From a996fe849f669e5d1cafed18f299ed6ed4abec84 Mon Sep 17 00:00:00 2001 From: gnidorah Date: Tue, 30 May 2017 16:39:27 +0300 Subject: [PATCH 01/15] fstrim: Add service --- nixos/modules/module-list.nix | 1 + nixos/modules/services/misc/fstrim.nix | 45 +++++++++++++++++++ pkgs/os-specific/linux/util-linux/default.nix | 8 ++-- 3 files changed, 50 insertions(+), 4 deletions(-) create mode 100644 nixos/modules/services/misc/fstrim.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 7afcb9051bd..cae081aa73f 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -283,6 +283,7 @@ ./services/misc/etcd.nix ./services/misc/felix.nix ./services/misc/folding-at-home.nix + ./services/misc/fstrim.nix ./services/misc/gammu-smsd.nix ./services/misc/geoip-updater.nix #./services/misc/gitit.nix diff --git a/nixos/modules/services/misc/fstrim.nix b/nixos/modules/services/misc/fstrim.nix new file mode 100644 index 00000000000..e89366cbafe --- /dev/null +++ b/nixos/modules/services/misc/fstrim.nix @@ -0,0 +1,45 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.fstrim; + +in { + + options = { + + services.fstrim = { + enable = mkEnableOption "periodic SSD TRIM of mounted partitions in background"; + + interval = mkOption { + type = types.string; + default = "weekly"; + description = '' + How often we run fstrim. For most desktop and server systems + a sufficient trimming frequency is once a week. + + The format is described in + systemd.time + 7. + ''; + }; + }; + + }; + + config = mkIf cfg.enable { + + systemd.packages = [ pkgs.utillinux ]; + + systemd.timers.fstrim = { + timerConfig = { + OnCalendar = cfg.interval; + }; + wantedBy = [ "timers.target" ]; + }; + + }; + +} diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index 9126a1cdec3..5d7f701b39e 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -29,6 +29,10 @@ stdenv.mkDerivation rec { preConfigure = "export scanf_cv_type_modifier=ms"; }; + preConfigure = lib.optionalString (systemd != null) '' + configureFlags+="--with-systemd --with-systemdsystemunitdir=$bin/lib/systemd/system/" + ''; + # !!! It would be better to obtain the path to the mount helpers # (/sbin/mount.*) through an environment variable, but that's # somewhat risky because we have to consider that mount can setuid @@ -40,10 +44,6 @@ stdenv.mkDerivation rec { --disable-use-tty-group --enable-fs-paths-default=/run/wrappers/bin:/var/run/current-system/sw/bin:/sbin ${if ncurses == null then "--without-ncurses" else ""} - ${if systemd == null then "" else '' - --with-systemd - --with-systemdsystemunitdir=$out/lib/systemd/system/ - ''} ''; makeFlags = "usrbin_execdir=$(bin)/bin usrsbin_execdir=$(bin)/sbin"; From b3fb9178e8ade242543d99ea91b623270a7ccf8a Mon Sep 17 00:00:00 2001 From: Daiderd Jordan Date: Wed, 31 May 2017 20:16:13 +0200 Subject: [PATCH 02/15] llvm-packages: add option to enable manpages --- .../compilers/llvm/4/clang/default.nix | 16 +++++++++++----- pkgs/development/compilers/llvm/4/llvm.nix | 14 ++++++++++---- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/pkgs/development/compilers/llvm/4/clang/default.nix b/pkgs/development/compilers/llvm/4/clang/default.nix index bc286eaf05e..004893873f5 100644 --- a/pkgs/development/compilers/llvm/4/clang/default.nix +++ b/pkgs/development/compilers/llvm/4/clang/default.nix @@ -1,5 +1,6 @@ { stdenv, fetch, cmake, libxml2, libedit, llvm, version, release_version, clang-tools-extra_src, python , fixDarwinDylibNames +, enableManpages ? true }: let @@ -15,21 +16,24 @@ let mv clang-tools-extra-* $sourceRoot/tools/extra ''; - nativeBuildInputs = [ cmake python python.pkgs.sphinx ]; + nativeBuildInputs = [ cmake python ] + ++ stdenv.lib.optional enableManpages python.pkgs.sphinx; + buildInputs = [ libedit libxml2 llvm ] ++ stdenv.lib.optional stdenv.isDarwin fixDarwinDylibNames; cmakeFlags = [ "-DCMAKE_CXX_FLAGS=-std=c++11" + ] ++ stdenv.lib.optionals enableManpages [ "-DCLANG_INCLUDE_DOCS=ON" "-DLLVM_ENABLE_SPHINX=ON" "-DSPHINX_OUTPUT_MAN=ON" "-DSPHINX_OUTPUT_HTML=OFF" "-DSPHINX_WARNINGS_AS_ERRORS=OFF" - ] ++ + ] # Maybe with compiler-rt this won't be needed? - (stdenv.lib.optional stdenv.isLinux "-DGCC_INSTALL_PREFIX=${gcc}") ++ - (stdenv.lib.optional (stdenv.cc.libc != null) "-DC_INCLUDE_DIRS=${stdenv.cc.libc}/include"); + ++ stdenv.lib.optional stdenv.isLinux "-DGCC_INSTALL_PREFIX=${gcc}" + ++ stdenv.lib.optional (stdenv.cc.libc != null) "-DC_INCLUDE_DIRS=${stdenv.cc.libc}/include"; patches = [ ./purity.patch ]; @@ -45,7 +49,7 @@ let sed -i '1s,^,find_package(Sphinx REQUIRED)\n,' docs/CMakeLists.txt ''; - outputs = [ "out" "man" "python" ]; + outputs = [ "out" ] ++ stdenv.lib.optional enableManpages "man" ++ [ "python" ]; # Clang expects to find LLVMgold in its own prefix # Clang expects to find sanitizer libraries in its own prefix @@ -62,6 +66,8 @@ let mv $out/share/clang/*.py $python/share/clang rm $out/bin/c-index-test + '' + + stdenv.lib.optionalString enableManpages '' # Manually install clang manpage cp docs/man/*.1 $out/share/man/man1/ diff --git a/pkgs/development/compilers/llvm/4/llvm.nix b/pkgs/development/compilers/llvm/4/llvm.nix index 1a78d672bfe..7d55bc5b410 100644 --- a/pkgs/development/compilers/llvm/4/llvm.nix +++ b/pkgs/development/compilers/llvm/4/llvm.nix @@ -16,6 +16,7 @@ , compiler-rt_src , libcxxabi , debugVersion ? false +, enableManpages ? true , enableSharedLibraries ? true , darwin }: @@ -38,9 +39,13 @@ in stdenv.mkDerivation rec { mv compiler-rt-* $sourceRoot/projects/compiler-rt ''; - outputs = [ "out" "man" ] ++ stdenv.lib.optional enableSharedLibraries "lib"; + outputs = [ "out" ] + ++ stdenv.lib.optional enableManpages "man" + ++ stdenv.lib.optional enableSharedLibraries "lib"; + + nativeBuildInputs = [ perl groff cmake python ] + ++ stdenv.lib.optional enableManpages python.pkgs.sphinx; - nativeBuildInputs = [ perl groff cmake python python.pkgs.sphinx ]; buildInputs = [ libxml2 libffi ] ++ stdenv.lib.optionals stdenv.isDarwin [ libcxxabi ]; @@ -81,6 +86,7 @@ in stdenv.mkDerivation rec { "-DLLVM_ENABLE_FFI=ON" "-DLLVM_ENABLE_RTTI=ON" "-DCOMPILER_RT_INCLUDE_TESTS=OFF" # FIXME: requires clang source code + ] ++ stdenv.lib.optionals enableManpages [ "-DLLVM_BUILD_DOCS=ON" "-DLLVM_ENABLE_SPHINX=ON" "-DSPHINX_OUTPUT_MAN=ON" @@ -109,10 +115,10 @@ in stdenv.mkDerivation rec { export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/lib ''; - postInstall = '' + postInstall = stdenv.lib.optionalString enableManpages '' moveToOutput "share/man" "$man" '' - + stdenv.lib.optionalString (enableSharedLibraries) '' + + stdenv.lib.optionalString enableSharedLibraries '' moveToOutput "lib/libLLVM-*" "$lib" moveToOutput "lib/libLLVM.${shlib}" "$lib" substituteInPlace "$out/lib/cmake/llvm/LLVMExports-release.cmake" \ From 9e2aba35728de7012a0692f75a3f24685f0fc28b Mon Sep 17 00:00:00 2001 From: Daiderd Jordan Date: Thu, 1 Jun 2017 23:23:56 +0200 Subject: [PATCH 03/15] darwin-stdenv: remove python-sphinx and a bunch of other dependencies from the stdenv --- .../compilers/llvm/4/clang/default.nix | 6 +++--- pkgs/development/compilers/llvm/4/llvm.nix | 16 +++++++++------- .../tools/build-managers/cmake/default.nix | 2 +- pkgs/stdenv/darwin/default.nix | 12 ++++++------ pkgs/top-level/all-packages.nix | 2 +- 5 files changed, 20 insertions(+), 18 deletions(-) diff --git a/pkgs/development/compilers/llvm/4/clang/default.nix b/pkgs/development/compilers/llvm/4/clang/default.nix index 004893873f5..64dbaa21dd4 100644 --- a/pkgs/development/compilers/llvm/4/clang/default.nix +++ b/pkgs/development/compilers/llvm/4/clang/default.nix @@ -37,7 +37,7 @@ let patches = [ ./purity.patch ]; - postBuild = '' + postBuild = stdenv.lib.optionalString enableManpages '' cmake --build . --target docs-clang-man ''; @@ -49,7 +49,8 @@ let sed -i '1s,^,find_package(Sphinx REQUIRED)\n,' docs/CMakeLists.txt ''; - outputs = [ "out" ] ++ stdenv.lib.optional enableManpages "man" ++ [ "python" ]; + outputs = [ "out" "python" ] + ++ stdenv.lib.optional enableManpages "man"; # Clang expects to find LLVMgold in its own prefix # Clang expects to find sanitizer libraries in its own prefix @@ -68,7 +69,6 @@ let rm $out/bin/c-index-test '' + stdenv.lib.optionalString enableManpages '' - # Manually install clang manpage cp docs/man/*.1 $out/share/man/man1/ diff --git a/pkgs/development/compilers/llvm/4/llvm.nix b/pkgs/development/compilers/llvm/4/llvm.nix index 7d55bc5b410..98c24495355 100644 --- a/pkgs/development/compilers/llvm/4/llvm.nix +++ b/pkgs/development/compilers/llvm/4/llvm.nix @@ -40,8 +40,8 @@ in stdenv.mkDerivation rec { ''; outputs = [ "out" ] - ++ stdenv.lib.optional enableManpages "man" - ++ stdenv.lib.optional enableSharedLibraries "lib"; + ++ stdenv.lib.optional enableSharedLibraries "lib" + ++ stdenv.lib.optional enableManpages "man"; nativeBuildInputs = [ perl groff cmake python ] ++ stdenv.lib.optional enableManpages python.pkgs.sphinx; @@ -86,17 +86,19 @@ in stdenv.mkDerivation rec { "-DLLVM_ENABLE_FFI=ON" "-DLLVM_ENABLE_RTTI=ON" "-DCOMPILER_RT_INCLUDE_TESTS=OFF" # FIXME: requires clang source code - ] ++ stdenv.lib.optionals enableManpages [ + ] + ++ stdenv.lib.optional enableSharedLibraries + "-DLLVM_LINK_LLVM_DYLIB=ON" + ++ stdenv.lib.optionals enableManpages [ "-DLLVM_BUILD_DOCS=ON" "-DLLVM_ENABLE_SPHINX=ON" "-DSPHINX_OUTPUT_MAN=ON" "-DSPHINX_OUTPUT_HTML=OFF" "-DSPHINX_WARNINGS_AS_ERRORS=OFF" - ] ++ stdenv.lib.optional enableSharedLibraries [ - "-DLLVM_LINK_LLVM_DYLIB=ON" - ] ++ stdenv.lib.optional (!isDarwin) + ] + ++ stdenv.lib.optional (!isDarwin) "-DLLVM_BINUTILS_INCDIR=${binutils.dev}/include" - ++ stdenv.lib.optionals (isDarwin) [ + ++ stdenv.lib.optionals (isDarwin) [ "-DLLVM_ENABLE_LIBCXX=ON" "-DCAN_TARGET_i386=false" ]; diff --git a/pkgs/development/tools/build-managers/cmake/default.nix b/pkgs/development/tools/build-managers/cmake/default.nix index 00d76fbff9f..d0a34603835 100644 --- a/pkgs/development/tools/build-managers/cmake/default.nix +++ b/pkgs/development/tools/build-managers/cmake/default.nix @@ -3,7 +3,7 @@ # darwin attributes , ps , isBootstrap ? false -, useSharedLibraries ? !stdenv.isCygwin +, useSharedLibraries ? (!isBootstrap && !stdenv.isCygwin) , useNcurses ? false, ncurses , useQt4 ? false, qt4 }: diff --git a/pkgs/stdenv/darwin/default.nix b/pkgs/stdenv/darwin/default.nix index b9592014b46..fba5afd4f6e 100644 --- a/pkgs/stdenv/darwin/default.nix +++ b/pkgs/stdenv/darwin/default.nix @@ -233,11 +233,11 @@ in rec { libcxxabi libcxx ncurses libffi zlib gmp pcre gnugrep coreutils findutils diffutils patchutils; - llvmPackages = let llvmOverride = llvmPackages.llvm.override { inherit libcxxabi; }; - in super.llvmPackages // { - llvm = llvmOverride; - clang-unwrapped = llvmPackages.clang-unwrapped.override { llvm = llvmOverride; }; - }; + llvmPackages = let llvmOverride = llvmPackages.llvm.override { enableManpages = false; inherit libcxxabi; }; in + super.llvmPackages // { + llvm = llvmOverride; + clang-unwrapped = llvmPackages.clang-unwrapped.override { enableManpages = false; llvm = llvmOverride; }; + }; darwin = super.darwin // { inherit (darwin) dyld Libsystem libiconv locale; @@ -313,7 +313,7 @@ in rec { xz.out xz.bin libcxx libcxxabi gmp.out gnumake findutils bzip2.out bzip2.bin llvmPackages.llvm llvmPackages.llvm.lib zlib.out zlib.dev libffi.out coreutils ed diffutils gnutar gzip ncurses.out ncurses.dev ncurses.man gnused bash gawk - gnugrep llvmPackages.clang-unwrapped llvmPackages.clang-unwrapped.man patch pcre.out binutils-raw.out + gnugrep llvmPackages.clang-unwrapped patch pcre.out binutils-raw.out binutils-raw.dev binutils gettext ]) ++ (with pkgs.darwin; [ dyld Libsystem CF cctools ICU libiconv locale diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 7a4864faa6d..1334cdef5a7 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5624,7 +5624,7 @@ with pkgs; llvmPackages_4 = callPackage ../development/compilers/llvm/4 ({ inherit (stdenvAdapters) overrideCC; } // stdenv.lib.optionalAttrs stdenv.isDarwin { - cmake = cmake.override { isBootstrap = true; useSharedLibraries = false; }; + cmake = cmake.override { isBootstrap = true; }; libxml2 = libxml2.override { pythonSupport = false; }; python2 = callPackage ../development/interpreters/python/cpython/2.7/boot.nix { inherit (darwin) CF configd; }; }); From b96ba3a17a3b589f0124a27e64446cee7702680c Mon Sep 17 00:00:00 2001 From: Lancelot SIX Date: Sat, 3 Jun 2017 21:06:20 +0200 Subject: [PATCH 04/15] libgcrypt: 1.7.6 -> 1.7.7 See https://lists.gnu.org/archive/html/info-gnu/2017-06/msg00001.html for release announcement. --- pkgs/development/libraries/libgcrypt/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libgcrypt/default.nix b/pkgs/development/libraries/libgcrypt/default.nix index fc2c859a5f8..1903787149c 100644 --- a/pkgs/development/libraries/libgcrypt/default.nix +++ b/pkgs/development/libraries/libgcrypt/default.nix @@ -4,11 +4,11 @@ assert enableCapabilities -> stdenv.isLinux; stdenv.mkDerivation rec { name = "libgcrypt-${version}"; - version = "1.7.6"; + version = "1.7.7"; src = fetchurl { url = "mirror://gnupg/libgcrypt/${name}.tar.bz2"; - sha256 = "1g05prhgqw4ryd0w433q8nhds0h93kf47hfjagi2r7dghkpaysk2"; + sha256 = "16ndaj93asw122mwjz172x2ilpm03w1yp5mqcrp3xslk0yx5xf5r"; }; outputs = [ "out" "dev" "info" ]; From 67c1f0e65a541a321a1721a32dd83acfe90a1216 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Tue, 6 Jun 2017 18:51:34 -0400 Subject: [PATCH 05/15] openssl: 1.0.2k -> 1.0.2l cc #26435 --- pkgs/development/libraries/openssl/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 2009daa1cc8..e2deb48988d 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -109,8 +109,8 @@ let in { openssl_1_0_2 = common { - version = "1.0.2k"; - sha256 = "1h6qi35w6hv6rd73p4cdgdzg732pdrfgpp37cgwz1v9a3z37ffbb"; + version = "1.0.2l"; + sha256 = "037kvpisc6qh5dkppcwbm5bg2q800xh2hma3vghz8xcycmdij1yf"; }; openssl_1_1_0 = common { From 9135c9f73a4c34181d2bba1455d2f432b3c49065 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Wed, 7 Jun 2017 08:54:38 +0200 Subject: [PATCH 06/15] gnutls: maintenance 3.5.12 -> 3.5.13 It contains a fix for DOS possibility in servers. http://gnutls.org/security.html#GNUTLS-SA-2017-4 --- pkgs/development/libraries/gnutls/3.5.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/gnutls/3.5.nix b/pkgs/development/libraries/gnutls/3.5.nix index 8071cd4b46b..bca23f2e748 100644 --- a/pkgs/development/libraries/gnutls/3.5.nix +++ b/pkgs/development/libraries/gnutls/3.5.nix @@ -1,11 +1,11 @@ { callPackage, fetchurl, libunistring, ... } @ args: callPackage ./generic.nix (args // rec { - version = "3.5.12"; + version = "3.5.13"; src = fetchurl { url = "ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-${version}.tar.xz"; - sha256 = "1jspvrmydqgz30c1ji94b55gr2dynz7p96p4y8fkhad0xajkkjv3"; + sha256 = "15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr"; }; # Skip two tests introduced in 3.5.11. Probable reasons of failure: From 445b107d9399427f1df25437ff783160beed3fbb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Wed, 7 Jun 2017 09:33:26 +0200 Subject: [PATCH 07/15] openssh: fixup build on Hydra http://hydra.nixos.org/build/53993444 --- pkgs/tools/networking/openssh/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 0bcb0baaab8..aaef2723da0 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -49,6 +49,13 @@ stdenv.mkDerivation rec { ] ++ optional withGssapiPatches gssapiSrc; + postPatch = + # On Hydra this makes installation fail (sometimes?), + # and nix store doesn't allow such fancy permission bits anyway. + '' + substituteInPlace Makefile.in --replace '$(INSTALL) -m 4711' '$(INSTALL) -m 0711' + ''; + buildInputs = [ zlib openssl libedit pkgconfig pam ] ++ optional withKerberos kerberos ++ optional hpnSupport autoreconfHook; From fad6fc3dae16b5161895165bf275e329e20860d6 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 2 Jun 2017 16:47:09 +0200 Subject: [PATCH 08/15] icu: Trivial improvement --- pkgs/development/libraries/icu/default.nix | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/pkgs/development/libraries/icu/default.nix b/pkgs/development/libraries/icu/default.nix index b64d8c84e22..fdf1c6dffe9 100644 --- a/pkgs/development/libraries/icu/default.nix +++ b/pkgs/development/libraries/icu/default.nix @@ -33,18 +33,9 @@ stdenv.mkDerivation ({ echo Source root reset to ''${sourceRoot} ''; - # This pre/postPatch shenanigans is to handle that the patches expect - # to be outside of `source`. - prePatch = '' - pushd .. - ''; - postPatch = '' - popd - patch -p4 < ${keywordFix} - ''; + patchFlags = "-p4"; - patches = [ - ]; + patches = [ keywordFix ]; preConfigure = '' sed -i -e "s|/bin/sh|${stdenv.shell}|" configure From d22ed21a7b17e4d2b23594fa8ffc6747bd44368a Mon Sep 17 00:00:00 2001 From: Jan Malakhovski Date: Wed, 7 Jun 2017 12:20:37 +0000 Subject: [PATCH 09/15] libtiff: 4.0.7-6.debian -> 4.0.8-2.debian --- pkgs/development/libraries/libtiff/default.nix | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/pkgs/development/libraries/libtiff/default.nix b/pkgs/development/libraries/libtiff/default.nix index a23e3704035..595ec9d01cc 100644 --- a/pkgs/development/libraries/libtiff/default.nix +++ b/pkgs/development/libraries/libtiff/default.nix @@ -1,21 +1,20 @@ { stdenv, fetchurl, fetchpatch, pkgconfig, zlib, libjpeg, xz }: let - version = "4.0.7"; + version = "4.0.8"; in stdenv.mkDerivation rec { name = "libtiff-${version}"; src = fetchurl { url = "http://download.osgeo.org/libtiff/tiff-${version}.tar.gz"; - sha256 = "06ghqhr4db1ssq0acyyz49gr8k41gzw6pqb6mbn5r7jqp77s4hwz"; + sha256 = "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr"; }; prePatch =let - # https://lwn.net/Vulnerabilities/711777/ and more patched in *-6 -> *-7 debian = fetchurl { - url = http://http.debian.net/debian/pool/main/t/tiff/tiff_4.0.7-6.debian.tar.xz; - sha256 = "9c9048c28205bdbeb5ba36c7a194d0cd604bd137c70961607bfc8a079be5fa31"; + url = http://http.debian.net/debian/pool/main/t/tiff/tiff_4.0.8-2.debian.tar.xz; + sha256 = "1ssjh6vn9rvl2jwm34i3p89g8lj0c7fj3cziva9rj4vasfps58ng"; }; in '' tar xf '${debian}' From 833bc78dcf8fe8c00d0c8e835f49145be9b87523 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Wed, 7 Jun 2017 14:21:04 +0200 Subject: [PATCH 10/15] shadow: fixup setuid/setgid build problems, hopefully --- pkgs/os-specific/linux/shadow/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/os-specific/linux/shadow/default.nix b/pkgs/os-specific/linux/shadow/default.nix index 54129c79b83..6d83c98a422 100644 --- a/pkgs/os-specific/linux/shadow/default.nix +++ b/pkgs/os-specific/linux/shadow/default.nix @@ -41,6 +41,11 @@ stdenv.mkDerivation rec { }) ]; + # The nix daemon often forbids even creating set[ug]id files. + postPatch = + ''sed 's/^\(s[ug]idperms\) = [0-9]755/\1 = 0755/' -i src/Makefile.am + ''; + outputs = [ "out" "su" "man" ]; enableParallelBuilding = true; From 1aac1fe5dd46767b81a62b9eb7169c2421bbe366 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Wed, 7 Jun 2017 15:17:40 +0200 Subject: [PATCH 11/15] util-linux: fixup setuid/setgid build problems ... hopefully. Also refactor some nix code a little. --- pkgs/os-specific/linux/util-linux/default.nix | 23 +++++++++---------- 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index 5d7f701b39e..01bd8beea3d 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -30,30 +30,29 @@ stdenv.mkDerivation rec { }; preConfigure = lib.optionalString (systemd != null) '' - configureFlags+="--with-systemd --with-systemdsystemunitdir=$bin/lib/systemd/system/" + configureFlags+=" --with-systemd --with-systemdsystemunitdir=$bin/lib/systemd/system/" ''; # !!! It would be better to obtain the path to the mount helpers # (/sbin/mount.*) through an environment variable, but that's # somewhat risky because we have to consider that mount can setuid # root... - configureFlags = '' - --enable-write - --enable-last - --enable-mesg - --disable-use-tty-group - --enable-fs-paths-default=/run/wrappers/bin:/var/run/current-system/sw/bin:/sbin - ${if ncurses == null then "--without-ncurses" else ""} - ''; + configureFlags = [ + "--enable-write" + "--enable-last" + "--enable-mesg" + "--disable-use-tty-group" + "--enable-fs-paths-default=/run/wrappers/bin:/var/run/current-system/sw/bin:/sbin" + "--disable-makeinstall-setuid" "--disable-makeinstall-chown" + ] + ++ lib.optional (ncurses == null) "--without-ncurses"; makeFlags = "usrbin_execdir=$(bin)/bin usrsbin_execdir=$(bin)/sbin"; nativeBuildInputs = [ pkgconfig ]; buildInputs = [ zlib pam ] - ++ lib.optional (ncurses != null) ncurses - ++ lib.optional (systemd != null) systemd - ++ lib.optional (perl != null) perl; + ++ lib.filter (p: p != null) [ ncurses systemd perl ]; postInstall = '' rm "$bin/bin/su" # su should be supplied by the su package (shadow) From 3b83c23012ab435bd38a38a4cf6f927c48e8d609 Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Wed, 7 Jun 2017 17:28:34 +0200 Subject: [PATCH 12/15] python.pkgs.bootstrapped-pip: upgrade pkg_resources, fixes #26392 pip 9.0.1 vendors a version of setuptools/pkg_resources which has been fixed in setuptools/pkg_resources but not yet in pip. Because we're now facing this issue with nox, we update pkg_resources to the version we also have in setuptools. Let's cross our fingers this will work without breaking other stuff. --- .../python-modules/bootstrapped-pip/default.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/bootstrapped-pip/default.nix b/pkgs/development/python-modules/bootstrapped-pip/default.nix index 0f8b6652c26..3e07806986b 100644 --- a/pkgs/development/python-modules/bootstrapped-pip/default.nix +++ b/pkgs/development/python-modules/bootstrapped-pip/default.nix @@ -1,4 +1,4 @@ -{ stdenv, python, fetchPypi, makeWrapper, unzip }: +{ stdenv, python, fetchPypi, fetchurl, makeWrapper, unzip }: let wheel_source = fetchPypi { @@ -13,6 +13,15 @@ let format = "wheel"; sha256 = "f2900e560efc479938a219433c48f15a4ff4ecfe575a65de385eeb44f2425587"; }; + + # TODO: Shouldn't be necessary anymore for pip > 9.0.1! + # https://github.com/NixOS/nixpkgs/issues/26392 + # https://github.com/pypa/setuptools/issues/885 + pkg_resources = fetchurl { + url = https://raw.githubusercontent.com/pypa/setuptools/v36.0.1/pkg_resources/__init__.py; + sha256 = "1wdnq3mammk75mifkdmmjx7yhnpydvnvi804na8ym4mj934l2jkv"; + }; + in stdenv.mkDerivation rec { pname = "pip"; version = "9.0.1"; @@ -29,6 +38,8 @@ in stdenv.mkDerivation rec { unzip -d $out/${python.sitePackages} $src unzip -d $out/${python.sitePackages} ${setuptools_source} unzip -d $out/${python.sitePackages} ${wheel_source} + # TODO: Shouldn't be necessary anymore for pip > 9.0.1! + cp ${pkg_resources} $out/${python.sitePackages}/pip/_vendor/pkg_resources/__init__.py ''; patchPhase = '' From 8b6f7b6f03f4f3866d694735d5d509bf7a992dbb Mon Sep 17 00:00:00 2001 From: Michiel Leenaars Date: Wed, 7 Jun 2017 17:13:19 +0200 Subject: [PATCH 13/15] pythonPackages.ipaddress: 1.0.16 -> 1.0.18 --- pkgs/top-level/python-packages.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index d2fa2c38ca3..29fe579e79c 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -12461,11 +12461,11 @@ in { }; ipaddress = if (pythonAtLeast "3.3") then null else buildPythonPackage rec { - name = "ipaddress-1.0.16"; + name = "ipaddress-1.0.18"; src = pkgs.fetchurl { url = "mirror://pypi/i/ipaddress/${name}.tar.gz"; - sha256 = "1c3imabdrw8nfksgjjflzg7h4ynjckqacb188rf541m74arq4cas"; + sha256 = "1q8klj9d84cmxgz66073x1j35cplr3r77vx1znhxiwl5w74391ax"; }; checkPhase = '' From 10f9fb63f14fbe27dc9b516cca1eb2f72956f141 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 8 Jun 2017 20:43:04 +0200 Subject: [PATCH 14/15] nfs-utils: fixup setuid/setgid build problems, hopefully --- pkgs/os-specific/linux/nfs-utils/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/os-specific/linux/nfs-utils/default.nix b/pkgs/os-specific/linux/nfs-utils/default.nix index 81ce7babba1..0db6c4ec67e 100644 --- a/pkgs/os-specific/linux/nfs-utils/default.nix +++ b/pkgs/os-specific/linux/nfs-utils/default.nix @@ -39,6 +39,9 @@ in stdenv.mkDerivation rec { sed -i "s,^PATH=.*,PATH=$out/bin:${statdPath}," utils/statd/start-statd configureFlags="--with-start-statd=$out/bin/start-statd $configureFlags" + + substituteInPlace utils/mount/Makefile.in \ + --replace "chmod 4511" "chmod 0511" ''; makeFlags = [ From 8b49936ad4db7499050aa6f57ce89d606c7382fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 8 Jun 2017 20:53:20 +0200 Subject: [PATCH 15/15] vboot_reference: fix evaluation after 1aac1fe5dd --- pkgs/tools/system/vboot_reference/default.nix | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/pkgs/tools/system/vboot_reference/default.nix b/pkgs/tools/system/vboot_reference/default.nix index 3d4f99fc1f0..a9a034ebde9 100644 --- a/pkgs/tools/system/vboot_reference/default.nix +++ b/pkgs/tools/system/vboot_reference/default.nix @@ -12,11 +12,10 @@ stdenv.mkDerivation rec { sha256 = "14d3a93ha5k4al4ib43nyn1ppx7kgb12xw6mkflhx8nxmx8827nc"; }; - buildInputs = [ pkgconfig openssl stdenv.cc.libc.static ] ++ - (if libuuid == null - then [] - else [ (stdenv.lib.overrideDerivation libuuid - (args: { configureFlags = args.configureFlags + " --enable-static"; })) ]); + buildInputs = [ pkgconfig openssl stdenv.cc.libc.static ] + ++ stdenv.lib.optional (libuuid != null) + (libuuid.overrideAttrs (attrs: + { configureFlags = attrs.configureFlags ++ [ "--enable-static" ]; })); arch = if stdenv.system == "x86_64-linux" then "x86_64" else if stdenv.system == "i686-linux" then "x86"