diff options
17 files changed, 133 insertions, 55 deletions
diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index b8132cea4fc..6abdd3f2cc8 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -190,6 +190,10 @@ in with passthru; stdenv.mkDerivation { # (since it will do a futile invocation of gcc (!) to find # libuuid, slowing down program startup a lot). (./. + "/${sourceVersion.major}.${sourceVersion.minor}/no-ldconfig.patch") + # Make sure that the virtualenv activation scripts are + # owner-writable, so venvs can be recreated without permission + # errors. + ./virtualenv-permissions.patch ] ++ optionals mimetypesSupport [ # Make the mimetypes module refer to the right file ./mimetypes.patch diff --git a/pkgs/development/interpreters/python/cpython/virtualenv-permissions.patch b/pkgs/development/interpreters/python/cpython/virtualenv-permissions.patch new file mode 100644 index 00000000000..c686f21bfbb --- /dev/null +++ b/pkgs/development/interpreters/python/cpython/virtualenv-permissions.patch @@ -0,0 +1,13 @@ +diff --git a/Lib/venv/__init__.py b/Lib/venv/__init__.py +index caa7285..ad666ac 100644 +--- a/Lib/venv/__init__.py ++++ b/Lib/venv/__init__.py +@@ -379,7 +379,7 @@ class EnvBuilder: + if data is not None: + with open(dstfile, 'wb') as f: + f.write(data) +- shutil.copymode(srcfile, dstfile) ++ os.chmod(dstfile, 0o644) + + + def create(env_dir, system_site_packages=False, clear=False, diff --git a/pkgs/development/interpreters/python/default.nix b/pkgs/development/interpreters/python/default.nix index 30134a05628..507ad8d36cf 100644 --- a/pkgs/development/interpreters/python/default.nix +++ b/pkgs/development/interpreters/python/default.nix @@ -122,10 +122,10 @@ with pkgs; sourceVersion = { major = "3"; minor = "8"; - patch = "9"; + patch = "10"; suffix = ""; }; - sha256 = "XjkfPsRdopVEGcqwvq79i+OIlepc4zV3w+wUlAxLlXI="; + sha256 = "1n8rjb3jn0j8dvi1qn94rxayc9rh982d8wgkrjy41n1x15k4mwka"; }; }; @@ -181,10 +181,10 @@ in { sourceVersion = { major = "3"; minor = "9"; - patch = "4"; + patch = "5"; suffix = ""; }; - sha256 = "Sw5mRKdvjfhkriSsUApRu/aL0Jj2oXPifTthzcqaoTQ="; + sha256 = "10vdf46q5ldnzkprm8pldvr5a9hrdpxjv7mpzgdw6vj3cl318nhc"; inherit (darwin) configd; inherit passthruFun; }; @@ -195,9 +195,9 @@ in { major = "3"; minor = "10"; patch = "0"; - suffix = "a5"; + suffix = "b3"; }; - sha256 = "BBjlfnA24hnx5rYwOyHnEfZM/Q/dsIlNjxnzev/8XU0="; + sha256 = "05fc4mp2ysb372bzkwbn1b1z01bfldnaqig6rxmif58hs3aawrr2"; inherit (darwin) configd; inherit passthruFun; }; diff --git a/pkgs/development/libraries/at-spi2-core/default.nix b/pkgs/development/libraries/at-spi2-core/default.nix index 4e85c7a92a6..515c60c985a 100644 --- a/pkgs/development/libraries/at-spi2-core/default.nix +++ b/pkgs/development/libraries/at-spi2-core/default.nix @@ -21,11 +21,11 @@ stdenv.mkDerivation rec { pname = "at-spi2-core"; - version = "2.40.1"; + version = "2.40.2"; src = fetchurl { url = "mirror://gnome/sources/${pname}/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "0miqn8531czy9ffpxnsxsnk12w3d6sqjda3qyix8kns2xsjf6rlz"; + sha256 = "RNwXr5Q7D9GWxhweA7bBZpYDhcrpbMtelb3v/7aEn5g="; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/libraries/gsl/default.nix b/pkgs/development/libraries/gsl/default.nix index 2dc47a93be3..fc5f689e0d9 100644 --- a/pkgs/development/libraries/gsl/default.nix +++ b/pkgs/development/libraries/gsl/default.nix @@ -1,11 +1,11 @@ { fetchurl, lib, stdenv }: stdenv.mkDerivation rec { - name = "gsl-2.6"; + name = "gsl-2.7"; src = fetchurl { url = "mirror://gnu/gsl/${name}.tar.gz"; - sha256 = "1a460zj9xmbgvcymkdhqh313c4l29mn9cffbi5vf33x3qygk70mp"; + sha256 = "sha256-77vzeF2g5TA4vnkHUAYotGYVLbw8FzqH3hteui4jYCs="; }; preConfigure = if (lib.versionAtLeast stdenv.hostPlatform.darwinMinVersion "11" && stdenv.isDarwin) then '' diff --git a/pkgs/development/python-modules/greenlet/default.nix b/pkgs/development/python-modules/greenlet/default.nix index 8762d62e59b..4d829f3d647 100644 --- a/pkgs/development/python-modules/greenlet/default.nix +++ b/pkgs/development/python-modules/greenlet/default.nix @@ -3,6 +3,7 @@ , fetchPypi , six , isPyPy +, python }: @@ -16,11 +17,18 @@ buildPythonPackage rec { sha256 = "c87df8ae3f01ffb4483c796fe1b15232ce2b219f0b18126948616224d3f658ee"; }; - propagatedBuildInputs = [ six ]; + checkPhase = '' + runHook preCheck + ${python.interpreter} -m unittest discover -v greenlet.tests + runHook postCheck + ''; - meta = { - homepage = "https://pypi.python.org/pypi/greenlet"; + meta = with lib; { + homepage = "https://github.com/python-greenlet/greenlet"; description = "Module for lightweight in-process concurrent programming"; - license = lib.licenses.lgpl2; + license = with licenses; [ + psfl # src/greenlet/slp_platformselect.h & files in src/greenlet/platform/ directory + mit + ]; }; } diff --git a/pkgs/development/python-modules/sqlalchemy/default.nix b/pkgs/development/python-modules/sqlalchemy/default.nix index 605334adf0c..6c576f0b85e 100644 --- a/pkgs/development/python-modules/sqlalchemy/default.nix +++ b/pkgs/development/python-modules/sqlalchemy/default.nix @@ -14,11 +14,11 @@ buildPythonPackage rec { pname = "SQLAlchemy"; - version = "1.4.18"; + version = "1.4.20"; src = fetchPypi { inherit pname version; - sha256 = "0k3yfarfa0hcc0bza6nccy685gnmq6gikynqayrvddx6y7si0lnj"; + sha256 = "1l5miq1nzvg51yqw3pnaq17dgibhgx2m0il2ha79gwpyd8k3mviq"; }; propagatedBuildInputs = [ @@ -36,8 +36,6 @@ buildPythonPackage rec { sed -e 's:--max-worker-restart=5::g' -i setup.cfg ''; - dontUseSetuptoolsCheck = true; - # disable mem-usage tests on mac, has trouble serializing pickle files disabledTests = lib.optionals stdenv.isDarwin [ "MemUsageWBackendTest" diff --git a/pkgs/development/tools/build-managers/gnumake/0001-No-impure-bin-sh.patch b/pkgs/development/tools/build-managers/gnumake/0001-No-impure-bin-sh.patch new file mode 100644 index 00000000000..58ee2d6fe09 --- /dev/null +++ b/pkgs/development/tools/build-managers/gnumake/0001-No-impure-bin-sh.patch @@ -0,0 +1,35 @@ +From e00a5257a6ca5fedbf68b09eee7df3502971a057 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io> +Date: Sat, 24 Apr 2021 10:11:40 +0200 +Subject: [PATCH 1/2] No impure bin sh + +default_shell is used to populuate default shell used to execute jobs. +Unless SHELL is set to a different value this would be /bin/sh. +Our stdenv provides sh in form of bash anyway. Having this value not +hard-coded has some advantages: + +- It would ensure that on all systems it uses sh from its PATH rather + than /bin/sh, which helps as different systems might have different + shells there (bash vs. dash) +- In the past I had issues with LD_PRELOAD with BEAR, where /bin/sh + used a different glibc than BEAR which came from my development shell. +--- + src/job.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/job.c b/src/job.c +index ae1f18b..6b4ddb3 100644 +--- a/src/job.c ++++ b/src/job.c +@@ -77,7 +77,7 @@ char * vms_strsignal (int status); + + #else + +-const char *default_shell = "/bin/sh"; ++const char *default_shell = "sh"; + int batch_mode_shell = 0; + + #endif +-- +2.31.1 + diff --git a/pkgs/development/tools/build-managers/gnumake/0002-remove-impure-dirs.patch b/pkgs/development/tools/build-managers/gnumake/0002-remove-impure-dirs.patch new file mode 100644 index 00000000000..e62aee7d999 --- /dev/null +++ b/pkgs/development/tools/build-managers/gnumake/0002-remove-impure-dirs.patch @@ -0,0 +1,40 @@ +From 795d63d3c8b5c0dbb7e544954f75507b371b7228 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io> +Date: Sat, 24 Apr 2021 10:20:16 +0200 +Subject: [PATCH 2/2] remove impure dirs + +--- + src/read.c | 3 --- + src/remake.c | 2 -- + 2 files changed, 5 deletions(-) + +diff --git a/src/read.c b/src/read.c +index fa197fb..defacfb 100644 +--- a/src/read.c ++++ b/src/read.c +@@ -109,9 +109,6 @@ static const char *default_include_directories[] = + #endif + INCLUDEDIR, + #ifndef _AMIGA +- "/usr/gnu/include", +- "/usr/local/include", +- "/usr/include", + #endif + 0 + }; +diff --git a/src/remake.c b/src/remake.c +index fb237c5..94bff7d 100644 +--- a/src/remake.c ++++ b/src/remake.c +@@ -1601,8 +1601,6 @@ library_search (const char *lib, FILE_TIMESTAMP *mtime_ptr) + static const char *dirs[] = + { + #ifndef _AMIGA +- "/lib", +- "/usr/lib", + #endif + #if defined(WINDOWS32) && !defined(LIBDIR) + /* +-- +2.31.1 + diff --git a/pkgs/development/tools/build-managers/gnumake/default.nix b/pkgs/development/tools/build-managers/gnumake/default.nix index fb9dab54049..0d2806026b8 100644 --- a/pkgs/development/tools/build-managers/gnumake/default.nix +++ b/pkgs/development/tools/build-managers/gnumake/default.nix @@ -14,11 +14,14 @@ stdenv.mkDerivation { sha256 = "06cfqzpqsvdnsxbysl5p2fgdgxgl9y4p7scpnrfa8z2zgkjdspz0"; }; + # to update apply these patches with `git am *.patch` to https://git.savannah.gnu.org/git/make.git patches = [ + # Replaces /bin/sh with sh, see patch file for reasoning + ./0001-No-impure-bin-sh.patch # Purity: don't look for library dependencies (of the form `-lfoo') in /lib # and /usr/lib. It's a stupid feature anyway. Likewise, when searching for # included Makefiles, don't look in /usr/include and friends. - ./impure-dirs.patch + ./0002-remove-impure-dirs.patch ]; nativeBuildInputs = lib.optionals guileSupport [ pkg-config ]; diff --git a/pkgs/development/tools/build-managers/gnumake/impure-dirs.patch b/pkgs/development/tools/build-managers/gnumake/impure-dirs.patch deleted file mode 100644 index 6c7d9d2463c..00000000000 --- a/pkgs/development/tools/build-managers/gnumake/impure-dirs.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff -Naur a/src/read.c b/src/read.c ---- a/src/read.c -+++ b/src/read.c -@@ -109,9 +109,6 @@ - #endif - INCLUDEDIR, - #ifndef _AMIGA -- "/usr/gnu/include", -- "/usr/local/include", -- "/usr/include", - #endif - 0 - }; -diff -Naur a/src/remake.c b/src/remake.c ---- a/src/remake.c -+++ b/src/remake.c -@@ -1601,8 +1601,6 @@ - static const char *dirs[] = - { - #ifndef _AMIGA -- "/lib", -- "/usr/lib", - #endif - #if defined(WINDOWS32) && !defined(LIBDIR) - /* diff --git a/pkgs/os-specific/linux/alsa-project/alsa-lib/default.nix b/pkgs/os-specific/linux/alsa-project/alsa-lib/default.nix index 7d2615824a6..a2350271482 100644 --- a/pkgs/os-specific/linux/alsa-project/alsa-lib/default.nix +++ b/pkgs/os-specific/linux/alsa-project/alsa-lib/default.nix @@ -7,11 +7,11 @@ stdenv.mkDerivation rec { pname = "alsa-lib"; - version = "1.2.5"; + version = "1.2.5.1"; src = fetchurl { url = "mirror://alsa/lib/${pname}-${version}.tar.bz2"; - sha256 = "067ga0l6zr782kw8jdsqvbb20pcgnl0vkpnnz2n36fq8ii58k4lh"; + sha256 = "sha256-YoQh2VDOyvI03j+JnVIMCmkjMTyWStdR/6wIHfMxQ44="; }; patches = [ diff --git a/pkgs/os-specific/linux/alsa-project/alsa-ucm-conf/default.nix b/pkgs/os-specific/linux/alsa-project/alsa-ucm-conf/default.nix index d87f3eebb84..0666f3f4793 100644 --- a/pkgs/os-specific/linux/alsa-project/alsa-ucm-conf/default.nix +++ b/pkgs/os-specific/linux/alsa-project/alsa-ucm-conf/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "alsa-ucm-conf-${version}"; - version = "1.2.5"; + version = "1.2.5.1"; src = fetchurl { url = "mirror://alsa/lib/${name}.tar.bz2"; - sha256 = "sha256-CTrj2Fpeb9LNHMJ/7aQA1xkTgvuLXl4jSXKGyHwVB6U="; + sha256 = "sha256-WEGkRBZty/R523UTA9vDVW9oUIWsfgDwyed1VnYZXZc="; }; dontBuild = true; diff --git a/pkgs/os-specific/linux/iproute/default.nix b/pkgs/os-specific/linux/iproute/default.nix index 638983d6c17..ea3c4d36958 100644 --- a/pkgs/os-specific/linux/iproute/default.nix +++ b/pkgs/os-specific/linux/iproute/default.nix @@ -5,11 +5,11 @@ stdenv.mkDerivation rec { pname = "iproute2"; - version = "5.12.0"; + version = "5.13.0"; src = fetchurl { url = "mirror://kernel/linux/utils/net/${pname}/${pname}-${version}.tar.xz"; - sha256 = "sha256-nSaNuYo27ioOP/O5Ky7/9m/BE4pR5Am972qzz+FfMm8="; + sha256 = "sha256-cqLlN3TKyeZfe2F97rsgWfh+iWDW6XE+TXiM6pZvGzY="; }; preConfigure = '' diff --git a/pkgs/servers/jackett/default.nix b/pkgs/servers/jackett/default.nix index 5bb43ae316c..341c9130481 100644 --- a/pkgs/servers/jackett/default.nix +++ b/pkgs/servers/jackett/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "jackett"; - version = "0.18.364"; + version = "0.18.372"; src = fetchurl { url = "https://github.com/Jackett/Jackett/releases/download/v${version}/Jackett.Binaries.Mono.tar.gz"; - sha256 = "sha256-QcwrgW07tP0PxA6UWqMf7VT0Y8uBZFJY9Uz7seorEfs="; + sha256 = "sha256-GkAKYxa5F0N9jg9TZrwt3hjkhybZTKU2Ia/gIxBRGuo="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/servers/sql/postgresql/default.nix b/pkgs/servers/sql/postgresql/default.nix index e13c23ddeee..5d0a9cfa857 100644 --- a/pkgs/servers/sql/postgresql/default.nix +++ b/pkgs/servers/sql/postgresql/default.nix @@ -33,6 +33,8 @@ let inherit sha256; }; + hardeningEnable = lib.optionals (!stdenv.isDarwin) [ "pie" ]; + outputs = [ "out" "lib" "doc" "man" ]; setOutputFlags = false; # $out retains configureFlags :-/ diff --git a/pkgs/tools/misc/dua/default.nix b/pkgs/tools/misc/dua/default.nix index 20288bf3f5e..d097beca911 100644 --- a/pkgs/tools/misc/dua/default.nix +++ b/pkgs/tools/misc/dua/default.nix @@ -2,7 +2,7 @@ rustPlatform.buildRustPackage rec { pname = "dua"; - version = "2.13.1"; + version = "2.14.1"; buildInputs = lib.optionals stdenv.isDarwin [ libiconv ]; @@ -10,7 +10,7 @@ rustPlatform.buildRustPackage rec { owner = "Byron"; repo = "dua-cli"; rev = "v${version}"; - sha256 = "sha256-6xSRsLM1DD1xMjOGzHMDVLibrJlu9lN9OoSV7B/WMT0="; + sha256 = "sha256-46azJ7q0Ix/8wdg01hYQ2V2E4tBD/NDdHpexnFBD5so="; # Remove unicode file names which leads to different checksums on HFS+ # vs. other filesystems because of unicode normalisation. extraPostFetch = '' @@ -18,7 +18,7 @@ rustPlatform.buildRustPackage rec { ''; }; - cargoSha256 = "sha256-udz1EtPchEHxkvvVFnkwSOpFz4XEBGOXRz8qWREyzvc="; + cargoSha256 = "sha256-hCf6Ih2bJrMX2ntWbIrX3Dk8wI5tio+OcN4WNWuU7j4="; doCheck = false; |