diff options
Diffstat (limited to 'pkgs/os-specific')
-rw-r--r-- | pkgs/os-specific/darwin/moltenvk/default.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/darwin/sketchybar/default.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/darwin/skhd/default.nix | 2 | ||||
-rw-r--r-- | pkgs/os-specific/linux/bionic-prebuilt/default.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/checksec/0002-don-t-sanatize-the-environment.patch | 25 | ||||
-rw-r--r-- | pkgs/os-specific/linux/checksec/default.nix | 62 | ||||
-rw-r--r-- | pkgs/os-specific/linux/criu/default.nix | 6 | ||||
-rw-r--r-- | pkgs/os-specific/linux/cryptodev/default.nix | 2 | ||||
-rw-r--r-- | pkgs/os-specific/linux/irqbalance/default.nix | 2 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/xanmod-kernels.nix | 2 | ||||
-rw-r--r-- | pkgs/os-specific/linux/nmon/default.nix | 2 | ||||
-rw-r--r-- | pkgs/os-specific/linux/prl-tools/default.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/rtl8188eus-aircrack/default.nix | 2 | ||||
-rw-r--r-- | pkgs/os-specific/linux/rtl8812au/default.nix | 2 | ||||
-rw-r--r-- | pkgs/os-specific/linux/v4l2loopback/default.nix | 2 | ||||
-rw-r--r-- | pkgs/os-specific/linux/xf86-input-wacom/default.nix | 2 |
16 files changed, 100 insertions, 27 deletions
diff --git a/pkgs/os-specific/darwin/moltenvk/default.nix b/pkgs/os-specific/darwin/moltenvk/default.nix index 41f929fe90f..2293720d7fa 100644 --- a/pkgs/os-specific/darwin/moltenvk/default.nix +++ b/pkgs/os-specific/darwin/moltenvk/default.nix @@ -109,7 +109,7 @@ stdenv.mkDerivation (finalAttrs: { -configuration Release \ -project MoltenVKShaderConverter.xcodeproj \ -scheme MoltenVKShaderConverter \ - -arch ${stdenv.targetPlatform.darwinArch} + -arch ${stdenv.hostPlatform.darwinArch} declare -A products=( [MoltenVKShaderConverter]=bin [libMoltenVKShaderConverter.a]=lib ) for product in "''${!products[@]}"; do cp MoltenVKShaderConverter-*/Build/Products/Release/$product "$build/''${products[$product]}/$product" @@ -127,7 +127,7 @@ stdenv.mkDerivation (finalAttrs: { -configuration Release \ -project MoltenVK.xcodeproj \ -scheme MoltenVK-macOS \ - -arch ${stdenv.targetPlatform.darwinArch} + -arch ${stdenv.hostPlatform.darwinArch} cp MoltenVK-*/Build/Products/Release/dynamic/libMoltenVK.dylib "$build/lib/libMoltenVK.dylib" popd ''; diff --git a/pkgs/os-specific/darwin/sketchybar/default.nix b/pkgs/os-specific/darwin/sketchybar/default.nix index ab1c0b58185..9b3ef924dd0 100644 --- a/pkgs/os-specific/darwin/sketchybar/default.nix +++ b/pkgs/os-specific/darwin/sketchybar/default.nix @@ -22,13 +22,13 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "sketchybar"; - version = "2.19.3"; + version = "2.19.4"; src = fetchFromGitHub { owner = "FelixKratz"; repo = "SketchyBar"; rev = "v${finalAttrs.version}"; - hash = "sha256-QT926AnV9jLc1KvYks6ukIAcMbVHOupTJWQ6vBHpcxc="; + hash = "sha256-6MqTyCqFv5suQgQ5a9t1mDA2njjFFgk67Kp7xO5OXoA="; }; buildInputs = [ diff --git a/pkgs/os-specific/darwin/skhd/default.nix b/pkgs/os-specific/darwin/skhd/default.nix index fa6e1aa01e9..f979f7ec020 100644 --- a/pkgs/os-specific/darwin/skhd/default.nix +++ b/pkgs/os-specific/darwin/skhd/default.nix @@ -26,6 +26,8 @@ stdenv.mkDerivation (finalAttrs: { "BUILD_PATH=$(out)/bin" ]; + env.NIX_CFLAGS_COMPILE = "-Wno-error=implicit-function-declaration"; + postInstall = '' mkdir -p $out/Library/LaunchDaemons cp ${./org.nixos.skhd.plist} $out/Library/LaunchDaemons/org.nixos.skhd.plist diff --git a/pkgs/os-specific/linux/bionic-prebuilt/default.nix b/pkgs/os-specific/linux/bionic-prebuilt/default.nix index da5011e6737..3ce10735f1d 100644 --- a/pkgs/os-specific/linux/bionic-prebuilt/default.nix +++ b/pkgs/os-specific/linux/bionic-prebuilt/default.nix @@ -5,7 +5,7 @@ let choosePlatform = - let pname = stdenv.targetPlatform.parsed.cpu.name; in + let pname = stdenv.hostPlatform.parsed.cpu.name; in pset: pset.${pname} or (throw "bionic-prebuilt: unsupported platform ${pname}"); prebuilt_crt = choosePlatform { @@ -66,7 +66,7 @@ in stdenvNoCC.mkDerivation rec { pname = "bionic-prebuilt"; version = "ndk-release-r23"; - name = "${stdenv.targetPlatform.parsed.cpu.name}-${pname}-${version}"; + name = "${stdenv.hostPlatform.parsed.cpu.name}-${pname}-${version}"; src = fetchzip { url = "https://android.googlesource.com/platform/bionic/+archive/00e8ce1142d8823b0d2fc8a98b40119b0f1f02cd.tar.gz"; diff --git a/pkgs/os-specific/linux/checksec/0002-don-t-sanatize-the-environment.patch b/pkgs/os-specific/linux/checksec/0002-don-t-sanatize-the-environment.patch new file mode 100644 index 00000000000..bd639574f63 --- /dev/null +++ b/pkgs/os-specific/linux/checksec/0002-don-t-sanatize-the-environment.patch @@ -0,0 +1,25 @@ +From 3b047ab4271919856ae0a3dee3a03a24045c0016 Mon Sep 17 00:00:00 2001 +From: Paul Meyer <49727155+katexochen@users.noreply.github.com> +Date: Mon, 13 Nov 2023 20:24:54 +0000 +Subject: [PATCH] don't sanatize the environment + +--- + checksec | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/checksec b/checksec +index 4fc3c31..135223a 100755 +--- a/checksec ++++ b/checksec +@@ -2,9 +2,6 @@ + # Do not edit this file directly, this file is generated from the files + # in the src directory. Any updates to this file will be overwritten when generated + +-# sanitize the environment before run +-[[ "$(env | /bin/sed -r -e '/^(PWD|SHLVL|_)=/d')" ]] && exec -c "$0" "$@" +- + # --- Modified Version --- + # Name : checksec.sh + # Version : 1.7.0 +-- +2.42.0 diff --git a/pkgs/os-specific/linux/checksec/default.nix b/pkgs/os-specific/linux/checksec/default.nix index 1bdd4cf5f67..07574722cd2 100644 --- a/pkgs/os-specific/linux/checksec/default.nix +++ b/pkgs/os-specific/linux/checksec/default.nix @@ -1,14 +1,30 @@ { lib , stdenv +, fetchpatch , fetchFromGitHub , makeWrapper +, testers +, runCommand + + # dependencies +, binutils +, coreutils +, curl +, elfutils , file , findutils -, binutils-unwrapped +, gawk , glibc -, coreutils -, sysctl +, gnugrep +, gnused , openssl +, procps +, sysctl +, wget +, which + + # tests +, checksec }: stdenv.mkDerivation rec { @@ -24,6 +40,13 @@ stdenv.mkDerivation rec { patches = [ ./0001-attempt-to-modprobe-config-before-checking-kernel.patch + # Tool would sanitize the environment, removing the PATH set by our wrapper. + ./0002-don-t-sanatize-the-environment.patch + # Fix the exit code of debug_report command. Check if PR 226 was merged when upgrading version. + (fetchpatch { + url = "https://github.com/slimm609/checksec.sh/commit/851ebff6972f122fde5507f1883e268bbff1f23d.patch"; + hash = "sha256-DOcVF+oPGIR9VSbqE+EqWlcNANEvou1gV8qBvJLGLBE="; + }) ]; nativeBuildInputs = [ @@ -33,22 +56,45 @@ stdenv.mkDerivation rec { installPhase = let path = lib.makeBinPath [ - findutils + binutils + coreutils + curl + elfutils file - binutils-unwrapped - sysctl + findutils + gawk + gnugrep + gnused openssl + procps + sysctl + wget + which ]; in '' mkdir -p $out/bin install checksec $out/bin - substituteInPlace $out/bin/checksec --replace /lib/libc.so.6 ${glibc.out}/lib/libc.so.6 - substituteInPlace $out/bin/checksec --replace "/usr/bin/id -" "${coreutils}/bin/id -" + substituteInPlace $out/bin/checksec \ + --replace "/bin/sed" "${gnused}/bin/sed" \ + --replace "/usr/bin/id" "${coreutils}/bin/id" \ + --replace "/lib/libc.so.6" "${glibc}/lib/libc.so.6" wrapProgram $out/bin/checksec \ --prefix PATH : ${path} ''; + passthru.tests = { + version = testers.testVersion { + package = checksec; + version = "v${version}"; + }; + debug-report = runCommand "debug-report" { buildInputs = [ checksec ]; } '' + checksec --debug_report || exit 1 + echo "OK" + touch $out + ''; + }; + meta = with lib; { description = "Tool for checking security bits on executables"; homepage = "https://www.trapkit.de/tools/checksec/"; diff --git a/pkgs/os-specific/linux/criu/default.nix b/pkgs/os-specific/linux/criu/default.nix index 7940ce060e4..00d46591c13 100644 --- a/pkgs/os-specific/linux/criu/default.nix +++ b/pkgs/os-specific/linux/criu/default.nix @@ -88,9 +88,9 @@ stdenv.mkDerivation rec { "PREFIX=$(out)" "ASCIIDOC=${buildPackages.asciidoc}/bin/asciidoc" "XMLTO=${buildPackages.xmlto}/bin/xmlto" - ] ++ (lib.optionals (stdenv.buildPlatform != stdenv.targetPlatform) [ - "ARCH=${linuxArchMapping."${stdenv.targetPlatform.linuxArch}"}" - "CROSS_COMPILE=${stdenv.targetPlatform.config}-" + ] ++ (lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [ + "ARCH=${linuxArchMapping."${stdenv.hostPlatform.linuxArch}"}" + "CROSS_COMPILE=${stdenv.hostPlatform.config}-" ]); outputs = [ "out" "dev" "man" ]; diff --git a/pkgs/os-specific/linux/cryptodev/default.nix b/pkgs/os-specific/linux/cryptodev/default.nix index 296e4b79b3e..cacef99afd7 100644 --- a/pkgs/os-specific/linux/cryptodev/default.nix +++ b/pkgs/os-specific/linux/cryptodev/default.nix @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { meta = { description = "Device that allows access to Linux kernel cryptographic drivers"; homepage = "http://cryptodev-linux.org/"; - maintainers = with lib.maintainers; [ fortuneteller2k ]; + maintainers = with lib.maintainers; [ moni ]; license = lib.licenses.gpl2Plus; platforms = lib.platforms.linux; }; diff --git a/pkgs/os-specific/linux/irqbalance/default.nix b/pkgs/os-specific/linux/irqbalance/default.nix index 585c1661b8a..df197715013 100644 --- a/pkgs/os-specific/linux/irqbalance/default.nix +++ b/pkgs/os-specific/linux/irqbalance/default.nix @@ -32,6 +32,6 @@ stdenv.mkDerivation rec { description = "A daemon to help balance the cpu load generated by interrupts across all of a systems cpus"; license = licenses.gpl2Only; platforms = platforms.linux; - maintainers = with maintainers; [ fortuneteller2k ]; + maintainers = with maintainers; [ moni ]; }; } diff --git a/pkgs/os-specific/linux/kernel/xanmod-kernels.nix b/pkgs/os-specific/linux/kernel/xanmod-kernels.nix index 691b4899f2d..4f967734d5e 100644 --- a/pkgs/os-specific/linux/kernel/xanmod-kernels.nix +++ b/pkgs/os-specific/linux/kernel/xanmod-kernels.nix @@ -44,7 +44,7 @@ let extraMeta = { branch = lib.versions.majorMinor version; - maintainers = with lib.maintainers; [ fortuneteller2k lovesegfault atemu shawn8901 zzzsy ]; + maintainers = with lib.maintainers; [ moni lovesegfault atemu shawn8901 zzzsy ]; description = "Built with custom settings and new features built to provide a stable, responsive and smooth desktop experience"; broken = stdenv.isAarch64; }; diff --git a/pkgs/os-specific/linux/nmon/default.nix b/pkgs/os-specific/linux/nmon/default.nix index 768e8e43edc..30285f9c5b2 100644 --- a/pkgs/os-specific/linux/nmon/default.nix +++ b/pkgs/os-specific/linux/nmon/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { buildInputs = [ ncurses ]; dontUnpack = true; buildPhase = "${stdenv.cc.targetPrefix}cc -o nmon ${src} -g -O2 -D JFS -D GETUSER -Wall -D LARGEMEM -lncurses -lm -g -D ${ - with stdenv.targetPlatform; + with stdenv.hostPlatform; if isx86 then "X86" else if isAarch then "ARM" else if isPower then "POWER" diff --git a/pkgs/os-specific/linux/prl-tools/default.nix b/pkgs/os-specific/linux/prl-tools/default.nix index e1f88469e04..314a95bd554 100644 --- a/pkgs/os-specific/linux/prl-tools/default.nix +++ b/pkgs/os-specific/linux/prl-tools/default.nix @@ -36,13 +36,13 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "prl-tools"; - version = "19.1.0-54729"; + version = "19.1.1-54734"; # We download the full distribution to extract prl-tools-lin.iso from # => ${dmg}/Parallels\ Desktop.app/Contents/Resources/Tools/prl-tools-lin.iso src = fetchurl { url = "https://download.parallels.com/desktop/v${lib.versions.major finalAttrs.version}/${finalAttrs.version}/ParallelsDesktop-${finalAttrs.version}.dmg"; - hash = "sha256-Qo/6EuILu5i3hjhxecf3qfoMFEJHJZVY19tDIXDJiag="; + hash = "sha256-02YxBkV9pZGfXuK6GvUDTgE9U5H2MOMk24h9qGJdFTM="; }; hardeningDisable = [ "pic" "format" ]; diff --git a/pkgs/os-specific/linux/rtl8188eus-aircrack/default.nix b/pkgs/os-specific/linux/rtl8188eus-aircrack/default.nix index a4fc11c8647..50793167a34 100644 --- a/pkgs/os-specific/linux/rtl8188eus-aircrack/default.nix +++ b/pkgs/os-specific/linux/rtl8188eus-aircrack/default.nix @@ -32,7 +32,7 @@ stdenv.mkDerivation { description = "RealTek RTL8188eus WiFi driver with monitor mode & frame injection support"; homepage = "https://github.com/aircrack-ng/rtl8188eus"; license = licenses.gpl2Only; - maintainers = with maintainers; [ fortuneteller2k ]; + maintainers = with maintainers; [ moni ]; broken = (lib.versionAtLeast kernel.version "6.6") || ((lib.versions.majorMinor kernel.version) == "5.4" && kernel.isHardened); }; } diff --git a/pkgs/os-specific/linux/rtl8812au/default.nix b/pkgs/os-specific/linux/rtl8812au/default.nix index 9646886a6de..adc197a1166 100644 --- a/pkgs/os-specific/linux/rtl8812au/default.nix +++ b/pkgs/os-specific/linux/rtl8812au/default.nix @@ -44,6 +44,6 @@ stdenv.mkDerivation { homepage = "https://github.com/morrownr/8812au-20210629"; license = licenses.gpl2Only; platforms = platforms.linux; - maintainers = with maintainers; [ fortuneteller2k ]; + maintainers = with maintainers; [ moni ]; }; } diff --git a/pkgs/os-specific/linux/v4l2loopback/default.nix b/pkgs/os-specific/linux/v4l2loopback/default.nix index 2c1b4fbb4f4..e17fda67218 100644 --- a/pkgs/os-specific/linux/v4l2loopback/default.nix +++ b/pkgs/os-specific/linux/v4l2loopback/default.nix @@ -40,7 +40,7 @@ stdenv.mkDerivation rec { description = "A kernel module to create V4L2 loopback devices"; homepage = "https://github.com/umlaeute/v4l2loopback"; license = licenses.gpl2Only; - maintainers = with maintainers; [ fortuneteller2k ]; + maintainers = with maintainers; [ moni ]; platforms = platforms.linux; outputsToInstall = [ "out" ]; }; diff --git a/pkgs/os-specific/linux/xf86-input-wacom/default.nix b/pkgs/os-specific/linux/xf86-input-wacom/default.nix index 7b7687bc306..614831c057d 100644 --- a/pkgs/os-specific/linux/xf86-input-wacom/default.nix +++ b/pkgs/os-specific/linux/xf86-input-wacom/default.nix @@ -52,7 +52,7 @@ stdenv.mkDerivation rec { ]; meta = with lib; { - maintainers = with maintainers; [ goibhniu fortuneteller2k ]; + maintainers = with maintainers; [ goibhniu moni ]; description = "Wacom digitizer driver for X11"; homepage = "https://linuxwacom.sourceforge.net"; license = licenses.gpl2Only; |