ++ xlibs))
     ++ (optionals (targetPlatform != hostPlatform) [targetPackages.stdenv.cc.bintools])
 
     # The builder relies on GNU sed (for instance, Darwin's `sed' fails with
@@ -303,7 +264,6 @@ stdenv.mkDerivation ({
           (  optional langC        "c"
           ++ optional langCC       "c++"
           ++ optional langFortran  "fortran"
-          ++ optional langJava     "java"
           ++ optional langGo       "go"
           ++ optional langObjC     "objc"
           ++ optional langObjCpp   "obj-c++"
@@ -324,17 +284,6 @@ stdenv.mkDerivation ({
     # Optional features
     optional (isl != null) "--with-isl=${isl}" ++
 
-    # Java options
-    optionals langJava [
-      "--with-ecj-jar=${javaEcj}"
-
-      # Follow Sun's layout for the convenience of IcedTea/OpenJDK.  See
-      # <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2010-April/008888.html>.
-      "--enable-java-home"
-      "--with-java-home=\${prefix}/lib/jvm/jre"
-    ] ++
-    optional javaAwtGtk "--enable-java-awt=gtk" ++
-    optional (langJava && javaAntlr != null) "--with-antlr-jar=${javaAntlr}" ++
 
     (import ../common/platform-flags.nix { inherit (stdenv) lib targetPlatform; }) ++
     optional (targetPlatform != hostPlatform) crossConfigureFlags ++
@@ -355,28 +304,20 @@ stdenv.mkDerivation ({
     (if profiledCompiler then "profiledbootstrap" else "bootstrap")
     else "";
 
+  dontStrip = !stripped;
+  NIX_STRIP_DEBUG = !stripped;
+
   installTargets =
     if stripped
     then "install-strip"
     else "install";
 
-  /* For cross-built gcc (build != host == target) */
-  crossAttrs = {
-    dontStrip = true;
-    buildFlags = "";
-  };
-
   # http://gcc.gnu.org/install/specific.html#x86-64-x-solaris210
   ${if hostPlatform.system == "x86_64-solaris" then "CC" else null} = "gcc -m64";
 
   # Setting $CPATH and $LIBRARY_PATH to make sure both `gcc' and `xgcc' find the
   # library headers and binaries, regarless of the language being compiled.
   #
-  # Note: When building the Java AWT GTK+ peer, the build system doesn't honor
-  # `--with-gmp' et al., e.g., when building
-  # `libjava/classpath/native/jni/java-math/gnu_java_math_GMP.c', so we just add
-  # them to $CPATH and $LIBRARY_PATH in this case.
-  #
   # Likewise, the LTO code doesn't find zlib.
   #
   # Cross-compiling, we need gcc not to read ./specs in order to build the g++
@@ -385,9 +326,6 @@ stdenv.mkDerivation ({
 
   CPATH = optionals (targetPlatform == hostPlatform) (makeSearchPathOutput "dev" "include" ([]
     ++ optional (zlib != null) zlib
-    ++ optional langJava boehmgc
-    ++ optionals javaAwtGtk xlibs
-    ++ optionals javaAwtGtk [ gmp mpfr ]
     ++ optional (libpthread != null) libpthread
     ++ optional (libpthreadCross != null) libpthreadCross
 
@@ -399,9 +337,6 @@ stdenv.mkDerivation ({
 
   LIBRARY_PATH = optionals (targetPlatform == hostPlatform) (makeLibraryPath ([]
     ++ optional (zlib != null) zlib
-    ++ optional langJava boehmgc
-    ++ optionals javaAwtGtk xlibs
-    ++ optionals javaAwtGtk [ gmp mpfr ]
     ++ optional (libpthread != null) libpthread)
   );
 
@@ -442,8 +377,8 @@ stdenv.mkDerivation ({
 
     longDescription = ''
       The GNU Compiler Collection includes compiler front ends for C, C++,
-      Objective-C, Fortran, OpenMP for C/C++/Fortran, Java, and Ada, as well
-      as libraries for these languages (libstdc++, libgcj, libgomp,...).
+      Objective-C, Fortran, OpenMP for C/C++/Fortran, and Ada, as well as
+      libraries for these languages (libstdc++, libgomp,...).
 
       GCC development is a part of the GNU Project, aiming to improve the
       compiler used in the GNU system including the GNU/Linux variant.
@@ -465,8 +400,5 @@ stdenv.mkDerivation ({
   installTargets = "install-gcc install-target-libgcc";
 }
 
-# Strip kills static libs of other archs (hence targetPlatform != hostPlatform)
-// optionalAttrs (!stripped || targetPlatform != hostPlatform) { dontStrip = true; NIX_STRIP_DEBUG = 0; }
-
 // optionalAttrs (enableMultilib) { dontMoveLib64 = true; }
 )
diff --git a/pkgs/development/compilers/ghc/8.2.2.nix b/pkgs/development/compilers/ghc/8.2.2.nix
index 192ff1ba207..1e399d47764 100644
--- a/pkgs/development/compilers/ghc/8.2.2.nix
+++ b/pkgs/development/compilers/ghc/8.2.2.nix
@@ -170,6 +170,7 @@ stdenv.mkDerivation rec {
   stripDebugFlags = [ "-S" ] ++ stdenv.lib.optional (!targetPlatform.isDarwin) "--keep-file-symbols";
 
   checkTarget = "test";
+  doCheck = false; # fails with "testsuite/tests: No such file or directory.  Stop."
 
   # zsh and other shells are smart about `{ghc}` but bash isn't, and doesn't
   # treat that as a unary `{x,y,z,..}` repetition.
diff --git a/pkgs/development/compilers/go/1.10.nix b/pkgs/development/compilers/go/1.10.nix
index 1f7cc9d7740..23e7ec222a6 100644
--- a/pkgs/development/compilers/go/1.10.nix
+++ b/pkgs/development/compilers/go/1.10.nix
@@ -25,13 +25,13 @@ in
 
 stdenv.mkDerivation rec {
   name = "go-${version}";
-  version = "1.10.1";
+  version = "1.10.2";
 
   src = fetchFromGitHub {
     owner = "golang";
     repo = "go";
     rev = "go${version}";
-    sha256 = "1wqwy52ibb343a4v7b9q26xa6r5jk4khfxd90wbpcayws8cxly8m";
+    sha256 = "1lbxnlj5l9i8k1dg33dh8ndx9vspk9dkpcbg06jbbswy6kadmx6f";
   };
 
   # perl is used for testing go vet
diff --git a/pkgs/development/compilers/llvm/3.4/clang.nix b/pkgs/development/compilers/llvm/3.4/clang.nix
index 10510c75035..863e7eb2247 100644
--- a/pkgs/development/compilers/llvm/3.4/clang.nix
+++ b/pkgs/development/compilers/llvm/3.4/clang.nix
@@ -29,7 +29,10 @@ stdenv.mkDerivation {
   # Clang expects to find LLVMgold in its own prefix
   # Clang expects to find sanitizer libraries in its own prefix
   postInstall = ''
-    ln -sv ${llvm}/lib/LLVMgold.so $out/lib
+    if [ -e ${llvm}/lib/LLVMgold.so ]; then
+      ln -sv ${llvm}/lib/LLVMgold.so $out/lib
+    fi
+
     ln -sv ${llvm}/lib/clang/${version}/lib $out/lib/clang/${version}/
   '';
 
diff --git a/pkgs/development/compilers/llvm/3.5/clang.nix b/pkgs/development/compilers/llvm/3.5/clang.nix
index f15c989ef51..7e0163577ba 100644
--- a/pkgs/development/compilers/llvm/3.5/clang.nix
+++ b/pkgs/development/compilers/llvm/3.5/clang.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetch, cmake, libxml2, libedit, llvm, version, clang-tools-extra_src }:
+{ stdenv, fetch, cmake, libxml2, llvm, version, clang-tools-extra_src }:
 let
   gcc = if stdenv.cc.isGNU then stdenv.cc.cc else stdenv.cc.cc.gcc;
 in stdenv.mkDerivation {
@@ -12,7 +12,7 @@ in stdenv.mkDerivation {
     mv clang-tools-extra-* $sourceRoot/tools/extra
   '';
 
-  buildInputs = [ cmake libedit libxml2 llvm ];
+  buildInputs = [ cmake libxml2 llvm ];
 
   cmakeFlags = [
     "-DCMAKE_CXX_FLAGS=-std=c++11"
@@ -31,7 +31,10 @@ in stdenv.mkDerivation {
   # Clang expects to find LLVMgold in its own prefix
   # Clang expects to find sanitizer libraries in its own prefix
   postInstall = ''
-    ln -sv ${llvm}/lib/LLVMgold.so $out/lib
+    if [ -e ${llvm}/lib/LLVMgold.so ]; then
+      ln -sv ${llvm}/lib/LLVMgold.so $out/lib
+    fi
+
     ln -sv ${llvm}/lib/clang/${version}/lib $out/lib/clang/${version}/
     ln -sv $out/bin/clang $out/bin/cpp
   '';
diff --git a/pkgs/development/compilers/llvm/3.5/libc++/default.nix b/pkgs/development/compilers/llvm/3.5/libc++/default.nix
index 1f1129f578f..6edd5e9798c 100644
--- a/pkgs/development/compilers/llvm/3.5/libc++/default.nix
+++ b/pkgs/development/compilers/llvm/3.5/libc++/default.nix
@@ -39,7 +39,10 @@ stdenv.mkDerivation rec {
 
   linkCxxAbi = stdenv.isLinux;
 
-  setupHook = ./setup-hook.sh;
+  setupHooks = [
+    ../../../../../build-support/setup-hooks/role.bash
+    ./setup-hook.sh
+  ];
 
   meta = {
     homepage = http://libcxx.llvm.org/;
diff --git a/pkgs/development/compilers/llvm/3.5/libc++/setup-hook.sh b/pkgs/development/compilers/llvm/3.5/libc++/setup-hook.sh
index 9022fced6ec..6611259165a 100644
--- a/pkgs/development/compilers/llvm/3.5/libc++/setup-hook.sh
+++ b/pkgs/development/compilers/llvm/3.5/libc++/setup-hook.sh
@@ -1,3 +1,6 @@
+# See pkgs/build-support/setup-hooks/role.bash
+getHostRole
+
 linkCxxAbi="@linkCxxAbi@"
-export NIX_CXXSTDLIB_COMPILE+=" -isystem @out@/include/c++/v1"
-export NIX_CXXSTDLIB_LINK=" -stdlib=libc++${linkCxxAbi:+" -lc++abi"}"
+export NIX_${role_pre}CXXSTDLIB_COMPILE+=" -isystem @out@/include/c++/v1"
+export NIX_${role_pre}CXXSTDLIB_LINK=" -stdlib=libc++${linkCxxAbi:+" -lc++abi"}"
diff --git a/pkgs/development/compilers/llvm/3.7/clang/default.nix b/pkgs/development/compilers/llvm/3.7/clang/default.nix
index f27e3f0089e..4ccd00af684 100644
--- a/pkgs/development/compilers/llvm/3.7/clang/default.nix
+++ b/pkgs/development/compilers/llvm/3.7/clang/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetch, cmake, libxml2, libedit, llvm, version, clang-tools-extra_src }:
+{ stdenv, fetch, cmake, libxml2, llvm, version, clang-tools-extra_src }:
 
 let
   gcc = if stdenv.cc.isGNU then stdenv.cc.cc else stdenv.cc.cc.gcc;
@@ -13,7 +13,7 @@ let
       mv clang-tools-extra-* $sourceRoot/tools/extra
     '';
 
-    buildInputs = [ cmake libedit libxml2 llvm ];
+    buildInputs = [ cmake libxml2 llvm ];
 
     cmakeFlags = [
       "-DCMAKE_CXX_FLAGS=-std=c++11"
@@ -32,7 +32,10 @@ let
     # Clang expects to find LLVMgold in its own prefix
     # Clang expects to find sanitizer libraries in its own prefix
     postInstall = ''
-      ln -sv ${llvm}/lib/LLVMgold.so $out/lib
+      if [ -e ${llvm}/lib/LLVMgold.so ]; then
+        ln -sv ${llvm}/lib/LLVMgold.so $out/lib
+      fi
+
       ln -sv ${llvm}/lib/clang/${version}/lib $out/lib/clang/${version}/
       ln -sv $out/bin/clang $out/bin/cpp
     '';
diff --git a/pkgs/development/compilers/llvm/3.7/libc++/default.nix b/pkgs/development/compilers/llvm/3.7/libc++/default.nix
index 4296c0fd192..462e35a483f 100644
--- a/pkgs/development/compilers/llvm/3.7/libc++/default.nix
+++ b/pkgs/development/compilers/llvm/3.7/libc++/default.nix
@@ -33,7 +33,10 @@ stdenv.mkDerivation rec {
 
   linkCxxAbi = stdenv.isLinux;
 
-  setupHook = ./setup-hook.sh;
+  setupHooks = [
+    ../../../../../build-support/setup-hooks/role.bash
+    ./setup-hook.sh
+  ];
 
   meta = {
     homepage = http://libcxx.llvm.org/;
diff --git a/pkgs/development/compilers/llvm/3.7/libc++/setup-hook.sh b/pkgs/development/compilers/llvm/3.7/libc++/setup-hook.sh
index 9022fced6ec..6611259165a 100644
--- a/pkgs/development/compilers/llvm/3.7/libc++/setup-hook.sh
+++ b/pkgs/development/compilers/llvm/3.7/libc++/setup-hook.sh
@@ -1,3 +1,6 @@
+# See pkgs/build-support/setup-hooks/role.bash
+getHostRole
+
 linkCxxAbi="@linkCxxAbi@"
-export NIX_CXXSTDLIB_COMPILE+=" -isystem @out@/include/c++/v1"
-export NIX_CXXSTDLIB_LINK=" -stdlib=libc++${linkCxxAbi:+" -lc++abi"}"
+export NIX_${role_pre}CXXSTDLIB_COMPILE+=" -isystem @out@/include/c++/v1"
+export NIX_${role_pre}CXXSTDLIB_LINK=" -stdlib=libc++${linkCxxAbi:+" -lc++abi"}"
diff --git a/pkgs/development/compilers/llvm/3.8/clang/default.nix b/pkgs/development/compilers/llvm/3.8/clang/default.nix
index 0147485dd58..05893704d87 100644
--- a/pkgs/development/compilers/llvm/3.8/clang/default.nix
+++ b/pkgs/development/compilers/llvm/3.8/clang/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetch, cmake, libxml2, libedit, llvm, version, clang-tools-extra_src, python }:
+{ stdenv, fetch, cmake, libxml2, llvm, version, clang-tools-extra_src, python }:
 
 let
   gcc = if stdenv.cc.isGNU then stdenv.cc.cc else stdenv.cc.cc.gcc;
@@ -13,7 +13,7 @@ let
       mv clang-tools-extra-* $sourceRoot/tools/extra
     '';
 
-    buildInputs = [ cmake libedit libxml2 llvm python ];
+    buildInputs = [ cmake libxml2 llvm python ];
 
     cmakeFlags = [
       "-DCMAKE_CXX_FLAGS=-std=c++11"
@@ -34,7 +34,10 @@ let
     # Clang expects to find LLVMgold in its own prefix
     # Clang expects to find sanitizer libraries in its own prefix
     postInstall = ''
-      ln -sv ${llvm}/lib/LLVMgold.so $out/lib
+      if [ -e ${llvm}/lib/LLVMgold.so ]; then
+        ln -sv ${llvm}/lib/LLVMgold.so $out/lib
+      fi
+
       ln -sv ${llvm}/lib/clang/${version}/lib $out/lib/clang/${version}/
       ln -sv $out/bin/clang $out/bin/cpp
 
diff --git a/pkgs/development/compilers/llvm/3.8/libc++/default.nix b/pkgs/development/compilers/llvm/3.8/libc++/default.nix
index ea468b3772e..cc3f5545146 100644
--- a/pkgs/development/compilers/llvm/3.8/libc++/default.nix
+++ b/pkgs/development/compilers/llvm/3.8/libc++/default.nix
@@ -31,7 +31,10 @@ stdenv.mkDerivation rec {
 
   linkCxxAbi = stdenv.isLinux;
 
-  setupHook = ./setup-hook.sh;
+  setupHooks = [
+    ../../../../../build-support/setup-hooks/role.bash
+    ./setup-hook.sh
+  ];
 
   meta = {
     homepage = http://libcxx.llvm.org/;
diff --git a/pkgs/development/compilers/llvm/3.8/libc++/setup-hook.sh b/pkgs/development/compilers/llvm/3.8/libc++/setup-hook.sh
index 9022fced6ec..6611259165a 100644
--- a/pkgs/development/compilers/llvm/3.8/libc++/setup-hook.sh
+++ b/pkgs/development/compilers/llvm/3.8/libc++/setup-hook.sh
@@ -1,3 +1,6 @@
+# See pkgs/build-support/setup-hooks/role.bash
+getHostRole
+
 linkCxxAbi="@linkCxxAbi@"
-export NIX_CXXSTDLIB_COMPILE+=" -isystem @out@/include/c++/v1"
-export NIX_CXXSTDLIB_LINK=" -stdlib=libc++${linkCxxAbi:+" -lc++abi"}"
+export NIX_${role_pre}CXXSTDLIB_COMPILE+=" -isystem @out@/include/c++/v1"
+export NIX_${role_pre}CXXSTDLIB_LINK=" -stdlib=libc++${linkCxxAbi:+" -lc++abi"}"
diff --git a/pkgs/development/compilers/llvm/3.9/clang/default.nix b/pkgs/development/compilers/llvm/3.9/clang/default.nix
index aafe30e4c9b..1f6d80ab3be 100644
--- a/pkgs/development/compilers/llvm/3.9/clang/default.nix
+++ b/pkgs/development/compilers/llvm/3.9/clang/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetch, cmake, libxml2, libedit, llvm, version, clang-tools-extra_src, python }:
+{ stdenv, fetch, cmake, libxml2, llvm, version, clang-tools-extra_src, python }:
 
 let
   gcc = if stdenv.cc.isGNU then stdenv.cc.cc else stdenv.cc.cc.gcc;
@@ -15,7 +15,7 @@ let
 
     nativeBuildInputs = [ cmake ];
 
-    buildInputs = [ libedit libxml2 llvm python ];
+    buildInputs = [ libxml2 llvm python ];
 
     cmakeFlags = [
       "-DCMAKE_CXX_FLAGS=-std=c++11"
@@ -36,7 +36,10 @@ let
     # Clang expects to find LLVMgold in its own prefix
     # Clang expects to find sanitizer libraries in its own prefix
     postInstall = ''
-      ln -sv ${llvm}/lib/LLVMgold.so $out/lib
+      if [ -e ${llvm}/lib/LLVMgold.so ]; then
+        ln -sv ${llvm}/lib/LLVMgold.so $out/lib
+      fi
+
       ln -sv ${llvm}/lib/clang/${version}/lib $out/lib/clang/${version}/
       ln -sv $out/bin/clang $out/bin/cpp
 
diff --git a/pkgs/development/compilers/llvm/3.9/libc++/default.nix b/pkgs/development/compilers/llvm/3.9/libc++/default.nix
index ad514b0daa5..7e5c30bdfd3 100644
--- a/pkgs/development/compilers/llvm/3.9/libc++/default.nix
+++ b/pkgs/development/compilers/llvm/3.9/libc++/default.nix
@@ -31,7 +31,10 @@ stdenv.mkDerivation rec {
 
   linkCxxAbi = stdenv.isLinux;
 
-  setupHook = ./setup-hook.sh;
+  setupHooks = [
+    ../../../../../build-support/setup-hooks/role.bash
+    ./setup-hook.sh
+  ];
 
   meta = {
     homepage = http://libcxx.llvm.org/;
diff --git a/pkgs/development/compilers/llvm/3.9/libc++/setup-hook.sh b/pkgs/development/compilers/llvm/3.9/libc++/setup-hook.sh
index 9022fced6ec..6611259165a 100644
--- a/pkgs/development/compilers/llvm/3.9/libc++/setup-hook.sh
+++ b/pkgs/development/compilers/llvm/3.9/libc++/setup-hook.sh
@@ -1,3 +1,6 @@
+# See pkgs/build-support/setup-hooks/role.bash
+getHostRole
+
 linkCxxAbi="@linkCxxAbi@"
-export NIX_CXXSTDLIB_COMPILE+=" -isystem @out@/include/c++/v1"
-export NIX_CXXSTDLIB_LINK=" -stdlib=libc++${linkCxxAbi:+" -lc++abi"}"
+export NIX_${role_pre}CXXSTDLIB_COMPILE+=" -isystem @out@/include/c++/v1"
+export NIX_${role_pre}CXXSTDLIB_LINK=" -stdlib=libc++${linkCxxAbi:+" -lc++abi"}"
diff --git a/pkgs/development/compilers/llvm/4/clang/default.nix b/pkgs/development/compilers/llvm/4/clang/default.nix
index 5531fd2ab77..c6538282f23 100644
--- a/pkgs/development/compilers/llvm/4/clang/default.nix
+++ b/pkgs/development/compilers/llvm/4/clang/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetch, cmake, libxml2, libedit, llvm, version, release_version, clang-tools-extra_src, python
+{ stdenv, fetch, cmake, libxml2, llvm, version, release_version, clang-tools-extra_src, python
 , fixDarwinDylibNames
 , enableManpages ? false
 }:
@@ -19,7 +19,7 @@ let
     nativeBuildInputs = [ cmake python ]
       ++ stdenv.lib.optional enableManpages python.pkgs.sphinx;
 
-    buildInputs = [ libedit libxml2 llvm ]
+    buildInputs = [ libxml2 llvm ]
       ++ stdenv.lib.optional stdenv.isDarwin fixDarwinDylibNames;
 
     cmakeFlags = [
@@ -52,7 +52,10 @@ let
     # Clang expects to find LLVMgold in its own prefix
     # Clang expects to find sanitizer libraries in its own prefix
     postInstall = ''
-      ln -sv ${llvm}/lib/LLVMgold.so $out/lib
+      if [ -e ${llvm}/lib/LLVMgold.so ]; then
+        ln -sv ${llvm}/lib/LLVMgold.so $out/lib
+      fi
+
       ln -sv ${llvm}/lib/clang/${release_version}/lib $out/lib/clang/${release_version}/
       ln -sv $out/bin/clang $out/bin/cpp
 
diff --git a/pkgs/development/compilers/llvm/4/libc++/default.nix b/pkgs/development/compilers/llvm/4/libc++/default.nix
index f28957c3518..718abc420a9 100644
--- a/pkgs/development/compilers/llvm/4/libc++/default.nix
+++ b/pkgs/development/compilers/llvm/4/libc++/default.nix
@@ -44,7 +44,10 @@ stdenv.mkDerivation rec {
 
   linkCxxAbi = stdenv.isLinux;
 
-  setupHook = ./setup-hook.sh;
+  setupHooks = [
+    ../../../../../build-support/setup-hooks/role.bash
+    ./setup-hook.sh
+  ];
 
   meta = {
     homepage = http://libcxx.llvm.org/;
diff --git a/pkgs/development/compilers/llvm/4/libc++/setup-hook.sh b/pkgs/development/compilers/llvm/4/libc++/setup-hook.sh
index 9022fced6ec..6611259165a 100644
--- a/pkgs/development/compilers/llvm/4/libc++/setup-hook.sh
+++ b/pkgs/development/compilers/llvm/4/libc++/setup-hook.sh
@@ -1,3 +1,6 @@
+# See pkgs/build-support/setup-hooks/role.bash
+getHostRole
+
 linkCxxAbi="@linkCxxAbi@"
-export NIX_CXXSTDLIB_COMPILE+=" -isystem @out@/include/c++/v1"
-export NIX_CXXSTDLIB_LINK=" -stdlib=libc++${linkCxxAbi:+" -lc++abi"}"
+export NIX_${role_pre}CXXSTDLIB_COMPILE+=" -isystem @out@/include/c++/v1"
+export NIX_${role_pre}CXXSTDLIB_LINK=" -stdlib=libc++${linkCxxAbi:+" -lc++abi"}"
diff --git a/pkgs/development/compilers/llvm/5/clang/default.nix b/pkgs/development/compilers/llvm/5/clang/default.nix
index b5aea54b577..8027733bc52 100644
--- a/pkgs/development/compilers/llvm/5/clang/default.nix
+++ b/pkgs/development/compilers/llvm/5/clang/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetch, cmake, libxml2, libedit, llvm, version, release_version, clang-tools-extra_src, python
+{ stdenv, fetch, cmake, libxml2, llvm, version, release_version, clang-tools-extra_src, python
 , fixDarwinDylibNames
 , enableManpages ? false
 }:
@@ -9,7 +9,7 @@ let
     name = "clang-${version}";
 
     unpackPhase = ''
-      unpackFile ${fetch "cfe" "1zyh4dggxd55lnfg73c8fybnkssqcaa6bq2h4bzimnnj1jdnqpqk"}
+      unpackFile ${fetch "cfe" "0018520c4qxf5hgjdqgpz2dgl3faf4gsz87fdlb8zdmx99rfk77s"}
       mv cfe-${version}* clang
       sourceRoot=$PWD/clang
       unpackFile ${clang-tools-extra_src}
@@ -19,7 +19,7 @@ let
     nativeBuildInputs = [ cmake python ]
       ++ stdenv.lib.optional enableManpages python.pkgs.sphinx;
 
-    buildInputs = [ libedit libxml2 llvm ]
+    buildInputs = [ libxml2 llvm ]
       ++ stdenv.lib.optional stdenv.isDarwin fixDarwinDylibNames;
 
     cmakeFlags = [
@@ -50,10 +50,12 @@ let
 
     outputs = [ "out" "lib" "python" ];
 
-    # Clang expects to find LLVMgold in its own prefix
-    # Clang expects to find sanitizer libraries in its own prefix
     postInstall = ''
-      ln -sv ${llvm}/lib/LLVMgold.so $out/lib
+      # Clang expects to find LLVMgold in its own prefix
+      if [ -e ${llvm}/lib/LLVMgold.so ]; then
+        ln -sv ${llvm}/lib/LLVMgold.so $out/lib
+      fi
+      # Clang expects to find sanitizer libraries in its own prefix
       ln -sv ${llvm}/lib/clang/${release_version}/lib $out/lib/clang/${release_version}/
       ln -sv $out/bin/clang $out/bin/cpp
 
diff --git a/pkgs/development/compilers/llvm/5/default.nix b/pkgs/development/compilers/llvm/5/default.nix
index 13e1d2308f8..67fceb31749 100644
--- a/pkgs/development/compilers/llvm/5/default.nix
+++ b/pkgs/development/compilers/llvm/5/default.nix
@@ -6,7 +6,7 @@
 let
   callPackage = newScope (self // { inherit stdenv cmake libxml2 python2 isl release_version version fetch; });
 
-  release_version = "5.0.1";
+  release_version = "5.0.2";
   version = release_version; # differentiating these is important for rc's
 
   fetch = name: sha256: fetchurl {
@@ -14,8 +14,8 @@ let
     inherit sha256;
   };
 
-  compiler-rt_src = fetch "compiler-rt" "1nlmm0b3wpdwxkldqp1klzv3rpqf94q2a248xgqb7aapyhbi9paf";
-  clang-tools-extra_src = fetch "clang-tools-extra" "09fjii7w43kvxvsxxs6gig9vz95vnvx1779rqd36h8kksvws3bcs";
+  compiler-rt_src = fetch "compiler-rt" "0ipd4jdxpczgr2w6lzrabymz6dhzj69ywmyybjjc1q397zgrvziy";
+  clang-tools-extra_src = fetch "clang-tools-extra" "018b3fiwah8f8br5i26qmzh6sjvzchpn358sn8v079m49f2jldm3";
 
   # Add man output without introducing extra dependencies.
   overrideManOutput = drv:
diff --git a/pkgs/development/compilers/llvm/5/libc++/default.nix b/pkgs/development/compilers/llvm/5/libc++/default.nix
index 9ddeea7ef79..5492e12da98 100644
--- a/pkgs/development/compilers/llvm/5/libc++/default.nix
+++ b/pkgs/development/compilers/llvm/5/libc++/default.nix
@@ -3,7 +3,7 @@
 stdenv.mkDerivation rec {
   name = "libc++-${version}";
 
-  src = fetch "libcxx" "003wwniwlikgh38cbqbcshc5gkiv3a2jkmbn6am9s46y5gfrk3zs";
+  src = fetch "libcxx" "1672aaf95fgy4xsfra8pw24f6r93zwzpan1033hkcm8p2glqipvf";
 
   postUnpack = ''
     unpackFile ${libcxxabi.src}
@@ -40,7 +40,10 @@ stdenv.mkDerivation rec {
 
   linkCxxAbi = stdenv.isLinux;
 
-  setupHook = ./setup-hook.sh;
+  setupHooks = [
+    ../../../../../build-support/setup-hooks/role.bash
+    ./setup-hook.sh
+  ];
 
   meta = {
     homepage = http://libcxx.llvm.org/;
diff --git a/pkgs/development/compilers/llvm/5/libc++/setup-hook.sh b/pkgs/development/compilers/llvm/5/libc++/setup-hook.sh
index 9022fced6ec..6611259165a 100644
--- a/pkgs/development/compilers/llvm/5/libc++/setup-hook.sh
+++ b/pkgs/development/compilers/llvm/5/libc++/setup-hook.sh
@@ -1,3 +1,6 @@
+# See pkgs/build-support/setup-hooks/role.bash
+getHostRole
+
 linkCxxAbi="@linkCxxAbi@"
-export NIX_CXXSTDLIB_COMPILE+=" -isystem @out@/include/c++/v1"
-export NIX_CXXSTDLIB_LINK=" -stdlib=libc++${linkCxxAbi:+" -lc++abi"}"
+export NIX_${role_pre}CXXSTDLIB_COMPILE+=" -isystem @out@/include/c++/v1"
+export NIX_${role_pre}CXXSTDLIB_LINK=" -stdlib=libc++${linkCxxAbi:+" -lc++abi"}"
diff --git a/pkgs/development/compilers/llvm/5/libc++abi.nix b/pkgs/development/compilers/llvm/5/libc++abi.nix
index 6d27dcd47b0..69970543674 100644
--- a/pkgs/development/compilers/llvm/5/libc++abi.nix
+++ b/pkgs/development/compilers/llvm/5/libc++abi.nix
@@ -3,7 +3,7 @@
 stdenv.mkDerivation {
   name = "libc++abi-${version}";
 
-  src = fetch "libcxxabi" "0m78yr4arlz2b9m96xcygk15m2pbz8i10snk78i3q7pjnwn1a9as";
+  src = fetch "libcxxabi" "12lp799rskr4fc2xr64qn4jfkjnfd8b1aymvsxyn4k9ar7r9pgqv";
 
   nativeBuildInputs = [ cmake ];
   buildInputs = stdenv.lib.optional (!stdenv.isDarwin && !stdenv.isFreeBSD) libunwind;
diff --git a/pkgs/development/compilers/llvm/5/lld.nix b/pkgs/development/compilers/llvm/5/lld.nix
index 1d00b16cce1..05801f2f08f 100644
--- a/pkgs/development/compilers/llvm/5/lld.nix
+++ b/pkgs/development/compilers/llvm/5/lld.nix
@@ -10,7 +10,7 @@
 stdenv.mkDerivation {
   name = "lld-${version}";
 
-  src = fetch "lld" "15fq2zvkliyiw5qi7ig2r8bshgbz4kzvs5in16mhfkw20l06rcym";
+  src = fetch "lld" "1ah75rjly6747jk1zbwca3z0svr9b09ylgxd4x9ns721xir6sia6";
 
   nativeBuildInputs = [ cmake ];
   buildInputs = [ llvm ];
diff --git a/pkgs/development/compilers/llvm/5/lldb.nix b/pkgs/development/compilers/llvm/5/lldb.nix
index 559c52831cd..5e670d4de15 100644
--- a/pkgs/development/compilers/llvm/5/lldb.nix
+++ b/pkgs/development/compilers/llvm/5/lldb.nix
@@ -17,7 +17,7 @@
 stdenv.mkDerivation {
   name = "lldb-${version}";
 
-  src = fetch "lldb" "0sipv8k37ai44m7jcf6wsbm2q41dgk3sk9m3i6823jkmg7kckhdp";
+  src = fetch "lldb" "05j2a63yzln43852nng8a7y47spzlyr1cvdmgmbxgd29c8r0bfkq";
 
   postPatch = ''
     # Fix up various paths that assume llvm and clang are installed in the same place
diff --git a/pkgs/development/compilers/llvm/5/llvm.nix b/pkgs/development/compilers/llvm/5/llvm.nix
index ac575a0bf7a..66985861e38 100644
--- a/pkgs/development/compilers/llvm/5/llvm.nix
+++ b/pkgs/development/compilers/llvm/5/llvm.nix
@@ -20,7 +20,7 @@
 }:
 
 let
-  src = fetch "llvm" "1c07i0b61j69m578lgjkyayg419sh7sn40xb3j112nr2q2gli9sz";
+  src = fetch "llvm" "0g1bbj2n6xv4p1n6hh17vj3vpvg56wacipc81dgwga9mg2lys8nm";
 
   # Used when creating a version-suffixed symlink of libLLVM.dylib
   shortVersion = with stdenv.lib;
diff --git a/pkgs/development/compilers/llvm/5/openmp.nix b/pkgs/development/compilers/llvm/5/openmp.nix
index 5a01c191b5a..5c2b7501f97 100644
--- a/pkgs/development/compilers/llvm/5/openmp.nix
+++ b/pkgs/development/compilers/llvm/5/openmp.nix
@@ -10,7 +10,7 @@
 stdenv.mkDerivation {
   name = "openmp-${version}";
 
-  src = fetch "openmp" "0lr6r87xzg87w1q9rrh04nqpyr8c929dh4qy3csjiy7rsb6kbdmd";
+  src = fetch "openmp" "0p2n52676wlq6y9q99n5pivq6pvvda1p994r69fxj206ahn59jir";
 
   nativeBuildInputs = [ cmake perl ];
   buildInputs = [ llvm ];
diff --git a/pkgs/development/compilers/llvm/6/clang/default.nix b/pkgs/development/compilers/llvm/6/clang/default.nix
index 919efdc8ef9..3d02062a4a3 100644
--- a/pkgs/development/compilers/llvm/6/clang/default.nix
+++ b/pkgs/development/compilers/llvm/6/clang/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetch, cmake, libxml2, libedit, llvm, version, release_version, clang-tools-extra_src, python
+{ stdenv, fetch, cmake, libxml2, llvm, version, release_version, clang-tools-extra_src, python
 , fixDarwinDylibNames
 , enableManpages ? false
 }:
@@ -19,7 +19,7 @@ let
     nativeBuildInputs = [ cmake python ]
       ++ stdenv.lib.optional enableManpages python.pkgs.sphinx;
 
-    buildInputs = [ libedit libxml2 llvm ]
+    buildInputs = [ libxml2 llvm ]
       ++ stdenv.lib.optional stdenv.isDarwin fixDarwinDylibNames;
 
     cmakeFlags = [
@@ -53,7 +53,10 @@ let
     # Clang expects to find LLVMgold in its own prefix
     # Clang expects to find sanitizer libraries in its own prefix
     postInstall = ''
-      ln -sv ${llvm}/lib/LLVMgold.so $out/lib
+      if [ -e ${llvm}/lib/LLVMgold.so ]; then
+        ln -sv ${llvm}/lib/LLVMgold.so $out/lib
+      fi
+
       ln -sv ${llvm}/lib/clang/${release_version}/lib $out/lib/clang/${release_version}/
       ln -sv $out/bin/clang $out/bin/cpp
 
diff --git a/pkgs/development/compilers/llvm/6/libc++/default.nix b/pkgs/development/compilers/llvm/6/libc++/default.nix
index 3c6c009a58f..27d8cd18b66 100644
--- a/pkgs/development/compilers/llvm/6/libc++/default.nix
+++ b/pkgs/development/compilers/llvm/6/libc++/default.nix
@@ -40,7 +40,10 @@ stdenv.mkDerivation rec {
 
   linkCxxAbi = stdenv.isLinux;
 
-  setupHook = ./setup-hook.sh;
+  setupHooks = [
+    ../../../../../build-support/setup-hooks/role.bash
+    ./setup-hook.sh
+  ];
 
   meta = {
     homepage = http://libcxx.llvm.org/;
diff --git a/pkgs/development/compilers/llvm/6/libc++/setup-hook.sh b/pkgs/development/compilers/llvm/6/libc++/setup-hook.sh
index 9022fced6ec..6611259165a 100644
--- a/pkgs/development/compilers/llvm/6/libc++/setup-hook.sh
+++ b/pkgs/development/compilers/llvm/6/libc++/setup-hook.sh
@@ -1,3 +1,6 @@
+# See pkgs/build-support/setup-hooks/role.bash
+getHostRole
+
 linkCxxAbi="@linkCxxAbi@"
-export NIX_CXXSTDLIB_COMPILE+=" -isystem @out@/include/c++/v1"
-export NIX_CXXSTDLIB_LINK=" -stdlib=libc++${linkCxxAbi:+" -lc++abi"}"
+export NIX_${role_pre}CXXSTDLIB_COMPILE+=" -isystem @out@/include/c++/v1"
+export NIX_${role_pre}CXXSTDLIB_LINK=" -stdlib=libc++${linkCxxAbi:+" -lc++abi"}"
diff --git a/pkgs/development/compilers/openjdk/8.nix b/pkgs/development/compilers/openjdk/8.nix
index 7798418ebfd..9db5e8ba23c 100644
--- a/pkgs/development/compilers/openjdk/8.nix
+++ b/pkgs/development/compilers/openjdk/8.nix
@@ -133,6 +133,8 @@ let
 
     buildFlags = [ "all" ];
 
+    doCheck = false; # fails with "No rule to make target 'y'."
+
     installPhase = ''
       mkdir -p $out/lib/openjdk $out/share $jre/lib/openjdk
 
diff --git a/pkgs/development/haskell-modules/generic-builder.nix b/pkgs/development/haskell-modules/generic-builder.nix
index 3ab77c42cbb..a15a67d3241 100644
--- a/pkgs/development/haskell-modules/generic-builder.nix
+++ b/pkgs/development/haskell-modules/generic-builder.nix
@@ -20,7 +20,7 @@ in
 , buildTools ? [], libraryToolDepends ? [], executableToolDepends ? [], testToolDepends ? [], benchmarkToolDepends ? []
 , configureFlags ? []
 , description ? ""
-, doCheck ? !isCross && (stdenv.lib.versionOlder "7.4" ghc.version)
+, doCheck ? !isCross && stdenv.lib.versionOlder "7.4" ghc.version
 , doBenchmark ? false
 , doHoogle ? true
 , editedCabalFile ? null
@@ -172,7 +172,7 @@ let
                       buildTools ++ libraryToolDepends ++ executableToolDepends;
   propagatedBuildInputs = buildDepends ++ libraryHaskellDepends ++ executableHaskellDepends;
   otherBuildInputs = setupHaskellDepends ++ extraLibraries ++ librarySystemDepends ++ executableSystemDepends ++
-                     optionals (allPkgconfigDepends != []) allPkgconfigDepends ++
+                     allPkgconfigDepends ++
                      optionals doCheck (testDepends ++ testHaskellDepends ++ testSystemDepends ++ testToolDepends) ++
                      optionals doBenchmark (benchmarkDepends ++ benchmarkHaskellDepends ++ benchmarkSystemDepends ++ benchmarkToolDepends);
   allBuildInputs = propagatedBuildInputs ++ otherBuildInputs;
@@ -314,6 +314,8 @@ stdenv.mkDerivation ({
     runHook postBuild
   '';
 
+  inherit doCheck;
+
   checkPhase = ''
     runHook preCheck
     ${setupCommand} test ${testTarget}
@@ -428,7 +430,6 @@ stdenv.mkDerivation ({
 // optionalAttrs (postConfigure != "")  { inherit postConfigure; }
 // optionalAttrs (preBuild != "")       { inherit preBuild; }
 // optionalAttrs (postBuild != "")      { inherit postBuild; }
-// optionalAttrs (doCheck)              { inherit doCheck; }
 // optionalAttrs (doBenchmark)          { inherit doBenchmark; }
 // optionalAttrs (checkPhase != "")     { inherit checkPhase; }
 // optionalAttrs (preCheck != "")       { inherit preCheck; }
diff --git a/pkgs/development/interpreters/dart/default.nix b/pkgs/development/interpreters/dart/default.nix
index 17f124e7989..ae7f8686b78 100644
--- a/pkgs/development/interpreters/dart/default.nix
+++ b/pkgs/development/interpreters/dart/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, unzip, version }:
+{ stdenv, fetchurl, unzip, version ? "1.24.3" }:
 
 let
 
@@ -57,9 +57,9 @@ stdenv.mkDerivation {
   '';
 
   libPath = stdenv.lib.makeLibraryPath [ stdenv.cc.cc ];
- 
+
   dontStrip = true;
-  
+
   meta = {
     platforms = [ "i686-linux" "x86_64-linux" ];
     homepage = https://www.dartlang.org/;
diff --git a/pkgs/development/interpreters/guile/1.8.nix b/pkgs/development/interpreters/guile/1.8.nix
index cf42c9a7b68..03326f7a759 100644
--- a/pkgs/development/interpreters/guile/1.8.nix
+++ b/pkgs/development/interpreters/guile/1.8.nix
@@ -66,6 +66,7 @@ stdenv.mkDerivation rec {
   # This is fixed here:
   # <http://git.savannah.gnu.org/cgit/guile.git/commit/?h=branch_release-1-8&id=a0aa1e5b69d6ef0311aeea8e4b9a94eae18a1aaf>.
   doCheck = false;
+  doInstallCheck = doCheck;
 
   setupHook = ./setup-hook.sh;
 
diff --git a/pkgs/development/interpreters/guile/2.0.nix b/pkgs/development/interpreters/guile/2.0.nix
index 3a11dc78c6c..b0eeb89ce43 100644
--- a/pkgs/development/interpreters/guile/2.0.nix
+++ b/pkgs/development/interpreters/guile/2.0.nix
@@ -89,6 +89,7 @@
   # make check doesn't work on darwin
   # On Linuxes+Hydra the tests are flaky; feel free to investigate deeper.
   doCheck = false;
+  doInstallCheck = doCheck;
 
   setupHook = ./setup-hook-2.0.sh;
 
diff --git a/pkgs/development/interpreters/guile/default.nix b/pkgs/development/interpreters/guile/default.nix
index 748b3c5e200..196c899fcea 100644
--- a/pkgs/development/interpreters/guile/default.nix
+++ b/pkgs/development/interpreters/guile/default.nix
@@ -85,6 +85,7 @@
   # make check doesn't work on darwin
   # On Linuxes+Hydra the tests are flaky; feel free to investigate deeper.
   doCheck = false;
+  doInstallCheck = doCheck;
 
   setupHook = ./setup-hook-2.2.sh;
 
diff --git a/pkgs/development/interpreters/perl/default.nix b/pkgs/development/interpreters/perl/default.nix
index 3541c92fd9d..4d6f426fae4 100644
--- a/pkgs/development/interpreters/perl/default.nix
+++ b/pkgs/development/interpreters/perl/default.nix
@@ -105,6 +105,8 @@ let
 
     passthru.libPrefix = "lib/perl5/site_perl";
 
+    doCheck = false; # some tests fail, expensive
+
     # TODO: it seems like absolute paths to some coreutils is required.
     postInstall =
       ''
diff --git a/pkgs/development/interpreters/python/build-python-package.nix b/pkgs/development/interpreters/python/build-python-package.nix
index 6a07a006c6b..b55d6d874bb 100644
--- a/pkgs/development/interpreters/python/build-python-package.nix
+++ b/pkgs/development/interpreters/python/build-python-package.nix
@@ -2,6 +2,7 @@
 # and can build packages that use distutils, setuptools or flit.
 
 { lib
+, config
 , python
 , wrapPython
 , setuptools
@@ -19,7 +20,7 @@ let
   wheel-specific = import ./build-python-package-wheel.nix { };
   common = import ./build-python-package-common.nix { inherit python bootstrapped-pip; };
   mkPythonDerivation = import ./mk-python-derivation.nix {
-    inherit lib python wrapPython setuptools unzip ensureNewerSourcesForZipFilesHook toPythonModule namePrefix;
+    inherit lib config python wrapPython setuptools unzip ensureNewerSourcesForZipFilesHook toPythonModule namePrefix;
   };
 in
 
diff --git a/pkgs/development/interpreters/python/cpython/2.7/default.nix b/pkgs/development/interpreters/python/cpython/2.7/default.nix
index 98e5b4b1da0..ed1bc9dc817 100644
--- a/pkgs/development/interpreters/python/cpython/2.7/default.nix
+++ b/pkgs/development/interpreters/python/cpython/2.7/default.nix
@@ -31,7 +31,7 @@ with stdenv.lib;
 
 let
   majorVersion = "2.7";
-  minorVersion = "14";
+  minorVersion = "15";
   minorVersionSuffix = "";
   pythonVersion = majorVersion;
   version = "${majorVersion}.${minorVersion}${minorVersionSuffix}";
@@ -40,7 +40,7 @@ let
 
   src = fetchurl {
     url = "https://www.python.org/ftp/python/${majorVersion}.${minorVersion}/Python-${version}.tar.xz";
-    sha256 = "0rka541ys16jwzcnnvjp2v12m4cwgd2jp6wj4kj511p715pb5zvi";
+    sha256 = "0x2mvz9dp11wj7p5ccvmk9s0hzjk2fa1m462p395l4r6bfnb3n92";
   };
 
   hasDistutilsCxxPatch = !(stdenv.cc.isGNU or false);
@@ -58,8 +58,6 @@ let
       # if DETERMINISTIC_BUILD env var is set
       ./deterministic-build.patch
 
-      ./properly-detect-curses.patch
-
     ] ++ optionals (x11Support && stdenv.isDarwin) [
       ./use-correct-tcl-tk-on-darwin.patch
     ] ++ optionals stdenv.isLinux [
@@ -140,7 +138,10 @@ let
     "ac_cv_computed_gotos=yes"
     "ac_cv_file__dev_ptmx=yes"
     "ac_cv_file__dev_ptc=yes"
-  ];
+  ]
+    # Never even try to use lchmod on linux,
+    # don't rely on detecting glibc-isms.
+  ++ optional hostPlatform.isLinux "ac_cv_func_lchmod=no";
 
   postConfigure = if hostPlatform.isCygwin then ''
     sed -i Makefile -e 's,PYTHONPATH="$(srcdir),PYTHONPATH="$(abs_srcdir),'
@@ -241,6 +242,8 @@ in stdenv.mkDerivation {
 
     enableParallelBuilding = true;
 
+    doCheck = false; # expensive, and fails
+
     meta = {
       homepage = http://python.org;
       description = "A high-level dynamically-typed programming language";
diff --git a/pkgs/development/interpreters/python/cpython/2.7/properly-detect-curses.patch b/pkgs/development/interpreters/python/cpython/2.7/properly-detect-curses.patch
deleted file mode 100644
index e2640bab0e9..00000000000
--- a/pkgs/development/interpreters/python/cpython/2.7/properly-detect-curses.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-From 6dc83db69b5e29d25ba6d73646ea2e9a1097848a Mon Sep 17 00:00:00 2001
-From: Roumen Petrov <local@example.net>
-Date: Sun, 19 Feb 2012 16:13:24 +0200
-Subject: [PATCH] CROSS-properly detect WINDOW _flags for different ncurses versions
-
----
- Include/py_curses.h |    5 +++++
- configure.ac        |   40 ++++++++++++++++++++++++++++++++++++++--
- pyconfig.h.in       |    6 ++++++
- 3 files changed, 49 insertions(+), 2 deletions(-)
-
-diff --git a/Include/py_curses.h b/Include/py_curses.h
-index f2c08f6..a9b5260 100644
---- a/Include/py_curses.h
-+++ b/Include/py_curses.h
-@@ -14,7 +14,9 @@
- /* the following define is necessary for OS X 10.6; without it, the
-    Apple-supplied ncurses.h sets NCURSES_OPAQUE to 1, and then Python
-    can't get at the WINDOW flags field. */
-+/* NOTE configure check if ncurses require such definition
- #define NCURSES_OPAQUE 0
-+*/
- #endif /* __APPLE__ */
- 
- #ifdef __FreeBSD__
-@@ -57,9 +59,12 @@
- #ifdef HAVE_NCURSES_H
- /* configure was checking <curses.h>, but we will
-    use <ncurses.h>, which has all these features. */
-+/* NOTE configure check for existence of flags
-+ * Also flags are visible only if WINDOW structure is not opaque
- #ifndef WINDOW_HAS_FLAGS
- #define WINDOW_HAS_FLAGS 1
- #endif
-+*/
- #ifndef MVWDELCH_IS_EXPRESSION
- #define MVWDELCH_IS_EXPRESSION 1
- #endif
-diff --git a/configure.ac b/configure.ac
-index 0a3a186..75f5142 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -4150,15 +4150,51 @@ then
- fi
- 
- AC_MSG_CHECKING(whether WINDOW has _flags)
--AC_CACHE_VAL(ac_cv_window_has_flags,
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <curses.h>]], [[
-   WINDOW *w;
-   w->_flags = 0;
- ]])],
- [ac_cv_window_has_flags=yes],
--[ac_cv_window_has_flags=no]))
-+[ac_cv_window_has_flags=no])
- AC_MSG_RESULT($ac_cv_window_has_flags)
- 
-+py_curses_window_is_opaque=no
-+if test no = $ac_cv_window_has_flags; then
-+  AC_MSG_CHECKING([whether WINDOW has _flags in non-opaque structure])
-+  AC_COMPILE_IFELSE([
-+  AC_LANG_PROGRAM([[
-+    #define NCURSES_OPAQUE 0
-+    #include <curses.h>
-+  ]],[[
-+    WINDOW *w;
-+    w->_flags = 0;
-+  ]])],
-+  [py_curses_window_is_opaque=yes])
-+  AC_MSG_RESULT([$py_curses_window_is_opaque])
-+fi
-+if test yes = $py_curses_window_is_opaque; then
-+  ac_cv_window_has_flags=yes
-+  AC_DEFINE([NCURSES_OPAQUE], [0], [Define to 0 if you have WINDOW _flags in non-opaque structure.])
-+fi
-+
-+py_curses_window_is_internal=no
-+if test no = $ac_cv_window_has_flags; then
-+  AC_MSG_CHECKING([whether WINDOW has _flags as internal structure])
-+  AC_COMPILE_IFELSE([
-+  AC_LANG_PROGRAM([[
-+    #define NCURSES_INTERNALS 1
-+    #include <curses.h>
-+  ]],[[
-+    WINDOW *w;
-+    w->_flags = 0;
-+  ]])],
-+  [py_curses_window_is_internal=yes])
-+  AC_MSG_RESULT([$py_curses_window_is_internal])
-+fi
-+if test yes = $py_curses_window_is_internal; then
-+  ac_cv_window_has_flags=yes
-+  AC_DEFINE([NCURSES_INTERNALS], [1], [Define to 1 if you have WINDOW _flags as internal structure.])
-+fi
- 
- if test "$ac_cv_window_has_flags" = yes
- then
-diff --git a/pyconfig.h.in b/pyconfig.h.in
-index 3ca3a4f..484c817 100644
---- a/pyconfig.h.in
-+++ b/pyconfig.h.in
-@@ -1130,6 +1130,12 @@
- /* Define if mvwdelch in curses.h is an expression. */
- #undef MVWDELCH_IS_EXPRESSION
- 
-+/* Define to 1 if you have WINDOW _flags as internal structure. */
-+#undef NCURSES_INTERNALS
-+
-+/* Define to 0 if you have WINDOW _flags in non-opaque structure. */
-+#undef NCURSES_OPAQUE
-+
- /* Define to the address where bug reports for this package should be sent. */
- #undef PACKAGE_BUGREPORT
- 
--- 
-1.6.4
-
diff --git a/pkgs/development/interpreters/python/cpython/3.4/default.nix b/pkgs/development/interpreters/python/cpython/3.4/default.nix
index 797a5be40ff..7da2cfdd152 100644
--- a/pkgs/development/interpreters/python/cpython/3.4/default.nix
+++ b/pkgs/development/interpreters/python/cpython/3.4/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl
+{ stdenv, fetchurl, fetchpatch
 , bzip2
 , expat
 , libffi
@@ -39,6 +39,8 @@ let
     ++ optionals x11Support [ tcl tk libX11 xproto ]
     ++ optionals stdenv.isDarwin [ CF configd ];
 
+  hasDistutilsCxxPatch = !(stdenv.cc.isGNU or false);
+
 in stdenv.mkDerivation {
   name = "python3-${version}";
   pythonVersion = majorVersion;
@@ -69,6 +71,16 @@ in stdenv.mkDerivation {
     ./ld_library_path.patch
   ] ++ optionals (x11Support && stdenv.isDarwin) [
     ./use-correct-tcl-tk-on-darwin.patch
+  ] ++ optionals hasDistutilsCxxPatch [
+    # Fix for http://bugs.python.org/issue1222585
+    # Upstream distutils is calling C compiler to compile C++ code, which
+    # only works for GCC and Apple Clang. This makes distutils to call C++
+    # compiler when needed.
+    (fetchpatch {
+      url = "https://bugs.python.org/file47046/python-3.x-distutils-C++.patch";
+      sha256 = "0dgdn9k2kmw4wh90vdnjcrnn97ylxgx7mbn9l87fwz6j501jqvk8";
+      extraPrefix = "";
+    })
   ];
 
   postPatch = ''
@@ -96,7 +108,10 @@ in stdenv.mkDerivation {
     "--without-ensurepip"
     "--with-system-expat"
     "--with-system-ffi"
-  ];
+  ]
+    # Never even try to use lchmod on linux,
+    # don't rely on detecting glibc-isms.
+  ++ optional stdenv.hostPlatform.isLinux "ac_cv_func_lchmod=no";
 
   preConfigure = ''
     for i in /usr /sw /opt /pkg; do	# improve purity
@@ -163,7 +178,7 @@ in stdenv.mkDerivation {
   passthru = let
     pythonPackages = callPackage ../../../../../top-level/python-packages.nix {python=self; overrides=packageOverrides;};
   in rec {
-    inherit libPrefix sitePackages x11Support;
+    inherit libPrefix sitePackages x11Support hasDistutilsCxxPatch;
     executable = "${libPrefix}m";
     buildEnv = callPackage ../../wrapper.nix { python = self; inherit (pythonPackages) requiredPythonModules; };
     withPackages = import ../../with-packages.nix { inherit buildEnv pythonPackages;};
@@ -176,6 +191,8 @@ in stdenv.mkDerivation {
 
   enableParallelBuilding = true;
 
+  doCheck = false; # expensive, and fails
+
   meta = {
     homepage = http://python.org;
     description = "A high-level dynamically-typed programming language";
diff --git a/pkgs/development/interpreters/python/cpython/3.5/default.nix b/pkgs/development/interpreters/python/cpython/3.5/default.nix
index 6dbf9a09cf5..434c2338270 100644
--- a/pkgs/development/interpreters/python/cpython/3.5/default.nix
+++ b/pkgs/development/interpreters/python/cpython/3.5/default.nix
@@ -39,6 +39,8 @@ let
     ++ optionals x11Support [ tcl tk libX11 xproto ]
     ++ optionals stdenv.isDarwin [ CF configd ];
 
+  hasDistutilsCxxPatch = !(stdenv.cc.isGNU or false);
+
 in stdenv.mkDerivation {
   name = "python3-${version}";
   pythonVersion = majorVersion;
@@ -67,8 +69,24 @@ in stdenv.mkDerivation {
   patches = [
     ./no-ldconfig.patch
     ./ld_library_path.patch
+  ] ++ optionals stdenv.isDarwin [
+    # Fix for https://bugs.python.org/issue24658
+    (fetchpatch {
+      url = "https://bugs.python.org/file45178/issue24658-3-3.6.diff";
+      sha256 = "1x060hs80nl34mcl2ji2i7l4shxkmxwgq8h8lcmav8rjqqz1nb4a";
+    })
   ] ++ optionals (x11Support && stdenv.isDarwin) [
     ./use-correct-tcl-tk-on-darwin.patch
+  ] ++ optionals hasDistutilsCxxPatch [
+    # Fix for http://bugs.python.org/issue1222585
+    # Upstream distutils is calling C compiler to compile C++ code, which
+    # only works for GCC and Apple Clang. This makes distutils to call C++
+    # compiler when needed.
+    (fetchpatch {
+      url = "https://bugs.python.org/file47046/python-3.x-distutils-C++.patch";
+      sha256 = "0dgdn9k2kmw4wh90vdnjcrnn97ylxgx7mbn9l87fwz6j501jqvk8";
+      extraPrefix = "";
+    })
   ];
 
   postPatch = ''
@@ -90,7 +108,10 @@ in stdenv.mkDerivation {
     "--without-ensurepip"
     "--with-system-expat"
     "--with-system-ffi"
-  ];
+  ]
+    # Never even try to use lchmod on linux,
+    # don't rely on detecting glibc-isms.
+  ++ optional stdenv.hostPlatform.isLinux "ac_cv_func_lchmod=no";
 
   preConfigure = ''
     for i in /usr /sw /opt /pkg; do	# improve purity
@@ -157,7 +178,7 @@ in stdenv.mkDerivation {
   passthru = let
     pythonPackages = callPackage ../../../../../top-level/python-packages.nix {python=self; overrides=packageOverrides;};
   in rec {
-    inherit libPrefix sitePackages x11Support;
+    inherit libPrefix sitePackages x11Support hasDistutilsCxxPatch;
     executable = "${libPrefix}m";
     buildEnv = callPackage ../../wrapper.nix { python = self; inherit (pythonPackages) requiredPythonModules; };
     withPackages = import ../../with-packages.nix { inherit buildEnv pythonPackages;};
@@ -169,6 +190,8 @@ in stdenv.mkDerivation {
 
   enableParallelBuilding = true;
 
+  doCheck = false; # expensive, and fails
+
   meta = {
     homepage = http://python.org;
     description = "A high-level dynamically-typed programming language";
diff --git a/pkgs/development/interpreters/python/cpython/3.6/default.nix b/pkgs/development/interpreters/python/cpython/3.6/default.nix
index cc8f6228f62..5ee5c917953 100644
--- a/pkgs/development/interpreters/python/cpython/3.6/default.nix
+++ b/pkgs/development/interpreters/python/cpython/3.6/default.nix
@@ -42,6 +42,8 @@ let
   nativeBuildInputs =
     optional (stdenv.hostPlatform != stdenv.buildPlatform) buildPackages.python3;
 
+  hasDistutilsCxxPatch = !(stdenv.cc.isGNU or false);
+
 in stdenv.mkDerivation {
   name = "python3-${version}";
   pythonVersion = majorVersion;
@@ -69,8 +71,24 @@ in stdenv.mkDerivation {
 
   patches = [
     ./no-ldconfig.patch
+  ] ++ optionals stdenv.isDarwin [
+    # Fix for https://bugs.python.org/issue24658
+    (fetchpatch {
+      url = "https://bugs.python.org/file45178/issue24658-3-3.6.diff";
+      sha256 = "1x060hs80nl34mcl2ji2i7l4shxkmxwgq8h8lcmav8rjqqz1nb4a";
+    })
   ] ++ optionals (x11Support && stdenv.isDarwin) [
     ./use-correct-tcl-tk-on-darwin.patch
+  ] ++ optionals hasDistutilsCxxPatch [
+    # Fix for http://bugs.python.org/issue1222585
+    # Upstream distutils is calling C compiler to compile C++ code, which
+    # only works for GCC and Apple Clang. This makes distutils to call C++
+    # compiler when needed.
+    (fetchpatch {
+      url = "https://bugs.python.org/file47046/python-3.x-distutils-C++.patch";
+      sha256 = "0dgdn9k2kmw4wh90vdnjcrnn97ylxgx7mbn9l87fwz6j501jqvk8";
+      extraPrefix = "";
+    })
   ];
 
   postPatch = ''
@@ -113,7 +131,10 @@ in stdenv.mkDerivation {
     "ac_cv_computed_gotos=yes"
     "ac_cv_file__dev_ptmx=yes"
     "ac_cv_file__dev_ptc=yes"
-  ];
+  ]
+    # Never even try to use lchmod on linux,
+    # don't rely on detecting glibc-isms.
+  ++ optional stdenv.hostPlatform.isLinux "ac_cv_func_lchmod=no";
 
   preConfigure = ''
     for i in /usr /sw /opt /pkg; do	# improve purity
@@ -180,7 +201,7 @@ in stdenv.mkDerivation {
   passthru = let
     pythonPackages = callPackage ../../../../../top-level/python-packages.nix {python=self; overrides=packageOverrides;};
   in rec {
-    inherit libPrefix sitePackages x11Support;
+    inherit libPrefix sitePackages x11Support hasDistutilsCxxPatch;
     executable = "${libPrefix}m";
     buildEnv = callPackage ../../wrapper.nix { python = self; inherit (pythonPackages) requiredPythonModules; };
     withPackages = import ../../with-packages.nix { inherit buildEnv pythonPackages;};
@@ -193,6 +214,8 @@ in stdenv.mkDerivation {
 
   enableParallelBuilding = true;
 
+  doCheck = false; # expensive, and fails
+
   meta = {
     homepage = http://python.org;
     description = "A high-level dynamically-typed programming language";
diff --git a/pkgs/development/interpreters/python/mk-python-derivation.nix b/pkgs/development/interpreters/python/mk-python-derivation.nix
index 96a9cdf0c61..63ffdbb8c0a 100644
--- a/pkgs/development/interpreters/python/mk-python-derivation.nix
+++ b/pkgs/development/interpreters/python/mk-python-derivation.nix
@@ -1,6 +1,7 @@
 # Generic builder.
 
 { lib
+, config
 , python
 , wrapPython
 , setuptools
@@ -53,7 +54,7 @@
 
 , passthru ? {}
 
-, doCheck ? false
+, doCheck ? config.doCheckByDefault or false
 
 , ... } @ attrs:
 
@@ -74,7 +75,6 @@ toPythonModule (python.stdenv.mkDerivation (builtins.removeAttrs attrs [
 
   buildInputs = [ wrapPython ]
     ++ lib.optional (lib.hasSuffix "zip" (attrs.src.name or "")) unzip
-    ++ lib.optionals doCheck checkInputs
     ++ lib.optional catchConflicts setuptools # If we no longer propagate setuptools
     ++ buildInputs
     ++ pythonPath;
@@ -85,6 +85,7 @@ toPythonModule (python.stdenv.mkDerivation (builtins.removeAttrs attrs [
   # Python packages don't have a checkPhase, only an installCheckPhase
   doCheck = false;
   doInstallCheck = doCheck;
+  installCheckInputs = checkInputs;
 
   postFixup = lib.optionalString (!dontWrapPythonPrograms) ''
     wrapPythonPrograms
diff --git a/pkgs/development/libraries/appstream-glib/default.nix b/pkgs/development/libraries/appstream-glib/default.nix
index 6ad6b158826..b09f5f67f56 100644
--- a/pkgs/development/libraries/appstream-glib/default.nix
+++ b/pkgs/development/libraries/appstream-glib/default.nix
@@ -39,6 +39,8 @@ stdenv.mkDerivation rec {
     "-Ddep11=false"
   ];
 
+  doCheck = false; # fails at least 1 test
+
   postInstall = ''
     moveToOutput "share/installed-tests" "$installedTests"
   '';
diff --git a/pkgs/development/libraries/at-spi2-atk/default.nix b/pkgs/development/libraries/at-spi2-atk/default.nix
index 86f35d7f578..1e5d003654c 100644
--- a/pkgs/development/libraries/at-spi2-atk/default.nix
+++ b/pkgs/development/libraries/at-spi2-atk/default.nix
@@ -16,6 +16,8 @@ stdenv.mkDerivation rec {
   buildInputs = [ python popt atk libX11 libICE xorg.libXtst libXi
                   dbus-glib at-spi2-core libSM ];
 
+  doCheck = false; # needs dbus daemon
+
   meta = with stdenv.lib; {
     platforms = platforms.unix;
   };
diff --git a/pkgs/development/libraries/at-spi2-core/default.nix b/pkgs/development/libraries/at-spi2-core/default.nix
index 6715a59579b..b7547c29392 100644
--- a/pkgs/development/libraries/at-spi2-core/default.nix
+++ b/pkgs/development/libraries/at-spi2-core/default.nix
@@ -23,6 +23,8 @@ stdenv.mkDerivation rec {
   # ToDo: on non-NixOS we create a symlink from there?
   configureFlags = "--with-dbus-daemondir=/run/current-system/sw/bin/";
 
+  doCheck = false; # needs dbus daemon
+
   meta = with stdenv.lib; {
     platforms = platforms.unix;
   };
diff --git a/pkgs/development/libraries/avahi/default.nix b/pkgs/development/libraries/avahi/default.nix
index 098378701d5..53e3f5468ab 100644
--- a/pkgs/development/libraries/avahi/default.nix
+++ b/pkgs/development/libraries/avahi/default.nix
@@ -20,13 +20,15 @@ stdenv.mkDerivation rec {
   buildInputs = [ libdaemon dbus perl perlXMLParser glib expat libiconv ]
     ++ (stdenv.lib.optional qt4Support qt4);
 
-  nativeBuildInputs = [ pkgconfig gettext intltool ];
+  nativeBuildInputs = [ pkgconfig gettext intltool glib ];
 
   configureFlags =
     [ "--disable-qt3" "--disable-gdbm" "--disable-mono"
       "--disable-gtk" "--disable-gtk3"
       "--${if qt4Support then "enable" else "disable"}-qt4"
-      "--disable-python" "--localstatedir=/var" "--with-distro=none" ]
+      "--disable-python" "--localstatedir=/var" "--with-distro=none"
+      # A systemd unit is provided by the avahi-daemon NixOS module
+      "--with-systemdsystemunitdir=no" ]
     ++ stdenv.lib.optional withLibdnssdCompat "--enable-compat-libdns_sd"
     # autoipd won't build on darwin
     ++ stdenv.lib.optional stdenv.isDarwin "--disable-autoipd";
diff --git a/pkgs/development/libraries/boehm-gc/default.nix b/pkgs/development/libraries/boehm-gc/default.nix
index d4e91deb744..14479a56091 100644
--- a/pkgs/development/libraries/boehm-gc/default.nix
+++ b/pkgs/development/libraries/boehm-gc/default.nix
@@ -4,14 +4,14 @@
 
 stdenv.mkDerivation rec {
   name = "boehm-gc-${version}";
-  version = "7.6.4";
+  version = "7.6.6";
 
   src = fetchurl {
     urls = [
       "http://www.hboehm.info/gc/gc_source/gc-${version}.tar.gz"
       "https://github.com/ivmai/bdwgc/releases/download/v${version}/gc-${version}.tar.gz"
     ];
-    sha256 = "076dzsqqyxd3nlzs0z277vvhqjp8nv5dqi763s0m90zr6ljiyk5r";
+    sha256 = "1p1r015a7jbpvkkbgzv1y8nxrbbp6dg0mq3ksi6ji0qdz3wfss79";
   };
 
   buildInputs = [ libatomic_ops ];
diff --git a/pkgs/development/libraries/boost/generic.nix b/pkgs/development/libraries/boost/generic.nix
index 14ea512afbd..efe1151359d 100644
--- a/pkgs/development/libraries/boost/generic.nix
+++ b/pkgs/development/libraries/boost/generic.nix
@@ -55,11 +55,11 @@ let
     "--layout=${layout}"
     "variant=${variant}"
     "threading=${threading}"
-    "runtime-link=${runtime-link}"
     "link=${link}"
     "-sEXPAT_INCLUDE=${expat.dev}/include"
     "-sEXPAT_LIBPATH=${expat.out}/lib"
-  ] ++ optional (variant == "release") "debug-symbols=off"
+  ] ++ optional (link != "static") "runtime-link=${runtime-link}"
+    ++ optional (variant == "release") "debug-symbols=off"
     ++ optional (toolset != null) "toolset=${toolset}"
     ++ optional (mpi != null || hostPlatform != buildPlatform) "--user-config=user-config.jam"
     ++ optionals (hostPlatform.libc == "msvcrt") [
diff --git a/pkgs/development/libraries/c-ares/default.nix b/pkgs/development/libraries/c-ares/default.nix
index 6b3b69f9997..a384a770783 100644
--- a/pkgs/development/libraries/c-ares/default.nix
+++ b/pkgs/development/libraries/c-ares/default.nix
@@ -2,11 +2,11 @@
 
 let self =
 stdenv.mkDerivation rec {
-  name = "c-ares-1.13.0";
+  name = "c-ares-1.14.0";
 
   src = fetchurl {
     url = "http://c-ares.haxx.se/download/${name}.tar.gz";
-    sha256 = "19qxhv9aiw903fr808y77r6l9js0fq9m3gcaqckan9jan7qhixq3";
+    sha256 = "0vnwmbvymw677k780kpb6sb8i3szdp89rzy8mz1fwg1657yw3ls5";
   };
 
   meta = with stdenv.lib; {
diff --git a/pkgs/development/libraries/cairo/default.nix b/pkgs/development/libraries/cairo/default.nix
index 6a7beb1cc1a..74ae4abaedf 100644
--- a/pkgs/development/libraries/cairo/default.nix
+++ b/pkgs/development/libraries/cairo/default.nix
@@ -9,25 +9,17 @@
 
 assert glSupport -> libGL != null;
 
-let inherit (stdenv.lib) optional optionals; in
-
-stdenv.mkDerivation rec {
-  name = "cairo-1.14.10";
+let
+  version = "1.15.10";
+  inherit (stdenv.lib) optional optionals;
+in stdenv.mkDerivation rec {
+  name = "cairo-${version}";
 
   src = fetchurl {
-    url = "http://cairographics.org/releases/${name}.tar.xz";
-    sha256 = "02banr0wxckq62nbhc3mqidfdh2q956i2r7w2hd9bjgjb238g1vy";
+    url = "http://cairographics.org/${if stdenv.lib.mod (builtins.fromJSON (stdenv.lib.versions.minor version)) 2 == 0 then "releases" else "snapshots"}/${name}.tar.xz";
+    sha256 = "14l3jll98pjdlpm8f972v0spzcsf6y5nz85y2k8iybyg6ihj5jk2";
   };
 
-  patches = [
-    # from https://bugs.freedesktop.org/show_bug.cgi?id=98165
-    (fetchpatch {
-      name = "cairo-CVE-2016-9082.patch";
-      url = "https://bugs.freedesktop.org/attachment.cgi?id=127421";
-      sha256 = "03sfyaclzlglip4pvfjb4zj4dmm8mlphhxl30mb6giinkc74bfri";
-    })
-  ];
-
   outputs = [ "out" "dev" "devdoc" ];
   outputBin = "dev"; # very small
 
@@ -80,6 +72,8 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
+  doCheck = false; # fails
+
   postInstall = stdenv.lib.optionalString stdenv.isDarwin glib.flattenInclude;
 
   meta = with stdenv.lib; {
diff --git a/pkgs/development/libraries/celt/generic.nix b/pkgs/development/libraries/celt/generic.nix
index 9d861f2c432..6bf7975034b 100644
--- a/pkgs/development/libraries/celt/generic.nix
+++ b/pkgs/development/libraries/celt/generic.nix
@@ -16,6 +16,8 @@ stdenv.mkDerivation rec {
   buildInputs = []
     ++ stdenv.lib.optional liboggSupport libogg;
 
+  doCheck = false; # fails
+
   meta = with stdenv.lib; {
     description = "Ultra-low delay audio codec";
     homepage    = http://www.celt-codec.org/;
diff --git a/pkgs/development/libraries/ctpp2/default.nix b/pkgs/development/libraries/ctpp2/default.nix
index bb1d4458f50..bf57bab2f22 100644
--- a/pkgs/development/libraries/ctpp2/default.nix
+++ b/pkgs/development/libraries/ctpp2/default.nix
@@ -16,6 +16,8 @@ stdenv.mkDerivation rec {
     sed -ie 's/<stdlib.h>/<stdlib.h>\n#include <unistd.h>/' src/CTPP2FileSourceLoader.cpp
   '';
 
+  doCheck = false; # fails
+
   meta = {
     description = "A high performance templating engine";
     homepage = http://ctpp.havoc.ru;
diff --git a/pkgs/development/libraries/db/generic.nix b/pkgs/development/libraries/db/generic.nix
index 4a11c2b9893..d4398692a4e 100644
--- a/pkgs/development/libraries/db/generic.nix
+++ b/pkgs/development/libraries/db/generic.nix
@@ -20,6 +20,8 @@ stdenv.mkDerivation (rec {
 
   patches = extraPatches;
 
+  outputs = [ "out" "lib" ];
+
   configureFlags =
     [
       (if cxxSupport then "--enable-cxx" else "--disable-cxx")
diff --git a/pkgs/development/libraries/dbus-glib/default.nix b/pkgs/development/libraries/dbus-glib/default.nix
index 4d27552d735..c8bc96f80fd 100644
--- a/pkgs/development/libraries/dbus-glib/default.nix
+++ b/pkgs/development/libraries/dbus-glib/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, pkgconfig, expat, gettext, libiconv, dbus, glib }:
 
 stdenv.mkDerivation rec {
-  name = "dbus-glib-0.108";
+  name = "dbus-glib-0.110";
 
   src = fetchurl {
     url = "${meta.homepage}/releases/dbus-glib/${name}.tar.gz";
-    sha256 = "0b307hw9j41npzr6niw1bs6ryp87m5yafg492gqwvsaj4dz0qd4z";
+    sha256 = "09g8swvc95bk1z6j8sw463p2v0dqmgm2zjfndf7i8sbcyq67dr3w";
   };
 
   outputs = [ "out" "dev" "devdoc" ];
@@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
     configureFlagsArray+=("--exec-prefix=$dev")
   '';
 
-  doCheck = true;
+  doCheck = false;
 
   passthru = { inherit dbus glib; };
 
diff --git a/pkgs/development/libraries/dbus/default.nix b/pkgs/development/libraries/dbus/default.nix
index 55484b85a8e..4f6bd829099 100644
--- a/pkgs/development/libraries/dbus/default.nix
+++ b/pkgs/development/libraries/dbus/default.nix
@@ -6,8 +6,8 @@ assert x11Support -> libX11 != null
                   && libSM != null;
 
 let
-  version = "1.12.6";
-  sha256 = "05picaq8j60wlwyi84qvw5liw3nd0cws9va3krnc3pms0wm906v2";
+  version = "1.12.8";
+  sha256 = "1cvfi7jiby12h0f5gbysphhk99m6mch87ab3cqxkj0w36gkrkp72";
 
 self = stdenv.mkDerivation {
     name = "dbus-${version}";
diff --git a/pkgs/development/libraries/eigen/default.nix b/pkgs/development/libraries/eigen/default.nix
index 5869276a797..4e1559e5c73 100644
--- a/pkgs/development/libraries/eigen/default.nix
+++ b/pkgs/development/libraries/eigen/default.nix
@@ -5,19 +5,21 @@ let
 in
 stdenv.mkDerivation {
   name = "eigen-${version}";
-  
+
   src = fetchurl {
     url = "http://bitbucket.org/eigen/eigen/get/${version}.tar.gz";
     name = "eigen-${version}.tar.gz";
     sha256 = "00l52y7m276gh8wjkqqcxz6x687azrm7a70s3iraxnpy9bxa9y04";
   };
-  
+
   nativeBuildInputs = [ cmake ];
 
+  doCheck = false; # a couple of tests fail with "Child aborted"
+
   postInstall = ''
     sed -e '/Cflags:/s@''${prefix}/@@' -i "$out"/share/pkgconfig/eigen3.pc
   '';
-  
+
   meta = with stdenv.lib; {
     description = "C++ template library for linear algebra: vectors, matrices, and related algorithms";
     license = licenses.lgpl3Plus;
diff --git a/pkgs/development/libraries/enchant/2.x.nix b/pkgs/development/libraries/enchant/2.x.nix
index 458b23c33e9..8b559bd03c8 100644
--- a/pkgs/development/libraries/enchant/2.x.nix
+++ b/pkgs/development/libraries/enchant/2.x.nix
@@ -17,6 +17,8 @@ in stdenv.mkDerivation rec {
   buildInputs = [ glib hunspell ];
   propagatedBuildInputs = [ hspell aspell ]; # libtool puts it to la file
 
+  doCheck = false; # fails to compile with with "UnitTest++.h: No such file or directory"
+
   meta = with stdenv.lib; {
     description = "Generic spell checking library";
     homepage = https://abiword.github.io/enchant/;
diff --git a/pkgs/development/libraries/epoxy/default.nix b/pkgs/development/libraries/epoxy/default.nix
index e0f8e9ff8c7..cc62b2776ed 100644
--- a/pkgs/development/libraries/epoxy/default.nix
+++ b/pkgs/development/libraries/epoxy/default.nix
@@ -6,13 +6,13 @@ with stdenv.lib;
 
 stdenv.mkDerivation rec {
   name = "epoxy-${version}";
-  version = "1.5.0";
+  version = "1.5.1";
 
   src = fetchFromGitHub {
     owner = "anholt";
     repo = "libepoxy";
     rev = "${version}";
-    sha256 = "1ixpqb10pmdy3n9nxd5inflig9dal5502ggadcns5b58j6jr0yv0";
+    sha256 = "1811agxr7g9wd832np8sw152j468kg3qydmfkc564v54ncfcgaci";
   };
 
   outputs = [ "out" "dev" ];
@@ -29,6 +29,8 @@ stdenv.mkDerivation rec {
 
   NIX_CFLAGS_COMPILE = ''-DLIBGL_PATH="${getLib libGL}/lib"'';
 
+  doCheck = false; # needs X11
+
   meta = {
     description = "A library for handling OpenGL function pointer management";
     homepage = https://github.com/anholt/libepoxy;
diff --git a/pkgs/development/libraries/ffmpeg-full/default.nix b/pkgs/development/libraries/ffmpeg-full/default.nix
index d2ef075beee..6fd8bfc3e19 100644
--- a/pkgs/development/libraries/ffmpeg-full/default.nix
+++ b/pkgs/development/libraries/ffmpeg-full/default.nix
@@ -249,7 +249,10 @@ stdenv.mkDerivation rec {
       --replace /usr/local/lib/frei0r-1 ${frei0r}/lib/frei0r-1
   '';
 
+  configurePlatforms = [];
   configureFlags = [
+    "--target_os=${hostPlatform.parsed.kernel.name}"
+    "--arch=${hostPlatform.parsed.cpu.name}"
     /*
      *  Licensing flags
      */
@@ -371,8 +374,6 @@ stdenv.mkDerivation rec {
     #(enableFeature quvi "libquvi")
     (enableFeature (rtmpdump != null) "librtmp")
     #(enableFeature (schroedinger != null) "libschroedinger")
-    #(enableFeature (shine != null) "libshine")
-    (enableFeature (samba != null && gplLicensing && version3Licensing) "libsmbclient")
     (enableFeature (SDL2 != null) "sdl2")
     (enableFeature (soxr != null) "libsoxr")
     (enableFeature (speex != null) "libspeex")
@@ -396,6 +397,9 @@ stdenv.mkDerivation rec {
     (enableFeature optimizationsDeveloper "optimizations")
     (enableFeature extraWarningsDeveloper "extra-warnings")
     (enableFeature strippingDeveloper "stripping")
+  ] ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
+    "--cross-prefix=${stdenv.cc.targetPrefix}"
+    "--enable-cross-compile"
   ];
 
   nativeBuildInputs = [ perl pkgconfig texinfo yasm ];
@@ -432,21 +436,8 @@ stdenv.mkDerivation rec {
     done
   '';
 
-
   enableParallelBuilding = true;
 
-  /* Cross-compilation is untested, consider this an outline, more work
-     needs to be done to portions of the build to get it to work correctly */
-  crossAttrs = {
-    configurePlatforms = [];
-    configureFlags = configureFlags ++ [
-      "--cross-prefix=${stdenv.cc.targetPrefix}"
-      "--enable-cross-compile"
-      "--target_os=${hostPlatform.parsed.kernel.name}"
-      "--arch=${hostPlatform.parsed.cpu.name}"
-    ];
-  };
-
   meta = with stdenv.lib; {
     description = "A complete, cross-platform solution to record, convert and stream audio and video";
     homepage = https://www.ffmpeg.org/;
diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix
index c5de220eaad..270e9605582 100644
--- a/pkgs/development/libraries/ffmpeg/generic.nix
+++ b/pkgs/development/libraries/ffmpeg/generic.nix
@@ -79,7 +79,10 @@ stdenv.mkDerivation rec {
     ++ optional (reqMin "1.0") "doc" ; # just dev-doc
   setOutputFlags = false; # doesn't accept all and stores configureFlags in libs!
 
+  configurePlatforms = [];
   configureFlags = [
+      "--arch=${hostPlatform.parsed.cpu.name}"
+      "--target_os=${hostPlatform.parsed.kernel.name}"
     # License
       "--enable-gpl"
       "--enable-version3"
@@ -145,6 +148,9 @@ stdenv.mkDerivation rec {
       "--disable-stripping"
     # Disable mmx support for 0.6.90
       (verFix null "0.6.90" "--disable-mmx")
+  ] ++ optionals (stdenv.hostPlatform == stdenv.buildPlatform) [
+      "--cross-prefix=${stdenv.cc.targetPrefix}"
+      "--enable-cross-compile"
   ] ++ optional stdenv.cc.isClang "--cc=clang";
 
   nativeBuildInputs = [ perl pkgconfig texinfo yasm ];
@@ -160,26 +166,15 @@ stdenv.mkDerivation rec {
     ++ optional vdpauSupport libvdpau
     ++ optional sdlSupport (if reqMin "3.2" then SDL2 else SDL);
 
-
   enableParallelBuilding = true;
 
+  doCheck = false; # fails
+
   postFixup = ''
     moveToOutput bin "$bin"
     moveToOutput share/ffmpeg/examples "$doc"
   '';
 
-  /* Cross-compilation is untested, consider this an outline, more work
-     needs to be done to portions of the build to get it to work correctly */
-  crossAttrs = {
-    configurePlatforms = [];
-    configureFlags = configureFlags ++ [
-      "--cross-prefix=${stdenv.cc.targetPrefix}"
-      "--enable-cross-compile"
-      "--target_os=${hostPlatform.parsed.kernel.name}"
-      "--arch=${hostPlatform.parsed.cpu.name}"
-    ];
-  };
-
   installFlags = [ "install-man" ];
 
   passthru = {
diff --git a/pkgs/development/libraries/fontconfig/2.10.nix b/pkgs/development/libraries/fontconfig/2.10.nix
index 5fb0ea4429e..6f711341fad 100644
--- a/pkgs/development/libraries/fontconfig/2.10.nix
+++ b/pkgs/development/libraries/fontconfig/2.10.nix
@@ -17,23 +17,13 @@ stdenv.mkDerivation rec {
   buildInputs = [ expat ];
 
   configureFlags = [
+    "--with-arch=${hostPlatform.parsed.cpu.name}"
     "--sysconfdir=/etc"
     "--with-cache-dir=/var/cache/fontconfig"
     "--disable-docs"
     "--with-default-fonts="
   ];
 
-  # We should find a better way to access the arch reliably.
-  crossArch = if stdenv.hostPlatform != stdenv.buildPlatform
-    then hostPlatform.parsed.cpu.name
-    else null;
-
-  preConfigure = ''
-    if test -n "$crossConfig"; then
-      configureFlags="$configureFlags --with-arch=$crossArch";
-    fi
-  '';
-
   enableParallelBuilding = true;
 
   doCheck = true;
diff --git a/pkgs/development/libraries/fontconfig/default.nix b/pkgs/development/libraries/fontconfig/default.nix
index a4f6fe007d0..4d0b1a7f115 100644
--- a/pkgs/development/libraries/fontconfig/default.nix
+++ b/pkgs/development/libraries/fontconfig/default.nix
@@ -40,23 +40,13 @@ stdenv.mkDerivation rec {
   buildInputs = [ expat ];
 
   configureFlags = [
+    "--with-arch=${hostPlatform.parsed.cpu.name}"
     "--with-cache-dir=/var/cache/fontconfig" # otherwise the fallback is in $out/
     "--disable-docs"
     # just <1MB; this is what you get when loading config fails for some reason
     "--with-default-fonts=${dejavu_fonts.minimal}"
   ];
 
-  # We should find a better way to access the arch reliably.
-  crossArch = if stdenv.hostPlatform != stdenv.buildPlatform
-    then hostPlatform.parsed.cpu.name
-    else null;
-
-  preConfigure = ''
-    if test -n "$crossConfig"; then
-      configureFlags="$configureFlags --with-arch=$crossArch";
-    fi
-  '';
-
   enableParallelBuilding = true;
 
   doCheck = true;
diff --git a/pkgs/development/libraries/gdk-pixbuf/default.nix b/pkgs/development/libraries/gdk-pixbuf/default.nix
index 069b78f6bca..f1e73a77bea 100644
--- a/pkgs/development/libraries/gdk-pixbuf/default.nix
+++ b/pkgs/development/libraries/gdk-pixbuf/default.nix
@@ -1,40 +1,74 @@
-{ stdenv, fetchurl, pkgconfig, glib, libtiff, libjpeg, libpng, libX11, gnome3
-, jasper, gobjectIntrospection, doCheck ? false }:
+{ stdenv, fetchurl, fetchgit, fetchpatch, meson, ninja, pkgconfig, gettext, python3, libxml2, libxslt, docbook_xsl
+, docbook_xml_dtd_43, gtk-doc, glib, libtiff, libjpeg, libpng, libX11, gnome3
+, jasper, gobjectIntrospection, doCheck ? false, makeWrapper }:
 
 let
   pname = "gdk-pixbuf";
-  version = "2.36.7";
-  # TODO: since 2.36.8 gdk-pixbuf gets configured to use mime-type sniffing,
-  # which apparently requires access to shared-mime-info files during runtime.
+  version = "2.36.12";
 in
 stdenv.mkDerivation rec {
   name = "${pname}-${version}";
 
-  src = fetchurl {
-    url = "mirror://gnome/sources/${pname}/${gnome3.versionBranch version}/${name}.tar.xz";
-    sha256 = "1b6e5eef09d98f05f383014ecd3503e25dfb03d7e5b5f5904e5a65b049a6a4d8";
+  # TODO: Change back once tests/bug753605-atsize.jpg is part of the dist tarball
+  # src = fetchurl {
+  #   url = "mirror://gnome/sources/${pname}/${gnome3.versionBranch version}/${name}.tar.xz";
+  #   sha256 = "0d534ysa6n9prd17wwzisq7mj6qkhwh8wcf8qgin1ar3hbs5ry7z";
+  # };
+  src = fetchgit {
+    url = https://git.gnome.org/browse/gdk-pixbuf;
+    rev = version;
+    sha256 = "18lwqg63vyap2m1mw049rnb8fm869429xbf7636a2n21gs3d3jwv";
   };
 
-  outputs = [ "out" "dev" "devdoc" ];
+  patches = [
+    # TODO: since 2.36.8 gdk-pixbuf gets configured to use mime-type sniffing,
+    # which requires access to shared-mime-info files during runtime.
+    # For now, we are patching the build script to avoid the dependency.
+    ./no-mime-sniffing.patch
 
-  setupHook = ./setup-hook.sh;
+    # Fix installed tests with meson
+    # https://bugzilla.gnome.org/show_bug.cgi?id=795527
+    (fetchurl {
+      url = https://bugzilla.gnome.org/attachment.cgi?id=371381;
+      sha256 = "0nl1cixkjfa5kcfh0laz8h6hdsrpdkxqn7a1k35jrb6zwc9hbydn";
+    })
+
+    # Add missing test file bug753605-atsize.jpg
+    (fetchpatch {
+      url = https://git.gnome.org/browse/gdk-pixbuf/patch/?id=87f8f4bf01dfb9982c1ef991e4060a5e19fdb7a7;
+      sha256 = "1slzywwnrzfx3zjzdsxrvp4g2q4skmv50pdfmyccp41j7bfyb2j0";
+    })
 
-  enableParallelBuilding = true;
+    # Move installed tests to a separate output
+    ./installed-tests-path.patch
+  ];
+
+  outputs = [ "out" "dev" "man" "devdoc" "installedTests" ];
+
+  setupHook = ./setup-hook.sh;
 
   # !!! We might want to factor out the gdk-pixbuf-xlib subpackage.
-  buildInputs = [ libX11 gobjectIntrospection ];
+  buildInputs = [ libX11 ];
 
-  nativeBuildInputs = [ pkgconfig ];
+  nativeBuildInputs = [
+    meson ninja pkgconfig gettext python3 libxml2 libxslt docbook_xsl docbook_xml_dtd_43
+    gtk-doc gobjectIntrospection makeWrapper
+  ];
 
   propagatedBuildInputs = [ glib libtiff libjpeg libpng jasper ];
 
-  configureFlags = "--with-libjasper --with-x11"
-    + stdenv.lib.optionalString (gobjectIntrospection != null) " --enable-introspection=yes"
-    ;
+  mesonFlags = [
+    "-Ddocs=true"
+    "-Djasper=true"
+    "-Dx11=true"
+    "-Dgir=${if gobjectIntrospection != null then "true" else "false"}"
+  ];
+
+  postPatch = ''
+    chmod +x build-aux/* # patchShebangs only applies to executables
+    patchShebangs build-aux
 
-  # on darwin, tests don't link
-  preBuild = stdenv.lib.optionalString (stdenv.isDarwin && !doCheck) ''
-    substituteInPlace Makefile --replace "docs tests" "docs"
+    substituteInPlace tests/meson.build --subst-var-by installedtestsprefix "$installedTests"
   '';
 
   postInstall =
@@ -42,10 +76,13 @@ stdenv.mkDerivation rec {
     ''
       moveToOutput "bin" "$dev"
       moveToOutput "bin/gdk-pixbuf-thumbnailer" "$out"
+
+      # We need to install 'loaders.cache' in lib/gdk-pixbuf-2.0/2.10.0/
+      $dev/bin/gdk-pixbuf-query-loaders --update-cache
     '';
 
   # The tests take an excessive amount of time (> 1.5 hours) and memory (> 6 GB).
-  inherit (doCheck);
+  inherit doCheck;
 
   passthru = {
     updateScript = gnome3.updateScript {
diff --git a/pkgs/development/libraries/gdk-pixbuf/installed-tests-path.patch b/pkgs/development/libraries/gdk-pixbuf/installed-tests-path.patch
new file mode 100644
index 00000000000..1da2b0a10dc
--- /dev/null
+++ b/pkgs/development/libraries/gdk-pixbuf/installed-tests-path.patch
@@ -0,0 +1,13 @@
+--- a/tests/meson.build
++++ b/tests/meson.build
+@@ -85,8 +85,8 @@
+   'aero.gif',
+ ]
+ 
+-installed_test_bindir = join_paths(gdk_pixbuf_libexecdir, 'installed-tests', meson.project_name())
+-installed_test_datadir = join_paths(gdk_pixbuf_datadir, 'installed-tests', meson.project_name())
++installed_test_bindir = join_paths('@installedtestsprefix@', 'libexec', 'installed-tests', meson.project_name())
++installed_test_datadir = join_paths('@installedtestsprefix@', 'share', 'installed-tests', meson.project_name())
+ 
+ install_data(test_data, install_dir: installed_test_bindir)
+ install_subdir('test-images', install_dir: installed_test_bindir)
diff --git a/pkgs/development/libraries/gdk-pixbuf/no-mime-sniffing.patch b/pkgs/development/libraries/gdk-pixbuf/no-mime-sniffing.patch
new file mode 100644
index 00000000000..9896e25acda
--- /dev/null
+++ b/pkgs/development/libraries/gdk-pixbuf/no-mime-sniffing.patch
@@ -0,0 +1,18 @@
+--- a/meson.build
++++ b/meson.build
+@@ -186,13 +186,8 @@
+ gmodule_dep = dependency('gmodule-no-export-2.0')
+ gio_dep = dependency('gio-2.0')
+ 
+-# On non-Windows/macOS systems we always required shared-mime-info and GIO
+-if host_system != 'windows' and host_system != 'darwin'
+-  shared_mime_dep = dependency('shared-mime-info')
+-  gdk_pixbuf_conf.set('GDK_PIXBUF_USE_GIO_MIME', 1)
+-else
+-  shared_mime_dep = []
+-endif
++# No MIME sniffing for now
++shared_mime_dep = []
+ 
+ gdk_pixbuf_deps = [ mathlib_dep, gobject_dep, gmodule_dep, gio_dep, shared_mime_dep ]
+ 
diff --git a/pkgs/development/libraries/gegl/default.nix b/pkgs/development/libraries/gegl/default.nix
index 8c93428a078..d2987be6a3d 100644
--- a/pkgs/development/libraries/gegl/default.nix
+++ b/pkgs/development/libraries/gegl/default.nix
@@ -25,6 +25,8 @@ stdenv.mkDerivation rec {
 
   nativeBuildInputs = [ pkgconfig ];
 
+  doCheck = false; # fails 3 out of 19 tests
+
   meta = {
     description = "Graph-based image processing framework";
     homepage = http://www.gegl.org;
diff --git a/pkgs/development/libraries/geoclue/2.0.nix b/pkgs/development/libraries/geoclue/2.0.nix
index 495a113391e..4d348c92171 100644
--- a/pkgs/development/libraries/geoclue/2.0.nix
+++ b/pkgs/development/libraries/geoclue/2.0.nix
@@ -5,11 +5,11 @@
 with stdenv.lib;
 
 stdenv.mkDerivation rec {
-  name = "geoclue-2.4.7";
+  name = "geoclue-2.4.8";
 
   src = fetchurl {
     url = "http://www.freedesktop.org/software/geoclue/releases/2.4/${name}.tar.xz";
-    sha256 = "19hfmr8fa1js8ynazdyjxlyrqpjn6m1719ay70ilga4rayxrcyyi";
+    sha256 = "08yg1r7m0n9hwyvcy769qkmkf8lslqwv69cjfffwnc3zm5km25qj";
   };
 
   outputs = [ "out" "dev" ];
diff --git a/pkgs/development/libraries/gettext/default.nix b/pkgs/development/libraries/gettext/default.nix
index 6dec7747c7e..a7c79ee600e 100644
--- a/pkgs/development/libraries/gettext/default.nix
+++ b/pkgs/development/libraries/gettext/default.nix
@@ -48,7 +48,10 @@ stdenv.mkDerivation rec {
   # HACK, see #10874 (and 14664)
   buildInputs = stdenv.lib.optional (!stdenv.isLinux && !hostPlatform.isCygwin) libiconv;
 
-  setupHook = ./gettext-setup-hook.sh;
+  setupHooks = [
+    ../../../build-support/setup-hooks/role.bash
+    ./gettext-setup-hook.sh
+  ];
   gettextNeedsLdflags = hostPlatform.libc != "glibc" && !hostPlatform.isMusl;
 
   enableParallelBuilding = true;
diff --git a/pkgs/development/libraries/gettext/gettext-setup-hook.sh b/pkgs/development/libraries/gettext/gettext-setup-hook.sh
index 074d313e48a..0a6bc0dd253 100644
--- a/pkgs/development/libraries/gettext/gettext-setup-hook.sh
+++ b/pkgs/development/libraries/gettext/gettext-setup-hook.sh
@@ -1,6 +1,8 @@
 gettextDataDirsHook() {
+    # See pkgs/build-support/setup-hooks/role.bash
+    getHostRoleEnvHook
     if [ -d "$1/share/gettext" ]; then
-        addToSearchPath GETTEXTDATADIRS "$1/share/gettext"
+        addToSearchPath "GETTEXTDATADIRS${role_post}" "$1/share/gettext"
     fi
 }
 
@@ -8,21 +10,8 @@ addEnvHooks "$hostOffset" gettextDataDirsHook
 
 # libintl must be listed in load flags on non-Glibc
 # it doesn't hurt to have it in Glibc either though
-gettextLdflags() {
-    # The `depHostOffset` describes how the host platform of the dependencies
-    # are slid relative to the depending package. It is brought into scope of
-    # the environment hook defined as the role of the dependency being applied.
-    case $depHostOffset in
-        -1) local role='BUILD_' ;;
-        0)  local role='' ;;
-        1)  local role='TARGET_' ;;
-        *)  echo "cc-wrapper: Error: Cannot be used with $depHostOffset-offset deps" >2;
-            return 1 ;;
-    esac
-
-    export NIX_${role}LDFLAGS+=" -lintl"
-}
-
 if [ ! -z "@gettextNeedsLdflags@" ]; then
-    addEnvHooks "$hostOffset" gettextLdflags
+    # See pkgs/build-support/setup-hooks/role.bash
+    getHostRole
+    export NIX_${role_pre}LDFLAGS+=" -lintl"
 fi
diff --git a/pkgs/development/libraries/git2/0.25.nix b/pkgs/development/libraries/git2/0.25.nix
index 9743b82a14a..6bb1de2cf34 100644
--- a/pkgs/development/libraries/git2/0.25.nix
+++ b/pkgs/development/libraries/git2/0.25.nix
@@ -25,6 +25,8 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
+  doCheck = false; # hangs. or very expensive?
+
   meta = {
     description = "The Git linkable library";
     homepage = https://libgit2.github.com/;
diff --git a/pkgs/development/libraries/git2/default.nix b/pkgs/development/libraries/git2/default.nix
index c0659a79fd3..2da1a9ba2a6 100644
--- a/pkgs/development/libraries/git2/default.nix
+++ b/pkgs/development/libraries/git2/default.nix
@@ -26,6 +26,8 @@ stdenv.mkDerivation (rec {
 
   enableParallelBuilding = true;
 
+  doCheck = false; # hangs. or very expensive?
+
   meta = with stdenv.lib; {
     description = "The Git linkable library";
     homepage = https://libgit2.github.com/;
diff --git a/pkgs/development/libraries/glib/default.nix b/pkgs/development/libraries/glib/default.nix
index 403f0e8aa99..ac921227740 100644
--- a/pkgs/development/libraries/glib/default.nix
+++ b/pkgs/development/libraries/glib/default.nix
@@ -65,7 +65,7 @@ stdenv.mkDerivation rec {
     ++ optionals stdenv.isLinux [ utillinuxMinimal ] # for libmount
     ++ optionals doCheck [ tzdata libxml2 desktop-file-utils shared-mime-info ];
 
-  nativeBuildInputs = [ pkgconfig perl python ];
+  nativeBuildInputs = [ pkgconfig perl python gettext ];
 
   propagatedBuildInputs = [ zlib libffi gettext libiconv ];
 
diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix
index 6c7ce8ba16f..5c504d0d8e2 100644
--- a/pkgs/development/libraries/glibc/common.nix
+++ b/pkgs/development/libraries/glibc/common.nix
@@ -188,6 +188,8 @@ stdenv.mkDerivation ({
 
   preBuild = lib.optionalString withGd "unset NIX_DONT_SET_RPATH";
 
+  doCheck = false; # fails
+
   meta = {
     homepage = http://www.gnu.org/software/libc/;
     description = "The GNU C Library";
diff --git a/pkgs/development/libraries/gobject-introspection/default.nix b/pkgs/development/libraries/gobject-introspection/default.nix
index f79511897fb..f5ab5005bad 100644
--- a/pkgs/development/libraries/gobject-introspection/default.nix
+++ b/pkgs/development/libraries/gobject-introspection/default.nix
@@ -49,6 +49,8 @@ stdenv.mkDerivation rec {
       cairoLib = "${getLib cairo}/lib";
     });
 
+  doCheck = false; # fails
+
   passthru = {
     updateScript = gnome3.updateScript {
       packageName = pname;
diff --git a/pkgs/development/libraries/grantlee/5/default.nix b/pkgs/development/libraries/grantlee/5/default.nix
index 3eed4f0c2e2..aa670cd4c86 100644
--- a/pkgs/development/libraries/grantlee/5/default.nix
+++ b/pkgs/development/libraries/grantlee/5/default.nix
@@ -31,6 +31,8 @@ mkDerivation rec {
 
   setupHook = ./setup-hook.sh;
 
+  doCheck = false; # fails all the tests (ctest)
+
   meta = with lib; {
     description = "Qt5 port of Django template system";
     longDescription = ''
diff --git a/pkgs/development/libraries/gstreamer/bad/default.nix b/pkgs/development/libraries/gstreamer/bad/default.nix
index de1a3700cc2..122285da99e 100644
--- a/pkgs/development/libraries/gstreamer/bad/default.nix
+++ b/pkgs/development/libraries/gstreamer/bad/default.nix
@@ -70,4 +70,9 @@ stdenv.mkDerivation rec {
     ++ optional (!stdenv.isDarwin) wildmidi
     # TODO: mjpegtools uint64_t is not compatible with guint64 on Darwin
     ++ optional (!stdenv.isDarwin) mjpegtools;
+
+  enableParallelBuilding = true;
+
+  doCheck = false; # fails 20 out of 58 tests, expensive
+
 }
diff --git a/pkgs/development/libraries/gstreamer/base/default.nix b/pkgs/development/libraries/gstreamer/base/default.nix
index 39cf57ec525..dfd3383cdba 100644
--- a/pkgs/development/libraries/gstreamer/base/default.nix
+++ b/pkgs/development/libraries/gstreamer/base/default.nix
@@ -1,7 +1,7 @@
 { stdenv, fetchurl, fetchpatch, lib
 , pkgconfig, meson, ninja, gettext, gobjectIntrospection
 , python, gstreamer, orc, pango, libtheora, libvisual
-, libintl
+, libintl, libopus
 , enableX11 ? stdenv.isLinux, libXv
 , enableWayland ? stdenv.isLinux, wayland
 , enableAlsa ? stdenv.isLinux, alsaLib
@@ -42,7 +42,7 @@ stdenv.mkDerivation rec {
   # Introspection fails on my MacBook currently
   ++ lib.optional stdenv.isDarwin "--disable-introspection";
 
-  buildInputs = [ orc libtheora libintl ]
+  buildInputs = [ orc libtheora libintl libopus ]
     ++ lib.optional enableAlsa alsaLib
     ++ lib.optionals enableX11 [ libXv pango ]
     ++ lib.optional enableWayland wayland
diff --git a/pkgs/development/libraries/gtk+/2.x.nix b/pkgs/development/libraries/gtk+/2.x.nix
index d35e47f312f..9731280dedd 100644
--- a/pkgs/development/libraries/gtk+/2.x.nix
+++ b/pkgs/development/libraries/gtk+/2.x.nix
@@ -49,6 +49,8 @@ stdenv.mkDerivation rec {
     "--disable-visibility"
   ];
 
+  doCheck = false; # needs X11
+
   postInstall = ''
     moveToOutput share/gtk-2.0/demo "$devdoc"
     # The updater is needed for nixos env and it's tiny.
diff --git a/pkgs/development/libraries/gtk+/3.x.nix b/pkgs/development/libraries/gtk+/3.x.nix
index dc6a519dfad..0a9513b0fc4 100644
--- a/pkgs/development/libraries/gtk+/3.x.nix
+++ b/pkgs/development/libraries/gtk+/3.x.nix
@@ -63,6 +63,8 @@ stdenv.mkDerivation rec {
     "--enable-wayland-backend"
   ];
 
+  doCheck = false; # needs X11
+
   postInstall = optionalString (!stdenv.isDarwin) ''
     substituteInPlace "$out/lib/gtk-3.0/3.0.0/printbackends/libprintbackend-cups.la" \
       --replace '-L${gmp.dev}/lib' '-L${gmp.out}/lib'
diff --git a/pkgs/development/libraries/gts/default.nix b/pkgs/development/libraries/gts/default.nix
index 770f743fd26..d0da7f8cef6 100644
--- a/pkgs/development/libraries/gts/default.nix
+++ b/pkgs/development/libraries/gts/default.nix
@@ -13,6 +13,8 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [ pkgconfig ];
   buildInputs = [ glib gettext ];
 
+  doCheck = false; # fails with "permission denied"
+
   meta = {
     homepage = http://gts.sourceforge.net/;
     license = stdenv.lib.licenses.lgpl2Plus;
diff --git a/pkgs/development/libraries/id3lib/default.nix b/pkgs/development/libraries/id3lib/default.nix
index 199ac7c902b..dda1435c1da 100644
--- a/pkgs/development/libraries/id3lib/default.nix
+++ b/pkgs/development/libraries/id3lib/default.nix
@@ -9,12 +9,14 @@ stdenv.mkDerivation {
   ];
 
   buildInputs = [ zlib ];
-  
+
   src = fetchurl {
     url = mirror://sourceforge/id3lib/id3lib-3.8.3.tar.gz;
     sha256 = "0yfhqwk0w8q2hyv1jib1008jvzmwlpsxvc8qjllhna6p1hycqj97";
   };
 
+  doCheck = false; # fails to compile
+
   meta = {
     platforms = stdenv.lib.platforms.unix;
   };
diff --git a/pkgs/development/libraries/jasper/default.nix b/pkgs/development/libraries/jasper/default.nix
index d374c935a2a..bc18a13884b 100644
--- a/pkgs/development/libraries/jasper/default.nix
+++ b/pkgs/development/libraries/jasper/default.nix
@@ -30,6 +30,8 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
+  doCheck = false; # fails
+
   postInstall = ''
     moveToOutput bin "$bin"
   '';
diff --git a/pkgs/development/libraries/kerberos/krb5.nix b/pkgs/development/libraries/kerberos/krb5.nix
index 98073b7bbdc..d705aa3388f 100644
--- a/pkgs/development/libraries/kerberos/krb5.nix
+++ b/pkgs/development/libraries/kerberos/krb5.nix
@@ -62,6 +62,7 @@ stdenv.mkDerivation rec {
   '';
 
   enableParallelBuilding = true;
+  doCheck = false; # fails with "No suitable file for testing purposes"
 
   meta = {
     description = "MIT Kerberos 5";
diff --git a/pkgs/development/libraries/lcms/default.nix b/pkgs/development/libraries/lcms/default.nix
index 3e4f0d4265f..63c81822ddf 100644
--- a/pkgs/development/libraries/lcms/default.nix
+++ b/pkgs/development/libraries/lcms/default.nix
@@ -12,6 +12,8 @@ stdenv.mkDerivation {
 
   outputs = [ "bin" "dev" "out" "man" ];
 
+  doCheck = false; # fails with "Error in Linear interpolation (2p): Must be i=8000, But is n=8001"
+
   meta = {
     description = "Color management engine";
     homepage = http://www.littlecms.com/;
diff --git a/pkgs/development/libraries/ldns/default.nix b/pkgs/development/libraries/ldns/default.nix
index 6c2a8f84d23..e9d81d3ab78 100644
--- a/pkgs/development/libraries/ldns/default.nix
+++ b/pkgs/development/libraries/ldns/default.nix
@@ -40,6 +40,9 @@ stdenv.mkDerivation rec {
     "--with-trust-anchor=${dns-root-data}/root.key"
     "--with-drill"
     "--disable-gost"
+  ] ++ stdenv.lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
+    "ac_cv_func_malloc_0_nonnull=yes"
+    "ac_cv_func_realloc_0_nonnull=yes"
   ];
 
   postInstall = ''
diff --git a/pkgs/development/libraries/libappindicator/default.nix b/pkgs/development/libraries/libappindicator/default.nix
index 6c87588fd3d..71c388be6ea 100644
--- a/pkgs/development/libraries/libappindicator/default.nix
+++ b/pkgs/development/libraries/libappindicator/default.nix
@@ -2,7 +2,7 @@
 
 { stdenv, fetchurl, lib, file
 , pkgconfig, autoconf
-, glib, dbus-glib, gtkVersion
+, glib, dbus-glib, gtkVersion ? "3"
 , gtk2 ? null, libindicator-gtk2 ? null, libdbusmenu-gtk2 ? null
 , gtk3 ? null, libindicator-gtk3 ? null, libdbusmenu-gtk3 ? null
 , python2Packages, gobjectIntrospection, vala
diff --git a/pkgs/development/libraries/libarchive/default.nix b/pkgs/development/libraries/libarchive/default.nix
index e0242802fd3..9a9c3b1fa64 100644
--- a/pkgs/development/libraries/libarchive/default.nix
+++ b/pkgs/development/libraries/libarchive/default.nix
@@ -38,6 +38,8 @@ stdenv.mkDerivation rec {
     echo "#include <windows.h>" >> config.h
   '' else null;
 
+  doCheck = false; # fails
+
   preFixup = ''
     sed -i $lib/lib/libarchive.la \
       -e 's|-lcrypto|-L${openssl.out}/lib -lcrypto|' \
diff --git a/pkgs/development/libraries/libav/default.nix b/pkgs/development/libraries/libav/default.nix
index 85fe902dae0..b726d9c2b42 100644
--- a/pkgs/development/libraries/libav/default.nix
+++ b/pkgs/development/libraries/libav/default.nix
@@ -18,7 +18,7 @@
 
 assert faacSupport -> enableUnfree;
 
-let inherit (stdenv.lib) optional optionals hasPrefix; in
+let inherit (stdenv.lib) optional optionals hasPrefix enableFeature; in
 
 /* ToDo:
     - more deps, inspiration: http://packages.ubuntu.com/raring/libav-tools
@@ -51,29 +51,35 @@ let
       substituteInPlace ./configure --replace "#! /bin/sh" "#!${bash}/bin/sh"
     '';
 
-    configureFlags =
-      assert stdenv.lib.all (x: x!=null) buildInputs;
-    [
+    configurePlatforms = [];
+    configureFlags = assert stdenv.lib.all (x: x!=null) buildInputs; [
+      "--arch=${hostPlatform.parsed.cpu.name}"
+      "--target_os=${hostPlatform.parsed.kernel.name}"
       #"--enable-postproc" # it's now a separate package in upstream
       "--disable-avserver" # upstream says it's in a bad state
       "--enable-avplay"
       "--enable-shared"
       "--enable-runtime-cpudetect"
       "--cc=cc"
-    ]
-      ++ optionals enableGPL [ "--enable-gpl" "--enable-swscale" ]
-      ++ optional mp3Support "--enable-libmp3lame"
-      ++ optional speexSupport "--enable-libspeex"
-      ++ optional theoraSupport "--enable-libtheora"
-      ++ optional vorbisSupport "--enable-libvorbis"
-      ++ optional vpxSupport "--enable-libvpx"
-      ++ optional x264Support "--enable-libx264"
-      ++ optional xvidSupport "--enable-libxvid"
-      ++ optional faacSupport "--enable-libfaac --enable-nonfree"
-      ++ optional vaapiSupport "--enable-vaapi"
-      ++ optional vdpauSupport "--enable-vdpau"
-      ++ optional freetypeSupport "--enable-libfreetype"
-      ;
+      (enableFeature enableGPL "gpl")
+      (enableFeature enableGPL "swscale")
+      (enableFeature mp3Support "libmp3lame")
+      (enableFeature mp3Support "libmp3lame")
+      (enableFeature speexSupport "libspeex")
+      (enableFeature theoraSupport "libtheora")
+      (enableFeature vorbisSupport "libvorbis")
+      (enableFeature vpxSupport "libvpx")
+      (enableFeature x264Support "libx264")
+      (enableFeature xvidSupport "libxvid")
+      (enableFeature faacSupport "libfaac")
+      (enableFeature faacSupport "nonfree")
+      (enableFeature vaapiSupport "vaapi")
+      (enableFeature vdpauSupport "vdpau")
+      (enableFeature freetypeSupport "libfreetype")
+    ] ++ optional (stdenv.hostPlatform != stdenv.buildPlatform) [
+      "--cross-prefix=${stdenv.cc.targetPrefix}"
+      "--enable-cross-compile"
+    ];
 
   nativeBuildInputs = [ pkgconfig perl ];
     buildInputs = [ lame yasm zlib bzip2 SDL bash ]
@@ -112,16 +118,6 @@ let
     doInstallCheck = false; # fails randomly
     installCheckTarget = "check"; # tests need to be run *after* installation
 
-    crossAttrs = {
-      configurePlatforms = [];
-      configureFlags = configureFlags ++ [
-        "--cross-prefix=${stdenv.cc.targetPrefix}"
-        "--enable-cross-compile"
-        "--target_os=linux"
-        "--arch=${hostPlatform.parsed.cpu.name}"
-        ];
-    };
-
     passthru = { inherit vdpauSupport; };
 
     meta = with stdenv.lib; {
diff --git a/pkgs/development/libraries/libcddb/default.nix b/pkgs/development/libraries/libcddb/default.nix
index 6a164ef9055..591369df83f 100644
--- a/pkgs/development/libraries/libcddb/default.nix
+++ b/pkgs/development/libraries/libcddb/default.nix
@@ -10,6 +10,8 @@ stdenv.mkDerivation rec {
 
   buildInputs = stdenv.lib.optional stdenv.isDarwin libiconv;
 
+  doCheck = false; # fails 3 of 5 tests with locale errors
+
   meta = with stdenv.lib; {
     description = "C library to access data on a CDDB server (freedb.org)";
     homepage = http://libcddb.sourceforge.net/;
diff --git a/pkgs/development/libraries/libcue/default.nix b/pkgs/development/libraries/libcue/default.nix
index dbc5f1cf4ec..e50b8a13b95 100644
--- a/pkgs/development/libraries/libcue/default.nix
+++ b/pkgs/development/libraries/libcue/default.nix
@@ -13,6 +13,8 @@ stdenv.mkDerivation rec {
 
   nativeBuildInputs = [ cmake bison flex ];
 
+  doCheck = false; # fails all the tests (ctest)
+
   meta = with stdenv.lib; {
     description = "CUE Sheet Parser Library";
     longDescription = ''
diff --git a/pkgs/development/libraries/libdrm/default.nix b/pkgs/development/libraries/libdrm/default.nix
index 50d9a565a6c..4d1b4e4c3fd 100644
--- a/pkgs/development/libraries/libdrm/default.nix
+++ b/pkgs/development/libraries/libdrm/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, pkgconfig, libpthreadstubs, libpciaccess, valgrind-light }:
 
 stdenv.mkDerivation rec {
-  name = "libdrm-2.4.91";
+  name = "libdrm-2.4.92";
 
   src = fetchurl {
     url = "http://dri.freedesktop.org/libdrm/${name}.tar.bz2";
-    sha256 = "0068dn47c478vm1lyyhy02gilrpsma0xmcblhvs0dzqyrk80wjk3";
+    sha256 = "1yirzx8hmlvv6r0l7lb3zxmgy5la2mri9al0k16xqfg19pdqzr79";
   };
 
   outputs = [ "out" "dev" "bin" ];
diff --git a/pkgs/development/libraries/libdvdcss/default.nix b/pkgs/development/libraries/libdvdcss/default.nix
index 66cb5215a8a..f18e0622d0c 100644
--- a/pkgs/development/libraries/libdvdcss/default.nix
+++ b/pkgs/development/libraries/libdvdcss/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   name = "libdvdcss-${version}";
-  version = "1.4.1";
+  version = "1.4.2";
 
   buildInputs = stdenv.lib.optional stdenv.isDarwin IOKit;
 
   src = fetchurl {
     url = "http://get.videolan.org/libdvdcss/${version}/${name}.tar.bz2";
-    sha256 = "1b7awvyahivglp7qmgx2g5005kc5npv257gw7wxdprjsnx93f1zb";
+    sha256 = "0x957zzpf4w2cp8zlk29prj8i2q6hay3lzdzsyz8y3cwxivyvhkq";
   };
 
   meta = with stdenv.lib; {
diff --git a/pkgs/development/libraries/libevdev/default.nix b/pkgs/development/libraries/libevdev/default.nix
index 5bcb9a1ede2..2ef1d3965ce 100644
--- a/pkgs/development/libraries/libevdev/default.nix
+++ b/pkgs/development/libraries/libevdev/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, python }:
 
 stdenv.mkDerivation rec {
-  name = "libevdev-1.5.8";
+  name = "libevdev-1.5.9";
 
   src = fetchurl {
     url = "https://www.freedesktop.org/software/libevdev/${name}.tar.xz";
-    sha256 = "0vac7n1miqdprikq4g63vsk681q8v416r0nbh2xai7b08qgdi0v0";
+    sha256 = "0xca343ff12wh6nsq76r0nbsfrm8dypjrzm4fqz9vv9v8i8kfrp1";
   };
 
   buildInputs = [ python ];
diff --git a/pkgs/development/libraries/libevent/default.nix b/pkgs/development/libraries/libevent/default.nix
index 871437f1908..b74e64aa849 100644
--- a/pkgs/development/libraries/libevent/default.nix
+++ b/pkgs/development/libraries/libevent/default.nix
@@ -29,6 +29,8 @@ stdenv.mkDerivation rec {
     ++ stdenv.lib.optional stdenv.isDarwin fixDarwinDylibNames
     ;
 
+  doCheck = false; # needs the net
+
   postInstall = stdenv.lib.optionalString sslSupport ''
     moveToOutput "lib/libevent_openssl*" "$openssl"
     substituteInPlace "$dev/lib/pkgconfig/libevent_openssl.pc" \
diff --git a/pkgs/development/libraries/libical/default.nix b/pkgs/development/libraries/libical/default.nix
index 5ba8bb66784..fd9c8dc9a5e 100644
--- a/pkgs/development/libraries/libical/default.nix
+++ b/pkgs/development/libraries/libical/default.nix
@@ -18,6 +18,8 @@ stdenv.mkDerivation rec {
     ./respect-env-tzdir.patch
   ];
 
+  doCheck = false; # fails all the tests (ctest)
+
   meta = with stdenv.lib; {
     homepage = https://github.com/libical/libical;
     description = "An Open Source implementation of the iCalendar protocols";
diff --git a/pkgs/development/libraries/libiconv/default.nix b/pkgs/development/libraries/libiconv/default.nix
index a4e6fed88e1..169a4d38bb5 100644
--- a/pkgs/development/libraries/libiconv/default.nix
+++ b/pkgs/development/libraries/libiconv/default.nix
@@ -14,7 +14,10 @@ stdenv.mkDerivation rec {
     sha256 = "0y1ij745r4p48mxq84rax40p10ln7fc7m243p8k8sia519i3dxfc";
   };
 
-  setupHook = ./setup-hook.sh;
+  setupHooks = [
+    ../../../build-support/setup-hooks/role.bash
+    ./setup-hook.sh
+  ];
 
   postPatch =
     lib.optionalString ((hostPlatform != buildPlatform && hostPlatform.libc == "msvcrt") || stdenv.cc.nativeLibc)
diff --git a/pkgs/development/libraries/libiconv/setup-hook.sh b/pkgs/development/libraries/libiconv/setup-hook.sh
index 78222dddbf1..d20e94513e2 100644
--- a/pkgs/development/libraries/libiconv/setup-hook.sh
+++ b/pkgs/development/libraries/libiconv/setup-hook.sh
@@ -1,18 +1,6 @@
 # libiconv must be listed in load flags on non-Glibc
 # it doesn't hurt to have it in Glibc either though
-iconvLdflags() {
-    # The `depHostOffset` describes how the host platform of the dependencies
-    # are slid relative to the depending package. It is brought into scope of
-    # the environment hook defined as the role of the dependency being applied.
-    case $depHostOffset in
-        -1) local role='BUILD_' ;;
-        0)  local role='' ;;
-        1)  local role='TARGET_' ;;
-        *)  echo "cc-wrapper: Error: Cannot be used with $depHostOffset-offset deps" >2;
-            return 1 ;;
-    esac
 
-    export NIX_${role}LDFLAGS+=" -liconv"
-}
-
-addEnvHooks "$hostOffset" iconvLdflags
+# See pkgs/build-support/setup-hooks/role.bash
+getHostRole
+export NIX_${role_pre}LDFLAGS+=" -liconv"
diff --git a/pkgs/development/libraries/libidn/default.nix b/pkgs/development/libraries/libidn/default.nix
index 54d669f1913..b6f08a9206e 100644
--- a/pkgs/development/libraries/libidn/default.nix
+++ b/pkgs/development/libraries/libidn/default.nix
@@ -1,11 +1,11 @@
 { fetchurl, stdenv, libiconv }:
 
 stdenv.mkDerivation rec {
-  name = "libidn-1.33";
+  name = "libidn-1.34";
 
   src = fetchurl {
     url = "mirror://gnu/libidn/${name}.tar.gz";
-    sha256 = "068fjg2arlppjqqpzd714n1lf6gxkpac9v5yyvp1qwmv6nvam9s4";
+    sha256 = "0g3fzypp0xjcgr90c5cyj57apx1cmy0c6y9lvw2qdcigbyby469p";
   };
 
   outputs = [ "bin" "dev" "out" "info" "devdoc" ];
@@ -17,6 +17,8 @@ stdenv.mkDerivation rec {
 
   buildInputs = stdenv.lib.optional stdenv.isDarwin libiconv;
 
+  doCheck = false; # fails
+
   meta = {
     homepage = http://www.gnu.org/software/libidn/;
     description = "Library for internationalized domain names";
diff --git a/pkgs/development/libraries/libindicate/default.nix b/pkgs/development/libraries/libindicate/default.nix
index 445a505b68c..1bde9336c66 100644
--- a/pkgs/development/libraries/libindicate/default.nix
+++ b/pkgs/development/libraries/libindicate/default.nix
@@ -3,7 +3,7 @@
 { stdenv, fetchurl, lib, file
 , pkgconfig, autoconf
 , glib, dbus-glib, libdbusmenu-glib
-, gtkVersion, gtk2 ? null, gtk3 ? null
+, gtkVersion ? "3", gtk2 ? null, gtk3 ? null
 , pythonPackages, gobjectIntrospection, vala, gnome-doc-utils
 , monoSupport ? false, mono ? null, gtk-sharp-2_0 ? null
  }:
diff --git a/pkgs/development/libraries/libindicator/default.nix b/pkgs/development/libraries/libindicator/default.nix
index 67936fecdf4..33691f79a4c 100644
--- a/pkgs/development/libraries/libindicator/default.nix
+++ b/pkgs/development/libraries/libindicator/default.nix
@@ -1,6 +1,6 @@
 { stdenv, fetchurl, lib, file
 , pkgconfig
-, gtkVersion, gtk2 ? null, gtk3 ? null }:
+, gtkVersion ? "3", gtk2 ? null, gtk3 ? null }:
 
 with lib;
 
@@ -40,6 +40,8 @@ stdenv.mkDerivation rec {
     "localstatedir=\${TMPDIR}"
   ];
 
+  doCheck = false; # fails 8 out of 8 tests
+
   meta = {
     description = "A set of symbols and convenience functions for Ayatana indicators";
     homepage = https://launchpad.net/libindicator;
diff --git a/pkgs/development/libraries/libinput/default.nix b/pkgs/development/libraries/libinput/default.nix
index 0e2458a3895..6773b7c1b1f 100644
--- a/pkgs/development/libraries/libinput/default.nix
+++ b/pkgs/development/libraries/libinput/default.nix
@@ -16,11 +16,11 @@ in
 with stdenv.lib;
 stdenv.mkDerivation rec {
   name = "libinput-${version}";
-  version = "1.10.0";
+  version = "1.10.3";
 
   src = fetchurl {
     url = "http://www.freedesktop.org/software/libinput/${name}.tar.xz";
-    sha256 = "0mrzsf0349d1g68lizkzxw7vaw459fl8xhl7v0s8njb31hp2riy2";
+    sha256 = "0002xk9cqzpqrlhgav1wp8nimsbp9d2w8rd8mgygczq2hjar0lhd";
   };
 
   outputs = [ "out" "dev" ];
diff --git a/pkgs/development/libraries/libjpeg-turbo/default.nix b/pkgs/development/libraries/libjpeg-turbo/default.nix
index 4ec0e5ebd9f..e4f70b792fd 100644
--- a/pkgs/development/libraries/libjpeg-turbo/default.nix
+++ b/pkgs/development/libraries/libjpeg-turbo/default.nix
@@ -29,9 +29,6 @@ stdenv.mkDerivation rec {
     description = "A faster (using SIMD) libjpeg implementation";
     license = licenses.ijg; # and some parts under other BSD-style licenses
     maintainers = [ maintainers.vcunat ];
-    # upstream supports darwin (and others), but it doesn't build currently
     platforms = platforms.all;
-    hydraPlatforms = platforms.linux;
   };
 }
-
diff --git a/pkgs/development/libraries/libjpeg/default.nix b/pkgs/development/libraries/libjpeg/default.nix
index 8b0a4ec98ed..96dbd463370 100644
--- a/pkgs/development/libraries/libjpeg/default.nix
+++ b/pkgs/development/libraries/libjpeg/default.nix
@@ -3,11 +3,11 @@
 with stdenv.lib;
 
 stdenv.mkDerivation {
-  name = "libjpeg-8d";
+  name = "libjpeg-9c";
 
   src = fetchurl {
-    url = http://www.ijg.org/files/jpegsrc.v8d.tar.gz;
-    sha256 = "1cz0dy05mgxqdgjf52p54yxpyy95rgl30cnazdrfmw7hfca9n0h0";
+    url = http://www.ijg.org/files/jpegsrc.v9c.tar.gz;
+    sha256 = "08kixcf3a7s9x91174abjnk1xbvj4v8crdc73zi4k9h3jfbm00k5";
   };
 
   configureFlags = optional static "--enable-static --disable-shared";
diff --git a/pkgs/development/libraries/liblo/default.nix b/pkgs/development/libraries/liblo/default.nix
index ae1d458b0d5..c72b9723dc5 100644
--- a/pkgs/development/libraries/liblo/default.nix
+++ b/pkgs/development/libraries/liblo/default.nix
@@ -8,7 +8,9 @@ stdenv.mkDerivation rec {
     sha256 = "0sn0ckc1d0845mhsaa62wf7f9v0c0ykiq796a30ja5096kib9qdc";
   };
 
-  meta = { 
+  doCheck = false; # fails 1 out of 3 tests
+
+  meta = {
     description = "Lightweight library to handle the sending and receiving of messages according to the Open Sound Control (OSC) protocol";
     homepage = https://sourceforge.net/projects/liblo;
     license = stdenv.lib.licenses.gpl2;
diff --git a/pkgs/development/libraries/libmsgpack/generic.nix b/pkgs/development/libraries/libmsgpack/generic.nix
index 889ef134773..947960d2359 100644
--- a/pkgs/development/libraries/libmsgpack/generic.nix
+++ b/pkgs/development/libraries/libmsgpack/generic.nix
@@ -13,13 +13,12 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
-  crossAttrs = {
-  } // stdenv.lib.optionalAttrs (hostPlatform.libc == "msvcrt") {
-    cmakeFlags = [
-      "-DMSGPACK_BUILD_EXAMPLES=OFF"
-      "-DCMAKE_SYSTEM_NAME=Windows"
-    ];
-  };
+  cmakeFlags = []
+    ++ stdenv.lib.optional (stdenv.hostPlatform != stdenv.buildPlatform)
+                           "-DMSGPACK_BUILD_EXAMPLES=OFF"
+    ++ stdenv.lib.optional (hostPlatform.libc == "msvcrt")
+                           "-DCMAKE_SYSTEM_NAME=Windows"
+    ;
 
   meta = with stdenv.lib; {
     description = "MessagePack implementation for C and C++";
diff --git a/pkgs/development/libraries/libnetfilter_conntrack/default.nix b/pkgs/development/libraries/libnetfilter_conntrack/default.nix
index 1b4c471a256..41245e6539f 100644
--- a/pkgs/development/libraries/libnetfilter_conntrack/default.nix
+++ b/pkgs/development/libraries/libnetfilter_conntrack/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "libnetfilter_conntrack-${version}";
-  version = "1.0.6";
+  version = "1.0.7";
 
   src = fetchurl {
     url = "https://netfilter.org/projects/libnetfilter_conntrack/files/${name}.tar.bz2";
-    sha256 = "1svzyf3rq9nbrcw1jsricgyhh7x1am8iqn6kjr6mzrw42810ik7g";
+    sha256 = "1dl9z50yny04xi5pymlykwmy6hcfc9p4nd7m47697zwxw98m6s1k";
   };
 
   buildInputs = [ libmnl ];
diff --git a/pkgs/development/libraries/libnfsidmap/default.nix b/pkgs/development/libraries/libnfsidmap/default.nix
index 74562ebe132..ce21cda4a5d 100644
--- a/pkgs/development/libraries/libnfsidmap/default.nix
+++ b/pkgs/development/libraries/libnfsidmap/default.nix
@@ -2,12 +2,16 @@
 
 stdenv.mkDerivation rec {
   name = "libnfsidmap-0.25";
-  
+
   src = fetchurl {
     url = "http://www.citi.umich.edu/projects/nfsv4/linux/libnfsidmap/${name}.tar.gz";
     sha256 = "1kzgwxzh83qi97rblcm9qj80cdvnv8kml2plz0q103j0hifj8vb5";
   };
 
+  postPatch = ''
+    sed -i '1i#include <sys/types.h>' cfg.h
+  '';
+
   preConfigure =
     ''
       configureFlags="--with-pluginpath=$out/lib/libnfsidmap"
diff --git a/pkgs/development/libraries/libnftnl/default.nix b/pkgs/development/libraries/libnftnl/default.nix
index ad8c7626661..6570d1eb3c0 100644
--- a/pkgs/development/libraries/libnftnl/default.nix
+++ b/pkgs/development/libraries/libnftnl/default.nix
@@ -1,12 +1,12 @@
 { stdenv, fetchurl, pkgconfig, libmnl }:
 
 stdenv.mkDerivation rec {
-  version = "1.0.9";
+  version = "1.1.0";
   name = "libnftnl-${version}";
 
   src = fetchurl {
     url = "https://netfilter.org/projects/libnftnl/files/${name}.tar.bz2";
-    sha256 = "0d9nkdbdck8sg6msysqyv3m9kjr9sjif5amf26dfa0g3mqjdihgy";
+    sha256 = "0v4gywcjvv2vg4zk632al1zv3ad0lx87nshynv110l8n3fhsq3pc";
   };
 
   nativeBuildInputs = [ pkgconfig ];
diff --git a/pkgs/development/libraries/libnih/default.nix b/pkgs/development/libraries/libnih/default.nix
index 4903d54b4a3..22eb8ed64dd 100644
--- a/pkgs/development/libraries/libnih/default.nix
+++ b/pkgs/development/libraries/libnih/default.nix
@@ -4,7 +4,7 @@ let version = "1.0.3"; in
 
 stdenv.mkDerivation rec {
   name = "libnih-${version}";
-  
+
   src = fetchurl {
     url = "http://code.launchpad.net/libnih/1.0/${version}/+download/libnih-${version}.tar.gz";
     sha256 = "01glc6y7z1g726zwpvp2zm79pyb37ki729jkh45akh35fpgp4xc9";
@@ -13,6 +13,8 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [ pkgconfig ];
   buildInputs = [ dbus expat ];
 
+  doCheck = false; # fails 1 of 17 test
+
   meta = {
     description = "A small library for C application development";
     homepage = https://launchpad.net/libnih;
diff --git a/pkgs/development/libraries/libomxil-bellagio/default.nix b/pkgs/development/libraries/libomxil-bellagio/default.nix
index 28c8a915c63..68302acac29 100644
--- a/pkgs/development/libraries/libomxil-bellagio/default.nix
+++ b/pkgs/development/libraries/libomxil-bellagio/default.nix
@@ -14,6 +14,8 @@ stdenv.mkDerivation rec {
 
   patches = [ ./fedora-fixes.patch ];
 
+  doCheck = false; # fails
+
   meta = with stdenv.lib; {
     homepage = https://sourceforge.net/projects/omxil/;
     description = "An opensource implementation of the Khronos OpenMAX Integration Layer API to access multimedia components";
diff --git a/pkgs/development/libraries/libpcap/default.nix b/pkgs/development/libraries/libpcap/default.nix
index bef5f9a9da3..94555438693 100644
--- a/pkgs/development/libraries/libpcap/default.nix
+++ b/pkgs/development/libraries/libpcap/default.nix
@@ -12,10 +12,16 @@ stdenv.mkDerivation rec {
 
   # We need to force the autodetection because detection doesn't
   # work in pure build enviroments.
-  configureFlags =
-    if stdenv.isLinux then [ "--with-pcap=linux" ]
-    else if stdenv.isDarwin then [ "--with-pcap=bpf" ]
-    else [];
+  configureFlags = [
+    ("--with-pcap=" + {
+      linux = "linux";
+      darwin = "bpf";
+    }.${stdenv.hostPlatform.parsed.kernel.name})
+  ] ++ stdenv.lib.optionals (stdenv.hostPlatform == stdenv.buildPlatform) [
+    "ac_cv_linux_vers=2"
+  ];
+
+  dontStrip = stdenv.hostPlatform != stdenv.buildPlatform;
 
   prePatch = stdenv.lib.optionalString stdenv.isDarwin ''
     substituteInPlace configure --replace " -arch i386" ""
@@ -39,12 +45,6 @@ stdenv.mkDerivation rec {
 
   preInstall = ''mkdir -p $out/bin'';
 
-  crossAttrs = {
-    # Stripping hurts in static libraries
-    dontStrip = true;
-    configureFlags = configureFlags ++ [ "ac_cv_linux_vers=2" ];
-  };
-
   meta = with stdenv.lib; {
     homepage = http://www.tcpdump.org;
     description = "Packet Capture Library";
diff --git a/pkgs/development/libraries/libproxy/default.nix b/pkgs/development/libraries/libproxy/default.nix
index bf9e2d079cd..02e634b22a3 100644
--- a/pkgs/development/libraries/libproxy/default.nix
+++ b/pkgs/development/libraries/libproxy/default.nix
@@ -30,6 +30,8 @@ stdenv.mkDerivation rec {
     )
   '';
 
+  doCheck = false; # fails 1 out of 10 tests
+
   meta = with stdenv.lib; {
     platforms = platforms.linux ++ platforms.darwin;
     license = licenses.lgpl21;
diff --git a/pkgs/development/libraries/librsvg/default.nix b/pkgs/development/libraries/librsvg/default.nix
index c2e1739117b..76b7e7ccaee 100644
--- a/pkgs/development/libraries/librsvg/default.nix
+++ b/pkgs/development/libraries/librsvg/default.nix
@@ -5,17 +5,17 @@
 
 let
   pname = "librsvg";
-  version = "2.42.2";
+  version = "2.42.4";
 in
 stdenv.mkDerivation rec {
   name = "${pname}-${version}";
 
   src = fetchurl {
     url = "mirror://gnome/sources/${pname}/${gnome3.versionBranch version}/${name}.tar.xz";
-    sha256 = "0c550a0bffef768a436286116c03d9f6cd3f97f5021c13e7f093b550fac12562";
+    sha256 = "1qsd0j7s97ab5fzy5b5gix5b7hbw57cr46ia8pkcrr4ylsi80li2";
   };
 
-  outputs = [ "out" "dev" ];
+  outputs = [ "out" "dev" "installedTests" ];
 
   buildInputs = [ libxml2 libgsf bzip2 libcroco pango libintl ];
 
@@ -26,8 +26,17 @@ stdenv.mkDerivation rec {
       ApplicationServices
     ]);
 
-  configureFlags = [ "--enable-introspection" "--enable-vala" ]
-    ++ stdenv.lib.optional stdenv.isDarwin "--disable-Bsymbolic";
+  configureFlags = [
+    "--enable-introspection"
+    "--enable-vala"
+    "--enable-installed-tests"
+    "--enable-always-build-tests"
+  ] ++ stdenv.lib.optional stdenv.isDarwin "--disable-Bsymbolic";
+
+  makeFlags = [
+    "installed_test_metadir=$(installedTests)/share/installed-tests/RSVG"
+    "installed_testdir=$(installedTests)/libexec/installed-tests/RSVG"
+  ];
 
   NIX_CFLAGS_COMPILE
     = stdenv.lib.optionalString stdenv.isDarwin "-I${cairo.dev}/include/cairo";
@@ -52,6 +61,8 @@ stdenv.mkDerivation rec {
         -i gdk-pixbuf-loader/librsvg.thumbnailer.in
   '';
 
+  doCheck = false; # fails 20 of 145 tests, very likely to be buggy
+
   # Merge gdkpixbuf and librsvg loaders
   postInstall = ''
     mv $GDK_PIXBUF/loaders.cache $GDK_PIXBUF/loaders.cache.tmp
diff --git a/pkgs/development/libraries/librsync/0.9.nix b/pkgs/development/libraries/librsync/0.9.nix
index 0954694cf29..115f4cd90a0 100644
--- a/pkgs/development/libraries/librsync/0.9.nix
+++ b/pkgs/development/libraries/librsync/0.9.nix
@@ -12,9 +12,7 @@ stdenv.mkDerivation {
 
   configureFlags = if stdenv.isCygwin then "--enable-static" else "--enable-shared";
 
-  crossAttrs = {
-    dontStrip = true;
-  };
+  dontStrip = stdenv.hostPlatform != stdenv.buildPlatform;
 
   meta = {
     homepage = http://librsync.sourceforge.net/;
diff --git a/pkgs/development/libraries/librsync/default.nix b/pkgs/development/libraries/librsync/default.nix
index 80acaf57d62..afb83051b21 100644
--- a/pkgs/development/libraries/librsync/default.nix
+++ b/pkgs/development/libraries/librsync/default.nix
@@ -14,9 +14,7 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [ cmake ];
   buildInputs = [ perl zlib bzip2 popt ];
 
-  crossAttrs = {
-    dontStrip = true;
-  };
+  dontStrip = stdenv.hostPlatform != stdenv.buildPlatform;
 
   meta = with stdenv.lib; {
     homepage = http://librsync.sourceforge.net/;
diff --git a/pkgs/development/libraries/libsoup/default.nix b/pkgs/development/libraries/libsoup/default.nix
index 92e9c3662c9..75898852a09 100644
--- a/pkgs/development/libraries/libsoup/default.nix
+++ b/pkgs/development/libraries/libsoup/default.nix
@@ -36,6 +36,8 @@ stdenv.mkDerivation rec {
     "--with-gnome=${if gnomeSupport then "yes" else "no"}"
   ];
 
+  doCheck = false; # fails with "no: command not found"
+
   passthru = {
     propagatedUserEnvPackages = [ glib-networking.out ];
     updateScript = gnome3.updateScript {
diff --git a/pkgs/development/libraries/libtorrent-rasterbar/default.nix b/pkgs/development/libraries/libtorrent-rasterbar/default.nix
index e3b8024615b..335400b80ef 100644
--- a/pkgs/development/libraries/libtorrent-rasterbar/default.nix
+++ b/pkgs/development/libraries/libtorrent-rasterbar/default.nix
@@ -27,6 +27,8 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
+  doCheck = false; # fails to link
+
   meta = with stdenv.lib; {
     homepage = http://www.rasterbar.com/products/libtorrent/;
     description = "A C++ BitTorrent implementation focusing on efficiency and scalability";
diff --git a/pkgs/development/libraries/libtoxcore/default.nix b/pkgs/development/libraries/libtoxcore/default.nix
index 42d2fe11f7b..6256702010f 100644
--- a/pkgs/development/libraries/libtoxcore/default.nix
+++ b/pkgs/development/libraries/libtoxcore/default.nix
@@ -29,6 +29,12 @@ let
 
     enableParallelBuilding = true;
 
+    doCheck = false; # hangs, tries to access the net?
+
+    # for some reason the tests are not running - it says "No tests found!!"
+    checkInputs = [ check ];
+    checkPhase = "ctest";
+
     meta = with stdenv.lib; {
       description = "P2P FOSS instant messaging application aimed to replace Skype";
       homepage = https://tox.chat;
diff --git a/pkgs/development/libraries/libuchardet/default.nix b/pkgs/development/libraries/libuchardet/default.nix
index ea411d73b31..52bc0ac5cfd 100644
--- a/pkgs/development/libraries/libuchardet/default.nix
+++ b/pkgs/development/libraries/libuchardet/default.nix
@@ -14,6 +14,8 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ cmake ];
 
+  doCheck = false; # fails all the tests (ctest)
+
   meta = with stdenv.lib; {
     description = "Mozilla's Universal Charset Detector C/C++ API";
     homepage    = https://www.byvoid.com/zht/project/uchardet;
diff --git a/pkgs/development/libraries/libunwind/default.nix b/pkgs/development/libraries/libunwind/default.nix
index b901d352808..dbf1d7a3756 100644
--- a/pkgs/development/libraries/libunwind/default.nix
+++ b/pkgs/development/libraries/libunwind/default.nix
@@ -26,6 +26,8 @@ stdenv.mkDerivation rec {
     done
   '';
 
+  doCheck = false; # fails
+
   meta = with stdenv.lib; {
     homepage = http://www.nongnu.org/libunwind;
     description = "A portable and efficient API to determine the call-chain of a program";
diff --git a/pkgs/development/libraries/libuv/default.nix b/pkgs/development/libraries/libuv/default.nix
index e8877c7f54b..ed4397c88f0 100644
--- a/pkgs/development/libraries/libuv/default.nix
+++ b/pkgs/development/libraries/libuv/default.nix
@@ -2,14 +2,14 @@
 , ApplicationServices, CoreServices }:
 
 stdenv.mkDerivation rec {
-  version = "1.19.2";
+  version = "1.20.2";
   name = "libuv-${version}";
 
   src = fetchFromGitHub {
     owner = "libuv";
     repo = "libuv";
     rev = "v${version}";
-    sha256 = "118r8wigm65107fm7kzfz7gc4awy8xxg0knvwnshx1j40ks08x9z";
+    sha256 = "14zlf59fr03v684ryapc57r9nfrznyk5xvcd59q04rb435ibib48";
   };
 
   postPatch = let
diff --git a/pkgs/development/libraries/libvdpau-va-gl/default.nix b/pkgs/development/libraries/libvdpau-va-gl/default.nix
index 3ea0155b4f4..50b995a0356 100644
--- a/pkgs/development/libraries/libvdpau-va-gl/default.nix
+++ b/pkgs/development/libraries/libvdpau-va-gl/default.nix
@@ -15,6 +15,8 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [ cmake pkgconfig ];
   buildInputs = [ libX11 libpthreadstubs libXau libXdmcp libXext libvdpau glib libva ffmpeg libGLU ];
 
+  doCheck = false; # fails. needs DRI access
+
   meta = with stdenv.lib; {
     homepage = https://github.com/i-rinat/libvdpau-va-gl;
     description = "VDPAU driver with OpenGL/VAAPI backend";
diff --git a/pkgs/development/libraries/libvpx/default.nix b/pkgs/development/libraries/libvpx/default.nix
index 272761cc6af..731892d33b4 100644
--- a/pkgs/development/libraries/libvpx/default.nix
+++ b/pkgs/development/libraries/libvpx/default.nix
@@ -58,13 +58,13 @@ assert isCygwin -> unitTestsSupport && webmIOSupport && libyuvSupport;
 
 stdenv.mkDerivation rec {
   name = "libvpx-${version}";
-  version = "1.6.1";
+  version = "1.7.0";
 
   src = fetchFromGitHub {
     owner = "webmproject";
     repo = "libvpx";
     rev = "v${version}";
-    sha256 = "10fs7xilf2bsj5bqw206lb5r5dgl84p5m6nibiirk28lmjx1i3l0";
+    sha256 = "0vvh89hvp8qg9an9vcmwb7d9k3nixhxaz6zi65qdjnd0i56kkcz6";
   };
 
   patchPhase = ''patchShebangs .'';
@@ -72,6 +72,7 @@ stdenv.mkDerivation rec {
   outputs = [ "bin" "dev" "out" ];
   setOutputFlags = false;
 
+  configurePlatforms = [];
   configureFlags = [
     (enableFeature (vp8EncoderSupport || vp8DecoderSupport) "vp8")
     (enableFeature vp8EncoderSupport "vp8-encoder")
@@ -131,8 +132,29 @@ stdenv.mkDerivation rec {
     (enableFeature (experimentalSpatialSvcSupport ||
                     experimentalFpMbStatsSupport ||
                     experimentalEmulateHardwareSupport) "experimental")
-    # Experimental features
-  ] ++ optional experimentalSpatialSvcSupport "--enable-spatial-svc"
+  ] ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
+    #"--extra-cflags="
+    #"--extra-cxxflags="
+    #"--prefix="
+    #"--libc="
+    #"--libdir="
+    "--enable-external-build"
+    # libvpx darwin targets include darwin version (ie. ARCH-darwinXX-gcc, XX being the darwin version)
+    # See all_platforms: https://github.com/webmproject/libvpx/blob/master/configure
+    # Darwin versions: 10.4=8, 10.5=9, 10.6=10, 10.7=11, 10.8=12, 10.9=13, 10.10=14
+    "--force-target=${hostPlatform.config}${
+            if hostPlatform.isDarwin then
+              if      hostPlatform.osxMinVersion == "10.10" then "14"
+              else if hostPlatform.osxMinVersion == "10.9"  then "13"
+              else if hostPlatform.osxMinVersion == "10.8"  then "12"
+              else if hostPlatform.osxMinVersion == "10.7"  then "11"
+              else if hostPlatform.osxMinVersion == "10.6"  then "10"
+              else if hostPlatform.osxMinVersion == "10.5"  then "9"
+              else "8"
+            else ""}-gcc"
+    (if hostPlatform.isCygwin then "--enable-static-msvcrt" else "")
+  ] # Experimental features
+    ++ optional experimentalSpatialSvcSupport "--enable-spatial-svc"
     ++ optional experimentalFpMbStatsSupport "--enable-fp-mb-stats"
     ++ optional experimentalEmulateHardwareSupport "--enable-emulate-hardware";
 
@@ -145,32 +167,6 @@ stdenv.mkDerivation rec {
 
   postInstall = ''moveToOutput bin "$bin" '';
 
-  crossAttrs = {
-    configurePlatforms = [];
-    configureFlags = configureFlags ++ [
-      #"--extra-cflags="
-      #"--extra-cxxflags="
-      #"--prefix="
-      #"--libc="
-      #"--libdir="
-      "--enable-external-build"
-      # libvpx darwin targets include darwin version (ie. ARCH-darwinXX-gcc, XX being the darwin version)
-      # See all_platforms: https://github.com/webmproject/libvpx/blob/master/configure
-      # Darwin versions: 10.4=8, 10.5=9, 10.6=10, 10.7=11, 10.8=12, 10.9=13, 10.10=14
-      "--force-target=${hostPlatform.config}${
-              if hostPlatform.isDarwin then
-                if      hostPlatform.osxMinVersion == "10.10" then "14"
-                else if hostPlatform.osxMinVersion == "10.9"  then "13"
-                else if hostPlatform.osxMinVersion == "10.8"  then "12"
-                else if hostPlatform.osxMinVersion == "10.7"  then "11"
-                else if hostPlatform.osxMinVersion == "10.6"  then "10"
-                else if hostPlatform.osxMinVersion == "10.5"  then "9"
-                else "8"
-              else ""}-gcc"
-      (if hostPlatform.isCygwin then "--enable-static-msvcrt" else "")
-    ];
-  };
-
   meta = with stdenv.lib; {
     description = "WebM VP8/VP9 codec SDK";
     homepage    = https://www.webmproject.org/;
diff --git a/pkgs/development/libraries/libvpx/git.nix b/pkgs/development/libraries/libvpx/git.nix
index e2b94dda28e..7d4b75d6cdf 100644
--- a/pkgs/development/libraries/libvpx/git.nix
+++ b/pkgs/development/libraries/libvpx/git.nix
@@ -77,6 +77,7 @@ stdenv.mkDerivation rec {
   outputs = [ "bin" "dev" "out" ];
   setOutputFlags = false;
 
+  configurePlatforms = [];
   configureFlags = [
     (enableFeature (vp8EncoderSupport || vp8DecoderSupport) "vp8")
     (enableFeature vp8EncoderSupport "vp8-encoder")
@@ -139,23 +140,7 @@ stdenv.mkDerivation rec {
     (enableFeature (experimentalSpatialSvcSupport ||
                     experimentalFpMbStatsSupport ||
                     experimentalEmulateHardwareSupport) "experimental")
-    # Experimental features
-  ] ++ optional experimentalSpatialSvcSupport "--enable-spatial-svc"
-    ++ optional experimentalFpMbStatsSupport "--enable-fp-mb-stats"
-    ++ optional experimentalEmulateHardwareSupport "--enable-emulate-hardware";
-
-  nativeBuildInputs = [ perl yasm ];
-
-  buildInputs = [ ]
-    ++ optionals unitTestsSupport [ coreutils curl ];
-
-  enableParallelBuilding = true;
-
-  postInstall = ''moveToOutput bin "$bin" '';
-
-  crossAttrs = {
-    configurePlatforms = [];
-    configureFlags = configureFlags ++ [
+  ] ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
       #"--extra-cflags="
       #"--prefix="
       #"--libc="
@@ -175,8 +160,19 @@ stdenv.mkDerivation rec {
                 else "8"
               else ""}-gcc"
       (if hostPlatform.isCygwin then "--enable-static-msvcrt" else "")
-    ];
-  };
+  ] # Experimental features
+    ++ optional experimentalSpatialSvcSupport "--enable-spatial-svc"
+    ++ optional experimentalFpMbStatsSupport "--enable-fp-mb-stats"
+    ++ optional experimentalEmulateHardwareSupport "--enable-emulate-hardware";
+
+  nativeBuildInputs = [ perl yasm ];
+
+  buildInputs = [ ]
+    ++ optionals unitTestsSupport [ coreutils curl ];
+
+  enableParallelBuilding = true;
+
+  postInstall = ''moveToOutput bin "$bin" '';
 
   meta = with stdenv.lib; {
     description = "WebM VP8/VP9 codec SDK";
diff --git a/pkgs/development/libraries/libwacom/default.nix b/pkgs/development/libraries/libwacom/default.nix
index 8e36edff7ed..cc3f19ab7d3 100644
--- a/pkgs/development/libraries/libwacom/default.nix
+++ b/pkgs/development/libraries/libwacom/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "libwacom-${version}";
-  version = "0.28";
+  version = "0.29";
 
   src = fetchurl {
     url = "mirror://sourceforge/linuxwacom/libwacom/${name}.tar.bz2";
-    sha256 = "1vv768870597rvwxdb59v6pjn1pxaxg4r6znbb5j3cl828q35mp7";
+    sha256 = "1diklgcjhmvcxi9p1ifp6wcnyr6k7z9jhrlzfhzjqd6zipk01slw";
   };
 
   nativeBuildInputs = [ pkgconfig ];
diff --git a/pkgs/development/libraries/libwebp/default.nix b/pkgs/development/libraries/libwebp/default.nix
index f7d4fc3b367..8cd0536e294 100644
--- a/pkgs/development/libraries/libwebp/default.nix
+++ b/pkgs/development/libraries/libwebp/default.nix
@@ -27,11 +27,11 @@ in
 with stdenv.lib;
 stdenv.mkDerivation rec {
   name = "libwebp-${version}";
-  version = "0.6.1";
+  version = "1.0.0";
 
   src = fetchurl {
     url = "http://downloads.webmproject.org/releases/webp/${name}.tar.gz";
-    sha256 = "1ayq2zq0zbgf5yizbm32zh7p1vb8kibw74am6am1n5cz5mw3ql06";
+    sha256 = "0nr2hd4iv61fphdbx49g96a56jkmdm9n2qss7jpkg1pii11rq9c4";
   };
 
   configureFlags = [
diff --git a/pkgs/development/libraries/libxkbcommon/default.nix b/pkgs/development/libraries/libxkbcommon/default.nix
index faeed680f3d..3e0a2872c00 100644
--- a/pkgs/development/libraries/libxkbcommon/default.nix
+++ b/pkgs/development/libraries/libxkbcommon/default.nix
@@ -27,6 +27,8 @@ stdenv.mkDerivation rec {
     "-Dx-locale-root=${libX11.out}/share/X11/locale"
   ];
 
+  doCheck = false; # fails, needs unicode locale
+
   meta = with stdenv.lib; {
     description = "A library to handle keyboard descriptions";
     homepage = https://xkbcommon.org;
diff --git a/pkgs/development/libraries/libxml2/default.nix b/pkgs/development/libraries/libxml2/default.nix
index c4f3ff1efdd..be2f83cb498 100644
--- a/pkgs/development/libraries/libxml2/default.nix
+++ b/pkgs/development/libraries/libxml2/default.nix
@@ -10,11 +10,11 @@ let
 
 in stdenv.mkDerivation rec {
   name = "libxml2-${version}";
-  version = "2.9.7";
+  version = "2.9.8";
 
   src = fetchurl {
     url = "http://xmlsoft.org/sources/${name}.tar.gz";
-    sha256 = "034hylzspvkm0p4bczqbf8q05a7r2disr8dz725x4bin61ymwg7n";
+    sha256 = "0ci7is75bwqqw2p32vxvrk6ds51ik7qgx73m920rakv5jlayax0b";
   };
 
   outputs = [ "bin" "dev" "out" "man" "doc" ]
diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix
index 2beb7e60080..4fd3b38a3be 100644
--- a/pkgs/development/libraries/mesa/default.nix
+++ b/pkgs/development/libraries/mesa/default.nix
@@ -67,7 +67,7 @@ let
 in
 
 let
-  version = "17.3.8";
+  version = "18.0.3";
   branch  = head (splitString "." version);
 in
 
@@ -81,7 +81,7 @@ let self = stdenv.mkDerivation {
       "ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz"
       "https://mesa.freedesktop.org/archive/mesa-${version}.tar.xz"
     ];
-    sha256 = "1cd6a4ll5arla3kncxnw9196ak1v4rvnb098aa7lm3n4h7r9p7cg";
+    sha256 = "0c4yskqwmh5k0wavjrkfcldafvnpcx8gjcx584bscxks69krd789";
   };
 
   prePatch = "patchShebangs .";
@@ -161,7 +161,7 @@ let self = stdenv.mkDerivation {
   doCheck = false;
 
   installFlags = [
-    "sysconfdir=\${out}/etc"
+    "sysconfdir=\${drivers}/etc"
     "localstatedir=\${TMPDIR}"
     "vendorjsondir=\${out}/share/glvnd/egl_vendor.d"
   ];
diff --git a/pkgs/development/libraries/mpfi/default.nix b/pkgs/development/libraries/mpfi/default.nix
index c88c8da6378..6b607e94bd4 100644
--- a/pkgs/development/libraries/mpfi/default.nix
+++ b/pkgs/development/libraries/mpfi/default.nix
@@ -1,15 +1,20 @@
 {stdenv, fetchurl, mpfr}:
 stdenv.mkDerivation rec {
   name = "mpfi-${version}";
-  version = "1.5.1";
+  version = "1.5.3";
+  file_nr = "37331";
   src = fetchurl {
-    url = "https://gforge.inria.fr/frs/download.php/file/30129/mpfi-${version}.tar.bz2";
-    sha256 = "0vk9jfcfiqda0zksg1ffy36pdznpng9b4nl7pfzpz9hps4v6bk1z";
+    # NOTE: the file_nr is whats important here. The actual package name (including the version)
+    # is ignored. To find out the correct file_nr, go to https://gforge.inria.fr/projects/mpfi/
+    # and click on Download in the section "Latest File Releases".
+    url = "https://gforge.inria.fr/frs/download.php/file/${file_nr}/mpfi-${version}.tar.bz2";
+    sha256 = "0bqr8yibl7jbrp0bw7xk1lm7nis7rv26jsz6y8ycvih8n9bx90r3";
   };
   buildInputs = [mpfr];
   meta = {
     inherit version;
     description = ''A multiple precision interval arithmetic library based on MPFR'';
+    homepage = https://gforge.inria.fr/projects/mpfi/;
     license = stdenv.lib.licenses.lgpl21Plus;
     maintainers = [stdenv.lib.maintainers.raskin];
     platforms = stdenv.lib.platforms.linux;
diff --git a/pkgs/development/libraries/mpfr/default.nix b/pkgs/development/libraries/mpfr/default.nix
index 4aac5a92709..d75d9d6b9d9 100644
--- a/pkgs/development/libraries/mpfr/default.nix
+++ b/pkgs/development/libraries/mpfr/default.nix
@@ -3,11 +3,12 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "mpfr-3.1.6";
+  version = "4.0.1";
+  name = "mpfr-${version}";
 
   src = fetchurl {
     url = "mirror://gnu/mpfr/${name}.tar.xz";
-    sha256 = "0l598h9klpgkz2bp0rxiqb90mkqh9f2f81n5rpy191j00hdaqqks";
+    sha256 = "0vp1lrc08gcmwdaqck6bpzllkrykvp06vz5gnqpyw0v3h9h4m1v7";
   };
 
   outputs = [ "out" "dev" "doc" "info" ];
diff --git a/pkgs/development/libraries/ncurses/default.nix b/pkgs/development/libraries/ncurses/default.nix
index abb3020e5fb..cf478837b86 100644
--- a/pkgs/development/libraries/ncurses/default.nix
+++ b/pkgs/development/libraries/ncurses/default.nix
@@ -1,6 +1,6 @@
 { lib, stdenv, fetchurl, pkgconfig
 
-, abiVersion
+, abiVersion ? "6"
 , mouseSupport ? false
 , unicode ? true
 , enableStatic ? stdenv.hostPlatform.useAndroidPrebuilt
@@ -72,7 +72,9 @@ stdenv.mkDerivation rec {
   # When building a wide-character (Unicode) build, create backward
   # compatibility links from the the "normal" libraries to the
   # wide-character libraries (e.g. libncurses.so to libncursesw.so).
-  postFixup = ''
+  postFixup = let
+    abiVersion-extension = if stdenv.isDarwin then "${abiVersion}.$dylibtype" else "$dylibtype.${abiVersion}"; in
+  ''
     # Determine what suffixes our libraries have
     suffix="$(awk -F': ' 'f{print $3; f=0} /default library suffix/{f=1}' config.log)"
     libs="$(ls $dev/lib/pkgconfig | tr ' ' '\n' | sed "s,\(.*\)$suffix\.pc,\1,g")"
@@ -95,12 +97,12 @@ stdenv.mkDerivation rec {
         for dylibtype in so dll dylib; do
           if [ -e "$out/lib/lib''${library}$suffix.$dylibtype" ]; then
             ln -svf lib''${library}$suffix.$dylibtype $out/lib/lib$library$newsuffix.$dylibtype
-            ln -svf lib''${library}$suffix.$dylibtype.${abiVersion} $out/lib/lib$library$newsuffix.$dylibtype.${abiVersion}
+            ln -svf lib''${library}$suffix.${abiVersion-extension} $out/lib/lib$library$newsuffix.${abiVersion-extension}
             if [ "ncurses" = "$library" ]
             then
               # make libtinfo symlinks
               ln -svf lib''${library}$suffix.$dylibtype $out/lib/libtinfo$newsuffix.$dylibtype
-              ln -svf lib''${library}$suffix.$dylibtype.${abiVersion} $out/lib/libtinfo$newsuffix.$dylibtype.${abiVersion}
+              ln -svf lib''${library}$suffix.${abiVersion-extension} $out/lib/libtinfo$newsuffix.${abiVersion-extension}
             fi
           fi
         done
diff --git a/pkgs/development/libraries/nspr/default.nix b/pkgs/development/libraries/nspr/default.nix
index 17805f32afb..ce18498ee85 100644
--- a/pkgs/development/libraries/nspr/default.nix
+++ b/pkgs/development/libraries/nspr/default.nix
@@ -1,14 +1,14 @@
 { stdenv, fetchurl
 , CoreServices ? null }:
 
-let version = "4.18"; in
+let version = "4.19"; in
 
 stdenv.mkDerivation {
   name = "nspr-${version}";
 
   src = fetchurl {
     url = "mirror://mozilla/nspr/releases/v${version}/src/nspr-${version}.tar.gz";
-    sha256 = "0d7vr3wrgp73qbywrvdkikk8vq1s1n9vhf62db80g1zqkg05g5mq";
+    sha256 = "0agpv3f17h8kmzi0ifibaaxc1k3xc0q61wqw3l6r2xr2z8bmkn9f";
   };
 
   outputs = [ "out" "dev" ];
diff --git a/pkgs/development/libraries/nss/default.nix b/pkgs/development/libraries/nss/default.nix
index 8662b956ce2..29d6e9a5670 100644
--- a/pkgs/development/libraries/nss/default.nix
+++ b/pkgs/development/libraries/nss/default.nix
@@ -1,13 +1,6 @@
 { stdenv, fetchurl, nspr, perl, zlib, sqlite, fixDarwinDylibNames }:
 
 let
-
-  # Fix aarch64 build, shouldn't be needed after 3.35
-  aarch64Patch = fetchurl {
-    url = https://hg.mozilla.org/projects/nss/raw-rev/74e679158d1b;
-    sha256 = "1lhs4h32mb2al3z461yylk227nid769di1pdjr7p0kqm2z1qm3jq";
-  };
-
   nssPEM = fetchurl {
     url = http://dev.gentoo.org/~polynomial-c/mozilla/nss-3.15.4-pem-support-20140109.patch.xz;
     sha256 = "10ibz6y0hknac15zr6dw4gv9nb5r5z9ym6gq18j3xqx7v7n3vpdw";
@@ -15,11 +8,11 @@ let
 
 in stdenv.mkDerivation rec {
   name = "nss-${version}";
-  version = "3.35";
+  version = "3.36.1";
 
   src = fetchurl {
-    url = "mirror://mozilla/security/nss/releases/NSS_3_35_RTM/src/${name}.tar.gz";
-    sha256 = "1ypn68z9ncbbshi3184ywrhx5i846lyd72gps1grzqzdkgh7s4pl";
+    url = "mirror://mozilla/security/nss/releases/NSS_3_36_1_RTM/src/${name}.tar.gz";
+    sha256 = "1zrb49mp7cy3snnday1zv8d76h1mgppbcwxnlkqsgxlga8fl89b0";
   };
 
   buildInputs = [ perl zlib sqlite ]
@@ -29,8 +22,6 @@ in stdenv.mkDerivation rec {
 
   prePatch = ''
     xz -d < ${nssPEM} | patch -p1
-  '' + stdenv.lib.optionalString stdenv.isAarch64 ''
-      (cd nss && patch -p1 < ${aarch64Patch})
   '';
 
   patches =
diff --git a/pkgs/development/libraries/openexr/default.nix b/pkgs/development/libraries/openexr/default.nix
index 8d5a6bb65a9..60ee30177c0 100644
--- a/pkgs/development/libraries/openexr/default.nix
+++ b/pkgs/development/libraries/openexr/default.nix
@@ -23,6 +23,7 @@ stdenv.mkDerivation rec {
   propagatedBuildInputs = [ ilmbase zlib ];
 
   enableParallelBuilding = true;
+  doCheck = false; # fails 1 of 1 tests
 
   meta = with stdenv.lib; {
     homepage = http://www.openexr.com/;
diff --git a/pkgs/development/libraries/openldap/default.nix b/pkgs/development/libraries/openldap/default.nix
index 56118c9bbb2..93ba3f15a09 100644
--- a/pkgs/development/libraries/openldap/default.nix
+++ b/pkgs/development/libraries/openldap/default.nix
@@ -34,6 +34,8 @@ stdenv.mkDerivation rec {
       ++ stdenv.lib.optional (cyrus_sasl == null) "--without-cyrus-sasl"
       ++ stdenv.lib.optional stdenv.isFreeBSD "--with-pic";
 
+  doCheck = false; # needs a running LDAP server
+
   installFlags = [ "sysconfdir=$(out)/etc" "localstatedir=$(out)/var" ];
 
   # 1. Fixup broken libtool
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index 1eac225387d..31e9d661a58 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -73,8 +73,7 @@ let
 
     makeFlags = [ "MANDIR=$(man)/share/man" ];
 
-    # Parallel building is broken in OpenSSL.
-    enableParallelBuilding = false;
+    enableParallelBuilding = true;
 
     postInstall = ''
       # If we're building dynamic libraries, then don't install static
diff --git a/pkgs/development/libraries/p11-kit/default.nix b/pkgs/development/libraries/p11-kit/default.nix
index a3d4857d57a..9c663186287 100644
--- a/pkgs/development/libraries/p11-kit/default.nix
+++ b/pkgs/development/libraries/p11-kit/default.nix
@@ -30,6 +30,8 @@ stdenv.mkDerivation rec {
 
   installFlags = [ "exampledir=\${out}/etc/pkcs11" ];
 
+  doInstallCheck = false; # probably a bug in this derivation
+
   meta = with stdenv.lib; {
     homepage = https://p11-glue.freedesktop.org/;
     platforms = platforms.all;
diff --git a/pkgs/development/libraries/pcre2/default.nix b/pkgs/development/libraries/pcre2/default.nix
index 9603e45a8b4..2e1ed060aca 100644
--- a/pkgs/development/libraries/pcre2/default.nix
+++ b/pkgs/development/libraries/pcre2/default.nix
@@ -40,6 +40,8 @@ stdenv.mkDerivation rec {
 
   outputs = [ "bin" "dev" "out" "doc" "man" "devdoc" ];
 
+  doCheck = false; # fails 1 of 3 tests
+
   postFixup = ''
     moveToOutput bin/pcre2-config "$dev"
   '';
diff --git a/pkgs/development/libraries/phonon/backends/vlc.nix b/pkgs/development/libraries/phonon/backends/vlc.nix
index 53281ddc657..643e36ba6cd 100644
--- a/pkgs/development/libraries/phonon/backends/vlc.nix
+++ b/pkgs/development/libraries/phonon/backends/vlc.nix
@@ -7,7 +7,7 @@
 with lib;
 
 let
-  v = "0.9.0";
+  v = "0.10.1";
   pname = "phonon-backend-vlc";
 in
 
@@ -25,7 +25,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "mirror://kde/stable/phonon/${pname}/${v}/${pname}-${v}.tar.xz";
-    sha256 = "1gnd1j305mqajw5gxm42vg6ajkvi8611bxgc3qhj5k0saz5dgkn0";
+    sha256 = "0b87mzkw9fdkrwgnh1kw5i5wnrd05rl42hynlykb7cfymsk6v5h9";
   };
 
   buildInputs =
diff --git a/pkgs/development/libraries/poppler/default.nix b/pkgs/development/libraries/poppler/default.nix
index 11dd8ec3291..a96de20ccfe 100644
--- a/pkgs/development/libraries/poppler/default.nix
+++ b/pkgs/development/libraries/poppler/default.nix
@@ -8,7 +8,7 @@
 }:
 
 let # beware: updates often break cups-filters build
-  version = "0.63.0";
+  version = "0.64.0";
   mkFlag = optset: flag: "-DENABLE_${flag}=${if optset then "on" else "off"}";
 in
 stdenv.mkDerivation rec {
@@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "${meta.homepage}/poppler-${version}.tar.xz";
-    sha256 = "04d1z1ygyb3llzc6s6c99wxafvljj2sc5b76djif34f7mzfqmk17";
+    sha256 = "1cb4gz3h7cfqyphhx71qc9mp417bdphchbfghmvhcy4zm4ngj7dj";
   };
 
   outputs = [ "out" "dev" ];
diff --git a/pkgs/development/libraries/popt/default.nix b/pkgs/development/libraries/popt/default.nix
index 441da25836d..edec0b7f069 100644
--- a/pkgs/development/libraries/popt/default.nix
+++ b/pkgs/development/libraries/popt/default.nix
@@ -8,10 +8,12 @@ stdenv.mkDerivation rec {
     sha256 = "1j2c61nn2n351nhj4d25mnf3vpiddcykq005w2h6kw79dwlysa77";
   };
 
-  patches = if stdenv.isCygwin then [
+  patches = stdenv.lib.optionals stdenv.isCygwin [
     ./1.16-cygwin.patch
     ./1.16-vpath.patch
-  ] else null;
+  ];
+
+  doCheck = false; # fails
 
   meta = {
     description = "Command line option parsing library";
diff --git a/pkgs/development/libraries/qt-4.x/4.8/default.nix b/pkgs/development/libraries/qt-4.x/4.8/default.nix
index d0319cdb43b..4227575acb0 100644
--- a/pkgs/development/libraries/qt-4.x/4.8/default.nix
+++ b/pkgs/development/libraries/qt-4.x/4.8/default.nix
@@ -192,6 +192,8 @@ stdenv.mkDerivation rec {
     sed -i 's/^\(LIBS[[:space:]]*=.*$\)/\1 -lobjc/' ./src/corelib/Makefile.Release
   '';
 
+  doCheck = false; # qwebframe test fails with fontconfig errors
+
   postInstall = ''
     rm -rf $out/tests
   '';
diff --git a/pkgs/development/libraries/qt-5/5.10/default.nix b/pkgs/development/libraries/qt-5/5.10/default.nix
index a45e055e60b..3969e01a2b9 100644
--- a/pkgs/development/libraries/qt-5/5.10/default.nix
+++ b/pkgs/development/libraries/qt-5/5.10/default.nix
@@ -37,9 +37,7 @@ let
   srcs = import ./srcs.nix { inherit fetchurl; inherit mirror; };
 
   patches = {
-    qtbase = [ ./qtbase.patch ] ++
-      optionals stdenv.isDarwin [ ./qtbase-darwin.patch
-                                  ./restore-pc-files.patch ];
+    qtbase = [ ./qtbase.patch ./qtbase-darwin.patch ];
     qtdeclarative = [ ./qtdeclarative.patch ];
     qtscript = [ ./qtscript.patch ];
     qtserialport = [ ./qtserialport.patch ];
diff --git a/pkgs/development/libraries/qt-5/5.10/restore-pc-files.patch b/pkgs/development/libraries/qt-5/5.10/restore-pc-files.patch
deleted file mode 100644
index a012c3f583e..00000000000
--- a/pkgs/development/libraries/qt-5/5.10/restore-pc-files.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-diff --git a/mkspecs/features/qt_module.prf b/mkspecs/features/qt_module.prf
-index e6a0d97f1a..b50ce77d51 100644
---- a/mkspecs/features/qt_module.prf
-+++ b/mkspecs/features/qt_module.prf
-@@ -266,7 +266,7 @@ load(qt_installs)
- load(qt_targets)
- 
- # this builds on top of qt_common
--!internal_module:!lib_bundle:if(unix|mingw) {
-+!internal_module:if(unix|mingw) {
-     CONFIG += create_pc
-     QMAKE_PKGCONFIG_DESTDIR = pkgconfig
-     host_build: \
-diff --git a/mkspecs/features/qt_module_headers.prf b/mkspecs/features/qt_module_headers.prf
-index 62b88c6fe2..f302f1e202 100644
---- a/mkspecs/features/qt_module_headers.prf
-+++ b/mkspecs/features/qt_module_headers.prf
-@@ -102,8 +102,7 @@ git_build: \
- else: \
-     INC_PATH = $$MODULE_BASE_INDIR
- include($$INC_PATH/include/$$MODULE_INCNAME/headers.pri, "", true)
--!lib_bundle: \  # Headers are embedded into the bundle, so don't install them separately.
--    CONFIG += qt_install_headers
-+CONFIG += qt_install_headers
- 
- alien_syncqt: return()
- 
diff --git a/pkgs/development/libraries/qt-5/mkDerivation.nix b/pkgs/development/libraries/qt-5/mkDerivation.nix
index 96014cfbc77..53949ddd492 100644
--- a/pkgs/development/libraries/qt-5/mkDerivation.nix
+++ b/pkgs/development/libraries/qt-5/mkDerivation.nix
@@ -16,6 +16,9 @@ let
       optional (!debug) "-DQT_NO_DEBUG"
       ++ lib.toList (args.NIX_CFLAGS_COMPILE or []);
 
+    configureFlags = [ "-no-framework" ]
+                  ++ (args.configureFlags or []);
+
     cmakeFlags =
       (args.cmakeFlags or [])
       ++ [
diff --git a/pkgs/development/libraries/spice-gtk/default.nix b/pkgs/development/libraries/spice-gtk/default.nix
index 0564459b24c..05fd952eb2e 100644
--- a/pkgs/development/libraries/spice-gtk/default.nix
+++ b/pkgs/development/libraries/spice-gtk/default.nix
@@ -52,7 +52,7 @@ in stdenv.mkDerivation rec {
 
   nativeBuildInputs = [ pkgconfig gettext libsoup autoreconfHook vala gobjectIntrospection ];
 
-  PKG_CONFIG_POLKIT_GOBJECT_1_POLICYDIR = "share/polkit-1/actions";
+  PKG_CONFIG_POLKIT_GOBJECT_1_POLICYDIR = "$(out)/share/polkit-1/actions";
 
   configureFlags = [
     "--with-gtk3"
diff --git a/pkgs/development/libraries/sqlcipher/default.nix b/pkgs/development/libraries/sqlcipher/default.nix
index ed19814be34..fbf7d8df53e 100644
--- a/pkgs/development/libraries/sqlcipher/default.nix
+++ b/pkgs/development/libraries/sqlcipher/default.nix
@@ -20,6 +20,8 @@ stdenv.mkDerivation rec {
   CFLAGS = [ "-DSQLITE_ENABLE_COLUMN_METADATA=1" "-DSQLITE_SECURE_DELETE=1" "-DSQLITE_ENABLE_UNLOCK_NOTIFY=1" "-DSQLITE_HAS_CODEC" ];
   LDFLAGS = lib.optional (readline != null) "-lncurses";
 
+  doCheck = false; # fails. requires tcl?
+
   meta = with stdenv.lib; {
     homepage = http://sqlcipher.net/;
     description = "Full Database Encryption for SQLite";
diff --git a/pkgs/development/libraries/tk/8.5.nix b/pkgs/development/libraries/tk/8.5.nix
index c3396dcdad2..141f6da14ce 100644
--- a/pkgs/development/libraries/tk/8.5.nix
+++ b/pkgs/development/libraries/tk/8.5.nix
@@ -8,4 +8,3 @@ callPackage ./generic.nix (args // rec {
   };
 
 })
-
diff --git a/pkgs/development/libraries/tk/8.6.nix b/pkgs/development/libraries/tk/8.6.nix
index 666332d45fb..cd8d42faa91 100644
--- a/pkgs/development/libraries/tk/8.6.nix
+++ b/pkgs/development/libraries/tk/8.6.nix
@@ -10,4 +10,3 @@ callPackage ./generic.nix (args // rec {
   patches = [ ./different-prefix-with-tcl.patch ] ++ stdenv.lib.optionals stdenv.isDarwin [ ./Fix-bad-install_name-for-libtk8.6.dylib.patch ];
 
 })
-
diff --git a/pkgs/development/libraries/tk/generic.nix b/pkgs/development/libraries/tk/generic.nix
index 843c6157479..34024b23e27 100644
--- a/pkgs/development/libraries/tk/generic.nix
+++ b/pkgs/development/libraries/tk/generic.nix
@@ -31,6 +31,8 @@ stdenv.mkDerivation {
 
   NIX_CFLAGS_LINK = if stdenv.isDarwin then "-lfontconfig" else null;
 
+  doCheck = false; # fails. can't find itself
+
   inherit tcl;
 
   passthru = rec {
diff --git a/pkgs/development/libraries/wayland/default.nix b/pkgs/development/libraries/wayland/default.nix
index a5b7a6a99ce..bbc33f33e70 100644
--- a/pkgs/development/libraries/wayland/default.nix
+++ b/pkgs/development/libraries/wayland/default.nix
@@ -8,11 +8,11 @@ assert expat != null;
 
 stdenv.mkDerivation rec {
   name = "wayland-${version}";
-  version = "1.14.0";
+  version = "1.15.0";
 
   src = fetchurl {
     url = "https://wayland.freedesktop.org/releases/${name}.tar.xz";
-    sha256 = "1f3sla6h0bw15fz8pjc67jhwj7pwmfdc7qlj42j5k9v116ycm07d";
+    sha256 = "1c5fnys8hi71cnzjv5k7j0r8gx80p0yyqlrpmn06mmarhnxvwgzb";
   };
 
   configureFlags = [ "--with-scanner" "--disable-documentation" ];
diff --git a/pkgs/development/libraries/wayland/protocols.nix b/pkgs/development/libraries/wayland/protocols.nix
index ed986604819..c1065b20e6b 100644
--- a/pkgs/development/libraries/wayland/protocols.nix
+++ b/pkgs/development/libraries/wayland/protocols.nix
@@ -4,11 +4,11 @@
 
 stdenv.mkDerivation rec {
   name = "wayland-protocols-${version}";
-  version = "1.13";
+  version = "1.14";
 
   src = fetchurl {
     url = "http://wayland.freedesktop.org/releases/${name}.tar.xz";
-    sha256 = "0f4gqvmz53q9d8h0ilhf4z773nb4vskzx11a3d1jycym120bqn07";
+    sha256 = "1xknjcfhqvdi1s4iq4kk1q61fg2rar3g8q4vlqarpd324imqjj4n";
   };
 
   nativeBuildInputs = [ pkgconfig ];
diff --git a/pkgs/development/libraries/x265/default.nix b/pkgs/development/libraries/x265/default.nix
index 418829e7af8..d11a93254bf 100644
--- a/pkgs/development/libraries/x265/default.nix
+++ b/pkgs/development/libraries/x265/default.nix
@@ -16,14 +16,14 @@ in
 
 stdenv.mkDerivation rec {
   name = "x265-${version}";
-  version = "2.6";
+  version = "2.7";
 
   src = fetchurl {
     urls = [
       "http://get.videolan.org/x265/x265_${version}.tar.gz"
       "https://github.com/videolan/x265/archive/${version}.tar.gz"
     ];
-    sha256 = "1gyd94jkwdii9308m07nymsbxrmrcl81c0j8i10zhslr2mj07w0v";
+    sha256 = "18llni1m8kfvdwy5bp950z6gyd0nijmvi3hzd6gd8vpy5yk5zrym";
   };
 
   enableParallelBuilding = true;
diff --git a/pkgs/development/libraries/zeromq/3.x.nix b/pkgs/development/libraries/zeromq/3.x.nix
index 2252f8fe43c..009826eef47 100644
--- a/pkgs/development/libraries/zeromq/3.x.nix
+++ b/pkgs/development/libraries/zeromq/3.x.nix
@@ -10,6 +10,8 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ libuuid ];
 
+  doCheck = false; # fails all the tests (ctest)
+
   meta = with stdenv.lib; {
     branch = "3";
     homepage = http://www.zeromq.org;
diff --git a/pkgs/development/libraries/zeromq/4.x.nix b/pkgs/development/libraries/zeromq/4.x.nix
index eea0fb727b0..333a37ba85d 100644
--- a/pkgs/development/libraries/zeromq/4.x.nix
+++ b/pkgs/development/libraries/zeromq/4.x.nix
@@ -19,6 +19,8 @@ stdenv.mkDerivation rec {
     sed -i 's,''${PACKAGE_PREFIX_DIR}/,,g' ZeroMQConfig.cmake.in
   '';
 
+  doCheck = false; # fails all the tests (ctest)
+
   meta = with stdenv.lib; {
     branch = "4";
     homepage = http://www.zeromq.org;
diff --git a/pkgs/development/python-modules/Cython/default.nix b/pkgs/development/python-modules/Cython/default.nix
index cffad983a45..a9488b540e2 100644
--- a/pkgs/development/python-modules/Cython/default.nix
+++ b/pkgs/development/python-modules/Cython/default.nix
@@ -13,11 +13,11 @@
 
 buildPythonPackage rec {
   pname = "Cython";
-  version = "0.28.1";
+  version = "0.28.2";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "152ee5f345012ca3bb7cc71da2d3736ee20f52cd8476e4d49e5e25c5a4102b12";
+    sha256 = "634e2f10fc8d026c633cffacb45cd8f4582149fa68e1428124e762dbc566e68a";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/python-modules/Nikola/default.nix b/pkgs/development/python-modules/Nikola/default.nix
index bb6eddb46d1..d0045c9fb7f 100644
--- a/pkgs/development/python-modules/Nikola/default.nix
+++ b/pkgs/development/python-modules/Nikola/default.nix
@@ -29,7 +29,7 @@
 
 buildPythonPackage rec {
   pname = "Nikola";
-  version = "7.8.14";
+  version = "7.8.15";
 
   # Nix contains only Python 3 supported version of doit, which is a dependency
   # of Nikola. Python 2 support would require older doit 0.29.0 (which on the
@@ -46,7 +46,7 @@ buildPythonPackage rec {
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "0d838817ac30ac6d4b8139a2adc8b49bed22dbb8fbc6261958d2775e10447d92";
+    sha256 = "182b4b9254f0d710603ba491853429ad6ef3f955f3e718191336b44cfd649000";
   };
 
   meta = {
diff --git a/pkgs/development/python-modules/XlsxWriter/default.nix b/pkgs/development/python-modules/XlsxWriter/default.nix
index c512b17332f..d8209b23397 100644
--- a/pkgs/development/python-modules/XlsxWriter/default.nix
+++ b/pkgs/development/python-modules/XlsxWriter/default.nix
@@ -3,11 +3,11 @@
 buildPythonPackage rec {
   name = "${pname}-${version}";
   pname = "XlsxWriter";
-  version = "1.0.2";
+  version = "1.0.4";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "0mpq4l1jfghdqx2vzbzl9v28vw69lkx5vz9gb77gzaw8zypvnsx2";
+    sha256 = "ad947fd9e8edfb64f25e0ccfb161e109f279e5a5520b3dd22ddc03b7f8220887";
   };
 
   meta = {
diff --git a/pkgs/development/python-modules/aenum/default.nix b/pkgs/development/python-modules/aenum/default.nix
index facf86c5898..63db18e844e 100644
--- a/pkgs/development/python-modules/aenum/default.nix
+++ b/pkgs/development/python-modules/aenum/default.nix
@@ -2,12 +2,12 @@
 
 buildPythonPackage rec {
   pname = "aenum";
-  version = "2.1.0";
+  version = "2.1.2";
   name = "${pname}-${version}";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "9eb1c8f48ae13c56d22a7227db0e4b1717131b284c6c0db6e4ccca6f5894df95";
+    sha256 = "a3208e4b28db3a7b232ff69b934aef2ea1bf27286d9978e1e597d46f490e4687";
   };
 
   # For Python 3, locale has to be set to en_US.UTF-8 for
diff --git a/pkgs/development/python-modules/aiohttp/default.nix b/pkgs/development/python-modules/aiohttp/default.nix
index ab5c4b62578..947f4341e6d 100644
--- a/pkgs/development/python-modules/aiohttp/default.nix
+++ b/pkgs/development/python-modules/aiohttp/default.nix
@@ -16,11 +16,11 @@
 
 buildPythonPackage rec {
   pname = "aiohttp";
-  version = "3.1.2";
+  version = "3.1.3";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "df49fe4452a942e0031174c78917f9926d122d4603bf56bae4591639f2a3dc6a";
+    sha256 = "9fcef0489e3335b200d31a9c1fb6ba80fdafe14cd82b971168c2f9fa1e4508ad";
   };
 
   disabled = pythonOlder "3.5";
diff --git a/pkgs/development/python-modules/astral/default.nix b/pkgs/development/python-modules/astral/default.nix
index 488c5ed6651..1be99b5d4dd 100644
--- a/pkgs/development/python-modules/astral/default.nix
+++ b/pkgs/development/python-modules/astral/default.nix
@@ -2,11 +2,11 @@
 
 buildPythonPackage rec {
   pname = "astral";
-  version = "1.6";
+  version = "1.6.1";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "874b397ddbf0a4c1d8d644b21c2481e8a96b61343f820ad52d8a322d61a15083";
+    sha256 = "ab0c08f2467d35fcaeb7bad15274743d3ac1ad18b5391f64a0058a9cd192d37d";
   };
 
   propagatedBuildInputs = [ pytz requests ];
diff --git a/pkgs/development/python-modules/astropy/default.nix b/pkgs/development/python-modules/astropy/default.nix
index d4c038a1afd..0dcd5dfca36 100644
--- a/pkgs/development/python-modules/astropy/default.nix
+++ b/pkgs/development/python-modules/astropy/default.nix
@@ -7,7 +7,7 @@
 
 buildPythonPackage rec {
   pname = "astropy";
-  version = "3.0.1";
+  version = "3.0.2";
 
   disabled = !isPy3k; # according to setup.py
 
@@ -15,7 +15,7 @@ buildPythonPackage rec {
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "c35f4433c14ddfcaf2407cc815385f3d85396727e9a1e660cf66a7c4f5dd1067";
+    sha256 = "22e682904a3b8884595addfb743cf1a3ecf2b539c6616d98f8426208d822d84a";
   };
 
   propagatedBuildInputs = [ pytest numpy ]; # yes it really has pytest in install_requires
diff --git a/pkgs/development/python-modules/bayespy/default.nix b/pkgs/development/python-modules/bayespy/default.nix
index dcc1a45b1cf..83bb1063195 100644
--- a/pkgs/development/python-modules/bayespy/default.nix
+++ b/pkgs/development/python-modules/bayespy/default.nix
@@ -4,7 +4,7 @@
 
 buildPythonPackage rec {
   pname = "bayespy";
-  version = "0.5.14";
+  version = "0.5.17";
   name = "${pname}-${version}";
 
   # Python 2 not supported and not some old Python 3 because MPL doesn't support
@@ -13,7 +13,7 @@ buildPythonPackage rec {
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "129bac6a1c494eedabdd04abf14aac35db176d25db44e27f755c758a18adf03c";
+    sha256 = "2e04cd9873eea6891ea8dfd5fc6d718727ea7cc416bc2ced50e00a741386925f";
   };
 
   checkInputs = [ pytest glibcLocales ];
diff --git a/pkgs/development/python-modules/bootstrapped-pip/default.nix b/pkgs/development/python-modules/bootstrapped-pip/default.nix
index 4ff4c687e5c..250703cbc53 100644
--- a/pkgs/development/python-modules/bootstrapped-pip/default.nix
+++ b/pkgs/development/python-modules/bootstrapped-pip/default.nix
@@ -3,9 +3,9 @@
 let
   wheel_source = fetchPypi {
     pname = "wheel";
-    version = "0.30.0";
+    version = "0.31.0";
     format = "wheel";
-    sha256 = "e721e53864f084f956f40f96124a74da0631ac13fbbd1ba99e8e2b5e9cafdf64";
+    sha256 = "9cdc8ab2cc9c3c2e2727a4b67c22881dbb0e1c503d592992594c5e131c867107";
   };
   setuptools_source = fetchPypi {
     pname = "setuptools";
@@ -14,23 +14,15 @@ let
     sha256 = "8010754433e3211b9cdbbf784b50f30e80bf40fc6b05eb5f865fab83300599b8";
   };
 
-  # TODO: Shouldn't be necessary anymore for pip >= 10!
-  # https://github.com/NixOS/nixpkgs/issues/26392
-  # https://github.com/pypa/setuptools/issues/885
-  pkg_resources = fetchurl {
-    url = "https://raw.githubusercontent.com/pypa/setuptools/v36.0.1/pkg_resources/__init__.py";
-    sha256 = "1wdnq3mammk75mifkdmmjx7yhnpydvnvi804na8ym4mj934l2jkv";
-  };
-
 in stdenv.mkDerivation rec {
   pname = "pip";
-  version = "9.0.3";
+  version = "10.0.1";
   name = "${python.libPrefix}-bootstrapped-${pname}-${version}";
 
   src = fetchPypi {
     inherit pname version;
     format = "wheel";
-    sha256 = "c3ede34530e0e0b2381e7363aded78e0c33291654937e7373032fda04e8803e5";
+    sha256 = "717cdffb2833be8409433a93746744b59505f42146e8d37de6c62b430e25d6d7";
   };
 
   unpackPhase = ''
@@ -38,8 +30,6 @@ in stdenv.mkDerivation rec {
     unzip -d $out/${python.sitePackages} $src
     unzip -d $out/${python.sitePackages} ${setuptools_source}
     unzip -d $out/${python.sitePackages} ${wheel_source}
-    # TODO: Shouldn't be necessary anymore for pip >= 10!
-    cp ${pkg_resources} $out/${python.sitePackages}/pip/_vendor/pkg_resources/__init__.py
   '';
 
   patchPhase = ''
@@ -53,7 +43,7 @@ in stdenv.mkDerivation rec {
 
     # install pip binary
     echo '#!${python.interpreter}' > $out/bin/pip
-    echo 'import sys;from pip import main' >> $out/bin/pip
+    echo 'import sys;from pip._internal import main' >> $out/bin/pip
     echo 'sys.exit(main())' >> $out/bin/pip
     chmod +x $out/bin/pip
 
diff --git a/pkgs/development/python-modules/buildout-nix/default.nix b/pkgs/development/python-modules/buildout-nix/default.nix
index cb54f588f9d..95b0f8dddc5 100644
--- a/pkgs/development/python-modules/buildout-nix/default.nix
+++ b/pkgs/development/python-modules/buildout-nix/default.nix
@@ -2,12 +2,12 @@
 
 buildPythonPackage rec {
   pname = "zc.buildout";
-  version = "2.11.2";
+  version = "2.11.3";
   name = "${pname}-nix-${version}";
 
   src = fetchurl {
     url = "mirror://pypi/${builtins.substring 0 1 pname}/${pname}/${pname}-${version}.tar.gz";
-    sha256 = "e304f3604a4235e896e94ea79230cfb9c0bc54569f04d5c6c4b49cc9dc4fdbf6";
+    sha256 = "f7fde2cde7b937f67e52a3e94b76f9294b73c1e9bb698430e96778f3f735544c";
   };
 
   patches = [ ./nix.patch ];
diff --git a/pkgs/development/python-modules/buildout/default.nix b/pkgs/development/python-modules/buildout/default.nix
index 080fd2f2a79..9efc53ebe6d 100644
--- a/pkgs/development/python-modules/buildout/default.nix
+++ b/pkgs/development/python-modules/buildout/default.nix
@@ -2,11 +2,11 @@
 
 buildPythonPackage rec {
   pname = "zc.buildout";
-  version = "2.2.1";
+  version = "2.2.5";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "1xafi6ndlm964qj7pnmzmvhp719c8pgs7r7wkr508v3cq2jjw4m6";
+    sha256 = "fb08f24f9e51e647e29d714f6e9ad51a4ea28673dddeed831315617bb5a805d0";
   };
 
   meta = with stdenv.lib; {
diff --git a/pkgs/development/python-modules/cmarkgfm/default.nix b/pkgs/development/python-modules/cmarkgfm/default.nix
index 5867c33642f..b2f58887ffb 100644
--- a/pkgs/development/python-modules/cmarkgfm/default.nix
+++ b/pkgs/development/python-modules/cmarkgfm/default.nix
@@ -2,11 +2,11 @@
 
 buildPythonPackage rec {
   pname = "cmarkgfm";
-  version = "0.4.0";
+  version = "0.4.2";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "977d7061779c7ebc5cbe7af71adb795ced96058552fe5f6b646d95b5055959be";
+    sha256 = "f20900f16377f2109783ae9348d34bc80530808439591c3d3df73d5c7ef1a00c";
   };
 
   propagatedBuildInputs = [ cffi ];
diff --git a/pkgs/development/python-modules/colorlog/default.nix b/pkgs/development/python-modules/colorlog/default.nix
index e737b884897..3045e61db60 100644
--- a/pkgs/development/python-modules/colorlog/default.nix
+++ b/pkgs/development/python-modules/colorlog/default.nix
@@ -2,11 +2,11 @@
 
 buildPythonPackage rec {
   pname = "colorlog";
-  version = "3.1.2";
+  version = "3.1.4";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "0i21sd6pggr2gqza41vyq2rqyb552wf5iwl4bc16i7kqislbd53z";
+    sha256 = "418db638c9577f37f0fae4914074f395847a728158a011be2a193ac491b9779d";
   };
 
   checkInputs = [ pytest ];
diff --git a/pkgs/development/python-modules/confluent-kafka/default.nix b/pkgs/development/python-modules/confluent-kafka/default.nix
index c8cbfe9d9be..c8ef038ec50 100644
--- a/pkgs/development/python-modules/confluent-kafka/default.nix
+++ b/pkgs/development/python-modules/confluent-kafka/default.nix
@@ -2,12 +2,12 @@
 
 buildPythonPackage rec {
   name = "${pname}-${version}";
-  version = "0.11.0";
+  version = "0.11.4";
   pname = "confluent-kafka";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "4c34bfe8f823ee3777d93820ec6578365d2bde3cd1302cbd0e44c86b68643667";
+    sha256 = "8cf480199685127c9692b0bf1e15eac82e71ae34b7967a016ab31a318741abb1";
   };
 
   buildInputs = [ rdkafka requests ] ++ (if isPy3k then [ avro3k ] else [ avro ]) ;
diff --git a/pkgs/development/python-modules/dask/default.nix b/pkgs/development/python-modules/dask/default.nix
index 5527e4617e7..9bbf1da7a65 100644
--- a/pkgs/development/python-modules/dask/default.nix
+++ b/pkgs/development/python-modules/dask/default.nix
@@ -12,12 +12,12 @@
 
 buildPythonPackage rec {
   pname = "dask";
-  version = "0.17.2";
+  version = "0.17.4";
   name = "${pname}-${version}";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "27e470b8cfdd0516189e641b1213fceec0ddc4f37ead1fbce733d3381134fccd";
+    sha256 = "c111475a3d1f8cba41c8094e1fb1831c65015390dcef0308042a11a9606a2f6d";
   };
 
   checkInputs = [ pytest ];
diff --git a/pkgs/development/python-modules/deprecation/default.nix b/pkgs/development/python-modules/deprecation/default.nix
new file mode 100644
index 00000000000..63c3fcd74ca
--- /dev/null
+++ b/pkgs/development/python-modules/deprecation/default.nix
@@ -0,0 +1,25 @@
+{ lib, buildPythonPackage, fetchPypi, python, packaging, unittest2 }:
+
+buildPythonPackage rec {
+  pname = "deprecation";
+  version = "2.0.2";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "e8d0dc5a17d7d551730e5f23ff3a53fc9e438364b9efb47d41c3e9b05522eabe";
+  };
+
+  propagatedBuildInputs = [ packaging ];
+
+  checkInputs = [ unittest2 ];
+
+  checkPhase = ''
+    ${python.interpreter} -m unittest discover
+  '';
+
+  meta = with lib; {
+    description = "A library to handle automated deprecations";
+    homepage = https://deprecation.readthedocs.io/;
+    license = licenses.asl20;
+  };
+}
diff --git a/pkgs/development/python-modules/devpi-common/default.nix b/pkgs/development/python-modules/devpi-common/default.nix
index c43d34a9b55..bf2808745ec 100644
--- a/pkgs/development/python-modules/devpi-common/default.nix
+++ b/pkgs/development/python-modules/devpi-common/default.nix
@@ -2,12 +2,12 @@
 
 with pythonPackages;buildPythonPackage rec {
   pname = "devpi-common";
-  version = "3.2.1";
+  version = "3.2.3";
   name = "${pname}-${version}";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "e9afa277a9b227d92335c49fab40be2e9bb112c0f4dda84906c14addb1ded2f7";
+    sha256 = "d2ecae3a92b2da62ecc6586d1c40d265e61bce70d7f1be2327e8b98598ba2687";
   };
 
   propagatedBuildInputs = [ requests py ];
diff --git a/pkgs/development/python-modules/django-ipware/default.nix b/pkgs/development/python-modules/django-ipware/default.nix
index 1f3aedab810..5deccb34d89 100644
--- a/pkgs/development/python-modules/django-ipware/default.nix
+++ b/pkgs/development/python-modules/django-ipware/default.nix
@@ -3,7 +3,7 @@
 buildPythonPackage rec {
   pname = "django-ipware";
   name = "${pname}-${version}";
-  version = "2.0.1";
+  version = "2.0.2";
 
   meta = {
     description = "A Django application to retrieve user's IP address";
@@ -13,7 +13,7 @@ buildPythonPackage rec {
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "3fba8821298c8533ce5609debf31dc8a22f228c50e100f42d97637a9f9357d43";
+    sha256 = "abf2bfbf0ec6c04679372a55c25889c9b08f55ec404bca3dfc08f3cf6c832a11";
   };
 
   propagatedBuildInputs = [ django ];
diff --git a/pkgs/development/python-modules/django/2_0.nix b/pkgs/development/python-modules/django/2_0.nix
index 89bd0407ca0..9c8cde3a0d8 100644
--- a/pkgs/development/python-modules/django/2_0.nix
+++ b/pkgs/development/python-modules/django/2_0.nix
@@ -7,13 +7,13 @@
 buildPythonPackage rec {
   pname = "Django";
   name = "${pname}-${version}";
-  version = "2.0.4";
+  version = "2.0.5";
 
   disabled = !isPy3k;
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "d81a1652963c81488e709729a80b510394050e312f386037f26b54912a3a10d0";
+    sha256 = "71d1a584bb4ad2b4f933d07d02c716755c1394feaac1ce61ce37843ac5401092";
   };
 
   patches = stdenv.lib.optionals withGdal [
diff --git a/pkgs/development/python-modules/docker-pycreds/default.nix b/pkgs/development/python-modules/docker-pycreds/default.nix
index 9cc510bf9af..dd20400ea4f 100644
--- a/pkgs/development/python-modules/docker-pycreds/default.nix
+++ b/pkgs/development/python-modules/docker-pycreds/default.nix
@@ -2,11 +2,11 @@
 
 buildPythonPackage rec {
   pname = "docker-pycreds";
-  version = "0.2.2";
+  version = "0.2.3";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "c7ab85de2894baff6ee8f15160cbbfa2fd3a04e56f0372c5793d24060687b299";
+    sha256 = "e3732a03610a00461a716997670c7010bf1c214a3edc440f7d6a2a3a830ecd9d";
   };
 
   # require docker-credential-helpers binaries
diff --git a/pkgs/development/python-modules/docker/default.nix b/pkgs/development/python-modules/docker/default.nix
index c290c6bd177..2ae56b7dc5a 100644
--- a/pkgs/development/python-modules/docker/default.nix
+++ b/pkgs/development/python-modules/docker/default.nix
@@ -3,12 +3,12 @@
 , ipaddress, backports_ssl_match_hostname, docker_pycreds
 }:
 buildPythonPackage rec {
-  version = "3.2.1";
+  version = "3.3.0";
   pname = "docker";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "0d698c3dc4df66c988de5df21a62cdc3450de2fa8523772779e5e23799c41f43";
+    sha256 = "dc5cc0971a0d36fe94c5ce89bd4adb6c892713500af7b0818708229c3199911a";
   };
 
   propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/faker/default.nix b/pkgs/development/python-modules/faker/default.nix
index 7a7d24d070c..9fd37f86f74 100644
--- a/pkgs/development/python-modules/faker/default.nix
+++ b/pkgs/development/python-modules/faker/default.nix
@@ -8,11 +8,11 @@ assert pythonOlder "3.3" -> ipaddress != null;
 
 buildPythonPackage rec {
   pname = "Faker";
-  version = "0.8.12";
+  version = "0.8.13";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "9cc12b821f32ff45f6edfdc1ab7be3893b60b1224e952d68322a57e5b26a4a15";
+    sha256 = "48fed4b4a191e2b42ad20c14115f1c6d36d338b80192075d7573f0f42d7fb321";
   };
 
   checkInputs = [
diff --git a/pkgs/development/python-modules/fastimport/default.nix b/pkgs/development/python-modules/fastimport/default.nix
index 44f7bcdab06..02c1ea60e61 100644
--- a/pkgs/development/python-modules/fastimport/default.nix
+++ b/pkgs/development/python-modules/fastimport/default.nix
@@ -2,11 +2,11 @@
 
 buildPythonPackage rec {
   pname = "fastimport";
-  version = "0.9.6";
+  version = "0.9.8";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "1aqjsin4rmqm7ln4j0p73fzxifws6c6ikgyhav7r137m2ixsxl43";
+    sha256 = "b2f2e8eb97000256e1aab83d2a0a053fc7b93c3aa4f7e9b971a5703dfc5963b9";
   };
 
   checkPhase = ''
diff --git a/pkgs/development/python-modules/fiona/default.nix b/pkgs/development/python-modules/fiona/default.nix
index bd249dea5d2..7e9e2e1da64 100644
--- a/pkgs/development/python-modules/fiona/default.nix
+++ b/pkgs/development/python-modules/fiona/default.nix
@@ -5,12 +5,12 @@
 
 buildPythonPackage rec {
   pname = "Fiona";
-  version = "1.7.11.post1";
+  version = "1.7.11.post2";
   name = "${pname}-${version}";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "35df044fa805e6b420450f5d4281fc0edf96e1da0545c31032045cd3cfad3abf";
+    sha256 = "5804c6f5f7e02cf1f95ca404c22653dd47d64e4496a0ba7af5a2d6b2051b872a";
   };
 
   buildInputs = [
diff --git a/pkgs/development/python-modules/flake8-future-import/default.nix b/pkgs/development/python-modules/flake8-future-import/default.nix
index 2ece8ba85ab..2612cfde1f5 100644
--- a/pkgs/development/python-modules/flake8-future-import/default.nix
+++ b/pkgs/development/python-modules/flake8-future-import/default.nix
@@ -3,27 +3,18 @@
 
 buildPythonPackage rec {
   pname = "flake8-future-import";
-  name = "${pname}-${version}";
-  version = "0.4.3";
+  version = "0.4.5";
+
   # PyPI tarball doesn't include the test suite
   src = fetchFromGitHub {
     owner = "xZise";
     repo = "flake8-future-import";
     rev = version;
-    sha256 = "0622bdcfa588m7g8igag6hf4rhjdwh74yfnrjwlxw4vlqhg344k4";
+    sha256 = "00fpxa6g8cabybnciwnpsbg60zhgydc966jgwyyggw1pcg0frdqr";
   };
 
-  patches = [
-    # Tests in 0.4.3 are broken. We can remove this patch after
-    # the next release.
-    (fetchurl {
-      url = "https://github.com/xZise/flake8-future-import/commit/b4f5a06b22c574fb5270574d1420715667768d5c.patch";
-      sha256 = "06n9ggz9p9kiwjb3vmaj44pm5vi4nhgzjfn7i730m85xn67xzmyn";
-    })
-  ];
-
-
   propagatedBuildInputs = [ flake8 six ];
+
   meta = {
     homepage = https://github.com/xZise/flake8-future-import;
     description = "A flake8 extension to check for the imported __future__ modules to make it easier to have a consistent code base";
diff --git a/pkgs/development/python-modules/flask-cors/default.nix b/pkgs/development/python-modules/flask-cors/default.nix
index acd9430316b..491ee22b021 100644
--- a/pkgs/development/python-modules/flask-cors/default.nix
+++ b/pkgs/development/python-modules/flask-cors/default.nix
@@ -4,11 +4,11 @@
 buildPythonPackage rec {
   name = "${pname}-${version}";
   pname = "Flask-Cors";
-  version = "3.0.3";
+  version = "3.0.4";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "62ebc5ad80dc21ca0ea9f57466c2c74e24a62274af890b391790c260eb7b754b";
+    sha256 = "bec996f0603a0693c0ea63c8126e5f8e966bb679cf82e6104b254e9c7f3a7d08";
   };
 
   buildInputs = [ nose ];
diff --git a/pkgs/development/python-modules/flask/default.nix b/pkgs/development/python-modules/flask/default.nix
index 5e77de84fed..1a2c6417167 100644
--- a/pkgs/development/python-modules/flask/default.nix
+++ b/pkgs/development/python-modules/flask/default.nix
@@ -3,12 +3,12 @@
 
 buildPythonPackage rec {
   name = "${pname}-${version}";
-  version = "0.12.2";
+  version = "0.12.4";
   pname = "Flask";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "1hfs2jr2m5lr51xd4gblb28rncd0xrpycz6c07cyqsbv4dhl9x29";
+    sha256 = "2ea22336f6d388b4b242bc3abf8a01244a8aa3e236e7407469ef78c16ba355dd";
   };
 
   checkInputs = [ pytest ];
diff --git a/pkgs/development/python-modules/google-api-python-client/default.nix b/pkgs/development/python-modules/google-api-python-client/default.nix
index d4de33b5a83..74fe88be447 100644
--- a/pkgs/development/python-modules/google-api-python-client/default.nix
+++ b/pkgs/development/python-modules/google-api-python-client/default.nix
@@ -3,11 +3,11 @@
 
 buildPythonPackage rec {
   pname = "google-api-python-client";
-  version = "1.6.6";
+  version = "1.6.7";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "ec72991f95201996a4edcea44a079cae0292798086beaadb054d91921632fe1b";
+    sha256 = "05583a386e323f428552419253765314a4b29828c3cee15be735f9ebfa5aebf2";
   };
 
   # No tests included in archive
diff --git a/pkgs/development/python-modules/google_api_core/default.nix b/pkgs/development/python-modules/google_api_core/default.nix
index baf590f9957..9e1a0c30804 100644
--- a/pkgs/development/python-modules/google_api_core/default.nix
+++ b/pkgs/development/python-modules/google_api_core/default.nix
@@ -3,11 +3,11 @@
 
 buildPythonPackage rec {
   pname = "google-api-core";
-  version = "1.1.0";
+  version = "1.1.2";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "b4f103de6bd38ab346f7d17236f6098a51ebdff733ff69956a0f1e29cb35f10b";
+    sha256 = "2000963305e95410a66e6ef6cfcc9f4627a4a95cb1c10abc98268814f2a6cd80";
   };
 
   propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/hdbscan/default.nix b/pkgs/development/python-modules/hdbscan/default.nix
index 3d57ff37166..e75b04e9792 100644
--- a/pkgs/development/python-modules/hdbscan/default.nix
+++ b/pkgs/development/python-modules/hdbscan/default.nix
@@ -10,11 +10,11 @@
 
 buildPythonPackage rec {
   pname = "hdbscan";
-  version = "0.8.12";
+  version = "0.8.13";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "0yxi34frg2jwyvjl942qy4gq5pbx8dq4pf4p28d1xah8njchfqir";
+    sha256 = "31874db29375816688b5541287a051c9bd768f2499ccf1f6a4d88d266530e2a6";
   };
 
   checkInputs = [ nose ];
diff --git a/pkgs/development/python-modules/ipywidgets/default.nix b/pkgs/development/python-modules/ipywidgets/default.nix
index af7ebfb1c43..67d7d551522 100644
--- a/pkgs/development/python-modules/ipywidgets/default.nix
+++ b/pkgs/development/python-modules/ipywidgets/default.nix
@@ -14,12 +14,12 @@
 
 buildPythonPackage rec {
   pname = "ipywidgets";
-  version = "7.2.0";
+  version = "7.2.1";
   name = "${pname}-${version}";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "f23aac2447f593dbdc89a86833a2d59666ed44af42b23c267de380c324599507";
+    sha256 = "ab9869cda5af7ba449d8f707b29b7e97a7db97d6366805d6b733338f51096f54";
   };
 
   # Tests are not distributed
diff --git a/pkgs/development/python-modules/jira/default.nix b/pkgs/development/python-modules/jira/default.nix
index 03f1abd7abc..2a1abe7b59c 100644
--- a/pkgs/development/python-modules/jira/default.nix
+++ b/pkgs/development/python-modules/jira/default.nix
@@ -4,11 +4,11 @@
 
 buildPythonPackage rec {
   pname = "jira";
-  version = "1.0.14";
+  version = "1.0.15";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "1xncrcaqgj0gnva3bz5c4vwnn7z84v9cmr37pc93zx676w62fpm3";
+    sha256 = "20108a1d5b0dd058d5d4e0047f2d09ee06aaa413b22ca4d5c249e86167417fe8";
   };
 
   buildInputs = [ glibcLocales pytest pytestcov pytestrunner pbr ];
diff --git a/pkgs/development/python-modules/jug/default.nix b/pkgs/development/python-modules/jug/default.nix
index d9315193d19..4b0444e40d4 100644
--- a/pkgs/development/python-modules/jug/default.nix
+++ b/pkgs/development/python-modules/jug/default.nix
@@ -6,7 +6,7 @@
 buildPythonPackage rec {
   name = "${pname}-${version}";
   pname = "Jug";
-  version = "1.6.6";
+  version = "1.6.7";
   buildInputs = [ nose numpy ];
   propagatedBuildInputs = [
     bottle
@@ -19,7 +19,7 @@ buildPythonPackage rec {
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "897ffbbbe8061772c238b4f436512ea3696016a04473c45a716d78c0de103ec1";
+    sha256 = "a7faba838f3437163ae8459bff96e2c6ca1298312bdb9104c702685178d17269";
   };
 
   meta = with stdenv.lib; {
diff --git a/pkgs/development/python-modules/keras/default.nix b/pkgs/development/python-modules/keras/default.nix
index 860a14f7a4d..f5590e11120 100644
--- a/pkgs/development/python-modules/keras/default.nix
+++ b/pkgs/development/python-modules/keras/default.nix
@@ -1,16 +1,15 @@
 { stdenv, lib, buildPythonPackage, fetchPypi
 , pytest, pytestcov, pytestpep8, pytest_xdist
-, six, numpy, scipy, pyyaml
+, six, numpy, scipy, pyyaml, h5py
 }:
 
 buildPythonPackage rec {
   pname = "Keras";
-  version = "2.1.5";
-  name = "${pname}-${version}";
+  version = "2.1.6";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "907ad29add1fff27342a9f4fe3e60003d450d3af41a38f22f629c7736fc8399d";
+    sha256 = "c14af1081242c25617ade7eb62121d58d01f16e1e744bae9fc4f1f95a417716e";
   };
 
   checkInputs = [
@@ -21,7 +20,7 @@ buildPythonPackage rec {
   ];
 
   propagatedBuildInputs = [
-    six pyyaml numpy scipy
+    six pyyaml numpy scipy h5py
   ];
 
   # Couldn't get tests working
diff --git a/pkgs/development/python-modules/keyring/default.nix b/pkgs/development/python-modules/keyring/default.nix
index 2029eabba02..98295ff802f 100644
--- a/pkgs/development/python-modules/keyring/default.nix
+++ b/pkgs/development/python-modules/keyring/default.nix
@@ -4,11 +4,11 @@
 
 buildPythonPackage rec {
   pname = "keyring";
-  version = "12.0.1";
+  version = "12.0.2";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "846c9c709ee1203bac5444abec19b5228f4601377686f33cba672aa0ba313abd";
+    sha256 = "445d9521b4fcf900e51c075112e25ddcf8af1db7d1d717380b64eda2cda84abc";
   };
 
   nativeBuildInputs = [ setuptools_scm ];
diff --git a/pkgs/development/python-modules/llfuse/default.nix b/pkgs/development/python-modules/llfuse/default.nix
index f53ff3cbeba..7eac54d84d8 100644
--- a/pkgs/development/python-modules/llfuse/default.nix
+++ b/pkgs/development/python-modules/llfuse/default.nix
@@ -4,12 +4,12 @@
 
 buildPythonPackage rec {
   pname = "llfuse";
-  version = "1.3.3";
+  version = "1.3.4";
   name = pname + "-" + version;
 
   src = fetchurl {
     url = "mirror://pypi/l/llfuse/${name}.tar.bz2";
-    sha256 = "e514fa390d143530c7395f640c6b527f4f80b03f90995c7b38ff0b2f86e11ce7";
+    sha256 = "50396c5f3c49c3145e696e5b62df4fcca8b66634788020fba7b6932a858c78c2";
   };
 
   nativeBuildInputs = [ pkgconfig ];
diff --git a/pkgs/development/python-modules/marisa-trie/default.nix b/pkgs/development/python-modules/marisa-trie/default.nix
index ad9f6d6f245..71be4f5726d 100644
--- a/pkgs/development/python-modules/marisa-trie/default.nix
+++ b/pkgs/development/python-modules/marisa-trie/default.nix
@@ -8,11 +8,11 @@
 
 buildPythonPackage rec {
   pname = "marisa-trie";
-  version = "0.7.4";
+  version = "0.7.5";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "1n4pxnaranbh3x2fcqxwh8j1z2918vy7i4q1z4jn75m9rkm5h8ia";
+    sha256 = "c73bc25d868e8c4ea7aa7f1e19892db07bba2463351269b05340ccfa06eb2baf";
   };
 
   postPatch = ''
diff --git a/pkgs/development/python-modules/marshmallow/default.nix b/pkgs/development/python-modules/marshmallow/default.nix
index a9db6ef1e84..71cc0cddf1b 100644
--- a/pkgs/development/python-modules/marshmallow/default.nix
+++ b/pkgs/development/python-modules/marshmallow/default.nix
@@ -5,7 +5,7 @@
 buildPythonPackage rec {
   pname = "marshmallow";
   name = "${pname}-${version}";
-  version = "2.15.0";
+  version = "2.15.1";
 
   meta = {
     homepage = "https://github.com/marshmallow-code/marshmallow";
@@ -18,7 +18,7 @@ buildPythonPackage rec {
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "d3f31fe7be2106b1d783cbd0765ef4e1c6615505514695f33082805f929dd584";
+    sha256 = "b73361eab812af97eaf8e8691333a1096787968450051d132c8b9fb90aa1db5a";
   };
 
   propagatedBuildInputs = [ dateutil simplejson ];
diff --git a/pkgs/development/python-modules/moto/default.nix b/pkgs/development/python-modules/moto/default.nix
index 222e54c871a..a0269e92d08 100644
--- a/pkgs/development/python-modules/moto/default.nix
+++ b/pkgs/development/python-modules/moto/default.nix
@@ -4,11 +4,11 @@
 
 buildPythonPackage rec {
   pname = "moto";
-  version = "1.3.1";
+  version = "1.3.3";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "e6b25a32b61ba97bbc2236960ad6865ab111962a927de720c907475adff4499b";
+    sha256 = "45d14aca2b06b0083d5e82cfd770ebca0ba77b5070aec6928670240939a78681";
   };
 
   postPatch = ''
diff --git a/pkgs/development/python-modules/nipype/default.nix b/pkgs/development/python-modules/nipype/default.nix
index 39fc0995b43..372eeeec94a 100644
--- a/pkgs/development/python-modules/nipype/default.nix
+++ b/pkgs/development/python-modules/nipype/default.nix
@@ -33,11 +33,11 @@ assert !isPy3k -> configparser != null;
 
 buildPythonPackage rec {
   pname = "nipype";
-  version = "1.0.2";
+  version = "1.0.3";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "1ed65f3e97fd0f82c418ad48af2107050e86d9e39eea4d22381ad7df932bf1ec";
+    sha256 = "17850c2a34f10f93d12c994101ce86b5a0b7e939e5b854e9f9920c9513cc8e76";
   };
 
   # see https://github.com/nipy/nipype/issues/2240
diff --git a/pkgs/development/python-modules/numexpr/default.nix b/pkgs/development/python-modules/numexpr/default.nix
index e6fc5888fea..8ba4e0061fa 100644
--- a/pkgs/development/python-modules/numexpr/default.nix
+++ b/pkgs/development/python-modules/numexpr/default.nix
@@ -7,11 +7,11 @@
 
 buildPythonPackage rec {
   pname = "numexpr";
-  version = "2.6.4";
+  version = "2.6.5";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "f0bef9a3a5407fb8d6344cf91b658bef7c13ec8a8eb13f423822d9d2ca5af6ce";
+    sha256 = "f8ad8014085628eab91bc82fb9d10cf9ab8e04ede4884e4a1061445d395b36bb";
   };
 
   propagatedBuildInputs = [ numpy ];
diff --git a/pkgs/development/python-modules/numpy/default.nix b/pkgs/development/python-modules/numpy/default.nix
index 4022115e9a0..3d64863c30d 100644
--- a/pkgs/development/python-modules/numpy/default.nix
+++ b/pkgs/development/python-modules/numpy/default.nix
@@ -2,20 +2,21 @@
 
 buildPythonPackage rec {
   pname = "numpy";
-  version = "1.14.2";
+  version = "1.14.3";
 
   src = fetchPypi {
     inherit pname version;
     extension = "zip";
-    sha256 = "facc6f925c3099ac01a1f03758100772560a0b020fb9d70f210404be08006bcb";
+    sha256 = "9016692c7d390f9d378fc88b7a799dc9caa7eb938163dda5276d3f3d6f75debf";
   };
 
   disabled = isPyPy;
   buildInputs = [ gfortran nose blas ];
 
   patches = lib.optionals (python.hasDistutilsCxxPatch or false) [
-    # See cpython 2.7 patches.
-    # numpy.distutils is used by cython during it's check phase
+    # We patch cpython/distutils to fix https://bugs.python.org/issue1222585
+    # Patching of numpy.distutils is needed to prevent it from undoing the
+    # patch to distutils.
     ./numpy-distutils-C++.patch
   ];
 
diff --git a/pkgs/development/python-modules/onkyo-eiscp/default.nix b/pkgs/development/python-modules/onkyo-eiscp/default.nix
index c0a1e39b384..a4adc1f2a6f 100644
--- a/pkgs/development/python-modules/onkyo-eiscp/default.nix
+++ b/pkgs/development/python-modules/onkyo-eiscp/default.nix
@@ -3,12 +3,12 @@
 
 buildPythonPackage rec {
   pname = "onkyo-eiscp";
-  version = "1.2.4";
+  version = "1.2.5";
   name = "${pname}-${version}";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "0qb5w2g2cnckq7psh92g1w3gf76437x1vwfhwnd247wshs5h7hxj";
+    sha256 = "cfcca6bc6c36992095f5aa4a15870a3ef89b9a26d991da2333891c2675d4ef1b";
   };
 
   propagatedBuildInputs = [ docopt netifaces ];
diff --git a/pkgs/development/python-modules/openpyxl/default.nix b/pkgs/development/python-modules/openpyxl/default.nix
index d8a41918931..09e3bde6f8a 100644
--- a/pkgs/development/python-modules/openpyxl/default.nix
+++ b/pkgs/development/python-modules/openpyxl/default.nix
@@ -9,12 +9,12 @@
 
 buildPythonPackage rec {
   pname = "openpyxl";
-  version = "2.5.2";
+  version = "2.5.3";
   name = "${pname}-${version}";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "63165adcc806a5c281febb344f3594541f778f05b99a3a5e802941a3c0a85f71";
+    sha256 = "0046fca88d6731875a385bf7edd689d7c4133f829203ea615a81291de3fa48b6";
   };
 
   checkInputs = [ pytest ];
diff --git a/pkgs/development/python-modules/pathlib2/default.nix b/pkgs/development/python-modules/pathlib2/default.nix
index 09d759c97ee..7ba0966de02 100644
--- a/pkgs/development/python-modules/pathlib2/default.nix
+++ b/pkgs/development/python-modules/pathlib2/default.nix
@@ -10,11 +10,11 @@
 
 if !(pythonOlder "3.4") then null else buildPythonPackage rec {
   pname = "pathlib2";
-  version = "2.3.0";
+  version = "2.3.2";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "d32550b75a818b289bd4c1f96b60c89957811da205afcceab75bc8b4857ea5b3";
+    sha256 = "8eb170f8d0d61825e09a95b38be068299ddeda82f35e96c3301a8a5e7604cb83";
   };
 
   propagatedBuildInputs = [ six ] ++ lib.optional (pythonOlder "3.5") scandir;
diff --git a/pkgs/development/python-modules/pbr/default.nix b/pkgs/development/python-modules/pbr/default.nix
index 993dab3acee..9b249f0a2b6 100644
--- a/pkgs/development/python-modules/pbr/default.nix
+++ b/pkgs/development/python-modules/pbr/default.nix
@@ -2,12 +2,12 @@
 
 buildPythonPackage rec {
   pname = "pbr";
-  version = "4.0.1";
+  version = "4.0.2";
   name = "${pname}-${version}";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "56b7a8ba7d64bf6135a9dfefb85a80d95924b3fde5ed6343a1a1d464a040dae3";
+    sha256 = "dae4aaa78eafcad10ce2581fc34d694faa616727837fd8e55c1a00951ad6744f";
   };
 
   # circular dependencies with fixtures
diff --git a/pkgs/development/python-modules/pip-tools/default.nix b/pkgs/development/python-modules/pip-tools/default.nix
index 752047d04f7..926b625f700 100644
--- a/pkgs/development/python-modules/pip-tools/default.nix
+++ b/pkgs/development/python-modules/pip-tools/default.nix
@@ -3,12 +3,12 @@
 
 buildPythonPackage rec {
   pname = "pip-tools";
-  version = "1.11.0";
+  version = "2.0.2";
   name = pname + "-" + version;
 
   src = fetchurl {
     url = "mirror://pypi/p/pip-tools/${name}.tar.gz";
-    sha256 = "ba427b68443466c389e3b0b0ef55f537ab39344190ea980dfebb333d0e6a50a3";
+    sha256 = "f11fc3bf1d87a0b4a68d4d595f619814e2396e92d75d7bdd2500edbf002ea6de";
   };
 
   LC_ALL = "en_US.UTF-8";
@@ -22,6 +22,8 @@ buildPythonPackage rec {
     "test_generate_hashes_without_interfering_with_each_other"
     "test_realistic_complex_sub_dependencies"
     "test_generate_hashes_with_editable"
+    "test_filter_pip_markes"
+    "test_get_hashes_local_repository_cache_miss"
     # Expect specific version of "six":
     "test_editable_package"
     "test_input_file_without_extension"
diff --git a/pkgs/development/python-modules/pip/default.nix b/pkgs/development/python-modules/pip/default.nix
index a566e31e035..20558312f29 100644
--- a/pkgs/development/python-modules/pip/default.nix
+++ b/pkgs/development/python-modules/pip/default.nix
@@ -10,11 +10,11 @@
 
 buildPythonPackage rec {
   pname = "pip";
-  version = "9.0.3";
+  version = "10.0.1";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "7bf48f9a693be1d58f49f7af7e0ae9fe29fd671cde8a55e6edca3581c4ef5796";
+    sha256 = "f2bd08e0cd1b06e10218feaf6fef299f473ba706582eb3bd9d52203fdbd7ee68";
   };
 
   # pip detects that we already have bootstrapped_pip "installed", so we need
@@ -31,4 +31,4 @@ buildPythonPackage rec {
     homepage = https://pip.pypa.io/;
     priority = 10;
   };
-}
\ No newline at end of file
+}
diff --git a/pkgs/development/python-modules/pretend/default.nix b/pkgs/development/python-modules/pretend/default.nix
index 3572d938a0d..fed0499624a 100644
--- a/pkgs/development/python-modules/pretend/default.nix
+++ b/pkgs/development/python-modules/pretend/default.nix
@@ -2,11 +2,11 @@
 
 buildPythonPackage rec {
   pname = "pretend";
-  version = "1.0.8";
+  version = "1.0.9";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "0r5r7ygz9m6d2bklflbl84cqhjkc2q12xgis8268ygjh30g2q3wk";
+    sha256 = "c90eb810cde8ebb06dafcb8796f9a95228ce796531bc806e794c2f4649aa1b10";
   };
 
   # No tests in archive
diff --git a/pkgs/development/python-modules/psutil/default.nix b/pkgs/development/python-modules/psutil/default.nix
index 6221e08ae57..f357aec914a 100644
--- a/pkgs/development/python-modules/psutil/default.nix
+++ b/pkgs/development/python-modules/psutil/default.nix
@@ -7,12 +7,12 @@
 
 buildPythonPackage rec {
   pname = "psutil";
-  version = "5.4.3";
+  version = "5.4.5";
   name = "${pname}-${version}";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "e2467e9312c2fa191687b89ff4bc2ad8843be4af6fb4dc95a7cc5f7d7a327b18";
+    sha256 = "ebe293be36bb24b95cdefc5131635496e88b17fabbcf1e4bc9b5c01f5e489cfe";
   };
 
   # No tests in archive
diff --git a/pkgs/development/python-modules/pyblake2/default.nix b/pkgs/development/python-modules/pyblake2/default.nix
index 7d70fd30a25..2de46c0d1ed 100644
--- a/pkgs/development/python-modules/pyblake2/default.nix
+++ b/pkgs/development/python-modules/pyblake2/default.nix
@@ -5,12 +5,12 @@
 
 buildPythonPackage rec {
   pname = "pyblake2";
-  version = "1.1.1";
+  version = "1.1.2";
   name = "${pname}-${version}";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "8ec8e9087d13c99b354ab6d8b4cadb1758633db5946ff95a6bc7ac538b6d7b3d";
+    sha256 = "5ccc7eb02edb82fafb8adbb90746af71460fbc29aa0f822526fc976dff83e93f";
   };
 
   # requires setting up sphinx doctest
diff --git a/pkgs/development/python-modules/pycairo/default.nix b/pkgs/development/python-modules/pycairo/default.nix
index 39c06bff3bf..091ac809a9b 100644
--- a/pkgs/development/python-modules/pycairo/default.nix
+++ b/pkgs/development/python-modules/pycairo/default.nix
@@ -2,8 +2,7 @@
 
 buildPythonPackage rec {
   pname = "pycairo";
-  version = "1.15.4";
-  name = "${pname}-${version}";
+  version = "1.16.3";
 
   disabled = isPyPy;
 
@@ -11,13 +10,21 @@ buildPythonPackage rec {
     owner = "pygobject";
     repo = "pycairo";
     rev = "v${version}";
-    sha256 = "02vzmfxx8nl6dbwzc911wcj7hqspgqz6v9xmq6579vwfla0vaglv";
+    sha256 = "0clk6wrfls3fa1xrn844762qfaw6gs4ivwkrfysidbzmlbxhpngl";
   };
 
-  postPatch = ''
-    # we are unable to pass --prefix to bdist_wheel
-    # see https://github.com/NixOS/nixpkgs/pull/32034#discussion_r153285955
-    substituteInPlace setup.py --replace '"prefix": self.install_base' "'prefix': '$out'"
+  # We need to create the pkgconfig file but it cannot be installed as a wheel since wheels
+  # are supposed to be relocatable and do not support --prefix option
+  buildPhase = ''
+    ${python.interpreter} setup.py build
+  '';
+
+  installPhase = ''
+    ${python.interpreter} setup.py install --skip-build --prefix="$out" --optimize=1
+  '';
+
+  checkPhase = ''
+    ${python.interpreter} setup.py test
   '';
 
   nativeBuildInputs = [ pkgconfig ];
diff --git a/pkgs/development/python-modules/pygit2/default.nix b/pkgs/development/python-modules/pygit2/default.nix
index d8eb05cf348..3f05aa7b789 100644
--- a/pkgs/development/python-modules/pygit2/default.nix
+++ b/pkgs/development/python-modules/pygit2/default.nix
@@ -3,11 +3,11 @@
 buildPythonPackage rec {
   name = "${pname}-${version}";
   pname = "pygit2";
-  version = "0.26.3";
+  version = "0.26.4";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "29baa530d6fcbf7cca6a75cf9c78fb88613ca81afb39c62fe492f226f6b61800";
+    sha256 = "a8a0ecce4aadac2675afa5bcda0f698bfe39ec61ac1e15b9264704d1b41bb390";
   };
 
   preConfigure = lib.optionalString stdenv.isDarwin ''
diff --git a/pkgs/development/python-modules/pyglet/default.nix b/pkgs/development/python-modules/pyglet/default.nix
index 3fc7f8ddb68..4bc1cd0608c 100644
--- a/pkgs/development/python-modules/pyglet/default.nix
+++ b/pkgs/development/python-modules/pyglet/default.nix
@@ -2,12 +2,12 @@
 , libGLU_combined, xorg, freetype, fontconfig, future}:
 
 buildPythonPackage rec {
-  version = "1.3.1";
+  version = "1.3.2";
   pname = "pyglet";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "0a73280fa3949ea4890fee28f625c10b1e10a7cda390a08b6bce4740948167cd";
+    sha256 = "b00570e7cdf6971af8953b6ece50d83d13272afa5d1f1197c58c0f478dd17743";
   };
 
   postPatch = let
diff --git a/pkgs/development/python-modules/pypcap/default.nix b/pkgs/development/python-modules/pypcap/default.nix
index e2d4e1efe28..ead63c2c1b3 100644
--- a/pkgs/development/python-modules/pypcap/default.nix
+++ b/pkgs/development/python-modules/pypcap/default.nix
@@ -2,12 +2,12 @@
 
 buildPythonPackage rec {
   pname = "pypcap";
-  version = "1.2.0";
+  version = "1.2.1";
   name = "${pname}-${version}";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "0n01xjgg8n5mf1cs9yg9ljsx1kvir8cm6wwrd2069fawjxdbk0b9";
+    sha256 = "9ca9f79ca839fdc8fd37393509e2cb06be70f8db03f8cfe1857ca40cac1149f0";
   };
 
   patches = [
diff --git a/pkgs/development/python-modules/pytest/default.nix b/pkgs/development/python-modules/pytest/default.nix
index 457826f26cb..8e6b73b9c5e 100644
--- a/pkgs/development/python-modules/pytest/default.nix
+++ b/pkgs/development/python-modules/pytest/default.nix
@@ -2,7 +2,7 @@
 , setuptools_scm, setuptools, six, pluggy, funcsigs, isPy3k, more-itertools
 }:
 buildPythonPackage rec {
-  version = "3.5.0";
+  version = "3.5.1";
   pname = "pytest";
 
   preCheck = ''
@@ -12,7 +12,7 @@ buildPythonPackage rec {
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "fae491d1874f199537fd5872b5e1f0e74a009b979df9d53d1553fd03da1703e1";
+    sha256 = "54713b26c97538db6ff0703a12b19aeaeb60b5e599de542e7fca0ec83b9038e8";
   };
 
   checkInputs = [ hypothesis ];
diff --git a/pkgs/development/python-modules/qtpy/default.nix b/pkgs/development/python-modules/qtpy/default.nix
index d1aa4f096fe..e433d922e10 100644
--- a/pkgs/development/python-modules/qtpy/default.nix
+++ b/pkgs/development/python-modules/qtpy/default.nix
@@ -2,11 +2,11 @@
 
 buildPythonPackage rec {
   pname = "QtPy";
-  version = "1.4.0";
+  version = "1.4.2";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "8e78e7ce28015c1041be68b90f43048c9815e8c89d3362f8073feecdc70eafba";
+    sha256 = "1d1a4343540433a203280f162d43226e4c87489155fe4a9a6f1923ba11362bf9";
   };
 
   # no concrete propagatedBuildInputs as multiple backends are supposed
diff --git a/pkgs/development/python-modules/robotframework/default.nix b/pkgs/development/python-modules/robotframework/default.nix
index be3316cf697..f07d0208167 100644
--- a/pkgs/development/python-modules/robotframework/default.nix
+++ b/pkgs/development/python-modules/robotframework/default.nix
@@ -1,14 +1,14 @@
 { stdenv, fetchurl, buildPythonPackage, isPy3k }:
 
 buildPythonPackage rec {
-  version = "3.0.3";
+  version = "3.0.4";
   pname = "robotframework";
   disabled = isPy3k;
   name = pname + "-" + version;
 
   src = fetchurl {
     url = "mirror://pypi/r/robotframework/${name}.tar.gz";
-    sha256 = "a5ffe9283c9247c3a1e81228fcc009819d8f94b48768170268a3e6274a998bca";
+    sha256 = "ab94257cbd848dfca7148e092d233a12853cc7e840ce8231af9cbb5e7f51aa47";
   };
 
   meta = with stdenv.lib; {
diff --git a/pkgs/development/python-modules/rpy2/default.nix b/pkgs/development/python-modules/rpy2/default.nix
index 8db7ae3b337..c689bd48240 100644
--- a/pkgs/development/python-modules/rpy2/default.nix
+++ b/pkgs/development/python-modules/rpy2/default.nix
@@ -16,12 +16,12 @@
 }:
 
 buildPythonPackage rec {
-    version = "2.8.2";
+    version = "2.8.6";
     pname = "rpy2";
     disabled = isPyPy;
     src = fetchPypi {
       inherit version pname;
-      sha256 = "0k5jp6n1lfab7a6r5568aq31hg4fgf2cwy0hzvf3chp6yhyk26ic";
+      sha256 = "004d13734a7b9a85cbc1e7a93ec87df741e28db1273ab5b0d9efaac04a9c5f98";
     };
     buildInputs = [
       readline
diff --git a/pkgs/development/python-modules/s3fs/default.nix b/pkgs/development/python-modules/s3fs/default.nix
index 956a96f1404..c605d43888c 100644
--- a/pkgs/development/python-modules/s3fs/default.nix
+++ b/pkgs/development/python-modules/s3fs/default.nix
@@ -2,11 +2,11 @@
 
 buildPythonPackage rec {
   pname = "s3fs";
-  version = "0.1.4";
+  version = "0.1.5";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "f19b2e81cfcf6f2849fa8195c366c6e81d2378400bab0611f461c4e55d4f6bed";
+    sha256 = "4fbab74d72ceeb1a6f249165bde7b1d1c4dd758390339f52c84f0832bc5117a7";
   };
 
   buildInputs = [ docutils ];
diff --git a/pkgs/development/python-modules/sphinx/default.nix b/pkgs/development/python-modules/sphinx/default.nix
index a87362dfc3c..3ccccdbf77d 100644
--- a/pkgs/development/python-modules/sphinx/default.nix
+++ b/pkgs/development/python-modules/sphinx/default.nix
@@ -27,10 +27,10 @@
 buildPythonPackage rec {
   name = "${pname}-${version}";
   pname = "Sphinx";
-  version = "1.7.2";
+  version = "1.7.4";
   src = fetchPypi {
     inherit pname version;
-    sha256 = "5a1c9a0fec678c24b9a2f5afba240c04668edb7f45c67ce2ed008996b3f21ae2";
+    sha256 = "e9b1a75a3eae05dded19c80eb17325be675e0698975baae976df603b6ed1eb10";
   };
   LC_ALL = "en_US.UTF-8";
 
diff --git a/pkgs/development/python-modules/sqlalchemy/default.nix b/pkgs/development/python-modules/sqlalchemy/default.nix
index 6ac6fe21e4d..882574aa675 100644
--- a/pkgs/development/python-modules/sqlalchemy/default.nix
+++ b/pkgs/development/python-modules/sqlalchemy/default.nix
@@ -11,11 +11,11 @@
 buildPythonPackage rec {
   pname = "SQLAlchemy";
   name = "${pname}-${version}";
-  version = "1.2.6";
+  version = "1.2.7";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "7cb00cc9b9f92ef8b4391c8a2051f81eeafefe32d63c6b395fd51401e9a39edb";
+    sha256 = "d6cda03b0187d6ed796ff70e87c9a7dce2c2c9650a7bc3c022cd331416853c31";
   };
 
   checkInputs = [
diff --git a/pkgs/development/python-modules/sqlmap/default.nix b/pkgs/development/python-modules/sqlmap/default.nix
index d5c89aefef7..9a2aaeaa553 100644
--- a/pkgs/development/python-modules/sqlmap/default.nix
+++ b/pkgs/development/python-modules/sqlmap/default.nix
@@ -5,12 +5,12 @@
 
 buildPythonPackage rec {
   pname = "sqlmap";
-  version = "1.2.4";
+  version = "1.2.5";
   name = "${pname}-${version}";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "cb70fdedd8dc0a30cf361d8e5401a5b07fc75c13847b13567b98966be4e3d063";
+    sha256 = "93fe37e535f4aabd05a7456295f39c0af73cbcd0511750663fc7a718c5915919";
   };
 
   # No tests in archive
diff --git a/pkgs/development/python-modules/tables/default.nix b/pkgs/development/python-modules/tables/default.nix
index 2ae41832569..d2346b7addb 100644
--- a/pkgs/development/python-modules/tables/default.nix
+++ b/pkgs/development/python-modules/tables/default.nix
@@ -2,13 +2,13 @@
 , cython, bzip2, lzo, numpy, numexpr, hdf5, six, c-blosc }:
 
 buildPythonPackage rec {
-  version = "3.4.2";
+  version = "3.4.3";
   pname = "tables";
   name = "${pname}-${version}";
 
   src = fetchurl {
     url = "mirror://pypi/t/tables/${name}.tar.gz";
-    sha256 = "fdbbea4edb6bad0ac0e53fc7bc6970e78e12eef4944aa4146bcdcb573201676c";
+    sha256 = "b6aafe47154e2140c0a91bb38ebdb6ba67a24dd86263f1c294af8c11cb7deed4";
   };
 
   buildInputs = [ hdf5 cython bzip2 lzo c-blosc ];
diff --git a/pkgs/development/python-modules/testfixtures/default.nix b/pkgs/development/python-modules/testfixtures/default.nix
index 55631f291c7..2b9ef2e24a1 100644
--- a/pkgs/development/python-modules/testfixtures/default.nix
+++ b/pkgs/development/python-modules/testfixtures/default.nix
@@ -3,11 +3,11 @@
 
 buildPythonPackage rec {
   pname = "testfixtures";
-  version = "6.0.0";
+  version = "6.0.2";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "f6c4cf24d043f9d8e9a9337371ec1d2f6638a0032504bd67dbd724224fd64969";
+    sha256 = "f8827cfc91e5cc9ac669727fdd48a85880f391b935a0a212b5cedb807879feec";
   };
 
   checkInputs = [ mock manuel pytest sybil zope_component ];
diff --git a/pkgs/development/python-modules/textacy/default.nix b/pkgs/development/python-modules/textacy/default.nix
index 47b8b04c4f6..4ffe8ec735c 100644
--- a/pkgs/development/python-modules/textacy/default.nix
+++ b/pkgs/development/python-modules/textacy/default.nix
@@ -25,11 +25,11 @@
 buildPythonPackage rec {
   name = "${pname}-${version}";
   pname = "textacy";
-  version = "0.6.0";
+  version = "0.6.1";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "70ebd8f6536c1536132c997988a4f27731a2db5a7ca7bab29fb33746b444959f";
+    sha256 = "32ffb796f2abf0577af480d482608cca2baf85d366a4e2981ffd3e632ebeb76c";
   };
 
   disabled = isPy27; # 2.7 requires backports.csv
diff --git a/pkgs/development/python-modules/transitions/default.nix b/pkgs/development/python-modules/transitions/default.nix
index edf13782b07..4bda41dd66b 100644
--- a/pkgs/development/python-modules/transitions/default.nix
+++ b/pkgs/development/python-modules/transitions/default.nix
@@ -3,11 +3,11 @@
 
 buildPythonPackage rec {
   pname = "transitions";
-  version = "0.6.4";
+  version = "0.6.5";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "1ikxsjg7vil0yhiwhiimnjzcb1ig6g6g79sdhs9v8rnrszk1mi2n";
+    sha256 = "f72b6c5fcac3d1345bbf829e1a48a810255bcb4fc2c11a634af68107c378c1be";
   };
 
   postPatch = ''
diff --git a/pkgs/development/python-modules/tweepy/default.nix b/pkgs/development/python-modules/tweepy/default.nix
new file mode 100644
index 00000000000..c0c74743044
--- /dev/null
+++ b/pkgs/development/python-modules/tweepy/default.nix
@@ -0,0 +1,28 @@
+{ lib, buildPythonPackage, fetchPypi, fetchpatch, requests, six, requests_oauthlib }:
+
+buildPythonPackage rec {
+  pname = "tweepy";
+  version = "3.6.0";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "901500666de5e265d93e611dc05066bb020481c85550d6bcbf8030212938902c";
+  };
+
+  # Fix build with pip 10
+  # https://github.com/tweepy/tweepy/pull/1030
+  patches = fetchpatch {
+    url = "${meta.homepage}/commit/778bd7a31d2f5fae98652735e7844533589ca221.patch";
+    sha256 = "1sqmjn0ngiynhfkdkcs33qmvl49ysfp8522hvxjk8bx252y9qw2h";
+  };
+
+  doCheck = false;
+  propagatedBuildInputs = [ requests six requests_oauthlib ];
+
+  meta = with lib; {
+    homepage = https://github.com/tweepy/tweepy;
+    description = "Twitter library for python";
+    license = licenses.mit;
+    maintainers = with maintainers; [ garbas ];
+  };
+}
diff --git a/pkgs/development/python-modules/widgetsnbextension/default.nix b/pkgs/development/python-modules/widgetsnbextension/default.nix
index 2e21ead19e0..cae05c74268 100644
--- a/pkgs/development/python-modules/widgetsnbextension/default.nix
+++ b/pkgs/development/python-modules/widgetsnbextension/default.nix
@@ -8,11 +8,11 @@
 buildPythonPackage rec {
   pname = "widgetsnbextension";
   name = "${pname}-${version}";
-  version = "3.2.0";
+  version = "3.2.1";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "9b584b9210dadc98f1fae384fff5f4db047df0b94a81b2388c7b0b14a99c3f32";
+    sha256 = "5417789ee6064ff515fd10be24870660af3561c02d3d48b26f6f44285d0f70cc";
   };
 
   propagatedBuildInputs = [ notebook ];
diff --git a/pkgs/development/python-modules/xarray/default.nix b/pkgs/development/python-modules/xarray/default.nix
index 1d18b5830aa..4035575915f 100644
--- a/pkgs/development/python-modules/xarray/default.nix
+++ b/pkgs/development/python-modules/xarray/default.nix
@@ -10,11 +10,11 @@
 
 buildPythonPackage rec {
   pname = "xarray";
-  version = "0.10.2";
+  version = "0.10.3";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "dd5af05cc9ddd5713016ec1a7f0d481daf2f0bb4d4e0bd66790503f6412bbc59";
+    sha256 = "72fafe29ba00633483aed39e405442226ef66d2ddc1021a39527ae1522b7067a";
   };
 
   checkInputs = [ pytest ];
diff --git a/pkgs/development/python-modules/zetup/default.nix b/pkgs/development/python-modules/zetup/default.nix
index c6b5900c627..d72752a5988 100644
--- a/pkgs/development/python-modules/zetup/default.nix
+++ b/pkgs/development/python-modules/zetup/default.nix
@@ -5,11 +5,11 @@
 buildPythonPackage rec {
   name = "${pname}-${version}";
   pname = "zetup";
-  version = "0.2.42";
+  version = "0.2.43";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "6c9e25249f3014ed2162398772ccf1a5e8a4e9e66c74e3c7f6683945a6a3d84c";
+    sha256 = "ee92ba93a03336962525536f237ae0decf99a9b5d484ba34a3cf06ef017dae8e";
   };
 
   checkPhase = ''
diff --git a/pkgs/development/python-modules/zxcvbn-python/default.nix b/pkgs/development/python-modules/zxcvbn-python/default.nix
index 633270b9480..4f34d7d0288 100644
--- a/pkgs/development/python-modules/zxcvbn-python/default.nix
+++ b/pkgs/development/python-modules/zxcvbn-python/default.nix
@@ -5,13 +5,13 @@
 
 buildPythonPackage rec {
   pname = "zxcvbn-python";
-  version = "4.4.22";
+  version = "4.4.24";
 
   name = "${pname}-${version}";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "402d4222dc9994baed66a19a1cf5cb5c3fafd065f9cabc4cf7d5a2915e980979";
+    sha256 = "900b28cc5e96be4091d8778f19f222832890264e338765a1c1c09fca2db64b2d";
   };
 
   # No tests in archive
diff --git a/pkgs/development/ruby-modules/bundler/default.nix b/pkgs/development/ruby-modules/bundler/default.nix
index 6ba1d5f10ec..0c754fcfe3b 100644
--- a/pkgs/development/ruby-modules/bundler/default.nix
+++ b/pkgs/development/ruby-modules/bundler/default.nix
@@ -4,8 +4,8 @@ buildRubyGem rec {
   inherit ruby;
   name = "${gemName}-${version}";
   gemName = "bundler";
-  version = "1.14.6";
-  source.sha256 = "0h3x2csvlz99v2ryj1w72vn6kixf7rl35lhdryvh7s49brnj0cgl";
+  version = "1.16.1";
+  source.sha256 = "42b8e0f57093e1d10c15542f956a871446b759e7969d99f91caf3b6731c156e8";
   dontPatchShebangs = true;
 
   postFixup = ''
diff --git a/pkgs/development/tools/analysis/valgrind/default.nix b/pkgs/development/tools/analysis/valgrind/default.nix
index 875feea84d4..131533896ff 100644
--- a/pkgs/development/tools/analysis/valgrind/default.nix
+++ b/pkgs/development/tools/analysis/valgrind/default.nix
@@ -59,6 +59,8 @@ stdenv.mkDerivation rec {
   configureFlags =
     stdenv.lib.optional (stdenv.system == "x86_64-linux" || stdenv.system == "x86_64-darwin") "--enable-only64bit";
 
+  doCheck = false; # fails
+
   postInstall = ''
     for i in $out/lib/valgrind/*.supp; do
       substituteInPlace $i \
diff --git a/pkgs/development/tools/build-managers/cmake/default.nix b/pkgs/development/tools/build-managers/cmake/default.nix
index 97c02cd9cc1..70ea1623f89 100644
--- a/pkgs/development/tools/build-managers/cmake/default.nix
+++ b/pkgs/development/tools/build-managers/cmake/default.nix
@@ -101,6 +101,7 @@ stdenv.mkDerivation rec {
   # CMAKE_SYSTEM_NAME, etc.
   configurePlatforms = [ ];
 
+  doCheck = false; # fails
 
   meta = with stdenv.lib; {
     homepage = http://www.cmake.org/;
diff --git a/pkgs/development/tools/build-managers/conan/default.nix b/pkgs/development/tools/build-managers/conan/default.nix
index 04d7d93455e..849c722e554 100644
--- a/pkgs/development/tools/build-managers/conan/default.nix
+++ b/pkgs/development/tools/build-managers/conan/default.nix
@@ -20,12 +20,12 @@ let newPython = python.override {
 };
 
 in newPython.pkgs.buildPythonApplication rec {
-  version = "1.1.1"; # remove patch below when updating
+  version = "1.2.3";
   pname = "conan";
 
   src = newPython.pkgs.fetchPypi {
     inherit pname version;
-    sha256 = "1k1r401bc9fgmhd5n5f29mjcn346r3zdrm7p28nwpr2r2p3fslrl";
+    sha256 = "623e92d99cd0f4ec92552b23af66a6bb066071e213659f502480bb9a96d7be23";
   };
 
   checkInputs = with newPython.pkgs; [
@@ -39,15 +39,7 @@ in newPython.pkgs.buildPythonApplication rec {
   propagatedBuildInputs = with newPython.pkgs; [
     requests fasteners pyyaml pyjwt colorama patch
     bottle pluginbase six distro pylint node-semver
-    future pygments mccabe
-  ];
-
-  patches = [
-    # already merged, remove with the next package update
-    (fetchpatch {
-      url = "https://github.com/conan-io/conan/commit/51cc4cbd51ac8f9b9efa2bf678a2d7810e273ff3.patch";
-      sha256 = "0d93g4hjpfk8z870imwdswkw5qba2h5zhfgwwijiqhr2pv7fl1y7";
-    })
+    future pygments mccabe deprecation
   ];
 
   preCheck = ''
diff --git a/pkgs/development/tools/dcadec/default.nix b/pkgs/development/tools/dcadec/default.nix
index 95f992e490f..f9ca826cd62 100644
--- a/pkgs/development/tools/dcadec/default.nix
+++ b/pkgs/development/tools/dcadec/default.nix
@@ -14,6 +14,8 @@ stdenv.mkDerivation rec {
 
   installPhase = "make PREFIX=/ DESTDIR=$out install";
 
+  doCheck = false; # fails with "ERROR: Run 'git submodule update --init test/samples' first."
+
   meta = with stdenv.lib; {
     description = "DTS Coherent Acoustics decoder with support for HD extensions";
     maintainers = with maintainers; [ edwtjo ];
@@ -21,4 +23,4 @@ stdenv.mkDerivation rec {
     license = licenses.lgpl21;
     platforms = platforms.linux;
   };
-}
\ No newline at end of file
+}
diff --git a/pkgs/development/tools/documentation/doxygen/default.nix b/pkgs/development/tools/documentation/doxygen/default.nix
index 05418aa39a8..d25f00276f6 100644
--- a/pkgs/development/tools/documentation/doxygen/default.nix
+++ b/pkgs/development/tools/documentation/doxygen/default.nix
@@ -25,6 +25,7 @@ stdenv.mkDerivation rec {
     stdenv.lib.optional stdenv.isDarwin "-mmacosx-version-min=10.9";
 
   enableParallelBuilding = true;
+  doCheck = false; # fails
 
   meta = {
     license = stdenv.lib.licenses.gpl2Plus;
diff --git a/pkgs/development/tools/documentation/gtk-doc/default.nix b/pkgs/development/tools/documentation/gtk-doc/default.nix
index a52afd6c39a..5bd989a4da8 100644
--- a/pkgs/development/tools/documentation/gtk-doc/default.nix
+++ b/pkgs/development/tools/documentation/gtk-doc/default.nix
@@ -28,6 +28,9 @@ stdenv.mkDerivation rec {
 
   configureFlags = "--disable-scrollkeeper";
 
+  doCheck = false; # requires a lot of stuff
+  doInstallCheck = false; # fails
+
   passthru = {
     # Consumers are expected to copy the m4 files to their source tree, let them reuse the patch
     respect_xml_catalog_files_var_patch = ./respect-xml-catalog-files-var.patch;
diff --git a/pkgs/development/tools/go2nix/default.nix b/pkgs/development/tools/go2nix/default.nix
index 9a3ff192ba9..5ef12d88c06 100644
--- a/pkgs/development/tools/go2nix/default.nix
+++ b/pkgs/development/tools/go2nix/default.nix
@@ -33,6 +33,8 @@ buildGoPackage rec {
 
   allowGoReference = true;
 
+  doCheck = false; # tries to access the net
+
   meta = with stdenv.lib; {
     description = "Go apps packaging for Nix";
     homepage = https://github.com/kamilchm/go2nix;
diff --git a/pkgs/development/tools/govers/default.nix b/pkgs/development/tools/govers/default.nix
index bd4dd28f599..a80f1569329 100644
--- a/pkgs/development/tools/govers/default.nix
+++ b/pkgs/development/tools/govers/default.nix
@@ -4,7 +4,7 @@ buildGoPackage rec {
   name = "govers-${version}";
   version = "20150109-${stdenv.lib.strings.substring 0 7 rev}";
   rev = "3b5f175f65d601d06f48d78fcbdb0add633565b9";
-  
+
   goPackagePath = "github.com/rogpeppe/govers";
 
   src = fetchgit {
@@ -14,4 +14,7 @@ buildGoPackage rec {
   };
 
   dontRenameImports = true;
+
+  doCheck = false; # fails, silently
+
 }
diff --git a/pkgs/development/tools/misc/autoconf/2.64.nix b/pkgs/development/tools/misc/autoconf/2.64.nix
index 9e70833e008..31df050d5f8 100644
--- a/pkgs/development/tools/misc/autoconf/2.64.nix
+++ b/pkgs/development/tools/misc/autoconf/2.64.nix
@@ -23,10 +23,12 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
-  preCheck =
-    # Make the Autotest test suite run in parallel.
-    '' export TESTSUITEFLAGS="-j$NIX_BUILD_CORES"
-    '';
+  # Make the Autotest test suite run in parallel.
+  preCheck =''
+    export TESTSUITEFLAGS="-j$NIX_BUILD_CORES"
+  '';
+
+  doInstallCheck = false; # fails
 
   meta = {
     homepage = http://www.gnu.org/software/autoconf/;
diff --git a/pkgs/development/tools/misc/autoconf/default.nix b/pkgs/development/tools/misc/autoconf/default.nix
index 579dea33df4..e9ea0ea1ea4 100644
--- a/pkgs/development/tools/misc/autoconf/default.nix
+++ b/pkgs/development/tools/misc/autoconf/default.nix
@@ -24,10 +24,12 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
-  preCheck =
-    # Make the Autotest test suite run in parallel.
-    '' export TESTSUITEFLAGS="-j$NIX_BUILD_CORES"
-    '';
+  # Make the Autotest test suite run in parallel.
+  preCheck =''
+    export TESTSUITEFLAGS="-j$NIX_BUILD_CORES"
+  '';
+
+  doInstallCheck = false; # fails
 
   meta = {
     homepage = http://www.gnu.org/software/autoconf/;
diff --git a/pkgs/development/tools/misc/binutils/default.nix b/pkgs/development/tools/misc/binutils/default.nix
index ac055171658..77622f579f3 100644
--- a/pkgs/development/tools/misc/binutils/default.nix
+++ b/pkgs/development/tools/misc/binutils/default.nix
@@ -70,7 +70,7 @@ stdenv.mkDerivation rec {
     # be satisfied on aarch64 platform. Add backported fix from bugzilla.
     # https://sourceware.org/bugzilla/show_bug.cgi?id=22764
     ./relax-R_AARCH64_ABS32-R_AARCH64_ABS16-absolute.patch
-  ];
+  ] ++ stdenv.lib.optional targetPlatform.isiOS ./support-ios.patch;
 
   outputs = [ "out" "info" "man" ];
 
@@ -121,6 +121,8 @@ stdenv.mkDerivation rec {
     "--enable-fix-loongson2f-nop"
   ] ++ optionals gold [ "--enable-gold" "--enable-plugins" ];
 
+  doCheck = false; # fails
+
   enableParallelBuilding = true;
 
   passthru = {
diff --git a/pkgs/development/tools/misc/itstool/default.nix b/pkgs/development/tools/misc/itstool/default.nix
index 70ed9cd0570..129c1c6b3a9 100644
--- a/pkgs/development/tools/misc/itstool/default.nix
+++ b/pkgs/development/tools/misc/itstool/default.nix
@@ -2,11 +2,11 @@
 # We need the same Python as is used to build libxml2Python
 
 stdenv.mkDerivation rec {
-  name = "itstool-2.0.2";
+  name = "itstool-2.0.4";
 
   src = fetchurl {
     url = "http://files.itstool.org/itstool/${name}.tar.bz2";
-    sha256 = "bf909fb59b11a646681a8534d5700fec99be83bb2c57badf8c1844512227033a";
+    sha256 = "0q7b4qrc758zfx3adsgvz0r93swdbxjr42w37rahngm33nshihlp";
   };
 
   buildInputs = [ python2 libxml2Python ];
diff --git a/pkgs/development/tools/misc/libtool/libtool2.nix b/pkgs/development/tools/misc/libtool/libtool2.nix
index 85821ee2089..d1d35d9a482 100644
--- a/pkgs/development/tools/misc/libtool/libtool2.nix
+++ b/pkgs/development/tools/misc/libtool/libtool2.nix
@@ -22,6 +22,7 @@ stdenv.mkDerivation rec {
   # XXX: The GNU ld wrapper does all sorts of nasty things wrt. RPATH, which
   # leads to the failure of a number of tests.
   doCheck = false;
+  doInstallCheck = false;
 
   # Don't run the native `strip' when cross-compiling.  This breaks at least
   # with `.a' files for MinGW.
diff --git a/pkgs/development/tools/misc/pkgconfig/default.nix b/pkgs/development/tools/misc/pkgconfig/default.nix
index 15d00b0a2a5..219281f4ec1 100644
--- a/pkgs/development/tools/misc/pkgconfig/default.nix
+++ b/pkgs/development/tools/misc/pkgconfig/default.nix
@@ -32,6 +32,7 @@ stdenv.mkDerivation rec {
          "ac_cv_func_posix_getgrgid_r=yes"
        ];
 
+  doCheck = false; # fails
 
   postInstall = ''rm -f "$out"/bin/*-pkg-config''; # clean the duplicate file
 
@@ -42,4 +43,3 @@ stdenv.mkDerivation rec {
   };
 
 }
-
diff --git a/pkgs/development/tools/misc/texinfo/4.13a.nix b/pkgs/development/tools/misc/texinfo/4.13a.nix
index 2e0d020688e..63e5bea19d7 100644
--- a/pkgs/development/tools/misc/texinfo/4.13a.nix
+++ b/pkgs/development/tools/misc/texinfo/4.13a.nix
@@ -1,10 +1,11 @@
-{ stdenv, fetchurl, ncurses, lzma }:
+{ stdenv, fetchurl, texinfo, ncurses, lzma }:
 
 stdenv.mkDerivation rec {
-  name = "texinfo-4.13a";
+  name = "texinfo-${version}";
+  version = "4.13a";
 
   src = fetchurl {
-    url = "mirror://gnu/texinfo/texinfo-4.13a.tar.lzma";
+    url = "mirror://gnu/texinfo/${name}.tar.lzma";
     sha256 = "1rf9ckpqwixj65bw469i634897xwlgkm5i9g2hv3avl6mv7b0a3d";
   };
 
@@ -14,29 +15,5 @@ stdenv.mkDerivation rec {
   # Disabled because we don't have zdiff in the stdenv bootstrap.
   #doCheck = true;
 
-  meta = {
-    description = "The GNU documentation system";
-
-    longDescription = ''
-      Texinfo is the official documentation format of the GNU project.
-      It was invented by Richard Stallman and Bob Chassell many years
-      ago, loosely based on Brian Reid's Scribe and other formatting
-      languages of the time.  It is used by many non-GNU projects as
-      well.
-
-      Texinfo uses a single source file to produce output in a number
-      of formats, both online and printed (dvi, html, info, pdf, xml,
-      etc.).  This means that instead of writing different documents
-      for online information and another for a printed manual, you
-      need write only one document.  And when the work is revised, you
-      need revise only that one document.  The Texinfo system is
-      well-integrated with GNU Emacs.
-    '';
-
-    license = stdenv.lib.licenses.gpl3Plus;
-
-    homepage = http://www.gnu.org/software/texinfo/;
-    branch = "4.13";
-    platforms = stdenv.lib.platforms.unix;
-  };
+  meta = texinfo.meta // { branch = version; };
 }
diff --git a/pkgs/development/tools/misc/texinfo/5.2.nix b/pkgs/development/tools/misc/texinfo/5.2.nix
index 0feb4b943df..d395494984d 100644
--- a/pkgs/development/tools/misc/texinfo/5.2.nix
+++ b/pkgs/development/tools/misc/texinfo/5.2.nix
@@ -1,54 +1,4 @@
-{ stdenv, buildPackages, fetchurl, ncurses, perl, xz, procps, interactive ? false }:
-
-with stdenv.lib;
-
-stdenv.mkDerivation rec {
-  name = "texinfo-5.2";
-
-  src = fetchurl {
-    url = "mirror://gnu/texinfo/${name}.tar.xz";
-    sha256 = "1njfwh2z34r2c4r0iqa7v24wmjzvsfyz4vplzry8ln3479lfywal";
-  };
-
-  # We need a native compiler to build perl XS extensions
-  # when cross-compiling.
-  depsBuildBuild = [ buildPackages.stdenv.cc perl ];
-
-  buildInputs = [ perl xz.bin ]
-    ++ optional interactive ncurses
-    ++ optional doCheck procps; # for tests
-
-  configureFlags = [ "PERL=${buildPackages.perl}/bin/perl" ]
-    ++ stdenv.lib.optional stdenv.isSunOS "AWK=${gawk}/bin/awk";
-
-  preInstall = ''
-    installFlags="TEXMF=$out/texmf-dist";
-    installTargets="install install-tex";
-  '';
-
-  doCheck = !stdenv.isDarwin;
-
-  meta = {
-    homepage = http://www.gnu.org/software/texinfo/;
-    description = "The GNU documentation system";
-    license = licenses.gpl3Plus;
-    platforms = platforms.all;
-
-    longDescription = ''
-      Texinfo is the official documentation format of the GNU project.
-      It was invented by Richard Stallman and Bob Chassell many years
-      ago, loosely based on Brian Reid's Scribe and other formatting
-      languages of the time.  It is used by many non-GNU projects as
-      well.
-
-      Texinfo uses a single source file to produce output in a number
-      of formats, both online and printed (dvi, html, info, pdf, xml,
-      etc.).  This means that instead of writing different documents
-      for online information and another for a printed manual, you
-      need write only one document.  And when the work is revised, you
-      need revise only that one document.  The Texinfo system is
-      well-integrated with GNU Emacs.
-    '';
-    branch = "5.2";
-  };
+import ./common.nix {
+  version = "5.2";
+  sha256 = "1njfwh2z34r2c4r0iqa7v24wmjzvsfyz4vplzry8ln3479lfywal";
 }
diff --git a/pkgs/development/tools/misc/texinfo/6.5.nix b/pkgs/development/tools/misc/texinfo/6.5.nix
index afa7e9a0a20..34596f30658 100644
--- a/pkgs/development/tools/misc/texinfo/6.5.nix
+++ b/pkgs/development/tools/misc/texinfo/6.5.nix
@@ -1,56 +1,4 @@
-{ stdenv, buildPackages, fetchurl, ncurses, perl, xz, libiconv, gawk, procps, interactive ? false }:
-
-with stdenv.lib;
-
-stdenv.mkDerivation rec {
-  name = "texinfo-6.5";
-
-  src = fetchurl {
-    url = "mirror://gnu/texinfo/${name}.tar.xz";
-    sha256 = "0qjzvbvnv9003xdrcpi3jp7y68j4hq2ciw9frh2hghh698zlnxvp";
-  };
-
-  # We need a native compiler to build perl XS extensions
-  # when cross-compiling.
-  depsBuildBuild = [ buildPackages.stdenv.cc perl ];
-
-  buildInputs = [ xz ]
-    ++ optionals stdenv.isSunOS [ libiconv gawk ]
-    ++ optional interactive ncurses
-    ++ optional doCheck procps; # for tests
-
-  configureFlags = [ "PERL=${buildPackages.perl}/bin/perl" ]
-    ++ stdenv.lib.optional stdenv.isSunOS "AWK=${gawk}/bin/awk";
-
-  preInstall = ''
-    installFlags="TEXMF=$out/texmf-dist";
-    installTargets="install install-tex";
-  '';
-
-  doCheck = interactive # simplify bootstrapping
-    && !stdenv.isDarwin && !stdenv.isSunOS/*flaky*/;
-
-  meta = with stdenv.lib; {
-    homepage = http://www.gnu.org/software/texinfo/;
-    description = "The GNU documentation system";
-    license = licenses.gpl3Plus;
-    platforms = platforms.all;
-    maintainers = [ maintainers.vrthra ];
-
-    longDescription = ''
-      Texinfo is the official documentation format of the GNU project.
-      It was invented by Richard Stallman and Bob Chassell many years
-      ago, loosely based on Brian Reid's Scribe and other formatting
-      languages of the time.  It is used by many non-GNU projects as
-      well.
-
-      Texinfo uses a single source file to produce output in a number
-      of formats, both online and printed (dvi, html, info, pdf, xml,
-      etc.).  This means that instead of writing different documents
-      for online information and another for a printed manual, you
-      need write only one document.  And when the work is revised, you
-      need revise only that one document.  The Texinfo system is
-      well-integrated with GNU Emacs.
-    '';
-  };
+import ./common.nix {
+  version = "6.5";
+  sha256 = "0qjzvbvnv9003xdrcpi3jp7y68j4hq2ciw9frh2hghh698zlnxvp";
 }
diff --git a/pkgs/development/tools/misc/texinfo/common.nix b/pkgs/development/tools/misc/texinfo/common.nix
new file mode 100644
index 00000000000..12534297ff3
--- /dev/null
+++ b/pkgs/development/tools/misc/texinfo/common.nix
@@ -0,0 +1,64 @@
+{ version, sha256 }:
+
+{ stdenv, buildPackages, fetchurl, perl, xz
+
+# we are a dependency of gcc, this simplifies bootstraping
+, interactive ? false, ncurses, procps
+}:
+
+with stdenv.lib;
+
+stdenv.mkDerivation rec {
+  name = "texinfo-${optionalString interactive "interactive-"}${version}";
+  inherit version;
+
+  src = fetchurl {
+    url = "mirror://gnu/texinfo/texinfo-${version}.tar.xz";
+    inherit sha256;
+  };
+
+  # We need a native compiler to build perl XS extensions
+  # when cross-compiling.
+  depsBuildBuild = [ buildPackages.stdenv.cc perl ];
+
+  buildInputs = [ xz.bin ]
+    ++ optionals stdenv.isSunOS [ libiconv gawk ]
+    ++ optionals interactive [ ncurses procps ];
+
+  configureFlags = [ "PERL=${buildPackages.perl}/bin/perl" ]
+    ++ stdenv.lib.optional stdenv.isSunOS "AWK=${gawk}/bin/awk";
+
+  preInstall = ''
+    installFlags="TEXMF=$out/texmf-dist";
+    installTargets="install install-tex";
+  '';
+
+  doCheck = interactive
+    && !stdenv.isDarwin
+    && !stdenv.isSunOS; # flaky
+
+  meta = {
+    homepage = http://www.gnu.org/software/texinfo/;
+    description = "The GNU documentation system";
+    license = licenses.gpl3Plus;
+    platforms = platforms.all;
+    maintainers = with maintainers; [ vrthra oxij ];
+
+    longDescription = ''
+      Texinfo is the official documentation format of the GNU project.
+      It was invented by Richard Stallman and Bob Chassell many years
+      ago, loosely based on Brian Reid's Scribe and other formatting
+      languages of the time.  It is used by many non-GNU projects as
+      well.
+
+      Texinfo uses a single source file to produce output in a number
+      of formats, both online and printed (dvi, html, info, pdf, xml,
+      etc.).  This means that instead of writing different documents
+      for online information and another for a printed manual, you
+      need write only one document.  And when the work is revised, you
+      need revise only that one document.  The Texinfo system is
+      well-integrated with GNU Emacs.
+    '';
+    branch = version;
+  };
+}
diff --git a/pkgs/development/tools/parsing/bison/3.x.nix b/pkgs/development/tools/parsing/bison/3.x.nix
index 2b0c14ea832..9c75e93bb1c 100644
--- a/pkgs/development/tools/parsing/bison/3.x.nix
+++ b/pkgs/development/tools/parsing/bison/3.x.nix
@@ -13,6 +13,9 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [ m4 perl ] ++ stdenv.lib.optional stdenv.isSunOS help2man;
   propagatedBuildInputs = [ m4 ];
 
+  doCheck = false; # fails
+  doInstallCheck = false; # fails
+
   meta = {
     homepage = http://www.gnu.org/software/bison/;
     description = "Yacc-compatible parser generator";
diff --git a/pkgs/development/tools/vagrant/Gemfile b/pkgs/development/tools/vagrant/Gemfile
index d32951f1c05..f25a77c9398 100644
--- a/pkgs/development/tools/vagrant/Gemfile
+++ b/pkgs/development/tools/vagrant/Gemfile
@@ -1,2 +1,2 @@
 source "https://rubygems.org"
-gem 'vagrant'
+gem 'vagrant', git: "https://github.com/hashicorp/vagrant.git", tag: "v2.0.4"
diff --git a/pkgs/development/tools/vagrant/Gemfile.lock b/pkgs/development/tools/vagrant/Gemfile.lock
index 2c63b57443a..fd5cb8dbee9 100644
--- a/pkgs/development/tools/vagrant/Gemfile.lock
+++ b/pkgs/development/tools/vagrant/Gemfile.lock
@@ -1,17 +1,9 @@
 GIT
-  remote: https://github.com/mitchellh/vagrant-spec.git
-  revision: 7ac8b4191de578e345b29acaf62ecc72c8e73be1
+  remote: https://github.com/hashicorp/vagrant.git
+  revision: 6a6805f284dff05207e359acdfb1ca8443b78751
+  tag: v2.0.4
   specs:
-    vagrant-spec (0.0.1)
-      childprocess (~> 0.6.0)
-      log4r (~> 1.1.9)
-      rspec (~> 3.5.0)
-      thor (~> 0.18.1)
-
-PATH
-  remote: .
-  specs:
-    vagrant (2.0.2)
+    vagrant (2.0.4)
       childprocess (~> 0.6.0)
       erubis (~> 2.7.0)
       hashicorp-checkpoint (~> 0.1.5)
@@ -25,6 +17,8 @@ PATH
       rest-client (>= 1.6.0, < 3.0)
       ruby_dep (<= 1.3.1)
       wdm (~> 0.1.0)
+      win32-file (~> 0.8.1)
+      win32-file-security (~> 1.0.10)
       winrm (~> 2.1)
       winrm-elevated (~> 1.1)
       winrm-fs (~> 1.0)
@@ -32,24 +26,19 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.5.2)
-      public_suffix (>= 2.0.2, < 4.0)
     builder (3.2.3)
     childprocess (0.6.3)
       ffi (~> 1.0, >= 1.0.11)
-    crack (0.4.3)
-      safe_yaml (~> 1.0.0)
-    diff-lcs (1.3)
-    domain_name (0.5.20170404)
+    domain_name (0.5.20180417)
       unf (>= 0.0.5, < 1.0.0)
     erubis (2.7.0)
-    fake_ftp (0.1.1)
-    ffi (1.9.18)
+    ffi (1.9.23)
+    ffi-win32-extensions (1.0.3)
+      ffi
     gssapi (1.2.0)
       ffi (>= 1.0.1)
     gyoku (1.3.1)
       builder (>= 2.1.2)
-    hashdiff (0.3.7)
     hashicorp-checkpoint (0.1.5)
     http-cookie (1.0.3)
       domain_name (~> 0.5)
@@ -75,8 +64,6 @@ GEM
     net-ssh (4.2.0)
     netrc (0.11.0)
     nori (2.6.0)
-    public_suffix (3.0.1)
-    rake (12.0.0)
     rb-fsevent (0.10.3)
     rb-inotify (0.9.10)
       ffi (>= 0.5.0, < 2)
@@ -86,35 +73,23 @@ GEM
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
-    rspec (3.5.0)
-      rspec-core (~> 3.5.0)
-      rspec-expectations (~> 3.5.0)
-      rspec-mocks (~> 3.5.0)
-    rspec-core (3.5.4)
-      rspec-support (~> 3.5.0)
-    rspec-expectations (3.5.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.5.0)
-    rspec-its (1.2.0)
-      rspec-core (>= 3.0.0)
-      rspec-expectations (>= 3.0.0)
-    rspec-mocks (3.5.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.5.0)
-    rspec-support (3.5.0)
     ruby_dep (1.3.1)
     rubyntlm (0.6.2)
     rubyzip (1.2.1)
-    safe_yaml (1.0.4)
-    thor (0.18.1)
     unf (0.1.4)
       unf_ext
     unf_ext (0.0.7.5)
     wdm (0.1.1)
-    webmock (2.3.2)
-      addressable (>= 2.3.6)
-      crack (>= 0.3.2)
-      hashdiff
+    win32-file (0.8.1)
+      ffi
+      ffi-win32-extensions
+      win32-file-stat (>= 1.4.0)
+    win32-file-security (1.0.10)
+      ffi
+      ffi-win32-extensions
+    win32-file-stat (1.5.5)
+      ffi
+      ffi-win32-extensions
     winrm (2.2.3)
       builder (>= 2.1.2)
       erubis (~> 2.7)
@@ -137,13 +112,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  fake_ftp (~> 0.1.1)
-  rake (~> 12.0.0)
-  rspec (~> 3.5.0)
-  rspec-its (~> 1.2.0)
   vagrant!
-  vagrant-spec!
-  webmock (~> 2.3.1)
 
 BUNDLED WITH
-   1.14.6
+   1.16.1
diff --git a/pkgs/development/tools/vagrant/default.nix b/pkgs/development/tools/vagrant/default.nix
index 3b055d38d03..11ca6014b2d 100644
--- a/pkgs/development/tools/vagrant/default.nix
+++ b/pkgs/development/tools/vagrant/default.nix
@@ -1,36 +1,29 @@
-{ lib, fetchurl, buildRubyGem, bundlerEnv, ruby, libarchive }:
+{ lib, buildRubyGem, bundlerEnv, ruby, libarchive }:
+
+
+# To update vagrant, visit the Gemfile and re-run bundix.
 
 let
-  version = "2.0.2";
-  url = "https://github.com/hashicorp/vagrant/archive/v${version}.tar.gz";
-  sha256 = "1sjfwgy2y6q5s1drd8h8xgz2a0sv1l3kx9jilgc02hlcdz070iir";
+  gemset = import ./gemset.nix;
+  inherit (gemset.vagrant) version;
 
   deps = bundlerEnv rec {
-    name = "${pname}-${version}";
+    name = "vagrant-${version}";
     pname = "vagrant";
     inherit version;
 
     inherit ruby;
     gemdir = ./.;
-    gemset = lib.recursiveUpdate (import ./gemset.nix) {
-      vagrant = {
-        source = {
-          type = "url";
-          inherit url sha256;
-        };
-        inherit version;
-      };
-    };
   };
 
 in buildRubyGem rec {
   name = "${gemName}-${version}";
   gemName = "vagrant";
-  inherit version;
 
   doInstallCheck = true;
   dontBuild = false;
-  src = fetchurl { inherit url sha256; };
+
+  inherit (deps.gems.vagrant) src;
 
   patches = [
     ./unofficial-installation-nowarn.patch
diff --git a/pkgs/development/tools/vagrant/gemset.nix b/pkgs/development/tools/vagrant/gemset.nix
index 5d3d2693d01..7a432d30217 100644
--- a/pkgs/development/tools/vagrant/gemset.nix
+++ b/pkgs/development/tools/vagrant/gemset.nix
@@ -1,13 +1,4 @@
 {
-  addressable = {
-    dependencies = ["public_suffix"];
-    source = {
-      remotes = ["https://rubygems.org"];
-      sha256 = "0viqszpkggqi8hq87pqp0xykhvz60g99nwmkwsb0v45kc2liwxvk";
-      type = "gem";
-    };
-    version = "2.5.2";
-  };
   builder = {
     source = {
       remotes = ["https://rubygems.org"];
@@ -25,31 +16,14 @@
     };
     version = "0.6.3";
   };
-  crack = {
-    dependencies = ["safe_yaml"];
-    source = {
-      remotes = ["https://rubygems.org"];
-      sha256 = "0abb0fvgw00akyik1zxnq7yv391va148151qxdghnzngv66bl62k";
-      type = "gem";
-    };
-    version = "0.4.3";
-  };
-  diff-lcs = {
-    source = {
-      remotes = ["https://rubygems.org"];
-      sha256 = "18w22bjz424gzafv6nzv98h0aqkwz3d9xhm7cbr1wfbyas8zayza";
-      type = "gem";
-    };
-    version = "1.3";
-  };
   domain_name = {
     dependencies = ["unf"];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "12hs8yijhak7p2hf1xkh98g0mnp5phq3mrrhywzaxpwz1gw5r3kf";
+      sha256 = "0abdlwb64ns7ssmiqhdwgl27ly40x2l27l8hs8hn0z4kb3zd2x3v";
       type = "gem";
     };
-    version = "0.5.20170404";
+    version = "0.5.20180417";
   };
   erubis = {
     source = {
@@ -59,21 +33,22 @@
     };
     version = "2.7.0";
   };
-  fake_ftp = {
+  ffi = {
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "0rn7lxdk3sqc2i4v2c5k25b9ca1qnkdf32nv04y760aml9mszwf7";
+      sha256 = "0zw6pbyvmj8wafdc7l5h7w20zkp1vbr2805ql5d941g2b20pk4zr";
       type = "gem";
     };
-    version = "0.1.1";
+    version = "1.9.23";
   };
-  ffi = {
+  ffi-win32-extensions = {
+    dependencies = ["ffi"];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "034f52xf7zcqgbvwbl20jwdyjwznvqnwpbaps9nk18v9lgb1dpx0";
+      sha256 = "1ywkkbr3bpi2ais2jr8yrsqwwrm48jg262anmdkcb9if95vajx7l";
       type = "gem";
     };
-    version = "1.9.18";
+    version = "1.0.3";
   };
   gssapi = {
     dependencies = ["ffi"];
@@ -93,14 +68,6 @@
     };
     version = "1.3.1";
   };
-  hashdiff = {
-    source = {
-      remotes = ["https://rubygems.org"];
-      sha256 = "0yj5l2rw8i8jc725hbcpc4wks0qlaaimr3dpaqamfjkjkxl0hjp9";
-      type = "gem";
-    };
-    version = "0.3.7";
-  };
   hashicorp-checkpoint = {
     source = {
       remotes = ["https://rubygems.org"];
@@ -235,22 +202,6 @@
     };
     version = "2.6.0";
   };
-  public_suffix = {
-    source = {
-      remotes = ["https://rubygems.org"];
-      sha256 = "0mvzd9ycjw8ydb9qy3daq3kdzqs2vpqvac4dqss6ckk4rfcjc637";
-      type = "gem";
-    };
-    version = "3.0.1";
-  };
-  rake = {
-    source = {
-      remotes = ["https://rubygems.org"];
-      sha256 = "01j8fc9bqjnrsxbppncai05h43315vmz9fwg28qdsgcjw9ck1d7n";
-      type = "gem";
-    };
-    version = "12.0.0";
-  };
   rb-fsevent = {
     source = {
       remotes = ["https://rubygems.org"];
@@ -286,59 +237,6 @@
     };
     version = "2.0.2";
   };
-  rspec = {
-    dependencies = ["rspec-core" "rspec-expectations" "rspec-mocks"];
-    source = {
-      remotes = ["https://rubygems.org"];
-      sha256 = "16g3mmih999f0b6vcz2c3qsc7ks5zy4lj1rzjh8hf6wk531nvc6s";
-      type = "gem";
-    };
-    version = "3.5.0";
-  };
-  rspec-core = {
-    dependencies = ["rspec-support"];
-    source = {
-      remotes = ["https://rubygems.org"];
-      sha256 = "1nacs062qbr98fx6czf1vwppn1js956nv2c8vfwj6i65axdfs46i";
-      type = "gem";
-    };
-    version = "3.5.4";
-  };
-  rspec-expectations = {
-    dependencies = ["diff-lcs" "rspec-support"];
-    source = {
-      remotes = ["https://rubygems.org"];
-      sha256 = "0bbqfrb1x8gmwf8x2xhhwvvlhwbbafq4isbvlibxi6jk602f09gs";
-      type = "gem";
-    };
-    version = "3.5.0";
-  };
-  rspec-its = {
-    dependencies = ["rspec-core" "rspec-expectations"];
-    source = {
-      remotes = ["https://rubygems.org"];
-      sha256 = "1pwphny5jawcm1hda3vs9pjv1cybaxy17dc1s75qd7drrvx697p3";
-      type = "gem";
-    };
-    version = "1.2.0";
-  };
-  rspec-mocks = {
-    dependencies = ["diff-lcs" "rspec-support"];
-    source = {
-      remotes = ["https://rubygems.org"];
-      sha256 = "0nl3ksivh9wwrjjd47z5dggrwx40v6gpb3a0gzbp1gs06a5dmk24";
-      type = "gem";
-    };
-    version = "3.5.0";
-  };
-  rspec-support = {
-    source = {
-      remotes = ["https://rubygems.org"];
-      sha256 = "10vf3k3d472y573mag2kzfsfrf6rv355s13kadnpryk8d36yq5r0";
-      type = "gem";
-    };
-    version = "3.5.0";
-  };
   ruby_dep = {
     source = {
       remotes = ["https://rubygems.org"];
@@ -363,22 +261,6 @@
     };
     version = "1.2.1";
   };
-  safe_yaml = {
-    source = {
-      remotes = ["https://rubygems.org"];
-      sha256 = "1hly915584hyi9q9vgd968x2nsi5yag9jyf5kq60lwzi5scr7094";
-      type = "gem";
-    };
-    version = "1.0.4";
-  };
-  thor = {
-    source = {
-      remotes = ["https://rubygems.org"];
-      sha256 = "0d1g37j6sc7fkidf8rqlm3wh9zgyg3g7y8h2x1y34hmil5ywa8c3";
-      type = "gem";
-    };
-    version = "0.18.1";
-  };
   unf = {
     dependencies = ["unf_ext"];
     source = {
@@ -397,18 +279,15 @@
     version = "0.0.7.5";
   };
   vagrant = {
-    dependencies = ["childprocess" "erubis" "hashicorp-checkpoint" "i18n" "listen" "log4r" "net-scp" "net-sftp" "net-ssh" "rb-kqueue" "rest-client" "ruby_dep" "wdm" "winrm" "winrm-elevated" "winrm-fs"];
-  };
-  vagrant-spec = {
-    dependencies = ["childprocess" "log4r" "rspec" "thor"];
+    dependencies = ["childprocess" "erubis" "hashicorp-checkpoint" "i18n" "listen" "log4r" "net-scp" "net-sftp" "net-ssh" "rb-kqueue" "rest-client" "ruby_dep" "wdm" "win32-file" "win32-file-security" "winrm" "winrm-elevated" "winrm-fs"];
     source = {
       fetchSubmodules = false;
-      rev = "7ac8b4191de578e345b29acaf62ecc72c8e73be1";
-      sha256 = "0qybgxdnndx7xfmhyjcj46b2mv78d98yk30d68ppmfnmm3jx590h";
+      rev = "6a6805f284dff05207e359acdfb1ca8443b78751";
+      sha256 = "07c7r4xk0md9hkbcnij0kp7acxz0li9ak1ah7lmh52j10gq4cjmw";
       type = "git";
-      url = "https://github.com/mitchellh/vagrant-spec.git";
+      url = "https://github.com/hashicorp/vagrant.git";
     };
-    version = "0.0.1";
+    version = "2.0.4";
   };
   wdm = {
     source = {
@@ -418,14 +297,32 @@
     };
     version = "0.1.1";
   };
-  webmock = {
-    dependencies = ["addressable" "crack" "hashdiff"];
+  win32-file = {
+    dependencies = ["ffi" "ffi-win32-extensions" "win32-file-stat"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0mjylzv4bbnxyjqf7hnd9ghcs5xr2sv8chnmkqdi2cc6pya2xax0";
+      type = "gem";
+    };
+    version = "0.8.1";
+  };
+  win32-file-security = {
+    dependencies = ["ffi" "ffi-win32-extensions"];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0lpq821a1hrxmm0ki5c34wijzhn77g4ny76v698ixwg853y2ir9r";
+      type = "gem";
+    };
+    version = "1.0.10";
+  };
+  win32-file-stat = {
+    dependencies = ["ffi" "ffi-win32-extensions"];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "04hkcqsmbfnp8g237pisnc834vpgildklicbjbyikqg0bg1rwcy5";
+      sha256 = "0lc3yajcb8xxabvj9qian938k60ixydvs3ixl5fldi0nlvnvk468";
       type = "gem";
     };
-    version = "2.3.2";
+    version = "1.5.5";
   };
   winrm = {
     dependencies = ["builder" "erubis" "gssapi" "gyoku" "httpclient" "logging" "nori" "rubyntlm"];
diff --git a/pkgs/development/web/nodejs/v10.nix b/pkgs/development/web/nodejs/v10.nix
new file mode 100644
index 00000000000..9f5f1880989
--- /dev/null
+++ b/pkgs/development/web/nodejs/v10.nix
@@ -0,0 +1,11 @@
+{ stdenv, callPackage, lib, openssl, enableNpm ? true }:
+
+let
+  buildNodejs = callPackage ./nodejs.nix { inherit openssl; };
+in
+  buildNodejs {
+    inherit enableNpm;
+    version = "10.0.0";
+    sha256 = "0l5bx2j4f2ij19kx14my7g7k37j3fn9qpjvbisjvhpbm42810fg2";
+    patches = lib.optionals stdenv.isDarwin [ ./no-xcode-v7.patch ./no-xcodebuild.patch ];
+  }
diff --git a/pkgs/misc/cups/filters.nix b/pkgs/misc/cups/filters.nix
index 02a7ce219c4..2195cf7d2a3 100644
--- a/pkgs/misc/cups/filters.nix
+++ b/pkgs/misc/cups/filters.nix
@@ -56,6 +56,7 @@ in stdenv.mkDerivation rec {
     '';
 
   enableParallelBuilding = true;
+  doCheck = false; # fails 4 out of 6 tests
 
   meta = {
     homepage = http://www.linuxfoundation.org/collaborate/workgroups/openprinting/cups-filters;
diff --git a/pkgs/misc/emulators/wine/winetricks.nix b/pkgs/misc/emulators/wine/winetricks.nix
index f5f8d6a5f10..76606edf53c 100644
--- a/pkgs/misc/emulators/wine/winetricks.nix
+++ b/pkgs/misc/emulators/wine/winetricks.nix
@@ -14,6 +14,8 @@ stdenv.mkDerivation rec {
 
   makeFlags = [ "PREFIX=$(out)" ];
 
+  doCheck = false; # requires "bashate"
+
   postInstall = ''
     sed -i \
       -e '2i PATH="${pathAdd}:$PATH"' \
diff --git a/pkgs/os-specific/bsd/netbsd/compat-setup-hook.sh b/pkgs/os-specific/bsd/netbsd/compat-setup-hook.sh
index d47d602e2ed..81df09eba17 100644
--- a/pkgs/os-specific/bsd/netbsd/compat-setup-hook.sh
+++ b/pkgs/os-specific/bsd/netbsd/compat-setup-hook.sh
@@ -1,18 +1,6 @@
-setupCompatFlags() {
-    # The `depHostOffset` describes how the host platform of the dependencies
-    # are slid relative to the depending package. It is brought into scope of
-    # the environment hook defined as the role of the dependency being applied.
-    case $depHostOffset in
-        -1) local role='BUILD_' ;;
-        0)  local role='' ;;
-        1)  local role='TARGET_' ;;
-        *)  echo "cc-wrapper: Error: Cannot be used with $depHostOffset-offset deps" >2;
-            return 1 ;;
-    esac
+# See pkgs/build-support/setup-hooks/role.bash
+getHostRole
 
-    export NIX_${role}LDFLAGS+=" -lnbcompat"
-    export NIX_${role}CFLAGS_COMPILE+=" -DHAVE_NBTOOL_CONFIG_H"
-    export NIX_${role}CFLAGS_COMPILE+=" -include nbtool_config.h"
-}
-
-addEnvHooks "$hostOffset" setupCompatFlags
+export NIX_${role_pre}LDFLAGS+=" -lnbcompat"
+export NIX_${role_pre}CFLAGS_COMPILE+=" -DHAVE_NBTOOL_CONFIG_H"
+export NIX_${role_pre}CFLAGS_COMPILE+=" -include nbtool_config.h"
diff --git a/pkgs/os-specific/bsd/netbsd/default.nix b/pkgs/os-specific/bsd/netbsd/default.nix
index b4fb99504ef..84d6926c50c 100644
--- a/pkgs/os-specific/bsd/netbsd/default.nix
+++ b/pkgs/os-specific/bsd/netbsd/default.nix
@@ -167,7 +167,10 @@ let
     sha256 = "17phkfafybxwhzng44k5bhmag6i55br53ky1nwcmw583kg2fa86z";
     version = "7.1.2";
 
-    setupHook = ./compat-setup-hook.sh;
+    setupHooks = [
+      ../../../build-support/setup-hooks/role.bash
+      ./compat-setup-hook.sh
+    ];
 
     # override defaults to prevent infinite recursion
     nativeBuildInputs = [ makeMinimal ];
@@ -270,7 +273,10 @@ let
 
       runHook postInstall
     '';
-    setupHook = ./fts-setup-hook.sh;
+    setupHooks = [
+      ../../../build-support/setup-hooks/role.bash
+      ./fts-setup-hook.sh
+    ];
   };
 
   stat = netBSDDerivation {
diff --git a/pkgs/os-specific/bsd/netbsd/fts-setup-hook.sh b/pkgs/os-specific/bsd/netbsd/fts-setup-hook.sh
index 6b706417493..5cf8c753aec 100644
--- a/pkgs/os-specific/bsd/netbsd/fts-setup-hook.sh
+++ b/pkgs/os-specific/bsd/netbsd/fts-setup-hook.sh
@@ -1,16 +1,4 @@
-ftsLdflags() {
-    # The `depHostOffset` describes how the host platform of the dependencies
-    # are slid relative to the depending package. It is brought into scope of
-    # the environment hook defined as the role of the dependency being applied.
-    case $depHostOffset in
-        -1) local role='BUILD_' ;;
-        0)  local role='' ;;
-        1)  local role='TARGET_' ;;
-        *)  echo "cc-wrapper: Error: Cannot be used with $depHostOffset-offset deps" >2;
-            return 1 ;;
-    esac
+# See pkgs/build-support/setup-hooks/role.bash
+getHostRole
 
-    export NIX_${role}LDFLAGS+=" -lfts"
-}
-
-addEnvHooks "$hostOffset" ftsLdflags
+export NIX_${role_pre}LDFLAGS+=" -lfts"
diff --git a/pkgs/os-specific/darwin/apple-source-releases/CarbonHeaders/default.nix b/pkgs/os-specific/darwin/apple-source-releases/CarbonHeaders/default.nix
index 38215fa8f90..5c6d54aeb9c 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/CarbonHeaders/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/CarbonHeaders/default.nix
@@ -1,7 +1,7 @@
 { stdenv, appleDerivation }:
 
 appleDerivation {
-  phases = [ "unpackPhase" "installPhase" ];
+  dontBuild = true;
 
   installPhase = ''
     mkdir -p $out/include
diff --git a/pkgs/os-specific/darwin/apple-source-releases/CommonCrypto/default.nix b/pkgs/os-specific/darwin/apple-source-releases/CommonCrypto/default.nix
index 5bcf94a18ce..ad51f1df2bc 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/CommonCrypto/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/CommonCrypto/default.nix
@@ -1,8 +1,6 @@
 { stdenv, appleDerivation }:
 
 appleDerivation {
-  phases = [ "unpackPhase" "installPhase" ];
-
   installPhase = ''
     mkdir -p $out/include/CommonCrypto
     cp include/* $out/include/CommonCrypto
diff --git a/pkgs/os-specific/darwin/apple-source-releases/ICU/default.nix b/pkgs/os-specific/darwin/apple-source-releases/ICU/default.nix
index eef26f4b79a..6cf7ee07b70 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/ICU/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/ICU/default.nix
@@ -20,5 +20,6 @@ appleDerivation {
 
   postInstall = ''
     mv $out/usr/local/include $out/include
+    rm -rf $out/usr
   '';
 }
diff --git a/pkgs/os-specific/darwin/apple-source-releases/Libc/825_40_1.nix b/pkgs/os-specific/darwin/apple-source-releases/Libc/825_40_1.nix
index 0fa9294f229..302a657992a 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/Libc/825_40_1.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/Libc/825_40_1.nix
@@ -1,8 +1,6 @@
 { stdenv, appleDerivation, ed, unifdef }:
 
 appleDerivation {
-  phases = [ "unpackPhase" "installPhase" ];
-
   nativeBuildInputs = [ ed unifdef ];
 
   installPhase = ''
diff --git a/pkgs/os-specific/darwin/apple-source-releases/Libc/default.nix b/pkgs/os-specific/darwin/apple-source-releases/Libc/default.nix
index 40237b27bd2..d73dc8f3ec2 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/Libc/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/Libc/default.nix
@@ -1,8 +1,6 @@
 { stdenv, appleDerivation, ed, unifdef, Libc_old, Libc_10-9 }:
 
 appleDerivation {
-  phases = [ "unpackPhase" "installPhase" ];
-
   nativeBuildInputs = [ ed unifdef ];
 
   # TODO: asl.h actually comes from syslog project now
diff --git a/pkgs/os-specific/darwin/apple-source-releases/Libinfo/default.nix b/pkgs/os-specific/darwin/apple-source-releases/Libinfo/default.nix
index 2756857ba67..d3ffa1fa283 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/Libinfo/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/Libinfo/default.nix
@@ -1,8 +1,6 @@
 { stdenv, appleDerivation }:
 
 appleDerivation {
-  phases = [ "unpackPhase" "installPhase" ];
-
   installPhase = ''
     substituteInPlace xcodescripts/install_files.sh \
       --replace "/usr/local/" "/" \
diff --git a/pkgs/os-specific/darwin/apple-source-releases/Libm/default.nix b/pkgs/os-specific/darwin/apple-source-releases/Libm/default.nix
index b409a7347ef..1a01d032191 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/Libm/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/Libm/default.nix
@@ -1,8 +1,6 @@
 { stdenv, appleDerivation }:
 
 appleDerivation {
-  phases = [ "unpackPhase" "installPhase" ];
-
   installPhase = ''
     mkdir -p $out/include
 
@@ -10,4 +8,4 @@ appleDerivation {
     cp Source/Intel/fenv.h $out/include
     cp Source/complex.h    $out/include
   '';
-}
\ No newline at end of file
+}
diff --git a/pkgs/os-specific/darwin/apple-source-releases/Libnotify/default.nix b/pkgs/os-specific/darwin/apple-source-releases/Libnotify/default.nix
index 810c8e8315a..de691a056f3 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/Libnotify/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/Libnotify/default.nix
@@ -1,8 +1,6 @@
 { stdenv, appleDerivation }:
 
 appleDerivation {
-  phases = [ "unpackPhase" "installPhase" ];
-
   installPhase = ''
     mkdir -p $out/include
     cp notify.h      $out/include
diff --git a/pkgs/os-specific/darwin/apple-source-releases/Librpcsvc/default.nix b/pkgs/os-specific/darwin/apple-source-releases/Librpcsvc/default.nix
index 512ec6253c7..7002f82fe56 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/Librpcsvc/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/Librpcsvc/default.nix
@@ -1,8 +1,6 @@
 { stdenv, appleDerivation, developer_cmds }:
 
 appleDerivation rec {
-  phases = [ "unpackPhase" "installPhase" ];
-
   buildInputs = [ developer_cmds ];
 
   installPhase = ''
diff --git a/pkgs/os-specific/darwin/apple-source-releases/Libsystem/default.nix b/pkgs/os-specific/darwin/apple-source-releases/Libsystem/default.nix
index 28406c9751d..386480d6290 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/Libsystem/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/Libsystem/default.nix
@@ -23,6 +23,7 @@ appleDerivation rec {
       (cd $dep/include && find . -name '*.h' | cpio -pdm $out/include)
     done
 
+
     (cd ${cctools.dev}/include/mach-o && find . -name '*.h' | cpio -pdm $out/include/mach-o)
 
     cat <<EOF > $out/include/TargetConditionals.h
diff --git a/pkgs/os-specific/darwin/apple-source-releases/architecture/default.nix b/pkgs/os-specific/darwin/apple-source-releases/architecture/default.nix
index edb7869269a..4a155a4c403 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/architecture/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/architecture/default.nix
@@ -1,19 +1,11 @@
 { stdenv, appleDerivation }:
 
 appleDerivation {
-  phases = [ "unpackPhase" "installPhase" ];
+  dontBuild = true;
 
-  postUnpack = ''
-    substituteInPlace $sourceRoot/Makefile \
-      --replace "/usr/include" "/include" \
-      --replace "/usr/bin/" "" \
-      --replace "/bin/" ""
-  '';
+  installFlags = [ "EXPORT_DSTDIR=/include/architecture" ];
 
-  installPhase = ''
-    export DSTROOT=$out
-    make install
-  '';
+  DSTROOT = "$(out)";
 
   meta = with stdenv.lib; {
     maintainers = with maintainers; [ copumpkin ];
diff --git a/pkgs/os-specific/darwin/apple-source-releases/copyfile/default.nix b/pkgs/os-specific/darwin/apple-source-releases/copyfile/default.nix
index c1a2acccaa9..37dffaa9b20 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/copyfile/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/copyfile/default.nix
@@ -1,10 +1,9 @@
 { stdenv, appleDerivation }:
 
 appleDerivation {
-  phases = [ "unpackPhase" "installPhase" ];
-
+  dontBuild = true;
   installPhase = ''
     mkdir -p $out/include/
     cp copyfile.h $out/include/
   '';
-}
\ No newline at end of file
+}
diff --git a/pkgs/os-specific/darwin/apple-source-releases/dyld/default.nix b/pkgs/os-specific/darwin/apple-source-releases/dyld/default.nix
index 56b0d93f99b..ddadf1f3940 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/dyld/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/dyld/default.nix
@@ -1,8 +1,6 @@
 { stdenv, appleDerivation }:
 
 appleDerivation {
-  phases = [ "unpackPhase" "installPhase" ];
-
   installPhase = ''
     mkdir -p $out/lib $out/include
     ln -s /usr/lib/dyld $out/lib/dyld
diff --git a/pkgs/os-specific/darwin/apple-source-releases/eap8021x/default.nix b/pkgs/os-specific/darwin/apple-source-releases/eap8021x/default.nix
index af9493fe32e..80d629dfa3e 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/eap8021x/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/eap8021x/default.nix
@@ -1,11 +1,10 @@
 { stdenv, appleDerivation }:
 
 appleDerivation {
-  phases = [ "unpackPhase" "installPhase" "fixupPhase" ];
-
+  dontBuild = true;
   installPhase = ''
     mkdir -p $out/Library/Frameworks/EAP8021X.framework/Headers
 
     cp EAP8021X.fproj/EAPClientProperties.h $out/Library/Frameworks/EAP8021X.framework/Headers
   '';
-}
\ No newline at end of file
+}
diff --git a/pkgs/os-specific/darwin/apple-source-releases/launchd/default.nix b/pkgs/os-specific/darwin/apple-source-releases/launchd/default.nix
index c0e00ca1636..86bc6e598f7 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/launchd/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/launchd/default.nix
@@ -1,8 +1,6 @@
 { stdenv, appleDerivation }:
 
 appleDerivation {
-  phases = [ "unpackPhase" "installPhase" ];
-
   # No clue why the same file has two different names. Ask Apple!
   installPhase = ''
     mkdir -p $out/include/ $out/include/servers
@@ -11,4 +9,4 @@ appleDerivation {
     cp liblaunch/bootstrap.h $out/include/servers
     cp liblaunch/bootstrap.h $out/include/servers/bootstrap_defs.h
   '';
-}
\ No newline at end of file
+}
diff --git a/pkgs/os-specific/darwin/apple-source-releases/libclosure/default.nix b/pkgs/os-specific/darwin/apple-source-releases/libclosure/default.nix
index a0201f9db2c..826dbed1dfe 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/libclosure/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/libclosure/default.nix
@@ -1,10 +1,8 @@
 { stdenv, appleDerivation }:
 
 appleDerivation {
-  phases = [ "unpackPhase" "installPhase" ];
-
   installPhase = ''
     mkdir -p $out/include
     cp *.h $out/include/
   '';
-}
\ No newline at end of file
+}
diff --git a/pkgs/os-specific/darwin/apple-source-releases/libdispatch/default.nix b/pkgs/os-specific/darwin/apple-source-releases/libdispatch/default.nix
index c80e3757569..a43c00f7691 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/libdispatch/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/libdispatch/default.nix
@@ -1,8 +1,8 @@
 { stdenv, appleDerivation }:
 
 appleDerivation {
-  phases = [ "unpackPhase" "installPhase" ];
-
+  dontConfigure = true;
+  dontBuild = true;
   installPhase = ''
     mkdir -p $out/include/dispatch $out/include/os
 
diff --git a/pkgs/os-specific/darwin/apple-source-releases/libiconv/default.nix b/pkgs/os-specific/darwin/apple-source-releases/libiconv/default.nix
index d9b3dfb7404..c67609e9675 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/libiconv/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/libiconv/default.nix
@@ -1,20 +1,20 @@
-{ stdenv, appleDerivation }:
+{ stdenv, appleDerivation, autoreconfHook }:
 
 appleDerivation {
-  preConfigure = "cd libiconv";
+  postUnpack = "sourceRoot=$sourceRoot/libiconv";
 
   postInstall = ''
     mv $out/lib/libiconv.dylib $out/lib/libiconv-nocharset.dylib
-    install_name_tool -id $out/lib/libiconv-nocharset.dylib $out/lib/libiconv-nocharset.dylib
+    ${stdenv.cc.bintools.targetPrefix}install_name_tool -id $out/lib/libiconv-nocharset.dylib $out/lib/libiconv-nocharset.dylib
 
     # re-export one useless symbol; ld will reject a dylib that only reexports other dylibs
-    echo 'void dont_use_this(){}' | clang -dynamiclib -x c - -current_version 2.4.0 \
+    echo 'void dont_use_this(){}' | ${stdenv.cc.bintools.targetPrefix}clang -dynamiclib -x c - -current_version 2.4.0 \
       -compatibility_version 7.0.0 -current_version 7.0.0 -o $out/lib/libiconv.dylib \
       -Wl,-reexport_library -Wl,$out/lib/libiconv-nocharset.dylib \
       -Wl,-reexport_library -Wl,$out/lib/libcharset.dylib
   '';
 
-  setup-hook = ../../../../development/libraries/libiconv/setup-hook.sh;
+  setupHook = ../../../../development/libraries/libiconv/setup-hook.sh;
 
   meta = {
     platforms = stdenv.lib.platforms.darwin;
diff --git a/pkgs/os-specific/darwin/apple-source-releases/libplatform/default.nix b/pkgs/os-specific/darwin/apple-source-releases/libplatform/default.nix
index 65accc870d7..41b1bf74af9 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/libplatform/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/libplatform/default.nix
@@ -1,8 +1,6 @@
 { stdenv, appleDerivation }:
 
 appleDerivation {
-  phases = [ "unpackPhase" "installPhase" ];
-
   installPhase = ''
     mkdir $out
     cp -r include $out/include
diff --git a/pkgs/os-specific/darwin/apple-source-releases/libpthread/default.nix b/pkgs/os-specific/darwin/apple-source-releases/libpthread/default.nix
index b4d8004d3e6..650c6415def 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/libpthread/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/libpthread/default.nix
@@ -1,8 +1,6 @@
 { stdenv, appleDerivation, libdispatch, xnu }:
 
 appleDerivation {
-  phases = [ "unpackPhase" "installPhase" "fixupPhase" ];
-
   propagatedBuildInputs = [ libdispatch xnu ];
 
   installPhase = ''
diff --git a/pkgs/os-specific/darwin/apple-source-releases/libresolv/default.nix b/pkgs/os-specific/darwin/apple-source-releases/libresolv/default.nix
index a565971a6fa..5a2cd33d8a0 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/libresolv/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/libresolv/default.nix
@@ -1,8 +1,6 @@
 { stdenv, appleDerivation, Libinfo, configd, mDNSResponder }:
 
 appleDerivation {
-  phases = [ "unpackPhase" "buildPhase" "installPhase" ];
-
   buildInputs = [ Libinfo configd mDNSResponder ];
 
   buildPhase = ''
diff --git a/pkgs/os-specific/darwin/apple-source-releases/libutil/default.nix b/pkgs/os-specific/darwin/apple-source-releases/libutil/default.nix
index c943c2068e6..a6f484ba4e8 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/libutil/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/libutil/default.nix
@@ -2,8 +2,6 @@
 
 # all symbols are located in libSystem
 appleDerivation {
-  phases = [ "unpackPhase" "installPhase" ];
-
   installPhase = ''
     mkdir -p $out/include
     cp *.h $out/include
diff --git a/pkgs/os-specific/darwin/apple-source-releases/ppp/default.nix b/pkgs/os-specific/darwin/apple-source-releases/ppp/default.nix
index ffc19801c5d..17c24bebfda 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/ppp/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/ppp/default.nix
@@ -1,8 +1,7 @@
 { stdenv, appleDerivation }:
 
 appleDerivation {
-  phases = [ "unpackPhase" "installPhase" "fixupPhase" ];
-
+  dontBuild = true;
   installPhase = ''
     mkdir -p $out/include/ppp
 
diff --git a/pkgs/os-specific/darwin/apple-source-releases/removefile/default.nix b/pkgs/os-specific/darwin/apple-source-releases/removefile/default.nix
index 315f93bef08..8baf62dba01 100644
--- a/pkgs/os-specific/darwin/apple-source-releases/removefile/default.nix
+++ b/pkgs/os-specific/darwin/apple-source-releases/removefile/default.nix
@@ -1,10 +1,8 @@
 { stdenv, appleDerivation }:
 
 appleDerivation {
-  phases = [ "unpackPhase" "installPhase" ];
-
   installPhase = ''
     mkdir -p $out/include/
     cp removefile.h checkint.h $out/include/
   '';
-}
\ No newline at end of file
+}
diff --git a/pkgs/os-specific/darwin/cctools/port.nix b/pkgs/os-specific/darwin/cctools/port.nix
index d8abdc2c6f8..24f21b498aa 100644
--- a/pkgs/os-specific/darwin/cctools/port.nix
+++ b/pkgs/os-specific/darwin/cctools/port.nix
@@ -108,17 +108,15 @@ let
       #  include_next "unistd.h"
       #endif
       EOF
-    '' + stdenv.lib.optionalString (!stdenv.isDarwin) ''
-      sed -i -e 's|clang++|& -I${libcxx}/include/c++/v1|' cctools/autogen.sh
-    '' + stdenv.lib.optionalString useOld ''
+
       cd cctools
+    '' + stdenv.lib.optionalString (!stdenv.isDarwin) ''
+      sed -i -e 's|clang++|& -I${libcxx}/include/c++/v1|' autogen.sh
     '';
 
     # TODO: this builds an ld without support for LLVM's LTO. We need to teach it, but that's rather
     # hairy to handle during bootstrap. Perhaps it could be optional?
-    preConfigure = stdenv.lib.optionalString (!useOld) ''
-      cd cctools
-    '' + ''
+    preConfigure = ''
       sh autogen.sh
     '';
 
diff --git a/pkgs/os-specific/darwin/xcode/default.nix b/pkgs/os-specific/darwin/xcode/default.nix
index d3a9ec012eb..bea8bc5d3c2 100644
--- a/pkgs/os-specific/darwin/xcode/default.nix
+++ b/pkgs/os-specific/darwin/xcode/default.nix
@@ -14,7 +14,6 @@ in stdenv.mkDerivation rec {
     sha256 = "70bb550cc14eca80b9825f4ae9bfbf7f076bb75777311be428bc30a7eb7a6f7e";
   };
 
-  phases = [ "unpackPhase" "patchPhase" "installPhase" "fixupPhase" ];
   outputs = [ "out" "toolchain" ];
 
 
diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix
index c8e58dfbf6f..cbbe4d5ca46 100644
--- a/pkgs/os-specific/linux/apparmor/default.nix
+++ b/pkgs/os-specific/linux/apparmor/default.nix
@@ -36,9 +36,7 @@ let
     substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man"
   '';
 
-  # use 'if c then x else null' to avoid rebuilding
-  # patches = stdenv.lib.optionals stdenv.hostPlatform.isMusl [
-  patches = if stdenv.hostPlatform.isMusl then [
+  patches = stdenv.lib.optionals stdenv.hostPlatform.isMusl [
     (fetchpatch {
       url = "https://git.alpinelinux.org/cgit/aports/plain/testing/apparmor/0002-Provide-missing-secure_getenv-and-scandirat-function.patch?id=74b8427cc21f04e32030d047ae92caa618105b53";
       name = "0002-Provide-missing-secure_getenv-and-scandirat-function.patch";
@@ -55,7 +53,11 @@ let
       sha256 = "1m4dx901biqgnr4w4wz8a2z9r9dxyw7wv6m6mqglqwf2lxinqmp4";
     })
     # (alpine patches {1,4,5,6,8} are needed for apparmor 2.11, but not 2.12)
-  ] else null;
+  ];
+
+  # Set to `true` after the next FIXME gets fixed or this gets some
+  # common derivation infra. Too much copy-paste to fix one by one.
+  doCheck = false;
 
   # FIXME: convert these to a single multiple-outputs package?
 
@@ -99,6 +101,8 @@ let
       mv $out/lib/python* $python/lib/
     '';
 
+    inherit doCheck;
+
     meta = apparmor-meta "library";
   };
 
@@ -131,6 +135,8 @@ let
       done
     '';
 
+    inherit doCheck;
+
     meta = apparmor-meta "user-land utilities";
   };
 
@@ -154,6 +160,8 @@ let
     makeFlags = ''LANGS= USE_SYSTEM=1'';
     installFlags = ''DESTDIR=$(out) BINDIR=$(out)/bin'';
 
+    inherit doCheck;
+
     meta = apparmor-meta "binary user-land utilities";
   };
 
@@ -177,6 +185,8 @@ let
     makeFlags = ''LANGS= USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include'';
     installFlags = ''DESTDIR=$(out) DISTRO=unknown'';
 
+    inherit doCheck;
+
     meta = apparmor-meta "rule parser";
   };
 
@@ -192,6 +202,8 @@ let
     makeFlags = ''USE_SYSTEM=1'';
     installFlags = ''DESTDIR=$(out)'';
 
+    inherit doCheck;
+
     meta = apparmor-meta "PAM service";
   };
 
@@ -204,6 +216,8 @@ let
     postPatch = "cd ./profiles";
     installFlags = ''DESTDIR=$(out) EXTRAS_DEST=$(out)/share/apparmor/extra-profiles'';
 
+    inherit doCheck;
+
     meta = apparmor-meta "profiles";
   };
 
@@ -218,6 +232,8 @@ let
       cp -R ./kernel-patches/* "$out"
     '';
 
+    inherit doCheck;
+
     meta = apparmor-meta "kernel patches";
   };
 
diff --git a/pkgs/os-specific/linux/busybox/default.nix b/pkgs/os-specific/linux/busybox/default.nix
index b844bf72d82..ab75d38ba71 100644
--- a/pkgs/os-specific/linux/busybox/default.nix
+++ b/pkgs/os-specific/linux/busybox/default.nix
@@ -98,6 +98,8 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
+  doCheck = false; # tries to access the net
+
   meta = with stdenv.lib; {
     description = "Tiny versions of common UNIX utilities in a single small executable";
     homepage = https://busybox.net/;
diff --git a/pkgs/os-specific/linux/hwdata/default.nix b/pkgs/os-specific/linux/hwdata/default.nix
index 070ddfd7778..ebf7179d081 100644
--- a/pkgs/os-specific/linux/hwdata/default.nix
+++ b/pkgs/os-specific/linux/hwdata/default.nix
@@ -13,6 +13,8 @@ stdenv.mkDerivation rec {
 
   configureFlags = "--datadir=$(prefix)/data";
 
+  doCheck = false; # this does build machine-specific checks (e.g. enumerates PCI bus)
+
   meta = {
     homepage = https://github.com/vcrhonek/hwdata;
     description = "Hardware Database, including Monitors, pci.ids, usb.ids, and video cards";
diff --git a/pkgs/os-specific/linux/kernel/perf.nix b/pkgs/os-specific/linux/kernel/perf.nix
index a6f399c0fba..bbef2bd19ae 100644
--- a/pkgs/os-specific/linux/kernel/perf.nix
+++ b/pkgs/os-specific/linux/kernel/perf.nix
@@ -53,6 +53,9 @@ stdenv.mkDerivation {
       "-Wno-error=unused-const-variable" "-Wno-error=misleading-indentation"
     ];
 
+  doCheck = false; # requires "sparse"
+  doInstallCheck = false; # same
+
   separateDebugInfo = true;
   installFlags = "install install-man ASCIIDOC8=1 prefix=$(out)";
 
diff --git a/pkgs/os-specific/linux/kexectools/default.nix b/pkgs/os-specific/linux/kexectools/default.nix
index 26f3d89c662..f5f0916b90a 100644
--- a/pkgs/os-specific/linux/kexectools/default.nix
+++ b/pkgs/os-specific/linux/kexectools/default.nix
@@ -2,14 +2,14 @@
 
 stdenv.mkDerivation rec {
   name = "kexec-tools-${version}";
-  version = "2.0.16";
+  version = "2.0.17";
 
   src = fetchurl {
     urls = [
       "mirror://kernel/linux/utils/kernel/kexec/${name}.tar.xz"
       "http://horms.net/projects/kexec/kexec-tools/${name}.tar.xz"
     ];
-    sha256 = "043hasx5b9zk7r7dzx24z5wybg74dpmh0nyns6nrnb3mmm8k642v";
+    sha256 = "1ac20jws8iys9w6dpn4q3hihyx73zkabdwv3gcb779cxfrmq2k2h";
   };
 
   hardeningDisable = [ "format" "pic" "relro" ];
diff --git a/pkgs/os-specific/linux/libcap-ng/default.nix b/pkgs/os-specific/linux/libcap-ng/default.nix
index d4625687c47..845e4e704eb 100644
--- a/pkgs/os-specific/linux/libcap-ng/default.nix
+++ b/pkgs/os-specific/linux/libcap-ng/default.nix
@@ -6,11 +6,11 @@ stdenv.mkDerivation rec {
   name = "libcap-ng-${version}";
   # When updating make sure to test that the version with
   # all of the python bindings still works
-  version = "0.7.8";
+  version = "0.7.9";
 
   src = fetchurl {
     url = "${meta.homepage}/${name}.tar.gz";
-    sha256 = "0pyhjxgsph3p28ayk4ynxab6wvzaqmazk1nkamx11m2w8jbzj6n2";
+    sha256 = "0a0k484kwv0zilry2mbl9k56cnpdhsjxdxin17jas6kkyfy345aa";
   };
 
   nativeBuildInputs = [ swig ];
diff --git a/pkgs/os-specific/linux/libnl/default.nix b/pkgs/os-specific/linux/libnl/default.nix
index f66df8163ff..c79a4314d6f 100644
--- a/pkgs/os-specific/linux/libnl/default.nix
+++ b/pkgs/os-specific/linux/libnl/default.nix
@@ -19,6 +19,8 @@ stdenv.mkDerivation {
       sha256 = "0dd7xxikib201i99k2if066hh7gwf2i4ffckrjplq6lr206jn00r";
     });
 
+  enableParallelBuilding = true;
+
   nativeBuildInputs = [ autoreconfHook bison flex pkgconfig ];
 
   meta = with lib; {
diff --git a/pkgs/os-specific/linux/lvm2/default.nix b/pkgs/os-specific/linux/lvm2/default.nix
index bd84e121a7d..8cda636e987 100644
--- a/pkgs/os-specific/linux/lvm2/default.nix
+++ b/pkgs/os-specific/linux/lvm2/default.nix
@@ -59,6 +59,8 @@ stdenv.mkDerivation {
     })
   ];
 
+  doCheck = false; # requires root
+
   # To prevent make install from failing.
   preInstall = "installFlags=\"OWNER= GROUP= confdir=$out/etc\"";
 
diff --git a/pkgs/os-specific/linux/mmc-utils/default.nix b/pkgs/os-specific/linux/mmc-utils/default.nix
index a17f687a255..b491d5bbda7 100644
--- a/pkgs/os-specific/linux/mmc-utils/default.nix
+++ b/pkgs/os-specific/linux/mmc-utils/default.nix
@@ -10,6 +10,8 @@ stdenv.mkDerivation rec {
     sha256 = "0hkdzc71pdnscbpdpgwljcchiyancarldjyd0w609sy18bky833x";
   };
 
+  makeFlags = "CC=${stdenv.cc.targetPrefix}cc";
+
   installPhase = ''
     make install prefix=$out
     mkdir -p $out/share/man/man1
diff --git a/pkgs/os-specific/linux/musl/fts-setup-hook.sh b/pkgs/os-specific/linux/musl/fts-setup-hook.sh
index 3962dcb19a2..5cf8c753aec 100644
--- a/pkgs/os-specific/linux/musl/fts-setup-hook.sh
+++ b/pkgs/os-specific/linux/musl/fts-setup-hook.sh
@@ -1,17 +1,4 @@
-ftsLdflags() {
-    # The `depHostOffset` describes how the host platform of the dependencies
-    # are slid relative to the depending package. It is brought into scope of
-    # the environment hook defined as the role of the dependency being applied.
-    case $depHostOffset in
-        -1) local role='BUILD_' ;;
-        0)  local role='' ;;
-        1)  local role='TARGET_' ;;
-        *)  echo "cc-wrapper: Error: Cannot be used with $depHostOffset-offset deps" >2;
-            return 1 ;;
-    esac
-
-    export NIX_${role}LDFLAGS+=" -lfts"
-}
-
-addEnvHooks "$hostOffset" ftsLdflags
+# See pkgs/build-support/setup-hooks/role.bash
+getHostRole
 
+export NIX_${role_pre}LDFLAGS+=" -lfts"
diff --git a/pkgs/os-specific/linux/musl/fts.nix b/pkgs/os-specific/linux/musl/fts.nix
index 0f16e8cc79b..24d25de3a2d 100644
--- a/pkgs/os-specific/linux/musl/fts.nix
+++ b/pkgs/os-specific/linux/musl/fts.nix
@@ -12,5 +12,8 @@ stdenv.mkDerivation rec {
 
   nativeBuildInputs = [ autoreconfHook pkgconfig ];
 
-  setupHook = ./fts-setup-hook.sh;
+  setupHooks = [
+    ../../../build-support/setup-hooks/role.bash
+    ./fts-setup-hook.sh
+  ];
 }
diff --git a/pkgs/os-specific/linux/net-tools/default.nix b/pkgs/os-specific/linux/net-tools/default.nix
index ce287dc1841..42f745b02e3 100644
--- a/pkgs/os-specific/linux/net-tools/default.nix
+++ b/pkgs/os-specific/linux/net-tools/default.nix
@@ -15,6 +15,8 @@ stdenv.mkDerivation rec {
     '';
 
   makeFlags = [
+    "CC=${stdenv.cc.targetPrefix}cc"
+    "AR=${stdenv.cc.targetPrefix}ar"
     "BASEDIR=$(out)"
     "mandir=/share/man"
     "HAVE_ARP_TOOLS=1"
diff --git a/pkgs/os-specific/linux/nfs-utils/default.nix b/pkgs/os-specific/linux/nfs-utils/default.nix
index 904dae55c9c..359d1869084 100644
--- a/pkgs/os-specific/linux/nfs-utils/default.nix
+++ b/pkgs/os-specific/linux/nfs-utils/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, lib, pkgconfig, utillinux, libcap, libtirpc, libevent, libnfsidmap
+{ stdenv, fetchurl, fetchpatch, lib, pkgconfig, utillinux, libcap, libtirpc, libevent, libnfsidmap
 , sqlite, kerberos, kmod, libuuid, keyutils, lvm2, systemd, coreutils, tcp_wrappers
 , buildEnv
 }:
@@ -39,6 +39,18 @@ in stdenv.mkDerivation rec {
     ]
     ++ lib.optional (stdenv ? glibc) "--with-rpcgen=${stdenv.glibc.bin}/bin/rpcgen";
 
+  patches = lib.optionals stdenv.hostPlatform.isMusl [
+    (fetchpatch {
+      url = "https://raw.githubusercontent.com/alpinelinux/aports/cb880042d48d77af412d4688f24b8310ae44f55f/main/nfs-utils/0011-exportfs-only-do-glibc-specific-hackery-on-glibc.patch";
+      sha256 = "0rrddrykz8prk0dcgfvmnz0vxn09dbgq8cb098yjjg19zz6d7vid";
+    })
+    # http://openwall.com/lists/musl/2015/08/18/10
+    (fetchpatch {
+      url = "https://raw.githubusercontent.com/alpinelinux/aports/cb880042d48d77af412d4688f24b8310ae44f55f/main/nfs-utils/musl-getservbyport.patch";
+      sha256 = "1fqws9dz8n1d9a418c54r11y3w330qgy2652dpwcy96cm44sqyhf";
+    })
+  ];
+
   postPatch =
     ''
       patchShebangs tests
diff --git a/pkgs/os-specific/linux/pam/default.nix b/pkgs/os-specific/linux/pam/default.nix
index 5f92dfcc839..1db1a493ae2 100644
--- a/pkgs/os-specific/linux/pam/default.nix
+++ b/pkgs/os-specific/linux/pam/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, buildPackages, hostPlatform, fetchurl, fetchpatch, flex, cracklib }:
+{ stdenv, buildPackages, hostPlatform, fetchurl, fetchpatch, flex, cracklib, db4 }:
 
 stdenv.mkDerivation rec {
   name = "linux-pam-${version}";
@@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
   depsBuildBuild = [ buildPackages.stdenv.cc ];
   nativeBuildInputs = [ flex ];
 
-  buildInputs = [ cracklib ];
+  buildInputs = [ cracklib db4 ];
 
   enableParallelBuilding = true;
 
@@ -70,9 +70,12 @@ stdenv.mkDerivation rec {
       sed -e 's/pam_rhosts//g' -i modules/Makefile.in
   '';
 
-  meta = {
-    homepage = http://ftp.kernel.org/pub/linux/libs/pam/;
+  doCheck = false; # fails
+
+  meta = with stdenv.lib; {
+    homepage = http://www.linux-pam.org/;
     description = "Pluggable Authentication Modules, a flexible mechanism for authenticating user";
-    platforms = stdenv.lib.platforms.linux;
+    platforms = platforms.linux;
+    license = licenses.bsd3;
   };
 }
diff --git a/pkgs/os-specific/linux/procps-ng/default.nix b/pkgs/os-specific/linux/procps-ng/default.nix
index 316f0ad1a28..08420e36c65 100644
--- a/pkgs/os-specific/linux/procps-ng/default.nix
+++ b/pkgs/os-specific/linux/procps-ng/default.nix
@@ -1,38 +1,17 @@
-{ lib, stdenv, fetchFromGitLab, fetchpatch, ncurses, libtool, gettext, autoconf, automake, pkgconfig }:
+{ lib, stdenv, fetchurl, ncurses, pkgconfig }:
 
 stdenv.mkDerivation rec {
   name = "procps-${version}";
-  version = "3.3.13";
+  version = "3.3.14";
 
-  src = fetchFromGitLab {
-    owner ="procps-ng";
-    repo = "procps";
-    rev = "v${version}";
-    sha256 = "0r3h9adhqi5fi62lx65z839fww35lfh2isnknhkaw71xndjpzr0q";
+  # The project's releases are on SF, but git repo on gitlab.
+  src = fetchurl {
+    url = "mirror://sourceforge/procps-ng/procps-ng-${version}.tar.xz";
+    sha256 = "0v3j6rkzzscqds37i105cxx3q4dk04rsgpqfd5p7hzcvk59h5njy";
   };
 
   buildInputs = [ ncurses ];
-  nativeBuildInputs = [ libtool gettext autoconf automake pkgconfig ];
-
-  # https://gitlab.com/procps-ng/procps/issues/88
-  # Patches needed for musl and glibc 2.28
-  patches = [
-    (fetchpatch {
-      url = "https://gitlab.com/procps-ng/procps/uploads/f91ff094be1e4638aeffb67bdbb751ba/numa.h.diff";
-      sha256 = "16r537d2wfrvbv6dg9vyfck8n31xa58903mnssw1s4kb5ap83yd5";
-      extraPrefix = "";
-    })
-    (fetchpatch {
-      url = "https://gitlab.com/procps-ng/procps/uploads/6a7bdea4d82ba781451316fda74192ae/libio_detection.diff";
-      sha256 = "0qp0j60kiycjsv213ih10imjirmxz8zja3rk9fq5lr5xf7k2lr3p";
-    })
-  ];
-
-  # autoreconfHook doesn't quite get, what procps-ng buildprocss does
-  # with po/Makefile.in.in and stuff.
-  preConfigure = ''
-    ./autogen.sh
-  '';
+  nativeBuildInputs = [ pkgconfig ];
 
   makeFlags = "usrbin_execdir=$(out)/bin";
 
diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index c1f139d42a6..89bd123d938 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -1,7 +1,7 @@
 { stdenv, fetchFromGitHub, fetchpatch, pkgconfig, intltool, gperf, libcap, kmod
 , zlib, xz, pam, acl, cryptsetup, libuuid, m4, utillinux, libffi
 , glib, kbd, libxslt, coreutils, libgcrypt, libgpgerror, libidn2, libapparmor
-, audit, lz4, bzip2, libmicrohttpd
+, audit, lz4, bzip2, libmicrohttpd, pcre2
 , linuxHeaders ? stdenv.cc.libc.linuxHeaders
 , iptables, gnu-efi
 , autoreconfHook, gettext, docbook_xsl, docbook_xml_dtd_42, docbook_xml_dtd_45
@@ -43,7 +43,7 @@ in stdenv.mkDerivation rec {
   buildInputs =
     [ linuxHeaders libcap kmod xz pam acl
       /* cryptsetup */ libuuid glib libgcrypt libgpgerror libidn2
-      libmicrohttpd ] ++
+      libmicrohttpd pcre2 ] ++
       stdenv.lib.optional withKexectools kexectools ++
       stdenv.lib.optional withLibseccomp libseccomp ++
     [ libffi audit lz4 bzip2 libapparmor
@@ -155,6 +155,14 @@ in stdenv.mkDerivation rec {
       --replace "SYSTEMD_CGROUP_AGENT_PATH" "_SYSTEMD_CGROUP_AGENT_PATH"
   '';
 
+  patches = [
+    # https://github.com/systemd/systemd/pull/8580
+    (fetchpatch {
+      url = https://github.com/systemd/systemd/pull/8580.patch;
+      sha256 = "1yp07hlpgqq0h2y0qc3kasswzkycz6p8d56d695ck1qa2f5bdfgn";
+    })
+  ];
+
   hardeningDisable = [ "stackprotector" ];
 
   NIX_CFLAGS_COMPILE =
@@ -170,6 +178,8 @@ in stdenv.mkDerivation rec {
       "-USYSTEMD_BINARY_PATH" "-DSYSTEMD_BINARY_PATH=\"/run/current-system/systemd/lib/systemd/systemd\""
     ];
 
+  doCheck = false; # fails a bunch of tests
+
   postInstall = ''
     # sysinit.target: Don't depend on
     # systemd-tmpfiles-setup.service. This interferes with NixOps's
diff --git a/pkgs/os-specific/linux/tcp-wrappers/cdecls.patch b/pkgs/os-specific/linux/tcp-wrappers/cdecls.patch
new file mode 100644
index 00000000000..eee640e8a82
--- /dev/null
+++ b/pkgs/os-specific/linux/tcp-wrappers/cdecls.patch
@@ -0,0 +1,31 @@
+__BEGIN_DECLS/__END_DECLS are BSD specific and not defined in musl
+glibc and uclibc had sys/cdefs.h doing it.
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+Index: tcp_wrappers_7.6/tcpd.h
+===================================================================
+--- tcp_wrappers_7.6.orig/tcpd.h
++++ tcp_wrappers_7.6/tcpd.h
+@@ -11,7 +11,9 @@
+ #include <netinet/in.h>
+ #include <stdio.h>
+ 
+-__BEGIN_DECLS
++#ifdef __cplusplus
++extern "C" {
++#endif
+ 
+ /* Structure to describe one communications endpoint. */
+ 
+@@ -252,6 +254,8 @@ extern char *fix_strtok();
+ extern char *my_strtok();
+ #endif
+ 
+-__END_DECLS
++#ifdef __cplusplus
++}
++#endif
+ 
+ #endif
diff --git a/pkgs/os-specific/linux/tcp-wrappers/default.nix b/pkgs/os-specific/linux/tcp-wrappers/default.nix
index 7da4e39ca6c..5df7bb827aa 100644
--- a/pkgs/os-specific/linux/tcp-wrappers/default.nix
+++ b/pkgs/os-specific/linux/tcp-wrappers/default.nix
@@ -20,11 +20,22 @@ in stdenv.mkDerivation rec {
   prePatch = ''
     tar -xaf $debian
     patches="$(cat debian/patches/series | sed 's,^,debian/patches/,') $patches"
+
+    substituteInPlace Makefile --replace STRINGS STRINGDEFS
+    substituteInPlace debian/patches/13_shlib_weaksym --replace STRINGS STRINGDEFS
+  '';
+
+  # Fix __BEGIN_DECLS usage (even if it wasn't non-standard, this doesn't include sys/cdefs.h)
+  patches = [ ./cdecls.patch ];
+
+  postPatch = stdenv.lib.optionalString stdenv.hostPlatform.isMusl ''
+    substituteInPlace Makefile \
+      --replace '-DNETGROUP' '-DUSE_GETDOMAIN'
   '';
 
   buildInputs = [ libnsl ];
 
-  makeFlags = [ "STRINGS=" "REAL_DAEMON_DIR=$(out)/bin" "linux" ];
+  makeFlags = [ "REAL_DAEMON_DIR=$(out)/bin" "linux" "AR:=$(AR)" ];
 
   installPhase = ''
     mkdir -p "$out/bin"
diff --git a/pkgs/os-specific/linux/tcp-wrappers/tcp-wrappers-7.6-headers.patch b/pkgs/os-specific/linux/tcp-wrappers/tcp-wrappers-7.6-headers.patch
new file mode 100644
index 00000000000..328a4a10261
--- /dev/null
+++ b/pkgs/os-specific/linux/tcp-wrappers/tcp-wrappers-7.6-headers.patch
@@ -0,0 +1,295 @@
+--- a/options.c
++++ b/options.c
+@@ -34,6 +34,8 @@
+ 
+ /* System libraries. */
+ 
++#include <unistd.h>
++#include <stdlib.h>
+ #include <sys/types.h>
+ #include <sys/param.h>
+ #include <sys/socket.h>
+--- a/safe_finger.c
++++ b/safe_finger.c
+@@ -20,6 +20,11 @@
+ 
+ /* System libraries */
+ 
++#include <unistd.h>
++#include <fcntl.h>
++#include <stdlib.h>
++#include <sys/wait.h>
++#include <grp.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <signal.h>
+@@ -27,7 +31,7 @@
+ #include <ctype.h>
+ #include <pwd.h>
+ 
+-extern void exit();
++int pipe_stdin(char **argv);
+ 
+ /* Local stuff */
+ 
+--- a/scaffold.c
++++ b/scaffold.c
+@@ -10,6 +10,7 @@
+ 
+ /* System libraries. */
+ 
++#include <stdlib.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <sys/socket.h>
+@@ -27,7 +27,4 @@
+ #endif
+ 
+-#ifndef INET6
+-extern char *malloc();
+-#endif
+ 
+ /* Application-specific. */
+--- a/shell_cmd.c
++++ b/shell_cmd.c
+@@ -14,6 +14,10 @@
+ 
+ /* System libraries. */
+ 
++#include <unistd.h>
++#include <stdlib.h>
++#include <fcntl.h>
++#include <sys/wait.h>
+ #include <sys/types.h>
+ #include <sys/param.h>
+ #include <signal.h>
+@@ -25,8 +25,6 @@
+ #include <syslog.h>
+ #include <string.h>
+ 
+-extern void exit();
+-
+ /* Local stuff. */
+ 
+ #include "tcpd.h"
+--- a/tcpdchk.c
++++ b/tcpdchk.c
+@@ -20,6 +20,8 @@
+ 
+ /* System libraries. */
+ 
++#include <unistd.h>
++#include <stdlib.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #ifdef INET6
+@@ -35,10 +36,7 @@
+ #include <netdb.h>
+ #include <string.h>
+ 
+-extern int errno;
+-extern void exit();
+-extern int optind;
+-extern char *optarg;
++int cidr_mask_addr(char *str);
+ 
+ #ifndef INADDR_NONE
+ #define INADDR_NONE     (-1)		/* XXX should be 0xffffffff */
+--- a/clean_exit.c
++++ b/clean_exit.c
+@@ -13,8 +13,8 @@
+ #endif
+ 
+ #include <stdio.h>
+-
+-extern void exit();
++#include <unistd.h>
++#include <stdlib.h>
+ 
+ #include "tcpd.h"
+ 
+--- a/hosts_access.c
++++ b/hosts_access.c
+@@ -23,6 +23,7 @@
+ 
+ /* System libraries. */
+ 
++#include <stdlib.h>
+ #include <sys/types.h>
+ #ifdef INT32_T
+     typedef uint32_t u_int32_t;
+@@ -43,8 +44,8 @@
+ #include <netdb.h>
+ #endif
+ 
+-extern char *fgets();
+-extern int errno;
++static int match_pattern_ylo(const char *s, const char *pattern);
++int cidr_mask_addr(char *str);
+ 
+ #ifndef	INADDR_NONE
+ #define	INADDR_NONE	(-1)		/* XXX should be 0xffffffff */
+--- a/inetcf.c
++++ b/inetcf.c
+@@ -9,15 +9,14 @@
+ static char sccsid[] = "@(#) inetcf.c 1.7 97/02/12 02:13:23";
+ #endif
+ 
++#include <stdlib.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <stdio.h>
+ #include <errno.h>
+ #include <string.h>
+ 
+-extern int errno;
+-extern void exit();
+-
++#include "scaffold.h"
+ #include "tcpd.h"
+ #include "inetcf.h"
+ 
+--- a/percent_x.c
++++ b/percent_x.c
+@@ -16,12 +16,12 @@
+ 
+ /* System libraries. */
+ 
++#include <unistd.h>
++#include <stdlib.h>
+ #include <stdio.h>
+ #include <syslog.h>
+ #include <string.h>
+ 
+-extern void exit();
+-
+ /* Local stuff. */
+ 
+ #include "tcpd.h"
+--- a/rfc931.c
++++ b/rfc931.c
+@@ -15,6 +15,7 @@
+ 
+ /* System libraries. */
+ 
++#include <unistd.h>
+ #include <stdio.h>
+ #include <syslog.h>
+ #include <sys/types.h>
+--- a/tcpd.c
++++ b/tcpd.c
+@@ -16,6 +16,7 @@
+ 
+ /* System libraries. */
+ 
++#include <unistd.h>
+ #include <sys/types.h>
+ #include <sys/param.h>
+ #include <sys/stat.h>
+@@ -39,6 +39,8 @@
+ #include "patchlevel.h"
+ #include "tcpd.h"
+ 
++void fix_options(struct request_info *request);
++
+ int     allow_severity = SEVERITY;	/* run-time adjustable */
+ int     deny_severity = LOG_WARNING;	/* ditto */
+ 
+--- a/tcpdmatch.c
++++ b/tcpdmatch.c
+@@ -19,6 +19,8 @@
+ 
+ /* System libraries. */
+ 
++#include <unistd.h>
++#include <stdlib.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <sys/socket.h>
+@@ -30,9 +32,6 @@
+ #include <setjmp.h>
+ #include <string.h>
+ 
+-extern void exit();
+-extern int optind;
+-extern char *optarg;
+ 
+ #ifndef	INADDR_NONE
+ #define	INADDR_NONE	(-1)		/* XXX should be 0xffffffff */
+--- a/update.c
++++ b/update.c
+@@ -19,6 +19,7 @@
+ 
+ /* System libraries */
+ 
++#include <unistd.h>
+ #include <stdio.h>
+ #include <syslog.h>
+ #include <string.h>
+--- a/misc.c
++++ b/misc.c
+@@ -14,11 +14,10 @@
+ #include <arpa/inet.h>
+ #include <stdio.h>
+ #include <string.h>
++#include <stdlib.h>
+ 
+ #include "tcpd.h"
+ 
+-extern char *fgets();
+-
+ #ifndef	INADDR_NONE
+ #define	INADDR_NONE	(-1)		/* XXX should be 0xffffffff */
+ #endif
+--- a/fix_options.c
++++ b/fix_options.c
+@@ -32,6 +32,7 @@
+ 
+ /* fix_options - get rid of IP-level socket options */
+ 
++void
+ fix_options(request)
+ struct request_info *request;
+ {
+@@ -38,11 +38,8 @@
+ #ifdef IP_OPTIONS
+     unsigned char optbuf[BUFFER_SIZE / 3], *cp;
+     char    lbuf[BUFFER_SIZE], *lp;
+-#ifdef __GLIBC__
+-    size_t  optsize = sizeof(optbuf), ipproto;
+-#else
+-    int     optsize = sizeof(optbuf), ipproto;
+-#endif
++    socklen_t optsize = sizeof(optbuf);
++    int ipproto;
+     struct protoent *ip;
+     int     fd = request->fd;
+     unsigned int opt;
+--- a/socket.c
++++ b/socket.c
+@@ -95,11 +95,7 @@
+     static struct sockaddr_in client;
+     static struct sockaddr_in server;
+ #endif
+-#ifdef __GLIBC__
+-    size_t  len;
+-#else
+-    int     len;
+-#endif
++    socklen_t len;
+     char    buf[BUFSIZ];
+     int     fd = request->fd;
+ 
+@@ -430,11 +426,7 @@
+ #else
+     struct sockaddr_in sin;
+ #endif
+-#ifdef __GLIBC__
+-    size_t  size = sizeof(sin);
+-#else
+-    int     size = sizeof(sin);
+-#endif
++    socklen_t size;
+ 
+     /*
+      * Eat up the not-yet received datagram. Some systems insist on a
diff --git a/pkgs/os-specific/linux/udisks/2-default.nix b/pkgs/os-specific/linux/udisks/2-default.nix
index 1c8e429c945..a057cb3c101 100644
--- a/pkgs/os-specific/linux/udisks/2-default.nix
+++ b/pkgs/os-specific/linux/udisks/2-default.nix
@@ -48,6 +48,8 @@ stdenv.mkDerivation rec {
     "INTROSPECTION_TYPELIBDIR=$(out)/lib/girepository-1.0"
   ];
 
+  doCheck = false; # fails
+
   meta = {
     homepage = http://www.freedesktop.org/wiki/Software/udisks;
     description = "A daemon and command-line utility for querying and manipulating storage devices";
diff --git a/pkgs/os-specific/linux/upower/default.nix b/pkgs/os-specific/linux/upower/default.nix
index 8c1d117bc8b..1e9101b68af 100644
--- a/pkgs/os-specific/linux/upower/default.nix
+++ b/pkgs/os-specific/linux/upower/default.nix
@@ -28,6 +28,8 @@ stdenv.mkDerivation rec {
 
   NIX_CFLAGS_LINK = "-lgcc_s";
 
+  doCheck = false; # fails with "env: './linux/integration-test': No such file or directory"
+
   installFlags = "historydir=$(TMPDIR)/foo";
 
   meta = {
diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix
index 618ba42e741..9ec6c22d32a 100644
--- a/pkgs/os-specific/linux/util-linux/default.nix
+++ b/pkgs/os-specific/linux/util-linux/default.nix
@@ -4,15 +4,15 @@
 let
   version = lib.concatStringsSep "." ([ majorVersion ]
     ++ lib.optional (patchVersion != "") patchVersion);
-  majorVersion = "2.31";
-  patchVersion = "1";
+  majorVersion = "2.32";
+  patchVersion = "";
 
 in stdenv.mkDerivation rec {
   name = "util-linux-${version}";
 
   src = fetchurl {
     url = "mirror://kernel/linux/utils/util-linux/v${majorVersion}/${name}.tar.xz";
-    sha256 = "04fzrnrr3pvqskvjn9f81y0knh0jvvqx4lmbz5pd4lfdm5pv2l8s";
+    sha256 = "0d2758kjll5xqm5fpp3sww1h66aahx161sf2b60jxqv4qymrfwvc";
   };
 
   patches = [
diff --git a/pkgs/os-specific/linux/v4l-utils/default.nix b/pkgs/os-specific/linux/v4l-utils/default.nix
index 84b31d4d516..9bdb16cd1f1 100644
--- a/pkgs/os-specific/linux/v4l-utils/default.nix
+++ b/pkgs/os-specific/linux/v4l-utils/default.nix
@@ -8,11 +8,11 @@
 
 stdenv.mkDerivation rec {
   name = "v4l-utils-${version}";
-  version = "1.12.3";
+  version = "1.14.2";
 
   src = fetchurl {
     url = "http://linuxtv.org/downloads/v4l-utils/${name}.tar.bz2";
-    sha256 = "0vpl3jl0x441y7b5cn7zhdsyi954hp9h2p30jhnr1zkx1rpxsiss";
+    sha256 = "14h6d2p3n4jmxhd8i0p1m5dbwz5vnpb3z88xqd9ghg15n7265fg6";
   };
 
   outputs = [ "out" "dev" ];
diff --git a/pkgs/servers/amqp/rabbitmq-server/default.nix b/pkgs/servers/amqp/rabbitmq-server/default.nix
index 3d4a8902c91..4cc187846d0 100644
--- a/pkgs/servers/amqp/rabbitmq-server/default.nix
+++ b/pkgs/servers/amqp/rabbitmq-server/default.nix
@@ -1,17 +1,11 @@
 { stdenv, fetchurl, runCommand
 , erlang, python, libxml2, libxslt, xmlto
 , docbook_xml_dtd_45, docbook_xsl, zip, unzip, rsync
-
 , AppKit, Carbon, Cocoa
+, getconf
 }:
 
-let
-  # we only need that one glibc binary (28k instead of 2.7M)
-  getconf = runCommand "getconf" {} ''
-    install -D ${stdenv.lib.getBin stdenv.cc.libc}/bin/getconf $out/bin/getconf
-  '';
-
-in stdenv.mkDerivation rec {
+stdenv.mkDerivation rec {
   name = "rabbitmq-server-${version}";
   version = "3.6.15";
 
diff --git a/pkgs/servers/dns/bind/default.nix b/pkgs/servers/dns/bind/default.nix
index 4002c6b3542..1aa487055e2 100644
--- a/pkgs/servers/dns/bind/default.nix
+++ b/pkgs/servers/dns/bind/default.nix
@@ -67,6 +67,8 @@ stdenv.mkDerivation rec {
     done
   '';
 
+  doCheck = false; # requires root and the net
+
   meta = {
     homepage = http://www.isc.org/software/bind;
     description = "Domain name server";
diff --git a/pkgs/servers/monitoring/net-snmp/default.nix b/pkgs/servers/monitoring/net-snmp/default.nix
index 77dcfa43c43..a6b738270a9 100644
--- a/pkgs/servers/monitoring/net-snmp/default.nix
+++ b/pkgs/servers/monitoring/net-snmp/default.nix
@@ -44,6 +44,7 @@ stdenv.mkDerivation rec {
   buildInputs = [ file perl unzip openssl ];
 
   enableParallelBuilding = true;
+  doCheck = false; # fails
 
   postInstall = ''
     for f in "$out/lib/"*.la $out/bin/net-snmp-config $out/bin/net-snmp-create-v3-user; do
diff --git a/pkgs/servers/sql/mariadb/default.nix b/pkgs/servers/sql/mariadb/default.nix
index 170cc6c84a6..e22e3a64fac 100644
--- a/pkgs/servers/sql/mariadb/default.nix
+++ b/pkgs/servers/sql/mariadb/default.nix
@@ -167,11 +167,11 @@ everything = stdenv.mkDerivation (common // {
 
 connector-c = stdenv.mkDerivation rec {
   name = "mariadb-connector-c-${version}";
-  version = "2.3.4";
+  version = "2.3.5";
 
   src = fetchurl {
     url = "https://downloads.mariadb.org/interstitial/connector-c-${version}/mariadb-connector-c-${version}-src.tar.gz/from/http%3A//ftp.hosteurope.de/mirror/archive.mariadb.org/?serve";
-    sha256 = "1g1sq5knarxkfhpkcczr6qxmq12pid65cdkqnhnfs94av89hbswb";
+    sha256 = "0vvlfs56hxin130vh8pcs5w7jpv1yc6g76bhpzg88hnp4v1z8frg";
     name   = "mariadb-connector-c-${version}-src.tar.gz";
   };
 
diff --git a/pkgs/servers/sql/postgresql/default.nix b/pkgs/servers/sql/postgresql/default.nix
index a2093962ea9..5d348c12943 100644
--- a/pkgs/servers/sql/postgresql/default.nix
+++ b/pkgs/servers/sql/postgresql/default.nix
@@ -75,6 +75,8 @@ let
         wrapProgram $out/bin/initdb --prefix PATH ":" ${glibc.bin}/bin
       '';
 
+    doInstallCheck = false; # needs a running daemon?
+
     disallowedReferences = [ stdenv.cc ];
 
     passthru = {
diff --git a/pkgs/servers/x11/xorg/default.nix b/pkgs/servers/x11/xorg/default.nix
index 07faa8d3cc7..d15c5924b77 100644
--- a/pkgs/servers/x11/xorg/default.nix
+++ b/pkgs/servers/x11/xorg/default.nix
@@ -2468,11 +2468,11 @@ let
   }) // {inherit inputproto libX11 libXaw xproto libXt ;};
 
   xkeyboardconfig = (mkDerivation "xkeyboardconfig" {
-    name = "xkeyboard-config-2.22";
+    name = "xkeyboard-config-2.23.1";
     builder = ./builder.sh;
     src = fetchurl {
-      url = mirror://xorg/individual/data/xkeyboard-config/xkeyboard-config-2.22.tar.bz2;
-      sha256 = "1garmbyfjp0han04l2l90zzwlfbdgdxl6r1qnic36i5wkycckbny";
+      url = mirror://xorg/individual/data/xkeyboard-config/xkeyboard-config-2.23.1.tar.bz2;
+      sha256 = "1wq27cs1c9y7d1d7zp5yhq29paj9smajdb68lyvm28d2zq2vqjra";
     };
     nativeBuildInputs = [ pkgconfig ];
     buildInputs = [ libX11 xproto ];
diff --git a/pkgs/servers/x11/xorg/overrides.nix b/pkgs/servers/x11/xorg/overrides.nix
index ce78eba4b43..81b06f0c699 100644
--- a/pkgs/servers/x11/xorg/overrides.nix
+++ b/pkgs/servers/x11/xorg/overrides.nix
@@ -598,6 +598,10 @@ in
     nativeBuildInputs = attrs.nativeBuildInputs ++ [args.bison args.flex];
   };
 
+  xauth = attrs: attrs // {
+    doCheck = false; # fails
+  };
+
   xcursorthemes = attrs: attrs // {
     buildInputs = attrs.buildInputs ++ [xorg.xcursorgen];
     configureFlags = "--with-cursordir=$(out)/share/icons";
diff --git a/pkgs/shells/bash/4.4.nix b/pkgs/shells/bash/4.4.nix
index 04a03698289..72ce29bf3f2 100644
--- a/pkgs/shells/bash/4.4.nix
+++ b/pkgs/shells/bash/4.4.nix
@@ -1,37 +1,33 @@
 { stdenv, buildPackages
-, fetchurl, readline70 ? null, texinfo ? null, binutils ? null, bison, autoconf
+, fetchurl, binutils ? null, bison, autoconf
 , buildPlatform, hostPlatform
-, interactive ? false
+
+# patch for cygwin requires readline support
+, interactive ? stdenv.isCygwin, readline70 ? null
+, withDocs ? false, texinfo ? null
+, self
 }:
 
+with stdenv.lib;
+
 assert interactive -> readline70 != null;
+assert withDocs -> texinfo != null;
 assert hostPlatform.isDarwin -> binutils != null;
 
 let
-  version = "4.4";
-  realName = "bash-${version}";
-  shortName = "bash44";
-  sha256 = "1jyz6snd63xjn6skk7za6psgidsd53k05cr3lksqybi0q6936syq";
-
-  upstreamPatches =
-    let
-      patch = nr: sha256:
-        fetchurl {
-          url = "mirror://gnu/bash/${realName}-patches/${shortName}-${nr}";
-          inherit sha256;
-        };
-    in
-      import ./bash-4.4-patches.nix patch;
-
-  inherit (stdenv.lib) optional optionals optionalString;
+  upstreamPatches = import ./bash-4.4-patches.nix (nr: sha256: fetchurl {
+    url = "mirror://gnu/bash/bash-4.4-patches/bash44-${nr}";
+    inherit sha256;
+  });
 in
 
 stdenv.mkDerivation rec {
-  name = "${realName}-p${toString (builtins.length upstreamPatches)}";
+  name = "bash-${optionalString interactive "interactive-"}${version}-p${toString (builtins.length upstreamPatches)}";
+  version = "4.4";
 
   src = fetchurl {
-    url = "mirror://gnu/bash/${realName}.tar.gz";
-    inherit sha256;
+    url = "mirror://gnu/bash/bash-${version}.tar.gz";
+    sha256 = "1jyz6snd63xjn6skk7za6psgidsd53k05cr3lksqybi0q6936syq";
   };
 
   hardeningDisable = [ "format" ];
@@ -50,18 +46,19 @@ stdenv.mkDerivation rec {
   patchFlags = "-p0";
 
   patches = upstreamPatches
+    ++ optional hostPlatform.isCygwin ./cygwin-bash-4.4.11-2.src.patch
     # https://lists.gnu.org/archive/html/bug-bash/2016-10/msg00006.html
-    ++ optional (hostPlatform.libc == "musl") (fetchurl {
+    ++ optional hostPlatform.isMusl (fetchurl {
       url = "https://lists.gnu.org/archive/html/bug-bash/2016-10/patchJxugOXrY2y.patch";
       sha256 = "1m4v9imidb1cc1h91f2na0b8y9kc5c5fgmpvy9apcyv2kbdcghg1";
-  });
-
-  postPatch = optionalString hostPlatform.isCygwin "patch -p2 < ${./cygwin-bash-4.4.11-2.src.patch}";
+    });
 
   configureFlags = [
     (if interactive then "--with-installed-readline" else "--disable-readline")
   ] ++ optionals (hostPlatform != buildPlatform) [
-    "bash_cv_job_control_missing=nomissing bash_cv_sys_named_pipes=nomissing bash_cv_getcwd_malloc=yes"
+    "bash_cv_job_control_missing=nomissing"
+    "bash_cv_sys_named_pipes=nomissing"
+    "bash_cv_getcwd_malloc=yes"
   ] ++ optionals hostPlatform.isCygwin [
     "--without-libintl-prefix --without-libiconv-prefix"
     "--with-installed-readline"
@@ -75,8 +72,8 @@ stdenv.mkDerivation rec {
 
   # Note: Bison is needed because the patches above modify parse.y.
   depsBuildBuild = [ buildPackages.stdenv.cc ];
-  nativeBuildInputs = [bison]
-    ++ optional (texinfo != null) texinfo
+  nativeBuildInputs = [ bison ]
+    ++ optional withDocs texinfo
     ++ optional hostPlatform.isDarwin binutils
     ++ optional (hostPlatform.libc == "musl") autoconf;
 
diff --git a/pkgs/shells/bash/cygwin-bash-4.4.11-2.src.patch b/pkgs/shells/bash/cygwin-bash-4.4.11-2.src.patch
index c854e8828ae..48837310962 100644
--- a/pkgs/shells/bash/cygwin-bash-4.4.11-2.src.patch
+++ b/pkgs/shells/bash/cygwin-bash-4.4.11-2.src.patch
@@ -1,5 +1,5 @@
---- origsrc/bash-4.4/bashline.c	2017-01-23 13:28:06.955247200 -0600
-+++ src/bash-4.4/bashline.c	2017-01-23 13:55:07.992877600 -0600
+--- bashline.c	2017-01-23 13:28:06.955247200 -0600
++++ bashline.c	2017-01-23 13:55:07.992877600 -0600
 @@ -76,6 +76,16 @@
  #  include "pcomplete.h"
  #endif
@@ -104,8 +104,8 @@
    r = file_isdir (fn);
    free (fn);
  
---- origsrc/bash-4.4/builtins/read.def	2017-01-23 13:28:07.017686500 -0600
-+++ src/bash-4.4/builtins/read.def	2017-01-23 13:55:07.992877600 -0600
+--- builtins/read.def	2017-01-23 13:28:07.017686500 -0600
++++ builtins/read.def	2017-01-23 13:55:07.992877600 -0600
 @@ -85,7 +85,6 @@ $END
  
  #ifdef __CYGWIN__
@@ -140,8 +140,8 @@
        if ((skip_ctlesc == 0 && c == CTLESC) || (skip_ctlnul == 0 && c == CTLNUL))
  	{
  	  saw_escape++;
---- origsrc/bash-4.4/builtins/set.def	2016-06-02 19:10:10.000000000 -0500
-+++ src/bash-4.4/builtins/set.def	2017-01-23 13:55:07.992877600 -0600
+--- builtins/set.def	2016-06-02 19:10:10.000000000 -0500
++++ builtins/set.def	2017-01-23 13:55:07.992877600 -0600
 @@ -56,6 +56,13 @@ extern int dont_save_function_defs;
  #if defined (READLINE)
  extern int no_line_editing;
@@ -258,8 +258,8 @@
        free (vname);
      }
  }
---- origsrc/bash-4.4/builtins/shopt.def	2016-05-06 14:00:02.000000000 -0500
-+++ src/bash-4.4/builtins/shopt.def	2017-01-23 13:55:07.992877600 -0600
+--- builtins/shopt.def	2016-05-06 14:00:02.000000000 -0500
++++ builtins/shopt.def	2017-01-23 13:55:07.992877600 -0600
 @@ -92,6 +92,10 @@ extern int glob_asciirange;
  extern int lastpipe_opt;
  extern int inherit_errexit;
@@ -281,8 +281,8 @@
  #if defined (READLINE)
    { "complete_fullquote", &complete_fullquote, (shopt_set_func_t *)NULL},
    { "direxpand", &dircomplete_expand, shopt_set_complete_direxpand },
---- origsrc/bash-4.4/config-top.h	2016-05-19 13:34:02.000000000 -0500
-+++ src/bash-4.4/config-top.h	2017-01-23 13:55:07.992877600 -0600
+--- config-top.h	2016-05-19 13:34:02.000000000 -0500
++++ config-top.h	2017-01-23 13:55:07.992877600 -0600
 @@ -87,10 +87,10 @@
  #define DEFAULT_BASHRC "~/.bashrc"
  
@@ -305,8 +305,8 @@
  
  /* Define if you want the case-capitalizing operators (~[~]) and the
     `capcase' variable attribute (declare -c). */
---- origsrc/bash-4.4/doc/Makefile.in	2015-12-06 18:55:56.000000000 -0600
-+++ src/bash-4.4/doc/Makefile.in	2017-01-23 13:55:07.992877600 -0600
+--- doc/Makefile.in	2015-12-06 18:55:56.000000000 -0600
++++ doc/Makefile.in	2017-01-23 13:55:07.992877600 -0600
 @@ -189,7 +189,7 @@ bashref.html: $(BASHREF_FILES) $(HSUSER)
  	$(MAKEINFO) --html --no-split -I$(TEXINPUTDIR) $(srcdir)/bashref.texi
  
@@ -329,8 +329,8 @@
  	-if test -f bash.info; then d=.; else d=$(srcdir); fi; \
  	  $(INSTALL_DATA) $$d/bash.info $(DESTDIR)$(infodir)/bash.info
  # run install-info if it is present to update the info directory
---- origsrc/bash-4.4/doc/bash.1	2016-08-26 08:45:17.000000000 -0500
-+++ src/bash-4.4/doc/bash.1	2017-01-23 13:55:08.008447700 -0600
+--- doc/bash.1	2016-08-26 08:45:17.000000000 -0500
++++ doc/bash.1	2017-01-23 13:55:08.008447700 -0600
 @@ -9607,6 +9607,10 @@ filenames.
  This variable is set by default, which is the default bash behavior in
  versions through 4.2.
@@ -342,8 +342,8 @@
  .B direxpand
  If set,
  .B bash
---- origsrc/bash-4.4/doc/bashref.texi	2016-09-07 16:13:36.000000000 -0500
-+++ src/bash-4.4/doc/bashref.texi	2017-01-23 13:55:08.008447700 -0600
+--- doc/bashref.texi	2016-09-07 16:13:36.000000000 -0500
++++ doc/bashref.texi	2017-01-23 13:55:08.008447700 -0600
 @@ -5123,6 +5123,10 @@ filenames.
  This variable is set by default, which is the default Bash behavior in
  versions through 4.2.
@@ -355,8 +355,8 @@
  @item direxpand
  If set, Bash
  replaces directory names with the results of word expansion when performing
---- origsrc/bash-4.4/doc/builtins.1	2012-02-21 13:32:05.000000000 -0600
-+++ src/bash-4.4/doc/builtins.1	2017-01-23 13:55:08.008447700 -0600
+--- doc/builtins.1	2012-02-21 13:32:05.000000000 -0600
++++ doc/builtins.1	2017-01-23 13:55:08.008447700 -0600
 @@ -19,6 +19,6 @@ shift, shopt, source, suspend, test, tim
  ulimit, umask, unalias, unset, wait \- bash built-in commands, see \fBbash\fR(1)
  .SH BASH BUILTIN COMMANDS
@@ -365,8 +365,8 @@
 +.so man1/bash.1
  .SH SEE ALSO
  bash(1), sh(1)
---- origsrc/bash-4.4/general.c	2016-08-11 10:16:56.000000000 -0500
-+++ src/bash-4.4/general.c	2017-01-23 13:55:08.008447700 -0600
+--- general.c	2016-08-11 10:16:56.000000000 -0500
++++ general.c	2017-01-23 13:55:08.008447700 -0600
 @@ -48,6 +48,10 @@
  
  #include <tilde/tilde.h>
@@ -388,8 +388,8 @@
        result = savestring (pathbuf);
      }
  #else
---- origsrc/bash-4.4/input.c	2015-09-24 18:49:23.000000000 -0500
-+++ src/bash-4.4/input.c	2017-01-23 13:55:08.008447700 -0600
+--- input.c	2015-09-24 18:49:23.000000000 -0500
++++ input.c	2017-01-23 13:55:08.008447700 -0600
 @@ -44,6 +44,10 @@
  #include "quit.h"
  #include "trap.h"
@@ -421,8 +421,8 @@
  #if !defined (DJGPP)
    return (bufstream_getc (buffers[bash_input.location.buffered_fd]));
  #else
---- origsrc/bash-4.4/lib/sh/pathphys.c	2013-05-28 14:33:58.000000000 -0500
-+++ src/bash-4.4/lib/sh/pathphys.c	2017-01-23 13:55:08.008447700 -0600
+--- lib/sh/pathphys.c	2013-05-28 14:33:58.000000000 -0500
++++ lib/sh/pathphys.c	2017-01-23 13:55:08.008447700 -0600
 @@ -35,6 +35,7 @@
  #include <stdio.h>
  #include <chartypes.h>
@@ -453,8 +453,8 @@
  	      double_slash_path = DOUBLE_SLASH (workpath);
  	      qbase += double_slash_path;
      
---- origsrc/bash-4.4/lib/sh/tmpfile.c	2016-08-11 10:05:58.000000000 -0500
-+++ src/bash-4.4/lib/sh/tmpfile.c	2017-01-23 13:55:08.008447700 -0600
+--- lib/sh/tmpfile.c	2016-08-11 10:05:58.000000000 -0500
++++ lib/sh/tmpfile.c	2017-01-23 13:55:08.008447700 -0600
 @@ -101,7 +101,7 @@ get_tmpdir (flags)
    if (tdir && (file_iswdir (tdir) == 0 || strlen (tdir) > PATH_MAX))
      tdir = 0;
@@ -464,8 +464,8 @@
      tdir = get_sys_tmpdir ();
  
  #if defined (HAVE_PATHCONF) && defined (_PC_NAME_MAX)
---- origsrc/bash-4.4/mksyntax.c	2012-07-29 18:48:38.000000000 -0500
-+++ src/bash-4.4/mksyntax.c	2017-01-23 13:55:08.008447700 -0600
+--- mksyntax.c	2012-07-29 18:48:38.000000000 -0500
++++ mksyntax.c	2017-01-23 13:55:08.008447700 -0600
 @@ -29,13 +29,13 @@
  
  #ifdef HAVE_UNISTD_H
@@ -483,8 +483,8 @@
  #ifndef errno
  extern int errno;
  #endif
---- origsrc/bash-4.4/parse.y	2016-09-11 10:31:46.000000000 -0500
-+++ src/bash-4.4/parse.y	2017-01-23 13:55:08.008447700 -0600
+--- parse.y	2016-09-11 10:31:46.000000000 -0500
++++ parse.y	2017-01-23 13:55:08.008447700 -0600
 @@ -1539,14 +1539,20 @@ yy_string_get ()
    string = bash_input.location.string;
  
@@ -509,8 +509,8 @@
  }
  
  static int
---- origsrc/bash-4.4/subst.c	2017-01-23 13:28:06.955247200 -0600
-+++ src/bash-4.4/subst.c	2017-01-23 13:55:08.008447700 -0600
+--- subst.c	2017-01-23 13:28:06.955247200 -0600
++++ subst.c	2017-01-23 13:55:08.008447700 -0600
 @@ -43,6 +43,7 @@
  #include "posixstat.h"
  #include "bashintl.h"
@@ -562,8 +562,8 @@
    old_pid = last_made_pid;
  #if defined (JOB_CONTROL)
    old_pipeline_pgrp = pipeline_pgrp;
---- origsrc/bash-4.4/support/bashversion.c	2008-09-09 08:31:53.000000000 -0500
-+++ src/bash-4.4/support/bashversion.c	2017-01-23 13:55:08.024037200 -0600
+--- support/bashversion.c	2008-09-09 08:31:53.000000000 -0500
++++ support/bashversion.c	2017-01-23 13:55:08.024037200 -0600
 @@ -26,6 +26,9 @@
  
  #if defined (HAVE_UNISTD_H)
@@ -584,8 +584,8 @@
  extern char *dist_version;
  extern int patch_level;
  
---- origsrc/bash-4.4/support/mkversion.sh	2008-08-13 07:25:57.000000000 -0500
-+++ src/bash-4.4/support/mkversion.sh	2017-01-23 13:55:08.024037200 -0600
+--- support/mkversion.sh	2008-08-13 07:25:57.000000000 -0500
++++ support/mkversion.sh	2017-01-23 13:55:08.024037200 -0600
 @@ -29,7 +29,7 @@ source_dir="."
  while [ $# -gt 0 ]; do
  	case "$1" in
@@ -595,8 +595,8 @@
  	-s)	shift; rel_status=$1; shift ;;
  	-p)	shift; patch_level=$1; shift ;;
  	-d)	shift; dist_version=$1; shift ;;
---- origsrc/bash-4.4/variables.c	2016-06-15 15:05:52.000000000 -0500
-+++ src/bash-4.4/variables.c	2017-01-23 13:55:08.024037200 -0600
+--- variables.c	2016-06-15 15:05:52.000000000 -0500
++++ variables.c	2017-01-23 13:55:08.024037200 -0600
 @@ -5239,6 +5239,7 @@ sv_winsize (name)
  /* Update the value of HOME in the export environment so tilde expansion will
     work on cygwin. */
diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix
index 46df958b839..b523374454f 100644
--- a/pkgs/stdenv/generic/make-derivation.nix
+++ b/pkgs/stdenv/generic/make-derivation.nix
@@ -36,6 +36,9 @@ rec {
     , depsTargetTarget            ? [] #  1 ->  1
     , depsTargetTargetPropagated  ? [] #  1 ->  1
 
+    , checkInputs                 ? []
+    , installCheckInputs          ? []
+
     # Configure Phase
     , configureFlags ? []
     , # Target is not included by default because most programs don't care.
@@ -46,11 +49,13 @@ rec {
         (stdenv.hostPlatform != stdenv.buildPlatform)
         [ "build" "host" ]
 
+    # TODO(@Ericson2314): Make unconditional / resolve #33599
     # Check phase
-    , doCheck ? false
+    , doCheck ? config.doCheckByDefault or false
 
+    # TODO(@Ericson2314): Make unconditional / resolve #33599
     # InstallCheck phase
-    , doInstallCheck ? false
+    , doInstallCheck ? config.doCheckByDefault or false
 
     , crossConfig ? null
     , meta ? {}
@@ -74,6 +79,11 @@ rec {
     # TODO(@Ericson2314): Make this more modular, and not O(n^2).
     let
       supportedHardeningFlags = [ "fortify" "stackprotector" "pie" "pic" "strictoverflow" "format" "relro" "bindnow" ];
+      defaultHardeningFlags = lib.remove "pie" supportedHardeningFlags;
+      enabledHardeningOptions =
+        if builtins.elem "all" hardeningDisable
+        then []
+        else lib.subtractLists hardeningDisable (defaultHardeningFlags ++ hardeningEnable);
       # hardeningDisable additionally supports "all".
       erroneousHardeningFlags = lib.subtractLists supportedHardeningFlags (hardeningEnable ++ lib.remove "all" hardeningDisable);
     in if builtins.length erroneousHardeningFlags != 0
@@ -94,7 +104,9 @@ rec {
         ]
         [
           (map (drv: drv.__spliced.hostHost or drv) depsHostHost)
-          (map (drv: drv.crossDrv or drv) buildInputs)
+          (map (drv: drv.crossDrv or drv) (buildInputs
+             ++ lib.optionals doCheck' checkInputs
+             ++ lib.optionals doInstallCheck' installCheckInputs))
         ]
         [
           (map (drv: drv.__spliced.targetTarget or drv) depsTargetTarget)
@@ -115,34 +127,43 @@ rec {
         ]
       ];
 
+      # TODO(@oxij, @Ericson2314): This is here to keep the old semantics, remove when
+      # no package has `doCheck = true`.
+      doCheck' = doCheck && stdenv.hostPlatform == stdenv.buildPlatform;
+      doInstallCheck' = doInstallCheck && stdenv.hostPlatform == stdenv.buildPlatform;
+
       outputs' =
         outputs ++
         (if separateDebugInfo then assert stdenv.hostPlatform.isLinux; [ "debug" ] else []);
 
+      computedSandboxProfile =
+        lib.concatMap (input: input.__propagatedSandboxProfile or [])
+          (stdenv.extraNativeBuildInputs
+           ++ stdenv.extraBuildInputs
+           ++ lib.concatLists dependencies);
+
+      computedPropagatedSandboxProfile =
+        lib.concatMap (input: input.__propagatedSandboxProfile or [])
+          (lib.concatLists propagatedDependencies);
+
+      computedImpureHostDeps =
+        lib.unique (lib.concatMap (input: input.__propagatedImpureHostDeps or [])
+          (stdenv.extraNativeBuildInputs
+           ++ stdenv.extraBuildInputs
+           ++ lib.concatLists dependencies));
+
+      computedPropagatedImpureHostDeps =
+        lib.unique (lib.concatMap (input: input.__propagatedImpureHostDeps or [])
+          (lib.concatLists propagatedDependencies));
+
       derivationArg =
         (removeAttrs attrs
           ["meta" "passthru" "crossAttrs" "pos"
+           "doCheck" "doInstallCheck"
+           "checkInputs" "installCheckInputs"
            "__impureHostDeps" "__propagatedImpureHostDeps"
            "sandboxProfile" "propagatedSandboxProfile"])
-        // (let
-          computedSandboxProfile =
-            lib.concatMap (input: input.__propagatedSandboxProfile or [])
-              (stdenv.extraNativeBuildInputs
-               ++ stdenv.extraBuildInputs
-               ++ lib.concatLists dependencies);
-          computedPropagatedSandboxProfile =
-            lib.concatMap (input: input.__propagatedSandboxProfile or [])
-              (lib.concatLists propagatedDependencies);
-          computedImpureHostDeps =
-            lib.unique (lib.concatMap (input: input.__propagatedImpureHostDeps or [])
-              (stdenv.extraNativeBuildInputs
-               ++ stdenv.extraBuildInputs
-               ++ lib.concatLists dependencies));
-          computedPropagatedImpureHostDeps =
-            lib.unique (lib.concatMap (input: input.__propagatedImpureHostDeps or [])
-              (lib.concatLists propagatedDependencies));
-        in
-        {
+        // {
           # A hack to make `nix-env -qa` and `nix search` ignore broken packages.
           # TODO(@oxij): remove this assert when something like NixOS/nix#1771 gets merged into nix.
           name = assert validity.handled; name + lib.optionalString
@@ -179,6 +200,15 @@ rec {
             ++ optional (elem "host"   configurePlatforms) "--host=${stdenv.hostPlatform.config}"
             ++ optional (elem "target" configurePlatforms) "--target=${stdenv.targetPlatform.config}";
 
+        } // lib.optionalAttrs (hardeningDisable != [] || hardeningEnable != []) {
+          NIX_HARDENING_ENABLE = enabledHardeningOptions;
+        } // lib.optionalAttrs (outputs' != [ "out" ]) {
+          outputs = outputs';
+        } // lib.optionalAttrs doCheck' {
+          doCheck = true;
+        } // lib.optionalAttrs doInstallCheck' {
+          doInstallCheck = true;
+
         } // lib.optionalAttrs (stdenv.buildPlatform.isDarwin) {
           # TODO: remove lib.unique once nix has a list canonicalization primitive
           __sandboxProfile =
@@ -193,15 +223,7 @@ rec {
             "/bin/sh"
           ];
           __propagatedImpureHostDeps = computedPropagatedImpureHostDeps ++ __propagatedImpureHostDeps;
-        } // lib.optionalAttrs (outputs' != [ "out" ]) {
-          outputs = outputs';
-        } // lib.optionalAttrs (attrs ? doCheck) {
-          # TODO(@Ericson2314): Make unconditional / resolve #33599
-          doCheck = doCheck && (stdenv.hostPlatform == stdenv.buildPlatform);
-        } // lib.optionalAttrs (attrs ? doInstallCheck) {
-          # TODO(@Ericson2314): Make unconditional / resolve #33599
-          doInstallCheck = doInstallCheck && (stdenv.hostPlatform == stdenv.buildPlatform);
-        });
+        };
 
       validity = import ./check-meta.nix {
         inherit lib config meta;
diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh
index d7a4781448a..ed95494e9bb 100644
--- a/pkgs/stdenv/generic/setup.sh
+++ b/pkgs/stdenv/generic/setup.sh
@@ -641,22 +641,9 @@ fi
 # Textual substitution functions.
 
 
-substitute() {
-    local input="$1"
-    local output="$2"
-    shift 2
-
-    if [ ! -f "$input" ]; then
-      echo "substitute(): ERROR: file '$input' does not exist" >&2
-      return 1
-    fi
-
-    local content
-    # read returns non-0 on EOF, so we want read to fail
-    if IFS='' read -r -N 0 content < "$input"; then
-        echo "substitute(): ERROR: File \"$input\" has null bytes, won't process" >&2
-        return 1
-    fi
+substituteStream() {
+    local var=$1
+    shift
 
     while (( "$#" )); do
         case "$1" in
@@ -671,7 +658,7 @@ substitute() {
                 shift 2
                 # check if the used nix attribute name is a valid bash name
                 if ! [[ "$varName" =~ ^[a-zA-Z_][a-zA-Z0-9_]*$ ]]; then
-                    echo "substitute(): ERROR: substitution variables must be valid Bash names, \"$varName\" isn't." >&2
+                    echo "substituteStream(): ERROR: substitution variables must be valid Bash names, \"$varName\" isn't." >&2
                     return 1
                 fi
                 pattern="@$varName@"
@@ -685,18 +672,41 @@ substitute() {
                 ;;
 
             *)
-                echo "substitute(): ERROR: Invalid command line argument: $1" >&2
+                echo "substituteStream(): ERROR: Invalid command line argument: $1" >&2
                 return 1
                 ;;
         esac
 
-        content="${content//"$pattern"/$replacement}"
+        eval "$var"'=${'"$var"'//"$pattern"/"$replacement"}'
     done
 
-    if [ -e "$output" ]; then chmod +w "$output"; fi
-    printf "%s" "$content" > "$output"
+    printf "%s" "${!var}"
+}
+
+consumeEntire() {
+    # read returns non-0 on EOF, so we want read to fail
+    if IFS='' read -r -N 0 $1; then
+        echo "consumeEntire(): ERROR: Input null bytes, won't process" >&2
+        return 1
+    fi
 }
 
+substitute() {
+    local input="$1"
+    local output="$2"
+    shift 2
+
+    if [ ! -f "$input" ]; then
+        echo "substitute(): ERROR: file '$input' does not exist" >&2
+        return 1
+    fi
+
+    local content
+    consumeEntire content < "$input"
+
+    if [ -e "$output" ]; then chmod +w "$output"; fi
+    substituteStream content "$@" > "$output"
+}
 
 substituteInPlace() {
     local fileName="$1"
@@ -704,20 +714,30 @@ substituteInPlace() {
     substitute "$fileName" "$fileName" "$@"
 }
 
+_allFlags() {
+    for varName in $(awk 'BEGIN { for (v in ENVIRON) if (v ~ /^[a-z][a-zA-Z0-9_]*$/) print v }'); do
+        if (( "${NIX_DEBUG:-0}" >= 1 )); then
+            printf "@%s@ -> %q\n" "${varName}" "${!varName}"
+        fi
+        args+=("--subst-var" "$varName")
+    done
+}
+
+substituteAllStream() {
+    local -a args=()
+    _allFlags
+
+    substituteStream "$1" "${args[@]}"
+}
 
 # Substitute all environment variables that start with a lowercase character and
 # are valid Bash names.
 substituteAll() {
     local input="$1"
     local output="$2"
-    local -a args=()
 
-    for varName in $(awk 'BEGIN { for (v in ENVIRON) if (v ~ /^[a-z][a-zA-Z0-9_]*$/) print v }'); do
-        if (( "${NIX_DEBUG:-0}" >= 1 )); then
-            printf "@%s@ -> %q\n" "${varName}" "${!varName}"
-        fi
-        args+=("--subst-var" "$varName")
-    done
+    local -a args=()
+    _allFlags
 
     substitute "$input" "$output" "${args[@]}"
 }
@@ -968,9 +988,11 @@ buildPhase() {
     # set to empty if unset
     : ${makeFlags=}
 
-    if [[ -z "$makeFlags" && ! ( -n "${makefile:-}" || -e Makefile || -e makefile || -e GNUmakefile ) ]]; then
+    if [[ -z "$makeFlags" && -z "${makefile:-}" && ! ( -e Makefile || -e makefile || -e GNUmakefile ) ]]; then
         echo "no Makefile, doing nothing"
     else
+        foundMakefile=1
+
         # See https://github.com/NixOS/nixpkgs/pull/1354#issuecomment-31260409
         makeFlags="SHELL=$SHELL $makeFlags"
 
@@ -994,18 +1016,38 @@ buildPhase() {
 checkPhase() {
     runHook preCheck
 
-    # Old bash empty array hack
-    # shellcheck disable=SC2086
-    local flagsArray=(
-        ${enableParallelBuilding:+-j${NIX_BUILD_CORES} -l${NIX_BUILD_CORES}}
-        $makeFlags ${makeFlagsArray+"${makeFlagsArray[@]}"}
-        ${checkFlags:-VERBOSE=y} ${checkFlagsArray+"${checkFlagsArray[@]}"}
-        ${checkTarget:-check}
-    )
+    if [[ -z "${foundMakefile:-}" ]]; then
+        echo "no Makefile or custom buildPhase, doing nothing"
+        runHook postCheck
+        return
+    fi
 
-    echoCmd 'check flags' "${flagsArray[@]}"
-    make ${makefile:+-f $makefile} "${flagsArray[@]}"
-    unset flagsArray
+    if [[ -z "${checkTarget:-}" ]]; then
+        #TODO(@oxij): should flagsArray influence make -n?
+        if make -n ${makefile:+-f $makefile} check >/dev/null 2>&1; then
+            checkTarget=check
+        elif make -n ${makefile:+-f $makefile} test >/dev/null 2>&1; then
+            checkTarget=test
+        fi
+    fi
+
+    if [[ -z "${checkTarget:-}" ]]; then
+        echo "no check/test target in ${makefile:-Makefile}, doing nothing"
+    else
+        # Old bash empty array hack
+        # shellcheck disable=SC2086
+        local flagsArray=(
+            ${enableParallelBuilding:+-j${NIX_BUILD_CORES} -l${NIX_BUILD_CORES}}
+            $makeFlags ${makeFlagsArray+"${makeFlagsArray[@]}"}
+            ${checkFlags:-VERBOSE=y} ${checkFlagsArray+"${checkFlagsArray[@]}"}
+            ${checkTarget}
+        )
+
+        echoCmd 'check flags' "${flagsArray[@]}"
+        make ${makefile:+-f $makefile} "${flagsArray[@]}"
+
+        unset flagsArray
+    fi
 
     runHook postCheck
 }
@@ -1018,14 +1060,12 @@ installPhase() {
         mkdir -p "$prefix"
     fi
 
-    installTargets="${installTargets:-install}"
-
     # Old bash empty array hack
     # shellcheck disable=SC2086
     local flagsArray=(
-        $installTargets
         $makeFlags ${makeFlagsArray+"${makeFlagsArray[@]}"}
         $installFlags ${installFlagsArray+"${installFlagsArray[@]}"}
+        ${installTargets:-install}
     )
 
     echoCmd 'install flags' "${flagsArray[@]}"
@@ -1091,6 +1131,19 @@ fixupPhase() {
         substituteAll "$setupHook" "${!outputDev}/nix-support/setup-hook"
     fi
 
+    # TODO(@Ericson2314): Remove after https://github.com/NixOS/nixpkgs/pull/31414
+    if [ -n "${setupHooks:-}" ]; then
+        mkdir -p "${!outputDev}/nix-support"
+        local hook
+        for hook in $setupHooks; do
+            local content
+            consumeEntire content < "$hook"
+            substituteAllStream content >> "${!outputDev}/nix-support/setup-hook"
+            unset -v content
+        done
+        unset -v hook
+    fi
+
     # Propagate user-env packages into the output with binaries, TODO?
 
     if [ -n "${propagatedUserEnvPkgs:-}" ]; then
@@ -1106,18 +1159,26 @@ fixupPhase() {
 installCheckPhase() {
     runHook preInstallCheck
 
-    # Old bash empty array hack
-    # shellcheck disable=SC2086
-    local flagsArray=(
-        ${enableParallelBuilding:+-j${NIX_BUILD_CORES} -l${NIX_BUILD_CORES}}
-        $makeFlags ${makeFlagsArray+"${makeFlagsArray[@]}"}
-        $installCheckFlags ${installCheckFlagsArray+"${installCheckFlagsArray[@]}"}
-        ${installCheckTarget:-installcheck}
-    )
+    if [[ -z "${foundMakefile:-}" ]]; then
+        echo "no Makefile or custom buildPhase, doing nothing"
+    #TODO(@oxij): should flagsArray influence make -n?
+    elif [[ -z "${installCheckTarget:-}" ]] \
+       && ! make -n ${makefile:+-f $makefile} ${installCheckTarget:-installcheck} >/dev/null 2>&1; then
+        echo "no installcheck target in ${makefile:-Makefile}, doing nothing"
+    else
+        # Old bash empty array hack
+        # shellcheck disable=SC2086
+        local flagsArray=(
+            ${enableParallelBuilding:+-j${NIX_BUILD_CORES} -l${NIX_BUILD_CORES}}
+            $makeFlags ${makeFlagsArray+"${makeFlagsArray[@]}"}
+            $installCheckFlags ${installCheckFlagsArray+"${installCheckFlagsArray[@]}"}
+            ${installCheckTarget:-installcheck}
+        )
 
-    echoCmd 'installcheck flags' "${flagsArray[@]}"
-    make ${makefile:+-f $makefile} "${flagsArray[@]}"
-    unset flagsArray
+        echoCmd 'installcheck flags' "${flagsArray[@]}"
+        make ${makefile:+-f $makefile} "${flagsArray[@]}"
+        unset flagsArray
+    fi
 
     runHook postInstallCheck
 }
diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix
index 92da0d7873d..eb793e7687a 100644
--- a/pkgs/stdenv/linux/default.nix
+++ b/pkgs/stdenv/linux/default.nix
@@ -107,11 +107,6 @@ let
           # Having the proper 'platform' in all the stdenvs allows getting proper
           # linuxHeaders for example.
           inherit platform;
-
-          # stdenv.glibc is used by GCC build to figure out the system-level
-          # /usr/include directory.
-          # TODO: Remove this!
-          inherit (prevStage) glibc;
         };
         overrides = self: super: (overrides self super) // { fetchurl = thisStdenv.fetchurlBoot; };
       };
@@ -129,8 +124,6 @@ in
     __raw = true;
 
     gcc-unwrapped = null;
-    glibc = assert false; null;
-    musl = assert false; null;
     binutils = null;
     coreutils = null;
     gnugrep = null;
@@ -351,6 +344,7 @@ in
         concatMap (p: [ (getBin p) (getLib p) ])
           [ gzip bzip2 xz bash binutils.bintools coreutils diffutils findutils
             gawk gnumake gnused gnutar gnugrep gnupatch patchelf ed paxctl
+            texinfo
           ]
         # Library dependencies
         ++ map getLib (
@@ -369,7 +363,7 @@ in
         inherit (prevStage)
           gzip bzip2 xz bash coreutils diffutils findutils gawk
           gnumake gnused gnutar gnugrep gnupatch patchelf
-          attr acl paxctl zlib pcre;
+          attr acl paxctl zlib pcre texinfo;
         ${localSystem.libc} = getLibc prevStage;
       } // lib.optionalAttrs (super.targetPlatform == localSystem) {
         # Need to get rid of these when cross-compiling.
diff --git a/pkgs/tools/archivers/gnutar/default.nix b/pkgs/tools/archivers/gnutar/default.nix
index 4677ee45afb..7532cd899cc 100644
--- a/pkgs/tools/archivers/gnutar/default.nix
+++ b/pkgs/tools/archivers/gnutar/default.nix
@@ -36,6 +36,9 @@ stdenv.mkDerivation rec {
     sed -i gnu/fpending.h -e 's,include <stdio_ext.h>,,'
   '' else null;
 
+  doCheck = false; # fails
+  doInstallCheck = false; # fails
+
   meta = {
     homepage = http://www.gnu.org/software/tar/;
     description = "GNU implementation of the `tar' archiver";
diff --git a/pkgs/tools/compression/brotli/default.nix b/pkgs/tools/compression/brotli/default.nix
index 707b8f0d799..1a42ba03d46 100644
--- a/pkgs/tools/compression/brotli/default.nix
+++ b/pkgs/tools/compression/brotli/default.nix
@@ -4,13 +4,13 @@
 
 stdenv.mkDerivation rec {
   name = "brotli-${version}";
-  version = "1.0.3";
+  version = "1.0.4";
 
   src = fetchFromGitHub {
     owner = "google";
     repo = "brotli";
     rev = "v" + version;
-    sha256 = "1hlkqgkm2gv6q83dswg6b19hpw8j33y6iw924j8r647pd4qg1xs7";
+    sha256 = "0n5snycxgwqj2v8sgxiqxq4zqh5ydx70dr7qa4ygizs02ms69n1i";
   };
 
   nativeBuildInputs = [ cmake ];
diff --git a/pkgs/tools/compression/gzip/default.nix b/pkgs/tools/compression/gzip/default.nix
index cfe41d3dfe7..c39216f1e0c 100644
--- a/pkgs/tools/compression/gzip/default.nix
+++ b/pkgs/tools/compression/gzip/default.nix
@@ -18,6 +18,8 @@ stdenv.mkDerivation rec {
   # In stdenv-linux, prevent a dependency on bootstrap-tools.
   makeFlags = "SHELL=/bin/sh GREP=grep";
 
+  doCheck = false; # fails
+
   meta = {
     homepage = https://www.gnu.org/software/gzip/;
     description = "GNU zip compression program";
diff --git a/pkgs/tools/compression/xz/default.nix b/pkgs/tools/compression/xz/default.nix
index da3a537da28..37c0c6d1c7e 100644
--- a/pkgs/tools/compression/xz/default.nix
+++ b/pkgs/tools/compression/xz/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl }:
 
 stdenv.mkDerivation rec {
-  name = "xz-5.2.3";
+  name = "xz-5.2.4";
 
   src = fetchurl {
     url = "https://tukaani.org/xz/${name}.tar.bz2";
-    sha256 = "1ha08wxcldgcl81021x5nhknr47s1p95ljfkka4sqah5w5ns377x";
+    sha256 = "1gxpayfagb4v7xfhs2w6h7k56c6hwwav1rk48bj8hggljlmgs4rk";
   };
 
   outputs = [ "bin" "dev" "out" "man" "doc" ];
diff --git a/pkgs/tools/filesystems/curlftpfs/default.nix b/pkgs/tools/filesystems/curlftpfs/default.nix
index 8797c21aa23..4af7c9fb8c2 100644
--- a/pkgs/tools/filesystems/curlftpfs/default.nix
+++ b/pkgs/tools/filesystems/curlftpfs/default.nix
@@ -9,6 +9,8 @@ stdenv.mkDerivation {
   nativeBuildInputs = [ pkgconfig ];
   buildInputs = [fuse curl glib zlib];
 
+  doCheck = false; # fails, doesn't work well too, btw
+
   meta = {
     platforms = stdenv.lib.platforms.linux;
   };
diff --git a/pkgs/tools/graphics/graphviz/base.nix b/pkgs/tools/graphics/graphviz/base.nix
index b360f9a3450..2fa4bb90a8e 100644
--- a/pkgs/tools/graphics/graphviz/base.nix
+++ b/pkgs/tools/graphics/graphviz/base.nix
@@ -43,6 +43,13 @@ stdenv.mkDerivation rec {
     done
   '';
 
+  # ''
+  #   substituteInPlace rtest/rtest.sh \
+  #     --replace "/bin/ksh" "${mksh}/bin/mksh"
+  # '';
+
+  doCheck = false; # fails with "Graphviz test suite requires ksh93" which is not in nixpkgs
+
   preAutoreconf = "./autogen.sh";
 
   postFixup = optionalString (xorg != null) ''
diff --git a/pkgs/tools/inputmethods/ibus/default.nix b/pkgs/tools/inputmethods/ibus/default.nix
index 59ddab7294f..d3507b57cbd 100644
--- a/pkgs/tools/inputmethods/ibus/default.nix
+++ b/pkgs/tools/inputmethods/ibus/default.nix
@@ -125,6 +125,7 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
+  doCheck = false; # requires X11 daemon
   doInstallCheck = true;
   installCheckPhase = "$out/bin/ibus version";
 
diff --git a/pkgs/tools/misc/bogofilter/default.nix b/pkgs/tools/misc/bogofilter/default.nix
index c192e9f42ab..f86d44c580d 100644
--- a/pkgs/tools/misc/bogofilter/default.nix
+++ b/pkgs/tools/misc/bogofilter/default.nix
@@ -12,6 +12,8 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ flex db ];
 
+  doCheck = false; # needs "y" tool
+
   meta = {
     homepage = http://bogofilter.sourceforge.net/;
     longDescription = ''
diff --git a/pkgs/tools/misc/ethtool/default.nix b/pkgs/tools/misc/ethtool/default.nix
index 2527c34feeb..62c782b26fe 100644
--- a/pkgs/tools/misc/ethtool/default.nix
+++ b/pkgs/tools/misc/ethtool/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "ethtool-${version}";
-  version = "4.15";
+  version = "4.16";
 
   src = fetchurl {
     url = "mirror://kernel/software/network/ethtool/${name}.tar.xz";
-    sha256 = "06pr3s7wg2pbvfbf7js61bgh3caff4qf50nqqk3cgz9z90rgvxvi";
+    sha256 = "00ss07jc7p276d83f6jpafgwyc9yiribciyqcgx9j86v49kpm5py";
   };
 
   meta = with stdenv.lib; {
diff --git a/pkgs/tools/misc/file/default.nix b/pkgs/tools/misc/file/default.nix
index 3765f913430..aeb43d7c115 100644
--- a/pkgs/tools/misc/file/default.nix
+++ b/pkgs/tools/misc/file/default.nix
@@ -2,14 +2,14 @@
 
 stdenv.mkDerivation rec {
   name = "file-${version}";
-  version = "5.32";
+  version = "5.33";
 
   src = fetchurl {
     urls = [
       "ftp://ftp.astron.com/pub/file/${name}.tar.gz"
       "https://distfiles.macports.org/file/${name}.tar.gz"
     ];
-    sha256 = "0l1bfa0icng9vdwya00ff48fhvjazi5610ylbhl35qi13d6xqfc6";
+    sha256 = "1iipnwjkag7q04zjkaqic41r9nlw0ml6mhqian6qkkbisb1whlhw";
   };
 
   nativeBuildInputs = stdenv.lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) file;
diff --git a/pkgs/tools/misc/fontforge/default.nix b/pkgs/tools/misc/fontforge/default.nix
index c7fd29da8ac..0f6fb38ef3b 100644
--- a/pkgs/tools/misc/fontforge/default.nix
+++ b/pkgs/tools/misc/fontforge/default.nix
@@ -57,6 +57,9 @@ stdenv.mkDerivation rec {
     ./bootstrap --skip-git --gnulib-srcdir=./gnulib
   '';
 
+  doCheck = false; # tries to wget some fonts
+  doInstallCheck = doCheck;
+
   postInstall =
     # get rid of the runtime dependency on python
     lib.optionalString (!withPython) ''
@@ -72,4 +75,3 @@ stdenv.mkDerivation rec {
     license = stdenv.lib.licenses.bsd3;
   };
 }
-
diff --git a/pkgs/tools/misc/parallel/default.nix b/pkgs/tools/misc/parallel/default.nix
index 093633e2114..9bb09d227c4 100644
--- a/pkgs/tools/misc/parallel/default.nix
+++ b/pkgs/tools/misc/parallel/default.nix
@@ -1,11 +1,11 @@
 { fetchurl, stdenv, perl, makeWrapper, procps }:
 
 stdenv.mkDerivation rec {
-  name = "parallel-20180322";
+  name = "parallel-20180422";
 
   src = fetchurl {
     url = "mirror://gnu/parallel/${name}.tar.bz2";
-    sha256 = "15v46pv4z98xm3fkwy7335faw4r7pilrxp4xis5a4zi4319sv2b3";
+    sha256 = "0xsfpbxwgd4197gra981iv0nmjfk58c0d88dxx6dh6yrqz523klx";
   };
 
   nativeBuildInputs = [ makeWrapper perl ];
diff --git a/pkgs/tools/networking/atftp/default.nix b/pkgs/tools/networking/atftp/default.nix
index 23355d61bea..068e6887546 100644
--- a/pkgs/tools/networking/atftp/default.nix
+++ b/pkgs/tools/networking/atftp/default.nix
@@ -14,6 +14,8 @@ stdenv.mkDerivation rec {
   # Expects pre-GCC5 inline semantics
   NIX_CFLAGS_COMPILE = "-std=gnu89";
 
+  doCheck = false; # fails
+
   meta = {
     description = "Advanced tftp tools";
     maintainers = [ lib.maintainers.raskin ];
diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix
index 32a8a788848..5980392267b 100644
--- a/pkgs/tools/networking/curl/default.nix
+++ b/pkgs/tools/networking/curl/default.nix
@@ -76,8 +76,10 @@ stdenv.mkDerivation rec {
     ++ stdenv.lib.optional c-aresSupport "--enable-ares=${c-ares}"
     ++ stdenv.lib.optional gssSupport "--with-gssapi=${kerberos.dev}";
 
-  CXX = "c++";
-  CXXCPP = "c++ -E";
+  CXX = "${stdenv.cc.targetPrefix}c++";
+  CXXCPP = "${stdenv.cc.targetPrefix}c++ -E";
+
+  doCheck = false; # expensive, fails
 
   postInstall = ''
     moveToOutput bin/curl-config "$dev"
diff --git a/pkgs/tools/networking/dhcp/default.nix b/pkgs/tools/networking/dhcp/default.nix
index 8b1ac864a43..1ebf57997d0 100644
--- a/pkgs/tools/networking/dhcp/default.nix
+++ b/pkgs/tools/networking/dhcp/default.nix
@@ -4,11 +4,11 @@
 
 stdenv.mkDerivation rec {
   name = "dhcp-${version}";
-  version = "4.3.6-P1";
+  version = "4.4.1";
 
   src = fetchurl {
     url = "http://ftp.isc.org/isc/dhcp/${version}/${name}.tar.gz";
-    sha256 = "1hx3az6ckvgvybr1ag4k9kqr8zfcpzcww4vpw5gz0mi8y2z7gl9g";
+    sha256 = "025nfqx4zwdgv4b3rkw26ihcj312vir08jk6yi57ndmb4a4m08ia";
   };
 
   patches =
diff --git a/pkgs/tools/networking/maildrop/default.nix b/pkgs/tools/networking/maildrop/default.nix
index 950a6e310eb..134e9b6df76 100644
--- a/pkgs/tools/networking/maildrop/default.nix
+++ b/pkgs/tools/networking/maildrop/default.nix
@@ -13,6 +13,8 @@ stdenv.mkDerivation rec {
 
   patches = [ ./maildrop.configure.hack.patch ]; # for building in chroot
 
+  doCheck = false; # fails with "setlocale: LC_ALL: cannot change locale (en_US.UTF-8)"
+
   meta = with stdenv.lib; {
     homepage = http://www.courier-mta.org/maildrop/;
     description = "Mail filter/mail delivery agent that is used by the Courier Mail Server";
diff --git a/pkgs/tools/networking/network-manager/default.nix b/pkgs/tools/networking/network-manager/default.nix
index ebe40c6192c..9a129f52213 100644
--- a/pkgs/tools/networking/network-manager/default.nix
+++ b/pkgs/tools/networking/network-manager/default.nix
@@ -85,6 +85,8 @@ in stdenv.mkDerivation rec {
 
   nativeBuildInputs = [ autoreconfHook intltool pkgconfig libxslt docbook_xsl ];
 
+  doCheck = false; # requires /sys, the net
+
   preInstall = ''
     installFlagsArray=( "sysconfdir=$out/etc" "localstatedir=$out/var" "runstatedir=$out/var/run" )
   '';
diff --git a/pkgs/tools/networking/tcpdump/default.nix b/pkgs/tools/networking/tcpdump/default.nix
index 324a58cf7ed..59cc89ac572 100644
--- a/pkgs/tools/networking/tcpdump/default.nix
+++ b/pkgs/tools/networking/tcpdump/default.nix
@@ -1,6 +1,4 @@
-{ stdenv, fetchurl, fetchpatch, libpcap, enableStatic ? false
-, hostPlatform
-}:
+{ stdenv, fetchurl, fetchpatch, libpcap }:
 
 stdenv.mkDerivation rec {
   name = "tcpdump-${version}";
@@ -20,11 +18,9 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ libpcap ];
 
-  crossAttrs = {
-    LDFLAGS = if enableStatic then "-static" else "";
-    configureFlags = [ "ac_cv_linux_vers=2" ] ++ (stdenv.lib.optional
-      (hostPlatform.platform.kernelMajor or null == "2.4") "--disable-ipv6");
-  };
+  configureFlags = stdenv.lib.optional
+    (stdenv.hostPlatform != stdenv.buildPlatform)
+    "ac_cv_linux_vers=2";
 
   meta = {
     description = "Network sniffer";
diff --git a/pkgs/tools/networking/telnet/default.nix b/pkgs/tools/networking/telnet/default.nix
index c38f3c46fa4..d9de9c15763 100644
--- a/pkgs/tools/networking/telnet/default.nix
+++ b/pkgs/tools/networking/telnet/default.nix
@@ -13,6 +13,8 @@ stdenv.mkDerivation {
 
   buildInputs = [ncurses];
 
+  doInstallCheck = false; # fails
+
   meta = {
     description = "A client and daemon for the Telnet protocol";
     homepage = ftp://ftp.suse.com/pub/people/kukuk/ipv6/;
diff --git a/pkgs/tools/networking/unbound/default.nix b/pkgs/tools/networking/unbound/default.nix
index ed5c30aa42b..d7ef54a2497 100644
--- a/pkgs/tools/networking/unbound/default.nix
+++ b/pkgs/tools/networking/unbound/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "unbound-${version}";
-  version = "1.7.0";
+  version = "1.7.1";
 
   src = fetchurl {
     url = "https://unbound.net/downloads/${name}.tar.gz";
-    sha256 = "18i6p6zqmbs9gj57mz3iwz828csaab26gb534b8wrn0kzdqr1pcl";
+    sha256 = "13b210hd200xxvaffyzqb4g58knv1sfigph70ai74lrcb3pqbq2n";
   };
 
   outputs = [ "out" "lib" "man" ]; # "dev" would only split ~20 kB
diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix
index 87dcbe4e706..0f575d748b6 100644
--- a/pkgs/tools/security/gnupg/22.nix
+++ b/pkgs/tools/security/gnupg/22.nix
@@ -15,11 +15,11 @@ assert guiSupport -> pinentry != null;
 stdenv.mkDerivation rec {
   name = "gnupg-${version}";
 
-  version = "2.2.6";
+  version = "2.2.7";
 
   src = fetchurl {
     url = "mirror://gnupg/gnupg/${name}.tar.bz2";
-    sha256 = "110rf476l3cgn52gh9ia5y0y06y2ialq9dqc12jkhnfhl9gqqkg6";
+    sha256 = "0vlpis0q7gvq9mhdc43hkyn3cdriz4mwgj20my3gyzpgwqg3cnyr";
   };
 
   nativeBuildInputs = [ pkgconfig ];
diff --git a/pkgs/tools/security/nmap/default.nix b/pkgs/tools/security/nmap/default.nix
index a81fffa2035..4c6df817a72 100644
--- a/pkgs/tools/security/nmap/default.nix
+++ b/pkgs/tools/security/nmap/default.nix
@@ -53,6 +53,8 @@ in stdenv.mkDerivation rec {
       libX11 gtk2 pygtk pysqlite pygobject2 pycairo
     ];
 
+  doCheck = false; # fails 3 tests, probably needs the net
+
   meta = {
     description = "A free and open source utility for network discovery and security auditing";
     homepage    = http://www.nmap.org;
diff --git a/pkgs/tools/security/rhash/default.nix b/pkgs/tools/security/rhash/default.nix
index 485b34cff88..22d7e93fe47 100644
--- a/pkgs/tools/security/rhash/default.nix
+++ b/pkgs/tools/security/rhash/default.nix
@@ -16,6 +16,8 @@ stdenv.mkDerivation rec {
   # configure script is not autotools-based, doesn't support these options
   configurePlatforms = [ ];
 
+  doCheck = false; # fails
+
   installTargets = [ "install" "install-lib-shared" "install-lib-so-link" ];
   postInstall = "make -C librhash install-headers";
 
diff --git a/pkgs/tools/security/rng-tools/default.nix b/pkgs/tools/security/rng-tools/default.nix
index 1885940e7f3..d2326c7e8c3 100644
--- a/pkgs/tools/security/rng-tools/default.nix
+++ b/pkgs/tools/security/rng-tools/default.nix
@@ -9,6 +9,9 @@ stdenv.mkDerivation rec {
     sha256 = "13h7lc8wl9khhvkr0i3bl5j9bapf8anhqis1lcnwxg1vc2v058b0";
   };
 
+  # For cross-compilation
+  makeFlags = [ "AR:=$(AR)" ];
+
   meta = {
     description = "A random number generator daemon";
 
diff --git a/pkgs/tools/security/sudo/default.nix b/pkgs/tools/security/sudo/default.nix
index 0ca4507d5d9..0a760807afb 100644
--- a/pkgs/tools/security/sudo/default.nix
+++ b/pkgs/tools/security/sudo/default.nix
@@ -56,6 +56,8 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
+  doCheck = false; # needs root
+
   postInstall =
     ''
     rm -f $out/share/doc/sudo/ChangeLog
diff --git a/pkgs/tools/system/at/default.nix b/pkgs/tools/system/at/default.nix
index eda2197b9f6..baac00bfa76 100644
--- a/pkgs/tools/system/at/default.nix
+++ b/pkgs/tools/system/at/default.nix
@@ -33,12 +33,15 @@ stdenv.mkDerivation rec {
       substituteInPlace ./configure --replace "test -d /var/run" "true"
     '';
 
-  configureFlags =
-    ''
-       --with-etcdir=/etc/at
-       --with-jobdir=/var/spool/atjobs --with-atspool=/var/spool/atspool
-       --with-daemon_username=atd --with-daemon_groupname=atd
-    '';
+  configureFlags = [
+    "--with-etcdir=/etc/at"
+    "--with-jobdir=/var/spool/atjobs"
+    "--with-atspool=/var/spool/atspool"
+    "--with-daemon_username=atd"
+    "--with-daemon_groupname=atd"
+  ];
+
+  doCheck = false; # need "prove" tool
 
   # Ensure that "batch" can invoke the setuid "at" wrapper, if it exists, or
   # else we get permission errors (on NixOS). "batch" is a shell script, so
diff --git a/pkgs/tools/system/runit/default.nix b/pkgs/tools/system/runit/default.nix
index aa2f50f2df0..4d5de56fbf0 100644
--- a/pkgs/tools/system/runit/default.nix
+++ b/pkgs/tools/system/runit/default.nix
@@ -13,6 +13,10 @@ stdenv.mkDerivation rec {
     sha256 = "065s8w62r6chjjs6m9hapcagy33m75nlnxb69vg0f4ngn061dl3g";
   };
 
+  patches = [
+    ./fix-ar-ranlib.patch
+  ];
+
   outputs = [ "out" "man" ];
 
   sourceRoot = "admin/${name}";
@@ -34,8 +38,8 @@ stdenv.mkDerivation rec {
     cd src
 
     # Both of these are originally hard-coded to gcc
-    echo cc > conf-cc
-    echo cc > conf-ld
+    echo ${stdenv.cc.targetPrefix}cc > conf-cc
+    echo ${stdenv.cc.targetPrefix}cc > conf-ld
   '';
 
   installPhase = ''
diff --git a/pkgs/tools/system/runit/fix-ar-ranlib.patch b/pkgs/tools/system/runit/fix-ar-ranlib.patch
new file mode 100644
index 00000000000..c65a037d524
--- /dev/null
+++ b/pkgs/tools/system/runit/fix-ar-ranlib.patch
@@ -0,0 +1,18 @@
+--- runit-2.1.2/src/print-ar.sh
++++ runit-2.1.2/src/print-ar.sh
+@@ -1,7 +1,7 @@
+ cat warn-auto.sh
+ echo 'main="$1"; shift'
+ echo 'rm -f "$main"'
+-echo 'ar cr "$main" ${1+"$@"}'
++echo '$AR cr "$main" ${1+"$@"}'
+ case "`cat systype`" in
+   sunos-5.*) ;;
+   unix_sv*) ;;
+@@ -10,5 +10,5 @@ case "`cat systype`" in
+   dgux-*) ;;
+   hp-ux-*) ;;
+   sco*) ;;
+-  *) echo 'ranlib "$main"' ;;
++  *) echo '$RANLIB "$main"' ;;
+ esac
diff --git a/pkgs/tools/text/gnupatch/CVE-2018-6951.patch b/pkgs/tools/text/gnupatch/CVE-2018-6951.patch
new file mode 100644
index 00000000000..22d5f061c33
--- /dev/null
+++ b/pkgs/tools/text/gnupatch/CVE-2018-6951.patch
@@ -0,0 +1,28 @@
+From f290f48a621867084884bfff87f8093c15195e6a Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Mon, 12 Feb 2018 16:48:24 +0100
+Subject: Fix segfault with mangled rename patch
+
+http://savannah.gnu.org/bugs/?53132
+* src/pch.c (intuit_diff_type): Ensure that two filenames are specified
+for renames and copies (fix the existing check).
+---
+ src/pch.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index ff9ed2c..bc6278c 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type)
+     if ((pch_rename () || pch_copy ())
+ 	&& ! inname
+ 	&& ! ((i == OLD || i == NEW) &&
+-	      p_name[! reverse] &&
++	      p_name[reverse] && p_name[! reverse] &&
++	      name_is_valid (p_name[reverse]) &&
+ 	      name_is_valid (p_name[! reverse])))
+       {
+ 	say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");
+-- 
+cgit v1.0-41-gc330
diff --git a/pkgs/tools/text/gnupatch/default.nix b/pkgs/tools/text/gnupatch/default.nix
index 3840811a3e3..c83eab2e2ef 100644
--- a/pkgs/tools/text/gnupatch/default.nix
+++ b/pkgs/tools/text/gnupatch/default.nix
@@ -11,6 +11,11 @@ stdenv.mkDerivation rec {
     sha256 = "1zfqy4rdcy279vwn2z1kbv19dcfw25d2aqy9nzvdkq5bjzd0nqdc";
   };
 
+  patches = [
+    # https://git.savannah.gnu.org/cgit/patch.git/patch/?id=f290f48a621867084884bfff87f8093c15195e6a
+    ./CVE-2018-6951.patch
+  ];
+
   buildInputs = stdenv.lib.optional doCheck ed;
 
   configureFlags = stdenv.lib.optionals (hostPlatform != buildPlatform) [
diff --git a/pkgs/tools/text/gnused/default.nix b/pkgs/tools/text/gnused/default.nix
index b463a92ba74..af3db54e96d 100644
--- a/pkgs/tools/text/gnused/default.nix
+++ b/pkgs/tools/text/gnused/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "gnused-${version}";
-  version = "4.4";
+  version = "4.5";
 
   src = fetchurl {
     url = "mirror://gnu/sed/sed-${version}.tar.xz";
-    sha256 = "0fv88bcnraixc8jvpacvxshi30p5x9m7yb8ns1hfv07hmb2ypmnb";
+    sha256 = "0h3b2jfj57wmz680vkbyavlsrkak556qhvs7m7fdlawwhg477bbs";
   };
 
   outputs = [ "out" "info" ];
diff --git a/pkgs/tools/text/groff/default.nix b/pkgs/tools/text/groff/default.nix
index 4495a85b288..27581134ca3 100644
--- a/pkgs/tools/text/groff/default.nix
+++ b/pkgs/tools/text/groff/default.nix
@@ -50,15 +50,14 @@ stdenv.mkDerivation rec {
     "ac_cv_path_PERL=${buildPackages.perl}/bin/perl"
   ];
 
-  doCheck = true;
-
-  crossAttrs = {
+  makeFlags = stdenv.lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [
     # Trick to get the build system find the proper 'native' groff
     # http://www.mail-archive.com/bug-groff@gnu.org/msg01335.html
-    preBuild = ''
-      makeFlags="GROFF_BIN_PATH=${buildPackages.groff}/bin GROFFBIN=${buildPackages.groff}/bin/groff"
-    '';
-  };
+    "GROFF_BIN_PATH=${buildPackages.groff}/bin"
+    "GROFFBIN=${buildPackages.groff}/bin/groff"
+  ];
+
+  doCheck = true;
 
   # Remove example output with (random?) colors and creation date
   # to avoid non-determinism in the output.
diff --git a/pkgs/tools/text/patchutils/default.nix b/pkgs/tools/text/patchutils/default.nix
index 75922a6c830..238676020e8 100644
--- a/pkgs/tools/text/patchutils/default.nix
+++ b/pkgs/tools/text/patchutils/default.nix
@@ -12,6 +12,8 @@ stdenv.mkDerivation rec {
 
   hardeningDisable = [ "format" ];
 
+  doCheck = false; # fails
+
   meta = with stdenv.lib; {
     description = "Tools to manipulate patch files";
     homepage = http://cyberelk.net/tim/software/patchutils;
diff --git a/pkgs/tools/text/sgml/opensp/default.nix b/pkgs/tools/text/sgml/opensp/default.nix
index bfd150eefda..27fa7bb91a8 100644
--- a/pkgs/tools/text/sgml/opensp/default.nix
+++ b/pkgs/tools/text/sgml/opensp/default.nix
@@ -32,6 +32,8 @@ stdenv.mkDerivation {
   buildInputs = stdenv.lib.optionals stdenv.isCygwin [ autoconf automake gettext libiconv libtool ]
     ++ [ xmlto docbook_xml_dtd_412 libxslt docbook_xsl ];
 
+  doCheck = false; # fails
+
   meta = {
     description = "A suite of SGML/XML processing tools";
     license = stdenv.lib.licenses.mit;
diff --git a/pkgs/tools/typesetting/docbook2x/default.nix b/pkgs/tools/typesetting/docbook2x/default.nix
index 9c802a1187a..e38e4a1f059 100644
--- a/pkgs/tools/typesetting/docbook2x/default.nix
+++ b/pkgs/tools/typesetting/docbook2x/default.nix
@@ -6,7 +6,7 @@
 
 stdenv.mkDerivation rec {
   name = "docbook2X-0.8.8";
-  
+
   src = fetchurl {
     url = "mirror://sourceforge/docbook2x/${name}.tar.gz";
     sha256 = "0ifwzk99rzjws0ixzimbvs83x6cxqk1xzmg84wa1p7bs6rypaxs0";
@@ -27,6 +27,8 @@ stdenv.mkDerivation rec {
       --replace '${"\$" + "{prefix}"}' "$out"
   '';
 
+  doCheck = false; # fails a lot of tests
+
   postInstall = ''
     perlPrograms="db2x_manxml db2x_texixml db2x_xsltproc
                   docbook2man docbook2texi";
@@ -34,12 +36,12 @@ stdenv.mkDerivation rec {
     do
       # XXX: We work around the fact that `wrapProgram' doesn't support
       # spaces below by inserting escaped backslashes.
-      wrapProgram $out/bin/$i --prefix PERL5LIB :			\
+      wrapProgram $out/bin/$i --prefix PERL5LIB : \
         "${XMLSAX}/lib/perl5/site_perl:${XMLSAXBase}/lib/perl5/site_perl:${XMLParser}/lib/perl5/site_perl" \
-	--prefix PERL5LIB :						\
-	"${XMLNamespaceSupport}/lib/perl5/site_perl"			\
-	--prefix XML_CATALOG_FILES "\ "					\
-	"$out/share/docbook2X/dtd/catalog.xml\ $out/share/docbook2X/xslt/catalog.xml\ ${docbook_xml_dtd_43}/xml/dtd/docbook/catalog.xml"
+        --prefix PERL5LIB : \
+        "${XMLNamespaceSupport}/lib/perl5/site_perl" \
+        --prefix XML_CATALOG_FILES "\ " \
+        "$out/share/docbook2X/dtd/catalog.xml\ $out/share/docbook2X/xslt/catalog.xml\ ${docbook_xml_dtd_43}/xml/dtd/docbook/catalog.xml"
     done
 
     wrapProgram $out/bin/sgml2xml-isoent --prefix PATH : \
diff --git a/pkgs/tools/typesetting/tex/texlive/bin.nix b/pkgs/tools/typesetting/tex/texlive/bin.nix
index 92778c5eed1..6555c999d7f 100644
--- a/pkgs/tools/typesetting/tex/texlive/bin.nix
+++ b/pkgs/tools/typesetting/tex/texlive/bin.nix
@@ -204,6 +204,8 @@ core-big = stdenv.mkDerivation { #TODO: upmendex
   CXXFLAGS = "-std=c++11 -Wno-reserved-user-defined-literal"; # TODO: remove once texlive 2018 is out?
   enableParallelBuilding = true;
 
+  doCheck = false; # fails
+
   # now distribute stuff into outputs, roughly as upstream TL
   # (uninteresting stuff remains in $out, typically duplicates from `core`)
   outputs = [ "out" "metafont" "metapost" "luatex" "xetex" ];
diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
index 8b0812f8305..fdc6b58346b 100644
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@@ -17,15 +17,27 @@ let
       dontDistribute alias
     else alias;
 
+  # Make sure that we are not shadowing something from
+  # all-packages.nix.
+  checkInPkgs = n: alias: if builtins.hasAttr n self
+                          then throw "Alias ${n} is still in all-packages.nix"
+                          else alias;
+
   mapAliases = aliases:
-    lib.mapAttrs (n: alias: removeDistribute (removeRecurseForDerivations alias)) aliases;
+    lib.mapAttrs (n: alias: removeDistribute
+                             (removeRecurseForDerivations
+                              (checkInPkgs n alias)))
+                     aliases;
 in
 
   ### Deprecated aliases - for backward compatibility
 
 mapAliases (rec {
+  PPSSPP = ppsspp; # added 2017-10-01
+  QmidiNet = qmidinet;  # added 2016-05-22
   accounts-qt = libsForQt5.accounts-qt; # added 2015-12-19
   adobeReader = adobe-reader; # added 2013-11-04
+  ag = silver-searcher; # added 2018-04-25
   aircrackng = aircrack-ng; # added 2016-01-14
   ammonite-repl = ammonite; # added 2017-05-02
   arduino_core = arduino-core;  # added 2015-02-04
@@ -48,95 +60,128 @@ mapAliases (rec {
   cupsBjnp = cups-bjnp; # added 2016-01-02
   cups_filters = cups-filters; # added 2016-08
   cv = progress; # added 2015-09-06
+  d1x_rebirth = dxx-rebirth; # added 2018-04-25
+  d2x_rebirth = dxx-rebirth; # added 2018-04-25
+  dbus_daemon = dbus.daemon; # added 2018-04-25
   dbus_glib = dbus-glib; # added 2018-02-25
+  dbus_libs = dbus; # added 2018-04-25
+  dbus_tools = dbus.out; # added 2018-04-25
   deadbeef-mpris2-plugin = deadbeefPlugins.mpris2; # added 2018-02-23
+  deadpixi-sam = deadpixi-sam-unstable;
   debian_devscripts = debian-devscripts; # added 2016-03-23
   desktop_file_utils = desktop-file-utils; # added 2018-02-25
+  devicemapper = lvm2; # added 2018-04-25
   digikam5 = digikam; # added 2017-02-18
+  dmtx = dmtx-utils; # added 2018-04-25
+  docbook5_xsl = docbook_xsl_ns; # added 2018-04-25
+  docbook_xml_xslt = docbook_xsl; # added 2018-04-25
   double_conversion = double-conversion; # 2017-11-22
   dwarf_fortress = dwarf-fortress; # added 2016-01-23
+  emacs25Macport_25_1 = emacs25Macport; # added 2018-04-25
   enblendenfuse = enblend-enfuse; # 2015-09-30
   evolution_data_server = evolution-data-server; # added 2018-02-25
+  etcdctl = etcd; # added 2018-04-25
   exfat-utils = exfat;                  # 2015-09-11
+  fam = gamin; # added 2018-04-25
+  ffadoFull = ffado; # added 2018-05-01
   firefox-esr-wrapper = firefox-esr;  # 2016-01
   firefox-wrapper = firefox;          # 2016-01
   firefoxWrapper = firefox;           # 2015-09
+  flameGraph = flamegraph; # added 2018-04-25
   font-awesome-ttf = font-awesome_4; # 2018-02-25
   foomatic_filters = foomatic-filters;  # 2016-08
   fuse_exfat = exfat;                   # 2015-09-11
-  gettextWithExpat = gettext; # 2016-02-19
+  fuseki = apache-jena-fuseki; # added 2018-04-25
+  gccApple = throw "gccApple is no longer supported"; # added 2018-04-25
   gdb-multitarget = gdb; # added 2017-11-13
+  gettextWithExpat = gettext; # 2016-02-19
+  gflags = google-gflags; # added 2018-04-25
   git-hub = gitAndTools.git-hub; # added 2016-04-29
   glib_networking = glib-networking; # added 2018-02-25
-  go-pup = pup; # added 2017-12-19
-  googleAuthenticator = google-authenticator; # added 2016-10-16
-  gnome_doc_utils = gnome-doc-utils; # added 2018-02-25
+  gmock = gtest; # added 2018-04-25
   gnome-themes-standard = gnome-themes-extra; # added 2018-03-14
+  gnome_doc_utils = gnome-doc-utils; # added 2018-02-25
   gnome_themes_standard = gnome-themes-standard; # added 2018-02-25
+  gnustep-make = gnustep.make; # added 2016-7-6
+  go-pup = pup; # added 2017-12-19
+  googleAuthenticator = google-authenticator; # added 2016-10-16
   grantlee5 = libsForQt5.grantlee;  # added 2015-12-19
   gsettings_desktop_schemas = gsettings-desktop-schemas; # added 2018-02-25
   gst_ffmpeg = gst-ffmpeg;  # added 2017-02
+  gst_plugins_bad = gst-plugins-bad;  # added 2017-02
   gst_plugins_base = gst-plugins-base;  # added 2017-02
   gst_plugins_good = gst-plugins-good;  # added 2017-02
-  gst_plugins_bad = gst-plugins-bad;  # added 2017-02
   gst_plugins_ugly = gst-plugins-ugly;  # added 2017-02
   gst_python = gst-python;  # added 2017-02
   gtk_doc = gtk-doc; # added 2018-02-25
   guileCairo = guile-cairo; # added 2017-09-24
   guileGnome = guile-gnome; # added 2017-09-24
-  guile_lib = guile-lib; # added 2017-09-24
   guileLint = guile-lint; # added 2017-09-27
+  guile_lib = guile-lib; # added 2017-09-24
   guile_ncurses = guile-ncurses; # added 2017-09-24
   gupnp_av = gupnp-av; # added 2018-02-25
   gupnp_dlna = gupnp-dlna; # added 2018-02-25
   gupnp_igd = gupnp-igd; # added 2018-02-25
   gupnptools = gupnp-tools;  # added 2015-12-19
-  gnustep-make = gnustep.make; # added 2016-7-6
+  heimdalFull = heimdal; # added 2018-05-01
   hicolor_icon_theme = hicolor-icon-theme; # added 2018-02-25
   htmlTidy = html-tidy;  # added 2014-12-06
   iana_etc = iana-etc;  # added 2017-03-08
   idea = jetbrains; # added 2017-04-03
   inotifyTools = inotify-tools;
+  jack2Full = jack2; # added 2018-04-25
   joseki = apache-jena-fuseki; # added 2016-02-28
   json_glib = json-glib; # added 2018-02-25
   kdiff3-qt5 = kdiff3; # added 2017-02-18
-  keepassx2-http = keepassx-reboot; # added 2016-10-17
-  keepassx-reboot = keepassx-community; # added 2017-02-01
+  keepass-keefox = keepass-keepassrpc; # backwards compatibility alias, added 2018-02
   keepassx-community = keepassxc; # added 2017-11
+  keepassx-reboot = keepassx-community; # added 2017-02-01
+  keepassx2-http = keepassx-reboot; # added 2016-10-17
+  kerberos = libkrb5; # added 2018-04-25
   keybase-go = keybase;  # added 2016-08-24
   krename-qt5 = krename; # added 2017-02-18
+  kvm = qemu_kvm; # added 2018-04-25
   letsencrypt = certbot; # added 2016-05-16
-  libdbusmenu_qt5 = libsForQt5.libdbusmenu;  # added 2015-12-19
+  libaudit = audit; # added 2018-04-25
   libcanberra_gtk2 = libcanberra-gtk2; # added 2018-02-25
   libcanberra_gtk3 = libcanberra-gtk3; # added 2018-02-25
   libcap_manpages = libcap.doc; # added 2016-04-29
   libcap_pam = if stdenv.isLinux then libcap.pam else null; # added 2016-04-29
   libcap_progs = libcap.out; # added 2016-04-29
+  libdbusmenu_qt5 = libsForQt5.libdbusmenu;  # added 2015-12-19
+  libdbusmenu-glib = libdbusmenu; # added 2018-05-01
   libgnome_keyring = libgnome-keyring; # added 2018-02-25
   libgnome_keyring3 = libgnome-keyring3; # added 2018-02-25
   libgumbo = gumbo; # added 2018-01-21
   libintlOrEmpty = stdenv.lib.optional (!stdenv.isLinux || hostPlatform.libc != "glibc") gettext; # added 2018-03-14
   libjson_rpc_cpp = libjson-rpc-cpp; # added 2017-02-28
+  liblrdf = librdf; # added 2018-04-25
   libmysql = mysql.connector-c; # added # 2017-12-28, this was a misnomer refering to libmysqlclient
+  librecad2 = librecad;  # backwards compatibility alias, added 2015-10
+  libsysfs = sysfsutils; # added 2018-04-25
   libtidy = html-tidy;  # added 2014-12-21
+  libudev = udev; # added 2018-04-25
   links = links2; # added 2016-01-31
   lttngTools = lttng-tools;  # added 2014-07-31
   lttngUst = lttng-ust;  # added 2014-07-31
-  lua5_sec = luaPackages.luasec; # added 2017-05-02
   lua5_1_sockets = lua51Packages.luasocket; # added 2017-05-02
   lua5_expat = luaPackages.luaexpat; # added 2017-05-02
+  lua5_sec = luaPackages.luasec; # added 2017-05-02
+  lzma = xz; # added 2018-04-25
   m3d-linux = m33-linux; # added 2016-08-13
-  manpages = man-pages; # added 2015-12-06
   man_db = man-db; # added 2016-05
-  piwik = matomo; # added 2018-01-16
+  manpages = man-pages; # added 2015-12-06
   midoriWrapper = midori; # added 2015-01
   mlt-qt5 = libsForQt5.mlt;  # added 2015-12-19
   mobile_broadband_provider_info = mobile-broadband-provider-info; # added 2018-02-25
   module_init_tools = kmod; # added 2016-04-22
+  msf = metasploit; # added 2018-04-25
   mssys = ms-sys; # added 2015-12-13
   multipath_tools = multipath-tools;  # added 2016-01-21
   mupen64plus1_5 = mupen64plus; # added 2016-02-12
+  mysql = mariadb; # added 2018-04-25
   mysqlWorkbench = mysql-workbench; # added 2017-01-19
+  nagiosPluginsOfficial = monitoring-plugins;
   ncat = nmap;  # added 2016-01-26
   netcat-openbsd = libressl.nc; # added 2018-04-25
   networkmanager_fortisslvpn = networkmanager-fortisslvpn; # added 2018-02-25
@@ -145,34 +190,44 @@ mapAliases (rec {
   networkmanager_openconnect = networkmanager-openconnect; # added 2018-02-25
   networkmanager_openvpn = networkmanager-openvpn; # added 2018-02-25
   networkmanager_vpnc = networkmanager-vpnc; # added 2018-02-25
-  nmap_graphical = nmap-graphical;  # added 2017-01-19
   nfsUtils = nfs-utils;  # added 2014-12-06
+  nginxUnstable = nginxMainline; # added 2018-04-25
+  nilfs_utils = nilfs-utils; # added 2018-04-25
+  nmap_graphical = nmap-graphical;  # added 2017-01-19
+  nologin = shadow; # added 2018-04-25
+  openal = openalSoft; # added 2018-04-25
+  opencascade_oce = opencascade; # added 2018-04-25
   opencl-icd = ocl-icd; # added 2017-01-20
+  openexr_ctl = ctl; # added 2018-04-25
   openssh_with_kerberos = openssh; # added 2018-01-28
   owncloudclient = owncloud-client;  # added 2016-08
   p11_kit = p11-kit; # added 2018-02-25
   pass-otp = pass.withExtensions (ext: [ext.pass-otp]); # added 2018-05-04
   pgp-tools = signing-party; # added 2017-03-26
   pidgin-with-plugins = pidgin; # added 2016-06
-  pidginlatexSF = pidgin-latex; # added 2014-11-02
   pidginlatex = pidgin-latex; # added 2018-01-08
+  pidginlatexSF = pidgin-latex; # added 2014-11-02
   pidginmsnpecan = pidgin-msn-pecan; # added 2018-01-08
-  pidginotr = pidgin-otr; # added 2018-01-08
   pidginosd = pidgin-osd; # added 2018-01-08
+  pidginotr = pidgin-otr; # added 2018-01-08
   pidginsipe = pidgin-sipe; # added 2018-01-08
   pidginwindowmerge = pidgin-window-merge; # added 2018-01-08
-  postage = pgmanage; # added 2017-11-03
+  piwik = matomo; # added 2018-01-16
+  pltScheme = racket; # just to be sure
+  polarssl = mbedtls; # added 2018-04-25
   poppler_qt5 = libsForQt5.poppler;  # added 2015-12-19
-  PPSSPP = ppsspp; # added 2017-10-01
+  postage = pgmanage; # added 2017-11-03
+  procps = procps-ng; # added 2018-04-25
   prometheus-statsd-bridge = prometheus-statsd-exporter;  # added 2017-08-27
+  pulseaudioLight = pulseaudio; # added 2018-04-25
   qca-qt5 = libsForQt5.qca-qt5;  # added 2015-12-19
-  QmidiNet = qmidinet;  # added 2016-05-22
   qt_gstreamer = qt-gstreamer;  # added 2017-02
   qt_gstreamer1 = qt-gstreamer1;  # added 2017-02
   quake3game = ioquake3; # added 2016-01-14
   qwt6 = libsForQt5.qwt;  # added 2015-12-19
   rdiff_backup = rdiff-backup;  # added 2014-11-23
   rdmd = dtools;  # added 2017-08-19
+  redland = librdf_redland; # added 2018-04-25
   robomongo = robo3t; #added 2017-09-28
   rssglx = rss-glx; #added 2015-03-25
   ruby_2_0_0 = throw "deprecated 2018-0213: use a newer version of ruby";
@@ -183,24 +238,33 @@ mapAliases (rec {
   ruby_2_5_0 = throw "deprecated 2018-0213: use ruby_2_5 instead";
   rubygems = throw "deprecated 2016-03-02: rubygems is now bundled with ruby";
   rxvt_unicode_with-plugins = rxvt_unicode-with-plugins; # added 2015-04-02
+  sam = deadpixi-sam; # added 2018-04-25
   samsungUnifiedLinuxDriver = samsung-unified-linux-driver; # added 2016-01-25
   saneBackends = sane-backends; # added 2016-01-02
   saneBackendsGit = sane-backends-git; # added 2016-01-02
   saneFrontends = sane-frontends; # added 2016-01-02
   scim = sc-im; # added 2016-01-22
+  scollector = bosun; # added 2018-04-25
   shared_mime_info = shared-mime-info; # added 2018-02-25
   skrooge2 = skrooge; # added 2017-02-18
   skype = skypeforlinux; # added 2017-07-27
+  slurm-llnl = slurm; # renamed July 2017
+  slurm-llnl-full = slurm-full; # renamed July 2017
+  slurm-full = slurm; # added 2018-05-1
+  smbclient = samba; # added 2018-04-25
   spaceOrbit = space-orbit; # addewd 2016-05-23
+  speech_tools = speech-tools; # added 2018-04-25
   speedtest_cli = speedtest-cli;  # added 2015-02-17
   spice_gtk = spice-gtk; # added 2018-02-25
   spice_protocol = spice-protocol; # added 2018-02-25
   sqliteInteractive = sqlite-interactive;  # added 2014-12-06
   sshfs = sshfs-fuse; # added 2017-08-14
   sshfsFuse = sshfs-fuse; # added 2016-09
+  suil-qt5 = suil; # added 2018-05-01
   surf-webkit2 = surf; # added 2017-04-02
-  tahoelafs = tahoe-lafs; # added 2018-03-26
   system_config_printer = system-config-printer;  # added 2016-01-03
+  systool = sysfsutils; # added 2018-04-25
+  tahoelafs = tahoe-lafs; # added 2018-03-26
   telepathy_farstream = telepathy-farstream; # added 2018-02-25
   telepathy_gabble = telepathy-gabble; # added 2018-02-25
   telepathy_glib = telepathy-glib; # added 2018-02-25
@@ -216,9 +280,12 @@ mapAliases (rec {
   tex-gyre-schola-math = tex-gyre-math.schola; # added 2018-04-03
   tex-gyre-termes-math = tex-gyre-math.termes; # added 2018-04-03
   tftp_hpa = tftp-hpa; # added 2015-04-03
+  trang = jing-trang; # added 2018-04-25
   transmission_gtk = transmission-gtk; # added 2018-01-06
   transmission_remote_gtk = transmission-remote-gtk; # added 2018-01-06
+  tshark = wireshark-cli; # added 2018-04-25
   ucsFonts = ucs-fonts; # added 2016-07-15
+  udev = systemd; # added 2018-04-25
   ultrastardx-beta = ultrastardx; # added 2017-08-12
   usb_modeswitch = usb-modeswitch; # added 2016-05-10
   vimbWrapper = vimb; # added 2015-01
@@ -228,8 +295,13 @@ mapAliases (rec {
   wineStaging = wine-staging; # added 2018-01-08
   winusb = woeusb; # added 2017-12-22
   x11 = xlibsWrapper; # added 2015-09
+  xbmc = kodi; # added 2018-04-25
+  xbmcPlain = kodiPlain; # added 2018-04-25
+  xbmcPlugins = kodiPlugins; # added 2018-04-25
+  xmonad_log_applet_gnome3 = xmonad_log_applet; # added 2018-05-01
   xf86_video_nouveau = xorg.xf86videonouveau; # added 2015-09
   xlibs = xorg; # added 2015-09
+  yacc = bison; # added 2018-04-25
   youtubeDL = youtube-dl;  # added 2014-10-26
 
   # added 2017-05-27
@@ -247,6 +319,20 @@ mapAliases (rec {
     ocamlPackages_4_00_1 ocamlPackages_4_01_0 ocamlPackages_4_02
     ocamlPackages_4_03
     ocamlPackages_latest;
+
+  gst_all = { # added 2018-04-25
+    inherit (pkgs) gstreamer gnonlin gst-python qt-gstreamer;
+    gstPluginsBase = pkgs.gst-plugins-base;
+    gstPluginsBad = pkgs.gst-plugins-bad;
+    gstPluginsGood = pkgs.gst-plugins-good;
+    gstPluginsUgly = pkgs.gst-plugins-ugly;
+    gstFfmpeg = pkgs.gst-ffmpeg;
+    gst-plugins-base = pkgs.gst-plugins-base;
+    gst-plugins-bad = pkgs.gst-plugins-bad;
+    gst-plugins-good = pkgs.gst-plugins-good;
+    gst-plugins-ugly = pkgs.gst-plugins-ugly;
+    gst-ffmpeg = pkgs.gst-ffmpeg;
+  };
 } // (with ocaml-ng; { # added 2016-09-14
   ocaml_3_08_0 = ocamlPackages_3_08_0.ocaml;
   ocaml_3_10_0 = ocamlPackages_3_10_0.ocaml;
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 1a386721feb..6fd4b6bd902 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -963,7 +963,6 @@ with pkgs;
   calamares = libsForQt5.callPackage ../tools/misc/calamares {
     python = python3;
     boost = pkgs.boost.override { python = python3; };
-    libyamlcpp = callPackage ../development/libraries/libyaml-cpp { inherit boost; };
   };
 
   capstone = callPackage ../development/libraries/capstone { };
@@ -1640,14 +1639,14 @@ with pkgs;
 
   ciopfs = callPackage ../tools/filesystems/ciopfs { };
 
-  citrix_receiver        = hiPrio citrix_receiver_13_9_1;
-  citrix_receiver_13_9_1 = callPackage ../applications/networking/remote/citrix-receiver { version = "13.9.1"; };
-  citrix_receiver_13_9_0 = callPackage ../applications/networking/remote/citrix-receiver { version = "13.9.0"; };
-  citrix_receiver_13_8_0 = callPackage ../applications/networking/remote/citrix-receiver { version = "13.8.0"; };
-  citrix_receiver_13_7_0 = callPackage ../applications/networking/remote/citrix-receiver { version = "13.7.0"; };
-  citrix_receiver_13_6_0 = callPackage ../applications/networking/remote/citrix-receiver { version = "13.6.0"; };
-  citrix_receiver_13_5_0 = callPackage ../applications/networking/remote/citrix-receiver { version = "13.5.0"; };
-  citrix_receiver_13_4_0 = callPackage ../applications/networking/remote/citrix-receiver { version = "13.4.0"; };
+  citrix_receiver = callPackage ../applications/networking/remote/citrix-receiver { };
+  citrix_receiver_13_9_1 = citrix_receiver.override { version = "13.9.1"; };
+  citrix_receiver_13_9_0 = citrix_receiver.override { version = "13.9.0"; };
+  citrix_receiver_13_8_0 = citrix_receiver.override { version = "13.8.0"; };
+  citrix_receiver_13_7_0 = citrix_receiver.override { version = "13.7.0"; };
+  citrix_receiver_13_6_0 = citrix_receiver.override { version = "13.6.0"; };
+  citrix_receiver_13_5_0 = citrix_receiver.override { version = "13.5.0"; };
+  citrix_receiver_13_4_0 = citrix_receiver.override { version = "13.4.0"; };
 
   citra = libsForQt5.callPackage ../misc/emulators/citra { };
 
@@ -2358,9 +2357,6 @@ with pkgs;
 
   flamegraph = callPackage ../development/tools/flamegraph { };
 
-  # Awkward historical capitalization for flamegraph. Remove eventually
-  flameGraph = flamegraph;
-
   flvtool2 = callPackage ../tools/video/flvtool2 { };
 
   fmbt = callPackage ../development/tools/fmbt {
@@ -2370,7 +2366,7 @@ with pkgs;
   fontforge = lowPrio (callPackage ../tools/misc/fontforge {
     inherit (darwin.apple_sdk.frameworks) Carbon Cocoa;
   });
-  fontforge-gtk = callPackage ../tools/misc/fontforge {
+  fontforge-gtk = fontforge.override {
     withSpiro = true;
     withGTK = true;
     gtk2 = gtk2-x11;
@@ -2492,7 +2488,7 @@ with pkgs;
 
     gazebo7 = callPackage ../applications/science/robotics/gazebo { };
 
-    gazebo7-headless = callPackage ../applications/science/robotics/gazebo { withHeadless = true; };
+    gazebo7-headless = gazebo7.override { withHeadless = true; };
 
   };
 
@@ -2741,11 +2737,11 @@ with pkgs;
 
   grub2_full = callPackage ../tools/misc/grub/2.0x.nix { };
 
-  grub2_efi = grub2_full.override {
+  grub2_efi = grub2.override {
     efiSupport = true;
   };
 
-  grub2_light = grub2_full.override {
+  grub2_light = grub2.override {
     zfsSupport = false;
   };
 
@@ -2773,7 +2769,6 @@ with pkgs;
   gt5 = callPackage ../tools/system/gt5 { };
 
   gtest = callPackage ../development/libraries/gtest {};
-  gmock = gtest;
   gbenchmark = callPackage ../development/libraries/gbenchmark {};
 
   gtkdatabox = callPackage ../development/libraries/gtkdatabox {};
@@ -3424,6 +3419,14 @@ with pkgs;
   nodejs-9_x = callPackage ../development/web/nodejs/v9.nix {};
   nodejs-slim-9_x = callPackage ../development/web/nodejs/v9.nix { enableNpm = false; };
 
+  nodejs-10_x = callPackage ../development/web/nodejs/v10.nix {
+    openssl = openssl_1_1_0;
+  };
+  nodejs-slim-10_x = callPackage ../development/web/nodejs/v10.nix {
+    enableNpm = false;
+    openssl = openssl_1_1_0;
+  };
+
   nodePackages_8_x = callPackage ../development/node-packages/default-v8.nix {
     nodejs = pkgs.nodejs-8_x;
   };
@@ -3434,9 +3437,6 @@ with pkgs;
 
   nodePackages = nodePackages_6_x;
 
-  # Can be used as a user shell
-  nologin = shadow;
-
   npm2nix = nodePackages.npm2nix;
 
   file-rename = callPackage ../tools/filesystems/file-rename { };
@@ -3532,7 +3532,7 @@ with pkgs;
 
   libiberty = callPackage ../development/libraries/libiberty { };
 
-  libiberty_static = callPackage ../development/libraries/libiberty { staticBuild = true; };
+  libiberty_static = libiberty.override { staticBuild = true; };
 
   libibverbs = callPackage ../development/libraries/libibverbs { };
 
@@ -3604,8 +3604,6 @@ with pkgs;
 
   lzip = callPackage ../tools/compression/lzip { };
 
-  lzma = xz;
-
   xz = callPackage ../tools/compression/xz { };
 
   lz4 = callPackage ../tools/compression/lz4 { };
@@ -3763,12 +3761,14 @@ with pkgs;
 
   mitmproxy = callPackage ../tools/networking/mitmproxy { };
 
-  mjpegtoolsFull = callPackage ../tools/video/mjpegtools { };
-
-  mjpegtools = self.mjpegtoolsFull.override {
+  mjpegtools = callPackage ../tools/video/mjpegtools {
     withMinimal = true;
   };
 
+  mjpegtoolsFull = mjpegtools.override {
+    withMinimal = false;
+  };
+
   mkcue = callPackage ../tools/cd-dvd/mkcue { };
 
   mkpasswd = hiPrio (callPackage ../tools/security/mkpasswd { });
@@ -3815,7 +3815,6 @@ with pkgs;
   mscgen = callPackage ../tools/graphics/mscgen { };
 
   metasploit = callPackage ../tools/security/metasploit { };
-  msf = metasploit;
 
   ms-sys = callPackage ../tools/misc/ms-sys { };
 
@@ -3994,7 +3993,6 @@ with pkgs;
   nifskope = callPackage ../tools/graphics/nifskope { };
 
   nilfs-utils = callPackage ../tools/filesystems/nilfs-utils {};
-  nilfs_utils = nilfs-utils;
 
   nitrogen = callPackage ../tools/X11/nitrogen {};
 
@@ -4010,7 +4008,7 @@ with pkgs;
 
   nmap = callPackage ../tools/security/nmap { };
 
-  nmap-graphical = callPackage ../tools/security/nmap {
+  nmap-graphical = nmap.override {
     graphicalSupport = true;
   };
 
@@ -4354,28 +4352,27 @@ with pkgs;
 
   philter = callPackage ../tools/networking/philter { };
 
-  pinentry = pinentry_ncurses.override {
-    inherit gtk2;
+  pinentry = callPackage ../tools/security/pinentry {
+    libcap = if stdenv.isDarwin then null else libcap;
   };
 
-  pinentry_ncurses = callPackage ../tools/security/pinentry {
-    libcap = if stdenv.isDarwin then null else libcap;
+  pinentry_ncurses = pinentry.override {
     gtk2 = null;
   };
 
-  pinentry_emacs = pinentry_ncurses.override {
+  pinentry_emacs = pinentry.override {
     enableEmacs = true;
   };
 
-  pinentry_gnome = pinentry_ncurses.override {
+  pinentry_gnome = pinentry.override {
     gcr = gnome3.gcr;
   };
 
-  pinentry_qt4 = pinentry_ncurses.override {
+  pinentry_qt4 = pinentry.override {
     qt = qt4;
   };
 
-  pinentry_qt5 = pinentry_ncurses.override {
+  pinentry_qt5 = pinentry.override {
     qt = qt5.qtbase;
   };
 
@@ -4398,7 +4395,7 @@ with pkgs;
   plan9port = callPackage ../tools/system/plan9port { };
 
   platformioPackages = callPackage ../development/arduino/platformio { };
-  platformio = platformioPackages.platformio-chrootenv.override {};
+  platformio = platformioPackages.platformio-chrootenv;
 
   platinum-searcher = callPackage ../tools/text/platinum-searcher { };
 
@@ -4898,7 +4895,6 @@ with pkgs;
   };
 
   silver-searcher = callPackage ../tools/text/silver-searcher { };
-  ag = self.silver-searcher;
 
   simpleproxy = callPackage ../tools/networking/simpleproxy { };
 
@@ -5078,8 +5074,8 @@ with pkgs;
   });
 
   strongswan    = callPackage ../tools/networking/strongswan { };
-  strongswanTNC = callPackage ../tools/networking/strongswan { enableTNC = true; };
-  strongswanNM  = callPackage ../tools/networking/strongswan { enableNetworkManager = true; };
+  strongswanTNC = strongswan.override { enableTNC = true; };
+  strongswanNM  = strongswan.override { enableNetworkManager = true; };
 
   su = shadow.su;
 
@@ -5540,8 +5536,6 @@ with pkgs;
 
   tradcpp = callPackage ../development/tools/tradcpp { };
 
-  trang = self.jing-trang;
-
   tre = callPackage ../development/libraries/tre { };
 
   ts = callPackage ../tools/system/ts { };
@@ -5888,15 +5882,13 @@ with pkgs;
   runtimeShell = "${runtimeShellPackage}/bin/bash";
   runtimeShellPackage = bash;
 
-  bash = lowPrio (callPackage ../shells/bash/4.4.nix {
-    texinfo = null;
-    interactive = stdenv.isCygwin; # patch for cygwin requires readline support
-  });
+  bash = lowPrio (callPackage ../shells/bash/4.4.nix { });
 
   # WARNING: this attribute is used by nix-shell so it shouldn't be removed/renamed
-  bashInteractive = appendToName "interactive" (callPackage ../shells/bash/4.4.nix {
+  bashInteractive = callPackage ../shells/bash/4.4.nix {
     interactive = true;
-  });
+    withDocs = true;
+  };
 
   bash-completion = callPackage ../shells/bash/bash-completion { };
 
@@ -6149,8 +6141,6 @@ with pkgs;
     stripped = false;
   }));
 
-  gccApple = throw "gccApple is no longer supported";
-
   libstdcxxHook = makeSetupHook
     { substitutions = { gcc = gcc-unwrapped; }; }
     ../development/compilers/gcc/libstdc++-hook.sh;
@@ -6176,7 +6166,6 @@ with pkgs;
       libc = libcCross1;
     };
     in wrapCCWith {
-      name = "gcc-cross-wrapper";
       cc = gccFun {
         # copy-pasted
         inherit noSysDirs;
@@ -6511,18 +6500,19 @@ with pkgs;
 
   hugs = callPackage ../development/interpreters/hugs { };
 
+  bootjdk = callPackage ../development/compilers/openjdk/bootstrap.nix { version = "10"; };
+
   openjdk8 =
     if stdenv.isDarwin then
       callPackage ../development/compilers/openjdk/darwin/8.nix { }
     else
       callPackage ../development/compilers/openjdk/8.nix {
-        bootjdk = callPackage ../development/compilers/openjdk/bootstrap.nix { version = "8"; };
+        bootjdk = bootjdk.override { version = "8"; };
         inherit (gnome2) GConf gnome_vfs;
       };
 
   openjdk10 =
       callPackage ../development/compilers/openjdk/10.nix {
-        bootjdk = callPackage ../development/compilers/openjdk/bootstrap.nix { version = "10"; };
         inherit (gnome2) GConf gnome_vfs;
       };
 
@@ -6745,7 +6735,7 @@ with pkgs;
    xlibsWrapper = null;
   };
 
-  mitschemeX11 = callPackage ../development/compilers/mit-scheme {
+  mitschemeX11 = mitscheme.override {
    texLive = texlive.combine { inherit (texlive) scheme-small; };
    texinfo = texinfo5;
    enableX11 = true;
@@ -7104,7 +7094,7 @@ with pkgs;
     gtk2 = gtk2-x11;
   };
 
-  lxappearance-gtk3 = callPackage ../desktops/lxde/core/lxappearance {
+  lxappearance-gtk3 = lxappearance.override {
     withGtk3 = true;
   };
 
@@ -7205,7 +7195,7 @@ with pkgs;
       octaveHg = lowPrio (callPackage ../development/interpreters/octave/hg.nix hgOctaveOptions);
   }) octave octaveHg;
 
-  octaveFull = (lowPrio (callPackage ../development/interpreters/octave {
+  octaveFull = (lowPrio (octave.override {
     qt = qt4;
     overridePlatforms = ["x86_64-linux" "x86_64-darwin"];
     openblas = if stdenv.isDarwin then openblasCompat else openblas;
@@ -7259,8 +7249,6 @@ with pkgs;
 
   picolisp = callPackage ../development/interpreters/picolisp {};
 
-  pltScheme = racket; # just to be sure
-
   polyml = callPackage ../development/compilers/polyml { };
   polyml56 = callPackage ../development/compilers/polyml/5.6.nix { };
 
@@ -7437,22 +7425,21 @@ with pkgs;
 
   amdadlsdk = callPackage ../development/misc/amdadl-sdk { };
 
-  amdappsdk26 = callPackage ../development/misc/amdapp-sdk {
+  amdappsdk26 = amdappsdk.override {
     version = "2.6";
   };
 
-  amdappsdk27 = callPackage ../development/misc/amdapp-sdk {
+  amdappsdk27 = amdappsdk.override {
     version = "2.7";
   };
 
-  amdappsdk28 = callPackage ../development/misc/amdapp-sdk {
+  amdappsdk28 = amdappsdk.override {
     version = "2.8";
   };
 
-  amdappsdk = amdappsdk28;
+  amdappsdk = callPackage ../development/misc/amdapp-sdk { };
 
-  amdappsdkFull = callPackage ../development/misc/amdapp-sdk {
-    version = "2.8";
+  amdappsdkFull = amdappsdk.override {
     samples = true;
   };
 
@@ -7547,17 +7534,15 @@ with pkgs;
   antlr4_7 = callPackage ../development/tools/parsing/antlr/4.7.nix { };
   antlr4 = antlr4_7;
 
-  ant = apacheAnt;
-
   apacheAnt = callPackage ../development/tools/build-managers/apache-ant { };
-
   apacheAnt_1_9 = callPackage ../development/tools/build-managers/apache-ant/1.9.nix { };
+  ant = apacheAnt;
 
-  apacheKafka = apacheKafka_1_0;
-  apacheKafka_0_9 = callPackage ../servers/apache-kafka { majorVersion = "0.9"; };
-  apacheKafka_0_10 = callPackage ../servers/apache-kafka { majorVersion = "0.10"; };
-  apacheKafka_0_11 = callPackage ../servers/apache-kafka { majorVersion = "0.11"; };
-  apacheKafka_1_0 = callPackage ../servers/apache-kafka { majorVersion = "1.0"; };
+  apacheKafka_1_0 = apacheKafka.override { majorVersion = "1.0"; };
+  apacheKafka_0_9 = apacheKafka.override { majorVersion = "0.9"; };
+  apacheKafka_0_10 = apacheKafka.override { majorVersion = "0.10"; };
+  apacheKafka_0_11 = apacheKafka.override { majorVersion = "0.11"; };
+  apacheKafka = callPackage ../servers/apache-kafka { };
 
   kt = callPackage ../tools/misc/kt {};
 
@@ -7917,8 +7902,6 @@ with pkgs;
 
   flexcpp = callPackage ../development/tools/parsing/flexc++ { };
 
-  m4 = gnum4;
-
   geis = callPackage ../development/libraries/geis {
     inherit (xorg) libX11 libXext libXi libXtst;
   };
@@ -7934,6 +7917,7 @@ with pkgs;
   gnome-usage = callPackage ../applications/misc/gnome-usage {};
 
   gnum4 = callPackage ../development/tools/misc/gnum4 { };
+  m4 = gnum4;
 
   gnumake382 = callPackage ../development/tools/build-managers/gnumake/3.82 { };
   gnumake3 = gnumake382;
@@ -8244,7 +8228,7 @@ with pkgs;
   remake = callPackage ../development/tools/build-managers/remake { };
 
   retdec = callPackage ../development/tools/analysis/retdec { };
-  retdec-full = callPackage ../development/tools/analysis/retdec {
+  retdec-full = retdec.override {
     withPEPatterns = true;
   };
 
@@ -8423,8 +8407,6 @@ with pkgs;
   };
   xxdiff-tip = libsForQt5.callPackage ../development/tools/misc/xxdiff/tip.nix { };
 
-  yacc = bison;
-
   yaml2json = callPackage ../development/tools/yaml2json { };
 
   ycmd = callPackage ../development/tools/misc/ycmd {
@@ -8753,11 +8735,6 @@ with pkgs;
   dbus-sharp-glib-1_0 = callPackage ../development/libraries/dbus-sharp-glib/dbus-sharp-glib-1.0.nix { };
   dbus-sharp-glib-2_0 = callPackage ../development/libraries/dbus-sharp-glib { };
 
-  # FIXME: deprecate these.
-  dbus_tools = dbus.out;
-  dbus_libs = dbus;
-  dbus_daemon = dbus.daemon;
-
   makeDBusConf = { suidHelper, serviceDirectories }:
     callPackage ../development/libraries/dbus/make-dbus-conf.nix {
       inherit suidHelper serviceDirectories;
@@ -8984,8 +8961,6 @@ with pkgs;
 
   funambol = callPackage ../development/libraries/funambol { };
 
-  fam = gamin;
-
   gamin = callPackage ../development/libraries/gamin { };
 
   ganv = callPackage ../development/libraries/ganv { };
@@ -9037,8 +9012,6 @@ with pkgs;
 
   gettext = callPackage ../development/libraries/gettext { };
 
-  gflags = google-gflags;
-
   gf2x = callPackage ../development/libraries/gf2x {};
 
   gd = callPackage ../development/libraries/gd {
@@ -9100,7 +9073,7 @@ with pkgs;
     stdenv = crossLibcStdenv;
   };
 
-  muslCross = callPackage ../os-specific/linux/musl {
+  muslCross = musl.override {
     stdenv = crossLibcStdenv;
   };
 
@@ -9197,22 +9170,6 @@ with pkgs;
     callPackage = pkgs.newScope (pkgs // { libav = pkgs.ffmpeg; });
   });
 
-  gst_all = {
-    inherit (pkgs) gstreamer gnonlin gst-python qt-gstreamer;
-    gstPluginsBase = pkgs.gst-plugins-base;
-    gstPluginsBad = pkgs.gst-plugins-bad;
-    gstPluginsGood = pkgs.gst-plugins-good;
-    gstPluginsUgly = pkgs.gst-plugins-ugly;
-    gstFfmpeg = pkgs.gst-ffmpeg;
-
-    # aliases with the dashed naming, same as in gst_all_1
-    gst-plugins-base = pkgs.gst-plugins-base;
-    gst-plugins-bad = pkgs.gst-plugins-bad;
-    gst-plugins-good = pkgs.gst-plugins-good;
-    gst-plugins-ugly = pkgs.gst-plugins-ugly;
-    gst-ffmpeg = pkgs.gst-ffmpeg;
-  };
-
   gstreamer = callPackage ../development/libraries/gstreamer/legacy/gstreamer {
     bison = bison2;
   };
@@ -9379,13 +9336,15 @@ with pkgs;
   gtk-sharp-beans = callPackage ../development/libraries/gtk-sharp-beans { };
 
   gtk-mac-integration = callPackage ../development/libraries/gtk-mac-integration {
-    gtk = gtk2;
+    gtk = gtk3;
   };
 
-  gtk-mac-integration-gtk3 = callPackage ../development/libraries/gtk-mac-integration {
-    gtk = gtk3;
+  gtk-mac-integration-gtk2 = gtk-mac-integration.override {
+    gtk = gtk2;
   };
 
+  gtk-mac-integration-gtk3 = gtk-mac-integration;
+
   gtk-mac-bundler = callPackage ../development/tools/gtk-mac-bundler {};
 
   gtksourceview = gtksourceview3;
@@ -9412,15 +9371,11 @@ with pkgs;
 
   hamlib = callPackage ../development/libraries/hamlib { };
 
-  # TODO : Let admin choose.
-  # We are using mit-krb5 because it is better maintained
-  kerberos = libkrb5;
-
-  heimdalFull = callPackage ../development/libraries/kerberos/heimdal.nix { };
-  libheimdal = heimdalFull.override { type = "lib"; };
+  heimdal = callPackage ../development/libraries/kerberos/heimdal.nix { };
+  libheimdal = heimdal.override { type = "lib"; };
 
   harfbuzz = callPackage ../development/libraries/harfbuzz { };
-  harfbuzz-icu = callPackage ../development/libraries/harfbuzz {
+  harfbuzz-icu = harfbuzz.override {
     withIcu = true;
     withGraphite2 = true;
   };
@@ -9470,7 +9425,7 @@ with pkgs;
 
   hwloc = callPackage ../development/libraries/hwloc {};
 
-  hwloc-nox = callPackage ../development/libraries/hwloc {
+  hwloc-nox = hwloc.override {
     x11Support = false;
   };
 
@@ -9607,10 +9562,11 @@ with pkgs;
 
   kinetic-cpp-client = callPackage ../development/libraries/kinetic-cpp-client { };
 
-  krb5Full = callPackage ../development/libraries/kerberos/krb5.nix {
+  krb5 = callPackage ../development/libraries/kerberos/krb5.nix {
     inherit (darwin) bootstrap_cmds;
   };
-  libkrb5 = krb5Full.override {
+  krb5Full = krb5;
+  libkrb5 = krb5.override {
     fetchurl = fetchurlBoot;
     type = "lib";
   };
@@ -9669,8 +9625,9 @@ with pkgs;
 
   libaom = callPackage ../development/libraries/libaom { };
 
-  libappindicator-gtk2 = callPackage ../development/libraries/libappindicator { gtkVersion = "2"; };
-  libappindicator-gtk3 = callPackage ../development/libraries/libappindicator { gtkVersion = "3"; };
+  libappindicator-gtk2 = libappindicator.override { gtkVersion = "2"; };
+  libappindicator-gtk3 = libappindicator.override { gtkVersion = "3"; };
+  libappindicator = callPackage ../development/libraries/libappindicator { };
 
   libarchive = callPackage ../development/libraries/libarchive { };
 
@@ -9802,18 +9759,16 @@ with pkgs;
 
   libdbi = callPackage ../development/libraries/libdbi { };
 
-  libdbiDriversBase = callPackage ../development/libraries/libdbi-drivers {
+  libdbiDriversBase = libdbiDrivers.override {
     mysql = null;
     sqlite = null;
   };
 
-  libdbiDrivers = libdbiDriversBase.override {
-    inherit sqlite mysql;
-  };
+  libdbiDrivers = callPackage ../development/libraries/libdbi-drivers { };
 
-  libdbusmenu-glib = callPackage ../development/libraries/libdbusmenu { };
-  libdbusmenu-gtk2 = callPackage ../development/libraries/libdbusmenu { gtkVersion = "2"; };
-  libdbusmenu-gtk3 = callPackage ../development/libraries/libdbusmenu { gtkVersion = "3"; };
+  libdbusmenu = callPackage ../development/libraries/libdbusmenu { };
+  libdbusmenu-gtk2 = libdbusmenu.override { gtkVersion = "2"; };
+  libdbusmenu-gtk3 = libdbusmenu.override { gtkVersion = "3"; };
 
   libdbusmenu_qt = callPackage ../development/libraries/libdbusmenu-qt { };
 
@@ -9892,7 +9847,7 @@ with pkgs;
   libfilezilla = callPackage ../development/libraries/libfilezilla { };
 
   libfm = callPackage ../development/libraries/libfm { };
-  libfm-extra = callPackage ../development/libraries/libfm {
+  libfm-extra = libfm.override {
     extraOnly = true;
   };
 
@@ -9937,8 +9892,6 @@ with pkgs;
 
   liblo = callPackage ../development/libraries/liblo { };
 
-  liblrdf = librdf;
-
   liblscp = callPackage ../development/libraries/liblscp { };
 
   libe-book = callPackage ../development/libraries/libe-book {};
@@ -10035,11 +9988,13 @@ with pkgs;
 
   libimobiledevice = callPackage ../development/libraries/libimobiledevice { };
 
-  libindicate-gtk2 = callPackage ../development/libraries/libindicate { gtkVersion = "2"; };
-  libindicate-gtk3 = callPackage ../development/libraries/libindicate { gtkVersion = "3"; };
+  libindicate-gtk2 = libindicate.override { gtkVersion = "2"; };
+  libindicate-gtk3 = libindicate.override { gtkVersion = "3"; };
+  libindicate = callPackage ../development/libraries/libindicate { };
 
-  libindicator-gtk2 = callPackage ../development/libraries/libindicator { gtkVersion = "2"; };
-  libindicator-gtk3 = callPackage ../development/libraries/libindicator { gtkVersion = "3"; };
+  libindicator-gtk2 = libindicator.override { gtkVersion = "2"; };
+  libindicator-gtk3 = libindicator.override { gtkVersion = "3"; };
+  libindicator = callPackage ../development/libraries/libindicator { };
 
   libiodbc = callPackage ../development/libraries/libiodbc {
     useGTK = config.libiodbc.gtk or false;
@@ -10195,7 +10150,7 @@ with pkgs;
   libjpeg_original = callPackage ../development/libraries/libjpeg { };
   libjpeg_turbo = callPackage ../development/libraries/libjpeg-turbo { };
   libjpeg_drop = callPackage ../development/libraries/libjpeg-drop { };
-  libjpeg = if stdenv.isLinux then libjpeg_turbo else libjpeg_original; # some problems, both on FreeBSD and Darwin
+  libjpeg = libjpeg_turbo;
 
   libjreen = callPackage ../development/libraries/libjreen { };
 
@@ -10633,7 +10588,7 @@ with pkgs;
 
   luabind = callPackage ../development/libraries/luabind { lua = lua5_1; };
 
-  luabind_luajit = callPackage ../development/libraries/luabind { lua = luajit; };
+  luabind_luajit = luabind.override { lua = luajit; };
 
   luaffi = callPackage ../development/libraries/luaffi { lua = lua5_1; };
 
@@ -10791,13 +10746,13 @@ with pkgs;
 
   notify-sharp = callPackage ../development/libraries/notify-sharp { };
 
-  ncurses5 = callPackage ../development/libraries/ncurses {
+  ncurses5 = ncurses.override {
     abiVersion = "5";
   };
-  ncurses6 = callPackage ../development/libraries/ncurses {
+  ncurses6 = ncurses.override {
     abiVersion = "6";
   };
-  ncurses = ncurses6;
+  ncurses = callPackage ../development/libraries/ncurses { };
 
   neardal = callPackage ../development/libraries/neardal { };
 
@@ -10871,8 +10826,6 @@ with pkgs;
 
   oobicpl = callPackage ../development/libraries/science/biology/oobicpl { };
 
-  openal = self.openalSoft;
-
   openalSoft = callPackage ../development/libraries/openal-soft {
     inherit (darwin.apple_sdk.frameworks) CoreServices AudioUnit AudioToolbox;
   };
@@ -10881,8 +10834,6 @@ with pkgs;
 
   opencascade = callPackage ../development/libraries/opencascade { };
 
-  opencascade_oce = opencascade;
-
   opencl-headersGen = v: callPackage ../development/libraries/opencl-headers { version = v; };
   opencl-headers_1_2 = opencl-headersGen "12";
   opencl-headers_2_2 = opencl-headersGen "22";
@@ -10911,9 +10862,6 @@ with pkgs;
     enableCuda = false;
   };
 
-  # this ctl version is needed by openexr_viewers
-  openexr_ctl = ctl;
-
   openexr = callPackage ../development/libraries/openexr { };
 
   openexrid-unstable = callPackage ../development/libraries/openexrid-unstable { };
@@ -11059,8 +11007,6 @@ with pkgs;
 
   poker-eval = callPackage ../development/libraries/poker-eval { };
 
-  polarssl = mbedtls;
-
   polkit = callPackage ../development/libraries/polkit { };
 
   polkit_qt4 = callPackage ../development/libraries/polkit-qt-1/qt-4.nix { };
@@ -11072,7 +11018,10 @@ with pkgs;
     introspectionSupport = true;
   });
 
-  poppler_min = poppler.override { # TODO: maybe reduce even more
+  poppler_min = poppler_0_61.override { # TODO: maybe reduce even more
+    # this is currently only used by texlive.bin.
+    # pinned to 0.61 because texlive 2017 doesn't build w/poppler 0.64
+    # TODO: review poppler version for texlive 2018
     minimal = true;
     suffix = "min";
   };
@@ -11128,7 +11077,7 @@ with pkgs;
   qbs = callPackage ../development/tools/build-managers/qbs { };
 
   qca2 = callPackage ../development/libraries/qca2 { qt = qt4; };
-  qca2-qt5 = callPackage ../development/libraries/qca2 { qt = qt5.qtbase; };
+  qca2-qt5 = qca2.override { qt = qt5.qtbase; };
 
   qimageblitz = callPackage ../development/libraries/qimageblitz {};
 
@@ -11295,9 +11244,7 @@ with pkgs;
       withQt5 = true;
     };
 
-    phonon-backend-vlc = callPackage ../development/libraries/phonon/backends/vlc.nix {
-      withQt5 = true;
-    };
+    phonon-backend-vlc = callPackage ../development/libraries/phonon/backends/vlc.nix { };
 
     polkit-qt = callPackage ../development/libraries/polkit-qt-1/qt-5.nix { };
 
@@ -11332,11 +11279,7 @@ with pkgs;
 
     telepathy = callPackage ../development/libraries/telepathy/qt { };
 
-    vlc = lowPrio (callPackage ../applications/video/vlc {
-      qt4 = null;
-      withQt5 = true;
-      ffmpeg = ffmpeg_2;
-    });
+    vlc = callPackage ../applications/video/vlc {};
 
     qtwebkit-plugins = callPackage ../development/libraries/qtwebkit-plugins { };
 
@@ -11419,8 +11362,6 @@ with pkgs;
 
   qrupdate = callPackage ../development/libraries/qrupdate { };
 
-  redland = pkgs.librdf_redland;
-
   resolv_wrapper = callPackage ../development/libraries/resolv_wrapper { };
 
   rhino = callPackage ../development/libraries/java/rhino {
@@ -11593,7 +11534,6 @@ with pkgs;
   speechd = callPackage ../development/libraries/speechd { };
 
   speech-tools = callPackage ../development/libraries/speech-tools {};
-  speech_tools = speech-tools;
 
   speex = callPackage ../development/libraries/speex {
     fftw = fftwFloat;
@@ -11657,17 +11597,16 @@ with pkgs;
 
   subtitleeditor = callPackage ../applications/video/subtitleeditor { };
 
-  suil-qt4 = callPackage ../development/libraries/audio/suil {
-    withQt4 = true;
-    withQt5 = false;
-  };
+  suil = callPackage ../development/libraries/audio/suil { };
 
-  suil-qt5 = callPackage ../development/libraries/audio/suil {
+  suil-qt5 = suil.override {
     withQt4 = false;
     withQt5 = true;
   };
-
-  suil = suil-qt4;
+  suil-qt4 = suil.override {
+    withQt4 = true;
+    withQt5 = false;
+  };
 
   sundials = callPackage ../development/libraries/sundials { };
 
@@ -12062,7 +12001,7 @@ with pkgs;
 
   zlog = callPackage ../development/libraries/zlog { };
 
-  zlibStatic = lowPrio (appendToName "static" (callPackage ../development/libraries/zlib {
+  zlibStatic = lowPrio (appendToName "static" (zlib.override {
     static = true;
   }));
 
@@ -12368,8 +12307,6 @@ with pkgs;
     java = jdk;
   };
 
-  fuseki = apache-jena-fuseki;
-
   apcupsd = callPackage ../servers/apcupsd { };
 
   asterisk = asterisk-stable;
@@ -12391,7 +12328,6 @@ with pkgs;
     bird bird6 bird2;
 
   bosun = callPackage ../servers/monitoring/bosun { };
-  scollector = bosun;
 
   cayley = callPackage ../servers/cayley { };
 
@@ -12464,8 +12400,6 @@ with pkgs;
     v8 = v8_6_x;
   };
 
-  etcdctl = etcd;
-
   exim = callPackage ../servers/mail/exim { };
 
   facette = callPackage ../servers/monitoring/facette { };
@@ -12479,7 +12413,7 @@ with pkgs;
   fingerd_bsd = callPackage ../servers/fingerd/bsd-fingerd { };
 
   firebird = callPackage ../servers/firebird { icu = null; stdenv = overrideCC stdenv gcc5; };
-  firebirdSuper = callPackage ../servers/firebird { icu = icu58; superServer = true; stdenv = overrideCC stdenv gcc5; };
+  firebirdSuper = firebird.override { icu = icu58; superServer = true; stdenv = overrideCC stdenv gcc5; };
 
   foswiki = callPackage ../servers/foswiki { };
 
@@ -12594,12 +12528,10 @@ with pkgs;
     modules = [ nginxModules.dav nginxModules.moreheaders ];
   };
 
-  nginxUnstable = nginxMainline;
-
   nginxModules = callPackage ../servers/http/nginx/modules.nix { };
 
   # We should move to dynmaic modules and create a nginxFull package with all modules
-  nginxShibboleth = callPackage ../servers/http/nginx/stable.nix {
+  nginxShibboleth = nginxStable.override {
     modules = [ nginxModules.rtmp nginxModules.dav nginxModules.moreheaders nginxModules.shibboleth ];
   };
 
@@ -12653,13 +12585,11 @@ with pkgs;
 
   # PulseAudio daemons
 
-  # Name is changed to prevent use in packages;
-  # please use libpulseaudio instead.
-  pulseaudioLight = callPackage ../servers/pulseaudio {
+  pulseaudio = callPackage ../servers/pulseaudio {
     inherit (darwin.apple_sdk.frameworks) CoreServices AudioUnit Cocoa;
   };
 
-  pulseaudioFull = callPackage ../servers/pulseaudio {
+  pulseaudioFull = pulseaudio.override {
     gconf = gnome3.gconf;
     x11Support = true;
     jackaudioSupport = true;
@@ -12672,8 +12602,7 @@ with pkgs;
   };
 
   # libpulse implementations
-
-  libpulseaudio-vanilla = callPackage ../servers/pulseaudio {
+  libpulseaudio-vanilla = pulseaudio.override {
     libOnly = true;
     inherit (darwin.apple_sdk.frameworks) CoreServices AudioUnit Cocoa;
   };
@@ -12737,8 +12666,6 @@ with pkgs;
     boost = boost159;
   };
 
-  mysql = mariadb;
-
   mysql_jdbc = callPackage ../servers/sql/mysql/jdbc { };
 
   nagios = callPackage ../servers/monitoring/nagios { };
@@ -12746,7 +12673,6 @@ with pkgs;
   munin = callPackage ../servers/monitoring/munin { };
 
   monitoring-plugins = callPackage ../servers/monitoring/plugins { };
-  nagiosPluginsOfficial = monitoring-plugins;
 
   inherit (callPackage ../servers/monitoring/plugins/labs_consol_de.nix { inherit (perlPackages) NetSNMP; })
     check-nwc-health
@@ -12783,8 +12709,8 @@ with pkgs;
   qboot = callPackage ../applications/virtualization/qboot { stdenv = stdenv_32bit; };
 
   OVMF = callPackage ../applications/virtualization/OVMF { seabios = null; openssl = null; };
-  OVMF-CSM = callPackage ../applications/virtualization/OVMF { openssl = null; };
-  #WIP: OVMF-secureBoot = callPackage ../applications/virtualization/OVMF { seabios = null; secureBoot = true; };
+  OVMF-CSM = OVMF.override { openssl = null; };
+  #WIP: OVMF-secureBoot = OVMF.override { seabios = null; secureBoot = true; };
 
   seabios = callPackage ../applications/virtualization/seabios { };
 
@@ -12903,7 +12829,6 @@ with pkgs;
 
   deadpixi-sam-unstable = callPackage ../applications/editors/deadpixi-sam { };
   deadpixi-sam = deadpixi-sam-unstable;
-  sam = deadpixi-sam;
 
   samba3 = callPackage ../servers/samba/3.x.nix { };
 
@@ -12915,8 +12840,6 @@ with pkgs;
 
   samba = samba4;
 
-  smbclient = samba;
-
   # A lightweight Samba 3, useful for non-Linux-based OSes.
   samba3_light = lowPrio (samba3.override {
     pam = null;
@@ -12980,10 +12903,6 @@ with pkgs;
   storm = callPackage ../servers/computing/storm { };
 
   slurm = callPackage ../servers/computing/slurm { gtk2 = null; };
-  slurm-llnl = slurm; # renamed July 2017
-
-  slurm-full = appendToName "full" (callPackage ../servers/computing/slurm { });
-  slurm-llnl-full = slurm-full; # renamed July 2017
 
   slurm-spank-x11 = callPackage ../servers/computing/slurm-spank-x11 { };
 
@@ -13128,7 +13047,6 @@ with pkgs;
   atop = callPackage ../os-specific/linux/atop { };
 
   audit = callPackage ../os-specific/linux/audit { };
-  libaudit = audit;
 
   b43Firmware_5_1_138 = callPackage ../os-specific/linux/firmware/b43-firmware/5.1.138.nix { };
 
@@ -13194,8 +13112,6 @@ with pkgs;
   # `.override` clobbered. C.F. `llvmPackages` which does the same.
   darwin = callPackage ./darwin-packages.nix { };
 
-  devicemapper = lvm2;
-
   disk_indicator = callPackage ../os-specific/linux/disk-indicator { };
 
   displaylink = callPackage ../os-specific/linux/displaylink {
@@ -13257,10 +13173,10 @@ with pkgs;
 
   fatrace = callPackage ../os-specific/linux/fatrace { };
 
-  ffadoFull = callPackage ../os-specific/linux/ffado {
+  ffado = callPackage ../os-specific/linux/ffado {
     inherit (python2Packages) python pyqt4 dbus-python;
   };
-  libffado = ffadoFull.override { prefix = "lib"; };
+  libffado = ffado.override { prefix = "lib"; };
 
   fbterm = callPackage ../os-specific/linux/fbterm { };
 
@@ -13355,7 +13271,7 @@ with pkgs;
   iwd = callPackage ../os-specific/linux/iwd { };
 
   jfbview = callPackage ../os-specific/linux/jfbview { };
-  jfbpdf = callPackage ../os-specific/linux/jfbview {
+  jfbpdf = jfbview.override {
     imageSupport = false;
   };
 
@@ -13800,8 +13716,6 @@ with pkgs;
 
   kmod-debian-aliases = callPackage ../os-specific/linux/kmod-debian-aliases { };
 
-  kvm = qemu_kvm;
-
   libcap = callPackage ../os-specific/linux/libcap { };
 
   libcap_ng = callPackage ../os-specific/linux/libcap-ng {
@@ -13842,14 +13756,6 @@ with pkgs;
   musl-fts = callPackage ../os-specific/linux/musl/fts.nix { };
   musl-getconf = callPackage ../os-specific/linux/musl/getconf.nix { };
   musl-getent = callPackage ../os-specific/linux/musl/getent.nix { };
-  getent =
-    if hostPlatform.isMusl then musl-getent
-    # This may not be right on other platforms, but preserves existing behavior
-    else /* if hostPlatform.libc == "glibc" then */ glibc.bin;
-
-  getconf =
-    if hostPlatform.isMusl then musl-getconf
-    else lib.getBin stdenv.cc.libc;
 
   nettools = if stdenv.isLinux then callPackage ../os-specific/linux/net-tools { }
              else unixtools.nettools;
@@ -13983,8 +13889,6 @@ with pkgs;
 
   prayer = callPackage ../servers/prayer { };
 
-  procps = procps-ng;
-
   procps-ng = if stdenv.isLinux then callPackage ../os-specific/linux/procps-ng { }
               else unixtools.procps;
 
@@ -14075,10 +13979,6 @@ with pkgs;
     inherit (gnome2) libglade;
   };
 
-  # Provided with sysfsutils.
-  libsysfs = sysfsutils;
-  systool = sysfsutils;
-
   sysklogd = callPackage ../os-specific/linux/sysklogd { };
 
   syslinux = callPackage ../os-specific/linux/syslinux { };
@@ -14102,7 +14002,7 @@ with pkgs;
 
   sysvinit = callPackage ../os-specific/linux/sysvinit { };
 
-  sysvtools = callPackage ../os-specific/linux/sysvinit {
+  sysvtools = sysvinit.override {
     withoutInitTools = true;
   };
 
@@ -14154,9 +14054,6 @@ with pkgs;
     stdenv = crossLibcStdenv;
   };
 
-  udev = systemd;
-  libudev = udev;
-
   eudev = callPackage ../os-specific/linux/eudev {};
 
   libudev0-shim = callPackage ../os-specific/linux/libudev0-shim/default.nix { };
@@ -14364,10 +14261,6 @@ with pkgs;
     docbook_xsl
     docbook_xsl_ns;
 
-  docbook_xml_xslt = docbook_xsl;
-
-  docbook5_xsl = docbook_xsl_ns;
-
   documentation-highlighter = callPackage ../misc/documentation-highlighter { };
 
   cabin = callPackage ../data/fonts/cabin { };
@@ -15198,7 +15091,7 @@ with pkgs;
   };
 
   codeblocks = callPackage ../applications/editors/codeblocks { };
-  codeblocksFull = callPackage ../applications/editors/codeblocks { contribPlugins = true; };
+  codeblocksFull = codeblocks.override { contribPlugins = true; };
 
   comical = callPackage ../applications/graphics/comical { };
 
@@ -15307,8 +15200,6 @@ with pkgs;
     inherit (python3Packages) buildPythonApplication requests;
   };
 
-  dmtx = dmtx-utils;
-
   dmtx-utils = callPackage (callPackage ../tools/graphics/dmtx-utils) {
   };
 
@@ -15438,9 +15329,6 @@ with pkgs;
       ImageCaptureCore GSS ImageIO;
   };
 
-  # for backwards compatibility
-  emacs25Macport_25_1 = emacs25Macport;
-
   emacsPackagesGen = emacs: self: let callPackage = newScope self; in rec {
     inherit emacs;
 
@@ -15675,7 +15563,6 @@ with pkgs;
   keepass-keepasshttp = callPackage ../applications/misc/keepass-plugins/keepasshttp { };
 
   keepass-keepassrpc = callPackage ../applications/misc/keepass-plugins/keepassrpc { };
-  keepass-keefox = keepass-keepassrpc; # backwards compatibility alias, added 2018-02
 
   exrdisplay = callPackage ../applications/graphics/exrdisplay { };
 
@@ -15697,9 +15584,9 @@ with pkgs;
 
   fldigi = callPackage ../applications/audio/fldigi { };
 
-  flink = flink_1_4;
-  flink_1_3 = callPackage ../applications/networking/cluster/flink { version = "1.3"; };
-  flink_1_4 = callPackage ../applications/networking/cluster/flink { version = "1.4"; };
+  flink = callPackage ../applications/networking/cluster/flink { };
+  flink_1_3 = flink.override { version = "1.3"; };
+  flink_1_4 = flink.override { version = "1.4"; };
 
   fluidsynth = callPackage ../applications/audio/fluidsynth {
      inherit (darwin.apple_sdk.frameworks) AudioUnit CoreAudio CoreMIDI CoreServices;
@@ -15832,19 +15719,16 @@ with pkgs;
 
   welle-io = libsForQt5.callPackage ../applications/misc/welle-io { };
 
-  wireshark-cli = callPackage ../applications/networking/sniffers/wireshark {
-    withQt = false;
+  wireshark = callPackage ../applications/networking/sniffers/wireshark {
+    withQt = true;
     withGtk = false;
     inherit (darwin.apple_sdk.frameworks) ApplicationServices SystemConfiguration;
   };
-
-  # the cli binary is actually called tshark and often packaged under this name
-  tshark = wireshark-cli;
+  wireshark-qt = wireshark;
 
   # The GTK UI is deprecated by upstream. You probably want the QT version.
-  wireshark-gtk = wireshark-cli.override { withGtk = true; };
-  wireshark-qt = wireshark-cli.override { withQt = true; };
-  wireshark = wireshark-qt;
+  wireshark-gtk = wireshark.override { withGtk = true; };
+  wireshark-cli = wireshark.override { withGtk = false; withQt = false; };
 
   fbida = callPackage ../applications/graphics/fbida { };
 
@@ -15865,11 +15749,14 @@ with pkgs;
   });
 
   firefox-unwrapped = firefoxPackages.firefox;
-  firefox-esr-unwrapped = firefoxPackages.firefox-esr;
+  firefox-esr-52-unwrapped = firefoxPackages.firefox-esr-52;
+  firefox-esr-60-unwrapped = firefoxPackages.firefox-esr-60;
   tor-browser-unwrapped = firefoxPackages.tor-browser;
 
   firefox = wrapFirefox firefox-unwrapped { };
-  firefox-esr = wrapFirefox firefox-esr-unwrapped { };
+  firefox-esr-52 = wrapFirefox firefox-esr-52-unwrapped { };
+  firefox-esr-60 = wrapFirefox firefox-esr-60-unwrapped { };
+  firefox-esr = firefox-esr-60;
 
   firefox-bin-unwrapped = callPackage ../applications/networking/browsers/firefox-bin {
     channel = "release";
@@ -15886,7 +15773,7 @@ with pkgs;
     desktopName = "Firefox";
   };
 
-  firefox-beta-bin-unwrapped = callPackage ../applications/networking/browsers/firefox-bin {
+  firefox-beta-bin-unwrapped = firefox-bin-unwrapped.override {
     channel = "beta";
     generated = import ../applications/networking/browsers/firefox-bin/beta_sources.nix;
     gconf = pkgs.gnome2.GConf;
@@ -16124,7 +16011,7 @@ with pkgs;
   };
 
   graphicsmagick = callPackage ../applications/graphics/graphicsmagick { };
-  graphicsmagick_q16 = callPackage ../applications/graphics/graphicsmagick { quantumdepth = 16; };
+  graphicsmagick_q16 = graphicsmagick.override { quantumdepth = 16; };
 
   graphicsmagick-imagemagick-compat = callPackage ../applications/graphics/graphicsmagick/compat.nix { };
 
@@ -16366,13 +16253,12 @@ with pkgs;
     libwebp = null;
   };
 
-  imagemagick = imagemagickBig.override {
+  imagemagick = callPackage ../applications/graphics/ImageMagick {
+    inherit (darwin.apple_sdk.frameworks) ApplicationServices;
     ghostscript = null;
   };
 
-  imagemagickBig = callPackage ../applications/graphics/ImageMagick {
-    inherit (darwin.apple_sdk.frameworks) ApplicationServices;
-  };
+  imagemagickBig = imagemagick.override { inherit ghostscript; };
 
   imagemagick7_light = lowPrio (imagemagick7.override {
     bzip2 = null;
@@ -16628,58 +16514,39 @@ with pkgs;
   libowfat = callPackage ../development/libraries/libowfat { };
 
   librecad = callPackage ../applications/misc/librecad { };
-  librecad2 = librecad;  # backwards compatibility alias, added 2015-10
 
   libreoffice = hiPrio libreoffice-still;
 
-  libreoffice-fresh = lowPrio (callPackage ../applications/office/libreoffice/wrapper.nix
-    { libreoffice = callPackage ../applications/office/libreoffice {
-      inherit (perlPackages) ArchiveZip CompressZlib;
-      inherit (gnome2) GConf ORBit2 gnome_vfs;
-      inherit (gnome3) defaultIconTheme;
-      zip = zip.override { enableNLS = false; };
-      fontsConf = makeFontsConf {
-        fontDirectories = [
-          carlito dejavu_fonts
-          freefont_ttf xorg.fontmiscmisc
-          liberation_ttf_v1_binary
-          liberation_ttf_v2_binary
-        ];
-      };
-      clucene_core = clucene_core_2;
-      lcms = lcms2;
-      harfbuzz = harfbuzz.override {
-        withIcu = true; withGraphite2 = true;
-      };
-      # checking whether g++ supports C++14 or C++11... configure: error: no
-      # Still relevant: 2018-04-13
-      stdenv = overrideCC stdenv gcc5;
-  };});
-
-  libreoffice-still = lowPrio (callPackage ../applications/office/libreoffice/wrapper.nix
-    { libreoffice = callPackage ../applications/office/libreoffice/still.nix {
-      inherit (perlPackages) ArchiveZip CompressZlib;
-      inherit (gnome2) GConf ORBit2 gnome_vfs;
-      inherit (gnome3) defaultIconTheme;
-      zip = zip.override { enableNLS = false; };
+  libreoffice-unwrapped =callPackage ../applications/office/libreoffice {
+    inherit (perlPackages) ArchiveZip CompressZlib;
+    inherit (gnome2) GConf ORBit2 gnome_vfs;
+    inherit (gnome3) defaultIconTheme;
+    zip = zip.override { enableNLS = false; };
+    fontsConf = makeFontsConf {
+      fontDirectories = [
+        carlito dejavu_fonts
+        freefont_ttf xorg.fontmiscmisc
+        liberation_ttf_v1_binary
+        liberation_ttf_v2_binary
+      ];
+    };
+    clucene_core = clucene_core_2;
+    lcms = lcms2;
+    harfbuzz = harfbuzz.override {
+      withIcu = true; withGraphite2 = true;
+    };
+    # checking whether g++ supports C++14 or C++11... configure: error: no
+    # Still relevant: 2018-04-13
+    stdenv = overrideCC stdenv gcc5;
+  };
+
+  libreoffice-fresh = lowPrio (callPackage ../applications/office/libreoffice/wrapper.nix { libreoffice = libreoffice-unwrapped; });
+
+  libreoffice-still = lowPrio (callPackage ../applications/office/libreoffice/wrapper.nix {
+    libreoffice = libreoffice-unwrapped.override {
       poppler = poppler_0_61;
-      fontsConf = makeFontsConf {
-        fontDirectories = [
-          carlito dejavu_fonts
-          freefont_ttf xorg.fontmiscmisc
-          liberation_ttf_v1_binary
-          liberation_ttf_v2_binary
-        ];
-      };
-      clucene_core = clucene_core_2;
-      lcms = lcms2;
-      harfbuzz = harfbuzz.override {
-        withIcu = true; withGraphite2 = true;
-      };
-      # checking whether g++ supports C++14 or C++11... configure: error: no
-      # Still relevant: 2018-04-13; gcc6 is not enough!
-      stdenv = overrideCC stdenv gcc5;
-  };});
+    };
+  });
 
   liferea = callPackage ../applications/networking/newsreaders/liferea {
     inherit (gnome3) libpeas gsettings-desktop-schemas dconf;
@@ -17046,7 +16913,7 @@ with pkgs;
       libsForQt5.callPackage ../applications/audio/musescore { };
 
   mutt = callPackage ../applications/networking/mailreaders/mutt { };
-  mutt-with-sidebar = callPackage ../applications/networking/mailreaders/mutt {
+  mutt-with-sidebar = mutt.override {
     withSidebar = true;
   };
 
@@ -18412,15 +18279,9 @@ with pkgs;
 
   vkeybd = callPackage ../applications/audio/vkeybd {};
 
-  vlc = callPackage ../applications/video/vlc {
-    ffmpeg = ffmpeg_2;
-  };
-
-  vlc_npapi = callPackage ../applications/video/vlc/plugin.nix {
-    gtk = gtk2;
-  };
+  vlc = libsForQt5.vlc;
 
-  vlc_qt5 = libsForQt5.vlc;
+  vlc_qt5 = vlc;
 
   vmpk = callPackage ../applications/audio/vmpk { };
 
@@ -18491,7 +18352,7 @@ with pkgs;
 
   weechat-xmpp = callPackage ../applications/networking/instant-messengers/weechat-xmpp {};
 
-  westonLite = callPackage ../applications/window-managers/weston {
+  westonLite = weston.override {
     pango = null;
     freerdp = null;
     libunwind = null;
@@ -18672,15 +18533,12 @@ with pkgs;
   };
 
   kodiPlain = callPackage ../applications/video/kodi { };
-  xbmcPlain = kodiPlain;
 
   kodiPlugins = recurseIntoAttrs (callPackage ../applications/video/kodi/plugins.nix {});
-  xbmcPlugins = kodiPlugins;
 
   kodi = wrapKodi {
     kodi = kodiPlain;
   };
-  xbmc = kodi;
 
   kodi-retroarch-advanced-launchers =
     callPackage ../misc/emulators/retroarch/kodi-advanced-launchers.nix {
@@ -18789,21 +18647,21 @@ with pkgs;
     packages = self: [];
   };
 
-  xmonad_log_applet_gnome2 = callPackage ../applications/window-managers/xmonad/log-applet {
+  xmonad_log_applet_gnome2 = xmonad_log_applet.override {
     desktopSupport = "gnome2";
     inherit (xfce) libxfce4util xfce4-panel;
     gnome2_panel = gnome2.gnome_panel;
     GConf2 = gnome2.GConf;
   };
 
-  xmonad_log_applet_gnome3 = callPackage ../applications/window-managers/xmonad/log-applet {
+  xmonad_log_applet = callPackage ../applications/window-managers/xmonad/log-applet {
     desktopSupport = "gnome3";
     inherit (xfce) libxfce4util xfce4-panel;
     gnome2_panel = gnome2.gnome_panel;
     GConf2 = gnome2.GConf;
   };
 
-  xmonad_log_applet_xfce = callPackage ../applications/window-managers/xmonad/log-applet {
+  xmonad_log_applet_xfce = xmonad_log_applet.override {
     desktopSupport = "xfce4";
     inherit (xfce) libxfce4util xfce4-panel;
     gnome2_panel = gnome2.gnome_panel;
@@ -19077,10 +18935,6 @@ with pkgs;
     physfs = physfs_2;
   };
 
-  # these are here for compatibility
-  d1x_rebirth = dxx-rebirth;
-  d2x_rebirth = dxx-rebirth;
-
   inherit (callPackages ../games/dxx-rebirth/assets.nix { })
     descent1-assets
     descent2-assets;
@@ -19113,13 +18967,13 @@ with pkgs;
 
   factorio = callPackage ../games/factorio { releaseType = "alpha"; };
 
-  factorio-experimental = callPackage ../games/factorio { releaseType = "alpha"; experimental = true; };
+  factorio-experimental = factorio.override { releaseType = "alpha"; experimental = true; };
 
-  factorio-headless = callPackage ../games/factorio { releaseType = "headless"; };
+  factorio-headless = factorio.override { releaseType = "headless"; };
 
-  factorio-headless-experimental = callPackage ../games/factorio { releaseType = "headless"; experimental = true; };
+  factorio-headless-experimental = factorio.override { releaseType = "headless"; experimental = true; };
 
-  factorio-demo = callPackage ../games/factorio { releaseType = "demo"; };
+  factorio-demo = factorio.override { releaseType = "demo"; };
 
   factorio-mods = callPackage ../games/factorio/mods.nix { };
 
@@ -19139,7 +18993,7 @@ with pkgs;
 
   freeciv = callPackage ../games/freeciv { };
 
-  freeciv_gtk = callPackage ../games/freeciv {
+  freeciv_gtk = freeciv.override {
     gtkClient = true;
     sdlClient = false;
   };
@@ -19351,7 +19205,7 @@ with pkgs;
 
   pokerth = callPackage ../games/pokerth { };
 
-  pokerth-server = with callPackage ../games/pokerth { }; server;
+  pokerth-server = pokerth.server;
 
   prboom = callPackage ../games/prboom { };
 
@@ -19620,7 +19474,7 @@ with pkgs;
     lua = lua5_2;
   };
 
-  worldofgoo_demo = callPackage ../games/worldofgoo {
+  worldofgoo_demo = worldofgoo.override {
     demo = true;
   };
 
@@ -19996,9 +19850,9 @@ with pkgs;
   # and with or without atlas as a dependency. The default `liblapack` is 3.4.1
   # with atlas. Atlas, when built with liblapack as a dependency, uses 3.5.0
   # without atlas. Etc.
-  liblapackWithAtlas = callPackage ../development/libraries/science/math/liblapack {};
+  liblapack = callPackage ../development/libraries/science/math/liblapack {};
   liblapackWithoutAtlas = liblapackWithAtlas.override { atlas = null; };
-  liblapack = liblapackWithAtlas;
+  liblapackWithAtlas = liblapack;
 
   liblbfgs = callPackage ../development/libraries/science/math/liblbfgs { };
 
@@ -20085,21 +19939,21 @@ with pkgs;
     cmake = cmakeCurses;
   };
 
-  gromacsMpi = lowPrio (callPackage ../applications/science/molecular-dynamics/gromacs {
+  gromacsMpi = lowPrio (gromacs.override {
     singlePrec = true;
     mpiEnabled = true;
     fftw = fftwSinglePrec;
     cmake = cmakeCurses;
   });
 
-  gromacsDouble = lowPrio (callPackage ../applications/science/molecular-dynamics/gromacs {
+  gromacsDouble = lowPrio (gromacs.override {
     singlePrec = false;
     mpiEnabled = false;
     fftw = fftw;
     cmake = cmakeCurses;
   });
 
-  gromacsDoubleMpi = lowPrio (callPackage ../applications/science/molecular-dynamics/gromacs {
+  gromacsDoubleMpi = lowPrio (gromacs.override {
     singlePrec = false;
     mpiEnabled = true;
     fftw = fftw;
@@ -20380,7 +20234,7 @@ with pkgs;
   maxima = callPackage ../applications/science/math/maxima {
     ecl = null;
   };
-  maxima-ecl = callPackage ../applications/science/math/maxima {
+  maxima-ecl = maxima.override {
     ecl = ecl_16_1_2;
     ecl-fasl = true;
     sbcl = null;
@@ -20537,7 +20391,7 @@ with pkgs;
   thepeg = callPackage ../development/libraries/physics/thepeg { };
 
   yoda = callPackage ../development/libraries/physics/yoda { };
-  yoda-with-root = lowPrio (callPackage ../development/libraries/physics/yoda {
+  yoda-with-root = lowPrio (yoda.override {
     withRootSupport = true;
   });
 
@@ -20758,11 +20612,11 @@ with pkgs;
   # using the new configuration style proposal which is unstable
   jack1 = callPackage ../misc/jackaudio/jack1.nix { };
 
-  jack2Full = callPackage ../misc/jackaudio {
+  jack2 = callPackage ../misc/jackaudio {
     libopus = libopus.override { withCustomModes = true; };
     inherit (darwin.apple_sdk.frameworks) AudioToolbox CoreAudio CoreFoundation;
   };
-  libjack2 = jack2Full.override { prefix = "lib"; };
+  libjack2 = jack2.override { prefix = "lib"; };
 
   keynav = callPackage ../tools/X11/keynav { };
 
@@ -20826,7 +20680,7 @@ with pkgs;
   nix-diff = haskell.lib.justStaticExecutables haskellPackages.nix-diff;
 
   nix-info = callPackage ../tools/nix/info { };
-  nix-info-tested = callPackage ../tools/nix/info { doCheck = true; };
+  nix-info-tested = nix-info.override { doCheck = true; };
 
   nix-index = callPackage ../tools/package-management/nix-index { };
 
@@ -21356,10 +21210,10 @@ with pkgs;
 
   spdlog = callPackage ../development/libraries/spdlog { };
 
-  dart = dart_stable;
-  dart_old = callPackage ../development/interpreters/dart { version = "1.16.1"; };
-  dart_stable = callPackage ../development/interpreters/dart { version = "1.24.3"; };
-  dart_dev = callPackage ../development/interpreters/dart { version = "2.0.0-dev.26.0"; };
+  dart = callPackage ../development/interpreters/dart { };
+  dart_stable = dart.override { version = "1.24.3"; };
+  dart_old = dart.override { version = "1.16.1"; };
+  dart_dev = dart.override { version = "2.0.0-dev.26.0"; };
 
   httrack = callPackage ../tools/backup/httrack { };
 
@@ -21470,7 +21324,8 @@ with pkgs;
   # Unix tools
   unixtools = recurseIntoAttrs (callPackages ./unix-tools.nix { });
   inherit (unixtools) hexdump ps logger eject umount
-                      mount wall hostname more sysctl;
+                      mount wall hostname more sysctl getconf
+                      getent;
 
   inherit (recurseIntoAttrs (callPackages ../os-specific/bsd { }))
           netbsd;
diff --git a/pkgs/top-level/lua-packages.nix b/pkgs/top-level/lua-packages.nix
index e6ec2f8ed9d..41debeefc89 100644
--- a/pkgs/top-level/lua-packages.nix
+++ b/pkgs/top-level/lua-packages.nix
@@ -438,6 +438,8 @@ let
       );
     '';
 
+    doCheck = false; # fails to find itself
+
     installTargets = [ "install" "install-unix" ];
 
     meta = with stdenv.lib; {
diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix
index 9a23eff2e7f..509cb405ff6 100644
--- a/pkgs/top-level/perl-packages.nix
+++ b/pkgs/top-level/perl-packages.nix
@@ -17232,10 +17232,10 @@ let self = _self // overrides; _self = with self; {
   };
 
   URI = buildPerlPackage rec {
-    name = "URI-1.73";
+    name = "URI-1.74";
     src = fetchurl {
       url = "mirror://cpan/authors/id/E/ET/ETHER/${name}.tar.gz";
-      sha256 = "cca7ab4a6f63f3ccaacae0f2e1337e8edf84137e73f18548ec7d659f23efe413";
+      sha256 = "a9c254f45f89cb1dd946b689dfe433095404532a4543bdaab0b71ce0fdcdd53d";
     };
     buildInputs = [ TestNeeds ];
     meta = {
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index c9033c3d825..0d8894a7b0b 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -2087,6 +2087,8 @@ in {
 
   demjson = callPackage ../development/python-modules/demjson { };
 
+  deprecation = callPackage ../development/python-modules/deprecation { };
+
   derpconf = callPackage ../development/python-modules/derpconf { };
 
   deskcon = self.buildPythonPackage rec {
@@ -14326,25 +14328,7 @@ in {
 
   TurboCheetah = callPackage ../development/python-modules/TurboCheetah { };
 
-  tweepy = buildPythonPackage (rec {
-    name = "tweepy-3.5.0";
-
-    src = pkgs.fetchurl {
-      url = "mirror://pypi/t/tweepy/${name}.tar.gz";
-      sha256 = "0n2shilamgwhzmvf534xg7f6hrnznbixyl5pw2f5a3f391gwy37h";
-    };
-
-    doCheck = false;
-    propagatedBuildInputs = with self; [ requests six requests_oauthlib ];
-
-    meta = {
-      homepage = "https://github.com/tweepy/tweepy";
-      description = "Twitter library for python";
-      license = licenses.mit;
-      maintainers = with maintainers; [ garbas ];
-      platforms = platforms.linux;
-    };
-  });
+  tweepy = callPackage ../development/python-modules/tweepy { };
 
   twiggy = buildPythonPackage rec {
     name = "Twiggy-${version}";
diff --git a/pkgs/top-level/release.nix b/pkgs/top-level/release.nix
index efced59ad91..b4eeef1f3de 100644
--- a/pkgs/top-level/release.nix
+++ b/pkgs/top-level/release.nix
@@ -43,7 +43,7 @@ let
               jobs.ghc.x86_64-darwin
               jobs.git.x86_64-darwin
               jobs.go.x86_64-darwin
-              jobs.mysql.x86_64-darwin
+              jobs.mariadb.x86_64-darwin
               jobs.nix-repl.x86_64-darwin
               jobs.nix.x86_64-darwin
               jobs.nox.x86_64-darwin
@@ -99,7 +99,7 @@ let
               jobs.thunderbird.x86_64-linux
               # Ensure that basic stuff works on darwin
               jobs.git.x86_64-darwin
-              jobs.mysql.x86_64-darwin
+              jobs.mariadb.x86_64-darwin
               jobs.vim.x86_64-darwin
               # Ensure that UI stuff works on darwin
               jobs.inkscape.x86_64-darwin
diff --git a/pkgs/top-level/stage.nix b/pkgs/top-level/stage.nix
index de676c5a421..e38f5442d3a 100644
--- a/pkgs/top-level/stage.nix
+++ b/pkgs/top-level/stage.nix
@@ -97,7 +97,8 @@ let
       res self;
     in res;
 
-  aliases = self: super: import ./aliases.nix super;
+  aliases = self: super: if config.skipAliases or false then {}
+                         else import ./aliases.nix super;
 
   # stdenvOverrides is used to avoid having multiple of versions
   # of certain dependencies that were used in bootstrapping the
diff --git a/pkgs/top-level/unix-tools.nix b/pkgs/top-level/unix-tools.nix
index 36fba3fbd47..c42cf8aa026 100644
--- a/pkgs/top-level/unix-tools.nix
+++ b/pkgs/top-level/unix-tools.nix
@@ -1,4 +1,5 @@
-{ pkgs, buildEnv, runCommand, hostPlatform, lib }:
+{ pkgs, buildEnv, runCommand, hostPlatform, lib
+, stdenv }:
 
 # These are some unix tools that are commonly included in the /usr/bin
 # and /usr/sbin directory under more normal distributions. Along with
@@ -46,6 +47,16 @@ let
     eject = {
       linux = pkgs.utillinux;
     };
+    getconf = {
+      linux = if hostPlatform.isMusl then pkgs.musl-getconf
+              else lib.getBin stdenv.cc.libc;
+      darwin = pkgs.darwin.system_cmds;
+    };
+    getent = {
+      linux = if hostPlatform.isMusl then pkgs.musl-getent
+              # This may not be right on other platforms, but preserves existing behavior
+              else /* if hostPlatform.libc == "glibc" then */ pkgs.glibc.bin;
+    };
     getopt = {
       linux = pkgs.utillinux;
       darwin = pkgs.getopt;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-03 20:42:39 +0000