diff options
175 files changed, 5730 insertions, 530 deletions
diff --git a/doc/languages-frameworks/python.section.md b/doc/languages-frameworks/python.section.md index 7a48bbaeeee..d291b44c309 100644 --- a/doc/languages-frameworks/python.section.md +++ b/doc/languages-frameworks/python.section.md @@ -973,7 +973,7 @@ stdenv.mkDerivation { # the following packages are related to the dependencies of your python # project. # In this particular example the python modules listed in the - # requirements.tx require the following packages to be installed locally + # requirements.txt require the following packages to be installed locally # in order to compile any binary extensions they may require. # taglib diff --git a/lib/default.nix b/lib/default.nix index 4ca2e2ea6e3..c1a4a1e39a8 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -56,10 +56,10 @@ let hasAttr head isAttrs isBool isInt isList isString length lessThan listToAttrs pathExists readFile replaceStrings seq stringLength sub substring tail; - inherit (trivial) id const concat or and boolToString mergeAttrs - flip mapNullable inNixShell min max importJSON warn info - nixpkgsVersion version mod compare splitByAndCompare - functionArgs setFunctionArgs isFunction; + inherit (trivial) id const concat or and bitAnd bitOr bitXor bitNot + boolToString mergeAttrs flip mapNullable inNixShell min max + importJSON warn info nixpkgsVersion version mod compare + splitByAndCompare functionArgs setFunctionArgs isFunction; inherit (fixedPoints) fix fix' extends composeExtensions makeExtensible makeExtensibleWithCustomName; @@ -76,7 +76,7 @@ let optional optionals toList range partition zipListsWith zipLists reverseList listDfs toposort sort naturalSort compareLists take drop sublist last init crossLists unique intersectLists - subtractLists mutuallyExclusive; + subtractLists mutuallyExclusive groupBy groupBy'; inherit (strings) concatStrings concatMapStrings concatImapStrings intersperse concatStringsSep concatMapStringsSep concatImapStringsSep makeSearchPath makeSearchPathOutput diff --git a/lib/licenses.nix b/lib/licenses.nix index 767fd89b948..a0b0f8727af 100644 --- a/lib/licenses.nix +++ b/lib/licenses.nix @@ -99,6 +99,16 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec { fullName = ''BSD 4-clause "Original" or "Old" License''; }; + bsl10 = { + fullName = "Business Source License 1.0"; + url = https://mariadb.com/bsl10; + }; + + bsl11 = { + fullName = "Business Source License 1.1"; + url = https://mariadb.com/bsl11; + }; + clArtistic = spdx { spdxId = "ClArtistic"; fullName = "Clarified Artistic License"; diff --git a/lib/lists.nix b/lib/lists.nix index 5ec97f5a07f..194e1c200ec 100644 --- a/lib/lists.nix +++ b/lib/lists.nix @@ -250,6 +250,42 @@ rec { else { right = t.right; wrong = [h] ++ t.wrong; } ) { right = []; wrong = []; }); + /* Splits the elements of a list into many lists, using the return value of a predicate. + Predicate should return a string which becomes keys of attrset `groupBy' returns. + + `groupBy'' allows to customise the combining function and initial value + + Example: + groupBy (x: boolToString (x > 2)) [ 5 1 2 3 4 ] + => { true = [ 5 3 4 ]; false = [ 1 2 ]; } + groupBy (x: x.name) [ {name = "icewm"; script = "icewm &";} + {name = "xfce"; script = "xfce4-session &";} + {name = "icewm"; script = "icewmbg &";} + {name = "mate"; script = "gnome-session &";} + ] + => { icewm = [ { name = "icewm"; script = "icewm &"; } + { name = "icewm"; script = "icewmbg &"; } ]; + mate = [ { name = "mate"; script = "gnome-session &"; } ]; + xfce = [ { name = "xfce"; script = "xfce4-session &"; } ]; + } + + + groupBy' allows to customise the combining function and initial value + + Example: + groupBy' builtins.add 0 (x: boolToString (x > 2)) [ 5 1 2 3 4 ] + => { true = 12; false = 3; } + */ + groupBy' = op: nul: pred: lst: + foldl' (r: e: + let + key = pred e; + in + r // { ${key} = op (r.${key} or nul) e; } + ) {} lst; + + groupBy = groupBy' (sum: e: sum ++ [e]) []; + /* Merges two lists of the same size together. If the sizes aren't the same the merging stops at the shortest. How both lists are merged is defined by the first argument. diff --git a/lib/systems/platforms.nix b/lib/systems/platforms.nix index f624a5c140a..8027f6b9fc1 100644 --- a/lib/systems/platforms.nix +++ b/lib/systems/platforms.nix @@ -170,7 +170,8 @@ rec { kernelBaseConfig = "bcm2835_defconfig"; kernelDTB = true; kernelArch = "arm"; - kernelAutoModules = false; + kernelAutoModules = true; + kernelPreferBuiltin = true; kernelExtraConfig = '' # Disable OABI to have seccomp_filter (required for systemd) # https://github.com/raspberrypi/firmware/issues/651 diff --git a/lib/tests/misc.nix b/lib/tests/misc.nix index c683df7d7ca..eab20d0f14d 100644 --- a/lib/tests/misc.nix +++ b/lib/tests/misc.nix @@ -45,6 +45,21 @@ runTests { expected = true; }; + testBitAnd = { + expr = (bitAnd 3 10); + expected = 2; + }; + + testBitOr = { + expr = (bitOr 3 10); + expected = 11; + }; + + testBitXor = { + expr = (bitXor 3 10); + expected = 9; + }; + # STRINGS testConcatMapStrings = { diff --git a/lib/trivial.nix b/lib/trivial.nix index 251cb796db0..0bcefcbc28d 100644 --- a/lib/trivial.nix +++ b/lib/trivial.nix @@ -1,4 +1,41 @@ { lib }: +let + zipIntBits = f: x: y: + let + # (intToBits 6) -> [ 0 1 1 ] + intToBits = x: + if x == 0 || x == -1 then + [] + else + let + headbit = if (x / 2) * 2 != x then 1 else 0; # x & 1 + tailbits = if x < 0 then ((x + 1) / 2) - 1 else x / 2; # x >> 1 + in + [headbit] ++ (intToBits tailbits); + + # (bitsToInt [ 0 1 1 ] 0) -> 6 + # (bitsToInt [ 0 1 0 ] 1) -> -6 + bitsToInt = l: signum: + if l == [] then + (if signum == 0 then 0 else -1) + else + (builtins.head l) + (2 * (bitsToInt (builtins.tail l) signum)); + + xsignum = if x < 0 then 1 else 0; + ysignum = if y < 0 then 1 else 0; + zipListsWith' = fst: snd: + if fst==[] && snd==[] then + [] + else if fst==[] then + [(f xsignum (builtins.head snd))] ++ (zipListsWith' [] (builtins.tail snd)) + else if snd==[] then + [(f (builtins.head fst) ysignum )] ++ (zipListsWith' (builtins.tail fst) [] ) + else + [(f (builtins.head fst) (builtins.head snd))] ++ (zipListsWith' (builtins.tail fst) (builtins.tail snd)); + in + assert (builtins.isInt x) && (builtins.isInt y); + bitsToInt (zipListsWith' (intToBits x) (intToBits y)) (f xsignum ysignum); +in rec { /* The identity function @@ -31,6 +68,18 @@ rec { /* boolean “and” */ and = x: y: x && y; + /* bitwise “and” */ + bitAnd = builtins.bitAnd or zipIntBits (a: b: if a==1 && b==1 then 1 else 0); + + /* bitwise “or” */ + bitOr = builtins.bitOr or zipIntBits (a: b: if a==1 || b==1 then 1 else 0); + + /* bitwise “xor” */ + bitXor = builtins.bitXor or zipIntBits (a: b: if a!=b then 1 else 0); + + /* bitwise “not” */ + bitNot = builtins.sub (-1); + /* Convert a boolean to a string. Note that toString on a bool returns "1" and "". */ diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 8a5845cafe3..0aa91a31313 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -393,6 +393,11 @@ github = "andir"; name = "Andreas Rammhold"; }; + andreabedini = { + email = "andrea@kzn.io"; + github = "andreabedini"; + name = "Andrea Bedini"; + }; andres = { email = "ksnixos@andres-loeh.de"; github = "kosmikus"; diff --git a/nixos/doc/manual/release-notes/rl-1809.xml b/nixos/doc/manual/release-notes/rl-1809.xml index 5799354c6e9..72f96f1ca1a 100644 --- a/nixos/doc/manual/release-notes/rl-1809.xml +++ b/nixos/doc/manual/release-notes/rl-1809.xml @@ -178,9 +178,26 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull' </listitem> <listitem> <para> - <literal>lib.traceValIfNot</literal> has been deprecated. Use - <literal>if/then/else</literal> and <literal>lib.traceValSeq</literal> - instead. + The <literal>pkgs</literal> argument to NixOS modules can now be set directly using <literal>nixpkgs.pkgs</literal>. Previously, only the <literal>system</literal>, <literal>config</literal> and <literal>overlays</literal> arguments could be used to influence <literal>pkgs</literal>. + </para> + </listitem> + <listitem> + <para> + A NixOS system can now be constructed more easily based on a preexisting invocation of Nixpkgs. For example: + <programlisting> +inherit (pkgs.nixos { + boot.loader.grub.enable = false; + fileSystems."/".device = "/dev/xvda1"; +}) toplevel kernel initialRamdisk manual; + </programlisting> + + This benefits evaluation performance, lets you write Nixpkgs packages that depend on NixOS images and is consistent with a deployment architecture that would be centered around Nixpkgs overlays. + </para> + </listitem> + <listitem> + <para> + <literal>lib.traceValIfNot</literal> has been deprecated. Use + <literal>if/then/else</literal> and <literal>lib.traceValSeq</literal> instead. </para> </listitem> <listitem> diff --git a/nixos/maintainers/scripts/azure/create-azure.sh b/nixos/maintainers/scripts/azure/create-azure.sh index a834566be8f..2b22cb53661 100755 --- a/nixos/maintainers/scripts/azure/create-azure.sh +++ b/nixos/maintainers/scripts/azure/create-azure.sh @@ -5,4 +5,4 @@ export NIXOS_CONFIG=$(dirname $(readlink -f $0))/../../../modules/virtualisation export TIMESTAMP=$(date +%Y%m%d%H%M) nix-build '<nixpkgs/nixos>' \ - -A config.system.build.azureImage --argstr system x86_64-linux -o azure --option extra-binary-caches https://hydra.nixos.org -j 10 + -A config.system.build.azureImage --argstr system x86_64-linux -o azure -j 10 diff --git a/nixos/modules/config/no-x-libs.nix b/nixos/modules/config/no-x-libs.nix index a20910353f3..c7a6c943bc2 100644 --- a/nixos/modules/config/no-x-libs.nix +++ b/nixos/modules/config/no-x-libs.nix @@ -26,16 +26,16 @@ with lib; fonts.fontconfig.enable = false; - nixpkgs.config.packageOverrides = pkgs: { - dbus = pkgs.dbus.override { x11Support = false; }; - networkmanager-fortisslvpn = pkgs.networkmanager-fortisslvpn.override { withGnome = false; }; - networkmanager-l2tp = pkgs.networkmanager-l2tp.override { withGnome = false; }; - networkmanager-openconnect = pkgs.networkmanager-openconnect.override { withGnome = false; }; - networkmanager-openvpn = pkgs.networkmanager-openvpn.override { withGnome = false; }; - networkmanager-vpnc = pkgs.networkmanager-vpnc.override { withGnome = false; }; - networkmanager-iodine = pkgs.networkmanager-iodine.override { withGnome = false; }; - pinentry = pkgs.pinentry_ncurses; - gobjectIntrospection = pkgs.gobjectIntrospection.override { x11Support = false; }; - }; + nixpkgs.overlays = singleton (const (super: { + dbus = super.dbus.override { x11Support = false; }; + networkmanager-fortisslvpn = super.networkmanager-fortisslvpn.override { withGnome = false; }; + networkmanager-l2tp = super.networkmanager-l2tp.override { withGnome = false; }; + networkmanager-openconnect = super.networkmanager-openconnect.override { withGnome = false; }; + networkmanager-openvpn = super.networkmanager-openvpn.override { withGnome = false; }; + networkmanager-vpnc = super.networkmanager-vpnc.override { withGnome = false; }; + networkmanager-iodine = super.networkmanager-iodine.override { withGnome = false; }; + pinentry = super.pinentry_ncurses; + gobjectIntrospection = super.gobjectIntrospection.override { x11Support = false; }; + })); }; } diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index da4c21296ff..71e0bf1461f 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -127,6 +127,7 @@ ./programs/zsh/oh-my-zsh.nix ./programs/zsh/zsh.nix ./programs/zsh/zsh-autoenv.nix + ./programs/zsh/zsh-autosuggestions.nix ./programs/zsh/zsh-syntax-highlighting.nix ./rename.nix ./security/acme.nix diff --git a/nixos/modules/programs/zsh/zsh-autosuggestions.nix b/nixos/modules/programs/zsh/zsh-autosuggestions.nix new file mode 100644 index 00000000000..416f4c9c675 --- /dev/null +++ b/nixos/modules/programs/zsh/zsh-autosuggestions.nix @@ -0,0 +1,60 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.programs.zsh.autosuggestions; +in +{ + options.programs.zsh.autosuggestions = { + + enable = mkEnableOption "zsh-autosuggestions"; + + highlightStyle = mkOption { + type = types.str; + default = "fg=8"; # https://github.com/zsh-users/zsh-autosuggestions/tree/v0.4.3#suggestion-highlight-style + description = "Highlight style for suggestions ({fore,back}ground color)"; + example = "fg=cyan"; + }; + + strategy = mkOption { + type = types.enum [ "default" "match_prev_cmd" ]; + default = "default"; + description = '' + Set ZSH_AUTOSUGGEST_STRATEGY to choose the strategy for generating suggestions. + There are currently two to choose from: + + * default: Chooses the most recent match. + * match_prev_cmd: Chooses the most recent match whose preceding history item matches + the most recently executed command (more info). Note that this strategy won't work as + expected with ZSH options that don't preserve the history order such as + HIST_IGNORE_ALL_DUPS or HIST_EXPIRE_DUPS_FIRST. + ''; + }; + + extraConfig = mkOption { + type = with types; attrsOf str; + default = {}; + description = "Attribute set with additional configuration values"; + example = literalExample '' + { + "ZSH_AUTOSUGGEST_BUFFER_MAX_SIZE" = "20"; + } + ''; + }; + + }; + + config = mkIf cfg.enable { + + programs.zsh.interactiveShellInit = '' + source ${pkgs.zsh-autosuggestions}/share/zsh-autosuggestions/zsh-autosuggestions.zsh + + export ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE="${cfg.highlightStyle}" + export ZSH_AUTOSUGGEST_STRATEGY="${cfg.strategy}" + + ${concatStringsSep "\n" (mapAttrsToList (key: value: ''export ${key}="${value}"'') cfg.extraConfig)} + ''; + + }; +} diff --git a/nixos/modules/programs/zsh/zsh.nix b/nixos/modules/programs/zsh/zsh.nix index 662b463d572..42d4e1d4ada 100644 --- a/nixos/modules/programs/zsh/zsh.nix +++ b/nixos/modules/programs/zsh/zsh.nix @@ -87,13 +87,6 @@ in type = types.bool; }; - enableAutosuggestions = mkOption { - default = false; - description = '' - Enable zsh-autosuggestions - ''; - type = types.bool; - }; }; }; @@ -168,10 +161,6 @@ in ${optionalString cfg.enableCompletion "autoload -U compinit && compinit"} - ${optionalString (cfg.enableAutosuggestions) - "source ${pkgs.zsh-autosuggestions}/share/zsh-autosuggestions/zsh-autosuggestions.zsh" - } - ${cfge.interactiveShellInit} ${cfg.interactiveShellInit} diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index b15dd84999a..9b9e9e7109d 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -247,6 +247,8 @@ with lib; (mkRenamedOptionModule [ "programs" "zsh" "oh-my-zsh" "custom" ] [ "programs" "zsh" "ohMyZsh" "custom" ]) (mkRenamedOptionModule [ "programs" "zsh" "oh-my-zsh" "plugins" ] [ "programs" "zsh" "ohMyZsh" "plugins" ]) + (mkRenamedOptionModule [ "programs" "zsh" "enableAutosuggestions" ] [ "programs" "zsh" "autosuggestions" "enable" ]) + # Xen (mkRenamedOptionModule [ "virtualisation" "xen" "qemu-package" ] [ "virtualisation" "xen" "package-qemu" ]) diff --git a/nixos/modules/services/networking/nat.nix b/nixos/modules/services/networking/nat.nix index da3827c35e6..89d8590093d 100644 --- a/nixos/modules/services/networking/nat.nix +++ b/nixos/modules/services/networking/nat.nix @@ -38,19 +38,19 @@ let # NAT the marked packets. ${optionalString (cfg.internalInterfaces != []) '' iptables -w -t nat -A nixos-nat-post -m mark --mark 1 \ - -o ${cfg.externalInterface} ${dest} + ${optionalString (cfg.externalInterface != null) "-o ${cfg.externalInterface}"} ${dest} ''} # NAT packets coming from the internal IPs. ${concatMapStrings (range: '' iptables -w -t nat -A nixos-nat-post \ - -s '${range}' -o ${cfg.externalInterface} ${dest} + -s '${range}' ${optionalString (cfg.externalInterface != null) "-o ${cfg.externalInterface}"} ${dest} '') cfg.internalIPs} # NAT from external ports to internal ports. ${concatMapStrings (fwd: '' iptables -w -t nat -A nixos-nat-pre \ - -i ${cfg.externalInterface} -p ${fwd.proto} \ + -i ${toString cfg.externalInterface} -p ${fwd.proto} \ --dport ${builtins.toString fwd.sourcePort} \ -j DNAT --to-destination ${fwd.destination} @@ -81,7 +81,7 @@ let ${optionalString (cfg.dmzHost != null) '' iptables -w -t nat -A nixos-nat-pre \ - -i ${cfg.externalInterface} -j DNAT \ + -i ${toString cfg.externalInterface} -j DNAT \ --to-destination ${cfg.dmzHost} ''} @@ -134,7 +134,8 @@ in }; networking.nat.externalInterface = mkOption { - type = types.str; + type = types.nullOr types.str; + default = null; example = "eth1"; description = '' @@ -236,6 +237,15 @@ in { networking.firewall.extraCommands = mkBefore flushNat; } (mkIf config.networking.nat.enable { + assertions = [ + { assertion = (cfg.dmzHost != null) -> (cfg.externalInterface != null); + message = "networking.nat.dmzHost requires networking.nat.externalInterface"; + } + { assertion = (cfg.forwardPorts != []) -> (cfg.externalInterface != null); + message = "networking.nat.forwardPorts requires networking.nat.externalInterface"; + } + ]; + environment.systemPackages = [ pkgs.iptables ]; boot = { diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix index f069a9883a7..07936faaa13 100644 --- a/nixos/modules/services/networking/unbound.nix +++ b/nixos/modules/services/networking/unbound.nix @@ -60,7 +60,7 @@ in }; interfaces = mkOption { - default = [ "127.0.0.1" "::1" ]; + default = [ "127.0.0.1" ] ++ optional config.networking.enableIPv6 "::1"; type = types.listOf types.str; description = "What addresses the server should listen on."; }; @@ -112,8 +112,8 @@ in mkdir -m 0755 -p ${stateDir}/dev/ cp ${confFile} ${stateDir}/unbound.conf ${optionalString cfg.enableRootTrustAnchor '' - ${pkgs.unbound}/bin/unbound-anchor -a ${rootTrustAnchorFile} || echo "Root anchor updated!" - chown unbound ${stateDir} ${rootTrustAnchorFile} + ${pkgs.unbound}/bin/unbound-anchor -a ${rootTrustAnchorFile} || echo "Root anchor updated!" + chown unbound ${stateDir} ${rootTrustAnchorFile} ''} touch ${stateDir}/dev/random ${pkgs.utillinux}/bin/mount --bind -n /dev/urandom ${stateDir}/dev/random @@ -126,6 +126,8 @@ in ProtectSystem = true; ProtectHome = true; PrivateDevices = true; + Restart = "always"; + RestartSec = "5s"; }; }; diff --git a/nixos/modules/services/web-servers/tomcat.nix b/nixos/modules/services/web-servers/tomcat.nix index aa94e0e976c..bc713a08f18 100644 --- a/nixos/modules/services/web-servers/tomcat.nix +++ b/nixos/modules/services/web-servers/tomcat.nix @@ -110,7 +110,7 @@ in webapps = mkOption { type = types.listOf types.package; default = [ tomcat.webapps ]; - defaultText = "[ tomcat.webapps ]"; + defaultText = "[ pkgs.tomcat85.webapps ]"; description = "List containing WAR files or directories with WAR files which are web applications to be deployed on Tomcat"; }; diff --git a/nixos/modules/system/boot/initrd-network.nix b/nixos/modules/system/boot/initrd-network.nix index 33862b0965c..384ae909b70 100644 --- a/nixos/modules/system/boot/initrd-network.nix +++ b/nixos/modules/system/boot/initrd-network.nix @@ -12,6 +12,7 @@ let if [ "$1" = bound ]; then ip address add "$ip/$mask" dev "$interface" if [ -n "$router" ]; then + ip route add "$router" dev "$interface" # just in case if "$router" is not within "$ip/$mask" (e.g. Hetzner Cloud) ip route add default via "$router" dev "$interface" fi if [ -n "$dns" ]; then diff --git a/nixos/modules/virtualisation/azure-image.nix b/nixos/modules/virtualisation/azure-image.nix index cb756842f36..dd2108ccc37 100644 --- a/nixos/modules/virtualisation/azure-image.nix +++ b/nixos/modules/virtualisation/azure-image.nix @@ -2,13 +2,13 @@ with lib; let - diskSize = 30720; + diskSize = 2048; in { system.build.azureImage = import ../../lib/make-disk-image.nix { name = "azure-image"; postVM = '' - ${pkgs.vmTools.qemu-220}/bin/qemu-img convert -f raw -o subformat=fixed -O vpc $diskImage $out/disk.vhd + ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -o subformat=fixed,force_size -O vpc $diskImage $out/disk.vhd ''; configFile = ./azure-config-user.nix; format = "raw"; diff --git a/nixos/modules/virtualisation/azure-qemu-220-no-etc-install.patch b/nixos/modules/virtualisation/azure-qemu-220-no-etc-install.patch deleted file mode 100644 index 81d29feea3d..00000000000 --- a/nixos/modules/virtualisation/azure-qemu-220-no-etc-install.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/Makefile b/Makefile -index d6b9dc1..ce7c493 100644 ---- a/Makefile -+++ b/Makefile -@@ -384,8 +384,7 @@ install-confdir: - install-sysconfig: install-datadir install-confdir - $(INSTALL_DATA) $(SRC_PATH)/sysconfigs/target/target-x86_64.conf "$(DESTDIR)$(qemu_confdir)" - --install: all $(if $(BUILD_DOCS),install-doc) install-sysconfig \ --install-datadir install-localstatedir -+install: all $(if $(BUILD_DOCS),install-doc) install-datadir - ifneq ($(TOOLS),) - $(call install-prog,$(TOOLS),$(DESTDIR)$(bindir)) - endif diff --git a/pkgs/applications/altcoins/go-ethereum.nix b/pkgs/applications/altcoins/go-ethereum.nix index 021764f5023..9917ffdf9c0 100644 --- a/pkgs/applications/altcoins/go-ethereum.nix +++ b/pkgs/applications/altcoins/go-ethereum.nix @@ -2,7 +2,7 @@ buildGoPackage rec { name = "go-ethereum-${version}"; - version = "1.8.8"; + version = "1.8.10"; goPackagePath = "github.com/ethereum/go-ethereum"; # Fix for usb-related segmentation faults on darwin @@ -27,7 +27,7 @@ buildGoPackage rec { owner = "ethereum"; repo = "go-ethereum"; rev = "v${version}"; - sha256 = "059nd2jvklziih679dd4cd34xjpj1ci7fha83wv86xjz61awyb16"; + sha256 = "1n36pz4y3xa4d46mynym98bra79qx5n9lb29chyxfpvi5fmprdg1"; }; meta = with stdenv.lib; { diff --git a/pkgs/applications/altcoins/litecoin.nix b/pkgs/applications/altcoins/litecoin.nix index 12cf5dcb71c..b930923e8f4 100644 --- a/pkgs/applications/altcoins/litecoin.nix +++ b/pkgs/applications/altcoins/litecoin.nix @@ -8,13 +8,13 @@ with stdenv.lib; stdenv.mkDerivation rec { name = "litecoin" + (toString (optional (!withGui) "d")) + "-" + version; - version = "0.15.1"; + version = "0.16.0"; src = fetchFromGitHub { owner = "litecoin-project"; repo = "litecoin"; rev = "v${version}"; - sha256 = "01q0lj0grabyfh67ar984m9lv9xs0rakadkci8jpfbp8xw166r40"; + sha256 = "1g79sbplkn2bnb17i2kyh1d64bjl3ihbx83n0xssvjaajn56hbzw"; }; nativeBuildInputs = [ pkgconfig autoreconfHook ]; diff --git a/pkgs/applications/editors/android-studio/default.nix b/pkgs/applications/editors/android-studio/default.nix index 5e37ba47fa5..ea5dce4fa1a 100644 --- a/pkgs/applications/editors/android-studio/default.nix +++ b/pkgs/applications/editors/android-studio/default.nix @@ -13,9 +13,9 @@ let sha256Hash = "196yaswbxh2nd83gimjxr8ggr5xkdxq7n3xlh6ax73v59pj4hryq"; }; latestVersion = { - version = "3.2.0.16"; # "Android Studio 3.2 Canary 17" - build = "181.4823740"; - sha256Hash = "04282zd28kn2a4rjsi0ikx4bc9ab668xm7cc87ga60pzyg5gmmgk"; + version = "3.2.0.17"; # "Android Studio 3.2 Canary 18" + build = "181.4830125"; + sha256Hash = "14yarl1vqhy21ljrn5k2dy8z0y407g9nqw4lqzjbxb7zmascnlx4"; }; in rec { # Old alias diff --git a/pkgs/applications/editors/atom/default.nix b/pkgs/applications/editors/atom/default.nix index a68c841d53b..b13e9fe1258 100644 --- a/pkgs/applications/editors/atom/default.nix +++ b/pkgs/applications/editors/atom/default.nix @@ -35,6 +35,8 @@ let patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \ --set-rpath "${atomEnv.libPath}" \ $share/resources/app/apm/bin/node + patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \ + $out/share/atom/resources/app.asar.unpacked/node_modules/symbols-view/vendor/ctags-linux dugite=$share/resources/app.asar.unpacked/node_modules/dugite rm -f $dugite/git/bin/git @@ -53,7 +55,7 @@ let homepage = https://atom.io/; license = licenses.mit; maintainers = with maintainers; [ offline nequissimus synthetica ysndr ]; - platforms = [ "x86_64-linux" ]; + platforms = platforms.x86_64; }; }; in stdenv.lib.mapAttrs common { diff --git a/pkgs/applications/editors/neovim/default.nix b/pkgs/applications/editors/neovim/default.nix index b090b0c84f9..f47688b8280 100644 --- a/pkgs/applications/editors/neovim/default.nix +++ b/pkgs/applications/editors/neovim/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, cmake, gettext, libmsgpack, libtermkey +{ stdenv, fetchFromGitHub, cmake, gettext, libmsgpack, libtermkey, libiconv , libtool, libuv, luaPackages, ncurses, perl, pkgconfig , unibilium, vimUtils, xsel, gperf, callPackage , libvterm-neovim @@ -11,13 +11,13 @@ let neovim = stdenv.mkDerivation rec { name = "neovim-unwrapped-${version}"; - version = "0.2.2"; + version = "0.3.0"; src = fetchFromGitHub { owner = "neovim"; repo = "neovim"; rev = "v${version}"; - sha256 = "1dxr29d0hyag7snbww5s40as90412qb61rgj7gd9rps1iccl9gv4"; + sha256 = "10c8y309fdwvr3d9n6vm1f2c0k6pzicnhc64l2dvbw1lnabp04vv"; }; enableParallelBuilding = true; @@ -32,6 +32,7 @@ let luaPackages.lua gperf ] ++ optional withJemalloc jemalloc + ++ optional stdenv.isDarwin libiconv ++ lualibs; nativeBuildInputs = [ diff --git a/pkgs/applications/editors/vscode/with-extensions.nix b/pkgs/applications/editors/vscode/with-extensions.nix index c54c8a4277f..9b0d69ae65a 100644 --- a/pkgs/applications/editors/vscode/with-extensions.nix +++ b/pkgs/applications/editors/vscode/with-extensions.nix @@ -12,7 +12,7 @@ # When the extension is already available in the default extensions set. vscodeExtensions = with vscode-extensions; [ bbenoist.Nix - ] + ] # Concise version from the vscode market place when not available in the default set. ++ vscode-utils.extensionsFromVscodeMarketplace [ @@ -26,11 +26,11 @@ } ~~~ - This expression should fetch + This expression should fetch - the *nix* vscode extension from whatever source defined in the default nixpkgs extensions set `vscodeExtensions`. - - the *code-runner* vscode extension from the marketplace using the + - the *code-runner* vscode extension from the marketplace using the following url: ~~~ @@ -72,6 +72,11 @@ runCommand "${wrappedPkgName}-with-extensions-${wrappedPkgVersion}" { meta = vscode.meta; } '' mkdir -p "$out/bin" + mkdir -p "$out/share/applications" + mkdir -p "$out/share/pixmaps" + + ln -sT "${vscode}/share/applications/code.desktop" "$out/share/applications/code.desktop" + ln -sT "${vscode}/share/pixmaps/code.png" "$out/share/pixmaps/code.png" ${if [] == vscodeExtensions then '' ln -sT "${vscode}/bin/${wrappedExeName}" "$out/bin/${exeName}" diff --git a/pkgs/applications/misc/chirp/default.nix b/pkgs/applications/misc/chirp/default.nix index 90d7ecd082c..7004b247667 100644 --- a/pkgs/applications/misc/chirp/default.nix +++ b/pkgs/applications/misc/chirp/default.nix @@ -3,11 +3,11 @@ stdenv.mkDerivation rec { name = "chirp-daily-${version}"; - version = "20180519"; + version = "20180606"; src = fetchurl { url = "https://trac.chirp.danplanet.com/chirp_daily/daily-${version}/${name}.tar.gz"; - sha256 = "1sb4cw95lcj2cdfzzgnwjgmnpk2nqjys4am5qvj4pnh0x447sznv"; + sha256 = "1v1s02675gyghhxasp4pxjrifkgshc82p99haxph1yzkq7gsf03w"; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/applications/misc/cura/default.nix b/pkgs/applications/misc/cura/default.nix index 10f6837761b..3b00bba709a 100644 --- a/pkgs/applications/misc/cura/default.nix +++ b/pkgs/applications/misc/cura/default.nix @@ -2,27 +2,30 @@ mkDerivation rec { name = "cura-${version}"; - version = "3.2.1"; + version = "3.3.1"; src = fetchFromGitHub { owner = "Ultimaker"; repo = "Cura"; rev = version; - sha256 = "0yaya0ww92qjm7g31q85m5f95nwdapldjx1kdf1ar4yzwh4r15rp"; + sha256 = "0a2xxiw1h5cq4nd4pdkq757hap85p2i29msxs57kbfdd78izrjlx"; }; materials = fetchFromGitHub { owner = "Ultimaker"; repo = "fdm_materials"; - rev = "3.2.1"; - sha256 = "1kr9ga727x0kazw2ypac9bi6g6lddbsx80qw8fbn0514kg2mr9n3"; + rev = "3.3.0"; + sha256 = "0vf7s4m14aqhdg4m2yjj87kjxi2gpa46mgx86p0a91jwvkxa8a1q"; }; buildInputs = [ qtbase qtquickcontrols2 ]; propagatedBuildInputs = with python3.pkgs; [ uranium zeroconf pyserial numpy-stl ]; nativeBuildInputs = [ cmake python3.pkgs.wrapPython ]; - cmakeFlags = [ "-DURANIUM_DIR=${python3.pkgs.uranium.src}" ]; + cmakeFlags = [ + "-DURANIUM_DIR=${python3.pkgs.uranium.src}" + "-DCURA_VERSION=${version}" + ]; postPatch = '' sed -i 's,/python''${PYTHON_VERSION_MAJOR}/dist-packages,/python''${PYTHON_VERSION_MAJOR}.''${PYTHON_VERSION_MINOR}/site-packages,g' CMakeLists.txt diff --git a/pkgs/applications/misc/curaengine/default.nix b/pkgs/applications/misc/curaengine/default.nix index c3a19e6551a..ac4c68f9b53 100644 --- a/pkgs/applications/misc/curaengine/default.nix +++ b/pkgs/applications/misc/curaengine/default.nix @@ -2,19 +2,19 @@ stdenv.mkDerivation rec { name = "curaengine-${version}"; - version = "3.2.1"; + version = "3.3.0"; src = fetchFromGitHub { owner = "Ultimaker"; repo = "CuraEngine"; rev = version; - sha256 = "1yqpp6qhixzni3ik11vbk5kcdrhlz2j4ylzmh8f6c86r4d73a0cp"; + sha256 = "1dj80lk58qb54apdv7n9cmcck4smb00lidgqld21xnndnnqqb4lw"; }; nativeBuildInputs = [ cmake ]; buildInputs = [ libarcus ]; - enableParallelBuilding = true; + cmakeFlags = [ "-DCURA_ENGINE_VERSION=${version}" ]; meta = with stdenv.lib; { description = "A powerful, fast and robust engine for processing 3D models into 3D printing instruction"; diff --git a/pkgs/applications/misc/guake/default.nix b/pkgs/applications/misc/guake/default.nix index c34f0e48f3e..dc9b0c29aa1 100644 --- a/pkgs/applications/misc/guake/default.nix +++ b/pkgs/applications/misc/guake/default.nix @@ -2,7 +2,7 @@ , gtk3, keybinder3, libnotify, libutempter, vte }: let - version = "3.2.1"; + version = "3.2.2"; in python3.pkgs.buildPythonApplication rec { name = "guake-${version}"; format = "other"; @@ -11,7 +11,7 @@ in python3.pkgs.buildPythonApplication rec { owner = "Guake"; repo = "guake"; rev = version; - sha256 = "0qzrkmjizpc3kirvhml62wya1sr3pbig25nfcrfhk1hhr3jxq17s"; + sha256 = "1wx8vghn0h52xryyn6cf9z1lbwsk766lhff162szbaxlxyl6xsc0"; }; nativeBuildInputs = [ gettext gobjectIntrospection wrapGAppsHook python3.pkgs.pip glibcLocales ]; diff --git a/pkgs/applications/misc/mupdf/default.nix b/pkgs/applications/misc/mupdf/default.nix index fbc7da07021..a8458e3432c 100644 --- a/pkgs/applications/misc/mupdf/default.nix +++ b/pkgs/applications/misc/mupdf/default.nix @@ -23,12 +23,15 @@ in stdenv.mkDerivation rec { }; patches = [ + (fetchpatch { + # CVE-2018-10289 + url = "https://bugs.ghostscript.com/attachment.cgi?id=15230"; + sha256 = "0jmpacxd9930g6k57kda9jrcrbk75whdlv8xwmqg5jwn848qvy4q"; + }) ] - - # Use shared libraries to decrease size - ++ stdenv.lib.optional (!stdenv.isDarwin) ./mupdf-1.13-shared_libs-1.patch - - ++ stdenv.lib.optional stdenv.isDarwin ./darwin.patch + # Use shared libraries to decrease size + ++ stdenv.lib.optional (!stdenv.isDarwin) ./mupdf-1.13-shared_libs-1.patch + ++ stdenv.lib.optional stdenv.isDarwin ./darwin.patch ; postPatch = '' diff --git a/pkgs/applications/misc/rofi/wrapper.nix b/pkgs/applications/misc/rofi/wrapper.nix index 44c6f892bf5..17bbf1583c4 100644 --- a/pkgs/applications/misc/rofi/wrapper.nix +++ b/pkgs/applications/misc/rofi/wrapper.nix @@ -1,14 +1,19 @@ { stdenv, rofi-unwrapped, makeWrapper, theme ? null, lib }: +if theme == null then rofi-unwrapped else stdenv.mkDerivation { name = "rofi-${rofi-unwrapped.version}"; buildInputs = [ makeWrapper ]; preferLocalBuild = true; - passthru = { unwrapped = rofi-unwrapped; }; + passthru.unwrapped = rofi-unwrapped; buildCommand = '' - mkdir -p $out/bin - ln -s ${rofi-unwrapped}/bin/rofi $out/bin/rofi - ${lib.optionalString (theme != null) ''wrapProgram $out/bin/rofi --add-flags "-theme ${theme}"''} + mkdir $out + ln -s ${rofi-unwrapped}/* $out + rm $out/bin + mkdir $out/bin + ln -s ${rofi-unwrapped}/bin/* $out/bin + rm $out/bin/rofi + makeWrapper ${rofi-unwrapped}/bin/rofi $out/bin/rofi --add-flags "-theme ${theme}" ''; meta = rofi-unwrapped.meta // { diff --git a/pkgs/applications/misc/sequeler/default.nix b/pkgs/applications/misc/sequeler/default.nix index 2c8753efcd7..82b73f58e8d 100644 --- a/pkgs/applications/misc/sequeler/default.nix +++ b/pkgs/applications/misc/sequeler/default.nix @@ -1,10 +1,10 @@ { stdenv, fetchFromGitHub -, cmake, ninja, pkgconfig, vala, gobjectIntrospection, gettext, wrapGAppsHook -, gtk3, glib, granite, libgee, libgda, gtksourceview, libxml2 }: +, meson, ninja, pkgconfig, vala, gobjectIntrospection, gettext, wrapGAppsHook +, gtk3, glib, granite, libgee, libgda, gtksourceview, libxml2, libsecret }: let - version = "0.5.4"; + version = "0.5.5"; sqlGda = libgda.override { mysqlSupport = true; postgresSupport = true; @@ -17,12 +17,17 @@ in stdenv.mkDerivation rec { owner = "Alecaddd"; repo = "sequeler"; rev = "v${version}"; - sha256 = "05c7y6xdyq3h9bn90pbz03jhy9kabmgpxi4zz0i26q0qphljskbx"; + sha256 = "0jv7nx9k1qw2i3cmg0vnahz4qfam03xypas975x40icqd3bhfgj3"; }; - nativeBuildInputs = [ cmake ninja pkgconfig vala gobjectIntrospection gettext wrapGAppsHook ]; + nativeBuildInputs = [ meson ninja pkgconfig vala gobjectIntrospection gettext wrapGAppsHook ]; - buildInputs = [ gtk3 glib granite libgee sqlGda gtksourceview libxml2 ]; + buildInputs = [ gtk3 glib granite libgee sqlGda gtksourceview libxml2 libsecret ]; + + postPatch = '' + chmod +x meson/post_install.py + patchShebangs meson/post_install.py + ''; meta = with stdenv.lib; { description = "Friendly SQL Client"; diff --git a/pkgs/applications/misc/slic3r/default.nix b/pkgs/applications/misc/slic3r/default.nix index 8624cc9dda5..21b55e6e7a0 100644 --- a/pkgs/applications/misc/slic3r/default.nix +++ b/pkgs/applications/misc/slic3r/default.nix @@ -21,6 +21,7 @@ stdenv.mkDerivation rec { MathConvexHullMonotoneChain MathGeometryVoronoi MathPlanePath Moo IOStringy ClassXSAccessor Wx GrowlGNTP NetDBus ImportInto XMLSAX ExtUtilsMakeMaker OpenGL WxGLCanvas ModuleBuild LWP + ExtUtilsCppGuess ModuleBuildWithXSpp ExtUtilsTypemapsDefault ]; desktopItem = makeDesktopItem { diff --git a/pkgs/applications/misc/unixcw/default.nix b/pkgs/applications/misc/unixcw/default.nix new file mode 100644 index 00000000000..2aeba5fb5f4 --- /dev/null +++ b/pkgs/applications/misc/unixcw/default.nix @@ -0,0 +1,37 @@ +{stdenv, fetchurl, libpulseaudio, alsaLib , pkgconfig, qt5}: +stdenv.mkDerivation rec { + name = "unixcw-${version}"; + version = "3.5.1"; + src = fetchurl { + url = "mirror://sourceforge/unixcw/unixcw_${version}.orig.tar.gz"; + sha256 ="5f3aacd8a26e16e6eff437c7ae1e9b389956fb137eeb3de24670ce05de479e7a"; + }; + patches = [ + ./remove-use-of-dlopen.patch + ]; + buildInputs = [libpulseaudio alsaLib pkgconfig qt5.qtbase]; + CFLAGS ="-lasound -lpulse-simple"; + + meta = with stdenv.lib; { + description = "sound characters as Morse code on the soundcard or console speaker"; + longDescription = '' + unixcw is a project providing libcw library and a set of programs + using the library: cw, cwgen, cwcp and xcwcp. + The programs are intended for people who want to learn receiving + and sending Morse code. + unixcw is developed and tested primarily on GNU/Linux system. + + cw reads characters from an input file, or from standard input, + and sounds each valid character as Morse code on either the system sound card, + or the system console speaker. + After it sounds a character, cw echoes it to standard output. + The input stream can contain embedded command strings. + These change the parameters used when sounding the Morse code. + cw reports any errors in embedded commands + ''; + homepage = "http://unixcw.sourceforge.net"; + maintainers = [ maintainers.mafo ]; + license = licenses.gpl2; + platforms=platforms.linux; + }; +} diff --git a/pkgs/applications/misc/unixcw/remove-use-of-dlopen.patch b/pkgs/applications/misc/unixcw/remove-use-of-dlopen.patch new file mode 100644 index 00000000000..0475c008ba2 --- /dev/null +++ b/pkgs/applications/misc/unixcw/remove-use-of-dlopen.patch @@ -0,0 +1,677 @@ +From e4b91b5a7943a3b54f555ff2e0029b83bd96b131 Mon Sep 17 00:00:00 2001 +From: MarcFontaine <MarcFontaine@users.noreply.github.com> +Date: Sat, 9 Jun 2018 11:02:11 +0200 +Subject: [PATCH] remove use of dlopen + +--- + src/libcw/libcw_alsa.c | 215 ++++++++++--------------------------------------- + src/libcw/libcw_pa.c | 118 ++++----------------------- + 2 files changed, 56 insertions(+), 277 deletions(-) + +diff --git a/src/libcw/libcw_alsa.c b/src/libcw/libcw_alsa.c +index a669c6e..17c306d 100644 +--- a/src/libcw/libcw_alsa.c ++++ b/src/libcw/libcw_alsa.c +@@ -35,7 +35,6 @@ + + + +-#include <dlfcn.h> /* dlopen() and related symbols */ + #include <alsa/asoundlib.h> + + +@@ -65,7 +64,6 @@ static const snd_pcm_format_t CW_ALSA_SAMPLE_FORMAT = SND_PCM_FORMAT_S16; /* "Si + + + static int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *params); +-static int cw_alsa_dlsym_internal(void *handle); + static int cw_alsa_write_internal(cw_gen_t *gen); + static int cw_alsa_debug_evaluate_write_internal(cw_gen_t *gen, int rv); + static int cw_alsa_open_device_internal(cw_gen_t *gen); +@@ -80,56 +78,6 @@ static int cw_alsa_print_params_internal(snd_pcm_hw_params_t *hw_params); + + + +-static struct { +- void *handle; +- +- int (* snd_pcm_open)(snd_pcm_t **pcm, const char *name, snd_pcm_stream_t stream, int mode); +- int (* snd_pcm_close)(snd_pcm_t *pcm); +- int (* snd_pcm_prepare)(snd_pcm_t *pcm); +- int (* snd_pcm_drop)(snd_pcm_t *pcm); +- snd_pcm_sframes_t (* snd_pcm_writei)(snd_pcm_t *pcm, const void *buffer, snd_pcm_uframes_t size); +- +- const char *(* snd_strerror)(int errnum); +- +- int (* snd_pcm_hw_params_malloc)(snd_pcm_hw_params_t **ptr); +- int (* snd_pcm_hw_params_any)(snd_pcm_t *pcm, snd_pcm_hw_params_t *params); +- int (* snd_pcm_hw_params_set_format)(snd_pcm_t *pcm, snd_pcm_hw_params_t *params, snd_pcm_format_t val); +- int (* snd_pcm_hw_params_set_rate_near)(snd_pcm_t *pcm, snd_pcm_hw_params_t *params, unsigned int *val, int *dir); +- int (* snd_pcm_hw_params_set_access)(snd_pcm_t *pcm, snd_pcm_hw_params_t *params, snd_pcm_access_t _access); +- int (* snd_pcm_hw_params_set_channels)(snd_pcm_t *pcm, snd_pcm_hw_params_t *params, unsigned int val); +- int (* snd_pcm_hw_params)(snd_pcm_t *pcm, snd_pcm_hw_params_t *params); +- int (* snd_pcm_hw_params_get_periods)(const snd_pcm_hw_params_t *params, unsigned int *val, int *dir); +- int (* snd_pcm_hw_params_get_period_size)(const snd_pcm_hw_params_t *params, snd_pcm_uframes_t *frames, int *dir); +- int (* snd_pcm_hw_params_get_period_size_min)(const snd_pcm_hw_params_t *params, snd_pcm_uframes_t *frames, int *dir); +- int (* snd_pcm_hw_params_get_buffer_size)(const snd_pcm_hw_params_t *params, snd_pcm_uframes_t *val); +-} cw_alsa = { +- .handle = NULL, +- +- .snd_pcm_open = NULL, +- .snd_pcm_close = NULL, +- .snd_pcm_prepare = NULL, +- .snd_pcm_drop = NULL, +- .snd_pcm_writei = NULL, +- +- .snd_strerror = NULL, +- +- .snd_pcm_hw_params_malloc = NULL, +- .snd_pcm_hw_params_any = NULL, +- .snd_pcm_hw_params_set_format = NULL, +- .snd_pcm_hw_params_set_rate_near = NULL, +- .snd_pcm_hw_params_set_access = NULL, +- .snd_pcm_hw_params_set_channels = NULL, +- .snd_pcm_hw_params = NULL, +- .snd_pcm_hw_params_get_periods = NULL, +- .snd_pcm_hw_params_get_period_size = NULL, +- .snd_pcm_hw_params_get_period_size_min = NULL, +- .snd_pcm_hw_params_get_buffer_size = NULL +-}; +- +- +- +- +- + + /** + \brief Check if it is possible to open ALSA output +@@ -144,34 +92,19 @@ static struct { + */ + bool cw_is_alsa_possible(const char *device) + { +- const char *library_name = "libasound.so.2"; +- if (!cw_dlopen_internal(library_name, &(cw_alsa.handle))) { +- cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't access ALSA library \"%s\"", library_name); +- return false; +- } +- +- int rv = cw_alsa_dlsym_internal(cw_alsa.handle); +- if (rv < 0) { +- cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: failed to resolve ALSA symbol #%d, can't correctly load ALSA library", rv); +- dlclose(cw_alsa.handle); +- return false; +- } +- +- const char *dev = device ? device : CW_DEFAULT_ALSA_DEVICE; ++ int rv; ++ const char *dev = device ? device : CW_DEFAULT_ALSA_DEVICE; + snd_pcm_t *alsa_handle; +- rv = cw_alsa.snd_pcm_open(&alsa_handle, ++ rv = snd_pcm_open(&alsa_handle, + dev, /* name */ + SND_PCM_STREAM_PLAYBACK, /* stream (playback/capture) */ + 0); /* mode, 0 | SND_PCM_NONBLOCK | SND_PCM_ASYNC */ + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, + "cw_alsa: can't open ALSA device \"%s\"", dev); +- dlclose(cw_alsa.handle); + return false; + } else { +- cw_alsa.snd_pcm_close(alsa_handle); ++ snd_pcm_close(alsa_handle); + return true; + } + } +@@ -204,7 +137,7 @@ int cw_alsa_write_internal(cw_gen_t *gen) + /* Send audio buffer to ALSA. + Size of correct and current data in the buffer is the same as + ALSA's period, so there should be no underruns */ +- int rv = cw_alsa.snd_pcm_writei(gen->alsa_data.handle, gen->buffer, gen->buffer_n_samples); ++ int rv = snd_pcm_writei(gen->alsa_data.handle, gen->buffer, gen->buffer_n_samples); + cw_alsa_debug_evaluate_write_internal(gen, rv); + /* + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, +@@ -231,7 +164,7 @@ int cw_alsa_write_internal(cw_gen_t *gen) + */ + int cw_alsa_open_device_internal(cw_gen_t *gen) + { +- int rv = cw_alsa.snd_pcm_open(&gen->alsa_data.handle, ++ int rv = snd_pcm_open(&gen->alsa_data.handle, + gen->audio_device, /* name */ + SND_PCM_STREAM_PLAYBACK, /* stream (playback/capture) */ + 0); /* mode, 0 | SND_PCM_NONBLOCK | SND_PCM_ASYNC */ +@@ -251,7 +184,7 @@ int cw_alsa_open_device_internal(cw_gen_t *gen) + /* TODO: move this to cw_alsa_set_hw_params_internal(), + deallocate hw_params */ + snd_pcm_hw_params_t *hw_params = NULL; +- rv = cw_alsa.snd_pcm_hw_params_malloc(&hw_params); ++ rv = snd_pcm_hw_params_malloc(&hw_params); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, + "cw_alsa: can't allocate memory for ALSA hw params"); +@@ -265,7 +198,7 @@ int cw_alsa_open_device_internal(cw_gen_t *gen) + return CW_FAILURE; + } + +- rv = cw_alsa.snd_pcm_prepare(gen->alsa_data.handle); ++ rv = snd_pcm_prepare(gen->alsa_data.handle); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, + "cw_alsa: can't prepare ALSA handler"); +@@ -275,7 +208,7 @@ int cw_alsa_open_device_internal(cw_gen_t *gen) + /* Get size for data buffer */ + snd_pcm_uframes_t frames; /* period size in frames */ + int dir = 1; +- rv = cw_alsa.snd_pcm_hw_params_get_period_size_min(hw_params, &frames, &dir); ++ rv = snd_pcm_hw_params_get_period_size_min(hw_params, &frames, &dir); + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, + "cw_alsa: rv = %d, ALSA buffer size would be %u frames", rv, (unsigned int) frames); + +@@ -305,14 +238,11 @@ int cw_alsa_open_device_internal(cw_gen_t *gen) + void cw_alsa_close_device_internal(cw_gen_t *gen) + { + /* "Stop a PCM dropping pending frames. " */ +- cw_alsa.snd_pcm_drop(gen->alsa_data.handle); +- cw_alsa.snd_pcm_close(gen->alsa_data.handle); ++ snd_pcm_drop(gen->alsa_data.handle); ++ snd_pcm_close(gen->alsa_data.handle); + + gen->audio_device_is_open = false; + +- if (cw_alsa.handle) { +- dlclose(cw_alsa.handle); +- } + + #if CW_DEV_RAW_SINK + if (gen->dev_raw_sink != -1) { +@@ -332,11 +262,11 @@ int cw_alsa_debug_evaluate_write_internal(cw_gen_t *gen, int rv) + if (rv == -EPIPE) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_WARNING, + "cw_alsa: underrun"); +- cw_alsa.snd_pcm_prepare(gen->alsa_data.handle); ++ snd_pcm_prepare(gen->alsa_data.handle); + } else if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_WARNING, +- "cw_alsa: writei: %s", cw_alsa.snd_strerror(rv)); +- cw_alsa.snd_pcm_prepare(gen->alsa_data.handle); ++ "cw_alsa: writei: %s", snd_strerror(rv)); ++ snd_pcm_prepare(gen->alsa_data.handle); + } else if (rv != gen->buffer_n_samples) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_WARNING, + "cw_alsa: short write, %d != %d", rv, gen->buffer_n_samples); +@@ -363,19 +293,19 @@ int cw_alsa_debug_evaluate_write_internal(cw_gen_t *gen, int rv) + int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params) + { + /* Get current hw configuration. */ +- int rv = cw_alsa.snd_pcm_hw_params_any(gen->alsa_data.handle, hw_params); ++ int rv = snd_pcm_hw_params_any(gen->alsa_data.handle, hw_params); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: get current hw params: %s", cw_alsa.snd_strerror(rv)); ++ "cw_alsa: get current hw params: %s", snd_strerror(rv)); + return CW_FAILURE; + } + + + /* Set the sample format */ +- rv = cw_alsa.snd_pcm_hw_params_set_format(gen->alsa_data.handle, hw_params, CW_ALSA_SAMPLE_FORMAT); ++ rv = snd_pcm_hw_params_set_format(gen->alsa_data.handle, hw_params, CW_ALSA_SAMPLE_FORMAT); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't set sample format: %s", cw_alsa.snd_strerror(rv)); ++ "cw_alsa: can't set sample format: %s", snd_strerror(rv)); + return CW_FAILURE; + } + +@@ -387,7 +317,7 @@ int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params + bool success = false; + for (int i = 0; cw_supported_sample_rates[i]; i++) { + rate = cw_supported_sample_rates[i]; +- int rv = cw_alsa.snd_pcm_hw_params_set_rate_near(gen->alsa_data.handle, hw_params, &rate, &dir); ++ int rv = snd_pcm_hw_params_set_rate_near(gen->alsa_data.handle, hw_params, &rate, &dir); + if (!rv) { + if (rate != cw_supported_sample_rates[i]) { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_WARNING, "cw_alsa: imprecise sample rate:"); +@@ -402,7 +332,7 @@ int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params + + if (!success) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't get sample rate: %s", cw_alsa.snd_strerror(rv)); ++ "cw_alsa: can't get sample rate: %s", snd_strerror(rv)); + return CW_FAILURE; + } else { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, +@@ -410,18 +340,18 @@ int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params + } + + /* Set PCM access type */ +- rv = cw_alsa.snd_pcm_hw_params_set_access(gen->alsa_data.handle, hw_params, SND_PCM_ACCESS_RW_INTERLEAVED); ++ rv = snd_pcm_hw_params_set_access(gen->alsa_data.handle, hw_params, SND_PCM_ACCESS_RW_INTERLEAVED); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't set access type: %s", cw_alsa.snd_strerror(rv)); ++ "cw_alsa: can't set access type: %s", snd_strerror(rv)); + return CW_FAILURE; + } + + /* Set number of channels */ +- rv = cw_alsa.snd_pcm_hw_params_set_channels(gen->alsa_data.handle, hw_params, CW_AUDIO_CHANNELS); ++ rv = snd_pcm_hw_params_set_channels(gen->alsa_data.handle, hw_params, CW_AUDIO_CHANNELS); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't set number of channels: %s", cw_alsa.snd_strerror(rv)); ++ "cw_alsa: can't set number of channels: %s", snd_strerror(rv)); + return CW_FAILURE; + } + +@@ -496,7 +426,7 @@ int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params + snd_pcm_uframes_t accepted = 0; /* buffer size in frames */ + dir = 0; + for (snd_pcm_uframes_t val = 0; val < 10000; val++) { +- rv = cw_alsa.snd_pcm_hw_params_test_buffer_size(gen->alsa_data.handle, hw_params, val); ++ rv = snd_pcm_hw_params_test_buffer_size(gen->alsa_data.handle, hw_params, val); + if (rv == 0) { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, + "cw_alsa: accepted buffer size: %u", (unsigned int) accepted); +@@ -507,10 +437,10 @@ int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params + } + + if (accepted > 0) { +- rv = cw_alsa.snd_pcm_hw_params_set_buffer_size(gen->alsa_data.handle, hw_params, accepted); ++ rv = snd_pcm_hw_params_set_buffer_size(gen->alsa_data.handle, hw_params, accepted); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't set accepted buffer size %u: %s", (unsigned int) accepted, cw_alsa.snd_strerror(rv)); ++ "cw_alsa: can't set accepted buffer size %u: %s", (unsigned int) accepted, snd_strerror(rv)); + } + } else { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +@@ -526,7 +456,7 @@ int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params + /* this limit should be enough, "accepted" on my machine is 8 */ + const unsigned int n_periods_max = 30; + for (unsigned int val = 1; val < n_periods_max; val++) { +- rv = cw_alsa.snd_pcm_hw_params_test_periods(gen->alsa_data.handle, hw_params, val, dir); ++ rv = snd_pcm_hw_params_test_periods(gen->alsa_data.handle, hw_params, val, dir); + if (rv == 0) { + accepted = val; + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, +@@ -534,10 +464,10 @@ int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params + } + } + if (accepted > 0) { +- rv = cw_alsa.snd_pcm_hw_params_set_periods(gen->alsa_data.handle, hw_params, accepted, dir); ++ rv = snd_pcm_hw_params_set_periods(gen->alsa_data.handle, hw_params, accepted, dir); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't set accepted number of periods %d: %s", accepted, cw_alsa.snd_strerror(rv)); ++ "cw_alsa: can't set accepted number of periods %d: %s", accepted, snd_strerror(rv)); + } + } else { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +@@ -549,7 +479,7 @@ int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params + /* Test period size */ + dir = 0; + for (snd_pcm_uframes_t val = 0; val < 100000; val++) { +- rv = cw_alsa.snd_pcm_hw_params_test_period_size(gen->alsa_data.handle, hw_params, val, dir); ++ rv = snd_pcm_hw_params_test_period_size(gen->alsa_data.handle, hw_params, val, dir); + if (rv == 0) { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, + "cw_alsa: accepted period size: %lu", val); +@@ -562,7 +492,7 @@ int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params + /* Test buffer time */ + dir = 0; + for (unsigned int val = 0; val < 100000; val++) { +- rv = cw_alsa.snd_pcm_hw_params_test_buffer_time(gen->alsa_data.handle, hw_params, val, dir); ++ rv = snd_pcm_hw_params_test_buffer_time(gen->alsa_data.handle, hw_params, val, dir); + if (rv == 0) { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, + "cw_alsa: accepted buffer time: %d", val); +@@ -573,10 +503,10 @@ int cw_alsa_set_hw_params_internal(cw_gen_t *gen, snd_pcm_hw_params_t *hw_params + #endif /* #if CW_ALSA_HW_BUFFER_CONFIG */ + + /* Save hw parameters to device */ +- rv = cw_alsa.snd_pcm_hw_params(gen->alsa_data.handle, hw_params); ++ rv = snd_pcm_hw_params(gen->alsa_data.handle, hw_params); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't save hw parameters: %s", cw_alsa.snd_strerror(rv)); ++ "cw_alsa: can't save hw parameters: %s", snd_strerror(rv)); + return CW_FAILURE; + } else { + return CW_SUCCESS; +@@ -600,30 +530,30 @@ int cw_alsa_print_params_internal(snd_pcm_hw_params_t *hw_params) + unsigned int val = 0; + int dir = 0; + +- int rv = cw_alsa.snd_pcm_hw_params_get_periods(hw_params, &val, &dir); ++ int rv = snd_pcm_hw_params_get_periods(hw_params, &val, &dir); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't get 'periods': %s", cw_alsa.snd_strerror(rv)); ++ "cw_alsa: can't get 'periods': %s", snd_strerror(rv)); + } else { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, + "cw_alsa: 'periods' = %u", val); + } + + snd_pcm_uframes_t period_size = 0; +- rv = cw_alsa.snd_pcm_hw_params_get_period_size(hw_params, &period_size, &dir); ++ rv = snd_pcm_hw_params_get_period_size(hw_params, &period_size, &dir); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't get 'period size': %s", cw_alsa.snd_strerror(rv)); ++ "cw_alsa: can't get 'period size': %s", snd_strerror(rv)); + } else { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, + "cw_alsa: 'period size' = %u", (unsigned int) period_size); + } + + snd_pcm_uframes_t buffer_size; +- rv = cw_alsa.snd_pcm_hw_params_get_buffer_size(hw_params, &buffer_size); ++ rv = snd_pcm_hw_params_get_buffer_size(hw_params, &buffer_size); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "cw_alsa: can't get buffer size: %s", cw_alsa.snd_strerror(rv)); ++ "cw_alsa: can't get buffer size: %s", snd_strerror(rv)); + } else { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, + "cw_alsa: 'buffer size' = %u", (unsigned int) buffer_size); +@@ -642,70 +572,9 @@ int cw_alsa_print_params_internal(snd_pcm_hw_params_t *hw_params) + + + +-/** +- \brief Resolve/get symbols from ALSA library +- +- Function resolves/gets addresses of few ALSA functions used by +- libcw and stores them in cw_alsa global variable. +- +- On failure the function returns negative value, different for every +- symbol that the funciton failed to resolve. Function stops and returns +- on first failure. +- +- \param handle - handle to open ALSA library +- +- \return 0 on success +- \return negative value on failure +-*/ +-static int cw_alsa_dlsym_internal(void *handle) +-{ +- *(void **) &(cw_alsa.snd_pcm_open) = dlsym(handle, "snd_pcm_open"); +- if (!cw_alsa.snd_pcm_open) return -1; +- *(void **) &(cw_alsa.snd_pcm_close) = dlsym(handle, "snd_pcm_close"); +- if (!cw_alsa.snd_pcm_close) return -2; +- *(void **) &(cw_alsa.snd_pcm_prepare) = dlsym(handle, "snd_pcm_prepare"); +- if (!cw_alsa.snd_pcm_prepare) return -3; +- *(void **) &(cw_alsa.snd_pcm_drop) = dlsym(handle, "snd_pcm_drop"); +- if (!cw_alsa.snd_pcm_drop) return -4; +- *(void **) &(cw_alsa.snd_pcm_writei) = dlsym(handle, "snd_pcm_writei"); +- if (!cw_alsa.snd_pcm_writei) return -5; +- +- *(void **) &(cw_alsa.snd_strerror) = dlsym(handle, "snd_strerror"); +- if (!cw_alsa.snd_strerror) return -10; +- +- *(void **) &(cw_alsa.snd_pcm_hw_params_malloc) = dlsym(handle, "snd_pcm_hw_params_malloc"); +- if (!cw_alsa.snd_pcm_hw_params_malloc) return -20; +- *(void **) &(cw_alsa.snd_pcm_hw_params_any) = dlsym(handle, "snd_pcm_hw_params_any"); +- if (!cw_alsa.snd_pcm_hw_params_any) return -21; +- *(void **) &(cw_alsa.snd_pcm_hw_params_set_format) = dlsym(handle, "snd_pcm_hw_params_set_format"); +- if (!cw_alsa.snd_pcm_hw_params_set_format) return -22; +- *(void **) &(cw_alsa.snd_pcm_hw_params_set_rate_near) = dlsym(handle, "snd_pcm_hw_params_set_rate_near"); +- if (!cw_alsa.snd_pcm_hw_params_set_rate_near) return -23; +- *(void **) &(cw_alsa.snd_pcm_hw_params_set_access) = dlsym(handle, "snd_pcm_hw_params_set_access"); +- if (!cw_alsa.snd_pcm_hw_params_set_access) return -24; +- *(void **) &(cw_alsa.snd_pcm_hw_params_set_channels) = dlsym(handle, "snd_pcm_hw_params_set_channels"); +- if (!cw_alsa.snd_pcm_hw_params_set_channels) return -25; +- *(void **) &(cw_alsa.snd_pcm_hw_params) = dlsym(handle, "snd_pcm_hw_params"); +- if (!cw_alsa.snd_pcm_hw_params) return -26; +- *(void **) &(cw_alsa.snd_pcm_hw_params_get_periods) = dlsym(handle, "snd_pcm_hw_params_get_periods"); +- if (!cw_alsa.snd_pcm_hw_params_get_periods) return -27; +- *(void **) &(cw_alsa.snd_pcm_hw_params_get_period_size) = dlsym(handle, "snd_pcm_hw_params_get_period_size"); +- if (!cw_alsa.snd_pcm_hw_params_get_period_size) return -28; +- *(void **) &(cw_alsa.snd_pcm_hw_params_get_period_size_min) = dlsym(handle, "snd_pcm_hw_params_get_period_size_min"); +- if (!cw_alsa.snd_pcm_hw_params_get_period_size_min) return -29; +- *(void **) &(cw_alsa.snd_pcm_hw_params_get_buffer_size) = dlsym(handle, "snd_pcm_hw_params_get_buffer_size"); +- if (!cw_alsa.snd_pcm_hw_params_get_buffer_size) return -30; +- +- return 0; +-} +- +- +- +- +- + void cw_alsa_drop(cw_gen_t *gen) + { +- cw_alsa.snd_pcm_drop(gen->alsa_data.handle); ++ snd_pcm_drop(gen->alsa_data.handle); + + return; + } +@@ -721,7 +590,7 @@ void cw_alsa_drop(cw_gen_t *gen) + + + #include <stdbool.h> +-#include "libcw_alsa.h" ++#include "libh" + + + +diff --git a/src/libcw/libcw_pa.c b/src/libcw/libcw_pa.c +index 8269e9d..e190200 100644 +--- a/src/libcw/libcw_pa.c ++++ b/src/libcw/libcw_pa.c +@@ -39,7 +39,6 @@ + #include <unistd.h> + #include <stdlib.h> + #include <stdbool.h> +-#include <dlfcn.h> /* dlopen() and related symbols */ + #include <string.h> + #include <assert.h> + #include <sys/types.h> +@@ -63,39 +62,12 @@ extern cw_debug_t cw_debug_object_dev; + + + static pa_simple *cw_pa_simple_new_internal(pa_sample_spec *ss, pa_buffer_attr *ba, const char *device, const char *stream_name, int *error); +-static int cw_pa_dlsym_internal(void *handle); + static int cw_pa_open_device_internal(cw_gen_t *gen); + static void cw_pa_close_device_internal(cw_gen_t *gen); + static int cw_pa_write_internal(cw_gen_t *gen); + + + +-static struct { +- void *handle; +- +- pa_simple *(* pa_simple_new)(const char *server, const char *name, pa_stream_direction_t dir, const char *dev, const char *stream_name, const pa_sample_spec *ss, const pa_channel_map *map, const pa_buffer_attr *attr, int *error); +- void (* pa_simple_free)(pa_simple *s); +- int (* pa_simple_write)(pa_simple *s, const void *data, size_t bytes, int *error); +- pa_usec_t (* pa_simple_get_latency)(pa_simple *s, int *error); +- int (* pa_simple_drain)(pa_simple *s, int *error); +- +- size_t (* pa_usec_to_bytes)(pa_usec_t t, const pa_sample_spec *spec); +- char *(* pa_strerror)(int error); +-} cw_pa = { +- .handle = NULL, +- +- .pa_simple_new = NULL, +- .pa_simple_free = NULL, +- .pa_simple_write = NULL, +- .pa_simple_get_latency = NULL, +- .pa_simple_drain = NULL, +- +- .pa_usec_to_bytes = NULL, +- .pa_strerror = NULL +-}; +- +- +- + + static const pa_sample_format_t CW_PA_SAMPLE_FORMAT = PA_SAMPLE_S16LE; /* Signed 16 bit, Little Endian */ + static const int CW_PA_BUFFER_N_SAMPLES = 1024; +@@ -117,21 +89,6 @@ static const int CW_PA_BUFFER_N_SAMPLES = 1024; + */ + bool cw_is_pa_possible(const char *device) + { +- const char *library_name = "libpulse-simple.so"; +- if (!cw_dlopen_internal(library_name, &(cw_pa.handle))) { +- cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "libcw_pa: can't access PulseAudio library \"%s\"", library_name); +- return false; +- } +- +- int rv = cw_pa_dlsym_internal(cw_pa.handle); +- if (rv < 0) { +- cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "libcw_pa: failed to resolve PulseAudio symbol #%d, can't correctly load PulseAudio library", rv); +- dlclose(cw_pa.handle); +- return false; +- } +- + const char *dev = (char *) NULL; + if (device && strcmp(device, CW_DEFAULT_PA_DEVICE)) { + dev = device; +@@ -145,13 +102,10 @@ bool cw_is_pa_possible(const char *device) + + if (!s) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "libcw_pa: can't connect to PulseAudio server: %s", cw_pa.pa_strerror(error)); +- if (cw_pa.handle) { +- dlclose(cw_pa.handle); +- } ++ "libcw_pa: can't connect to PulseAudio server: %s", pa_strerror(error)); + return false; + } else { +- cw_pa.pa_simple_free(s); ++ pa_simple_free(s); + s = NULL; + return true; + } +@@ -186,10 +140,10 @@ int cw_pa_write_internal(cw_gen_t *gen) + + int error = 0; + size_t n_bytes = sizeof (gen->buffer[0]) * gen->buffer_n_samples; +- int rv = cw_pa.pa_simple_write(gen->pa_data.s, gen->buffer, n_bytes, &error); ++ int rv = pa_simple_write(gen->pa_data.s, gen->buffer, n_bytes, &error); + if (rv < 0) { + cw_debug_msg ((&cw_debug_object), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "libcw_pa: pa_simple_write() failed: %s", cw_pa.pa_strerror(error)); ++ "libcw_pa: pa_simple_write() failed: %s", pa_strerror(error)); + } else { + //cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_INFO, "libcw_pa: written %d samples with PulseAudio", gen->buffer_n_samples); + } +@@ -237,13 +191,13 @@ pa_simple *cw_pa_simple_new_internal(pa_sample_spec *ss, pa_buffer_attr *ba, con + } + + // http://www.mail-archive.com/pulseaudio-tickets@mail.0pointer.de/msg03295.html +- ba->tlength = cw_pa.pa_usec_to_bytes(50*1000, ss); +- ba->minreq = cw_pa.pa_usec_to_bytes(0, ss); +- ba->maxlength = cw_pa.pa_usec_to_bytes(50*1000, ss); ++ ba->tlength = pa_usec_to_bytes(50*1000, ss); ++ ba->minreq = pa_usec_to_bytes(0, ss); ++ ba->maxlength = pa_usec_to_bytes(50*1000, ss); + /* ba->prebuf = ; */ /* ? */ + /* ba->fragsize = sizeof(uint32_t) -1; */ /* not relevant to playback */ + +- pa_simple *s = cw_pa.pa_simple_new(NULL, /* server name (NULL for default) */ ++ pa_simple *s = pa_simple_new(NULL, /* server name (NULL for default) */ + "libcw", /* descriptive name of client (application name etc.) */ + PA_STREAM_PLAYBACK, /* stream direction */ + dev, /* device/sink name (NULL for default) */ +@@ -258,47 +212,6 @@ pa_simple *cw_pa_simple_new_internal(pa_sample_spec *ss, pa_buffer_attr *ba, con + + + +- +- +-/** +- \brief Resolve/get symbols from PulseAudio library +- +- Function resolves/gets addresses of few PulseAudio functions used by +- libcw and stores them in cw_pa global variable. +- +- On failure the function returns negative value, different for every +- symbol that the funciton failed to resolve. Function stops and returns +- on first failure. +- +- \param handle - handle to open PulseAudio library +- +- \return 0 on success +- \return negative value on failure +-*/ +-int cw_pa_dlsym_internal(void *handle) +-{ +- *(void **) &(cw_pa.pa_simple_new) = dlsym(handle, "pa_simple_new"); +- if (!cw_pa.pa_simple_new) return -1; +- *(void **) &(cw_pa.pa_simple_free) = dlsym(handle, "pa_simple_free"); +- if (!cw_pa.pa_simple_free) return -2; +- *(void **) &(cw_pa.pa_simple_write) = dlsym(handle, "pa_simple_write"); +- if (!cw_pa.pa_simple_write) return -3; +- *(void **) &(cw_pa.pa_strerror) = dlsym(handle, "pa_strerror"); +- if (!cw_pa.pa_strerror) return -4; +- *(void **) &(cw_pa.pa_simple_get_latency) = dlsym(handle, "pa_simple_get_latency"); +- if (!cw_pa.pa_simple_get_latency) return -5; +- *(void **) &(cw_pa.pa_simple_drain) = dlsym(handle, "pa_simple_drain"); +- if (!cw_pa.pa_simple_drain) return -6; +- *(void **) &(cw_pa.pa_usec_to_bytes) = dlsym(handle, "pa_usec_to_bytes"); +- if (!cw_pa.pa_usec_to_bytes) return -7; +- +- return 0; +-} +- +- +- +- +- + /** + \brief Open PulseAudio output, associate it with given generator + +@@ -325,16 +238,16 @@ int cw_pa_open_device_internal(cw_gen_t *gen) + + if (!gen->pa_data.s) { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "libcw_pa: can't connect to PulseAudio server: %s", cw_pa.pa_strerror(error)); ++ "libcw_pa: can't connect to PulseAudio server: %s", pa_strerror(error)); + return false; + } + + gen->buffer_n_samples = CW_PA_BUFFER_N_SAMPLES; + gen->sample_rate = gen->pa_data.ss.rate; + +- if ((gen->pa_data.latency_usecs = cw_pa.pa_simple_get_latency(gen->pa_data.s, &error)) == (pa_usec_t) -1) { ++ if ((gen->pa_data.latency_usecs = pa_simple_get_latency(gen->pa_data.s, &error)) == (pa_usec_t) -1) { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "libcw_pa: pa_simple_get_latency() failed: %s", cw_pa.pa_strerror(error)); ++ "libcw_pa: pa_simple_get_latency() failed: %s", pa_strerror(error)); + } + + #if CW_DEV_RAW_SINK +@@ -357,20 +270,17 @@ void cw_pa_close_device_internal(cw_gen_t *gen) + if (gen->pa_data.s) { + /* Make sure that every single sample was played */ + int error; +- if (cw_pa.pa_simple_drain(gen->pa_data.s, &error) < 0) { ++ if (pa_simple_drain(gen->pa_data.s, &error) < 0) { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_ERROR, +- "libcw_pa: pa_simple_drain() failed: %s", cw_pa.pa_strerror(error)); ++ "libcw_pa: pa_simple_drain() failed: %s", pa_strerror(error)); + } +- cw_pa.pa_simple_free(gen->pa_data.s); ++ pa_simple_free(gen->pa_data.s); + gen->pa_data.s = NULL; + } else { + cw_debug_msg ((&cw_debug_object_dev), CW_DEBUG_SOUND_SYSTEM, CW_DEBUG_WARNING, + "libcw_pa: called the function for NULL PA sink"); + } + +- if (cw_pa.handle) { +- dlclose(cw_pa.handle); +- } + + #if CW_DEV_RAW_SINK + if (gen->dev_raw_sink != -1) { +-- +2.16.2 + diff --git a/pkgs/applications/misc/xmr-stak/default.nix b/pkgs/applications/misc/xmr-stak/default.nix index 51fd2ee8064..5dcaeb1226e 100644 --- a/pkgs/applications/misc/xmr-stak/default.nix +++ b/pkgs/applications/misc/xmr-stak/default.nix @@ -12,13 +12,13 @@ in stdenv'.mkDerivation rec { name = "xmr-stak-${version}"; - version = "2.4.3"; + version = "2.4.4"; src = fetchFromGitHub { owner = "fireice-uk"; repo = "xmr-stak"; rev = "${version}"; - sha256 = "0plks4yyd9gjnfg7sfsgsvdgczkbghf5xjwb8bzv01f0fndn10r1"; + sha256 = "1j75466hfs18w05k64yb60pw865ah226vjib46qr1wb1mcd82i5s"; }; NIX_CFLAGS_COMPILE = "-O3"; diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index 4d55c52fbbf..4e7d35f105c 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -137,35 +137,18 @@ rec { in rec { - tor-browser-7-0 = common (rec { - pname = "tor-browser"; - version = "7.0.1"; - isTorBrowserLike = true; - - # FIXME: fetchFromGitHub is not ideal, unpacked source is >900Mb - src = fetchFromGitHub { - owner = "SLNOS"; - repo = "tor-browser"; - # branch "tor-browser-52.5.0esr-7.0-1-slnos"; - rev = "830ff8d622ef20345d83f386174f790b0fc2440d"; - sha256 = "169mjkr0bp80yv9nzza7kay7y2k03lpnx71h4ybcv9ygxgzdgax5"; - }; - - patches = nixpkgsPatches; - } // commonAttrs) {}; - tor-browser-7-5 = common (rec { pname = "tor-browser"; - version = "7.5.4"; + version = "7.5.5"; isTorBrowserLike = true; # FIXME: fetchFromGitHub is not ideal, unpacked source is >900Mb src = fetchFromGitHub { owner = "SLNOS"; repo = "tor-browser"; - # branch "tor-browser-52.8.0esr-7.5-1-slnos" - rev = "dbaabe129d2982bee00a753146fbe610fec0ca50"; - sha256 = "0j60vz18bwabqbzv0r1id3vcyh3832mzx6cg5r7x5c03s5hn40a4"; + # branch "tor-browser-52.8.1esr-7.5-1-slnos" + rev = "08e246847f0ccbee42f61d9449344d461c886cf1"; + sha256 = "023k7427g2hqkpdsw1h384djlyy6jyidpssrrwzbs3qv4s13slah"; }; patches = nixpkgsPatches; diff --git a/pkgs/applications/networking/gns3/default.nix b/pkgs/applications/networking/gns3/default.nix index 91bcfc73f2c..9123477bb3e 100644 --- a/pkgs/applications/networking/gns3/default.nix +++ b/pkgs/applications/networking/gns3/default.nix @@ -1,7 +1,7 @@ { callPackage, stdenv }: let - stableVersion = "2.1.6"; + stableVersion = "2.1.7"; # Currently there is no preview version. previewVersion = stableVersion; addVersion = args: @@ -10,8 +10,8 @@ let in args // { inherit version branch; }; mkGui = args: callPackage (import ./gui.nix (addVersion args)) { }; mkServer = args: callPackage (import ./server.nix (addVersion args)) { }; - guiSrcHash = "0wrh0x5ig2x2pxyyf99z4bfiyxn19akyjic5kgf0pv2snifw2481"; - serverSrcHash = "0jy5700bshz54mdsh5qpcb2qrczg9isxhr4y0bmglrl23pywvisc"; + guiSrcHash = "10zf429zjzf7v4y9r7mmkp42kh5ppmqinhvwqzb7jmsrpv2cnxj6"; + serverSrcHash = "056swz6ygqdi37asah51v1yy0ky8q0p32vf7dxs697hd7nv78aqj"; in { guiStable = mkGui { stable = true; diff --git a/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix b/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix index 071f82a8cbe..3e0e60594f8 100644 --- a/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix +++ b/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix @@ -4,8 +4,8 @@ let mkTelegram = args: qt5.callPackage (import ./generic.nix args) { }; stableVersion = { stable = true; - version = "1.3.0"; - sha256Hash = "1h5zcvd58bjm02b0rfb7fx1nx1gmzdlk1854lm6kg1hd6mqrrb0i"; + version = "1.3.7"; + sha256Hash = "1rwnqgla061icvyvw8gxqd7qki1jnq0f46hvyffp74ng5r1b6wjg"; # svn log svn://svn.archlinux.org/community/telegram-desktop/trunk archPatchesRevision = "310557"; archPatchesHash = "1v134dal3xiapgh3akfr61vh62j24m9vkb62kckwvap44iqb0hlk"; @@ -14,7 +14,5 @@ in { stable = mkTelegram stableVersion; preview = mkTelegram (stableVersion // { stable = false; - version = "1.3.4"; - sha256Hash = "17xdzyl7jb5g69a2h6fyk67z7s6h2dqjg8j478px6n0br1n420wk"; }); } diff --git a/pkgs/applications/office/gnucash/default.nix b/pkgs/applications/office/gnucash/default.nix index d12b1327e8f..c09d0b3aa39 100644 --- a/pkgs/applications/office/gnucash/default.nix +++ b/pkgs/applications/office/gnucash/default.nix @@ -37,8 +37,9 @@ stdenv.mkDerivation rec { buildInputs = [ boost icu libxml2 libxslt gettext swig isocodes gtk3 glibcLocales webkit dconf hicolor-icon-theme libofx aqbanking gwenhywfar libdbi - libdbiDrivers guile perlWrapper - ]; + libdbiDrivers guile + perlWrapper perl + ] ++ (with perlPackages; [ FinanceQuote DateManip ]); propagatedUserEnvPkgs = [ dconf ]; @@ -58,6 +59,7 @@ stdenv.mkDerivation rec { wrapProgram "$out/bin/gnucash" \ --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH:$out/share/gsettings-schemas/${name}" \ --prefix XDG_DATA_DIRS : "${hicolor-icon-theme}/share" \ + --prefix PERL5LIB ":" "$PERL5LIB" \ --prefix GIO_EXTRA_MODULES : "${stdenv.lib.getLib dconf}/lib/gio/modules" ''; diff --git a/pkgs/applications/office/mendeley/default.nix b/pkgs/applications/office/mendeley/default.nix index 15a57ba9de4..cf40392c6dd 100644 --- a/pkgs/applications/office/mendeley/default.nix +++ b/pkgs/applications/office/mendeley/default.nix @@ -42,14 +42,14 @@ let then "i386" else "amd64"; - shortVersion = "1.18-stable"; + shortVersion = "1.19.1-stable"; version = "${shortVersion}_${arch}"; url = "http://desktop-download.mendeley.com/download/apt/pool/main/m/mendeleydesktop/mendeleydesktop_${version}.deb"; sha256 = if stdenv.system == arch32 - then "046v1j4sc6m0bf89f52zsg8riygrhldplyih5p0cjhcsd45q6fx8" - else "072fppgxhiryb6m1fb4qvq8nbblx88xpknnklygch1sw0lyks69h"; + then "0fcyl5i8xdgb5j0x1643qc0j74d8p11jczvqmgqkqh0wgid1y1ad" + else "1dzwa2cnn9xakrhhq159fhh71gw5wlbf017rrikdlia694m8akq6"; deps = [ qtbase diff --git a/pkgs/applications/science/electronics/ngspice/default.nix b/pkgs/applications/science/electronics/ngspice/default.nix index 96025e8faa6..73e770b63e2 100644 --- a/pkgs/applications/science/electronics/ngspice/default.nix +++ b/pkgs/applications/science/electronics/ngspice/default.nix @@ -1,11 +1,11 @@ {stdenv, fetchurl, readline, bison, flex, libX11, libICE, libXaw, libXext, fftw}: stdenv.mkDerivation { - name = "ngspice-27"; + name = "ngspice-28"; src = fetchurl { - url = "mirror://sourceforge/ngspice/ngspice-27.tar.gz"; - sha256 = "15862npsy5sj56z5yd1qiv3y0fgicrzj7wwn8hbcy89fgbawf20c"; + url = "mirror://sourceforge/ngspice/ngspice-28.tar.gz"; + sha256 = "0rnz2rdgyav16w7wfn3sfrk2lwvvgz1fh0l9107zkcldijklz04l"; }; nativeBuildInputs = [ flex bison ]; diff --git a/pkgs/applications/version-management/gitaly/default.nix b/pkgs/applications/version-management/gitaly/default.nix index 375e7ad001d..52d46a99118 100644 --- a/pkgs/applications/version-management/gitaly/default.nix +++ b/pkgs/applications/version-management/gitaly/default.nix @@ -23,6 +23,8 @@ in buildGoPackage rec { inherit rubyEnv; }; + buildInputs = [rubyEnv.wrappedRuby]; + postInstall = '' mkdir -p $ruby cp -rv $src/ruby/{bin,lib,vendor} $ruby diff --git a/pkgs/applications/version-management/sit/aarch64-isel.patch b/pkgs/applications/version-management/sit/aarch64-isel.patch deleted file mode 100644 index 411922cfd8e..00000000000 --- a/pkgs/applications/version-management/sit/aarch64-isel.patch +++ /dev/null @@ -1,9 +0,0 @@ -diff --git a/.cargo/config b/.cargo/config -new file mode 100644 -index 0000000..15e7649 ---- /dev/null -+++ b/.cargo/config -@@ -0,0 +1,3 @@ -+# https://github.com/rust-lang/rust/issues/50516 -+[target.'cfg(all(debug_assertions, target_arch = "aarch64"))'] -+rustflags = ["-C", "llvm-args=-fast-isel"] diff --git a/pkgs/applications/version-management/sit/default.nix b/pkgs/applications/version-management/sit/default.nix index e189241531d..75368bd8846 100644 --- a/pkgs/applications/version-management/sit/default.nix +++ b/pkgs/applications/version-management/sit/default.nix @@ -1,25 +1,30 @@ -{ stdenv, fetchFromGitHub, rustPlatform, cmake, libzip }: +{ stdenv, fetchFromGitHub, rustPlatform, cmake, libzip, gnupg, + # Darwin + libiconv, CoreFoundation, Security }: rustPlatform.buildRustPackage rec { name = "sit-${version}"; - version = "0.3.2"; + version = "0.4.0"; src = fetchFromGitHub { - owner = "sit-it"; + owner = "sit-fyi"; repo = "sit"; rev = "v${version}"; - sha256 = "0lhl4rrfmsi76498mg5si2xagl8l2pi5d92dxhsyzszpwn5jdp57"; + sha256 = "10ycs6vc7mfzxnxrki09xn974pcwh196h1pfnsds98x6r87hxkpn"; }; - buildInputs = [ cmake libzip ]; + buildInputs = [ cmake libzip gnupg ] ++ + (if stdenv.isDarwin then [ libiconv CoreFoundation Security ] else []); - cargoSha256 = "102haqix13nwcncng1s8qkw68spn6fhh3vysk2nbahw6f78zczqg"; + preCheck = '' + export HOME=$(mktemp -d) + ''; - patches = [ ./aarch64-isel.patch ]; + cargoSha256 = "023anmnprxbsvqww1b1bdyfhbhjh1ah2kc67cdihvdvi4lqdmbia"; meta = with stdenv.lib; { description = "Serverless Information Tracker"; - homepage = https://sit.sh/; + homepage = https://sit.fyi/; license = with licenses; [ asl20 /* or */ mit ]; maintainers = with maintainers; [ dywedir yrashk ]; platforms = platforms.all; diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix index 2ab2bd02219..1a2c850f156 100644 --- a/pkgs/applications/virtualization/docker/default.nix +++ b/pkgs/applications/virtualization/docker/default.nix @@ -27,7 +27,7 @@ rec { patches = []; }); - docker-containerd = containerd.overrideAttrs (oldAttrs: rec { + docker-containerd = (containerd.override { inherit go; }).overrideAttrs (oldAttrs: rec { name = "docker-containerd"; src = fetchFromGitHub { owner = "docker"; diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix index 8c429ff1d06..05d8c1edec2 100644 --- a/pkgs/applications/virtualization/qemu/default.nix +++ b/pkgs/applications/virtualization/qemu/default.nix @@ -15,6 +15,7 @@ , xenSupport ? false, xen , openGLSupport ? sdlSupport, mesa_noglu, epoxy, libdrm , virglSupport ? openGLSupport, virglrenderer +, smbdSupport ? false, samba , hostCpuOnly ? false , nixosTestRunner ? false }: @@ -63,7 +64,8 @@ stdenv.mkDerivation rec { ++ optionals stdenv.isLinux [ alsaLib libaio libcap_ng libcap attr ] ++ optionals xenSupport [ xen ] ++ optionals openGLSupport [ mesa_noglu epoxy libdrm ] - ++ optionals virglSupport [ virglrenderer ]; + ++ optionals virglSupport [ virglrenderer ] + ++ optionals smbdSupport [ samba ]; enableParallelBuilding = true; @@ -100,8 +102,7 @@ stdenv.mkDerivation rec { ''; configureFlags = - [ "--smbd=smbd" # use `smbd' from $PATH - "--audio-drv-list=${audio}" + [ "--audio-drv-list=${audio}" "--sysconfdir=/etc" "--localstatedir=/var" ] @@ -117,7 +118,8 @@ stdenv.mkDerivation rec { ++ optional gtkSupport "--enable-gtk" ++ optional xenSupport "--enable-xen" ++ optional openGLSupport "--enable-opengl" - ++ optional virglSupport "--enable-virglrenderer"; + ++ optional virglSupport "--enable-virglrenderer" + ++ optional smbdSupport "--smbd=${samba}/bin/smbd"; doCheck = false; # tries to access /dev diff --git a/pkgs/applications/window-managers/dwm/dwm-status.nix b/pkgs/applications/window-managers/dwm/dwm-status.nix new file mode 100644 index 00000000000..4a46d4ef7ba --- /dev/null +++ b/pkgs/applications/window-managers/dwm/dwm-status.nix @@ -0,0 +1,36 @@ +{ stdenv, lib, rustPlatform, fetchFromGitHub, dbus, gdk_pixbuf, libnotify, makeWrapper, pkgconfig, xorg, alsaUtils }: + +let + runtimeDeps = [ xorg.xsetroot ] + ++ lib.optional (alsaUtils != null) alsaUtils; +in + +rustPlatform.buildRustPackage rec { + name = "dwm-status-${version}"; + version = "0.4.0"; + + src = fetchFromGitHub { + owner = "Gerschtli"; + repo = "dwm-status"; + rev = version; + sha256 = "0nw0iz78mnrmgpc471yjv7yzsaf7346mwjp6hm5kbsdclvrdq9d7"; + }; + + nativeBuildInputs = [ makeWrapper pkgconfig ]; + buildInputs = [ dbus gdk_pixbuf libnotify ]; + + cargoSha256 = "0169k91pb7ipvi0m71cmkppp1klgp5ghampa7x0fxkyrvrf0dvqg"; + + postInstall = '' + wrapProgram $out/bin/dwm-status \ + --prefix "PATH" : "${stdenv.lib.makeBinPath runtimeDeps}" + ''; + + meta = with stdenv.lib; { + description = "DWM status service which dynamically updates when needed"; + homepage = https://github.com/Gerschtli/dwm-status; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ gerschtli ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/applications/window-managers/fvwm/default.nix b/pkgs/applications/window-managers/fvwm/default.nix index 0b9c286aa9d..20a95f36cee 100644 --- a/pkgs/applications/window-managers/fvwm/default.nix +++ b/pkgs/applications/window-managers/fvwm/default.nix @@ -9,12 +9,12 @@ assert gestures -> libstroke != null; stdenv.mkDerivation rec { pname = "fvwm"; - version = "2.6.7"; + version = "2.6.8"; name = "${pname}-${version}"; src = fetchurl { url = "https://github.com/fvwmorg/fvwm/releases/download/${version}/${name}.tar.gz"; - sha256 = "01654d5abdcde6dac131cae9befe5cf6f01f9f7524d097c3b0f316e39f84ef73"; + sha256 = "0hgkkdzcqjnaabvv9cnh0bz90nnjskbhjg9qnzpi2x0mbliwjdpv"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/build-support/fetchurl/builder.sh b/pkgs/build-support/fetchurl/builder.sh index 7c2bdf260b4..f9bc8b602f4 100644 --- a/pkgs/build-support/fetchurl/builder.sh +++ b/pkgs/build-support/fetchurl/builder.sh @@ -2,20 +2,24 @@ source $stdenv/setup source $mirrorsFile +curlVersion=$(curl -V | head -1 | cut -d' ' -f2) # Curl flags to handle redirects, not use EPSV, handle cookies for # servers to need them during redirects, and work on SSL without a # certificate (this isn't a security problem because we check the # cryptographic hash of the output anyway). -curl="curl \ - --location --max-redirs 20 \ - --retry 3 \ - --disable-epsv \ - --cookie-jar cookies \ - --insecure \ - $curlOpts \ - $NIX_CURL_FLAGS" - +curl=( + curl + --location + --max-redirs 20 + --retry 3 + --disable-epsv + --cookie-jar cookies + --insecure + --user-agent "curl/$curlVersion Nixpkgs/$nixpkgsVersion" + $curlOpts + $NIX_CURL_FLAGS +) downloadedFile="$out" if [ -n "$downloadToTemp" ]; then downloadedFile="$TMPDIR/file"; fi @@ -32,7 +36,7 @@ tryDownload() { # if we get error code 18, resume partial download while [ $curlexit -eq 18 ]; do # keep this inside an if statement, since on failure it doesn't abort the script - if $curl -C - --fail "$url" --output "$downloadedFile"; then + if "${curl[@]}" -C - --fail "$url" --output "$downloadedFile"; then success=1 break else @@ -61,7 +65,7 @@ tryHashedMirrors() { for mirror in $hashedMirrors; do url="$mirror/$outputHashAlgo/$outputHash" - if $curl --retry 0 --connect-timeout "${NIX_CONNECT_TIMEOUT:-15}" \ + if "${curl[@]}" --retry 0 --connect-timeout "${NIX_CONNECT_TIMEOUT:-15}" \ --fail --silent --show-error --head "$url" \ --write-out "%{http_code}" --output /dev/null > code 2> log; then tryDownload "$url" diff --git a/pkgs/build-support/fetchurl/default.nix b/pkgs/build-support/fetchurl/default.nix index 0bf529caa75..5f0c1384c79 100644 --- a/pkgs/build-support/fetchurl/default.nix +++ b/pkgs/build-support/fetchurl/default.nix @@ -92,7 +92,6 @@ in assert sha512 != "" -> builtins.compareVersions "1.11" builtins.nixVersion <= 0; let - urls_ = if urls != [] && url == "" then (if lib.isList urls then urls @@ -107,7 +106,6 @@ let else if sha256 != "" then { outputHashAlgo = "sha256"; outputHash = sha256; } else if sha1 != "" then { outputHashAlgo = "sha1"; outputHash = sha1; } else throw "fetchurl requires a hash for fixed-output derivation: ${lib.concatStringsSep ", " urls_}"; - in stdenvNoCC.mkDerivation { @@ -135,6 +133,8 @@ stdenvNoCC.mkDerivation { impureEnvVars = impureEnvVars ++ netrcImpureEnvVars; + nixpkgsVersion = lib.trivial.release; + # Doing the download on a remote machine just duplicates network # traffic, so don't do that. preferLocalBuild = true; diff --git a/pkgs/build-support/fetchurl/mirrors.nix b/pkgs/build-support/fetchurl/mirrors.nix index cc015f9d604..2d177353153 100644 --- a/pkgs/build-support/fetchurl/mirrors.nix +++ b/pkgs/build-support/fetchurl/mirrors.nix @@ -405,4 +405,12 @@ rec { http://repo1.maven.org/maven2/ http://central.maven.org/maven2/ ]; + + # Alsa Project + alsa = [ + ftp://ftp.alsa-project.org/pub/ + http://alsa.cybermirror.org/ + http://www.mirrorservice.org/sites/ftp.alsa-project.org/pub/ + http://alsa.mirror.fr/ + ]; } diff --git a/pkgs/build-support/setup-hooks/prune-libtool-files.sh b/pkgs/build-support/setup-hooks/prune-libtool-files.sh new file mode 100644 index 00000000000..d75812e05b6 --- /dev/null +++ b/pkgs/build-support/setup-hooks/prune-libtool-files.sh @@ -0,0 +1,22 @@ +# Clear dependency_libs in libtool files for shared libraries. + +# Shared libraries already encode their dependencies with locations. .la +# files do not always encode those locations, and sometimes encode the +# locations in the wrong Nix output. .la files are not needed for shared +# libraries, but without dependency_libs they do not hurt either. + +fixupOutputHooks+=(_pruneLibtoolFiles) + +_pruneLibtoolFiles() { + if [ "$dontPruneLibtoolFiles" ]; then + return + fi + + # Libtool uses "dlname" and "library_names" fields for shared libraries and + # the "old_library" field for static libraries. We are processing only + # those .la files that do not describe static libraries. + find "$prefix" -type f -name '*.la' \ + -exec grep -q '^# Generated by libtool' {} \; \ + -exec grep -q "^old_library=''" {} \; \ + -exec sed -i {} -e "/^dependency_libs='[^']/ c dependency_libs='' #pruned" \; +} diff --git a/pkgs/build-support/vm/default.nix b/pkgs/build-support/vm/default.nix index 622fba0686f..9cdcc2a752d 100644 --- a/pkgs/build-support/vm/default.nix +++ b/pkgs/build-support/vm/default.nix @@ -14,16 +14,6 @@ rec { qemu = pkgs.qemu_kvm; - qemu-220 = lib.overrideDerivation pkgs.qemu_kvm (attrs: rec { - version = "2.2.0"; - src = fetchurl { - url = "http://wiki.qemu.org/download/qemu-${version}.tar.bz2"; - sha256 = "1703c3scl5n07gmpilg7g2xzyxnr7jczxgx6nn4m8kv9gin9p35n"; - }; - patches = [ ../../../nixos/modules/virtualisation/azure-qemu-220-no-etc-install.patch ]; - }); - - modulesClosure = makeModulesClosure { inherit kernel rootModules; firmware = kernel; diff --git a/pkgs/data/fonts/fira-mono/default.nix b/pkgs/data/fonts/fira-mono/default.nix index 4fc6aab9510..2f50a83a70b 100644 --- a/pkgs/data/fonts/fira-mono/default.nix +++ b/pkgs/data/fonts/fira-mono/default.nix @@ -3,17 +3,17 @@ fetchzip { name = "fira-mono-3.206"; - url = http://www.carrois.com/downloads/fira_mono_3_2/FiraMonoFonts3206.zip; + url = https://github.com/mozilla/Fira/archive/4.106.zip; postFetch = '' mkdir -p $out/share/fonts - unzip -j $downloadedFile \*.otf -d $out/share/fonts/opentype + unzip -j $downloadedFile Fira-4.106/otf/FiraMono\*.otf -d $out/share/fonts/opentype ''; - sha256 = "0m4kdjh4xjyznybpgh21a0gibv4wsxq0rqyl3wv942zk6mclmgdf"; + sha256 = "1ci3fxhdwabvfj4nl16pwcgqnh7s2slp8vblribk8zkpx8cbp1dj"; meta = with stdenv.lib; { - homepage = http://www.carrois.com/fira-4-1/; + homepage = https://mozilla.github.io/Fira/; description = "Monospace font for Firefox OS"; longDescription = '' Fira Mono is a monospace font designed by Erik Spiekermann, diff --git a/pkgs/data/fonts/fira/default.nix b/pkgs/data/fonts/fira/default.nix index cddb8cd726a..ce6e011d8a6 100644 --- a/pkgs/data/fonts/fira/default.nix +++ b/pkgs/data/fonts/fira/default.nix @@ -3,17 +3,17 @@ fetchzip rec { name = "fira-4.106"; - url = http://www.carrois.com/downloads/fira_4_1/FiraFonts4106.zip; + url = https://github.com/mozilla/Fira/archive/4.106.zip; postFetch = '' mkdir -p $out/share/fonts - unzip -j $downloadedFile \*.otf -d $out/share/fonts/opentype + unzip -j $downloadedFile Fira-4.106/otf/FiraSans\*.otf -d $out/share/fonts/opentype ''; - sha256 = "174nwmpvxqg1qjfj6h3yvrphs1s3n6zricdh27iaxilajm0ilbgs"; + sha256 = "0c97nmihcq0ki7ywj8zn048a2bgrszc61lb9p0djfi65ar52jab4"; meta = with stdenv.lib; { - homepage = http://www.carrois.com/fira-4-1/; + homepage = https://mozilla.github.io/Fira/; description = "Sans-serif font for Firefox OS"; longDescription = '' Fira Sans is a sans-serif font designed by Erik Spiekermann, diff --git a/pkgs/development/compilers/avian/default.nix b/pkgs/development/compilers/avian/default.nix index 4dc384f70a3..387ae906b88 100644 --- a/pkgs/development/compilers/avian/default.nix +++ b/pkgs/development/compilers/avian/default.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { buildInputs = [ zlib jdk ] ++ stdenv.lib.optionals stdenv.isDarwin [ CoreServices Foundation ]; - NIX_CFLAGS_COMPILE = stdenv.lib.optionalString stdenv.cc.isClang "-Wno-error"; + NIX_CFLAGS_COMPILE = "-Wno-error"; postPatch = '' substituteInPlace makefile \ diff --git a/pkgs/development/compilers/ghc/7.10.3.nix b/pkgs/development/compilers/ghc/7.10.3.nix index 2565afab334..3dd320e0257 100644 --- a/pkgs/development/compilers/ghc/7.10.3.nix +++ b/pkgs/development/compilers/ghc/7.10.3.nix @@ -16,7 +16,7 @@ , # If enabled, GHC will be built with the GPL-free but slower integer-simple # library instead of the faster but GPLed integer-gmp library. - enableIntegerSimple ? false, gmp ? null + enableIntegerSimple ? !(gmp.meta.available or false), gmp , # If enabled, use -fPIC when compiling static libs. enableRelocatedStaticLibs ? targetPlatform != hostPlatform @@ -30,8 +30,6 @@ ghcFlavour ? stdenv.lib.optionalString (targetPlatform != hostPlatform) "perf-cross" }: -assert !enableIntegerSimple -> gmp != null; - let inherit (bootPkgs) ghc; diff --git a/pkgs/development/compilers/ghc/8.0.2.nix b/pkgs/development/compilers/ghc/8.0.2.nix index 4aa9f3fc81c..53c5a218cb1 100644 --- a/pkgs/development/compilers/ghc/8.0.2.nix +++ b/pkgs/development/compilers/ghc/8.0.2.nix @@ -15,7 +15,7 @@ , # If enabled, GHC will be built with the GPL-free but slower integer-simple # library instead of the faster but GPLed integer-gmp library. - enableIntegerSimple ? false, gmp ? null + enableIntegerSimple ? !(gmp.meta.available or false), gmp , # If enabled, use -fPIC when compiling static libs. enableRelocatedStaticLibs ? targetPlatform != hostPlatform @@ -29,8 +29,6 @@ ghcFlavour ? stdenv.lib.optionalString (targetPlatform != hostPlatform) "perf-cross" }: -assert !enableIntegerSimple -> gmp != null; - let inherit (bootPkgs) ghc; diff --git a/pkgs/development/compilers/ghc/8.2.2.nix b/pkgs/development/compilers/ghc/8.2.2.nix index 87de0fd53f6..4e9eff06f26 100644 --- a/pkgs/development/compilers/ghc/8.2.2.nix +++ b/pkgs/development/compilers/ghc/8.2.2.nix @@ -16,7 +16,7 @@ , # If enabled, GHC will be built with the GPL-free but slower integer-simple # library instead of the faster but GPLed integer-gmp library. - enableIntegerSimple ? false, gmp ? null + enableIntegerSimple ? !(gmp.meta.available or false), gmp , # If enabled, use -fPIC when compiling static libs. enableRelocatedStaticLibs ? targetPlatform != hostPlatform @@ -34,8 +34,6 @@ deterministicProfiling ? false }: -assert !enableIntegerSimple -> gmp != null; - let inherit (bootPkgs) ghc; diff --git a/pkgs/development/compilers/ghc/8.4.2.nix b/pkgs/development/compilers/ghc/8.4.2.nix index 9a57161d3a7..d793f0b391a 100644 --- a/pkgs/development/compilers/ghc/8.4.2.nix +++ b/pkgs/development/compilers/ghc/8.4.2.nix @@ -15,7 +15,7 @@ , # If enabled, GHC will be built with the GPL-free but slower integer-simple # library instead of the faster but GPLed integer-gmp library. - enableIntegerSimple ? false, gmp ? null + enableIntegerSimple ? !(gmp.meta.available or false), gmp , # If enabled, use -fPIC when compiling static libs. enableRelocatedStaticLibs ? targetPlatform != hostPlatform @@ -32,8 +32,6 @@ ghcFlavour ? stdenv.lib.optionalString (targetPlatform != hostPlatform) "perf-cross" }: -assert !enableIntegerSimple -> gmp != null; - let inherit (bootPkgs) ghc; diff --git a/pkgs/development/compilers/ghc/head.nix b/pkgs/development/compilers/ghc/head.nix index c9effb90ac3..c128891ec38 100644 --- a/pkgs/development/compilers/ghc/head.nix +++ b/pkgs/development/compilers/ghc/head.nix @@ -15,7 +15,7 @@ , # If enabled, GHC will be built with the GPL-free but slower integer-simple # library instead of the faster but GPLed integer-gmp library. - enableIntegerSimple ? false, gmp ? null + enableIntegerSimple ? !(gmp.meta.available or false), gmp , # If enabled, use -fPIC when compiling static libs. enableRelocatedStaticLibs ? targetPlatform != hostPlatform @@ -33,8 +33,6 @@ ghcFlavour ? stdenv.lib.optionalString (targetPlatform != hostPlatform) "perf-cross" }: -assert !enableIntegerSimple -> gmp != null; - let inherit (bootPkgs) ghc; diff --git a/pkgs/development/compilers/openjdk/read-truststore-from-env-jdk10.patch b/pkgs/development/compilers/openjdk/read-truststore-from-env-jdk10.patch index b5abc1d794d..6203064f5c0 100644 --- a/pkgs/development/compilers/openjdk/read-truststore-from-env-jdk10.patch +++ b/pkgs/development/compilers/openjdk/read-truststore-from-env-jdk10.patch @@ -8,12 +8,22 @@ * jssecacerts * cacerts */ -@@ -144,6 +145,9 @@ +@@ -132,7 +133,8 @@ + public TrustStoreDescriptor run() { + // Get the system properties for trust store. + String storePropName = System.getProperty( +- "javax.net.ssl.trustStore", jsseDefaultStore); ++ "javax.net.ssl.trustStore", ++ System.getenv("JAVAX_NET_SSL_TRUSTSTORE")); + String storePropType = System.getProperty( + "javax.net.ssl.trustStoreType", + KeyStore.getDefaultType()); +@@ -144,6 +146,9 @@ String temporaryName = ""; File temporaryFile = null; long temporaryTime = 0L; -+ if (storePropName == null){ -+ storePropName = System.getenv("JAVAX_NET_SSL_TRUSTSTORE"); ++ if (storePropName == null) { ++ storePropName = jsseDefaultStore; + } if (!"NONE".equals(storePropName)) { String[] fileNames = diff --git a/pkgs/development/compilers/ponyc/default.nix b/pkgs/development/compilers/ponyc/default.nix index 061b9b8639d..cc993af8208 100644 --- a/pkgs/development/compilers/ponyc/default.nix +++ b/pkgs/development/compilers/ponyc/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation ( rec { name = "ponyc-${version}"; - version = "0.22.6"; + version = "0.23.0"; src = fetchFromGitHub { owner = "ponylang"; repo = "ponyc"; rev = version; - sha256 = "05y0qcfdyzv6cgizhbg6yl7rrlbfbkcr0jmxjlzhvhz7dypk20cl"; + sha256 = "1m0zvl30926652akyzpvy5m7jn35697d5mkg3xbn3yqwbsfk4yhk"; }; buildInputs = [ llvm makeWrapper which ]; diff --git a/pkgs/development/compilers/solc/default.nix b/pkgs/development/compilers/solc/default.nix index d94ce75e3f5..edb7fc61d2a 100644 --- a/pkgs/development/compilers/solc/default.nix +++ b/pkgs/development/compilers/solc/default.nix @@ -1,16 +1,15 @@ { stdenv, fetchzip, fetchFromGitHub, boost, cmake, z3 }: let - version = "0.4.23"; - rev = "124ca40dc525a987a88176c6e5170978e82fa290"; - sha256 = "07l8rfqh95yrdmbxc4pfb77s06k5v65dk3rgdqscqmwchkndrmm0"; - jsoncppURL = https://github.com/open-source-parsers/jsoncpp/archive/1.7.7.tar.gz; + version = "0.4.24"; + rev = "e67f0147998a9e3835ed3ce8bf6a0a0c634216c5"; + sha256 = "1gy2miv6ia1z98zy6w4y03balwfr964bnvwzyg8v7pn2mayqnaap"; + jsoncppURL = https://github.com/open-source-parsers/jsoncpp/archive/1.8.4.tar.gz; jsoncpp = fetchzip { url = jsoncppURL; - sha256 = "0jz93zv17ir7lbxb3dv8ph2n916rajs8i96immwx9vb45pqid3n0"; + sha256 = "1z0gj7a6jypkijmpknis04qybs1hkd04d1arr3gy89lnxmp6qzlm"; }; in - stdenv.mkDerivation { name = "solc-${version}"; @@ -21,7 +20,6 @@ stdenv.mkDerivation { }; patches = [ - ./patches/boost-shared-libs.patch ./patches/shared-libs-install.patch ]; @@ -30,17 +28,23 @@ stdenv.mkDerivation { echo >commit_hash.txt "${rev}" substituteInPlace cmake/jsoncpp.cmake \ --replace "${jsoncppURL}" ${jsoncpp} - substituteInPlace cmake/EthCompilerSettings.cmake \ - --replace "add_compile_options(-Werror)" "" + + # To allow non-standard CMAKE_INSTALL_LIBDIR (fixed in upstream, not yet released) + substituteInPlace cmake/jsoncpp.cmake \ + --replace "\''${CMAKE_INSTALL_LIBDIR}" "lib" \ + --replace "# Build static lib but suitable to be included in a shared lib." "-DCMAKE_INSTALL_LIBDIR=lib" ''; cmakeFlags = [ "-DBoost_USE_STATIC_LIBS=OFF" "-DBUILD_SHARED_LIBS=ON" "-DINSTALL_LLLC=ON" - "-DTESTS=OFF" ]; + doCheck = stdenv.hostPlatform.isLinux && stdenv.hostPlatform == stdenv.buildPlatform; + checkPhase = "LD_LIBRARY_PATH=./libsolc:./libsolidity:./liblll:./libevmasm:./libdevcore:$LD_LIBRARY_PATH " + + "./test/soltest -p -- --no-ipc --no-smt --testpath ../test"; + nativeBuildInputs = [ cmake ]; buildInputs = [ boost z3 ]; diff --git a/pkgs/development/compilers/solc/patches/boost-shared-libs.patch b/pkgs/development/compilers/solc/patches/boost-shared-libs.patch deleted file mode 100644 index 499fc46c6ca..00000000000 --- a/pkgs/development/compilers/solc/patches/boost-shared-libs.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff --git a/libsolidity/CMakeLists.txt b/libsolidity/CMakeLists.txt -index 97b01c83..0bdec4b4 100644 ---- a/libsolidity/CMakeLists.txt -+++ b/libsolidity/CMakeLists.txt -@@ -28,7 +28,7 @@ else() - endif() - - add_library(solidity ${sources} ${headers}) --target_link_libraries(solidity PUBLIC evmasm devcore) -+target_link_libraries(solidity PUBLIC evmasm devcore ${Boost_FILESYSTEM_LIBRARY} ${Boost_SYSTEM_LIBRARY}) - - if (${Z3_FOUND}) - target_link_libraries(solidity PUBLIC ${Z3_LIBRARY}) -diff --git a/lllc/CMakeLists.txt b/lllc/CMakeLists.txt -index 5c480093..d6538ee2 100644 ---- a/lllc/CMakeLists.txt -+++ b/lllc/CMakeLists.txt -@@ -1,5 +1,5 @@ - add_executable(lllc main.cpp) --target_link_libraries(lllc PRIVATE lll) -+target_link_libraries(lllc PRIVATE lll ${Boost_SYSTEM_LIBRARY}) - - if (INSTALL_LLLC) - include(GNUInstallDirs) diff --git a/pkgs/development/compilers/solc/patches/shared-libs-install.patch b/pkgs/development/compilers/solc/patches/shared-libs-install.patch index 732797e5ae7..70162bfbcb6 100644 --- a/pkgs/development/compilers/solc/patches/shared-libs-install.patch +++ b/pkgs/development/compilers/solc/patches/shared-libs-install.patch @@ -1,11 +1,12 @@ diff --git a/CMakeLists.txt b/CMakeLists.txt -index 4ac56b43..dacf3853 100644 +index 0c05208f..8893648e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -48,6 +48,19 @@ add_subdirectory(libevmasm) +@@ -48,6 +48,20 @@ add_subdirectory(libevmasm) add_subdirectory(libsolidity) add_subdirectory(libsolc) ++ +install(DIRECTORY libdevcore/ + DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/libdevcore + FILES_MATCHING PATTERN "*.h") @@ -38,7 +39,7 @@ index 86192c1b..e7f15e93 100644 @@ -3,3 +3,4 @@ file(GLOB headers "*.h") add_library(evmasm ${sources} ${headers}) - target_link_libraries(evmasm PUBLIC jsoncpp devcore) + target_link_libraries(evmasm PUBLIC devcore) +install(TARGETS evmasm LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}) diff --git a/liblll/CMakeLists.txt b/liblll/CMakeLists.txt index 4cdc073a..b61f03c7 100644 @@ -50,11 +51,10 @@ index 4cdc073a..b61f03c7 100644 target_link_libraries(lll PUBLIC evmasm devcore) +install(TARGETS lll LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}) diff --git a/libsolidity/CMakeLists.txt b/libsolidity/CMakeLists.txt -index 97b01c83..e876177e 100644 +index 0bdec4b4..e876177e 100644 --- a/libsolidity/CMakeLists.txt +++ b/libsolidity/CMakeLists.txt -@@ -28,7 +28,8 @@ else() - endif() +@@ -29,6 +29,7 @@ endif() add_library(solidity ${sources} ${headers}) target_link_libraries(solidity PUBLIC evmasm devcore ${Boost_FILESYSTEM_LIBRARY} ${Boost_SYSTEM_LIBRARY}) diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix index ad07da83c4e..425b48f9ad6 100644 --- a/pkgs/development/haskell-modules/configuration-common.nix +++ b/pkgs/development/haskell-modules/configuration-common.nix @@ -348,7 +348,7 @@ self: super: { itanium-abi = dontCheck super.itanium-abi; katt = dontCheck super.katt; language-slice = dontCheck super.language-slice; - language-nix = overrideCabal super.language-nix (drv: { broken = pkgs.stdenv.isLinux && pkgs.stdenv.isi686; }); # Tests crash on 32-bit linux; see https://github.com/peti/language-nix/issues/4 + language-nix = if pkgs.stdenv.isi686 then dontCheck super.language-nix else super.language-nix; ldap-client = dontCheck super.ldap-client; lensref = dontCheck super.lensref; lucid = dontCheck super.lucid; #https://github.com/chrisdone/lucid/issues/25 diff --git a/pkgs/development/haskell-modules/configuration-ghcjs.nix b/pkgs/development/haskell-modules/configuration-ghcjs.nix index c0468673467..0482d03ba8f 100644 --- a/pkgs/development/haskell-modules/configuration-ghcjs.nix +++ b/pkgs/development/haskell-modules/configuration-ghcjs.nix @@ -23,13 +23,6 @@ self: super: }; in stage1 // stage2 // { - old-time = overrideCabal stage2.old-time (drv: { - postPatch = '' - ${pkgs.autoconf}/bin/autoreconf --install --force --verbose - ''; - buildTools = pkgs.lib.optional pkgs.stdenv.isDarwin pkgs.darwin.libiconv; - }); - network = addBuildTools super.network (pkgs.lib.optional pkgs.stdenv.isDarwin pkgs.darwin.libiconv); zlib = addBuildTools super.zlib (pkgs.lib.optional pkgs.stdenv.isDarwin pkgs.darwin.libiconv); unix-compat = addBuildTools super.unix-compat (pkgs.lib.optional pkgs.stdenv.isDarwin pkgs.darwin.libiconv); @@ -201,4 +194,7 @@ self: super: # triggers an internal pattern match failure in haddock # https://github.com/haskell/haddock/issues/553 wai = dontHaddock super.wai; + + base-orphans = dontCheck super.base-orphans; + distributive = dontCheck super.distributive; } diff --git a/pkgs/development/java-modules/jogl/default.nix b/pkgs/development/java-modules/jogl/default.nix index 474eaa0e1dc..cceec44e6ae 100644 --- a/pkgs/development/java-modules/jogl/default.nix +++ b/pkgs/development/java-modules/jogl/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchgit, makeWrapper, ant, jdk, openjdk8, zulu8, git, xorg, udev }: +{ stdenv, fetchgit, makeWrapper, ant, jdk, openjdk8, zulu8, git, xorg, udev, libGL, libGLU }: let # workaround https://github.com/NixOS/nixpkgs/issues/37364 @@ -19,12 +19,18 @@ in name = "jogl-${version}"; src = fetchgit { - url = http://jogamp.org/srv/scm/jogl.git; + url = git://jogamp.org/srv/scm/jogl.git; rev = "v${version}"; sha256 = "0msi2gxiqm2yqwkmxqbh521xdrimw1fly20g890r357rcgj8fsn3"; fetchSubmodules = true; }; + postPatch = '' + find . -type f -name '*.java' \ + -exec sed -i 's@"libGL.so"@"${libGL}/lib/libGL.so"@' {} \; \ + -exec sed -i 's@"libGLU.so"@"${libGLU}/lib/libGLU.so"@' {} \; + ''; + buildInputs = [ jdk-without-symlinks ant git udev xorg.libX11 xorg.libXrandr xorg.libXcursor xorg.libXt xorg.libXxf86vm xorg.libXrender ]; buildPhase = '' diff --git a/pkgs/development/libraries/appstream-glib/default.nix b/pkgs/development/libraries/appstream-glib/default.nix index b09f5f67f56..3a0868ccecb 100644 --- a/pkgs/development/libraries/appstream-glib/default.nix +++ b/pkgs/development/libraries/appstream-glib/default.nix @@ -4,7 +4,7 @@ , libuuid, json-glib, meson, gperf, ninja }: stdenv.mkDerivation rec { - name = "appstream-glib-0.7.8"; + name = "appstream-glib-0.7.9"; outputs = [ "out" "dev" "man" "installedTests" ]; outputBin = "dev"; @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { owner = "hughsie"; repo = "appstream-glib"; rev = stdenv.lib.replaceStrings ["." "-"] ["_" "_"] name; - sha256 = "10hcl3sl3g8ajg9mssq3g4dbzz0d4b2ybimrcq71cpycqrqhilhx"; + sha256 = "10b32qw7iy0v1jvmf18wqgs8d1cpy52zm5rzw0wv421n90qiyidk"; }; nativeBuildInputs = [ diff --git a/pkgs/development/libraries/asio/1.10.nix b/pkgs/development/libraries/asio/1.10.nix new file mode 100644 index 00000000000..f63fbbd495c --- /dev/null +++ b/pkgs/development/libraries/asio/1.10.nix @@ -0,0 +1,6 @@ +{callPackage, ... } @ args: + +callPackage ./generic.nix (args // { + version = "1.10.8"; + sha256 = "0jgdl4fxw0hwy768rl3lhdc0czz7ak7czf3dg10j21pdpfpfvpi6"; +}) diff --git a/pkgs/development/libraries/asio/1.12.nix b/pkgs/development/libraries/asio/1.12.nix new file mode 100644 index 00000000000..94fe4c70367 --- /dev/null +++ b/pkgs/development/libraries/asio/1.12.nix @@ -0,0 +1,6 @@ +{callPackage, ... } @ args: + +callPackage ./generic.nix (args // { + version = "1.12.1"; + sha256 = "0nln45662kg799ykvqx5m9z9qcsmadmgg6r5najryls7x16in2d9"; +}) diff --git a/pkgs/development/libraries/asio/default.nix b/pkgs/development/libraries/asio/default.nix deleted file mode 100644 index 1126b4a7f2c..00000000000 --- a/pkgs/development/libraries/asio/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{stdenv, fetchurl, boost, openssl}: - -stdenv.mkDerivation rec { - name = "asio-1.12.1"; - - src = fetchurl { - url = "mirror://sourceforge/asio/${name}.tar.bz2"; - sha256 = "0nln45662kg799ykvqx5m9z9qcsmadmgg6r5najryls7x16in2d9"; - }; - - propagatedBuildInputs = [ boost ]; - buildInputs = [ openssl ]; - - meta = { - homepage = http://asio.sourceforge.net/; - description = "Cross-platform C++ library for network and low-level I/O programming"; - license = stdenv.lib.licenses.boost; - platforms = stdenv.lib.platforms.unix; - }; - -} diff --git a/pkgs/development/libraries/asio/generic.nix b/pkgs/development/libraries/asio/generic.nix new file mode 100644 index 00000000000..58dd4f61423 --- /dev/null +++ b/pkgs/development/libraries/asio/generic.nix @@ -0,0 +1,25 @@ +{stdenv, fetchurl, boost, openssl +, version, sha256, ... +}: + +with stdenv.lib; + +stdenv.mkDerivation { + name = "asio-${version}"; + + src = fetchurl { + url = "mirror://sourceforge/asio/asio-${version}.tar.bz2"; + inherit sha256; + }; + + propagatedBuildInputs = [ boost ]; + + buildInputs = [ openssl ]; + + meta = { + homepage = http://asio.sourceforge.net/; + description = "Cross-platform C++ library for network and low-level I/O programming"; + license = licenses.boost; + platforms = platforms.unix; + }; +} diff --git a/pkgs/development/libraries/audio/libbass/default.nix b/pkgs/development/libraries/audio/libbass/default.nix index 4c2918c922d..703679ba3a5 100644 --- a/pkgs/development/libraries/audio/libbass/default.nix +++ b/pkgs/development/libraries/audio/libbass/default.nix @@ -11,7 +11,7 @@ let x86_64-linux = "x64/libbass.so"; }; urlpath = "bass${version}-linux.zip"; - sha256 = "1a2z9isabkymz7qmkgklbjpj2wxkvv1cngfp9aj0c9178v97pjd7"; + sha256 = "0alxx7knkvzwwifqrmzavafwq53flja7s1ckaabk6p2ir2f0j5cp"; }; bass_fx = { diff --git a/pkgs/development/libraries/cctz/default.nix b/pkgs/development/libraries/cctz/default.nix new file mode 100644 index 00000000000..e61b5840cf9 --- /dev/null +++ b/pkgs/development/libraries/cctz/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + name = "cctz-${version}"; + version = "2.2"; + + src = fetchFromGitHub { + owner = "google"; + repo = "cctz"; + rev = "v${version}"; + sha256 = "0liiqz1swfc019rzfaa9y5kavs2hwabs2vnwbn9jfczhyxy34y89"; + }; + + makeFlags = [ "PREFIX=$(out)" ]; + + installTargets = [ "install_hdrs" "install_shared_lib" ]; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + homepage = https://github.com/google/cctz; + description = "C++ library for translating between absolute and civil times"; + license = licenses.asl20; + maintainers = with maintainers; [ orivej ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/development/libraries/fftw/default.nix b/pkgs/development/libraries/fftw/default.nix index 3c5100f2f7f..12b30cf0349 100644 --- a/pkgs/development/libraries/fftw/default.nix +++ b/pkgs/development/libraries/fftw/default.nix @@ -13,7 +13,10 @@ stdenv.mkDerivation rec { name = "fftw-${precision}-${version}"; src = fetchurl { - url = "ftp://ftp.fftw.org/pub/fftw/fftw-${version}.tar.gz"; + urls = [ + "http://fftw.org/fftw-${version}.tar.gz" + "ftp://ftp.fftw.org/pub/fftw/fftw-${version}.tar.gz" + ]; sha256 = "00z3k8fq561wq2khssqg0kallk0504dzlx989x3vvicjdqpjc4v1"; }; diff --git a/pkgs/development/libraries/gmp/6.x.nix b/pkgs/development/libraries/gmp/6.x.nix index 551e7e5e1f6..2635aed3eac 100644 --- a/pkgs/development/libraries/gmp/6.x.nix +++ b/pkgs/development/libraries/gmp/6.x.nix @@ -75,6 +75,7 @@ let self = stdenv.mkDerivation rec { asymptotically faster algorithms. ''; + broken = with stdenv.hostPlatform; useAndroidPrebuilt || useiOSPrebuilt; platforms = platforms.all; maintainers = [ maintainers.peti maintainers.vrthra ]; }; diff --git a/pkgs/development/libraries/libblockdev/default.nix b/pkgs/development/libraries/libblockdev/default.nix new file mode 100644 index 00000000000..077efe299ec --- /dev/null +++ b/pkgs/development/libraries/libblockdev/default.nix @@ -0,0 +1,39 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, gtk-doc, libxslt, docbook_xsl +, docbook_xml_dtd_43, python3, gobjectIntrospection, glib, libudev, kmod, parted +, cryptsetup, devicemapper, dmraid, utillinux, libbytesize, libndctl, nss, volume_key +}: + +let + version = "2.17"; +in stdenv.mkDerivation rec { + name = "libblockdev-${version}"; + + src = fetchFromGitHub { + owner = "storaged-project"; + repo = "libblockdev"; + rev = "${version}-1"; + sha256 = "14f52cj2qcnm8i2zb57qfpdk3kij2gb3xgqkbvidmf6sjicq84z2"; + }; + + outputs = [ "out" "dev" "devdoc" ]; + + postPatch = '' + patchShebangs scripts + ''; + + nativeBuildInputs = [ + autoreconfHook pkgconfig gtk-doc libxslt docbook_xsl docbook_xml_dtd_43 python3 gobjectIntrospection + ]; + + buildInputs = [ + glib libudev kmod parted cryptsetup devicemapper dmraid utillinux libbytesize libndctl nss volume_key + ]; + + meta = with stdenv.lib; { + description = "A library for manipulating block devices"; + homepage = http://storaged.org/libblockdev/; + license = licenses.lgpl2Plus; # lgpl2Plus for the library, gpl2Plus for the utils + maintainers = with maintainers; []; + platforms = platforms.linux; + }; +} diff --git a/pkgs/development/libraries/libbytesize/default.nix b/pkgs/development/libraries/libbytesize/default.nix new file mode 100644 index 00000000000..f1dcf60b3b9 --- /dev/null +++ b/pkgs/development/libraries/libbytesize/default.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, gettext +, gtk-doc, libxslt, docbook_xml_dtd_43, docbook_xsl +, python3, pcre, gmp, mpfr +}: + +let + version = "1.3"; +in stdenv.mkDerivation rec { + name = "libbytesize-${version}"; + + src = fetchFromGitHub { + owner = "storaged-project"; + repo = "libbytesize"; + rev = version; + sha256 = "1ys5d8rya8x4q34gn1hr96z7797s9gdzah0y0d7g84x5x6k50p30"; + }; + + outputs = [ "out" "dev" "devdoc" ]; + + nativeBuildInputs = [ autoreconfHook pkgconfig gettext gtk-doc libxslt docbook_xml_dtd_43 docbook_xsl python3 ]; + + buildInputs = [ pcre gmp mpfr ]; + + meta = with stdenv.lib; { + description = "A tiny library providing a C “class” for working with arbitrary big sizes in bytes"; + homepage = src.meta.homepage; + license = licenses.lgpl2Plus; + maintainers = with maintainers; []; + platforms = platforms.linux; + }; +} diff --git a/pkgs/development/libraries/libcanberra/default.nix b/pkgs/development/libraries/libcanberra/default.nix index 83f86c40c0d..0d1772d0c54 100644 --- a/pkgs/development/libraries/libcanberra/default.nix +++ b/pkgs/development/libraries/libcanberra/default.nix @@ -1,5 +1,7 @@ -{ stdenv, fetchurl, pkgconfig, libtool, gtk ? null, libcap -, alsaLib, libpulseaudio, gst_all_1, libvorbis }: +{ stdenv, lib, fetchurl, fetchpatch, pkgconfig, libtool +, gtk ? null +, libpulseaudio, gst_all_1, libvorbis, libcap +, withAlsa ? stdenv.isLinux, alsaLib }: stdenv.mkDerivation rec { name = "libcanberra-0.30"; @@ -11,11 +13,20 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig libtool ]; buildInputs = [ - alsaLib libpulseaudio libvorbis gtk libcap - ] ++ (with gst_all_1; [ gstreamer gst-plugins-base ]); + libpulseaudio libvorbis gtk + ] ++ (with gst_all_1; [ gstreamer gst-plugins-base ]) + ++ lib.optional stdenv.isLinux libcap + ++ lib.optional withAlsa alsaLib; configureFlags = "--disable-oss"; + patchFlags = "-p0"; + patches = stdenv.lib.optional stdenv.isDarwin + (fetchpatch { + url = "https://raw.githubusercontent.com/macports/macports-ports/master/audio/libcanberra/files/patch-configure.diff"; + sha256 = "1f7h7ifpqvbfhqygn1b7klvwi80zmpv3538vbmq7ql7bkf1q8h31"; + }); + postInstall = '' for f in $out/lib/*.la; do sed 's|-lltdl|-L${libtool.lib}/lib -lltdl|' -i $f @@ -42,6 +53,6 @@ stdenv.mkDerivation rec { license = stdenv.lib.licenses.lgpl2Plus; maintainers = [ ]; - platforms = stdenv.lib.platforms.gnu ++ stdenv.lib.platforms.linux; # arbitrary choice + platforms = stdenv.lib.platforms.unix; }; } diff --git a/pkgs/development/libraries/libcouchbase/default.nix b/pkgs/development/libraries/libcouchbase/default.nix index bf72ec76725..8474b387d85 100644 --- a/pkgs/development/libraries/libcouchbase/default.nix +++ b/pkgs/development/libraries/libcouchbase/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ cmake pkgconfig ]; buildInputs = [ libevent openssl ]; - doCheck = true; + doCheck = (!stdenv.isDarwin); checkPhase = "ctest"; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/libgtop/default.nix b/pkgs/development/libraries/libgtop/default.nix index 656395b8867..6498014aee8 100644 --- a/pkgs/development/libraries/libgtop/default.nix +++ b/pkgs/development/libraries/libgtop/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, glib, pkgconfig, perl, gettext, gobjectIntrospection, libintl, gnome3 }: +{ stdenv, fetchurl, fetchpatch, glib, pkgconfig, perl, gettext, gobjectIntrospection, libintl, libtool, gnome3, gtk-doc }: let pname = "libgtop"; version = "2.38.0"; @@ -11,8 +11,20 @@ stdenv.mkDerivation rec { sha256 = "04mnxgzyb26wqk6qij4iw8cxwl82r8pcsna5dg8vz2j3pdi0wv2g"; }; + patches = [ + # Fix darwin build + (fetchpatch { + url = https://gitlab.gnome.org/GNOME/libgtop/commit/42b049f338363f92c1e93b4549fc944098eae674.patch; + sha256 = "0kf9ihgb0wqji6dcvg36s6igkh7b79k6y1n7w7wzsxya84x3hhyn"; + }) + ]; + propagatedBuildInputs = [ glib ]; - nativeBuildInputs = [ pkgconfig perl gettext gobjectIntrospection ]; + nativeBuildInputs = [ pkgconfig gnome3.gnome-common libtool gtk-doc perl gettext gobjectIntrospection ]; + + preConfigure = '' + ./autogen.sh + ''; passthru = { updateScript = gnome3.updateScript { @@ -24,6 +36,6 @@ stdenv.mkDerivation rec { description = "A library that reads information about processes and the running system"; license = licenses.gpl2Plus; maintainers = gnome3.maintainers; - platforms = with platforms; linux ++ darwin; + platforms = platforms.unix; }; } diff --git a/pkgs/development/libraries/libndctl/default.nix b/pkgs/development/libraries/libndctl/default.nix new file mode 100644 index 00000000000..fa48fc390aa --- /dev/null +++ b/pkgs/development/libraries/libndctl/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, autoconf, automake, asciidoc, docbook_xsl, docbook_xml_dtd_45, libxslt, xmlto, pkgconfig, json_c, kmod, which, systemd, utillinux +}: + +let + version = "60.3"; +in stdenv.mkDerivation rec { + name = "libndctl-${version}"; + + src = fetchFromGitHub { + owner = "pmem"; + repo = "ndctl"; + rev = "v${version}"; + sha256 = "0w19yh6f9skf5zy4bhdjlrn3wdx5xx9cq8j6h04cmw4nla6zj9ar"; + }; + + outputs = [ "out" "man" "dev" ]; + + nativeBuildInputs = [ + autoreconfHook asciidoc pkgconfig xmlto docbook_xml_dtd_45 docbook_xsl libxslt + ]; + + buildInputs = [ + json_c kmod systemd utillinux + ]; + + preAutoreconf = '' + substituteInPlace configure.ac --replace "which" "${which}/bin/which" + substituteInPlace git-version --replace /bin/bash ${stdenv.shell} + substituteInPlace git-version-gen --replace /bin/sh ${stdenv.shell} + echo "m4_define([GIT_VERSION], [${version}])" > version.m4; + ''; + + meta = with stdenv.lib; { + description = "Utility library for managing the libnvdimm (non-volatile memory device) sub-system in the Linux kernel"; + homepage = https://github.com/pmem/ndctl; + license = licenses.lgpl21; + maintainers = with maintainers; []; + platforms = platforms.linux; + }; +} diff --git a/pkgs/development/libraries/libtiff/default.nix b/pkgs/development/libraries/libtiff/default.nix index ab1bda9ed29..6676944d529 100644 --- a/pkgs/development/libraries/libtiff/default.nix +++ b/pkgs/development/libraries/libtiff/default.nix @@ -13,12 +13,12 @@ stdenv.mkDerivation rec { prePatch = let debian = fetchurl { - url = http://snapshot.debian.org/archive/debian-debug/20180128T155203Z//pool/main/t/tiff/tiff_4.0.9-3.debian.tar.xz; - sha256 = "0wya42y7kcq093g3h7ca10cm5sns1mgnkjmdd2qdi59v8arga4y4"; + url = http://http.debian.net/debian/pool/main/t/tiff/tiff_4.0.9-5.debian.tar.xz; + sha256 = "15lwcsd46gini27akms2ngyxnwi1hs2yskrv5x2wazs5fw5ii62w"; }; in '' - tar xf '${debian}' - patches="$patches $(cat debian/patches/series | sed 's|^|debian/patches/|')" + tar xf ${debian} + patches="$patches $(sed 's|^|debian/patches/|' < debian/patches/series)" ''; outputs = [ "bin" "dev" "out" "man" "doc" ]; diff --git a/pkgs/development/libraries/opae/default.nix b/pkgs/development/libraries/opae/default.nix new file mode 100644 index 00000000000..b60a53e55ca --- /dev/null +++ b/pkgs/development/libraries/opae/default.nix @@ -0,0 +1,44 @@ +{ stdenv, fetchFromGitHub, cmake +, libuuid, json_c +, doxygen, perl, python2, python2Packages +}: + +stdenv.mkDerivation rec { + name = "opae-${version}"; + version = "1.0.0"; + + # the tag has a silly name for some reason. drop this in the future if + # possible + tver = "${version}-5"; + + src = fetchFromGitHub { + owner = "opae"; + repo = "opae-sdk"; + rev = "refs/tags/${tver}"; + sha256 = "1dmkpnr9dqxwjhbdzx2r3fdfylvinda421yyg319am5gzlysxwi8"; + }; + + doCheck = false; + + nativeBuildInputs = [ cmake doxygen perl python2Packages.sphinx ]; + buildInputs = [ libuuid json_c python2 ]; + + # Set the Epoch to 1980; otherwise the Python wheel/zip code + # gets very angry + preConfigure = '' + find . -type f | while read file; do + touch -d @315532800 $file; + done + ''; + + cmakeFlags = [ "-DBUILD_ASE=1" ]; + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "Open Programmable Acceleration Engine SDK"; + homepage = https://01.org/opae; + license = licenses.bsd3; + platforms = [ "x86_64-linux" ]; + maintainers = with maintainers; [ thoughtpolice ]; + }; +} diff --git a/pkgs/development/libraries/openzwave/default.nix b/pkgs/development/libraries/openzwave/default.nix index 63c51996b22..087a22dd61b 100644 --- a/pkgs/development/libraries/openzwave/default.nix +++ b/pkgs/development/libraries/openzwave/default.nix @@ -19,6 +19,8 @@ in stdenv.mkDerivation rec { buildInputs = [ systemd ]; + hardeningDisable = [ "format" ]; + enableParallelBuilding = true; installPhase = '' diff --git a/pkgs/development/libraries/pupnp/default.nix b/pkgs/development/libraries/pupnp/default.nix index fd738faf507..018a57ad057 100644 --- a/pkgs/development/libraries/pupnp/default.nix +++ b/pkgs/development/libraries/pupnp/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "libupnp-${version}"; - version = "1.6.21"; + version = "1.8.3"; src = fetchFromGitHub { owner = "mrjimenez"; repo = "pupnp"; rev = "release-${version}"; - sha256 = "07ksfhadinaa20542gblrxi9pqz0v6y70a836hp3qr4037id4nm9"; + sha256 = "1w0kfq1pg3y2wl6gwkm1w872g0qz29w1z9wj08xxmwnk5mkpvsrl"; }; nativeBuildInputs = [ autoreconfHook ]; diff --git a/pkgs/development/libraries/talloc/default.nix b/pkgs/development/libraries/talloc/default.nix index 1d6818276eb..e8f0d61b2f4 100644 --- a/pkgs/development/libraries/talloc/default.nix +++ b/pkgs/development/libraries/talloc/default.nix @@ -3,11 +3,11 @@ }: stdenv.mkDerivation rec { - name = "talloc-2.1.12"; + name = "talloc-2.1.13"; src = fetchurl { url = "mirror://samba/talloc/${name}.tar.gz"; - sha256 = "0jv0ri9vj93fczzgl7rn7xvnfgl2kfx4x85cr8h8v52yh7v0qz4q"; + sha256 = "0iv09iv385x69gfzvassq6m3y0rd8ncylls95dm015xdy3drkww4"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/development/libraries/volume-key/default.nix b/pkgs/development/libraries/volume-key/default.nix new file mode 100644 index 00000000000..53faf07623e --- /dev/null +++ b/pkgs/development/libraries/volume-key/default.nix @@ -0,0 +1,38 @@ +{ stdenv, fetchgit, fetchpatch, autoreconfHook, pkgconfig, gettext, python2 +, swig, glib, utillinux, cryptsetup, nss, gpgme +}: + +let + version = "0.3.10"; +in stdenv.mkDerivation rec { + name = "volume_key-${version}"; + + src = fetchgit { + url = https://pagure.io/volume_key.git; + rev = "ece1ce305234da454e330905c615ec474d9781c5"; + sha256 = "16qdi5s6ycsh0iyc362gly7ggrwamky8i0zgbd4ajp3ymk9vqdva"; + }; + + outputs = [ "out" "man" "dev" ]; + + nativeBuildInputs = [ autoreconfHook pkgconfig gettext python2 swig ]; + + buildInputs = [ glib cryptsetup nss utillinux gpgme ]; + + patches = [ + # Use pkg-config for locating Python.h + # https://pagure.io/volume_key/pull-request/12 + (fetchpatch { + url = https://pagure.io/fork/cathay4t/volume_key/c/8eda66d3b734ea335e37cf9d7d173b9e8ebe2fd9.patch; + sha256 = "01lr1zijk0imkk681zynm4w5ad3y6c9vdrmrzaib7w7ima75iczr"; + }) + ]; + + meta = with stdenv.lib; { + description = "A library for manipulating storage volume encryption keys and storing them separately from volumes to handle forgotten passphrases, and the associated command-line tool"; + homepage = https://pagure.io/volume_key/; + license = licenses.gpl2; + maintainers = with maintainers; []; + platforms = platforms.linux; + }; +} diff --git a/pkgs/development/python-modules/GitPython/default.nix b/pkgs/development/python-modules/GitPython/default.nix index c2f3706923a..89b941c34fc 100644 --- a/pkgs/development/python-modules/GitPython/default.nix +++ b/pkgs/development/python-modules/GitPython/default.nix @@ -1,4 +1,4 @@ -{ lib, buildPythonPackage, fetchPypi, gitdb2, mock, nose, ddt }: +{ lib, buildPythonPackage, fetchPypi, git, gitdb2, mock, nose, ddt }: buildPythonPackage rec { version = "2.1.9"; @@ -12,6 +12,10 @@ buildPythonPackage rec { checkInputs = [ mock nose ddt ]; propagatedBuildInputs = [ gitdb2 ]; + postPatch = '' + sed -i "s|^refresh()$|refresh(path='${git}/bin/git')|" git/__init__.py + ''; + # Tests require a git repo doCheck = false; diff --git a/pkgs/development/python-modules/ansiconv/default.nix b/pkgs/development/python-modules/ansiconv/default.nix new file mode 100644 index 00000000000..08f93134b32 --- /dev/null +++ b/pkgs/development/python-modules/ansiconv/default.nix @@ -0,0 +1,24 @@ +{ stdenv, buildPythonPackage, fetchFromGitHub, pytest }: + +buildPythonPackage rec { + pname = "ansiconv"; + version = "1.0.0"; + + src = fetchFromGitHub { + owner = "ansible"; + repo = pname; + rev = "v${version}"; + sha256 = "0ljfpl8x069arzginvpi1v6hlaq4x2qpjqj01qds2ylz33scq8r4"; + }; + + checkInputs = [ pytest ]; + + meta = with stdenv.lib; { + description = "A module for converting ANSI coded text and converts it to either plain text or HTML"; + homepage = https://github.com/ansible/ansiconv; + license = licenses.mit; + maintainers = with maintainers; [ psyanticy ]; + }; + +} + diff --git a/pkgs/development/python-modules/astunparse/default.nix b/pkgs/development/python-modules/astunparse/default.nix new file mode 100644 index 00000000000..4c46f93b547 --- /dev/null +++ b/pkgs/development/python-modules/astunparse/default.nix @@ -0,0 +1,17 @@ +{ stdenv, fetchPypi, buildPythonPackage, six }: + +buildPythonPackage rec { + pname = "astunparse"; + version = "1.5.0"; + src = fetchPypi { + inherit pname version; + sha256 = "1kc9lm2jvfcip3z8snj04dar5a9jh857a704m6lvcv4xclm3rpsm"; + }; + propagatedBuildInputs = [ six ]; + doCheck = false; # no tests + meta = with stdenv.lib; { + description = "This is a factored out version of unparse found in the Python source distribution"; + license = licenses.bsd3; + maintainers = with maintainers; [ jyp ]; + }; +} diff --git a/pkgs/development/python-modules/aws-sam-translator/default.nix b/pkgs/development/python-modules/aws-sam-translator/default.nix new file mode 100644 index 00000000000..514ccc7f619 --- /dev/null +++ b/pkgs/development/python-modules/aws-sam-translator/default.nix @@ -0,0 +1,38 @@ +{ lib +, buildPythonPackage +, fetchPypi +, isPy3k +, boto3 +, enum34 +, jsonschema +, six +}: + +buildPythonPackage rec { + pname = "aws-sam-translator"; + version = "1.5.4"; + + src = fetchPypi { + inherit pname version; + sha256 = "9d8a25e058c78d2cef5c07aec7f98cbc2070dbfc2eb6a2e102a16beafd14e3ca"; + }; + + # Tests are not included in the PyPI package + doCheck = false; + + disabled = isPy3k; + + propagatedBuildInputs = [ + boto3 + enum34 + jsonschema + six + ]; + + meta = { + homepage = https://github.com/awslabs/serverless-application-model; + description = "Python library to transform SAM templates into AWS CloudFormation templates"; + license = lib.licenses.asl20; + maintainers = [ lib.maintainers.andreabedini ]; + }; +} diff --git a/pkgs/development/python-modules/click/default.nix b/pkgs/development/python-modules/click/default.nix index d5dfba61010..4a96ef7f673 100644 --- a/pkgs/development/python-modules/click/default.nix +++ b/pkgs/development/python-modules/click/default.nix @@ -1,4 +1,4 @@ -{ stdenv, buildPythonPackage, fetchPypi, pytest }: +{ stdenv, buildPythonPackage, fetchPypi, substituteAll, locale, pytest }: buildPythonPackage rec { pname = "click"; @@ -9,6 +9,13 @@ buildPythonPackage rec { sha256 = "02qkfpykbq35id8glfgwc38yc430427yd05z1wc5cnld8zgicmgi"; }; + patches = [ + (substituteAll { + src = ./fix-paths.patch; + locale = "${locale}/bin/locale"; + }) + ]; + buildInputs = [ pytest ]; checkPhase = '' diff --git a/pkgs/development/python-modules/click/fix-paths.patch b/pkgs/development/python-modules/click/fix-paths.patch new file mode 100644 index 00000000000..04719871b76 --- /dev/null +++ b/pkgs/development/python-modules/click/fix-paths.patch @@ -0,0 +1,11 @@ +--- a/click/_unicodefun.py 2018-06-11 15:08:59.369358278 +0200 ++++ b/click/_unicodefun.py 2018-06-11 15:09:09.342325998 +0200 +@@ -60,7 +60,7 @@ + extra = '' + if os.name == 'posix': + import subprocess +- rv = subprocess.Popen(['locale', '-a'], stdout=subprocess.PIPE, ++ rv = subprocess.Popen(['@locale@', '-a'], stdout=subprocess.PIPE, + stderr=subprocess.PIPE).communicate()[0] + good_locales = set() + has_c_utf8 = False diff --git a/pkgs/development/python-modules/deap/default.nix b/pkgs/development/python-modules/deap/default.nix new file mode 100644 index 00000000000..fbc915c8eb0 --- /dev/null +++ b/pkgs/development/python-modules/deap/default.nix @@ -0,0 +1,26 @@ +{ stdenv, buildPythonPackage, fetchPypi, python, numpy, matplotlib }: + +buildPythonPackage rec { + pname = "deap"; + version = "1.2.2"; + + src = fetchPypi { + inherit pname version; + sha256 = "95c63e66d755ec206c80fdb2908851c0bef420ee8651ad7be4f0578e9e909bcf"; + }; + + propagatedBuildInputs = [ numpy matplotlib ]; + + checkPhase = '' + ${python.interpreter} setup.py nosetests --verbosity=3 + ''; + + meta = with stdenv.lib; { + description = "DEAP is a novel evolutionary computation framework for rapid prototyping and testing of ideas."; + homepage = https://github.com/DEAP/deap; + license = licenses.lgpl3; + maintainers = with maintainers; [ psyanticy ]; + }; + +} + diff --git a/pkgs/development/python-modules/gast/default.nix b/pkgs/development/python-modules/gast/default.nix new file mode 100644 index 00000000000..036bed9dd79 --- /dev/null +++ b/pkgs/development/python-modules/gast/default.nix @@ -0,0 +1,16 @@ +{ stdenv, fetchPypi, buildPythonPackage, astunparse }: + +buildPythonPackage rec { + pname = "gast"; + version = "0.2.0"; + src = fetchPypi { + inherit pname version; + sha256 = "0c296xm1vz9x4w4inmdl0k8mnc0i9arw94si2i7pglpc461r0s3h"; + }; + checkInputs = [ astunparse ] ; + meta = with stdenv.lib; { + description = "GAST provides a compatibility layer between the AST of various Python versions, as produced by ast.parse from the standard ast module."; + license = licenses.bsd3; + maintainers = with maintainers; [ jyp ]; + }; +} diff --git a/pkgs/development/python-modules/libarcus/default.nix b/pkgs/development/python-modules/libarcus/default.nix index d9cc5fb0d9e..cf556a79003 100644 --- a/pkgs/development/python-modules/libarcus/default.nix +++ b/pkgs/development/python-modules/libarcus/default.nix @@ -7,7 +7,7 @@ else stdenv.mkDerivation rec { pname = "libarcus"; name = "${pname}-${version}"; - version = "3.2.1"; + version = "3.3.0"; src = fetchFromGitHub { owner = "Ultimaker"; @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "Communication library between internal components for Ultimaker software"; - homepage = "https://github.com/Ultimaker/libArcus"; + homepage = https://github.com/Ultimaker/libArcus; license = licenses.agpl3; platforms = platforms.linux; maintainers = with maintainers; [ abbradar ]; diff --git a/pkgs/development/python-modules/mygpoclient/default.nix b/pkgs/development/python-modules/mygpoclient/default.nix index 097898a2d84..5f30316eb71 100644 --- a/pkgs/development/python-modules/mygpoclient/default.nix +++ b/pkgs/development/python-modules/mygpoclient/default.nix @@ -17,6 +17,8 @@ buildPythonPackage rec { nosetests ''; + doCheck = (!stdenv.isDarwin); + meta = with stdenv.lib; { description = "A gpodder.net client library"; longDescription = '' diff --git a/pkgs/development/python-modules/pdf2image/default.nix b/pkgs/development/python-modules/pdf2image/default.nix new file mode 100644 index 00000000000..373bedaa110 --- /dev/null +++ b/pkgs/development/python-modules/pdf2image/default.nix @@ -0,0 +1,21 @@ +{ stdenv, buildPythonPackage, fetchPypi, pillow, poppler_utils }: + +buildPythonPackage rec { + pname = "pdf2image"; + version = "0.1.13"; + + buildInputs = [ pillow poppler_utils ]; + + src = fetchPypi { + inherit pname version; + sha256 = "784928038588059e00c7f97e5608047cb754b6ec8fd10e7551e7ad0f40d2cd56"; + }; + + meta = with stdenv.lib; { + description = "A python module that wraps the pdftoppm utility to convert PDF to PIL Image object"; + homepage = https://github.com/Belval/pdf2image; + license = licenses.mit; + maintainers = with maintainers; [ gerschtli ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/development/python-modules/pynisher/default.nix b/pkgs/development/python-modules/pynisher/default.nix new file mode 100644 index 00000000000..f389bee2158 --- /dev/null +++ b/pkgs/development/python-modules/pynisher/default.nix @@ -0,0 +1,25 @@ +{ stdenv, buildPythonPackage, fetchPypi, psutil, docutils }: + +buildPythonPackage rec { + pname = "pynisher"; + version = "0.4.2"; + + src = fetchPypi { + inherit pname version; + sha256 = "0sqa3zzqcr4vl5yhnafw1y187z62m4alajggc7dm2riw2ihd9kxl"; + }; + + propagatedBuildInputs = [ psutil docutils ]; + + # no tests in the Pypi archive + doCheck = false; + + meta = with stdenv.lib; { + description = "The pynisher is a little module intended to limit a functions resources."; + homepage = https://github.com/sfalkner/pynisher; + license = licenses.mit; + maintainers = with maintainers; [ psyanticy ]; + }; + +} + diff --git a/pkgs/development/python-modules/pyqt/5.x.nix b/pkgs/development/python-modules/pyqt/5.x.nix index 331366e379d..d9de2edce68 100644 --- a/pkgs/development/python-modules/pyqt/5.x.nix +++ b/pkgs/development/python-modules/pyqt/5.x.nix @@ -1,4 +1,4 @@ -{ lib, fetchurl, pythonPackages, pkgconfig, makeWrapper, qmake +{ lib, fetchurl, pythonPackages, pkgconfig, makeWrapper, qmake, fetchpatch , lndir, qtbase, qtsvg, qtwebkit, qtwebengine, dbus_libs , withWebSockets ? false, qtwebsockets , withConnectivity ? false, qtconnectivity @@ -64,6 +64,17 @@ in buildPythonPackage { runHook postConfigure ''; + patches = [ + # This patch from Arch Linux fixes Cura segfaulting on startup + # https://github.com/Ultimaker/Cura/issues/3438 + # It can probably removed on 5.10.3 + (fetchpatch { + name = "pyqt5-cura-crash.patch"; + url = https://git.archlinux.org/svntogit/packages.git/plain/repos/extra-x86_64/pyqt5-cura-crash.patch?id=6cfe64a3d1827e0ed9cc62f1683a53b582315f4f; + sha256 = "02a0mw1z8p9hhqhl4bgjrmf1xq82xjmpivn5bg6r4yv6pidsh7ck"; + }) + ]; + postInstall = '' for i in $out/bin/*; do wrapProgram $i --prefix PYTHONPATH : "$PYTHONPATH" diff --git a/pkgs/development/python-modules/python-hosts/default.nix b/pkgs/development/python-modules/python-hosts/default.nix new file mode 100644 index 00000000000..08c617d750c --- /dev/null +++ b/pkgs/development/python-modules/python-hosts/default.nix @@ -0,0 +1,33 @@ +{ stdenv, buildPythonPackage, fetchPypi, pyyaml, pytest, pytestcov }: + +buildPythonPackage rec { + pname = "python-hosts"; + version = "0.4.1"; + + src = fetchPypi { + inherit pname version; + sha256 = "4a169a4669bddb720c032ef0132203ff8a7b6646266f7e6ab349177bab02b3ba"; + }; + + # win_inet_pton is required for windows support + prePatch = '' + substituteInPlace setup.py --replace "install_requires=['win_inet_pton']," "" + substituteInPlace python_hosts/utils.py --replace "import win_inet_pton" "" + ''; + + checkInputs = [ pyyaml pytest pytestcov ]; + + # Removing 1 test file (it requires internet connection) and keeping the other two + checkPhase = '' + pytest tests/test_hosts_entry.py + pytest tests/test_utils.py + ''; + + meta = with stdenv.lib; { + description = "A library for managing a hosts file. It enables adding and removing entries, or importing them from a file or URL"; + homepage = https://github.com/jonhadfield/python-hosts; + license = licenses.mit; + maintainers = with maintainers; [ psyanticy ]; + }; +} + diff --git a/pkgs/development/python-modules/spglib/default.nix b/pkgs/development/python-modules/spglib/default.nix new file mode 100644 index 00000000000..07273d0fa0d --- /dev/null +++ b/pkgs/development/python-modules/spglib/default.nix @@ -0,0 +1,27 @@ +{ stdenv, buildPythonPackage, fetchPypi, numpy, python }: + +buildPythonPackage rec { + pname = "spglib"; + version = "1.10.3.65"; + + src = fetchPypi { + inherit pname version; + sha256 = "55b49227835396b2bcd6afe724e9f37202ad0f61e273bedebd5bf740bad2e8e3"; + }; + + propagatedBuildInputs = [ numpy ]; + + checkPhase = '' + cd test + ${python.interpreter} -m unittest discover -bv + ''; + + meta = with stdenv.lib; { + description = "Python bindings for C library for finding and handling crystal symmetries"; + homepage = https://atztogo.github.io/spglib; + license = licenses.bsd3; + maintainers = with maintainers; [ psyanticy ]; + }; + +} + diff --git a/pkgs/development/python-modules/tensorflow-tensorboard/default.nix b/pkgs/development/python-modules/tensorflow-tensorboard/default.nix index f0b4e6f341d..a767120ddf3 100644 --- a/pkgs/development/python-modules/tensorflow-tensorboard/default.nix +++ b/pkgs/development/python-modules/tensorflow-tensorboard/default.nix @@ -3,33 +3,34 @@ , numpy , werkzeug , protobuf +, grpcio , markdown , futures }: -# tensorflow is built from a downloaded wheel, because -# https://github.com/tensorflow/tensorboard/issues/719 -# blocks buildBazelPackage. +# tensorflow/tensorboard is built from a downloaded wheel, because +# https://github.com/tensorflow/tensorboard/issues/719 blocks +# buildBazelPackage. buildPythonPackage rec { pname = "tensorflow-tensorboard"; - version = "1.5.1"; + version = "1.7.0"; name = "${pname}-${version}"; format = "wheel"; src = fetchPypi ({ - pname = "tensorflow_tensorboard"; + pname = "tensorboard"; inherit version; format = "wheel"; } // (if isPy3k then { python = "py3"; - sha256 = "1cydgvrr0s05xqz1v9z2wdiv60gzbs8wv9wvbflw5700a2llb63l"; + sha256 = "1aa42rl3fkpllqch09d311gk1j281qry6nn07ywgbs6j0kwr6isc"; } else { python = "py2"; - sha256 = "0dhljddlirq6nr84zg4yrk5k69gj3x2abb6wg3crgrparb6qbya7"; + sha256 = "1vcdkyvw22kpljmj4gxb8m1q54ry02iwvw54w8v8hmdigvc77a7k"; })); - propagatedBuildInputs = [ bleach_1_5_0 numpy werkzeug protobuf markdown ] ++ lib.optional (!isPy3k) futures; + propagatedBuildInputs = [ bleach_1_5_0 numpy werkzeug protobuf markdown grpcio ] ++ lib.optional (!isPy3k) futures; meta = with stdenv.lib; { description = "TensorFlow's Visualization Toolkit"; diff --git a/pkgs/development/python-modules/tensorflow/bin.nix b/pkgs/development/python-modules/tensorflow/bin.nix index 9c6b84e8c7a..21b21f174d0 100644 --- a/pkgs/development/python-modules/tensorflow/bin.nix +++ b/pkgs/development/python-modules/tensorflow/bin.nix @@ -3,8 +3,11 @@ , fetchurl , buildPythonPackage , isPy3k, isPy35, isPy36, pythonOlder +, astor +, gast , numpy , six +, termcolor , protobuf , absl-py , mock @@ -47,7 +50,7 @@ in buildPythonPackage rec { dls = import ./tf1.7.1-hashes.nix; in fetchurl dls.${key}; - propagatedBuildInputs = [ numpy six protobuf absl-py ] + propagatedBuildInputs = [ numpy six protobuf absl-py astor gast termcolor ] ++ lib.optional (!isPy3k) mock ++ lib.optionals (pythonOlder "3.4") [ backports_weakref enum34 ] ++ lib.optional (pythonOlder "3.6") tensorflow-tensorboard; @@ -68,7 +71,7 @@ in buildPythonPackage rec { lib.optionalString (stdenv.isLinux) '' rrPath="$out/${python.sitePackages}/tensorflow/:${rpath}" internalLibPath="$out/${python.sitePackages}/tensorflow/python/_pywrap_tensorflow_internal.so" - find $out -name '*.${stdenv.hostPlatform.extensions.sharedLibrary}' -exec patchelf --set-rpath "$rrPath" {} \; + find $out -name '*${stdenv.hostPlatform.extensions.sharedLibrary}' -exec patchelf --set-rpath "$rrPath" {} \; ''; diff --git a/pkgs/development/python-modules/warrant/default.nix b/pkgs/development/python-modules/warrant/default.nix index ac83430fbae..c152271af33 100644 --- a/pkgs/development/python-modules/warrant/default.nix +++ b/pkgs/development/python-modules/warrant/default.nix @@ -1,4 +1,4 @@ -{ lib, buildPythonPackage, fetchFromGitHub, fetchPypi +{ lib, buildPythonPackage, fetchFromGitHub, fetchPypi, fetchpatch , mock , boto3, envs, python-jose, requests }: @@ -14,6 +14,14 @@ buildPythonPackage rec { sha256 = "0gw3crg64p1zx3k5js0wh0x5bldgs7viy4g8hld9xbka8q0374hi"; }; + patches = [ + (fetchpatch { + name = "fix-pip10-compat.patch"; + url = " https://github.com/capless/warrant/commit/ae17d17d9888b9218a8facf6f6ad0bf4adae9a12.patch"; + sha256 = "1lvqi2qfa3kxdz05ab2lc7xnd3piyvvnz9kla2jl4pchi876z17c"; + }) + ]; + # this needs to go when 0.6.2 or later is released postPatch = '' substituteInPlace requirements.txt \ diff --git a/pkgs/development/tools/aws-sam-cli/default.nix b/pkgs/development/tools/aws-sam-cli/default.nix new file mode 100644 index 00000000000..85307d58704 --- /dev/null +++ b/pkgs/development/tools/aws-sam-cli/default.nix @@ -0,0 +1,37 @@ +{ lib +, python +}: + +with python; + +pkgs.buildPythonApplication rec { + pname = "aws-sam-cli"; + version = "0.3.0"; + + src = pkgs.fetchPypi { + inherit pname version; + sha256 = "7e7275a34e7e9d926198fd9516404310faa2a9681b7a8b0c8b2f9aa31aeb1bfb"; + }; + + # Tests are not included in the PyPI package + doCheck = false; + + propagatedBuildInputs = with pkgs; [ + aws-sam-translator + boto3 + click + cookiecutter + docker + enum34 + flask + pyyaml + six + ]; + + meta = with lib; { + homepage = https://github.com/awslabs/aws-sam-cli; + description = "CLI tool for local development and testing of Serverless applications"; + license = licenses.asl20; + maintainers = with maintainers; [ andreabedini ]; + }; +} diff --git a/pkgs/development/tools/build-managers/cmake/default.nix b/pkgs/development/tools/build-managers/cmake/default.nix index 051b8107703..438aa81a9d0 100644 --- a/pkgs/development/tools/build-managers/cmake/default.nix +++ b/pkgs/development/tools/build-managers/cmake/default.nix @@ -58,7 +58,7 @@ stdenv.mkDerivation rec { # Don't search in non-Nix locations such as /usr, but do search in our libc. patches = [ ./search-path-3.9.patch ] # Don't depend on frameworks. - ++ optional useSharedLibraries ./application-services.patch # TODO: remove conditional + ++ optional (useSharedLibraries && majorVersion == "3.11") ./application-services.patch # TODO: remove conditional ++ optional stdenv.isCygwin ./3.2.2-cygwin.patch; outputs = [ "out" ]; diff --git a/pkgs/development/tools/selenium/chromedriver/default.nix b/pkgs/development/tools/selenium/chromedriver/default.nix index d865a20fbb9..f140c1a7450 100644 --- a/pkgs/development/tools/selenium/chromedriver/default.nix +++ b/pkgs/development/tools/selenium/chromedriver/default.nix @@ -6,7 +6,7 @@ let allSpecs = { "x86_64-linux" = { system = "linux64"; - sha256 = "1h7avlns00hd44ayi53lvdj2l85h9higky0jk7bad07hm39nagks"; + sha256 = "1rkdlf9v5lciaq3yp7cp2vwmca612vngbcnz55ck76jgx6rknh3g"; }; "x86_64-darwin" = { @@ -28,7 +28,7 @@ let in stdenv.mkDerivation rec { name = "chromedriver-${version}"; - version = "2.38"; + version = "2.39"; src = fetchurl { url = "http://chromedriver.storage.googleapis.com/${version}/chromedriver_${spec.system}.zip"; diff --git a/pkgs/games/anki/default.nix b/pkgs/games/anki/default.nix index efc30c1bbf3..e9f239b4df3 100644 --- a/pkgs/games/anki/default.nix +++ b/pkgs/games/anki/default.nix @@ -28,7 +28,7 @@ let qt4 = pyqt4.qt; in buildPythonApplication rec { - version = "2.0.51"; + version = "2.0.52"; name = "anki-${version}"; src = fetchurl { @@ -37,7 +37,7 @@ in buildPythonApplication rec { # "http://ankisrs.net/download/mirror/${name}.tgz" # "http://ankisrs.net/download/mirror/archive/${name}.tgz" ]; - sha256 = "17prfkz9hbz1sdb62ddi6m4jwsb50n08myhai997x8d0r0xxilw0"; + sha256 = "0yjyxgpk79rplz9z2r93kmlk09ari6xxfrz1cfm2yl9v8zfw1n6l"; }; propagatedBuildInputs = [ pyqt4 sqlalchemy pyaudio beautifulsoup httplib2 ] diff --git a/pkgs/games/dwarf-fortress/dfhack/default.nix b/pkgs/games/dwarf-fortress/dfhack/default.nix index a77f50a5171..11964c627da 100644 --- a/pkgs/games/dwarf-fortress/dfhack/default.nix +++ b/pkgs/games/dwarf-fortress/dfhack/default.nix @@ -1,6 +1,7 @@ { stdenv, hostPlatform, lib, fetchFromGitHub, cmake, writeScriptBin, callPackage , perl, XMLLibXML, XMLLibXSLT, zlib , enableStoneSense ? false, allegro5, libGLU_combined +, SDL }: let @@ -39,13 +40,14 @@ in stdenv.mkDerivation rec { src = fetchFromGitHub { owner = "DFHack"; repo = "dfhack"; - sha256 = "0srgymyd57hk9iffhi2i0ra5vzw2vzlpzn4042yb90vqpmvz2zrj"; + sha256 = "15hz90lfg7asgm4bqa2yi2lkwzrljphb42q6616sriwzs66xia6h"; rev = version; + fetchSubmodules = true; }; nativeBuildInputs = [ cmake perl XMLLibXML XMLLibXSLT fakegit ]; # We don't use system libraries because dfhack needs old C++ ABI. - buildInputs = [ zlib ] + buildInputs = [ zlib SDL ] ++ lib.optionals enableStoneSense [ allegro5 libGLU_combined ]; preConfigure = '' diff --git a/pkgs/games/dwarf-fortress/dwarf-therapist/default.nix b/pkgs/games/dwarf-fortress/dwarf-therapist/default.nix index 2e54258c4be..305f3cdb1fa 100644 --- a/pkgs/games/dwarf-fortress/dwarf-therapist/default.nix +++ b/pkgs/games/dwarf-fortress/dwarf-therapist/default.nix @@ -14,11 +14,16 @@ stdenv.mkDerivation rec { buildInputs = [ qtbase qtdeclarative ]; nativeBuildInputs = [ texlive cmake ninja ]; + installPhase = if stdenv.isDarwin then '' + mkdir -p $out/Applications + cp -r DwarfTherapist.app $out/Applications + '' else null; + meta = with stdenv.lib; { description = "Tool to manage dwarves in in a running game of Dwarf Fortress"; maintainers = with maintainers; [ the-kenny abbradar bendlas ]; license = licenses.mit; - platforms = [ "x86_64-linux" "i686-linux" ]; + platforms = platforms.unix; homepage = https://github.com/Dwarf-Therapist/Dwarf-Therapist; }; } diff --git a/pkgs/games/dxx-rebirth/default.nix b/pkgs/games/dxx-rebirth/default.nix index b780d5327f2..9dde1da868d 100644 --- a/pkgs/games/dxx-rebirth/default.nix +++ b/pkgs/games/dxx-rebirth/default.nix @@ -37,6 +37,8 @@ in stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningDisable = [ "format" ]; + buildPhase = '' runHook preBuild diff --git a/pkgs/games/gshogi/default.nix b/pkgs/games/gshogi/default.nix new file mode 100644 index 00000000000..9759eb8956a --- /dev/null +++ b/pkgs/games/gshogi/default.nix @@ -0,0 +1,37 @@ +{ stdenv, buildPythonApplication, fetchFromGitHub +, gtk3, gobjectIntrospection +, wrapGAppsHook, python3Packages }: + +buildPythonApplication rec { + pname = "gshogi"; + version = "0.5.1"; + + src = fetchFromGitHub { + owner = "johncheetham"; + repo = "gshogi"; + rev = "v${version}"; + sha256 = "06vgndfgwyfi50wg3cw92zspc9z0k7xn2pp6qsjih0l5yih8iwqh"; + }; + + doCheck = false; # no tests available + + buildInputs = [ + gtk3 + gobjectIntrospection + ]; + + nativeBuildInputs = [ wrapGAppsHook ]; + + propagatedBuildInputs = with python3Packages; [ + pygobject3 + pycairo + ]; + + meta = with stdenv.lib; { + description = "A graphical implementation of the Shogi board game, also known as Japanese Chess"; + homepage = http://johncheetham.com/projects/gshogi/; + license = licenses.gpl3; + platforms = platforms.linux; + maintainers = [ maintainers.ciil ]; + }; +} diff --git a/pkgs/games/nethack/default.nix b/pkgs/games/nethack/default.nix index b67a79aa3fe..9dd76581fd8 100644 --- a/pkgs/games/nethack/default.nix +++ b/pkgs/games/nethack/default.nix @@ -13,11 +13,11 @@ let binPath = lib.makeBinPath [ coreutils less ]; in stdenv.mkDerivation { - name = "nethack-3.6.0"; + name = "nethack-3.6.1"; src = fetchurl { - url = "mirror://sourceforge/nethack/nethack-360-src.tgz"; - sha256 = "12mi5kgqw3q029y57pkg3gnp930p7yvlqi118xxdif2qhj6nkphs"; + url = "http://nethack.org/download/3.6.1/nethack-361-src.tgz"; + sha256 = "1dha0ijvxhx7c9hr0452h93x81iiqsll8bc9msdnp7xdqcfbz32b"; }; buildInputs = [ ncurses ]; diff --git a/pkgs/misc/emulators/dolphin-emu/master.nix b/pkgs/misc/emulators/dolphin-emu/master.nix index 5d4e22fefae..2798306c300 100644 --- a/pkgs/misc/emulators/dolphin-emu/master.nix +++ b/pkgs/misc/emulators/dolphin-emu/master.nix @@ -1,10 +1,8 @@ -{ stdenv, fetchFromGitHub, pkgconfig, cmake, bluez, ffmpeg, libao, libGLU_combined, gtk2, glib +{ stdenv, fetchFromGitHub, pkgconfig, cmake, makeWrapper, bluez, ffmpeg, libao, libGLU_combined, gtk2, glib , pcre, gettext, libpthreadstubs, libXrandr, libXext, libXxf86vm, libXinerama, libSM, readline -, openal, libXdmcp, portaudio, libusb, libevdev +, openal, libXdmcp, portaudio, libusb, libevdev, curl, qt5 +, vulkan-loader ? null , libpulseaudio ? null -, curl - -, qt5 # - Inputs used for Darwin , CoreBluetooth, cf-private, ForceFeedback, IOKit, OpenGL , wxGTK @@ -20,12 +18,12 @@ assert dolphin-wxgui || dolphin-qtgui; assert !(dolphin-wxgui && dolphin-qtgui); stdenv.mkDerivation rec { - name = "dolphin-emu-20180430"; + name = "dolphin-emu-20180609"; src = fetchFromGitHub { owner = "dolphin-emu"; repo = "dolphin"; - rev = "ad098283c023b0f5f0d314c646bc5d5756c35e3d"; - sha256 = "17fv3vz0nc5jax1bbl4wny1kzsshbbhms82dxd8rzcwwvd2ad1g7"; + rev = "1d87584d69e3fdd730502127274fcbd85cebd591"; + sha256 = "0sxzmmv8gvfsy96p1x1aya1cpq0237gip3zkl4bks4grgxf8958b"; }; cmakeFlags = [ @@ -38,13 +36,14 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - nativeBuildInputs = [ cmake pkgconfig ]; + nativeBuildInputs = [ cmake pkgconfig ] + ++ stdenv.lib.optionals stdenv.isLinux [ makeWrapper ]; buildInputs = [ curl ffmpeg libao libGLU_combined gtk2 glib pcre gettext libpthreadstubs libXrandr libXext libXxf86vm libXinerama libSM readline openal libXdmcp portaudio libusb libpulseaudio libpng hidapi ] ++ stdenv.lib.optionals stdenv.isDarwin [ wxGTK CoreBluetooth cf-private ForceFeedback IOKit OpenGL ] - ++ stdenv.lib.optionals stdenv.isLinux [ bluez libevdev ] + ++ stdenv.lib.optionals stdenv.isLinux [ bluez libevdev vulkan-loader ] ++ stdenv.lib.optionals dolphin-qtgui [ qt5.qtbase ]; # - Change install path to Applications relative to $out @@ -59,6 +58,11 @@ stdenv.mkDerivation rec { mkdir -p "$out/Applications" ''; + postInstall = stdenv.lib.optionalString stdenv.isLinux '' + wrapProgram $out/bin/dolphin-emu-nogui --prefix LD_LIBRARY_PATH : ${vulkan-loader}/lib + wrapProgram $out/bin/dolphin-emu-wx --prefix LD_LIBRARY_PATH : ${vulkan-loader}/lib + ''; + meta = { homepage = http://dolphin-emu.org/; description = "Gamecube/Wii/Triforce emulator for x86_64 and ARM"; diff --git a/pkgs/os-specific/bsd/netbsd/default.nix b/pkgs/os-specific/bsd/netbsd/default.nix index 950694d0bfe..aae11b6affc 100644 --- a/pkgs/os-specific/bsd/netbsd/default.nix +++ b/pkgs/os-specific/bsd/netbsd/default.nix @@ -600,4 +600,11 @@ in rec { makeFlags = [ "BINDIR=/share" ]; }; + locale = netBSDDerivation { + path = "usr.bin/locale"; + version = "7.1.2"; + sha256 = "0kk6v9k2bygq0wf9gbinliqzqpzs9bgxn0ndyl2wcv3hh2bmsr9p"; + patches = [ ./locale.patch ]; + }; + } diff --git a/pkgs/os-specific/bsd/netbsd/locale.patch b/pkgs/os-specific/bsd/netbsd/locale.patch new file mode 100644 index 00000000000..1df9eb38562 --- /dev/null +++ b/pkgs/os-specific/bsd/netbsd/locale.patch @@ -0,0 +1,85 @@ +--- a/locale.c 2018-06-11 14:39:06.449762000 -0400 ++++ b/locale.c 2018-06-11 14:42:28.461122899 -0400 +@@ -56,14 +56,8 @@ + #include <stringlist.h> + #include <unistd.h> + +-#include "citrus_namespace.h" +-#include "citrus_region.h" +-#include "citrus_lookup.h" +-#include "setlocale_local.h" +- + /* Local prototypes */ + void init_locales_list(void); +-void init_locales_list_alias(void); + void list_charmaps(void); + void list_locales(void); + const char *lookup_localecat(int); +@@ -221,6 +215,8 @@ + }; + #define NKWINFO (sizeof(kwinfo)/sizeof(kwinfo[0])) + ++const char *_PathLocale = NULL; ++ + int + main(int argc, char *argv[]) + { +@@ -411,8 +407,7 @@ + while ((dp = readdir(dirp)) != NULL) { + /* exclude "." and "..", _LOCALE_ALIAS_NAME */ + if ((dp->d_name[0] != '.' || (dp->d_name[1] != '\0' && +- (dp->d_name[1] != '.' || dp->d_name[2] != '\0'))) && +- strcmp(_LOCALE_ALIAS_NAME, dp->d_name) != 0) { ++ (dp->d_name[1] != '.' || dp->d_name[2] != '\0')))) { + s = strdup(dp->d_name); + if (s == NULL) + err(1, "could not allocate memory"); +@@ -431,48 +426,10 @@ + if (sl_find(locales, "C") == NULL) + sl_add(locales, "C"); + +- init_locales_list_alias(); +- + /* make output nicer, sort the list */ + qsort(locales->sl_str, locales->sl_cur, sizeof(char *), scmp); + } + +-void +-init_locales_list_alias(void) +-{ +- char aliaspath[PATH_MAX]; +- struct _lookup *hlookup; +- struct _region key, dat; +- size_t n; +- char *s, *t; +- +- _DIAGASSERT(locales != NULL); +- _DIAGASSERT(_PathLocale != NULL); +- +- (void)snprintf(aliaspath, sizeof(aliaspath), +- "%s/" _LOCALE_ALIAS_NAME, _PathLocale); +- +- if (_lookup_seq_open(&hlookup, aliaspath, +- _LOOKUP_CASE_SENSITIVE) == 0) { +- while (_lookup_seq_next(hlookup, &key, &dat) == 0) { +- n = _region_size((const struct _region *)&key); +- s = _region_head((const struct _region *)&key); +- for (t = s; n > 0 && *s!= '/'; --n, ++s); +- n = (size_t)(s - t); +- s = malloc(n + 1); +- if (s == NULL) +- err(1, "could not allocate memory"); +- memcpy(s, t, n); +- s[n] = '\0'; +- if (sl_find(locales, s) == NULL) +- sl_add(locales, s); +- else +- free(s); +- } +- _lookup_seq_close(hlookup); +- } +-} +- + /* + * Show current locale status, depending on environment variables + */ diff --git a/pkgs/os-specific/linux/alsa-firmware/default.nix b/pkgs/os-specific/linux/alsa-firmware/default.nix index 5871d1c6990..fb312b6bcb0 100644 --- a/pkgs/os-specific/linux/alsa-firmware/default.nix +++ b/pkgs/os-specific/linux/alsa-firmware/default.nix @@ -4,10 +4,7 @@ stdenv.mkDerivation rec { name = "alsa-firmware-1.0.29"; src = fetchurl { - urls = [ - "ftp://ftp.alsa-project.org/pub/firmware/${name}.tar.bz2" - "http://alsa.cybermirror.org/firmware/${name}.tar.bz2" - ]; + url = "mirror://alsa/firmware/${name}.tar.bz2"; sha256 = "0gfcyj5anckjn030wcxx5v2xk2s219nyf99s9m833275b5wz2piw"; }; @@ -28,7 +25,7 @@ stdenv.mkDerivation rec { ''; meta = { - homepage = http://www.alsa-project.org/main/index.php/Main_Page; + homepage = http://www.alsa-project.org/; description = "Soundcard firmwares from the alsa project"; license = stdenv.lib.licenses.gpl2Plus; platforms = stdenv.lib.platforms.linux; diff --git a/pkgs/os-specific/linux/alsa-lib/default.nix b/pkgs/os-specific/linux/alsa-lib/default.nix index c2c612db542..41b43afc242 100644 --- a/pkgs/os-specific/linux/alsa-lib/default.nix +++ b/pkgs/os-specific/linux/alsa-lib/default.nix @@ -4,10 +4,7 @@ stdenv.mkDerivation rec { name = "alsa-lib-1.1.6"; src = fetchurl { - urls = [ - "ftp://ftp.alsa-project.org/pub/lib/${name}.tar.bz2" - "http://alsa.cybermirror.org/lib/${name}.tar.bz2" - ]; + url = "mirror://alsa/lib/${name}.tar.bz2"; sha256 = "096pwrnhj36yndldvs2pj4r871zhcgisks0is78f1jkjn9sd4b2z"; }; diff --git a/pkgs/os-specific/linux/alsa-oss/default.nix b/pkgs/os-specific/linux/alsa-oss/default.nix index 5cd937a3792..a13e178e418 100644 --- a/pkgs/os-specific/linux/alsa-oss/default.nix +++ b/pkgs/os-specific/linux/alsa-oss/default.nix @@ -4,10 +4,7 @@ stdenv.mkDerivation rec { name = "alsa-oss-1.1.6"; src = fetchurl { - urls = [ - "ftp://ftp.alsa-project.org/pub/oss-lib/${name}.tar.bz2" - "http://alsa.cybermirror.org/oss-lib/${name}.tar.bz2" - ]; + url = "mirror://alsa/oss-lib/${name}.tar.bz2"; sha256 = "1sj512wyci5qv8cisps96xngh7y9r5mv18ybqnazy18zwr1zgly3"; }; diff --git a/pkgs/os-specific/linux/alsa-plugins/default.nix b/pkgs/os-specific/linux/alsa-plugins/default.nix index f57f84b293b..9012f32f31d 100644 --- a/pkgs/os-specific/linux/alsa-plugins/default.nix +++ b/pkgs/os-specific/linux/alsa-plugins/default.nix @@ -4,10 +4,7 @@ stdenv.mkDerivation rec { name = "alsa-plugins-1.1.6"; src = fetchurl { - urls = [ - "ftp://ftp.alsa-project.org/pub/plugins/${name}.tar.bz2" - "http://alsa.cybermirror.org/plugins/${name}.tar.bz2" - ]; + url = "mirror://alsa/plugins/${name}.tar.bz2"; sha256 = "04qcwkisbh0d6lnh0rw1k6n869fbs6zbfq6yvb41rymiwgmk27bg"; }; diff --git a/pkgs/os-specific/linux/alsa-tools/default.nix b/pkgs/os-specific/linux/alsa-tools/default.nix index 67cae46164f..1ce94d14803 100644 --- a/pkgs/os-specific/linux/alsa-tools/default.nix +++ b/pkgs/os-specific/linux/alsa-tools/default.nix @@ -7,10 +7,7 @@ stdenv.mkDerivation rec { version = "1.1.6"; src = fetchurl { - urls = [ - "ftp://ftp.alsa-project.org/pub/tools/${name}.tar.bz2" - "http://alsa.cybermirror.org/tools/${name}.tar.bz2" - ]; + url = "mirror://alsa/tools/${name}.tar.bz2"; sha256 = "09rjb6hw1mn9y1jfdfj5djncgc2cr5wfps83k56rf6k4zg14v76n"; }; diff --git a/pkgs/os-specific/linux/alsa-utils/default.nix b/pkgs/os-specific/linux/alsa-utils/default.nix index b8498c096d3..376c42a8f9b 100644 --- a/pkgs/os-specific/linux/alsa-utils/default.nix +++ b/pkgs/os-specific/linux/alsa-utils/default.nix @@ -5,10 +5,7 @@ stdenv.mkDerivation rec { version = "1.1.6"; src = fetchurl { - urls = [ - "ftp://ftp.alsa-project.org/pub/utils/${name}.tar.bz2" - "http://alsa.cybermirror.org/utils/${name}.tar.bz2" - ]; + url = "mirror://alsa/utils/${name}.tar.bz2"; sha256 = "0vnkyymgwj9rfdb11nvab30dnfrylmakdfildxl0y8mj836awp0m"; }; @@ -27,7 +24,6 @@ stdenv.mkDerivation rec { meta = { homepage = http://www.alsa-project.org/; description = "ALSA, the Advanced Linux Sound Architecture utils"; - longDescription = '' The Advanced Linux Sound Architecture (ALSA) provides audio and MIDI functionality to the Linux-based operating system. diff --git a/pkgs/os-specific/linux/fwts/default.nix b/pkgs/os-specific/linux/fwts/default.nix index c02bfb1615c..a3d8d0a0eec 100644 --- a/pkgs/os-specific/linux/fwts/default.nix +++ b/pkgs/os-specific/linux/fwts/default.nix @@ -3,11 +3,11 @@ stdenv.mkDerivation rec { name = "fwts-${version}"; - version = "18.03.00"; + version = "18.05.00"; src = fetchzip { url = "http://fwts.ubuntu.com/release/fwts-V${version}.tar.gz"; - sha256 = "1f2gdnaygsj0spd6a559bzf3wii7l59k3sk49rjbbdb9g77nkhg2"; + sha256 = "0ixc82zdv4cfj8g2mwd851fc47cpjj81mwjhn00n5wddb9cxmgkj"; stripRoot = false; }; diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index a226061ecbf..d1314431abe 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -463,6 +463,7 @@ with stdenv.lib; PPP_FILTER y REGULATOR y # Voltage and Current Regulator Support RC_DEVICES? y # Enable IR devices + RT2800USB_RT53XX y RT2800USB_RT55XX y SCHED_AUTOGROUP y CFS_BANDWIDTH y diff --git a/pkgs/os-specific/linux/kernel/copperhead-4-14.patch b/pkgs/os-specific/linux/kernel/copperhead-4-14.patch new file mode 100644 index 00000000000..78112d164f0 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/copperhead-4-14.patch @@ -0,0 +1,2864 @@ +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt +index 0380a45ecf4b..39956a3ef645 100644 +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -490,16 +490,6 @@ + nosocket -- Disable socket memory accounting. + nokmem -- Disable kernel memory accounting. + +- checkreqprot [SELINUX] Set initial checkreqprot flag value. +- Format: { "0" | "1" } +- See security/selinux/Kconfig help text. +- 0 -- check protection applied by kernel (includes +- any implied execute protection). +- 1 -- check protection requested by application. +- Default value is set via a kernel config option. +- Value can be changed at runtime via +- /selinux/checkreqprot. +- + cio_ignore= [S390] + See Documentation/s390/CommonIO for details. + clk_ignore_unused +@@ -2899,6 +2889,11 @@ + the specified number of seconds. This is to be used if + your oopses keep scrolling off the screen. + ++ extra_latent_entropy ++ Enable a very simple form of latent entropy extraction ++ from the first 4GB of memory as the bootmem allocator ++ passes the memory pages to the buddy allocator. ++ + pcbit= [HW,ISDN] + + pcd. [PARIDE] +diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt +index 694968c7523c..002d86416ef8 100644 +--- a/Documentation/sysctl/kernel.txt ++++ b/Documentation/sysctl/kernel.txt +@@ -91,6 +91,7 @@ show up in /proc/sys/kernel: + - sysctl_writes_strict + - tainted + - threads-max ++- tiocsti_restrict + - unknown_nmi_panic + - watchdog + - watchdog_thresh +@@ -999,6 +1000,26 @@ available RAM pages threads-max is reduced accordingly. + + ============================================================== + ++tiocsti_restrict: ++ ++This toggle indicates whether unprivileged users are prevented ++from using the TIOCSTI ioctl to inject commands into other processes ++which share a tty session. ++ ++When tiocsti_restrict is set to (0) there are no restrictions(accept ++the default restriction of only being able to injection commands into ++one's own tty). When tiocsti_restrict is set to (1), users must ++have CAP_SYS_ADMIN to use the TIOCSTI ioctl. ++ ++When user namespaces are in use, the check for the capability ++CAP_SYS_ADMIN is done against the user namespace that originally ++opened the tty. ++ ++The kernel config option CONFIG_SECURITY_TIOCSTI_RESTRICT sets the ++default value of tiocsti_restrict. ++ ++============================================================== ++ + unknown_nmi_panic: + + The value in this file affects behavior of handling NMI. When the +diff --git a/Makefile b/Makefile +index 787cf6605209..e4fda5330730 100644 +--- a/Makefile ++++ b/Makefile +@@ -710,6 +710,9 @@ endif + KBUILD_CFLAGS += $(stackp-flag) + + ifeq ($(cc-name),clang) ++ifdef CONFIG_LOCAL_INIT ++KBUILD_CFLAGS += -fsanitize=local-init ++endif + KBUILD_CPPFLAGS += $(call cc-option,-Qunused-arguments,) + KBUILD_CFLAGS += $(call cc-disable-warning, unused-variable) + KBUILD_CFLAGS += $(call cc-disable-warning, format-invalid-specifier) +diff --git a/arch/Kconfig b/arch/Kconfig +index 400b9e1b2f27..4637096f7902 100644 +--- a/arch/Kconfig ++++ b/arch/Kconfig +@@ -440,6 +440,11 @@ config GCC_PLUGIN_LATENT_ENTROPY + is some slowdown of the boot process (about 0.5%) and fork and + irq processing. + ++ When extra_latent_entropy is passed on the kernel command line, ++ entropy will be extracted from up to the first 4GB of RAM while the ++ runtime memory allocator is being initialized. This costs even more ++ slowdown of the boot process. ++ + Note that entropy extracted this way is not cryptographically + secure! + +@@ -533,7 +538,7 @@ config CC_STACKPROTECTOR + choice + prompt "Stack Protector buffer overflow detection" + depends on HAVE_CC_STACKPROTECTOR +- default CC_STACKPROTECTOR_NONE ++ default CC_STACKPROTECTOR_STRONG + help + This option turns on the "stack-protector" GCC feature. This + feature puts, at the beginning of functions, a canary value on +@@ -735,7 +740,7 @@ config ARCH_MMAP_RND_BITS + int "Number of bits to use for ASLR of mmap base address" if EXPERT + range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX + default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT +- default ARCH_MMAP_RND_BITS_MIN ++ default ARCH_MMAP_RND_BITS_MAX + depends on HAVE_ARCH_MMAP_RND_BITS + help + This value can be used to select the number of bits to use to +@@ -769,7 +774,7 @@ config ARCH_MMAP_RND_COMPAT_BITS + int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT + range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX + default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT +- default ARCH_MMAP_RND_COMPAT_BITS_MIN ++ default ARCH_MMAP_RND_COMPAT_BITS_MAX + depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS + help + This value can be used to select the number of bits to use to +@@ -952,6 +957,7 @@ config ARCH_HAS_REFCOUNT + + config REFCOUNT_FULL + bool "Perform full reference count validation at the expense of speed" ++ default y + help + Enabling this switches the refcounting infrastructure from a fast + unchecked atomic_t implementation to a fully state checked +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig +index 2d5f7aca156d..aa4839a74c6a 100644 +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -918,6 +918,7 @@ endif + + config ARM64_SW_TTBR0_PAN + bool "Emulate Privileged Access Never using TTBR0_EL1 switching" ++ default y + help + Enabling this option prevents the kernel from accessing + user-space memory directly by pointing TTBR0_EL1 to a reserved +@@ -1044,6 +1045,7 @@ config RANDOMIZE_BASE + bool "Randomize the address of the kernel image" + select ARM64_MODULE_PLTS if MODULES + select RELOCATABLE ++ default y + help + Randomizes the virtual address at which the kernel image is + loaded, as a security feature that deters exploit attempts +diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug +index cc6bd559af85..01d5442d4722 100644 +--- a/arch/arm64/Kconfig.debug ++++ b/arch/arm64/Kconfig.debug +@@ -45,6 +45,7 @@ config ARM64_RANDOMIZE_TEXT_OFFSET + config DEBUG_WX + bool "Warn on W+X mappings at boot" + select ARM64_PTDUMP_CORE ++ default y + ---help--- + Generate a warning if any W+X mappings are found at boot. + +diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig +index 34480e9af2e7..26304242250c 100644 +--- a/arch/arm64/configs/defconfig ++++ b/arch/arm64/configs/defconfig +@@ -1,4 +1,3 @@ +-CONFIG_SYSVIPC=y + CONFIG_POSIX_MQUEUE=y + CONFIG_AUDIT=y + CONFIG_NO_HZ_IDLE=y +diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h +index 33be513ef24c..6f0c0e3ef0dd 100644 +--- a/arch/arm64/include/asm/elf.h ++++ b/arch/arm64/include/asm/elf.h +@@ -114,10 +114,10 @@ + + /* + * This is the base location for PIE (ET_DYN with INTERP) loads. On +- * 64-bit, this is above 4GB to leave the entire 32-bit address ++ * 64-bit, this is raised to 4GB to leave the entire 32-bit address + * space open for things that want to use the area for 32-bit pointers. + */ +-#define ELF_ET_DYN_BASE (2 * TASK_SIZE_64 / 3) ++#define ELF_ET_DYN_BASE 0x100000000UL + + #ifndef __ASSEMBLY__ + +@@ -158,10 +158,10 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm, + /* 1GB of VA */ + #ifdef CONFIG_COMPAT + #define STACK_RND_MASK (test_thread_flag(TIF_32BIT) ? \ +- 0x7ff >> (PAGE_SHIFT - 12) : \ +- 0x3ffff >> (PAGE_SHIFT - 12)) ++ ((1UL << mmap_rnd_compat_bits) - 1) >> (PAGE_SHIFT - 12) : \ ++ ((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12)) + #else +-#define STACK_RND_MASK (0x3ffff >> (PAGE_SHIFT - 12)) ++#define STACK_RND_MASK (((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12)) + #endif + + #ifdef __AARCH64EB__ +diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c +index 9e773732520c..91359f45b5fc 100644 +--- a/arch/arm64/kernel/process.c ++++ b/arch/arm64/kernel/process.c +@@ -419,9 +419,9 @@ unsigned long arch_align_stack(unsigned long sp) + unsigned long arch_randomize_brk(struct mm_struct *mm) + { + if (is_compat_task()) +- return randomize_page(mm->brk, SZ_32M); ++ return mm->brk + get_random_long() % SZ_32M + PAGE_SIZE; + else +- return randomize_page(mm->brk, SZ_1G); ++ return mm->brk + get_random_long() % SZ_1G + PAGE_SIZE; + } + + /* +diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig +index 7483cd514c32..835a86c45fb0 100644 +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -1153,8 +1153,7 @@ config VM86 + default X86_LEGACY_VM86 + + config X86_16BIT +- bool "Enable support for 16-bit segments" if EXPERT +- default y ++ bool "Enable support for 16-bit segments" + depends on MODIFY_LDT_SYSCALL + ---help--- + This option is required by programs like Wine to run 16-bit +@@ -2228,7 +2227,7 @@ config COMPAT_VDSO + choice + prompt "vsyscall table for legacy applications" + depends on X86_64 +- default LEGACY_VSYSCALL_EMULATE ++ default LEGACY_VSYSCALL_NONE + help + Legacy user code that does not know how to find the vDSO expects + to be able to issue three syscalls by calling fixed addresses in +@@ -2318,8 +2317,7 @@ config CMDLINE_OVERRIDE + be set to 'N' under normal conditions. + + config MODIFY_LDT_SYSCALL +- bool "Enable the LDT (local descriptor table)" if EXPERT +- default y ++ bool "Enable the LDT (local descriptor table)" + ---help--- + Linux can allow user programs to install a per-process x86 + Local Descriptor Table (LDT) using the modify_ldt(2) system +diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug +index 6293a8768a91..add82e0f1df3 100644 +--- a/arch/x86/Kconfig.debug ++++ b/arch/x86/Kconfig.debug +@@ -101,6 +101,7 @@ config EFI_PGT_DUMP + config DEBUG_WX + bool "Warn on W+X mappings at boot" + select X86_PTDUMP_CORE ++ default y + ---help--- + Generate a warning if any W+X mappings are found at boot. + +diff --git a/arch/x86/configs/x86_64_defconfig b/arch/x86/configs/x86_64_defconfig +index e32fc1f274d8..d08acc76502a 100644 +--- a/arch/x86/configs/x86_64_defconfig ++++ b/arch/x86/configs/x86_64_defconfig +@@ -1,5 +1,4 @@ + # CONFIG_LOCALVERSION_AUTO is not set +-CONFIG_SYSVIPC=y + CONFIG_POSIX_MQUEUE=y + CONFIG_BSD_PROCESS_ACCT=y + CONFIG_TASKSTATS=y +diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c +index 1911310959f8..bba8dbbc07a8 100644 +--- a/arch/x86/entry/vdso/vma.c ++++ b/arch/x86/entry/vdso/vma.c +@@ -203,55 +203,9 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr) + } + + #ifdef CONFIG_X86_64 +-/* +- * Put the vdso above the (randomized) stack with another randomized +- * offset. This way there is no hole in the middle of address space. +- * To save memory make sure it is still in the same PTE as the stack +- * top. This doesn't give that many random bits. +- * +- * Note that this algorithm is imperfect: the distribution of the vdso +- * start address within a PMD is biased toward the end. +- * +- * Only used for the 64-bit and x32 vdsos. +- */ +-static unsigned long vdso_addr(unsigned long start, unsigned len) +-{ +- unsigned long addr, end; +- unsigned offset; +- +- /* +- * Round up the start address. It can start out unaligned as a result +- * of stack start randomization. +- */ +- start = PAGE_ALIGN(start); +- +- /* Round the lowest possible end address up to a PMD boundary. */ +- end = (start + len + PMD_SIZE - 1) & PMD_MASK; +- if (end >= TASK_SIZE_MAX) +- end = TASK_SIZE_MAX; +- end -= len; +- +- if (end > start) { +- offset = get_random_int() % (((end - start) >> PAGE_SHIFT) + 1); +- addr = start + (offset << PAGE_SHIFT); +- } else { +- addr = start; +- } +- +- /* +- * Forcibly align the final address in case we have a hardware +- * issue that requires alignment for performance reasons. +- */ +- addr = align_vdso_addr(addr); +- +- return addr; +-} +- + static int map_vdso_randomized(const struct vdso_image *image) + { +- unsigned long addr = vdso_addr(current->mm->start_stack, image->size-image->sym_vvar_start); +- +- return map_vdso(image, addr); ++ return map_vdso(image, 0); + } + #endif + +diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h +index 3a091cea36c5..0931c05a3348 100644 +--- a/arch/x86/include/asm/elf.h ++++ b/arch/x86/include/asm/elf.h +@@ -249,11 +249,11 @@ extern int force_personality32; + + /* + * This is the base location for PIE (ET_DYN with INTERP) loads. On +- * 64-bit, this is above 4GB to leave the entire 32-bit address ++ * 64-bit, this is raised to 4GB to leave the entire 32-bit address + * space open for things that want to use the area for 32-bit pointers. + */ + #define ELF_ET_DYN_BASE (mmap_is_ia32() ? 0x000400000UL : \ +- (DEFAULT_MAP_WINDOW / 3 * 2)) ++ 0x100000000UL) + + /* This yields a mask that user programs can use to figure out what + instruction set this CPU supports. This could be done in user space, +@@ -312,8 +312,8 @@ extern unsigned long get_mmap_base(int is_legacy); + + #ifdef CONFIG_X86_32 + +-#define __STACK_RND_MASK(is32bit) (0x7ff) +-#define STACK_RND_MASK (0x7ff) ++#define __STACK_RND_MASK(is32bit) ((1UL << mmap_rnd_bits) - 1) ++#define STACK_RND_MASK ((1UL << mmap_rnd_bits) - 1) + + #define ARCH_DLINFO ARCH_DLINFO_IA32 + +@@ -322,7 +322,11 @@ extern unsigned long get_mmap_base(int is_legacy); + #else /* CONFIG_X86_32 */ + + /* 1GB for 64bit, 8MB for 32bit */ +-#define __STACK_RND_MASK(is32bit) ((is32bit) ? 0x7ff : 0x3fffff) ++#ifdef CONFIG_COMPAT ++#define __STACK_RND_MASK(is32bit) ((is32bit) ? (1UL << mmap_rnd_compat_bits) - 1 : (1UL << mmap_rnd_bits) - 1) ++#else ++#define __STACK_RND_MASK(is32bit) ((1UL << mmap_rnd_bits) - 1) ++#endif + #define STACK_RND_MASK __STACK_RND_MASK(mmap_is_ia32()) + + #define ARCH_DLINFO \ +@@ -380,5 +384,4 @@ struct va_alignment { + } ____cacheline_aligned; + + extern struct va_alignment va_align; +-extern unsigned long align_vdso_addr(unsigned long); + #endif /* _ASM_X86_ELF_H */ +diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h +index 704f31315dde..bb82b6344a7b 100644 +--- a/arch/x86/include/asm/tlbflush.h ++++ b/arch/x86/include/asm/tlbflush.h +@@ -253,6 +253,7 @@ static inline void cr4_set_bits(unsigned long mask) + unsigned long cr4; + + cr4 = this_cpu_read(cpu_tlbstate.cr4); ++ BUG_ON(cr4 != __read_cr4()); + if ((cr4 | mask) != cr4) { + cr4 |= mask; + this_cpu_write(cpu_tlbstate.cr4, cr4); +@@ -266,6 +267,7 @@ static inline void cr4_clear_bits(unsigned long mask) + unsigned long cr4; + + cr4 = this_cpu_read(cpu_tlbstate.cr4); ++ BUG_ON(cr4 != __read_cr4()); + if ((cr4 & ~mask) != cr4) { + cr4 &= ~mask; + this_cpu_write(cpu_tlbstate.cr4, cr4); +@@ -278,6 +280,7 @@ static inline void cr4_toggle_bits(unsigned long mask) + unsigned long cr4; + + cr4 = this_cpu_read(cpu_tlbstate.cr4); ++ BUG_ON(cr4 != __read_cr4()); + cr4 ^= mask; + this_cpu_write(cpu_tlbstate.cr4, cr4); + __write_cr4(cr4); +@@ -386,6 +389,7 @@ static inline void __native_flush_tlb_global(void) + raw_local_irq_save(flags); + + cr4 = this_cpu_read(cpu_tlbstate.cr4); ++ BUG_ON(cr4 != __read_cr4()); + /* toggle PGE */ + native_write_cr4(cr4 ^ X86_CR4_PGE); + /* write old PGE again and flush TLBs */ +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index 48e98964ecad..a94dc690612f 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -1637,7 +1637,6 @@ void cpu_init(void) + wrmsrl(MSR_KERNEL_GS_BASE, 0); + barrier(); + +- x86_configure_nx(); + x2apic_setup(); + + /* +diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c +index 988a98f34c66..dc36d2d9078a 100644 +--- a/arch/x86/kernel/process.c ++++ b/arch/x86/kernel/process.c +@@ -40,6 +40,8 @@ + #include <asm/desc.h> + #include <asm/prctl.h> + #include <asm/spec-ctrl.h> ++#include <asm/elf.h> ++#include <linux/sizes.h> + + /* + * per-CPU TSS segments. Threads are completely 'soft' on Linux, +@@ -719,7 +721,10 @@ unsigned long arch_align_stack(unsigned long sp) + + unsigned long arch_randomize_brk(struct mm_struct *mm) + { +- return randomize_page(mm->brk, 0x02000000); ++ if (mmap_is_ia32()) ++ return mm->brk + get_random_long() % SZ_32M + PAGE_SIZE; ++ else ++ return mm->brk + get_random_long() % SZ_1G + PAGE_SIZE; + } + + /* +diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c +index a63fe77b3217..e1085e76043e 100644 +--- a/arch/x86/kernel/sys_x86_64.c ++++ b/arch/x86/kernel/sys_x86_64.c +@@ -54,13 +54,6 @@ static unsigned long get_align_bits(void) + return va_align.bits & get_align_mask(); + } + +-unsigned long align_vdso_addr(unsigned long addr) +-{ +- unsigned long align_mask = get_align_mask(); +- addr = (addr + align_mask) & ~align_mask; +- return addr | get_align_bits(); +-} +- + static int __init control_va_addr_alignment(char *str) + { + /* guard against enabling this on other CPU families */ +@@ -122,10 +115,7 @@ static void find_start_end(unsigned long addr, unsigned long flags, + } + + *begin = get_mmap_base(1); +- if (in_compat_syscall()) +- *end = task_size_32bit(); +- else +- *end = task_size_64bit(addr > DEFAULT_MAP_WINDOW); ++ *end = get_mmap_base(0); + } + + unsigned long +@@ -206,7 +196,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + + info.flags = VM_UNMAPPED_AREA_TOPDOWN; + info.length = len; +- info.low_limit = PAGE_SIZE; ++ info.low_limit = get_mmap_base(1); + info.high_limit = get_mmap_base(0); + + /* +diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c +index 3141e67ec24c..e93173193f60 100644 +--- a/arch/x86/mm/init_32.c ++++ b/arch/x86/mm/init_32.c +@@ -558,7 +558,7 @@ static void __init pagetable_init(void) + permanent_kmaps_init(pgd_base); + } + +-pteval_t __supported_pte_mask __read_mostly = ~(_PAGE_NX | _PAGE_GLOBAL); ++pteval_t __supported_pte_mask __ro_after_init = ~(_PAGE_NX | _PAGE_GLOBAL); + EXPORT_SYMBOL_GPL(__supported_pte_mask); + + /* user-defined highmem size */ +@@ -865,7 +865,7 @@ int arch_remove_memory(u64 start, u64 size) + #endif + #endif + +-int kernel_set_to_readonly __read_mostly; ++int kernel_set_to_readonly __ro_after_init; + + void set_kernel_text_rw(void) + { +@@ -917,12 +917,11 @@ void mark_rodata_ro(void) + unsigned long start = PFN_ALIGN(_text); + unsigned long size = PFN_ALIGN(_etext) - start; + ++ kernel_set_to_readonly = 1; + set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT); + printk(KERN_INFO "Write protecting the kernel text: %luk\n", + size >> 10); + +- kernel_set_to_readonly = 1; +- + #ifdef CONFIG_CPA_DEBUG + printk(KERN_INFO "Testing CPA: Reverting %lx-%lx\n", + start, start+size); +diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c +index 642357aff216..8bbf93ce3cd2 100644 +--- a/arch/x86/mm/init_64.c ++++ b/arch/x86/mm/init_64.c +@@ -65,7 +65,7 @@ + * around without checking the pgd every time. + */ + +-pteval_t __supported_pte_mask __read_mostly = ~0; ++pteval_t __supported_pte_mask __ro_after_init = ~0; + EXPORT_SYMBOL_GPL(__supported_pte_mask); + + int force_personality32; +@@ -1185,7 +1185,7 @@ void __init mem_init(void) + mem_init_print_info(NULL); + } + +-int kernel_set_to_readonly; ++int kernel_set_to_readonly __ro_after_init; + + void set_kernel_text_rw(void) + { +@@ -1234,9 +1234,8 @@ void mark_rodata_ro(void) + + printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n", + (end - start) >> 10); +- set_memory_ro(start, (end - start) >> PAGE_SHIFT); +- + kernel_set_to_readonly = 1; ++ set_memory_ro(start, (end - start) >> PAGE_SHIFT); + + /* + * The rodata/data/bss/brk section (but not the kernel text!) +diff --git a/block/blk-softirq.c b/block/blk-softirq.c +index 01e2b353a2b9..9aeddca4a29f 100644 +--- a/block/blk-softirq.c ++++ b/block/blk-softirq.c +@@ -20,7 +20,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done); + * Softirq action handler - move entries to local list and loop over them + * while passing them to the queue registered handler. + */ +-static __latent_entropy void blk_done_softirq(struct softirq_action *h) ++static __latent_entropy void blk_done_softirq(void) + { + struct list_head *cpu_list, local_list; + +diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c +index 473f150d6b22..65a65f9824ed 100644 +--- a/drivers/ata/libata-core.c ++++ b/drivers/ata/libata-core.c +@@ -5141,7 +5141,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) + struct ata_port *ap; + unsigned int tag; + +- WARN_ON_ONCE(qc == NULL); /* ata_qc_from_tag _might_ return NULL */ ++ BUG_ON(qc == NULL); /* ata_qc_from_tag _might_ return NULL */ + ap = qc->ap; + + qc->flags = 0; +@@ -5158,7 +5158,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) + struct ata_port *ap; + struct ata_link *link; + +- WARN_ON_ONCE(qc == NULL); /* ata_qc_from_tag _might_ return NULL */ ++ BUG_ON(qc == NULL); /* ata_qc_from_tag _might_ return NULL */ + WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); + ap = qc->ap; + link = qc->dev->link; +diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig +index c28dca0c613d..d4813f0d25ca 100644 +--- a/drivers/char/Kconfig ++++ b/drivers/char/Kconfig +@@ -9,7 +9,6 @@ source "drivers/tty/Kconfig" + + config DEVMEM + bool "/dev/mem virtual device support" +- default y + help + Say Y here if you want to support the /dev/mem device. + The /dev/mem device is used to access areas of physical +@@ -568,7 +567,6 @@ config TELCLOCK + config DEVPORT + bool "/dev/port character device" + depends on ISA || PCI +- default y + help + Say Y here if you want to support the /dev/port device. The /dev/port + device is similar to /dev/mem, but for I/O ports. +diff --git a/drivers/media/dvb-frontends/cx24116.c b/drivers/media/dvb-frontends/cx24116.c +index e105532bfba8..e07d52bb9b62 100644 +--- a/drivers/media/dvb-frontends/cx24116.c ++++ b/drivers/media/dvb-frontends/cx24116.c +@@ -1462,7 +1462,7 @@ static int cx24116_tune(struct dvb_frontend *fe, bool re_tune, + return cx24116_read_status(fe, status); + } + +-static int cx24116_get_algo(struct dvb_frontend *fe) ++static enum dvbfe_algo cx24116_get_algo(struct dvb_frontend *fe) + { + return DVBFE_ALGO_HW; + } +diff --git a/drivers/media/dvb-frontends/cx24117.c b/drivers/media/dvb-frontends/cx24117.c +index d37cb7762bd6..97e0feff0ede 100644 +--- a/drivers/media/dvb-frontends/cx24117.c ++++ b/drivers/media/dvb-frontends/cx24117.c +@@ -1555,7 +1555,7 @@ static int cx24117_tune(struct dvb_frontend *fe, bool re_tune, + return cx24117_read_status(fe, status); + } + +-static int cx24117_get_algo(struct dvb_frontend *fe) ++static enum dvbfe_algo cx24117_get_algo(struct dvb_frontend *fe) + { + return DVBFE_ALGO_HW; + } +diff --git a/drivers/media/dvb-frontends/cx24120.c b/drivers/media/dvb-frontends/cx24120.c +index 7f11dcc94d85..01da670760ba 100644 +--- a/drivers/media/dvb-frontends/cx24120.c ++++ b/drivers/media/dvb-frontends/cx24120.c +@@ -1491,7 +1491,7 @@ static int cx24120_tune(struct dvb_frontend *fe, bool re_tune, + return cx24120_read_status(fe, status); + } + +-static int cx24120_get_algo(struct dvb_frontend *fe) ++static enum dvbfe_algo cx24120_get_algo(struct dvb_frontend *fe) + { + return DVBFE_ALGO_HW; + } +diff --git a/drivers/media/dvb-frontends/cx24123.c b/drivers/media/dvb-frontends/cx24123.c +index 1d59d1d3bd82..41cd0e9ea199 100644 +--- a/drivers/media/dvb-frontends/cx24123.c ++++ b/drivers/media/dvb-frontends/cx24123.c +@@ -1005,7 +1005,7 @@ static int cx24123_tune(struct dvb_frontend *fe, + return retval; + } + +-static int cx24123_get_algo(struct dvb_frontend *fe) ++static enum dvbfe_algo cx24123_get_algo(struct dvb_frontend *fe) + { + return DVBFE_ALGO_HW; + } +diff --git a/drivers/media/dvb-frontends/cxd2820r_core.c b/drivers/media/dvb-frontends/cxd2820r_core.c +index f6ebbb47b9b2..3e0d8cbd76da 100644 +--- a/drivers/media/dvb-frontends/cxd2820r_core.c ++++ b/drivers/media/dvb-frontends/cxd2820r_core.c +@@ -403,7 +403,7 @@ static enum dvbfe_search cxd2820r_search(struct dvb_frontend *fe) + return DVBFE_ALGO_SEARCH_ERROR; + } + +-static int cxd2820r_get_frontend_algo(struct dvb_frontend *fe) ++static enum dvbfe_algo cxd2820r_get_frontend_algo(struct dvb_frontend *fe) + { + return DVBFE_ALGO_CUSTOM; + } +diff --git a/drivers/media/dvb-frontends/mb86a20s.c b/drivers/media/dvb-frontends/mb86a20s.c +index e8ac8c3e2ec0..e0f4ba8302d1 100644 +--- a/drivers/media/dvb-frontends/mb86a20s.c ++++ b/drivers/media/dvb-frontends/mb86a20s.c +@@ -2055,7 +2055,7 @@ static void mb86a20s_release(struct dvb_frontend *fe) + kfree(state); + } + +-static int mb86a20s_get_frontend_algo(struct dvb_frontend *fe) ++static enum dvbfe_algo mb86a20s_get_frontend_algo(struct dvb_frontend *fe) + { + return DVBFE_ALGO_HW; + } +diff --git a/drivers/media/dvb-frontends/s921.c b/drivers/media/dvb-frontends/s921.c +index 274544a3ae0e..9ef9b9bc1bd2 100644 +--- a/drivers/media/dvb-frontends/s921.c ++++ b/drivers/media/dvb-frontends/s921.c +@@ -464,7 +464,7 @@ static int s921_tune(struct dvb_frontend *fe, + return rc; + } + +-static int s921_get_algo(struct dvb_frontend *fe) ++static enum dvbfe_algo s921_get_algo(struct dvb_frontend *fe) + { + return DVBFE_ALGO_HW; + } +diff --git a/drivers/media/pci/bt8xx/dst.c b/drivers/media/pci/bt8xx/dst.c +index 7166d2279465..fa682f9fdc4b 100644 +--- a/drivers/media/pci/bt8xx/dst.c ++++ b/drivers/media/pci/bt8xx/dst.c +@@ -1657,7 +1657,7 @@ static int dst_tune_frontend(struct dvb_frontend* fe, + return 0; + } + +-static int dst_get_tuning_algo(struct dvb_frontend *fe) ++static enum dvbfe_algo dst_get_tuning_algo(struct dvb_frontend *fe) + { + return dst_algo ? DVBFE_ALGO_HW : DVBFE_ALGO_SW; + } +diff --git a/drivers/media/pci/pt1/va1j5jf8007s.c b/drivers/media/pci/pt1/va1j5jf8007s.c +index f75f69556be7..d913a6050e8c 100644 +--- a/drivers/media/pci/pt1/va1j5jf8007s.c ++++ b/drivers/media/pci/pt1/va1j5jf8007s.c +@@ -98,7 +98,7 @@ static int va1j5jf8007s_read_snr(struct dvb_frontend *fe, u16 *snr) + return 0; + } + +-static int va1j5jf8007s_get_frontend_algo(struct dvb_frontend *fe) ++static enum dvbfe_algo va1j5jf8007s_get_frontend_algo(struct dvb_frontend *fe) + { + return DVBFE_ALGO_HW; + } +diff --git a/drivers/media/pci/pt1/va1j5jf8007t.c b/drivers/media/pci/pt1/va1j5jf8007t.c +index 63fda79a75c0..4115c3ccd4a8 100644 +--- a/drivers/media/pci/pt1/va1j5jf8007t.c ++++ b/drivers/media/pci/pt1/va1j5jf8007t.c +@@ -88,7 +88,7 @@ static int va1j5jf8007t_read_snr(struct dvb_frontend *fe, u16 *snr) + return 0; + } + +-static int va1j5jf8007t_get_frontend_algo(struct dvb_frontend *fe) ++static enum dvbfe_algo va1j5jf8007t_get_frontend_algo(struct dvb_frontend *fe) + { + return DVBFE_ALGO_HW; + } +diff --git a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c +index 981b3ef71e47..9883da1da383 100644 +--- a/drivers/misc/lkdtm_core.c ++++ b/drivers/misc/lkdtm_core.c +@@ -78,7 +78,7 @@ static irqreturn_t jp_handle_irq_event(unsigned int irq, + return 0; + } + +-static void jp_tasklet_action(struct softirq_action *a) ++static void jp_tasklet_action(void) + { + lkdtm_handler(); + jprobe_return(); +diff --git a/drivers/tty/Kconfig b/drivers/tty/Kconfig +index b811442c5ce6..4f62a63cbcb1 100644 +--- a/drivers/tty/Kconfig ++++ b/drivers/tty/Kconfig +@@ -122,7 +122,6 @@ config UNIX98_PTYS + + config LEGACY_PTYS + bool "Legacy (BSD) PTY support" +- default y + ---help--- + A pseudo terminal (PTY) is a software device consisting of two + halves: a master and a slave. The slave device behaves identical to +diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c +index 562d31073f9a..2184b9b5485f 100644 +--- a/drivers/tty/tty_io.c ++++ b/drivers/tty/tty_io.c +@@ -171,6 +171,7 @@ static void free_tty_struct(struct tty_struct *tty) + put_device(tty->dev); + kfree(tty->write_buf); + tty->magic = 0xDEADDEAD; ++ put_user_ns(tty->owner_user_ns); + kfree(tty); + } + +@@ -2154,11 +2155,19 @@ static int tty_fasync(int fd, struct file *filp, int on) + * FIXME: may race normal receive processing + */ + ++int tiocsti_restrict = IS_ENABLED(CONFIG_SECURITY_TIOCSTI_RESTRICT); ++ + static int tiocsti(struct tty_struct *tty, char __user *p) + { + char ch, mbz = 0; + struct tty_ldisc *ld; + ++ if (tiocsti_restrict && ++ !ns_capable(tty->owner_user_ns, CAP_SYS_ADMIN)) { ++ dev_warn_ratelimited(tty->dev, ++ "Denied TIOCSTI ioctl for non-privileged process\n"); ++ return -EPERM; ++ } + if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN)) + return -EPERM; + if (get_user(ch, p)) +@@ -2841,6 +2850,7 @@ struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) + tty->index = idx; + tty_line_name(driver, idx, tty->name); + tty->dev = tty_get_device(tty); ++ tty->owner_user_ns = get_user_ns(current_user_ns()); + + return tty; + } +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c +index 442be7f312f6..788557d5c454 100644 +--- a/drivers/usb/core/hub.c ++++ b/drivers/usb/core/hub.c +@@ -38,6 +38,8 @@ + #define USB_VENDOR_GENESYS_LOGIC 0x05e3 + #define HUB_QUIRK_CHECK_PORT_AUTOSUSPEND 0x01 + ++extern int deny_new_usb; ++ + /* Protect struct usb_device->state and ->children members + * Note: Both are also protected by ->dev.sem, except that ->state can + * change to USB_STATE_NOTATTACHED even when the semaphore isn't held. */ +@@ -4806,6 +4808,12 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus, + goto done; + return; + } ++ ++ if (deny_new_usb) { ++ dev_err(&port_dev->dev, "denied insert of USB device on port %d\n", port1); ++ goto done; ++ } ++ + if (hub_is_superspeed(hub->hdev)) + unit_load = 150; + else +diff --git a/fs/exec.c b/fs/exec.c +index 0da4d748b4e6..69fcee853363 100644 +--- a/fs/exec.c ++++ b/fs/exec.c +@@ -62,6 +62,7 @@ + #include <linux/oom.h> + #include <linux/compat.h> + #include <linux/vmalloc.h> ++#include <linux/random.h> + + #include <linux/uaccess.h> + #include <asm/mmu_context.h> +@@ -321,6 +322,8 @@ static int __bprm_mm_init(struct linux_binprm *bprm) + arch_bprm_mm_init(mm, vma); + up_write(&mm->mmap_sem); + bprm->p = vma->vm_end - sizeof(void *); ++ if (randomize_va_space) ++ bprm->p ^= get_random_int() & ~PAGE_MASK; + return 0; + err: + up_write(&mm->mmap_sem); +diff --git a/fs/namei.c b/fs/namei.c +index 0b46b858cd42..3ae8e72341da 100644 +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -902,8 +902,8 @@ static inline void put_link(struct nameidata *nd) + path_put(&last->link); + } + +-int sysctl_protected_symlinks __read_mostly = 0; +-int sysctl_protected_hardlinks __read_mostly = 0; ++int sysctl_protected_symlinks __read_mostly = 1; ++int sysctl_protected_hardlinks __read_mostly = 1; + + /** + * may_follow_link - Check symlink following for unsafe situations +diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig +index 5f93cfacb3d1..cea0d7d3b23e 100644 +--- a/fs/nfs/Kconfig ++++ b/fs/nfs/Kconfig +@@ -195,4 +195,3 @@ config NFS_DEBUG + bool + depends on NFS_FS && SUNRPC_DEBUG + select CRC32 +- default y +diff --git a/fs/pipe.c b/fs/pipe.c +index 8ef7d7bef775..b82f305ec13d 100644 +--- a/fs/pipe.c ++++ b/fs/pipe.c +@@ -38,7 +38,7 @@ unsigned int pipe_max_size = 1048576; + /* + * Minimum pipe size, as required by POSIX + */ +-unsigned int pipe_min_size = PAGE_SIZE; ++unsigned int pipe_min_size __read_only = PAGE_SIZE; + + /* Maximum allocatable pages per user. Hard limit is unset by default, soft + * matches default values. +diff --git a/fs/proc/Kconfig b/fs/proc/Kconfig +index 1ade1206bb89..60b0f76dec47 100644 +--- a/fs/proc/Kconfig ++++ b/fs/proc/Kconfig +@@ -39,7 +39,6 @@ config PROC_KCORE + config PROC_VMCORE + bool "/proc/vmcore support" + depends on PROC_FS && CRASH_DUMP +- default y + help + Exports the dump image of crashed kernel in ELF format. + +diff --git a/fs/stat.c b/fs/stat.c +index 873785dae022..d3c2ada8b9c7 100644 +--- a/fs/stat.c ++++ b/fs/stat.c +@@ -40,8 +40,13 @@ void generic_fillattr(struct inode *inode, struct kstat *stat) + stat->gid = inode->i_gid; + stat->rdev = inode->i_rdev; + stat->size = i_size_read(inode); +- stat->atime = inode->i_atime; +- stat->mtime = inode->i_mtime; ++ if (is_sidechannel_device(inode) && !capable_noaudit(CAP_MKNOD)) { ++ stat->atime = inode->i_ctime; ++ stat->mtime = inode->i_ctime; ++ } else { ++ stat->atime = inode->i_atime; ++ stat->mtime = inode->i_mtime; ++ } + stat->ctime = inode->i_ctime; + stat->blksize = i_blocksize(inode); + stat->blocks = inode->i_blocks; +@@ -75,9 +80,14 @@ int vfs_getattr_nosec(const struct path *path, struct kstat *stat, + stat->result_mask |= STATX_BASIC_STATS; + request_mask &= STATX_ALL; + query_flags &= KSTAT_QUERY_FLAGS; +- if (inode->i_op->getattr) +- return inode->i_op->getattr(path, stat, request_mask, +- query_flags); ++ if (inode->i_op->getattr) { ++ int retval = inode->i_op->getattr(path, stat, request_mask, query_flags); ++ if (!retval && is_sidechannel_device(inode) && !capable_noaudit(CAP_MKNOD)) { ++ stat->atime = stat->ctime; ++ stat->mtime = stat->ctime; ++ } ++ return retval; ++ } + + generic_fillattr(inode, stat); + return 0; +diff --git a/include/linux/cache.h b/include/linux/cache.h +index 750621e41d1c..e7157c18c62c 100644 +--- a/include/linux/cache.h ++++ b/include/linux/cache.h +@@ -31,6 +31,8 @@ + #define __ro_after_init __attribute__((__section__(".data..ro_after_init"))) + #endif + ++#define __read_only __ro_after_init ++ + #ifndef ____cacheline_aligned + #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES))) + #endif +diff --git a/include/linux/capability.h b/include/linux/capability.h +index f640dcbc880c..2b4f5d651f19 100644 +--- a/include/linux/capability.h ++++ b/include/linux/capability.h +@@ -207,6 +207,7 @@ extern bool has_capability_noaudit(struct task_struct *t, int cap); + extern bool has_ns_capability_noaudit(struct task_struct *t, + struct user_namespace *ns, int cap); + extern bool capable(int cap); ++extern bool capable_noaudit(int cap); + extern bool ns_capable(struct user_namespace *ns, int cap); + extern bool ns_capable_noaudit(struct user_namespace *ns, int cap); + #else +@@ -232,6 +233,10 @@ static inline bool capable(int cap) + { + return true; + } ++static inline bool capable_noaudit(int cap) ++{ ++ return true; ++} + static inline bool ns_capable(struct user_namespace *ns, int cap) + { + return true; +diff --git a/include/linux/fs.h b/include/linux/fs.h +index cc613f20e5a6..7606596d6c2e 100644 +--- a/include/linux/fs.h ++++ b/include/linux/fs.h +@@ -3392,4 +3392,15 @@ static inline bool dir_relax_shared(struct inode *inode) + extern bool path_noexec(const struct path *path); + extern void inode_nohighmem(struct inode *inode); + ++extern int device_sidechannel_restrict; ++ ++static inline bool is_sidechannel_device(const struct inode *inode) ++{ ++ umode_t mode; ++ if (!device_sidechannel_restrict) ++ return false; ++ mode = inode->i_mode; ++ return ((S_ISCHR(mode) || S_ISBLK(mode)) && (mode & (S_IROTH | S_IWOTH))); ++} ++ + #endif /* _LINUX_FS_H */ +diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h +index bdaf22582f6e..326ff15d4637 100644 +--- a/include/linux/fsnotify.h ++++ b/include/linux/fsnotify.h +@@ -181,6 +181,9 @@ static inline void fsnotify_access(struct file *file) + struct inode *inode = path->dentry->d_inode; + __u32 mask = FS_ACCESS; + ++ if (is_sidechannel_device(inode)) ++ return; ++ + if (S_ISDIR(inode->i_mode)) + mask |= FS_ISDIR; + +@@ -199,6 +202,9 @@ static inline void fsnotify_modify(struct file *file) + struct inode *inode = path->dentry->d_inode; + __u32 mask = FS_MODIFY; + ++ if (is_sidechannel_device(inode)) ++ return; ++ + if (S_ISDIR(inode->i_mode)) + mask |= FS_ISDIR; + +diff --git a/include/linux/gfp.h b/include/linux/gfp.h +index b041f94678de..a5e0175c79e0 100644 +--- a/include/linux/gfp.h ++++ b/include/linux/gfp.h +@@ -518,9 +518,9 @@ extern struct page *alloc_pages_vma(gfp_t gfp_mask, int order, + extern unsigned long __get_free_pages(gfp_t gfp_mask, unsigned int order); + extern unsigned long get_zeroed_page(gfp_t gfp_mask); + +-void *alloc_pages_exact(size_t size, gfp_t gfp_mask); ++void *alloc_pages_exact(size_t size, gfp_t gfp_mask) __attribute__((alloc_size(1))); + void free_pages_exact(void *virt, size_t size); +-void * __meminit alloc_pages_exact_nid(int nid, size_t size, gfp_t gfp_mask); ++void * __meminit alloc_pages_exact_nid(int nid, size_t size, gfp_t gfp_mask) __attribute__((alloc_size(1))); + + #define __get_free_page(gfp_mask) \ + __get_free_pages((gfp_mask), 0) +diff --git a/include/linux/highmem.h b/include/linux/highmem.h +index 776f90f3a1cd..3f5c47000059 100644 +--- a/include/linux/highmem.h ++++ b/include/linux/highmem.h +@@ -191,6 +191,13 @@ static inline void clear_highpage(struct page *page) + kunmap_atomic(kaddr); + } + ++static inline void verify_zero_highpage(struct page *page) ++{ ++ void *kaddr = kmap_atomic(page); ++ BUG_ON(memchr_inv(kaddr, 0, PAGE_SIZE)); ++ kunmap_atomic(kaddr); ++} ++ + static inline void zero_user_segments(struct page *page, + unsigned start1, unsigned end1, + unsigned start2, unsigned end2) +diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h +index 69c238210325..ee487ea4f48f 100644 +--- a/include/linux/interrupt.h ++++ b/include/linux/interrupt.h +@@ -485,7 +485,7 @@ extern const char * const softirq_to_name[NR_SOFTIRQS]; + + struct softirq_action + { +- void (*action)(struct softirq_action *); ++ void (*action)(void); + }; + + asmlinkage void do_softirq(void); +@@ -500,7 +500,7 @@ static inline void do_softirq_own_stack(void) + } + #endif + +-extern void open_softirq(int nr, void (*action)(struct softirq_action *)); ++extern void __init open_softirq(int nr, void (*action)(void)); + extern void softirq_init(void); + extern void __raise_softirq_irqoff(unsigned int nr); + +diff --git a/include/linux/kobject_ns.h b/include/linux/kobject_ns.h +index df32d2508290..c992d130b94d 100644 +--- a/include/linux/kobject_ns.h ++++ b/include/linux/kobject_ns.h +@@ -46,7 +46,7 @@ struct kobj_ns_type_operations { + void (*drop_ns)(void *); + }; + +-int kobj_ns_type_register(const struct kobj_ns_type_operations *ops); ++int __init kobj_ns_type_register(const struct kobj_ns_type_operations *ops); + int kobj_ns_type_registered(enum kobj_ns_type type); + const struct kobj_ns_type_operations *kobj_child_ns_ops(struct kobject *parent); + const struct kobj_ns_type_operations *kobj_ns_ops(struct kobject *kobj); +diff --git a/include/linux/mm.h b/include/linux/mm.h +index f23215854c80..98df98c44cc0 100644 +--- a/include/linux/mm.h ++++ b/include/linux/mm.h +@@ -525,7 +525,7 @@ static inline int is_vmalloc_or_module_addr(const void *x) + } + #endif + +-extern void *kvmalloc_node(size_t size, gfp_t flags, int node); ++extern void *kvmalloc_node(size_t size, gfp_t flags, int node) __attribute__((alloc_size(1))); + static inline void *kvmalloc(size_t size, gfp_t flags) + { + return kvmalloc_node(size, flags, NUMA_NO_NODE); +diff --git a/include/linux/percpu.h b/include/linux/percpu.h +index 296bbe49d5d1..b26652c9a98d 100644 +--- a/include/linux/percpu.h ++++ b/include/linux/percpu.h +@@ -129,7 +129,7 @@ extern int __init pcpu_page_first_chunk(size_t reserved_size, + pcpu_fc_populate_pte_fn_t populate_pte_fn); + #endif + +-extern void __percpu *__alloc_reserved_percpu(size_t size, size_t align); ++extern void __percpu *__alloc_reserved_percpu(size_t size, size_t align) __attribute__((alloc_size(1))); + extern bool __is_kernel_percpu_address(unsigned long addr, unsigned long *can_addr); + extern bool is_kernel_percpu_address(unsigned long addr); + +@@ -137,8 +137,8 @@ extern bool is_kernel_percpu_address(unsigned long addr); + extern void __init setup_per_cpu_areas(void); + #endif + +-extern void __percpu *__alloc_percpu_gfp(size_t size, size_t align, gfp_t gfp); +-extern void __percpu *__alloc_percpu(size_t size, size_t align); ++extern void __percpu *__alloc_percpu_gfp(size_t size, size_t align, gfp_t gfp) __attribute__((alloc_size(1))); ++extern void __percpu *__alloc_percpu(size_t size, size_t align) __attribute__((alloc_size(1))); + extern void free_percpu(void __percpu *__pdata); + extern phys_addr_t per_cpu_ptr_to_phys(void *addr); + +diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h +index 8e22f24ded6a..b7fecdfa6de5 100644 +--- a/include/linux/perf_event.h ++++ b/include/linux/perf_event.h +@@ -1165,6 +1165,11 @@ extern int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write, + int perf_event_max_stack_handler(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos); + ++static inline bool perf_paranoid_any(void) ++{ ++ return sysctl_perf_event_paranoid > 2; ++} ++ + static inline bool perf_paranoid_tracepoint_raw(void) + { + return sysctl_perf_event_paranoid > -1; +diff --git a/include/linux/slab.h b/include/linux/slab.h +index ae5ed6492d54..fd0786124504 100644 +--- a/include/linux/slab.h ++++ b/include/linux/slab.h +@@ -146,8 +146,8 @@ void memcg_destroy_kmem_caches(struct mem_cgroup *); + /* + * Common kmalloc functions provided by all allocators + */ +-void * __must_check __krealloc(const void *, size_t, gfp_t); +-void * __must_check krealloc(const void *, size_t, gfp_t); ++void * __must_check __krealloc(const void *, size_t, gfp_t) __attribute__((alloc_size(2))); ++void * __must_check krealloc(const void *, size_t, gfp_t) __attribute((alloc_size(2))); + void kfree(const void *); + void kzfree(const void *); + size_t ksize(const void *); +@@ -324,7 +324,7 @@ static __always_inline int kmalloc_index(size_t size) + } + #endif /* !CONFIG_SLOB */ + +-void *__kmalloc(size_t size, gfp_t flags) __assume_kmalloc_alignment __malloc; ++void *__kmalloc(size_t size, gfp_t flags) __assume_kmalloc_alignment __malloc __attribute__((alloc_size(1))); + void *kmem_cache_alloc(struct kmem_cache *, gfp_t flags) __assume_slab_alignment __malloc; + void kmem_cache_free(struct kmem_cache *, void *); + +@@ -348,7 +348,7 @@ static __always_inline void kfree_bulk(size_t size, void **p) + } + + #ifdef CONFIG_NUMA +-void *__kmalloc_node(size_t size, gfp_t flags, int node) __assume_kmalloc_alignment __malloc; ++void *__kmalloc_node(size_t size, gfp_t flags, int node) __assume_kmalloc_alignment __malloc __attribute__((alloc_size(1))); + void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node) __assume_slab_alignment __malloc; + #else + static __always_inline void *__kmalloc_node(size_t size, gfp_t flags, int node) +@@ -473,7 +473,7 @@ static __always_inline void *kmalloc_large(size_t size, gfp_t flags) + * for general use, and so are not documented here. For a full list of + * potential flags, always refer to linux/gfp.h. + */ +-static __always_inline void *kmalloc(size_t size, gfp_t flags) ++static __always_inline __attribute__((alloc_size(1))) void *kmalloc(size_t size, gfp_t flags) + { + if (__builtin_constant_p(size)) { + if (size > KMALLOC_MAX_CACHE_SIZE) +@@ -513,7 +513,7 @@ static __always_inline int kmalloc_size(int n) + return 0; + } + +-static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) ++static __always_inline __attribute__((alloc_size(1))) void *kmalloc_node(size_t size, gfp_t flags, int node) + { + #ifndef CONFIG_SLOB + if (__builtin_constant_p(size) && +diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h +index 39fa09bcde23..0b7a48cd883b 100644 +--- a/include/linux/slub_def.h ++++ b/include/linux/slub_def.h +@@ -120,6 +120,11 @@ struct kmem_cache { + unsigned long random; + #endif + ++#ifdef CONFIG_SLAB_CANARY ++ unsigned long random_active; ++ unsigned long random_inactive; ++#endif ++ + #ifdef CONFIG_NUMA + /* + * Defragmentation by allocating from a remote node. +diff --git a/include/linux/string.h b/include/linux/string.h +index cfd83eb2f926..b9ecb42c762d 100644 +--- a/include/linux/string.h ++++ b/include/linux/string.h +@@ -234,10 +234,16 @@ void __read_overflow2(void) __compiletime_error("detected read beyond size of ob + void __read_overflow3(void) __compiletime_error("detected read beyond size of object passed as 3rd parameter"); + void __write_overflow(void) __compiletime_error("detected write beyond size of object passed as 1st parameter"); + ++#ifdef CONFIG_FORTIFY_SOURCE_STRICT_STRING ++#define __string_size(p) __builtin_object_size(p, 1) ++#else ++#define __string_size(p) __builtin_object_size(p, 0) ++#endif ++ + #if !defined(__NO_FORTIFY) && defined(__OPTIMIZE__) && defined(CONFIG_FORTIFY_SOURCE) + __FORTIFY_INLINE char *strncpy(char *p, const char *q, __kernel_size_t size) + { +- size_t p_size = __builtin_object_size(p, 0); ++ size_t p_size = __string_size(p); + if (__builtin_constant_p(size) && p_size < size) + __write_overflow(); + if (p_size < size) +@@ -247,7 +253,7 @@ __FORTIFY_INLINE char *strncpy(char *p, const char *q, __kernel_size_t size) + + __FORTIFY_INLINE char *strcat(char *p, const char *q) + { +- size_t p_size = __builtin_object_size(p, 0); ++ size_t p_size = __string_size(p); + if (p_size == (size_t)-1) + return __builtin_strcat(p, q); + if (strlcat(p, q, p_size) >= p_size) +@@ -258,7 +264,7 @@ __FORTIFY_INLINE char *strcat(char *p, const char *q) + __FORTIFY_INLINE __kernel_size_t strlen(const char *p) + { + __kernel_size_t ret; +- size_t p_size = __builtin_object_size(p, 0); ++ size_t p_size = __string_size(p); + + /* Work around gcc excess stack consumption issue */ + if (p_size == (size_t)-1 || +@@ -273,7 +279,7 @@ __FORTIFY_INLINE __kernel_size_t strlen(const char *p) + extern __kernel_size_t __real_strnlen(const char *, __kernel_size_t) __RENAME(strnlen); + __FORTIFY_INLINE __kernel_size_t strnlen(const char *p, __kernel_size_t maxlen) + { +- size_t p_size = __builtin_object_size(p, 0); ++ size_t p_size = __string_size(p); + __kernel_size_t ret = __real_strnlen(p, maxlen < p_size ? maxlen : p_size); + if (p_size <= ret && maxlen != ret) + fortify_panic(__func__); +@@ -285,8 +291,8 @@ extern size_t __real_strlcpy(char *, const char *, size_t) __RENAME(strlcpy); + __FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size) + { + size_t ret; +- size_t p_size = __builtin_object_size(p, 0); +- size_t q_size = __builtin_object_size(q, 0); ++ size_t p_size = __string_size(p); ++ size_t q_size = __string_size(q); + if (p_size == (size_t)-1 && q_size == (size_t)-1) + return __real_strlcpy(p, q, size); + ret = strlen(q); +@@ -306,8 +312,8 @@ __FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size) + __FORTIFY_INLINE char *strncat(char *p, const char *q, __kernel_size_t count) + { + size_t p_len, copy_len; +- size_t p_size = __builtin_object_size(p, 0); +- size_t q_size = __builtin_object_size(q, 0); ++ size_t p_size = __string_size(p); ++ size_t q_size = __string_size(q); + if (p_size == (size_t)-1 && q_size == (size_t)-1) + return __builtin_strncat(p, q, count); + p_len = strlen(p); +@@ -420,8 +426,8 @@ __FORTIFY_INLINE void *kmemdup(const void *p, size_t size, gfp_t gfp) + /* defined after fortified strlen and memcpy to reuse them */ + __FORTIFY_INLINE char *strcpy(char *p, const char *q) + { +- size_t p_size = __builtin_object_size(p, 0); +- size_t q_size = __builtin_object_size(q, 0); ++ size_t p_size = __string_size(p); ++ size_t q_size = __string_size(q); + if (p_size == (size_t)-1 && q_size == (size_t)-1) + return __builtin_strcpy(p, q); + memcpy(p, q, strlen(q) + 1); +diff --git a/include/linux/tty.h b/include/linux/tty.h +index 1dd587ba6d88..9a9a04fb641d 100644 +--- a/include/linux/tty.h ++++ b/include/linux/tty.h +@@ -13,6 +13,7 @@ + #include <uapi/linux/tty.h> + #include <linux/rwsem.h> + #include <linux/llist.h> ++#include <linux/user_namespace.h> + + + /* +@@ -335,6 +336,7 @@ struct tty_struct { + /* If the tty has a pending do_SAK, queue it here - akpm */ + struct work_struct SAK_work; + struct tty_port *port; ++ struct user_namespace *owner_user_ns; + } __randomize_layout; + + /* Each of a tty's open files has private_data pointing to tty_file_private */ +@@ -344,6 +346,8 @@ struct tty_file_private { + struct list_head list; + }; + ++extern int tiocsti_restrict; ++ + /* tty magic number */ + #define TTY_MAGIC 0x5401 + +diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h +index 1e5d8c392f15..66d0e49c9987 100644 +--- a/include/linux/vmalloc.h ++++ b/include/linux/vmalloc.h +@@ -68,19 +68,19 @@ static inline void vmalloc_init(void) + } + #endif + +-extern void *vmalloc(unsigned long size); +-extern void *vzalloc(unsigned long size); +-extern void *vmalloc_user(unsigned long size); +-extern void *vmalloc_node(unsigned long size, int node); +-extern void *vzalloc_node(unsigned long size, int node); +-extern void *vmalloc_exec(unsigned long size); +-extern void *vmalloc_32(unsigned long size); +-extern void *vmalloc_32_user(unsigned long size); +-extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot); ++extern void *vmalloc(unsigned long size) __attribute__((alloc_size(1))); ++extern void *vzalloc(unsigned long size) __attribute__((alloc_size(1))); ++extern void *vmalloc_user(unsigned long size) __attribute__((alloc_size(1))); ++extern void *vmalloc_node(unsigned long size, int node) __attribute__((alloc_size(1))); ++extern void *vzalloc_node(unsigned long size, int node) __attribute__((alloc_size(1))); ++extern void *vmalloc_exec(unsigned long size) __attribute__((alloc_size(1))); ++extern void *vmalloc_32(unsigned long size) __attribute__((alloc_size(1))); ++extern void *vmalloc_32_user(unsigned long size) __attribute__((alloc_size(1))); ++extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot) __attribute__((alloc_size(1))); + extern void *__vmalloc_node_range(unsigned long size, unsigned long align, + unsigned long start, unsigned long end, gfp_t gfp_mask, + pgprot_t prot, unsigned long vm_flags, int node, +- const void *caller); ++ const void *caller) __attribute__((alloc_size(1))); + #ifndef CONFIG_MMU + extern void *__vmalloc_node_flags(unsigned long size, int node, gfp_t flags); + static inline void *__vmalloc_node_flags_caller(unsigned long size, int node, +diff --git a/init/Kconfig b/init/Kconfig +index 46075327c165..0c78750bc76d 100644 +--- a/init/Kconfig ++++ b/init/Kconfig +@@ -309,6 +309,7 @@ config USELIB + config AUDIT + bool "Auditing support" + depends on NET ++ default y + help + Enable auditing infrastructure that can be used with another + kernel subsystem, such as SELinux (which requires this for +@@ -1052,6 +1053,12 @@ config CC_OPTIMIZE_FOR_SIZE + + endchoice + ++config LOCAL_INIT ++ bool "Zero uninitialized locals" ++ help ++ Zero-fill uninitialized local variables, other than variable-length ++ arrays. Requires compiler support. ++ + config SYSCTL + bool + +@@ -1361,8 +1368,7 @@ config SHMEM + which may be appropriate on small systems without swap. + + config AIO +- bool "Enable AIO support" if EXPERT +- default y ++ bool "Enable AIO support" + help + This option enables POSIX asynchronous I/O which may by used + by some high performance threaded applications. Disabling +@@ -1491,7 +1497,7 @@ config VM_EVENT_COUNTERS + + config SLUB_DEBUG + default y +- bool "Enable SLUB debugging support" if EXPERT ++ bool "Enable SLUB debugging support" + depends on SLUB && SYSFS + help + SLUB has extensive debug support features. Disabling these can +@@ -1515,7 +1521,6 @@ config SLUB_MEMCG_SYSFS_ON + + config COMPAT_BRK + bool "Disable heap randomization" +- default y + help + Randomizing heap placement makes heap exploits harder, but it + also breaks ancient binaries (including anything libc5 based). +@@ -1562,7 +1567,6 @@ endchoice + + config SLAB_MERGE_DEFAULT + bool "Allow slab caches to be merged" +- default y + help + For reduced kernel memory fragmentation, slab caches can be + merged when they share the same size and other characteristics. +@@ -1575,9 +1579,9 @@ config SLAB_MERGE_DEFAULT + command line. + + config SLAB_FREELIST_RANDOM +- default n + depends on SLAB || SLUB + bool "SLAB freelist randomization" ++ default y + help + Randomizes the freelist order used on creating new pages. This + security feature reduces the predictability of the kernel slab +@@ -1586,12 +1590,56 @@ config SLAB_FREELIST_RANDOM + config SLAB_FREELIST_HARDENED + bool "Harden slab freelist metadata" + depends on SLUB ++ default y + help + Many kernel heap attacks try to target slab cache metadata and + other infrastructure. This options makes minor performance + sacrifies to harden the kernel slab allocator against common + freelist exploit methods. + ++config SLAB_HARDENED ++ default y ++ depends on SLUB ++ bool "Hardened SLAB infrastructure" ++ help ++ Make minor performance sacrifices to harden the kernel slab ++ allocator. ++ ++config SLAB_CANARY ++ depends on SLUB ++ depends on !SLAB_MERGE_DEFAULT ++ bool "SLAB canaries" ++ default y ++ help ++ Place canaries at the end of kernel slab allocations, sacrificing ++ some performance and memory usage for security. ++ ++ Canaries can detect some forms of heap corruption when allocations ++ are freed and as part of the HARDENED_USERCOPY feature. It provides ++ basic use-after-free detection for HARDENED_USERCOPY. ++ ++ Canaries absorb small overflows (rendering them harmless), mitigate ++ non-NUL terminated C string overflows on 64-bit via a guaranteed zero ++ byte and provide basic double-free detection. ++ ++config SLAB_SANITIZE ++ bool "Sanitize SLAB allocations" ++ depends on SLUB ++ default y ++ help ++ Zero fill slab allocations on free, reducing the lifetime of ++ sensitive data and helping to mitigate use-after-free bugs. ++ ++ For slabs with debug poisoning enabling, this has no impact. ++ ++config SLAB_SANITIZE_VERIFY ++ depends on SLAB_SANITIZE && PAGE_SANITIZE ++ default y ++ bool "Verify sanitized SLAB allocations" ++ help ++ Verify that newly allocated slab allocations are zeroed to detect ++ write-after-free bugs. ++ + config SLUB_CPU_PARTIAL + default y + depends on SLUB && SMP +diff --git a/kernel/audit.c b/kernel/audit.c +index 5b34d3114af4..e57930192ce1 100644 +--- a/kernel/audit.c ++++ b/kernel/audit.c +@@ -1573,6 +1573,9 @@ static int __init audit_enable(char *str) + audit_default = !!simple_strtol(str, NULL, 0); + if (!audit_default) + audit_initialized = AUDIT_DISABLED; ++ else ++ audit_initialized = AUDIT_UNINITIALIZED; ++ + audit_enabled = audit_default; + audit_ever_enabled = !!audit_enabled; + +diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c +index d203a5d6b726..2a6c3e2c57a6 100644 +--- a/kernel/bpf/core.c ++++ b/kernel/bpf/core.c +@@ -539,7 +539,7 @@ void __weak bpf_jit_free(struct bpf_prog *fp) + bpf_prog_unlock_free(fp); + } + +-int bpf_jit_harden __read_mostly; ++int bpf_jit_harden __read_mostly = 2; + + static int bpf_jit_blind_insn(const struct bpf_insn *from, + const struct bpf_insn *aux, +diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c +index 4e933219fec6..0f37db32a2b1 100644 +--- a/kernel/bpf/syscall.c ++++ b/kernel/bpf/syscall.c +@@ -37,7 +37,7 @@ static DEFINE_SPINLOCK(prog_idr_lock); + static DEFINE_IDR(map_idr); + static DEFINE_SPINLOCK(map_idr_lock); + +-int sysctl_unprivileged_bpf_disabled __read_mostly; ++int sysctl_unprivileged_bpf_disabled __read_mostly = 1; + + static const struct bpf_map_ops * const bpf_map_types[] = { + #define BPF_PROG_TYPE(_id, _ops) +diff --git a/kernel/capability.c b/kernel/capability.c +index 1e1c0236f55b..452062fe45ce 100644 +--- a/kernel/capability.c ++++ b/kernel/capability.c +@@ -431,6 +431,12 @@ bool capable(int cap) + return ns_capable(&init_user_ns, cap); + } + EXPORT_SYMBOL(capable); ++ ++bool capable_noaudit(int cap) ++{ ++ return ns_capable_noaudit(&init_user_ns, cap); ++} ++EXPORT_SYMBOL(capable_noaudit); + #endif /* CONFIG_MULTIUSER */ + + /** +diff --git a/kernel/events/core.c b/kernel/events/core.c +index cb8274d7824f..c1b3d232b0a4 100644 +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -397,8 +397,13 @@ static cpumask_var_t perf_online_mask; + * 0 - disallow raw tracepoint access for unpriv + * 1 - disallow cpu events for unpriv + * 2 - disallow kernel profiling for unpriv ++ * 3 - disallow all unpriv perf event use + */ ++#ifdef CONFIG_SECURITY_PERF_EVENTS_RESTRICT ++int sysctl_perf_event_paranoid __read_mostly = 3; ++#else + int sysctl_perf_event_paranoid __read_mostly = 2; ++#endif + + /* Minimum for 512 kiB + 1 user control page */ + int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */ +@@ -9941,6 +9946,9 @@ SYSCALL_DEFINE5(perf_event_open, + if (flags & ~PERF_FLAG_ALL) + return -EINVAL; + ++ if (perf_paranoid_any() && !capable(CAP_SYS_ADMIN)) ++ return -EACCES; ++ + err = perf_copy_attr(attr_uptr, &attr); + if (err) + return err; +diff --git a/kernel/fork.c b/kernel/fork.c +index 98c91bd341b4..dbb9540ee61c 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -102,6 +102,11 @@ + + #define CREATE_TRACE_POINTS + #include <trace/events/task.h> ++#ifdef CONFIG_USER_NS ++extern int unprivileged_userns_clone; ++#else ++#define unprivileged_userns_clone 0 ++#endif + + /* + * Minimum number of threads to boot the kernel +@@ -1554,6 +1559,10 @@ static __latent_entropy struct task_struct *copy_process( + if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) + return ERR_PTR(-EINVAL); + ++ if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) ++ if (!capable(CAP_SYS_ADMIN)) ++ return ERR_PTR(-EPERM); ++ + /* + * Thread groups must share signals as well, and detached threads + * can only be started up within the thread group. +@@ -2347,6 +2356,12 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) + if (unshare_flags & CLONE_NEWNS) + unshare_flags |= CLONE_FS; + ++ if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) { ++ err = -EPERM; ++ if (!capable(CAP_SYS_ADMIN)) ++ goto bad_unshare_out; ++ } ++ + err = check_unshare_flags(unshare_flags); + if (err) + goto bad_unshare_out; +diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c +index 0972a8e09d08..00dde7aad47a 100644 +--- a/kernel/power/snapshot.c ++++ b/kernel/power/snapshot.c +@@ -1136,7 +1136,7 @@ void free_basic_memory_bitmaps(void) + + void clear_free_pages(void) + { +-#ifdef CONFIG_PAGE_POISONING_ZERO ++#if defined(CONFIG_PAGE_POISONING_ZERO) || defined(CONFIG_PAGE_SANITIZE) + struct memory_bitmap *bm = free_pages_map; + unsigned long pfn; + +@@ -1153,7 +1153,7 @@ void clear_free_pages(void) + } + memory_bm_position_reset(bm); + pr_info("PM: free pages cleared after restore\n"); +-#endif /* PAGE_POISONING_ZERO */ ++#endif /* PAGE_POISONING_ZERO || PAGE_SANITIZE */ + } + + /** +diff --git a/kernel/rcu/tiny.c b/kernel/rcu/tiny.c +index a64eee0db39e..4d7de378fe4c 100644 +--- a/kernel/rcu/tiny.c ++++ b/kernel/rcu/tiny.c +@@ -164,7 +164,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp) + } + } + +-static __latent_entropy void rcu_process_callbacks(struct softirq_action *unused) ++static __latent_entropy void rcu_process_callbacks(void) + { + __rcu_process_callbacks(&rcu_sched_ctrlblk); + __rcu_process_callbacks(&rcu_bh_ctrlblk); +diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c +index 3e3650e94ae6..7ecd7a5d04b3 100644 +--- a/kernel/rcu/tree.c ++++ b/kernel/rcu/tree.c +@@ -2918,7 +2918,7 @@ __rcu_process_callbacks(struct rcu_state *rsp) + /* + * Do RCU core processing for the current CPU. + */ +-static __latent_entropy void rcu_process_callbacks(struct softirq_action *unused) ++static __latent_entropy void rcu_process_callbacks(void) + { + struct rcu_state *rsp; + +diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c +index 5c09ddf8c832..f5db6ece105a 100644 +--- a/kernel/sched/fair.c ++++ b/kernel/sched/fair.c +@@ -8986,7 +8986,7 @@ static void nohz_idle_balance(struct rq *this_rq, enum cpu_idle_type idle) { } + * run_rebalance_domains is triggered when needed from the scheduler tick. + * Also triggered for nohz idle balancing (with nohz_balancing_kick set). + */ +-static __latent_entropy void run_rebalance_domains(struct softirq_action *h) ++static __latent_entropy void run_rebalance_domains(void) + { + struct rq *this_rq = this_rq(); + enum cpu_idle_type idle = this_rq->idle_balance ? +diff --git a/kernel/softirq.c b/kernel/softirq.c +index e89c3b0cff6d..0d3ebd520931 100644 +--- a/kernel/softirq.c ++++ b/kernel/softirq.c +@@ -53,7 +53,7 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned; + EXPORT_SYMBOL(irq_stat); + #endif + +-static struct softirq_action softirq_vec[NR_SOFTIRQS] __cacheline_aligned_in_smp; ++static struct softirq_action softirq_vec[NR_SOFTIRQS] __ro_after_init __aligned(PAGE_SIZE); + + DEFINE_PER_CPU(struct task_struct *, ksoftirqd); + +@@ -281,7 +281,7 @@ asmlinkage __visible void __softirq_entry __do_softirq(void) + kstat_incr_softirqs_this_cpu(vec_nr); + + trace_softirq_entry(vec_nr); +- h->action(h); ++ h->action(); + trace_softirq_exit(vec_nr); + if (unlikely(prev_count != preempt_count())) { + pr_err("huh, entered softirq %u %s %p with preempt_count %08x, exited with %08x?\n", +@@ -444,7 +444,7 @@ void __raise_softirq_irqoff(unsigned int nr) + or_softirq_pending(1UL << nr); + } + +-void open_softirq(int nr, void (*action)(struct softirq_action *)) ++void __init open_softirq(int nr, void (*action)(void)) + { + softirq_vec[nr].action = action; + } +@@ -486,7 +486,7 @@ void __tasklet_hi_schedule(struct tasklet_struct *t) + } + EXPORT_SYMBOL(__tasklet_hi_schedule); + +-static __latent_entropy void tasklet_action(struct softirq_action *a) ++static __latent_entropy void tasklet_action(void) + { + struct tasklet_struct *list; + +@@ -522,7 +522,7 @@ static __latent_entropy void tasklet_action(struct softirq_action *a) + } + } + +-static __latent_entropy void tasklet_hi_action(struct softirq_action *a) ++static __latent_entropy void tasklet_hi_action(void) + { + struct tasklet_struct *list; + +diff --git a/kernel/sysctl.c b/kernel/sysctl.c +index 069550540a39..822783a174aa 100644 +--- a/kernel/sysctl.c ++++ b/kernel/sysctl.c +@@ -66,6 +66,7 @@ + #include <linux/kexec.h> + #include <linux/bpf.h> + #include <linux/mount.h> ++#include <linux/tty.h> + + #include <linux/uaccess.h> + #include <asm/processor.h> +@@ -98,12 +99,19 @@ + #if defined(CONFIG_SYSCTL) + + /* External variables not in a header file. */ ++#if IS_ENABLED(CONFIG_USB) ++int deny_new_usb __read_mostly = 0; ++EXPORT_SYMBOL(deny_new_usb); ++#endif + extern int suid_dumpable; + #ifdef CONFIG_COREDUMP + extern int core_uses_pid; + extern char core_pattern[]; + extern unsigned int core_pipe_limit; + #endif ++#ifdef CONFIG_USER_NS ++extern int unprivileged_userns_clone; ++#endif + extern int pid_max; + extern int pid_max_min, pid_max_max; + extern int percpu_pagelist_fraction; +@@ -115,40 +123,43 @@ extern int sysctl_nr_trim_pages; + + /* Constants used for minimum and maximum */ + #ifdef CONFIG_LOCKUP_DETECTOR +-static int sixty = 60; ++static int sixty __read_only = 60; + #endif + +-static int __maybe_unused neg_one = -1; ++static int __maybe_unused neg_one __read_only = -1; + + static int zero; +-static int __maybe_unused one = 1; +-static int __maybe_unused two = 2; +-static int __maybe_unused four = 4; +-static unsigned long one_ul = 1; +-static int one_hundred = 100; +-static int one_thousand = 1000; ++static int __maybe_unused one __read_only = 1; ++static int __maybe_unused two __read_only = 2; ++static int __maybe_unused four __read_only = 4; ++static unsigned long one_ul __read_only = 1; ++static int one_hundred __read_only = 100; ++static int one_thousand __read_only = 1000; + #ifdef CONFIG_PRINTK +-static int ten_thousand = 10000; ++static int ten_thousand __read_only = 10000; + #endif + #ifdef CONFIG_PERF_EVENTS +-static int six_hundred_forty_kb = 640 * 1024; ++static int six_hundred_forty_kb __read_only = 640 * 1024; + #endif + + /* this is needed for the proc_doulongvec_minmax of vm_dirty_bytes */ +-static unsigned long dirty_bytes_min = 2 * PAGE_SIZE; ++static unsigned long dirty_bytes_min __read_only = 2 * PAGE_SIZE; + + /* this is needed for the proc_dointvec_minmax for [fs_]overflow UID and GID */ +-static int maxolduid = 65535; +-static int minolduid; ++static int maxolduid __read_only = 65535; ++static int minolduid __read_only; + +-static int ngroups_max = NGROUPS_MAX; ++static int ngroups_max __read_only = NGROUPS_MAX; + static const int cap_last_cap = CAP_LAST_CAP; + + /*this is needed for proc_doulongvec_minmax of sysctl_hung_task_timeout_secs */ + #ifdef CONFIG_DETECT_HUNG_TASK +-static unsigned long hung_task_timeout_max = (LONG_MAX/HZ); ++static unsigned long hung_task_timeout_max __read_only = (LONG_MAX/HZ); + #endif + ++int device_sidechannel_restrict __read_mostly = 1; ++EXPORT_SYMBOL(device_sidechannel_restrict); ++ + #ifdef CONFIG_INOTIFY_USER + #include <linux/inotify.h> + #endif +@@ -286,19 +297,19 @@ static struct ctl_table sysctl_base_table[] = { + }; + + #ifdef CONFIG_SCHED_DEBUG +-static int min_sched_granularity_ns = 100000; /* 100 usecs */ +-static int max_sched_granularity_ns = NSEC_PER_SEC; /* 1 second */ +-static int min_wakeup_granularity_ns; /* 0 usecs */ +-static int max_wakeup_granularity_ns = NSEC_PER_SEC; /* 1 second */ ++static int min_sched_granularity_ns __read_only = 100000; /* 100 usecs */ ++static int max_sched_granularity_ns __read_only = NSEC_PER_SEC; /* 1 second */ ++static int min_wakeup_granularity_ns __read_only; /* 0 usecs */ ++static int max_wakeup_granularity_ns __read_only = NSEC_PER_SEC; /* 1 second */ + #ifdef CONFIG_SMP +-static int min_sched_tunable_scaling = SCHED_TUNABLESCALING_NONE; +-static int max_sched_tunable_scaling = SCHED_TUNABLESCALING_END-1; ++static int min_sched_tunable_scaling __read_only = SCHED_TUNABLESCALING_NONE; ++static int max_sched_tunable_scaling __read_only = SCHED_TUNABLESCALING_END-1; + #endif /* CONFIG_SMP */ + #endif /* CONFIG_SCHED_DEBUG */ + + #ifdef CONFIG_COMPACTION +-static int min_extfrag_threshold; +-static int max_extfrag_threshold = 1000; ++static int min_extfrag_threshold __read_only; ++static int max_extfrag_threshold __read_only = 1000; + #endif + + static struct ctl_table kern_table[] = { +@@ -512,6 +523,15 @@ static struct ctl_table kern_table[] = { + .proc_handler = proc_dointvec, + }, + #endif ++#ifdef CONFIG_USER_NS ++ { ++ .procname = "unprivileged_userns_clone", ++ .data = &unprivileged_userns_clone, ++ .maxlen = sizeof(int), ++ .mode = 0644, ++ .proc_handler = proc_dointvec, ++ }, ++#endif + #ifdef CONFIG_PROC_SYSCTL + { + .procname = "tainted", +@@ -853,6 +873,37 @@ static struct ctl_table kern_table[] = { + .extra1 = &zero, + .extra2 = &two, + }, ++#endif ++#if defined CONFIG_TTY ++ { ++ .procname = "tiocsti_restrict", ++ .data = &tiocsti_restrict, ++ .maxlen = sizeof(int), ++ .mode = 0644, ++ .proc_handler = proc_dointvec_minmax_sysadmin, ++ .extra1 = &zero, ++ .extra2 = &one, ++ }, ++#endif ++ { ++ .procname = "device_sidechannel_restrict", ++ .data = &device_sidechannel_restrict, ++ .maxlen = sizeof(int), ++ .mode = 0644, ++ .proc_handler = proc_dointvec_minmax_sysadmin, ++ .extra1 = &zero, ++ .extra2 = &one, ++ }, ++#if IS_ENABLED(CONFIG_USB) ++ { ++ .procname = "deny_new_usb", ++ .data = &deny_new_usb, ++ .maxlen = sizeof(int), ++ .mode = 0644, ++ .proc_handler = proc_dointvec_minmax_sysadmin, ++ .extra1 = &zero, ++ .extra2 = &one, ++ }, + #endif + { + .procname = "ngroups_max", +diff --git a/kernel/time/timer.c b/kernel/time/timer.c +index 9fe525f410bf..6a85b0e1292e 100644 +--- a/kernel/time/timer.c ++++ b/kernel/time/timer.c +@@ -1624,7 +1624,7 @@ static inline void __run_timers(struct timer_base *base) + /* + * This function runs timers and the timer-tq in bottom half context. + */ +-static __latent_entropy void run_timer_softirq(struct softirq_action *h) ++static __latent_entropy void run_timer_softirq(void) + { + struct timer_base *base = this_cpu_ptr(&timer_bases[BASE_STD]); + +diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c +index c490f1e4313b..dd03bd39d7bf 100644 +--- a/kernel/user_namespace.c ++++ b/kernel/user_namespace.c +@@ -24,6 +24,9 @@ + #include <linux/projid.h> + #include <linux/fs_struct.h> + ++/* sysctl */ ++int unprivileged_userns_clone; ++ + static struct kmem_cache *user_ns_cachep __read_mostly; + static DEFINE_MUTEX(userns_state_mutex); + +diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug +index 62d0e25c054c..3953072277eb 100644 +--- a/lib/Kconfig.debug ++++ b/lib/Kconfig.debug +@@ -937,6 +937,7 @@ endmenu # "Debug lockups and hangs" + + config PANIC_ON_OOPS + bool "Panic on Oops" ++ default y + help + Say Y here to enable the kernel to panic when it oopses. This + has the same effect as setting oops=panic on the kernel command +@@ -946,7 +947,7 @@ config PANIC_ON_OOPS + anything erroneous after an oops which could result in data + corruption or other issues. + +- Say N if unsure. ++ Say Y if unsure. + + config PANIC_ON_OOPS_VALUE + int +@@ -1319,6 +1320,7 @@ config DEBUG_BUGVERBOSE + config DEBUG_LIST + bool "Debug linked list manipulation" + depends on DEBUG_KERNEL || BUG_ON_DATA_CORRUPTION ++ default y + help + Enable this to turn on extended checks in the linked-list + walking routines. +@@ -1932,6 +1934,7 @@ config MEMTEST + config BUG_ON_DATA_CORRUPTION + bool "Trigger a BUG when data corruption is detected" + select DEBUG_LIST ++ default y + help + Select this option if the kernel should BUG when it encounters + data corruption in kernel memory structures when they get checked +@@ -1952,7 +1955,7 @@ config STRICT_DEVMEM + bool "Filter access to /dev/mem" + depends on MMU && DEVMEM + depends on ARCH_HAS_DEVMEM_IS_ALLOWED +- default y if TILE || PPC ++ default y + ---help--- + If this option is disabled, you allow userspace (root) access to all + of memory, including kernel and userspace memory. Accidental +@@ -1971,6 +1974,7 @@ config STRICT_DEVMEM + config IO_STRICT_DEVMEM + bool "Filter I/O access to /dev/mem" + depends on STRICT_DEVMEM ++ default y + ---help--- + If this option is disabled, you allow userspace (root) access to all + io-memory regardless of whether a driver is actively using that +diff --git a/lib/irq_poll.c b/lib/irq_poll.c +index 86a709954f5a..6f15787fcb1b 100644 +--- a/lib/irq_poll.c ++++ b/lib/irq_poll.c +@@ -75,7 +75,7 @@ void irq_poll_complete(struct irq_poll *iop) + } + EXPORT_SYMBOL(irq_poll_complete); + +-static void __latent_entropy irq_poll_softirq(struct softirq_action *h) ++static void __latent_entropy irq_poll_softirq(void) + { + struct list_head *list = this_cpu_ptr(&blk_cpu_iopoll); + int rearm = 0, budget = irq_poll_budget; +diff --git a/lib/kobject.c b/lib/kobject.c +index 34f847252c02..4fda329de614 100644 +--- a/lib/kobject.c ++++ b/lib/kobject.c +@@ -956,9 +956,9 @@ EXPORT_SYMBOL_GPL(kset_create_and_add); + + + static DEFINE_SPINLOCK(kobj_ns_type_lock); +-static const struct kobj_ns_type_operations *kobj_ns_ops_tbl[KOBJ_NS_TYPES]; ++static const struct kobj_ns_type_operations *kobj_ns_ops_tbl[KOBJ_NS_TYPES] __ro_after_init; + +-int kobj_ns_type_register(const struct kobj_ns_type_operations *ops) ++int __init kobj_ns_type_register(const struct kobj_ns_type_operations *ops) + { + enum kobj_ns_type type = ops->type; + int error; +diff --git a/lib/nlattr.c b/lib/nlattr.c +index 3d8295c85505..3fa3b3409d69 100644 +--- a/lib/nlattr.c ++++ b/lib/nlattr.c +@@ -341,6 +341,8 @@ int nla_memcpy(void *dest, const struct nlattr *src, int count) + { + int minlen = min_t(int, count, nla_len(src)); + ++ BUG_ON(minlen < 0); ++ + memcpy(dest, nla_data(src), minlen); + if (count > minlen) + memset(dest + minlen, 0, count - minlen); +diff --git a/lib/vsprintf.c b/lib/vsprintf.c +index 86c3385b9eb3..c482070e379b 100644 +--- a/lib/vsprintf.c ++++ b/lib/vsprintf.c +@@ -1591,7 +1591,7 @@ char *device_node_string(char *buf, char *end, struct device_node *dn, + return widen_string(buf, buf - buf_start, end, spec); + } + +-int kptr_restrict __read_mostly; ++int kptr_restrict __read_mostly = 2; + + /* + * Show a '%p' thing. A kernel extension is that the '%p' is followed +diff --git a/mm/Kconfig b/mm/Kconfig +index 59efbd3337e0..c070e14ec83d 100644 +--- a/mm/Kconfig ++++ b/mm/Kconfig +@@ -319,7 +319,8 @@ config KSM + config DEFAULT_MMAP_MIN_ADDR + int "Low address space to protect from user allocation" + depends on MMU +- default 4096 ++ default 32768 if ARM || (ARM64 && COMPAT) ++ default 65536 + help + This is the portion of low virtual memory which should be protected + from userspace allocation. Keeping a user from writing to low pages +diff --git a/mm/mmap.c b/mm/mmap.c +index 11f96fad5271..632e7f9a710e 100644 +--- a/mm/mmap.c ++++ b/mm/mmap.c +@@ -220,6 +220,13 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) + + newbrk = PAGE_ALIGN(brk); + oldbrk = PAGE_ALIGN(mm->brk); ++ /* properly handle unaligned min_brk as an empty heap */ ++ if (min_brk & ~PAGE_MASK) { ++ if (brk == min_brk) ++ newbrk -= PAGE_SIZE; ++ if (mm->brk == min_brk) ++ oldbrk -= PAGE_SIZE; ++ } + if (oldbrk == newbrk) + goto set_brk; + +diff --git a/mm/page_alloc.c b/mm/page_alloc.c +index 1d7693c35424..8963a3b4d37c 100644 +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c +@@ -67,6 +67,7 @@ + #include <linux/ftrace.h> + #include <linux/lockdep.h> + #include <linux/nmi.h> ++#include <linux/random.h> + + #include <asm/sections.h> + #include <asm/tlbflush.h> +@@ -98,6 +99,15 @@ int _node_numa_mem_[MAX_NUMNODES]; + DEFINE_MUTEX(pcpu_drain_mutex); + DEFINE_PER_CPU(struct work_struct, pcpu_drain); + ++bool __meminitdata extra_latent_entropy; ++ ++static int __init setup_extra_latent_entropy(char *str) ++{ ++ extra_latent_entropy = true; ++ return 0; ++} ++early_param("extra_latent_entropy", setup_extra_latent_entropy); ++ + #ifdef CONFIG_GCC_PLUGIN_LATENT_ENTROPY + volatile unsigned long latent_entropy __latent_entropy; + EXPORT_SYMBOL(latent_entropy); +@@ -1063,6 +1073,13 @@ static __always_inline bool free_pages_prepare(struct page *page, + debug_check_no_obj_freed(page_address(page), + PAGE_SIZE << order); + } ++ ++ if (IS_ENABLED(CONFIG_PAGE_SANITIZE)) { ++ int i; ++ for (i = 0; i < (1 << order); i++) ++ clear_highpage(page + i); ++ } ++ + arch_free_page(page, order); + kernel_poison_pages(page, 1 << order, 0); + kernel_map_pages(page, 1 << order, 0); +@@ -1278,6 +1295,21 @@ static void __init __free_pages_boot_core(struct page *page, unsigned int order) + __ClearPageReserved(p); + set_page_count(p, 0); + ++ if (extra_latent_entropy && !PageHighMem(page) && page_to_pfn(page) < 0x100000) { ++ unsigned long hash = 0; ++ size_t index, end = PAGE_SIZE * nr_pages / sizeof hash; ++ const unsigned long *data = lowmem_page_address(page); ++ ++ for (index = 0; index < end; index++) ++ hash ^= hash + data[index]; ++#ifdef CONFIG_GCC_PLUGIN_LATENT_ENTROPY ++ latent_entropy ^= hash; ++ add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy)); ++#else ++ add_device_randomness((const void *)&hash, sizeof(hash)); ++#endif ++ } ++ + page_zone(page)->managed_pages += nr_pages; + set_page_refcounted(page); + __free_pages(page, order); +@@ -1718,8 +1750,8 @@ static inline int check_new_page(struct page *page) + + static inline bool free_pages_prezeroed(void) + { +- return IS_ENABLED(CONFIG_PAGE_POISONING_ZERO) && +- page_poisoning_enabled(); ++ return IS_ENABLED(CONFIG_PAGE_SANITIZE) || ++ (IS_ENABLED(CONFIG_PAGE_POISONING_ZERO) && page_poisoning_enabled()); + } + + #ifdef CONFIG_DEBUG_VM +@@ -1776,6 +1808,11 @@ static void prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags + + post_alloc_hook(page, order, gfp_flags); + ++ if (IS_ENABLED(CONFIG_PAGE_SANITIZE_VERIFY)) { ++ for (i = 0; i < (1 << order); i++) ++ verify_zero_highpage(page + i); ++ } ++ + if (!free_pages_prezeroed() && (gfp_flags & __GFP_ZERO)) + for (i = 0; i < (1 << order); i++) + clear_highpage(page + i); +diff --git a/mm/slab.h b/mm/slab.h +index 485d9fbb8802..436461588804 100644 +--- a/mm/slab.h ++++ b/mm/slab.h +@@ -311,7 +311,11 @@ static inline bool is_root_cache(struct kmem_cache *s) + static inline bool slab_equal_or_root(struct kmem_cache *s, + struct kmem_cache *p) + { ++#ifdef CONFIG_SLAB_HARDENED ++ return p == s; ++#else + return true; ++#endif + } + + static inline const char *cache_name(struct kmem_cache *s) +@@ -363,18 +367,26 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x) + * to not do even the assignment. In that case, slab_equal_or_root + * will also be a constant. + */ +- if (!memcg_kmem_enabled() && ++ if (!IS_ENABLED(CONFIG_SLAB_HARDENED) && ++ !memcg_kmem_enabled() && + !unlikely(s->flags & SLAB_CONSISTENCY_CHECKS)) + return s; + + page = virt_to_head_page(x); ++#ifdef CONFIG_SLAB_HARDENED ++ BUG_ON(!PageSlab(page)); ++#endif + cachep = page->slab_cache; + if (slab_equal_or_root(cachep, s)) + return cachep; + + pr_err("%s: Wrong slab cache. %s but object is from %s\n", + __func__, s->name, cachep->name); ++#ifdef CONFIG_BUG_ON_DATA_CORRUPTION ++ BUG_ON(1); ++#else + WARN_ON_ONCE(1); ++#endif + return s; + } + +@@ -399,7 +411,7 @@ static inline size_t slab_ksize(const struct kmem_cache *s) + * back there or track user information then we can + * only use the space before that information. + */ +- if (s->flags & (SLAB_TYPESAFE_BY_RCU | SLAB_STORE_USER)) ++ if ((s->flags & (SLAB_TYPESAFE_BY_RCU | SLAB_STORE_USER)) || IS_ENABLED(CONFIG_SLAB_CANARY)) + return s->inuse; + /* + * Else we can use all the padding etc for the allocation +diff --git a/mm/slab_common.c b/mm/slab_common.c +index 65212caa1f2a..d8bf8a75f445 100644 +--- a/mm/slab_common.c ++++ b/mm/slab_common.c +@@ -26,10 +26,10 @@ + + #include "slab.h" + +-enum slab_state slab_state; ++enum slab_state slab_state __ro_after_init; + LIST_HEAD(slab_caches); + DEFINE_MUTEX(slab_mutex); +-struct kmem_cache *kmem_cache; ++struct kmem_cache *kmem_cache __ro_after_init; + + static LIST_HEAD(slab_caches_to_rcu_destroy); + static void slab_caches_to_rcu_destroy_workfn(struct work_struct *work); +@@ -49,7 +49,7 @@ static DECLARE_WORK(slab_caches_to_rcu_destroy_work, + /* + * Merge control. If this is set then no merging of slab caches will occur. + */ +-static bool slab_nomerge = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT); ++static bool slab_nomerge __ro_after_init = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT); + + static int __init setup_slab_nomerge(char *str) + { +@@ -927,7 +927,7 @@ EXPORT_SYMBOL(kmalloc_dma_caches); + * of two cache sizes there. The size of larger slabs can be determined using + * fls. + */ +-static s8 size_index[24] = { ++static s8 size_index[24] __ro_after_init = { + 3, /* 8 */ + 4, /* 16 */ + 5, /* 24 */ +diff --git a/mm/slub.c b/mm/slub.c +index 41c01690d116..591dd60d37f3 100644 +--- a/mm/slub.c ++++ b/mm/slub.c +@@ -125,6 +125,16 @@ static inline int kmem_cache_debug(struct kmem_cache *s) + #endif + } + ++static inline bool has_sanitize(struct kmem_cache *s) ++{ ++ return IS_ENABLED(CONFIG_SLAB_SANITIZE) && !(s->flags & (SLAB_TYPESAFE_BY_RCU | SLAB_POISON)); ++} ++ ++static inline bool has_sanitize_verify(struct kmem_cache *s) ++{ ++ return IS_ENABLED(CONFIG_SLAB_SANITIZE_VERIFY) && has_sanitize(s); ++} ++ + void *fixup_red_left(struct kmem_cache *s, void *p) + { + if (kmem_cache_debug(s) && s->flags & SLAB_RED_ZONE) +@@ -297,6 +307,35 @@ static inline void set_freepointer(struct kmem_cache *s, void *object, void *fp) + *(void **)freeptr_addr = freelist_ptr(s, fp, freeptr_addr); + } + ++#ifdef CONFIG_SLAB_CANARY ++static inline unsigned long *get_canary(struct kmem_cache *s, void *object) ++{ ++ if (s->offset) ++ return object + s->offset + sizeof(void *); ++ return object + s->inuse; ++} ++ ++static inline unsigned long get_canary_value(const void *canary, unsigned long value) ++{ ++ return (value ^ (unsigned long)canary) & CANARY_MASK; ++} ++ ++static inline void set_canary(struct kmem_cache *s, void *object, unsigned long value) ++{ ++ unsigned long *canary = get_canary(s, object); ++ *canary = get_canary_value(canary, value); ++} ++ ++static inline void check_canary(struct kmem_cache *s, void *object, unsigned long value) ++{ ++ unsigned long *canary = get_canary(s, object); ++ BUG_ON(*canary != get_canary_value(canary, value)); ++} ++#else ++#define set_canary(s, object, value) ++#define check_canary(s, object, value) ++#endif ++ + /* Loop over all objects in a slab */ + #define for_each_object(__p, __s, __addr, __objects) \ + for (__p = fixup_red_left(__s, __addr); \ +@@ -484,13 +523,13 @@ static inline void *restore_red_left(struct kmem_cache *s, void *p) + * Debug settings: + */ + #if defined(CONFIG_SLUB_DEBUG_ON) +-static int slub_debug = DEBUG_DEFAULT_FLAGS; ++static int slub_debug __ro_after_init = DEBUG_DEFAULT_FLAGS; + #else +-static int slub_debug; ++static int slub_debug __ro_after_init; + #endif + +-static char *slub_debug_slabs; +-static int disable_higher_order_debug; ++static char *slub_debug_slabs __ro_after_init; ++static int disable_higher_order_debug __ro_after_init; + + /* + * slub is about to manipulate internal object metadata. This memory lies +@@ -550,6 +589,9 @@ static struct track *get_track(struct kmem_cache *s, void *object, + else + p = object + s->inuse; + ++ if (IS_ENABLED(CONFIG_SLAB_CANARY)) ++ p = (void *)p + sizeof(void *); ++ + return p + alloc; + } + +@@ -688,6 +730,9 @@ static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p) + else + off = s->inuse; + ++ if (IS_ENABLED(CONFIG_SLAB_CANARY)) ++ off += sizeof(void *); ++ + if (s->flags & SLAB_STORE_USER) + off += 2 * sizeof(struct track); + +@@ -817,6 +862,9 @@ static int check_pad_bytes(struct kmem_cache *s, struct page *page, u8 *p) + /* Freepointer is placed after the object. */ + off += sizeof(void *); + ++ if (IS_ENABLED(CONFIG_SLAB_CANARY)) ++ off += sizeof(void *); ++ + if (s->flags & SLAB_STORE_USER) + /* We also have user information there */ + off += 2 * sizeof(struct track); +@@ -1416,8 +1464,9 @@ static void setup_object(struct kmem_cache *s, struct page *page, + void *object) + { + setup_object_debug(s, page, object); ++ set_canary(s, object, s->random_inactive); + kasan_init_slab_obj(s, object); +- if (unlikely(s->ctor)) { ++ if (unlikely(s->ctor) && !has_sanitize_verify(s)) { + kasan_unpoison_object_data(s, object); + s->ctor(object); + kasan_poison_object_data(s, object); +@@ -2717,9 +2766,21 @@ static __always_inline void *slab_alloc_node(struct kmem_cache *s, + stat(s, ALLOC_FASTPATH); + } + +- if (unlikely(gfpflags & __GFP_ZERO) && object) ++ if (has_sanitize_verify(s) && object) { ++ size_t offset = s->offset ? 0 : sizeof(void *); ++ BUG_ON(memchr_inv(object + offset, 0, s->object_size - offset)); ++ if (s->ctor) ++ s->ctor(object); ++ if (unlikely(gfpflags & __GFP_ZERO) && offset) ++ memset(object, 0, sizeof(void *)); ++ } else if (unlikely(gfpflags & __GFP_ZERO) && object) + memset(object, 0, s->object_size); + ++ if (object) { ++ check_canary(s, object, s->random_inactive); ++ set_canary(s, object, s->random_active); ++ } ++ + slab_post_alloc_hook(s, gfpflags, 1, &object); + + return object; +@@ -2926,6 +2987,27 @@ static __always_inline void do_slab_free(struct kmem_cache *s, + void *tail_obj = tail ? : head; + struct kmem_cache_cpu *c; + unsigned long tid; ++ bool sanitize = has_sanitize(s); ++ ++ if (IS_ENABLED(CONFIG_SLAB_CANARY) || sanitize) { ++ __maybe_unused int offset = s->offset ? 0 : sizeof(void *); ++ void *x = head; ++ ++ while (1) { ++ check_canary(s, x, s->random_active); ++ set_canary(s, x, s->random_inactive); ++ ++ if (sanitize) { ++ memset(x + offset, 0, s->object_size - offset); ++ if (!IS_ENABLED(CONFIG_SLAB_SANITIZE_VERIFY) && s->ctor) ++ s->ctor(x); ++ } ++ if (x == tail_obj) ++ break; ++ x = get_freepointer(s, x); ++ } ++ } ++ + redo: + /* + * Determine the currently cpus per cpu slab. +@@ -3104,7 +3186,7 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, + void **p) + { + struct kmem_cache_cpu *c; +- int i; ++ int i, k; + + /* memcg and kmem_cache debug support */ + s = slab_pre_alloc_hook(s, flags); +@@ -3141,13 +3223,29 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, + local_irq_enable(); + + /* Clear memory outside IRQ disabled fastpath loop */ +- if (unlikely(flags & __GFP_ZERO)) { ++ if (has_sanitize_verify(s)) { ++ int j; ++ ++ for (j = 0; j < i; j++) { ++ size_t offset = s->offset ? 0 : sizeof(void *); ++ BUG_ON(memchr_inv(p[j] + offset, 0, s->object_size - offset)); ++ if (s->ctor) ++ s->ctor(p[j]); ++ if (unlikely(flags & __GFP_ZERO) && offset) ++ memset(p[j], 0, sizeof(void *)); ++ } ++ } else if (unlikely(flags & __GFP_ZERO)) { + int j; + + for (j = 0; j < i; j++) + memset(p[j], 0, s->object_size); + } + ++ for (k = 0; k < i; k++) { ++ check_canary(s, p[k], s->random_inactive); ++ set_canary(s, p[k], s->random_active); ++ } ++ + /* memcg and kmem_cache debug support */ + slab_post_alloc_hook(s, flags, size, p); + return i; +@@ -3179,9 +3277,9 @@ EXPORT_SYMBOL(kmem_cache_alloc_bulk); + * and increases the number of allocations possible without having to + * take the list_lock. + */ +-static int slub_min_order; +-static int slub_max_order = PAGE_ALLOC_COSTLY_ORDER; +-static int slub_min_objects; ++static int slub_min_order __ro_after_init; ++static int slub_max_order __ro_after_init = PAGE_ALLOC_COSTLY_ORDER; ++static int slub_min_objects __ro_after_init; + + /* + * Calculate the order of allocation given an slab object size. +@@ -3351,6 +3449,7 @@ static void early_kmem_cache_node_alloc(int node) + init_object(kmem_cache_node, n, SLUB_RED_ACTIVE); + init_tracking(kmem_cache_node, n); + #endif ++ set_canary(kmem_cache_node, n, kmem_cache_node->random_active); + kasan_kmalloc(kmem_cache_node, n, sizeof(struct kmem_cache_node), + GFP_KERNEL); + init_kmem_cache_node(n); +@@ -3507,6 +3606,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) + size += sizeof(void *); + } + ++ if (IS_ENABLED(CONFIG_SLAB_CANARY)) ++ size += sizeof(void *); ++ + #ifdef CONFIG_SLUB_DEBUG + if (flags & SLAB_STORE_USER) + /* +@@ -3577,6 +3679,10 @@ static int kmem_cache_open(struct kmem_cache *s, unsigned long flags) + #ifdef CONFIG_SLAB_FREELIST_HARDENED + s->random = get_random_long(); + #endif ++#ifdef CONFIG_SLAB_CANARY ++ s->random_active = get_random_long(); ++ s->random_inactive = get_random_long(); ++#endif + + if (need_reserve_slab_rcu && (s->flags & SLAB_TYPESAFE_BY_RCU)) + s->reserved = sizeof(struct rcu_head); +@@ -3841,6 +3947,8 @@ const char *__check_heap_object(const void *ptr, unsigned long n, + offset -= s->red_left_pad; + } + ++ check_canary(s, (void *)ptr - offset, s->random_active); ++ + /* Allow address range falling entirely within object size. */ + if (offset <= object_size && n <= object_size - offset) + return NULL; +@@ -3859,7 +3967,11 @@ static size_t __ksize(const void *object) + page = virt_to_head_page(object); + + if (unlikely(!PageSlab(page))) { ++#ifdef CONFIG_BUG_ON_DATA_CORRUPTION ++ BUG_ON(!PageCompound(page)); ++#else + WARN_ON(!PageCompound(page)); ++#endif + return PAGE_SIZE << compound_order(page); + } + +@@ -4724,7 +4836,7 @@ enum slab_stat_type { + #define SO_TOTAL (1 << SL_TOTAL) + + #ifdef CONFIG_MEMCG +-static bool memcg_sysfs_enabled = IS_ENABLED(CONFIG_SLUB_MEMCG_SYSFS_ON); ++static bool memcg_sysfs_enabled __ro_after_init = IS_ENABLED(CONFIG_SLUB_MEMCG_SYSFS_ON); + + static int __init setup_slub_memcg_sysfs(char *str) + { +diff --git a/mm/swap.c b/mm/swap.c +index a77d68f2c1b6..d1f1d75f4d1f 100644 +--- a/mm/swap.c ++++ b/mm/swap.c +@@ -92,6 +92,13 @@ static void __put_compound_page(struct page *page) + if (!PageHuge(page)) + __page_cache_release(page); + dtor = get_compound_page_dtor(page); ++ if (!PageHuge(page)) ++ BUG_ON(dtor != free_compound_page ++#ifdef CONFIG_TRANSPARENT_HUGEPAGE ++ && dtor != free_transhuge_page ++#endif ++ ); ++ + (*dtor)(page); + } + +diff --git a/net/core/dev.c b/net/core/dev.c +index 6ca771f2f25b..6da2c9c3e6a5 100644 +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -4095,7 +4095,7 @@ int netif_rx_ni(struct sk_buff *skb) + } + EXPORT_SYMBOL(netif_rx_ni); + +-static __latent_entropy void net_tx_action(struct softirq_action *h) ++static __latent_entropy void net_tx_action(void) + { + struct softnet_data *sd = this_cpu_ptr(&softnet_data); + +@@ -5609,7 +5609,7 @@ static int napi_poll(struct napi_struct *n, struct list_head *repoll) + return work; + } + +-static __latent_entropy void net_rx_action(struct softirq_action *h) ++static __latent_entropy void net_rx_action(void) + { + struct softnet_data *sd = this_cpu_ptr(&softnet_data); + unsigned long time_limit = jiffies + +diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig +index f48fe6fc7e8c..d78c52835c08 100644 +--- a/net/ipv4/Kconfig ++++ b/net/ipv4/Kconfig +@@ -261,6 +261,7 @@ config IP_PIMSM_V2 + + config SYN_COOKIES + bool "IP: TCP syncookie support" ++ default y + ---help--- + Normal TCP/IP networking is open to an attack known as "SYN + flooding". This denial-of-service attack prevents legitimate remote +diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c +index 54deaa1066cf..211f97bd5ee3 100644 +--- a/scripts/mod/modpost.c ++++ b/scripts/mod/modpost.c +@@ -37,6 +37,7 @@ static int vmlinux_section_warnings = 1; + static int warn_unresolved = 0; + /* How a symbol is exported */ + static int sec_mismatch_count = 0; ++static int writable_fptr_count = 0; + static int sec_mismatch_verbose = 1; + static int sec_mismatch_fatal = 0; + /* ignore missing files */ +@@ -965,6 +966,7 @@ enum mismatch { + ANY_EXIT_TO_ANY_INIT, + EXPORT_TO_INIT_EXIT, + EXTABLE_TO_NON_TEXT, ++ DATA_TO_TEXT + }; + + /** +@@ -1091,6 +1093,12 @@ static const struct sectioncheck sectioncheck[] = { + .good_tosec = {ALL_TEXT_SECTIONS , NULL}, + .mismatch = EXTABLE_TO_NON_TEXT, + .handler = extable_mismatch_handler, ++}, ++/* Do not reference code from writable data */ ++{ ++ .fromsec = { DATA_SECTIONS, NULL }, ++ .bad_tosec = { ALL_TEXT_SECTIONS, NULL }, ++ .mismatch = DATA_TO_TEXT + } + }; + +@@ -1240,10 +1248,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr, + continue; + if (ELF_ST_TYPE(sym->st_info) == STT_SECTION) + continue; +- if (sym->st_value == addr) +- return sym; + /* Find a symbol nearby - addr are maybe negative */ + d = sym->st_value - addr; ++ if (d == 0) ++ return sym; + if (d < 0) + d = addr - sym->st_value; + if (d < distance) { +@@ -1402,7 +1410,11 @@ static void report_sec_mismatch(const char *modname, + char *prl_from; + char *prl_to; + +- sec_mismatch_count++; ++ if (mismatch->mismatch == DATA_TO_TEXT) ++ writable_fptr_count++; ++ else ++ sec_mismatch_count++; ++ + if (!sec_mismatch_verbose) + return; + +@@ -1526,6 +1538,14 @@ static void report_sec_mismatch(const char *modname, + fatal("There's a special handler for this mismatch type, " + "we should never get here."); + break; ++ case DATA_TO_TEXT: ++#if 0 ++ fprintf(stderr, ++ "The %s %s:%s references\n" ++ "the %s %s:%s%s\n", ++ from, fromsec, fromsym, to, tosec, tosym, to_p); ++#endif ++ break; + } + fprintf(stderr, "\n"); + } +@@ -2539,6 +2559,14 @@ int main(int argc, char **argv) + } + } + free(buf.p); ++ if (writable_fptr_count) { ++ if (!sec_mismatch_verbose) { ++ warn("modpost: Found %d writable function pointer(s).\n" ++ "To see full details build your kernel with:\n" ++ "'make CONFIG_DEBUG_SECTION_MISMATCH=y'\n", ++ writable_fptr_count); ++ } ++ } + + return err; + } +diff --git a/security/Kconfig b/security/Kconfig +index 87f2a6f842fd..7bdbb7edf5bf 100644 +--- a/security/Kconfig ++++ b/security/Kconfig +@@ -8,7 +8,7 @@ source security/keys/Kconfig + + config SECURITY_DMESG_RESTRICT + bool "Restrict unprivileged access to the kernel syslog" +- default n ++ default y + help + This enforces restrictions on unprivileged users reading the kernel + syslog via dmesg(8). +@@ -18,10 +18,34 @@ config SECURITY_DMESG_RESTRICT + + If you are unsure how to answer this question, answer N. + ++config SECURITY_PERF_EVENTS_RESTRICT ++ bool "Restrict unprivileged use of performance events" ++ depends on PERF_EVENTS ++ default y ++ help ++ If you say Y here, the kernel.perf_event_paranoid sysctl ++ will be set to 3 by default, and no unprivileged use of the ++ perf_event_open syscall will be permitted unless it is ++ changed. ++ ++config SECURITY_TIOCSTI_RESTRICT ++ bool "Restrict unprivileged use of tiocsti command injection" ++ default y ++ help ++ This enforces restrictions on unprivileged users injecting commands ++ into other processes which share a tty session using the TIOCSTI ++ ioctl. This option makes TIOCSTI use require CAP_SYS_ADMIN. ++ ++ If this option is not selected, no restrictions will be enforced ++ unless the tiocsti_restrict sysctl is explicitly set to (1). ++ ++ If you are unsure how to answer this question, answer N. ++ + config SECURITY + bool "Enable different security models" + depends on SYSFS + depends on MULTIUSER ++ default y + help + This allows you to choose different security modules to be + configured into your kernel. +@@ -48,6 +72,7 @@ config SECURITYFS + config SECURITY_NETWORK + bool "Socket and Networking Security Hooks" + depends on SECURITY ++ default y + help + This enables the socket and networking security hooks. + If enabled, a security module can use these hooks to +@@ -155,6 +180,7 @@ config HARDENED_USERCOPY + depends on HAVE_HARDENED_USERCOPY_ALLOCATOR + select BUG + imply STRICT_DEVMEM ++ default y + help + This option checks for obviously wrong memory regions when + copying memory to/from the kernel (via copy_to_user() and +@@ -178,10 +204,36 @@ config HARDENED_USERCOPY_PAGESPAN + config FORTIFY_SOURCE + bool "Harden common str/mem functions against buffer overflows" + depends on ARCH_HAS_FORTIFY_SOURCE ++ default y + help + Detect overflows of buffers in common string and memory functions + where the compiler can determine and validate the buffer sizes. + ++config FORTIFY_SOURCE_STRICT_STRING ++ bool "Harden common functions against buffer overflows" ++ depends on FORTIFY_SOURCE ++ depends on EXPERT ++ help ++ Perform stricter overflow checks catching overflows within objects ++ for common C string functions rather than only between objects. ++ ++ This is not yet intended for production use, only bug finding. ++ ++config PAGE_SANITIZE ++ bool "Sanitize pages" ++ default y ++ help ++ Zero fill page allocations on free, reducing the lifetime of ++ sensitive data and helping to mitigate use-after-free bugs. ++ ++config PAGE_SANITIZE_VERIFY ++ bool "Verify sanitized pages" ++ depends on PAGE_SANITIZE ++ default y ++ help ++ Verify that newly allocated pages are zeroed to detect ++ write-after-free bugs. ++ + config STATIC_USERMODEHELPER + bool "Force all usermode helper calls through a single binary" + help +diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig +index 8af7a690eb40..6539694b0fd3 100644 +--- a/security/selinux/Kconfig ++++ b/security/selinux/Kconfig +@@ -2,7 +2,7 @@ config SECURITY_SELINUX + bool "NSA SELinux Support" + depends on SECURITY_NETWORK && AUDIT && NET && INET + select NETWORK_SECMARK +- default n ++ default y + help + This selects NSA Security-Enhanced Linux (SELinux). + You will also need a policy configuration and a labeled filesystem. +@@ -79,23 +79,3 @@ config SECURITY_SELINUX_AVC_STATS + This option collects access vector cache statistics to + /selinux/avc/cache_stats, which may be monitored via + tools such as avcstat. +- +-config SECURITY_SELINUX_CHECKREQPROT_VALUE +- int "NSA SELinux checkreqprot default value" +- depends on SECURITY_SELINUX +- range 0 1 +- default 0 +- help +- This option sets the default value for the 'checkreqprot' flag +- that determines whether SELinux checks the protection requested +- by the application or the protection that will be applied by the +- kernel (including any implied execute for read-implies-exec) for +- mmap and mprotect calls. If this option is set to 0 (zero), +- SELinux will default to checking the protection that will be applied +- by the kernel. If this option is set to 1 (one), SELinux will +- default to checking the protection requested by the application. +- The checkreqprot flag may be changed from the default via the +- 'checkreqprot=' boot parameter. It may also be changed at runtime +- via /selinux/checkreqprot if authorized by policy. +- +- If you are unsure how to answer this question, answer 0. +diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h +index 1649cd18eb0b..067f35559aa7 100644 +--- a/security/selinux/include/objsec.h ++++ b/security/selinux/include/objsec.h +@@ -150,6 +150,6 @@ struct pkey_security_struct { + u32 sid; /* SID of pkey */ + }; + +-extern unsigned int selinux_checkreqprot; ++extern const unsigned int selinux_checkreqprot; + + #endif /* _SELINUX_OBJSEC_H_ */ +diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c +index 00eed842c491..8f7b8d7e6f91 100644 +--- a/security/selinux/selinuxfs.c ++++ b/security/selinux/selinuxfs.c +@@ -41,16 +41,7 @@ + #include "objsec.h" + #include "conditional.h" + +-unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE; +- +-static int __init checkreqprot_setup(char *str) +-{ +- unsigned long checkreqprot; +- if (!kstrtoul(str, 0, &checkreqprot)) +- selinux_checkreqprot = checkreqprot ? 1 : 0; +- return 1; +-} +-__setup("checkreqprot=", checkreqprot_setup); ++const unsigned int selinux_checkreqprot; + + static DEFINE_MUTEX(sel_mutex); + +@@ -610,10 +601,9 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, + return PTR_ERR(page); + + length = -EINVAL; +- if (sscanf(page, "%u", &new_value) != 1) ++ if (sscanf(page, "%u", &new_value) != 1 || new_value) + goto out; + +- selinux_checkreqprot = new_value ? 1 : 0; + length = count; + out: + kfree(page); +diff --git a/security/yama/Kconfig b/security/yama/Kconfig +index 96b27405558a..485c1b85c325 100644 +--- a/security/yama/Kconfig ++++ b/security/yama/Kconfig +@@ -1,7 +1,7 @@ + config SECURITY_YAMA + bool "Yama support" + depends on SECURITY +- default n ++ default y + help + This selects Yama, which extends DAC support with additional + system-wide security settings beyond regular Linux discretionary diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index 786709d5328..79bc8e51093 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -1,15 +1,18 @@ -{ stdenv, buildPackages, hostPlatform, fetchurl, perl, buildLinux, ... } @ args: +{ stdenv, buildPackages, hostPlatform, fetchurl, perl, buildLinux, modDirVersionArg ? null, ... } @ args: with stdenv.lib; buildLinux (args // rec { - version = "4.14.48"; + version = "4.14.49"; + + # modDirVersion needs to be x.y.z, will automatically add .0 if needed + modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg; # branchVersion needs to be x.y extraMeta.branch = concatStrings (intersperse "." (take 2 (splitString "." version))); src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1f92pz92mf0x9jfv3qf4w40i78l053f2qh2n8p2sbrqzc67n1840"; + sha256 = "1xrvklrh0zf3ma61qkbng2495j4bcvif45l8bm5074pk3rrlk7y6"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.16.nix b/pkgs/os-specific/linux/kernel/linux-4.16.nix index 0a06c4dd434..2643faac48a 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.16.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.16.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.16.14"; + version = "4.16.15"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1h6zjnwpdyqk9fp72c35565lhw00kpjl55faakwx7xsxfpyvc25p"; + sha256 = "0v13g5ancr85hr24y7xagjn9w168h2d87m4m4hr4a2i45mrsdwjq"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.17.nix b/pkgs/os-specific/linux/kernel/linux-4.17.nix index b360e98f0c0..ca8abcc0ef1 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.17.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.17.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.17"; + version = "4.17.1"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "04yd7hnsdyaq4xmrgg7509qjf09k1dy6k1p8qqfrdspajvc1valz"; + sha256 = "0w3hma7k4nwjp1zsfgn2i18dsmmdn1lxccqx3vapwsz6pjy3ygy9"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index c22762bde7c..69495e5fc43 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -28,6 +28,11 @@ rec { patch = ./tag-hardened.patch; }; + copperhead_4_14 = rec { + name = "copperhead-4.14"; + patch = ./copperhead-4-14.patch; + }; + copperhead_4_16 = rec { name = "copperhead-4.16"; patch = ./copperhead-4-16.patch; diff --git a/pkgs/os-specific/linux/nvidia-x11/default.nix b/pkgs/os-specific/linux/nvidia-x11/default.nix index 11a97d420a8..8eeaf502020 100644 --- a/pkgs/os-specific/linux/nvidia-x11/default.nix +++ b/pkgs/os-specific/linux/nvidia-x11/default.nix @@ -17,13 +17,11 @@ in rec { # Policy: use the highest stable version as the default (on our master). stable = generic { - version = "390.48"; - sha256_32bit = "1y6n2hfz9vd0h7gd31fgxcl76s5pjf8afwqyq5slqpcxpd78j5ai"; - sha256_64bit = "16a3blvizcksmaxr644s857yanw3i3vcvqvn7qnwbsbqpmxga09c"; - settingsSha256 = "058xaiw5g0kxrvc3lvy4424fqbjkvmsznj2v73cgbm25i1m83krl"; - persistencedSha256 = "0y86bhzl42lqyrbibqzf8a8yd49zbq3ryb78vgsl13i44f9sl79k"; - - patches = [ ./fix_missing_symbol.patch ]; + version = "390.67"; + sha256_32bit = "01c8fa80njyyr39c1pyf7ssmfq65ci8mapbs94fd6gnhwc7gfjkg"; + sha256_64bit = "0np6xj93fali2hss8xsdlmy5ykjgn4hx6mzjr8dpbdi0fhdcmwkd"; + settingsSha256 = "1wk4587czysnbj5yxijmv3bldcffzwp4yvfx133apsr31dqca0s7"; + persistencedSha256 = "1zia1r97lyj6fbmvsw4hv5qfcj84x3sz971m4430d8qyks2c4sdw"; }; beta = stable; # not enough interest to maintain beta ATM diff --git a/pkgs/os-specific/linux/nvidia-x11/fix_missing_symbol.patch b/pkgs/os-specific/linux/nvidia-x11/fix_missing_symbol.patch deleted file mode 100644 index ea783b4f011..00000000000 --- a/pkgs/os-specific/linux/nvidia-x11/fix_missing_symbol.patch +++ /dev/null @@ -1,19 +0,0 @@ -https://devtalk.nvidia.com/default/topic/1030082/linux/kernel-4-16-rc1-breaks-latest-drivers-unknown-symbol-swiotlb_map_sg_attrs-/ ---- a/kernel/common/inc/nv-linux.h~ 2018-01-25 06:09:41.000000000 +0100 -+++ b/kernel/common/inc/nv-linux.h 2018-03-05 13:58:17.746725638 +0100 -@@ -1209,6 +1209,7 @@ static inline NvU32 nv_alloc_init_flags( - static inline NvBool nv_dma_maps_swiotlb(struct pci_dev *dev) - { - NvBool swiotlb_in_use = NV_FALSE; -+#if 0 - #if defined(CONFIG_SWIOTLB) - #if defined(NV_DMA_OPS_PRESENT) || defined(NV_GET_DMA_OPS_PRESENT) - /* -@@ -1251,7 +1252,7 @@ static inline NvBool nv_dma_maps_swiotlb - swiotlb_in_use = (swiotlb == 1); - #endif - #endif -- -+#endif - return swiotlb_in_use; - } diff --git a/pkgs/os-specific/linux/tiscamera/allow-pipeline-stop-in-trigger-mode.patch b/pkgs/os-specific/linux/tiscamera/allow-pipeline-stop-in-trigger-mode.patch new file mode 100644 index 00000000000..48a520f6ec3 --- /dev/null +++ b/pkgs/os-specific/linux/tiscamera/allow-pipeline-stop-in-trigger-mode.patch @@ -0,0 +1,48 @@ +diff --git a/src/gstreamer-1.0/gsttcamsrc.cpp b/src/gstreamer-1.0/gsttcamsrc.cpp +index d482e1e..e36afd8 100644 +--- a/src/gstreamer-1.0/gsttcamsrc.cpp ++++ b/src/gstreamer-1.0/gsttcamsrc.cpp +@@ -1112,6 +1112,7 @@ bool gst_tcam_src_init_camera (GstTcamSrc* self) + + static void gst_tcam_src_close_camera (GstTcamSrc* self) + { ++ GST_INFO("Closing device"); + if (self->device != NULL) + { + self->device->dev->stop_stream(); +@@ -1156,7 +1157,7 @@ static gboolean gst_tcam_src_stop (GstBaseSrc* src) + + self->device->dev->stop_stream(); + gst_element_send_event(GST_ELEMENT(self), gst_event_new_eos()); +- GST_DEBUG_OBJECT (self, "Stopped acquisition"); ++ GST_DEBUG("Stopped acquisition"); + + return TRUE; + } +@@ -1556,6 +1557,18 @@ static void gst_tcam_src_get_property (GObject* object, + } + + ++static gboolean gst_tcam_src_unlock (GstBaseSrc* src) ++{ ++ GstTcamSrc* self = GST_TCAM_SRC(src); ++ ++ self->is_running = FALSE; ++ ++ self->cv.notify_all(); ++ ++ return TRUE; ++} ++ ++ + static void gst_tcam_src_class_init (GstTcamSrcClass* klass) + { + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); +@@ -1616,6 +1629,7 @@ static void gst_tcam_src_class_init (GstTcamSrcClass* klass) + gstbasesrc_class->fixate = gst_tcam_src_fixate_caps; + gstbasesrc_class->start = gst_tcam_src_start; + gstbasesrc_class->stop = gst_tcam_src_stop; ++ gstbasesrc_class->unlock = gst_tcam_src_unlock; + gstbasesrc_class->negotiate = gst_tcam_src_negotiate; + gstbasesrc_class->get_times = gst_tcam_src_get_times; + diff --git a/pkgs/os-specific/linux/tiscamera/default.nix b/pkgs/os-specific/linux/tiscamera/default.nix new file mode 100644 index 00000000000..d4d6ae18ce6 --- /dev/null +++ b/pkgs/os-specific/linux/tiscamera/default.nix @@ -0,0 +1,98 @@ +{ lib +, stdenv +, fetchFromGitHub +, cmake +, pkgconfig +, pcre +, tinyxml +, libusb1 +, libzip +, glib +, gobjectIntrospection +, gst_all_1 +, libwebcam +}: + +stdenv.mkDerivation rec { + pname = "tiscamera"; + version = "0.9.1"; + name = "${pname}-${version}"; + + src = fetchFromGitHub { + owner = "TheImagingSource"; + repo = pname; + rev = "v-${name}"; + sha256 = "143yp6bpzj3rqfnrcnlrcwggay37fg6rkphh4w9y9v7v4wllzf87"; + }; + + nativeBuildInputs = [ + cmake + pkgconfig + ]; + + buildInputs = [ + pcre + tinyxml + libusb1 + libzip + glib + gobjectIntrospection + gst_all_1.gstreamer + gst_all_1.gst-plugins-base + libwebcam + ]; + + + cmakeFlags = [ + "-DBUILD_ARAVIS=OFF" # For GigE support. Won't need it as our camera is usb. + "-DBUILD_GST_1_0=ON" + "-DBUILD_TOOLS=ON" + "-DBUILD_V4L2=ON" + "-DBUILD_LIBUSB=ON" + ]; + + + patches = [ + ./allow-pipeline-stop-in-trigger-mode.patch # To be removed next release. + ]; + + postPatch = '' + substituteInPlace ./data/udev/80-theimagingsource-cameras.rules \ + --replace "/usr/bin/uvcdynctrl" "${libwebcam}/bin/uvcdynctrl" \ + --replace "/path/to/tiscamera/uvc-extensions" "$out/share/uvcdynctrl/data/199e" + + substituteInPlace ./src/BackendLoader.cpp \ + --replace '"libtcam-v4l2.so"' "\"$out/lib/tcam-0/libtcam-v4l2.so\"" \ + --replace '"libtcam-aravis.so"' "\"$out/lib/tcam-0/libtcam-aravis.so\"" \ + --replace '"libtcam-libusb.so"' "\"$out/lib/tcam-0/libtcam-libusb.so\"" + ''; + + preConfigure = '' + cmakeFlagsArray=( + $cmakeFlagsArray + "-DCMAKE_INSTALL_PREFIX=$out" + "-DTCAM_INSTALL_UDEV=$out/lib/udev/rules.d" + "-DTCAM_INSTALL_UVCDYNCTRL=$out/share/uvcdynctrl/data/199e" + "-DTCAM_INSTALL_GST_1_0=$out/lib/gstreamer-1.0" + "-DTCAM_INSTALL_GIR=$out/share/gir-1.0" + "-DTCAM_INSTALL_TYPELIB=$out/lib/girepository-1.0" + "-DTCAM_INSTALL_SYSTEMD=$out/etc/systemd/system" + ) + ''; + + + # There are gobject introspection commands launched as part of the build. Those have a runtime + # dependency on `libtcam` (which itself is built as part of this build). In order to allow + # that, we set the dynamic linker's path to point on the build time location of the library. + preBuild = '' + export LD_LIBRARY_PATH=$PWD/src:$LD_LIBRARY_PATH + ''; + + meta = with lib; { + description = "The Linux sources and UVC firmwares for The Imaging Source cameras"; + homepage = https://github.com/TheImagingSource/tiscamera; + license = with licenses; [ asl20 ]; + platforms = platforms.linux; + maintainers = with maintainers; [ jraygauthier ]; + }; +} \ No newline at end of file diff --git a/pkgs/os-specific/linux/udisks/2-default.nix b/pkgs/os-specific/linux/udisks/2-default.nix index a057cb3c101..6bb12c2c792 100644 --- a/pkgs/os-specific/linux/udisks/2-default.nix +++ b/pkgs/os-specific/linux/udisks/2-default.nix @@ -1,43 +1,55 @@ -{ stdenv, fetchurl, pkgconfig, intltool, gnused -, expat, acl, systemd, glib, libatasmart, polkit -, libxslt, docbook_xsl, utillinux, mdadm, libgudev -, gobjectIntrospection +{ stdenv, fetchFromGitHub, substituteAll, libtool, pkgconfig, intltool, gnused +, gnome3, gtk-doc, acl, systemd, glib, libatasmart, polkit, coreutils, bash +, expat, libxslt, docbook_xsl, utillinux, mdadm, libgudev, libblockdev, parted +, gobjectIntrospection, docbook_xml_dtd_412, docbook_xml_dtd_43 +, libxfs, f2fs-tools, dosfstools, e2fsprogs, btrfs-progs, exfat, nilfs-utils, udftools, ntfs3g }: -stdenv.mkDerivation rec { - name = "udisks-2.1.8"; +let + version = "2.7.6"; +in stdenv.mkDerivation rec { + name = "udisks-${version}"; - src = fetchurl { - url = "http://udisks.freedesktop.org/releases/${name}.tar.bz2"; - sha256 = "1nkxhnqh39c9pzvm4zfj50rgv6apqawdx09bv3sfaxrah4a6jhfs"; + src = fetchFromGitHub { + owner = "storaged-project"; + repo = "udisks"; + rev = name; + sha256 = "16kf104vv2xbk8cdgaqygszcl69d7lz9gf3vmi7ggywn7nfbp2ks"; }; - outputs = [ "out" "man" "dev" ]; + outputs = [ "out" "man" "dev" "devdoc" ]; - patches = [ ./force-path.patch ]; + patches = [ + (substituteAll { + src = ./fix-paths.patch; + bash = "${bash}/bin/bash"; + blkid = "${utillinux}/bin/blkid"; + false = "${coreutils}/bin/false"; + mdadm = "${mdadm}/bin/mdadm"; + sed = "${gnused}/bin/sed"; + sh = "${bash}/bin/sh"; + sleep = "${coreutils}/bin/sleep"; + true = "${coreutils}/bin/true"; + }) + (substituteAll { + src = ./force-path.patch; + path = stdenv.lib.makeBinPath [ btrfs-progs coreutils dosfstools e2fsprogs exfat f2fs-tools nilfs-utils libxfs ntfs3g parted utillinux ]; + }) + ]; - # FIXME remove /var/run/current-system/sw/* references - # FIXME add references to parted, cryptsetup, etc (see the sources) - postPatch = - '' - substituteInPlace src/main.c --replace \ - "@path@" \ - "${utillinux}/bin:${mdadm}/bin:/run/current-system/sw/bin" - substituteInPlace data/80-udisks2.rules \ - --replace "/bin/sh" "${stdenv.shell}" \ - --replace "/sbin/mdadm" "${mdadm}/bin/mdadm" \ - --replace " sed " " ${gnused}/bin/sed " - '' + stdenv.lib.optionalString stdenv.hostPlatform.isMusl '' - substituteInPlace udisks/udisksclient.c \ - --replace 'defined( __GNUC_PREREQ)' 1 \ - --replace '__GNUC_PREREQ(4,6)' 1 - ''; + nativeBuildInputs = [ + pkgconfig gnome3.gnome-common libtool intltool gobjectIntrospection + gtk-doc libxslt docbook_xml_dtd_412 docbook_xml_dtd_43 docbook_xsl + ]; - nativeBuildInputs = [ pkgconfig intltool gobjectIntrospection ]; + buildInputs = [ + expat libgudev libblockdev acl systemd glib libatasmart polkit + ]; - buildInputs = [ libxslt docbook_xsl libgudev expat acl systemd glib libatasmart polkit ]; + preConfigure = "./autogen.sh"; configureFlags = [ + "--enable-gtk-doc" "--localstatedir=/var" "--with-systemdsystemunitdir=$(out)/etc/systemd/system" "--with-udevdir=$(out)/lib/udev" @@ -50,9 +62,11 @@ stdenv.mkDerivation rec { doCheck = false; # fails - meta = { - homepage = http://www.freedesktop.org/wiki/Software/udisks; - description = "A daemon and command-line utility for querying and manipulating storage devices"; - platforms = stdenv.lib.platforms.linux; + meta = with stdenv.lib; { + description = "A daemon, tools and libraries to access and manipulate disks, storage devices and technologies"; + homepage = https://www.freedesktop.org/wiki/Software/udisks/; + license = licenses.gpl2Plus; # lgpl2Plus for the library, gpl2Plus for the tools & daemon + maintainers = with maintainers; []; + platforms = platforms.linux; }; } diff --git a/pkgs/os-specific/linux/udisks/fix-paths.patch b/pkgs/os-specific/linux/udisks/fix-paths.patch new file mode 100644 index 00000000000..c2744c3b42e --- /dev/null +++ b/pkgs/os-specific/linux/udisks/fix-paths.patch @@ -0,0 +1,131 @@ +--- a/Makefile.am ++++ b/Makefile.am +@@ -1,6 +1,6 @@ + ## Process this file with automake to produce Makefile.in + +-SHELL = /bin/bash ++SHELL = @bash@ + .SHELLFLAGS = -o pipefail -c + + PYTHON ?= python3 +--- a/data/80-udisks2.rules ++++ b/data/80-udisks2.rules +@@ -17,9 +17,9 @@ + # + # TODO: file bug against mdadm(8) to have --export-prefix option that can be used with e.g. UDISKS_MD_MEMBER + # +-SUBSYSTEM=="block", ENV{ID_FS_USAGE}=="raid", ENV{ID_FS_TYPE}=="linux_raid_member", ENV{UDISKS_MD_MEMBER_LEVEL}=="", IMPORT{program}="/bin/sh -c '/sbin/mdadm --examine --export $tempnode | /bin/sed s/^MD_/UDISKS_MD_MEMBER_/g'" ++SUBSYSTEM=="block", ENV{ID_FS_USAGE}=="raid", ENV{ID_FS_TYPE}=="linux_raid_member", ENV{UDISKS_MD_MEMBER_LEVEL}=="", IMPORT{program}="@sh@ -c '@mdadm@ --examine --export $tempnode | @sed@ s/^MD_/UDISKS_MD_MEMBER_/g'" + +-SUBSYSTEM=="block", KERNEL=="md*", ENV{DEVTYPE}!="partition", IMPORT{program}="/bin/sh -c '/sbin/mdadm --detail --export $tempnode | /bin/sed s/^MD_/UDISKS_MD_/g'" ++SUBSYSTEM=="block", KERNEL=="md*", ENV{DEVTYPE}!="partition", IMPORT{program}="@sh@ -c '@mdadm@ --detail --export $tempnode | @sed@ s/^MD_/UDISKS_MD_/g'" + + LABEL="udisks_probe_end" + +--- a/modules/zram/udiskslinuxmanagerzram.c ++++ b/modules/zram/udiskslinuxmanagerzram.c +@@ -250,7 +250,7 @@ + + g_snprintf (tmp, 255, "zram%" G_GUINT64_FORMAT, i); + filename = g_build_filename (PACKAGE_ZRAMCONF_DIR, tmp, NULL); +- contents = g_strdup_printf ("#!/bin/bash\n\n" ++ contents = g_strdup_printf ("#!@bash@\n\n" + "ZRAM_NUM_STR=%" G_GUINT64_FORMAT "\n" + "ZRAM_DEV_SIZE=%" G_GUINT64_FORMAT "\n" + "SWAP=n\n", +--- a/src/tests/install-udisks/runtest.sh ++++ b/src/tests/install-udisks/runtest.sh +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!@bash@ + # vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # +--- a/src/tests/integration-test ++++ b/src/tests/integration-test +@@ -414,7 +414,7 @@ + f.write('KERNEL=="sr*", ENV{DISK_EJECT_REQUEST}!="?*", ' + 'ATTRS{model}=="scsi_debug*", ' + 'ENV{ID_CDROM_MEDIA}=="?*", ' +- 'IMPORT{program}="/sbin/blkid -o udev -p -u noraid $tempnode"\n') ++ 'IMPORT{program}="@blkid@ -o udev -p -u noraid $tempnode"\n') + # reload udev + subprocess.call('sync; pkill --signal HUP udevd || ' + 'pkill --signal HUP systemd-udevd', +@@ -1079,7 +1079,7 @@ + self.assertFalse(os.access(f, os.X_OK)) + + f = os.path.join(mount_point, 'simple.exe') +- shutil.copy('/bin/bash', f) ++ shutil.copy('@bash@', f) + self.assertTrue(os.access(f, os.R_OK)) + self.assertTrue(os.access(f, os.W_OK)) + self.assertTrue(os.access(f, os.X_OK)) +@@ -1092,7 +1092,7 @@ + self.assertFalse(os.access(f, os.X_OK)) + + f = os.path.join(mount_point, 'subdir', 'subdir.exe') +- shutil.copy('/bin/bash', f) ++ shutil.copy('@bash@', f) + self.assertTrue(os.access(f, os.R_OK)) + self.assertTrue(os.access(f, os.W_OK)) + self.assertTrue(os.access(f, os.X_OK)) +--- a/src/tests/storadectl/runtest.sh ++++ b/src/tests/storadectl/runtest.sh +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!@bash@ + # vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k + # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + # +--- a/src/tests/test.c ++++ b/src/tests/test.c +@@ -71,7 +71,7 @@ + { + UDisksSpawnedJob *job; + +- job = udisks_spawned_job_new ("/bin/true", NULL, getuid (), geteuid (), NULL, NULL); ++ job = udisks_spawned_job_new ("@true@", NULL, getuid (), geteuid (), NULL, NULL); + udisks_spawned_job_start (job); + _g_assert_signal_received (job, "completed", G_CALLBACK (on_completed_expect_success), NULL); + g_object_unref (job); +@@ -84,10 +84,10 @@ + { + UDisksSpawnedJob *job; + +- job = udisks_spawned_job_new ("/bin/false", NULL, getuid (), geteuid (), NULL, NULL); ++ job = udisks_spawned_job_new ("@false@", NULL, getuid (), geteuid (), NULL, NULL); + udisks_spawned_job_start (job); + _g_assert_signal_received (job, "completed", G_CALLBACK (on_completed_expect_failure), +- (gpointer) "Command-line `/bin/false' exited with non-zero exit status 1: "); ++ (gpointer) "Command-line `@false@' exited with non-zero exit status 1: "); + g_object_unref (job); + } + +@@ -119,7 +119,7 @@ + + cancellable = g_cancellable_new (); + g_cancellable_cancel (cancellable); +- job = udisks_spawned_job_new ("/bin/true", NULL, getuid (), geteuid (), NULL, cancellable); ++ job = udisks_spawned_job_new ("@true@", NULL, getuid (), geteuid (), NULL, cancellable); + udisks_spawned_job_start (job); + _g_assert_signal_received (job, "completed", G_CALLBACK (on_completed_expect_failure), + (gpointer) "Operation was cancelled (g-io-error-quark, 19)"); +@@ -145,7 +145,7 @@ + GCancellable *cancellable; + + cancellable = g_cancellable_new (); +- job = udisks_spawned_job_new ("/bin/sleep 0.5", NULL, getuid (), geteuid (), NULL, cancellable); ++ job = udisks_spawned_job_new ("@sleep@ 0.5", NULL, getuid (), geteuid (), NULL, cancellable); + udisks_spawned_job_start (job); + g_timeout_add (10, on_timeout, cancellable); /* 10 msec */ + g_main_loop_run (loop); +@@ -199,7 +199,7 @@ + { + UDisksSpawnedJob *job; + +- job = udisks_spawned_job_new ("/bin/sleep 1000", NULL, getuid (), geteuid (), NULL, NULL /* GCancellable */); ++ job = udisks_spawned_job_new ("@sleep@ 1000", NULL, getuid (), geteuid (), NULL, NULL /* GCancellable */); + udisks_spawned_job_start (job); + g_object_unref (job); + } diff --git a/pkgs/servers/clickhouse/default.nix b/pkgs/servers/clickhouse/default.nix index f4a6b47a45a..58a178a8b2e 100644 --- a/pkgs/servers/clickhouse/default.nix +++ b/pkgs/servers/clickhouse/default.nix @@ -1,34 +1,30 @@ -{ stdenv, fetchFromGitHub, cmake, libtool, boost, double-conversion, gperftools -, icu, mysql, lz4, openssl, poco, re2, rdkafka, readline, sparsehash, unixODBC -, zookeeper_mt, zstd }: +{ stdenv, fetchFromGitHub, cmake, libtool, boost, cctz, double-conversion, gperftools +, icu, lz4, mysql, openssl, poco, re2, rdkafka, readline, sparsehash, unixODBC, zstd +}: stdenv.mkDerivation rec { name = "clickhouse-${version}"; - version = "1.1.54310"; + version = "1.1.54385"; src = fetchFromGitHub { owner = "yandex"; repo = "ClickHouse"; rev = "v${version}-stable"; - sha256 = "167pihqak8ip7bmlyrbzl9x3mpn381j8v7pl7nhrl9bfnzgrq69v"; + sha256 = "0s290xnx9dil2lbxdir5p5zmakvq5h523gdwax2cb37606wg8yj7"; }; - patches = [ ./termcap.patch ]; + patches = [ ./find-mysql.patch ./termcap.patch ]; nativeBuildInputs = [ cmake libtool ]; buildInputs = [ - boost double-conversion gperftools icu mysql.connector-c lz4 openssl poco - re2 rdkafka readline sparsehash unixODBC zookeeper_mt zstd + boost cctz double-conversion gperftools icu lz4 mysql.connector-c openssl poco + re2 rdkafka readline sparsehash unixODBC zstd ]; cmakeFlags = [ "-DENABLE_TESTS=OFF" "-DUNBUNDLED=ON" "-DUSE_STATIC_LIBRARIES=OFF" ]; - NIX_CFLAGS_COMPILE = [ "-Wno-error=unused-function" ]; - - enableParallelBuilding = true; - meta = with stdenv.lib; { homepage = https://clickhouse.yandex/; description = "Column-oriented database management system"; diff --git a/pkgs/servers/clickhouse/find-mysql.patch b/pkgs/servers/clickhouse/find-mysql.patch new file mode 100644 index 00000000000..3a5ec5181d1 --- /dev/null +++ b/pkgs/servers/clickhouse/find-mysql.patch @@ -0,0 +1,11 @@ +--- a/libs/libmysqlxx/cmake/find_mysqlclient.cmake ++++ b/libs/libmysqlxx/cmake/find_mysqlclient.cmake +@@ -24,7 +24,7 @@ if (ENABLE_MYSQL) + if (USE_STATIC_LIBRARIES) + find_library (STATIC_MYSQLCLIENT_LIB mariadbclient mysqlclient PATHS ${MYSQL_LIB_PATHS}) + else () +- find_library (MYSQLCLIENT_LIBRARIES mariadbclient mysqlclient PATHS ${MYSQL_LIB_PATHS}) ++ find_library (MYSQLCLIENT_LIBRARIES mariadbclient mysqlclient PATH_SUFFIXES mysql PATHS ${MYSQL_LIB_PATHS}) + endif () + + if (MYSQL_INCLUDE_DIR AND (STATIC_MYSQLCLIENT_LIB OR MYSQLCLIENT_LIBRARIES)) diff --git a/pkgs/servers/dns/bind/default.nix b/pkgs/servers/dns/bind/default.nix index d424d510cd2..b0fb29677f9 100644 --- a/pkgs/servers/dns/bind/default.nix +++ b/pkgs/servers/dns/bind/default.nix @@ -24,7 +24,8 @@ stdenv.mkDerivation rec { stdenv.lib.optional stdenv.isDarwin ./darwin-openssl-linking-fix.patch; nativeBuildInputs = [ perl ]; - buildInputs = [ libcap libtool libxml2 openssl ] + buildInputs = [ libtool libxml2 openssl ] + ++ lib.optional stdenv.isLinux libcap ++ lib.optional enableSeccomp libseccomp ++ lib.optional enablePython python3; @@ -34,7 +35,6 @@ stdenv.mkDerivation rec { configureFlags = [ "--localstatedir=/var" - "--with-libcap=${libcap.dev}" "--with-libtool" "--with-libxml2=${libxml2.dev}" "--with-openssl=${openssl.dev}" @@ -54,7 +54,8 @@ stdenv.mkDerivation rec { "--with-gost" "--without-eddsa" "--with-aes" - ] ++ lib.optional enableSeccomp "--enable-seccomp"; + ] ++ lib.optional stdenv.isLinux "--with-libcap=${libcap.dev}" + ++ lib.optional enableSeccomp "--enable-seccomp"; postInstall = '' moveToOutput bin/bind9-config $dev diff --git a/pkgs/servers/nextcloud/default.nix b/pkgs/servers/nextcloud/default.nix index fb43643f903..0121d748129 100644 --- a/pkgs/servers/nextcloud/default.nix +++ b/pkgs/servers/nextcloud/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name= "nextcloud-${version}"; - version = "13.0.3"; + version = "13.0.4"; src = fetchurl { url = "https://download.nextcloud.com/server/releases/${name}.tar.bz2"; - sha256 = "1r4k3vbjxm07mlm430hmp61dx052ikgzw0bqlmg09p8011a6fdhq"; + sha256 = "18d514145fcddc86f48d0a5fa4a0d4b07617135a1b23107137a6ea3ed519bd54"; }; installPhase = '' diff --git a/pkgs/servers/samba/4.x.nix b/pkgs/servers/samba/4.x.nix index ba7e9c923e3..ee14ec6443b 100644 --- a/pkgs/servers/samba/4.x.nix +++ b/pkgs/servers/samba/4.x.nix @@ -1,4 +1,5 @@ { lib, stdenv, fetchurl, python, pkgconfig, perl, libxslt, docbook_xsl +, fetchpatch , docbook_xml_dtd_42, docbook_xml_dtd_45, readline, talloc , popt, iniparser, libbsd, libarchive, libiconv, gettext , krb5Full, zlib, openldap, cups, pam, avahi, acl, libaio, fam, libceph, glusterfs @@ -13,6 +14,8 @@ , enableRegedit ? true , enableCephFS ? false , enableGlusterFS ? false +, enableAcl ? (!stdenv.isDarwin) +, enablePam ? (!stdenv.isDarwin) }: with lib; @@ -32,14 +35,18 @@ stdenv.mkDerivation rec { [ ./4.x-no-persistent-install.patch ./patch-source3__libads__kerberos_keytab.c.patch ./4.x-no-persistent-install-dynconfig.patch + (fetchpatch { + url = "https://patch-diff.githubusercontent.com/raw/samba-team/samba/pull/107.patch"; + sha256 = "0r6q34vjj0bdzmcbnrkad9rww58k4krbwicv4gs1g3dj49skpvd6"; + }) ]; buildInputs = [ python pkgconfig perl libxslt docbook_xsl docbook_xml_dtd_42 /* docbook_xml_dtd_45 */ readline talloc popt iniparser - libbsd libarchive zlib acl fam libiconv gettext libunwind krb5Full + libbsd libarchive zlib fam libiconv gettext libunwind krb5Full ] - ++ optionals stdenv.isLinux [ libaio pam systemd ] + ++ optionals stdenv.isLinux [ libaio systemd ] ++ optionals (enableInfiniband && stdenv.isLinux) [ libibverbs librdmacm ] ++ optional enableLDAP openldap ++ optional (enablePrinting && stdenv.isLinux) cups @@ -47,7 +54,9 @@ stdenv.mkDerivation rec { ++ optional enableDomainController gnutls ++ optional enableRegedit ncurses ++ optional (enableCephFS && stdenv.isLinux) libceph - ++ optional (enableGlusterFS && stdenv.isLinux) glusterfs; + ++ optional (enableGlusterFS && stdenv.isLinux) glusterfs + ++ optional enableAcl acl + ++ optional enablePam pam; postPatch = '' # Removes absolute paths in scripts @@ -67,7 +76,9 @@ stdenv.mkDerivation rec { "--localstatedir=/var" ] ++ optional (!enableDomainController) "--without-ad-dc" - ++ optionals (!enableLDAP) [ "--without-ldap" "--without-ads" ]; + ++ optionals (!enableLDAP) [ "--without-ldap" "--without-ads" ] + ++ optional (!enableAcl) "--without-acl-support" + ++ optional (!enablePam) "--without-pam"; # To build in parallel. buildPhase = "python buildtools/bin/waf build -j $NIX_BUILD_CORES"; diff --git a/pkgs/servers/sql/mariadb/default.nix b/pkgs/servers/sql/mariadb/default.nix index 064b6218a05..4b254262f9f 100644 --- a/pkgs/servers/sql/mariadb/default.nix +++ b/pkgs/servers/sql/mariadb/default.nix @@ -2,6 +2,7 @@ , libiconv, openssl, pcre, boost, judy, bison, libxml2 , libaio, libevent, groff, jemalloc, cracklib, systemd, numactl, perl , fixDarwinDylibNames, cctools, CoreServices +, asio, buildEnv, check, scons }: with stdenv.lib; @@ -12,6 +13,12 @@ mariadb = everything // { inherit client; # libmysqlclient.so in .out, necessary headers in .dev and utils in .bin server = everything; # a full single-output build, including everything in `client` again inherit connector-c; # libmysqlclient.so + inherit galera; +}; + +galeraLibs = buildEnv { + name = "galera-lib-inputs-united"; + paths = [ openssl.out boost check ]; }; common = rec { # attributes common to both builds @@ -150,6 +157,7 @@ everything = stdenv.mkDerivation (common // { "-DWITHOUT_EXAMPLE_STORAGE_ENGINE=1" "-DWITHOUT_FEDERATED_STORAGE_ENGINE=1" "-DWITH_WSREP=ON" + "-DWITH_INNODB_DISALLOW_WRITES=ON" ] ++ stdenv.lib.optionals stdenv.isDarwin [ "-DWITHOUT_OQGRAPH_STORAGE_ENGINE=1" "-DWITHOUT_TOKUDB=1" @@ -159,6 +167,8 @@ everything = stdenv.mkDerivation (common // { rm -r "$out"/data # Don't need testing data rm "$out"/share/man/man1/mysql-test-run.pl.1 rm "$out"/bin/rcmysql + '' + optionalString (! stdenv.isDarwin) '' + sed -i 's/-mariadb/-mysql/' "$out"/bin/galera_new_cluster ''; CXXFLAGS = optionalString stdenv.isi686 "-fpermissive" @@ -206,4 +216,52 @@ connector-c = stdenv.mkDerivation rec { }; }; +galera = stdenv.mkDerivation rec { + name = "mariadb-galera-${version}"; + version = "25.3.23"; + + src = fetchurl { + url = "https://mirrors.nxthost.com/mariadb/mariadb-10.2.14/galera-${version}/src/galera-${version}.tar.gz"; + sha256 = "11pfc85z29jk0h6g6bmi3hdv4in4yb00xsr2r0qm1b0y7m2wq3ra"; + }; + + buildInputs = [ asio boost check openssl scons ]; + + patchPhase = '' + substituteInPlace SConstruct \ + --replace "boost_library_path = '''" "boost_library_path = '${boost}/lib'" + ''; + + preConfigure = '' + export CPPFLAGS="-I${asio}/include -I${boost.dev}/include -I${check}/include -I${openssl.dev}/include" + export LIBPATH="${galeraLibs}/lib" + ''; + + buildPhase = '' + scons -j$NIX_BUILD_CORES ssl=1 system_asio=1 strict_build_flags=0 + ''; + + installPhase = '' + # copied with modifications from scripts/packages/freebsd.sh + GALERA_LICENSE_DIR="$share/licenses/${name}" + install -d $out/{bin,lib/galera,share/doc/galera,$GALERA_LICENSE_DIR} + install -m 555 "garb/garbd" "$out/bin/garbd" + install -m 444 "libgalera_smm.so" "$out/lib/galera/libgalera_smm.so" + install -m 444 "scripts/packages/README" "$out/share/doc/galera/" + install -m 444 "scripts/packages/README-MySQL" "$out/share/doc/galera/" + install -m 444 "scripts/packages/freebsd/LICENSE" "$out/$GALERA_LICENSE_DIR" + install -m 444 "LICENSE" "$out/$GALERA_LICENSE_DIR/GPLv2" + install -m 444 "asio/LICENSE_1_0.txt" "$out/$GALERA_LICENSE_DIR/LICENSE.asio" + install -m 444 "www.evanjones.ca/LICENSE" "$out/$GALERA_LICENSE_DIR/LICENSE.crc32c" + install -m 444 "chromium/LICENSE" "$out/$GALERA_LICENSE_DIR/LICENSE.chromium" + ''; + + meta = { + description = "Galera 3 wsrep provider library"; + homepage = http://galeracluster.com/; + license = licenses.lgpl2; + maintainers = with maintainers; [ izorkin ]; + platforms = platforms.all; + }; +}; in mariadb diff --git a/pkgs/tools/admin/azure-cli/default.nix b/pkgs/tools/admin/azure-cli/default.nix new file mode 100644 index 00000000000..e69de29bb2d --- /dev/null +++ b/pkgs/tools/admin/azure-cli/default.nix diff --git a/pkgs/tools/admin/ssl-cert-check/default.nix b/pkgs/tools/admin/ssl-cert-check/default.nix new file mode 100644 index 00000000000..8d30307af2d --- /dev/null +++ b/pkgs/tools/admin/ssl-cert-check/default.nix @@ -0,0 +1,59 @@ +{ stdenv +, lib +, fetchFromGitHub +, makeWrapper +, openssl +, which +, gnugrep +, gnused +, gawk +, mktemp +, coreutils +, findutils +}: + +stdenv.mkDerivation rec { + pname = "ssl-cert-check"; + name = "${pname}-${version}"; + version = "3.31"; + + src = fetchFromGitHub { + owner = "Matty9191"; + repo = pname; + rev = "698c1996d05152cfaf2a1a3df4cc70482411fac8"; + sha256 = "0jvi9phs0ngfwrj9zixb03v9byavbwxx8xkp0h5m98qppn1kvl3n"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + buildInputs = [ + openssl + which + gnugrep + mktemp + gawk + gnused + coreutils + findutils + ]; + + prePatch = '' + substituteInPlace $pname --replace PATH= NOT_PATH= + ''; + + installPhase = '' + mkdir -p $out/bin + cp $pname $out/bin/$pname + wrapProgram $out/bin/$pname \ + --set PATH "${stdenv.lib.makeBinPath buildInputs}" + ''; + + meta = with stdenv.lib; { + description = "a Bourne shell script that can be used to report on expiring SSL certificates"; + homepage = https://github.com/Matty9191/ssl-cert-check; + license = licenses.gpl2; + maintainers = [ maintainers.ryantm ]; + platforms = platforms.linux; + }; + +} diff --git a/pkgs/tools/backup/borg/default.nix b/pkgs/tools/backup/borg/default.nix index 6de4d3d859e..0d11ba394e6 100644 --- a/pkgs/tools/backup/borg/default.nix +++ b/pkgs/tools/backup/borg/default.nix @@ -2,18 +2,13 @@ python3Packages.buildPythonApplication rec { pname = "borgbackup"; - version = "1.1.5"; + version = "1.1.6"; src = python3Packages.fetchPypi { inherit pname version; - sha256 = "4356e6c712871f389e3cb1d6382e341ea635f9e5c65de1cd8fcd103d0fb66d3d"; + sha256 = "a1d2e474c85d3ad3d59b3f8209b5549653c88912082ea0159d27a2e80c910930"; }; - postPatch = '' - # loosen constraint on msgpack version, only 0.5.0 had problems - sed -i "s/'msgpack-python.*'/'msgpack-python'/g" setup.py - ''; - nativeBuildInputs = with python3Packages; [ # For building documentation: sphinx guzzle_sphinx_theme diff --git a/pkgs/tools/inputmethods/uim/default.nix b/pkgs/tools/inputmethods/uim/default.nix index 1bdbef2fde6..b8510b102cb 100644 --- a/pkgs/tools/inputmethods/uim/default.nix +++ b/pkgs/tools/inputmethods/uim/default.nix @@ -38,15 +38,15 @@ assert withFFI -> libffi != null; assert withMisc -> libeb != null; stdenv.mkDerivation rec { - version = "1.8.6-20180501-git"; + version = "1.8.8"; name = "uim-${version}"; src = fetchFromGitHub { owner = "uim"; repo = "uim"; - rev = "c79432cb5aba3a67fb7e7557f4817c749865cc8a"; + rev = "2c0958c9c505a87e70e344c2192e2e5123c71ea5"; fetchSubmodules = true; - sha256 = "12rznfwq1mh750i18bl1743c51akyyvy6la5rgrxmrnp0mha9ba5"; + sha256 = "1hkjxi5r49gcna37m3jvykny5hz9ram4y8a3q7lw4qzr52mz9pdp"; }; nativeBuildInputs = [ diff --git a/pkgs/tools/misc/diffoscope/default.nix b/pkgs/tools/misc/diffoscope/default.nix index 1987c6aed0a..e2e2f66f558 100644 --- a/pkgs/tools/misc/diffoscope/default.nix +++ b/pkgs/tools/misc/diffoscope/default.nix @@ -8,12 +8,12 @@ python3Packages.buildPythonApplication rec { name = "diffoscope-${version}"; - version = "91"; + version = "95"; src = fetchgit { url = "https://anonscm.debian.org/git/reproducible/diffoscope.git"; rev = "refs/tags/${version}"; - sha256 = "16xqy71115cj4kws6bkcjm98nlaff3a32fz82rn2l1xk9w9n3dnz"; + sha256 = "1x06krs3lp41x5w2l8ck8g47il3qzlclyphw9a2wv71sqkb5zxzi"; }; patches = [ diff --git a/pkgs/tools/misc/hyperfine/default.nix b/pkgs/tools/misc/hyperfine/default.nix index 0b04ee1e281..d9c255d2a7a 100644 --- a/pkgs/tools/misc/hyperfine/default.nix +++ b/pkgs/tools/misc/hyperfine/default.nix @@ -1,16 +1,14 @@ { stdenv, fetchFromGitHub, rustPlatform }: -with rustPlatform; - -buildRustPackage rec { +rustPlatform.buildRustPackage rec { name = "hyperfine-${version}"; - version = "1.0.0"; + version = "1.1.0"; src = fetchFromGitHub { owner = "sharkdp"; repo = "hyperfine"; rev = "refs/tags/v${version}"; - sha256 = "0prmnhyp20w71l3mjqgdr38q94cqr1xayzgj7ibbq2hdick4w5nn"; + sha256 = "13h43sjp059yq3bmdbb9i1082fkx5yzmhrkf5kpkxhnyn67xbdsg"; }; cargoSha256 = "0saf0hl21ba2ckqbsw64908nvs0x1rjrnm73ackzpmv5pi9j567s"; diff --git a/pkgs/tools/misc/trash-cli/default.nix b/pkgs/tools/misc/trash-cli/default.nix index 77308ecf2ed..113c7e127d4 100644 --- a/pkgs/tools/misc/trash-cli/default.nix +++ b/pkgs/tools/misc/trash-cli/default.nix @@ -1,8 +1,6 @@ { stdenv, fetchFromGitHub, fetchpatch, coreutils , python3, python3Packages, substituteAll }: -assert stdenv.isLinux; - python3Packages.buildPythonApplication rec { name = "trash-cli-${version}"; version = "0.17.1.14"; @@ -19,7 +17,8 @@ python3Packages.buildPythonApplication rec { (substituteAll { src = ./nix-paths.patch; df = "${coreutils}/bin/df"; - libc = "${stdenv.cc.libc.out}/lib/libc.so.6"; + libc = let ext = if stdenv.isDarwin then ".dylib" else ".so.6"; + in "${stdenv.cc.libc}/lib/libc${ext}"; }) # Fix build on Python 3.6. @@ -37,7 +36,7 @@ python3Packages.buildPythonApplication rec { homepage = https://github.com/andreafrancia/trash-cli; description = "Command line tool for the desktop trash can"; maintainers = [ maintainers.rycee ]; - platforms = platforms.all; + platforms = platforms.unix; license = licenses.gpl2; }; } diff --git a/pkgs/tools/networking/dnsperf/default.nix b/pkgs/tools/networking/dnsperf/default.nix index 97aad141239..b978925c62b 100644 --- a/pkgs/tools/networking/dnsperf/default.nix +++ b/pkgs/tools/networking/dnsperf/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, bind, libseccomp, zlib, openssl }: +{ stdenv, fetchurl, bind, libseccomp, zlib, openssl, libcap }: stdenv.mkDerivation rec { name = "dnsperf-${version}"; @@ -12,7 +12,8 @@ stdenv.mkDerivation rec { outputs = [ "out" "man" "doc" ]; - buildInputs = [ bind libseccomp zlib openssl ]; + buildInputs = [ bind zlib openssl ] + ++ stdenv.lib.optional stdenv.isLinux [ libcap libseccomp ]; postInstall = '' mkdir -p "$out/share/doc/" @@ -29,4 +30,3 @@ stdenv.mkDerivation rec { maintainers = [ maintainers.vcunat ]; }; } - diff --git a/pkgs/tools/networking/maxscale/default.nix b/pkgs/tools/networking/maxscale/default.nix new file mode 100644 index 00000000000..425e531419e --- /dev/null +++ b/pkgs/tools/networking/maxscale/default.nix @@ -0,0 +1,87 @@ +{ stdenv, fetchFromGitHub, cmake, pkgconfig, gcc, glibc +, bison2, curl, flex, gperftools, jansson, jemalloc, kerberos, lua, mariadb +, ncurses, openssl, pcre, pcre2, perl, rabbitmq-c, sqlite, tcl +, libaio, libedit, libtool, libui, libuuid, zlib +}: + +stdenv.mkDerivation rec { + name = "maxscale-${version}"; + version = "2.1.17"; + + src = fetchFromGitHub { + owner = "mariadb-corporation"; + repo = "MaxScale"; + rev = "${name}"; + sha256 = "161kc6aqqj3z509q4qwvsd86h06hlyzdask4gawn2ij0h3ca58q6"; + }; + + nativeBuildInputs = [ cmake pkgconfig ]; + + buildInputs = [ + bison2 curl flex gperftools jansson jemalloc kerberos lua mariadb.connector-c + ncurses openssl pcre pcre2 perl rabbitmq-c sqlite tcl + libaio libedit libtool libui libuuid zlib + ]; + + patches = [ ./getopt.patch ]; + + preConfigure = '' + for i in `grep -l -R '#include <getopt.h>' .`; do + substituteInPlace $i --replace "#include <getopt.h>" "#include <${glibc.dev}/include/getopt.h>" + done + ''; + + cmakeFlags = [ + "-DUSE_C99=YES" + "-DDEFAULT_ADMIN_USER=root" + "-DWITH_MAXSCALE_CNF=YES" + "-DSTATIC_EMBEDDED=YES" + "-DBUILD_RABBITMQ=YES" + "-DBUILD_BINLOG=YES" + "-DBUILD_CDC=NO" + "-DBUILD_MMMON=YES" + "-DBUILD_LUAFILTER=YES" + "-DLUA_LIBRARIES=${lua}/lib" + "-DLUA_INCLUDE_DIR=${lua}/include" + "-DGCOV=NO" + "-DWITH_SCRIPTS=OFF" + "-DBUILD_TESTS=NO" + "-DBUILD_TOOLS=NO" + "-DPROFILE=NO" + "-DWITH_TCMALLOC=YES" + "-DWITH_JEMALLOC=YES" + "-DINSTALL_EXPERIMENTAL=YES" + "-DTARGET_COMPONENT=all" + ]; + + CFLAGS = "-std=gnu99"; + + enableParallelBuilding = false; + + dontStrip = true; + + postInstall = '' + find $out/bin -type f -perm -0100 | while read f1; do + patchelf \ + --set-rpath "$(patchelf --print-rpath $f1):${mariadb.connector-c}/lib/mariadb:$out/lib/maxscale" \ + --set-interpreter "$(cat ${stdenv.cc}/nix-support/dynamic-linker)" $f1 \ + && patchelf --shrink-rpath $f1 + done + + find $out/lib/maxscale -type f -perm -0100 | while read f2; do + patchelf \ + --set-rpath "$(patchelf --print-rpath $f2)":$out/lib/maxscale $f2 + done + + mv $out/share/maxscale/create_grants $out/bin + rm -rf $out/{etc,var} + ''; + + meta = with stdenv.lib; { + description = ''MaxScale database proxy extends MariaDB Server's high availability''; + homepage = https://mariadb.com/products/technology/maxscale; + license = licenses.bsl11; + platforms = platforms.linux; + maintainers = with maintainers; [ izorkin ]; + }; +} diff --git a/pkgs/tools/networking/maxscale/getopt.patch b/pkgs/tools/networking/maxscale/getopt.patch new file mode 100644 index 00000000000..db09a8e8f1e --- /dev/null +++ b/pkgs/tools/networking/maxscale/getopt.patch @@ -0,0 +1,11 @@ +--- a/server/core/maxpasswd.c 2018-01-12 05:06:49.000000000 -0500 ++++ b/server/core/maxpasswd.c 2018-01-12 06:50:18.518000000 -0500 +@@ -25,6 +25,7 @@ + + #include <maxscale/cdefs.h> + ++#include <getopt.h> + #include <stdio.h> + #include <errno.h> + #include <sys/stat.h> + diff --git a/pkgs/tools/networking/mitmproxy/default.nix b/pkgs/tools/networking/mitmproxy/default.nix index 5f7537eda18..d3b62d3259c 100644 --- a/pkgs/tools/networking/mitmproxy/default.nix +++ b/pkgs/tools/networking/mitmproxy/default.nix @@ -18,6 +18,8 @@ buildPythonPackage rec { sed 's/>=\([0-9]\.\?\)\+\( \?, \?<\([0-9]\.\?\)\+\)\?//' -i setup.py ''; + doCheck = (!stdenv.isDarwin); + checkPhase = '' export HOME=$(mktemp -d) export LC_CTYPE=en_US.UTF-8 diff --git a/pkgs/tools/networking/ntp/seccomp.patch b/pkgs/tools/networking/ntp/seccomp.patch index 28de2f01d07..872bf8e7fcc 100644 --- a/pkgs/tools/networking/ntp/seccomp.patch +++ b/pkgs/tools/networking/ntp/seccomp.patch @@ -34,11 +34,12 @@ diff -urN ntp-4.2.8p10.orig/ntpd/ntpd.c ntp-4.2.8p10/ntpd/ntpd.c SCMP_SYS(madvise), SCMP_SYS(mmap), SCMP_SYS(mmap2), -@@ -1211,6 +1216,7 @@ +@@ -1211,6 +1216,8 @@ SCMP_SYS(select), SCMP_SYS(setitimer), SCMP_SYS(setsid), + SCMP_SYS(setsockopt), ++ SCMP_SYS(openat), SCMP_SYS(sigprocmask), SCMP_SYS(sigreturn), SCMP_SYS(socketcall), diff --git a/pkgs/tools/networking/tinc/default.nix b/pkgs/tools/networking/tinc/default.nix index 4f6bec9c008..9ef5ff2a4f0 100644 --- a/pkgs/tools/networking/tinc/default.nix +++ b/pkgs/tools/networking/tinc/default.nix @@ -1,12 +1,12 @@ {stdenv, fetchurl, lzo, openssl, zlib}: stdenv.mkDerivation rec { - version = "1.0.33"; + version = "1.0.34"; name = "tinc-${version}"; src = fetchurl { url = "http://www.tinc-vpn.org/packages/tinc-${version}.tar.gz"; - sha256 = "1x0hpfz13vn4pl6dcpnls6xq3rfcbdsg90awcfn53ijb8k35svvz"; + sha256 = "1nngdp2x5kykrgh13q5wjry8m82vahqv53csvlb22ifxvrhrnfn0"; }; buildInputs = [ lzo openssl zlib ]; diff --git a/pkgs/tools/networking/tinc/pre.nix b/pkgs/tools/networking/tinc/pre.nix index 0f5fd283692..db4b6a2281d 100644 --- a/pkgs/tools/networking/tinc/pre.nix +++ b/pkgs/tools/networking/tinc/pre.nix @@ -2,12 +2,12 @@ stdenv.mkDerivation rec { name = "tinc-${version}"; - version = "1.1pre15"; + version = "1.1pre16"; src = fetchgit { rev = "refs/tags/release-${version}"; url = "git://tinc-vpn.org/tinc"; - sha256 = "1msym63jpipvzb5dn8yn8yycrii43ncfq6xddxh2ifrakr48l6y5"; + sha256 = "03dsm1kxagq8srskzg649xyhbdqbbqxc84pdwrz7yakpa9m6225c"; }; outputs = [ "out" "man" "info" ]; @@ -23,10 +23,6 @@ stdenv.mkDerivation rec { sed -i '/AC_INIT/s/m4_esyscmd_s.*/${version})/' configure.ac ''; - postInstall = '' - rm $out/bin/tinc-gui - ''; - configureFlags = [ "--sysconfdir=/etc" "--localstatedir=/var" diff --git a/pkgs/tools/networking/whois/default.nix b/pkgs/tools/networking/whois/default.nix index 4a40c320040..e644578b664 100644 --- a/pkgs/tools/networking/whois/default.nix +++ b/pkgs/tools/networking/whois/default.nix @@ -1,14 +1,14 @@ { stdenv, fetchFromGitHub, perl, gettext, pkgconfig, libidn2, libiconv }: stdenv.mkDerivation rec { - version = "5.3.0"; + version = "5.3.1"; name = "whois-${version}"; src = fetchFromGitHub { owner = "rfc1036"; repo = "whois"; rev = "v${version}"; - sha256 = "01pfl1ap62hc27574sx1a4yaaf7hr2zkksspn5z97sgacl6h1rnf"; + sha256 = "1xqvcsh70590bwmy37kwlwyl0rvnlqx987km3mnij93q4kvabg5n"; }; nativeBuildInputs = [ perl gettext pkgconfig ]; diff --git a/pkgs/tools/networking/wireguard-go/default.nix b/pkgs/tools/networking/wireguard-go/default.nix index 62ea3d64468..cbd28b6954a 100644 --- a/pkgs/tools/networking/wireguard-go/default.nix +++ b/pkgs/tools/networking/wireguard-go/default.nix @@ -13,11 +13,6 @@ buildGoPackage rec { goDeps = ./deps.nix; - postPatch = '' - # Replace local imports so that go tools do not trip on them - find . -name '*.go' -exec sed -i '/import (/,/)/s@"./@"${goPackagePath}/@' {} \; - ''; - meta = with stdenv.lib; { description = "Userspace Go implementation of WireGuard"; homepage = https://git.zx2c4.com/wireguard-go/about/; diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix index 0f575d748b6..f28d57fa62b 100644 --- a/pkgs/tools/security/gnupg/22.nix +++ b/pkgs/tools/security/gnupg/22.nix @@ -15,11 +15,11 @@ assert guiSupport -> pinentry != null; stdenv.mkDerivation rec { name = "gnupg-${version}"; - version = "2.2.7"; + version = "2.2.8"; src = fetchurl { url = "mirror://gnupg/gnupg/${name}.tar.bz2"; - sha256 = "0vlpis0q7gvq9mhdc43hkyn3cdriz4mwgj20my3gyzpgwqg3cnyr"; + sha256 = "1k8dnnfs9888yp713l7kg2jg110lw47s4krx0njna6fjrsw4qyvp"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/tools/security/nwipe/default.nix b/pkgs/tools/security/nwipe/default.nix new file mode 100644 index 00000000000..214ffccc7ae --- /dev/null +++ b/pkgs/tools/security/nwipe/default.nix @@ -0,0 +1,22 @@ +{ stdenv, fetchFromGitHub, ncurses, parted, automake, autoconf, pkgconfig }: + +stdenv.mkDerivation rec { + version = "0.24"; + name = "nwipe-${version}"; + src = fetchFromGitHub { + owner = "martijnvanbrummelen"; + repo = "nwipe"; + rev = "v${version}"; + sha256 = "0zminjngz98b4jl1ii6ssa7pkmf4xw6mmk8apxz3xr68cps12ls0"; + }; + nativeBuildInputs = [ automake autoconf pkgconfig ]; + buildInputs = [ ncurses parted ]; + preConfigure = "sh init.sh || :"; + meta = with stdenv.lib; { + description = "Securely erase disks"; + homepage = https://github.com/martijnvanbrummelen/nwipe; + license = licenses.gpl2; + maintainers = [ maintainers.woffs ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/tools/security/pcsclite/default.nix b/pkgs/tools/security/pcsclite/default.nix index 589316b1d1c..bf5856aec35 100644 --- a/pkgs/tools/security/pcsclite/default.nix +++ b/pkgs/tools/security/pcsclite/default.nix @@ -6,9 +6,7 @@ stdenv.mkDerivation rec { version = "1.8.23"; src = fetchurl { - # This URL changes in unpredictable ways, so it is not sensible - # to put a version variable in there. - url = "https://alioth.debian.org/frs/download.php/file/4235/pcsc-lite-1.8.23.tar.bz2"; + url = "https://pcsclite.apdu.fr/files/pcsc-lite-${version}.tar.bz2"; sha256 = "1jc9ws5ra6v3plwraqixin0w0wfxj64drahrbkyrrwzghqjjc9ss"; }; @@ -36,7 +34,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "Middleware to access a smart card using SCard API (PC/SC)"; - homepage = http://pcsclite.alioth.debian.org/; + homepage = https://pcsclite.apdu.fr/; license = licenses.bsd3; maintainers = with maintainers; [ viric wkennington ]; platforms = with platforms; unix; diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix index 795925a221c..3efba58ea11 100644 --- a/pkgs/tools/security/tor/default.nix +++ b/pkgs/tools/security/tor/default.nix @@ -15,11 +15,11 @@ }: stdenv.mkDerivation rec { - name = "tor-0.3.3.6"; + name = "tor-0.3.3.7"; src = fetchurl { url = "https://dist.torproject.org/${name}.tar.gz"; - sha256 = "1drk2h8zd05xrfpx7xn77pcxz0hs4nrq6figw56qk5gkvgv5kg4r"; + sha256 = "036ybfvldj7yfci9ipjki8smpzyxdg8c5r12bghc9yxdqh9basza"; }; outputs = [ "out" "geoip" ]; diff --git a/pkgs/tools/system/acpica-tools/default.nix b/pkgs/tools/system/acpica-tools/default.nix index edb7828f95b..c9a33bc64e0 100644 --- a/pkgs/tools/system/acpica-tools/default.nix +++ b/pkgs/tools/system/acpica-tools/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "acpica-tools-${version}"; - version = "20180508"; + version = "20180531"; src = fetchurl { url = "https://acpica.org/sites/acpica/files/acpica-unix-${version}.tar.gz"; - sha256 = "1n7lqmv77kg28drahvxzybwl9v4hzwi8i7xkpgliclfcp5ff909b"; + sha256 = "0rbn0anxs6r1ks1lgaxqhiv2kqgh4f1fq5qi2kdv7hir82mdqv4g"; }; NIX_CFLAGS_COMPILE = "-O3"; diff --git a/pkgs/tools/system/loadwatch/default.nix b/pkgs/tools/system/loadwatch/default.nix new file mode 100644 index 00000000000..eb7f1e3bb59 --- /dev/null +++ b/pkgs/tools/system/loadwatch/default.nix @@ -0,0 +1,20 @@ +{ stdenv, fetchgit, ... }: + +stdenv.mkDerivation { + name = "loadwatch-1.1-1-g6d2544c"; + src = fetchgit { + url = "git://woffs.de/git/fd/loadwatch.git"; + sha256 = "1bhw5ywvhyb6snidsnllfpdi1migy73wg2gchhsfbcpm8aaz9c9b"; + rev = "6d2544c0caaa8a64bbafc3f851e06b8056c30e6e"; + }; + installPhase = '' + mkdir -p $out/bin + install loadwatch lw-ctl $out/bin + ''; + meta = with stdenv.lib; { + description = "Run a program using only idle cycles"; + license = licenses.gpl2; + maintainers = with maintainers; [ woffs ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 06a70709d84..8bce97b87b6 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -344,6 +344,9 @@ with pkgs; pathsFromGraph = ../build-support/kernel/paths-from-graph.pl; + pruneLibtoolFiles = makeSetupHook { name = "prune-libtool-files"; } + ../build-support/setup-hooks/prune-libtool-files.sh; + closureInfo = callPackage ../build-support/closure-info.nix { }; setupSystemdUnits = callPackage ../build-support/setup-systemd-units.nix { }; @@ -568,6 +571,8 @@ with pkgs; aws_shell = pythonPackages.callPackage ../tools/admin/aws_shell { }; + aws-sam-cli = callPackage ../development/tools/aws-sam-cli { }; + aws-vault = callPackage ../tools/admin/aws-vault { }; iamy = callPackage ../tools/admin/iamy { }; @@ -1340,6 +1345,8 @@ with pkgs; languagetool = callPackage ../tools/text/languagetool { }; + loadwatch = callPackage ../tools/system/loadwatch { }; + loccount = callPackage ../development/tools/misc/loccount { }; long-shebang = callPackage ../misc/long-shebang {}; @@ -1386,6 +1393,8 @@ with pkgs; nrsc5 = callPackage ../applications/misc/nrsc5 { }; + nwipe = callPackage ../tools/security/nwipe { }; + onboard = callPackage ../applications/misc/onboard { }; optar = callPackage ../tools/graphics/optar {}; @@ -4232,6 +4241,8 @@ with pkgs; update-resolv-conf = callPackage ../tools/networking/openvpn/update-resolv-conf.nix { }; + opae = callPackage ../development/libraries/opae { }; + openvswitch = callPackage ../os-specific/linux/openvswitch { }; optipng = callPackage ../tools/graphics/optipng { @@ -4433,23 +4444,23 @@ with pkgs; libcap = if stdenv.isDarwin then null else libcap; }; - pinentry_ncurses = pinentry.override { + pinentry_ncurses = self.pinentry.override { gtk2 = null; }; - pinentry_emacs = pinentry.override { + pinentry_emacs = self.pinentry.override { enableEmacs = true; }; - pinentry_gnome = pinentry.override { + pinentry_gnome = self.pinentry.override { gcr = gnome3.gcr; }; - pinentry_qt4 = pinentry.override { + pinentry_qt4 = self.pinentry.override { qt = qt4; }; - pinentry_qt5 = pinentry.override { + pinentry_qt5 = self.pinentry.override { qt = qt5.qtbase; }; @@ -4985,7 +4996,9 @@ with pkgs; sisco.lv2 = callPackage ../applications/audio/sisco.lv2 { }; - sit = callPackage ../applications/version-management/sit { }; + sit = callPackage ../applications/version-management/sit { + inherit (darwin.apple_sdk.frameworks) CoreFoundation Security; + }; skippy-xd = callPackage ../tools/X11/skippy-xd {}; @@ -5512,6 +5525,8 @@ with pkgs; vobsub2srt = callPackage ../tools/cd-dvd/vobsub2srt { }; + volume_key = callPackage ../development/libraries/volume-key { }; + vorbisgain = callPackage ../tools/misc/vorbisgain { }; vpnc = callPackage ../tools/networking/vpnc { }; @@ -6460,7 +6475,7 @@ with pkgs; haskell = callPackage ./haskell-packages.nix { }; haskellPackages = haskell.packages.ghc822.override { - overrides = config.haskellPackageOverrides or (self: super: {}); + overrides = config.haskellPackageOverrides or haskell.packageOverrides; }; inherit (haskellPackages) ghc; @@ -6784,8 +6799,8 @@ with pkgs; inherit (stdenvAdapters) overrideCC; buildLlvmTools = buildPackages.llvmPackages_5.tools; targetLlvmLibraries = targetPackages.llvmPackages_5.libraries; - } // stdenv.lib.optionalAttrs stdenv.isDarwin { - cmake = cmake.override { + } // stdenv.lib.optionalAttrs (stdenv.isDarwin && hostPlatform == buildPlatform) { + cmake = buildPackages.cmake.override { isBootstrap = true; majorVersion = "3.9"; # 3.10.2: 'ApplicationServices/ApplicationServices.h' file not found }; @@ -8601,7 +8616,9 @@ with pkgs; assimp = callPackage ../development/libraries/assimp { }; - asio = callPackage ../development/libraries/asio { }; + asio = asio_1_12; + asio_1_10 = callPackage ../development/libraries/asio/1.10.nix { }; + asio_1_12 = callPackage ../development/libraries/asio/1.12.nix { }; aspell = callPackage ../development/libraries/aspell { }; @@ -8723,6 +8740,8 @@ with pkgs; ccrtp_1_8 = callPackage ../development/libraries/ccrtp/1.8.nix { }; + cctz = callPackage ../development/libraries/cctz { }; + celt = callPackage ../development/libraries/celt {}; celt_0_7 = callPackage ../development/libraries/celt/0.7.nix {}; celt_0_5_1 = callPackage ../development/libraries/celt/0.5.1.nix {}; @@ -8966,12 +8985,15 @@ with pkgs; ffmpeg_0_10 = callPackage ../development/libraries/ffmpeg/0.10.nix { inherit (darwin.apple_sdk.frameworks) Cocoa; + stdenv = gccStdenv; }; ffmpeg_1_2 = callPackage ../development/libraries/ffmpeg/1.2.nix { inherit (darwin.apple_sdk.frameworks) Cocoa; + stdenv = gccStdenv; }; ffmpeg_2_8 = callPackage ../development/libraries/ffmpeg/2.8.nix { inherit (darwin.apple_sdk.frameworks) Cocoa; + stdenv = gccStdenv; }; ffmpeg_3_4 = callPackage ../development/libraries/ffmpeg/3.4.nix { inherit (darwin.apple_sdk.frameworks) Cocoa CoreMedia; @@ -8979,6 +9001,7 @@ with pkgs; }; ffmpeg_4 = callPackage ../development/libraries/ffmpeg/4.nix { inherit (darwin.apple_sdk.frameworks) Cocoa CoreMedia; + stdenv = gccStdenv; }; # Aliases @@ -9789,6 +9812,8 @@ with pkgs; libbdplus = callPackage ../development/libraries/libbdplus { }; + libblockdev = callPackage ../development/libraries/libblockdev { }; + libblocksruntime = callPackage ../development/libraries/libblocksruntime { }; libbluray = callPackage ../development/libraries/libbluray { }; @@ -9799,13 +9824,19 @@ with pkgs; libburn = callPackage ../development/libraries/libburn { }; + libbytesize = callPackage ../development/libraries/libbytesize { }; + libcaca = callPackage ../development/libraries/libcaca { inherit (xorg) libX11 libXext; }; libcanberra = callPackage ../development/libraries/libcanberra { }; - libcanberra-gtk3 = pkgs.libcanberra.override { gtk = pkgs.gtk3; }; - libcanberra-gtk2 = pkgs.libcanberra-gtk3.override { gtk = pkgs.gtk2; }; + libcanberra-gtk3 = pkgs.libcanberra.override { + gtk = gtk3; + }; + libcanberra-gtk2 = pkgs.libcanberra-gtk3.override { + gtk = gtk2.override { gdktarget = "x11"; }; + }; libcanberra_kde = if (config.kde_runtime.libcanberraWithoutGTK or true) then pkgs.libcanberra @@ -10351,6 +10382,8 @@ with pkgs; libmx = callPackage ../development/libraries/libmx { }; + libndctl = callPackage ../development/libraries/libndctl { }; + libnet = callPackage ../development/libraries/libnet { }; libnetfilter_conntrack = callPackage ../development/libraries/libnetfilter_conntrack { }; @@ -11823,6 +11856,8 @@ with pkgs; tinyxml-2 = callPackage ../development/libraries/tinyxml-2 { }; + tiscamera = callPackage ../os-specific/linux/tiscamera { }; + tivodecode = callPackage ../applications/video/tivodecode { }; tix = callPackage ../development/libraries/tix { }; @@ -12772,6 +12807,7 @@ with pkgs; rpcbind = callPackage ../servers/rpcbind { }; mariadb = callPackage ../servers/sql/mariadb { + asio = asio_1_10; inherit (darwin) cctools; inherit (pkgs.darwin.apple_sdk.frameworks) CoreServices; }; @@ -13492,13 +13528,13 @@ with pkgs; ]; }; - linux_copperhead_lts = callPackage ../os-specific/linux/kernel/linux-copperhead-lts.nix { - kernelPatches = with kernelPatches; [ - bridge_stp_helper - modinst_arg_list_too_long - tag_hardened - ]; - }; + linux_copperhead_lts = (linux_4_14.override { + kernelPatches = linux_4_14.kernelPatches ++ [ + kernelPatches.copperhead_4_14 + kernelPatches.tag_hardened + ]; + modDirVersionArg = linux_4_14.modDirVersion + "-hardened"; + }); linux_copperhead_stable = (linux_4_16.override { kernelPatches = linux_4_16.kernelPatches ++ [ @@ -15434,6 +15470,8 @@ with pkgs; patches = config.dwm.patches or []; }; + dwm-status = callPackage ../applications/window-managers/dwm/dwm-status.nix { }; + dynamips = callPackage ../applications/virtualization/dynamips { }; evilwm = callPackage ../applications/window-managers/evilwm { @@ -17225,6 +17263,10 @@ with pkgs; maxlib = callPackage ../applications/audio/pd-plugins/maxlib { }; + maxscale = callPackage ../tools/networking/maxscale { + stdenv = overrideCC stdenv gcc6; + }; + pdfdiff = callPackage ../applications/misc/pdfdiff { }; mupdf = callPackage ../applications/misc/mupdf { }; @@ -19291,6 +19333,8 @@ with pkgs; gogui = callPackage ../games/gogui {}; + gshogi = python3Packages.callPackage ../games/gshogi {}; + gtetrinet = callPackage ../games/gtetrinet { inherit (gnome2) GConf libgnome libgnomeui; }; @@ -19570,6 +19614,8 @@ with pkgs; springLobby = callPackage ../games/spring/springlobby.nix { }; + ssl-cert-check = callPackage ../tools/admin/ssl-cert-check { }; + stardust = callPackage ../games/stardust {}; stockfish = callPackage ../games/stockfish { }; @@ -20936,6 +20982,52 @@ with pkgs; nixops-dns = callPackage ../tools/package-management/nixops/nixops-dns.nix { }; + /* + * Evaluate a NixOS configuration using this evaluation of Nixpkgs. + * + * With this function you can write, for example, a package that + * depends on a custom virtual machine image. + * + * Parameter: A module, path or list of those that represent the + * configuration of the NixOS system to be constructed. + * + * Result: An attribute set containing packages produced by this + * evaluation of NixOS, such as toplevel, kernel and + * initialRamdisk. + * The result can be extended in the modules by defining + * extra options in system.build. + * + * Unlike in plain NixOS, the nixpkgs.config, nixpkgs.overlays and + * nixpkgs.system options will be ignored by default. Instead, + * nixpkgs.pkgs will have the default value of pkgs as it was + * constructed right after invoking the nixpkgs function (e.g. the + * value of import <nixpkgs> { overlays = [./my-overlay.nix]; } + * but not the value of (import <nixpkgs> {} // { extra = ...; }). + * + * If you do want to use the config.nixpkgs options, you are + * probably better off by calling nixos/lib/eval-config.nix + * directly, even though it is possible to set config.nixpkgs.pkgs. + * + * For more information about writing NixOS modules, see + * https://nixos.org/nixos/manual/index.html#sec-writing-modules + * + * Note that you will need to have called Nixpkgs with the system + * parameter set to the right value for your deployment target. + */ + nixos = configuration: + (import (self.path + "/nixos/lib/eval-config.nix") { + inherit (pkgs) system; + modules = [( + { lib, ... }: { + config.nixpkgs.pkgs = lib.mkDefault pkgs; + } + )] ++ ( + if builtins.isList configuration + then configuration + else [configuration] + ); + }).config.system.build; + nixui = callPackage ../tools/package-management/nixui { node_webkit = nwjs_0_12; }; nix-bundle = callPackage ../tools/package-management/nix-bundle { }; @@ -21258,6 +21350,8 @@ with pkgs; unicode-paracode = callPackage ../tools/misc/unicode { }; + unixcw = callPackage ../applications/misc/unixcw { }; + valauncher = callPackage ../applications/misc/valauncher { }; vault = callPackage ../tools/security/vault { }; @@ -21554,7 +21648,7 @@ with pkgs; unixtools = recurseIntoAttrs (callPackages ./unix-tools.nix { }); inherit (unixtools) hexdump ps logger eject umount mount wall hostname more sysctl getconf - getent; + getent locale; fts = if hostPlatform.isMusl then netbsd.fts else null; diff --git a/pkgs/top-level/haskell-packages.nix b/pkgs/top-level/haskell-packages.nix index 7ec9da39a9c..c5f0378049e 100644 --- a/pkgs/top-level/haskell-packages.nix +++ b/pkgs/top-level/haskell-packages.nix @@ -8,7 +8,6 @@ let integerSimpleExcludes = [ "ghc7103Binary" "ghc821Binary" - "ghcCross" "ghcjs" "ghcjs710" "ghcjs80" diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index 4d79decc50c..00689e1f5b2 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -6470,6 +6470,18 @@ let self = _self // overrides; _self = with self; { doCheck = false; # seems to access the network }; + GetoptArgvFile = buildPerlPackage rec { + name = "Getopt-ArgvFile-1.11"; + src = fetchurl { + url = "mirror://cpan/authors/id/J/JS/JSTENZEL/${name}.tar.gz"; + sha256 = "3709aa513ce6fd71d1a55a02e34d2f090017d5350a9bd447005653c9b0835b22"; + }; + meta = { + license = stdenv.lib.licenses.artistic1; + maintainers = [ maintainers.pSub ]; + }; + }; + GetoptLong = buildPerlPackage rec { name = "Getopt-Long-2.50"; src = fetchurl { @@ -8121,6 +8133,10 @@ let self = _self // overrides; _self = with self; { url = mirror://cpan/authors/id/I/IS/ISHIGAKI/JSON-2.97001.tar.gz; sha256 = "0nlgdzy40q26z8qhwngsd461glyai8dpwaccyhiljmrkaqwdjxz2"; }; + # Do not abort cross-compilation on failure to load native JSON module into host perl + preConfigure = '' + substituteInPlace Makefile.PL --replace "exit 0;" "" + ''; meta = { description = "JSON (JavaScript Object Notation) encoder/decoder"; license = with stdenv.lib.licenses; [ artistic1 gpl1Plus ]; @@ -14358,6 +14374,19 @@ let self = _self // overrides; _self = with self; { }; }; + SysMemInfo = buildPerlPackage rec { + name = "Sys-MemInfo-0.99"; + src = fetchurl { + url = "mirror://cpan/authors/id/S/SC/SCRESTO/${name}.tar.gz"; + sha256 = "0786319d3a3a8bae5d727939244bf17e140b714f52734d5e9f627203e4cf3e3b"; + }; + meta = { + description = "Memory informations"; + maintainers = [ maintainers.pSub ]; + license = with stdenv.lib.licenses; [ gpl2Plus ]; + }; + }; + SysCPU = buildPerlPackage rec { name = "Sys-CPU-0.61"; src = fetchurl { diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index e0ae870cae0..9f0a0f45b12 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -199,12 +199,16 @@ in { automat = callPackage ../development/python-modules/automat { }; + aws-sam-translator = callPackage ../development/python-modules/aws-sam-translator { }; + aws-xray-sdk = callPackage ../development/python-modules/aws-xray-sdk { }; # packages defined elsewhere amazon_kclpy = callPackage ../development/python-modules/amazon_kclpy { }; + ansiconv = callPackage ../development/python-modules/ansiconv { }; + backports_csv = callPackage ../development/python-modules/backports_csv {}; bap = callPackage ../development/python-modules/bap { @@ -235,6 +239,8 @@ in { dbfread = callPackage ../development/python-modules/dbfread { }; + deap = callPackage ../development/python-modules/deap { }; + dkimpy = callPackage ../development/python-modules/dkimpy { }; diff_cover = callPackage ../development/python-modules/diff_cover { }; @@ -315,6 +321,8 @@ in { outcome = callPackage ../development/python-modules/outcome {}; + pdf2image = callPackage ../development/python-modules/pdf2image { }; + pdfminer = callPackage ../development/python-modules/pdfminer_six { }; plantuml = callPackage ../tools/misc/plantuml { }; @@ -390,6 +398,8 @@ in { inherit (pkgs.llvmPackages) openmp; }; + pynisher = callPackage ../development/python-modules/pynisher { }; + pyparser = callPackage ../development/python-modules/pyparser { }; pyqt4 = callPackage ../development/python-modules/pyqt/4.x.nix { @@ -418,6 +428,8 @@ in { pytest-tornado = callPackage ../development/python-modules/pytest-tornado { }; + python-hosts = callPackage ../development/python-modules/python-hosts { }; + python-openid = callPackage (if isPy3k then ../development/python-modules/python3-openid else ../development/python-modules/python-openid) { }; @@ -452,6 +464,8 @@ in { sip = callPackage ../development/python-modules/sip { }; + spglib = callPackage ../development/python-modules/spglib { }; + supervise_api = callPackage ../development/python-modules/supervise_api { }; syncserver = callPackage ../development/python-modules/syncserver {}; @@ -10839,13 +10853,20 @@ in { }; PyICU = buildPythonPackage rec { - name = "PyICU-1.9.7"; + name = "PyICU-2.0.3"; src = pkgs.fetchurl { url = "mirror://pypi/P/PyICU/${name}.tar.gz"; - sha256 = "0qavhngmn7c90fz25a8a2k50wd5gzp3vwwjq8v2pkf2hq4fcs9yv"; + sha256 = "0pzss3l0b0vcsyr7wlqdd6pkcqldspajfgd9k2iijf6r152d2ln4"; }; + patches = [ + (pkgs.fetchpatch { + url = https://sources.debian.org/data/main/p/pyicu/2.0.3-1/debian/patches/icu_test.patch; + sha256 = "1iavdkyqixm9i753svl17barla93b7jzgkw09dn3hnggamx7zwx9"; + }) + ]; + buildInputs = [ pkgs.icu self.pytest ]; propagatedBuildInputs = [ self.six ]; @@ -18177,6 +18198,10 @@ EOF spectral-cube = callPackage ../development/python-modules/spectral-cube { }; + astunparse = callPackage ../development/python-modules/astunparse { }; + + gast = callPackage ../development/python-modules/gast { }; + }); in fix' (extends overrides packages) diff --git a/pkgs/top-level/unix-tools.nix b/pkgs/top-level/unix-tools.nix index 34d04fdec49..c1bd46ad68d 100644 --- a/pkgs/top-level/unix-tools.nix +++ b/pkgs/top-level/unix-tools.nix @@ -81,6 +81,10 @@ let linux = pkgs.nettools; darwin = pkgs.darwin.network_cmds; }; + locale = { + linux = pkgs.glibc; + darwin = pkgs.netbsd.locale; + }; logger = { linux = pkgs.utillinux; }; |