From 75358ad0e7a143ad6849882a1967ef6a5c2e6e68 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 6 Jan 2016 21:43:22 +0300 Subject: [PATCH 01/61] bundlerEnv: add wrapper --- .../interpreters/ruby/bundler-env/default.nix | 24 ++++++++++++++----- 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/pkgs/development/interpreters/ruby/bundler-env/default.nix b/pkgs/development/interpreters/ruby/bundler-env/default.nix index c7570d815e3b..fdafa5f8f126 100644 --- a/pkgs/development/interpreters/ruby/bundler-env/default.nix +++ b/pkgs/development/interpreters/ruby/bundler-env/default.nix @@ -65,8 +65,24 @@ let "${bundler}/${ruby.gemPath}" \ ${shellEscape (toString envPaths)} '' + lib.optionalString (postBuild != null) postBuild; - passthru = { + passthru = rec { inherit ruby bundler meta gems; + + wrapper = stdenv.mkDerivation { + name = "wrapper-${name}"; + nativeBuildInputs = [ makeWrapper ]; + buildCommand = '' + mkdir -p $out/bin + for i in ${ruby}/bin/*; do + makeWrapper "$i" $out/bin/$(basename "$i") \ + --set BUNDLE_GEMFILE ${confFiles}/Gemfile \ + --set BUNDLE_PATH ${bundlerEnv}/${ruby.gemPath} \ + --set GEM_HOME ${bundlerEnv}/${ruby.gemPath} \ + --set GEM_PATH ${bundlerEnv}/${ruby.gemPath} + done + ''; + }; + env = let irbrc = builtins.toFile "irbrc" '' if !(ENV["OLD_IRBRC"].nil? || ENV["OLD_IRBRC"].empty?) @@ -77,12 +93,8 @@ let ''; in stdenv.mkDerivation { name = "interactive-${name}-environment"; - nativeBuildInputs = [ ruby bundlerEnv ]; + nativeBuildInputs = [ wrapper bundlerEnv ]; shellHook = '' - export BUNDLE_GEMFILE=${confFiles}/Gemfile - export BUNDLE_PATH=${bundlerEnv}/${ruby.gemPath} - export GEM_HOME=${bundlerEnv}/${ruby.gemPath} - export GEM_PATH=${bundlerEnv}/${ruby.gemPath} export OLD_IRBRC="$IRBRC" export IRBRC=${irbrc} ''; From 18b64f05c9e4637bbbb516d759da333e2721c6a6 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 13 Jan 2016 19:07:21 +0300 Subject: [PATCH 02/61] ijs: 9.16 -> 9.18 --- pkgs/development/libraries/ijs/default.nix | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/pkgs/development/libraries/ijs/default.nix b/pkgs/development/libraries/ijs/default.nix index fbba11c10c93..0c7d412fee65 100644 --- a/pkgs/development/libraries/ijs/default.nix +++ b/pkgs/development/libraries/ijs/default.nix @@ -1,16 +1,25 @@ -{ stdenv, fetchurl, autoreconfHook }: +{ stdenv, fetchurl, fetchpatch, autoreconfHook }: -let version = "9.16"; +let version = "9.18"; in stdenv.mkDerivation { name = "ijs-${version}"; src = fetchurl { url = "http://downloads.ghostscript.com/public/ghostscript-${version}.tar.bz2"; - sha256 = "0vdqbjkickb0109lk6397bb2zjmg1s46dac5p5j4gfxa4pwl8b9y"; + sha256 = "18ad90za28dxybajqwf3y3dld87cgkx1ljllmcnc7ysspfxzbnl3"; }; - prePatch = "cd ijs"; + patches = [ + # http://bugs.ghostscript.com/show_bug.cgi?id=696246 + (fetchpatch { + name = "devijs-account-for-device-subclassing.patch"; + url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=b68e05c3"; + sha256 = "1c3fzfjzvf15z533vpw3l3da8wcxw98qi3p1lc6lf13940a57c7n"; + }) + ]; + + postPatch = "cd ijs"; enableParallelBuilding = true; From 1967f19f7db4029120b2df3e0ec5bc30e5144598 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 13 Jan 2016 19:07:42 +0300 Subject: [PATCH 03/61] qpdf: 5.1.3 -> 6.0.0 --- pkgs/development/libraries/qpdf/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/qpdf/default.nix b/pkgs/development/libraries/qpdf/default.nix index 340f4558f819..8f886421d55b 100644 --- a/pkgs/development/libraries/qpdf/default.nix +++ b/pkgs/development/libraries/qpdf/default.nix @@ -1,13 +1,13 @@ { stdenv, fetchurl, pcre, zlib, perl }: -let version = "5.1.3"; +let version = "6.0.0"; in stdenv.mkDerivation rec { name = "qpdf-${version}"; src = fetchurl { url = "mirror://sourceforge/qpdf/qpdf/${version}/${name}.tar.gz"; - sha256 = "1lq1v7xghvl6p4hgrwbps3a13ad6lh4ib3myimb83hxgsgd4n5nm"; + sha256 = "0csj2p2gkxrc0rk8ykymlsdgfas96vzf1dip3y1x7z1q9plwgzd9"; }; nativeBuildInputs = [ perl ]; @@ -23,6 +23,7 @@ stdenv.mkDerivation rec { ''; doCheck = true; + enableParallelBuilding = true; meta = with stdenv.lib; { homepage = http://qpdf.sourceforge.net/; From 35e1f4954555f465fb4499880dcb6a68417fb959 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 13 Jan 2016 19:46:41 +0300 Subject: [PATCH 04/61] cups: 2.0.4 -> 2.1.2 Also enable parallel building and don't install rc.d scripts. --- pkgs/misc/cups/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/misc/cups/default.nix b/pkgs/misc/cups/default.nix index 8fa111ecc023..7dedf26096df 100644 --- a/pkgs/misc/cups/default.nix +++ b/pkgs/misc/cups/default.nix @@ -3,7 +3,7 @@ , libusb ? null, gnutls ? null, avahi ? null, libpaper ? null }: -let version = "2.0.4"; in +let version = "2.1.2"; in with stdenv.lib; stdenv.mkDerivation { @@ -13,7 +13,7 @@ stdenv.mkDerivation { src = fetchurl { url = "https://www.cups.org/software/${version}/cups-${version}-source.tar.bz2"; - sha256 = "1gaakz24k6x5nc09rmpiq0xq20j1qdjc3szag8qwmyi4ky6ydmg1"; + sha256 = "1bc1y8fjgh54ryh520gk63i5rbagn6jijsrskcqlibhfm0xwmc5s"; }; buildInputs = [ pkgconfig zlib libjpeg libpng libtiff libusb gnutls libpaper ] @@ -51,7 +51,6 @@ stdenv.mkDerivation { # Idem for /etc. "PAMDIR=$(out)/etc/pam.d" "DBUSDIR=$(out)/etc/dbus-1" - "INITDIR=$(out)/etc/rc.d" "XINETD=$(out)/etc/xinetd.d" "SERVERROOT=$(out)/etc/cups" # Idem for /usr. @@ -61,6 +60,8 @@ stdenv.mkDerivation { "CUPS_PRIMARY_SYSTEM_GROUP=root" ]; + enableParallelBuilding = true; + postInstall = '' # Delete obsolete stuff that conflicts with cups-filters. rm -rf $out/share/cups/banners $out/share/cups/data/testprint From a814e243b5f330267e779b6f037791da49f8d0e5 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 13 Jan 2016 19:47:07 +0300 Subject: [PATCH 05/61] ghostscript: 9.15 -> 9.18 --- pkgs/misc/ghostscript/CVE-2015-3228.patch | 20 --------- pkgs/misc/ghostscript/default.nix | 50 ++++++++++++++++++----- 2 files changed, 40 insertions(+), 30 deletions(-) delete mode 100644 pkgs/misc/ghostscript/CVE-2015-3228.patch diff --git a/pkgs/misc/ghostscript/CVE-2015-3228.patch b/pkgs/misc/ghostscript/CVE-2015-3228.patch deleted file mode 100644 index 7be18b0a7302..000000000000 --- a/pkgs/misc/ghostscript/CVE-2015-3228.patch +++ /dev/null @@ -1,20 +0,0 @@ -Description: Sanity check for memory allocation. - In gs_heap_alloc_bytes(), add a sanity check to ensure we don't overflow the - variable holding the actual number of bytes we allocate. -Origin: upstream, http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0c0b085 -Author: Chris Liddell -Forwarded: yes -Bug-Debian: http://bugs.debian.org/793489 -Last-Update: 2015-07-26 - ---- a/base/gsmalloc.c -+++ b/base/gsmalloc.c -@@ -178,7 +178,7 @@ - } else { - uint added = size + sizeof(gs_malloc_block_t); - -- if (mmem->limit - added < mmem->used) -+ if (added <= size || mmem->limit - added < mmem->used) - set_msg("exceeded limit"); - else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0) - set_msg("failed"); diff --git a/pkgs/misc/ghostscript/default.nix b/pkgs/misc/ghostscript/default.nix index 53b5caf93122..658fa346f1ea 100644 --- a/pkgs/misc/ghostscript/default.nix +++ b/pkgs/misc/ghostscript/default.nix @@ -1,6 +1,6 @@ -{ stdenv, fetchurl, pkgconfig, zlib, expat, openssl +{ stdenv, fetchurl, fetchpatch, pkgconfig, zlib, expat, openssl, autoconf , libjpeg, libpng, libtiff, freetype, fontconfig, lcms2, libpaper, jbig2dec -, libiconv +, libiconv, ijs , x11Support ? false, xlibsWrapper ? null , cupsSupport ? false, cups ? null }: @@ -8,8 +8,8 @@ assert x11Support -> xlibsWrapper != null; assert cupsSupport -> cups != null; let - version = "9.15"; - sha256 = "0p1isp6ssfay141klirn7n9s8b546vcz6paksfmksbwy0ljsypg6"; + version = "9.18"; + sha256 = "18ad90za28dxybajqwf3y3dld87cgkx1ljllmcnc7ysspfxzbnl3"; fonts = stdenv.mkDerivation { name = "ghostscript-fonts"; @@ -45,28 +45,58 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + nativeBuildInputs = [ pkgconfig autoconf ]; buildInputs = - [ pkgconfig zlib expat openssl + [ zlib expat openssl libjpeg libpng libtiff freetype fontconfig lcms2 libpaper jbig2dec - libiconv + libiconv ijs ] ++ stdenv.lib.optional x11Support xlibsWrapper ++ stdenv.lib.optional cupsSupport cups - # [] # maybe sometimes jpeg2000 support ; patches = [ ./urw-font-files.patch - # fetched from debian's ghostscript 9.15_dfsg-1 (called 020150707~0c0b085.patch there) - ./CVE-2015-3228.patch + # http://bugs.ghostscript.com/show_bug.cgi?id=696281 + (fetchpatch { + name = "fix-check-for-using-shared-freetype-lib.patch"; + url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=8f5d285"; + sha256 = "1f0k043rng7f0rfl9hhb89qzvvksqmkrikmm38p61yfx51l325xr"; + }) + # http://bugs.ghostscript.com/show_bug.cgi?id=696301 + (fetchpatch { + name = "add-gserrors.h-to-the-installed-files.patch"; + url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=feafe5e5"; + sha256 = "0s4ayzakjv809dkn7vilxwvs4dw35p3pw942ml91bk9z4kkaxyz7"; + }) + # http://bugs.ghostscript.com/show_bug.cgi?id=696246 + (fetchpatch { + name = "guard-against-NULL-base-for-non-clist-devices.patch"; + url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=007bd77d08d800e6b07274d62e3c91be7c4a3f47"; + sha256 = "1la53273agl92lpy7qd0qhgzynx8b90hrk8g9jsj3055ssn6rqwh"; + }) + (fetchpatch { + name = "ensure-plib-devices-always-use-the-clist.patch"; + url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=1bdbe4f87dc57648821e613ebcc591b84e8b35b3"; + sha256 = "1cq83fgyvrycapxm69v4r9f9qhzsr40ygrc3bkp8pk15wsmvq0k7"; + }) + (fetchpatch { + name = "prevent-rinkj-device-crash-when-misconfigured.patch"; + url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=5571ddfa377c5d7d98f55af40e693814ac287ae4"; + sha256 = "08iqdlrngi6k0ml2b71dj5q136fyp1s9g0rr87ayyshn0k0lxwkv"; + }) ]; makeFlags = [ "cups_serverroot=$(out)" "cups_serverbin=$(out)/lib/cups" ]; preConfigure = '' - rm -rf jpeg libpng zlib jasper expat tiff lcms{,2} jbig2dec openjpeg freetype cups/libs + # requires in-tree (heavily patched) openjpeg + rm -rf jpeg libpng zlib jasper expat tiff lcms{,2} jbig2dec freetype cups/libs ijs sed "s@if ( test -f \$(INCLUDE)[^ ]* )@if ( true )@; s@INCLUDE=/usr/include@INCLUDE=/no-such-path@" -i base/unix-aux.mak + sed "s@^ZLIBDIR=.*@ZLIBDIR=${zlib}/include@" -i configure.ac + + autoconf ''; configureFlags = From eaaf988d4552703be38c8acd2597ddf5eae2b181 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 13 Jan 2016 19:07:59 +0300 Subject: [PATCH 06/61] cups_filters: 1.0.71 -> 1.5.0 Also wrap filters adding necessary utils to PATH and enable parallel building. --- pkgs/misc/cups/filters.nix | 35 +++++++++++++------------- pkgs/misc/cups/longer-shell-path.patch | 13 ---------- 2 files changed, 18 insertions(+), 30 deletions(-) delete mode 100644 pkgs/misc/cups/longer-shell-path.patch diff --git a/pkgs/misc/cups/filters.nix b/pkgs/misc/cups/filters.nix index b4b3a5a06247..7118511f16d3 100644 --- a/pkgs/misc/cups/filters.nix +++ b/pkgs/misc/cups/filters.nix @@ -1,26 +1,24 @@ -{ stdenv, fetchurl, fetchpatch, pkgconfig, cups, poppler, poppler_utils, fontconfig -, libjpeg, libpng, perl, ijs, qpdf, dbus, substituteAll, bash, avahi }: +{ stdenv, fetchurl, pkgconfig, cups, poppler, poppler_utils, fontconfig +, libjpeg, libpng, perl, ijs, qpdf, dbus, substituteAll, bash, avahi +, makeWrapper, coreutils, gnused, bc, gawk, gnugrep, which +}: -stdenv.mkDerivation rec { +let + binPath = stdenv.lib.makeSearchPath "bin" [ coreutils gnused bc gawk gnugrep which ]; + +in stdenv.mkDerivation rec { name = "cups-filters-${version}"; - version = "1.0.71"; + version = "1.5.0"; src = fetchurl { url = "http://openprinting.org/download/cups-filters/${name}.tar.xz"; - sha256 = "07wwlqcykfjfqcwj1bxk60ggahyaw7wcx32n5s104d1qkhham01i"; + sha256 = "0cjrh4wpdhkvmahfkg8f2a2qzilcq12i78q5arwr7dnmx1j8hapj"; }; - patches = [ - ./longer-shell-path.patch - (fetchpatch { # drop on update - name = "poppler-0.34.patch"; - url = "https://bugs.linuxfoundation.org/attachment.cgi?id=493"; - sha256 = "18za83q0b0n4hpvvw76jsv0hm89zmijvps2z5kg1srickqlxj891"; - }) - ]; + nativeBuildInputs = [ pkgconfig makeWrapper ]; buildInputs = [ - pkgconfig cups poppler poppler_utils fontconfig libjpeg libpng perl + cups poppler poppler_utils fontconfig libjpeg libpng perl ijs qpdf dbus avahi ]; @@ -29,9 +27,10 @@ stdenv.mkDerivation rec { "--enable-imagefilters" "--with-rcdir=no" "--with-shell=${stdenv.shell}" + "--with-test-font-path=/path-does-not-exist" ]; - makeFlags = "CUPS_SERVERBIN=$(out)/lib/cups CUPS_DATADIR=$(out)/share/cups CUPS_SERVERROOT=$(out)/etc/cups"; + makeFlags = [ "CUPS_SERVERBIN=$(out)/lib/cups" "CUPS_DATADIR=$(out)/share/cups" "CUPS_SERVERROOT=$(out)/etc/cups" ]; postConfigure = '' @@ -46,11 +45,13 @@ stdenv.mkDerivation rec { postInstall = '' - for i in $out/lib/cups/filter/{pstopdf,texttops,imagetops}; do - substituteInPlace $i --replace 'which ' 'type -p ' + for i in $out/lib/cups/filter/*; do + wrapProgram "$i" --prefix PATH ':' ${binPath} done ''; + enableParallelBuilding = true; + meta = { homepage = http://www.linuxfoundation.org/collaborate/workgroups/openprinting/cups-filters; description = "Backends, filters, and other software that was once part of the core CUPS distribution but is no longer maintained by Apple Inc"; diff --git a/pkgs/misc/cups/longer-shell-path.patch b/pkgs/misc/cups/longer-shell-path.patch deleted file mode 100644 index 397cc681732b..000000000000 --- a/pkgs/misc/cups/longer-shell-path.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/filter/foomatic-rip/foomaticrip.c b/filter/foomatic-rip/foomaticrip.c -index 90a851c..689a2bd 100644 ---- a/filter/foomatic-rip/foomaticrip.c -+++ b/filter/foomatic-rip/foomaticrip.c -@@ -174,7 +174,7 @@ char cupsfilterpath[PATH_MAX] = "/usr/local/lib/cups/filter:" - "/opt/cups/filter:" - "/usr/lib/cups/filter"; - --char modern_shell[64] = SHELL; -+char modern_shell[] = SHELL; - - void config_set_option(const char *key, const char *value) - { From d34a72dfba19e6db6f70023b92544b54e88b81f4 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 13 Jan 2016 20:48:28 +0300 Subject: [PATCH 07/61] libspectre: fix for ghostscript 9.18 --- .../libraries/libspectre/default.nix | 2 + .../libspectre/libspectre-0.2.7-gs918.patch | 42 +++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 pkgs/development/libraries/libspectre/libspectre-0.2.7-gs918.patch diff --git a/pkgs/development/libraries/libspectre/default.nix b/pkgs/development/libraries/libspectre/default.nix index 0e5f976c1224..5c10fff50ad3 100644 --- a/pkgs/development/libraries/libspectre/default.nix +++ b/pkgs/development/libraries/libspectre/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "1v63lqc6bhhxwkpa43qmz8phqs8ci4dhzizyy16d3vkb20m846z8"; }; + patches = [ ./libspectre-0.2.7-gs918.patch ]; + buildInputs = [ # Need `libgs.so'. pkgconfig ghostscript cairo /*for tests*/ diff --git a/pkgs/development/libraries/libspectre/libspectre-0.2.7-gs918.patch b/pkgs/development/libraries/libspectre/libspectre-0.2.7-gs918.patch new file mode 100644 index 000000000000..e9a4eda192ba --- /dev/null +++ b/pkgs/development/libraries/libspectre/libspectre-0.2.7-gs918.patch @@ -0,0 +1,42 @@ +Fixed error namespace for >=ghostscript-gpl-9.18 + +https://bugs.gentoo.org/563540 + +--- libspectre-0.2.7/libspectre/spectre-gs.c ++++ libspectre-0.2.7/libspectre/spectre-gs.c +@@ -43,12 +43,12 @@ + + if (code <= -100) { + switch (code) { +- case e_Fatal: ++ case gs_error_Fatal: + fprintf (stderr, "fatal internal error %d", code); + return TRUE; + break; + +- case e_ExecStackUnderflow: ++ case gs_error_ExecStackUnderflow: + fprintf (stderr, "stack overflow %d", code); + return TRUE; + break; +@@ -109,9 +109,9 @@ + set = _spectre_strdup_printf ("%d %d translate\n", -x, -y); + error = gsapi_run_string_continue (ghostscript_instance, set, strlen (set), + 0, &exit_code); +- error = error == e_NeedInput ? 0 : error; ++ error = error == gs_error_NeedInput ? 0 : error; + free (set); +- if (error != e_NeedInput && critic_error_code (error)) { ++ if (error != gs_error_NeedInput && critic_error_code (error)) { + fclose (fd); + return FALSE; + } +@@ -126,7 +126,7 @@ + read = fread (buf, sizeof (char), to_read, fd); + error = gsapi_run_string_continue (ghostscript_instance, + buf, read, 0, &exit_code); +- error = error == e_NeedInput ? 0 : error; ++ error = error == gs_error_NeedInput ? 0 : error; + left -= read; + } + From fbd3ad83e513e394698e71c0371ffc712a6da79f Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sun, 17 Jan 2016 03:28:58 +0300 Subject: [PATCH 08/61] gimp: enable parallel building --- pkgs/applications/graphics/gimp/2.8.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/applications/graphics/gimp/2.8.nix b/pkgs/applications/graphics/gimp/2.8.nix index 954a1d4c19c9..96d6dbd52857 100644 --- a/pkgs/applications/graphics/gimp/2.8.nix +++ b/pkgs/applications/graphics/gimp/2.8.nix @@ -27,6 +27,8 @@ stdenv.mkDerivation rec { #configureFlags = [ "--disable-print" ]; + enableParallelBuilding = true; + # "screenshot" needs this. NIX_LDFLAGS = "-rpath ${xorg.libX11}/lib" + stdenv.lib.optionalString stdenv.isDarwin " -lintl"; From a8b3e686d0f1c4fe4a8836f7cbd79639fe34fede Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sun, 17 Jan 2016 03:29:56 +0300 Subject: [PATCH 09/61] gutenprint: 5.2.10 -> 5.2.11 Rework gutenprint derivation: * Convert to regular stdenv.mkDerivation; * Enable IJS driver; * Fix cups-genppdupdate; * Move things around to the proper directories; * Enable parallel building; * Clean from old hacks. --- pkgs/misc/drivers/gutenprint/default.nix | 91 +++++++----------------- 1 file changed, 27 insertions(+), 64 deletions(-) diff --git a/pkgs/misc/drivers/gutenprint/default.nix b/pkgs/misc/drivers/gutenprint/default.nix index 98776c0c42b0..5be7f5ecff4d 100644 --- a/pkgs/misc/drivers/gutenprint/default.nix +++ b/pkgs/misc/drivers/gutenprint/default.nix @@ -1,78 +1,41 @@ # this package was called gimp-print in the past -{ fetchurl, stdenv, pkgconfig, composableDerivation, cups -, libtiff, libpng, makeWrapper, openssl, gimp }: +{ stdenv, lib, fetchurl, pkgconfig +, ijs, makeWrapper +, gimp2Support ? true, gimp +, cupsSupport ? true, cups, libusb, perl +}: -let - version = "5.2.10"; - inherit (composableDerivation) edf wwf; -in - -composableDerivation.composableDerivation {} { - name = "gutenprint-${version}"; +stdenv.mkDerivation rec { + name = "gutenprint-5.2.11"; src = fetchurl { - url = "mirror://sourceforge/gimp-print/gutenprint-${version}.tar.bz2"; - sha256 = "0n8f6vpadnagrp6yib3mca1c3lgwl4vmma16s44riyrd84mka7s3"; + url = "mirror://sourceforge/gimp-print/${name}.tar.bz2"; + sha256 = "1yadw96rgp1z0jv1wxrz6cds36nb693w3xlv596xw9r5w394r8y1"; }; - # gimp, gui is still not working (TODO) - buildInputs = [ makeWrapper openssl pkgconfig ]; + nativeBuildInputs = [ makeWrapper pkgconfig ]; + buildInputs = + [ ijs ] + ++ lib.optionals gimp2Support [ gimp.gtk gimp ] + ++ lib.optionals cupsSupport [ cups libusb perl ]; - configureFlags = ["--enable-static-genppd"]; - NIX_CFLAGS_COMPILE="-include stdio.h"; - - #preConfigure = '' - # configureFlags="--with-cups=$out/usr-cups $configureFlags" - #''; - - /* - is this recommended? without it this warning is printed: + configureFlags = lib.optionals cupsSupport [ + "--disable-static-genppd" # should be harmless on NixOS + ]; - ***WARNING: Use of --disable-static-genppd or --disable-static - when building CUPS is very dangerous. The build may - fail when building the PPD files, or may *SILENTLY* - build incorrect PPD files or cause other problems. - Please review the README and release notes carefully! - */ + enableParallelBuilding = true; - installPhase = '' - eval "make install $installArgs" - mkdir -p $out/lib/cups - ln -s $out/filter $out/lib/cups/ - wrapProgram $out/filter/rastertogutenprint.5.2 --prefix LD_LIBRARY_PATH : $out/lib - wrapProgram $out/sbin/cups-genppd.5.2 --prefix LD_LIBRARY_PATH : $out/lib - ''; + # Testing is very, very long. + # doCheck = true; - meta = { + installFlags = + lib.optionals cupsSupport [ "cups_conf_datadir=$(out)/share/cups" "cups_conf_serverbin=$(out)/lib/cups" "cups_conf_serverroot=$(out)/etc/cups" ] + ++ lib.optionals gimp2Support [ "gimp2_plug_indir=$(out)/${gimp.name}-plugins" ]; + + meta = with stdenv.lib; { description = "Ghostscript and cups printer drivers"; homepage = http://sourceforge.net/projects/gimp-print/; - license = "GPL"; + license = licenses.gpl2; + platforms = platforms.linux; }; - - mergeAttrBy = { installArgs = stdenv.lib.concat; }; - - # most interpreters aren't tested yet.. (see python for example how to do it) - flags = - wwf { - name = "gimp2"; - enable = { - buildInputs = [gimp gimp.gtk]; - installArgs = [ "gimp2_plug_indir=$out/${gimp.name}-plugins" ]; - }; - } - // { - cups = { - set = { - buildInputs = [cups libtiff libpng ]; - installArgs = [ "cups_conf_datadir=$out cups_conf_serverbin=$out cups_conf_serverroot=$out"]; - }; - }; - } - ; - - cfg = { - gimp2Support = true; - cupsSupport = true; - }; - } From 06865208e8516099c5ae54cfcd0c0be24ac9d0b9 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sun, 17 Jan 2016 03:34:39 +0300 Subject: [PATCH 10/61] cupsd service: use cups-pk-helper is policykit is enabled --- nixos/modules/services/printing/cupsd.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/nixos/modules/services/printing/cupsd.nix b/nixos/modules/services/printing/cupsd.nix index 0fe25b66da08..6f5df23f3427 100644 --- a/nixos/modules/services/printing/cupsd.nix +++ b/nixos/modules/services/printing/cupsd.nix @@ -4,10 +4,13 @@ with lib; let - inherit (pkgs) cups cups_filters; + inherit (pkgs) cups cups-pk-helper cups_filters; cfg = config.services.printing; + avahiEnabled = config.services.avahi.enable; + polkitEnabled = config.security.polkit.enable; + additionalBackends = pkgs.runCommand "additional-cups-backends" { } '' mkdir -p $out @@ -204,7 +207,7 @@ in description = "CUPS printing services"; }; - environment.systemPackages = [ cups ]; + environment.systemPackages = [ cups ] ++ optional polkitEnabled cups-pk-helper; environment.etc."cups/client.conf".text = cfg.clientConf; environment.etc."cups/cups-files.conf".text = cfg.cupsFilesConf; @@ -212,7 +215,7 @@ in environment.etc."cups/cups-browsed.conf".text = cfg.browsedConf; environment.etc."cups/snmp.conf".text = cfg.snmpConf; - services.dbus.packages = [ cups ]; + services.dbus.packages = [ cups ] ++ optional polkitEnabled cups-pk-helper; # Cups uses libusb to talk to printers, and does not use the # linux kernel driver. If the driver is not in a black list, it @@ -242,7 +245,7 @@ in ]; }; - systemd.services.cups-browsed = mkIf config.services.avahi.enable + systemd.services.cups-browsed = mkIf avahiEnabled { description = "CUPS Remote Printer Discovery"; wantedBy = [ "multi-user.target" ]; From 8377b4e5d6e008ba528e54d0760f0aea7707d087 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sun, 17 Jan 2016 03:38:52 +0300 Subject: [PATCH 11/61] cupsd service: move all default drivers to the bindir directly --- nixos/modules/services/printing/cupsd.nix | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/nixos/modules/services/printing/cupsd.nix b/nixos/modules/services/printing/cupsd.nix index 6f5df23f3427..06de71316ecc 100644 --- a/nixos/modules/services/printing/cupsd.nix +++ b/nixos/modules/services/printing/cupsd.nix @@ -33,7 +33,9 @@ let # cupsd.conf tells cupsd to use this tree. bindir = pkgs.buildEnv { name = "cups-progs"; - paths = cfg.drivers; + paths = + [ cups additionalBackends cups_filters pkgs.ghostscript ] + ++ cfg.drivers; pathsToLink = [ "/lib/cups" "/share/cups" "/bin" "/etc/cups" ]; postBuild = cfg.bindirCmds; ignoreCollisions = true; @@ -176,6 +178,7 @@ in drivers = mkOption { type = types.listOf types.path; + default = []; example = literalExample "[ pkgs.splix ]"; description = '' CUPS drivers to use. Drivers provided by CUPS, cups-filters, Ghostscript @@ -263,11 +266,6 @@ in ]; }; - services.printing.drivers = - [ cups pkgs.ghostscript pkgs.cups_filters additionalBackends - pkgs.perl pkgs.coreutils pkgs.gnused pkgs.bc pkgs.gawk pkgs.gnugrep - ]; - services.printing.cupsFilesConf = '' SystemGroup root wheel From d93f866f55adb6831e054e717253ee94071240b0 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sun, 17 Jan 2016 04:05:02 +0300 Subject: [PATCH 12/61] cupsd service: add gutenprint support --- nixos/modules/services/printing/cupsd.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/printing/cupsd.nix b/nixos/modules/services/printing/cupsd.nix index 06de71316ecc..5964b62cc214 100644 --- a/nixos/modules/services/printing/cupsd.nix +++ b/nixos/modules/services/printing/cupsd.nix @@ -4,7 +4,7 @@ with lib; let - inherit (pkgs) cups cups-pk-helper cups_filters; + inherit (pkgs) cups cups-pk-helper cups_filters gutenprint; cfg = config.services.printing; @@ -35,6 +35,7 @@ let name = "cups-progs"; paths = [ cups additionalBackends cups_filters pkgs.ghostscript ] + ++ optional cfg.gutenprint gutenprint ++ cfg.drivers; pathsToLink = [ "/lib/cups" "/share/cups" "/bin" "/etc/cups" ]; postBuild = cfg.bindirCmds; @@ -176,6 +177,15 @@ in ''; }; + gutenprint = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable Gutenprint drivers for CUPS. This includes auto-updating + Gutenprint PPD files. + ''; + }; + drivers = mkOption { type = types.listOf types.path; default = []; @@ -240,6 +250,9 @@ in mkdir -m 0700 -p /var/cache/cups mkdir -m 0700 -p /var/spool/cups mkdir -m 0755 -p ${cfg.tempDir} + ${optionalString cfg.gutenprint '' + ${gutenprint}/bin/cups-genppdupdate + ''} ''; restartTriggers = From c311901810ab8ddefd38d94e5f625212a86e1c6b Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sun, 17 Jan 2016 04:10:29 +0300 Subject: [PATCH 13/61] cupsd service: don't allow overriding necessary configuration options --- nixos/modules/rename.nix | 2 + nixos/modules/services/printing/cupsd.nix | 112 ++++++++++------------ 2 files changed, 55 insertions(+), 59 deletions(-) diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 010d44c40d19..cc7557c06eb4 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -99,6 +99,8 @@ with lib; (mkRemovedOptionModule [ "services" "syslog-ng" "listenToJournal" ]) (mkRemovedOptionModule [ "ec2" "metadata" ]) (mkRemovedOptionModule [ "services" "openvpn" "enable" ]) + (mkRemovedOptionModule [ "services" "printing" "cupsFilesConf" ]) + (mkRemovedOptionModule [ "services" "printing" "cupsdConf" ]) ]; } diff --git a/nixos/modules/services/printing/cupsd.nix b/nixos/modules/services/printing/cupsd.nix index 5964b62cc214..58d541dbcba6 100644 --- a/nixos/modules/services/printing/cupsd.nix +++ b/nixos/modules/services/printing/cupsd.nix @@ -42,6 +42,52 @@ let ignoreCollisions = true; }; + writeConf = name: text: pkgs.writeTextFile { + inherit name text; + destination = "/etc/cups/${name}"; + }; + + cupsFilesFile = writeConf "cups-files.conf" '' + SystemGroup root wheel + + ServerBin ${bindir}/lib/cups + DataDir ${bindir}/share/cups + + AccessLog syslog + ErrorLog syslog + PageLog syslog + + TempDir ${cfg.tempDir} + + # User and group used to run external programs, including + # those that actually send the job to the printer. Note that + # Udev sets the group of printer devices to `lp', so we want + # these programs to run as `lp' as well. + User cups + Group lp + + ${cfg.extraFilesConf} + ''; + + cupsdFile = writeConf "cupsd.conf" '' + ${concatMapStrings (addr: '' + Listen ${addr} + '') cfg.listenAddresses} + Listen /var/run/cups/cups.sock + + SetEnv PATH ${bindir}/lib/cups/filter:${bindir}/bin + + DefaultShared ${if cfg.defaultShared then "Yes" else "No"} + + Browsing ${if cfg.browsing then "Yes" else "No"} + + WebInterface ${if cfg.webInterface then "Yes" else "No"} + + ${cfg.extraConf} + ''; + + browsedFile = writeConf "cups-browsed.conf" cfg.browsedConf; + in { @@ -102,25 +148,11 @@ in ''; }; - cupsdConf = mkOption { - type = types.lines; - default = ""; - example = - '' - BrowsePoll cups.example.com - LogLevel debug - ''; - description = '' - The contents of the configuration file of the CUPS daemon - (cupsd.conf). - ''; - }; - - cupsFilesConf = mkOption { + extraFilesConf = mkOption { type = types.lines; default = ""; description = '' - The contents of the configuration file of the CUPS daemon + Extra contents of the configuration file of the CUPS daemon (cups-files.conf). ''; }; @@ -223,9 +255,9 @@ in environment.systemPackages = [ cups ] ++ optional polkitEnabled cups-pk-helper; environment.etc."cups/client.conf".text = cfg.clientConf; - environment.etc."cups/cups-files.conf".text = cfg.cupsFilesConf; - environment.etc."cups/cupsd.conf".text = cfg.cupsdConf; - environment.etc."cups/cups-browsed.conf".text = cfg.browsedConf; + environment.etc."cups/cups-files.conf".source = cupsFilesFile; + environment.etc."cups/cupsd.conf".source = cupsdFile; + environment.etc."cups/cups-browsed.conf".source = browsedFile; environment.etc."cups/snmp.conf".text = cfg.snmpConf; services.dbus.packages = [ cups ] ++ optional polkitEnabled cups-pk-helper; @@ -274,49 +306,13 @@ in serviceConfig.ExecStart = "${cups_filters}/bin/cups-browsed"; - restartTriggers = - [ config.environment.etc."cups/cups-browsed.conf".source - ]; + restartTriggers = [ browsedFile ]; }; - services.printing.cupsFilesConf = - '' - SystemGroup root wheel - - ServerBin ${bindir}/lib/cups - DataDir ${bindir}/share/cups - - AccessLog syslog - ErrorLog syslog - PageLog syslog - - TempDir ${cfg.tempDir} - - # User and group used to run external programs, including - # those that actually send the job to the printer. Note that - # Udev sets the group of printer devices to `lp', so we want - # these programs to run as `lp' as well. - User cups - Group lp - ''; - - services.printing.cupsdConf = + services.printing.extraConf = '' LogLevel info - ${concatMapStrings (addr: '' - Listen ${addr} - '') cfg.listenAddresses} - Listen /var/run/cups/cups.sock - - SetEnv PATH ${bindir}/lib/cups/filter:${bindir}/bin:${bindir}/sbin - - DefaultShared ${if cfg.defaultShared then "Yes" else "No"} - - Browsing ${if cfg.browsing then "Yes" else "No"} - - WebInterface ${if cfg.webInterface then "Yes" else "No"} - DefaultAuthType Basic @@ -357,8 +353,6 @@ in Order deny,allow - - ${cfg.extraConf} ''; security.pam.services.cups = {}; From 47017474fd75a75d747cdb5600b14b9203801984 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sun, 17 Jan 2016 04:12:11 +0300 Subject: [PATCH 14/61] cupsd service: move root directory to /var/lib/cups --- nixos/modules/services/printing/cupsd.nix | 48 +++++++++++++++++------ 1 file changed, 35 insertions(+), 13 deletions(-) diff --git a/nixos/modules/services/printing/cupsd.nix b/nixos/modules/services/printing/cupsd.nix index 58d541dbcba6..98fb33e3256c 100644 --- a/nixos/modules/services/printing/cupsd.nix +++ b/nixos/modules/services/printing/cupsd.nix @@ -37,7 +37,7 @@ let [ cups additionalBackends cups_filters pkgs.ghostscript ] ++ optional cfg.gutenprint gutenprint ++ cfg.drivers; - pathsToLink = [ "/lib/cups" "/share/cups" "/bin" "/etc/cups" ]; + pathsToLink = [ "/lib/cups" "/share/cups" "/bin" ]; postBuild = cfg.bindirCmds; ignoreCollisions = true; }; @@ -88,6 +88,20 @@ let browsedFile = writeConf "cups-browsed.conf" cfg.browsedConf; + rootdir = pkgs.buildEnv { + name = "cups-progs"; + paths = [ + cupsFilesFile + cupsdFile + (writeConf "client.conf" cfg.clientConf) + (writeConf "snmp.conf" cfg.snmpConf) + ] ++ optional avahiEnabled browsedFile + ++ optional cfg.gutenprint gutenprint + ++ cfg.drivers; + pathsToLink = [ "/etc/cups" ]; + ignoreCollisions = true; + }; + in { @@ -253,12 +267,7 @@ in }; environment.systemPackages = [ cups ] ++ optional polkitEnabled cups-pk-helper; - - environment.etc."cups/client.conf".text = cfg.clientConf; - environment.etc."cups/cups-files.conf".source = cupsFilesFile; - environment.etc."cups/cupsd.conf".source = cupsdFile; - environment.etc."cups/cups-browsed.conf".source = browsedFile; - environment.etc."cups/snmp.conf".text = cfg.snmpConf; + environment.etc."cups".source = "/var/lib/cups"; services.dbus.packages = [ cups ] ++ optional polkitEnabled cups-pk-helper; @@ -278,19 +287,32 @@ in preStart = '' - mkdir -m 0755 -p /etc/cups mkdir -m 0700 -p /var/cache/cups mkdir -m 0700 -p /var/spool/cups mkdir -m 0755 -p ${cfg.tempDir} + + mkdir -m 0755 -p /var/lib/cups + # Backwards compatibility + if [ ! -L /etc/cups ]; then + mv /etc/cups/* /var/lib/cups + rmdir /etc/cups + ln -s /var/lib/cups /etc/cups + fi + # First, clean existing symlinks + if [ -n "$(ls /var/lib/cups)" ]; then + for i in /var/lib/cups/*; do + [ -L "$i" ] && rm "$i" + done + fi + # Then, populate it with static files + cd ${rootdir}/etc/cups + for i in *; do + [ ! -e "/var/lib/cups/$i" ] && ln -s "${rootdir}/etc/cups/$i" "/var/lib/cups/$i" + done ${optionalString cfg.gutenprint '' ${gutenprint}/bin/cups-genppdupdate ''} ''; - - restartTriggers = - [ config.environment.etc."cups/cups-files.conf".source - config.environment.etc."cups/cupsd.conf".source - ]; }; systemd.services.cups-browsed = mkIf avahiEnabled From 03353ce6ff738acce3d535f6a414895751967a05 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sun, 17 Jan 2016 14:54:28 +0300 Subject: [PATCH 15/61] system-config-printer: 1.3.12 -> 1 5.7 --- .../misc/system-config-printer/default.nix | 27 ++++++++++++++----- .../detect_serverbindir.patch | 17 ++++++++++++ 2 files changed, 38 insertions(+), 6 deletions(-) create mode 100644 pkgs/tools/misc/system-config-printer/detect_serverbindir.patch diff --git a/pkgs/tools/misc/system-config-printer/default.nix b/pkgs/tools/misc/system-config-printer/default.nix index 6b0be9d2f6e8..7ed25fb549b0 100644 --- a/pkgs/tools/misc/system-config-printer/default.nix +++ b/pkgs/tools/misc/system-config-printer/default.nix @@ -5,16 +5,20 @@ , withGUI ? true }: -stdenv.mkDerivation rec { - name = "system-config-printer-1.3.12"; +let majorVersion = "1.5"; + +in stdenv.mkDerivation rec { + name = "system-config-printer-${majorVersion}.7"; src = fetchurl { - url = "http://cyberelk.net/tim/data/system-config-printer/1.3/${name}.tar.xz"; + url = "http://cyberelk.net/tim/data/system-config-printer/${majorVersion}/${name}.tar.xz"; sha256 = "1cg9n75rg5l9vr1925n2g771kga33imikyl0mf70lww2sfgvs18r"; }; propagatedBuildInputs = [ pythonPackages.pycurl ]; + patches = [ ./detect_serverbindir.patch ]; + buildInputs = [ intltool pkgconfig glib udev libusb1 cups xmlto libxml2 docbook_xml_dtd_412 docbook_xsl desktop_file_utils @@ -32,17 +36,28 @@ stdenv.mkDerivation rec { postInstall = '' + export makeWrapperArgs="--set prefix $out" wrapPythonPrograms + # The program imports itself, so we need to move shell wrappers to a proper place. + fixupWrapper() { + mv "$out/share/system-config-printer/$2.py" \ + "$out/bin/$1" + sed -i "s/.$2.py-wrapped/$2.py/g" "$out/bin/$1" + mv "$out/share/system-config-printer/.$2.py-wrapped" \ + "$out/share/system-config-printer/$2.py" + } + fixupWrapper scp-dbus-service scp-dbus-service + fixupWrapper system-config-printer system-config-printer + fixupWrapper system-config-printer-applet applet + # This __init__.py is both executed and imported. ( cd $out/share/system-config-printer/troubleshoot mv .__init__.py-wrapped __init__.py ) - - # Upstream issue: https://github.com/twaugh/system-config-printer/issues/28 - sed -i -e "s|/usr/bin|$out/bin|" "$out/share/dbus-1/services/org.fedoraproject.Config.Printing.service" ''; meta = { homepage = http://cyberelk.net/tim/software/system-config-printer/; platforms = stdenv.lib.platforms.linux; + license = stdenv.lib.licenses.gpl2; }; } diff --git a/pkgs/tools/misc/system-config-printer/detect_serverbindir.patch b/pkgs/tools/misc/system-config-printer/detect_serverbindir.patch new file mode 100644 index 000000000000..2cd3058f2330 --- /dev/null +++ b/pkgs/tools/misc/system-config-printer/detect_serverbindir.patch @@ -0,0 +1,17 @@ +diff --git a/cupshelpers/config.py.in b/cupshelpers/config.py.in +index 55abbfc..1244327 100644 +--- a/cupshelpers/config.py.in ++++ b/cupshelpers/config.py.in +@@ -22,3 +22,12 @@ + prefix="@prefix@" + sysconfdir="@sysconfdir@" + cupsserverbindir="@cupsserverbindir@" ++ ++try: ++ with open("/etc/cups/cups-files.conf") as config: ++ for cfgline in config: ++ args = cfgline.split(" ") ++ if len(args) == 2 and args[0] == "ServerBin": ++ cupsserverbindir = args[1].strip() ++except OSError: ++ pass From d96893647de5c519c458c1254f043f2d67d9b29c Mon Sep 17 00:00:00 2001 From: Anthony Cowley Date: Thu, 17 Dec 2015 17:02:40 -0500 Subject: [PATCH 16/61] cc-wrapper: fix on darwin The ld-wrapper.sh script calls `readlink` in some circumstances. We need to ensure that this is the `readlink` from the `coreutils` package so that flag support is as expected. This is accomplished by explicitly setting PATH at the top of each shell script. Without doing this, the following happens with a trivial `main.c`: ``` nix-env -f "" -iA pkgs.clang $ clang main.c -L /nix/../nix/store/2ankvagznq062x1gifpxwkk7fp3xwy63-xnu-2422.115.4/Library -o a.out readlink: illegal option -- f usage: readlink [-n] [file ...] ``` The key element is the `..` in the path supplied to the linker via a `-L` flag. With this patch, the above invocation works correctly on darwin, whose native `/usr/bin/readlink` does not support the `-f` flag. The explicit path also ensures that the `grep` called by `cc-wrapper.sh` is the one from Nix. Fixes #6447 --- pkgs/build-support/cc-wrapper/cc-wrapper.sh | 5 +++++ pkgs/build-support/cc-wrapper/default.nix | 13 ++++++++----- pkgs/build-support/cc-wrapper/gnat-wrapper.sh | 5 +++++ pkgs/build-support/cc-wrapper/ld-wrapper.sh | 5 +++++ pkgs/stdenv/darwin/default.nix | 2 +- 5 files changed, 24 insertions(+), 6 deletions(-) diff --git a/pkgs/build-support/cc-wrapper/cc-wrapper.sh b/pkgs/build-support/cc-wrapper/cc-wrapper.sh index 5bd59f8c5850..f7541b15a828 100644 --- a/pkgs/build-support/cc-wrapper/cc-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/cc-wrapper.sh @@ -1,4 +1,8 @@ #! @shell@ -e +path_backup=$PATH +if [ -n "@coreutils@" ]; then + PATH="@coreutils@/bin:@gnugrep@/bin" +fi if [ -n "$NIX_CC_WRAPPER_START_HOOK" ]; then source "$NIX_CC_WRAPPER_START_HOOK" @@ -141,4 +145,5 @@ if [ -n "$NIX_CC_WRAPPER_EXEC_HOOK" ]; then source "$NIX_CC_WRAPPER_EXEC_HOOK" fi +PATH=$path_backup exec @prog@ ${extraBefore[@]} "${params[@]}" "${extraAfter[@]}" diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index bea7e07a2029..110f51891417 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -9,13 +9,14 @@ , cc ? null, libc ? null, binutils ? null, coreutils ? null, shell ? stdenv.shell , zlib ? null, extraPackages ? [], extraBuildCommands ? "" , dyld ? null # TODO: should this be a setup-hook on dyld? -, isGNU ? false, isClang ? cc.isClang or false +, isGNU ? false, isClang ? cc.isClang or false, gnugrep ? null }: with stdenv.lib; assert nativeTools -> nativePrefix != ""; -assert !nativeTools -> cc != null && binutils != null && coreutils != null; +assert !nativeTools -> + cc != null && binutils != null && coreutils != null && gnugrep != null; assert !nativeLibc -> libc != null; # For ghdl (the vhdl language provider to gcc) we need zlib in the wrapper. @@ -37,9 +38,11 @@ stdenv.mkDerivation { inherit cc shell; libc = if nativeLibc then null else libc; - binutils = if nativeTools then null else binutils; - # The wrapper scripts use 'cat', so we may need coreutils. - coreutils = if nativeTools then null else coreutils; + binutils = if nativeTools then "" else binutils; + # The wrapper scripts use 'cat' and 'grep', so we may need coreutils + # and gnugrep. + coreutils = if nativeTools then "" else coreutils; + gnugrep = if nativeTools then "" else gnugrep; passthru = { inherit nativeTools nativeLibc nativePrefix isGNU isClang; }; diff --git a/pkgs/build-support/cc-wrapper/gnat-wrapper.sh b/pkgs/build-support/cc-wrapper/gnat-wrapper.sh index 3514ccd67325..603275e4e695 100644 --- a/pkgs/build-support/cc-wrapper/gnat-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/gnat-wrapper.sh @@ -1,4 +1,8 @@ #! @shell@ -e +path_backup=$PATH +if [ -n "@coreutils@" ]; then + PATH="@coreutils@/bin" +fi if [ -n "$NIX_GNAT_WRAPPER_START_HOOK" ]; then source "$NIX_GNAT_WRAPPER_START_HOOK" @@ -100,4 +104,5 @@ if [ -n "$NIX_GNAT_WRAPPER_EXEC_HOOK" ]; then source "$NIX_GNAT_WRAPPER_EXEC_HOOK" fi +PATH=$path_backup exec @prog@ ${extraBefore[@]} "${params[@]}" ${extraAfter[@]} diff --git a/pkgs/build-support/cc-wrapper/ld-wrapper.sh b/pkgs/build-support/cc-wrapper/ld-wrapper.sh index 30c531b76479..a7ed2f364cdd 100644 --- a/pkgs/build-support/cc-wrapper/ld-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/ld-wrapper.sh @@ -1,4 +1,8 @@ #! @shell@ -e +path_backup=$PATH +if [ -n "@coreutils@" ]; then + PATH="@coreutils@/bin" +fi if [ -n "$NIX_LD_WRAPPER_START_HOOK" ]; then source "$NIX_LD_WRAPPER_START_HOOK" @@ -163,4 +167,5 @@ if [ -n "$NIX_LD_WRAPPER_EXEC_HOOK" ]; then source "$NIX_LD_WRAPPER_EXEC_HOOK" fi +PATH=$path_backup exec @prog@ ${extraBefore[@]} "${params[@]}" ${extra[@]} diff --git a/pkgs/stdenv/darwin/default.nix b/pkgs/stdenv/darwin/default.nix index c0c19a64c3c7..0af7071e2186 100644 --- a/pkgs/stdenv/darwin/default.nix +++ b/pkgs/stdenv/darwin/default.nix @@ -278,7 +278,7 @@ in rec { inherit stdenv shell; nativeTools = false; nativeLibc = false; - inherit (pkgs) coreutils binutils; + inherit (pkgs) coreutils binutils gnugrep; inherit (pkgs.darwin) dyld; cc = pkgs.llvmPackages.clang-unwrapped; libc = pkgs.darwin.Libsystem; From a98dfaa6b96a00b6822f25ca7638d4ae7d57a855 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 21 Jan 2016 13:07:56 +0300 Subject: [PATCH 17/61] nix manual: add bundlerEnv.env and .wrapper items descriptions --- doc/languages-frameworks/ruby.xml | 32 +++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/doc/languages-frameworks/ruby.xml b/doc/languages-frameworks/ruby.xml index a2b4475a4a54..d81422b610ee 100644 --- a/doc/languages-frameworks/ruby.xml +++ b/doc/languages-frameworks/ruby.xml @@ -42,5 +42,37 @@ and scalable."; Please check in the Gemfile, Gemfile.lock and the gemset.nix so future updates can be run easily. +Resulting derivations also have two helpful items, env and wrapper. The first one allows one to quickly drop into +nix-shell with the specified environment present. E.g. nix-shell -A sensu.env would give you an environment with Ruby preset +so it has all the libraries necessary for sensu in its paths. The second one can be used to make derivations from custom Ruby scripts which have +Gemfiles with their dependencies specified. It is a derivation with ruby wrapped so it can find all the needed dependencies. +For example, to make a derivation my-script for a my-script.rb (which should be placed in bin) you should +run bundix as specified above and then use bundlerEnv lile this: + + + + + From 3ade072aade5ba4ce4a09ce286f4229070926f22 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 21 Jan 2016 12:38:03 +0300 Subject: [PATCH 18/61] nixos changelog: mention CUPS changes --- .../doc/manual/release-notes/rl-unstable.xml | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-unstable.xml b/nixos/doc/manual/release-notes/rl-unstable.xml index cd828dfc8887..ffe8171171ac 100644 --- a/nixos/doc/manual/release-notes/rl-unstable.xml +++ b/nixos/doc/manual/release-notes/rl-unstable.xml @@ -145,6 +145,26 @@ nginx.override { from the ELPA, MELPA, and MELPA Stable repositories. + + + CUPS, installed by services.printing module, now + has its data directory in /var/lib/cups. Old + configurations from /etc/cups are moved there + automatically, but there might be problems. Also configuration options + services.printing.cupsdConf and + services.printing.cupsdFilesConf were removed + because they had been allowing one to override configuration variables + required for CUPS to work at all on NixOS. For most use cases, + services.printing.extraConf and new option + services.printing.extraFilesConf should be enough; + if you encounter a situation when they are not, please file a bug. + + There are also Gutenprint improvements; in particular, a new option + services.printing.gutenprint is added to enable automatic + updating of Gutenprint PPMs; it's greatly recommended to enable it instead + of adding gutenprint to the drivers list. + + From 5986aecc4c4e3d99d815da1ef7ea4ed2092f221e Mon Sep 17 00:00:00 2001 From: Anthony Cowley Date: Sun, 24 Jan 2016 00:18:32 -0500 Subject: [PATCH 19/61] Linux stdenv update: pass gnugrep to cc-wrapper --- pkgs/stdenv/linux/default.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix index 12fc3fed5a5a..4ddf62f0aef7 100644 --- a/pkgs/stdenv/linux/default.nix +++ b/pkgs/stdenv/linux/default.nix @@ -64,7 +64,7 @@ rec { # the bootstrap. In all stages, we build an stdenv and the package # set that can be built with that stdenv. stageFun = - {gccPlain, glibc, binutils, coreutils, name, overrides ? (pkgs: {}), extraBuildInputs ? []}: + {gccPlain, glibc, binutils, coreutils, gnugrep, name, overrides ? (pkgs: {}), extraBuildInputs ? []}: let @@ -93,7 +93,7 @@ rec { cc = gccPlain; isGNU = true; libc = glibc; - inherit binutils coreutils; + inherit binutils coreutils gnugrep; name = name; stdenv = stage0.stdenv; }; @@ -125,6 +125,7 @@ rec { glibc = null; binutils = null; coreutils = null; + gnugrep = null; name = null; overrides = pkgs: { @@ -160,6 +161,7 @@ rec { inherit (stage0.pkgs) glibc; binutils = bootstrapTools; coreutils = bootstrapTools; + gnugrep = bootstrapTools; name = "bootstrap-gcc-wrapper"; # Rebuild binutils to use from stage2 onwards. @@ -184,6 +186,7 @@ rec { inherit (stage1.pkgs) glibc; binutils = stage1.pkgs.binutils; coreutils = bootstrapTools; + gnugrep = bootstrapTools; name = "bootstrap-gcc-wrapper"; overrides = pkgs: { @@ -200,6 +203,7 @@ rec { gccPlain = bootstrapTools; inherit (stage2.pkgs) glibc binutils; coreutils = bootstrapTools; + gnugrep = bootstrapTools; name = "bootstrap-gcc-wrapper"; overrides = pkgs: rec { @@ -227,7 +231,7 @@ rec { # Construct a fourth stdenv that uses the new GCC. But coreutils is # still from the bootstrap tools. stage4 = stageFun { - inherit (stage3.pkgs) gccPlain glibc binutils; + inherit (stage3.pkgs) gccPlain glibc binutils gnugrep; coreutils = bootstrapTools; name = ""; @@ -244,7 +248,7 @@ rec { isGNU = true; cc = stage4.stdenv.cc.cc; libc = stage4.pkgs.glibc; - inherit (stage4.pkgs) binutils coreutils; + inherit (stage4.pkgs) binutils coreutils gnugrep; name = ""; stdenv = stage4.stdenv; shell = stage4.pkgs.bash + "/bin/bash"; From 9b980baa9db36aebf1396cafaa4dfc385d7b7009 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sun, 24 Jan 2016 15:59:31 +0300 Subject: [PATCH 20/61] bundlerEnv.wrapper: rename to wrappedRuby --- pkgs/development/interpreters/ruby/bundler-env/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/interpreters/ruby/bundler-env/default.nix b/pkgs/development/interpreters/ruby/bundler-env/default.nix index fdafa5f8f126..0c9ed40d3f82 100644 --- a/pkgs/development/interpreters/ruby/bundler-env/default.nix +++ b/pkgs/development/interpreters/ruby/bundler-env/default.nix @@ -68,8 +68,8 @@ let passthru = rec { inherit ruby bundler meta gems; - wrapper = stdenv.mkDerivation { - name = "wrapper-${name}"; + wrappedRuby = stdenv.mkDerivation { + name = "wrapped-ruby-${name}"; nativeBuildInputs = [ makeWrapper ]; buildCommand = '' mkdir -p $out/bin @@ -93,7 +93,7 @@ let ''; in stdenv.mkDerivation { name = "interactive-${name}-environment"; - nativeBuildInputs = [ wrapper bundlerEnv ]; + nativeBuildInputs = [ wrappedRuby bundlerEnv ]; shellHook = '' export OLD_IRBRC="$IRBRC" export IRBRC=${irbrc} From 3e0e641743169cac0a2f88a8e227c5306fd656a8 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Sun, 24 Jan 2016 16:49:28 +0100 Subject: [PATCH 21/61] freetype: 2.5.4 -> 2.6.2 --- .../libraries/freetype/default.nix | 29 ++-- .../freetype/enable-validation.patch | 22 --- .../libraries/freetype/fix-pcf.patch | 132 ------------------ 3 files changed, 15 insertions(+), 168 deletions(-) delete mode 100644 pkgs/development/libraries/freetype/enable-validation.patch delete mode 100644 pkgs/development/libraries/freetype/fix-pcf.patch diff --git a/pkgs/development/libraries/freetype/default.nix b/pkgs/development/libraries/freetype/default.nix index e9e393075b3e..61d8cb582a01 100644 --- a/pkgs/development/libraries/freetype/default.nix +++ b/pkgs/development/libraries/freetype/default.nix @@ -1,16 +1,18 @@ { stdenv, fetchurl, fetchpatch, pkgconfig, which, zlib, bzip2, libpng, gnumake +, glib /* passthru only */ + # FreeType supports sub-pixel rendering. This is patented by # Microsoft, so it is disabled by default. This option allows it to # be enabled. See http://www.freetype.org/patents.html. -, glib/*passthru only*/ , useEncumberedCode ? true }: let - version = "2.5.4"; + version = "2.6.2"; - fetch_bohoomil = name: sha256: fetchpatch { - url = https://raw.githubusercontent.com/bohoomil/fontconfig-ultimate/e4c99bcf5ac9595e2c64393c0661377685c0ad24/01_freetype2-iu/ + name; + # Don't use fetchpatch. It mangles them. That's an hour I'll never get back. + fetchbohoomil = name: sha256: fetchurl { + url = https://raw.githubusercontent.com/bohoomil/fontconfig-ultimate/254b688f96d4a37f78fb594303a43160fc15c7cd/freetype/ + name; inherit sha256; }; in @@ -20,15 +22,17 @@ stdenv.mkDerivation rec { src = fetchurl { url = "mirror://sourceforge/freetype/${name}.tar.bz2"; - sha256 = "1fxsbk4lp6ymifldzrb86g3x6mz771jmrzphkz92mcrkddk2qkiv"; + sha256 = "14mqrfgl18q2by1yzv6vcxi97zjy4kppcgsqf312mhfwgkpvvxms"; }; - patches = [ ./enable-validation.patch ] # from Gentoo, bohoomil has the same patch as well - ++ [ ./fix-pcf.patch ] + patches = [] ++ optionals useEncumberedCode [ - (fetch_bohoomil "02-ftsmooth-2.5.4.patch" "11w4wb7gwgpijc788mpkxj92d7rfdwrdv7jzrpxwv5w5cgpx9iw9") - (fetch_bohoomil "03-upstream-2014.12.07.patch" "0gq7y63mg3gc5z69nfkv2kl7xad0bjzsvnl6j1j9q79jjbvaqdq0") - (fetch_bohoomil "04-infinality-2.5.4-2014.12.07.patch" "1gph7z9s2221gy5dxn01v3lga0m9yib8yqsaqj5km74bqx1vlalh") + (fetchbohoomil "01-freetype-2.6.2-enable-valid.patch" + "1szq0zha7n41f4pq179wgfkam034mp2xn0xc36sdl5sjp9s9hv08") + (fetchbohoomil "02-upstream-2015.12.05.patch" + "0781r9n35kpn8db8nma0l47cpkzh0hbp84ziii5sald90dnrqdj4") + (fetchbohoomil "03-infinality-2.6.2-2015.12.05.patch" + "0wcjf9hiymplgqm3szla633i417pb57vpzzs2dyl1dnmcxgqa2y8") ]; propagatedBuildInputs = [ zlib bzip2 libpng ]; # needed when linking against freetype @@ -46,10 +50,7 @@ stdenv.mkDerivation rec { doCheck = true; - # compat hacks - postInstall = glib.flattenInclude + '' - ln -s . "$out"/include/freetype - ''; + postInstall = glib.flattenInclude; crossAttrs = { # Somehow it calls the unwrapped gcc, "i686-pc-linux-gnu-gcc", instead diff --git a/pkgs/development/libraries/freetype/enable-validation.patch b/pkgs/development/libraries/freetype/enable-validation.patch deleted file mode 100644 index 44f3bf6e1c94..000000000000 --- a/pkgs/development/libraries/freetype/enable-validation.patch +++ /dev/null @@ -1,22 +0,0 @@ -Enables gxvalid and otvalid modules for use with ftvalid. - ---- freetype-2.2.1/modules.cfg.orig 2006-07-07 21:01:09.000000000 -0400 -+++ freetype-2.2.1/modules.cfg 2006-07-07 21:01:54.000000000 -0400 -@@ -110,7 +110,7 @@ - AUX_MODULES += cache - - # TrueType GX/AAT table validation. Needs ftgxval.c below. --# AUX_MODULES += gxvalid -+AUX_MODULES += gxvalid - - # Support for streams compressed with gzip (files with suffix .gz). - # -@@ -124,7 +124,7 @@ - - # OpenType table validation. Needs ftotval.c below. - # --# AUX_MODULES += otvalid -+AUX_MODULES += otvalid - - # Auxiliary PostScript driver component to share common code. - # diff --git a/pkgs/development/libraries/freetype/fix-pcf.patch b/pkgs/development/libraries/freetype/fix-pcf.patch deleted file mode 100644 index bb301bcd9caa..000000000000 --- a/pkgs/development/libraries/freetype/fix-pcf.patch +++ /dev/null @@ -1,132 +0,0 @@ -Upstream fixes for pcf fonts. - -http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=74af85c4b62b35e55b0ce9dec55ee10cbc4962a2 -http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=06842c7b49c21f13c0ab61201daab6ff5a358fcc - -diff --git a/src/pcf/pcfread.c b/src/pcf/pcfread.c -index 998cbed..e3caf82 100644 ---- a/src/pcf/pcfread.c -+++ b/src/pcf/pcfread.c -@@ -2,7 +2,7 @@ - - FreeType font driver for pcf fonts - -- Copyright 2000-2010, 2012, 2013 by -+ Copyright 2000-2010, 2012-2014 by - Francesco Zappa Nardelli - - Permission is hereby granted, free of charge, to any person obtaining a copy -@@ -78,7 +78,7 @@ THE SOFTWARE. - FT_FRAME_START( 16 ), - FT_FRAME_ULONG_LE( type ), - FT_FRAME_ULONG_LE( format ), -- FT_FRAME_ULONG_LE( size ), -+ FT_FRAME_ULONG_LE( size ), /* rounded up to a multiple of 4 */ - FT_FRAME_ULONG_LE( offset ), - FT_FRAME_END - }; -@@ -95,9 +95,11 @@ THE SOFTWARE. - FT_Memory memory = FT_FACE( face )->memory; - FT_UInt n; - -+ FT_ULong size; - -- if ( FT_STREAM_SEEK ( 0 ) || -- FT_STREAM_READ_FIELDS ( pcf_toc_header, toc ) ) -+ -+ if ( FT_STREAM_SEEK( 0 ) || -+ FT_STREAM_READ_FIELDS( pcf_toc_header, toc ) ) - return FT_THROW( Cannot_Open_Resource ); - - if ( toc->version != PCF_FILE_VERSION || -@@ -154,14 +156,35 @@ THE SOFTWARE. - break; - } - -- /* we now check whether the `size' and `offset' values are reasonable: */ -- /* `offset' + `size' must not exceed the stream size */ -+ /* -+ * We now check whether the `size' and `offset' values are reasonable: -+ * `offset' + `size' must not exceed the stream size. -+ * -+ * Note, however, that X11's `pcfWriteFont' routine (used by the -+ * `bdftopcf' program to create PDF font files) has two special -+ * features. -+ * -+ * - It always assigns the accelerator table a size of 100 bytes in the -+ * TOC, regardless of its real size, which can vary between 34 and 72 -+ * bytes. -+ * -+ * - Due to the way the routine is designed, it ships out the last font -+ * table with its real size, ignoring the TOC's size value. Since -+ * the TOC size values are always rounded up to a multiple of 4, the -+ * difference can be up to three bytes for all tables except the -+ * accelerator table, for which the difference can be as large as 66 -+ * bytes. -+ * -+ */ -+ - tables = face->toc.tables; -- for ( n = 0; n < toc->count; n++ ) -+ size = stream->size; -+ -+ for ( n = 0; n < toc->count - 1; n++ ) - { - /* we need two checks to avoid overflow */ -- if ( ( tables->size > stream->size ) || -- ( tables->offset > stream->size - tables->size ) ) -+ if ( ( tables->size > size ) || -+ ( tables->offset > size - tables->size ) ) - { - error = FT_THROW( Invalid_Table ); - goto Exit; -@@ -169,6 +192,15 @@ THE SOFTWARE. - tables++; - } - -+ /* no check of `tables->size' for last table element ... */ -+ if ( ( tables->offset > size ) ) -+ { -+ error = FT_THROW( Invalid_Table ); -+ goto Exit; -+ } -+ /* ... instead, we adjust `tables->size' to the real value */ -+ tables->size = size - tables->offset; -+ - #ifdef FT_DEBUG_LEVEL_TRACE - - { -@@ -733,8 +765,8 @@ THE SOFTWARE. - - FT_TRACE4(( " number of bitmaps: %d\n", nbitmaps )); - -- /* XXX: PCF_Face->nmetrics is singed FT_Long, see pcf.h */ -- if ( face->nmetrics < 0 || nbitmaps != ( FT_ULong )face->nmetrics ) -+ /* XXX: PCF_Face->nmetrics is signed FT_Long, see pcf.h */ -+ if ( face->nmetrics < 0 || nbitmaps != (FT_ULong)face->nmetrics ) - return FT_THROW( Invalid_File_Format ); - - if ( FT_NEW_ARRAY( offsets, nbitmaps ) ) -diff --git a/src/pcf/pcfread.c b/src/pcf/pcfread.c -index e3caf82..a29a9e3 100644 ---- a/src/pcf/pcfread.c -+++ b/src/pcf/pcfread.c -@@ -192,14 +192,15 @@ THE SOFTWARE. - tables++; - } - -- /* no check of `tables->size' for last table element ... */ -+ /* only check `tables->offset' for last table element ... */ - if ( ( tables->offset > size ) ) - { - error = FT_THROW( Invalid_Table ); - goto Exit; - } -- /* ... instead, we adjust `tables->size' to the real value */ -- tables->size = size - tables->offset; -+ /* ... and adjust `tables->size' to the real value if necessary */ -+ if ( tables->size > size - tables->offset ) -+ tables->size = size - tables->offset; - - #ifdef FT_DEBUG_LEVEL_TRACE - From 7a853f828d73c11cb4c9b2b71a172f379e5c4ecc Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Sun, 24 Jan 2016 21:14:12 +0100 Subject: [PATCH 22/61] fontconfig-ultimate: 20141123 -> 2015-12-06 --- .../libraries/fontconfig-ultimate/confd.nix | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/pkgs/development/libraries/fontconfig-ultimate/confd.nix b/pkgs/development/libraries/fontconfig-ultimate/confd.nix index e522cead8220..160fef5f07e5 100644 --- a/pkgs/development/libraries/fontconfig-ultimate/confd.nix +++ b/pkgs/development/libraries/fontconfig-ultimate/confd.nix @@ -1,13 +1,18 @@ -{ stdenv, fetchurl }: +{ stdenv, fetchFromGitHub }: +let version = "2015-12-06"; in stdenv.mkDerivation { - name = "fontconfig-ultimate-20141123"; - src = fetchurl { - url = "https://github.com/bohoomil/fontconfig-ultimate/archive/2014-11-23.tar.gz"; - sha256 = "0czfm3hxc41x5mscwrba7p1vhm2w62j1qg7z8kfdrf21z8fvgznw"; + name = "fontconfig-ultimate-${version}"; + + src = fetchFromGitHub { + sha256 = "02a811szxkq4q088nxfpdzp6rv0brvgkdhwigk09qffygxd776g6"; + rev = version; + repo = "fontconfig-ultimate"; + owner = "bohoomil"; }; phases = "$prePhases unpackPhase installPhase $postPhases"; + installPhase = '' mkdir -p $out/etc/fonts/conf.d cp conf.d.infinality/*.conf $out/etc/fonts/conf.d @@ -22,8 +27,8 @@ stdenv.mkDerivation { rm $out/etc/fonts/conf.d/83-*.conf # Inclusion of local and user configs handled by global configuration - rm $out/etc/fonts/conf.d/97-local.conf - rm $out/etc/fonts/conf.d/98-user.conf + rm $out/etc/fonts/conf.d/29-local.conf + rm $out/etc/fonts/conf.d/28-user.conf cp fontconfig_patches/fonts-settings/*.conf $out/etc/fonts/conf.d From 8f48a9756b462c8b2eeaf8326feab8abf751ecd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 25 Jan 2016 09:54:10 +0100 Subject: [PATCH 23/61] cc-wrapper: quote when saving $PATH --- pkgs/build-support/cc-wrapper/cc-wrapper.sh | 4 ++-- pkgs/build-support/cc-wrapper/gnat-wrapper.sh | 4 ++-- pkgs/build-support/cc-wrapper/ld-wrapper.sh | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/build-support/cc-wrapper/cc-wrapper.sh b/pkgs/build-support/cc-wrapper/cc-wrapper.sh index f7541b15a828..6e12a0d8bc8f 100644 --- a/pkgs/build-support/cc-wrapper/cc-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/cc-wrapper.sh @@ -1,5 +1,5 @@ #! @shell@ -e -path_backup=$PATH +path_backup="$PATH" if [ -n "@coreutils@" ]; then PATH="@coreutils@/bin:@gnugrep@/bin" fi @@ -145,5 +145,5 @@ if [ -n "$NIX_CC_WRAPPER_EXEC_HOOK" ]; then source "$NIX_CC_WRAPPER_EXEC_HOOK" fi -PATH=$path_backup +PATH="$path_backup" exec @prog@ ${extraBefore[@]} "${params[@]}" "${extraAfter[@]}" diff --git a/pkgs/build-support/cc-wrapper/gnat-wrapper.sh b/pkgs/build-support/cc-wrapper/gnat-wrapper.sh index 603275e4e695..ae46b40ac631 100644 --- a/pkgs/build-support/cc-wrapper/gnat-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/gnat-wrapper.sh @@ -1,5 +1,5 @@ #! @shell@ -e -path_backup=$PATH +path_backup="$PATH" if [ -n "@coreutils@" ]; then PATH="@coreutils@/bin" fi @@ -104,5 +104,5 @@ if [ -n "$NIX_GNAT_WRAPPER_EXEC_HOOK" ]; then source "$NIX_GNAT_WRAPPER_EXEC_HOOK" fi -PATH=$path_backup +PATH="$path_backup" exec @prog@ ${extraBefore[@]} "${params[@]}" ${extraAfter[@]} diff --git a/pkgs/build-support/cc-wrapper/ld-wrapper.sh b/pkgs/build-support/cc-wrapper/ld-wrapper.sh index a7ed2f364cdd..6ef06eb70348 100644 --- a/pkgs/build-support/cc-wrapper/ld-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/ld-wrapper.sh @@ -1,5 +1,5 @@ #! @shell@ -e -path_backup=$PATH +path_backup="$PATH" if [ -n "@coreutils@" ]; then PATH="@coreutils@/bin" fi @@ -167,5 +167,5 @@ if [ -n "$NIX_LD_WRAPPER_EXEC_HOOK" ]; then source "$NIX_LD_WRAPPER_EXEC_HOOK" fi -PATH=$path_backup +PATH="$path_backup" exec @prog@ ${extraBefore[@]} "${params[@]}" ${extra[@]} From 98c7e70a3fde4821bfd45c1cfbbb81adbe8a7ea1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 25 Jan 2016 09:55:00 +0100 Subject: [PATCH 24/61] linux stdenv bootstrap: avoid building grep twice It's perfectly enough when we use the bootstrapped grep everywhere except the one put into the final stdenv and final pkgs. --- pkgs/stdenv/linux/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix index 4ddf62f0aef7..ac7d8f5c706c 100644 --- a/pkgs/stdenv/linux/default.nix +++ b/pkgs/stdenv/linux/default.nix @@ -231,7 +231,8 @@ rec { # Construct a fourth stdenv that uses the new GCC. But coreutils is # still from the bootstrap tools. stage4 = stageFun { - inherit (stage3.pkgs) gccPlain glibc binutils gnugrep; + inherit (stage3.pkgs) gccPlain glibc binutils; + gnugrep = bootstrapTools; coreutils = bootstrapTools; name = ""; From 77f280cf1822974b85005720b11e417eccec1854 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sun, 24 Jan 2016 20:17:10 +0300 Subject: [PATCH 25/61] libvdpau-va-gl: init at 0.3.4 --- .../libraries/libvdpau-va-gl/default.nix | 27 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 29 insertions(+) create mode 100644 pkgs/development/libraries/libvdpau-va-gl/default.nix diff --git a/pkgs/development/libraries/libvdpau-va-gl/default.nix b/pkgs/development/libraries/libvdpau-va-gl/default.nix new file mode 100644 index 000000000000..51fb858d8bef --- /dev/null +++ b/pkgs/development/libraries/libvdpau-va-gl/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchFromGitHub, cmake, pkgconfig, libX11, libpthreadstubs, libvdpau, glib +, libva, ffmpeg, mesa_glu }: + +let + version = "0.3.4"; + +in stdenv.mkDerivation rec { + name = "libvdpau-va-gl-${version}"; + + src = fetchFromGitHub { + owner = "i-rinat"; + repo = "libvdpau-va-gl"; + rev = "v${version}"; + sha256 = "1909f3srm2iy2hv4m6jxg1nxrh9xgsnjs07wfzw3ais1fww0i2nn"; + }; + + nativeBuildInputs = [ cmake pkgconfig ]; + buildInputs = [ libX11 libpthreadstubs libvdpau glib libva ffmpeg mesa_glu ]; + + meta = with stdenv.lib; { + homepage = https://github.com/i-rinat/libvdpau-va-gl; + description = "VDPAU driver with OpenGL/VAAPI backend"; + license = licenses.lgpl3; + platforms = platforms.linux; + maintainers = with maintainers; [ abbradar ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1b35d454d231..001f084a701f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7726,6 +7726,8 @@ let libvdpau = callPackage ../development/libraries/libvdpau { }; + libvdpau-va-gl = callPackage ../development/libraries/libvdpau-va-gl { }; + libvirt = callPackage ../development/libraries/libvirt { }; libvirt-glib = callPackage ../development/libraries/libvirt-glib { }; From 364f297bb2d16236de01ef2175f99803665dc4a6 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Mon, 25 Jan 2016 02:53:47 +0300 Subject: [PATCH 26/61] mesa: leave vdpau libraries in lib/vdpau --- pkgs/development/libraries/mesa/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index c6af00d08b87..d9cad5752308 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -154,8 +154,6 @@ stdenv.mkDerivation { done '' + /* set the default search path for DRI drivers; used e.g. by X server */ '' substituteInPlace "$out/lib/pkgconfig/dri.pc" --replace '$(drivers)' "${driverLink}" - '' + /* move vdpau drivers to $drivers/lib, so they are found */ '' - mv "$drivers"/lib/vdpau/* "$drivers"/lib/ && rmdir "$drivers"/lib/vdpau ''; #ToDo: @vcunat isn't sure if drirc will be found when in $out/etc/, but it doesn't seem important ATM From 6563fa612562a6441794dddf774a001947247ab8 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Mon, 25 Jan 2016 02:54:08 +0300 Subject: [PATCH 27/61] nvidia_x11: move vdpau libraries to lib/vdpau --- pkgs/os-specific/linux/nvidia-x11/builder-legacy304.sh | 4 ++++ pkgs/os-specific/linux/nvidia-x11/builder-legacy340.sh | 6 +++++- pkgs/os-specific/linux/nvidia-x11/builder.sh | 6 +++++- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/nvidia-x11/builder-legacy304.sh b/pkgs/os-specific/linux/nvidia-x11/builder-legacy304.sh index 20666fdb061f..fe8267831410 100755 --- a/pkgs/os-specific/linux/nvidia-x11/builder-legacy304.sh +++ b/pkgs/os-specific/linux/nvidia-x11/builder-legacy304.sh @@ -93,6 +93,10 @@ installPhase() { substituteInPlace $out/share/applications/nvidia-settings.desktop \ --replace '__UTILS_PATH__' $out/bin \ --replace '__PIXMAP_PATH__' $out/share/pixmaps + + # Move VDPAU libraries to their place + mkdir "$out"/lib/vdpau + mv "$out"/lib/libvdpau* "$out"/lib/vdpau fi } diff --git a/pkgs/os-specific/linux/nvidia-x11/builder-legacy340.sh b/pkgs/os-specific/linux/nvidia-x11/builder-legacy340.sh index d0eec0f7403b..899f12daf6b5 100755 --- a/pkgs/os-specific/linux/nvidia-x11/builder-legacy340.sh +++ b/pkgs/os-specific/linux/nvidia-x11/builder-legacy340.sh @@ -108,8 +108,12 @@ installPhase() { #patchelf --set-rpath $cudaPath $out/lib/libcuda.so.*.* #patchelf --set-rpath $openclPath $out/lib/libnvidia-opencl.so.*.* - # we distribute these separately in `libvdpau` + # We distribute these separately in `libvdpau` rm "$out"/lib/libvdpau{.*,_trace.*} + + # Move VDPAU libraries to their place + mkdir "$out"/lib/vdpau + mv "$out"/lib/libvdpau* "$out"/lib/vdpau } diff --git a/pkgs/os-specific/linux/nvidia-x11/builder.sh b/pkgs/os-specific/linux/nvidia-x11/builder.sh index 502648c1d513..c1f165c45dd5 100755 --- a/pkgs/os-specific/linux/nvidia-x11/builder.sh +++ b/pkgs/os-specific/linux/nvidia-x11/builder.sh @@ -119,8 +119,12 @@ installPhase() { # For simplicity and dependency reduction, don't support the gtk3 interface. rm $out/lib/libnvidia-gtk3.* - # we distribute these separately in `libvdpau` + # We distribute these separately in `libvdpau` rm "$out"/lib/libvdpau{.*,_trace.*} + + # Move VDPAU libraries to their place + mkdir "$out"/lib/vdpau + mv "$out"/lib/libvdpau* "$out"/lib/vdpau } From 1b95212a6976dc7b8e3a8e80b8d5fc9cb6ebaa71 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Mon, 25 Jan 2016 02:56:27 +0300 Subject: [PATCH 28/61] libva: use OpenGL drivers link directory --- pkgs/development/libraries/libva/default.nix | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/libva/default.nix b/pkgs/development/libraries/libva/default.nix index 12de07ced32d..b1bfa9b8e35e 100644 --- a/pkgs/development/libraries/libva/default.nix +++ b/pkgs/development/libraries/libva/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, libX11, pkgconfig, libXext, libdrm, libXfixes, wayland, libffi -, mesa ? null +, mesa_noglu ? null }: stdenv.mkDerivation rec { @@ -10,9 +10,20 @@ stdenv.mkDerivation rec { sha256 = "0bjfb5s8dk3lql843l91ffxzlq47isqks5sj19cxh7j3nhzw58kz"; }; - buildInputs = [ libX11 libXext pkgconfig libdrm libXfixes wayland libffi mesa ]; + buildInputs = [ libX11 libXext pkgconfig libdrm libXfixes wayland libffi mesa_noglu ]; - configureFlags = stdenv.lib.optional (mesa != null) "--enable-glx"; + configureFlags = stdenv.lib.optionals (mesa_noglu != null) [ + "--with-drivers-path=${mesa_noglu.driverLink}/lib/dri" + "--enable-glx" + ]; + + installFlags = [ "DESTDIR=$(out)" ]; + + postInstall = '' + cp -r $out/${mesa_noglu.driverLink}/* $out + cp -r $out/$out/* $out + rm -rf $out/run $out/$(echo "$out" | cut -d "/" -f2) + ''; meta = with stdenv.lib; { homepage = http://www.freedesktop.org/wiki/Software/vaapi; From 768f7d19b54843db8c44030f34d237c013973e40 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Mon, 25 Jan 2016 02:56:41 +0300 Subject: [PATCH 29/61] libvdpau: use OpenGL drivers link directory --- pkgs/development/libraries/libvdpau/default.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/libvdpau/default.nix b/pkgs/development/libraries/libvdpau/default.nix index 6c5d5a91ad88..f38cc51f6c24 100644 --- a/pkgs/development/libraries/libvdpau/default.nix +++ b/pkgs/development/libraries/libvdpau/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, xorg }: +{ stdenv, fetchurl, pkgconfig, xorg, mesa_noglu }: stdenv.mkDerivation rec { name = "libvdpau-1.1.1"; @@ -12,6 +12,16 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [ xorg.libX11 ]; + configureFlags = [ "--with-module-dir=${mesa_noglu.driverLink}/lib/vdpau" ]; + + installFlags = [ "DESTDIR=$(out)" ]; + + postInstall = '' + cp -r $out/${mesa_noglu.driverLink}/* $out + cp -r $out/$out/* $out + rm -rf $out/run $out/$(echo "$out" | cut -d "/" -f2) + ''; + meta = with stdenv.lib; { homepage = http://people.freedesktop.org/~aplattner/vdpau/; description = "Library to use the Video Decode and Presentation API for Unix (VDPAU)"; From 1ae1791e8e8b047d2a45221845ca40ed7f928503 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Mon, 25 Jan 2016 02:57:15 +0300 Subject: [PATCH 30/61] nixos opengl: add extraPackages and extraPackages32 --- nixos/modules/hardware/opengl.nix | 36 +++++++++++++++++++++++++++---- 1 file changed, 32 insertions(+), 4 deletions(-) diff --git a/nixos/modules/hardware/opengl.nix b/nixos/modules/hardware/opengl.nix index 7693bd5bb453..fabdfad869cc 100644 --- a/nixos/modules/hardware/opengl.nix +++ b/nixos/modules/hardware/opengl.nix @@ -10,7 +10,7 @@ let videoDrivers = config.services.xserver.videoDrivers; - makePackage = p: p.buildEnv { + makePackage = p: pkgs.buildEnv { name = "mesa-drivers+txc-${p.mesa_drivers.version}"; paths = [ p.mesa_drivers @@ -19,6 +19,16 @@ let ]; }; + package = pkgs.buildEnv { + name = "opengl-drivers"; + paths = [ cfg.package ] ++ cfg.extraPackages; + }; + + package32 = pkgs.buildEnv { + name = "opengl-drivers-32bit"; + paths = [ cfg.package32 ] ++ cfg.extraPackages32; + }; + in { @@ -75,7 +85,25 @@ in internal = true; description = '' The package that provides the 32-bit OpenGL implementation on - 64-bit systems. Used when is + 64-bit systems. Used when is + set. + ''; + }; + + hardware.opengl.extraPackages = mkOption { + type = types.listOf types.package; + default = []; + description = '' + Additional packages to add to OpenGL drivers. + ''; + }; + + hardware.opengl.extraPackages32 = mkOption { + type = types.listOf types.package; + default = []; + description = '' + Additional packages to add to 32-bit OpenGL drivers on + 64-bit systems. Used when is set. ''; }; @@ -91,11 +119,11 @@ in system.activationScripts.setup-opengl = '' - ln -sfn ${cfg.package} /run/opengl-driver + ln -sfn ${package} /run/opengl-driver ${if pkgs.stdenv.isi686 then '' ln -sfn opengl-driver /run/opengl-driver-32 '' else if cfg.driSupport32Bit then '' - ln -sfn ${cfg.package32} /run/opengl-driver-32 + ln -sfn ${package32} /run/opengl-driver-32 '' else '' rm -f /run/opengl-driver-32 ''} From b52acfdf0178a3bd3cd3b359dc9dbc354992aff3 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Mon, 25 Jan 2016 02:57:28 +0300 Subject: [PATCH 31/61] nixos xserver: remove vaapiDrivers Use hardware.opengl.extraPackages instead. --- nixos/doc/manual/release-notes/rl-unstable.xml | 6 ++++++ nixos/modules/hardware/opengl.nix | 7 +++++-- nixos/modules/rename.nix | 1 + nixos/modules/services/x11/display-managers/default.nix | 9 --------- nixos/modules/services/x11/xserver.nix | 9 --------- 5 files changed, 12 insertions(+), 20 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-unstable.xml b/nixos/doc/manual/release-notes/rl-unstable.xml index 092c2a788ed8..ffde542d4e18 100644 --- a/nixos/doc/manual/release-notes/rl-unstable.xml +++ b/nixos/doc/manual/release-notes/rl-unstable.xml @@ -174,6 +174,12 @@ nginx.override { of adding gutenprint to the drivers list. + + + services.xserver.vaapiDrivers has been removed. Use + services.hardware.opengl.extraPackages{,32} instead. You can + also specify VDPAU drivers there. + diff --git a/nixos/modules/hardware/opengl.nix b/nixos/modules/hardware/opengl.nix index fabdfad869cc..d3b146be6b33 100644 --- a/nixos/modules/hardware/opengl.nix +++ b/nixos/modules/hardware/opengl.nix @@ -93,18 +93,21 @@ in hardware.opengl.extraPackages = mkOption { type = types.listOf types.package; default = []; + example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]"; description = '' - Additional packages to add to OpenGL drivers. + Additional packages to add to OpenGL drivers. This can be used + to add additional VA-API/VDPAU drivers. ''; }; hardware.opengl.extraPackages32 = mkOption { type = types.listOf types.package; default = []; + example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]"; description = '' Additional packages to add to 32-bit OpenGL drivers on 64-bit systems. Used when is - set. + set. This can be used to add additional VA-API/VDPAU drivers. ''; }; diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index cc7557c06eb4..6e10b47f03cc 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -77,6 +77,7 @@ with lib; (mkRenamedOptionModule [ "services" "xserver" "driSupport32Bit" ] [ "hardware" "opengl" "driSupport32Bit" ]) (mkRenamedOptionModule [ "services" "xserver" "s3tcSupport" ] [ "hardware" "opengl" "s3tcSupport" ]) (mkRenamedOptionModule [ "hardware" "opengl" "videoDrivers" ] [ "services" "xserver" "videoDrivers" ]) + (mkRenamedOptionModule [ "services" "xserver" "vaapiDrivers" ] [ "hardware" "opengl" "extraPackages" ]) (mkRenamedOptionModule [ "services" "mysql55" ] [ "services" "mysql" ]) diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index bad99ccd8696..d7825400b5ae 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -16,13 +16,6 @@ let cfg = config.services.xserver; xorg = pkgs.xorg; - vaapiDrivers = pkgs.buildEnv { - name = "vaapi-drivers"; - paths = cfg.vaapiDrivers; - # We only want /lib/dri, but with a single input path, we need "/" for it to work - pathsToLink = [ "/" ]; - }; - fontconfig = config.fonts.fontconfig; xresourcesXft = pkgs.writeText "Xresources-Xft" '' ${optionalString (fontconfig.dpi != 0) ''Xft.dpi: ${toString fontconfig.dpi}''} @@ -107,8 +100,6 @@ let ${xorg.xrdb}/bin/xrdb -merge ~/.Xdefaults fi - export LIBVA_DRIVERS_PATH=${vaapiDrivers}/lib/dri - # Speed up application start by 50-150ms according to # http://kdemonkey.blogspot.nl/2008/04/magic-trick.html rm -rf $HOME/.compose-cache diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 68745ba8197a..653c97d7e6fa 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -216,15 +216,6 @@ in ''; }; - vaapiDrivers = mkOption { - type = types.listOf types.path; - default = [ ]; - example = literalExample "[ pkgs.vaapiIntel pkgs.vaapiVdpau ]"; - description = '' - Packages providing libva acceleration drivers. - ''; - }; - startGnuPGAgent = mkOption { type = types.bool; default = false; From 2c2497fc2e55d6550f84763d8f0a5de3af37841c Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Mon, 25 Jan 2016 11:12:34 +0300 Subject: [PATCH 32/61] libva: 1.6.1 -> 1.6.2 --- pkgs/development/libraries/libva/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libva/default.nix b/pkgs/development/libraries/libva/default.nix index b1bfa9b8e35e..42ce11c7b4d2 100644 --- a/pkgs/development/libraries/libva/default.nix +++ b/pkgs/development/libraries/libva/default.nix @@ -3,11 +3,11 @@ }: stdenv.mkDerivation rec { - name = "libva-1.6.1"; + name = "libva-1.6.2"; src = fetchurl { url = "http://www.freedesktop.org/software/vaapi/releases/libva/${name}.tar.bz2"; - sha256 = "0bjfb5s8dk3lql843l91ffxzlq47isqks5sj19cxh7j3nhzw58kz"; + sha256 = "1l4bij21shqbfllbxicmqgmay4v509v9hpxyyia9wm7gvsfg05y4"; }; buildInputs = [ libX11 libXext pkgconfig libdrm libXfixes wayland libffi mesa_noglu ]; From de26cac3cb1ec12f5a8ccb2b7ff9b58555aae3bc Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Tue, 26 Jan 2016 14:26:53 +0300 Subject: [PATCH 33/61] mesa: 11.0.8 -> 11.1.1 --- pkgs/development/libraries/mesa/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index d9cad5752308..367159b42537 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -22,7 +22,7 @@ else */ let - version = "11.0.8"; + version = "11.1.1"; # this is the default search path for DRI drivers driverLink = "/run/opengl-driver" + stdenv.lib.optionalString stdenv.isi686 "-32"; in @@ -38,7 +38,7 @@ stdenv.mkDerivation { + head (splitString "." version) + ''.x/${version}/mesa-${version}.tar.xz'') "https://launchpad.net/mesa/trunk/${version}/+download/mesa-${version}.tar.xz" ]; - sha256 = "5696e4730518b6805d2ed5def393c4293f425a2c2c01bd5ed4bdd7ad62f7ad75"; + sha256 = "087xlxl8dzmhzjilpsdiy19dn106spq120c9ndgnn4qlqm7hgnv4"; }; prePatch = "patchShebangs ."; From f4553d721972e6a437c9f367af2bb0967b773998 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 26 Jan 2016 16:21:43 +0100 Subject: [PATCH 34/61] defaultUnpack: Preserve timestamps when copying files Commit 6d928ab684327e0eeb1bf6cd889d57ca7127e8a7 changed this to not preserve timestamps. However, that results in non-determinism; in particular, it gives us a broken $SOURCE_DATE_EPOCH (especially for everything using fetchFromGitHub). Builds affected by timestamps < 1980 should be fixed in some other way (e.g. changing the timestamp to some fixed date > 1980). --- pkgs/stdenv/generic/setup.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index d8de9ab2390b..102a8f2f71c5 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -480,9 +480,11 @@ _defaultUnpack() { if [ -d "$fn" ]; then stripHash "$fn" - # We can't preserve hardlinks because they may have been introduced by - # store optimization, which might break things in the build - cp -pr --reflink=auto --no-preserve=timestamps "$fn" $strippedName + + # We can't preserve hardlinks because they may have been + # introduced by store optimization, which might break things + # in the build. + cp -pr --reflink=auto "$fn" $strippedName else From e1a734cee22049a911dae7f0cf54371b68745d5e Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 27 Jan 2016 10:29:38 +0300 Subject: [PATCH 35/61] libva: fix likely problem on Darwin --- pkgs/development/libraries/libva/default.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/pkgs/development/libraries/libva/default.nix b/pkgs/development/libraries/libva/default.nix index 42ce11c7b4d2..e8de6ac284eb 100644 --- a/pkgs/development/libraries/libva/default.nix +++ b/pkgs/development/libraries/libva/default.nix @@ -1,8 +1,10 @@ -{ stdenv, fetchurl, libX11, pkgconfig, libXext, libdrm, libXfixes, wayland, libffi +{ stdenv, lib, fetchurl, libX11, pkgconfig, libXext, libdrm, libXfixes, wayland, libffi , mesa_noglu ? null }: -stdenv.mkDerivation rec { +let + withMesa = mesa_noglu != null; +in stdenv.mkDerivation rec { name = "libva-1.6.2"; src = fetchurl { @@ -12,14 +14,14 @@ stdenv.mkDerivation rec { buildInputs = [ libX11 libXext pkgconfig libdrm libXfixes wayland libffi mesa_noglu ]; - configureFlags = stdenv.lib.optionals (mesa_noglu != null) [ + configureFlags = lib.optionals withMesa [ "--with-drivers-path=${mesa_noglu.driverLink}/lib/dri" "--enable-glx" ]; - installFlags = [ "DESTDIR=$(out)" ]; + installFlags = lib.optional withMesa "DESTDIR=$(out)"; - postInstall = '' + postInstall = lib.optionalString withMesa '' cp -r $out/${mesa_noglu.driverLink}/* $out cp -r $out/$out/* $out rm -rf $out/run $out/$(echo "$out" | cut -d "/" -f2) From 2ecb6b4574399cf710f09061357ae59526743a05 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 28 Jan 2016 18:56:04 +0100 Subject: [PATCH 36/61] openssl: 1.0.1q -> 1.0.1r CVE-2015-3197 (low severity) --- pkgs/development/libraries/openssl/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 21e7706be8cb..4e009e5306d6 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -8,14 +8,14 @@ let stdenv.cross; in stdenv.mkDerivation rec { - name = "openssl-1.0.1q"; + name = "openssl-1.0.1r"; src = fetchurl { urls = [ "http://www.openssl.org/source/${name}.tar.gz" "http://openssl.linux-mirror.org/source/${name}.tar.gz" ]; - sha256 = "1dvz0hx7fjxag06b51pawy154y6d2xajm5rwxmfnlq7ax628nrdk"; + sha256 = "0iik7a3b0mrfrxzngdf7ywfscg9inbw77y0jp2ccw0gdap9xhjvq"; }; outputs = [ "out" "man" ]; From 48a5bb703d5eace1a30ee4d8daca999389d0ddb9 Mon Sep 17 00:00:00 2001 From: zimbatm Date: Sun, 24 Jan 2016 22:51:30 +0000 Subject: [PATCH 37/61] stdenv: fix set-source-date-epoch-to-latest (close #12602) In some cases the $sourceRoot is missing. Skip the hook instead of showing the following cryptic error: find: cannot search `': No such file or directory /nix/store/0p1afvl8jcpi6dvsq2n58i90w9c59vz1-set-source-date-epoch-to-latest.sh: line 12: [: : integer expression expected vcunat removed the warning; the hook will just skip silently in these cases. Perhaps someone can improve on it some time. --- .../setup-hooks/set-source-date-epoch-to-latest.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/build-support/setup-hooks/set-source-date-epoch-to-latest.sh b/pkgs/build-support/setup-hooks/set-source-date-epoch-to-latest.sh index 9e325106f821..fe3458cd21e8 100644 --- a/pkgs/build-support/setup-hooks/set-source-date-epoch-to-latest.sh +++ b/pkgs/build-support/setup-hooks/set-source-date-epoch-to-latest.sh @@ -27,5 +27,7 @@ updateSourceDateEpoch() { postUnpackHooks+=(_updateSourceDateEpochFromSourceRoot) _updateSourceDateEpochFromSourceRoot() { - updateSourceDateEpoch "$sourceRoot" + if [ -n "$sourceRoot" ]; then + updateSourceDateEpoch "$sourceRoot" + fi } From 893af77556897ac81066ffa378aed854daf3b258 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Fri, 29 Jan 2016 14:40:27 +0300 Subject: [PATCH 38/61] makeFontsCache: init --- .../libraries/fontconfig/make-fonts-cache.nix | 27 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 5 ++++ 2 files changed, 32 insertions(+) create mode 100644 pkgs/development/libraries/fontconfig/make-fonts-cache.nix diff --git a/pkgs/development/libraries/fontconfig/make-fonts-cache.nix b/pkgs/development/libraries/fontconfig/make-fonts-cache.nix new file mode 100644 index 000000000000..1321948c3c81 --- /dev/null +++ b/pkgs/development/libraries/fontconfig/make-fonts-cache.nix @@ -0,0 +1,27 @@ +{ runCommand, lib, writeText, fontconfig, fontbhttf, fontDirectories }: + +runCommand "fc-cache" + rec { + buildInputs = [ fontconfig ]; + passAsFile = [ "fontDirs" ]; + fontDirs = '' + + ${lib.concatStringsSep "\n" (map (font: "${font}") fontDirectories)} + ''; + } + '' + export FONTCONFIG_FILE=$(pwd)/fonts.conf + + cat > fonts.conf << EOF + + + + ${fontconfig}/etc/fonts/fonts.conf + $out + EOF + cat "$fontDirsPath" >> fonts.conf + echo "" >> fonts.conf + + mkdir -p $out + fc-cache -sv + '' diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index d909f127b3ff..d3ead0848da7 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6503,6 +6503,11 @@ let inherit fontconfig fontDirectories; }; + makeFontsCache = let fontconfig_ = fontconfig; in {fontconfig ? fontconfig_, fontDirectories}: + callPackage ../development/libraries/fontconfig/make-fonts-cache.nix { + inherit fontconfig fontDirectories; + }; + freealut = callPackage ../development/libraries/freealut { }; freeglut = callPackage ../development/libraries/freeglut { }; From 39b5bc3b2f6b214e65c39ab74baa10eba0c7d7a3 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Fri, 29 Jan 2016 14:40:51 +0300 Subject: [PATCH 39/61] fontconfig service: add pre-generated fonts caches --- nixos/modules/config/fonts/fontconfig.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/nixos/modules/config/fonts/fontconfig.nix b/nixos/modules/config/fonts/fontconfig.nix index be6662decea6..e078a75b295c 100644 --- a/nixos/modules/config/fonts/fontconfig.nix +++ b/nixos/modules/config/fonts/fontconfig.nix @@ -129,6 +129,14 @@ with lib; }; + cache32Bit = mkOption { + default = false; + type = types.bool; + description = '' + Generate system fonts cache for 32-bit applications. + ''; + }; + }; }; @@ -231,12 +239,19 @@ with lib; "${pkgs.fontconfig}/etc/fonts/fonts.conf"; environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/00-nixos.conf".text = - '' + let + cache = fontconfig: pkgs.makeFontsCache { inherit fontconfig; fontDirectories = config.fonts.fonts; }; + in '' ${concatStringsSep "\n" (map (font: "${font}") config.fonts.fonts)} + + ${cache pkgs.fontconfig} + ${optionalString (pkgs.stdenv.isx86_64 && config.fonts.fontconfig.cache32Bit) '' + ${cache pkgs.pkgsi686Linux.fontconfig} + ''} ''; From 7bd9a5b10486643df024786c1297ec2e3a9c6b57 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Fri, 29 Jan 2016 16:35:02 +0300 Subject: [PATCH 40/61] fontconfig: reorder cache dirs --- .../libraries/fontconfig/make-fonts-conf.xsl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/development/libraries/fontconfig/make-fonts-conf.xsl b/pkgs/development/libraries/fontconfig/make-fonts-conf.xsl index 1b79834c894e..b59fcd0187b8 100644 --- a/pkgs/development/libraries/fontconfig/make-fonts-conf.xsl +++ b/pkgs/development/libraries/fontconfig/make-fonts-conf.xsl @@ -23,16 +23,16 @@ - - /etc/fonts/conf.d - - /etc/fonts//conf.d - fontconfig /var/cache/fontconfig + + /etc/fonts/conf.d + + /etc/fonts//conf.d + fonts From 70efc87a06c3cfbbd9f559e5442318f6c978edcb Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Tue, 2 Feb 2016 16:52:03 +0300 Subject: [PATCH 41/61] ghostscript: copy resources, cleanup --- pkgs/misc/ghostscript/default.nix | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/pkgs/misc/ghostscript/default.nix b/pkgs/misc/ghostscript/default.nix index 658fa346f1ea..06ffc45cecf3 100644 --- a/pkgs/misc/ghostscript/default.nix +++ b/pkgs/misc/ghostscript/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, fetchpatch, pkgconfig, zlib, expat, openssl, autoconf +{ stdenv, lib, fetchurl, fetchpatch, pkgconfig, zlib, expat, openssl, autoconf , libjpeg, libpng, libtiff, freetype, fontconfig, lcms2, libpaper, jbig2dec , libiconv, ijs , x11Support ? false, xlibsWrapper ? null @@ -51,8 +51,8 @@ stdenv.mkDerivation rec { libjpeg libpng libtiff freetype fontconfig lcms2 libpaper jbig2dec libiconv ijs ] - ++ stdenv.lib.optional x11Support xlibsWrapper - ++ stdenv.lib.optional cupsSupport cups + ++ lib.optional x11Support xlibsWrapper + ++ lib.optional cupsSupport cups ; patches = [ @@ -87,8 +87,6 @@ stdenv.mkDerivation rec { }) ]; - makeFlags = [ "cups_serverroot=$(out)" "cups_serverbin=$(out)/lib/cups" ]; - preConfigure = '' # requires in-tree (heavily patched) openjpeg rm -rf jpeg libpng zlib jasper expat tiff lcms{,2} jbig2dec freetype cups/libs ijs @@ -97,33 +95,34 @@ stdenv.mkDerivation rec { sed "s@^ZLIBDIR=.*@ZLIBDIR=${zlib}/include@" -i configure.ac autoconf + '' + lib.optionalString cupsSupport '' + configureFlags="$configureFlags --with-cups-serverbin=$out/lib/cups --with-cups-serverroot=$out/etc/cups --with-cups-datadir=$out/share/cups" ''; configureFlags = [ "--with-system-libtiff" "--enable-dynamic" - (if x11Support then "--with-x" else "--without-x") - (if cupsSupport then "--enable-cups" else "--disable-cups") - ]; + ] ++ lib.optional x11Support "--with-x" + ++ lib.optional cupsSupport "--enable-cups"; doCheck = true; - preCheck = "mkdir ./obj"; - # parallel check sometimes gave: Fatal error: can't create ./obj/whitelst.o # don't build/install statically linked bin/gs - buildFlags = "so"; - installTargets="soinstall"; + buildFlags = [ "so" ]; + installTargets = [ "soinstall" ]; postInstall = '' ln -s gsc "$out"/bin/gs + cp -r Resource "$out/share/ghostscript/${version}" + mkdir -p "$doc/share/ghostscript/${version}" mv "$out/share/ghostscript/${version}"/{doc,examples} "$doc/share/ghostscript/${version}/" ln -s "${fonts}" "$out/share/ghostscript/fonts" ''; - preFixup = stdenv.lib.strings.optionalString stdenv.isDarwin '' + preFixup = lib.optionalString stdenv.isDarwin '' install_name_tool -change libgs.dylib.${version} $out/lib/libgs.dylib.${version} $out/bin/gs ''; From e4ab8aee62fe65252b40861900decc7e880517a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Mon, 1 Feb 2016 12:31:17 +0100 Subject: [PATCH 42/61] add ensureNewerSourcesHook and apply to all python Fixes #12663: problems in python stuff due to old timestamps in sources. - Files in sources older than a certain year are set to that year. - Applied with 1980 for all python packages due to the way it often uses zip. --- pkgs/development/python-modules/generic/default.nix | 4 +++- pkgs/top-level/all-packages.nix | 8 ++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/generic/default.nix b/pkgs/development/python-modules/generic/default.nix index dab20b2f7447..15f369a44f2d 100644 --- a/pkgs/development/python-modules/generic/default.nix +++ b/pkgs/development/python-modules/generic/default.nix @@ -3,7 +3,8 @@ (http://pypi.python.org/pypi/setuptools/), which represents a large number of Python packages nowadays. */ -{ python, setuptools, unzip, wrapPython, lib, bootstrapped-pip }: +{ python, setuptools, unzip, wrapPython, lib, bootstrapped-pip +, ensureNewerSourcesHook }: { name @@ -60,6 +61,7 @@ python.stdenv.mkDerivation (builtins.removeAttrs attrs ["disabled" "doCheck"] // name = namePrefix + name; buildInputs = [ wrapPython bootstrapped-pip ] ++ buildInputs ++ pythonPath + ++ [ (ensureNewerSourcesHook { year = "1980"; }) ] ++ (lib.optional (lib.hasSuffix "zip" attrs.src.name or "") unzip); # propagate python/setuptools to active setup-hook in nix-shell diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6e743e2d7138..1d25ccc49973 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -259,6 +259,14 @@ let { substitutions = { inherit autoconf automake gettext libtool; }; } ../build-support/setup-hooks/autoreconf.sh; + ensureNewerSourcesHook = { year }: makeSetupHook {} + (writeScript "ensure-newer-sources-hook.sh" '' + postUnpackHooks+=(_ensureNewerSources) + _ensureNewerSources() { + find "$sourceRoot" '!' -newermt '${year}-01-01' -exec touch -d '${year}-01-02' '{}' '+' + } + ''); + buildEnv = callPackage ../build-support/buildenv { }; # not actually a package buildFHSEnv = callPackage ../build-support/build-fhs-chrootenv/env.nix { From 0876a44169b64d4108fc5b5bd3c96843f94a4990 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Sun, 31 Jan 2016 14:30:40 +0000 Subject: [PATCH 43/61] curl: 7.45 -> 7.47 and enable HTTP/2 (close #12723) This fixes CVE-2016-0755: https://curl.haxx.se/docs/adv_20160127A.html vcunat removed *propagation* of pkgconfig and perl. --- pkgs/tools/networking/curl/default.nix | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index 3c77d2a6c8d6..d5421f0a500e 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl +{ stdenv, fetchurl, libnghttp2, pkgconfig, perl , idnSupport ? false, libidn ? null , ldapSupport ? false, openldap ? null , zlibSupport ? false, zlib ? null @@ -16,17 +16,20 @@ assert scpSupport -> libssh2 != null; assert c-aresSupport -> c-ares != null; stdenv.mkDerivation rec { - name = "curl-7.45.0"; + name = "curl-7.47.0"; src = fetchurl { url = "http://curl.haxx.se/download/${name}.tar.bz2"; - sha256 = "1slq5c0v9wa8hajgimhkxhvsrd07jmih8sa3gjsl597qp5k4w5b5"; + sha256 = "0riz70pjg82gbcfi2ndvsksb2dv55g31ir8piph2p6zvhy9ny29b"; }; + nativeBuildInputs = [ pkgconfig perl ]; + # Zlib and OpenSSL must be propagated because `libcurl.la' contains # "-lz -lssl", which aren't necessary direct build inputs of # applications that use Curl. propagatedBuildInputs = with stdenv.lib; + [ libnghttp2 ] ++ optional idnSupport libidn ++ optional ldapSupport openldap ++ optional zlibSupport zlib ++ @@ -48,6 +51,7 @@ stdenv.mkDerivation rec { configureFlags = [ "--disable-manual" + "--with-nghttp2=${libnghttp2}" ( if sslSupport then "--with-ssl=${openssl}" else "--without-ssl" ) ( if scpSupport then "--with-libssh2=${libssh2}" else "--without-libssh2" ) ( if ldapSupport then "--enable-ldap" else "--disable-ldap" ) From 9f358f809d1db46f3206d4a09a5366f13c93e777 Mon Sep 17 00:00:00 2001 From: Guillaume Maudoux Date: Mon, 1 Feb 2016 10:18:31 +0100 Subject: [PATCH 44/61] Configure a default trust store for openssl --- nixos/modules/installer/tools/auto-upgrade.nix | 2 +- nixos/modules/programs/venus.nix | 1 - nixos/modules/security/ca.nix | 6 ------ .../continuous-integration/jenkins/default.nix | 17 +++++++---------- nixos/modules/services/monitoring/dd-agent.nix | 1 - nixos/modules/services/networking/ddclient.nix | 1 - nixos/modules/virtualisation/azure-agent.nix | 6 ------ .../networking/cluster/panamax/api/default.nix | 1 - .../instant-messengers/tkabber/default.nix | 6 +----- .../git-and-tools/git/cert-path.patch | 12 ------------ .../git-and-tools/git/default.nix | 2 -- .../git-and-tools/git/ssl-cert-file.patch | 13 ------------- pkgs/build-support/rust/fetchcargo.nix | 2 -- pkgs/development/libraries/gnutls/generic.nix | 1 - pkgs/development/libraries/openssl/default.nix | 6 +++++- .../lwp-protocol-https-cert-file.patch | 17 ----------------- pkgs/tools/networking/curl/7.15.nix | 6 +----- pkgs/tools/networking/curl/default.nix | 6 +----- pkgs/top-level/perl-packages.nix | 1 - 19 files changed, 16 insertions(+), 91 deletions(-) delete mode 100644 pkgs/applications/version-management/git-and-tools/git/cert-path.patch delete mode 100644 pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch delete mode 100644 pkgs/development/perl-modules/lwp-protocol-https-cert-file.patch diff --git a/nixos/modules/installer/tools/auto-upgrade.nix b/nixos/modules/installer/tools/auto-upgrade.nix index 4ef5fa8bc1d4..2da330f9b571 100644 --- a/nixos/modules/installer/tools/auto-upgrade.nix +++ b/nixos/modules/installer/tools/auto-upgrade.nix @@ -74,7 +74,7 @@ let cfg = config.system.autoUpgrade; in serviceConfig.Type = "oneshot"; environment = config.nix.envVars // - { inherit (config.environment.sessionVariables) NIX_PATH SSL_CERT_FILE; + { inherit (config.environment.sessionVariables) NIX_PATH; HOME = "/root"; }; diff --git a/nixos/modules/programs/venus.nix b/nixos/modules/programs/venus.nix index c3756b4838c7..76827eeced6f 100644 --- a/nixos/modules/programs/venus.nix +++ b/nixos/modules/programs/venus.nix @@ -165,7 +165,6 @@ in script = "exec venus-planet ${configFile}"; serviceConfig.User = "${cfg.user}"; serviceConfig.Group = "${cfg.group}"; - environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; startAt = cfg.dates; }; diff --git a/nixos/modules/security/ca.nix b/nixos/modules/security/ca.nix index 98d73ed25426..8bd634b10a51 100644 --- a/nixos/modules/security/ca.nix +++ b/nixos/modules/security/ca.nix @@ -64,12 +64,6 @@ in # CentOS/Fedora compatibility. environment.etc."pki/tls/certs/ca-bundle.crt".source = caCertificates; - environment.sessionVariables = - { SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; - # FIXME: unneeded - remove eventually. - GIT_SSL_CAINFO = "/etc/ssl/certs/ca-certificates.crt"; - }; - }; } diff --git a/nixos/modules/services/continuous-integration/jenkins/default.nix b/nixos/modules/services/continuous-integration/jenkins/default.nix index d6ae4b45ceef..cfb1cd773c7f 100644 --- a/nixos/modules/services/continuous-integration/jenkins/default.nix +++ b/nixos/modules/services/continuous-integration/jenkins/default.nix @@ -92,11 +92,12 @@ in { type = with types; attrsOf str; description = '' Additional environment variables to be passed to the jenkins process. - As a base environment, jenkins receives NIX_PATH, SSL_CERT_FILE and - GIT_SSL_CAINFO from , - NIX_REMOTE is set to "daemon" and JENKINS_HOME is set to - the value of . This option has - precedence and can be used to override those mentioned variables. + As a base environment, jenkins receives NIX_PATH from + , NIX_REMOTE is set to + "daemon" and JENKINS_HOME is set to the value of + . + This option has precedence and can be used to override those + mentioned variables. ''; }; @@ -136,11 +137,7 @@ in { environment = let selectedSessionVars = - lib.filterAttrs (n: v: builtins.elem n - [ "NIX_PATH" - "SSL_CERT_FILE" - "GIT_SSL_CAINFO" - ]) + lib.filterAttrs (n: v: builtins.elem n [ "NIX_PATH" ]) config.environment.sessionVariables; in selectedSessionVars // diff --git a/nixos/modules/services/monitoring/dd-agent.nix b/nixos/modules/services/monitoring/dd-agent.nix index ed9be73ba65b..bd8d9950f77c 100644 --- a/nixos/modules/services/monitoring/dd-agent.nix +++ b/nixos/modules/services/monitoring/dd-agent.nix @@ -183,7 +183,6 @@ in { Restart = "always"; RestartSec = 2; }; - environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; restartTriggers = [ pkgs.dd-agent ddConf diskConfig networkConfig postgresqlConfig nginxConfig mongoConfig ]; }; diff --git a/nixos/modules/services/networking/ddclient.nix b/nixos/modules/services/networking/ddclient.nix index e60520c742bd..c5dd1e71c189 100644 --- a/nixos/modules/services/networking/ddclient.nix +++ b/nixos/modules/services/networking/ddclient.nix @@ -127,7 +127,6 @@ in wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; - environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; serviceConfig = { # Uncomment this if too many problems occur: # Type = "forking"; diff --git a/nixos/modules/virtualisation/azure-agent.nix b/nixos/modules/virtualisation/azure-agent.nix index ef4e3e1e48d4..e657cc519396 100644 --- a/nixos/modules/virtualisation/azure-agent.nix +++ b/nixos/modules/virtualisation/azure-agent.nix @@ -156,12 +156,6 @@ in after = [ "ip-up.target" ]; wants = [ "ip-up.target" ]; - environment = { - GIT_SSL_CAINFO = "/etc/ssl/certs/ca-certificates.crt"; - OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; - SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; - }; - path = [ pkgs.e2fsprogs ]; description = "Windows Azure Agent Service"; unitConfig.ConditionPathExists = "/etc/waagent.conf"; diff --git a/pkgs/applications/networking/cluster/panamax/api/default.nix b/pkgs/applications/networking/cluster/panamax/api/default.nix index 6e20f7c23038..ee74e665b0c7 100644 --- a/pkgs/applications/networking/cluster/panamax/api/default.nix +++ b/pkgs/applications/networking/cluster/panamax/api/default.nix @@ -62,7 +62,6 @@ stdenv.mkDerivation rec { --prefix "PATH" : "$out/share/panamax-api/bin:${env.ruby}/bin:$PATH" \ --prefix "HOME" : "$out/share/panamax-api" \ --prefix "GEM_HOME" : "${env}/${env.ruby.gemPath}" \ - --prefix "SSL_CERT_FILE" : /etc/ssl/certs/ca-certificates.crt \ --prefix "GEM_PATH" : "$out/share/panamax-api:${bundler}/${env.ruby.gemPath}" ''; diff --git a/pkgs/applications/networking/instant-messengers/tkabber/default.nix b/pkgs/applications/networking/instant-messengers/tkabber/default.nix index f9209f28cf20..9c84e60601bb 100644 --- a/pkgs/applications/networking/instant-messengers/tkabber/default.nix +++ b/pkgs/applications/networking/instant-messengers/tkabber/default.nix @@ -40,11 +40,7 @@ let } // removeAttrs attrs [ "name" "sha256" ]); in mkTkabber (main // { - postPatch = '' - substituteInPlace login.tcl --replace \ - "custom::defvar loginconf(sslcacertstore) \"\"" \ - "custom::defvar loginconf(sslcacertstore) \$env(SSL_CERT_FILE)" - '' + optionalString (theme != null) '' + postPatch = optionalString (theme != null) '' themePath="$out/share/doc/tkabber/examples/xrdb/${theme}.xrdb" sed -i '/^if.*load_default_xrdb/,/^}$/ { s@option readfile \(\[fullpath [^]]*\]\)@option readfile "'"$themePath"'"@ diff --git a/pkgs/applications/version-management/git-and-tools/git/cert-path.patch b/pkgs/applications/version-management/git-and-tools/git/cert-path.patch deleted file mode 100644 index 7d5dca9abfeb..000000000000 --- a/pkgs/applications/version-management/git-and-tools/git/cert-path.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ru -x '*~' git-1.9.2-orig/git-send-email.perl git-1.9.2/git-send-email.perl ---- git-1.9.2-orig/git-send-email.perl 2014-04-09 21:09:34.000000000 +0200 -+++ git-1.9.2/git-send-email.perl 2014-04-16 18:35:05.861132282 +0200 -@@ -1094,6 +1094,8 @@ - return; - } - -+ $smtp_ssl_cert_path //= $ENV{'SSL_CERT_FILE'}; -+ - if (!defined $smtp_ssl_cert_path) { - # use the OpenSSL defaults - return (SSL_verify_mode => SSL_VERIFY_PEER()); diff --git a/pkgs/applications/version-management/git-and-tools/git/default.nix b/pkgs/applications/version-management/git-and-tools/git/default.nix index 49ecce0456b2..f8223a7de396 100644 --- a/pkgs/applications/version-management/git-and-tools/git/default.nix +++ b/pkgs/applications/version-management/git-and-tools/git/default.nix @@ -24,8 +24,6 @@ stdenv.mkDerivation { patches = [ ./docbook2texi.patch ./symlinks-in-bin.patch - ./cert-path.patch - ./ssl-cert-file.patch ]; buildInputs = [curl openssl zlib expat gettext cpio makeWrapper libiconv] diff --git a/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch b/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch deleted file mode 100644 index dd216b7bf6f8..000000000000 --- a/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch +++ /dev/null @@ -1,13 +0,0 @@ -This patch adds support for the OpenSSL SSL_CERT_FILE environment variable. -GIT_SSL_CAINFO still takes precedence. - ---- git-orig/http.c.orig 2014-11-25 23:27:56.000000000 +0100 -+++ git-orig/http.c 2014-11-25 23:28:48.000000000 +0100 -@@ -433,6 +433,7 @@ - #if LIBCURL_VERSION_NUM >= 0x070908 - set_from_env(&ssl_capath, "GIT_SSL_CAPATH"); - #endif -+ set_from_env(&ssl_cainfo, "SSL_CERT_FILE"); - set_from_env(&ssl_cainfo, "GIT_SSL_CAINFO"); - - set_from_env(&user_agent, "GIT_HTTP_USER_AGENT"); diff --git a/pkgs/build-support/rust/fetchcargo.nix b/pkgs/build-support/rust/fetchcargo.nix index 95eefbedc327..7910887ba640 100644 --- a/pkgs/build-support/rust/fetchcargo.nix +++ b/pkgs/build-support/rust/fetchcargo.nix @@ -16,8 +16,6 @@ stdenv.mkDerivation { outputHashMode = "recursive"; outputHash = sha256; - SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; - impureEnvVars = [ "http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy" ]; preferLocalBuild = true; } diff --git a/pkgs/development/libraries/gnutls/generic.nix b/pkgs/development/libraries/gnutls/generic.nix index ebaef47ca140..e51b77eb5b07 100644 --- a/pkgs/development/libraries/gnutls/generic.nix +++ b/pkgs/development/libraries/gnutls/generic.nix @@ -16,7 +16,6 @@ stdenv.mkDerivation { outputs = [ "out" "man" ]; configureFlags = - # FIXME: perhaps use $SSL_CERT_FILE instead lib.optional stdenv.isLinux "--with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt" ++ [ "--disable-dependency-tracking" diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 4e009e5306d6..be224fd54eb5 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -1,5 +1,6 @@ { stdenv, fetchurl, perl -, withCryptodev ? false, cryptodevHeaders }: +, withCryptodev ? false, cryptodevHeaders +, defaultCertificate ? "/etc/ssl/certs/ca-certificates.crt" }: with stdenv.lib; let @@ -58,6 +59,9 @@ stdenv.mkDerivation rec { # remove dependency on Perl at runtime rm -r $out/etc/ssl/misc $out/bin/c_rehash + + # configure the default trust store + ${optionalString (defaultCertificate != null) "ln -s ${defaultCertificate} $out/etc/ssl/cert.pem"} ''; postFixup = '' diff --git a/pkgs/development/perl-modules/lwp-protocol-https-cert-file.patch b/pkgs/development/perl-modules/lwp-protocol-https-cert-file.patch deleted file mode 100644 index 4a4b49a829d2..000000000000 --- a/pkgs/development/perl-modules/lwp-protocol-https-cert-file.patch +++ /dev/null @@ -1,17 +0,0 @@ -Use $SSL_CERT_FILE to get the CA certificates. - -diff -ru -x '*~' LWP-Protocol-https-6.02-orig/lib/LWP/Protocol/https.pm LWP-Protocol-https-6.02/lib/LWP/Protocol/https.pm ---- LWP-Protocol-https-6.02-orig/lib/LWP/Protocol/https.pm 2011-03-27 13:54:01.000000000 +0200 -+++ LWP-Protocol-https-6.02/lib/LWP/Protocol/https.pm 2011-10-07 13:23:41.398628375 +0200 -@@ -21,6 +21,11 @@ - } - if ($ssl_opts{SSL_verify_mode}) { - unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) { -+ if (defined $ENV{'SSL_CERT_FILE'}) { -+ $ssl_opts{SSL_ca_file} = $ENV{'SSL_CERT_FILE'}; -+ } -+ } -+ unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) { - eval { - require Mozilla::CA; - }; diff --git a/pkgs/tools/networking/curl/7.15.nix b/pkgs/tools/networking/curl/7.15.nix index 4e533878ec18..1e91d6bd0883 100644 --- a/pkgs/tools/networking/curl/7.15.nix +++ b/pkgs/tools/networking/curl/7.15.nix @@ -33,12 +33,8 @@ stdenv.mkDerivation rec { sed -e 's|/usr/bin|/no-such-path|g' -i.bak configure ''; - # make curl honor CURL_CA_BUNDLE & SSL_CERT_FILE - postConfigure = '' - echo '#define CURL_CA_BUNDLE (getenv("CURL_CA_BUNDLE") || getenv("SSL_CERT_FILE"))' >> lib/curl_config.h - ''; - configureFlags = [ + "--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt" ( if sslSupport then "--with-ssl=${openssl}" else "--without-ssl" ) ( if scpSupport then "--with-libssh2=${libssh2}" else "--without-libssh2" ) ] diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index d5421f0a500e..bb08966ed49e 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -44,12 +44,8 @@ stdenv.mkDerivation rec { rm src/tool_hugehelp.c ''; - # make curl honor CURL_CA_BUNDLE & SSL_CERT_FILE - postConfigure = '' - echo '#define CURL_CA_BUNDLE (getenv("CURL_CA_BUNDLE") ? getenv("CURL_CA_BUNDLE") : getenv("SSL_CERT_FILE"))' >> lib/curl_config.h - ''; - configureFlags = [ + "--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt" "--disable-manual" "--with-nghttp2=${libnghttp2}" ( if sslSupport then "--with-ssl=${openssl}" else "--without-ssl" ) diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index 1e8dfa91d2d2..1cc4e7a7b920 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -6934,7 +6934,6 @@ let self = _self // overrides; _self = with self; { url = mirror://cpan/authors/id/G/GA/GAAS/LWP-Protocol-https-6.04.tar.gz; sha256 = "0agnga5dg94222h6rlzqxa0dri2sh3gayncvfb7jad9nxr87gxhy"; }; - patches = [ ../development/perl-modules/lwp-protocol-https-cert-file.patch ]; propagatedBuildInputs = [ LWP IOSocketSSL ]; doCheck = false; # tries to connect to https://www.apache.org/. meta = { From 788da6894fac5b20d183ce5afbab3bacd7ddeaca Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 3 Feb 2016 13:45:05 +0100 Subject: [PATCH 45/61] openssl: Compile in /etc/ssl/certs/ca-certificates.crt --- pkgs/development/libraries/openssl/default.nix | 14 ++++++++++---- .../libraries/openssl/use-etc-ssl-certs.patch | 13 +++++++++++++ 2 files changed, 23 insertions(+), 4 deletions(-) create mode 100644 pkgs/development/libraries/openssl/use-etc-ssl-certs.patch diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index be224fd54eb5..e37bdf855dc5 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -1,6 +1,6 @@ { stdenv, fetchurl, perl , withCryptodev ? false, cryptodevHeaders -, defaultCertificate ? "/etc/ssl/certs/ca-certificates.crt" }: +}: with stdenv.lib; let @@ -21,7 +21,9 @@ stdenv.mkDerivation rec { outputs = [ "out" "man" ]; - patches = optional stdenv.isCygwin ./1.0.1-cygwin64.patch + patches = + [ ./use-etc-ssl-certs.patch ] + ++ optional stdenv.isCygwin ./1.0.1-cygwin64.patch ++ optional (stdenv.isDarwin || (stdenv ? cross && stdenv.cross.libc == "libSystem")) ./darwin-arch.patch; nativeBuildInputs = [ perl ]; @@ -60,8 +62,7 @@ stdenv.mkDerivation rec { # remove dependency on Perl at runtime rm -r $out/etc/ssl/misc $out/bin/c_rehash - # configure the default trust store - ${optionalString (defaultCertificate != null) "ln -s ${defaultCertificate} $out/etc/ssl/cert.pem"} + rmdir $out/etc/ssl/certs ''; postFixup = '' @@ -72,6 +73,11 @@ stdenv.mkDerivation rec { fi ''; + setupHook = builtins.toFile "openssl-setup-hook" + '' + export SSL_CERT_FILE=/no-cert-file.crt + ''; + crossAttrs = { # upstream patch: https://rt.openssl.org/Ticket/Display.html?id=2558 postPatch = '' diff --git a/pkgs/development/libraries/openssl/use-etc-ssl-certs.patch b/pkgs/development/libraries/openssl/use-etc-ssl-certs.patch new file mode 100644 index 000000000000..813c6bdf44ab --- /dev/null +++ b/pkgs/development/libraries/openssl/use-etc-ssl-certs.patch @@ -0,0 +1,13 @@ +diff -ru -x '*~' openssl-1.0.1r-orig/crypto/cryptlib.h openssl-1.0.1r/crypto/cryptlib.h +--- openssl-1.0.1r-orig/crypto/cryptlib.h 2016-01-28 14:38:30.000000000 +0100 ++++ openssl-1.0.1r/crypto/cryptlib.h 2016-02-03 12:54:29.193165176 +0100 +@@ -81,8 +81,8 @@ + + # ifndef OPENSSL_SYS_VMS + # define X509_CERT_AREA OPENSSLDIR + # define X509_CERT_DIR OPENSSLDIR "/certs" +-# define X509_CERT_FILE OPENSSLDIR "/cert.pem" ++# define X509_CERT_FILE "/etc/ssl/certs/ca-certificates.crt" + # define X509_PRIVATE_DIR OPENSSLDIR "/private" + # else + # define X509_CERT_AREA "SSLROOT:[000000]" From cc2cec63007f6974130a7ba8a491761be5887528 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 3 Feb 2016 13:54:22 +0100 Subject: [PATCH 46/61] openssl: Unify 1.0.1 and 1.0.2 expressions --- .../development/libraries/openssl/1.0.2.x.nix | 91 -------- .../development/libraries/openssl/default.nix | 197 +++++++++--------- pkgs/top-level/all-packages.nix | 21 +- 3 files changed, 112 insertions(+), 197 deletions(-) delete mode 100644 pkgs/development/libraries/openssl/1.0.2.x.nix diff --git a/pkgs/development/libraries/openssl/1.0.2.x.nix b/pkgs/development/libraries/openssl/1.0.2.x.nix deleted file mode 100644 index c94033d0fefd..000000000000 --- a/pkgs/development/libraries/openssl/1.0.2.x.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ stdenv, fetchurl, perl -, withCryptodev ? false, cryptodevHeaders }: - -with stdenv.lib; -let - opensslCrossSystem = attrByPath [ "openssl" "system" ] - (throw "openssl needs its platform name cross building" null) - stdenv.cross; -in -stdenv.mkDerivation rec { - name = "openssl-1.0.2f"; - - src = fetchurl { - urls = [ - "http://www.openssl.org/source/${name}.tar.gz" - "http://openssl.linux-mirror.org/source/${name}.tar.gz" - ]; - sha256 = "932b4ee4def2b434f85435d9e3e19ca8ba99ce9a065a61524b429a9d5e9b2e9c"; - }; - - patches = optional stdenv.isCygwin ./1.0.1-cygwin64.patch; - - nativeBuildInputs = [ perl ]; - buildInputs = stdenv.lib.optional withCryptodev cryptodevHeaders; - - # On x86_64-darwin, "./config" misdetects the system as - # "darwin-i386-cc". So specify the system type explicitly. - configureScript = - if stdenv.system == "x86_64-darwin" then "./Configure darwin64-x86_64-cc" - else if stdenv.system == "x86_64-solaris" then "./Configure solaris64-x86_64-gcc" - else "./config"; - - configureFlags = [ - "shared" - "--libdir=lib" - "--openssldir=etc/ssl" - ] ++ stdenv.lib.optionals withCryptodev [ - "-DHAVE_CRYPTODEV" - "-DUSE_CRYPTODEV_DIGESTS" - ]; - - makeFlags = [ - "MANDIR=$(out)/share/man" - ]; - - # Parallel building is broken in OpenSSL. - enableParallelBuilding = false; - - postInstall = '' - # If we're building dynamic libraries, then don't install static - # libraries. - if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then - rm "$out/lib/"*.a - fi - - # remove dependency on Perl at runtime - rm -r $out/etc/ssl/misc $out/bin/c_rehash - ''; - - postFixup = '' - # Check to make sure we don't depend on perl - if grep -r '${perl}' $out; then - echo "Found an erroneous dependency on perl ^^^" >&2 - exit 1 - fi - ''; - - crossAttrs = { - # upstream patch: https://rt.openssl.org/Ticket/Display.html?id=2558 - postPatch = '' - sed -i -e 's/[$][(]CROSS_COMPILE[)]windres/$(WINDRES)/' Makefile.shared - ''; - preConfigure='' - # It's configure does not like --build or --host - export configureFlags="${concatStringsSep " " (configureFlags ++ [ opensslCrossSystem ])}" - # WINDRES and RANLIB need to be prefixed when cross compiling; - # the openssl configure script doesn't do that for us - export WINDRES=${stdenv.cross.config}-windres - export RANLIB=${stdenv.cross.config}-ranlib - ''; - configureScript = "./Configure"; - }; - - meta = { - homepage = http://www.openssl.org/; - description = "A cryptographic library that implements the SSL and TLS protocols"; - platforms = stdenv.lib.platforms.all; - maintainers = [ stdenv.lib.maintainers.simons ]; - priority = 10; # resolves collision with ‘man-pages’ - }; -} diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index e37bdf855dc5..669b4810f85f 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -1,104 +1,115 @@ { stdenv, fetchurl, perl -, withCryptodev ? false, cryptodevHeaders -}: +, withCryptodev ? false, cryptodevHeaders }: with stdenv.lib; -let - opensslCrossSystem = attrByPath [ "openssl" "system" ] - (throw "openssl needs its platform name cross building" null) - stdenv.cross; -in -stdenv.mkDerivation rec { - name = "openssl-1.0.1r"; - src = fetchurl { - urls = [ - "http://www.openssl.org/source/${name}.tar.gz" - "http://openssl.linux-mirror.org/source/${name}.tar.gz" +let + + opensslCrossSystem = stdenv.cross.openssl.system or + (throw "openssl needs its platform name cross building"); + + common = { version, sha256 }: stdenv.mkDerivation rec { + name = "openssl-${version}"; + + src = fetchurl { + url = "http://www.openssl.org/source/${name}.tar.gz"; + inherit sha256; + }; + + outputs = [ "out" "man" ]; + + patches = + [ ./use-etc-ssl-certs.patch ] + ++ optional stdenv.isCygwin ./1.0.1-cygwin64.patch + ++ optional (stdenv.isDarwin || (stdenv ? cross && stdenv.cross.libc == "libSystem")) ./darwin-arch.patch; + + nativeBuildInputs = [ perl ]; + buildInputs = stdenv.lib.optional withCryptodev cryptodevHeaders; + + # On x86_64-darwin, "./config" misdetects the system as + # "darwin-i386-cc". So specify the system type explicitly. + configureScript = + if stdenv.system == "x86_64-darwin" then "./Configure darwin64-x86_64-cc" + else if stdenv.system == "x86_64-solaris" then "./Configure solaris64-x86_64-gcc" + else "./config"; + + configureFlags = [ + "shared" + "--libdir=lib" + "--openssldir=etc/ssl" + ] ++ stdenv.lib.optionals withCryptodev [ + "-DHAVE_CRYPTODEV" + "-DUSE_CRYPTODEV_DIGESTS" ]; + + makeFlags = [ + "MANDIR=$(out)/share/man" + ]; + + # Parallel building is broken in OpenSSL. + enableParallelBuilding = false; + + postInstall = '' + # If we're building dynamic libraries, then don't install static + # libraries. + if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then + rm "$out/lib/"*.a + fi + + # remove dependency on Perl at runtime + rm -r $out/etc/ssl/misc $out/bin/c_rehash + + rmdir $out/etc/ssl/{certs,private} + ''; + + postFixup = '' + # Check to make sure we don't depend on perl + if grep -r '${perl}' $out; then + echo "Found an erroneous dependency on perl ^^^" >&2 + exit 1 + fi + ''; + + setupHook = builtins.toFile "openssl-setup-hook" + '' + export SSL_CERT_FILE=/no-cert-file.crt + ''; + + crossAttrs = { + # upstream patch: https://rt.openssl.org/Ticket/Display.html?id=2558 + postPatch = '' + sed -i -e 's/[$][(]CROSS_COMPILE[)]windres/$(WINDRES)/' Makefile.shared + ''; + preConfigure='' + # It's configure does not like --build or --host + export configureFlags="${concatStringsSep " " (configureFlags ++ [ opensslCrossSystem ])}" + # WINDRES and RANLIB need to be prefixed when cross compiling; + # the openssl configure script doesn't do that for us + export WINDRES=${stdenv.cross.config}-windres + export RANLIB=${stdenv.cross.config}-ranlib + ''; + configureScript = "./Configure"; + }; + + meta = { + homepage = http://www.openssl.org/; + description = "A cryptographic library that implements the SSL and TLS protocols"; + platforms = stdenv.lib.platforms.all; + maintainers = [ stdenv.lib.maintainers.simons ]; + priority = 10; # resolves collision with ‘man-pages’ + }; + }; + +in { + + openssl_1_0_1 = common { + version = "1.0.1r"; sha256 = "0iik7a3b0mrfrxzngdf7ywfscg9inbw77y0jp2ccw0gdap9xhjvq"; }; - outputs = [ "out" "man" ]; - - patches = - [ ./use-etc-ssl-certs.patch ] - ++ optional stdenv.isCygwin ./1.0.1-cygwin64.patch - ++ optional (stdenv.isDarwin || (stdenv ? cross && stdenv.cross.libc == "libSystem")) ./darwin-arch.patch; - - nativeBuildInputs = [ perl ]; - buildInputs = stdenv.lib.optional withCryptodev cryptodevHeaders; - - # On x86_64-darwin, "./config" misdetects the system as - # "darwin-i386-cc". So specify the system type explicitly. - configureScript = - if stdenv.system == "x86_64-darwin" then "./Configure darwin64-x86_64-cc" - else if stdenv.system == "x86_64-solaris" then "./Configure solaris64-x86_64-gcc" - else "./config"; - - configureFlags = [ - "shared" - "--libdir=lib" - "--openssldir=etc/ssl" - ] ++ stdenv.lib.optionals withCryptodev [ - "-DHAVE_CRYPTODEV" - "-DUSE_CRYPTODEV_DIGESTS" - ]; - - makeFlags = [ - "MANDIR=$(out)/share/man" - ]; - - # Parallel building is broken in OpenSSL. - enableParallelBuilding = false; - - postInstall = '' - # If we're building dynamic libraries, then don't install static - # libraries. - if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then - rm "$out/lib/"*.a - fi - - # remove dependency on Perl at runtime - rm -r $out/etc/ssl/misc $out/bin/c_rehash - - rmdir $out/etc/ssl/certs - ''; - - postFixup = '' - # Check to make sure we don't depend on perl - if grep -r '${perl}' $out; then - echo "Found an erroneous dependency on perl ^^^" >&2 - exit 1 - fi - ''; - - setupHook = builtins.toFile "openssl-setup-hook" - '' - export SSL_CERT_FILE=/no-cert-file.crt - ''; - - crossAttrs = { - # upstream patch: https://rt.openssl.org/Ticket/Display.html?id=2558 - postPatch = '' - sed -i -e 's/[$][(]CROSS_COMPILE[)]windres/$(WINDRES)/' Makefile.shared - ''; - preConfigure='' - # It's configure does not like --build or --host - export configureFlags="${concatStringsSep " " (configureFlags ++ [ opensslCrossSystem ])}" - # WINDRES and RANLIB need to be prefixed when cross compiling; - # the openssl configure script doesn't do that for us - export WINDRES=${stdenv.cross.config}-windres - export RANLIB=${stdenv.cross.config}-ranlib - ''; - configureScript = "./Configure"; + openssl_1_0_2 = common { + version = "1.0.2f"; + sha256 = "932b4ee4def2b434f85435d9e3e19ca8ba99ce9a065a61524b429a9d5e9b2e9c"; }; - meta = { - homepage = http://www.openssl.org/; - description = "A cryptographic library that implements the SSL and TLS protocols"; - platforms = stdenv.lib.platforms.all; - maintainers = [ stdenv.lib.maintainers.simons ]; - priority = 10; # resolves collision with ‘man-pages’ - }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1d25ccc49973..5440d3e04388 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8109,21 +8109,16 @@ let wolfssl = callPackage ../development/libraries/wolfssl { }; openssl = openssl_1_0_1; - openssl_1_0_1 = callPackage ../development/libraries/openssl { - fetchurl = fetchurlBoot; - cryptodevHeaders = linuxPackages.cryptodev.override { - fetchurl = fetchurlBoot; - onlyHeaders = true; - }; - }; - openssl_1_0_2 = callPackage ../development/libraries/openssl/1.0.2.x.nix { - fetchurl = fetchurlBoot; - cryptodevHeaders = linuxPackages.cryptodev.override { + inherit (callPackages ../development/libraries/openssl { fetchurl = fetchurlBoot; - onlyHeaders = true; - }; - }; + cryptodevHeaders = linuxPackages.cryptodev.override { + fetchurl = fetchurlBoot; + onlyHeaders = true; + }; + }) + openssl_1_0_1 + openssl_1_0_2; opensubdiv = callPackage ../development/libraries/opensubdiv { }; From 917ca8920da46b94867a01590423f66390a152c0 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 3 Feb 2016 13:59:10 +0100 Subject: [PATCH 47/61] Move setting $SSL_CERT_FILE to stdenv Doing it in an openssl setup hook only works if packages have openssl as a build input - it doesn't work if they're using a program linked against openssl. --- pkgs/development/libraries/openssl/default.nix | 5 ----- pkgs/stdenv/generic/setup.sh | 5 +++++ 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 669b4810f85f..6300068f09fe 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -70,11 +70,6 @@ let fi ''; - setupHook = builtins.toFile "openssl-setup-hook" - '' - export SSL_CERT_FILE=/no-cert-file.crt - ''; - crossAttrs = { # upstream patch: https://rt.openssl.org/Ticket/Display.html?id=2558 postPatch = '' diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index 102a8f2f71c5..dc6c765353f7 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -371,6 +371,11 @@ export NIX_BUILD_CORES paxmark() { true; } +# Prevent OpenSSL-based applications from using certificates in +# /etc/ssl. +export SSL_CERT_FILE=/no-cert-file.crt + + ###################################################################### # Textual substitution functions. From 80270e201981bd8fedc51935dfe46e8885e72b31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sun, 31 Jan 2016 19:33:27 +0100 Subject: [PATCH 48/61] cmake: maintenance updates 3.4.0 -> 3.4.3 --- pkgs/development/tools/build-managers/cmake/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/build-managers/cmake/default.nix b/pkgs/development/tools/build-managers/cmake/default.nix index 09e54d3dfa63..c8ed91b96fb0 100644 --- a/pkgs/development/tools/build-managers/cmake/default.nix +++ b/pkgs/development/tools/build-managers/cmake/default.nix @@ -11,7 +11,7 @@ assert wantPS -> (ps != null); let os = stdenv.lib.optionalString; majorVersion = "3.4"; - minorVersion = "0"; + minorVersion = "3"; version = "${majorVersion}.${minorVersion}"; in @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "${meta.homepage}files/v${majorVersion}/cmake-${version}.tar.gz"; - sha256 = "1shwim3gfdybjx9f11ykxz5l09rh58vmvz8ip76q3i76mkv2pf55"; + sha256 = "1yl0z422gr7zfc638chifv343vx0ig5gasvrh7nzf7b15488qgxp"; }; enableParallelBuilding = true; From 89036ef76ab09af6ba324c896f0db00ae1ebaab0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Fri, 29 Jan 2016 11:53:50 +0100 Subject: [PATCH 49/61] stdenv: accept wider range of $configureScript options Fixes #12632. I think it's better to quote this variable in general, because it is common and even documented to pass space-separated commands in there. The greps should just fail in that case and `if` won't proceed which seems fine for such cases, and it's certainly better than passing additional unintended parameters to grep (which was happening all the time before). --- pkgs/stdenv/generic/setup.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index dc6c765353f7..7d25472993c5 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -644,14 +644,14 @@ configurePhase() { # Add --disable-dependency-tracking to speed up some builds. if [ -z "$dontAddDisableDepTrack" ]; then - if grep -q dependency-tracking $configureScript; then + if grep -q dependency-tracking "$configureScript"; then configureFlags="--disable-dependency-tracking $configureFlags" fi fi # By default, disable static builds. if [ -z "$dontDisableStatic" ]; then - if grep -q enable-static $configureScript; then + if grep -q enable-static "$configureScript"; then configureFlags="--disable-static $configureFlags" fi fi From 96cbdc70f239a25ea22d49f205c6168b526079df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Fri, 5 Feb 2016 11:59:18 +0100 Subject: [PATCH 50/61] cc-wrapper: fix #10574: old gcc -> cc fallout The part with gcc-wrapper-old changes is rather unimportant, as it's almost unused but I still tested that the sole user `gnat` builds. --- pkgs/build-support/cc-wrapper/add-flags | 6 +++--- pkgs/build-support/gcc-wrapper-old/add-flags | 10 +++++----- pkgs/build-support/gcc-wrapper-old/builder.sh | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/pkgs/build-support/cc-wrapper/add-flags b/pkgs/build-support/cc-wrapper/add-flags index d48361539047..5634c82aa285 100644 --- a/pkgs/build-support/cc-wrapper/add-flags +++ b/pkgs/build-support/cc-wrapper/add-flags @@ -1,11 +1,11 @@ -# `-B@out@/bin' forces gcc to use ld-wrapper.sh when calling ld. +# `-B@out@/bin' forces cc to use ld-wrapper.sh when calling ld. export NIX_CFLAGS_COMPILE="-B@out@/bin/ $NIX_CFLAGS_COMPILE" if [ -e @out@/nix-support/libc-cflags ]; then export NIX_CFLAGS_COMPILE="$(cat @out@/nix-support/libc-cflags) $NIX_CFLAGS_COMPILE" fi -if [ -e @out@/nix-support/gcc-cflags ]; then +if [ -e @out@/nix-support/cc-cflags ]; then export NIX_CFLAGS_COMPILE="$(cat @out@/nix-support/cc-cflags) $NIX_CFLAGS_COMPILE" fi @@ -17,7 +17,7 @@ if [ -e @out@/nix-support/libc-ldflags ]; then export NIX_LDFLAGS+=" $(cat @out@/nix-support/libc-ldflags)" fi -if [ -e @out@/nix-support/gcc-ldflags ]; then +if [ -e @out@/nix-support/cc-ldflags ]; then export NIX_LDFLAGS+=" $(cat @out@/nix-support/cc-ldflags)" fi diff --git a/pkgs/build-support/gcc-wrapper-old/add-flags b/pkgs/build-support/gcc-wrapper-old/add-flags index 7714a6305739..93da917a5415 100644 --- a/pkgs/build-support/gcc-wrapper-old/add-flags +++ b/pkgs/build-support/gcc-wrapper-old/add-flags @@ -1,12 +1,12 @@ -# `-B@out@/bin' forces gcc to use ld-wrapper.sh when calling ld. +# `-B@out@/bin' forces cc to use ld-wrapper.sh when calling ld. export NIX_CFLAGS_COMPILE="-B@out@/bin/ $NIX_CFLAGS_COMPILE" if test -e @out@/nix-support/libc-cflags; then export NIX_CFLAGS_COMPILE="$(cat @out@/nix-support/libc-cflags) $NIX_CFLAGS_COMPILE" fi -if test -e @out@/nix-support/gcc-cflags; then - export NIX_CFLAGS_COMPILE="$(cat @out@/nix-support/gcc-cflags) $NIX_CFLAGS_COMPILE" +if test -e @out@/nix-support/cc-cflags; then + export NIX_CFLAGS_COMPILE="$(cat @out@/nix-support/cc-cflags) $NIX_CFLAGS_COMPILE" fi if test -e @out@/nix-support/gnat-cflags; then @@ -17,8 +17,8 @@ if test -e @out@/nix-support/libc-ldflags; then export NIX_LDFLAGS="$NIX_LDFLAGS $(cat @out@/nix-support/libc-ldflags)" fi -if test -e @out@/nix-support/gcc-ldflags; then - export NIX_LDFLAGS="$NIX_LDFLAGS $(cat @out@/nix-support/gcc-ldflags)" +if test -e @out@/nix-support/cc-ldflags; then + export NIX_LDFLAGS="$NIX_LDFLAGS $(cat @out@/nix-support/cc-ldflags)" fi if test -e @out@/nix-support/libc-ldflags-before; then diff --git a/pkgs/build-support/gcc-wrapper-old/builder.sh b/pkgs/build-support/gcc-wrapper-old/builder.sh index 59cdd3f84ad2..7bb487096145 100644 --- a/pkgs/build-support/gcc-wrapper-old/builder.sh +++ b/pkgs/build-support/gcc-wrapper-old/builder.sh @@ -45,7 +45,7 @@ else if [ -n "$langVhdl" ]; then gccLDFlags="$gccLDFlags -L$zlib/lib" fi - echo "$gccLDFlags" > $out/nix-support/gcc-ldflags + echo "$gccLDFlags" > $out/nix-support/cc-ldflags # GCC shows $gcc/lib in `gcc -print-search-dirs', but not # $gcc/lib64 (even though it does actually search there...).. @@ -63,7 +63,7 @@ else gnatCFlags="-aI$basePath/adainclude -aO$basePath/adalib" echo "$gnatCFlags" > $out/nix-support/gnat-cflags fi - echo "$gccCFlags" > $out/nix-support/gcc-cflags + echo "$gccCFlags" > $out/nix-support/cc-cflags gccPath="$gcc/bin" # On Illumos/Solaris we might prefer native ld From e4728dd05f71a44c6864dae8a45c83fcefb59a37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sat, 6 Feb 2016 13:21:18 +0100 Subject: [PATCH 51/61] libxslt: fix CVE-2015-7995 by upstream patch --- pkgs/development/libraries/libxslt/default.nix | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/libxslt/default.nix b/pkgs/development/libraries/libxslt/default.nix index 3579e99ec7a8..9aa70ea04716 100644 --- a/pkgs/development/libraries/libxslt/default.nix +++ b/pkgs/development/libraries/libxslt/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, libxml2, findXMLCatalogs }: +{ stdenv, fetchurl, fetchpatch, libxml2, findXMLCatalogs }: stdenv.mkDerivation rec { name = "libxslt-1.1.28"; @@ -8,14 +8,21 @@ stdenv.mkDerivation rec { sha256 = "13029baw9kkyjgr7q3jccw2mz38amq7mmpr5p3bh775qawd1bisz"; }; + patches = stdenv.lib.optional stdenv.isSunOS ./patch-ah.patch + ++ [ + (fetchpatch { + name = "CVE-2015-7995.patch"; + url = "http://git.gnome.org/browse/libxslt/patch/?id=7ca19df892ca22"; + sha256 = "1xzg0q94dzbih9nvqp7g9ihz0a3qb0w23l1158m360z9smbi8zbd"; + }) + ]; + outputs = [ "out" "doc" ]; buildInputs = [ libxml2 ]; propagatedBuildInputs = [ findXMLCatalogs ]; - patches = stdenv.lib.optionals stdenv.isSunOS [ ./patch-ah.patch ]; - configureFlags = [ "--with-libxml-prefix=${libxml2}" "--without-python" From 9185fc7c6f7bbe4e225616d213cfa2a02fcee175 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Tue, 2 Feb 2016 04:56:56 +0100 Subject: [PATCH 52/61] libvdpau: use a cleaner installation method (cherry picked from commit bd2ca1e539c71e83445bb04ccc0e15cb4c80861f) --- pkgs/development/libraries/libvdpau/default.nix | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/pkgs/development/libraries/libvdpau/default.nix b/pkgs/development/libraries/libvdpau/default.nix index f38cc51f6c24..107c8448795c 100644 --- a/pkgs/development/libraries/libvdpau/default.nix +++ b/pkgs/development/libraries/libvdpau/default.nix @@ -14,13 +14,7 @@ stdenv.mkDerivation rec { configureFlags = [ "--with-module-dir=${mesa_noglu.driverLink}/lib/vdpau" ]; - installFlags = [ "DESTDIR=$(out)" ]; - - postInstall = '' - cp -r $out/${mesa_noglu.driverLink}/* $out - cp -r $out/$out/* $out - rm -rf $out/run $out/$(echo "$out" | cut -d "/" -f2) - ''; + installFlags = [ "moduledir=$(out)/lib/vdpau" ]; meta = with stdenv.lib; { homepage = http://people.freedesktop.org/~aplattner/vdpau/; From 8ea5563011ee202eda146e2cc8f8754f239303cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sat, 6 Feb 2016 16:45:21 +0100 Subject: [PATCH 53/61] libva: use a cleaner installation method --- pkgs/development/libraries/libva/default.nix | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/pkgs/development/libraries/libva/default.nix b/pkgs/development/libraries/libva/default.nix index e8de6ac284eb..557d0f591553 100644 --- a/pkgs/development/libraries/libva/default.nix +++ b/pkgs/development/libraries/libva/default.nix @@ -19,13 +19,7 @@ in stdenv.mkDerivation rec { "--enable-glx" ]; - installFlags = lib.optional withMesa "DESTDIR=$(out)"; - - postInstall = lib.optionalString withMesa '' - cp -r $out/${mesa_noglu.driverLink}/* $out - cp -r $out/$out/* $out - rm -rf $out/run $out/$(echo "$out" | cut -d "/" -f2) - ''; + installFlags = [ "dummy_drv_video_ladir=$(out)/lib/dri" ]; meta = with stdenv.lib; { homepage = http://www.freedesktop.org/wiki/Software/vaapi; From 234f4611393a6818b317f3ad93d2e276515bdc33 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sun, 7 Feb 2016 05:03:16 +0300 Subject: [PATCH 54/61] SDL: add patches from Fedora Fixes several bugs (some of which were fixed in the official repository but no release made). --- pkgs/development/libraries/SDL/default.nix | 61 ++++++++++++++-------- 1 file changed, 38 insertions(+), 23 deletions(-) diff --git a/pkgs/development/libraries/SDL/default.nix b/pkgs/development/libraries/SDL/default.nix index 7006eb10f7ed..3b63e0bbb0a8 100644 --- a/pkgs/development/libraries/SDL/default.nix +++ b/pkgs/development/libraries/SDL/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, audiofile, libcap +{ stdenv, fetchurl, fetchpatch, pkgconfig, audiofile, libcap , openglSupport ? false, mesa ? null , alsaSupport ? true, alsaLib ? null , x11Support ? true, xlibsWrapper ? null, libXrandr ? null @@ -59,34 +59,49 @@ stdenv.mkDerivation rec { "--without-x" ] ++ stdenv.lib.optional alsaSupport "--with-alsa-prefix=${alsaLib}/lib"); - # Fix a build failure on OS X Mavericks - # Ticket: https://bugzilla.libsdl.org/show_bug.cgi?id=2085 - patches = stdenv.lib.optional stdenv.isDarwin [ (fetchurl { - url = "http://bugzilla-attachments.libsdl.org/attachment.cgi?id=1320"; - sha1 = "3137feb503a89a8d606405373905b92dcf7e293b"; - }) ]; + patches = [ + # Fix window resizing issues, e.g. for xmonad + # Ticket: http://bugzilla.libsdl.org/show_bug.cgi?id=1430 + (fetchpatch { + name = "fix_window_resizing.diff"; + url = "https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=fix_window_resizing.diff;att=2;bug=665779"; + sha256 = "1z35azc73vvi19pzi6byck31132a8w1vzrghp1x3hy4a4f9z4gc6"; + }) + # Fix drops of keyboard events for SDL_EnableUNICODE + (fetchpatch { + url = "http://hg.libsdl.org/SDL/raw-rev/0aade9c0203f"; + sha256 = "1y9izncjlqvk1mkz1pkl9lrk9s452cmg2izjjlqqrhbn8279xy50"; + }) + # Ignore insane joystick axis events + (fetchpatch { + url = "http://hg.libsdl.org/SDL/raw-rev/95abff7adcc2"; + sha256 = "0i8x0kx0pw12ld5bfxhyzs466y3c0n9dscw1ijhq1b96r72xyhqq"; + }) + # Workaround X11 bug to allow changing gamma + # Ticket: https://bugs.freedesktop.org/show_bug.cgi?id=27222 + (fetchpatch { + url = "http://pkgs.fedoraproject.org/cgit/rpms/SDL.git/plain/SDL-1.2.15-x11-Bypass-SetGammaRamp-when-changing-gamma.patch?id=04a3a7b1bd88c2d5502292fad27e0e02d084698d"; + sha256 = "0x52s4328kilyq43i7psqkqg7chsfwh0aawr50j566nzd7j51dlv"; + }) + # Fix a build failure on OS X Mavericks + # Ticket: https://bugzilla.libsdl.org/show_bug.cgi?id=2085 + (fetchpatch { + url = "http://hg.libsdl.org/SDL/raw-rev/e9466ead70e5"; + sha256 = "0mpwdi09h89df2wxqw87m1rdz7pr46k0w6alk691k8kwv970z6pl"; + }) + (fetchpatch { + url = "http://hg.libsdl.org/SDL/raw-rev/bbfb41c13a87"; + sha256 = "1336g7waaf1c8yhkz11xbs500h8bmvabh4h437ax8l1xdwcppfxv"; + }) + ]; - crossAttrs =stdenv.lib.optionalAttrs (stdenv.cross.libc == "libSystem") { - patches = let - f = rev: sha256: fetchurl { - url = "http://hg.libsdl.org/SDL/raw-rev/${rev}"; - inherit sha256; - }; - in [ - (f "e9466ead70e5" "0ygir3k83d0vxp7s3k48jn3j8n2bnv9wm6613wpx3ybnjrxabrip") - (f "bbfb41c13a87" "17v29ybjifvka19m8qf14rjc43nfdwk9v9inaizznarhb17amlnv") - ]; - postPatch = '' - sed -i -e 's/ *-fpascal-strings//' configure - ''; - }; - - passthru = {inherit openglSupport;}; + passthru = { inherit openglSupport; }; meta = with stdenv.lib; { description = "A cross-platform multimedia library"; homepage = http://www.libsdl.org/; maintainers = with maintainers; [ lovek323 ]; platforms = platforms.unix; + license = licenses.lgpl21; }; } From 9cf445405bc1be72109946d231c09047c338d149 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sun, 7 Feb 2016 14:23:24 +0100 Subject: [PATCH 55/61] libvdpau: break evaluation cycle on darwin That path isn't meaningful on non-NixOS anyway. --- pkgs/development/libraries/libvdpau/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/libvdpau/default.nix b/pkgs/development/libraries/libvdpau/default.nix index 107c8448795c..446f2917fe71 100644 --- a/pkgs/development/libraries/libvdpau/default.nix +++ b/pkgs/development/libraries/libvdpau/default.nix @@ -12,7 +12,8 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [ xorg.libX11 ]; - configureFlags = [ "--with-module-dir=${mesa_noglu.driverLink}/lib/vdpau" ]; + configureFlags = stdenv.lib.optional stdenv.isLinux + "--with-module-dir=${mesa_noglu.driverLink}/lib/vdpau"; installFlags = [ "moduledir=$(out)/lib/vdpau" ]; From 0d9f125925dca4988a1ed870ef12616e3fb55a4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sun, 7 Feb 2016 14:31:10 +0100 Subject: [PATCH 56/61] ensureNewerSourcesHook: use absolute path for `find` pythonPackages.psutil has busybox in build inputs and its `find` apparently doesn't support the -newermt option. --- pkgs/top-level/all-packages.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 0ef0536cf622..d2a97feae2f1 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -263,7 +263,8 @@ let (writeScript "ensure-newer-sources-hook.sh" '' postUnpackHooks+=(_ensureNewerSources) _ensureNewerSources() { - find "$sourceRoot" '!' -newermt '${year}-01-01' -exec touch -d '${year}-01-02' '{}' '+' + '${findutils}/bin/find' "$sourceRoot" \ + '!' -newermt '${year}-01-01' -exec touch -d '${year}-01-02' '{}' '+' } ''); From 32136a024708994b357636b451673147560591f3 Mon Sep 17 00:00:00 2001 From: Michiel Leenaars Date: Sun, 7 Feb 2016 01:51:20 +0100 Subject: [PATCH 57/61] pcre: 8.37 with patches -> 8.38 --- .../libraries/pcre/cve-2015-3210.patch | 87 ------------------- .../libraries/pcre/cve-2015-5073.patch | 68 --------------- pkgs/development/libraries/pcre/default.nix | 8 +- 3 files changed, 3 insertions(+), 160 deletions(-) delete mode 100644 pkgs/development/libraries/pcre/cve-2015-3210.patch delete mode 100644 pkgs/development/libraries/pcre/cve-2015-5073.patch diff --git a/pkgs/development/libraries/pcre/cve-2015-3210.patch b/pkgs/development/libraries/pcre/cve-2015-3210.patch deleted file mode 100644 index c97849fb70c7..000000000000 --- a/pkgs/development/libraries/pcre/cve-2015-3210.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 68ff1beb43bb3d4d8838f3285c97023d1e50513a Mon Sep 17 00:00:00 2001 -From: ph10 -Date: Fri, 15 May 2015 17:17:03 +0000 -Subject: [PATCH] Fix buffer overflow for named recursive back reference when - the name is duplicated. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Upstream commit ported to pcre-8.37: - -commit 4b79af6b4cbeb5326ae5e4d83f3e935e00286c19 -Author: ph10 -Date: Fri May 15 17:17:03 2015 +0000 - - Fix buffer overflow for named recursive back reference when the name is - duplicated. - - git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1558 2f5784b3-3f2a-0410-8824-cb99058d5e15 - -This fixes CVE-2015-3210. - -Signed-off-by: Petr Písař ---- - pcre_compile.c | 16 ++++++++++++++-- - testdata/testinput2 | 2 ++ - testdata/testoutput2 | 2 ++ - 3 files changed, 18 insertions(+), 2 deletions(-) - -diff --git a/pcre_compile.c b/pcre_compile.c -index 0efad26..6f06912 100644 ---- a/pcre_compile.c -+++ b/pcre_compile.c -@@ -7173,14 +7173,26 @@ for (;; ptr++) - number. If the name is not found, set the value to 0 for a forward - reference. */ - -+ recno = 0; - ng = cd->named_groups; - for (i = 0; i < cd->names_found; i++, ng++) - { - if (namelen == ng->length && - STRNCMP_UC_UC(name, ng->name, namelen) == 0) -- break; -+ { -+ open_capitem *oc; -+ recno = ng->number; -+ if (is_recurse) break; -+ for (oc = cd->open_caps; oc != NULL; oc = oc->next) -+ { -+ if (oc->number == recno) -+ { -+ oc->flag = TRUE; -+ break; -+ } -+ } -+ } - } -- recno = (i < cd->names_found)? ng->number : 0; - - /* Count named back references. */ - -diff --git a/testdata/testinput2 b/testdata/testinput2 -index 58fe53b..83bb471 100644 ---- a/testdata/testinput2 -+++ b/testdata/testinput2 -@@ -4152,4 +4152,6 @@ backtracking verbs. --/ - - /((?2){73}(?2))((?1))/ - -+"(?J)(?'d'(?'d'\g{d}))" -+ - /-- End of testinput2 --/ -diff --git a/testdata/testoutput2 b/testdata/testoutput2 -index b718df0..7dff52a 100644 ---- a/testdata/testoutput2 -+++ b/testdata/testoutput2 -@@ -14423,4 +14423,6 @@ Failed: lookbehind assertion is not fixed length at offset 17 - - /((?2){73}(?2))((?1))/ - -+"(?J)(?'d'(?'d'\g{d}))" -+ - /-- End of testinput2 --/ --- -2.4.3 - diff --git a/pkgs/development/libraries/pcre/cve-2015-5073.patch b/pkgs/development/libraries/pcre/cve-2015-5073.patch deleted file mode 100644 index 16fd45c87b1d..000000000000 --- a/pkgs/development/libraries/pcre/cve-2015-5073.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 354e1f8e921dcb9cf2f3a5eac93cd826d01a7d8a Mon Sep 17 00:00:00 2001 -From: ph10 -Date: Tue, 23 Jun 2015 16:34:53 +0000 -Subject: [PATCH] Fix buffer overflow for forward reference within backward - assertion with excess closing parenthesis. Bugzilla 1651. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is upstream commit ported to 8.37: - -commit 764692f9aea9eab50fdba6cb537441d8b34c6c37 -Author: ph10 -Date: Tue Jun 23 16:34:53 2015 +0000 - - Fix buffer overflow for forward reference within backward assertion with excess - closing parenthesis. Bugzilla 1651. - - git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1571 2f5784b3-3f2a-0410-8824-cb99058d5e15 - -It fixes CVE-2015-5073. - -Signed-off-by: Petr Písař ---- - pcre_compile.c | 2 +- - testdata/testinput2 | 2 ++ - testdata/testoutput2 | 3 +++ - 3 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/pcre_compile.c b/pcre_compile.c -index 6f06912..b66b1f6 100644 ---- a/pcre_compile.c -+++ b/pcre_compile.c -@@ -9392,7 +9392,7 @@ OP_RECURSE that are not fixed length get a diagnosic with a useful offset. The - exceptional ones forgo this. We scan the pattern to check that they are fixed - length, and set their lengths. */ - --if (cd->check_lookbehind) -+if (errorcode == 0 && cd->check_lookbehind) - { - pcre_uchar *cc = (pcre_uchar *)codestart; - -diff --git a/testdata/testinput2 b/testdata/testinput2 -index 83bb471..5cc9ce6 100644 ---- a/testdata/testinput2 -+++ b/testdata/testinput2 -@@ -4154,4 +4154,6 @@ backtracking verbs. --/ - - "(?J)(?'d'(?'d'\g{d}))" - -+/(?=di(?<=(?1))|(?=(.))))/ -+ - /-- End of testinput2 --/ -diff --git a/testdata/testoutput2 b/testdata/testoutput2 -index 7dff52a..4decb8d 100644 ---- a/testdata/testoutput2 -+++ b/testdata/testoutput2 -@@ -14425,4 +14425,7 @@ Failed: lookbehind assertion is not fixed length at offset 17 - - "(?J)(?'d'(?'d'\g{d}))" - -+/(?=di(?<=(?1))|(?=(.))))/ -+Failed: unmatched parentheses at offset 23 -+ - /-- End of testinput2 --/ --- -2.4.3 - diff --git a/pkgs/development/libraries/pcre/default.nix b/pkgs/development/libraries/pcre/default.nix index 3370e910565e..92f53b067204 100644 --- a/pkgs/development/libraries/pcre/default.nix +++ b/pkgs/development/libraries/pcre/default.nix @@ -5,17 +5,15 @@ with stdenv.lib; stdenv.mkDerivation rec { - name = "pcre-8.37"; + name = "pcre-8.38"; src = fetchurl { url = "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/${name}.tar.bz2"; - sha256 = "17bqykp604p7376wj3q2nmjdhrb6v1ny8q08zdwi7qvc02l9wrsi"; + sha256 = "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r"; }; patches = - [ ./cve-2015-3210.patch - ./cve-2015-5073.patch - ]; + [ ]; outputs = [ "out" "doc" "man" ]; From 9f2cc141071fbb61faa93c0d068ab3473498cf0c Mon Sep 17 00:00:00 2001 From: Bojan Nikolic Date: Thu, 11 Feb 2016 12:56:38 +0000 Subject: [PATCH 58/61] bzip2: Fix cross-compilation The cross-compiling the "patchPhase" from the parent attribute set was preventing application of patches specified in the crossDrv. Fix by turning patchPhase into postPatch. --- pkgs/tools/compression/bzip2/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/tools/compression/bzip2/default.nix b/pkgs/tools/compression/bzip2/default.nix index bb04049d8a66..0d8bfc6894e6 100644 --- a/pkgs/tools/compression/bzip2/default.nix +++ b/pkgs/tools/compression/bzip2/default.nix @@ -58,7 +58,7 @@ in stdenv.mkDerivation { ln -s bzip2 $out/bin/bzcat ''; - patchPhase = '' + postPatch = '' substituteInPlace Makefile --replace CC=gcc CC=cc substituteInPlace Makefile-libbz2_so --replace CC=gcc CC=cc ''; From 31ab7d38f23e556fd4e25508bed02455474b6c97 Mon Sep 17 00:00:00 2001 From: Dan Peebles Date: Sat, 13 Feb 2016 09:52:02 -0500 Subject: [PATCH 59/61] bzip2: fix shared library generation on darwin This fixes #6504 --- pkgs/tools/compression/bzip2/default.nix | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/pkgs/tools/compression/bzip2/default.nix b/pkgs/tools/compression/bzip2/default.nix index 0d8bfc6894e6..66ff5612dd4a 100644 --- a/pkgs/tools/compression/bzip2/default.nix +++ b/pkgs/tools/compression/bzip2/default.nix @@ -3,9 +3,13 @@ let version = "1.0.6"; - sharedLibrary = !stdenv.isDarwin && !(stdenv ? isStatic) + sharedLibrary = !(stdenv ? isStatic) && stdenv.system != "i686-cygwin" && !linkStatic; + darwinMakefile = fetchurl { + url = "https://gitweb.gentoo.org/repo/proj/prefix.git/plain/app-arch/bzip2/files/bzip2-1.0.6-Makefile-libbz2_dylib"; + sha256 = "1lq6g98kfpwv2f7wn4sk8hzcf87dwf92gviq0b4691f5bvc9mawz"; + }; in stdenv.mkDerivation { name = "bzip2-${version}"; @@ -38,17 +42,24 @@ in stdenv.mkDerivation { }; preBuild = stdenv.lib.optionalString sharedLibrary '' - make -f Makefile-libbz2_so + make -f ${if stdenv.isDarwin then "Makefile-libbz2_dylib" else "Makefile-libbz2_so"} ''; - preInstall = stdenv.lib.optionalString sharedLibrary '' + preInstall = stdenv.lib.optionalString sharedLibrary (if !stdenv.isDarwin then '' mkdir -p $out/lib mv libbz2.so* $out/lib ( cd $out/lib && ln -s libbz2.so.1.0.? libbz2.so && ln -s libbz2.so.1.0.? libbz2.so.1 ) - ''; + '' else '' + mkdir -p $out/lib + mv libbz2.*.dylib $out/lib + ( cd $out/lib && + ln -s libbz2.1.0.?.dylib libbz2.dylib && + ln -s libbz2.1.0.?.dylib libbz2.1.dylib + ) + ''); installFlags = [ "PREFIX=$(out)" ]; @@ -61,6 +72,11 @@ in stdenv.mkDerivation { postPatch = '' substituteInPlace Makefile --replace CC=gcc CC=cc substituteInPlace Makefile-libbz2_so --replace CC=gcc CC=cc + '' + stdenv.lib.optionalString stdenv.isDarwin '' + cp ${darwinMakefile} Makefile-libbz2_dylib + substituteInPlace Makefile-libbz2_dylib \ + --replace "CC=gcc" "CC=cc" \ + --replace "PREFIX=/usr" "PREFIX=$out" ''; preConfigure = '' From 0fe58cade5e90896dfafc49bd0c8cf89c5160fd3 Mon Sep 17 00:00:00 2001 From: Josef Knedl Date: Sat, 13 Feb 2016 18:39:49 +0100 Subject: [PATCH 60/61] gcc: fix #12836: build on darwin Patch is based on GCC Bug 66523: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66523 --- .../development/compilers/gcc/4.9/default.nix | 6 +++-- pkgs/development/compilers/gcc/builder.sh | 2 +- .../gcc/gfortran-darwin-NXConstStr.patch | 27 +++++++++++++++++++ 3 files changed, 32 insertions(+), 3 deletions(-) create mode 100644 pkgs/development/compilers/gcc/gfortran-darwin-NXConstStr.patch diff --git a/pkgs/development/compilers/gcc/4.9/default.nix b/pkgs/development/compilers/gcc/4.9/default.nix index add9b30fb629..9e4823966cf3 100644 --- a/pkgs/development/compilers/gcc/4.9/default.nix +++ b/pkgs/development/compilers/gcc/4.9/default.nix @@ -71,8 +71,10 @@ let version = "4.9.3"; # The GNAT Makefiles did not pay attention to CFLAGS_FOR_TARGET for its # target libraries and tools. ++ optional langAda ../gnat-cflags.patch - ++ optional langFortran ../gfortran-driving.patch; - + ++ optional langFortran ../gfortran-driving.patch + # The NXConstStr.patch can be removed at 4.9.4 + ++ optional stdenv.isDarwin ../gfortran-darwin-NXConstStr.patch; + javaEcj = fetchurl { # The `$(top_srcdir)/ecj.jar' file is automatically picked up at # `configure' time. diff --git a/pkgs/development/compilers/gcc/builder.sh b/pkgs/development/compilers/gcc/builder.sh index dd77c67a023e..6d9e93138737 100644 --- a/pkgs/development/compilers/gcc/builder.sh +++ b/pkgs/development/compilers/gcc/builder.sh @@ -24,7 +24,7 @@ if test "$noSysDirs" = "1"; then # Figure out what extra flags to pass to the gcc compilers # being generated to make sure that they use our glibc. extraFlags="$(cat $NIX_CC/nix-support/libc-cflags)" - extraLDFlags="$(cat $NIX_CC/nix-support/libc-ldflags) $(cat $NIX_CC/nix-support/libc-ldflags-before)" + extraLDFlags="$(cat $NIX_CC/nix-support/libc-ldflags) $(cat $NIX_CC/nix-support/libc-ldflags-before || true)" # Use *real* header files, otherwise a limits.h is generated # that does not include Glibc's limits.h (notably missing diff --git a/pkgs/development/compilers/gcc/gfortran-darwin-NXConstStr.patch b/pkgs/development/compilers/gcc/gfortran-darwin-NXConstStr.patch new file mode 100644 index 000000000000..a7e158ca364b --- /dev/null +++ b/pkgs/development/compilers/gcc/gfortran-darwin-NXConstStr.patch @@ -0,0 +1,27 @@ +From 82f81877458ea372176eabb5de36329431dce99b Mon Sep 17 00:00:00 2001 +From: Iain Sandoe +Date: Sat, 21 Dec 2013 00:30:18 +0000 +Subject: [PATCH] don't try to mark local symbols as no-dead-strip + +--- + gcc/config/darwin.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/gcc/config/darwin.c b/gcc/config/darwin.c +index 40804b8..0080299 100644 +--- a/gcc/config/darwin.c ++++ b/gcc/config/darwin.c +@@ -1259,6 +1259,11 @@ darwin_encode_section_info (tree decl, rtx rtl, int first ATTRIBUTE_UNUSED) + void + darwin_mark_decl_preserved (const char *name) + { ++ /* Actually we shouldn't mark any local symbol this way, but for now ++ this only happens with ObjC meta-data. */ ++ if (darwin_label_is_anonymous_local_objc_name (name)) ++ return; ++ + fprintf (asm_out_file, "\t.no_dead_strip "); + assemble_name (asm_out_file, name); + fputc ('\n', asm_out_file); +-- +2.2.1 From ee994dfae6e897ee4e7405e1624be43625086622 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Wed, 17 Feb 2016 10:04:32 +0100 Subject: [PATCH 61/61] bootstrap tools: have curl without http2 support I assume there's not much use for it during bootstrapping. This fixes them as well, as curl was compiled against libnghttp2 but the lib wasn't copied to the bootstrap tools. --- pkgs/stdenv/linux/make-bootstrap-tools.nix | 1 + pkgs/tools/networking/curl/default.nix | 8 +++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/pkgs/stdenv/linux/make-bootstrap-tools.nix b/pkgs/stdenv/linux/make-bootstrap-tools.nix index e31fed39843d..7f7f4c6a2bd1 100644 --- a/pkgs/stdenv/linux/make-bootstrap-tools.nix +++ b/pkgs/stdenv/linux/make-bootstrap-tools.nix @@ -11,6 +11,7 @@ rec { }); curlMinimal = curl.override { + http2Support = false; zlibSupport = false; sslSupport = false; scpSupport = false; diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index 01f013275d38..910d86066d9a 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -1,4 +1,5 @@ -{ stdenv, fetchurl, libnghttp2, pkgconfig, perl +{ stdenv, fetchurl, pkgconfig, perl +, http2Support ? true, libnghttp2 , idnSupport ? false, libidn ? null , ldapSupport ? false, openldap ? null , zlibSupport ? false, zlib ? null @@ -8,6 +9,7 @@ , c-aresSupport ? false, c-ares ? null }: +assert http2Support -> libnghttp2 != null; assert idnSupport -> libidn != null; assert ldapSupport -> openldap != null; assert zlibSupport -> zlib != null; @@ -29,7 +31,7 @@ stdenv.mkDerivation rec { # "-lz -lssl", which aren't necessary direct build inputs of # applications that use Curl. propagatedBuildInputs = with stdenv.lib; - [ libnghttp2 ] ++ + optional http2Support libnghttp2 ++ optional idnSupport libidn ++ optional ldapSupport openldap ++ optional zlibSupport zlib ++ @@ -47,7 +49,7 @@ stdenv.mkDerivation rec { configureFlags = [ "--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt" "--disable-manual" - "--with-nghttp2=${libnghttp2}" + ( if http2Support then "--with-nghttp2=${libnghttp2}" else "--without-nghttp2" ) ( if sslSupport then "--with-ssl=${openssl}" else "--without-ssl" ) ( if scpSupport then "--with-libssh2=${libssh2}" else "--without-libssh2" ) ( if ldapSupport then "--enable-ldap" else "--disable-ldap" )