From 6932bbea63011e044a52990edceb67a39237dfff Mon Sep 17 00:00:00 2001 From: Rasmus Rendal Date: Mon, 16 May 2022 12:36:21 +0200 Subject: [PATCH 001/138] mingw-w64: 9.0.0 -> 10.0.0 --- pkgs/os-specific/windows/mingw-w64/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/windows/mingw-w64/default.nix b/pkgs/os-specific/windows/mingw-w64/default.nix index 38293e65f70f..73d66945e1fb 100644 --- a/pkgs/os-specific/windows/mingw-w64/default.nix +++ b/pkgs/os-specific/windows/mingw-w64/default.nix @@ -1,14 +1,14 @@ { lib, stdenv, windows, fetchurl }: let - version = "9.0.0"; + version = "10.0.0"; in stdenv.mkDerivation { pname = "mingw-w64"; inherit version; src = fetchurl { url = "mirror://sourceforge/mingw-w64/mingw-w64-v${version}.tar.bz2"; - sha256 = "10a15bi4lyfi0k0haj0klqambicwma6yi7vssgbz8prg815vja8r"; + hash = "sha256-umtDCu1yxjo3aFMfaj/8Kw/eLFejslFFDc9ImolPCJQ="; }; outputs = [ "out" "dev" ]; From b51e4f631e694b0ada2c227fa1d833e4194b33e5 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Tue, 2 Aug 2022 06:14:07 +0000 Subject: [PATCH 002/138] waf: 2.0.23 -> 2.0.24 --- pkgs/development/tools/build-managers/waf/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/build-managers/waf/default.nix b/pkgs/development/tools/build-managers/waf/default.nix index c0707a1cd935..8fcb5f2dbac1 100644 --- a/pkgs/development/tools/build-managers/waf/default.nix +++ b/pkgs/development/tools/build-managers/waf/default.nix @@ -8,13 +8,13 @@ let in stdenv.mkDerivation rec { pname = "waf"; - version = "2.0.23"; + version = "2.0.24"; src = fetchFromGitLab { owner = "ita1024"; repo = "waf"; rev = "${pname}-${version}"; - sha256 = "sha256-AASjkXb3eCVjbuT0GOwhagoNHxG7/XP1Mj0i1U4j13Q="; + sha256 = "sha256-nunPDYAy0yfDJpsc+E8SyyFLny19wwrVzxeUOhh7nc4="; }; nativeBuildInputs = [ python3 ensureNewerSourcesForZipFilesHook ]; From a73156c64cc44a3b0270706ab9044e89c698ba99 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 6 Aug 2022 09:14:39 +0000 Subject: [PATCH 003/138] util-linux: 2.38 -> 2.38.1 --- pkgs/os-specific/linux/util-linux/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index cb323e623bed..d57fdba7310b 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -14,11 +14,11 @@ stdenv.mkDerivation rec { pname = "util-linux" + lib.optionalString (!nlsSupport && !ncursesSupport && !systemdSupport) "-minimal"; - version = "2.38"; + version = "2.38.1"; src = fetchurl { url = "mirror://kernel/linux/utils/util-linux/v${lib.versions.majorMinor version}/util-linux-${version}.tar.xz"; - hash = "sha256-bREcvk1VszbbLx++/7xluJkIcEwBE2Nx0yqpvsNz62Q="; + hash = "sha256-YEkqGbRObPmj3f9oMlszO4tStsWc4+vWoOyqTFEX6E8="; }; patches = [ From 17c8b2e3a7fbb8be0a227931bbd817127288bbda Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Sun, 14 Aug 2022 12:53:25 +0100 Subject: [PATCH 004/138] xz: 5.2.5 -> 5.2.6 While at it added trivial updater. Changes: https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;hb=v5.2.6 --- pkgs/tools/compression/xz/default.nix | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/compression/xz/default.nix b/pkgs/tools/compression/xz/default.nix index 75a58d011cef..86df04c26691 100644 --- a/pkgs/tools/compression/xz/default.nix +++ b/pkgs/tools/compression/xz/default.nix @@ -1,5 +1,6 @@ { lib, stdenv, fetchurl , enableStatic ? stdenv.hostPlatform.isStatic +, writeScript }: # Note: this package is used for bootstrapping fetchurl, and thus @@ -9,11 +10,11 @@ stdenv.mkDerivation rec { pname = "xz"; - version = "5.2.5"; + version = "5.2.6"; src = fetchurl { url = "https://tukaani.org/xz/xz-${version}.tar.bz2"; - sha256 = "1ps2i8i212n0f4xpq6clp7h13q7m1y8slqvxha9i8d0bj0qgj5si"; + sha256 = "E+NALjAbYBj2px7w5Jf3FMbRHiFK6C2rFWuBwqZKyyU="; }; strictDeps = true; @@ -34,6 +35,21 @@ stdenv.mkDerivation rec { postInstall = "rm -rf $out/share/doc"; + passthru = { + updateScript = writeScript "update-xz" '' + #!/usr/bin/env nix-shell + #!nix-shell -i bash -p curl pcre common-updater-scripts + + set -eu -o pipefail + + # Expect the text in format of '>xz-5.2.6.tar.bz2' + # We pick first match where a stable release goes first. + new_version="$(curl -s https://tukaani.org/xz/ | + pcregrep -o1 '>xz-([0-9.]+)[.]tar[.]bz2')" + update-source-version ${pname} "$new_version" + ''; + }; + meta = with lib; { homepage = "https://tukaani.org/xz/"; description = "A general-purpose data compression software, successor of LZMA"; From 7233d35e49e3254b782ca7d36b8ae0494fb61464 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Mon, 15 Aug 2022 14:33:13 +0200 Subject: [PATCH 005/138] python310Packages.setuptools-rust: 1.5.0 -> 1.5.1 --- pkgs/development/python-modules/setuptools-rust/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/setuptools-rust/default.nix b/pkgs/development/python-modules/setuptools-rust/default.nix index 2f331bace589..0afa482960c6 100644 --- a/pkgs/development/python-modules/setuptools-rust/default.nix +++ b/pkgs/development/python-modules/setuptools-rust/default.nix @@ -11,12 +11,12 @@ buildPythonPackage rec { pname = "setuptools-rust"; - version = "1.5.0"; + version = "1.5.1"; disabled = pythonOlder "3.6"; src = fetchPypi { inherit pname version; - sha256 = "sha256-C4rrgUr+Dp18MVaewJNtH1IBmTUwY5JE+pc+F0IAVnE="; + sha256 = "sha256-DgXkVmRdWUKcsQITcK7ec8B2DpNgu/2q77W87VMOudc="; }; nativeBuildInputs = [ setuptools-scm ]; From bdc07d61f9dd9721b6cb2833895925d93e33be4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Tue, 16 Aug 2022 13:58:42 +0200 Subject: [PATCH 006/138] python310Packages.pygments: 2.12.0 -> 2.13.0 --- pkgs/development/python-modules/pygments/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pygments/default.nix b/pkgs/development/python-modules/pygments/default.nix index c8759a2fe056..e5c2ca53686c 100644 --- a/pkgs/development/python-modules/pygments/default.nix +++ b/pkgs/development/python-modules/pygments/default.nix @@ -10,12 +10,12 @@ let pygments = buildPythonPackage rec { pname = "pygments"; - version = "2.12.0"; + version = "2.13.0"; src = fetchPypi { pname = "Pygments"; inherit version; - sha256 = "sha256-XrEWEY+WEv8e6JrJZDe7a0no8E2KE7UUuib2ICCOJus="; + sha256 = "sha256-VqhQiulfmOK5vfk6a+WuP32K+Fi0PgLFov8INya+QME="; }; propagatedBuildInputs = [ From 913ea47f6ba806e964251061ed58989a12b78577 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Tue, 16 Aug 2022 21:01:41 +1000 Subject: [PATCH 007/138] tzdata: 2022b -> 2022c https://mm.icann.org/pipermail/tz-announce/2022-August/000072.html --- pkgs/data/misc/tzdata/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/data/misc/tzdata/default.nix b/pkgs/data/misc/tzdata/default.nix index 7cb13e0535ee..1a6cba44ef87 100644 --- a/pkgs/data/misc/tzdata/default.nix +++ b/pkgs/data/misc/tzdata/default.nix @@ -2,16 +2,16 @@ stdenv.mkDerivation rec { pname = "tzdata"; - version = "2022b"; + version = "2022c"; srcs = [ (fetchurl { url = "https://data.iana.org/time-zones/releases/tzdata${version}.tar.gz"; - hash = "sha256-9ZDq8Eo5UkVCbCvk+uccFDrqXOvBEIi3oKVwRGHfOX0="; + hash = "sha256-aXT040i/IyMnS1bf+edQAkfjFZ6qS0hd+gzWbnXBS/4="; }) (fetchurl { url = "https://data.iana.org/time-zones/releases/tzcode${version}.tar.gz"; - hash = "sha256-urINlD5ZoyGENfSNhopOVS8Y1tfz3RKGYMVmDIC4oF8="; + hash = "sha256-Pnzh82IMwEgZB8fgdNaZEHkyhb/+DKMx7xptGuPqkMw="; }) ]; From f96b6627529aa21ce9a7dd08b74350a2b4d71873 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Tue, 16 Aug 2022 11:33:51 +1000 Subject: [PATCH 008/138] lz4: 1.9.3 -> 1.9.4 https://github.com/lz4/lz4/releases/tag/v1.9.4 --- pkgs/tools/compression/lz4/default.nix | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/pkgs/tools/compression/lz4/default.nix b/pkgs/tools/compression/lz4/default.nix index 94f739a6c532..bf048eeb87df 100644 --- a/pkgs/tools/compression/lz4/default.nix +++ b/pkgs/tools/compression/lz4/default.nix @@ -1,32 +1,19 @@ -{ lib, stdenv, fetchFromGitHub, valgrind, fetchpatch +{ lib, stdenv, fetchFromGitHub, valgrind , enableStatic ? stdenv.hostPlatform.isStatic , enableShared ? !stdenv.hostPlatform.isStatic }: stdenv.mkDerivation rec { pname = "lz4"; - version = "1.9.3"; + version = "1.9.4"; src = fetchFromGitHub { - sha256 = "1w02kazh1fps3sji2sn89fz862j1199c5ajrqcgl1bnlxj09kcbz"; + sha256 = "sha256-YiMCD3vvrG+oxBUghSrCmP2LAfAGZrEaKz0YoaQJhpI="; rev = "v${version}"; repo = pname; owner = pname; }; - patches = [ - (fetchpatch { # https://github.com/lz4/lz4/pull/972 - name = "CVE-2021-3520.patch"; - url = "https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7.patch"; - sha256 = "0r1cwpqdkdc8im0pf2r5jp7mwwn69xcw405rrk7rc0mpjcp5ydfk"; - }) - (fetchpatch { # https://github.com/lz4/lz4/pull/973 - name = "avoid-null-pointer-dereference.patch"; - url = "https://github.com/lz4/lz4/commit/29a6a1f4941e7243241fe00d6c13b749fd6b60c2.patch"; - sha256 = "0v5yl5hd3qrfm3xm7m06j4b21qwllb4cqkjn2az7x1vnzqgpf8y7"; - }) - ]; - # TODO(@Ericson2314): Separate binaries and libraries outputs = [ "bin" "out" "dev" ]; From bd01cc76fb1f3202714e735865167dd8c0ee7ea8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Thu, 11 Aug 2022 16:43:40 +0000 Subject: [PATCH 009/138] python310Packages.markdown: 3.3.7 -> 3.4.1 https://github.com/Python-Markdown/markdown/blob/3.4.1/docs/change_log/release-3.4.md --- pkgs/development/python-modules/markdown/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/markdown/default.nix b/pkgs/development/python-modules/markdown/default.nix index 999fe2682b8c..da3a8af52058 100644 --- a/pkgs/development/python-modules/markdown/default.nix +++ b/pkgs/development/python-modules/markdown/default.nix @@ -9,16 +9,16 @@ buildPythonPackage rec { pname = "markdown"; - version = "3.3.7"; + version = "3.4.1"; - disabled = pythonOlder "3.6"; + disabled = pythonOlder "3.7"; format = "setuptools"; src = fetchPypi { pname = "Markdown"; inherit version; - sha256 = "cbb516f16218e643d8e0a95b309f77eb118cb138d39a4f27851e6a63581db874"; + sha256 = "3b809086bb6efad416156e00a0da66fe47618a5d6918dd688f53f40c8e4cfeff"; }; propagatedBuildInputs = lib.optionals (pythonOlder "3.10") [ From 775ba78608546df5f8273b79f1062ab2f391257b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Thu, 11 Aug 2022 16:54:23 +0000 Subject: [PATCH 010/138] python310Packages.Nikola: 8.2.2 -> 8.2.3 https://github.com/getnikola/nikola/releases/tag/v8.2.3 --- pkgs/development/python-modules/Nikola/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/Nikola/default.nix b/pkgs/development/python-modules/Nikola/default.nix index b15f07bfcaeb..804a93883b7a 100644 --- a/pkgs/development/python-modules/Nikola/default.nix +++ b/pkgs/development/python-modules/Nikola/default.nix @@ -41,12 +41,12 @@ buildPythonPackage rec { pname = "Nikola"; - version = "8.2.2"; + version = "8.2.3"; disabled = pythonOlder "3.5"; src = fetchPypi { inherit pname version; - sha256 = "sha256-lfSrBRwkWMHTFEJ4KmrWIx9XIMO5I9XxcuJe7zTxJsE="; + sha256 = "sha256-c8eadkmYWS88nGwi6QwPqHg7FBXlkdazKSrbWDMw/UA="; }; propagatedBuildInputs = [ From bf44c7ec3e53a9aebc92078910a15258b78a4685 Mon Sep 17 00:00:00 2001 From: Yurii Matsiuk <24990891+ymatsiuk@users.noreply.github.com> Date: Wed, 17 Aug 2022 17:51:15 +0200 Subject: [PATCH 011/138] bluez: 5.64 -> 5.65 --- pkgs/os-specific/linux/bluez/default.nix | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/pkgs/os-specific/linux/bluez/default.nix b/pkgs/os-specific/linux/bluez/default.nix index d09ef77fb0d8..8191624fa828 100644 --- a/pkgs/os-specific/linux/bluez/default.nix +++ b/pkgs/os-specific/linux/bluez/default.nix @@ -23,11 +23,11 @@ ]; in stdenv.mkDerivation rec { pname = "bluez"; - version = "5.64"; + version = "5.65"; src = fetchurl { url = "mirror://kernel/linux/bluetooth/${pname}-${version}.tar.xz"; - sha256 = "sha256-rkN+ZbazBwwZi8WwEJ/pzeueqjhzgOIHL53mX+ih3jQ="; + sha256 = "sha256-JWWk1INUtXbmrZLiW1TtZoCCllgciruAWHBR+Zk9ltQ="; }; buildInputs = [ @@ -50,17 +50,6 @@ in stdenv.mkDerivation rec { outputs = [ "out" "dev" "test" ]; - patches = [ - # https://github.com/bluez/bluez/commit/0905a06410d4a5189f0be81e25eb3c3e8a2199c5 - # which fixes https://github.com/bluez/bluez/issues/329 - # and is already merged upstream and not yet in a release. - (fetchpatch { - name = "StateDirectory_and_ConfigurationDirectory.patch"; - url = "https://github.com/bluez/bluez/commit/0905a06410d4a5189f0be81e25eb3c3e8a2199c5.patch"; - sha256 = "sha256-MI6yPTiDLHsSTjLvNqtWnuy2xUMYpSat1WhMbeoedSM="; - }) - ]; - postPatch = '' substituteInPlace tools/hid2hci.rules \ --replace /sbin/udevadm ${systemdMinimal}/bin/udevadm \ From f16be229dcb9e3bb914820ed0f74a0009b0235dc Mon Sep 17 00:00:00 2001 From: Artturin Date: Wed, 17 Aug 2022 20:43:58 +0300 Subject: [PATCH 012/138] gcc/: correct gnused conditionals and move to nativeBuildInputs hostPlatform changes were done in commits like https://github.com/nixos/nixpkgs/commit/7a134572532323900a6661e5f1fea09b6dea3479 it should have been buildPlatform instead according to the comment --- pkgs/development/compilers/gcc/10/default.nix | 8 ++++---- pkgs/development/compilers/gcc/11/default.nix | 8 ++++---- pkgs/development/compilers/gcc/12/default.nix | 8 ++++---- pkgs/development/compilers/gcc/4.8/default.nix | 11 ++++++----- pkgs/development/compilers/gcc/4.9/default.nix | 11 ++++++----- pkgs/development/compilers/gcc/6/default.nix | 8 ++++---- pkgs/development/compilers/gcc/7/default.nix | 11 ++++++----- pkgs/development/compilers/gcc/8/default.nix | 11 ++++++----- pkgs/development/compilers/gcc/9/default.nix | 8 ++++---- 9 files changed, 44 insertions(+), 40 deletions(-) diff --git a/pkgs/development/compilers/gcc/10/default.nix b/pkgs/development/compilers/gcc/10/default.nix index 1c223fa82f4a..a439fc26d5b8 100644 --- a/pkgs/development/compilers/gcc/10/default.nix +++ b/pkgs/development/compilers/gcc/10/default.nix @@ -33,7 +33,7 @@ assert libelf != null -> zlib != null; # Make sure we get GNU sed. -assert stdenv.hostPlatform.isDarwin -> gnused != null; +assert stdenv.buildPlatform.isDarwin -> gnused != null; # The go frontend is written in c++ assert langGo -> langCC; @@ -159,6 +159,9 @@ stdenv.mkDerivation ({ nativeBuildInputs = [ texinfo which gettext ] ++ (optional (perl != null) perl) ++ (optional langAda gnatboot) + # The builder relies on GNU sed (for instance, Darwin's `sed' fails with + # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. + ++ (optional buildPlatform.isDarwin gnused) ; # For building runtime libs @@ -177,9 +180,6 @@ stdenv.mkDerivation ({ targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) - # The builder relies on GNU sed (for instance, Darwin's `sed' fails with - # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. - ++ (optional hostPlatform.isDarwin gnused) ; depsTargetTarget = optional (!crossStageStatic && threadsCross != null) threadsCross; diff --git a/pkgs/development/compilers/gcc/11/default.nix b/pkgs/development/compilers/gcc/11/default.nix index ca3a89af1806..7fb75530828c 100644 --- a/pkgs/development/compilers/gcc/11/default.nix +++ b/pkgs/development/compilers/gcc/11/default.nix @@ -33,7 +33,7 @@ assert libelf != null -> zlib != null; # Make sure we get GNU sed. -assert stdenv.hostPlatform.isDarwin -> gnused != null; +assert stdenv.buildPlatform.isDarwin -> gnused != null; # The go frontend is written in c++ assert langGo -> langCC; @@ -167,6 +167,9 @@ stdenv.mkDerivation ({ nativeBuildInputs = [ texinfo which gettext ] ++ (optional (perl != null) perl) ++ (optional langAda gnatboot) + # The builder relies on GNU sed (for instance, Darwin's `sed' fails with + # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. + ++ (optional buildPlatform.isDarwin gnused) ; # For building runtime libs @@ -185,9 +188,6 @@ stdenv.mkDerivation ({ targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) - # The builder relies on GNU sed (for instance, Darwin's `sed' fails with - # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. - ++ (optional hostPlatform.isDarwin gnused) ; depsTargetTarget = optional (!crossStageStatic && threadsCross != null) threadsCross; diff --git a/pkgs/development/compilers/gcc/12/default.nix b/pkgs/development/compilers/gcc/12/default.nix index 6fdc31079a89..273ad85f8899 100644 --- a/pkgs/development/compilers/gcc/12/default.nix +++ b/pkgs/development/compilers/gcc/12/default.nix @@ -33,7 +33,7 @@ assert libelf != null -> zlib != null; # Make sure we get GNU sed. -assert stdenv.hostPlatform.isDarwin -> gnused != null; +assert stdenv.buildPlatform.isDarwin -> gnused != null; # The go frontend is written in c++ assert langGo -> langCC; @@ -162,6 +162,9 @@ stdenv.mkDerivation ({ nativeBuildInputs = [ texinfo which gettext ] ++ (optional (perl != null) perl) ++ (optional langAda gnatboot) + # The builder relies on GNU sed (for instance, Darwin's `sed' fails with + # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. + ++ (optional buildPlatform.isDarwin gnused) ; # For building runtime libs @@ -180,9 +183,6 @@ stdenv.mkDerivation ({ targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) - # The builder relies on GNU sed (for instance, Darwin's `sed' fails with - # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. - ++ (optional hostPlatform.isDarwin gnused) ; depsTargetTarget = optional (!crossStageStatic && threadsCross != null) threadsCross; diff --git a/pkgs/development/compilers/gcc/4.8/default.nix b/pkgs/development/compilers/gcc/4.8/default.nix index bc93d6e13585..6f9e7da32e0b 100644 --- a/pkgs/development/compilers/gcc/4.8/default.nix +++ b/pkgs/development/compilers/gcc/4.8/default.nix @@ -43,7 +43,7 @@ assert cloog != null -> isl != null; assert libelf != null -> zlib != null; # Make sure we get GNU sed. -assert stdenv.hostPlatform.isDarwin -> gnused != null; +assert stdenv.buildPlatform.isDarwin -> gnused != null; # The go frontend is written in c++ assert langGo -> langCC; @@ -165,7 +165,11 @@ stdenv.mkDerivation ({ depsBuildBuild = [ buildPackages.stdenv.cc ]; nativeBuildInputs = [ texinfo which gettext ] ++ (optional (perl != null) perl) - ++ (optional javaAwtGtk pkg-config); + ++ (optional javaAwtGtk pkg-config) + # The builder relies on GNU sed (for instance, Darwin's `sed' fails with + # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. + ++ (optional buildPlatform.isDarwin gnused) + ; # For building runtime libs depsBuildTarget = @@ -186,9 +190,6 @@ stdenv.mkDerivation ({ ++ (optional (zlib != null) zlib) ++ (optionals langJava [ boehmgc zip unzip ]) ++ (optionals javaAwtGtk ([ gtk2 libart_lgpl ] ++ xlibs)) - # The builder relies on GNU sed (for instance, Darwin's `sed' fails with - # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. - ++ (optional hostPlatform.isDarwin gnused) ; depsTargetTarget = optional (!crossStageStatic && threadsCross != null) threadsCross; diff --git a/pkgs/development/compilers/gcc/4.9/default.nix b/pkgs/development/compilers/gcc/4.9/default.nix index cc675de22549..d9a319fadb68 100644 --- a/pkgs/development/compilers/gcc/4.9/default.nix +++ b/pkgs/development/compilers/gcc/4.9/default.nix @@ -43,7 +43,7 @@ assert cloog != null -> isl != null; assert libelf != null -> zlib != null; # Make sure we get GNU sed. -assert stdenv.hostPlatform.isDarwin -> gnused != null; +assert stdenv.buildPlatform.isDarwin -> gnused != null; # The go frontend is written in c++ assert langGo -> langCC; @@ -185,7 +185,11 @@ stdenv.mkDerivation ({ depsBuildBuild = [ buildPackages.stdenv.cc ]; nativeBuildInputs = [ texinfo which gettext ] ++ (optional (perl != null) perl) - ++ (optional javaAwtGtk pkg-config); + ++ (optional javaAwtGtk pkg-config) + # The builder relies on GNU sed (for instance, Darwin's `sed' fails with + # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. + ++ (optional buildPlatform.isDarwin gnused) + ; # For building runtime libs depsBuildTarget = @@ -206,9 +210,6 @@ stdenv.mkDerivation ({ ++ (optional (zlib != null) zlib) ++ (optionals langJava [ boehmgc zip unzip ]) ++ (optionals javaAwtGtk ([ gtk2 libart_lgpl ] ++ xlibs)) - # The builder relies on GNU sed (for instance, Darwin's `sed' fails with - # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. - ++ (optional hostPlatform.isDarwin gnused) ; depsTargetTarget = optional (!crossStageStatic && threadsCross != null) threadsCross; diff --git a/pkgs/development/compilers/gcc/6/default.nix b/pkgs/development/compilers/gcc/6/default.nix index d108dc11f18c..b48d867daf1a 100644 --- a/pkgs/development/compilers/gcc/6/default.nix +++ b/pkgs/development/compilers/gcc/6/default.nix @@ -44,7 +44,7 @@ assert langJava -> zip != null && unzip != null assert libelf != null -> zlib != null; # Make sure we get GNU sed. -assert stdenv.hostPlatform.isDarwin -> gnused != null; +assert stdenv.buildPlatform.isDarwin -> gnused != null; # The go frontend is written in c++ assert langGo -> langCC; @@ -196,6 +196,9 @@ stdenv.mkDerivation ({ ++ (optional javaAwtGtk pkg-config) ++ (optional (with stdenv.targetPlatform; isVc4 || isRedox) flex) ++ (optional langAda gnatboot) + # The builder relies on GNU sed (for instance, Darwin's `sed' fails with + # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. + ++ (optional buildPlatform.isDarwin gnused) ; # For building runtime libs @@ -216,9 +219,6 @@ stdenv.mkDerivation ({ ++ (optional (zlib != null) zlib) ++ (optionals langJava [ boehmgc zip unzip ]) ++ (optionals javaAwtGtk ([ gtk2 libart_lgpl ] ++ xlibs)) - # The builder relies on GNU sed (for instance, Darwin's `sed' fails with - # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. - ++ (optional hostPlatform.isDarwin gnused) ; depsTargetTarget = optional (!crossStageStatic && threadsCross != null) threadsCross; diff --git a/pkgs/development/compilers/gcc/7/default.nix b/pkgs/development/compilers/gcc/7/default.nix index e4e1f2038de5..fc1bd41f8ea3 100644 --- a/pkgs/development/compilers/gcc/7/default.nix +++ b/pkgs/development/compilers/gcc/7/default.nix @@ -30,7 +30,7 @@ assert libelf != null -> zlib != null; # Make sure we get GNU sed. -assert stdenv.hostPlatform.isDarwin -> gnused != null; +assert stdenv.buildPlatform.isDarwin -> gnused != null; # The go frontend is written in c++ assert langGo -> langCC; @@ -164,7 +164,11 @@ stdenv.mkDerivation ({ depsBuildBuild = [ buildPackages.stdenv.cc ]; nativeBuildInputs = [ texinfo which gettext ] - ++ (optional (perl != null) perl); + ++ (optional (perl != null) perl) + # The builder relies on GNU sed (for instance, Darwin's `sed' fails with + # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. + ++ (optional buildPlatform.isDarwin gnused) + ; # For building runtime libs depsBuildTarget = @@ -182,9 +186,6 @@ stdenv.mkDerivation ({ targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) - # The builder relies on GNU sed (for instance, Darwin's `sed' fails with - # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. - ++ (optional hostPlatform.isDarwin gnused) ; depsTargetTarget = optional (!crossStageStatic && threadsCross != null) threadsCross; diff --git a/pkgs/development/compilers/gcc/8/default.nix b/pkgs/development/compilers/gcc/8/default.nix index 7e94ec61c6b7..06c50d78d45e 100644 --- a/pkgs/development/compilers/gcc/8/default.nix +++ b/pkgs/development/compilers/gcc/8/default.nix @@ -30,7 +30,7 @@ assert libelf != null -> zlib != null; # Make sure we get GNU sed. -assert stdenv.hostPlatform.isDarwin -> gnused != null; +assert stdenv.buildPlatform.isDarwin -> gnused != null; # The go frontend is written in c++ assert langGo -> langCC; @@ -148,7 +148,11 @@ stdenv.mkDerivation ({ depsBuildBuild = [ buildPackages.stdenv.cc ]; nativeBuildInputs = [ texinfo which gettext ] - ++ (optional (perl != null) perl); + ++ (optional (perl != null) perl) + # The builder relies on GNU sed (for instance, Darwin's `sed' fails with + # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. + ++ (optional buildPlatform.isDarwin gnused) + ; # For building runtime libs depsBuildTarget = @@ -166,9 +170,6 @@ stdenv.mkDerivation ({ targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) - # The builder relies on GNU sed (for instance, Darwin's `sed' fails with - # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. - ++ (optional hostPlatform.isDarwin gnused) ; depsTargetTarget = optional (!crossStageStatic && threadsCross != null) threadsCross; diff --git a/pkgs/development/compilers/gcc/9/default.nix b/pkgs/development/compilers/gcc/9/default.nix index 707ead542f06..cb524e99fbd9 100644 --- a/pkgs/development/compilers/gcc/9/default.nix +++ b/pkgs/development/compilers/gcc/9/default.nix @@ -38,7 +38,7 @@ assert libelf != null -> zlib != null; # Make sure we get GNU sed. -assert stdenv.hostPlatform.isDarwin -> gnused != null; +assert stdenv.buildPlatform.isDarwin -> gnused != null; # The go frontend is written in c++ assert langGo -> langCC; @@ -161,6 +161,9 @@ stdenv.mkDerivation ({ nativeBuildInputs = [ texinfo which gettext ] ++ (optional (perl != null) perl) ++ (optional langAda gnatboot) + # The builder relies on GNU sed (for instance, Darwin's `sed' fails with + # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. + ++ (optional buildPlatform.isDarwin gnused) ; # For building runtime libs @@ -179,9 +182,6 @@ stdenv.mkDerivation ({ targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) - # The builder relies on GNU sed (for instance, Darwin's `sed' fails with - # "-i may not be used with stdin"), and `stdenvNative' doesn't provide it. - ++ (optional hostPlatform.isDarwin gnused) ; depsTargetTarget = optional (!crossStageStatic && threadsCross != null) threadsCross; From 0565276a075531b6dad21171de459473dd5e6a27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Janne=20He=C3=9F?= Date: Fri, 10 Dec 2021 18:04:11 +0100 Subject: [PATCH 013/138] openssl: Default version to 3.0 --- pkgs/top-level/all-packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 115e5b2696e4..fee4873e8a62 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -20627,7 +20627,7 @@ with pkgs; wolfssl = callPackage ../development/libraries/wolfssl { }; - openssl = openssl_1_1; + openssl = openssl_3; inherit (callPackages ../development/libraries/openssl { }) openssl_1_1 From c6de1d4b2442b96b66f0cd8bafcc0b50e62179a3 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 1 Aug 2022 17:47:15 +0200 Subject: [PATCH 014/138] openssl: fix static build https://mta.openssl.org/pipermail/openssl-users/2022-February/014906.html --- pkgs/development/libraries/openssl/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 0b4050c76cce..60f3a0eb45ee 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -135,6 +135,7 @@ let # See https://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options # for a comprehensive list of configuration options. ++ lib.optional (lib.versionAtLeast version "1.1.0" && static) "no-shared" + ++ lib.optional (lib.versionAtLeast version "3.0.0" && static) "no-module" # This introduces a reference to the CTLOG_FILE which is undesired when # trying to build binaries statically. ++ lib.optional static "no-ct" From 075b85282026478801afaa7680f99d8a047c7fe8 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 1 Aug 2022 17:48:17 +0200 Subject: [PATCH 015/138] openssl: versionAtLeast 1.1.0 -> 1.1.1 we don't have/support 1.1.0 anymore, so 1.1.1 is the new minimum --- pkgs/development/libraries/openssl/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 60f3a0eb45ee..471666129fc1 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -30,7 +30,7 @@ let postPatch = '' patchShebangs Configure - '' + lib.optionalString (lib.versionOlder version "1.1.0") '' + '' + lib.optionalString (lib.versionOlder version "1.1.1") '' patchShebangs test/* for a in test/t* ; do substituteInPlace "$a" \ @@ -40,7 +40,7 @@ let # config is a configure script which is not installed. + lib.optionalString (lib.versionAtLeast version "1.1.1") '' substituteInPlace config --replace '/usr/bin/env' '${buildPackages.coreutils}/bin/env' - '' + lib.optionalString (lib.versionAtLeast version "1.1.0" && stdenv.hostPlatform.isMusl) '' + '' + lib.optionalString (lib.versionAtLeast version "1.1.1" && stdenv.hostPlatform.isMusl) '' substituteInPlace crypto/async/arch/async_posix.h \ --replace '!defined(__ANDROID__) && !defined(__OpenBSD__)' \ '!defined(__ANDROID__) && !defined(__OpenBSD__) && 0' @@ -130,11 +130,11 @@ let ] ++ lib.optional enableSSL2 "enable-ssl2" ++ lib.optional enableSSL3 "enable-ssl3" ++ lib.optional (lib.versionAtLeast version "3.0.0") "enable-ktls" - ++ lib.optional (lib.versionAtLeast version "1.1.0" && stdenv.hostPlatform.isAarch64) "no-afalgeng" + ++ lib.optional (lib.versionAtLeast version "1.1.1" && stdenv.hostPlatform.isAarch64) "no-afalgeng" # OpenSSL needs a specific `no-shared` configure flag. # See https://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options # for a comprehensive list of configuration options. - ++ lib.optional (lib.versionAtLeast version "1.1.0" && static) "no-shared" + ++ lib.optional (lib.versionAtLeast version "1.1.1" && static) "no-shared" ++ lib.optional (lib.versionAtLeast version "3.0.0" && static) "no-module" # This introduces a reference to the CTLOG_FILE which is undesired when # trying to build binaries statically. From ac6e552a3049218b13362b4fed3b1fe4042dc0b8 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 7 Feb 2022 23:06:07 +0100 Subject: [PATCH 016/138] oven-media-engine: openssl_3_0 -> openssl --- pkgs/servers/misc/oven-media-engine/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/misc/oven-media-engine/default.nix b/pkgs/servers/misc/oven-media-engine/default.nix index 02e904fa98e6..76357bb4d8ab 100644 --- a/pkgs/servers/misc/oven-media-engine/default.nix +++ b/pkgs/servers/misc/oven-media-engine/default.nix @@ -5,7 +5,7 @@ , bc , pkg-config , perl -, openssl_3 +, openssl , zlib , ffmpeg , libvpx @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; nativeBuildInputs = [ bc pkg-config perl ]; - buildInputs = [ openssl_3 srt zlib ffmpeg libvpx libopus srtp jemalloc pcre2 libuuid ]; + buildInputs = [ openssl srt zlib ffmpeg libvpx libopus srtp jemalloc pcre2 libuuid ]; preBuild = '' patchShebangs core/colorg++ From af91144ef52a2ccb929b7af29cd16a4cf689c5ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Janne=20He=C3=9F?= Date: Sat, 25 Dec 2021 19:45:48 +0100 Subject: [PATCH 017/138] ibm-sw-tpm2: Pin OpenSSL 1.1.1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index fee4873e8a62..de1d9aeec586 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7424,7 +7424,9 @@ with pkgs; jamulus = libsForQt5.callPackage ../applications/audio/jamulus { }; - ibm-sw-tpm2 = callPackage ../tools/security/ibm-sw-tpm2 { }; + ibm-sw-tpm2 = callPackage ../tools/security/ibm-sw-tpm2 { + openssl = openssl_1_1; + }; ibniz = callPackage ../tools/graphics/ibniz { }; From 8b1f16573cc6fa50facc3fe3154ba437e64a9220 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 3 Apr 2022 22:42:33 +0100 Subject: [PATCH 018/138] python3.pkgs.cryptography: use openssl_1_1 --- pkgs/top-level/python-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index fc9c4d56149d..a010651b51b0 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -2086,6 +2086,7 @@ in { cryptography = callPackage ../development/python-modules/cryptography { inherit (pkgs.darwin) libiconv; inherit (pkgs.darwin.apple_sdk.frameworks) Security; + openssl = pkgs.openssl_1_1; }; cryptolyzer = callPackage ../development/python-modules/cryptolyzer { }; From 5cb3e0708147327d5f5fa8c8008a06cf462210c0 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sat, 9 Apr 2022 00:24:36 +0100 Subject: [PATCH 019/138] openvpn*: use matching openssl version for each release --- pkgs/tools/networking/openvpn/default.nix | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/networking/openvpn/default.nix b/pkgs/tools/networking/openvpn/default.nix index 71a14b169ac1..f6d4590e3185 100644 --- a/pkgs/tools/networking/openvpn/default.nix +++ b/pkgs/tools/networking/openvpn/default.nix @@ -5,6 +5,7 @@ , iproute2 , lzo , openssl +, openssl_1_1 , pam , useSystemd ? stdenv.isLinux , systemd @@ -17,7 +18,7 @@ let inherit (lib) versionOlder optional optionals optionalString; - generic = { version, sha256 }: + generic = { version, sha256, extraBuildInputs ? [] }: let withIpRoute = stdenv.isLinux && (versionOlder version "2.5.4"); in @@ -33,11 +34,12 @@ let nativeBuildInputs = [ pkg-config ]; - buildInputs = [ lzo openssl ] + buildInputs = [ lzo ] ++ optional stdenv.isLinux pam ++ optional withIpRoute iproute2 ++ optional useSystemd systemd - ++ optional pkcs11Support pkcs11helper; + ++ optional pkcs11Support pkcs11helper + ++ extraBuildInputs; configureFlags = optionals withIpRoute [ "--enable-iproute2" @@ -75,10 +77,12 @@ in openvpn_24 = generic { version = "2.4.12"; sha256 = "1vjx82nlkxrgzfiwvmmlnz8ids5m2fiqz7scy1smh3j9jnf2v5b6"; + extraBuildInputs = [ openssl_1_1 ]; }; openvpn = generic { version = "2.5.6"; sha256 = "0gdd88rcan9vfiwkzsqn6fxxdim7kb1bsxrcra59c5xksprpwfik"; + extraBuildInputs = [ openssl ]; }; } From a90227726294c7de57fee120c3a193d9272a89a7 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sat, 9 Apr 2022 10:54:25 +0100 Subject: [PATCH 020/138] ruby*: use matching openssl version for each release --- pkgs/development/interpreters/ruby/default.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/pkgs/development/interpreters/ruby/default.nix b/pkgs/development/interpreters/ruby/default.nix index 236508d67353..524734b5a5fa 100644 --- a/pkgs/development/interpreters/ruby/default.nix +++ b/pkgs/development/interpreters/ruby/default.nix @@ -1,9 +1,10 @@ { stdenv, buildPackages, lib , fetchurl, fetchpatch, fetchFromSavannah, fetchFromGitHub -, zlib, openssl, gdbm, ncurses, readline, groff, libyaml, libffi, jemalloc, autoreconfHook, bison +, zlib, gdbm, ncurses, readline, groff, libyaml, libffi, jemalloc, autoreconfHook, bison , autoconf, libiconv, libobjc, libunwind, Foundation , buildEnv, bundler, bundix , makeWrapper, buildRubyGem, defaultGemConfig, removeReferencesTo +, openssl, openssl_1_1 } @ args: let @@ -26,7 +27,7 @@ let , useRailsExpress ? true , rubygemsSupport ? true , zlib, zlibSupport ? true - , openssl, opensslSupport ? true + , openssl, openssl_1_1, opensslSupport ? true , gdbm, gdbmSupport ? true , ncurses, readline, cursesSupport ? true , groff, docSupport ? true @@ -75,7 +76,8 @@ let ++ (op fiddleSupport libffi) ++ (ops cursesSupport [ ncurses readline ]) ++ (op zlibSupport zlib) - ++ (op opensslSupport openssl) + ++ (op (lib.versionOlder ver.majMin "3.0" && opensslSupport) openssl_1_1) + ++ (op (atLeast30 && opensslSupport) openssl_1_1) ++ (op gdbmSupport gdbm) ++ (op yamlSupport libyaml) # Looks like ruby fails to build on darwin without readline even if curses From 498d67e45efa175e324f0811a613f9b6c5a55212 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 17 Apr 2022 23:34:47 +0100 Subject: [PATCH 021/138] krb5: use openssl_1_1 --- pkgs/top-level/all-packages.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index de1d9aeec586..3960ef1c67e2 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -18714,6 +18714,8 @@ with pkgs; krb5 = callPackage ../development/libraries/kerberos/krb5.nix { inherit (buildPackages.darwin) bootstrap_cmds; + # TODO: can be removed once we have 1.20 + openssl = openssl_1_1; }; krb5Full = krb5; libkrb5 = krb5.override { type = "lib"; }; From 7cf34b26e97e72100557aa4903dea4d1607b1e95 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Tue, 31 May 2022 22:21:24 +0200 Subject: [PATCH 022/138] coturn: use openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 3960ef1c67e2..91ca44afdcb2 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -3410,7 +3410,9 @@ with pkgs; cot = with python3Packages; toPythonApplication cot; - coturn = callPackage ../servers/coturn { }; + coturn = callPackage ../servers/coturn { + openssl = openssl_1_1; + }; coursier = callPackage ../development/tools/coursier {}; From 94d808692485abbdf2f60743502e873243de9ccf Mon Sep 17 00:00:00 2001 From: ajs124 Date: Tue, 31 May 2022 23:37:19 +0200 Subject: [PATCH 023/138] lighttpd: pin to openssl_1_1 tests fail with openssl_3_0 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 91ca44afdcb2..f07278283531 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -22640,7 +22640,9 @@ with pkgs; nodejs = nodejs-14_x; }; - lighttpd = callPackage ../servers/http/lighttpd { }; + lighttpd = callPackage ../servers/http/lighttpd { + openssl = openssl_1_1; + }; listmonk = callPackage ../servers/mail/listmonk { }; From ed3fab51733f66c455c5b828891cd40580680a93 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Tue, 31 May 2022 23:57:20 +0200 Subject: [PATCH 024/138] nodejs-14_x: pin to openssl_1_1 --- pkgs/development/web/nodejs/v14.nix | 3 ++- pkgs/top-level/all-packages.nix | 5 ++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/pkgs/development/web/nodejs/v14.nix b/pkgs/development/web/nodejs/v14.nix index ab2d2c01bc18..457e0ff29e1a 100644 --- a/pkgs/development/web/nodejs/v14.nix +++ b/pkgs/development/web/nodejs/v14.nix @@ -1,7 +1,8 @@ -{ callPackage, python3, lib, stdenv, enableNpm ? true }: +{ callPackage, python3, lib, stdenv, openssl, enableNpm ? true }: let buildNodejs = callPackage ./nodejs.nix { + inherit openssl; python = python3; }; in diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f07278283531..4316d33fc10e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8241,8 +8241,11 @@ with pkgs; nodejs-slim = nodejs-slim-16_x; - nodejs-14_x = callPackage ../development/web/nodejs/v14.nix { }; + nodejs-14_x = callPackage ../development/web/nodejs/v14.nix { + openssl = openssl_1_1; + }; nodejs-slim-14_x = callPackage ../development/web/nodejs/v14.nix { + openssl = openssl_1_1; enableNpm = false; }; nodejs-16_x = callPackage ../development/web/nodejs/v16.nix { }; From bf95b6e456e80a820e2d27f6b8c4a56ef74a5b2b Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 26 May 2022 02:51:04 +0200 Subject: [PATCH 025/138] qca2: remove --- pkgs/development/libraries/qca2/default.nix | 35 ------------------- .../development/libraries/qca2/libressl.patch | 28 --------------- pkgs/top-level/aliases.nix | 1 + pkgs/top-level/all-packages.nix | 2 -- 4 files changed, 1 insertion(+), 65 deletions(-) delete mode 100644 pkgs/development/libraries/qca2/default.nix delete mode 100644 pkgs/development/libraries/qca2/libressl.patch diff --git a/pkgs/development/libraries/qca2/default.nix b/pkgs/development/libraries/qca2/default.nix deleted file mode 100644 index 42dcf1a87d36..000000000000 --- a/pkgs/development/libraries/qca2/default.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ lib, stdenv, fetchurl, openssl, cmake, pkg-config, qt, darwin }: - -stdenv.mkDerivation rec { - pname = "qca"; - version = "2.2.1"; - - src = fetchurl { - url = "http://download.kde.org/stable/qca/${version}/qca-${version}.tar.xz"; - sha256 = "00kv1vsrc8fp556hm8s6yw3240vx3l4067q6vfxrb3gdwgcd45np"; - }; - - nativeBuildInputs = [ cmake pkg-config ]; - buildInputs = [ openssl qt ] - ++ lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.Security; - - # tells CMake to use this CA bundle file if it is accessible - preConfigure = '' - export QC_CERTSTORE_PATH=/etc/ssl/certs/ca-certificates.crt - ''; - - # tricks CMake into using this CA bundle file if it is not accessible (in a sandbox) - cmakeFlags = [ "-Dqca_CERTSTORE=/etc/ssl/certs/ca-certificates.crt" ]; - - postPatch = '' - sed -i -e '1i cmake_policy(SET CMP0025 NEW)' CMakeLists.txt - ''; - - meta = with lib; { - description = "Qt Cryptographic Architecture"; - license = "LGPL"; - homepage = "http://delta.affinix.com/qca"; - maintainers = [ maintainers.sander ]; - platforms = platforms.unix; - }; -} diff --git a/pkgs/development/libraries/qca2/libressl.patch b/pkgs/development/libraries/qca2/libressl.patch deleted file mode 100644 index c9b0267f85d8..000000000000 --- a/pkgs/development/libraries/qca2/libressl.patch +++ /dev/null @@ -1,28 +0,0 @@ ---- a/plugins/qca-ossl/qca-ossl.cpp 2015-12-02 09:34:25.810682094 +0000 -+++ b/plugins/qca-ossl/qca-ossl.cpp 2015-12-02 09:29:51.720392423 +0000 -@@ -5403,11 +5403,13 @@ - ctx = SSL_CTX_new(SSLv2_client_method()); - break; - #endif -+#ifndef OPENSSL_NO_SSL3 - case TLS::SSL_v3: - ctx = SSL_CTX_new(SSLv3_client_method()); - break; -+#endif - case TLS::TLS_v1: -+ ctx = SSL_CTX_new(SSLv23_client_method()); -- ctx = SSL_CTX_new(TLSv1_client_method()); - break; - case TLS::DTLS_v1: - default: -@@ -7133,8 +7135,10 @@ - return new opensslInfoContext(this); - else if ( type == "sha1" ) - return new opensslHashContext( EVP_sha1(), this, type); -+#ifndef OPENSSL_NO_SHA0 - else if ( type == "sha0" ) - return new opensslHashContext( EVP_sha(), this, type); -+#endif - else if ( type == "ripemd160" ) - return new opensslHashContext( EVP_ripemd160(), this, type); - #ifdef HAVE_OPENSSL_MD2 diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 3d1eb0c2035a..f7e0a6fd87a3 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -1192,6 +1192,7 @@ mapAliases ({ QmidiNet = throw "'QmidiNet' has been renamed to/replaced by 'qmidinet'"; # Converted to throw 2022-02-22 qca-qt5 = throw "'qca-qt5' has been renamed to/replaced by 'libsForQt5.qca-qt5'"; # Converted to throw 2022-02-22 + qca2 = throw "qca2 has been removed, because it depended on qt4"; # Added 2022-05-26 qcsxcad = libsForQt5.qcsxcad; # Added 2020-11-05 qflipper = qFlipper; # Added 2022-02-11 qmk_firmware = throw "qmk_firmware has been removed because it was broken"; # Added 2021-04-02 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4316d33fc10e..fb3a8de23630 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -20832,8 +20832,6 @@ with pkgs; qbs = libsForQt5.callPackage ../development/tools/build-managers/qbs { }; - qca2 = callPackage ../development/libraries/qca2 { qt = qt4; }; - qimageblitz = callPackage ../development/libraries/qimageblitz {}; qolibri = libsForQt5.callPackage ../applications/misc/qolibri { }; From 1c6327d79d72bdb2526341903ceedbe05017b3ef Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 1 Jun 2022 00:12:25 +0200 Subject: [PATCH 026/138] freeswitch: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index fb3a8de23630..1c30ed673d2d 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -22482,6 +22482,7 @@ with pkgs; freeswitch = callPackage ../servers/sip/freeswitch { inherit (darwin.apple_sdk.frameworks) SystemConfiguration; + openssl = openssl_1_1; }; fusionInventory = callPackage ../servers/monitoring/fusion-inventory { }; From 08ed8cfc65d70bf19fc2aa46526ed31d013fe978 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 1 Jun 2022 00:14:04 +0200 Subject: [PATCH 027/138] libsForQt.qca-qt5_2_3_2: pin to openssl_1_1 --- pkgs/top-level/qt5-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/qt5-packages.nix b/pkgs/top-level/qt5-packages.nix index c4bd055f5738..02735c5b0f46 100644 --- a/pkgs/top-level/qt5-packages.nix +++ b/pkgs/top-level/qt5-packages.nix @@ -175,7 +175,9 @@ in (kdeFrameworks // plasmaMobileGear // plasma5 // plasma5.thirdParty // kdeGea qca-qt5 = callPackage ../development/libraries/qca-qt5 { }; # Until macOS SDK allows for Qt 5.15, darwin is limited to 2.3.2 - qca-qt5_2_3_2 = callPackage ../development/libraries/qca-qt5/2.3.2.nix { }; + qca-qt5_2_3_2 = callPackage ../development/libraries/qca-qt5/2.3.2.nix { + openssl = pkgs.openssl_1_1; + }; qcoro = callPackage ../development/libraries/qcoro { }; From 3c33219182cc4666754a2022a60f1aae5a7f2b5e Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 1 Jun 2022 00:14:59 +0200 Subject: [PATCH 028/138] mysql57: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1c30ed673d2d..8c96e59a7a96 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23015,6 +23015,7 @@ with pkgs; inherit (darwin.apple_sdk.frameworks) CoreServices; boost = boost159; protobuf = protobuf3_7; + openssl = openssl_1_1; }; mysql80 = callPackage ../servers/sql/mysql/8.0.x.nix { From b802fc1e5c6aae7a8800433938cbba7df707bed0 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 1 Jun 2022 00:15:04 +0200 Subject: [PATCH 029/138] mysql80: pin to openssl_1_1 --- pkgs/servers/sql/mysql/8.0.x.nix | 2 +- pkgs/top-level/all-packages.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/servers/sql/mysql/8.0.x.nix b/pkgs/servers/sql/mysql/8.0.x.nix index a59bd44fb028..d40d42a41d07 100644 --- a/pkgs/servers/sql/mysql/8.0.x.nix +++ b/pkgs/servers/sql/mysql/8.0.x.nix @@ -23,7 +23,7 @@ self = stdenv.mkDerivation rec { ''; buildInputs = [ - boost curl icu libedit libevent lz4 ncurses openssl protobuf re2 readline zlib + boost (curl.override { inherit openssl; }) icu libedit libevent lz4 ncurses openssl protobuf re2 readline zlib zstd libfido2 ] ++ lib.optionals stdenv.isLinux [ numactl libtirpc diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 8c96e59a7a96..7c692ab1e875 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23024,6 +23024,7 @@ with pkgs; boost = boost177; # Configure checks for specific version. protobuf = protobuf3_19; icu = icu69; + openssl = openssl_1_1; }; mysql_jdbc = callPackage ../servers/sql/mysql/jdbc { }; From 1f48d6fd5000461e7501942f4f2da9b62330bfe8 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 1 Jun 2022 01:23:48 +0200 Subject: [PATCH 030/138] cyrus_sasl: pin to openssl_1_1 fixes openldap(???) can hopefully be dropped once https://github.com/cyrusimap/cyrus-sasl/pull/653 makes it into a release --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 7c692ab1e875..6e1b6833d4c0 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -17570,6 +17570,7 @@ with pkgs; cyrus_sasl = callPackage ../development/libraries/cyrus-sasl { libkrb5 = if stdenv.isFreeBSD then libheimdal else libkrb5; + openssl = openssl_1_1; }; # Make bdb5 the default as it is the last release under the custom From de5a1214ce07075f3800fe4a9e2c10821a32bf10 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 9 Jun 2022 00:35:29 +0200 Subject: [PATCH 031/138] openldap: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6e1b6833d4c0..00d838c12332 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -20590,7 +20590,9 @@ with pkgs; openexrid-unstable = callPackage ../development/libraries/openexrid-unstable { }; - openldap = callPackage ../development/libraries/openldap { }; + openldap = callPackage ../development/libraries/openldap { + openssl = openssl_1_1; + }; opencolorio = callPackage ../development/libraries/opencolorio { inherit (darwin.apple_sdk.frameworks) Carbon GLUT Cocoa; From 484f8ab00c9a5074fe1558ded47100b29d5c6901 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 1 Jun 2022 13:12:06 +0200 Subject: [PATCH 032/138] python3.pkgs.m2crypto: pin to openssl_1_1 --- pkgs/top-level/python-packages.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index a010651b51b0..6cfcdc82c07e 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -5313,7 +5313,10 @@ in { lzstring = callPackage ../development/python-modules/lzstring { }; - m2crypto = callPackage ../development/python-modules/m2crypto { }; + m2crypto = callPackage ../development/python-modules/m2crypto { + # https://gitlab.com/m2crypto/m2crypto/-/issues/310 + openssl = pkgs.openssl_1_1; + }; m2r = callPackage ../development/python-modules/m2r { }; From e472d36311af193497efaef846d025985ca074b6 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 1 Jun 2022 13:23:51 +0200 Subject: [PATCH 033/138] perlPackages.CryptOpenSSLRSA: pin to openssl_1_1 https://github.com/toddr/Crypt-OpenSSL-RSA/issues/31 --- pkgs/top-level/perl-packages.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index 39cd70147d4b..55f09410856c 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -4862,8 +4862,8 @@ let sha256 = "4173403ad4cf76732192099f833fbfbf3cd8104e0246b3844187ae384d2c5436"; }; propagatedBuildInputs = [ CryptOpenSSLRandom ]; - NIX_CFLAGS_COMPILE = "-I${pkgs.openssl.dev}/include"; - NIX_CFLAGS_LINK = "-L${lib.getLib pkgs.openssl}/lib -lcrypto"; + NIX_CFLAGS_COMPILE = "-I${pkgs.openssl_1_1.dev}/include"; + NIX_CFLAGS_LINK = "-L${lib.getLib pkgs.openssl_1_1}/lib -lcrypto"; buildInputs = [ CryptOpenSSLGuess ]; }; From f8ce3f931111401eebd2e1753577ab66b38e2ddf Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 1 Jun 2022 13:33:27 +0200 Subject: [PATCH 034/138] lua-modules: pin to openssl_1_1 --- pkgs/development/lua-modules/overrides.nix | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/pkgs/development/lua-modules/overrides.nix b/pkgs/development/lua-modules/overrides.nix index 60fcf2ca1ca5..418db1b7bd3b 100644 --- a/pkgs/development/lua-modules/overrides.nix +++ b/pkgs/development/lua-modules/overrides.nix @@ -31,8 +31,8 @@ with prev; cqueues = (prev.lib.overrideLuarocks prev.cqueues (drv: { externalDeps = [ - { name = "CRYPTO"; dep = pkgs.openssl; } - { name = "OPENSSL"; dep = pkgs.openssl; } + { name = "CRYPTO"; dep = pkgs.openssl_1_1; } + { name = "OPENSSL"; dep = pkgs.openssl_1_1; } ]; disabled = luaOlder "5.1" || luaAtLeast "5.4"; })).overrideAttrs(oa: rec { @@ -271,14 +271,15 @@ with prev; luaossl = prev.lib.overrideLuarocks prev.luaossl (drv: { externalDeps = [ - { name = "CRYPTO"; dep = pkgs.openssl; } - { name = "OPENSSL"; dep = pkgs.openssl; } + # https://github.com/wahern/luaossl/pull/199 + { name = "CRYPTO"; dep = pkgs.openssl_1_1; } + { name = "OPENSSL"; dep = pkgs.openssl_1_1; } ]; }); luasec = prev.lib.overrideLuarocks prev.luasec (drv: { externalDeps = [ - { name = "OPENSSL"; dep = pkgs.openssl; } + { name = "OPENSSL"; dep = pkgs.openssl_1_1; } ]; }); From c88c43e559d84e2fdcc406bfb083b1616b74ece3 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 2 Jun 2022 01:41:50 +0200 Subject: [PATCH 035/138] libs3: update and fix build against openssl3 --- pkgs/development/libraries/libs3/default.nix | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/pkgs/development/libraries/libs3/default.nix b/pkgs/development/libraries/libs3/default.nix index d30fc55fc77f..b9f9278fad8c 100644 --- a/pkgs/development/libraries/libs3/default.nix +++ b/pkgs/development/libraries/libs3/default.nix @@ -1,19 +1,26 @@ -{ lib, stdenv, fetchFromGitHub, curl, libxml2 }: +{ lib, stdenv, fetchFromGitHub, fetchpatch, curl, libxml2 }: stdenv.mkDerivation { pname = "libs3"; - version = "unstable-2018-12-03"; + version = "unstable-2019-04-10"; src = fetchFromGitHub { owner = "bji"; repo = "libs3"; - rev = "111dc30029f64bbf82031f3e160f253a0a63c119"; - sha256 = "1ahf08hc7ql3fazfmlyj9vrhq7cvarsmgn2v8149y63zr1fl61hs"; + rev = "287e4bee6fd430ffb52604049de80a27a77ff6b4"; + hash = "sha256-xgiY8oJlRMiXB1fw5dhNidfaq18YVwaJ8aErKU11O6U="; }; + patches = [ + (fetchpatch { # Fix compilation with openssl 3.0 + url = "https://github.com/bji/libs3/pull/112/commits/3c3a1cf915e62b730db854d8007ba835cb38677c.patch"; + hash = "sha256-+rWRh8dOznHlamc/T9qbgN0E2Rww3Hn94UeErxNDccs="; + }) + ]; + buildInputs = [ curl libxml2 ]; - makeFlags = [ "DESTDIR=$(out)" ]; + makeFlags = [ "DESTDIR=${placeholder "out"}" ]; meta = with lib; { homepage = "https://github.com/bji/libs3"; From 58edfe972f134b964a1bd7a60c9aef05fde58727 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Tue, 7 Jun 2022 19:55:39 +0200 Subject: [PATCH 036/138] apk-tools: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 00d838c12332..4e9c802e2fb0 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1912,6 +1912,7 @@ with pkgs; apk-tools = callPackage ../tools/package-management/apk-tools { lua = lua5_3; + openssl = openssl_1_1; }; apkid = callPackage ../development/tools/apkid { }; From 2a49c87bc5365ebbaad4cc3eebdec78b2474cf6e Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 8 Jun 2022 23:42:43 +0200 Subject: [PATCH 037/138] haskellPackages.hopenssl: use openssl_1_1 --- pkgs/development/haskell-modules/configuration-common.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix index 3db220ab901a..676bff625267 100644 --- a/pkgs/development/haskell-modules/configuration-common.nix +++ b/pkgs/development/haskell-modules/configuration-common.nix @@ -2393,6 +2393,9 @@ self: super: { ''; }) super.linear-base; + # https://github.com/peti/hopenssl/issues/5 + hopenssl = super.hopenssl.override { openssl = pkgs.openssl_1_1; }; + # Fixes compilation with GHC 9.0 and above # https://hub.darcs.net/shelarcy/regex-compat-tdfa/issue/3 regex-compat-tdfa = appendPatches [ From 2a32ce73ac50846e064f767609098aebba9301e0 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 9 Jun 2022 00:48:49 +0200 Subject: [PATCH 038/138] serf: pin to openssl_1_1 to fix the subversion build --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4e9c802e2fb0..b4e50213e2aa 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -21192,7 +21192,9 @@ with pkgs; serd = callPackage ../development/libraries/serd {}; - serf = callPackage ../development/libraries/serf {}; + serf = callPackage ../development/libraries/serf { + openssl = openssl_1_1; + }; sfsexp = callPackage ../development/libraries/sfsexp {}; From 35099b99b018338d0c5b5a538e81c1b135e6f01c Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 15 Jun 2022 17:54:49 +0200 Subject: [PATCH 039/138] dovecot: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index b4e50213e2aa..78fbabe6224e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -22424,7 +22424,9 @@ with pkgs; dodgy = with python3Packages; toPythonApplication dodgy; - dovecot = callPackage ../servers/mail/dovecot { }; + dovecot = callPackage ../servers/mail/dovecot { + openssl = openssl_1_1; + }; dovecot_pigeonhole = callPackage ../servers/mail/dovecot/plugins/pigeonhole { }; dovecot_fts_xapian = callPackage ../servers/mail/dovecot/plugins/fts_xapian { }; From 9601981023536af15822c11673d8891c9e1a26d1 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 15 Jun 2022 18:27:08 +0200 Subject: [PATCH 040/138] libewf: fix build with OpenSSL 3.0 --- pkgs/development/libraries/libewf/default.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libewf/default.nix b/pkgs/development/libraries/libewf/default.nix index 1935c7d947ff..c7311d166b33 100644 --- a/pkgs/development/libraries/libewf/default.nix +++ b/pkgs/development/libraries/libewf/default.nix @@ -1,4 +1,4 @@ -{ fetchurl, lib, stdenv, zlib, openssl, libuuid, pkg-config, bzip2 }: +{ fetchurl, fetchpatch, lib, stdenv, zlib, openssl, libuuid, pkg-config, bzip2 }: stdenv.mkDerivation rec { version = "20201230"; @@ -6,9 +6,17 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://github.com/libyal/libewf/releases/download/${version}/libewf-experimental-${version}.tar.gz"; - sha256 = "sha256-10r4jPzsA30nHQzjdg/VkwTG1PwOskwv8Bra34ZPMgc="; + hash = "sha256-10r4jPzsA30nHQzjdg/VkwTG1PwOskwv8Bra34ZPMgc="; }; + patches = [ + # fix build with OpenSSL 3.0 + (fetchpatch { + url = "https://github.com/libyal/libewf/commit/033ea5b4e5f8f1248f74a2ec61fc1be183c6c46b.patch"; + hash = "sha256-R4+NO/91kiZP48SJyVF9oYjKCg1h/9Kh8/0VOEmJXPQ="; + }) + ]; + nativeBuildInputs = [ pkg-config ]; buildInputs = [ zlib openssl libuuid ] ++ lib.optionals stdenv.isDarwin [ bzip2 ]; From 6ebaf8532ecc4b467518622b188e6737b44faf4d Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 15 Jun 2022 18:33:32 +0200 Subject: [PATCH 041/138] thrift: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 78fbabe6224e..00ee17172cd1 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -21559,7 +21559,9 @@ with pkgs; theft = callPackage ../development/libraries/theft { }; - thrift = callPackage ../development/libraries/thrift { }; + thrift = callPackage ../development/libraries/thrift { + openssl = openssl_1_1; + }; thrift-0_10 = callPackage ../development/libraries/thrift/0.10.nix { }; From 84f17a3082491d6a01baa840e3a94c5fb6128941 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 1 Jun 2022 00:07:33 +0200 Subject: [PATCH 042/138] mariadb: use openssl_1_1 for older releases https://jira.mariadb.org/browse/MDEV-28339 --- pkgs/servers/sql/mariadb/default.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/pkgs/servers/sql/mariadb/default.nix b/pkgs/servers/sql/mariadb/default.nix index 71b638b9ab8c..6cedd8d05fb4 100644 --- a/pkgs/servers/sql/mariadb/default.nix +++ b/pkgs/servers/sql/mariadb/default.nix @@ -2,7 +2,7 @@ # Native buildInputs components , bison, boost, cmake, fixDarwinDylibNames, flex, makeWrapper, pkg-config # Common components -, curl, libiconv, ncurses, openssl, pcre, pcre2 +, curl, libiconv, ncurses, openssl, openssl_1_1, pcre, pcre2 , libkrb5, libaio, liburing, systemd , CoreServices, cctools, perl , jemalloc, less, libedit @@ -39,13 +39,16 @@ commonOptions = packageSettings: rec { # attributes common to both builds ++ lib.optional (!stdenv.hostPlatform.isDarwin) makeWrapper; buildInputs = [ - curl libiconv ncurses openssl zlib + libiconv ncurses zlib ] ++ (packageSettings.extraBuildInputs or []) ++ lib.optionals stdenv.hostPlatform.isLinux ([ libkrb5 systemd ] ++ (if (lib.versionOlder version "10.6") then [ libaio ] else [ liburing ])) ++ lib.optionals stdenv.hostPlatform.isDarwin [ CoreServices cctools perl libedit ] ++ lib.optional (!stdenv.hostPlatform.isDarwin) [ jemalloc ] - ++ (if (lib.versionOlder version "10.5") then [ pcre ] else [ pcre2 ]); + ++ (if (lib.versionOlder version "10.5") then [ pcre ] else [ pcre2 ]) + ++ (if (lib.versionOlder version "10.8") + then [ openssl_1_1 (curl.override { openssl = openssl_1_1; }) ] + else [ openssl curl ]); prePatch = '' sed -i 's,[^"]*/var/log,/var/log,g' storage/mroonga/vendor/groonga/CMakeLists.txt From e51d2c27156721c47842429dc824ec39fc094321 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 15 Jun 2022 19:10:57 +0200 Subject: [PATCH 043/138] erlang*: use matching openssl version for each release --- pkgs/top-level/beam-packages.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/top-level/beam-packages.nix b/pkgs/top-level/beam-packages.nix index 714873775269..9cd28546dd40 100644 --- a/pkgs/top-level/beam-packages.nix +++ b/pkgs/top-level/beam-packages.nix @@ -1,4 +1,5 @@ { beam, callPackage, wxGTK30, buildPackages, stdenv +, openssl_1_1 , wxSupport ? true , systemdSupport ? stdenv.isLinux }: @@ -51,6 +52,7 @@ with beam; { # R23 erlangR23 = lib.callErlang ../development/interpreters/erlang/R23.nix { + openssl = openssl_1_1; wxGTK = wxGTK30; # Can be enabled since the bug has been fixed in https://github.com/erlang/otp/pull/2508 parallelBuild = true; @@ -66,6 +68,7 @@ with beam; { # R22 erlangR22 = lib.callErlang ../development/interpreters/erlang/R22.nix { + openssl = openssl_1_1; wxGTK = wxGTK30; # Can be enabled since the bug has been fixed in https://github.com/erlang/otp/pull/2508 parallelBuild = true; @@ -81,6 +84,7 @@ with beam; { # R21 erlangR21 = lib.callErlang ../development/interpreters/erlang/R21.nix { + openssl = openssl_1_1; wxGTK = wxGTK30; autoconf = buildPackages.autoconf269; inherit wxSupport systemdSupport; From 80f2c05c52ce35177e87ae40c6cc591632da55ad Mon Sep 17 00:00:00 2001 From: ajs124 Date: Fri, 17 Jun 2022 13:28:48 +0200 Subject: [PATCH 044/138] php80Extensions.openssl: pin to openssl_1_1 --- pkgs/top-level/php-packages.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/php-packages.nix b/pkgs/top-level/php-packages.nix index ce3af252abc7..e3f03fd46877 100644 --- a/pkgs/top-level/php-packages.nix +++ b/pkgs/top-level/php-packages.nix @@ -31,6 +31,7 @@ , net-snmp , oniguruma , openldap +, openssl_1_1 , openssl , pam , pcre2 @@ -407,7 +408,7 @@ lib.makeScope pkgs.newScope (self: with self; { } { name = "openssl"; - buildInputs = [ openssl ]; + buildInputs = if (lib.versionAtLeast php.version "8.1") then [ openssl ] else [ openssl_1_1 ]; configureFlags = [ "--with-openssl" ]; doCheck = false; } From 8d8f4cde9bfd1dd77fc68cd432a6f6fcbb9b7406 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Fri, 17 Jun 2022 17:39:27 +0200 Subject: [PATCH 045/138] sbsigntool: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 00ee17172cd1..ce97fe5b1468 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7117,7 +7117,9 @@ with pkgs; efitools = callPackage ../tools/security/efitools { }; - sbsigntool = callPackage ../tools/security/sbsigntool { }; + sbsigntool = callPackage ../tools/security/sbsigntool { + openssl = openssl_1_1; + }; gsmartcontrol = callPackage ../tools/misc/gsmartcontrol { }; From 3ab75249abcbb1b2352999bfb97e2c7bb6f8e5c8 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Fri, 17 Jun 2022 17:39:34 +0200 Subject: [PATCH 046/138] sbsigntool: clean up a bit --- pkgs/tools/security/sbsigntool/default.nix | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/pkgs/tools/security/sbsigntool/default.nix b/pkgs/tools/security/sbsigntool/default.nix index 4c548bbd535f..34c5e4d235c8 100644 --- a/pkgs/tools/security/sbsigntool/default.nix +++ b/pkgs/tools/security/sbsigntool/default.nix @@ -35,12 +35,7 @@ stdenv.mkDerivation rec { automake --add-missing -Wno-portability ./configure --prefix=$out - ''; - - installPhase = '' - mkdir -p $out - make install - ''; + ''; meta = with lib; { description = "Tools for maintaining UEFI signature databases"; @@ -50,4 +45,3 @@ stdenv.mkDerivation rec { license = licenses.gpl3; }; } - From 8496e1a448c6aef75afeae2bb3ed4084da3b8729 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Fri, 17 Jun 2022 18:01:25 +0200 Subject: [PATCH 047/138] dot-http: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index ce97fe5b1468..34b93f0aece3 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -2374,6 +2374,7 @@ with pkgs; dpt-rp1-py = callPackage ../tools/misc/dpt-rp1-py { }; dot-http = callPackage ../development/tools/dot-http { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; }; From f38d2ae25a095fc031f5d85b7ceb95fa4f420aa5 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Fri, 17 Jun 2022 18:01:35 +0200 Subject: [PATCH 048/138] dogdns: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 34b93f0aece3..2cf755af5591 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5610,6 +5610,7 @@ with pkgs; dog = callPackage ../tools/system/dog { }; dogdns = callPackage ../tools/networking/dogdns { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; }; From 42d8c348f8c34aa859f67124e0c25be79b735afb Mon Sep 17 00:00:00 2001 From: ajs124 Date: Fri, 17 Jun 2022 18:01:41 +0200 Subject: [PATCH 049/138] freeradius: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 2cf755af5591..04d352d5061c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -22492,7 +22492,9 @@ with pkgs; inherit (callPackages ../servers/firebird { }) firebird_4 firebird_3 firebird_2_5 firebird; - freeradius = callPackage ../servers/freeradius { }; + freeradius = callPackage ../servers/freeradius { + openssl = openssl_1_1; + }; freeswitch = callPackage ../servers/sip/freeswitch { inherit (darwin.apple_sdk.frameworks) SystemConfiguration; From 69f1ec7f3a394353161b12eb99fb60d02e5a8e4b Mon Sep 17 00:00:00 2001 From: ajs124 Date: Tue, 28 Jun 2022 00:39:38 +0200 Subject: [PATCH 050/138] qt5_openssl_1_1: init this is needed, because some qt modules propagate openssl --- pkgs/top-level/all-packages.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 04d352d5061c..bfa304c812d1 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -20925,6 +20925,21 @@ with pkgs; qt5 = qt515; libsForQt5 = libsForQt515; + # TODO: remove once no package needs this anymore or together with OpenSSL 1.1 + qt5_openssl_1_1 = qt5.overrideScope' (_: super: { + qtbase = super.qtbase.override { + openssl = openssl_1_1; + libmysqlclient = libmysqlclient.override { + openssl = openssl_1_1; + curl = curl.override { openssl = openssl_1_1; }; + }; + }; + }); + libsForQt5_openssl_1_1 = recurseIntoAttrs (import ./qt5-packages.nix { + inherit lib pkgs; + qt5 = qt5_openssl_1_1; + }); + # plasma5Packages maps to the Qt5 packages set that is used to build the plasma5 desktop plasma5Packages = libsForQt515; From e20f0040c63c73a866bada759831d66a64c808c9 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 27 Jun 2022 20:51:35 +0200 Subject: [PATCH 051/138] mumble: fix build by using qt5_openssl_1_1 --- pkgs/top-level/all-packages.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index bfa304c812d1..efc7345769f6 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -29322,12 +29322,14 @@ with pkgs; pulseSupport = config.pulseaudio or false; iceSupport = config.murmur.iceSupport or true; grpcSupport = config.murmur.grpcSupport or true; + qt5 = qt5_openssl_1_1; }).murmur; mumble = (callPackages ../applications/networking/mumble { avahi = avahi-compat; jackSupport = config.mumble.jackSupport or false; speechdSupport = config.mumble.speechdSupport or false; + qt5 = qt5_openssl_1_1; }).mumble; mumble_overlay = callPackage ../applications/networking/mumble/overlay.nix { From 302e4e8c75eba6bf26e717959ee50120f2de3d2b Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 01:46:32 +0200 Subject: [PATCH 052/138] amarok: pin to openssl 1.1 --- pkgs/top-level/all-packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index efc7345769f6..f3477ce25884 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -26060,7 +26060,7 @@ with pkgs; msgviewer = callPackage ../applications/networking/mailreaders/msgviewer { }; - amarok = libsForQt5.callPackage ../applications/audio/amarok { }; + amarok = libsForQt5_openssl_1_1.callPackage ../applications/audio/amarok { }; amarok-kf5 = amarok; # for compatibility amfora = callPackage ../applications/networking/browsers/amfora { }; From d39a635d8ce3f5a67c4a4d1ae288a66149381923 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 02:51:02 +0200 Subject: [PATCH 053/138] hurl: pin to openssl 1.1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f3477ce25884..ad40d3e19d68 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7396,7 +7396,9 @@ with pkgs; httpx = callPackage ../tools/security/httpx { }; - hurl = callPackage ../tools/networking/hurl { }; + hurl = callPackage ../tools/networking/hurl { + openssl = openssl_1_1; + }; hub = callPackage ../applications/version-management/git-and-tools/hub { }; From ece71cc343eff654ddc5a9560fa37c84b90fcf7c Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 13:31:22 +0200 Subject: [PATCH 054/138] nodejs-16_x-openssl_1_1 & yarn2nix-moretea-openssl_1_1: init --- pkgs/top-level/all-packages.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index ad40d3e19d68..1af26dc71297 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8259,6 +8259,7 @@ with pkgs; nodejs-slim-16_x = callPackage ../development/web/nodejs/v16.nix { enableNpm = false; }; + nodejs-16_x-openssl_1_1 = callPackage ../development/web/nodejs/v16.nix { }; nodejs-18_x = callPackage ../development/web/nodejs/v18.nix { }; nodejs-slim-18_x = callPackage ../development/web/nodejs/v18.nix { enableNpm = false; @@ -12389,6 +12390,9 @@ with pkgs; yarn = callPackage ../development/tools/yarn { }; yarn2nix-moretea = callPackage ../development/tools/yarn2nix-moretea/yarn2nix { }; + yarn2nix-moretea-openssl_1_1 = callPackage ../development/tools/yarn2nix-moretea/yarn2nix { + nodejs = nodejs.override { openssl = openssl_1_1; }; + }; inherit (yarn2nix-moretea) yarn2nix From d1b2156d4288ef9e0df05933426745fcc48bb86f Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 13:31:31 +0200 Subject: [PATCH 055/138] element-web: use openssl 1.1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1af26dc71297..e743e092191a 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -3692,6 +3692,7 @@ with pkgs; ''; element-web = callPackage ../applications/networking/instant-messengers/element/element-web.nix { + inherit (yarn2nix-moretea-openssl_1_1) mkYarnPackage fixup_yarn_lock; conf = config.element-web.conf or {}; }; From 945ac1c9d83c7d216b7a655d02b3e7eefb9e2393 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 01:48:24 +0200 Subject: [PATCH 056/138] google-cloud-cpp: pin to openssl 1.1 --- pkgs/development/libraries/google-cloud-cpp/default.nix | 2 +- pkgs/top-level/all-packages.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/google-cloud-cpp/default.nix b/pkgs/development/libraries/google-cloud-cpp/default.nix index 8758daf9c3ab..2c5cade6b69c 100644 --- a/pkgs/development/libraries/google-cloud-cpp/default.nix +++ b/pkgs/development/libraries/google-cloud-cpp/default.nix @@ -61,7 +61,7 @@ stdenv.mkDerivation rec { abseil-cpp c-ares crc32c - curl + (curl.override { inherit openssl; }) grpc nlohmann_json openssl diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e743e092191a..3005b5150cfc 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6955,6 +6955,7 @@ with pkgs; google-guest-oslogin = callPackage ../tools/virtualization/google-guest-oslogin { }; google-cloud-cpp = callPackage ../development/libraries/google-cloud-cpp { + openssl = openssl_1_1; abseil-cpp = abseil-cpp.override { cxxStandard = "14"; }; From cc120206d830998a1bcb8ad7aa9f1b2e8c213b31 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 16:03:29 +0200 Subject: [PATCH 057/138] tqsl: pin to openssl_1_1 --- pkgs/applications/radio/tqsl/default.nix | 2 +- pkgs/top-level/all-packages.nix | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/radio/tqsl/default.nix b/pkgs/applications/radio/tqsl/default.nix index b5198f78b0aa..069656560c9f 100644 --- a/pkgs/applications/radio/tqsl/default.nix +++ b/pkgs/applications/radio/tqsl/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { openssl zlib db - curl + (curl.override { inherit openssl; }) wxGTK ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 3005b5150cfc..fb8a9f4ab7b1 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -31102,7 +31102,9 @@ with pkgs; buildGoModule = buildGo117Module; }; - tqsl = callPackage ../applications/radio/tqsl { }; + tqsl = callPackage ../applications/radio/tqsl { + openssl = openssl_1_1; + }; trustedqsl = tqsl; # Alias added 2019-02-10 transcode = callPackage ../applications/audio/transcode { }; From b9c0db8d86d7a2d278fb5d439c3a2504ff010073 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 16:03:36 +0200 Subject: [PATCH 058/138] odp-dpdk: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index fb8a9f4ab7b1..be853bd4a762 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -24406,7 +24406,9 @@ with pkgs; odin = callPackage ../development/compilers/odin { }; - odp-dpdk = callPackage ../os-specific/linux/odp-dpdk { }; + odp-dpdk = callPackage ../os-specific/linux/odp-dpdk { + openssl = openssl_1_1; + }; odroid-xu3-bootloader = callPackage ../tools/misc/odroid-xu3-bootloader { }; From 659ea66a8ece39d414e02f66819619edf52aad35 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 16:10:09 +0200 Subject: [PATCH 059/138] rustup: pin to openssl_1_1 --- pkgs/development/tools/rust/rustup/default.nix | 3 ++- pkgs/top-level/all-packages.nix | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/development/tools/rust/rustup/default.nix b/pkgs/development/tools/rust/rustup/default.nix index 65bad79aa8c3..12e69bae20ba 100644 --- a/pkgs/development/tools/rust/rustup/default.nix +++ b/pkgs/development/tools/rust/rustup/default.nix @@ -6,6 +6,7 @@ , rustPlatform , makeWrapper , pkg-config +, openssl , curl , zlib , Security @@ -36,7 +37,7 @@ rustPlatform.buildRustPackage rec { nativeBuildInputs = [ makeWrapper pkg-config ]; buildInputs = [ - curl + (curl.override { inherit openssl; }) zlib ] ++ lib.optionals stdenv.isDarwin [ CoreServices Security libiconv xz ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index be853bd4a762..42a63a4b4126 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14438,6 +14438,7 @@ with pkgs; }; rust-script = callPackage ../development/tools/rust/rust-script { }; rustup = callPackage ../development/tools/rust/rustup { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) CoreServices Security; }; rustup-toolchain-install-master = callPackage ../development/tools/rust/rustup-toolchain-install-master { From 50e225d42b7be18e5b11233f8a7e58201a26b061 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 17:31:50 +0200 Subject: [PATCH 060/138] s3rs: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 42a63a4b4126..0982e11c1b19 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10504,6 +10504,7 @@ with pkgs; s3cmd = python3Packages.callPackage ../tools/networking/s3cmd { }; s3rs = callPackage ../tools/networking/s3rs { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; }; From ea94d17deba812a1d928ccd2c6a76dbcf4a96d54 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 18:15:25 +0200 Subject: [PATCH 061/138] simple-http-server: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 0982e11c1b19..e2d4d2d56bbd 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -36331,6 +36331,7 @@ with pkgs; simplehttp2server = callPackage ../servers/simplehttp2server { }; simple-http-server = callPackage ../servers/simple-http-server { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; }; From faac333edd78482aa743627e85fc41d9e5abcafb Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 18:16:14 +0200 Subject: [PATCH 062/138] python3.pkgs.uamqp: pin to openssl_1_1 --- pkgs/top-level/python-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 6cfcdc82c07e..0fdfc3723ce3 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -11096,6 +11096,7 @@ in { tzlocal = callPackage ../development/python-modules/tzlocal { }; uamqp = callPackage ../development/python-modules/uamqp { + openssl = pkgs.openssl_1_1; inherit (pkgs.darwin.apple_sdk.frameworks) CFNetwork CoreFoundation Security; }; From 04e9a388b208832a32acac6749e69a473a1c1fd1 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 18:18:05 +0200 Subject: [PATCH 063/138] nginx: remove openssl_3 override --- pkgs/top-level/all-packages.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e2d4d2d56bbd..73ea3c84abce 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -22816,7 +22816,6 @@ with pkgs; nginxStable = callPackage ../servers/http/nginx/stable.nix { zlib = zlib-ng.override { withZlibCompat = true; }; - openssl = openssl_3; withPerl = false; # We don't use `with` statement here on purpose! # See https://github.com/NixOS/nixpkgs/pull/10474#discussion_r42369334 @@ -22825,7 +22824,6 @@ with pkgs; nginxMainline = callPackage ../servers/http/nginx/mainline.nix { zlib = zlib-ng.override { withZlibCompat = true; }; - openssl = openssl_3; withKTLS = true; withPerl = false; # We don't use `with` statement here on purpose! From 3908614fe9061c51800c6451f620819ee687d1ee Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 18:18:21 +0200 Subject: [PATCH 064/138] tengine: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 73ea3c84abce..cb6d6e1f63f8 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -33372,6 +33372,7 @@ with pkgs; teeworlds = callPackage ../games/teeworlds { }; tengine = callPackage ../servers/http/tengine { + openssl = openssl_1_1; modules = with nginxModules; [ rtmp dav moreheaders modsecurity-nginx ]; }; From 03d1fd84d5a5e9af1eaca2b10c13330a3f6fd2cd Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 18:30:48 +0200 Subject: [PATCH 065/138] gemConfig/openssl: pin to openssl_1_1 --- pkgs/development/ruby-modules/gem-config/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/development/ruby-modules/gem-config/default.nix b/pkgs/development/ruby-modules/gem-config/default.nix index 5a6d885159a5..4e935c6537a1 100644 --- a/pkgs/development/ruby-modules/gem-config/default.nix +++ b/pkgs/development/ruby-modules/gem-config/default.nix @@ -20,7 +20,7 @@ { lib, fetchurl, writeScript, ruby, libkrb5, libxml2, libxslt, python2, stdenv, which , libiconv, postgresql, v8, clang, sqlite, zlib, imagemagick, lasem , pkg-config , ncurses, xapian, gpgme, util-linux, tzdata, icu, libffi -, cmake, libssh2, openssl, libmysqlclient, git, perl, pcre, gecode_3, curl +, cmake, libssh2, openssl, openssl_1_1, libmysqlclient, git, perl, pcre, gecode_3, curl , msgpack, libsodium, snappy, libossp_uuid, lxc, libpcap, xorg, gtk2, buildRubyGem , cairo, re2, rake, gobject-introspection, gdk-pixbuf, zeromq, czmq, graphicsmagick, libcxx , file, libvirt, glib, vips, taglib, libopus, linux-pam, libidn, protobuf, fribidi, harfbuzz @@ -478,7 +478,8 @@ in }; openssl = attrs: { - buildInputs = [ openssl ]; + # https://github.com/ruby/openssl/issues/369 + buildInputs = [ openssl_1_1 ]; }; opus-ruby = attrs: { From b6aad16660f0b7d3e5027b1d7556a8d07e8a3964 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 02:50:56 +0200 Subject: [PATCH 066/138] gitlab: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index cb6d6e1f63f8..eb0948fca9d0 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6774,8 +6774,11 @@ with pkgs; gitkraken = callPackage ../applications/version-management/gitkraken { }; - gitlab = callPackage ../applications/version-management/gitlab { }; + gitlab = callPackage ../applications/version-management/gitlab { + openssl = openssl_1_1; + }; gitlab-ee = callPackage ../applications/version-management/gitlab { + openssl = openssl_1_1; gitlabEnterprise = true; }; From 240ace010db8979fed8c0246fe978497b4404484 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 7 Jul 2022 02:40:59 +0200 Subject: [PATCH 067/138] sysdig: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + pkgs/top-level/linux-kernels.nix | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index eb0948fca9d0..1cdfb7bbddc8 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -24623,6 +24623,7 @@ with pkgs; statifier = callPackage ../os-specific/linux/statifier { }; sysdig = callPackage ../os-specific/linux/sysdig { + openssl = openssl_1_1; kernel = null; }; # sysdig is a client, for a driver look at linuxPackagesFor diff --git a/pkgs/top-level/linux-kernels.nix b/pkgs/top-level/linux-kernels.nix index bb19710ffd87..3dd6e2c43c30 100644 --- a/pkgs/top-level/linux-kernels.nix +++ b/pkgs/top-level/linux-kernels.nix @@ -442,7 +442,9 @@ in { rr-zen_workaround = callPackage ../development/tools/analysis/rr/zen_workaround.nix { }; - sysdig = callPackage ../os-specific/linux/sysdig {}; + sysdig = callPackage ../os-specific/linux/sysdig { + openssl = pkgs.openssl_1_1; + }; systemtap = callPackage ../development/tools/profiling/systemtap { }; From 09f53a8624ba3b7a9bea9da5a64f8e680b68c0fd Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 7 Jul 2022 02:41:55 +0200 Subject: [PATCH 068/138] swiProlog: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1cdfb7bbddc8..bbbfe9b4487c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14544,6 +14544,7 @@ with pkgs; swift = callPackage ../development/compilers/swift { }; swiProlog = callPackage ../development/compilers/swi-prolog { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; jdk = openjdk8; # TODO: remove override https://github.com/NixOS/nixpkgs/pull/89731 }; From f6390b357d4a3c6f96cefdd9c5d4f56ae762c42d Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 4 Nov 2021 05:06:29 +0100 Subject: [PATCH 069/138] percona-server56: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index bbbfe9b4487c..001c63b5331d 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23039,7 +23039,10 @@ with pkgs; nginx-sso = callPackage ../servers/nginx-sso { }; - percona-server56 = callPackage ../servers/sql/percona/5.6.x.nix { stdenv = gcc10StdenvCompat; }; + percona-server56 = callPackage ../servers/sql/percona/5.6.x.nix { + stdenv = gcc10StdenvCompat; + openssl = openssl_1_1; + }; percona-server = percona-server56; influxdb = callPackage ../servers/nosql/influxdb { From 4915e5913604c4ee246156ad584ce7856b99f8dc Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 7 Jul 2022 03:06:38 +0200 Subject: [PATCH 070/138] pam_p11: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 001c63b5331d..081f9b14f392 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -24447,7 +24447,9 @@ with pkgs; pam_mysql = callPackage ../os-specific/linux/pam_mysql { }; - pam_p11 = callPackage ../os-specific/linux/pam_p11 { }; + pam_p11 = callPackage ../os-specific/linux/pam_p11 { + openssl = openssl_1_1; + }; pam_pgsql = callPackage ../os-specific/linux/pam_pgsql { }; From bf4c320600c3a28d0c1e5910076c446245b712f9 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 7 Jul 2022 03:09:53 +0200 Subject: [PATCH 071/138] umurmur: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 081f9b14f392..4cdd834503a4 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -31203,7 +31203,9 @@ with pkgs; uhhyou.lv2 = callPackage ../applications/audio/uhhyou.lv2 { }; - umurmur = callPackage ../applications/networking/umurmur { }; + umurmur = callPackage ../applications/networking/umurmur { + openssl = openssl_1_1; + }; udocker = callPackage ../tools/virtualization/udocker { }; From a9fc19c7cfdb532bc24d3461a5031bf5563ea529 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 7 Jul 2022 03:10:22 +0200 Subject: [PATCH 072/138] libstrophe: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4cdd834503a4..4c3862fcb193 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -19842,7 +19842,9 @@ with pkgs; libstroke = callPackage ../development/libraries/libstroke { }; - libstrophe = callPackage ../development/libraries/libstrophe { }; + libstrophe = callPackage ../development/libraries/libstrophe { + openssl = openssl_1_1; + }; libspatialaudio = callPackage ../development/libraries/libspatialaudio { }; From 0a90c5d1603ee14f5c8438ffcfa9eb4a8bf10716 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 7 Jul 2022 03:19:24 +0200 Subject: [PATCH 073/138] zookeeper_mt: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4c3862fcb193..633f17fe28e6 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23516,7 +23516,9 @@ with pkgs; zookeeper = callPackage ../servers/zookeeper { }; - zookeeper_mt = callPackage ../development/libraries/zookeeper_mt { }; + zookeeper_mt = callPackage ../development/libraries/zookeeper_mt { + openssl = openssl_1_1; + }; xqilla = callPackage ../development/tools/xqilla { stdenv = gcc10StdenvCompat; }; From 8dfc998207dca2e2928cd1f204e4f37444aa40a6 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 7 Jul 2022 15:47:56 +0200 Subject: [PATCH 074/138] python3: pin to openssl_1_1 --- .../interpreters/python/cpython/default.nix | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index 44cf836fc9c8..73197f065625 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -7,6 +7,7 @@ , mailcap, mimetypesSupport ? true , ncurses , openssl +, openssl_1_1 , readline , sqlite , tcl ? null, tk ? null, tix ? null, libX11 ? null, xorgproto ? null, x11Support ? false @@ -75,6 +76,10 @@ assert lib.assertMsg (reproducibleBuild -> (!rebuildBytecode)) with lib; let + # cpython does support/build with openssl 3.0, but some libraries using the ssl module seem to have issues with it + # null check for Minimal + openssl' = if openssl != null then openssl_1_1 else null; + buildPackages = pkgsBuildHost; inherit (passthru) pythonForBuild; @@ -115,7 +120,7 @@ let ]; buildInputs = filter (p: p != null) ([ - zlib bzip2 expat xz libffi gdbm sqlite readline ncurses openssl ] + zlib bzip2 expat xz libffi gdbm sqlite readline ncurses openssl' ] ++ optionals x11Support [ tcl tk libX11 xorgproto ] ++ optionals (bluezSupport && stdenv.isLinux) [ bluez ] ++ optionals stdenv.isDarwin [ configd ]) @@ -321,8 +326,8 @@ in with passthru; stdenv.mkDerivation { "--with-threads" ] ++ optionals (sqlite != null && isPy3k) [ "--enable-loadable-sqlite-extensions" - ] ++ optionals (openssl != null) [ - "--with-openssl=${openssl.dev}" + ] ++ optionals (openssl' != null) [ + "--with-openssl=${openssl'.dev}" ] ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ "ac_cv_buggy_getaddrinfo=no" # Assume little-endian IEEE 754 floating point when cross compiling @@ -484,7 +489,7 @@ in with passthru; stdenv.mkDerivation { # Enforce that we don't have references to the OpenSSL -dev package, which we # explicitly specify in our configure flags above. disallowedReferences = - lib.optionals (openssl != null && !static) [ openssl.dev ] + lib.optionals (openssl' != null && !static) [ openssl'.dev ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ # Ensure we don't have references to build-time packages. # These typically end up in shebangs. From b2bed48781c1e78aca4044f7af598f09549d948a Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 31 Jul 2022 23:25:17 +0200 Subject: [PATCH 075/138] fractal: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 633f17fe28e6..24058c9db8e7 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -27535,7 +27535,9 @@ with pkgs; foxtrotgps = callPackage ../applications/misc/foxtrotgps { }; - fractal = callPackage ../applications/networking/instant-messengers/fractal { }; + fractal = callPackage ../applications/networking/instant-messengers/fractal { + openssl = openssl_1_1; + }; fractal-next = callPackage ../applications/networking/instant-messengers/fractal-next { inherit (gst_all_1) gstreamer gst-plugins-base gst-plugins-bad; From ad76e3dd39255770ddba7774c5bab96d1317858e Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 31 Jul 2022 23:35:00 +0200 Subject: [PATCH 076/138] ceph: pin to openssl_1_1 propagated through curl --- pkgs/top-level/all-packages.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 24058c9db8e7..c24c74dec26f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -4919,6 +4919,8 @@ with pkgs; libceph = ceph.lib; inherit (callPackages ../tools/filesystems/ceph { lua = lua5_4; + # needs to be the same openssl version as python/pyopenssl + curl = (curl.override { openssl = openssl_1_1; }); }) ceph ceph-client; From 9c8e33f2cebde1c1e0ad17598021517bccfc0069 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 31 Jul 2022 23:45:34 +0200 Subject: [PATCH 077/138] git-crypt: fix build with openssl_3 --- .../version-management/git-and-tools/git-crypt/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/applications/version-management/git-and-tools/git-crypt/default.nix b/pkgs/applications/version-management/git-and-tools/git-crypt/default.nix index 1cf29fbd6c2d..49dcb14fc013 100644 --- a/pkgs/applications/version-management/git-and-tools/git-crypt/default.nix +++ b/pkgs/applications/version-management/git-and-tools/git-crypt/default.nix @@ -37,6 +37,11 @@ stdenv.mkDerivation rec { "DOCBOOK_XSL=${docbook_xsl}/share/xml/docbook-xsl-nons/manpages/docbook.xsl" ]; + # https://github.com/AGWA/git-crypt/issues/232 + CXXFLAGS = [ + "-DOPENSSL_API_COMPAT=0x30000000L" + ]; + postFixup = '' wrapProgram $out/bin/git-crypt \ --suffix PATH : ${lib.makeBinPath [ git gnupg ]} From 14f18b31c3f9c7d6762f4b687ae8a5ccac35fe13 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 31 Jul 2022 23:57:36 +0200 Subject: [PATCH 078/138] git-backup: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index c24c74dec26f..e345dbdad6c1 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6626,6 +6626,7 @@ with pkgs; git-appraise = callPackage ../applications/version-management/git-and-tools/git-appraise {}; git-backup = callPackage ../applications/version-management/git-backup { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; }; From ce6deb535b6d300dfbe107315d63f58cac1d9620 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 31 Jul 2022 23:58:54 +0200 Subject: [PATCH 079/138] firmware-manager: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e345dbdad6c1..1dd5b05b2c36 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23813,7 +23813,9 @@ with pkgs; fwupd-efi = callPackage ../os-specific/linux/firmware/fwupd-efi { }; - firmware-manager = callPackage ../os-specific/linux/firmware/firmware-manager { }; + firmware-manager = callPackage ../os-specific/linux/firmware/firmware-manager { + openssl = openssl_1_1; + }; firmware-updater = callPackage ../os-specific/linux/firmware/firmware-updater { }; From e891feb271e036cfac4fd20e1827164519996965 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 1 Aug 2022 00:03:47 +0200 Subject: [PATCH 080/138] meli: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1dd5b05b2c36..77369d197c4d 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -29041,7 +29041,9 @@ with pkgs; meld = callPackage ../applications/version-management/meld { }; - meli = callPackage ../applications/networking/mailreaders/meli { }; + meli = callPackage ../applications/networking/mailreaders/meli { + openssl = openssl_1_1; + }; melmatcheq.lv2 = callPackage ../applications/audio/melmatcheq.lv2 { }; From dd5518bd8fafa8be0e9e00562225649418b72ae3 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 1 Aug 2022 00:07:31 +0200 Subject: [PATCH 081/138] squid: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 77369d197c4d..dbcff8972bae 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23409,7 +23409,10 @@ with pkgs; spring-boot-cli = callPackage ../development/tools/spring-boot-cli { }; - squid = callPackage ../servers/squid { }; + squid = callPackage ../servers/squid { + # https://bugs.squid-cache.org/show_bug.cgi?id=5133 + openssl = openssl_1_1; + }; duckling-proxy = callPackage ../servers/duckling-proxy { }; From 5cc75bbb98cd5dc94be1dee3aba10547b62dbdd1 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 1 Aug 2022 00:49:43 +0200 Subject: [PATCH 082/138] percona-xtrabackup_*: pin to openssl_1_1 --- pkgs/tools/backup/percona-xtrabackup/generic.nix | 2 +- pkgs/top-level/all-packages.nix | 14 ++++++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/pkgs/tools/backup/percona-xtrabackup/generic.nix b/pkgs/tools/backup/percona-xtrabackup/generic.nix index 4caafcae679b..2ea2088645e4 100644 --- a/pkgs/tools/backup/percona-xtrabackup/generic.nix +++ b/pkgs/tools/backup/percona-xtrabackup/generic.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ bison boost cmake makeWrapper pkg-config ]; buildInputs = [ - curl cyrus_sasl libaio libedit libev libevent libgcrypt libgpg-error lz4 + (curl.override { inherit openssl; }) cyrus_sasl libaio libedit libev libevent libgcrypt libgpg-error lz4 ncurses numactl openssl protobuf valgrind xxd zlib ] ++ (with perlPackages; [ perl DBI DBDmysql ]); diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index dbcff8972bae..6d9583ea3018 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -9645,10 +9645,16 @@ with pkgs; perceptualdiff = callPackage ../tools/graphics/perceptualdiff { }; percona-xtrabackup = percona-xtrabackup_8_0; - percona-xtrabackup_2_4 = callPackage ../tools/backup/percona-xtrabackup/2_4.nix - { stdenv = gcc10StdenvCompat; boost = boost159; }; - percona-xtrabackup_8_0 = callPackage ../tools/backup/percona-xtrabackup/8_0.nix - { stdenv = gcc10StdenvCompat; boost = boost170; }; + percona-xtrabackup_2_4 = callPackage ../tools/backup/percona-xtrabackup/2_4.nix { + stdenv = gcc10StdenvCompat; + boost = boost159; + openssl = openssl_1_1; + }; + percona-xtrabackup_8_0 = callPackage ../tools/backup/percona-xtrabackup/8_0.nix { + stdenv = gcc10StdenvCompat; + boost = boost170; + openssl = openssl_1_1; + }; pick = callPackage ../tools/misc/pick { }; From dc13b70ad9cc5f5f55b2b93373bd4a649c806a8a Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 3 Aug 2022 01:12:53 +0200 Subject: [PATCH 083/138] ipfs: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6d9583ea3018..635854ab4761 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7585,7 +7585,9 @@ with pkgs; ipfetch = callPackage ../tools/networking/ipfetch { }; - ipfs = callPackage ../applications/networking/ipfs { }; + ipfs = callPackage ../applications/networking/ipfs { + openssl = openssl_1_1; + }; ipfs-cluster = callPackage ../applications/networking/ipfs-cluster { }; ipfs-migrator-all-fs-repo-migrations = callPackage ../applications/networking/ipfs-migrator/all-migrations.nix { }; From fffda8a63ff9ce66ecd89a577745901255bb9bfd Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 3 Aug 2022 01:13:04 +0200 Subject: [PATCH 084/138] nzbget: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 635854ab4761..12a40b658322 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -9263,7 +9263,9 @@ with pkgs; inherit (darwin.apple_sdk.frameworks) Security; }; - nzbget = callPackage ../tools/networking/nzbget { }; + nzbget = callPackage ../tools/networking/nzbget { + openssl = openssl_1_1; + }; nzbhydra2 = callPackage ../servers/nzbhydra2 { # You need Java (at least 8, at most 15) From b17c551aa2bc948181a5e62e4fd4e813c2cb224c Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 4 Aug 2022 01:12:12 +0200 Subject: [PATCH 085/138] libmysqlconnectorcpp: pin to openssl_1_1 --- pkgs/development/compilers/dotnet/build-dotnet.nix | 4 ++-- pkgs/top-level/all-packages.nix | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/pkgs/development/compilers/dotnet/build-dotnet.nix b/pkgs/development/compilers/dotnet/build-dotnet.nix index f8cf3d302ec4..6cc7dace6f15 100644 --- a/pkgs/development/compilers/dotnet/build-dotnet.nix +++ b/pkgs/development/compilers/dotnet/build-dotnet.nix @@ -15,7 +15,7 @@ assert if type == "sdk" then packages != null else true; , autoPatchelfHook , makeWrapper , libunwind -, openssl +, openssl_1_1 , libuuid , zlib , curl @@ -48,7 +48,7 @@ stdenv.mkDerivation rec { icu libunwind libuuid - openssl + openssl_1_1 ] ++ lib.optional stdenv.isLinux lttng-ust_2_12); nativeBuildInputs = [ diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 12a40b658322..4f5d695a16f8 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -19440,7 +19440,9 @@ with pkgs; libmysofa = callPackage ../development/libraries/audio/libmysofa { }; - libmysqlconnectorcpp = callPackage ../development/libraries/libmysqlconnectorcpp { }; + libmysqlconnectorcpp = callPackage ../development/libraries/libmysqlconnectorcpp { + openssl = openssl_1_1; + }; libnatpmp = callPackage ../development/libraries/libnatpmp { }; From 4921d9473fbc5e4095b35bd42ab6e07ee458fd41 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 4 Aug 2022 01:13:33 +0200 Subject: [PATCH 086/138] git-trim: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4f5d695a16f8..c813026cbd1c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6744,6 +6744,7 @@ with pkgs; git-test = callPackage ../applications/version-management/git-and-tools/git-test { }; git-trim = callPackage ../applications/version-management/git-and-tools/git-trim { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; }; From 76064cccc240946a80a972ca64ede231920b51dd Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 4 Aug 2022 01:13:50 +0200 Subject: [PATCH 087/138] git-subset: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index c813026cbd1c..b96095a52e64 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6734,6 +6734,7 @@ with pkgs; git-subrepo = callPackage ../applications/version-management/git-and-tools/git-subrepo { }; git-subset = callPackage ../applications/version-management/git-and-tools/git-subset { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; }; From 424885f5f8f1db8df2991d5ddfbc579bc4719c74 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 7 Aug 2022 00:19:16 +0200 Subject: [PATCH 088/138] perlPackages.CryptOpenSSLGuess: 0.11 -> 0.15 --- pkgs/top-level/perl-packages.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index 55f09410856c..72449e9d5a03 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -4826,10 +4826,10 @@ let CryptOpenSSLGuess = buildPerlPackage { pname = "Crypt-OpenSSL-Guess"; - version = "0.11"; + version = "0.15"; src = fetchurl { - url = "mirror://cpan/authors/id/A/AK/AKIYM/Crypt-OpenSSL-Guess-0.11.tar.gz"; - sha256 = "0rvi9l4ljcbhwwvspq019nfq2h2v746dk355h2nwnlmqikiihsxa"; + url = "mirror://cpan/authors/id/A/AK/AKIYM/Crypt-OpenSSL-Guess-0.15.tar.gz"; + sha256 = "1c5033381819fdb4c9087dd291b90ec70e7810d31d57eade9b388eccfd70386d"; }; meta = { description = "Guess OpenSSL include path"; From 1a75cc1f1f77a0842e8b6c2d5d462c03f9e14bec Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 7 Aug 2022 00:19:22 +0200 Subject: [PATCH 089/138] perlPackages.CryptOpenSSLX509: 1.813 -> 1.914 for openssl 3.x support --- pkgs/top-level/perl-packages.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index 72449e9d5a03..5bfa31154e1a 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -4869,13 +4869,15 @@ let CryptOpenSSLX509 = buildPerlPackage rec { pname = "Crypt-OpenSSL-X509"; - version = "1.813"; + version = "1.914"; src = fetchurl { - url = "mirror://cpan/authors/id/J/JO/JONASBN/Crypt-OpenSSL-X509-1.813.tar.gz"; - sha256 = "684bd888d2ed4c748f8f6dd8e87c14afa2974b12ee01faa082ad9cfa1e321e62"; + url = "mirror://cpan/authors/id/J/JO/JONASBN/Crypt-OpenSSL-X509-1.914.tar.gz"; + sha256 = "49c575257e6408ad5a89011e5b5800d598f9ccafdf42e71004ed81cb2f44ee7a"; }; NIX_CFLAGS_COMPILE = "-I${pkgs.openssl.dev}/include"; NIX_CFLAGS_LINK = "-L${lib.getLib pkgs.openssl}/lib -lcrypto"; + buildInputs = [ CryptOpenSSLGuess ]; + propagatedBuildInputs = [ ConvertASN1 ]; meta = { homepage = "https://github.com/dsully/perl-crypt-openssl-x509"; description = "Perl extension to OpenSSL's X509 API"; From cc375c4d89c4cedf7de1fc26b2888fabb155e597 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 7 Aug 2022 00:25:43 +0200 Subject: [PATCH 090/138] wraith: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index b96095a52e64..45112bcd1542 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -36091,7 +36091,9 @@ with pkgs; wprecon = callPackage ../tools/security/wprecon { }; - wraith = callPackage ../applications/networking/irc/wraith { }; + wraith = callPackage ../applications/networking/irc/wraith { + openssl = openssl_1_1; + }; wxsqlite3 = callPackage ../development/libraries/wxsqlite3 { wxGTK = wxGTK30; From d761390cd04a1a9510b9a4f42803878e0ca268ba Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 7 Aug 2022 00:31:47 +0200 Subject: [PATCH 091/138] sgx/sdk/ipp-crypto: pin to openssl_1_1 --- pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix b/pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix index 85fcfc9c554d..16f3d836833d 100644 --- a/pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix +++ b/pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix @@ -3,7 +3,7 @@ , fetchFromGitHub , cmake , nasm -, openssl +, openssl_1_1 , python3 , extraCmakeFlags ? [ ] }: @@ -30,7 +30,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ cmake nasm - openssl + openssl_1_1 python3 ]; } From 63adbbdb6611e0eb7f4db06ea862052cd799d7d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Janne=20He=C3=9F?= Date: Tue, 9 Aug 2022 19:12:07 +0100 Subject: [PATCH 092/138] nixos/changelog: Mention openssl3 update --- nixos/doc/manual/from_md/release-notes/rl-2211.section.xml | 5 +++++ nixos/doc/manual/release-notes/rl-2211.section.md | 2 ++ 2 files changed, 7 insertions(+) diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml index 47f8fbb3abc5..1930184a50e9 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml @@ -100,6 +100,11 @@ Cinnamon has been updated to 5.4. + + + OpenSSL now defaults to OpenSSL 3, updated from 1.1.1. + + hardware.nvidia has a new option diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index 2fd8b1bbe753..09c6b767de9b 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -48,6 +48,8 @@ In addition to numerous new and upgraded packages, this release has the followin - Cinnamon has been updated to 5.4. +- OpenSSL now defaults to OpenSSL 3, updated from 1.1.1. + - `hardware.nvidia` has a new option `open` that can be used to opt in the opensource version of NVIDIA kernel driver. Note that the driver's support for GeForce and Workstation GPUs is still alpha quality, see [NVIDIA Releases Open-Source GPU Kernel Modules](https://developer.nvidia.com/blog/nvidia-releases-open-source-gpu-kernel-modules/) for the official announcement. From 0df0cbff9482893c5db2d6c98c372c9973ed4d8c Mon Sep 17 00:00:00 2001 From: ajs124 Date: Tue, 16 Aug 2022 23:49:14 +0200 Subject: [PATCH 093/138] proxysql: don't reference openssl_3 explicitly it's the default now --- pkgs/servers/sql/proxysql/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/servers/sql/proxysql/default.nix b/pkgs/servers/sql/proxysql/default.nix index f4c244e6632a..94d6e28c569b 100644 --- a/pkgs/servers/sql/proxysql/default.nix +++ b/pkgs/servers/sql/proxysql/default.nix @@ -20,7 +20,7 @@ , libuuid , lz4 , nlohmann_json -, openssl_3 +, openssl , pcre , perl , python2 @@ -55,7 +55,7 @@ stdenv.mkDerivation rec { buildInputs = [ bison - (curl.override { openssl = openssl_3; }) + curl flex gnutls libgcrypt @@ -101,7 +101,7 @@ stdenv.mkDerivation rec { { f = "libev"; p = libev; } { f = "libinjection"; p = libinjection; } { f = "libmicrohttpd"; p = libmicrohttpd_0_9_70; } - { f = "libssl"; p = openssl_3; } + { f = "libssl"; p = openssl; } { f = "lz4"; p = lz4; } { f = "pcre"; p = pcre; } { f = "re2"; p = re2; } From dbc5a792a26189e2e610b9736b218d3f5df50ebf Mon Sep 17 00:00:00 2001 From: John Ericson Date: Thu, 18 Aug 2022 00:10:08 -0400 Subject: [PATCH 094/138] llvmPackages*.libunwind: Don't redo install phase from scratch I can't think of any good reason it was the way it was before. I think CMake can be made to install the headers too, but this is a fine first step. --- .../compilers/llvm/10/libcxxabi/default.nix | 36 ++++++++----------- .../compilers/llvm/11/libcxxabi/default.nix | 36 ++++++++----------- .../compilers/llvm/12/libcxxabi/default.nix | 36 ++++++++----------- .../compilers/llvm/13/libcxxabi/default.nix | 36 ++++++++----------- .../compilers/llvm/5/libcxxabi/default.nix | 35 ++++++++---------- .../compilers/llvm/6/libcxxabi/default.nix | 35 ++++++++---------- .../compilers/llvm/7/libcxxabi/default.nix | 35 ++++++++---------- .../compilers/llvm/8/libcxxabi/default.nix | 36 ++++++++----------- .../compilers/llvm/9/libcxxabi/default.nix | 36 ++++++++----------- .../compilers/llvm/git/libcxxabi/default.nix | 36 ++++++++----------- 10 files changed, 140 insertions(+), 217 deletions(-) diff --git a/pkgs/development/compilers/llvm/10/libcxxabi/default.nix b/pkgs/development/compilers/llvm/10/libcxxabi/default.nix index b427949a8426..482ced8e0c3f 100644 --- a/pkgs/development/compilers/llvm/10/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/10/libcxxabi/default.nix @@ -40,28 +40,20 @@ stdenv.mkDerivation { "-DLIBCXXABI_ENABLE_SHARED=OFF" ]; - installPhase = if stdenv.isDarwin - then '' - for file in lib/*.dylib; do - # this should be done in CMake, but having trouble figuring out - # the magic combination of necessary CMake variables - # if you fancy a try, take a look at - # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling - install_name_tool -id $out/$file $file - done - make install - install -d 755 $out/include - install -m 644 ../include/*.h $out/include - '' - else '' - install -d -m 755 $out/include $out/lib - install -m 644 lib/libc++abi.a $out/lib - install -m 644 ../include/cxxabi.h $out/include - '' + lib.optionalString enableShared '' - install -m 644 lib/libc++abi.so.1.0 $out/lib - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so.1 - ''; + preInstall = lib.optionalString stdenv.isDarwin '' + for file in lib/*.dylib; do + # this should be done in CMake, but having trouble figuring out + # the magic combination of necessary CMake variables + # if you fancy a try, take a look at + # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling + install_name_tool -id $out/$file $file + done + ''; + + postInstall = '' + mkdir -p "$dev/include" + install -m 644 ../include/${if stdenv.isDarwin then "*" else "cxxabi.h"} "$dev/include" + ''; meta = llvm_meta // { homepage = "https://libcxxabi.llvm.org/"; diff --git a/pkgs/development/compilers/llvm/11/libcxxabi/default.nix b/pkgs/development/compilers/llvm/11/libcxxabi/default.nix index 61cfe8eede92..6c4ca925ab11 100644 --- a/pkgs/development/compilers/llvm/11/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/11/libcxxabi/default.nix @@ -44,28 +44,20 @@ stdenv.mkDerivation { "-DLIBCXXABI_ENABLE_SHARED=OFF" ]; - installPhase = if stdenv.isDarwin - then '' - for file in lib/*.dylib; do - # this should be done in CMake, but having trouble figuring out - # the magic combination of necessary CMake variables - # if you fancy a try, take a look at - # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling - ${stdenv.cc.targetPrefix}install_name_tool -id $out/$file $file - done - make install - install -d 755 $out/include - install -m 644 ../include/*.h $out/include - '' - else '' - install -d -m 755 $out/include $out/lib - install -m 644 lib/libc++abi.a $out/lib - install -m 644 ../include/cxxabi.h $out/include - '' + lib.optionalString enableShared '' - install -m 644 lib/libc++abi.so.1.0 $out/lib - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so.1 - ''; + preInstall = lib.optionalString stdenv.isDarwin '' + for file in lib/*.dylib; do + # this should be done in CMake, but having trouble figuring out + # the magic combination of necessary CMake variables + # if you fancy a try, take a look at + # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling + install_name_tool -id $out/$file $file + done + ''; + + postInstall = '' + mkdir -p "$dev/include" + install -m 644 ../include/${if stdenv.isDarwin then "*" else "cxxabi.h"} "$dev/include" + ''; meta = llvm_meta // { homepage = "https://libcxxabi.llvm.org/"; diff --git a/pkgs/development/compilers/llvm/12/libcxxabi/default.nix b/pkgs/development/compilers/llvm/12/libcxxabi/default.nix index 803fe6a62fac..89b56ad230d8 100644 --- a/pkgs/development/compilers/llvm/12/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/12/libcxxabi/default.nix @@ -42,28 +42,20 @@ stdenv.mkDerivation { "-DLIBCXXABI_ENABLE_SHARED=OFF" ]; - installPhase = if stdenv.isDarwin - then '' - for file in lib/*.dylib; do - # this should be done in CMake, but having trouble figuring out - # the magic combination of necessary CMake variables - # if you fancy a try, take a look at - # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling - ${stdenv.cc.targetPrefix}install_name_tool -id $out/$file $file - done - make install - install -d 755 $out/include - install -m 644 ../include/*.h $out/include - '' - else '' - install -d -m 755 $out/include $out/lib - install -m 644 lib/libc++abi.a $out/lib - install -m 644 ../include/cxxabi.h $out/include - '' + lib.optionalString enableShared '' - install -m 644 lib/libc++abi.so.1.0 $out/lib - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so.1 - ''; + preInstall = lib.optionalString stdenv.isDarwin '' + for file in lib/*.dylib; do + # this should be done in CMake, but having trouble figuring out + # the magic combination of necessary CMake variables + # if you fancy a try, take a look at + # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling + install_name_tool -id $out/$file $file + done + ''; + + postInstall = '' + mkdir -p "$dev/include" + install -m 644 ../include/${if stdenv.isDarwin then "*" else "cxxabi.h"} "$dev/include" + ''; meta = llvm_meta // { homepage = "https://libcxxabi.llvm.org/"; diff --git a/pkgs/development/compilers/llvm/13/libcxxabi/default.nix b/pkgs/development/compilers/llvm/13/libcxxabi/default.nix index 0bdbee07b738..16ea0b113c75 100644 --- a/pkgs/development/compilers/llvm/13/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/13/libcxxabi/default.nix @@ -39,28 +39,20 @@ stdenv.mkDerivation rec { "-DLIBCXXABI_ENABLE_SHARED=OFF" ]; - installPhase = if stdenv.isDarwin - then '' - for file in lib/*.dylib; do - # this should be done in CMake, but having trouble figuring out - # the magic combination of necessary CMake variables - # if you fancy a try, take a look at - # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling - install_name_tool -id $out/$file $file - done - make install - install -d 755 $out/include - install -m 644 ../include/*.h $out/include - '' - else '' - install -d -m 755 $out/include $out/lib - install -m 644 lib/libc++abi.a $out/lib - install -m 644 ../include/cxxabi.h $out/include - '' + lib.optionalString enableShared '' - install -m 644 lib/libc++abi.so.1.0 $out/lib - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so.1 - ''; + preInstall = lib.optionalString stdenv.isDarwin '' + for file in lib/*.dylib; do + # this should be done in CMake, but having trouble figuring out + # the magic combination of necessary CMake variables + # if you fancy a try, take a look at + # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling + install_name_tool -id $out/$file $file + done + ''; + + postInstall = '' + mkdir -p "$dev/include" + install -m 644 ../include/${if stdenv.isDarwin then "*" else "cxxabi.h"} "$dev/include" + ''; meta = llvm_meta // { homepage = "https://libcxxabi.llvm.org/"; diff --git a/pkgs/development/compilers/llvm/5/libcxxabi/default.nix b/pkgs/development/compilers/llvm/5/libcxxabi/default.nix index 5146e20089b7..60a41ab2d830 100644 --- a/pkgs/development/compilers/llvm/5/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/5/libcxxabi/default.nix @@ -25,27 +25,20 @@ stdenv.mkDerivation { nativeBuildInputs = [ cmake ]; buildInputs = lib.optional (!stdenv.isDarwin && !stdenv.isFreeBSD) libunwind; - installPhase = if stdenv.isDarwin - then '' - for file in lib/*.dylib; do - # this should be done in CMake, but having trouble figuring out - # the magic combination of necessary CMake variables - # if you fancy a try, take a look at - # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling - install_name_tool -id $out/$file $file - done - make install - install -d 755 $out/include - install -m 644 ../include/*.h $out/include - '' - else '' - install -d -m 755 $out/include $out/lib - install -m 644 lib/libc++abi.a $out/lib - install -m 644 lib/libc++abi.so.1.0 $out/lib - install -m 644 ../include/cxxabi.h $out/include - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so.1 - ''; + preInstall = lib.optionalString stdenv.isDarwin '' + for file in lib/*.dylib; do + # this should be done in CMake, but having trouble figuring out + # the magic combination of necessary CMake variables + # if you fancy a try, take a look at + # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling + install_name_tool -id $out/$file $file + done + ''; + + postInstall = '' + mkdir -p "$dev/include" + install -m 644 ../include/${if stdenv.isDarwin then "*" else "cxxabi.h"} "$dev/include" + ''; meta = llvm_meta // { homepage = "https://libcxxabi.llvm.org/"; diff --git a/pkgs/development/compilers/llvm/6/libcxxabi/default.nix b/pkgs/development/compilers/llvm/6/libcxxabi/default.nix index 6a03d8a1835e..d7de130fbaaf 100644 --- a/pkgs/development/compilers/llvm/6/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/6/libcxxabi/default.nix @@ -25,27 +25,20 @@ stdenv.mkDerivation { nativeBuildInputs = [ cmake ]; buildInputs = lib.optional (!stdenv.isDarwin && !stdenv.isFreeBSD) libunwind; - installPhase = if stdenv.isDarwin - then '' - for file in lib/*.dylib; do - # this should be done in CMake, but having trouble figuring out - # the magic combination of necessary CMake variables - # if you fancy a try, take a look at - # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling - install_name_tool -id $out/$file $file - done - make install - install -d 755 $out/include - install -m 644 ../include/*.h $out/include - '' - else '' - install -d -m 755 $out/include $out/lib - install -m 644 lib/libc++abi.a $out/lib - install -m 644 lib/libc++abi.so.1.0 $out/lib - install -m 644 ../include/cxxabi.h $out/include - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so.1 - ''; + preInstall = lib.optionalString stdenv.isDarwin '' + for file in lib/*.dylib; do + # this should be done in CMake, but having trouble figuring out + # the magic combination of necessary CMake variables + # if you fancy a try, take a look at + # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling + install_name_tool -id $out/$file $file + done + ''; + + postInstall = '' + mkdir -p "$dev/include" + install -m 644 ../include/${if stdenv.isDarwin then "*" else "cxxabi.h"} "$dev/include" + ''; meta = llvm_meta // { homepage = "https://libcxxabi.llvm.org/"; diff --git a/pkgs/development/compilers/llvm/7/libcxxabi/default.nix b/pkgs/development/compilers/llvm/7/libcxxabi/default.nix index 0bb76f916285..1bc9444feda1 100644 --- a/pkgs/development/compilers/llvm/7/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/7/libcxxabi/default.nix @@ -44,27 +44,20 @@ stdenv.mkDerivation { "-DLIBCXXABI_USE_LLVM_UNWINDER=ON" ] ++ lib.optional (!enableShared) "-DLIBCXXABI_ENABLE_SHARED=OFF"; - installPhase = if stdenv.isDarwin - then '' - for file in lib/*.dylib; do - # this should be done in CMake, but having trouble figuring out - # the magic combination of necessary CMake variables - # if you fancy a try, take a look at - # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling - install_name_tool -id $out/$file $file - done - make install - install -d 755 $out/include - install -m 644 ../include/*.h $out/include - '' - else '' - install -d -m 755 $out/include $out/lib - install -m 644 lib/libc++abi.a $out/lib - ${lib.optionalString enableShared "install -m 644 lib/libc++abi.so.1.0 $out/lib"} - install -m 644 ../include/cxxabi.h $out/include - ${lib.optionalString enableShared "ln -s libc++abi.so.1.0 $out/lib/libc++abi.so"} - ${lib.optionalString enableShared "ln -s libc++abi.so.1.0 $out/lib/libc++abi.so.1"} - ''; + preInstall = lib.optionalString stdenv.isDarwin '' + for file in lib/*.dylib; do + # this should be done in CMake, but having trouble figuring out + # the magic combination of necessary CMake variables + # if you fancy a try, take a look at + # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling + install_name_tool -id $out/$file $file + done + ''; + + postInstall = '' + mkdir -p "$dev/include" + install -m 644 ../include/${if stdenv.isDarwin then "*" else "cxxabi.h"} "$dev/include" + ''; meta = llvm_meta // { homepage = "https://libcxxabi.llvm.org/"; diff --git a/pkgs/development/compilers/llvm/8/libcxxabi/default.nix b/pkgs/development/compilers/llvm/8/libcxxabi/default.nix index 593b1df9b7ad..50a5eabc1703 100644 --- a/pkgs/development/compilers/llvm/8/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/8/libcxxabi/default.nix @@ -40,28 +40,20 @@ stdenv.mkDerivation { "-DLIBCXXABI_ENABLE_SHARED=OFF" ]; - installPhase = if stdenv.isDarwin - then '' - for file in lib/*.dylib; do - # this should be done in CMake, but having trouble figuring out - # the magic combination of necessary CMake variables - # if you fancy a try, take a look at - # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling - install_name_tool -id $out/$file $file - done - make install - install -d 755 $out/include - install -m 644 ../include/*.h $out/include - '' - else '' - install -d -m 755 $out/include $out/lib - install -m 644 lib/libc++abi.a $out/lib - install -m 644 ../include/cxxabi.h $out/include - '' + lib.optionalString enableShared '' - install -m 644 lib/libc++abi.so.1.0 $out/lib - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so.1 - ''; + preInstall = lib.optionalString stdenv.isDarwin '' + for file in lib/*.dylib; do + # this should be done in CMake, but having trouble figuring out + # the magic combination of necessary CMake variables + # if you fancy a try, take a look at + # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling + install_name_tool -id $out/$file $file + done + ''; + + postInstall = '' + mkdir -p "$dev/include" + install -m 644 ../include/${if stdenv.isDarwin then "*" else "cxxabi.h"} "$dev/include" + ''; meta = llvm_meta // { homepage = "https://libcxxabi.llvm.org/"; diff --git a/pkgs/development/compilers/llvm/9/libcxxabi/default.nix b/pkgs/development/compilers/llvm/9/libcxxabi/default.nix index 2af3322fd68d..ee6834affbcd 100644 --- a/pkgs/development/compilers/llvm/9/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/9/libcxxabi/default.nix @@ -40,28 +40,20 @@ stdenv.mkDerivation { "-DLIBCXXABI_ENABLE_SHARED=OFF" ]; - installPhase = if stdenv.isDarwin - then '' - for file in lib/*.dylib; do - # this should be done in CMake, but having trouble figuring out - # the magic combination of necessary CMake variables - # if you fancy a try, take a look at - # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling - install_name_tool -id $out/$file $file - done - make install - install -d 755 $out/include - install -m 644 ../include/*.h $out/include - '' - else '' - install -d -m 755 $out/include $out/lib - install -m 644 lib/libc++abi.a $out/lib - install -m 644 ../include/cxxabi.h $out/include - '' + lib.optionalString enableShared '' - install -m 644 lib/libc++abi.so.1.0 $out/lib - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so.1 - ''; + preInstall = lib.optionalString stdenv.isDarwin '' + for file in lib/*.dylib; do + # this should be done in CMake, but having trouble figuring out + # the magic combination of necessary CMake variables + # if you fancy a try, take a look at + # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling + install_name_tool -id $out/$file $file + done + ''; + + postInstall = '' + mkdir -p "$dev/include" + install -m 644 ../include/${if stdenv.isDarwin then "*" else "cxxabi.h"} "$dev/include" + ''; meta = llvm_meta // { homepage = "https://libcxxabi.llvm.org/"; diff --git a/pkgs/development/compilers/llvm/git/libcxxabi/default.nix b/pkgs/development/compilers/llvm/git/libcxxabi/default.nix index d64708ab040a..441aba651666 100644 --- a/pkgs/development/compilers/llvm/git/libcxxabi/default.nix +++ b/pkgs/development/compilers/llvm/git/libcxxabi/default.nix @@ -49,28 +49,20 @@ stdenv.mkDerivation rec { "-DLIBCXXABI_ENABLE_SHARED=OFF" ]; - installPhase = if stdenv.isDarwin - then '' - for file in lib/*.dylib; do - # this should be done in CMake, but having trouble figuring out - # the magic combination of necessary CMake variables - # if you fancy a try, take a look at - # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling - install_name_tool -id $out/$file $file - done - make install - install -d 755 $out/include - install -m 644 ../include/*.h $out/include - '' - else '' - install -d -m 755 $out/include $out/lib - install -m 644 lib/libc++abi.a $out/lib - install -m 644 ../include/cxxabi.h $out/include - '' + lib.optionalString enableShared '' - install -m 644 lib/libc++abi.so.1.0 $out/lib - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so - ln -s libc++abi.so.1.0 $out/lib/libc++abi.so.1 - ''; + preInstall = lib.optionalString stdenv.isDarwin '' + for file in lib/*.dylib; do + # this should be done in CMake, but having trouble figuring out + # the magic combination of necessary CMake variables + # if you fancy a try, take a look at + # https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling + install_name_tool -id $out/$file $file + done + ''; + + postInstall = '' + mkdir -p "$dev/include" + install -m 644 ../include/${if stdenv.isDarwin then "*" else "cxxabi.h"} "$dev/include" + ''; meta = llvm_meta // { homepage = "https://libcxxabi.llvm.org/"; From 3b60b31d6072055195a07b175c4999326e26ab14 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Thu, 18 Aug 2022 08:35:41 +0100 Subject: [PATCH 095/138] gcc: drop unused libelf dependency gcc stopped using libelf in commit 48215350c24 ("re PR lto/46273 (Failed to bootstrap)") around 2010, before gcc-4.6.0. --- pkgs/development/compilers/gcc/10/default.nix | 8 ++------ pkgs/development/compilers/gcc/11/default.nix | 8 ++------ pkgs/development/compilers/gcc/12/default.nix | 8 ++------ pkgs/development/compilers/gcc/4.8/default.nix | 8 ++------ pkgs/development/compilers/gcc/4.9/default.nix | 8 ++------ pkgs/development/compilers/gcc/6/default.nix | 8 ++------ pkgs/development/compilers/gcc/7/default.nix | 8 ++------ pkgs/development/compilers/gcc/8/default.nix | 8 ++------ pkgs/development/compilers/gcc/9/default.nix | 8 ++------ pkgs/development/compilers/gcc/common/configure-flags.nix | 3 +-- 10 files changed, 19 insertions(+), 56 deletions(-) diff --git a/pkgs/development/compilers/gcc/10/default.nix b/pkgs/development/compilers/gcc/10/default.nix index 1c223fa82f4a..b6f4d57f9b35 100644 --- a/pkgs/development/compilers/gcc/10/default.nix +++ b/pkgs/development/compilers/gcc/10/default.nix @@ -14,7 +14,6 @@ , texinfo ? null , perl ? null # optional, for texi2pod (then pod2man) , gmp, mpfr, libmpc, gettext, which, patchelf -, libelf # optional, for link-time optimizations (LTO) , isl ? null # optional, for the Graphite optimization framework. , zlib ? null , gnatboot ? null @@ -29,9 +28,6 @@ , buildPackages }: -# LTO needs libelf and zlib. -assert libelf != null -> zlib != null; - # Make sure we get GNU sed. assert stdenv.hostPlatform.isDarwin -> gnused != null; @@ -173,7 +169,7 @@ stdenv.mkDerivation ({ ++ optional targetPlatform.isLinux patchelf; buildInputs = [ - gmp mpfr libmpc libelf + gmp mpfr libmpc targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) @@ -203,7 +199,7 @@ stdenv.mkDerivation ({ crossStageStatic libcCross version - gmp mpfr libmpc libelf isl + gmp mpfr libmpc isl enableLTO enableMultilib diff --git a/pkgs/development/compilers/gcc/11/default.nix b/pkgs/development/compilers/gcc/11/default.nix index ca3a89af1806..17cb8c454932 100644 --- a/pkgs/development/compilers/gcc/11/default.nix +++ b/pkgs/development/compilers/gcc/11/default.nix @@ -14,7 +14,6 @@ , texinfo ? null , perl ? null # optional, for texi2pod (then pod2man) , gmp, mpfr, libmpc, gettext, which, patchelf -, libelf # optional, for link-time optimizations (LTO) , isl ? null # optional, for the Graphite optimization framework. , zlib ? null , gnatboot ? null @@ -29,9 +28,6 @@ , buildPackages }: -# LTO needs libelf and zlib. -assert libelf != null -> zlib != null; - # Make sure we get GNU sed. assert stdenv.hostPlatform.isDarwin -> gnused != null; @@ -181,7 +177,7 @@ stdenv.mkDerivation ({ ++ optional targetPlatform.isLinux patchelf; buildInputs = [ - gmp mpfr libmpc libelf + gmp mpfr libmpc targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) @@ -211,7 +207,7 @@ stdenv.mkDerivation ({ crossStageStatic libcCross version - gmp mpfr libmpc libelf isl + gmp mpfr libmpc isl enableLTO enableMultilib diff --git a/pkgs/development/compilers/gcc/12/default.nix b/pkgs/development/compilers/gcc/12/default.nix index 6fdc31079a89..5d971c3d5ea7 100644 --- a/pkgs/development/compilers/gcc/12/default.nix +++ b/pkgs/development/compilers/gcc/12/default.nix @@ -14,7 +14,6 @@ , texinfo ? null , perl ? null # optional, for texi2pod (then pod2man) , gmp, mpfr, libmpc, gettext, which, patchelf -, libelf # optional, for link-time optimizations (LTO) , isl ? null # optional, for the Graphite optimization framework. , zlib ? null , gnatboot ? null @@ -29,9 +28,6 @@ , buildPackages }: -# LTO needs libelf and zlib. -assert libelf != null -> zlib != null; - # Make sure we get GNU sed. assert stdenv.hostPlatform.isDarwin -> gnused != null; @@ -176,7 +172,7 @@ stdenv.mkDerivation ({ ++ optional targetPlatform.isLinux patchelf; buildInputs = [ - gmp mpfr libmpc libelf + gmp mpfr libmpc targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) @@ -206,7 +202,7 @@ stdenv.mkDerivation ({ crossStageStatic libcCross version - gmp mpfr libmpc libelf isl + gmp mpfr libmpc isl enableLTO enableMultilib diff --git a/pkgs/development/compilers/gcc/4.8/default.nix b/pkgs/development/compilers/gcc/4.8/default.nix index bc93d6e13585..65d0a54bc107 100644 --- a/pkgs/development/compilers/gcc/4.8/default.nix +++ b/pkgs/development/compilers/gcc/4.8/default.nix @@ -13,7 +13,6 @@ , texinfo ? null , perl ? null # optional, for texi2pod (then pod2man); required for Java , gmp, mpfr, libmpc, gettext, which, patchelf -, libelf # optional, for link-time optimizations (LTO) , cloog ? null, isl ? null # optional, for the Graphite optimization framework. , zlib ? null, boehmgc ? null , zip ? null, unzip ? null, pkg-config ? null @@ -39,9 +38,6 @@ assert langJava -> zip != null && unzip != null # We enable the isl cloog backend. assert cloog != null -> isl != null; -# LTO needs libelf and zlib. -assert libelf != null -> zlib != null; - # Make sure we get GNU sed. assert stdenv.hostPlatform.isDarwin -> gnused != null; @@ -179,7 +175,7 @@ stdenv.mkDerivation ({ ++ optional targetPlatform.isLinux patchelf; buildInputs = [ - gmp mpfr libmpc libelf + gmp mpfr libmpc targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (cloog != null) cloog) ++ (optional (isl != null) isl) @@ -210,7 +206,7 @@ stdenv.mkDerivation ({ crossStageStatic libcCross version - gmp mpfr libmpc libelf isl + gmp mpfr libmpc isl cloog enableLTO diff --git a/pkgs/development/compilers/gcc/4.9/default.nix b/pkgs/development/compilers/gcc/4.9/default.nix index cc675de22549..8387f2e95496 100644 --- a/pkgs/development/compilers/gcc/4.9/default.nix +++ b/pkgs/development/compilers/gcc/4.9/default.nix @@ -13,7 +13,6 @@ , texinfo ? null , perl ? null # optional, for texi2pod (then pod2man); required for Java , gmp, mpfr, libmpc, gettext, which, patchelf -, libelf # optional, for link-time optimizations (LTO) , cloog ? null, isl ? null # optional, for the Graphite optimization framework. , zlib ? null, boehmgc ? null , zip ? null, unzip ? null, pkg-config ? null @@ -39,9 +38,6 @@ assert langJava -> zip != null && unzip != null # We enable the isl cloog backend. assert cloog != null -> isl != null; -# LTO needs libelf and zlib. -assert libelf != null -> zlib != null; - # Make sure we get GNU sed. assert stdenv.hostPlatform.isDarwin -> gnused != null; @@ -199,7 +195,7 @@ stdenv.mkDerivation ({ ++ optional targetPlatform.isLinux patchelf; buildInputs = [ - gmp mpfr libmpc libelf + gmp mpfr libmpc targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (cloog != null) cloog) ++ (optional (isl != null) isl) @@ -230,7 +226,7 @@ stdenv.mkDerivation ({ crossStageStatic libcCross version - gmp mpfr libmpc libelf isl + gmp mpfr libmpc isl cloog enableLTO diff --git a/pkgs/development/compilers/gcc/6/default.nix b/pkgs/development/compilers/gcc/6/default.nix index d108dc11f18c..0eb5b0feb25b 100644 --- a/pkgs/development/compilers/gcc/6/default.nix +++ b/pkgs/development/compilers/gcc/6/default.nix @@ -15,7 +15,6 @@ , flex , perl ? null # optional, for texi2pod (then pod2man); required for Java , gmp, mpfr, libmpc, gettext, which, patchelf -, libelf # optional, for link-time optimizations (LTO) , isl ? null # optional, for the Graphite optimization framework. , zlib ? null, boehmgc ? null , gnatboot ? null @@ -40,9 +39,6 @@ assert langJava -> zip != null && unzip != null && zlib != null && boehmgc != null && perl != null; # for `--enable-java-home' -# LTO needs libelf and zlib. -assert libelf != null -> zlib != null; - # Make sure we get GNU sed. assert stdenv.hostPlatform.isDarwin -> gnused != null; @@ -210,7 +206,7 @@ stdenv.mkDerivation ({ ++ optional targetPlatform.isLinux patchelf; buildInputs = [ - gmp mpfr libmpc libelf + gmp mpfr libmpc targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) @@ -242,7 +238,7 @@ stdenv.mkDerivation ({ crossStageStatic libcCross version - gmp mpfr libmpc libelf isl + gmp mpfr libmpc isl enableLTO enableMultilib diff --git a/pkgs/development/compilers/gcc/7/default.nix b/pkgs/development/compilers/gcc/7/default.nix index e4e1f2038de5..64dac4cf8e13 100644 --- a/pkgs/development/compilers/gcc/7/default.nix +++ b/pkgs/development/compilers/gcc/7/default.nix @@ -12,7 +12,6 @@ , texinfo ? null , perl ? null # optional, for texi2pod (then pod2man) , gmp, mpfr, libmpc, gettext, which, patchelf -, libelf # optional, for link-time optimizations (LTO) , isl ? null # optional, for the Graphite optimization framework. , zlib ? null , enableMultilib ? false @@ -26,9 +25,6 @@ , buildPackages }: -# LTO needs libelf and zlib. -assert libelf != null -> zlib != null; - # Make sure we get GNU sed. assert stdenv.hostPlatform.isDarwin -> gnused != null; @@ -178,7 +174,7 @@ stdenv.mkDerivation ({ ++ optional targetPlatform.isLinux patchelf; buildInputs = [ - gmp mpfr libmpc libelf + gmp mpfr libmpc targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) @@ -209,7 +205,7 @@ stdenv.mkDerivation ({ crossStageStatic libcCross version - gmp mpfr libmpc libelf isl + gmp mpfr libmpc isl enableLTO enableMultilib diff --git a/pkgs/development/compilers/gcc/8/default.nix b/pkgs/development/compilers/gcc/8/default.nix index 7e94ec61c6b7..140379eff547 100644 --- a/pkgs/development/compilers/gcc/8/default.nix +++ b/pkgs/development/compilers/gcc/8/default.nix @@ -12,7 +12,6 @@ , texinfo ? null , perl ? null # optional, for texi2pod (then pod2man) , gmp, mpfr, libmpc, gettext, which, patchelf -, libelf # optional, for link-time optimizations (LTO) , isl ? null # optional, for the Graphite optimization framework. , zlib ? null , enableMultilib ? false @@ -26,9 +25,6 @@ , buildPackages }: -# LTO needs libelf and zlib. -assert libelf != null -> zlib != null; - # Make sure we get GNU sed. assert stdenv.hostPlatform.isDarwin -> gnused != null; @@ -162,7 +158,7 @@ stdenv.mkDerivation ({ ++ optional targetPlatform.isLinux patchelf; buildInputs = [ - gmp mpfr libmpc libelf + gmp mpfr libmpc targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) @@ -192,7 +188,7 @@ stdenv.mkDerivation ({ crossStageStatic libcCross version - gmp mpfr libmpc libelf isl + gmp mpfr libmpc isl enableLTO enableMultilib diff --git a/pkgs/development/compilers/gcc/9/default.nix b/pkgs/development/compilers/gcc/9/default.nix index 707ead542f06..cd34bfe3591f 100644 --- a/pkgs/development/compilers/gcc/9/default.nix +++ b/pkgs/development/compilers/gcc/9/default.nix @@ -14,7 +14,6 @@ , texinfo ? null , perl ? null # optional, for texi2pod (then pod2man) , gmp, mpfr, libmpc, gettext, which, patchelf -, libelf # optional, for link-time optimizations (LTO) , isl ? null # optional, for the Graphite optimization framework. , zlib ? null , gnatboot ? null @@ -34,9 +33,6 @@ # cgit) that are needed here should be included directly in Nixpkgs as # files. -# LTO needs libelf and zlib. -assert libelf != null -> zlib != null; - # Make sure we get GNU sed. assert stdenv.hostPlatform.isDarwin -> gnused != null; @@ -175,7 +171,7 @@ stdenv.mkDerivation ({ ++ optional targetPlatform.isLinux patchelf; buildInputs = [ - gmp mpfr libmpc libelf + gmp mpfr libmpc targetPackages.stdenv.cc.bintools # For linking code at run-time ] ++ (optional (isl != null) isl) ++ (optional (zlib != null) zlib) @@ -205,7 +201,7 @@ stdenv.mkDerivation ({ crossStageStatic libcCross version - gmp mpfr libmpc libelf isl + gmp mpfr libmpc isl enableLTO enableMultilib diff --git a/pkgs/development/compilers/gcc/common/configure-flags.nix b/pkgs/development/compilers/gcc/common/configure-flags.nix index 8ac7152d7e28..09533163cbfe 100644 --- a/pkgs/development/compilers/gcc/common/configure-flags.nix +++ b/pkgs/development/compilers/gcc/common/configure-flags.nix @@ -4,7 +4,7 @@ , crossStageStatic, libcCross , version -, gmp, mpfr, libmpc, libelf, isl +, gmp, mpfr, libmpc, isl , cloog ? null , enableLTO @@ -110,7 +110,6 @@ let "--with-mpfr-lib=${mpfr.out}/lib" "--with-mpc=${libmpc}" ] - ++ lib.optional (libelf != null) "--with-libelf=${libelf}" ++ lib.optionals (!crossStageStatic) [ (if libcCross == null then "--with-native-system-header-dir=${lib.getDev stdenv.cc.libc}/include" From c864ea9d03ecbb2e401a6a0bf8004356367021b9 Mon Sep 17 00:00:00 2001 From: Adam Joseph <54836058+amjoseph-nixpkgs@users.noreply.github.com> Date: Thu, 18 Aug 2022 07:49:15 +0000 Subject: [PATCH 096/138] gpgme: respect the doCheck parameter The current `gpgme` expression ignores the `doCheck` parameter because upstream's `Makefile` runs the tests automatically as part of the `buildPhase`. Let's run the tests as part of the `checkPhase` iff `doCheck` is set, like the rest of nixpkgs' packages. In particular, with this commit, `pkgsCross.*.gpgme` will no longer attempt to run the tests (tests are not supposed to be run when host!=build). --- pkgs/development/libraries/gpgme/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/development/libraries/gpgme/default.nix b/pkgs/development/libraries/gpgme/default.nix index 9b90f912912b..8d4e2e7271d4 100644 --- a/pkgs/development/libraries/gpgme/default.nix +++ b/pkgs/development/libraries/gpgme/default.nix @@ -110,8 +110,13 @@ stdenv.mkDerivation rec { ++ lib.optional stdenv.hostPlatform.is32bit "-D_FILE_OFFSET_BITS=64" ); + # prevent tests from being run during the buildPhase + makeFlags = [ "tests=" ]; + doCheck = true; + checkFlags = [ "-C" "tests" ]; + passthru.tests = { python = python3.pkgs.gpgme; qt = libsForQt5.qgpgme; From c6e106cd9e8ef4d97c6df98f43a93809a53ff2aa Mon Sep 17 00:00:00 2001 From: Berk Ozkutuk Date: Tue, 16 Aug 2022 18:51:00 +0200 Subject: [PATCH 097/138] python3Packages.werkzeug: 2.1.2 -> 2.2.2 --- pkgs/development/python-modules/werkzeug/default.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/werkzeug/default.nix b/pkgs/development/python-modules/werkzeug/default.nix index aaaecc6098fa..d31fd1569f28 100644 --- a/pkgs/development/python-modules/werkzeug/default.nix +++ b/pkgs/development/python-modules/werkzeug/default.nix @@ -9,11 +9,12 @@ , pytest-timeout , pytest-xprocess , pytestCheckHook +, markupsafe }: buildPythonPackage rec { pname = "werkzeug"; - version = "2.1.2"; + version = "2.2.2"; format = "setuptools"; disabled = pythonOlder "3.7"; @@ -21,10 +22,12 @@ buildPythonPackage rec { src = fetchPypi { pname = "Werkzeug"; inherit version; - sha256 = "sha256-HOCOgJPtZ9Y41jh5/Rujc1gX96gN42dNKT9ZhPJftuY="; + sha256 = "sha256-fqLUgyLMfA+LOiFe1z6r17XXXQtQ4xqwBihsz/ngC48="; }; - propagatedBuildInputs = lib.optionals (!stdenv.isDarwin) [ + propagatedBuildInputs = [ + markupsafe + ] ++ lib.optionals (!stdenv.isDarwin) [ # watchdog requires macos-sdk 10.13+ watchdog ] ++ lib.optionals (pythonOlder "3.7") [ From ad3c038fa5813224ad3de21ebb3b73dd5efe2b19 Mon Sep 17 00:00:00 2001 From: Berk Ozkutuk Date: Thu, 18 Aug 2022 23:34:28 +0200 Subject: [PATCH 098/138] python3Packages.flask: 2.1.3 -> 2.2.2 --- pkgs/development/python-modules/flask/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/flask/default.nix b/pkgs/development/python-modules/flask/default.nix index 760c3ee671ae..7f0ac90533c2 100644 --- a/pkgs/development/python-modules/flask/default.nix +++ b/pkgs/development/python-modules/flask/default.nix @@ -14,12 +14,12 @@ buildPythonPackage rec { pname = "flask"; - version = "2.1.3"; + version = "2.2.2"; src = fetchPypi { pname = "Flask"; inherit version; - sha256 = "sha256-FZcuUBffBXXD1sCQuhaLbbkCWeYgrI1+qBOjlrrVtss="; + sha256 = "sha256-ZCxFDRnErUgvlnKb0qj20yVUqh4jH09rTn5SZLFsyis="; }; propagatedBuildInputs = [ From 7f01443ef1cf09be0dd772af0a58409a4a02ccb1 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 19 Aug 2022 00:11:08 +0200 Subject: [PATCH 099/138] nss: Drop nss-pem patchset MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The patch url went 404 and other distros¹ have discarded it as well in favor of packaging nss-pem² [1] https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-libs/nss?id=5eca3e02c87163b3c541cdee893830d201abfb86 [2] https://github.com/kdudka/nss-pem --- pkgs/development/libraries/nss/generic.nix | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/pkgs/development/libraries/nss/generic.nix b/pkgs/development/libraries/nss/generic.nix index febc2423388e..c0d07cd382c6 100644 --- a/pkgs/development/libraries/nss/generic.nix +++ b/pkgs/development/libraries/nss/generic.nix @@ -19,11 +19,6 @@ }: let - nssPEM = fetchurl { - url = "http://dev.gentoo.org/~polynomial-c/mozilla/nss-3.15.4-pem-support-20140109.patch.xz"; - sha256 = "10ibz6y0hknac15zr6dw4gv9nb5r5z9ym6gq18j3xqx7v7n3vpdw"; - }; - underscoreVersion = lib.replaceStrings [ "." ] [ "_" ] version; in stdenv.mkDerivation rec { @@ -45,13 +40,6 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [ nspr ]; prePatch = '' - # strip the trailing whitespace from the patch line and the renamed CKO_NETSCAPE_ enum to CKO_NSS_ - xz -d < ${nssPEM} | sed \ - -e 's/-DIRS = builtins $/-DIRS = . builtins/g' \ - -e 's/CKO_NETSCAPE_/CKO_NSS_/g' \ - -e 's/CKT_NETSCAPE_/CKT_NSS_/g' \ - | patch -p1 - patchShebangs nss for f in nss/coreconf/config.gypi nss/build.sh nss/coreconf/config.gypi; do From df214678dcf8444d290e835c6039a48cefed65b9 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 19 Aug 2022 00:17:15 +0200 Subject: [PATCH 100/138] nss: Drop ckpem patch It's usefulness is not clear to us maintainers. --- pkgs/development/libraries/nss/ckpem.patch | 11 ----------- pkgs/development/libraries/nss/generic.nix | 1 - 2 files changed, 12 deletions(-) delete mode 100644 pkgs/development/libraries/nss/ckpem.patch diff --git a/pkgs/development/libraries/nss/ckpem.patch b/pkgs/development/libraries/nss/ckpem.patch deleted file mode 100644 index c1a65a6c0b28..000000000000 --- a/pkgs/development/libraries/nss/ckpem.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- nss/lib/ckfw/pem/ckpem.h 2018-01-03 13:36:12.000000000 -0800 -+++ nss/lib/ckfw/pem/ckpem.h 2018-01-03 13:36:20.000000000 -0800 -@@ -156,8 +156,6 @@ - NSS_EXTERN_DATA pemInternalObject nss_pem_data[]; - NSS_EXTERN_DATA const PRUint32 nss_pem_nObjects; - -- PRBool logged_in; -- - /* our raw object data array */ - NSS_EXTERN_DATA pemInternalObject nss_pem_data[]; - NSS_EXTERN_DATA const PRUint32 nss_pem_nObjects; diff --git a/pkgs/development/libraries/nss/generic.nix b/pkgs/development/libraries/nss/generic.nix index c0d07cd382c6..c2d9518c9023 100644 --- a/pkgs/development/libraries/nss/generic.nix +++ b/pkgs/development/libraries/nss/generic.nix @@ -56,7 +56,6 @@ stdenv.mkDerivation rec { else ./85_security_load_3.77+.patch ) - ./ckpem.patch ./fix-cross-compilation.patch ]; From dcf4dc23c703cf86678f212668dba7733d500f02 Mon Sep 17 00:00:00 2001 From: Alex Wied Date: Thu, 18 Aug 2022 17:35:28 -0400 Subject: [PATCH 101/138] pythonPackages.twisted: fix sandboxed build on Darwin --- pkgs/development/python-modules/twisted/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/python-modules/twisted/default.nix b/pkgs/development/python-modules/twisted/default.nix index 7779f0531370..6689a2ce80d3 100644 --- a/pkgs/development/python-modules/twisted/default.nix +++ b/pkgs/development/python-modules/twisted/default.nix @@ -56,6 +56,8 @@ buildPythonPackage rec { sha256 = "sha256-oEeZD1ffrh4L0rffJSbU8W3NyEN3TcEIt4xS8qXxNoA="; }; + __darwinAllowLocalNetworking = true; + propagatedBuildInputs = [ attrs automat From cc3690002460dc1ad6ad4572f767ffe45e52a4ca Mon Sep 17 00:00:00 2001 From: Yurii Matsiuk <24990891+ymatsiuk@users.noreply.github.com> Date: Fri, 19 Aug 2022 08:25:23 +0200 Subject: [PATCH 102/138] bluez: remove unused fetchpatch import --- pkgs/os-specific/linux/bluez/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs/os-specific/linux/bluez/default.nix b/pkgs/os-specific/linux/bluez/default.nix index 8191624fa828..ff8fbb460b27 100644 --- a/pkgs/os-specific/linux/bluez/default.nix +++ b/pkgs/os-specific/linux/bluez/default.nix @@ -1,7 +1,6 @@ { stdenv , lib , fetchurl -, fetchpatch , alsa-lib , dbus , ell From 9d2a6192d8a00b7be9a14b79543b404262db0de6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Fri, 19 Aug 2022 12:17:21 +0200 Subject: [PATCH 103/138] nettle: 3.8 -> 3.8.1 https://lists.gnu.org/archive/html/info-gnu/2022-07/msg00010.html --- pkgs/development/libraries/nettle/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/nettle/default.nix b/pkgs/development/libraries/nettle/default.nix index ed4948cd7f80..1ce011a3231c 100644 --- a/pkgs/development/libraries/nettle/default.nix +++ b/pkgs/development/libraries/nettle/default.nix @@ -1,10 +1,10 @@ { callPackage, fetchurl }: callPackage ./generic.nix rec { - version = "3.8"; + version = "3.8.1"; src = fetchurl { url = "mirror://gnu/nettle/nettle-${version}.tar.gz"; - hash = "sha256-dXbGhIHBmPZEsIwWDRpIULqUSeMIBpRVtSEzGfI06OY="; + hash = "sha256-Nk8+K3fNfc3oP9fEUhnINOVLDHXkKLb4lKI9Et1By/4="; }; } From 977cbb7e822028cc51a1cf02908af9074daff6ad Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 19 Aug 2022 13:07:23 +0200 Subject: [PATCH 104/138] python3Packages.django_3: patch in zoneinfo directory Related: #187388 --- pkgs/development/python-modules/django/3.nix | 8 +++++++- .../django/django_3_set_zoneinfo_dir.patch | 13 +++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 pkgs/development/python-modules/django/django_3_set_zoneinfo_dir.patch diff --git a/pkgs/development/python-modules/django/3.nix b/pkgs/development/python-modules/django/3.nix index 204857b925f4..d90277961800 100644 --- a/pkgs/development/python-modules/django/3.nix +++ b/pkgs/development/python-modules/django/3.nix @@ -8,6 +8,7 @@ , asgiref , pytz , sqlparse +, tzdata , pythonOlder , withGdal ? false }: @@ -24,7 +25,12 @@ buildPythonPackage rec { hash = "sha256-9xk0sagi8UqGyayWNAU2iSec0ErmnLat5KWUcbiGWCs="; }; - patches = lib.optional withGdal + patches = [ + (substituteAll { + src = ./django_3_set_zoneinfo_dir.patch; + zoneinfo = tzdata + "/share/zoneinfo"; + }) + ] ++ lib.optional withGdal (substituteAll { src = ./django_3_set_geos_gdal_lib.patch; inherit geos39; diff --git a/pkgs/development/python-modules/django/django_3_set_zoneinfo_dir.patch b/pkgs/development/python-modules/django/django_3_set_zoneinfo_dir.patch new file mode 100644 index 000000000000..69ad1c85d80c --- /dev/null +++ b/pkgs/development/python-modules/django/django_3_set_zoneinfo_dir.patch @@ -0,0 +1,13 @@ +diff --git a/django/conf/__init__.py b/django/conf/__init__.py +index 28302440c7..278cfa5e62 100644 +--- a/django/conf/__init__.py ++++ b/django/conf/__init__.py +@@ -200,7 +200,7 @@ class Settings: + if hasattr(time, 'tzset') and self.TIME_ZONE: + # When we can, attempt to validate the timezone. If we can't find + # this file, no check happens and it's harmless. +- zoneinfo_root = Path('/usr/share/zoneinfo') ++ zoneinfo_root = Path('@zoneinfo@') + zone_info_file = zoneinfo_root.joinpath(*self.TIME_ZONE.split('/')) + if zoneinfo_root.exists() and not zone_info_file.exists(): + raise ValueError("Incorrect timezone setting: %s" % self.TIME_ZONE) From 0badc2389af6f730d2acab4cb66554ddab39b57a Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 19 Aug 2022 15:16:13 +0200 Subject: [PATCH 105/138] nss: migrate manual patching into postPatch --- pkgs/development/libraries/nss/generic.nix | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/pkgs/development/libraries/nss/generic.nix b/pkgs/development/libraries/nss/generic.nix index c2d9518c9023..e6d2eae2449c 100644 --- a/pkgs/development/libraries/nss/generic.nix +++ b/pkgs/development/libraries/nss/generic.nix @@ -39,16 +39,6 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [ nspr ]; - prePatch = '' - patchShebangs nss - - for f in nss/coreconf/config.gypi nss/build.sh nss/coreconf/config.gypi; do - substituteInPlace "$f" --replace "/usr/bin/env" "${buildPackages.coreutils}/bin/env" - done - - substituteInPlace nss/coreconf/config.gypi --replace "/usr/bin/grep" "${buildPackages.coreutils}/bin/env grep" - ''; - patches = [ # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch (if (lib.versionOlder version "3.77") then @@ -61,7 +51,15 @@ stdenv.mkDerivation rec { patchFlags = [ "-p0" ]; - postPatch = lib.optionalString stdenv.hostPlatform.isDarwin '' + postPatch = '' + patchShebangs nss + + for f in nss/coreconf/config.gypi nss/build.sh nss/coreconf/config.gypi; do + substituteInPlace "$f" --replace "/usr/bin/env" "${buildPackages.coreutils}/bin/env" + done + + substituteInPlace nss/coreconf/config.gypi --replace "/usr/bin/grep" "${buildPackages.coreutils}/bin/env grep" + '' + lib.optionalString stdenv.hostPlatform.isDarwin '' substituteInPlace nss/coreconf/Darwin.mk --replace '@executable_path/$(notdir $@)' "$out/lib/\$(notdir \$@)" substituteInPlace nss/coreconf/config.gypi --replace "'DYLIB_INSTALL_NAME_BASE': '@executable_path'" "'DYLIB_INSTALL_NAME_BASE': '$out/lib'" ''; From 5b709277f48df630c8fa7aab0cf6157f71a5b45c Mon Sep 17 00:00:00 2001 From: Stig Palmquist Date: Fri, 19 Aug 2022 19:34:51 +0200 Subject: [PATCH 106/138] perl: `verify_SSL=>1` by default in HTTP::Tiny --- .../development/interpreters/perl/default.nix | 3 + .../http-tiny-verify-ssl-by-default.patch | 79 +++++++++++++++++++ 2 files changed, 82 insertions(+) create mode 100644 pkgs/development/interpreters/perl/http-tiny-verify-ssl-by-default.patch diff --git a/pkgs/development/interpreters/perl/default.nix b/pkgs/development/interpreters/perl/default.nix index 0a9c53e11c5f..79e2bf84a0cd 100644 --- a/pkgs/development/interpreters/perl/default.nix +++ b/pkgs/development/interpreters/perl/default.nix @@ -39,6 +39,9 @@ let [ # Do not look in /usr etc. for dependencies. ./no-sys-dirs-5.31.patch + + # Enable TLS/SSL verification in HTTP::Tiny by default + ./http-tiny-verify-ssl-by-default.patch ] ++ optional stdenv.isSunOS ./ld-shared.patch ++ optionals stdenv.isDarwin [ ./cpp-precomp.patch ./sw_vers.patch ] diff --git a/pkgs/development/interpreters/perl/http-tiny-verify-ssl-by-default.patch b/pkgs/development/interpreters/perl/http-tiny-verify-ssl-by-default.patch new file mode 100644 index 000000000000..59248061513d --- /dev/null +++ b/pkgs/development/interpreters/perl/http-tiny-verify-ssl-by-default.patch @@ -0,0 +1,79 @@ +Patch for HTTP::Tiny that defaults verify_SSL to 1 + +Based on proposed Debian patch by Dominic Hargreaves: +https://salsa.debian.org/perl-team/interpreter/perl/-/commit/1490431e40e22052f75a0b3449f1f53cbd27ba92 + + +diff --git a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm +index 5803e4599..88ba51461 100644 +--- a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm ++++ b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm +@@ -40,7 +40,7 @@ sub _croak { require Carp; Carp::croak(@_) } + #pod * C — Request timeout in seconds (default is 60) If a socket open, + #pod read or write takes longer than the timeout, an exception is thrown. + #pod * C — A boolean that indicates whether to validate the SSL +-#pod certificate of an C — connection (default is false) ++#pod certificate of an C — connection (default is true) + #pod * C — A hashref of C — options to pass through to + #pod L + #pod +@@ -112,7 +112,7 @@ sub new { + max_redirect => 5, + timeout => defined $args{timeout} ? $args{timeout} : 60, + keep_alive => 1, +- verify_SSL => $args{verify_SSL} || $args{verify_ssl} || 0, # no verification by default ++ verify_SSL => $args{verify_SSL} // $args{verify_ssl} // 1, # verification by default + no_proxy => $ENV{no_proxy}, + }; + +@@ -1038,7 +1038,7 @@ sub new { + timeout => 60, + max_line_size => 16384, + max_header_lines => 64, +- verify_SSL => 0, ++ verify_SSL => 1, + SSL_options => {}, + %args + }, $class; +@@ -1765,7 +1765,7 @@ C — Request timeout in seconds (default is 60) If a socket open, read + + =item * + +-C — A boolean that indicates whether to validate the SSL certificate of an C — connection (default is false) ++C — A boolean that indicates whether to validate the SSL certificate of an C — connection (default is true) + + =item * + +@@ -2035,7 +2035,7 @@ Verification of server identity + + =back + +-B. ++B. + + Server identity verification is controversial and potentially tricky because it + depends on a (usually paid) third-party Certificate Authority (CA) trust model +@@ -2043,16 +2043,14 @@ to validate a certificate as legitimate. This discriminates against servers + with self-signed certificates or certificates signed by free, community-driven + CA's such as L. + +-By default, HTTP::Tiny does not make any assumptions about your trust model, +-threat level or risk tolerance. It just aims to give you an encrypted channel +-when you need one. +- + Setting the C attribute to a true value will make HTTP::Tiny verify + that an SSL connection has a valid SSL certificate corresponding to the host + name of the connection and that the SSL certificate has been verified by a CA. + Assuming you trust the CA, this will protect against a L. If you are +-concerned about security, you should enable this option. ++attack|http://en.wikipedia.org/wiki/Man-in-the-middle_attack>. ++ ++If you are not concerned about security, and this default in NixOS causes ++problems, you should disable this option. + + Certificate verification requires a file containing trusted CA certificates. + +-- + + From 5b76f42372dd0784d5661626c8ce23a7bea9ccfd Mon Sep 17 00:00:00 2001 From: Sandro Date: Fri, 19 Aug 2022 23:37:14 +0200 Subject: [PATCH 107/138] buildGo{Module,Package}: don't run vet linter --- pkgs/build-support/go/module.nix | 1 + pkgs/build-support/go/package.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/pkgs/build-support/go/module.nix b/pkgs/build-support/go/module.nix index 8b5185979e45..84d9023209d3 100644 --- a/pkgs/build-support/go/module.nix +++ b/pkgs/build-support/go/module.nix @@ -212,6 +212,7 @@ let flags+=("-v" "-p" "$NIX_BUILD_CORES") if [ "$cmd" = "test" ]; then + flags+=(-vet=off) flags+=($checkFlags) fi diff --git a/pkgs/build-support/go/package.nix b/pkgs/build-support/go/package.nix index 56c8ceeca15f..957a65572b85 100644 --- a/pkgs/build-support/go/package.nix +++ b/pkgs/build-support/go/package.nix @@ -171,6 +171,7 @@ let flags+=("-v" "-p" "$NIX_BUILD_CORES") if [ "$cmd" = "test" ]; then + flags+=(-vet=off) flags+=($checkFlags) fi From 3bd6484563edae14ac528b5dc30d018bef66bf61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sat, 20 Aug 2022 08:45:18 +0200 Subject: [PATCH 108/138] Re-Revert Merge #184360: json-glib: add installed tests This reverts commit 78182194c652df7bdcfa0a6a788d17895188b777. --- nixos/tests/installed-tests/default.nix | 1 + nixos/tests/installed-tests/json-glib.nix | 5 ++++ .../libraries/json-glib/default.nix | 15 ++++++++++- ...on-add-installed-tests-prefix-option.patch | 27 +++++++++++++++++++ 4 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 nixos/tests/installed-tests/json-glib.nix create mode 100644 pkgs/development/libraries/json-glib/meson-add-installed-tests-prefix-option.patch diff --git a/nixos/tests/installed-tests/default.nix b/nixos/tests/installed-tests/default.nix index b81384aa8c0b..3bb678d36782 100644 --- a/nixos/tests/installed-tests/default.nix +++ b/nixos/tests/installed-tests/default.nix @@ -98,6 +98,7 @@ in gnome-photos = callInstalledTest ./gnome-photos.nix {}; graphene = callInstalledTest ./graphene.nix {}; gsconnect = callInstalledTest ./gsconnect.nix {}; + json-glib = callInstalledTest ./json-glib.nix {}; ibus = callInstalledTest ./ibus.nix {}; libgdata = callInstalledTest ./libgdata.nix {}; librsvg = callInstalledTest ./librsvg.nix {}; diff --git a/nixos/tests/installed-tests/json-glib.nix b/nixos/tests/installed-tests/json-glib.nix new file mode 100644 index 000000000000..3dfd3dd0b098 --- /dev/null +++ b/nixos/tests/installed-tests/json-glib.nix @@ -0,0 +1,5 @@ +{ pkgs, makeInstalledTest, ... }: + +makeInstalledTest { + tested = pkgs.json-glib; +} diff --git a/pkgs/development/libraries/json-glib/default.nix b/pkgs/development/libraries/json-glib/default.nix index 1f8f4fd1acc0..e095945dabaa 100644 --- a/pkgs/development/libraries/json-glib/default.nix +++ b/pkgs/development/libraries/json-glib/default.nix @@ -4,6 +4,7 @@ , glib , meson , ninja +, nixosTests , pkg-config , gettext , gobject-introspection @@ -17,13 +18,18 @@ stdenv.mkDerivation rec { pname = "json-glib"; version = "1.6.6"; - outputs = [ "out" "dev" "devdoc" ]; + outputs = [ "out" "dev" "devdoc" "installedTests" ]; src = fetchurl { url = "mirror://gnome/sources/${pname}/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; sha256 = "luyYvnqR9t3jNjZyDj2i/27LuQ52zKpJSX8xpoVaSQ4="; }; + patches = [ + # Add option for changing installation path of installed tests. + ./meson-add-installed-tests-prefix-option.patch + ]; + strictDeps = true; depsBuildBuild = [ @@ -49,6 +55,9 @@ stdenv.mkDerivation rec { glib ]; + mesonFlags = [ + "-Dinstalled_test_prefix=${placeholder "installedTests"}" + ]; # Run-time dependency gi-docgen found: NO (tried pkgconfig and cmake) # it should be a build-time dep for build @@ -73,6 +82,10 @@ stdenv.mkDerivation rec { ''; passthru = { + tests = { + installedTests = nixosTests.installed-tests.json-glib; + }; + updateScript = gnome.updateScript { packageName = pname; versionPolicy = "odd-unstable"; diff --git a/pkgs/development/libraries/json-glib/meson-add-installed-tests-prefix-option.patch b/pkgs/development/libraries/json-glib/meson-add-installed-tests-prefix-option.patch new file mode 100644 index 000000000000..626db09cd03f --- /dev/null +++ b/pkgs/development/libraries/json-glib/meson-add-installed-tests-prefix-option.patch @@ -0,0 +1,27 @@ +diff --git a/json-glib/tests/meson.build b/json-glib/tests/meson.build +index 1eb56c8..dca444e 100644 +--- a/json-glib/tests/meson.build ++++ b/json-glib/tests/meson.build +@@ -21,8 +21,9 @@ test_data = [ + 'stream-load.json', + ] + +-installed_test_bindir = join_paths(json_libexecdir, 'installed-tests', json_api_name) +-installed_test_datadir = join_paths(json_datadir, 'installed-tests', json_api_name) ++installed_test_prefix = get_option('installed_test_prefix') ++installed_test_bindir = join_paths(installed_test_prefix, 'libexec', 'installed-tests', json_api_name) ++installed_test_datadir = join_paths(installed_test_prefix, 'share', 'installed-tests', json_api_name) + + install_data(test_data, install_dir: installed_test_bindir) + +diff --git a/meson_options.txt b/meson_options.txt +index 068a03f..03f398a 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -10,3 +10,6 @@ option('man', + option('tests', + type: 'boolean', value: true, + description: 'Build the tests') ++option('installed_test_prefix', ++ description: 'Prefix for installed tests', ++ type: 'string') From f2805f293dd95bbc32bd49134263f52d8212508d Mon Sep 17 00:00:00 2001 From: Alexis Hildebrandt Date: Sat, 20 Aug 2022 10:28:03 +0200 Subject: [PATCH 109/138] gnupg: Fix regression when using YubiKey devices as smart cards. --- pkgs/tools/security/gnupg/23.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkgs/tools/security/gnupg/23.nix b/pkgs/tools/security/gnupg/23.nix index b93e533e6fd8..af28b4903df2 100644 --- a/pkgs/tools/security/gnupg/23.nix +++ b/pkgs/tools/security/gnupg/23.nix @@ -32,6 +32,14 @@ stdenv.mkDerivation rec { # Patch for DoS vuln from https://seclists.org/oss-sec/2022/q3/27 ./v3-0001-Disallow-compressed-signatures-and-certificates.patch + + # Fix regression when using YubiKey devices as smart cards. + # See https://dev.gnupg.org/T6070 for details. + # Committed upstream, remove this patch when updating to the next release. + (fetchpatch { + url = "https://dev.gnupg.org/rGf34b9147eb3070bce80d53febaa564164cd6c977?diff=1"; + sha256 = "sha256-J/PLSz8yiEgtGv+r3BTGTHrikV70AbbHQPo9xbjaHFE="; + }) ]; postPatch = '' sed -i 's,\(hkps\|https\)://keyserver.ubuntu.com,hkps://keys.openpgp.org,g' configure configure.ac doc/dirmngr.texi doc/gnupg.info-1 From 410a9ae7000e5dc2c6ca55b1c8b3cb188b841708 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 20 Aug 2022 10:52:56 +0000 Subject: [PATCH 110/138] cmake: 3.24.0 -> 3.24.1 --- pkgs/development/tools/build-managers/cmake/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/build-managers/cmake/default.nix b/pkgs/development/tools/build-managers/cmake/default.nix index 0bdc6514cf7e..7badaccf8ab1 100644 --- a/pkgs/development/tools/build-managers/cmake/default.nix +++ b/pkgs/development/tools/build-managers/cmake/default.nix @@ -37,11 +37,11 @@ stdenv.mkDerivation rec { + lib.optionalString isBootstrap "-boot" + lib.optionalString cursesUI "-cursesUI" + lib.optionalString qt5UI "-qt5UI"; - version = "3.24.0"; + version = "3.24.1"; src = fetchurl { url = "https://cmake.org/files/v${lib.versions.majorMinor version}/cmake-${version}.tar.gz"; - sha256 = "sha256-wrYffN7LFXbK0l+Rio9CuGhdiKgy/UtiueD6MukVplg="; + sha256 = "sha256-STHid6TbGoBfE7qnATp3V6DL/lt5MogpJccGHZ0fqCs="; }; patches = [ From 457e2672066c8dc0df2df1a3193139c659581639 Mon Sep 17 00:00:00 2001 From: Ivan Kozik Date: Sat, 20 Aug 2022 03:51:09 +0000 Subject: [PATCH 111/138] rsync: 3.2.4 -> 3.2.5 This release fixes CVE-2022-29154: https://download.samba.org/pub/rsync/NEWS#3.2.5 Remove enableCopyDevicesPatch because --copy-devices was included in rsync 3.2.4: https://download.samba.org/pub/rsync/NEWS#3.2.4:~:text=Added%20the%20%2D%2Dcopy%2Ddevices%20option --- .../networking/sync/rsync/default.nix | 22 +++++-------------- .../networking/sync/rsync/rrsync.nix | 2 +- 2 files changed, 7 insertions(+), 17 deletions(-) diff --git a/pkgs/applications/networking/sync/rsync/default.nix b/pkgs/applications/networking/sync/rsync/default.nix index 5e0ddc69a46c..bdddfe4f8677 100644 --- a/pkgs/applications/networking/sync/rsync/default.nix +++ b/pkgs/applications/networking/sync/rsync/default.nix @@ -1,7 +1,6 @@ { lib , stdenv , fetchurl -, fetchpatch , perl , libiconv , zlib @@ -16,27 +15,18 @@ , xxHash , enableZstd ? true , zstd -, enableCopyDevicesPatch ? false , nixosTests }: stdenv.mkDerivation rec { pname = "rsync"; - version = "3.2.4"; + version = "3.2.5"; - srcs = [ - (fetchurl { - # signed with key 0048 C8B0 26D4 C96F 0E58 9C2F 6C85 9FB1 4B96 A8C5 - url = "mirror://samba/rsync/src/rsync-${version}.tar.gz"; - sha256 = "sha256-b3YYONCAUrC2V5z39nN9k+R/AfTaBMXSTTRHt/Kl+tE="; - }) - ] ++ lib.optional enableCopyDevicesPatch (fetchurl { + src = fetchurl { # signed with key 0048 C8B0 26D4 C96F 0E58 9C2F 6C85 9FB1 4B96 A8C5 - url = "mirror://samba/rsync/rsync-patches-${version}.tar.gz"; - sha256 = "1wj21v57v135n6fnm2m2dxmb9lhrrg62jgkggldp1gb7d6s4arny"; - }); - - patches = lib.optional enableCopyDevicesPatch "./patches/copy-devices.diff"; + url = "mirror://samba/rsync/src/rsync-${version}.tar.gz"; + sha256 = "sha256-KsTSFjXN95GGe8N3w1ym3af1DZGaWL5FBX/VFgDGmro="; + }; nativeBuildInputs = [ perl ]; @@ -64,6 +54,6 @@ stdenv.mkDerivation rec { homepage = "https://rsync.samba.org/"; license = licenses.gpl3Plus; platforms = platforms.unix; - maintainers = with lib.maintainers; [ ehmry kampfschlaefer ]; + maintainers = with lib.maintainers; [ ehmry kampfschlaefer ivan ]; }; } diff --git a/pkgs/applications/networking/sync/rsync/rrsync.nix b/pkgs/applications/networking/sync/rsync/rrsync.nix index c18f454d87ce..09f9ab22f335 100644 --- a/pkgs/applications/networking/sync/rsync/rrsync.nix +++ b/pkgs/applications/networking/sync/rsync/rrsync.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation { pname = "rrsync"; - inherit (rsync) version srcs; + inherit (rsync) version src; buildInputs = [ rsync From b5aad8addf1d4a84dbf7545965584bd19fb7e42e Mon Sep 17 00:00:00 2001 From: Adam Joseph Date: Sat, 20 Aug 2022 19:56:11 -0700 Subject: [PATCH 112/138] libtool: fix shebang-fixing from 2.4.7 version bump Libtool 2.4.7 changed the shebangs in `libtoolize.in` and `ltmain.sh` from `/bin/sh` (which is a special sandbox exception) to `/usr/bin/env sh` (which is not). My PR (#167071) to bump the libtool version adjusted both of these shebangs, when it should only have adjusted the one in `libtoolize.in`. `ltmain.sh` is not a script to be *executed* at `libtool`-invocation-time. It is a script which is *vendored into a release* at `libtoolize`-invocation-time. Thanks to @trofi for reporting this https://github.com/NixOS/nixpkgs/pull/167071#pullrequestreview-1079484605 --- pkgs/development/tools/misc/libtool/libtool2.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkgs/development/tools/misc/libtool/libtool2.nix b/pkgs/development/tools/misc/libtool/libtool2.nix index 92a230374df6..8625a421af64 100644 --- a/pkgs/development/tools/misc/libtool/libtool2.nix +++ b/pkgs/development/tools/misc/libtool/libtool2.nix @@ -38,10 +38,9 @@ stdenv.mkDerivation rec { # libtool commit da2e352735722917bf0786284411262195a6a3f6 changed # the shebang from `/bin/sh` (which is a special sandbox exception) # to `/usr/bin/env sh`, meaning that we now need to patch shebangs - # in libtoolize and ltmain.sh since `dontPatchShebangs` is set: + # in libtoolize.in: '' substituteInPlace libtoolize.in --replace '#! /usr/bin/env sh' '#!${runtimeShell}' - substituteInPlace build-aux/ltmain.in --replace '#! /usr/bin/env sh' '#!${runtimeShell}' ''; strictDeps = true; From 64d5ca085a8cfb55b9c9780642e79a4020ec717c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Sun, 21 Aug 2022 05:25:00 +0200 Subject: [PATCH 113/138] nodejs_18: fix eval --- pkgs/development/web/nodejs/v18.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/web/nodejs/v18.nix b/pkgs/development/web/nodejs/v18.nix index dd6028edcaa9..2bcf9aac950c 100644 --- a/pkgs/development/web/nodejs/v18.nix +++ b/pkgs/development/web/nodejs/v18.nix @@ -1,4 +1,4 @@ -{ callPackage, python3, fetchpatch, enableNpm ? true }: +{ callPackage, python3, fetchpatch, enableNpm ? true, ... }: let buildNodejs = callPackage ./nodejs.nix { From 1609e4a63e268f5e4e33fee1b6a3c7687d331bb6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Tue, 16 Aug 2022 14:00:37 +0200 Subject: [PATCH 114/138] python310Packages.jsonschema: 4.9.1 -> 4.13.0 --- .../python-modules/jsonschema/default.nix | 8 +++-- .../jsonschema/remove-fancy-pypi-readme.patch | 33 +++++++++++++++++++ 2 files changed, 39 insertions(+), 2 deletions(-) create mode 100644 pkgs/development/python-modules/jsonschema/remove-fancy-pypi-readme.patch diff --git a/pkgs/development/python-modules/jsonschema/default.nix b/pkgs/development/python-modules/jsonschema/default.nix index cde909e79b83..2ccbacbf61c8 100644 --- a/pkgs/development/python-modules/jsonschema/default.nix +++ b/pkgs/development/python-modules/jsonschema/default.nix @@ -14,16 +14,20 @@ buildPythonPackage rec { pname = "jsonschema"; - version = "4.9.1"; + version = "4.13.0"; format = "pyproject"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - sha256 = "sha256-QIxMjtDe3jsmj3pEF4T3QgY4CwT5PrLVN8e++z3zCZ8="; + sha256 = "sha256-N3ZRLfT1P3Tm4o/jVxe1siPBdWh1SGmEoxvJFl5/ySA="; }; + patches = [ + ./remove-fancy-pypi-readme.patch + ]; + postPatch = '' patchShebangs json/bin/jsonschema_suite ''; diff --git a/pkgs/development/python-modules/jsonschema/remove-fancy-pypi-readme.patch b/pkgs/development/python-modules/jsonschema/remove-fancy-pypi-readme.patch new file mode 100644 index 000000000000..7124e5a6263b --- /dev/null +++ b/pkgs/development/python-modules/jsonschema/remove-fancy-pypi-readme.patch @@ -0,0 +1,33 @@ +--- a/pyproject.toml 2022-08-21 05:04:18.443484836 +0200 ++++ b/pyproject.toml 2022-08-21 05:04:50.789353514 +0200 +@@ -76,30 +76,6 @@ + Changelog = "https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst" + Source = "https://github.com/python-jsonschema/jsonschema" + +-[tool.hatch.metadata.hooks.fancy-pypi-readme] +-content-type = "text/x-rst" +- +-[[tool.hatch.metadata.hooks.fancy-pypi-readme.fragments]] +-path = "README.rst" +-end-before = ".. start cut from PyPI" +- +-[[tool.hatch.metadata.hooks.fancy-pypi-readme.fragments]] +-path = "README.rst" +-start-after = ".. end cut from PyPI\n\n\n" +- +-[[tool.hatch.metadata.hooks.fancy-pypi-readme.fragments]] +-text = """ +- +- +-Release Information +-------------------- +- +-""" +- +-[[tool.hatch.metadata.hooks.fancy-pypi-readme.fragments]] +-path = "CHANGELOG.rst" +-pattern = "(^v.+?)\nv" +- + [tool.isort] + from_first = true + include_trailing_comma = true From 44b594e6192fdab87a3019818be797967fbe7950 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Sun, 21 Aug 2022 04:16:53 +0200 Subject: [PATCH 115/138] python310Packages.hatchling: 1.6.0 -> 1.8.0 --- pkgs/development/python-modules/hatchling/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/hatchling/default.nix b/pkgs/development/python-modules/hatchling/default.nix index eedebeff3108..636d46dfdd7f 100644 --- a/pkgs/development/python-modules/hatchling/default.nix +++ b/pkgs/development/python-modules/hatchling/default.nix @@ -20,7 +20,7 @@ let pname = "hatchling"; - version = "1.6.0"; + version = "1.8.0"; in buildPythonPackage { inherit pname version; @@ -28,7 +28,7 @@ buildPythonPackage { src = fetchPypi { inherit pname version; - sha256 = "sha256-vW6FBd5RGsQhf/UJJ/bRhFSUYI5AHmOmK4MMMfthNUQ="; + sha256 = "sha256-pPmC/coHF9jEa/57UBMC+QqvKlMChF1VC0nIc5aB/rI="; }; # listed in backend/src/hatchling/ouroboros.py From ca0120a4bcb759b9a9040219b1f0a5e5a86e34a1 Mon Sep 17 00:00:00 2001 From: Vincent Haupert Date: Sun, 21 Aug 2022 12:22:16 +0200 Subject: [PATCH 116/138] systemd: enable `BPF_FRAMEWORK` by default (`withLibBPF=true`) So far, we have been building Systemd without `BPF_FRAMEWORK`. As a result, some Systemd features like `RestrictNetworkInterfaces=` cannot work. To make things worse, Systemd doesn't even complain when using a feature which requires `+BPF_FRAMEWORK`; yet, the option has no effect: # systemctl --version | grep -o "\-BPF_FRAMEWORK" -BPF_FRAMEWORK # systemd-run -t -p RestrictNetworkInterfaces="lo" ping -c 1 8.8.8.8 This commit enables `BPF_FRAMEWORK` by default. This is in line with other distros (e.g., Fedora). Also note that BPF does not support stack protector: https://lkml.org/lkml/2020/2/21/1000. To that end, I added a small `CFLAGS` patch to the BPF building to keep using stack protector as a default. I also added an appropriate NixOS test. --- nixos/tests/all-tests.nix | 1 + nixos/tests/systemd-bpf.nix | 42 ++++++++++++++++++++++ pkgs/os-specific/linux/systemd/default.nix | 6 +++- 3 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 nixos/tests/systemd-bpf.nix diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index c718c292b257..72dac624f85c 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -541,6 +541,7 @@ in { systemd-analyze = handleTest ./systemd-analyze.nix {}; systemd-binfmt = handleTestOn ["x86_64-linux"] ./systemd-binfmt.nix {}; systemd-boot = handleTest ./systemd-boot.nix {}; + systemd-bpf = handleTest ./systemd-bpf.nix {}; systemd-confinement = handleTest ./systemd-confinement.nix {}; systemd-coredump = handleTest ./systemd-coredump.nix {}; systemd-cryptenroll = handleTest ./systemd-cryptenroll.nix {}; diff --git a/nixos/tests/systemd-bpf.nix b/nixos/tests/systemd-bpf.nix new file mode 100644 index 000000000000..e11347a2a817 --- /dev/null +++ b/nixos/tests/systemd-bpf.nix @@ -0,0 +1,42 @@ +import ./make-test-python.nix ({ lib, ... }: { + name = "systemd-bpf"; + meta = with lib.maintainers; { + maintainers = [ veehaitch ]; + }; + nodes = { + node1 = { + virtualisation.vlans = [ 1 ]; + networking = { + useNetworkd = true; + useDHCP = false; + firewall.enable = false; + interfaces.eth1.ipv4.addresses = [ + { address = "192.168.1.1"; prefixLength = 24; } + ]; + }; + }; + + node2 = { + virtualisation.vlans = [ 1 ]; + networking = { + useNetworkd = true; + useDHCP = false; + firewall.enable = false; + interfaces.eth1.ipv4.addresses = [ + { address = "192.168.1.2"; prefixLength = 24; } + ]; + }; + }; + }; + + testScript = '' + start_all() + node1.wait_for_unit("systemd-networkd-wait-online.service") + node2.wait_for_unit("systemd-networkd-wait-online.service") + + with subtest("test RestrictNetworkInterfaces= works"): + node1.succeed("ping -c 5 192.168.1.2") + node1.succeed("systemd-run -t -p RestrictNetworkInterfaces='eth1' ping -c 5 192.168.1.2") + node1.fail("systemd-run -t -p RestrictNetworkInterfaces='lo' ping -c 5 192.168.1.2") + ''; +}) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 348f0e11342e..9544e6270a5a 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -83,7 +83,7 @@ , withHostnamed ? true , withHwdb ? true , withImportd ? !stdenv.hostPlatform.isMusl -, withLibBPF ? false # currently fails while generating BPF objects +, withLibBPF ? true , withLocaled ? true , withLogind ? true , withMachined ? true @@ -207,6 +207,10 @@ stdenv.mkDerivation { --replace \ "run_command(cc.cmd_array(), '-print-prog-name=objcopy', check: true).stdout().strip()" \ "'${stdenv.cc.bintools.targetPrefix}objcopy'" + '' + lib.optionalString withLibBPF '' + # BPF does not work with stack protector + substituteInPlace src/core/bpf/meson.build \ + --replace "clang_flags = [" "clang_flags = [ '-fno-stack-protector'," '' + ( let # The following patches references to dynamic libraries to ensure that From 029137d9eaf89cd8a97a18a2d1a6e18434441761 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charlotte=20=F0=9F=A6=9D=20Delenk?= Date: Fri, 28 Jan 2022 17:49:53 +0100 Subject: [PATCH 117/138] soundtouch: 2.2 -> 2.3.1 and update the repo URL The soundtouch repository has been moved from Gitlab to Codeberg in October. According to the main developer, Gitlab has blocked the soundtouch account for unknown reasons. The Gitlab repository is no longer available as the user is private. References: https://codeberg.org/soundtouch/soundtouch/src/branch/master/readme.md https://www.surina.net/soundtouch/ This commit replaces #135972 --- pkgs/development/libraries/soundtouch/default.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/pkgs/development/libraries/soundtouch/default.nix b/pkgs/development/libraries/soundtouch/default.nix index b03a7cc07228..318ead830f9b 100644 --- a/pkgs/development/libraries/soundtouch/default.nix +++ b/pkgs/development/libraries/soundtouch/default.nix @@ -1,14 +1,15 @@ -{stdenv, lib, fetchFromGitLab, autoconf, automake, libtool}: +{ stdenv, lib, fetchFromGitea, autoconf, automake, libtool }: stdenv.mkDerivation rec { pname = "soundtouch"; - version = "2.2"; + version = "2.3.1"; - src = fetchFromGitLab { - owner = pname; - repo = pname; + src = fetchFromGitea { + domain = "codeberg.org"; + owner = "soundtouch"; + repo = "soundtouch"; rev = version; - sha256 = "12i6yg8vvqwyk412lxl2krbfby6hnxld8qxy0k4m5xp4g94jiq4p"; + sha256 = "10znckb8mrnmvwj7vq12732al873qhqw27fpb5f8r0bkjdpcj3vr"; }; nativeBuildInputs = [ autoconf automake libtool ]; From da0a5e5f3b88ce34314f1c4b29fd7c9526263ca6 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Sun, 21 Aug 2022 19:01:43 +0100 Subject: [PATCH 118/138] cmake: fix crash on CC without libc support Without this change pkgsLLVM fails to build any packages as compiler-rt fails early in cmake: CMake Error at ...-cmake-3.24.0/share/cmake-3.24/Modules/Platform/UnixPaths.cmake:53 (file): file STRINGS file "...-x86_64-unknown-linux-gnu-clang-wrapper-11.1.0/nix-support/orig-libc-dev" cannot be read. It's a regression caused by 871cf9f7b3e5a "cmake: detect libc location at runtime #181431" where we started using `orig-libc-dev` as a libc pointer. During pkgsLLVM pootstrap first compiler has no libc support yet. The change skips runtime detection if there are no libc signs. --- .../tools/build-managers/cmake/001-search-path.diff | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/build-managers/cmake/001-search-path.diff b/pkgs/development/tools/build-managers/cmake/001-search-path.diff index c059bf5bffc3..607668b13155 100644 --- a/pkgs/development/tools/build-managers/cmake/001-search-path.diff +++ b/pkgs/development/tools/build-managers/cmake/001-search-path.diff @@ -12,7 +12,7 @@ index b9381c3d7d..5e944640b5 100644 # CMake install location "${_CMAKE_INSTALL_DIR}" ) -@@ -47,48 +44,46 @@ endif() +@@ -47,48 +44,48 @@ endif() # Non "standard" but common install prefixes list(APPEND CMAKE_SYSTEM_PREFIX_PATH @@ -22,7 +22,9 @@ index b9381c3d7d..5e944640b5 100644 ) # List common include file locations not under the common prefixes. -+if(IS_DIRECTORY $ENV{NIX_CC}) ++if(IS_DIRECTORY $ENV{NIX_CC} ++ AND EXISTS $ENV{NIX_CC}/nix-support/orig-libc ++ AND EXISTS $ENV{NIX_CC}/nix-support/orig-libc-dev) + file(STRINGS "$ENV{NIX_CC}/nix-support/orig-libc" _nix_cmake_libc) + file(STRINGS "$ENV{NIX_CC}/nix-support/orig-libc-dev" _nix_cmake_libc_dev) +else() From 262d3eba50c03d7b65c8a220ba3b51bec3c0f650 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 21 Aug 2022 16:26:26 +0200 Subject: [PATCH 119/138] Revert "nodejs_18: fix eval" This reverts commit 64d5ca085a8cfb55b9c9780642e79a4020ec717c. --- pkgs/development/web/nodejs/v18.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/web/nodejs/v18.nix b/pkgs/development/web/nodejs/v18.nix index 2bcf9aac950c..dd6028edcaa9 100644 --- a/pkgs/development/web/nodejs/v18.nix +++ b/pkgs/development/web/nodejs/v18.nix @@ -1,4 +1,4 @@ -{ callPackage, python3, fetchpatch, enableNpm ? true, ... }: +{ callPackage, python3, fetchpatch, enableNpm ? true }: let buildNodejs = callPackage ./nodejs.nix { From 5b59025b266da0f96b650abd51fe1f45ce239e52 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 21 Aug 2022 16:29:40 +0200 Subject: [PATCH 120/138] Revert "element-web: use openssl 1.1" This reverts commit d1b2156d4288ef9e0df05933426745fcc48bb86f. --- pkgs/top-level/all-packages.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f3d7f0bc5fba..99efe4fb379a 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -3706,7 +3706,6 @@ with pkgs; ''; element-web = callPackage ../applications/networking/instant-messengers/element/element-web.nix { - inherit (yarn2nix-moretea-openssl_1_1) mkYarnPackage fixup_yarn_lock; conf = config.element-web.conf or {}; }; From dc3e75802bf3ca99dffb64a0578d3403d8e27ecd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Thu, 18 Aug 2022 21:25:08 +0200 Subject: [PATCH 121/138] python310Packages.cryptography: remove empty dev output --- pkgs/development/python-modules/cryptography/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkgs/development/python-modules/cryptography/default.nix b/pkgs/development/python-modules/cryptography/default.nix index 1442b784cb37..873d1b99356a 100644 --- a/pkgs/development/python-modules/cryptography/default.nix +++ b/pkgs/development/python-modules/cryptography/default.nix @@ -44,8 +44,6 @@ buildPythonPackage rec { cargoRoot = "src/rust"; - outputs = [ "out" "dev" ]; - nativeBuildInputs = lib.optionals (!isPyPy) [ cffi ] ++ [ From 37a4365913235e405575a02d6e1765887f38527a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Mon, 22 Aug 2022 01:42:50 +0200 Subject: [PATCH 122/138] libtirpc: remove no longer required postPatch --- pkgs/development/libraries/ti-rpc/default.nix | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/pkgs/development/libraries/ti-rpc/default.nix b/pkgs/development/libraries/ti-rpc/default.nix index fa4782b5524f..0e67ce8adea8 100644 --- a/pkgs/development/libraries/ti-rpc/default.nix +++ b/pkgs/development/libraries/ti-rpc/default.nix @@ -12,10 +12,6 @@ stdenv.mkDerivation rec { outputs = [ "out" "dev" ]; - postPatch = '' - sed '1i#include ' -i src/xdr_sizeof.c - ''; - KRB5_CONFIG = "${libkrb5.dev}/bin/krb5-config"; nativeBuildInputs = [ autoreconfHook ]; propagatedBuildInputs = [ libkrb5 ]; @@ -24,7 +20,9 @@ stdenv.mkDerivation rec { sed -es"|/etc/netconfig|$out/etc/netconfig|g" -i doc/Makefile.in tirpc/netconfig.h ''; - preInstall = "mkdir -p $out/etc"; + preInstall = '' + mkdir -p $out/etc + ''; doCheck = true; From ec4019f6dcecbacb1c07882d8bb1fac021e8873b Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Wed, 17 Aug 2022 15:00:00 -0500 Subject: [PATCH 123/138] Set inherit_errexit after bash version check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit inherit_errexit wasn’t available in bash 3. We have a check to show a nice error message, but that check is after we set inherit_errexit in setup.sh. So we can just move this to below the BASH_VERSINFO check. --- pkgs/stdenv/generic/setup.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index 0ba8d1018233..f0fcb30451dd 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -2,7 +2,6 @@ __nixpkgs_setup_set_original=$- set -eu set -o pipefail -shopt -s inherit_errexit if [[ -n "${BASH_VERSINFO-}" && "${BASH_VERSINFO-}" -lt 4 ]]; then echo "Detected Bash version that isn't supported by Nixpkgs (${BASH_VERSION})" @@ -10,6 +9,8 @@ if [[ -n "${BASH_VERSINFO-}" && "${BASH_VERSINFO-}" -lt 4 ]]; then exit 1 fi +shopt -s inherit_errexit + if (( "${NIX_DEBUG:-0}" >= 6 )); then set -x fi From e924a39abd4f2e4b66cd02e2686d64ac01ea96cc Mon Sep 17 00:00:00 2001 From: Pierre Bourdon Date: Mon, 22 Aug 2022 07:03:53 +0200 Subject: [PATCH 124/138] jemalloc: support page size up to 64KB on AArch64 The default build configuration only supports page sizes up to 4KB. AArch64 systems (among other architectures) can be configured with larger page sizes. nixpkgs's jemalloc currently crashes in these situations. --- pkgs/development/libraries/jemalloc/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/development/libraries/jemalloc/default.nix b/pkgs/development/libraries/jemalloc/default.nix index 6f9cb774c2a8..a2812a9c6677 100644 --- a/pkgs/development/libraries/jemalloc/default.nix +++ b/pkgs/development/libraries/jemalloc/default.nix @@ -30,6 +30,9 @@ stdenv.mkDerivation rec { "--disable-thp" "je_cv_thp=no" ] + # AArch64 has configurable page size up to 64k. The default configuration + # for jemalloc only supports 4k page sizes. + ++ lib.optional stdenv.isAarch64 "--with-lg-page=16" ; NIX_CFLAGS_COMPILE = lib.optionalString stdenv.isDarwin "-Wno-error=array-bounds"; From e54978395b37826a27bc8bba9f0cecf3794d1003 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sun, 21 Aug 2022 05:53:02 +0000 Subject: [PATCH 125/138] liburcu: 0.13.1 -> 0.13.2 --- pkgs/development/libraries/liburcu/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/liburcu/default.nix b/pkgs/development/libraries/liburcu/default.nix index e2dc63609c41..120b5d9c61ae 100644 --- a/pkgs/development/libraries/liburcu/default.nix +++ b/pkgs/development/libraries/liburcu/default.nix @@ -1,12 +1,12 @@ { lib, stdenv, fetchurl, perl }: stdenv.mkDerivation rec { - version = "0.13.1"; + version = "0.13.2"; pname = "liburcu"; src = fetchurl { url = "https://lttng.org/files/urcu/userspace-rcu-${version}.tar.bz2"; - sha256 = "sha256-MhPzPSuPcQ65IOsauyeewEv4rmNh9E8lE8KMINM2MIM="; + sha256 = "sha256-EhP9nxsLdNp94rt0M1t2CY25c4/sXTzcB8DFJPNPwDI="; }; checkInputs = [ perl ]; From 28dd75158d0a9c25814dd2496d430053a12610d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?PedroHLC=20=E2=98=AD?= Date: Sun, 21 Aug 2022 14:15:09 -0300 Subject: [PATCH 126/138] mesa: 22.1.6 -> 22.1.7 --- pkgs/development/libraries/mesa/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index c851c196f184..6b78a570cccb 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -34,7 +34,7 @@ with lib; let # Release calendar: https://www.mesa3d.org/release-calendar.html # Release frequency: https://www.mesa3d.org/releasing.html#schedule - version = "22.1.6"; + version = "22.1.7"; branch = versions.major version; self = stdenv.mkDerivation { @@ -48,7 +48,7 @@ self = stdenv.mkDerivation { "ftp://ftp.freedesktop.org/pub/mesa/${version}/mesa-${version}.tar.xz" "ftp://ftp.freedesktop.org/pub/mesa/older-versions/${branch}.x/${version}/mesa-${version}.tar.xz" ]; - sha256 = "22ced061eb9adab8ea35368246c1995c09723f3f71653cd5050c5cec376e671a"; + sha256 = "da838eb2cf11d0e08d0e9944f6bd4d96987fdc59ea2856f8c70a31a82b355d89"; }; # TODO: From bfd2a6d47112f13ccae556aa56a1320d348b89e1 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Mon, 22 Aug 2022 14:45:43 +0200 Subject: [PATCH 127/138] vim: 9.0.0180 -> 9.0.0244 Fixes CVE-2022-2816, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889. --- pkgs/applications/editors/vim/common.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/editors/vim/common.nix b/pkgs/applications/editors/vim/common.nix index 95799f09cf44..016d8ad02d60 100644 --- a/pkgs/applications/editors/vim/common.nix +++ b/pkgs/applications/editors/vim/common.nix @@ -1,12 +1,12 @@ { lib, fetchFromGitHub }: rec { - version = "9.0.0180"; + version = "9.0.0244"; src = fetchFromGitHub { owner = "vim"; repo = "vim"; rev = "v${version}"; - hash = "sha256-38l97auTi6cue457bfRHme5fvsAmvk1MT2va1E/qguw="; + hash = "sha256-l6fLM6+tc1Wy1mjNPa/s73GKhhGBLz3OXUJgJN1wuxY="; }; enableParallelBuilding = true; From 3e2a42102bfb4598cbb330b4ca5e0f28e7bdfc94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?PedroHLC=20=E2=98=AD?= Date: Mon, 22 Aug 2022 18:20:24 -0300 Subject: [PATCH 128/138] Vulkan: 1.3.216.0 -> 1.3.224.0 --- pkgs/development/compilers/glslang/default.nix | 4 ++-- pkgs/development/libraries/spirv-headers/default.nix | 2 +- pkgs/development/libraries/vulkan-headers/default.nix | 4 ++-- pkgs/development/libraries/vulkan-loader/default.nix | 4 ++-- pkgs/development/tools/spirv-tools/default.nix | 4 ++-- pkgs/development/tools/vulkan-validation-layers/default.nix | 4 ++-- pkgs/tools/graphics/vulkan-extension-layer/default.nix | 4 ++-- pkgs/tools/graphics/vulkan-tools-lunarg/default.nix | 4 ++-- pkgs/tools/graphics/vulkan-tools/default.nix | 4 ++-- 9 files changed, 17 insertions(+), 17 deletions(-) diff --git a/pkgs/development/compilers/glslang/default.nix b/pkgs/development/compilers/glslang/default.nix index c3716c1556aa..0da4b60a3ed6 100644 --- a/pkgs/development/compilers/glslang/default.nix +++ b/pkgs/development/compilers/glslang/default.nix @@ -9,13 +9,13 @@ }: stdenv.mkDerivation rec { pname = "glslang"; - version = "1.3.216.0"; + version = "1.3.224.0"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "glslang"; rev = "sdk-${version}"; - hash = "sha256-sjidkiPtRADhyOEKDb2cHCBXnFjLwk2F5Lppv5/fwNQ="; + hash = "sha256-+NKp/4e3iruAcTunpxksvCHxoVYmPd0kFI8JDJJUVg4="; }; # These get set at all-packages, keep onto them for child drvs diff --git a/pkgs/development/libraries/spirv-headers/default.nix b/pkgs/development/libraries/spirv-headers/default.nix index 21117c7d80b2..c634b8330428 100644 --- a/pkgs/development/libraries/spirv-headers/default.nix +++ b/pkgs/development/libraries/spirv-headers/default.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "spirv-headers"; - version = "1.3.216.0"; + version = "1.3.224.0"; src = fetchFromGitHub { owner = "KhronosGroup"; diff --git a/pkgs/development/libraries/vulkan-headers/default.nix b/pkgs/development/libraries/vulkan-headers/default.nix index a4424db68943..0e1a01032f62 100644 --- a/pkgs/development/libraries/vulkan-headers/default.nix +++ b/pkgs/development/libraries/vulkan-headers/default.nix @@ -1,7 +1,7 @@ { lib, stdenv, fetchFromGitHub, cmake }: stdenv.mkDerivation rec { pname = "vulkan-headers"; - version = "1.3.216.0"; + version = "1.3.224.0"; nativeBuildInputs = [ cmake ]; @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { owner = "KhronosGroup"; repo = "Vulkan-Headers"; rev = "sdk-${version}"; - hash = "sha256-jHzW3m9smuzEGbZrSyBI74K9rFozxiG3M5Xql/WOw7U="; + hash = "sha256-zUT5+Ttmkrj51a9FS1tQxoYMS0Y0xV8uaCEJNur4khc="; }; meta = with lib; { diff --git a/pkgs/development/libraries/vulkan-loader/default.nix b/pkgs/development/libraries/vulkan-loader/default.nix index 928a7a16e699..b825214dbb55 100644 --- a/pkgs/development/libraries/vulkan-loader/default.nix +++ b/pkgs/development/libraries/vulkan-loader/default.nix @@ -3,14 +3,14 @@ stdenv.mkDerivation rec { pname = "vulkan-loader"; - version = "1.3.216.0"; + version = "1.3.224.0"; src = (assert version == vulkan-headers.version; fetchFromGitHub { owner = "KhronosGroup"; repo = "Vulkan-Loader"; rev = "sdk-${version}"; - hash = "sha256-EcsJzY/R9rreWvYTgoxHNloR5n2xaR/0rouDJVAGaxs="; + hash = "sha256-lmdImPeosHbAbEzPVW4K9Wkz/mF6gr8MVroGf0bDEPc="; }); patches = [ ./fix-pkgconfig.patch ]; diff --git a/pkgs/development/tools/spirv-tools/default.nix b/pkgs/development/tools/spirv-tools/default.nix index 7abd150c2752..150df6e25093 100644 --- a/pkgs/development/tools/spirv-tools/default.nix +++ b/pkgs/development/tools/spirv-tools/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "spirv-tools"; - version = "1.3.216.0"; + version = "1.3.224.0"; src = (assert version == spirv-headers.version; fetchFromGitHub { owner = "KhronosGroup"; repo = "SPIRV-Tools"; rev = "sdk-${version}"; - hash = "sha256-NWpFSRoxtYWi+hLUt9gpw0YScM3shcUwv9yUmbivRb0="; + hash = "sha256-jpVvjrNrTAKUY4sjUT/gCUElLtW4BrznH1DbStojGB8="; } ); diff --git a/pkgs/development/tools/vulkan-validation-layers/default.nix b/pkgs/development/tools/vulkan-validation-layers/default.nix index 28b47bb99820..1ae5e520e0f7 100644 --- a/pkgs/development/tools/vulkan-validation-layers/default.nix +++ b/pkgs/development/tools/vulkan-validation-layers/default.nix @@ -22,7 +22,7 @@ let in stdenv.mkDerivation rec { pname = "vulkan-validation-layers"; - version = "1.3.216.0"; + version = "1.3.224.0"; # If we were to use "dev" here instead of headers, the setupHook would be # placed in that output instead of "out". @@ -34,7 +34,7 @@ stdenv.mkDerivation rec { owner = "KhronosGroup"; repo = "Vulkan-ValidationLayers"; rev = "sdk-${version}"; - hash = "sha256-ri6ImAuskbvYL/ZM8kaVDZRP2v1qfSaafVacwwRF424="; + hash = "sha256-MmAxUuV9CVJ6LHUb6ePEiE37meDB1TqPAwLsPdHQ1u8="; }); # Include absolute paths to layer libraries in their associated diff --git a/pkgs/tools/graphics/vulkan-extension-layer/default.nix b/pkgs/tools/graphics/vulkan-extension-layer/default.nix index 466f29378533..2a8e999565d1 100644 --- a/pkgs/tools/graphics/vulkan-extension-layer/default.nix +++ b/pkgs/tools/graphics/vulkan-extension-layer/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "vulkan-extension-layer"; - version = "1.3.216.0"; + version = "1.3.224.0"; src = (assert version == vulkan-headers.version; fetchFromGitHub { owner = "KhronosGroup"; repo = "Vulkan-ExtensionLayer"; rev = "sdk-${version}"; - hash = "sha256-h38LxV8G72Xxh44212IoGKQ0tKXwBnSpBjTB2gsr1zA="; + hash = "sha256-KOlwtfuAYWzUFtf0NOJCNzWW+/ogRUgkaWw8NdW2vb8="; }); nativeBuildInputs = [ cmake jq ]; diff --git a/pkgs/tools/graphics/vulkan-tools-lunarg/default.nix b/pkgs/tools/graphics/vulkan-tools-lunarg/default.nix index df0e9398eb7b..be708e6c605f 100644 --- a/pkgs/tools/graphics/vulkan-tools-lunarg/default.nix +++ b/pkgs/tools/graphics/vulkan-tools-lunarg/default.nix @@ -23,14 +23,14 @@ stdenv.mkDerivation rec { pname = "vulkan-tools-lunarg"; # The version must match that in vulkan-headers - version = "1.3.216.0"; + version = "1.3.224.0"; src = (assert version == vulkan-headers.version; fetchFromGitHub { owner = "LunarG"; repo = "VulkanTools"; rev = "sdk-${version}"; - hash = "sha256-NhYQSL5iU7iSO5Q6lp1iwhbi5GEfD11MDmBn9Uk1jm0="; + hash = "sha256-YQv6YboyQJjLTEKspZQdV8YFhHux/4RIncHXOsz1cBw="; fetchSubmodules = true; }); diff --git a/pkgs/tools/graphics/vulkan-tools/default.nix b/pkgs/tools/graphics/vulkan-tools/default.nix index 3660632e16e0..93663ec2a2c6 100644 --- a/pkgs/tools/graphics/vulkan-tools/default.nix +++ b/pkgs/tools/graphics/vulkan-tools/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { pname = "vulkan-tools"; - version = "1.3.216.0"; + version = "1.3.224.0"; # It's not strictly necessary to have matching versions here, however # since we're using the SDK version we may as well be consistent with @@ -31,7 +31,7 @@ stdenv.mkDerivation rec { owner = "KhronosGroup"; repo = "Vulkan-Tools"; rev = "sdk-${version}"; - hash = "sha256-VEMeURNboiOwPGrtFGUt9ZyChj8pV0xcpydrarcwtF0="; + hash = "sha256-Z+QJBd2LBdiJD1fHhBLbOfOoLhqTg0J3tq+XQRSiQaY="; }); nativeBuildInputs = [ From 5a78501dd3b816d7a8c7d08ee6e6a7415ba8ec58 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 20 Aug 2022 08:02:28 +0000 Subject: [PATCH 129/138] SDL2_ttf: 2.0.18 -> 2.20.1 --- pkgs/development/libraries/SDL2_ttf/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/SDL2_ttf/default.nix b/pkgs/development/libraries/SDL2_ttf/default.nix index 6975dfff24ae..f424a2e67f56 100644 --- a/pkgs/development/libraries/SDL2_ttf/default.nix +++ b/pkgs/development/libraries/SDL2_ttf/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "SDL2_ttf"; - version = "2.0.18"; + version = "2.20.1"; src = fetchurl { url = "https://www.libsdl.org/projects/SDL_ttf/release/${pname}-${version}.tar.gz"; - sha256 = "sha256-cjTriINRTgGed0fHA+SndFdbGNQ1wipKKdBoy3aKIlE="; + sha256 = "sha256-eM2tUfPMOtppMrG7bpFLM3mKuXCh6Bd2PyLdv9l9DFc="; }; configureFlags = lib.optional stdenv.isDarwin "--disable-sdltest"; From 10c1827eab020e6c4c3a88b2c9d8fb04b92a3174 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 24 Aug 2022 13:27:29 +0000 Subject: [PATCH 130/138] graphviz: 5.0.0 -> 5.0.1 --- pkgs/tools/graphics/graphviz/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/graphics/graphviz/default.nix b/pkgs/tools/graphics/graphviz/default.nix index 96a7ffb2ed49..2915474735fe 100644 --- a/pkgs/tools/graphics/graphviz/default.nix +++ b/pkgs/tools/graphics/graphviz/default.nix @@ -29,13 +29,13 @@ let in stdenv.mkDerivation rec { pname = "graphviz"; - version = "5.0.0"; + version = "5.0.1"; src = fetchFromGitLab { owner = "graphviz"; repo = "graphviz"; rev = version; - sha256 = "sha256-vDqVJJg2ezYGZPp7UtpvWfCypLBqRrr0aPMSyEN+IQo="; + sha256 = "sha256-lcU6Pb45kg7AxXQ9lmqwAazT2JpGjBz4PzK+S5lpYa0="; }; nativeBuildInputs = [ From 1acad4d826e4011c168edb89be3b2fac400f8332 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 24 Aug 2022 14:41:35 +0000 Subject: [PATCH 131/138] libtasn1: 4.18.0 -> 4.19.0 --- pkgs/development/libraries/libtasn1/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libtasn1/default.nix b/pkgs/development/libraries/libtasn1/default.nix index d7eb36b97a79..2f0b1cdaad4a 100644 --- a/pkgs/development/libraries/libtasn1/default.nix +++ b/pkgs/development/libraries/libtasn1/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "libtasn1"; - version = "4.18.0"; + version = "4.19.0"; src = fetchurl { url = "mirror://gnu/libtasn1/libtasn1-${version}.tar.gz"; - sha256 = "sha256-Q2XBVJU1Y9ZMZ6AktgfR7nXG23bg0PZXCeqAozTNGJg="; + sha256 = "sha256-FhPwrBz0hNbsDOO4wG1WJjzHJC8cI7MNgtI940WmP3o="; }; outputs = [ "out" "dev" "devdoc" ]; From 4a0eaf9dccadfcfe80927c2510057843fb55dab5 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Wed, 24 Aug 2022 15:21:20 +0000 Subject: [PATCH 132/138] libglvnd: 1.4.0 -> 1.5.0 --- pkgs/development/libraries/libglvnd/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libglvnd/default.nix b/pkgs/development/libraries/libglvnd/default.nix index 769140ff54a3..46a3d9e40308 100644 --- a/pkgs/development/libraries/libglvnd/default.nix +++ b/pkgs/development/libraries/libglvnd/default.nix @@ -5,14 +5,14 @@ stdenv.mkDerivation rec { pname = "libglvnd"; - version = "1.4.0"; + version = "1.5.0"; src = fetchFromGitLab { domain = "gitlab.freedesktop.org"; owner = "glvnd"; repo = "libglvnd"; rev = "v${version}"; - sha256 = "06y7m486kgg566krbhb0gvmpzy6ayd98psnrmmkrnw8p513lg8k3"; + sha256 = "sha256-yXSuG8UwD5KZbn4ysDStTdOGD4uHigjOhazlHT9ndNs="; }; nativeBuildInputs = [ autoreconfHook pkg-config python3 addOpenGLRunpath ]; From abaa4b5e514b93011c23cc05b21c13c20fbb93f9 Mon Sep 17 00:00:00 2001 From: Daniel Nagy Date: Wed, 24 Aug 2022 23:32:48 +0200 Subject: [PATCH 133/138] Imlib2: Add JPEGXL and Postscript support, make webp support optional (#186492) Co-authored-by: Robert Scott --- pkgs/development/libraries/imlib2/default.nix | 19 ++++++++++++------- pkgs/top-level/all-packages.nix | 9 +++++++++ 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/pkgs/development/libraries/imlib2/default.nix b/pkgs/development/libraries/imlib2/default.nix index a5dc57c8ffd8..12d972390630 100644 --- a/pkgs/development/libraries/imlib2/default.nix +++ b/pkgs/development/libraries/imlib2/default.nix @@ -1,14 +1,16 @@ { lib, stdenv, fetchurl # Image file formats -, libjpeg, libtiff, giflib, libpng, libwebp +, libjpeg, libtiff, giflib, libpng, libwebp, libjxl +, libspectre # imlib2 can load images from ID3 tags. , libid3tag, librsvg, libheif , freetype , bzip2, pkg-config , x11Support ? true, xlibsWrapper ? null -# Compilation error on Darwin with librsvg. For more information see: -# https://github.com/NixOS/nixpkgs/pull/166452#issuecomment-1090725613 -, svgSupport ? !stdenv.isDarwin -, heifSupport ? !stdenv.isDarwin +, svgSupport ? false +, heifSupport ? false +, webpSupport ? false +, jxlSupport ? false +, psSupport ? false # for passthru.tests , libcaca @@ -33,11 +35,14 @@ stdenv.mkDerivation rec { }; buildInputs = [ - libjpeg libtiff giflib libpng libwebp + libjpeg libtiff giflib libpng bzip2 freetype libid3tag ] ++ optional x11Support xlibsWrapper ++ optional heifSupport libheif - ++ optional svgSupport librsvg; + ++ optional svgSupport librsvg + ++ optional webpSupport libwebp + ++ optional jxlSupport libjxl + ++ optional psSupport libspectre; nativeBuildInputs = [ pkg-config ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 99efe4fb379a..393acb1410a7 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -18653,6 +18653,15 @@ with pkgs; iml = callPackage ../development/libraries/iml { }; imlib2 = callPackage ../development/libraries/imlib2 { }; + imlib2Full = imlib2.override { + # Compilation error on Darwin with librsvg. For more information see: + # https://github.com/NixOS/nixpkgs/pull/166452#issuecomment-1090725613 + svgSupport = !stdenv.isDarwin; + heifSupport = !stdenv.isDarwin; + webpSupport = true; + jxlSupport = true; + psSupport = true; + }; imlib2-nox = imlib2.override { x11Support = false; }; From 1f07b6e50d0b23e6c9e041c147dd731a7721f3e8 Mon Sep 17 00:00:00 2001 From: Alex Wied Date: Wed, 24 Aug 2022 19:25:29 -0400 Subject: [PATCH 134/138] python3Packages.requests: Fix sandboxed build on Darwin --- pkgs/development/python-modules/requests/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/python-modules/requests/default.nix b/pkgs/development/python-modules/requests/default.nix index 9b19c7b9c256..5eab25fa3e15 100644 --- a/pkgs/development/python-modules/requests/default.nix +++ b/pkgs/development/python-modules/requests/default.nix @@ -20,6 +20,8 @@ buildPythonPackage rec { version = "2.28.1"; disabled = pythonOlder "3.7"; + __darwinAllowLocalNetworking = true; + src = fetchPypi { inherit pname version; hash = "sha256-fFWZsQL+3apmHIJsVqtP7ii/0X9avKHrvj5/GdfJeYM="; From 392811708825f15e0c43b46e677e950a9deaec79 Mon Sep 17 00:00:00 2001 From: Alex Wied Date: Wed, 24 Aug 2022 20:59:32 -0400 Subject: [PATCH 135/138] python3Packages.responses: Fix sandboxed build on Darwin --- pkgs/development/python-modules/responses/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/python-modules/responses/default.nix b/pkgs/development/python-modules/responses/default.nix index 1343aa6cfd01..21e3dd38cdb8 100644 --- a/pkgs/development/python-modules/responses/default.nix +++ b/pkgs/development/python-modules/responses/default.nix @@ -15,6 +15,8 @@ buildPythonPackage rec { disabled = pythonOlder "3.7"; + __darwinAllowLocalNetworking = true; + src = fetchFromGitHub { owner = "getsentry"; repo = pname; From e1c292692ff8a78222ceca5c812340b20557d7e6 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 25 Aug 2022 02:40:36 +0200 Subject: [PATCH 136/138] python3Packages.cffi: drop empty dev output --- pkgs/development/python-modules/cffi/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkgs/development/python-modules/cffi/default.nix b/pkgs/development/python-modules/cffi/default.nix index 7691d9b7d59b..66b315f14ab0 100644 --- a/pkgs/development/python-modules/cffi/default.nix +++ b/pkgs/development/python-modules/cffi/default.nix @@ -11,8 +11,6 @@ if isPyPy then null else buildPythonPackage rec { sha256 = "sha256-1AC/uaN7E1ElPLQCZxzqfom97MKU6AFqcH9tHYrJNPk="; }; - outputs = [ "out" "dev" ]; - buildInputs = [ libffi ]; nativeBuildInputs = [ pkg-config ]; From daa11b3e4677d7e7bd81b31c0c7a79669cbd7e51 Mon Sep 17 00:00:00 2001 From: Alex Wied Date: Wed, 24 Aug 2022 22:18:56 -0400 Subject: [PATCH 137/138] python3Packages.pytest-aiohttp: Fix sandboxed build on Darwin --- pkgs/development/python-modules/pytest-aiohttp/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/python-modules/pytest-aiohttp/default.nix b/pkgs/development/python-modules/pytest-aiohttp/default.nix index bc9d4c37a876..728544bd2618 100644 --- a/pkgs/development/python-modules/pytest-aiohttp/default.nix +++ b/pkgs/development/python-modules/pytest-aiohttp/default.nix @@ -14,6 +14,8 @@ buildPythonPackage rec { format = "setuptools"; + __darwinAllowLocalNetworking = true; + src = fetchPypi { inherit pname version; sha256 = "39ff3a0d15484c01d1436cbedad575c6eafbf0f57cdf76fb94994c97b5b8c5a4"; From 6c0348fe8760352e8fe9e2ea7182cf70b200e156 Mon Sep 17 00:00:00 2001 From: Alex Wied Date: Wed, 24 Aug 2022 22:34:16 -0400 Subject: [PATCH 138/138] python3Packages.python-socks: Fix sandboxed build on Darwin --- pkgs/development/python-modules/python-socks/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/python-modules/python-socks/default.nix b/pkgs/development/python-modules/python-socks/default.nix index 5254a6cbab25..b0d0fbd36616 100644 --- a/pkgs/development/python-modules/python-socks/default.nix +++ b/pkgs/development/python-modules/python-socks/default.nix @@ -19,6 +19,8 @@ buildPythonPackage rec { disabled = pythonOlder "3.6.1"; + __darwinAllowLocalNetworking = true; + src = fetchFromGitHub { owner = "romis2012"; repo = pname;