diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml index 3b7f4f7ef5dc..c3cab5dae5b2 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml @@ -130,6 +130,11 @@ slick-greeter as lightdm greeter to match upstream. + + + OpenSSL now defaults to OpenSSL 3, updated from 1.1.1. + + hardware.nvidia has a new option diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index 4c4b226b97cf..dd80da89cb22 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -53,6 +53,8 @@ In addition to numerous new and upgraded packages, this release has the followin - Cinnamon has been updated to 5.4. While at it, the cinnamon module now defaults to blueman as bluetooth manager and slick-greeter as lightdm greeter to match upstream. +- OpenSSL now defaults to OpenSSL 3, updated from 1.1.1. + - `hardware.nvidia` has a new option `open` that can be used to opt in the opensource version of NVIDIA kernel driver. Note that the driver's support for GeForce and Workstation GPUs is still alpha quality, see [NVIDIA Releases Open-Source GPU Kernel Modules](https://developer.nvidia.com/blog/nvidia-releases-open-source-gpu-kernel-modules/) for the official announcement. diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 7e1ba8f5ed91..08b3063687e9 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -543,6 +543,7 @@ in { systemd-analyze = handleTest ./systemd-analyze.nix {}; systemd-binfmt = handleTestOn ["x86_64-linux"] ./systemd-binfmt.nix {}; systemd-boot = handleTest ./systemd-boot.nix {}; + systemd-bpf = handleTest ./systemd-bpf.nix {}; systemd-confinement = handleTest ./systemd-confinement.nix {}; systemd-coredump = handleTest ./systemd-coredump.nix {}; systemd-cryptenroll = handleTest ./systemd-cryptenroll.nix {}; diff --git a/nixos/tests/installed-tests/default.nix b/nixos/tests/installed-tests/default.nix index b81384aa8c0b..3bb678d36782 100644 --- a/nixos/tests/installed-tests/default.nix +++ b/nixos/tests/installed-tests/default.nix @@ -98,6 +98,7 @@ in gnome-photos = callInstalledTest ./gnome-photos.nix {}; graphene = callInstalledTest ./graphene.nix {}; gsconnect = callInstalledTest ./gsconnect.nix {}; + json-glib = callInstalledTest ./json-glib.nix {}; ibus = callInstalledTest ./ibus.nix {}; libgdata = callInstalledTest ./libgdata.nix {}; librsvg = callInstalledTest ./librsvg.nix {}; diff --git a/nixos/tests/installed-tests/json-glib.nix b/nixos/tests/installed-tests/json-glib.nix new file mode 100644 index 000000000000..3dfd3dd0b098 --- /dev/null +++ b/nixos/tests/installed-tests/json-glib.nix @@ -0,0 +1,5 @@ +{ pkgs, makeInstalledTest, ... }: + +makeInstalledTest { + tested = pkgs.json-glib; +} diff --git a/nixos/tests/systemd-bpf.nix b/nixos/tests/systemd-bpf.nix new file mode 100644 index 000000000000..e11347a2a817 --- /dev/null +++ b/nixos/tests/systemd-bpf.nix @@ -0,0 +1,42 @@ +import ./make-test-python.nix ({ lib, ... }: { + name = "systemd-bpf"; + meta = with lib.maintainers; { + maintainers = [ veehaitch ]; + }; + nodes = { + node1 = { + virtualisation.vlans = [ 1 ]; + networking = { + useNetworkd = true; + useDHCP = false; + firewall.enable = false; + interfaces.eth1.ipv4.addresses = [ + { address = "192.168.1.1"; prefixLength = 24; } + ]; + }; + }; + + node2 = { + virtualisation.vlans = [ 1 ]; + networking = { + useNetworkd = true; + useDHCP = false; + firewall.enable = false; + interfaces.eth1.ipv4.addresses = [ + { address = "192.168.1.2"; prefixLength = 24; } + ]; + }; + }; + }; + + testScript = '' + start_all() + node1.wait_for_unit("systemd-networkd-wait-online.service") + node2.wait_for_unit("systemd-networkd-wait-online.service") + + with subtest("test RestrictNetworkInterfaces= works"): + node1.succeed("ping -c 5 192.168.1.2") + node1.succeed("systemd-run -t -p RestrictNetworkInterfaces='eth1' ping -c 5 192.168.1.2") + node1.fail("systemd-run -t -p RestrictNetworkInterfaces='lo' ping -c 5 192.168.1.2") + ''; +}) diff --git a/pkgs/applications/editors/vim/common.nix b/pkgs/applications/editors/vim/common.nix index 95799f09cf44..016d8ad02d60 100644 --- a/pkgs/applications/editors/vim/common.nix +++ b/pkgs/applications/editors/vim/common.nix @@ -1,12 +1,12 @@ { lib, fetchFromGitHub }: rec { - version = "9.0.0180"; + version = "9.0.0244"; src = fetchFromGitHub { owner = "vim"; repo = "vim"; rev = "v${version}"; - hash = "sha256-38l97auTi6cue457bfRHme5fvsAmvk1MT2va1E/qguw="; + hash = "sha256-l6fLM6+tc1Wy1mjNPa/s73GKhhGBLz3OXUJgJN1wuxY="; }; enableParallelBuilding = true; diff --git a/pkgs/applications/networking/sync/rsync/default.nix b/pkgs/applications/networking/sync/rsync/default.nix index 5e0ddc69a46c..bdddfe4f8677 100644 --- a/pkgs/applications/networking/sync/rsync/default.nix +++ b/pkgs/applications/networking/sync/rsync/default.nix @@ -1,7 +1,6 @@ { lib , stdenv , fetchurl -, fetchpatch , perl , libiconv , zlib @@ -16,27 +15,18 @@ , xxHash , enableZstd ? true , zstd -, enableCopyDevicesPatch ? false , nixosTests }: stdenv.mkDerivation rec { pname = "rsync"; - version = "3.2.4"; + version = "3.2.5"; - srcs = [ - (fetchurl { - # signed with key 0048 C8B0 26D4 C96F 0E58 9C2F 6C85 9FB1 4B96 A8C5 - url = "mirror://samba/rsync/src/rsync-${version}.tar.gz"; - sha256 = "sha256-b3YYONCAUrC2V5z39nN9k+R/AfTaBMXSTTRHt/Kl+tE="; - }) - ] ++ lib.optional enableCopyDevicesPatch (fetchurl { + src = fetchurl { # signed with key 0048 C8B0 26D4 C96F 0E58 9C2F 6C85 9FB1 4B96 A8C5 - url = "mirror://samba/rsync/rsync-patches-${version}.tar.gz"; - sha256 = "1wj21v57v135n6fnm2m2dxmb9lhrrg62jgkggldp1gb7d6s4arny"; - }); - - patches = lib.optional enableCopyDevicesPatch "./patches/copy-devices.diff"; + url = "mirror://samba/rsync/src/rsync-${version}.tar.gz"; + sha256 = "sha256-KsTSFjXN95GGe8N3w1ym3af1DZGaWL5FBX/VFgDGmro="; + }; nativeBuildInputs = [ perl ]; @@ -64,6 +54,6 @@ stdenv.mkDerivation rec { homepage = "https://rsync.samba.org/"; license = licenses.gpl3Plus; platforms = platforms.unix; - maintainers = with lib.maintainers; [ ehmry kampfschlaefer ]; + maintainers = with lib.maintainers; [ ehmry kampfschlaefer ivan ]; }; } diff --git a/pkgs/applications/networking/sync/rsync/rrsync.nix b/pkgs/applications/networking/sync/rsync/rrsync.nix index c18f454d87ce..09f9ab22f335 100644 --- a/pkgs/applications/networking/sync/rsync/rrsync.nix +++ b/pkgs/applications/networking/sync/rsync/rrsync.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation { pname = "rrsync"; - inherit (rsync) version srcs; + inherit (rsync) version src; buildInputs = [ rsync diff --git a/pkgs/applications/radio/tqsl/default.nix b/pkgs/applications/radio/tqsl/default.nix index b5198f78b0aa..069656560c9f 100644 --- a/pkgs/applications/radio/tqsl/default.nix +++ b/pkgs/applications/radio/tqsl/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { openssl zlib db - curl + (curl.override { inherit openssl; }) wxGTK ]; diff --git a/pkgs/applications/version-management/git-and-tools/git-crypt/default.nix b/pkgs/applications/version-management/git-and-tools/git-crypt/default.nix index 1cf29fbd6c2d..49dcb14fc013 100644 --- a/pkgs/applications/version-management/git-and-tools/git-crypt/default.nix +++ b/pkgs/applications/version-management/git-and-tools/git-crypt/default.nix @@ -37,6 +37,11 @@ stdenv.mkDerivation rec { "DOCBOOK_XSL=${docbook_xsl}/share/xml/docbook-xsl-nons/manpages/docbook.xsl" ]; + # https://github.com/AGWA/git-crypt/issues/232 + CXXFLAGS = [ + "-DOPENSSL_API_COMPAT=0x30000000L" + ]; + postFixup = '' wrapProgram $out/bin/git-crypt \ --suffix PATH : ${lib.makeBinPath [ git gnupg ]} diff --git a/pkgs/build-support/go/module.nix b/pkgs/build-support/go/module.nix index 8b5185979e45..84d9023209d3 100644 --- a/pkgs/build-support/go/module.nix +++ b/pkgs/build-support/go/module.nix @@ -212,6 +212,7 @@ let flags+=("-v" "-p" "$NIX_BUILD_CORES") if [ "$cmd" = "test" ]; then + flags+=(-vet=off) flags+=($checkFlags) fi diff --git a/pkgs/build-support/go/package.nix b/pkgs/build-support/go/package.nix index 56c8ceeca15f..957a65572b85 100644 --- a/pkgs/build-support/go/package.nix +++ b/pkgs/build-support/go/package.nix @@ -171,6 +171,7 @@ let flags+=("-v" "-p" "$NIX_BUILD_CORES") if [ "$cmd" = "test" ]; then + flags+=(-vet=off) flags+=($checkFlags) fi diff --git a/pkgs/data/misc/tzdata/default.nix b/pkgs/data/misc/tzdata/default.nix index 7cb13e0535ee..1a6cba44ef87 100644 --- a/pkgs/data/misc/tzdata/default.nix +++ b/pkgs/data/misc/tzdata/default.nix @@ -2,16 +2,16 @@ stdenv.mkDerivation rec { pname = "tzdata"; - version = "2022b"; + version = "2022c"; srcs = [ (fetchurl { url = "https://data.iana.org/time-zones/releases/tzdata${version}.tar.gz"; - hash = "sha256-9ZDq8Eo5UkVCbCvk+uccFDrqXOvBEIi3oKVwRGHfOX0="; + hash = "sha256-aXT040i/IyMnS1bf+edQAkfjFZ6qS0hd+gzWbnXBS/4="; }) (fetchurl { url = "https://data.iana.org/time-zones/releases/tzcode${version}.tar.gz"; - hash = "sha256-urINlD5ZoyGENfSNhopOVS8Y1tfz3RKGYMVmDIC4oF8="; + hash = "sha256-Pnzh82IMwEgZB8fgdNaZEHkyhb/+DKMx7xptGuPqkMw="; }) ]; diff --git a/pkgs/development/compilers/dotnet/build-dotnet.nix b/pkgs/development/compilers/dotnet/build-dotnet.nix index f8cf3d302ec4..6cc7dace6f15 100644 --- a/pkgs/development/compilers/dotnet/build-dotnet.nix +++ b/pkgs/development/compilers/dotnet/build-dotnet.nix @@ -15,7 +15,7 @@ assert if type == "sdk" then packages != null else true; , autoPatchelfHook , makeWrapper , libunwind -, openssl +, openssl_1_1 , libuuid , zlib , curl @@ -48,7 +48,7 @@ stdenv.mkDerivation rec { icu libunwind libuuid - openssl + openssl_1_1 ] ++ lib.optional stdenv.isLinux lttng-ust_2_12); nativeBuildInputs = [ diff --git a/pkgs/development/compilers/gcc/10/default.nix b/pkgs/development/compilers/gcc/10/default.nix index 8082bef14ea7..78728c3c592b 100644 --- a/pkgs/development/compilers/gcc/10/default.nix +++ b/pkgs/development/compilers/gcc/10/default.nix @@ -14,7 +14,6 @@ , texinfo ? null , perl ? null # optional, for texi2pod (then pod2man) , gmp, mpfr, libmpc, gettext, which, patchelf -, libelf # optional, for link-time optimizations (LTO) , isl ? null # optional, for the Graphite optimization framework. , zlib ? null , gnatboot ? null @@ -29,11 +28,8 @@ , buildPackages }: -# LTO needs libelf and zlib. -assert libelf != null -> zlib != null; - # Make sure we get GNU sed. -assert stdenv.hostPlatform.isDarwin -> gnused != null; +assert stdenv.buildPlatform.isDarwin -> gnused != null; # The go frontend is written in c++ assert langGo -> langCC; @@ -159,6 +155,9 @@ stdenv.mkDerivation ({ nativeBuildInputs = [ texinfo which gettext ] ++ (optional (perl != null) perl) ++ (optional langAda gnatboot) + # The builder relies on GNU sed (for instance, Darwin's `sed' fails with + # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. + ++ (optional buildPlatform.isDarwin gnused) ; # For building runtime libs @@ -173,13 +172,10 @@ stdenv.mkDerivation ({ ++ optional targetPlatform.isLinux patchelf; buildInputs = [ - gmp mpfr libmpc libelf + gmp mpfr libmpc targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) - # The builder relies on GNU sed (for instance, Darwin's `sed' fails with - # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. - ++ (optional hostPlatform.isDarwin gnused) ; depsTargetTarget = optional (!crossStageStatic && threadsCross != null) threadsCross; @@ -203,7 +199,7 @@ stdenv.mkDerivation ({ crossStageStatic libcCross version - gmp mpfr libmpc libelf isl + gmp mpfr libmpc isl enableLTO enableMultilib diff --git a/pkgs/development/compilers/gcc/11/default.nix b/pkgs/development/compilers/gcc/11/default.nix index 35b3b8404249..3a61c5820b11 100644 --- a/pkgs/development/compilers/gcc/11/default.nix +++ b/pkgs/development/compilers/gcc/11/default.nix @@ -14,7 +14,6 @@ , texinfo ? null , perl ? null # optional, for texi2pod (then pod2man) , gmp, mpfr, libmpc, gettext, which, patchelf -, libelf # optional, for link-time optimizations (LTO) , isl ? null # optional, for the Graphite optimization framework. , zlib ? null , gnatboot ? null @@ -29,11 +28,8 @@ , buildPackages }: -# LTO needs libelf and zlib. -assert libelf != null -> zlib != null; - # Make sure we get GNU sed. -assert stdenv.hostPlatform.isDarwin -> gnused != null; +assert stdenv.buildPlatform.isDarwin -> gnused != null; # The go frontend is written in c++ assert langGo -> langCC; @@ -167,6 +163,9 @@ stdenv.mkDerivation ({ nativeBuildInputs = [ texinfo which gettext ] ++ (optional (perl != null) perl) ++ (optional langAda gnatboot) + # The builder relies on GNU sed (for instance, Darwin's `sed' fails with + # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. + ++ (optional buildPlatform.isDarwin gnused) ; # For building runtime libs @@ -181,13 +180,10 @@ stdenv.mkDerivation ({ ++ optional targetPlatform.isLinux patchelf; buildInputs = [ - gmp mpfr libmpc libelf + gmp mpfr libmpc targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) - # The builder relies on GNU sed (for instance, Darwin's `sed' fails with - # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. - ++ (optional hostPlatform.isDarwin gnused) ; depsTargetTarget = optional (!crossStageStatic && threadsCross != null) threadsCross; @@ -211,7 +207,7 @@ stdenv.mkDerivation ({ crossStageStatic libcCross version - gmp mpfr libmpc libelf isl + gmp mpfr libmpc isl enableLTO enableMultilib diff --git a/pkgs/development/compilers/gcc/12/default.nix b/pkgs/development/compilers/gcc/12/default.nix index 0e83b9db59d1..4ef422c850ed 100644 --- a/pkgs/development/compilers/gcc/12/default.nix +++ b/pkgs/development/compilers/gcc/12/default.nix @@ -14,7 +14,6 @@ , texinfo ? null , perl ? null # optional, for texi2pod (then pod2man) , gmp, mpfr, libmpc, gettext, which, patchelf -, libelf # optional, for link-time optimizations (LTO) , isl ? null # optional, for the Graphite optimization framework. , zlib ? null , gnatboot ? null @@ -29,11 +28,8 @@ , buildPackages }: -# LTO needs libelf and zlib. -assert libelf != null -> zlib != null; - # Make sure we get GNU sed. -assert stdenv.hostPlatform.isDarwin -> gnused != null; +assert stdenv.buildPlatform.isDarwin -> gnused != null; # The go frontend is written in c++ assert langGo -> langCC; @@ -162,6 +158,9 @@ stdenv.mkDerivation ({ nativeBuildInputs = [ texinfo which gettext ] ++ (optional (perl != null) perl) ++ (optional langAda gnatboot) + # The builder relies on GNU sed (for instance, Darwin's `sed' fails with + # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. + ++ (optional buildPlatform.isDarwin gnused) ; # For building runtime libs @@ -176,13 +175,10 @@ stdenv.mkDerivation ({ ++ optional targetPlatform.isLinux patchelf; buildInputs = [ - gmp mpfr libmpc libelf + gmp mpfr libmpc targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) - # The builder relies on GNU sed (for instance, Darwin's `sed' fails with - # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. - ++ (optional hostPlatform.isDarwin gnused) ; depsTargetTarget = optional (!crossStageStatic && threadsCross != null) threadsCross; @@ -206,7 +202,7 @@ stdenv.mkDerivation ({ crossStageStatic libcCross version - gmp mpfr libmpc libelf isl + gmp mpfr libmpc isl enableLTO enableMultilib diff --git a/pkgs/development/compilers/gcc/4.8/default.nix b/pkgs/development/compilers/gcc/4.8/default.nix index 83821b9b494d..0bd2e5e1b91e 100644 --- a/pkgs/development/compilers/gcc/4.8/default.nix +++ b/pkgs/development/compilers/gcc/4.8/default.nix @@ -13,7 +13,6 @@ , texinfo ? null , perl ? null # optional, for texi2pod (then pod2man); required for Java , gmp, mpfr, libmpc, gettext, which, patchelf -, libelf # optional, for link-time optimizations (LTO) , cloog ? null, isl ? null # optional, for the Graphite optimization framework. , zlib ? null, boehmgc ? null , zip ? null, unzip ? null, pkg-config ? null @@ -39,11 +38,8 @@ assert langJava -> zip != null && unzip != null # We enable the isl cloog backend. assert cloog != null -> isl != null; -# LTO needs libelf and zlib. -assert libelf != null -> zlib != null; - # Make sure we get GNU sed. -assert stdenv.hostPlatform.isDarwin -> gnused != null; +assert stdenv.buildPlatform.isDarwin -> gnused != null; # The go frontend is written in c++ assert langGo -> langCC; @@ -165,7 +161,11 @@ stdenv.mkDerivation ({ depsBuildBuild = [ buildPackages.stdenv.cc ]; nativeBuildInputs = [ texinfo which gettext ] ++ (optional (perl != null) perl) - ++ (optional javaAwtGtk pkg-config); + ++ (optional javaAwtGtk pkg-config) + # The builder relies on GNU sed (for instance, Darwin's `sed' fails with + # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. + ++ (optional buildPlatform.isDarwin gnused) + ; # For building runtime libs depsBuildTarget = @@ -179,16 +179,13 @@ stdenv.mkDerivation ({ ++ optional targetPlatform.isLinux patchelf; buildInputs = [ - gmp mpfr libmpc libelf + gmp mpfr libmpc targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (cloog != null) cloog) ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) ++ (optionals langJava [ boehmgc zip unzip ]) ++ (optionals javaAwtGtk ([ gtk2 libart_lgpl ] ++ xlibs)) - # The builder relies on GNU sed (for instance, Darwin's `sed' fails with - # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. - ++ (optional hostPlatform.isDarwin gnused) ; depsTargetTarget = optional (!crossStageStatic && threadsCross != null) threadsCross; @@ -210,7 +207,7 @@ stdenv.mkDerivation ({ crossStageStatic libcCross version - gmp mpfr libmpc libelf isl + gmp mpfr libmpc isl cloog enableLTO diff --git a/pkgs/development/compilers/gcc/4.9/default.nix b/pkgs/development/compilers/gcc/4.9/default.nix index 15828c715265..9a977392aeb3 100644 --- a/pkgs/development/compilers/gcc/4.9/default.nix +++ b/pkgs/development/compilers/gcc/4.9/default.nix @@ -13,7 +13,6 @@ , texinfo ? null , perl ? null # optional, for texi2pod (then pod2man); required for Java , gmp, mpfr, libmpc, gettext, which, patchelf -, libelf # optional, for link-time optimizations (LTO) , cloog ? null, isl ? null # optional, for the Graphite optimization framework. , zlib ? null, boehmgc ? null , zip ? null, unzip ? null, pkg-config ? null @@ -39,11 +38,8 @@ assert langJava -> zip != null && unzip != null # We enable the isl cloog backend. assert cloog != null -> isl != null; -# LTO needs libelf and zlib. -assert libelf != null -> zlib != null; - # Make sure we get GNU sed. -assert stdenv.hostPlatform.isDarwin -> gnused != null; +assert stdenv.buildPlatform.isDarwin -> gnused != null; # The go frontend is written in c++ assert langGo -> langCC; @@ -185,7 +181,11 @@ stdenv.mkDerivation ({ depsBuildBuild = [ buildPackages.stdenv.cc ]; nativeBuildInputs = [ texinfo which gettext ] ++ (optional (perl != null) perl) - ++ (optional javaAwtGtk pkg-config); + ++ (optional javaAwtGtk pkg-config) + # The builder relies on GNU sed (for instance, Darwin's `sed' fails with + # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. + ++ (optional buildPlatform.isDarwin gnused) + ; # For building runtime libs depsBuildTarget = @@ -199,16 +199,13 @@ stdenv.mkDerivation ({ ++ optional targetPlatform.isLinux patchelf; buildInputs = [ - gmp mpfr libmpc libelf + gmp mpfr libmpc targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (cloog != null) cloog) ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) ++ (optionals langJava [ boehmgc zip unzip ]) ++ (optionals javaAwtGtk ([ gtk2 libart_lgpl ] ++ xlibs)) - # The builder relies on GNU sed (for instance, Darwin's `sed' fails with - # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. - ++ (optional hostPlatform.isDarwin gnused) ; depsTargetTarget = optional (!crossStageStatic && threadsCross != null) threadsCross; @@ -230,7 +227,7 @@ stdenv.mkDerivation ({ crossStageStatic libcCross version - gmp mpfr libmpc libelf isl + gmp mpfr libmpc isl cloog enableLTO diff --git a/pkgs/development/compilers/gcc/6/default.nix b/pkgs/development/compilers/gcc/6/default.nix index a2acda24e19d..8c28e9b4b466 100644 --- a/pkgs/development/compilers/gcc/6/default.nix +++ b/pkgs/development/compilers/gcc/6/default.nix @@ -15,7 +15,6 @@ , flex , perl ? null # optional, for texi2pod (then pod2man); required for Java , gmp, mpfr, libmpc, gettext, which, patchelf -, libelf # optional, for link-time optimizations (LTO) , isl ? null # optional, for the Graphite optimization framework. , zlib ? null, boehmgc ? null , gnatboot ? null @@ -40,11 +39,8 @@ assert langJava -> zip != null && unzip != null && zlib != null && boehmgc != null && perl != null; # for `--enable-java-home' -# LTO needs libelf and zlib. -assert libelf != null -> zlib != null; - # Make sure we get GNU sed. -assert stdenv.hostPlatform.isDarwin -> gnused != null; +assert stdenv.buildPlatform.isDarwin -> gnused != null; # The go frontend is written in c++ assert langGo -> langCC; @@ -196,6 +192,9 @@ stdenv.mkDerivation ({ ++ (optional javaAwtGtk pkg-config) ++ (optional (with stdenv.targetPlatform; isVc4 || isRedox) flex) ++ (optional langAda gnatboot) + # The builder relies on GNU sed (for instance, Darwin's `sed' fails with + # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. + ++ (optional buildPlatform.isDarwin gnused) ; # For building runtime libs @@ -210,15 +209,12 @@ stdenv.mkDerivation ({ ++ optional targetPlatform.isLinux patchelf; buildInputs = [ - gmp mpfr libmpc libelf + gmp mpfr libmpc targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) ++ (optionals langJava [ boehmgc zip unzip ]) ++ (optionals javaAwtGtk ([ gtk2 libart_lgpl ] ++ xlibs)) - # The builder relies on GNU sed (for instance, Darwin's `sed' fails with - # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. - ++ (optional hostPlatform.isDarwin gnused) ; depsTargetTarget = optional (!crossStageStatic && threadsCross != null) threadsCross; @@ -242,7 +238,7 @@ stdenv.mkDerivation ({ crossStageStatic libcCross version - gmp mpfr libmpc libelf isl + gmp mpfr libmpc isl enableLTO enableMultilib diff --git a/pkgs/development/compilers/gcc/7/default.nix b/pkgs/development/compilers/gcc/7/default.nix index 0332576466a8..4097d6999d7a 100644 --- a/pkgs/development/compilers/gcc/7/default.nix +++ b/pkgs/development/compilers/gcc/7/default.nix @@ -12,7 +12,6 @@ , texinfo ? null , perl ? null # optional, for texi2pod (then pod2man) , gmp, mpfr, libmpc, gettext, which, patchelf -, libelf # optional, for link-time optimizations (LTO) , isl ? null # optional, for the Graphite optimization framework. , zlib ? null , enableMultilib ? false @@ -26,11 +25,8 @@ , buildPackages }: -# LTO needs libelf and zlib. -assert libelf != null -> zlib != null; - # Make sure we get GNU sed. -assert stdenv.hostPlatform.isDarwin -> gnused != null; +assert stdenv.buildPlatform.isDarwin -> gnused != null; # The go frontend is written in c++ assert langGo -> langCC; @@ -164,7 +160,11 @@ stdenv.mkDerivation ({ depsBuildBuild = [ buildPackages.stdenv.cc ]; nativeBuildInputs = [ texinfo which gettext ] - ++ (optional (perl != null) perl); + ++ (optional (perl != null) perl) + # The builder relies on GNU sed (for instance, Darwin's `sed' fails with + # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. + ++ (optional buildPlatform.isDarwin gnused) + ; # For building runtime libs depsBuildTarget = @@ -178,13 +178,10 @@ stdenv.mkDerivation ({ ++ optional targetPlatform.isLinux patchelf; buildInputs = [ - gmp mpfr libmpc libelf + gmp mpfr libmpc targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) - # The builder relies on GNU sed (for instance, Darwin's `sed' fails with - # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. - ++ (optional hostPlatform.isDarwin gnused) ; depsTargetTarget = optional (!crossStageStatic && threadsCross != null) threadsCross; @@ -209,7 +206,7 @@ stdenv.mkDerivation ({ crossStageStatic libcCross version - gmp mpfr libmpc libelf isl + gmp mpfr libmpc isl enableLTO enableMultilib diff --git a/pkgs/development/compilers/gcc/8/default.nix b/pkgs/development/compilers/gcc/8/default.nix index 7565c0b3f139..26591000fd8e 100644 --- a/pkgs/development/compilers/gcc/8/default.nix +++ b/pkgs/development/compilers/gcc/8/default.nix @@ -12,7 +12,6 @@ , texinfo ? null , perl ? null # optional, for texi2pod (then pod2man) , gmp, mpfr, libmpc, gettext, which, patchelf -, libelf # optional, for link-time optimizations (LTO) , isl ? null # optional, for the Graphite optimization framework. , zlib ? null , enableMultilib ? false @@ -26,11 +25,8 @@ , buildPackages }: -# LTO needs libelf and zlib. -assert libelf != null -> zlib != null; - # Make sure we get GNU sed. -assert stdenv.hostPlatform.isDarwin -> gnused != null; +assert stdenv.buildPlatform.isDarwin -> gnused != null; # The go frontend is written in c++ assert langGo -> langCC; @@ -148,7 +144,11 @@ stdenv.mkDerivation ({ depsBuildBuild = [ buildPackages.stdenv.cc ]; nativeBuildInputs = [ texinfo which gettext ] - ++ (optional (perl != null) perl); + ++ (optional (perl != null) perl) + # The builder relies on GNU sed (for instance, Darwin's `sed' fails with + # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. + ++ (optional buildPlatform.isDarwin gnused) + ; # For building runtime libs depsBuildTarget = @@ -162,13 +162,10 @@ stdenv.mkDerivation ({ ++ optional targetPlatform.isLinux patchelf; buildInputs = [ - gmp mpfr libmpc libelf + gmp mpfr libmpc targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) - # The builder relies on GNU sed (for instance, Darwin's `sed' fails with - # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. - ++ (optional hostPlatform.isDarwin gnused) ; depsTargetTarget = optional (!crossStageStatic && threadsCross != null) threadsCross; @@ -192,7 +189,7 @@ stdenv.mkDerivation ({ crossStageStatic libcCross version - gmp mpfr libmpc libelf isl + gmp mpfr libmpc isl enableLTO enableMultilib diff --git a/pkgs/development/compilers/gcc/9/default.nix b/pkgs/development/compilers/gcc/9/default.nix index 0436ddf7e337..b970785d38ef 100644 --- a/pkgs/development/compilers/gcc/9/default.nix +++ b/pkgs/development/compilers/gcc/9/default.nix @@ -14,7 +14,6 @@ , texinfo ? null , perl ? null # optional, for texi2pod (then pod2man) , gmp, mpfr, libmpc, gettext, which, patchelf -, libelf # optional, for link-time optimizations (LTO) , isl ? null # optional, for the Graphite optimization framework. , zlib ? null , gnatboot ? null @@ -34,11 +33,8 @@ # cgit) that are needed here should be included directly in Nixpkgs as # files. -# LTO needs libelf and zlib. -assert libelf != null -> zlib != null; - # Make sure we get GNU sed. -assert stdenv.hostPlatform.isDarwin -> gnused != null; +assert stdenv.buildPlatform.isDarwin -> gnused != null; # The go frontend is written in c++ assert langGo -> langCC; @@ -161,6 +157,9 @@ stdenv.mkDerivation ({ nativeBuildInputs = [ texinfo which gettext ] ++ (optional (perl != null) perl) ++ (optional langAda gnatboot) + # The builder relies on GNU sed (for instance, Darwin's `sed' fails with + # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. + ++ (optional buildPlatform.isDarwin gnused) ; # For building runtime libs @@ -175,13 +174,10 @@ stdenv.mkDerivation ({ ++ optional targetPlatform.isLinux patchelf; buildInputs = [ - gmp mpfr libmpc libelf + gmp mpfr libmpc targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) - # The builder relies on GNU sed (for instance, Darwin's `sed' fails with - # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. - ++ (optional hostPlatform.isDarwin gnused) ; depsTargetTarget = optional (!crossStageStatic && threadsCross != null) threadsCross; @@ -205,7 +201,7 @@ stdenv.mkDerivation ({ crossStageStatic libcCross version - gmp mpfr libmpc libelf isl + gmp mpfr libmpc isl enableLTO enableMultilib diff --git a/pkgs/development/compilers/gcc/common/configure-flags.nix b/pkgs/development/compilers/gcc/common/configure-flags.nix index 8ac7152d7e28..09533163cbfe 100644 --- a/pkgs/development/compilers/gcc/common/configure-flags.nix +++ b/pkgs/development/compilers/gcc/common/configure-flags.nix @@ -4,7 +4,7 @@ , crossStageStatic, libcCross , version -, gmp, mpfr, libmpc, libelf, isl +, gmp, mpfr, libmpc, isl , cloog ? null , enableLTO @@ -110,7 +110,6 @@ let "--with-mpfr-lib=${mpfr.out}/lib" "--with-mpc=${libmpc}" ] - ++ lib.optional (libelf != null) "--with-libelf=${libelf}" ++ lib.optionals (!crossStageStatic) [ (if libcCross == null then "--with-native-system-header-dir=${lib.getDev stdenv.cc.libc}/include" diff --git a/pkgs/development/compilers/glslang/default.nix b/pkgs/development/compilers/glslang/default.nix index c3716c1556aa..0da4b60a3ed6 100644 --- a/pkgs/development/compilers/glslang/default.nix +++ b/pkgs/development/compilers/glslang/default.nix @@ -9,13 +9,13 @@ }: stdenv.mkDerivation rec { pname = "glslang"; - version = "1.3.216.0"; + version = "1.3.224.0"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "glslang"; rev = "sdk-${version}"; - hash = "sha256-sjidkiPtRADhyOEKDb2cHCBXnFjLwk2F5Lppv5/fwNQ="; + hash = "sha256-+NKp/4e3iruAcTunpxksvCHxoVYmPd0kFI8JDJJUVg4="; }; # These get set at all-packages, keep onto them for child drvs diff --git a/pkgs/development/compilers/llvm/10/libcxxabi/default.nix b/pkgs/development/compilers/llvm/10/libcxxabi/default.nix index b427949a8426..482ced8e0c3f 100644 --- a/pkgs/development/compilers/llvm/10/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/10/libcxxabi/default.nix @@ -40,28 +40,20 @@ stdenv.mkDerivation { "-DLIBCXXABI_ENABLE_SHARED=OFF" ]; - installPhase = if stdenv.isDarwin - then '' - for file in lib/*.dylib; do - # this should be done in CMake, but having trouble figuring out - # the magic combination of necessary CMake variables - # if you fancy a try, take a look at - # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling - install_name_tool -id $out/$file $file - done - make install - install -d 755 $out/include - install -m 644 ../include/*.h $out/include - '' - else '' - install -d -m 755 $out/include $out/lib - install -m 644 lib/libc++abi.a $out/lib - install -m 644 ../include/cxxabi.h $out/include - '' + lib.optionalString enableShared '' - install -m 644 lib/libc++abi.so.1.0 $out/lib - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so.1 - ''; + preInstall = lib.optionalString stdenv.isDarwin '' + for file in lib/*.dylib; do + # this should be done in CMake, but having trouble figuring out + # the magic combination of necessary CMake variables + # if you fancy a try, take a look at + # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling + install_name_tool -id $out/$file $file + done + ''; + + postInstall = '' + mkdir -p "$dev/include" + install -m 644 ../include/${if stdenv.isDarwin then "*" else "cxxabi.h"} "$dev/include" + ''; meta = llvm_meta // { homepage = "https://libcxxabi.llvm.org/"; diff --git a/pkgs/development/compilers/llvm/11/libcxxabi/default.nix b/pkgs/development/compilers/llvm/11/libcxxabi/default.nix index 61cfe8eede92..6c4ca925ab11 100644 --- a/pkgs/development/compilers/llvm/11/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/11/libcxxabi/default.nix @@ -44,28 +44,20 @@ stdenv.mkDerivation { "-DLIBCXXABI_ENABLE_SHARED=OFF" ]; - installPhase = if stdenv.isDarwin - then '' - for file in lib/*.dylib; do - # this should be done in CMake, but having trouble figuring out - # the magic combination of necessary CMake variables - # if you fancy a try, take a look at - # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling - ${stdenv.cc.targetPrefix}install_name_tool -id $out/$file $file - done - make install - install -d 755 $out/include - install -m 644 ../include/*.h $out/include - '' - else '' - install -d -m 755 $out/include $out/lib - install -m 644 lib/libc++abi.a $out/lib - install -m 644 ../include/cxxabi.h $out/include - '' + lib.optionalString enableShared '' - install -m 644 lib/libc++abi.so.1.0 $out/lib - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so.1 - ''; + preInstall = lib.optionalString stdenv.isDarwin '' + for file in lib/*.dylib; do + # this should be done in CMake, but having trouble figuring out + # the magic combination of necessary CMake variables + # if you fancy a try, take a look at + # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling + install_name_tool -id $out/$file $file + done + ''; + + postInstall = '' + mkdir -p "$dev/include" + install -m 644 ../include/${if stdenv.isDarwin then "*" else "cxxabi.h"} "$dev/include" + ''; meta = llvm_meta // { homepage = "https://libcxxabi.llvm.org/"; diff --git a/pkgs/development/compilers/llvm/12/libcxxabi/default.nix b/pkgs/development/compilers/llvm/12/libcxxabi/default.nix index 803fe6a62fac..89b56ad230d8 100644 --- a/pkgs/development/compilers/llvm/12/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/12/libcxxabi/default.nix @@ -42,28 +42,20 @@ stdenv.mkDerivation { "-DLIBCXXABI_ENABLE_SHARED=OFF" ]; - installPhase = if stdenv.isDarwin - then '' - for file in lib/*.dylib; do - # this should be done in CMake, but having trouble figuring out - # the magic combination of necessary CMake variables - # if you fancy a try, take a look at - # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling - ${stdenv.cc.targetPrefix}install_name_tool -id $out/$file $file - done - make install - install -d 755 $out/include - install -m 644 ../include/*.h $out/include - '' - else '' - install -d -m 755 $out/include $out/lib - install -m 644 lib/libc++abi.a $out/lib - install -m 644 ../include/cxxabi.h $out/include - '' + lib.optionalString enableShared '' - install -m 644 lib/libc++abi.so.1.0 $out/lib - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so.1 - ''; + preInstall = lib.optionalString stdenv.isDarwin '' + for file in lib/*.dylib; do + # this should be done in CMake, but having trouble figuring out + # the magic combination of necessary CMake variables + # if you fancy a try, take a look at + # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling + install_name_tool -id $out/$file $file + done + ''; + + postInstall = '' + mkdir -p "$dev/include" + install -m 644 ../include/${if stdenv.isDarwin then "*" else "cxxabi.h"} "$dev/include" + ''; meta = llvm_meta // { homepage = "https://libcxxabi.llvm.org/"; diff --git a/pkgs/development/compilers/llvm/13/libcxxabi/default.nix b/pkgs/development/compilers/llvm/13/libcxxabi/default.nix index 0bdbee07b738..16ea0b113c75 100644 --- a/pkgs/development/compilers/llvm/13/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/13/libcxxabi/default.nix @@ -39,28 +39,20 @@ stdenv.mkDerivation rec { "-DLIBCXXABI_ENABLE_SHARED=OFF" ]; - installPhase = if stdenv.isDarwin - then '' - for file in lib/*.dylib; do - # this should be done in CMake, but having trouble figuring out - # the magic combination of necessary CMake variables - # if you fancy a try, take a look at - # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling - install_name_tool -id $out/$file $file - done - make install - install -d 755 $out/include - install -m 644 ../include/*.h $out/include - '' - else '' - install -d -m 755 $out/include $out/lib - install -m 644 lib/libc++abi.a $out/lib - install -m 644 ../include/cxxabi.h $out/include - '' + lib.optionalString enableShared '' - install -m 644 lib/libc++abi.so.1.0 $out/lib - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so.1 - ''; + preInstall = lib.optionalString stdenv.isDarwin '' + for file in lib/*.dylib; do + # this should be done in CMake, but having trouble figuring out + # the magic combination of necessary CMake variables + # if you fancy a try, take a look at + # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling + install_name_tool -id $out/$file $file + done + ''; + + postInstall = '' + mkdir -p "$dev/include" + install -m 644 ../include/${if stdenv.isDarwin then "*" else "cxxabi.h"} "$dev/include" + ''; meta = llvm_meta // { homepage = "https://libcxxabi.llvm.org/"; diff --git a/pkgs/development/compilers/llvm/5/libcxxabi/default.nix b/pkgs/development/compilers/llvm/5/libcxxabi/default.nix index 5146e20089b7..60a41ab2d830 100644 --- a/pkgs/development/compilers/llvm/5/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/5/libcxxabi/default.nix @@ -25,27 +25,20 @@ stdenv.mkDerivation { nativeBuildInputs = [ cmake ]; buildInputs = lib.optional (!stdenv.isDarwin && !stdenv.isFreeBSD) libunwind; - installPhase = if stdenv.isDarwin - then '' - for file in lib/*.dylib; do - # this should be done in CMake, but having trouble figuring out - # the magic combination of necessary CMake variables - # if you fancy a try, take a look at - # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling - install_name_tool -id $out/$file $file - done - make install - install -d 755 $out/include - install -m 644 ../include/*.h $out/include - '' - else '' - install -d -m 755 $out/include $out/lib - install -m 644 lib/libc++abi.a $out/lib - install -m 644 lib/libc++abi.so.1.0 $out/lib - install -m 644 ../include/cxxabi.h $out/include - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so.1 - ''; + preInstall = lib.optionalString stdenv.isDarwin '' + for file in lib/*.dylib; do + # this should be done in CMake, but having trouble figuring out + # the magic combination of necessary CMake variables + # if you fancy a try, take a look at + # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling + install_name_tool -id $out/$file $file + done + ''; + + postInstall = '' + mkdir -p "$dev/include" + install -m 644 ../include/${if stdenv.isDarwin then "*" else "cxxabi.h"} "$dev/include" + ''; meta = llvm_meta // { homepage = "https://libcxxabi.llvm.org/"; diff --git a/pkgs/development/compilers/llvm/6/libcxxabi/default.nix b/pkgs/development/compilers/llvm/6/libcxxabi/default.nix index 6a03d8a1835e..d7de130fbaaf 100644 --- a/pkgs/development/compilers/llvm/6/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/6/libcxxabi/default.nix @@ -25,27 +25,20 @@ stdenv.mkDerivation { nativeBuildInputs = [ cmake ]; buildInputs = lib.optional (!stdenv.isDarwin && !stdenv.isFreeBSD) libunwind; - installPhase = if stdenv.isDarwin - then '' - for file in lib/*.dylib; do - # this should be done in CMake, but having trouble figuring out - # the magic combination of necessary CMake variables - # if you fancy a try, take a look at - # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling - install_name_tool -id $out/$file $file - done - make install - install -d 755 $out/include - install -m 644 ../include/*.h $out/include - '' - else '' - install -d -m 755 $out/include $out/lib - install -m 644 lib/libc++abi.a $out/lib - install -m 644 lib/libc++abi.so.1.0 $out/lib - install -m 644 ../include/cxxabi.h $out/include - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so.1 - ''; + preInstall = lib.optionalString stdenv.isDarwin '' + for file in lib/*.dylib; do + # this should be done in CMake, but having trouble figuring out + # the magic combination of necessary CMake variables + # if you fancy a try, take a look at + # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling + install_name_tool -id $out/$file $file + done + ''; + + postInstall = '' + mkdir -p "$dev/include" + install -m 644 ../include/${if stdenv.isDarwin then "*" else "cxxabi.h"} "$dev/include" + ''; meta = llvm_meta // { homepage = "https://libcxxabi.llvm.org/"; diff --git a/pkgs/development/compilers/llvm/7/libcxxabi/default.nix b/pkgs/development/compilers/llvm/7/libcxxabi/default.nix index 0bb76f916285..1bc9444feda1 100644 --- a/pkgs/development/compilers/llvm/7/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/7/libcxxabi/default.nix @@ -44,27 +44,20 @@ stdenv.mkDerivation { "-DLIBCXXABI_USE_LLVM_UNWINDER=ON" ] ++ lib.optional (!enableShared) "-DLIBCXXABI_ENABLE_SHARED=OFF"; - installPhase = if stdenv.isDarwin - then '' - for file in lib/*.dylib; do - # this should be done in CMake, but having trouble figuring out - # the magic combination of necessary CMake variables - # if you fancy a try, take a look at - # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling - install_name_tool -id $out/$file $file - done - make install - install -d 755 $out/include - install -m 644 ../include/*.h $out/include - '' - else '' - install -d -m 755 $out/include $out/lib - install -m 644 lib/libc++abi.a $out/lib - ${lib.optionalString enableShared "install -m 644 lib/libc++abi.so.1.0 $out/lib"} - install -m 644 ../include/cxxabi.h $out/include - ${lib.optionalString enableShared "ln -s libc++abi.so.1.0 $out/lib/libc++abi.so"} - ${lib.optionalString enableShared "ln -s libc++abi.so.1.0 $out/lib/libc++abi.so.1"} - ''; + preInstall = lib.optionalString stdenv.isDarwin '' + for file in lib/*.dylib; do + # this should be done in CMake, but having trouble figuring out + # the magic combination of necessary CMake variables + # if you fancy a try, take a look at + # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling + install_name_tool -id $out/$file $file + done + ''; + + postInstall = '' + mkdir -p "$dev/include" + install -m 644 ../include/${if stdenv.isDarwin then "*" else "cxxabi.h"} "$dev/include" + ''; meta = llvm_meta // { homepage = "https://libcxxabi.llvm.org/"; diff --git a/pkgs/development/compilers/llvm/8/libcxxabi/default.nix b/pkgs/development/compilers/llvm/8/libcxxabi/default.nix index 593b1df9b7ad..50a5eabc1703 100644 --- a/pkgs/development/compilers/llvm/8/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/8/libcxxabi/default.nix @@ -40,28 +40,20 @@ stdenv.mkDerivation { "-DLIBCXXABI_ENABLE_SHARED=OFF" ]; - installPhase = if stdenv.isDarwin - then '' - for file in lib/*.dylib; do - # this should be done in CMake, but having trouble figuring out - # the magic combination of necessary CMake variables - # if you fancy a try, take a look at - # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling - install_name_tool -id $out/$file $file - done - make install - install -d 755 $out/include - install -m 644 ../include/*.h $out/include - '' - else '' - install -d -m 755 $out/include $out/lib - install -m 644 lib/libc++abi.a $out/lib - install -m 644 ../include/cxxabi.h $out/include - '' + lib.optionalString enableShared '' - install -m 644 lib/libc++abi.so.1.0 $out/lib - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so.1 - ''; + preInstall = lib.optionalString stdenv.isDarwin '' + for file in lib/*.dylib; do + # this should be done in CMake, but having trouble figuring out + # the magic combination of necessary CMake variables + # if you fancy a try, take a look at + # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling + install_name_tool -id $out/$file $file + done + ''; + + postInstall = '' + mkdir -p "$dev/include" + install -m 644 ../include/${if stdenv.isDarwin then "*" else "cxxabi.h"} "$dev/include" + ''; meta = llvm_meta // { homepage = "https://libcxxabi.llvm.org/"; diff --git a/pkgs/development/compilers/llvm/9/libcxxabi/default.nix b/pkgs/development/compilers/llvm/9/libcxxabi/default.nix index 2af3322fd68d..ee6834affbcd 100644 --- a/pkgs/development/compilers/llvm/9/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/9/libcxxabi/default.nix @@ -40,28 +40,20 @@ stdenv.mkDerivation { "-DLIBCXXABI_ENABLE_SHARED=OFF" ]; - installPhase = if stdenv.isDarwin - then '' - for file in lib/*.dylib; do - # this should be done in CMake, but having trouble figuring out - # the magic combination of necessary CMake variables - # if you fancy a try, take a look at - # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling - install_name_tool -id $out/$file $file - done - make install - install -d 755 $out/include - install -m 644 ../include/*.h $out/include - '' - else '' - install -d -m 755 $out/include $out/lib - install -m 644 lib/libc++abi.a $out/lib - install -m 644 ../include/cxxabi.h $out/include - '' + lib.optionalString enableShared '' - install -m 644 lib/libc++abi.so.1.0 $out/lib - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so.1 - ''; + preInstall = lib.optionalString stdenv.isDarwin '' + for file in lib/*.dylib; do + # this should be done in CMake, but having trouble figuring out + # the magic combination of necessary CMake variables + # if you fancy a try, take a look at + # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling + install_name_tool -id $out/$file $file + done + ''; + + postInstall = '' + mkdir -p "$dev/include" + install -m 644 ../include/${if stdenv.isDarwin then "*" else "cxxabi.h"} "$dev/include" + ''; meta = llvm_meta // { homepage = "https://libcxxabi.llvm.org/"; diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix index 7e4efcd72ce4..ea32f88dff49 100644 --- a/pkgs/development/haskell-modules/configuration-common.nix +++ b/pkgs/development/haskell-modules/configuration-common.nix @@ -2380,6 +2380,9 @@ self: super: { ''; }) super.linear-base; + # https://github.com/peti/hopenssl/issues/5 + hopenssl = super.hopenssl.override { openssl = pkgs.openssl_1_1; }; + # Fixes compilation with GHC 9.0 and above # https://hub.darcs.net/shelarcy/regex-compat-tdfa/issue/3 regex-compat-tdfa = appendPatches [ diff --git a/pkgs/development/interpreters/perl/default.nix b/pkgs/development/interpreters/perl/default.nix index 0a9c53e11c5f..79e2bf84a0cd 100644 --- a/pkgs/development/interpreters/perl/default.nix +++ b/pkgs/development/interpreters/perl/default.nix @@ -39,6 +39,9 @@ let [ # Do not look in /usr etc. for dependencies. ./no-sys-dirs-5.31.patch + + # Enable TLS/SSL verification in HTTP::Tiny by default + ./http-tiny-verify-ssl-by-default.patch ] ++ optional stdenv.isSunOS ./ld-shared.patch ++ optionals stdenv.isDarwin [ ./cpp-precomp.patch ./sw_vers.patch ] diff --git a/pkgs/development/interpreters/perl/http-tiny-verify-ssl-by-default.patch b/pkgs/development/interpreters/perl/http-tiny-verify-ssl-by-default.patch new file mode 100644 index 000000000000..59248061513d --- /dev/null +++ b/pkgs/development/interpreters/perl/http-tiny-verify-ssl-by-default.patch @@ -0,0 +1,79 @@ +Patch for HTTP::Tiny that defaults verify_SSL to 1 + +Based on proposed Debian patch by Dominic Hargreaves: +https://salsa.debian.org/perl-team/interpreter/perl/-/commit/1490431e40e22052f75a0b3449f1f53cbd27ba92 + + +diff --git a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm +index 5803e4599..88ba51461 100644 +--- a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm ++++ b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm +@@ -40,7 +40,7 @@ sub _croak { require Carp; Carp::croak(@_) } + #pod * C — Request timeout in seconds (default is 60) If a socket open, + #pod read or write takes longer than the timeout, an exception is thrown. + #pod * C — A boolean that indicates whether to validate the SSL +-#pod certificate of an C — connection (default is false) ++#pod certificate of an C — connection (default is true) + #pod * C — A hashref of C — options to pass through to + #pod L + #pod +@@ -112,7 +112,7 @@ sub new { + max_redirect => 5, + timeout => defined $args{timeout} ? $args{timeout} : 60, + keep_alive => 1, +- verify_SSL => $args{verify_SSL} || $args{verify_ssl} || 0, # no verification by default ++ verify_SSL => $args{verify_SSL} // $args{verify_ssl} // 1, # verification by default + no_proxy => $ENV{no_proxy}, + }; + +@@ -1038,7 +1038,7 @@ sub new { + timeout => 60, + max_line_size => 16384, + max_header_lines => 64, +- verify_SSL => 0, ++ verify_SSL => 1, + SSL_options => {}, + %args + }, $class; +@@ -1765,7 +1765,7 @@ C — Request timeout in seconds (default is 60) If a socket open, read + + =item * + +-C — A boolean that indicates whether to validate the SSL certificate of an C — connection (default is false) ++C — A boolean that indicates whether to validate the SSL certificate of an C — connection (default is true) + + =item * + +@@ -2035,7 +2035,7 @@ Verification of server identity + + =back + +-B. ++B. + + Server identity verification is controversial and potentially tricky because it + depends on a (usually paid) third-party Certificate Authority (CA) trust model +@@ -2043,16 +2043,14 @@ to validate a certificate as legitimate. This discriminates against servers + with self-signed certificates or certificates signed by free, community-driven + CA's such as L. + +-By default, HTTP::Tiny does not make any assumptions about your trust model, +-threat level or risk tolerance. It just aims to give you an encrypted channel +-when you need one. +- + Setting the C attribute to a true value will make HTTP::Tiny verify + that an SSL connection has a valid SSL certificate corresponding to the host + name of the connection and that the SSL certificate has been verified by a CA. + Assuming you trust the CA, this will protect against a L. If you are +-concerned about security, you should enable this option. ++attack|http://en.wikipedia.org/wiki/Man-in-the-middle_attack>. ++ ++If you are not concerned about security, and this default in NixOS causes ++problems, you should disable this option. + + Certificate verification requires a file containing trusted CA certificates. + +-- + + diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index 44cf836fc9c8..73197f065625 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -7,6 +7,7 @@ , mailcap, mimetypesSupport ? true , ncurses , openssl +, openssl_1_1 , readline , sqlite , tcl ? null, tk ? null, tix ? null, libX11 ? null, xorgproto ? null, x11Support ? false @@ -75,6 +76,10 @@ assert lib.assertMsg (reproducibleBuild -> (!rebuildBytecode)) with lib; let + # cpython does support/build with openssl 3.0, but some libraries using the ssl module seem to have issues with it + # null check for Minimal + openssl' = if openssl != null then openssl_1_1 else null; + buildPackages = pkgsBuildHost; inherit (passthru) pythonForBuild; @@ -115,7 +120,7 @@ let ]; buildInputs = filter (p: p != null) ([ - zlib bzip2 expat xz libffi gdbm sqlite readline ncurses openssl ] + zlib bzip2 expat xz libffi gdbm sqlite readline ncurses openssl' ] ++ optionals x11Support [ tcl tk libX11 xorgproto ] ++ optionals (bluezSupport && stdenv.isLinux) [ bluez ] ++ optionals stdenv.isDarwin [ configd ]) @@ -321,8 +326,8 @@ in with passthru; stdenv.mkDerivation { "--with-threads" ] ++ optionals (sqlite != null && isPy3k) [ "--enable-loadable-sqlite-extensions" - ] ++ optionals (openssl != null) [ - "--with-openssl=${openssl.dev}" + ] ++ optionals (openssl' != null) [ + "--with-openssl=${openssl'.dev}" ] ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ "ac_cv_buggy_getaddrinfo=no" # Assume little-endian IEEE 754 floating point when cross compiling @@ -484,7 +489,7 @@ in with passthru; stdenv.mkDerivation { # Enforce that we don't have references to the OpenSSL -dev package, which we # explicitly specify in our configure flags above. disallowedReferences = - lib.optionals (openssl != null && !static) [ openssl.dev ] + lib.optionals (openssl' != null && !static) [ openssl'.dev ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ # Ensure we don't have references to build-time packages. # These typically end up in shebangs. diff --git a/pkgs/development/interpreters/ruby/default.nix b/pkgs/development/interpreters/ruby/default.nix index 236508d67353..524734b5a5fa 100644 --- a/pkgs/development/interpreters/ruby/default.nix +++ b/pkgs/development/interpreters/ruby/default.nix @@ -1,9 +1,10 @@ { stdenv, buildPackages, lib , fetchurl, fetchpatch, fetchFromSavannah, fetchFromGitHub -, zlib, openssl, gdbm, ncurses, readline, groff, libyaml, libffi, jemalloc, autoreconfHook, bison +, zlib, gdbm, ncurses, readline, groff, libyaml, libffi, jemalloc, autoreconfHook, bison , autoconf, libiconv, libobjc, libunwind, Foundation , buildEnv, bundler, bundix , makeWrapper, buildRubyGem, defaultGemConfig, removeReferencesTo +, openssl, openssl_1_1 } @ args: let @@ -26,7 +27,7 @@ let , useRailsExpress ? true , rubygemsSupport ? true , zlib, zlibSupport ? true - , openssl, opensslSupport ? true + , openssl, openssl_1_1, opensslSupport ? true , gdbm, gdbmSupport ? true , ncurses, readline, cursesSupport ? true , groff, docSupport ? true @@ -75,7 +76,8 @@ let ++ (op fiddleSupport libffi) ++ (ops cursesSupport [ ncurses readline ]) ++ (op zlibSupport zlib) - ++ (op opensslSupport openssl) + ++ (op (lib.versionOlder ver.majMin "3.0" && opensslSupport) openssl_1_1) + ++ (op (atLeast30 && opensslSupport) openssl_1_1) ++ (op gdbmSupport gdbm) ++ (op yamlSupport libyaml) # Looks like ruby fails to build on darwin without readline even if curses diff --git a/pkgs/development/libraries/SDL2_ttf/default.nix b/pkgs/development/libraries/SDL2_ttf/default.nix index 6975dfff24ae..f424a2e67f56 100644 --- a/pkgs/development/libraries/SDL2_ttf/default.nix +++ b/pkgs/development/libraries/SDL2_ttf/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "SDL2_ttf"; - version = "2.0.18"; + version = "2.20.1"; src = fetchurl { url = "https://www.libsdl.org/projects/SDL_ttf/release/${pname}-${version}.tar.gz"; - sha256 = "sha256-cjTriINRTgGed0fHA+SndFdbGNQ1wipKKdBoy3aKIlE="; + sha256 = "sha256-eM2tUfPMOtppMrG7bpFLM3mKuXCh6Bd2PyLdv9l9DFc="; }; configureFlags = lib.optional stdenv.isDarwin "--disable-sdltest"; diff --git a/pkgs/development/libraries/google-cloud-cpp/default.nix b/pkgs/development/libraries/google-cloud-cpp/default.nix index 8758daf9c3ab..2c5cade6b69c 100644 --- a/pkgs/development/libraries/google-cloud-cpp/default.nix +++ b/pkgs/development/libraries/google-cloud-cpp/default.nix @@ -61,7 +61,7 @@ stdenv.mkDerivation rec { abseil-cpp c-ares crc32c - curl + (curl.override { inherit openssl; }) grpc nlohmann_json openssl diff --git a/pkgs/development/libraries/gpgme/default.nix b/pkgs/development/libraries/gpgme/default.nix index 9b90f912912b..8d4e2e7271d4 100644 --- a/pkgs/development/libraries/gpgme/default.nix +++ b/pkgs/development/libraries/gpgme/default.nix @@ -110,8 +110,13 @@ stdenv.mkDerivation rec { ++ lib.optional stdenv.hostPlatform.is32bit "-D_FILE_OFFSET_BITS=64" ); + # prevent tests from being run during the buildPhase + makeFlags = [ "tests=" ]; + doCheck = true; + checkFlags = [ "-C" "tests" ]; + passthru.tests = { python = python3.pkgs.gpgme; qt = libsForQt5.qgpgme; diff --git a/pkgs/development/libraries/imlib2/default.nix b/pkgs/development/libraries/imlib2/default.nix index a5dc57c8ffd8..12d972390630 100644 --- a/pkgs/development/libraries/imlib2/default.nix +++ b/pkgs/development/libraries/imlib2/default.nix @@ -1,14 +1,16 @@ { lib, stdenv, fetchurl # Image file formats -, libjpeg, libtiff, giflib, libpng, libwebp +, libjpeg, libtiff, giflib, libpng, libwebp, libjxl +, libspectre # imlib2 can load images from ID3 tags. , libid3tag, librsvg, libheif , freetype , bzip2, pkg-config , x11Support ? true, xlibsWrapper ? null -# Compilation error on Darwin with librsvg. For more information see: -# https://github.com/NixOS/nixpkgs/pull/166452#issuecomment-1090725613 -, svgSupport ? !stdenv.isDarwin -, heifSupport ? !stdenv.isDarwin +, svgSupport ? false +, heifSupport ? false +, webpSupport ? false +, jxlSupport ? false +, psSupport ? false # for passthru.tests , libcaca @@ -33,11 +35,14 @@ stdenv.mkDerivation rec { }; buildInputs = [ - libjpeg libtiff giflib libpng libwebp + libjpeg libtiff giflib libpng bzip2 freetype libid3tag ] ++ optional x11Support xlibsWrapper ++ optional heifSupport libheif - ++ optional svgSupport librsvg; + ++ optional svgSupport librsvg + ++ optional webpSupport libwebp + ++ optional jxlSupport libjxl + ++ optional psSupport libspectre; nativeBuildInputs = [ pkg-config ]; diff --git a/pkgs/development/libraries/jemalloc/default.nix b/pkgs/development/libraries/jemalloc/default.nix index 6f9cb774c2a8..a2812a9c6677 100644 --- a/pkgs/development/libraries/jemalloc/default.nix +++ b/pkgs/development/libraries/jemalloc/default.nix @@ -30,6 +30,9 @@ stdenv.mkDerivation rec { "--disable-thp" "je_cv_thp=no" ] + # AArch64 has configurable page size up to 64k. The default configuration + # for jemalloc only supports 4k page sizes. + ++ lib.optional stdenv.isAarch64 "--with-lg-page=16" ; NIX_CFLAGS_COMPILE = lib.optionalString stdenv.isDarwin "-Wno-error=array-bounds"; diff --git a/pkgs/development/libraries/json-glib/default.nix b/pkgs/development/libraries/json-glib/default.nix index 1f8f4fd1acc0..e095945dabaa 100644 --- a/pkgs/development/libraries/json-glib/default.nix +++ b/pkgs/development/libraries/json-glib/default.nix @@ -4,6 +4,7 @@ , glib , meson , ninja +, nixosTests , pkg-config , gettext , gobject-introspection @@ -17,13 +18,18 @@ stdenv.mkDerivation rec { pname = "json-glib"; version = "1.6.6"; - outputs = [ "out" "dev" "devdoc" ]; + outputs = [ "out" "dev" "devdoc" "installedTests" ]; src = fetchurl { url = "mirror://gnome/sources/${pname}/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; sha256 = "luyYvnqR9t3jNjZyDj2i/27LuQ52zKpJSX8xpoVaSQ4="; }; + patches = [ + # Add option for changing installation path of installed tests. + ./meson-add-installed-tests-prefix-option.patch + ]; + strictDeps = true; depsBuildBuild = [ @@ -49,6 +55,9 @@ stdenv.mkDerivation rec { glib ]; + mesonFlags = [ + "-Dinstalled_test_prefix=${placeholder "installedTests"}" + ]; # Run-time dependency gi-docgen found: NO (tried pkgconfig and cmake) # it should be a build-time dep for build @@ -73,6 +82,10 @@ stdenv.mkDerivation rec { ''; passthru = { + tests = { + installedTests = nixosTests.installed-tests.json-glib; + }; + updateScript = gnome.updateScript { packageName = pname; versionPolicy = "odd-unstable"; diff --git a/pkgs/development/libraries/json-glib/meson-add-installed-tests-prefix-option.patch b/pkgs/development/libraries/json-glib/meson-add-installed-tests-prefix-option.patch new file mode 100644 index 000000000000..626db09cd03f --- /dev/null +++ b/pkgs/development/libraries/json-glib/meson-add-installed-tests-prefix-option.patch @@ -0,0 +1,27 @@ +diff --git a/json-glib/tests/meson.build b/json-glib/tests/meson.build +index 1eb56c8..dca444e 100644 +--- a/json-glib/tests/meson.build ++++ b/json-glib/tests/meson.build +@@ -21,8 +21,9 @@ test_data = [ + 'stream-load.json', + ] + +-installed_test_bindir = join_paths(json_libexecdir, 'installed-tests', json_api_name) +-installed_test_datadir = join_paths(json_datadir, 'installed-tests', json_api_name) ++installed_test_prefix = get_option('installed_test_prefix') ++installed_test_bindir = join_paths(installed_test_prefix, 'libexec', 'installed-tests', json_api_name) ++installed_test_datadir = join_paths(installed_test_prefix, 'share', 'installed-tests', json_api_name) + + install_data(test_data, install_dir: installed_test_bindir) + +diff --git a/meson_options.txt b/meson_options.txt +index 068a03f..03f398a 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -10,3 +10,6 @@ option('man', + option('tests', + type: 'boolean', value: true, + description: 'Build the tests') ++option('installed_test_prefix', ++ description: 'Prefix for installed tests', ++ type: 'string') diff --git a/pkgs/development/libraries/libewf/default.nix b/pkgs/development/libraries/libewf/default.nix index 1935c7d947ff..c7311d166b33 100644 --- a/pkgs/development/libraries/libewf/default.nix +++ b/pkgs/development/libraries/libewf/default.nix @@ -1,4 +1,4 @@ -{ fetchurl, lib, stdenv, zlib, openssl, libuuid, pkg-config, bzip2 }: +{ fetchurl, fetchpatch, lib, stdenv, zlib, openssl, libuuid, pkg-config, bzip2 }: stdenv.mkDerivation rec { version = "20201230"; @@ -6,9 +6,17 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://github.com/libyal/libewf/releases/download/${version}/libewf-experimental-${version}.tar.gz"; - sha256 = "sha256-10r4jPzsA30nHQzjdg/VkwTG1PwOskwv8Bra34ZPMgc="; + hash = "sha256-10r4jPzsA30nHQzjdg/VkwTG1PwOskwv8Bra34ZPMgc="; }; + patches = [ + # fix build with OpenSSL 3.0 + (fetchpatch { + url = "https://github.com/libyal/libewf/commit/033ea5b4e5f8f1248f74a2ec61fc1be183c6c46b.patch"; + hash = "sha256-R4+NO/91kiZP48SJyVF9oYjKCg1h/9Kh8/0VOEmJXPQ="; + }) + ]; + nativeBuildInputs = [ pkg-config ]; buildInputs = [ zlib openssl libuuid ] ++ lib.optionals stdenv.isDarwin [ bzip2 ]; diff --git a/pkgs/development/libraries/libglvnd/default.nix b/pkgs/development/libraries/libglvnd/default.nix index 769140ff54a3..46a3d9e40308 100644 --- a/pkgs/development/libraries/libglvnd/default.nix +++ b/pkgs/development/libraries/libglvnd/default.nix @@ -5,14 +5,14 @@ stdenv.mkDerivation rec { pname = "libglvnd"; - version = "1.4.0"; + version = "1.5.0"; src = fetchFromGitLab { domain = "gitlab.freedesktop.org"; owner = "glvnd"; repo = "libglvnd"; rev = "v${version}"; - sha256 = "06y7m486kgg566krbhb0gvmpzy6ayd98psnrmmkrnw8p513lg8k3"; + sha256 = "sha256-yXSuG8UwD5KZbn4ysDStTdOGD4uHigjOhazlHT9ndNs="; }; nativeBuildInputs = [ autoreconfHook pkg-config python3 addOpenGLRunpath ]; diff --git a/pkgs/development/libraries/libs3/default.nix b/pkgs/development/libraries/libs3/default.nix index d30fc55fc77f..b9f9278fad8c 100644 --- a/pkgs/development/libraries/libs3/default.nix +++ b/pkgs/development/libraries/libs3/default.nix @@ -1,19 +1,26 @@ -{ lib, stdenv, fetchFromGitHub, curl, libxml2 }: +{ lib, stdenv, fetchFromGitHub, fetchpatch, curl, libxml2 }: stdenv.mkDerivation { pname = "libs3"; - version = "unstable-2018-12-03"; + version = "unstable-2019-04-10"; src = fetchFromGitHub { owner = "bji"; repo = "libs3"; - rev = "111dc30029f64bbf82031f3e160f253a0a63c119"; - sha256 = "1ahf08hc7ql3fazfmlyj9vrhq7cvarsmgn2v8149y63zr1fl61hs"; + rev = "287e4bee6fd430ffb52604049de80a27a77ff6b4"; + hash = "sha256-xgiY8oJlRMiXB1fw5dhNidfaq18YVwaJ8aErKU11O6U="; }; + patches = [ + (fetchpatch { # Fix compilation with openssl 3.0 + url = "https://github.com/bji/libs3/pull/112/commits/3c3a1cf915e62b730db854d8007ba835cb38677c.patch"; + hash = "sha256-+rWRh8dOznHlamc/T9qbgN0E2Rww3Hn94UeErxNDccs="; + }) + ]; + buildInputs = [ curl libxml2 ]; - makeFlags = [ "DESTDIR=$(out)" ]; + makeFlags = [ "DESTDIR=${placeholder "out"}" ]; meta = with lib; { homepage = "https://github.com/bji/libs3"; diff --git a/pkgs/development/libraries/libtasn1/default.nix b/pkgs/development/libraries/libtasn1/default.nix index d7eb36b97a79..2f0b1cdaad4a 100644 --- a/pkgs/development/libraries/libtasn1/default.nix +++ b/pkgs/development/libraries/libtasn1/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "libtasn1"; - version = "4.18.0"; + version = "4.19.0"; src = fetchurl { url = "mirror://gnu/libtasn1/libtasn1-${version}.tar.gz"; - sha256 = "sha256-Q2XBVJU1Y9ZMZ6AktgfR7nXG23bg0PZXCeqAozTNGJg="; + sha256 = "sha256-FhPwrBz0hNbsDOO4wG1WJjzHJC8cI7MNgtI940WmP3o="; }; outputs = [ "out" "dev" "devdoc" ]; diff --git a/pkgs/development/libraries/liburcu/default.nix b/pkgs/development/libraries/liburcu/default.nix index e2dc63609c41..120b5d9c61ae 100644 --- a/pkgs/development/libraries/liburcu/default.nix +++ b/pkgs/development/libraries/liburcu/default.nix @@ -1,12 +1,12 @@ { lib, stdenv, fetchurl, perl }: stdenv.mkDerivation rec { - version = "0.13.1"; + version = "0.13.2"; pname = "liburcu"; src = fetchurl { url = "https://lttng.org/files/urcu/userspace-rcu-${version}.tar.bz2"; - sha256 = "sha256-MhPzPSuPcQ65IOsauyeewEv4rmNh9E8lE8KMINM2MIM="; + sha256 = "sha256-EhP9nxsLdNp94rt0M1t2CY25c4/sXTzcB8DFJPNPwDI="; }; checkInputs = [ perl ]; diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index c851c196f184..6b78a570cccb 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -34,7 +34,7 @@ with lib; let # Release calendar: https://www.mesa3d.org/release-calendar.html # Release frequency: https://www.mesa3d.org/releasing.html#schedule - version = "22.1.6"; + version = "22.1.7"; branch = versions.major version; self = stdenv.mkDerivation { @@ -48,7 +48,7 @@ self = stdenv.mkDerivation { "ftp://ftp.freedesktop.org/pub/mesa/${version}/mesa-${version}.tar.xz" "ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz" ]; - sha256 = "22ced061eb9adab8ea35368246c1995c09723f3f71653cd5050c5cec376e671a"; + sha256 = "da838eb2cf11d0e08d0e9944f6bd4d96987fdc59ea2856f8c70a31a82b355d89"; }; # TODO: diff --git a/pkgs/development/libraries/nettle/default.nix b/pkgs/development/libraries/nettle/default.nix index ed4948cd7f80..1ce011a3231c 100644 --- a/pkgs/development/libraries/nettle/default.nix +++ b/pkgs/development/libraries/nettle/default.nix @@ -1,10 +1,10 @@ { callPackage, fetchurl }: callPackage ./generic.nix rec { - version = "3.8"; + version = "3.8.1"; src = fetchurl { url = "mirror://gnu/nettle/nettle-${version}.tar.gz"; - hash = "sha256-dXbGhIHBmPZEsIwWDRpIULqUSeMIBpRVtSEzGfI06OY="; + hash = "sha256-Nk8+K3fNfc3oP9fEUhnINOVLDHXkKLb4lKI9Et1By/4="; }; } diff --git a/pkgs/development/libraries/nss/ckpem.patch b/pkgs/development/libraries/nss/ckpem.patch deleted file mode 100644 index c1a65a6c0b28..000000000000 --- a/pkgs/development/libraries/nss/ckpem.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- nss/lib/ckfw/pem/ckpem.h 2018-01-03 13:36:12.000000000 -0800 -+++ nss/lib/ckfw/pem/ckpem.h 2018-01-03 13:36:20.000000000 -0800 -@@ -156,8 +156,6 @@ - NSS_EXTERN_DATA pemInternalObject nss_pem_data[]; - NSS_EXTERN_DATA const PRUint32 nss_pem_nObjects; - -- PRBool logged_in; -- - /* our raw object data array */ - NSS_EXTERN_DATA pemInternalObject nss_pem_data[]; - NSS_EXTERN_DATA const PRUint32 nss_pem_nObjects; diff --git a/pkgs/development/libraries/nss/generic.nix b/pkgs/development/libraries/nss/generic.nix index febc2423388e..e6d2eae2449c 100644 --- a/pkgs/development/libraries/nss/generic.nix +++ b/pkgs/development/libraries/nss/generic.nix @@ -19,11 +19,6 @@ }: let - nssPEM = fetchurl { - url = "http://dev.gentoo.org/~polynomial-c/mozilla/nss-3.15.4-pem-support-20140109.patch.xz"; - sha256 = "10ibz6y0hknac15zr6dw4gv9nb5r5z9ym6gq18j3xqx7v7n3vpdw"; - }; - underscoreVersion = lib.replaceStrings [ "." ] [ "_" ] version; in stdenv.mkDerivation rec { @@ -44,23 +39,6 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [ nspr ]; - prePatch = '' - # strip the trailing whitespace from the patch line and the renamed CKO_NETSCAPE_ enum to CKO_NSS_ - xz -d < ${nssPEM} | sed \ - -e 's/-DIRS = builtins $/-DIRS = . builtins/g' \ - -e 's/CKO_NETSCAPE_/CKO_NSS_/g' \ - -e 's/CKT_NETSCAPE_/CKT_NSS_/g' \ - | patch -p1 - - patchShebangs nss - - for f in nss/coreconf/config.gypi nss/build.sh nss/coreconf/config.gypi; do - substituteInPlace "$f" --replace "/usr/bin/env" "${buildPackages.coreutils}/bin/env" - done - - substituteInPlace nss/coreconf/config.gypi --replace "/usr/bin/grep" "${buildPackages.coreutils}/bin/env grep" - ''; - patches = [ # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch (if (lib.versionOlder version "3.77") then @@ -68,13 +46,20 @@ stdenv.mkDerivation rec { else ./85_security_load_3.77+.patch ) - ./ckpem.patch ./fix-cross-compilation.patch ]; patchFlags = [ "-p0" ]; - postPatch = lib.optionalString stdenv.hostPlatform.isDarwin '' + postPatch = '' + patchShebangs nss + + for f in nss/coreconf/config.gypi nss/build.sh nss/coreconf/config.gypi; do + substituteInPlace "$f" --replace "/usr/bin/env" "${buildPackages.coreutils}/bin/env" + done + + substituteInPlace nss/coreconf/config.gypi --replace "/usr/bin/grep" "${buildPackages.coreutils}/bin/env grep" + '' + lib.optionalString stdenv.hostPlatform.isDarwin '' substituteInPlace nss/coreconf/Darwin.mk --replace '@executable_path/$(notdir $@)' "$out/lib/\$(notdir \$@)" substituteInPlace nss/coreconf/config.gypi --replace "'DYLIB_INSTALL_NAME_BASE': '@executable_path'" "'DYLIB_INSTALL_NAME_BASE': '$out/lib'" ''; diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 0b4050c76cce..471666129fc1 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -30,7 +30,7 @@ let postPatch = '' patchShebangs Configure - '' + lib.optionalString (lib.versionOlder version "1.1.0") '' + '' + lib.optionalString (lib.versionOlder version "1.1.1") '' patchShebangs test/* for a in test/t* ; do substituteInPlace "$a" \ @@ -40,7 +40,7 @@ let # config is a configure script which is not installed. + lib.optionalString (lib.versionAtLeast version "1.1.1") '' substituteInPlace config --replace '/usr/bin/env' '${buildPackages.coreutils}/bin/env' - '' + lib.optionalString (lib.versionAtLeast version "1.1.0" && stdenv.hostPlatform.isMusl) '' + '' + lib.optionalString (lib.versionAtLeast version "1.1.1" && stdenv.hostPlatform.isMusl) '' substituteInPlace crypto/async/arch/async_posix.h \ --replace '!defined(__ANDROID__) && !defined(__OpenBSD__)' \ '!defined(__ANDROID__) && !defined(__OpenBSD__) && 0' @@ -130,11 +130,12 @@ let ] ++ lib.optional enableSSL2 "enable-ssl2" ++ lib.optional enableSSL3 "enable-ssl3" ++ lib.optional (lib.versionAtLeast version "3.0.0") "enable-ktls" - ++ lib.optional (lib.versionAtLeast version "1.1.0" && stdenv.hostPlatform.isAarch64) "no-afalgeng" + ++ lib.optional (lib.versionAtLeast version "1.1.1" && stdenv.hostPlatform.isAarch64) "no-afalgeng" # OpenSSL needs a specific `no-shared` configure flag. # See https://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options # for a comprehensive list of configuration options. - ++ lib.optional (lib.versionAtLeast version "1.1.0" && static) "no-shared" + ++ lib.optional (lib.versionAtLeast version "1.1.1" && static) "no-shared" + ++ lib.optional (lib.versionAtLeast version "3.0.0" && static) "no-module" # This introduces a reference to the CTLOG_FILE which is undesired when # trying to build binaries statically. ++ lib.optional static "no-ct" diff --git a/pkgs/development/libraries/qca2/default.nix b/pkgs/development/libraries/qca2/default.nix deleted file mode 100644 index 42dcf1a87d36..000000000000 --- a/pkgs/development/libraries/qca2/default.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ lib, stdenv, fetchurl, openssl, cmake, pkg-config, qt, darwin }: - -stdenv.mkDerivation rec { - pname = "qca"; - version = "2.2.1"; - - src = fetchurl { - url = "http://download.kde.org/stable/qca/${version}/qca-${version}.tar.xz"; - sha256 = "00kv1vsrc8fp556hm8s6yw3240vx3l4067q6vfxrb3gdwgcd45np"; - }; - - nativeBuildInputs = [ cmake pkg-config ]; - buildInputs = [ openssl qt ] - ++ lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.Security; - - # tells CMake to use this CA bundle file if it is accessible - preConfigure = '' - export QC_CERTSTORE_PATH=/etc/ssl/certs/ca-certificates.crt - ''; - - # tricks CMake into using this CA bundle file if it is not accessible (in a sandbox) - cmakeFlags = [ "-Dqca_CERTSTORE=/etc/ssl/certs/ca-certificates.crt" ]; - - postPatch = '' - sed -i -e '1i cmake_policy(SET CMP0025 NEW)' CMakeLists.txt - ''; - - meta = with lib; { - description = "Qt Cryptographic Architecture"; - license = "LGPL"; - homepage = "http://delta.affinix.com/qca"; - maintainers = [ maintainers.sander ]; - platforms = platforms.unix; - }; -} diff --git a/pkgs/development/libraries/qca2/libressl.patch b/pkgs/development/libraries/qca2/libressl.patch deleted file mode 100644 index c9b0267f85d8..000000000000 --- a/pkgs/development/libraries/qca2/libressl.patch +++ /dev/null @@ -1,28 +0,0 @@ ---- a/plugins/qca-ossl/qca-ossl.cpp 2015-12-02 09:34:25.810682094 +0000 -+++ b/plugins/qca-ossl/qca-ossl.cpp 2015-12-02 09:29:51.720392423 +0000 -@@ -5403,11 +5403,13 @@ - ctx = SSL_CTX_new(SSLv2_client_method()); - break; - #endif -+#ifndef OPENSSL_NO_SSL3 - case TLS::SSL_v3: - ctx = SSL_CTX_new(SSLv3_client_method()); - break; -+#endif - case TLS::TLS_v1: -+ ctx = SSL_CTX_new(SSLv23_client_method()); -- ctx = SSL_CTX_new(TLSv1_client_method()); - break; - case TLS::DTLS_v1: - default: -@@ -7133,8 +7135,10 @@ - return new opensslInfoContext(this); - else if ( type == "sha1" ) - return new opensslHashContext( EVP_sha1(), this, type); -+#ifndef OPENSSL_NO_SHA0 - else if ( type == "sha0" ) - return new opensslHashContext( EVP_sha(), this, type); -+#endif - else if ( type == "ripemd160" ) - return new opensslHashContext( EVP_ripemd160(), this, type); - #ifdef HAVE_OPENSSL_MD2 diff --git a/pkgs/development/libraries/soundtouch/default.nix b/pkgs/development/libraries/soundtouch/default.nix index b03a7cc07228..318ead830f9b 100644 --- a/pkgs/development/libraries/soundtouch/default.nix +++ b/pkgs/development/libraries/soundtouch/default.nix @@ -1,14 +1,15 @@ -{stdenv, lib, fetchFromGitLab, autoconf, automake, libtool}: +{ stdenv, lib, fetchFromGitea, autoconf, automake, libtool }: stdenv.mkDerivation rec { pname = "soundtouch"; - version = "2.2"; + version = "2.3.1"; - src = fetchFromGitLab { - owner = pname; - repo = pname; + src = fetchFromGitea { + domain = "codeberg.org"; + owner = "soundtouch"; + repo = "soundtouch"; rev = version; - sha256 = "12i6yg8vvqwyk412lxl2krbfby6hnxld8qxy0k4m5xp4g94jiq4p"; + sha256 = "10znckb8mrnmvwj7vq12732al873qhqw27fpb5f8r0bkjdpcj3vr"; }; nativeBuildInputs = [ autoconf automake libtool ]; diff --git a/pkgs/development/libraries/spirv-headers/default.nix b/pkgs/development/libraries/spirv-headers/default.nix index 21117c7d80b2..c634b8330428 100644 --- a/pkgs/development/libraries/spirv-headers/default.nix +++ b/pkgs/development/libraries/spirv-headers/default.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "spirv-headers"; - version = "1.3.216.0"; + version = "1.3.224.0"; src = fetchFromGitHub { owner = "KhronosGroup"; diff --git a/pkgs/development/libraries/ti-rpc/default.nix b/pkgs/development/libraries/ti-rpc/default.nix index fa4782b5524f..0e67ce8adea8 100644 --- a/pkgs/development/libraries/ti-rpc/default.nix +++ b/pkgs/development/libraries/ti-rpc/default.nix @@ -12,10 +12,6 @@ stdenv.mkDerivation rec { outputs = [ "out" "dev" ]; - postPatch = '' - sed '1i#include ' -i src/xdr_sizeof.c - ''; - KRB5_CONFIG = "${libkrb5.dev}/bin/krb5-config"; nativeBuildInputs = [ autoreconfHook ]; propagatedBuildInputs = [ libkrb5 ]; @@ -24,7 +20,9 @@ stdenv.mkDerivation rec { sed -es"|/etc/netconfig|$out/etc/netconfig|g" -i doc/Makefile.in tirpc/netconfig.h ''; - preInstall = "mkdir -p $out/etc"; + preInstall = '' + mkdir -p $out/etc + ''; doCheck = true; diff --git a/pkgs/development/libraries/vulkan-headers/default.nix b/pkgs/development/libraries/vulkan-headers/default.nix index a4424db68943..0e1a01032f62 100644 --- a/pkgs/development/libraries/vulkan-headers/default.nix +++ b/pkgs/development/libraries/vulkan-headers/default.nix @@ -1,7 +1,7 @@ { lib, stdenv, fetchFromGitHub, cmake }: stdenv.mkDerivation rec { pname = "vulkan-headers"; - version = "1.3.216.0"; + version = "1.3.224.0"; nativeBuildInputs = [ cmake ]; @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { owner = "KhronosGroup"; repo = "Vulkan-Headers"; rev = "sdk-${version}"; - hash = "sha256-jHzW3m9smuzEGbZrSyBI74K9rFozxiG3M5Xql/WOw7U="; + hash = "sha256-zUT5+Ttmkrj51a9FS1tQxoYMS0Y0xV8uaCEJNur4khc="; }; meta = with lib; { diff --git a/pkgs/development/libraries/vulkan-loader/default.nix b/pkgs/development/libraries/vulkan-loader/default.nix index 928a7a16e699..b825214dbb55 100644 --- a/pkgs/development/libraries/vulkan-loader/default.nix +++ b/pkgs/development/libraries/vulkan-loader/default.nix @@ -3,14 +3,14 @@ stdenv.mkDerivation rec { pname = "vulkan-loader"; - version = "1.3.216.0"; + version = "1.3.224.0"; src = (assert version == vulkan-headers.version; fetchFromGitHub { owner = "KhronosGroup"; repo = "Vulkan-Loader"; rev = "sdk-${version}"; - hash = "sha256-EcsJzY/R9rreWvYTgoxHNloR5n2xaR/0rouDJVAGaxs="; + hash = "sha256-lmdImPeosHbAbEzPVW4K9Wkz/mF6gr8MVroGf0bDEPc="; }); patches = [ ./fix-pkgconfig.patch ]; diff --git a/pkgs/development/lua-modules/overrides.nix b/pkgs/development/lua-modules/overrides.nix index 60fcf2ca1ca5..418db1b7bd3b 100644 --- a/pkgs/development/lua-modules/overrides.nix +++ b/pkgs/development/lua-modules/overrides.nix @@ -31,8 +31,8 @@ with prev; cqueues = (prev.lib.overrideLuarocks prev.cqueues (drv: { externalDeps = [ - { name = "CRYPTO"; dep = pkgs.openssl; } - { name = "OPENSSL"; dep = pkgs.openssl; } + { name = "CRYPTO"; dep = pkgs.openssl_1_1; } + { name = "OPENSSL"; dep = pkgs.openssl_1_1; } ]; disabled = luaOlder "5.1" || luaAtLeast "5.4"; })).overrideAttrs(oa: rec { @@ -271,14 +271,15 @@ with prev; luaossl = prev.lib.overrideLuarocks prev.luaossl (drv: { externalDeps = [ - { name = "CRYPTO"; dep = pkgs.openssl; } - { name = "OPENSSL"; dep = pkgs.openssl; } + # https://github.com/wahern/luaossl/pull/199 + { name = "CRYPTO"; dep = pkgs.openssl_1_1; } + { name = "OPENSSL"; dep = pkgs.openssl_1_1; } ]; }); luasec = prev.lib.overrideLuarocks prev.luasec (drv: { externalDeps = [ - { name = "OPENSSL"; dep = pkgs.openssl; } + { name = "OPENSSL"; dep = pkgs.openssl_1_1; } ]; }); diff --git a/pkgs/development/python-modules/cffi/default.nix b/pkgs/development/python-modules/cffi/default.nix index 7691d9b7d59b..66b315f14ab0 100644 --- a/pkgs/development/python-modules/cffi/default.nix +++ b/pkgs/development/python-modules/cffi/default.nix @@ -11,8 +11,6 @@ if isPyPy then null else buildPythonPackage rec { sha256 = "sha256-1AC/uaN7E1ElPLQCZxzqfom97MKU6AFqcH9tHYrJNPk="; }; - outputs = [ "out" "dev" ]; - buildInputs = [ libffi ]; nativeBuildInputs = [ pkg-config ]; diff --git a/pkgs/development/python-modules/cryptography/default.nix b/pkgs/development/python-modules/cryptography/default.nix index 1442b784cb37..873d1b99356a 100644 --- a/pkgs/development/python-modules/cryptography/default.nix +++ b/pkgs/development/python-modules/cryptography/default.nix @@ -44,8 +44,6 @@ buildPythonPackage rec { cargoRoot = "src/rust"; - outputs = [ "out" "dev" ]; - nativeBuildInputs = lib.optionals (!isPyPy) [ cffi ] ++ [ diff --git a/pkgs/development/python-modules/django/3.nix b/pkgs/development/python-modules/django/3.nix index 204857b925f4..d90277961800 100644 --- a/pkgs/development/python-modules/django/3.nix +++ b/pkgs/development/python-modules/django/3.nix @@ -8,6 +8,7 @@ , asgiref , pytz , sqlparse +, tzdata , pythonOlder , withGdal ? false }: @@ -24,7 +25,12 @@ buildPythonPackage rec { hash = "sha256-9xk0sagi8UqGyayWNAU2iSec0ErmnLat5KWUcbiGWCs="; }; - patches = lib.optional withGdal + patches = [ + (substituteAll { + src = ./django_3_set_zoneinfo_dir.patch; + zoneinfo = tzdata + "/share/zoneinfo"; + }) + ] ++ lib.optional withGdal (substituteAll { src = ./django_3_set_geos_gdal_lib.patch; inherit geos39; diff --git a/pkgs/development/python-modules/django/django_3_set_zoneinfo_dir.patch b/pkgs/development/python-modules/django/django_3_set_zoneinfo_dir.patch new file mode 100644 index 000000000000..69ad1c85d80c --- /dev/null +++ b/pkgs/development/python-modules/django/django_3_set_zoneinfo_dir.patch @@ -0,0 +1,13 @@ +diff --git a/django/conf/__init__.py b/django/conf/__init__.py +index 28302440c7..278cfa5e62 100644 +--- a/django/conf/__init__.py ++++ b/django/conf/__init__.py +@@ -200,7 +200,7 @@ class Settings: + if hasattr(time, 'tzset') and self.TIME_ZONE: + # When we can, attempt to validate the timezone. If we can't find + # this file, no check happens and it's harmless. +- zoneinfo_root = Path('/usr/share/zoneinfo') ++ zoneinfo_root = Path('@zoneinfo@') + zone_info_file = zoneinfo_root.joinpath(*self.TIME_ZONE.split('/')) + if zoneinfo_root.exists() and not zone_info_file.exists(): + raise ValueError("Incorrect timezone setting: %s" % self.TIME_ZONE) diff --git a/pkgs/development/python-modules/flask/default.nix b/pkgs/development/python-modules/flask/default.nix index 760c3ee671ae..7f0ac90533c2 100644 --- a/pkgs/development/python-modules/flask/default.nix +++ b/pkgs/development/python-modules/flask/default.nix @@ -14,12 +14,12 @@ buildPythonPackage rec { pname = "flask"; - version = "2.1.3"; + version = "2.2.2"; src = fetchPypi { pname = "Flask"; inherit version; - sha256 = "sha256-FZcuUBffBXXD1sCQuhaLbbkCWeYgrI1+qBOjlrrVtss="; + sha256 = "sha256-ZCxFDRnErUgvlnKb0qj20yVUqh4jH09rTn5SZLFsyis="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/hatchling/default.nix b/pkgs/development/python-modules/hatchling/default.nix index eedebeff3108..636d46dfdd7f 100644 --- a/pkgs/development/python-modules/hatchling/default.nix +++ b/pkgs/development/python-modules/hatchling/default.nix @@ -20,7 +20,7 @@ let pname = "hatchling"; - version = "1.6.0"; + version = "1.8.0"; in buildPythonPackage { inherit pname version; @@ -28,7 +28,7 @@ buildPythonPackage { src = fetchPypi { inherit pname version; - sha256 = "sha256-vW6FBd5RGsQhf/UJJ/bRhFSUYI5AHmOmK4MMMfthNUQ="; + sha256 = "sha256-pPmC/coHF9jEa/57UBMC+QqvKlMChF1VC0nIc5aB/rI="; }; # listed in backend/src/hatchling/ouroboros.py diff --git a/pkgs/development/python-modules/jsonschema/default.nix b/pkgs/development/python-modules/jsonschema/default.nix index cde909e79b83..2ccbacbf61c8 100644 --- a/pkgs/development/python-modules/jsonschema/default.nix +++ b/pkgs/development/python-modules/jsonschema/default.nix @@ -14,16 +14,20 @@ buildPythonPackage rec { pname = "jsonschema"; - version = "4.9.1"; + version = "4.13.0"; format = "pyproject"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - sha256 = "sha256-QIxMjtDe3jsmj3pEF4T3QgY4CwT5PrLVN8e++z3zCZ8="; + sha256 = "sha256-N3ZRLfT1P3Tm4o/jVxe1siPBdWh1SGmEoxvJFl5/ySA="; }; + patches = [ + ./remove-fancy-pypi-readme.patch + ]; + postPatch = '' patchShebangs json/bin/jsonschema_suite ''; diff --git a/pkgs/development/python-modules/jsonschema/remove-fancy-pypi-readme.patch b/pkgs/development/python-modules/jsonschema/remove-fancy-pypi-readme.patch new file mode 100644 index 000000000000..7124e5a6263b --- /dev/null +++ b/pkgs/development/python-modules/jsonschema/remove-fancy-pypi-readme.patch @@ -0,0 +1,33 @@ +--- a/pyproject.toml 2022-08-21 05:04:18.443484836 +0200 ++++ b/pyproject.toml 2022-08-21 05:04:50.789353514 +0200 +@@ -76,30 +76,6 @@ + Changelog = "https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst" + Source = "https://github.com/python-jsonschema/jsonschema" + +-[tool.hatch.metadata.hooks.fancy-pypi-readme] +-content-type = "text/x-rst" +- +-[[tool.hatch.metadata.hooks.fancy-pypi-readme.fragments]] +-path = "README.rst" +-end-before = ".. start cut from PyPI" +- +-[[tool.hatch.metadata.hooks.fancy-pypi-readme.fragments]] +-path = "README.rst" +-start-after = ".. end cut from PyPI\n\n\n" +- +-[[tool.hatch.metadata.hooks.fancy-pypi-readme.fragments]] +-text = """ +- +- +-Release Information +-------------------- +- +-""" +- +-[[tool.hatch.metadata.hooks.fancy-pypi-readme.fragments]] +-path = "CHANGELOG.rst" +-pattern = "(^v.+?)\nv" +- + [tool.isort] + from_first = true + include_trailing_comma = true diff --git a/pkgs/development/python-modules/markdown/default.nix b/pkgs/development/python-modules/markdown/default.nix index 999fe2682b8c..da3a8af52058 100644 --- a/pkgs/development/python-modules/markdown/default.nix +++ b/pkgs/development/python-modules/markdown/default.nix @@ -9,16 +9,16 @@ buildPythonPackage rec { pname = "markdown"; - version = "3.3.7"; + version = "3.4.1"; - disabled = pythonOlder "3.6"; + disabled = pythonOlder "3.7"; format = "setuptools"; src = fetchPypi { pname = "Markdown"; inherit version; - sha256 = "cbb516f16218e643d8e0a95b309f77eb118cb138d39a4f27851e6a63581db874"; + sha256 = "3b809086bb6efad416156e00a0da66fe47618a5d6918dd688f53f40c8e4cfeff"; }; propagatedBuildInputs = lib.optionals (pythonOlder "3.10") [ diff --git a/pkgs/development/python-modules/pygments/default.nix b/pkgs/development/python-modules/pygments/default.nix index c8759a2fe056..e5c2ca53686c 100644 --- a/pkgs/development/python-modules/pygments/default.nix +++ b/pkgs/development/python-modules/pygments/default.nix @@ -10,12 +10,12 @@ let pygments = buildPythonPackage rec { pname = "pygments"; - version = "2.12.0"; + version = "2.13.0"; src = fetchPypi { pname = "Pygments"; inherit version; - sha256 = "sha256-XrEWEY+WEv8e6JrJZDe7a0no8E2KE7UUuib2ICCOJus="; + sha256 = "sha256-VqhQiulfmOK5vfk6a+WuP32K+Fi0PgLFov8INya+QME="; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/pytest-aiohttp/default.nix b/pkgs/development/python-modules/pytest-aiohttp/default.nix index bc9d4c37a876..728544bd2618 100644 --- a/pkgs/development/python-modules/pytest-aiohttp/default.nix +++ b/pkgs/development/python-modules/pytest-aiohttp/default.nix @@ -14,6 +14,8 @@ buildPythonPackage rec { format = "setuptools"; + __darwinAllowLocalNetworking = true; + src = fetchPypi { inherit pname version; sha256 = "39ff3a0d15484c01d1436cbedad575c6eafbf0f57cdf76fb94994c97b5b8c5a4"; diff --git a/pkgs/development/python-modules/python-socks/default.nix b/pkgs/development/python-modules/python-socks/default.nix index 5254a6cbab25..b0d0fbd36616 100644 --- a/pkgs/development/python-modules/python-socks/default.nix +++ b/pkgs/development/python-modules/python-socks/default.nix @@ -19,6 +19,8 @@ buildPythonPackage rec { disabled = pythonOlder "3.6.1"; + __darwinAllowLocalNetworking = true; + src = fetchFromGitHub { owner = "romis2012"; repo = pname; diff --git a/pkgs/development/python-modules/requests/default.nix b/pkgs/development/python-modules/requests/default.nix index 9b19c7b9c256..5eab25fa3e15 100644 --- a/pkgs/development/python-modules/requests/default.nix +++ b/pkgs/development/python-modules/requests/default.nix @@ -20,6 +20,8 @@ buildPythonPackage rec { version = "2.28.1"; disabled = pythonOlder "3.7"; + __darwinAllowLocalNetworking = true; + src = fetchPypi { inherit pname version; hash = "sha256-fFWZsQL+3apmHIJsVqtP7ii/0X9avKHrvj5/GdfJeYM="; diff --git a/pkgs/development/python-modules/responses/default.nix b/pkgs/development/python-modules/responses/default.nix index 1343aa6cfd01..21e3dd38cdb8 100644 --- a/pkgs/development/python-modules/responses/default.nix +++ b/pkgs/development/python-modules/responses/default.nix @@ -15,6 +15,8 @@ buildPythonPackage rec { disabled = pythonOlder "3.7"; + __darwinAllowLocalNetworking = true; + src = fetchFromGitHub { owner = "getsentry"; repo = pname; diff --git a/pkgs/development/python-modules/setuptools-rust/default.nix b/pkgs/development/python-modules/setuptools-rust/default.nix index 2f331bace589..0afa482960c6 100644 --- a/pkgs/development/python-modules/setuptools-rust/default.nix +++ b/pkgs/development/python-modules/setuptools-rust/default.nix @@ -11,12 +11,12 @@ buildPythonPackage rec { pname = "setuptools-rust"; - version = "1.5.0"; + version = "1.5.1"; disabled = pythonOlder "3.6"; src = fetchPypi { inherit pname version; - sha256 = "sha256-C4rrgUr+Dp18MVaewJNtH1IBmTUwY5JE+pc+F0IAVnE="; + sha256 = "sha256-DgXkVmRdWUKcsQITcK7ec8B2DpNgu/2q77W87VMOudc="; }; nativeBuildInputs = [ setuptools-scm ]; diff --git a/pkgs/development/python-modules/twisted/default.nix b/pkgs/development/python-modules/twisted/default.nix index 7779f0531370..6689a2ce80d3 100644 --- a/pkgs/development/python-modules/twisted/default.nix +++ b/pkgs/development/python-modules/twisted/default.nix @@ -56,6 +56,8 @@ buildPythonPackage rec { sha256 = "sha256-oEeZD1ffrh4L0rffJSbU8W3NyEN3TcEIt4xS8qXxNoA="; }; + __darwinAllowLocalNetworking = true; + propagatedBuildInputs = [ attrs automat diff --git a/pkgs/development/python-modules/werkzeug/default.nix b/pkgs/development/python-modules/werkzeug/default.nix index aaaecc6098fa..d31fd1569f28 100644 --- a/pkgs/development/python-modules/werkzeug/default.nix +++ b/pkgs/development/python-modules/werkzeug/default.nix @@ -9,11 +9,12 @@ , pytest-timeout , pytest-xprocess , pytestCheckHook +, markupsafe }: buildPythonPackage rec { pname = "werkzeug"; - version = "2.1.2"; + version = "2.2.2"; format = "setuptools"; disabled = pythonOlder "3.7"; @@ -21,10 +22,12 @@ buildPythonPackage rec { src = fetchPypi { pname = "Werkzeug"; inherit version; - sha256 = "sha256-HOCOgJPtZ9Y41jh5/Rujc1gX96gN42dNKT9ZhPJftuY="; + sha256 = "sha256-fqLUgyLMfA+LOiFe1z6r17XXXQtQ4xqwBihsz/ngC48="; }; - propagatedBuildInputs = lib.optionals (!stdenv.isDarwin) [ + propagatedBuildInputs = [ + markupsafe + ] ++ lib.optionals (!stdenv.isDarwin) [ # watchdog requires macos-sdk 10.13+ watchdog ] ++ lib.optionals (pythonOlder "3.7") [ diff --git a/pkgs/development/ruby-modules/gem-config/default.nix b/pkgs/development/ruby-modules/gem-config/default.nix index 5a6d885159a5..4e935c6537a1 100644 --- a/pkgs/development/ruby-modules/gem-config/default.nix +++ b/pkgs/development/ruby-modules/gem-config/default.nix @@ -20,7 +20,7 @@ { lib, fetchurl, writeScript, ruby, libkrb5, libxml2, libxslt, python2, stdenv, which , libiconv, postgresql, v8, clang, sqlite, zlib, imagemagick, lasem , pkg-config , ncurses, xapian, gpgme, util-linux, tzdata, icu, libffi -, cmake, libssh2, openssl, libmysqlclient, git, perl, pcre, gecode_3, curl +, cmake, libssh2, openssl, openssl_1_1, libmysqlclient, git, perl, pcre, gecode_3, curl , msgpack, libsodium, snappy, libossp_uuid, lxc, libpcap, xorg, gtk2, buildRubyGem , cairo, re2, rake, gobject-introspection, gdk-pixbuf, zeromq, czmq, graphicsmagick, libcxx , file, libvirt, glib, vips, taglib, libopus, linux-pam, libidn, protobuf, fribidi, harfbuzz @@ -478,7 +478,8 @@ in }; openssl = attrs: { - buildInputs = [ openssl ]; + # https://github.com/ruby/openssl/issues/369 + buildInputs = [ openssl_1_1 ]; }; opus-ruby = attrs: { diff --git a/pkgs/development/tools/build-managers/cmake/001-search-path.diff b/pkgs/development/tools/build-managers/cmake/001-search-path.diff index c059bf5bffc3..607668b13155 100644 --- a/pkgs/development/tools/build-managers/cmake/001-search-path.diff +++ b/pkgs/development/tools/build-managers/cmake/001-search-path.diff @@ -12,7 +12,7 @@ index b9381c3d7d..5e944640b5 100644 # CMake install location "${_CMAKE_INSTALL_DIR}" ) -@@ -47,48 +44,46 @@ endif() +@@ -47,48 +44,48 @@ endif() # Non "standard" but common install prefixes list(APPEND CMAKE_SYSTEM_PREFIX_PATH @@ -22,7 +22,9 @@ index b9381c3d7d..5e944640b5 100644 ) # List common include file locations not under the common prefixes. -+if(IS_DIRECTORY $ENV{NIX_CC}) ++if(IS_DIRECTORY $ENV{NIX_CC} ++ AND EXISTS $ENV{NIX_CC}/nix-support/orig-libc ++ AND EXISTS $ENV{NIX_CC}/nix-support/orig-libc-dev) + file(STRINGS "$ENV{NIX_CC}/nix-support/orig-libc" _nix_cmake_libc) + file(STRINGS "$ENV{NIX_CC}/nix-support/orig-libc-dev" _nix_cmake_libc_dev) +else() diff --git a/pkgs/development/tools/build-managers/cmake/default.nix b/pkgs/development/tools/build-managers/cmake/default.nix index 0bdc6514cf7e..7badaccf8ab1 100644 --- a/pkgs/development/tools/build-managers/cmake/default.nix +++ b/pkgs/development/tools/build-managers/cmake/default.nix @@ -37,11 +37,11 @@ stdenv.mkDerivation rec { + lib.optionalString isBootstrap "-boot" + lib.optionalString cursesUI "-cursesUI" + lib.optionalString qt5UI "-qt5UI"; - version = "3.24.0"; + version = "3.24.1"; src = fetchurl { url = "https://cmake.org/files/v${lib.versions.majorMinor version}/cmake-${version}.tar.gz"; - sha256 = "sha256-wrYffN7LFXbK0l+Rio9CuGhdiKgy/UtiueD6MukVplg="; + sha256 = "sha256-STHid6TbGoBfE7qnATp3V6DL/lt5MogpJccGHZ0fqCs="; }; patches = [ diff --git a/pkgs/development/tools/build-managers/waf/default.nix b/pkgs/development/tools/build-managers/waf/default.nix index c0707a1cd935..8fcb5f2dbac1 100644 --- a/pkgs/development/tools/build-managers/waf/default.nix +++ b/pkgs/development/tools/build-managers/waf/default.nix @@ -8,13 +8,13 @@ let in stdenv.mkDerivation rec { pname = "waf"; - version = "2.0.23"; + version = "2.0.24"; src = fetchFromGitLab { owner = "ita1024"; repo = "waf"; rev = "${pname}-${version}"; - sha256 = "sha256-AASjkXb3eCVjbuT0GOwhagoNHxG7/XP1Mj0i1U4j13Q="; + sha256 = "sha256-nunPDYAy0yfDJpsc+E8SyyFLny19wwrVzxeUOhh7nc4="; }; nativeBuildInputs = [ python3 ensureNewerSourcesForZipFilesHook ]; diff --git a/pkgs/development/tools/misc/libtool/libtool2.nix b/pkgs/development/tools/misc/libtool/libtool2.nix index 92a230374df6..8625a421af64 100644 --- a/pkgs/development/tools/misc/libtool/libtool2.nix +++ b/pkgs/development/tools/misc/libtool/libtool2.nix @@ -38,10 +38,9 @@ stdenv.mkDerivation rec { # libtool commit da2e352735722917bf0786284411262195a6a3f6 changed # the shebang from `/bin/sh` (which is a special sandbox exception) # to `/usr/bin/env sh`, meaning that we now need to patch shebangs - # in libtoolize and ltmain.sh since `dontPatchShebangs` is set: + # in libtoolize.in: '' substituteInPlace libtoolize.in --replace '#! /usr/bin/env sh' '#!${runtimeShell}' - substituteInPlace build-aux/ltmain.in --replace '#! /usr/bin/env sh' '#!${runtimeShell}' ''; strictDeps = true; diff --git a/pkgs/development/tools/rust/rustup/default.nix b/pkgs/development/tools/rust/rustup/default.nix index 65bad79aa8c3..12e69bae20ba 100644 --- a/pkgs/development/tools/rust/rustup/default.nix +++ b/pkgs/development/tools/rust/rustup/default.nix @@ -6,6 +6,7 @@ , rustPlatform , makeWrapper , pkg-config +, openssl , curl , zlib , Security @@ -36,7 +37,7 @@ rustPlatform.buildRustPackage rec { nativeBuildInputs = [ makeWrapper pkg-config ]; buildInputs = [ - curl + (curl.override { inherit openssl; }) zlib ] ++ lib.optionals stdenv.isDarwin [ CoreServices Security libiconv xz ]; diff --git a/pkgs/development/tools/spirv-tools/default.nix b/pkgs/development/tools/spirv-tools/default.nix index 7abd150c2752..150df6e25093 100644 --- a/pkgs/development/tools/spirv-tools/default.nix +++ b/pkgs/development/tools/spirv-tools/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "spirv-tools"; - version = "1.3.216.0"; + version = "1.3.224.0"; src = (assert version == spirv-headers.version; fetchFromGitHub { owner = "KhronosGroup"; repo = "SPIRV-Tools"; rev = "sdk-${version}"; - hash = "sha256-NWpFSRoxtYWi+hLUt9gpw0YScM3shcUwv9yUmbivRb0="; + hash = "sha256-jpVvjrNrTAKUY4sjUT/gCUElLtW4BrznH1DbStojGB8="; } ); diff --git a/pkgs/development/tools/vulkan-validation-layers/default.nix b/pkgs/development/tools/vulkan-validation-layers/default.nix index 28b47bb99820..1ae5e520e0f7 100644 --- a/pkgs/development/tools/vulkan-validation-layers/default.nix +++ b/pkgs/development/tools/vulkan-validation-layers/default.nix @@ -22,7 +22,7 @@ let in stdenv.mkDerivation rec { pname = "vulkan-validation-layers"; - version = "1.3.216.0"; + version = "1.3.224.0"; # If we were to use "dev" here instead of headers, the setupHook would be # placed in that output instead of "out". @@ -34,7 +34,7 @@ stdenv.mkDerivation rec { owner = "KhronosGroup"; repo = "Vulkan-ValidationLayers"; rev = "sdk-${version}"; - hash = "sha256-ri6ImAuskbvYL/ZM8kaVDZRP2v1qfSaafVacwwRF424="; + hash = "sha256-MmAxUuV9CVJ6LHUb6ePEiE37meDB1TqPAwLsPdHQ1u8="; }); # Include absolute paths to layer libraries in their associated diff --git a/pkgs/development/web/nodejs/v14.nix b/pkgs/development/web/nodejs/v14.nix index ab2d2c01bc18..457e0ff29e1a 100644 --- a/pkgs/development/web/nodejs/v14.nix +++ b/pkgs/development/web/nodejs/v14.nix @@ -1,7 +1,8 @@ -{ callPackage, python3, lib, stdenv, enableNpm ? true }: +{ callPackage, python3, lib, stdenv, openssl, enableNpm ? true }: let buildNodejs = callPackage ./nodejs.nix { + inherit openssl; python = python3; }; in diff --git a/pkgs/os-specific/linux/bluez/default.nix b/pkgs/os-specific/linux/bluez/default.nix index d09ef77fb0d8..ff8fbb460b27 100644 --- a/pkgs/os-specific/linux/bluez/default.nix +++ b/pkgs/os-specific/linux/bluez/default.nix @@ -1,7 +1,6 @@ { stdenv , lib , fetchurl -, fetchpatch , alsa-lib , dbus , ell @@ -23,11 +22,11 @@ ]; in stdenv.mkDerivation rec { pname = "bluez"; - version = "5.64"; + version = "5.65"; src = fetchurl { url = "mirror://kernel/linux/bluetooth/${pname}-${version}.tar.xz"; - sha256 = "sha256-rkN+ZbazBwwZi8WwEJ/pzeueqjhzgOIHL53mX+ih3jQ="; + sha256 = "sha256-JWWk1INUtXbmrZLiW1TtZoCCllgciruAWHBR+Zk9ltQ="; }; buildInputs = [ @@ -50,17 +49,6 @@ in stdenv.mkDerivation rec { outputs = [ "out" "dev" "test" ]; - patches = [ - # https://github.com/bluez/bluez/commit/0905a06410d4a5189f0be81e25eb3c3e8a2199c5 - # which fixes https://github.com/bluez/bluez/issues/329 - # and is already merged upstream and not yet in a release. - (fetchpatch { - name = "StateDirectory_and_ConfigurationDirectory.patch"; - url = "https://github.com/bluez/bluez/commit/0905a06410d4a5189f0be81e25eb3c3e8a2199c5.patch"; - sha256 = "sha256-MI6yPTiDLHsSTjLvNqtWnuy2xUMYpSat1WhMbeoedSM="; - }) - ]; - postPatch = '' substituteInPlace tools/hid2hci.rules \ --replace /sbin/udevadm ${systemdMinimal}/bin/udevadm \ diff --git a/pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix b/pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix index 85fcfc9c554d..16f3d836833d 100644 --- a/pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix +++ b/pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix @@ -3,7 +3,7 @@ , fetchFromGitHub , cmake , nasm -, openssl +, openssl_1_1 , python3 , extraCmakeFlags ? [ ] }: @@ -30,7 +30,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ cmake nasm - openssl + openssl_1_1 python3 ]; } diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index d2d6146c5d60..81a1d8d238fd 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -83,7 +83,7 @@ , withHostnamed ? true , withHwdb ? true , withImportd ? !stdenv.hostPlatform.isMusl -, withLibBPF ? false # currently fails while generating BPF objects +, withLibBPF ? true , withLocaled ? true , withLogind ? true , withMachined ? true @@ -207,6 +207,10 @@ stdenv.mkDerivation { --replace \ "run_command(cc.cmd_array(), '-print-prog-name=objcopy', check: true).stdout().strip()" \ "'${stdenv.cc.bintools.targetPrefix}objcopy'" + '' + lib.optionalString withLibBPF '' + # BPF does not work with stack protector + substituteInPlace src/core/bpf/meson.build \ + --replace "clang_flags = [" "clang_flags = [ '-fno-stack-protector'," '' + ( let # The following patches references to dynamic libraries to ensure that diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index cb323e623bed..d57fdba7310b 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -14,11 +14,11 @@ stdenv.mkDerivation rec { pname = "util-linux" + lib.optionalString (!nlsSupport && !ncursesSupport && !systemdSupport) "-minimal"; - version = "2.38"; + version = "2.38.1"; src = fetchurl { url = "mirror://kernel/linux/utils/util-linux/v${lib.versions.majorMinor version}/util-linux-${version}.tar.xz"; - hash = "sha256-bREcvk1VszbbLx++/7xluJkIcEwBE2Nx0yqpvsNz62Q="; + hash = "sha256-YEkqGbRObPmj3f9oMlszO4tStsWc4+vWoOyqTFEX6E8="; }; patches = [ diff --git a/pkgs/os-specific/windows/mingw-w64/default.nix b/pkgs/os-specific/windows/mingw-w64/default.nix index 569b149868ff..316907f5f679 100644 --- a/pkgs/os-specific/windows/mingw-w64/default.nix +++ b/pkgs/os-specific/windows/mingw-w64/default.nix @@ -1,14 +1,14 @@ { lib, stdenv, windows, fetchurl }: let - version = "9.0.0"; + version = "10.0.0"; in stdenv.mkDerivation { pname = "mingw-w64"; inherit version; src = fetchurl { url = "mirror://sourceforge/mingw-w64/mingw-w64-v${version}.tar.bz2"; - sha256 = "10a15bi4lyfi0k0haj0klqambicwma6yi7vssgbz8prg815vja8r"; + hash = "sha256-umtDCu1yxjo3aFMfaj/8Kw/eLFejslFFDc9ImolPCJQ="; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/servers/misc/oven-media-engine/default.nix b/pkgs/servers/misc/oven-media-engine/default.nix index 02e904fa98e6..76357bb4d8ab 100644 --- a/pkgs/servers/misc/oven-media-engine/default.nix +++ b/pkgs/servers/misc/oven-media-engine/default.nix @@ -5,7 +5,7 @@ , bc , pkg-config , perl -, openssl_3 +, openssl , zlib , ffmpeg , libvpx @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; nativeBuildInputs = [ bc pkg-config perl ]; - buildInputs = [ openssl_3 srt zlib ffmpeg libvpx libopus srtp jemalloc pcre2 libuuid ]; + buildInputs = [ openssl srt zlib ffmpeg libvpx libopus srtp jemalloc pcre2 libuuid ]; preBuild = '' patchShebangs core/colorg++ diff --git a/pkgs/servers/sql/mariadb/default.nix b/pkgs/servers/sql/mariadb/default.nix index 672354051d40..686b839c6df8 100644 --- a/pkgs/servers/sql/mariadb/default.nix +++ b/pkgs/servers/sql/mariadb/default.nix @@ -2,7 +2,7 @@ # Native buildInputs components , bison, boost, cmake, fixDarwinDylibNames, flex, makeWrapper, pkg-config # Common components -, curl, libiconv, ncurses, openssl, pcre, pcre2 +, curl, libiconv, ncurses, openssl, openssl_1_1, pcre, pcre2 , libkrb5, libaio, liburing, systemd , CoreServices, cctools, perl , jemalloc, less, libedit @@ -39,13 +39,16 @@ commonOptions = packageSettings: rec { # attributes common to both builds ++ lib.optional (!stdenv.hostPlatform.isDarwin) makeWrapper; buildInputs = [ - curl libiconv ncurses openssl zlib + libiconv ncurses zlib ] ++ (packageSettings.extraBuildInputs or []) ++ lib.optionals stdenv.hostPlatform.isLinux ([ libkrb5 systemd ] ++ (if (lib.versionOlder version "10.6") then [ libaio ] else [ liburing ])) ++ lib.optionals stdenv.hostPlatform.isDarwin [ CoreServices cctools perl libedit ] ++ lib.optional (!stdenv.hostPlatform.isDarwin) [ jemalloc ] - ++ (if (lib.versionOlder version "10.5") then [ pcre ] else [ pcre2 ]); + ++ (if (lib.versionOlder version "10.5") then [ pcre ] else [ pcre2 ]) + ++ (if (lib.versionOlder version "10.8") + then [ openssl_1_1 (curl.override { openssl = openssl_1_1; }) ] + else [ openssl curl ]); prePatch = '' sed -i 's,[^"]*/var/log,/var/log,g' storage/mroonga/vendor/groonga/CMakeLists.txt diff --git a/pkgs/servers/sql/mysql/8.0.x.nix b/pkgs/servers/sql/mysql/8.0.x.nix index a59bd44fb028..d40d42a41d07 100644 --- a/pkgs/servers/sql/mysql/8.0.x.nix +++ b/pkgs/servers/sql/mysql/8.0.x.nix @@ -23,7 +23,7 @@ self = stdenv.mkDerivation rec { ''; buildInputs = [ - boost curl icu libedit libevent lz4 ncurses openssl protobuf re2 readline zlib + boost (curl.override { inherit openssl; }) icu libedit libevent lz4 ncurses openssl protobuf re2 readline zlib zstd libfido2 ] ++ lib.optionals stdenv.isLinux [ numactl libtirpc diff --git a/pkgs/servers/sql/proxysql/default.nix b/pkgs/servers/sql/proxysql/default.nix index f4c244e6632a..94d6e28c569b 100644 --- a/pkgs/servers/sql/proxysql/default.nix +++ b/pkgs/servers/sql/proxysql/default.nix @@ -20,7 +20,7 @@ , libuuid , lz4 , nlohmann_json -, openssl_3 +, openssl , pcre , perl , python2 @@ -55,7 +55,7 @@ stdenv.mkDerivation rec { buildInputs = [ bison - (curl.override { openssl = openssl_3; }) + curl flex gnutls libgcrypt @@ -101,7 +101,7 @@ stdenv.mkDerivation rec { { f = "libev"; p = libev; } { f = "libinjection"; p = libinjection; } { f = "libmicrohttpd"; p = libmicrohttpd_0_9_70; } - { f = "libssl"; p = openssl_3; } + { f = "libssl"; p = openssl; } { f = "lz4"; p = lz4; } { f = "pcre"; p = pcre; } { f = "re2"; p = re2; } diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index 0ba8d1018233..f0fcb30451dd 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -2,7 +2,6 @@ __nixpkgs_setup_set_original=$- set -eu set -o pipefail -shopt -s inherit_errexit if [[ -n "${BASH_VERSINFO-}" && "${BASH_VERSINFO-}" -lt 4 ]]; then echo "Detected Bash version that isn't supported by Nixpkgs (${BASH_VERSION})" @@ -10,6 +9,8 @@ if [[ -n "${BASH_VERSINFO-}" && "${BASH_VERSINFO-}" -lt 4 ]]; then exit 1 fi +shopt -s inherit_errexit + if (( "${NIX_DEBUG:-0}" >= 6 )); then set -x fi diff --git a/pkgs/tools/backup/percona-xtrabackup/generic.nix b/pkgs/tools/backup/percona-xtrabackup/generic.nix index 4caafcae679b..2ea2088645e4 100644 --- a/pkgs/tools/backup/percona-xtrabackup/generic.nix +++ b/pkgs/tools/backup/percona-xtrabackup/generic.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ bison boost cmake makeWrapper pkg-config ]; buildInputs = [ - curl cyrus_sasl libaio libedit libev libevent libgcrypt libgpg-error lz4 + (curl.override { inherit openssl; }) cyrus_sasl libaio libedit libev libevent libgcrypt libgpg-error lz4 ncurses numactl openssl protobuf valgrind xxd zlib ] ++ (with perlPackages; [ perl DBI DBDmysql ]); diff --git a/pkgs/tools/compression/lz4/default.nix b/pkgs/tools/compression/lz4/default.nix index 94f739a6c532..bf048eeb87df 100644 --- a/pkgs/tools/compression/lz4/default.nix +++ b/pkgs/tools/compression/lz4/default.nix @@ -1,32 +1,19 @@ -{ lib, stdenv, fetchFromGitHub, valgrind, fetchpatch +{ lib, stdenv, fetchFromGitHub, valgrind , enableStatic ? stdenv.hostPlatform.isStatic , enableShared ? !stdenv.hostPlatform.isStatic }: stdenv.mkDerivation rec { pname = "lz4"; - version = "1.9.3"; + version = "1.9.4"; src = fetchFromGitHub { - sha256 = "1w02kazh1fps3sji2sn89fz862j1199c5ajrqcgl1bnlxj09kcbz"; + sha256 = "sha256-YiMCD3vvrG+oxBUghSrCmP2LAfAGZrEaKz0YoaQJhpI="; rev = "v${version}"; repo = pname; owner = pname; }; - patches = [ - (fetchpatch { # https://github.com/lz4/lz4/pull/972 - name = "CVE-2021-3520.patch"; - url = "https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7.patch"; - sha256 = "0r1cwpqdkdc8im0pf2r5jp7mwwn69xcw405rrk7rc0mpjcp5ydfk"; - }) - (fetchpatch { # https://github.com/lz4/lz4/pull/973 - name = "avoid-null-pointer-dereference.patch"; - url = "https://github.com/lz4/lz4/commit/29a6a1f4941e7243241fe00d6c13b749fd6b60c2.patch"; - sha256 = "0v5yl5hd3qrfm3xm7m06j4b21qwllb4cqkjn2az7x1vnzqgpf8y7"; - }) - ]; - # TODO(@Ericson2314): Separate binaries and libraries outputs = [ "bin" "out" "dev" ]; diff --git a/pkgs/tools/compression/xz/default.nix b/pkgs/tools/compression/xz/default.nix index 75a58d011cef..86df04c26691 100644 --- a/pkgs/tools/compression/xz/default.nix +++ b/pkgs/tools/compression/xz/default.nix @@ -1,5 +1,6 @@ { lib, stdenv, fetchurl , enableStatic ? stdenv.hostPlatform.isStatic +, writeScript }: # Note: this package is used for bootstrapping fetchurl, and thus @@ -9,11 +10,11 @@ stdenv.mkDerivation rec { pname = "xz"; - version = "5.2.5"; + version = "5.2.6"; src = fetchurl { url = "https://tukaani.org/xz/xz-${version}.tar.bz2"; - sha256 = "1ps2i8i212n0f4xpq6clp7h13q7m1y8slqvxha9i8d0bj0qgj5si"; + sha256 = "E+NALjAbYBj2px7w5Jf3FMbRHiFK6C2rFWuBwqZKyyU="; }; strictDeps = true; @@ -34,6 +35,21 @@ stdenv.mkDerivation rec { postInstall = "rm -rf $out/share/doc"; + passthru = { + updateScript = writeScript "update-xz" '' + #!/usr/bin/env nix-shell + #!nix-shell -i bash -p curl pcre common-updater-scripts + + set -eu -o pipefail + + # Expect the text in format of '>xz-5.2.6.tar.bz2' + # We pick first match where a stable release goes first. + new_version="$(curl -s https://tukaani.org/xz/ | + pcregrep -o1 '>xz-([0-9.]+)[.]tar[.]bz2')" + update-source-version ${pname} "$new_version" + ''; + }; + meta = with lib; { homepage = "https://tukaani.org/xz/"; description = "A general-purpose data compression software, successor of LZMA"; diff --git a/pkgs/tools/graphics/graphviz/default.nix b/pkgs/tools/graphics/graphviz/default.nix index 96a7ffb2ed49..2915474735fe 100644 --- a/pkgs/tools/graphics/graphviz/default.nix +++ b/pkgs/tools/graphics/graphviz/default.nix @@ -29,13 +29,13 @@ let in stdenv.mkDerivation rec { pname = "graphviz"; - version = "5.0.0"; + version = "5.0.1"; src = fetchFromGitLab { owner = "graphviz"; repo = "graphviz"; rev = version; - sha256 = "sha256-vDqVJJg2ezYGZPp7UtpvWfCypLBqRrr0aPMSyEN+IQo="; + sha256 = "sha256-lcU6Pb45kg7AxXQ9lmqwAazT2JpGjBz4PzK+S5lpYa0="; }; nativeBuildInputs = [ diff --git a/pkgs/tools/graphics/vulkan-extension-layer/default.nix b/pkgs/tools/graphics/vulkan-extension-layer/default.nix index 466f29378533..2a8e999565d1 100644 --- a/pkgs/tools/graphics/vulkan-extension-layer/default.nix +++ b/pkgs/tools/graphics/vulkan-extension-layer/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "vulkan-extension-layer"; - version = "1.3.216.0"; + version = "1.3.224.0"; src = (assert version == vulkan-headers.version; fetchFromGitHub { owner = "KhronosGroup"; repo = "Vulkan-ExtensionLayer"; rev = "sdk-${version}"; - hash = "sha256-h38LxV8G72Xxh44212IoGKQ0tKXwBnSpBjTB2gsr1zA="; + hash = "sha256-KOlwtfuAYWzUFtf0NOJCNzWW+/ogRUgkaWw8NdW2vb8="; }); nativeBuildInputs = [ cmake jq ]; diff --git a/pkgs/tools/graphics/vulkan-tools-lunarg/default.nix b/pkgs/tools/graphics/vulkan-tools-lunarg/default.nix index df0e9398eb7b..be708e6c605f 100644 --- a/pkgs/tools/graphics/vulkan-tools-lunarg/default.nix +++ b/pkgs/tools/graphics/vulkan-tools-lunarg/default.nix @@ -23,14 +23,14 @@ stdenv.mkDerivation rec { pname = "vulkan-tools-lunarg"; # The version must match that in vulkan-headers - version = "1.3.216.0"; + version = "1.3.224.0"; src = (assert version == vulkan-headers.version; fetchFromGitHub { owner = "LunarG"; repo = "VulkanTools"; rev = "sdk-${version}"; - hash = "sha256-NhYQSL5iU7iSO5Q6lp1iwhbi5GEfD11MDmBn9Uk1jm0="; + hash = "sha256-YQv6YboyQJjLTEKspZQdV8YFhHux/4RIncHXOsz1cBw="; fetchSubmodules = true; }); diff --git a/pkgs/tools/graphics/vulkan-tools/default.nix b/pkgs/tools/graphics/vulkan-tools/default.nix index 3660632e16e0..93663ec2a2c6 100644 --- a/pkgs/tools/graphics/vulkan-tools/default.nix +++ b/pkgs/tools/graphics/vulkan-tools/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { pname = "vulkan-tools"; - version = "1.3.216.0"; + version = "1.3.224.0"; # It's not strictly necessary to have matching versions here, however # since we're using the SDK version we may as well be consistent with @@ -31,7 +31,7 @@ stdenv.mkDerivation rec { owner = "KhronosGroup"; repo = "Vulkan-Tools"; rev = "sdk-${version}"; - hash = "sha256-VEMeURNboiOwPGrtFGUt9ZyChj8pV0xcpydrarcwtF0="; + hash = "sha256-Z+QJBd2LBdiJD1fHhBLbOfOoLhqTg0J3tq+XQRSiQaY="; }); nativeBuildInputs = [ diff --git a/pkgs/tools/networking/openvpn/default.nix b/pkgs/tools/networking/openvpn/default.nix index 71a14b169ac1..f6d4590e3185 100644 --- a/pkgs/tools/networking/openvpn/default.nix +++ b/pkgs/tools/networking/openvpn/default.nix @@ -5,6 +5,7 @@ , iproute2 , lzo , openssl +, openssl_1_1 , pam , useSystemd ? stdenv.isLinux , systemd @@ -17,7 +18,7 @@ let inherit (lib) versionOlder optional optionals optionalString; - generic = { version, sha256 }: + generic = { version, sha256, extraBuildInputs ? [] }: let withIpRoute = stdenv.isLinux && (versionOlder version "2.5.4"); in @@ -33,11 +34,12 @@ let nativeBuildInputs = [ pkg-config ]; - buildInputs = [ lzo openssl ] + buildInputs = [ lzo ] ++ optional stdenv.isLinux pam ++ optional withIpRoute iproute2 ++ optional useSystemd systemd - ++ optional pkcs11Support pkcs11helper; + ++ optional pkcs11Support pkcs11helper + ++ extraBuildInputs; configureFlags = optionals withIpRoute [ "--enable-iproute2" @@ -75,10 +77,12 @@ in openvpn_24 = generic { version = "2.4.12"; sha256 = "1vjx82nlkxrgzfiwvmmlnz8ids5m2fiqz7scy1smh3j9jnf2v5b6"; + extraBuildInputs = [ openssl_1_1 ]; }; openvpn = generic { version = "2.5.6"; sha256 = "0gdd88rcan9vfiwkzsqn6fxxdim7kb1bsxrcra59c5xksprpwfik"; + extraBuildInputs = [ openssl ]; }; } diff --git a/pkgs/tools/security/gnupg/23.nix b/pkgs/tools/security/gnupg/23.nix index b93e533e6fd8..af28b4903df2 100644 --- a/pkgs/tools/security/gnupg/23.nix +++ b/pkgs/tools/security/gnupg/23.nix @@ -32,6 +32,14 @@ stdenv.mkDerivation rec { # Patch for DoS vuln from https://seclists.org/oss-sec/2022/q3/27 ./v3-0001-Disallow-compressed-signatures-and-certificates.patch + + # Fix regression when using YubiKey devices as smart cards. + # See https://dev.gnupg.org/T6070 for details. + # Committed upstream, remove this patch when updating to the next release. + (fetchpatch { + url = "https://dev.gnupg.org/rGf34b9147eb3070bce80d53febaa564164cd6c977?diff=1"; + sha256 = "sha256-J/PLSz8yiEgtGv+r3BTGTHrikV70AbbHQPo9xbjaHFE="; + }) ]; postPatch = '' sed -i 's,\(hkps\|https\)://keyserver.ubuntu.com,hkps://keys.openpgp.org,g' configure configure.ac doc/dirmngr.texi doc/gnupg.info-1 diff --git a/pkgs/tools/security/sbsigntool/default.nix b/pkgs/tools/security/sbsigntool/default.nix index 4c548bbd535f..34c5e4d235c8 100644 --- a/pkgs/tools/security/sbsigntool/default.nix +++ b/pkgs/tools/security/sbsigntool/default.nix @@ -35,12 +35,7 @@ stdenv.mkDerivation rec { automake --add-missing -Wno-portability ./configure --prefix=$out - ''; - - installPhase = '' - mkdir -p $out - make install - ''; + ''; meta = with lib; { description = "Tools for maintaining UEFI signature databases"; @@ -50,4 +45,3 @@ stdenv.mkDerivation rec { license = licenses.gpl3; }; } - diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index dcc7db2e2b5e..ca3e06f2aa4a 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -1193,6 +1193,7 @@ mapAliases ({ QmidiNet = throw "'QmidiNet' has been renamed to/replaced by 'qmidinet'"; # Converted to throw 2022-02-22 qca-qt5 = throw "'qca-qt5' has been renamed to/replaced by 'libsForQt5.qca-qt5'"; # Converted to throw 2022-02-22 + qca2 = throw "qca2 has been removed, because it depended on qt4"; # Added 2022-05-26 qcsxcad = libsForQt5.qcsxcad; # Added 2020-11-05 qflipper = qFlipper; # Added 2022-02-11 qmk_firmware = throw "qmk_firmware has been removed because it was broken"; # Added 2021-04-02 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 087d384479b7..98ed9529efd3 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1947,6 +1947,7 @@ with pkgs; apk-tools = callPackage ../tools/package-management/apk-tools { lua = lua5_3; + openssl = openssl_1_1; }; apkid = callPackage ../development/tools/apkid { }; @@ -2408,6 +2409,7 @@ with pkgs; dpt-rp1-py = callPackage ../tools/misc/dpt-rp1-py { }; dot-http = callPackage ../development/tools/dot-http { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; }; @@ -3445,7 +3447,9 @@ with pkgs; cot = with python3Packages; toPythonApplication cot; - coturn = callPackage ../servers/coturn { }; + coturn = callPackage ../servers/coturn { + openssl = openssl_1_1; + }; coursier = callPackage ../development/tools/coursier {}; @@ -4957,6 +4961,8 @@ with pkgs; libceph = ceph.lib; inherit (callPackages ../tools/filesystems/ceph { lua = lua5_4; + # needs to be the same openssl version as python/pyopenssl + curl = (curl.override { openssl = openssl_1_1; }); }) ceph ceph-client; @@ -5657,6 +5663,7 @@ with pkgs; dog = callPackage ../tools/system/dog { }; dogdns = callPackage ../tools/networking/dogdns { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; }; @@ -6677,6 +6684,7 @@ with pkgs; git-appraise = callPackage ../applications/version-management/git-and-tools/git-appraise {}; git-backup = callPackage ../applications/version-management/git-backup { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; }; @@ -6784,6 +6792,7 @@ with pkgs; git-subrepo = callPackage ../applications/version-management/git-and-tools/git-subrepo { }; git-subset = callPackage ../applications/version-management/git-and-tools/git-subset { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; }; @@ -6794,6 +6803,7 @@ with pkgs; git-test = callPackage ../applications/version-management/git-and-tools/git-test { }; git-trim = callPackage ../applications/version-management/git-and-tools/git-trim { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; }; @@ -6827,8 +6837,11 @@ with pkgs; gitkraken = callPackage ../applications/version-management/gitkraken { }; - gitlab = callPackage ../applications/version-management/gitlab { }; + gitlab = callPackage ../applications/version-management/gitlab { + openssl = openssl_1_1; + }; gitlab-ee = callPackage ../applications/version-management/gitlab { + openssl = openssl_1_1; gitlabEnterprise = true; }; @@ -7008,6 +7021,7 @@ with pkgs; google-guest-oslogin = callPackage ../tools/virtualization/google-guest-oslogin { }; google-cloud-cpp = callPackage ../development/libraries/google-cloud-cpp { + openssl = openssl_1_1; abseil-cpp = abseil-cpp.override { cxxStandard = "14"; }; @@ -7173,7 +7187,9 @@ with pkgs; efitools = callPackage ../tools/security/efitools { }; - sbsigntool = callPackage ../tools/security/sbsigntool { }; + sbsigntool = callPackage ../tools/security/sbsigntool { + openssl = openssl_1_1; + }; gsmartcontrol = callPackage ../tools/misc/gsmartcontrol { }; @@ -7450,7 +7466,9 @@ with pkgs; httpx = callPackage ../tools/security/httpx { }; - hurl = callPackage ../tools/networking/hurl { }; + hurl = callPackage ../tools/networking/hurl { + openssl = openssl_1_1; + }; hub = callPackage ../applications/version-management/git-and-tools/hub { }; @@ -7485,7 +7503,9 @@ with pkgs; jamulus = libsForQt5.callPackage ../applications/audio/jamulus { }; - ibm-sw-tpm2 = callPackage ../tools/security/ibm-sw-tpm2 { }; + ibm-sw-tpm2 = callPackage ../tools/security/ibm-sw-tpm2 { + openssl = openssl_1_1; + }; ibniz = callPackage ../tools/graphics/ibniz { }; @@ -7627,7 +7647,9 @@ with pkgs; ipfetch = callPackage ../tools/networking/ipfetch { }; - ipfs = callPackage ../applications/networking/ipfs { }; + ipfs = callPackage ../applications/networking/ipfs { + openssl = openssl_1_1; + }; ipfs-cluster = callPackage ../applications/networking/ipfs-cluster { }; ipfs-migrator-all-fs-repo-migrations = callPackage ../applications/networking/ipfs-migrator/all-migrations.nix { }; @@ -8298,14 +8320,18 @@ with pkgs; nodejs-slim = nodejs-slim-18_x; - nodejs-14_x = callPackage ../development/web/nodejs/v14.nix { }; + nodejs-14_x = callPackage ../development/web/nodejs/v14.nix { + openssl = openssl_1_1; + }; nodejs-slim-14_x = callPackage ../development/web/nodejs/v14.nix { + openssl = openssl_1_1; enableNpm = false; }; nodejs-16_x = callPackage ../development/web/nodejs/v16.nix { }; nodejs-slim-16_x = callPackage ../development/web/nodejs/v16.nix { enableNpm = false; }; + nodejs-16_x-openssl_1_1 = callPackage ../development/web/nodejs/v16.nix { }; nodejs-18_x = callPackage ../development/web/nodejs/v18.nix { }; nodejs-slim-18_x = callPackage ../development/web/nodejs/v18.nix { enableNpm = false; @@ -9301,7 +9327,9 @@ with pkgs; inherit (darwin.apple_sdk.frameworks) Security; }; - nzbget = callPackage ../tools/networking/nzbget { }; + nzbget = callPackage ../tools/networking/nzbget { + openssl = openssl_1_1; + }; nzbhydra2 = callPackage ../servers/nzbhydra2 { # You need Java (at least 8, at most 15) @@ -9691,10 +9719,16 @@ with pkgs; perceptualdiff = callPackage ../tools/graphics/perceptualdiff { }; percona-xtrabackup = percona-xtrabackup_8_0; - percona-xtrabackup_2_4 = callPackage ../tools/backup/percona-xtrabackup/2_4.nix - { stdenv = gcc10StdenvCompat; boost = boost159; }; - percona-xtrabackup_8_0 = callPackage ../tools/backup/percona-xtrabackup/8_0.nix - { stdenv = gcc10StdenvCompat; boost = boost170; }; + percona-xtrabackup_2_4 = callPackage ../tools/backup/percona-xtrabackup/2_4.nix { + stdenv = gcc10StdenvCompat; + boost = boost159; + openssl = openssl_1_1; + }; + percona-xtrabackup_8_0 = callPackage ../tools/backup/percona-xtrabackup/8_0.nix { + stdenv = gcc10StdenvCompat; + boost = boost170; + openssl = openssl_1_1; + }; pick = callPackage ../tools/misc/pick { }; @@ -10567,6 +10601,7 @@ with pkgs; s3cmd = python3Packages.callPackage ../tools/networking/s3cmd { }; s3rs = callPackage ../tools/networking/s3rs { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; }; @@ -12467,6 +12502,9 @@ with pkgs; yarn = callPackage ../development/tools/yarn { }; yarn2nix-moretea = callPackage ../development/tools/yarn2nix-moretea/yarn2nix { }; + yarn2nix-moretea-openssl_1_1 = callPackage ../development/tools/yarn2nix-moretea/yarn2nix { + nodejs = nodejs.override { openssl = openssl_1_1; }; + }; inherit (yarn2nix-moretea) yarn2nix @@ -14517,6 +14555,7 @@ with pkgs; }; rust-script = callPackage ../development/tools/rust/rust-script { }; rustup = callPackage ../development/tools/rust/rustup { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) CoreServices Security; }; rustup-toolchain-install-master = callPackage ../development/tools/rust/rustup-toolchain-install-master { @@ -14618,6 +14657,7 @@ with pkgs; swift = callPackage ../development/compilers/swift { }; swiProlog = callPackage ../development/compilers/swi-prolog { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; jdk = openjdk8; # TODO: remove override https://github.com/NixOS/nixpkgs/pull/89731 }; @@ -17688,6 +17728,7 @@ with pkgs; cyrus_sasl = callPackage ../development/libraries/cyrus-sasl { libkrb5 = if stdenv.isFreeBSD then libheimdal else libkrb5; + openssl = openssl_1_1; }; # Make bdb5 the default as it is the last release under the custom @@ -18701,6 +18742,15 @@ with pkgs; iml = callPackage ../development/libraries/iml { }; imlib2 = callPackage ../development/libraries/imlib2 { }; + imlib2Full = imlib2.override { + # Compilation error on Darwin with librsvg. For more information see: + # https://github.com/NixOS/nixpkgs/pull/166452#issuecomment-1090725613 + svgSupport = !stdenv.isDarwin; + heifSupport = !stdenv.isDarwin; + webpSupport = true; + jxlSupport = true; + psSupport = true; + }; imlib2-nox = imlib2.override { x11Support = false; }; @@ -18839,6 +18889,8 @@ with pkgs; krb5 = callPackage ../development/libraries/kerberos/krb5.nix { inherit (buildPackages.darwin) bootstrap_cmds; + # TODO: can be removed once we have 1.20 + openssl = openssl_1_1; }; krb5Full = krb5; libkrb5 = krb5.override { type = "lib"; }; @@ -19523,7 +19575,9 @@ with pkgs; libmysofa = callPackage ../development/libraries/audio/libmysofa { }; - libmysqlconnectorcpp = callPackage ../development/libraries/libmysqlconnectorcpp { }; + libmysqlconnectorcpp = callPackage ../development/libraries/libmysqlconnectorcpp { + openssl = openssl_1_1; + }; libnatpmp = callPackage ../development/libraries/libnatpmp { }; @@ -19938,7 +19992,9 @@ with pkgs; libstroke = callPackage ../development/libraries/libstroke { }; - libstrophe = callPackage ../development/libraries/libstrophe { }; + libstrophe = callPackage ../development/libraries/libstrophe { + openssl = openssl_1_1; + }; libspatialaudio = callPackage ../development/libraries/libspatialaudio { }; @@ -20709,7 +20765,9 @@ with pkgs; openexrid-unstable = callPackage ../development/libraries/openexrid-unstable { }; - openldap = callPackage ../development/libraries/openldap { }; + openldap = callPackage ../development/libraries/openldap { + openssl = openssl_1_1; + }; opencolorio = callPackage ../development/libraries/opencolorio { inherit (darwin.apple_sdk.frameworks) Carbon GLUT Cocoa; @@ -20756,7 +20814,7 @@ with pkgs; wolfssl = callPackage ../development/libraries/wolfssl { }; - openssl = openssl_1_1; + openssl = openssl_3; inherit (callPackages ../development/libraries/openssl { }) openssl_1_1 @@ -20951,8 +21009,6 @@ with pkgs; qbs = libsForQt5.callPackage ../development/tools/build-managers/qbs { }; - qca2 = callPackage ../development/libraries/qca2 { qt = qt4; }; - qimageblitz = callPackage ../development/libraries/qimageblitz {}; qolibri = libsForQt5.callPackage ../applications/misc/qolibri { }; @@ -21038,6 +21094,21 @@ with pkgs; qt5 = qt515; libsForQt5 = libsForQt515; + # TODO: remove once no package needs this anymore or together with OpenSSL 1.1 + qt5_openssl_1_1 = qt5.overrideScope' (_: super: { + qtbase = super.qtbase.override { + openssl = openssl_1_1; + libmysqlclient = libmysqlclient.override { + openssl = openssl_1_1; + curl = curl.override { openssl = openssl_1_1; }; + }; + }; + }); + libsForQt5_openssl_1_1 = recurseIntoAttrs (import ./qt5-packages.nix { + inherit lib pkgs; + qt5 = qt5_openssl_1_1; + }); + # plasma5Packages maps to the Qt5 packages set that is used to build the plasma5 desktop plasma5Packages = libsForQt515; @@ -21309,7 +21380,9 @@ with pkgs; serd = callPackage ../development/libraries/serd {}; - serf = callPackage ../development/libraries/serf {}; + serf = callPackage ../development/libraries/serf { + openssl = openssl_1_1; + }; sfsexp = callPackage ../development/libraries/sfsexp {}; @@ -21676,7 +21749,9 @@ with pkgs; theft = callPackage ../development/libraries/theft { }; - thrift = callPackage ../development/libraries/thrift { }; + thrift = callPackage ../development/libraries/thrift { + openssl = openssl_1_1; + }; thrift-0_10 = callPackage ../development/libraries/thrift/0.10.nix { }; @@ -22536,7 +22611,9 @@ with pkgs; dodgy = with python3Packages; toPythonApplication dodgy; - dovecot = callPackage ../servers/mail/dovecot { }; + dovecot = callPackage ../servers/mail/dovecot { + openssl = openssl_1_1; + }; dovecot_pigeonhole = callPackage ../servers/mail/dovecot/plugins/pigeonhole { }; dovecot_fts_xapian = callPackage ../servers/mail/dovecot/plugins/fts_xapian { }; @@ -22596,10 +22673,13 @@ with pkgs; inherit (callPackages ../servers/firebird { }) firebird_4 firebird_3 firebird_2_5 firebird; - freeradius = callPackage ../servers/freeradius { }; + freeradius = callPackage ../servers/freeradius { + openssl = openssl_1_1; + }; freeswitch = callPackage ../servers/sip/freeswitch { inherit (darwin.apple_sdk.frameworks) SystemConfiguration; + openssl = openssl_1_1; }; fusionInventory = callPackage ../servers/monitoring/fusion-inventory { }; @@ -22759,7 +22839,9 @@ with pkgs; nodejs = nodejs-14_x; }; - lighttpd = callPackage ../servers/http/lighttpd { }; + lighttpd = callPackage ../servers/http/lighttpd { + openssl = openssl_1_1; + }; listmonk = callPackage ../servers/mail/listmonk { }; @@ -22890,7 +22972,6 @@ with pkgs; nginxStable = callPackage ../servers/http/nginx/stable.nix { zlib = zlib-ng.override { withZlibCompat = true; }; - openssl = openssl_3; withPerl = false; # We don't use `with` statement here on purpose! # See https://github.com/NixOS/nixpkgs/pull/10474#discussion_r42369334 @@ -22899,7 +22980,6 @@ with pkgs; nginxMainline = callPackage ../servers/http/nginx/mainline.nix { zlib = zlib-ng.override { withZlibCompat = true; }; - openssl = openssl_3; withKTLS = true; withPerl = false; # We don't use `with` statement here on purpose! @@ -23113,7 +23193,10 @@ with pkgs; nginx-sso = callPackage ../servers/nginx-sso { }; - percona-server56 = callPackage ../servers/sql/percona/5.6.x.nix { stdenv = gcc10StdenvCompat; }; + percona-server56 = callPackage ../servers/sql/percona/5.6.x.nix { + stdenv = gcc10StdenvCompat; + openssl = openssl_1_1; + }; percona-server = percona-server56; influxdb = callPackage ../servers/nosql/influxdb { @@ -23132,6 +23215,7 @@ with pkgs; inherit (darwin.apple_sdk.frameworks) CoreServices; boost = boost159; protobuf = protobuf3_7; + openssl = openssl_1_1; }; mysql80 = callPackage ../servers/sql/mysql/8.0.x.nix { @@ -23140,6 +23224,7 @@ with pkgs; boost = boost177; # Configure checks for specific version. protobuf = protobuf3_19; icu = icu69; + openssl = openssl_1_1; }; mysql_jdbc = callPackage ../servers/sql/mysql/jdbc { }; @@ -23473,7 +23558,10 @@ with pkgs; spring-boot-cli = callPackage ../development/tools/spring-boot-cli { }; - squid = callPackage ../servers/squid { }; + squid = callPackage ../servers/squid { + # https://bugs.squid-cache.org/show_bug.cgi?id=5133 + openssl = openssl_1_1; + }; duckling-proxy = callPackage ../servers/duckling-proxy { }; @@ -23583,7 +23671,9 @@ with pkgs; zookeeper = callPackage ../servers/zookeeper { }; - zookeeper_mt = callPackage ../development/libraries/zookeeper_mt { }; + zookeeper_mt = callPackage ../development/libraries/zookeeper_mt { + openssl = openssl_1_1; + }; xqilla = callPackage ../development/tools/xqilla { stdenv = gcc10StdenvCompat; }; @@ -23875,7 +23965,9 @@ with pkgs; fwupd-efi = callPackage ../os-specific/linux/firmware/fwupd-efi { }; - firmware-manager = callPackage ../os-specific/linux/firmware/firmware-manager { }; + firmware-manager = callPackage ../os-specific/linux/firmware/firmware-manager { + openssl = openssl_1_1; + }; firmware-updater = callPackage ../os-specific/linux/firmware/firmware-updater { }; @@ -24484,7 +24576,9 @@ with pkgs; odin = callPackage ../development/compilers/odin { }; - odp-dpdk = callPackage ../os-specific/linux/odp-dpdk { }; + odp-dpdk = callPackage ../os-specific/linux/odp-dpdk { + openssl = openssl_1_1; + }; odroid-xu3-bootloader = callPackage ../tools/misc/odroid-xu3-bootloader { }; @@ -24516,7 +24610,9 @@ with pkgs; pam_mysql = callPackage ../os-specific/linux/pam_mysql { }; - pam_p11 = callPackage ../os-specific/linux/pam_p11 { }; + pam_p11 = callPackage ../os-specific/linux/pam_p11 { + openssl = openssl_1_1; + }; pam_pgsql = callPackage ../os-specific/linux/pam_pgsql { }; @@ -24696,6 +24792,7 @@ with pkgs; statifier = callPackage ../os-specific/linux/statifier { }; sysdig = callPackage ../os-specific/linux/sysdig { + openssl = openssl_1_1; kernel = null; }; # sysdig is a client, for a driver look at linuxPackagesFor @@ -26149,7 +26246,7 @@ with pkgs; msgviewer = callPackage ../applications/networking/mailreaders/msgviewer { }; - amarok = libsForQt5.callPackage ../applications/audio/amarok { }; + amarok = libsForQt5_openssl_1_1.callPackage ../applications/audio/amarok { }; amarok-kf5 = amarok; # for compatibility amfora = callPackage ../applications/networking/browsers/amfora { }; @@ -27607,7 +27704,9 @@ with pkgs; foxtrotgps = callPackage ../applications/misc/foxtrotgps { }; - fractal = callPackage ../applications/networking/instant-messengers/fractal { }; + fractal = callPackage ../applications/networking/instant-messengers/fractal { + openssl = openssl_1_1; + }; fractal-next = callPackage ../applications/networking/instant-messengers/fractal-next { inherit (gst_all_1) gstreamer gst-plugins-base gst-plugins-bad; @@ -29116,7 +29215,9 @@ with pkgs; meld = callPackage ../applications/version-management/meld { }; - meli = callPackage ../applications/networking/mailreaders/meli { }; + meli = callPackage ../applications/networking/mailreaders/meli { + openssl = openssl_1_1; + }; melmatcheq.lv2 = callPackage ../applications/audio/melmatcheq.lv2 { }; @@ -29430,12 +29531,14 @@ with pkgs; pulseSupport = config.pulseaudio or false; iceSupport = config.murmur.iceSupport or true; grpcSupport = config.murmur.grpcSupport or true; + qt5 = qt5_openssl_1_1; }).murmur; mumble = (callPackages ../applications/networking/mumble { avahi = avahi-compat; jackSupport = config.mumble.jackSupport or false; speechdSupport = config.mumble.speechdSupport or false; + qt5 = qt5_openssl_1_1; }).mumble; mumble_overlay = callPackage ../applications/networking/mumble/overlay.nix { @@ -31206,7 +31309,9 @@ with pkgs; buildGoModule = buildGo117Module; }; - tqsl = callPackage ../applications/radio/tqsl { }; + tqsl = callPackage ../applications/radio/tqsl { + openssl = openssl_1_1; + }; trustedqsl = tqsl; # Alias added 2019-02-10 transcode = callPackage ../applications/audio/transcode { }; @@ -31293,7 +31398,9 @@ with pkgs; uhhyou.lv2 = callPackage ../applications/audio/uhhyou.lv2 { }; - umurmur = callPackage ../applications/networking/umurmur { }; + umurmur = callPackage ../applications/networking/umurmur { + openssl = openssl_1_1; + }; udocker = callPackage ../tools/virtualization/udocker { }; @@ -33478,6 +33585,7 @@ with pkgs; teeworlds = callPackage ../games/teeworlds { }; tengine = callPackage ../servers/http/tengine { + openssl = openssl_1_1; modules = with nginxModules; [ rtmp dav moreheaders modsecurity-nginx ]; }; @@ -36160,7 +36268,9 @@ with pkgs; wprecon = callPackage ../tools/security/wprecon { }; - wraith = callPackage ../applications/networking/irc/wraith { }; + wraith = callPackage ../applications/networking/irc/wraith { + openssl = openssl_1_1; + }; wxsqlite3 = callPackage ../development/libraries/wxsqlite3 { wxGTK = wxGTK30; @@ -36443,6 +36553,7 @@ with pkgs; simplehttp2server = callPackage ../servers/simplehttp2server { }; simple-http-server = callPackage ../servers/simple-http-server { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; }; diff --git a/pkgs/top-level/beam-packages.nix b/pkgs/top-level/beam-packages.nix index 714873775269..9cd28546dd40 100644 --- a/pkgs/top-level/beam-packages.nix +++ b/pkgs/top-level/beam-packages.nix @@ -1,4 +1,5 @@ { beam, callPackage, wxGTK30, buildPackages, stdenv +, openssl_1_1 , wxSupport ? true , systemdSupport ? stdenv.isLinux }: @@ -51,6 +52,7 @@ with beam; { # R23 erlangR23 = lib.callErlang ../development/interpreters/erlang/R23.nix { + openssl = openssl_1_1; wxGTK = wxGTK30; # Can be enabled since the bug has been fixed in https://github.com/erlang/otp/pull/2508 parallelBuild = true; @@ -66,6 +68,7 @@ with beam; { # R22 erlangR22 = lib.callErlang ../development/interpreters/erlang/R22.nix { + openssl = openssl_1_1; wxGTK = wxGTK30; # Can be enabled since the bug has been fixed in https://github.com/erlang/otp/pull/2508 parallelBuild = true; @@ -81,6 +84,7 @@ with beam; { # R21 erlangR21 = lib.callErlang ../development/interpreters/erlang/R21.nix { + openssl = openssl_1_1; wxGTK = wxGTK30; autoconf = buildPackages.autoconf269; inherit wxSupport systemdSupport; diff --git a/pkgs/top-level/linux-kernels.nix b/pkgs/top-level/linux-kernels.nix index e2e20726525b..6ae89a716f69 100644 --- a/pkgs/top-level/linux-kernels.nix +++ b/pkgs/top-level/linux-kernels.nix @@ -443,7 +443,9 @@ in { rr-zen_workaround = callPackage ../development/tools/analysis/rr/zen_workaround.nix { }; - sysdig = callPackage ../os-specific/linux/sysdig {}; + sysdig = callPackage ../os-specific/linux/sysdig { + openssl = pkgs.openssl_1_1; + }; systemtap = callPackage ../development/tools/profiling/systemtap { }; diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index fcd9d546b4d7..a94c0dce230a 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -5163,10 +5163,10 @@ let CryptOpenSSLGuess = buildPerlPackage { pname = "Crypt-OpenSSL-Guess"; - version = "0.11"; + version = "0.15"; src = fetchurl { - url = "mirror://cpan/authors/id/A/AK/AKIYM/Crypt-OpenSSL-Guess-0.11.tar.gz"; - hash = "sha256-qmsY44y4UsutgKWM2Qw5W0CBnU0B4Ks353AxSQlNcWc="; + url = "mirror://cpan/authors/id/A/AK/AKIYM/Crypt-OpenSSL-Guess-0.15.tar.gz"; + hash = "sha256-HFAzOBgZ/bTJCH3SkbkOxw54ENMdV+remziOzP1wOG0="; }; meta = { description = "Guess OpenSSL include path"; @@ -5200,8 +5200,8 @@ let hash = "sha256-QXNAOtTPdnMhkgmfgz+/vzzYEE4CRrOEQYeuOE0sVDY="; }; propagatedBuildInputs = [ CryptOpenSSLRandom ]; - NIX_CFLAGS_COMPILE = "-I${pkgs.openssl.dev}/include"; - NIX_CFLAGS_LINK = "-L${lib.getLib pkgs.openssl}/lib -lcrypto"; + NIX_CFLAGS_COMPILE = "-I${pkgs.openssl_1_1.dev}/include"; + NIX_CFLAGS_LINK = "-L${lib.getLib pkgs.openssl_1_1}/lib -lcrypto"; buildInputs = [ CryptOpenSSLGuess ]; meta = { description = "RSA encoding and decoding, using the openSSL libraries"; @@ -5211,13 +5211,15 @@ let CryptOpenSSLX509 = buildPerlPackage rec { pname = "Crypt-OpenSSL-X509"; - version = "1.813"; + version = "1.914"; src = fetchurl { - url = "mirror://cpan/authors/id/J/JO/JONASBN/Crypt-OpenSSL-X509-1.813.tar.gz"; - hash = "sha256-aEvYiNLtTHSPj23Y6HwUr6KXSxLuAfqggq2c+h4yHmI="; + url = "mirror://cpan/authors/id/J/JO/JONASBN/Crypt-OpenSSL-X509-1.914.tar.gz"; + hash = "sha256-ScV1JX5kCK1aiQEeW1gA1Zj5zK/fQucQBO2Byy9E7no="; }; NIX_CFLAGS_COMPILE = "-I${pkgs.openssl.dev}/include"; NIX_CFLAGS_LINK = "-L${lib.getLib pkgs.openssl}/lib -lcrypto"; + buildInputs = [ CryptOpenSSLGuess ]; + propagatedBuildInputs = [ ConvertASN1 ]; meta = { description = "Perl extension to OpenSSL's X509 API"; homepage = "https://github.com/dsully/perl-crypt-openssl-x509"; diff --git a/pkgs/top-level/php-packages.nix b/pkgs/top-level/php-packages.nix index ce3af252abc7..e3f03fd46877 100644 --- a/pkgs/top-level/php-packages.nix +++ b/pkgs/top-level/php-packages.nix @@ -31,6 +31,7 @@ , net-snmp , oniguruma , openldap +, openssl_1_1 , openssl , pam , pcre2 @@ -407,7 +408,7 @@ lib.makeScope pkgs.newScope (self: with self; { } { name = "openssl"; - buildInputs = [ openssl ]; + buildInputs = if (lib.versionAtLeast php.version "8.1") then [ openssl ] else [ openssl_1_1 ]; configureFlags = [ "--with-openssl" ]; doCheck = false; } diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index e9c527bf12f2..6a00bd4d1c16 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -2114,6 +2114,7 @@ in { cryptography = callPackage ../development/python-modules/cryptography { inherit (pkgs.darwin) libiconv; inherit (pkgs.darwin.apple_sdk.frameworks) Security; + openssl = pkgs.openssl_1_1; }; cryptolyzer = callPackage ../development/python-modules/cryptolyzer { }; @@ -5359,7 +5360,10 @@ in { lzstring = callPackage ../development/python-modules/lzstring { }; - m2crypto = callPackage ../development/python-modules/m2crypto { }; + m2crypto = callPackage ../development/python-modules/m2crypto { + # https://gitlab.com/m2crypto/m2crypto/-/issues/310 + openssl = pkgs.openssl_1_1; + }; m2r = callPackage ../development/python-modules/m2r { }; @@ -11160,6 +11164,7 @@ in { tzlocal = callPackage ../development/python-modules/tzlocal { }; uamqp = callPackage ../development/python-modules/uamqp { + openssl = pkgs.openssl_1_1; inherit (pkgs.darwin.apple_sdk.frameworks) CFNetwork CoreFoundation Security; }; diff --git a/pkgs/top-level/qt5-packages.nix b/pkgs/top-level/qt5-packages.nix index 3d68987eaf19..6d66eda3c356 100644 --- a/pkgs/top-level/qt5-packages.nix +++ b/pkgs/top-level/qt5-packages.nix @@ -175,7 +175,9 @@ in (kdeFrameworks // plasmaMobileGear // plasma5 // plasma5.thirdParty // kdeGea qca-qt5 = callPackage ../development/libraries/qca-qt5 { }; # Until macOS SDK allows for Qt 5.15, darwin is limited to 2.3.2 - qca-qt5_2_3_2 = callPackage ../development/libraries/qca-qt5/2.3.2.nix { }; + qca-qt5_2_3_2 = callPackage ../development/libraries/qca-qt5/2.3.2.nix { + openssl = pkgs.openssl_1_1; + }; qcoro = callPackage ../development/libraries/qcoro { };