diff options
| -rw-r--r-- | .github/PULL_REQUEST_TEMPLATE.md | 2 | ||||
| -rw-r--r-- | nixos/modules/rename.nix | 4 | ||||
| -rw-r--r-- | nixos/modules/services/misc/nix-daemon.nix | 16 | ||||
| -rw-r--r-- | pkgs/applications/misc/cdrtools/default.nix | 9 | ||||
| -rw-r--r-- | pkgs/applications/misc/k3b/default.nix | 7 | ||||
| -rw-r--r-- | pkgs/applications/misc/k3b/wrapper.nix | 23 | ||||
| -rw-r--r-- | pkgs/development/libraries/libburn/default.nix | 18 | ||||
| -rw-r--r-- | pkgs/development/libraries/libisofs/default.nix | 21 | ||||
| -rw-r--r-- | pkgs/development/python-modules/graph-tool/2.x.x.nix | 6 | ||||
| -rw-r--r-- | pkgs/misc/emulators/dosbox/default.nix | 4 | ||||
| -rw-r--r-- | pkgs/tools/cd-dvd/brasero/default.nix | 8 | ||||
| -rw-r--r-- | pkgs/tools/cd-dvd/brasero/wrapper.nix | 23 | ||||
| -rw-r--r-- | pkgs/top-level/all-packages.nix | 14 |
13 files changed, 126 insertions, 29 deletions
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index ceea615d5d7..324c5f17f7a 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,6 +1,6 @@ ###### Things done -- [ ] Tested using sandboxing (`nix-build --option build-use-chroot true` or [nix.useChroot](http://nixos.org/nixos/manual/options.html#opt-nix.useChroot) on NixOS) +- [ ] Tested using sandboxing (`nix-build --option build-use-sandbox true` or [nix.useSandbox](http://nixos.org/nixos/manual/options.html#opt-nix.useSandbox) on NixOS) - Built on platform(s) - [ ] NixOS - [ ] OS X diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 84eccfd5129..6b02446d53b 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -68,6 +68,10 @@ with lib; # proxy (mkRenamedOptionModule [ "nix" "proxy" ] [ "networking" "proxy" "default" ]) + # sandboxing + (mkRenamedOptionModule [ "nix" "useChroot" ] [ "nix" "useSandbox" ]) + (mkRenamedOptionModule [ "nix" "chrootDirs" ] [ "nix" "sandboxPaths" ]) + # KDE (mkRenamedOptionModule [ "kde" "extraPackages" ] [ "environment" "systemPackages" ]) (mkRenamedOptionModule [ "environment" "kdePackages" ] [ "environment" "systemPackages" ]) diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 10ac6f93cfd..c84c67ff287 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -24,8 +24,8 @@ let nixConf = let - # If we're using a chroot for builds, then provide /bin/sh in - # the chroot as a bind-mount to bash. This means we also need to + # If we're using sandbox for builds, then provide /bin/sh in + # the sandbox as a bind-mount to bash. This means we also need to # include the entire closure of bash. sh = pkgs.stdenv.shell; binshDeps = pkgs.writeReferencesToFile sh; @@ -39,8 +39,8 @@ let build-users-group = nixbld build-max-jobs = ${toString (cfg.maxJobs)} build-cores = ${toString (cfg.buildCores)} - build-use-chroot = ${if (builtins.isBool cfg.useChroot) then (if cfg.useChroot then "true" else "false") else cfg.useChroot} - build-chroot-dirs = ${toString cfg.chrootDirs} /bin/sh=${sh} $(echo $extraPaths) + build-use-sandbox = ${if (builtins.isBool cfg.useSandbox) then (if cfg.useSandbox then "true" else "false") else cfg.useSandbox} + build-sandbox-paths = ${toString cfg.sandboxPaths} /bin/sh=${sh} $(echo $extraPaths) binary-caches = ${toString cfg.binaryCaches} trusted-binary-caches = ${toString cfg.trustedBinaryCaches} binary-cache-public-keys = ${toString cfg.binaryCachePublicKeys} @@ -98,25 +98,25 @@ in ''; }; - useChroot = mkOption { + useSandbox = mkOption { type = types.either types.bool (types.enum ["relaxed"]); default = false; description = " - If set, Nix will perform builds in a chroot-environment that it + If set, Nix will perform builds in a sandboxed environment that it will set up automatically for each build. This prevents impurities in builds by disallowing access to dependencies outside of the Nix store. "; }; - chrootDirs = mkOption { + sandboxPaths = mkOption { type = types.listOf types.str; default = []; example = [ "/dev" "/proc" ]; description = '' Directories from the host filesystem to be included - in the chroot. + in the sandbox. ''; }; diff --git a/pkgs/applications/misc/cdrtools/default.nix b/pkgs/applications/misc/cdrtools/default.nix index 2168a21f7da..55bcfd99e17 100644 --- a/pkgs/applications/misc/cdrtools/default.nix +++ b/pkgs/applications/misc/cdrtools/default.nix @@ -26,10 +26,11 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { homepage = http://sourceforge.net/projects/cdrtools/; description = "Highly portable CD/DVD/BluRay command line recording software"; - # Licensing issues: This package contains code licensed under CDDL, GPL2 - # and LGPL2. There is debate regarding the legality of this licensing. - # Marked as unfree to avoid any possible legal issues. - license = licenses.unfree; + license = with licenses; [ gpl2 lgpl2 cddl ]; platforms = platforms.linux; + # Licensing issues: This package contains code licensed under CDDL, GPL2 + # and LGPL2. There is a debate regarding the legality of distributing this + # package in binary form. + hydraPlatforms = []; }; } diff --git a/pkgs/applications/misc/k3b/default.nix b/pkgs/applications/misc/k3b/default.nix index 922dec11180..8c69e36a4e4 100644 --- a/pkgs/applications/misc/k3b/default.nix +++ b/pkgs/applications/misc/k3b/default.nix @@ -1,7 +1,7 @@ { stdenv, lib, fetchurl, makeWrapper, automoc4, cmake, perl, pkgconfig , shared_mime_info, libvorbis, taglib, flac, libsamplerate , libdvdread, lame, libsndfile, libmad, gettext , transcode, cdrdao -, cdrtools, dvdplusrwtools, vcdimager, cdparanoia, kdelibs, libdvdcss, ffmpeg +, dvdplusrwtools, vcdimager, cdparanoia, kdelibs, libdvdcss, ffmpeg , kdemultimedia, phonon, libkcddb ? null }: @@ -9,10 +9,11 @@ let # at runtime, k3b needs the executables cdrdao, cdrecord, dvd+rw-format, # eMovix, growisofs, mkisofs, normalize, readcd, transcode, vcdxbuild, # vcdxminfo, and vcdxrip - binPath = lib.makeBinPath [ cdrdao dvdplusrwtools transcode vcdimager cdrtools ]; + binPath = lib.makeBinPath [ cdrdao dvdplusrwtools transcode vcdimager ]; in stdenv.mkDerivation rec { - name = "k3b-2.0.3a"; + name = "k3b-${version}"; + version = "2.0.3a"; src = fetchurl { url = "http://download.kde.org/stable/k3b/${name}.tar.xz"; diff --git a/pkgs/applications/misc/k3b/wrapper.nix b/pkgs/applications/misc/k3b/wrapper.nix new file mode 100644 index 00000000000..d5c98a2affa --- /dev/null +++ b/pkgs/applications/misc/k3b/wrapper.nix @@ -0,0 +1,23 @@ +{ lib, buildEnv, k3b-original, cdrtools, makeWrapper }: + +let + binPath = lib.makeBinPath [ cdrtools ]; +in buildEnv { + name = "k3b-${k3b-original.version}"; + + paths = [ k3b-original ]; + buildInputs = [ makeWrapper ]; + + postBuild = '' + # TODO: This could be avoided if buildEnv could be forced to create all directories + if [ -L $out/bin ]; then + rm $out/bin + mkdir $out/bin + for i in ${k3b-original}/bin/*; do + ln -s $i $out/bin + done + fi + wrapProgram $out/bin/k3b \ + --prefix PATH ':' ${binPath} + ''; +} diff --git a/pkgs/development/libraries/libburn/default.nix b/pkgs/development/libraries/libburn/default.nix new file mode 100644 index 00000000000..22edcc15769 --- /dev/null +++ b/pkgs/development/libraries/libburn/default.nix @@ -0,0 +1,18 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + name = "libburn-${version}"; + version = "1.4.2.pl01"; + + src = fetchurl { + url = "http://files.libburnia-project.org/releases/${name}.tar.gz"; + sha256 = "1nqfm24dm2csdnhsmpgw9cwcnkwvqlvfzsm9bhr6yg7bbmzwvkrk"; + }; + + meta = with stdenv.lib; { + homepage = http://libburnia-project.org/; + description = "A library by which preformatted data get onto optical media: CD, DVD, BD (Blu-Ray)"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ abbradar ]; + }; +} diff --git a/pkgs/development/libraries/libisofs/default.nix b/pkgs/development/libraries/libisofs/default.nix new file mode 100644 index 00000000000..d7e78410740 --- /dev/null +++ b/pkgs/development/libraries/libisofs/default.nix @@ -0,0 +1,21 @@ +{ stdenv, fetchurl, acl, attr, zlib }: + +stdenv.mkDerivation rec { + name = "libisofs-${version}"; + version = "1.4.2"; + + src = fetchurl { + url = "http://files.libburnia-project.org/releases/${name}.tar.gz"; + sha256 = "1axk1ykv8ibrlrd2f3allidviimi4ya6k7wpvr6r4y1sc7mg7rym"; + }; + + buildInputs = [ attr zlib ]; + propagatedBuildInputs = [ acl ]; + + meta = with stdenv.lib; { + homepage = http://libburnia-project.org/; + description = "A library to create an ISO-9660 filesystem with extensions like RockRidge or Joliet"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ abbradar ]; + }; +} diff --git a/pkgs/development/python-modules/graph-tool/2.x.x.nix b/pkgs/development/python-modules/graph-tool/2.x.x.nix index be1592f864f..4f39d1097b1 100644 --- a/pkgs/development/python-modules/graph-tool/2.x.x.nix +++ b/pkgs/development/python-modules/graph-tool/2.x.x.nix @@ -3,7 +3,7 @@ pkgconfig, boost, expat, scipy, numpy, cgal, gmp, mpfr, lndir, gobjectIntrospection, pygobject3, gtk3, matplotlib }: stdenv.mkDerivation rec { - version = "2.12"; + version = "2.16"; name = "${python.libPrefix}-graph-tool-${version}"; meta = with stdenv.lib; { @@ -15,8 +15,8 @@ stdenv.mkDerivation rec { }; src = fetchurl { - url = "https://github.com/count0/graph-tool/archive/release-${version}.tar.gz"; - sha256 = "12w58djyx6nn00wixqnxnxby9ksabhzdkkvynl8b89parfvfbpwl"; + url = "https://downloads.skewed.de/graph-tool/graph-tool-${version}.tar.bz2"; + sha256 = "03b1pmh2gvsgyq491gvskx8fwgqy9k942faymdnhwpbbbfhx911p"; }; configureFlags = [ diff --git a/pkgs/misc/emulators/dosbox/default.nix b/pkgs/misc/emulators/dosbox/default.nix index 2525cafc28b..00202f85df7 100644 --- a/pkgs/misc/emulators/dosbox/default.nix +++ b/pkgs/misc/emulators/dosbox/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, SDL, makeDesktopItem }: +{ stdenv, fetchurl, SDL, makeDesktopItem, mesa }: stdenv.mkDerivation rec { name = "dosbox-0.74"; @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { patchFlags = "-p0"; - buildInputs = [ SDL ]; + buildInputs = [ SDL mesa ]; desktopItem = makeDesktopItem { name = "dosbox"; diff --git a/pkgs/tools/cd-dvd/brasero/default.nix b/pkgs/tools/cd-dvd/brasero/default.nix index ff910ad2e49..e903601c81d 100644 --- a/pkgs/tools/cd-dvd/brasero/default.nix +++ b/pkgs/tools/cd-dvd/brasero/default.nix @@ -1,13 +1,13 @@ { stdenv, lib, fetchurl, pkgconfig, gtk3, itstool, gst_all_1, libxml2, libnotify -, libcanberra_gtk3, intltool, makeWrapper, dvdauthor, cdrdao -, dvdplusrwtools, cdrtools, vcdimager, wrapGAppsHook }: +, libcanberra_gtk3, intltool, makeWrapper, dvdauthor, libburn, libisofs +, vcdimager, wrapGAppsHook }: # libdvdcss is "too old" (in fast "too new"), see https://bugs.launchpad.net/ubuntu/+source/brasero/+bug/611590 let major = "3.12"; minor = "1"; - binpath = lib.makeBinPath [ dvdauthor cdrdao dvdplusrwtools vcdimager cdrtools ]; + binpath = lib.makeBinPath [ dvdauthor vcdimager ]; in stdenv.mkDerivation rec { version = "${major}.${minor}"; @@ -20,7 +20,7 @@ in stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig itstool intltool wrapGAppsHook ]; - buildInputs = [ gtk3 libxml2 libnotify libcanberra_gtk3 + buildInputs = [ gtk3 libxml2 libnotify libcanberra_gtk3 libburn libisofs gst_all_1.gstreamer gst_all_1.gst-plugins-base gst_all_1.gst-plugins-good gst_all_1.gst-plugins-bad gst_all_1.gst-plugins-ugly gst_all_1.gst-libav ]; diff --git a/pkgs/tools/cd-dvd/brasero/wrapper.nix b/pkgs/tools/cd-dvd/brasero/wrapper.nix new file mode 100644 index 00000000000..021e0da0e72 --- /dev/null +++ b/pkgs/tools/cd-dvd/brasero/wrapper.nix @@ -0,0 +1,23 @@ +{ lib, buildEnv, brasero-original, cdrtools, makeWrapper }: + +let + binPath = lib.makeBinPath [ cdrtools ]; +in buildEnv { + name = "brasero-${brasero-original.version}"; + + paths = [ brasero-original ]; + buildInputs = [ makeWrapper ]; + + postBuild = '' + # TODO: This could be avoided if buildEnv could be forced to create all directories + if [ -L $out/bin ]; then + rm $out/bin + mkdir $out/bin + for i in ${brasero-original}/bin/*; do + ln -s $i $out/bin + done + fi + wrapProgram $out/bin/brasero \ + --prefix PATH ':' ${binPath} + ''; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 45f937bac19..3e634ac0f47 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -609,7 +609,9 @@ in boxfs = callPackage ../tools/filesystems/boxfs { }; - brasero = callPackage ../tools/cd-dvd/brasero { }; + brasero-original = lowPrio (callPackage ../tools/cd-dvd/brasero { }); + + brasero = callPackage ../tools/cd-dvd/brasero/wrapper.nix { }; brltty = callPackage ../tools/misc/brltty { alsaSupport = (!stdenv.isDarwin); @@ -7348,6 +7350,8 @@ in libbson = callPackage ../development/libraries/libbson { }; + libburn = callPackage ../development/libraries/libburn { }; + libcaca = callPackage ../development/libraries/libcaca { }; libcanberra = callPackage ../development/libraries/libcanberra { }; @@ -7743,6 +7747,8 @@ in graphviz = graphviz-nox; }; + libisofs = callPackage ../development/libraries/libisofs { }; + libiptcdata = callPackage ../development/libraries/libiptcdata { }; libjpeg_original = callPackage ../development/libraries/libjpeg { }; @@ -15305,9 +15311,9 @@ in eventlist = callPackage ../applications/office/eventlist {}; - k3b = callPackage ../applications/misc/k3b { - cdrtools = cdrkit; - }; + k3b-original = lowPrio (callPackage ../applications/misc/k3b { }); + + k3b = callPackage ../applications/misc/k3b/wrapper.nix { }; kadu = callPackage ../applications/networking/instant-messengers/kadu { }; |